@etherisc/gif-next 0.0.2-fc8b370-882 → 0.0.2-fd275d2-234

package/contracts/instance/BundleManager.sol

@@ -0,0 +1,152 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.20;
+
+import {IInstance} from "./IInstance.sol";
+import {INSTANCE} from "../types/ObjectType.sol";
+import {InstanceReader} from "./InstanceReader.sol";
+import {IPolicy} from "../instance/module/IPolicy.sol";
+import {IRegistry} from "../registry/IRegistry.sol";
+import {LibNftIdSet} from "../types/NftIdSet.sol";
+import {NftId} from "../types/NftId.sol";
+import {TimestampLib} from "../types/Timestamp.sol";
+
+import {ObjectManager} from "./ObjectManager.sol";
+
+contract BundleManager is 
+    ObjectManager
+{
+
+    event LogBundleManagerPolicyLinked(NftId bundleNftId, NftId policyNftId);
+    event LogBundleManagerPolicyUnlinked(NftId bundleNftId, NftId policyNftId);
+
+    event LogBundleManagerBundleAdded(NftId poolNftId, NftId bundleNftId);
+    event LogBundleManagerBundleUnlocked(NftId poolNftId, NftId bundleNftId);
+    event LogBundleManagerBundleLocked(NftId poolNftId, NftId bundleNftId);
+
+    error ErrorBundleManagerErrorPolicyAlreadyActivated(NftId policyNftId);
+    error ErrorBundleManagerErrorBundleLocked(NftId bundleNftId, NftId policyNftId);
+    error ErrorBundleManagerPolicyWithOpenClaims(NftId policyNftId, uint256 openClaimsCount);
+    error ErrorBundleManagerPolicyNotCloseable(NftId policyNftId);
+    error ErrorBundleManagerBundleUnknown(NftId bundleNftId);
+    error ErrorBundleManagerBundleNotRegistered(NftId bundleNftId);
+
+    mapping(NftId bundleNftId => LibNftIdSet.Set policies) internal _activePolicies;
+
+    constructor() ObjectManager() {
+    }
+
+
+    /// @dev links a policy with its bundle
+    // to link a policy it MUST NOT yet have been activated
+    // the bundle MUST be unlocked (active) for linking (underwriting) and registered with this instance
+    // TODO decide what is checked here (non upgradeable) and what is checked in the service (upgradeable)
+    function linkPolicy(NftId policyNftId) external restricted() {
+        IPolicy.PolicyInfo memory policyInfo = _instanceReader.getPolicyInfo(policyNftId);
+
+        // ensure policy has not yet been activated
+        if (policyInfo.activatedAt.gtz()) {
+            revert ErrorBundleManagerErrorPolicyAlreadyActivated(policyNftId);
+        }
+
+        NftId bundleNftId = policyInfo.bundleNftId;
+        // TODO decide to use instance reader or registry
+        // decision will likely depend on the decision what to check here and what in the service
+        NftId poolNftId = _instanceReader.getBundleInfo(bundleNftId).poolNftId;
+
+        // ensure bundle is unlocked (in active set) and registered with this instance
+        if (!_isActive(poolNftId, bundleNftId)) {
+            revert ErrorBundleManagerErrorBundleLocked(bundleNftId, policyNftId);
+        }
+
+        LibNftIdSet.add(_activePolicies[bundleNftId], policyNftId);
+        emit LogBundleManagerPolicyLinked(bundleNftId, policyNftId);
+    }
+
+
+    /// @dev unlinks a policy from its bundle
+    // to unlink a policy it must closable, ie. meet one of the following criterias
+    // - the policy MUST be past its expiry period and it MUST NOT have any open claims
+    // - the policy's payoutAmount MUST be equal to its sumInsuredAmount and MUST NOT have any open claims
+    // TODO decide what is checked here (non upgradeable) and what is checked in the service (upgradeable)
+    function unlinkPolicy(NftId policyNftId) external restricted() {
+        IPolicy.PolicyInfo memory policyInfo = _instanceReader.getPolicyInfo(policyNftId);
+
+        // ensure policy has no open claims
+        if (policyInfo.openClaimsCount > 0) {
+            revert ErrorBundleManagerPolicyWithOpenClaims(
+                policyNftId, 
+                policyInfo.openClaimsCount);
+        }
+
+        // ensure policy is closeable
+        if (policyInfo.expiredAt < TimestampLib.blockTimestamp()
+            || policyInfo.payoutAmount < policyInfo.sumInsuredAmount)
+        {
+            revert ErrorBundleManagerPolicyNotCloseable(policyNftId);
+        }
+
+        NftId bundleNftId = policyInfo.bundleNftId;
+        // TODO decide to use instance reader or registry
+        // decision will likely depend on the decision what to check here and what in the service
+        NftId poolNftId = _instanceReader.getBundleInfo(bundleNftId).poolNftId;
+
+        // ensure bundle is registered with this instance
+        if (!_contains(poolNftId, bundleNftId)) {
+            revert ErrorBundleManagerBundleUnknown(bundleNftId);
+        }
+
+        LibNftIdSet.remove(_activePolicies[bundleNftId], policyNftId);
+        emit LogBundleManagerPolicyUnlinked(policyInfo.bundleNftId, policyNftId);
+    }
+
+
+    /// @dev add a new bundle to a riskpool registerd with this instance
+    // the corresponding pool is fetched via instance reader
+    function add(NftId bundleNftId) external restricted() {
+        NftId poolNftId = _instanceReader.getBundleInfo(bundleNftId).poolNftId;
+
+        // ensure pool is registered with instance
+        if(poolNftId.eqz()) {
+            revert ErrorBundleManagerBundleNotRegistered(bundleNftId);
+        }
+
+        _add(poolNftId, bundleNftId);
+        emit LogBundleManagerBundleAdded(poolNftId, bundleNftId);
+    }
+
+    /// @dev unlocked (active) bundles are available to underwrite new policies
+    function unlock(NftId poolNftId , NftId bundleNftId) external restricted() {
+        _activate(poolNftId, bundleNftId);
+        emit LogBundleManagerBundleUnlocked(poolNftId, bundleNftId);
+    }
+
+    /// @dev locked (deactivated) bundles may not underwrite any new policies
+    function lock(NftId poolNftId , NftId bundleNftId) external restricted() {
+        _deactivate(poolNftId, bundleNftId);
+        emit LogBundleManagerBundleLocked(poolNftId, bundleNftId);
+    }
+
+    function bundles(NftId poolNftId) external view returns(uint256) {
+        return _objects(poolNftId);
+    }
+
+    function getBundleNftId(NftId poolNftId, uint256 idx) external view returns(NftId bundleNftId) {
+        return _getObject(poolNftId, idx);
+    }
+
+    function activeBundles(NftId poolNftId) external view returns(uint256) {
+        return _activeObjs(poolNftId);
+    }
+
+    function getActiveBundleNftId(NftId poolNftId, uint256 idx) external view returns(NftId bundleNftId) {
+        return _getActiveObject(poolNftId, idx);
+    }
+
+    function activePolicies(NftId bundleNftId) external view returns(uint256) {
+        return LibNftIdSet.size(_activePolicies[bundleNftId]);
+    }
+
+    function getActivePolicy(NftId bundleNftId, uint256 idx) external view returns(NftId policyNftId) {
+        return LibNftIdSet.getElementAt(_activePolicies[bundleNftId], idx);
+    }
+}

package/contracts/instance/Cloneable.sol

@@ -0,0 +1,46 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.20;
+
+import {AccessManagedUpgradeable} from "@openzeppelin/contracts-upgradeable/access/manager/AccessManagedUpgradeable.sol";
+import {IERC165} from "@openzeppelin/contracts/utils/introspection/IERC165.sol";
+
+import {IRegistry} from "../registry/IRegistry.sol";
+
+abstract contract Cloneable is 
+    AccessManagedUpgradeable
+{
+    event CloneableInitialized(address authority, address registry);
+
+    error CloneableRegistryInvalid(address registry);
+
+    IRegistry internal _registry;
+
+    constructor() {
+        _registry = IRegistry(address(0));
+    }
+
+    /// @dev call to initialize MUST be made in the same transaction as cloning of the contract
+    function initialize(
+        address authority,
+        address registry
+    )
+        public 
+        initializer
+    {
+        // check/handle access managed
+        __AccessManaged_init(authority);
+
+        // check/handle registry
+        if (registry.code.length == 0) {
+            revert CloneableRegistryInvalid(registry);
+        }
+
+        _registry = IRegistry(registry);
+
+        emit CloneableInitialized(authority, registry);
+    }
+
+    function getRegistry() external view returns (IRegistry) {
+        return _registry;
+    }
+}

package/contracts/instance/IAccessManagerSimple.sol

@@ -0,0 +1,391 @@
+// SPDX-License-Identifier: MIT
+// OpenZeppelin Contracts (last updated v5.0.0) (access/manager/IAccessManager.sol)
+
+pragma solidity ^0.8.20;
+
+import {IAccessManaged} from "@openzeppelin/contracts/access/manager/IAccessManaged.sol";
+
+interface IAccessManagerSimple {
+    /**
+     * @dev A delayed operation was scheduled.
+     */
+    event OperationScheduled(
+        bytes32 indexed operationId,
+        uint32 indexed nonce,
+        uint48 schedule,
+        address caller,
+        address target,
+        bytes data
+    );
+
+    /**
+     * @dev A scheduled operation was executed.
+     */
+    event OperationExecuted(bytes32 indexed operationId, uint32 indexed nonce);
+
+    /**
+     * @dev A scheduled operation was canceled.
+     */
+    event OperationCanceled(bytes32 indexed operationId, uint32 indexed nonce);
+
+    /**
+     * @dev Informational labelling for a roleId.
+     */
+    event RoleLabel(uint64 indexed roleId, string label);
+
+    /**
+     * @dev Emitted when `account` is granted `roleId`.
+     *
+     * NOTE: The meaning of the `since` argument depends on the `newMember` argument.
+     * If the role is granted to a new member, the `since` argument indicates when the account becomes a member of the role,
+     * otherwise it indicates the execution delay for this account and roleId is updated.
+     */
+    event RoleGranted(uint64 indexed roleId, address indexed account, uint32 delay, uint48 since, bool newMember);
+
+    /**
+     * @dev Emitted when `account` membership or `roleId` is revoked. Unlike granting, revoking is instantaneous.
+     */
+    event RoleRevoked(uint64 indexed roleId, address indexed account);
+
+    /**
+     * @dev Role acting as admin over a given `roleId` is updated.
+     */
+    event RoleAdminChanged(uint64 indexed roleId, uint64 indexed admin);
+
+    /**
+     * @dev Role acting as guardian over a given `roleId` is updated.
+     */
+    event RoleGuardianChanged(uint64 indexed roleId, uint64 indexed guardian);
+
+    /**
+     * @dev Grant delay for a given `roleId` will be updated to `delay` when `since` is reached.
+     */
+    event RoleGrantDelayChanged(uint64 indexed roleId, uint32 delay, uint48 since);
+
+    /**
+     * @dev Target mode is updated (true = closed, false = open).
+     */
+    event TargetClosed(address indexed target, bool closed);
+
+    /**
+     * @dev Role required to invoke `selector` on `target` is updated to `roleId`.
+     */
+    event TargetFunctionRoleUpdated(address indexed target, bytes4 selector, uint64 indexed roleId);
+
+    /**
+     * @dev Admin delay for a given `target` will be updated to `delay` when `since` is reached.
+     */
+    event TargetAdminDelayUpdated(address indexed target, uint32 delay, uint48 since);
+
+    error AccessManagerAlreadyScheduled(bytes32 operationId);
+    error AccessManagerNotScheduled(bytes32 operationId);
+    error AccessManagerNotReady(bytes32 operationId);
+    error AccessManagerExpired(bytes32 operationId);
+    error AccessManagerLockedAccount(address account);
+    error AccessManagerLockedRole(uint64 roleId);
+    error AccessManagerBadConfirmation();
+    error AccessManagerUnauthorizedAccount(address msgsender, uint64 roleId);
+    error AccessManagerUnauthorizedCall(address caller, address target, bytes4 selector);
+    error AccessManagerUnauthorizedConsume(address target);
+    error AccessManagerUnauthorizedCancel(address msgsender, address caller, address target, bytes4 selector);
+    error AccessManagerInvalidInitialAdmin(address initialAdmin);
+
+    /**
+     * @dev Check if an address (`caller`) is authorised to call a given function on a given contract directly (with
+     * no restriction). Additionally, it returns the delay needed to perform the call indirectly through the {schedule}
+     * & {execute} workflow.
+     *
+     * This function is usually called by the targeted contract to control immediate execution of restricted functions.
+     * Therefore we only return true if the call can be performed without any delay. If the call is subject to a
+     * previously set delay (not zero), then the function should return false and the caller should schedule the operation
+     * for future execution.
+     *
+     * If `immediate` is true, the delay can be disregarded and the operation can be immediately executed, otherwise
+     * the operation can be executed if and only if delay is greater than 0.
+     *
+     * NOTE: The IAuthority interface does not include the `uint32` delay. This is an extension of that interface that
+     * is backward compatible. Some contracts may thus ignore the second return argument. In that case they will fail
+     * to identify the indirect workflow, and will consider calls that require a delay to be forbidden.
+     *
+     * NOTE: This function does not report the permissions of this manager itself. These are defined by the
+     * {_canCallSelf} function instead.
+     */
+    function canCall(
+        address caller,
+        address target,
+        bytes4 selector
+    ) external view returns (bool allowed, uint32 delay);
+
+    /**
+     * @dev Expiration delay for scheduled proposals. Defaults to 1 week.
+     *
+     * IMPORTANT: Avoid overriding the expiration with 0. Otherwise every contract proposal will be expired immediately,
+     * disabling any scheduling usage.
+     */
+    function expiration() external view returns (uint32);
+
+    /**
+     * @dev Minimum setback for all delay updates, with the exception of execution delays. It
+     * can be increased without setback (and reset via {revokeRole} in the case event of an
+     * accidental increase). Defaults to 5 days.
+     */
+    function minSetback() external view returns (uint32);
+
+    /**
+     * @dev Get whether the contract is closed disabling any access. Otherwise role permissions are applied.
+     */
+    function isTargetClosed(address target) external view returns (bool);
+
+    /**
+     * @dev Get the role required to call a function.
+     */
+    function getTargetFunctionRole(address target, bytes4 selector) external view returns (uint64);
+
+    /**
+     * @dev Get the admin delay for a target contract. Changes to contract configuration are subject to this delay.
+     */
+    function getTargetAdminDelay(address target) external view returns (uint32);
+
+    /**
+     * @dev Get the id of the role that acts as an admin for the given role.
+     *
+     * The admin permission is required to grant the role, revoke the role and update the execution delay to execute
+     * an operation that is restricted to this role.
+     */
+    function getRoleAdmin(uint64 roleId) external view returns (uint64);
+
+    /**
+     * @dev Get the role that acts as a guardian for a given role.
+     *
+     * The guardian permission allows canceling operations that have been scheduled under the role.
+     */
+    function getRoleGuardian(uint64 roleId) external view returns (uint64);
+
+    /**
+     * @dev Get the role current grant delay.
+     *
+     * Its value may change at any point without an event emitted following a call to {setGrantDelay}.
+     * Changes to this value, including effect timepoint are notified in advance by the {RoleGrantDelayChanged} event.
+     */
+    function getRoleGrantDelay(uint64 roleId) external view returns (uint32);
+
+    /**
+     * @dev Get the access details for a given account for a given role. These details include the timepoint at which
+     * membership becomes active, and the delay applied to all operation by this user that requires this permission
+     * level.
+     *
+     * Returns:
+     * [0] Timestamp at which the account membership becomes valid. 0 means role is not granted.
+     * [1] Current execution delay for the account.
+     * [2] Pending execution delay for the account.
+     * [3] Timestamp at which the pending execution delay will become active. 0 means no delay update is scheduled.
+     */
+    function getAccess(uint64 roleId, address account) external view returns (uint48, uint32, uint32, uint48);
+
+    /**
+     * @dev Check if a given account currently has the permission level corresponding to a given role. Note that this
+     * permission might be associated with an execution delay. {getAccess} can provide more details.
+     */
+    function hasRole(uint64 roleId, address account) external view returns (bool, uint32);
+
+    /**
+     * @dev Give a label to a role, for improved role discoverability by UIs.
+     *
+     * Requirements:
+     *
+     * - the caller must be a global admin
+     *
+     * Emits a {RoleLabel} event.
+     */
+    function labelRole(uint64 roleId, string calldata label) external;
+
+    /**
+     * @dev Add `account` to `roleId`, or change its execution delay.
+     *
+     * This gives the account the authorization to call any function that is restricted to this role. An optional
+     * execution delay (in seconds) can be set. If that delay is non 0, the user is required to schedule any operation
+     * that is restricted to members of this role. The user will only be able to execute the operation after the delay has
+     * passed, before it has expired. During this period, admin and guardians can cancel the operation (see {cancel}).
+     *
+     * If the account has already been granted this role, the execution delay will be updated. This update is not
+     * immediate and follows the delay rules. For example, if a user currently has a delay of 3 hours, and this is
+     * called to reduce that delay to 1 hour, the new delay will take some time to take effect, enforcing that any
+     * operation executed in the 3 hours that follows this update was indeed scheduled before this update.
+     *
+     * Requirements:
+     *
+     * - the caller must be an admin for the role (see {getRoleAdmin})
+     * - granted role must not be the `PUBLIC_ROLE`
+     *
+     * Emits a {RoleGranted} event.
+     */
+    function grantRole(uint64 roleId, address account, uint32 executionDelay) external;
+
+    /**
+     * @dev Remove an account from a role, with immediate effect. If the account does not have the role, this call has
+     * no effect.
+     *
+     * Requirements:
+     *
+     * - the caller must be an admin for the role (see {getRoleAdmin})
+     * - revoked role must not be the `PUBLIC_ROLE`
+     *
+     * Emits a {RoleRevoked} event if the account had the role.
+     */
+    function revokeRole(uint64 roleId, address account) external;
+
+    /**
+     * @dev Renounce role permissions for the calling account with immediate effect. If the sender is not in
+     * the role this call has no effect.
+     *
+     * Requirements:
+     *
+     * - the caller must be `callerConfirmation`.
+     *
+     * Emits a {RoleRevoked} event if the account had the role.
+     */
+    function renounceRole(uint64 roleId, address callerConfirmation) external;
+
+    /**
+     * @dev Change admin role for a given role.
+     *
+     * Requirements:
+     *
+     * - the caller must be a global admin
+     *
+     * Emits a {RoleAdminChanged} event
+     */
+    function setRoleAdmin(uint64 roleId, uint64 admin) external;
+
+    /**
+     * @dev Change guardian role for a given role.
+     *
+     * Requirements:
+     *
+     * - the caller must be a global admin
+     *
+     * Emits a {RoleGuardianChanged} event
+     */
+    function setRoleGuardian(uint64 roleId, uint64 guardian) external;
+
+    /**
+     * @dev Update the delay for granting a `roleId`.
+     *
+     * Requirements:
+     *
+     * - the caller must be a global admin
+     *
+     * Emits a {RoleGrantDelayChanged} event.
+     */
+    function setGrantDelay(uint64 roleId, uint32 newDelay) external;
+
+    /**
+     * @dev Set the role required to call functions identified by the `selectors` in the `target` contract.
+     *
+     * Requirements:
+     *
+     * - the caller must be a global admin
+     *
+     * Emits a {TargetFunctionRoleUpdated} event per selector.
+     */
+    function setTargetFunctionRole(address target, bytes4[] calldata selectors, uint64 roleId) external;
+
+    /**
+     * @dev Set the delay for changing the configuration of a given target contract.
+     *
+     * Requirements:
+     *
+     * - the caller must be a global admin
+     *
+     * Emits a {TargetAdminDelayUpdated} event.
+     */
+    function setTargetAdminDelay(address target, uint32 newDelay) external;
+
+    /**
+     * @dev Set the closed flag for a contract.
+     *
+     * Requirements:
+     *
+     * - the caller must be a global admin
+     *
+     * Emits a {TargetClosed} event.
+     */
+    function setTargetClosed(address target, bool closed) external;
+
+    /**
+     * @dev Return the timepoint at which a scheduled operation will be ready for execution. This returns 0 if the
+     * operation is not yet scheduled, has expired, was executed, or was canceled.
+     */
+    function getSchedule(bytes32 id) external view returns (uint48);
+
+    /**
+     * @dev Return the nonce for the latest scheduled operation with a given id. Returns 0 if the operation has never
+     * been scheduled.
+     */
+    function getNonce(bytes32 id) external view returns (uint32);
+
+    /**
+     * @dev Schedule a delayed operation for future execution, and return the operation identifier. It is possible to
+     * choose the timestamp at which the operation becomes executable as long as it satisfies the execution delays
+     * required for the caller. The special value zero will automatically set the earliest possible time.
+     *
+     * Returns the `operationId` that was scheduled. Since this value is a hash of the parameters, it can reoccur when
+     * the same parameters are used; if this is relevant, the returned `nonce` can be used to uniquely identify this
+     * scheduled operation from other occurrences of the same `operationId` in invocations of {execute} and {cancel}.
+     *
+     * Emits a {OperationScheduled} event.
+     *
+     * NOTE: It is not possible to concurrently schedule more than one operation with the same `target` and `data`. If
+     * this is necessary, a random byte can be appended to `data` to act as a salt that will be ignored by the target
+     * contract if it is using standard Solidity ABI encoding.
+     */
+    function schedule(address target, bytes calldata data, uint48 when) external returns (bytes32, uint32);
+
+    /**
+     * @dev Execute a function that is delay restricted, provided it was properly scheduled beforehand, or the
+     * execution delay is 0.
+     *
+     * Returns the nonce that identifies the previously scheduled operation that is executed, or 0 if the
+     * operation wasn't previously scheduled (if the caller doesn't have an execution delay).
+     *
+     * Emits an {OperationExecuted} event only if the call was scheduled and delayed.
+     */
+    function execute(address target, bytes calldata data) external payable returns (uint32);
+
+    /**
+     * @dev Cancel a scheduled (delayed) operation. Returns the nonce that identifies the previously scheduled
+     * operation that is cancelled.
+     *
+     * Requirements:
+     *
+     * - the caller must be the proposer, a guardian of the targeted function, or a global admin
+     *
+     * Emits a {OperationCanceled} event.
+     */
+    function cancel(address caller, address target, bytes calldata data) external returns (uint32);
+
+    /**
+     * @dev Consume a scheduled operation targeting the caller. If such an operation exists, mark it as consumed
+     * (emit an {OperationExecuted} event and clean the state). Otherwise, throw an error.
+     *
+     * This is useful for contract that want to enforce that calls targeting them were scheduled on the manager,
+     * with all the verifications that it implies.
+     *
+     * Emit a {OperationExecuted} event.
+     */
+    function consumeScheduledOp(address caller, bytes calldata data) external;
+
+    /**
+     * @dev Hashing function for delayed operations.
+     */
+    function hashOperation(address caller, address target, bytes calldata data) external view returns (bytes32);
+
+    /**
+     * @dev Changes the authority of a target managed by this manager instance.
+     *
+     * Requirements:
+     *
+     * - the caller must be a global admin
+     */
+    function updateAuthority(address target, address newAuthority) external;
+}