@harvest-finance/harvest-strategy-arbitrum 0.0.1-security → 1.0.1

package/contracts/base/factory/MegaFactory.sol

@@ -0,0 +1,120 @@
+// SPDX-License-Identifier: Unlicense
+pragma solidity 0.8.26;
+
+import "@openzeppelin/contracts/access/Ownable.sol";
+import "./interface/IStrategyFactory.sol";
+import "./interface/IVaultFactory.sol";
+import "./interface/IPoolFactory.sol";
+
+import "../interface/IVault.sol";
+import "../inheritance/Governable.sol";
+
+contract MegaFactory is Ownable {
+
+  enum VaultType {
+    None,
+    Regular
+  }
+
+  enum StrategyType {
+    None,
+    Upgradable
+  }
+
+  address public potPoolFactory;
+  mapping(uint256 => address) public vaultFactories;
+  mapping(uint256 => address) public strategyFactories;
+
+  struct CompletedDeployment {
+    VaultType vaultType;
+    address Underlying;
+    address NewVault;
+    address NewStrategy;
+    address NewPool;
+  }
+
+  event DeploymentCompleted(string id);
+
+  mapping (string => CompletedDeployment) public completedDeployments;
+  mapping (address => bool) public authorizedDeployers;
+
+  address public multisig;
+  address public actualStorage;
+
+  /* methods to make compatible with Storage */
+  function governance() external view returns (address) {
+    return address(this); // fake governance
+  }
+
+  function isGovernance(address addr) external view returns (bool) {
+    return addr == address(this); // fake governance
+  }
+
+  function isController(address addr) external view returns (bool) {
+    return addr == address(this); // fake controller
+  }
+
+  modifier onlyAuthorizedDeployer(string memory id) {
+    require(completedDeployments[id].vaultType == VaultType.None, "cannot reuse id");
+    require(authorizedDeployers[msg.sender], "unauthorized deployer");
+    _;
+    emit DeploymentCompleted(id);
+  }
+
+  constructor(address _storage, address _multisig) {
+    multisig = _multisig;
+    actualStorage = _storage;
+    setAuthorization(owner(), true);
+    setAuthorization(multisig, true);
+  }
+
+  function setAuthorization(address userAddress, bool isDeployer) public onlyOwner {
+    authorizedDeployers[userAddress] = isDeployer;
+  }
+
+  function setVaultFactory(uint256 vaultType, address factoryAddress) external onlyOwner {
+    vaultFactories[vaultType] = factoryAddress;
+  }
+
+  function setStrategyFactory(uint256 strategyType, address factoryAddress) external onlyOwner {
+    strategyFactories[strategyType] = factoryAddress;
+  }
+
+  function setPotPoolFactory(address factoryAddress) external onlyOwner {
+    potPoolFactory = factoryAddress;
+  }
+
+  function createRegularVault(string calldata id, address underlying) external onlyAuthorizedDeployer(id) {
+    address vault = IVaultFactory(vaultFactories[uint256(VaultType.Regular)]).deploy(
+     actualStorage,
+     underlying
+    );
+
+    completedDeployments[id] = CompletedDeployment(
+      VaultType.Regular,
+      underlying,
+      vault,
+      address(0),
+      IPoolFactory(potPoolFactory).deploy(actualStorage, vault)
+    );
+  }
+
+  function createRegularVaultUsingUpgradableStrategy(string calldata id, address underlying, address strategyImplementation) external onlyAuthorizedDeployer(id) {
+    address vault = IVaultFactory(vaultFactories[uint256(VaultType.Regular)]).deploy(
+     address(this), // using this as initial storage, then switching to actualStorage
+     underlying
+    );
+
+    address strategy = IStrategyFactory(strategyFactories[uint256(StrategyType.Upgradable)]).deploy(actualStorage, vault, strategyImplementation);
+    IVault(vault).setStrategy(strategy);
+    Governable(vault).setStorage(actualStorage);
+
+    completedDeployments[id] = CompletedDeployment(
+      VaultType.Regular,
+      underlying,
+      vault,
+      strategy,
+      IPoolFactory(potPoolFactory).deploy(actualStorage, vault)
+    );
+  }
+}

package/contracts/base/factory/interface/IPoolFactory.sol

@@ -0,0 +1,6 @@
+// SPDX-License-Identifier: Unlicense
+pragma solidity 0.8.26;
+
+interface IPoolFactory {
+  function deploy(address _storage, address _vault) external returns (address);
+}

package/contracts/base/factory/interface/IStrategyFactory.sol

@@ -0,0 +1,6 @@
+// SPDX-License-Identifier: Unlicense
+pragma solidity 0.8.26;
+
+interface IStrategyFactory {
+  function deploy(address _storage, address _vault, address _providedStrategyAddress) external returns (address);
+}

package/contracts/base/factory/interface/IVaultFactory.sol

@@ -0,0 +1,7 @@
+// SPDX-License-Identifier: Unlicense
+pragma solidity 0.8.26;
+
+interface IVaultFactory {
+  function deploy(address _storage, address _underlying) external returns (address);
+  function info(address vault) external view returns(address Underlying, address NewVault);
+}

package/contracts/base/factory/pool/PotPoolFactory.sol

@@ -0,0 +1,41 @@
+// SPDX-License-Identifier: Unlicense
+pragma solidity 0.8.26;
+
+import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
+import "../../inheritance/Governable.sol";
+import "../../inheritance/OwnableWhitelist.sol";
+import "../interface/IPoolFactory.sol";
+import "../../PotPool.sol";
+
+contract PotPoolFactory is OwnableWhitelist, IPoolFactory {
+  address public iFARM = 0x9dCA587dc65AC0a043828B0acd946d71eb8D46c1;
+  uint256 public poolDefaultDuration = 604800; // 7 days
+
+  function setPoolDefaultDuration(uint256 _value) external onlyOwner {
+    poolDefaultDuration = _value;
+  }
+
+  function deploy(address actualStorage, address vault) override external onlyWhitelisted returns (address) {
+    address actualGovernance = Governable(vault).governance();
+
+    string memory tokenSymbol = ERC20(vault).symbol();
+    address[] memory rewardDistribution = new address[](1);
+    rewardDistribution[0] = actualGovernance;
+    address[] memory rewardTokens = new address[](1);
+    rewardTokens[0] = iFARM;
+    PotPool pool = new PotPool(
+      rewardTokens,
+      vault,
+      poolDefaultDuration,
+      rewardDistribution,
+      actualStorage,
+      string(abi.encodePacked("p", tokenSymbol)),
+      string(abi.encodePacked("p", tokenSymbol)),
+      ERC20(vault).decimals()
+    );
+
+    Ownable(pool).transferOwnership(actualGovernance);
+
+    return address(pool);
+  }
+}

package/contracts/base/factory/strategy/UpgradableStrategyFactory.sol

@@ -0,0 +1,19 @@
+// SPDX-License-Identifier: Unlicense
+pragma solidity 0.8.26;
+
+import "../interface/IStrategyFactory.sol";
+import "../../upgradability/StrategyProxy.sol";
+import "../../inheritance/OwnableWhitelist.sol";
+
+interface IInitializableStrategy {
+  function initializeStrategy(address _storage, address _vault) external;
+}
+
+contract UpgradableStrategyFactory is OwnableWhitelist, IStrategyFactory {
+  function deploy(address actualStorage, address vault, address upgradableStrategyImplementation) override external onlyWhitelisted returns (address) {
+    StrategyProxy proxy = new StrategyProxy(upgradableStrategyImplementation);
+    IInitializableStrategy strategy = IInitializableStrategy(address(proxy));
+    strategy.initializeStrategy(actualStorage, vault);
+    return address(proxy);
+  }
+}

package/contracts/base/factory/vault/RegularVaultFactory.sol

@@ -0,0 +1,34 @@
+// SPDX-License-Identifier: Unlicense
+pragma solidity 0.8.26;
+
+import "../../VaultProxy.sol";
+import "../../interface/IVault.sol";
+import "../interface/IVaultFactory.sol";
+import "../../inheritance/OwnableWhitelist.sol";
+
+contract RegularVaultFactory is OwnableWhitelist, IVaultFactory {
+  address public vaultImplementation = 0x54Cbc624F1648AC4820b960EFde9574B25386cFD;
+  address public lastDeployedAddress = address(0);
+
+  function deploy(address _storage, address underlying) override external onlyWhitelisted returns (address) {
+    lastDeployedAddress = address(new VaultProxy(vaultImplementation));
+    IVault(lastDeployedAddress).initializeVault(
+      _storage,
+      underlying,
+      10000,
+      10000
+    );
+
+    return lastDeployedAddress;
+  }
+
+  function changeDefaultImplementation(address newImplementation) external onlyOwner {
+    require(newImplementation != address(0), "Must be set");
+    vaultImplementation = newImplementation;
+  }
+
+  function info(address vault) override external view returns(address Underlying, address NewVault) {
+    Underlying = IVault(vault).underlying();
+    NewVault = vault;
+  }
+}

package/contracts/base/incentives/GlobalIncentivesExecutor.sol

@@ -0,0 +1,85 @@
+// SPDX-License-Identifier: Unlicense
+pragma solidity 0.8.26;
+
+import "../inheritance/Controllable.sol";
+import "../interface/IGlobalIncentivesHelper.sol";
+
+import "@openzeppelin/contracts-upgradeable/utils/math/SafeMathUpgradeable.sol";
+import "@openzeppelin/contracts-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol";
+import "@openzeppelin/contracts-upgradeable/token/ERC20/IERC20Upgradeable.sol";
+import "@openzeppelin/contracts-upgradeable/token/ERC20/ERC20Upgradeable.sol";
+
+
+contract GlobalIncentivesExecutor is Controllable {
+
+  using SafeMathUpgradeable for uint256;
+  using SafeERC20Upgradeable for IERC20Upgradeable;
+
+  mapping (address => bool) public notifier;
+  mapping (address => bool) public changer;
+
+  address[] public tokens;
+  uint256[] public totals;
+  address public globalIncentivesHelper;
+  uint256 public mostRecentWeeksEmissionTimestamp;
+
+  event ChangerSet(address indexed account, bool value);
+  event NotifierSet(address indexed account, bool value);
+
+  modifier onlyChanger {
+    require(changer[msg.sender] || msg.sender == governance(), "Only changer");
+    _;
+  }
+
+  modifier onlyNotifier {
+    require(notifier[msg.sender] || msg.sender == governance(), "Only notifier");
+    _;
+  }
+
+  constructor(address _storage, address _globalIncentivesHelper) Controllable(_storage) {
+    globalIncentivesHelper = _globalIncentivesHelper;
+  }
+
+  function updateData(
+    address[] calldata _tokens,
+    uint256[] calldata _totals,
+    uint256 baseTimestamp
+  ) external onlyChanger {
+    tokens = _tokens;
+    totals = _totals;
+    if (baseTimestamp > 0) {
+      // 0 means "do not reset"
+      mostRecentWeeksEmissionTimestamp = baseTimestamp;
+    } else {
+      require(mostRecentWeeksEmissionTimestamp > 0, "you have to configure mostRecentWeeksEmissionTimestamp");
+    }
+  }
+
+  function execute() external onlyNotifier {
+    require(mostRecentWeeksEmissionTimestamp > 0, "mostRecentWeeksEmissionTimestamp was never configured");
+    require(mostRecentWeeksEmissionTimestamp.add(1 weeks) <= block.timestamp, "too early");
+    for (uint256 i = 0; i < tokens.length; i++) {
+      uint256 globalIncentivesHelperBalance = IERC20Upgradeable(tokens[i]).balanceOf(globalIncentivesHelper);
+      require(globalIncentivesHelperBalance >= totals[i], "not enough balance");
+    }
+    mostRecentWeeksEmissionTimestamp = mostRecentWeeksEmissionTimestamp.add(1 weeks);
+    IGlobalIncentivesHelper(globalIncentivesHelper).notifyPools(tokens, totals, mostRecentWeeksEmissionTimestamp);
+  }
+
+  /// Returning the governance
+  function transferGovernance(address target, address newStorage) external onlyGovernance {
+    Governable(target).setStorage(newStorage);
+  }
+
+  /// The governance configures whitelists
+  function setChanger(address who, bool value) external onlyGovernance {
+    changer[who] = value;
+    emit ChangerSet(who, value);
+  }
+
+  /// The governance configures whitelists
+  function setNotifier(address who, bool value) external onlyGovernance {
+    notifier[who] = value;
+    emit NotifierSet(who, value);
+  }
+}

package/contracts/base/incentives/GlobalIncentivesHelper.sol

@@ -0,0 +1,174 @@
+// SPDX-License-Identifier: Unlicense
+pragma solidity 0.8.26;
+
+import "./NotifyHelperStateful.sol";
+import "./NotifyHelperGeneric.sol";
+import "../inheritance/Controllable.sol";
+
+import "@openzeppelin/contracts-upgradeable/utils/math/SafeMathUpgradeable.sol";
+import "@openzeppelin/contracts-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol";
+import "@openzeppelin/contracts-upgradeable/token/ERC20/IERC20Upgradeable.sol";
+import "@openzeppelin/contracts-upgradeable/token/ERC20/ERC20Upgradeable.sol";
+
+
+contract GlobalIncentivesHelper is Controllable {
+
+  using SafeMathUpgradeable for uint256;
+  using SafeERC20Upgradeable for IERC20Upgradeable;
+
+  address public helperControlStorage;
+  address public notifyHelperGeneric;
+  address public escrow;
+  address public reserve;
+  address public farm;
+
+  event ChangerSet(address indexed account, bool value);
+  event NotifierSet(address indexed account, bool value);
+  event Vesting(address pool, uint256 amount);
+  event PoolChanged(address indexed pool, uint256 percentage, uint256 notificationType, bool vests);
+
+  enum NotificationType {
+    VOID, AMPLIFARM, FARM, TRANSFER, PROFIT_SHARE, TOKEN
+  }
+
+  mapping (address => address) public tokenToHelper;
+  mapping (address => bool) public changer;
+  mapping (address => bool) public notifier;
+
+  modifier onlyChanger {
+    require(changer[msg.sender] || msg.sender == governance(), "Only changer");
+    _;
+  }
+
+  modifier onlyNotifier {
+    require(notifier[msg.sender] || msg.sender == governance(), "Only notifier");
+    _;
+  }
+
+  constructor(
+    address _storage,
+    address _farm,
+    address _farmHelper,
+    address _notifyHelperGeneric,
+    address _escrow,
+    address _reserve
+    ) Controllable(_storage) {
+    tokenToHelper[_farm] = _farmHelper;
+    farm = _farm;
+    notifyHelperGeneric = _notifyHelperGeneric;
+    helperControlStorage = address(new Storage());
+    escrow = _escrow;
+    reserve = _reserve;
+  }
+
+  function notifyPools(address[] calldata tokens, uint256[] calldata totals, uint256 timestamp) external onlyNotifier {
+    for (uint256 i = 0; i < tokens.length; i++) {
+      // IERC20Upgradeable(tokens[i]).safeTransferFrom(msg.sender, address(this), totals[i]);
+      IERC20Upgradeable(tokens[i]).approve(tokenToHelper[tokens[i]], totals[i]);
+      NotifyHelperStateful(tokenToHelper[tokens[i]]).notifyPools(totals[i], timestamp);
+    }
+  }
+
+  // uses generic helper
+  function newToken(address token) external onlyChanger {
+    newTokenWithHelper(token, notifyHelperGeneric);
+  }
+
+  // uses a specific notify helper
+  function newTokenWithHelper(address token, address notifyHelper) public onlyChanger {
+    require(tokenToHelper[token] == address(0), "Token already initialized");
+    tokenToHelper[token] = address(new NotifyHelperStateful(
+      helperControlStorage,
+      notifyHelper, // the universal helper should be sufficient in all cases
+      token,
+      address(0), // no iFARM/ampliFARM notify helper is needed
+      escrow,
+      reserve
+    ));
+    if (notifyHelper == notifyHelperGeneric) {
+      NotifyHelperGeneric(notifyHelper).setWhitelist(tokenToHelper[token], true);
+    }
+    NotifyHelperStateful(tokenToHelper[token]).setNotifier(address(this), true);
+    NotifyHelperStateful(tokenToHelper[token]).setNotifier(governance(), true);
+    NotifyHelperStateful(tokenToHelper[token]).setChanger(address(this), true);
+    NotifyHelperStateful(tokenToHelper[token]).setChanger(governance(), true);
+  }
+
+  function resetToken(address token) public onlyChanger {
+    tokenToHelper[token] = address(0);
+  }
+
+  /// Whitelisted entity makes changes to the notifications
+  function setPoolBatch(
+    address[] calldata tokens,
+    address[] calldata poolAddress,
+    uint256[] calldata poolPercentage,
+    NotificationType[] calldata notificationType,
+    bool[] calldata vests) external onlyChanger {
+    for (uint256 i = 0; i < poolAddress.length; i++) {
+      setPool(tokens[i], poolAddress[i], poolPercentage[i], notificationType[i], vests[i]);
+    }
+  }
+
+  /// Pool management, adds, updates or removes a transfer/notification
+  function setPool(
+    address token,
+    address poolAddress,
+    uint256 poolPercentage,
+    NotificationType notificationType,
+    bool vests
+  ) public onlyChanger {
+    if (token == farm) {
+      require(notificationType != NotificationType.TOKEN, "With FARM, use FARM, AMPLIFARM, or TRANSFER");
+    }
+    if (notificationType == NotificationType.TOKEN) {
+      // we use type translation so that we can use the same contract
+      NotifyHelperStateful(tokenToHelper[token]).setPool(poolAddress, poolPercentage,
+        NotifyHelperStateful.NotificationType(uint256(NotificationType.FARM)), vests);
+    } else {
+      NotifyHelperStateful(tokenToHelper[token]).setPool(poolAddress, poolPercentage,
+        NotifyHelperStateful.NotificationType(uint256(notificationType)), vests);
+    }
+    emit PoolChanged(poolAddress, poolPercentage, uint256(notificationType), vests);
+  }
+
+  /// emergency draining of tokens and ETH as there should be none staying here
+  function emergencyDrain(address token, uint256 amount) public onlyGovernance {
+    if (token == address(0)) {
+      payable(msg.sender).transfer(amount);
+    } else {
+      IERC20Upgradeable(token).safeTransfer(msg.sender, amount);
+    }
+  }
+
+  /// Configuration method for vesting for governance
+  function setVestingEscrow(address token, address _escrow) external onlyGovernance {
+    NotifyHelperStateful(tokenToHelper[token]).setVestingEscrow(_escrow);
+  }
+
+  /// Configuration method for vesting for governance
+  function setVesting(address token, uint256 _numerator, uint256 _denominator) external onlyGovernance {
+    NotifyHelperStateful(tokenToHelper[token]).setVesting(_numerator, _denominator);
+  }
+
+  function notificationExists(address token, address poolAddress) public view returns(bool) {
+    return NotifyHelperStateful(tokenToHelper[token]).notificationExists(poolAddress);
+  }
+
+  /// Returning the governance
+  function transferGovernance(address target, address newStorage) external onlyGovernance {
+    Governable(target).setStorage(newStorage);
+  }
+
+  /// The governance configures whitelists
+  function setChanger(address who, bool value) external onlyGovernance {
+    changer[who] = value;
+    emit ChangerSet(who, value);
+  }
+
+  /// The governance configures whitelists
+  function setNotifier(address who, bool value) external onlyGovernance {
+    notifier[who] = value;
+    emit NotifierSet(who, value);
+  }
+}

package/contracts/base/incentives/NotifyHelperGeneric.sol

@@ -0,0 +1,61 @@
+// SPDX-License-Identifier: Unlicense
+pragma solidity 0.8.26;
+
+import "@openzeppelin/contracts-upgradeable/utils/math/SafeMathUpgradeable.sol";
+import "@openzeppelin/contracts-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol";
+import "@openzeppelin/contracts-upgradeable/token/ERC20/IERC20Upgradeable.sol";
+import "@openzeppelin/contracts-upgradeable/token/ERC20/ERC20Upgradeable.sol";
+
+import "../inheritance/Controllable.sol";
+import "../PotPool.sol";
+
+contract NotifyHelperGeneric is Controllable {
+
+  using SafeMathUpgradeable for uint256;
+  using SafeERC20Upgradeable for IERC20Upgradeable;
+
+  event WhitelistSet(address who, bool value);
+
+  mapping (address => bool) public alreadyNotified;
+  mapping (address => bool) public whitelist;
+
+  modifier onlyWhitelisted {
+    require(whitelist[msg.sender] || msg.sender == governance(), "Only whitelisted");
+    _;
+  }
+
+  constructor(address _storage)
+  Controllable(_storage) {
+    setWhitelist(governance(), true);
+  }
+
+  function setWhitelist(address who, bool value) public onlyWhitelisted {
+    whitelist[who] = value;
+    emit WhitelistSet(who, value);
+  }
+
+  /**
+  * Notifies all the pools, safe guarding the notification amount.
+  */
+  function notifyPools(uint256[] memory amounts,
+    address[] memory pools,
+    uint256 sum, address _token
+  ) public onlyWhitelisted {
+    require(amounts.length == pools.length, "Amounts and pools lengths mismatch");
+    for (uint i = 0; i < pools.length; i++) {
+      alreadyNotified[pools[i]] = false;
+    }
+
+    uint256 check = 0;
+    for (uint i = 0; i < pools.length; i++) {
+      require(amounts[i] > 0, "Notify zero");
+      require(!alreadyNotified[pools[i]], "Duplicate pool");
+      IERC20Upgradeable token = IERC20Upgradeable(_token);
+      token.safeTransferFrom(msg.sender, pools[i], amounts[i]);
+      PotPool(pools[i]).notifyTargetRewardAmount(_token, amounts[i]);
+      check = check.add(amounts[i]);
+      alreadyNotified[pools[i]] = true;
+    }
+    require(sum == check, "Wrong check sum");
+  }
+}