open-dollar / od-contracts Goto Github PK

uri should call a new outside contract
the address for it is stored in Vault721
the address for the outside contract can be updated by the governor
the outside contract returns URI

https://github.com/UseKeyp/opendollar/blob/dev/src/script/Params.s.sol

existing:

// Collateral Names
bytes32 constant RETH = bytes32('ETH-A'); // 0x4554482d41000000000000000000000000000000000000000000000000000000
bytes32 constant CETH = bytes32('WETH'); // 0x5745544800000000000000000000000000000000000000000000000000000000
bytes32 constant WSTETH = bytes32('WSTETH'); // 0x5753544554480000000000000000000000000000000000000000000000000000
bytes32 constant ARB = bytes32('OP'); // 0x4f50000000000000000000000000000000000000000000000000000000000000
bytes32 constant MAGIC = bytes32('WBTC'); // 0x5742544300000000000000000000000000000000000000000000000000000000

• a test token that always goes down in price

So for each of these that doesnt already exist a version should be deployed where we are testing that can be minted in unlimited amounts for testing: WSTETH, RETH, ARB instead of OP, WBTC.

Then add the tokens to the params with proper names and addresses in a few places as part of the deploy script

• all the input args needed for FE logged after deployment
• all addresses easy to copy paste into discord and share with FE team

The DAO should be able to update the SAFE engine address or what ever is down stream of the NFT

Modify DSProxy deployment from the registry so that it is owned by Vault721, instead of end user, by updating the deploy function in the proxy registry which calls the proxy factory

test:

• bytecode can be passed and used as expected
• 1 proxy is deployed per user

Run yarn build

• Mintable function can be called by SafeManager to create a new safe and mints a new NFT with SAFEid = nft id
• set SafeManager address during deployment once
• update deployment scripts to set SafeManager address
• permissioned setter for updating SafeManager address that can only be updated by the DAO address
• import openzeppelin 721
• added to Proxy Registry and renaming the contract Vault721

testing

• minting can only be called by authorized address

Change the % of fees that goes to the burning mechanism vs a treasury
test and verify the amounts work as expected

if a user transfers their DSProxy, research how that would effect the ownership of their vault and handle it appropriately.

Example:
User A owns safe 1, 2, and 3.
User A transfers their proxy to user B
User A's wallet still has NFT 1, 2, 3 - but the proxy that owns the corresponding safes is controlled by user B.
uh oh

Question:
if we disable DSProxy transfers - does this break other things??

Todo:

• check for test of dsproxy transfer
• search codebase for dsproxy transfer function being called

When user does not have a proxy deployed and they are being transfered an NFT, deploy a new proxy from the proxy registry for them. Override the erc721 transfer function to do so in the proxy registry contract

include tests:

• transferring NFT also transfers ownership of the SAFE
• users who do not own the NFT can not transfer the NFT
• users who are transfered the NFT and already have a proxy do not have a new one deployed
• users who are transfered the NFT and do not have a proxy deployed get one deployed for them

• description for the NFT collection, Caution! Trading this NFT means trading the ownership of your Vault in the Open Dollar protocol and all of the assets/collateral inside each Vault
• other metadata
• default URI
  Closed by #100

Collateral Type
contract: HaiSafeManager
function: safeData(uint256 _safe)

Collateral Ratio
contract: OracleRelayer
function: cParams(bytes32 _cType)

Stability Fee
contract: TaxCollector
function: cParams(bytes32 _cType)

Liquidation Penalty
contract: LiquidationEngine
function: cParams(bytes32 _cType)

the Ownable import on the ODProxy contract does not use OZ, double check that it is okay

should revert and disable surplus auction only when surplusIsTransferred == 100%

• read only function totalSupply() should return the total supply of vaults in the system
• should return a public uint variable also called totalSupply

1 DSProxy is deployed per user. Since the user is our NFT
add a constructor that deploys the DSProxy from our NFT contract.

Research whether multiple users having the same proxy will cause security issues or other problems

what happens to NFT when a Safe is closed?

for testing convenience, the safe manager governor can update the vault721 addr, but should not be possible on prod deployment. only Vault721 should be able to update it's safemanager var

1. Check for NFT burning and safe access in
   src/test/nft/NFTSecurity.t.sol

• User should not be able to burn NFT
• if things are burned make sure the correct owner only can access stuff

2. use arb goerli token addresses in setup in src/test/nft/GoerliForkSetup.t.sol. blocked by #3

3. more tests for outside unknown proxies trying to interact in different ways

primarily show fuzzing and code coverage for all NFT changes

• automated test
• manual test
• add to docs

Proxy transferability depends on getSafes function to access array of SafeIds/tokenIds belonging to a user and their proxy. This array can be manipulated with addSAFE and removeSAFE, which does not affect safe ownership, only adds or removes a safe to the _usrSafes array

yarn build should build everything with no errors
remove op deployment files that we arent using that break yarn build

use create2 to deploy prod nft contract and OD token contract and ODG gov token contract if possible to addresses that start with 0x0D000 and have as many 0s as possible

Amount to give as reward for completing jobs https://github.com/open-dollar/od-contracts/blob/6f52f46d2e85a1ccd0f97b82c5ffdf8afed00787/src/contracts/jobs/Job.sol

Decide on rewards for each contract:

• AccountingJob
• LiquidationJob
• OracleJob

is this SAFEManager or end user? how is this address used and should it be set the the NFT contract address?

ISAFEEngine(_safeEngine).approveSAFEModification( msg.sender);

Suggest completing with #132

Collateral

"WSTETH",
"CBETH",
"RETH",
"ARB",
"MAGIC",

• Create a list of collateral we will launch with
• Update the test tokens to match the same symbols / names as the launch collateral tokens
• These should still be deployed fresh each time (local and goerli)
• Oracles should be OracleForTestnet

OD / ODG

• Update the symbol/name for OD and ODG

1. deploy a version with the governor set as a timelock for the governance token governor contract
2. test adding a new collateral token on goerli

Modified Safe Manager transferSAFEOwnership function can only be called via the vault721 contract. This is a

Users can no longer use the transferSAFEOwnership function directly from their proxy, they must transfer their 721 in order to transfer ownership. This prevents the Safe Manager from having special permissions on the vault721 contract (it doesnt need to call back the transfer function on the 721 if someone were to use the existing transferSAFEOwnership), which limits the attacks surface the most.

if a user transfers their proxy, who owns the NFTs for their vault and is everything consistent?

write a test for this to automate it

Target mid fall 2023. Dependent on uniswap v4 release

• replace chainlink with hooks oracle
• governance around swapping pool incentives
• design pool incentives based on capital efficiency

yarn
rename .env
setup evn
change deployment rpc stuff
forge build
deployment script for testnet

users should not be able to create vaults themselves directly
they have to go through our nft contract
modifyDSProxy or downstream so only the NFT vault contract can interact
DAO should be able to modify any yuplist

1. add a governance folder in the contracts repo
2. add governor bravo contracts
3. add governor to deployment scripts: after system coin is created
4. add governor params to deployment params file
5. set timelock contract as the governor param as part of deployment

replace OP stuff with ARB stuff

check that lockCollateral geb basic action parameters have been updates and we should make sure its consistent with SDK

Part 1

• modify the openSafe function to also mint an NFT
• set the NFT contract address during deployment, and modify testing and prod deployment scripts
• create a permissioned setter function to allow only the DAO to update the NFT contract address which is used during minting/createSafe

Part 2
Update to minting function to check proxy registry to make sure proxy is.. registered. Goal: during transfers we know you can only transfer to existing known proxies owned by the Vault721 contract.

Tests for everything: transfers, creation, re-entry, proxy is known in all cases, and deployment is as expected.

note: do not update modifier because it touches too many things, just add a simple req to make sure proxies are known.

HUGE

go through EVERY SINGLE TEST in the automated fuzzing tests and unit tests to update where the end user calls get routed through to the rest of the SAFE engine.

• testing on new transfer functions via NFTs
• basic NFT tests for new features
• passing linter tests
• updated safe transfer tests that hit the safe manager

1. what is the difference beyween comelot and uni v3 interface - determine if we can use comelot as a price oracle
2. add deployment of pool to testing scripts
3. test factory for cam v3

• create safe
• template for private key or seed phrase or in env
• deposit eth
• borrow OD
• can be run with simple command

https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC721/ERC721.sol

OZ _safemint only checks that the receiver is not address(0) but not if the id already is used for a token

set governor to TimelockController contract
example on Goerli-OP: 0x8679A33Dc1DB18b0eD67260b97730213a77C2e6e

https://github.com/UseKeyp/opendollar/blob/0957d053a31d805630cb59c56b454522579d31dc/src/script/Common.s.sol#L182

replace KITE with OPEN

governor
delegate
chainid
pricefeed
chainlink feed

HAI -> OD
OP -> ARB
KITE -> ODG

https://github.com/UseKeyp/opendollar/blob/dev/src/script/Deploy.s.sol

rebuild deployment script with our params and also make a changelog of how parameters were set