Merge pull request #229 from gildlab/2025-03-10-consolidate-free

2025 03 10 consolidate freeze handler

Author: thedavidmeister

.gas-snapshot

@@ -10,7 +10,8 @@ import {
 import {VaultConfig} from "src/abstract/ReceiptVault.sol";
 import {ICloneableFactoryV2} from "rain.factory/interface/ICloneableFactoryV2.sol";
 import {
-    OffchainAssetReceiptVault, ReceiptVaultConstructionConfig
+    OffchainAssetReceiptVault,
+    ReceiptVaultConstructionConfigV2
 } from "src/concrete/vault/OffchainAssetReceiptVault.sol";
 import {Receipt as ReceiptContract} from "src/concrete/receipt/Receipt.sol";
 import {SceptreStakedFlrOracle} from "src/concrete/oracle/SceptreStakedFlrOracle.sol";
@@ -33,7 +34,7 @@ contract Deploy is Script {
         vm.startBroadcast(deploymentKey);
 
         ReceiptContract receipt = new ReceiptContract();
-        ReceiptVaultConstructionConfig memory receiptVaultConstructionConfig = ReceiptVaultConstructionConfig({
+        ReceiptVaultConstructionConfigV2 memory receiptVaultConstructionConfig = ReceiptVaultConstructionConfigV2({
             factory: ICloneableFactoryV2(vm.envAddress("CLONE_FACTORY")),
             receiptImplementation: receipt
         });

script/Deploy.sol

@@ -11,7 +11,7 @@ import {SafeERC20Upgradeable as SafeERC20} from
     "openzeppelin-contracts-upgradeable/contracts/token/ERC20/utils/SafeERC20Upgradeable.sol";
 import {MulticallUpgradeable as Multicall} from
     "openzeppelin-contracts-upgradeable/contracts/utils/MulticallUpgradeable.sol";
-import {IReceiptVaultV2, IReceiptVaultV1, IReceiptV2} from "../interface/IReceiptVaultV2.sol";
+import {IReceiptVaultV3, IReceiptVaultV1, IReceiptV3} from "../interface/IReceiptVaultV3.sol";
 import {IReceiptManagerV2} from "../interface/IReceiptManagerV2.sol";
 import {
     LibFixedPointDecimalArithmeticOpenZeppelin,
@@ -42,9 +42,9 @@ enum ShareAction {
 /// @param factory The factory that will be used to clone the receipt vault.
 /// @param receiptImplementation The receipt implementation that will be cloned
 /// by the factory.
-struct ReceiptVaultConstructionConfig {
+struct ReceiptVaultConstructionConfigV2 {
     ICloneableFactoryV2 factory;
-    IReceiptV2 receiptImplementation;
+    IReceiptV3 receiptImplementation;
 }
 
 /// All config required to initialize `ReceiptVault` except the receipt address.
@@ -110,25 +110,25 @@ abstract contract ReceiptVault is
     Multicall,
     ReentrancyGuard,
     ERC20,
-    IReceiptVaultV2,
+    IReceiptVaultV3,
     ICloneableV2
 {
     using LibFixedPointDecimalArithmeticOpenZeppelin for uint256;
     using SafeERC20 for IERC20;
 
     ICloneableFactoryV2 internal immutable iFactory;
-    IReceiptV2 internal immutable iReceiptImplementation;
+    IReceiptV3 internal immutable iReceiptImplementation;
 
     /// Underlying ERC4626 asset.
     IERC20 internal sAsset;
     /// ERC1155 Receipt owned by this receipt vault for the purpose of tracking
     /// mints and enforcing integrity of subsequent burns.
-    IReceiptV2 internal sReceipt;
+    IReceiptV3 internal sReceipt;
 
     /// `ReceiptVault` is intended to be cloned and initialized by a
     /// `ReceiptVaultFactory` so is an implementation contract that can't itself
     /// be initialized.
-    constructor(ReceiptVaultConstructionConfig memory config) {
+    constructor(ReceiptVaultConstructionConfigV2 memory config) {
         _disableInitializers();
 
         iFactory = config.factory;
@@ -154,8 +154,8 @@ abstract contract ReceiptVault is
         // Slither false positive here due to it being impossible to set the
         // receipt before it has been deployed.
         // slither-disable-next-line reentrancy-benign
-        IReceiptV2 managedReceipt =
-            IReceiptV2(iFactory.clone(address(iReceiptImplementation), abi.encode(address(this))));
+        IReceiptV3 managedReceipt =
+            IReceiptV3(iFactory.clone(address(iReceiptImplementation), abi.encode(address(this))));
         sReceipt = managedReceipt;
 
         // Sanity check here. Should always be true as we cloned the receipt
@@ -172,14 +172,17 @@ abstract contract ReceiptVault is
     }
 
     /// @inheritdoc IReceiptManagerV2
-    function authorizeReceiptTransfer3(address from, address to, uint256[] memory ids, uint256[] memory amounts)
-        public
-        virtual
-    {
+    function authorizeReceiptTransfer3(
+        address operator,
+        address from,
+        address to,
+        uint256[] memory ids,
+        uint256[] memory amounts
+    ) public virtual {
         if (msg.sender != address(receipt())) {
             revert UnmanagedReceiptTransfer();
         }
-        (from, to, ids, amounts);
+        (operator, from, to, ids, amounts);
     }
 
     /// The spec demands that this function ignores per-user concerns. It seems
@@ -339,8 +342,8 @@ abstract contract ReceiptVault is
         );
     }
 
-    /// @inheritdoc IReceiptVaultV2
-    function receipt() public view virtual returns (IReceiptV2) {
+    /// @inheritdoc IReceiptVaultV3
+    function receipt() public view virtual returns (IReceiptV3) {
         return sReceipt;
     }
 

src/abstract/ReceiptVault.sol

@@ -46,12 +46,6 @@ bytes32 constant DEPOSIT_ADMIN = keccak256("DEPOSIT_ADMIN");
 /// @dev Rolename for withdraw admins.
 bytes32 constant WITHDRAW_ADMIN = keccak256("WITHDRAW_ADMIN");
 
-/// @dev Rolename for handlers.
-/// Handler role is required to accept tokens during system freeze.
-bytes32 constant FREEZE_HANDLER = keccak256("FREEZE_HANDLER");
-/// @dev Rolename for handler admins.
-bytes32 constant FREEZE_HANDLER_ADMIN = keccak256("FREEZE_HANDLER_ADMIN");
-
 /// @dev Configuration for the OffchainAssetReceiptVaultAuthorizorV1.
 /// @param initialAdmin The initial admin of the contract.
 /// @param authorizee The address that is authorized to perform actions.
@@ -106,15 +100,11 @@ contract OffchainAssetReceiptVaultAuthorizerV1 is IAuthorizeV1, ICloneableV2, Ac
         _setRoleAdmin(WITHDRAW, WITHDRAW_ADMIN);
         _setRoleAdmin(WITHDRAW_ADMIN, WITHDRAW_ADMIN);
 
-        _setRoleAdmin(FREEZE_HANDLER, FREEZE_HANDLER_ADMIN);
-        _setRoleAdmin(FREEZE_HANDLER_ADMIN, FREEZE_HANDLER_ADMIN);
-
         _grantRole(CERTIFY_ADMIN, config.initialAdmin);
         _grantRole(CONFISCATE_RECEIPT_ADMIN, config.initialAdmin);
         _grantRole(CONFISCATE_SHARES_ADMIN, config.initialAdmin);
         _grantRole(DEPOSIT_ADMIN, config.initialAdmin);
         _grantRole(WITHDRAW_ADMIN, config.initialAdmin);
-        _grantRole(FREEZE_HANDLER_ADMIN, config.initialAdmin);
 
         return ICLONEABLE_V2_SUCCESS;
     }
@@ -173,13 +163,6 @@ contract OffchainAssetReceiptVaultAuthorizerV1 is IAuthorizeV1, ICloneableV2, Ac
 
             // Everyone else can only transfer while the certification is valid.
             if (isCertificationExpired) {
-                // Handlers can ALWAYS send and receive funds.
-                // Handlers bypass BOTH the timestamp on certification AND tier based
-                // restriction.
-                if (hasRole(FREEZE_HANDLER, from) || hasRole(FREEZE_HANDLER, to)) {
-                    return;
-                }
-
                 // Minting and burning is always allowed for the respective roles if they
                 // interact directly with the shares/receipt. Minting and burning is ALSO
                 // valid after the certification expires as it is likely the only way to
@@ -188,10 +171,13 @@ contract OffchainAssetReceiptVaultAuthorizerV1 is IAuthorizeV1, ICloneableV2, Ac
                     return;
                 }
 
-                // Confiscation is always allowed as it likely represents some kind of
-                // regulatory/legal requirement. It may also be required to satisfy
-                // certification requirements.
-                if (hasRole(CONFISCATE_SHARES, to) || hasRole(CONFISCATE_RECEIPT, to)) {
+                // Confiscators bypass the certification check when they are the
+                // user. This allows for legal confiscation during system freeze
+                // and for certification repair.
+                if (
+                    (permission == TRANSFER_SHARES && hasRole(CONFISCATE_SHARES, user))
+                        || (permission == TRANSFER_RECEIPT && hasRole(CONFISCATE_RECEIPT, user))
+                ) {
                     return;
                 }
 

src/concrete/authorize/OffchainAssetReceiptVaultAuthorizerV1.sol

@@ -5,8 +5,8 @@ pragma solidity =0.8.25;
 import {ICloneableV2, ICLONEABLE_V2_SUCCESS} from "rain.factory/interface/ICloneableV2.sol";
 
 import {IReceiptManagerV2} from "../../interface/IReceiptManagerV2.sol";
-import {IReceiptV2} from "../../interface/IReceiptV2.sol";
-import {IReceiptVaultV2} from "../../interface/IReceiptVaultV2.sol";
+import {IReceiptV3} from "../../interface/IReceiptV3.sol";
+import {IReceiptVaultV3} from "../../interface/IReceiptVaultV3.sol";
 import {OnlyManager} from "../../error/ErrReceipt.sol";
 import {ERC1155Upgradeable as ERC1155} from
     "openzeppelin-contracts-upgradeable/contracts/token/ERC1155/ERC1155Upgradeable.sol";
@@ -25,15 +25,17 @@ string constant RECEIPT_NAME_SUFFIX = " Receipt";
 string constant RECEIPT_SYMBOL_SUFFIX = " RCPT";
 
 /// @title Receipt
-/// @notice The `IReceiptV2` for a `ReceiptVault`. Standard implementation allows
+/// @notice The `IReceiptV3` for a `ReceiptVault`. Standard implementation allows
 /// receipt information to be emitted and mints/burns according to manager
 /// authorization.
-contract Receipt is IReceiptV2, ERC1155, ICloneableV2 {
+contract Receipt is IReceiptV3, ERC1155, ICloneableV2 {
     /// The manager of the `Receipt` contract.
     /// Set during `initialize` and cannot be changed.
     /// Intended to be a `ReceiptVault` contract.
     IReceiptManagerV2 internal sManager;
 
+    address private sSender = address(0);
+
     /// Disables initializers so that the clonable implementation cannot be
     /// initialized and used directly outside a factory deployment.
     constructor() {
@@ -48,6 +50,17 @@ contract Receipt is IReceiptV2, ERC1155, ICloneableV2 {
         _;
     }
 
+    modifier withSender(address sender) {
+        sSender = sender;
+        _;
+        sSender = address(0);
+    }
+
+    function _msgSender() internal view virtual override returns (address) {
+        address sender = sSender;
+        return sender == address(0) ? msg.sender : sender;
+    }
+
     /// Initializes the `Receipt` so that it is usable as a clonable
     /// implementation in `ReceiptFactory`.
     /// Compatible with `ICloneableV2`.
@@ -80,12 +93,12 @@ contract Receipt is IReceiptV2, ERC1155, ICloneableV2 {
         return string.concat(DATA_URI_BASE64_PREFIX, Base64.encode(json));
     }
 
-    /// @inheritdoc IReceiptV2
+    /// @inheritdoc IReceiptV3
     function name() public view virtual returns (string memory) {
         return string.concat(_vaultShareSymbol(), RECEIPT_NAME_SUFFIX);
     }
 
-    /// @inheritdoc IReceiptV2
+    /// @inheritdoc IReceiptV3
     function symbol() external view virtual returns (string memory) {
         return string.concat(_vaultShareSymbol(), RECEIPT_SYMBOL_SUFFIX);
     }
@@ -101,40 +114,45 @@ contract Receipt is IReceiptV2, ERC1155, ICloneableV2 {
     /// managing this `Receipt` is accepting for mints. Can be overridden if the
     /// manager is not going to be a `ReceiptVault`.
     function _vaultAssetSymbol() internal view virtual returns (string memory) {
-        return IERC20Metadata(IReceiptVaultV2(payable(address(sManager))).asset()).symbol();
+        return IERC20Metadata(IReceiptVaultV3(payable(address(sManager))).asset()).symbol();
     }
 
-    /// @inheritdoc IReceiptV2
+    /// @inheritdoc IReceiptV3
     function manager() external view virtual returns (address) {
         return address(sManager);
     }
 
-    /// @inheritdoc IReceiptV2
+    /// @inheritdoc IReceiptV3
     function managerMint(address sender, address account, uint256 id, uint256 amount, bytes memory data)
         external
         virtual
         onlyManager
+        withSender(sender)
     {
         _receiptInformation(sender, id, data);
         _mint(account, id, amount, data);
     }
 
-    /// @inheritdoc IReceiptV2
+    /// @inheritdoc IReceiptV3
     function managerBurn(address sender, address account, uint256 id, uint256 amount, bytes memory data)
         external
         virtual
         onlyManager
+        withSender(sender)
     {
         _receiptInformation(sender, id, data);
         _burn(account, id, amount);
     }
 
-    /// @inheritdoc IReceiptV2
-    function managerTransferFrom(address from, address to, uint256 id, uint256 amount, bytes memory data)
-        external
-        virtual
-        onlyManager
-    {
+    /// @inheritdoc IReceiptV3
+    function managerTransferFrom(
+        address sender,
+        address from,
+        address to,
+        uint256 id,
+        uint256 amount,
+        bytes memory data
+    ) external virtual onlyManager withSender(sender) {
         _safeTransferFrom(from, to, id, amount, data);
     }
 
@@ -150,7 +168,7 @@ contract Receipt is IReceiptV2, ERC1155, ICloneableV2 {
         bytes memory data
     ) internal virtual override {
         super._beforeTokenTransfer(operator, from, to, ids, amounts, data);
-        sManager.authorizeReceiptTransfer3(from, to, ids, amounts);
+        sManager.authorizeReceiptTransfer3(operator, from, to, ids, amounts);
     }
 
     /// Emits `ReceiptInformation` if there is any data.
@@ -164,7 +182,7 @@ contract Receipt is IReceiptV2, ERC1155, ICloneableV2 {
         }
     }
 
-    /// @inheritdoc IReceiptV2
+    /// @inheritdoc IReceiptV3
     function receiptInformation(uint256 id, bytes memory data) external virtual {
         _receiptInformation(msg.sender, id, data);
     }

src/concrete/receipt/Receipt.sol

@@ -10,7 +10,7 @@ import {
     ReceiptVault,
     ShareAction,
     ICLONEABLE_V2_SUCCESS,
-    ReceiptVaultConstructionConfig
+    ReceiptVaultConstructionConfigV2
 } from "../../abstract/ReceiptVault.sol";
 import {IPriceOracleV2} from "../../interface/IPriceOracleV2.sol";
 
@@ -90,7 +90,7 @@ contract ERC20PriceOracleReceiptVault is ReceiptVault {
     /// The price oracle used for all minting calculations.
     IPriceOracleV2 public priceOracle;
 
-    constructor(ReceiptVaultConstructionConfig memory config) ReceiptVault(config) {}
+    constructor(ReceiptVaultConstructionConfigV2 memory config) ReceiptVault(config) {}
 
     /// Initialization of the underlying receipt vault and price oracle.
     function initialize(bytes memory data) public virtual override initializer returns (bytes32) {

src/concrete/vault/ERC20PriceOracleReceiptVault.sol

@@ -9,10 +9,10 @@ import {
     ShareAction,
     InvalidId,
     ICLONEABLE_V2_SUCCESS,
-    ReceiptVaultConstructionConfig
+    ReceiptVaultConstructionConfigV2
 } from "../../abstract/ReceiptVault.sol";
 import {OwnableUpgradeable as Ownable} from "openzeppelin-contracts-upgradeable/contracts/access/OwnableUpgradeable.sol";
-import {IReceiptV2} from "../../interface/IReceiptV2.sol";
+import {IReceiptV3} from "../../interface/IReceiptV3.sol";
 import {MathUpgradeable as Math} from "openzeppelin-contracts-upgradeable/contracts/utils/math/MathUpgradeable.sol";
 import {ITierV2} from "rain.tier.interface/interface/ITierV2.sol";
 import {IAuthorizeV1, Unauthorized} from "../../interface/IAuthorizeV1.sol";
@@ -289,7 +289,7 @@ contract OffchainAssetReceiptVault is ReceiptVault, IAuthorizeV1, Ownable {
     /// be certified to a future time.
     uint256 internal sCertifiedUntil;
 
-    constructor(ReceiptVaultConstructionConfig memory config) ReceiptVault(config) {}
+    constructor(ReceiptVaultConstructionConfigV2 memory config) ReceiptVault(config) {}
 
     /// Initializes the initial admin and the underlying `ReceiptVault`.
     /// The admin provided will be admin of all roles and can reassign and revoke
@@ -356,14 +356,16 @@ contract OffchainAssetReceiptVault is ReceiptVault, IAuthorizeV1, Ownable {
 
     /// Apply standard transfer restrictions to receipt transfers.
     /// @inheritdoc ReceiptVault
-    function authorizeReceiptTransfer3(address from, address to, uint256[] memory ids, uint256[] memory amounts)
-        public
-        virtual
-        override
-    {
-        super.authorizeReceiptTransfer3(from, to, ids, amounts);
+    function authorizeReceiptTransfer3(
+        address operator,
+        address from,
+        address to,
+        uint256[] memory ids,
+        uint256[] memory amounts
+    ) public virtual override {
+        super.authorizeReceiptTransfer3(operator, from, to, ids, amounts);
         sAuthorizer.authorize(
-            msg.sender,
+            operator,
             TRANSFER_RECEIPT,
             abi.encode(
                 TransferReceiptStateChange({
@@ -575,7 +577,7 @@ contract OffchainAssetReceiptVault is ReceiptVault, IAuthorizeV1, Ownable {
         sAuthorizer.authorize(msg.sender, CERTIFY, abi.encode(certifyStateChange));
     }
 
-    function isCertificationExpired() internal view returns (bool) {
+    function isCertificationExpired() public view returns (bool) {
         return block.timestamp > sCertifiedUntil;
     }
 
@@ -692,7 +694,7 @@ contract OffchainAssetReceiptVault is ReceiptVault, IAuthorizeV1, Ownable {
         uint256 actualAmount = receipt().balanceOf(confiscatee, id).min(targetAmount);
         if (actualAmount > 0) {
             emit ConfiscateReceipt(msg.sender, confiscatee, id, targetAmount, actualAmount, data);
-            receipt().managerTransferFrom(confiscatee, msg.sender, id, actualAmount, "");
+            receipt().managerTransferFrom(msg.sender, confiscatee, msg.sender, id, actualAmount, "");
         }
 
         sAuthorizer.authorize(