@juicedollar/jusd 1.0.0

package/contracts/MintingHubV2/PositionFactory.sol

@@ -0,0 +1,69 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+import {Position} from "./Position.sol";
+import {IJuiceDollar} from "../interface/IJuiceDollar.sol";
+
+contract PositionFactory {
+    /**
+     * Create a completely new position in a newly deployed contract.
+     * Must be called through the minting hub to be recognized as a valid position.
+     */
+    function createNewPosition(
+        address _owner,
+        address _jusd,
+        address _collateral,
+        uint256 _minCollateral,
+        uint256 _initialLimit,
+        uint40 _initPeriod,
+        uint40 _duration,
+        uint40 _challengePeriod,
+        uint24 _riskPremiumPPM,
+        uint256 _liqPrice,
+        uint24 _reserve
+    ) external returns (address) {
+        return
+            address(
+                new Position(
+                    _owner,
+                    msg.sender,
+                    _jusd,
+                    _collateral,
+                    _minCollateral,
+                    _initialLimit,
+                    _initPeriod,
+                    _duration,
+                    _challengePeriod,
+                    _riskPremiumPPM,
+                    _liqPrice,
+                    _reserve
+                )
+            );
+    }
+
+    /**
+     * @notice Clone an existing position. This can be a clone of another clone,
+     * or an original position.
+     * @param _parent address of the position we want to clone
+     * @return address of the newly created clone position
+     */
+    function clonePosition(address _parent) external returns (address) {
+        Position parent = Position(_parent);
+        parent.assertCloneable();
+        Position clone = Position(_createClone(parent.original()));
+        return address(clone);
+    }
+
+    // github.com/optionality/clone-factory/blob/32782f82dfc5a00d103a7e61a17a5dedbd1e8e9d/contracts/CloneFactory.sol
+    function _createClone(address target) internal returns (address result) {
+        bytes20 targetBytes = bytes20(target);
+        assembly {
+            let clone := mload(0x40)
+            mstore(clone, 0x3d602d80600a3d3981f3363d3d373d3d3d363d73000000000000000000000000)
+            mstore(add(clone, 0x14), targetBytes)
+            mstore(add(clone, 0x28), 0x5af43d82803e903d91602b57fd5bf30000000000000000000000000000000000)
+            result := create(0, clone, 0x37)
+        }
+        require(result != address(0), "ERC1167: create failed");
+    }
+}

package/contracts/MintingHubV2/PositionRoller.sol

@@ -0,0 +1,159 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+import {IJuiceDollar} from "../interface/IJuiceDollar.sol";
+import {IERC165} from "@openzeppelin/contracts/utils/introspection/IERC165.sol";
+import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
+import {IMintingHubGateway} from "../gateway/interface/IMintingHubGateway.sol";
+import {IMintingHub} from "./interface/IMintingHub.sol";
+import {IPosition} from "./interface/IPosition.sol";
+import {IReserve} from "../interface/IReserve.sol";
+import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol";
+
+/**
+ * @title PositionRoller
+ *
+ * Helper to roll over a debt from an old position to a new one.
+ * Both positions should have the same collateral. Otherwise, it does not make much sense.
+ */
+contract PositionRoller {
+    IJuiceDollar private jusd;
+
+    error NotOwner(address pos);
+    error NotPosition(address pos);
+    error Log(uint256, uint256, uint256);
+
+    event Roll(address source, uint256 collWithdraw, uint256 repay, address target, uint256 collDeposit, uint256 mint);
+
+    constructor(address jusd_) {
+        jusd = IJuiceDollar(jusd_);
+    }
+
+    /**
+     * Convenience method to roll an old position into a new one.
+     *
+     * Pre-condition: an allowance for the roller to spend the collateral asset on behalf of the caller,
+     * i.e., one should set collateral.approve(roller, collateral.balanceOf(sourcePosition)).
+     *
+     * The following is assumed:
+     * - If the limit of the target position permits, the user wants to roll everything.
+     * - The user does not want to add additional collateral, but excess collateral is returned.
+     * - If not enough can be minted in the new position, it is acceptable for the roller to use JUSD from the msg.sender.
+     */
+    function rollFully(IPosition source, IPosition target) external {
+        rollFullyWithExpiration(source, target, target.expiration());
+    }
+
+    /**
+     * Like rollFully, but with a custom expiration date for the new position.
+     */
+    function rollFullyWithExpiration(IPosition source, IPosition target, uint40 expiration) public {
+        require(source.collateral() == target.collateral());
+        uint256 principal = source.principal();
+        uint256 interest = source.getInterest();
+        uint256 usableMint = source.getUsableMint(principal) + interest; // Roll interest into principal
+        uint256 mintAmount = target.getMintAmount(usableMint);
+        uint256 collateralToWithdraw = IERC20(source.collateral()).balanceOf(address(source));
+        uint256 targetPrice = target.price();
+        uint256 depositAmount = (mintAmount * 10 ** 18 + targetPrice - 1) / targetPrice; // round up
+        if (depositAmount > collateralToWithdraw) {
+            // If we need more collateral than available from the old position, we opt for taking
+            // the missing funds from the caller instead of requiring additional collateral.
+            depositAmount = collateralToWithdraw;
+            mintAmount = (depositAmount * target.price()) / 10 ** 18; // round down, rest will be taken from caller
+        }
+
+        roll(source, principal + interest, collateralToWithdraw, target, mintAmount, depositAmount, expiration);
+    }
+
+    /**
+     * Rolls the source position into the target position using a flash loan.
+     * Both the source and the target position must recognize this roller.
+     * It is the responsibility of the caller to ensure that both positions are valid contracts.
+     *
+     * @param source The source position, must be owned by the msg.sender.
+     * @param repay The amount of principal to repay from the source position using a flash loan, freeing up some or all collateral .
+     * @param collWithdraw Collateral to move from the source position to the msg.sender.
+     * @param target The target position. If not owned by msg.sender or if it does not have the desired expiration,
+     *               it is cloned to create a position owned by the msg.sender.
+     * @param mint The amount to be minted from the target position using collateral from msg.sender.
+     * @param collDeposit The amount of collateral to be sent from msg.sender to the target position.
+     * @param expiration The desired expiration date for the target position.
+     */
+    function roll(
+        IPosition source,
+        uint256 repay,
+        uint256 collWithdraw,
+        IPosition target,
+        uint256 mint,
+        uint256 collDeposit,
+        uint40 expiration
+    ) public valid(source) valid(target) own(source) {
+        jusd.mint(address(this), repay); // take a flash loan
+        uint256 used = source.repay(repay);
+        source.withdrawCollateral(msg.sender, collWithdraw);
+        if (mint > 0) {
+            IERC20 targetCollateral = IERC20(target.collateral());
+            if (Ownable(address(target)).owner() != msg.sender || expiration != target.expiration()) {
+                targetCollateral.transferFrom(msg.sender, address(this), collDeposit); // get the new collateral
+                targetCollateral.approve(target.hub(), collDeposit); // approve the new collateral and clone:
+                target = _cloneTargetPosition(target, source, collDeposit, mint, expiration);
+            } else {
+                // We can roll into the provided existing position.
+                // We do not verify whether the target position was created by the known minting hub in order
+                // to allow positions to be rolled into future versions of the minting hub.
+                targetCollateral.transferFrom(msg.sender, address(target), collDeposit);
+                target.mint(msg.sender, mint);
+            }
+        }
+
+        // Transfer remaining flash loan to caller for repayment
+        if (repay > used) {
+            jusd.transfer(msg.sender, repay - used);
+        }
+
+        jusd.burnFrom(msg.sender, repay); // repay the flash loan
+        emit Roll(address(source), collWithdraw, repay, address(target), collDeposit, mint);
+    }
+
+    /**
+     * Clones the target position and mints the specified amount using the given collateral.
+     */
+    function _cloneTargetPosition (
+        IPosition target,
+        IPosition source,
+        uint256 collDeposit,
+        uint256 mint,
+        uint40 expiration
+    ) internal returns (IPosition) {
+        if (IERC165(target.hub()).supportsInterface(type(IMintingHubGateway).interfaceId)) {
+            bytes32 frontendCode = IMintingHubGateway(target.hub()).GATEWAY().getPositionFrontendCode(
+                address(source)
+            );
+            return IPosition(
+                IMintingHubGateway(target.hub()).clone(
+                    msg.sender,
+                    address(target),
+                    collDeposit,
+                    mint,
+                    expiration,
+                    frontendCode // use the same frontend code
+                )
+            );
+        } else {
+            return IPosition(
+                IMintingHub(target.hub()).clone(msg.sender, address(target), collDeposit, mint, expiration)
+            );
+        }
+    }
+
+    modifier own(IPosition pos) {
+        if (Ownable(address(pos)).owner() != msg.sender) revert NotOwner(address(pos));
+        _;
+    }
+
+    modifier valid(IPosition pos) {
+        if (jusd.getPositionParent(address(pos)) == address(0x0)) revert NotPosition(address(pos));
+        _;
+    }
+}

package/contracts/MintingHubV2/interface/IMintingHub.sol

@@ -0,0 +1,26 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.10;
+
+import {ILeadrate} from "../../interface/ILeadrate.sol";
+import {IPosition} from "./IPosition.sol";
+import {PositionRoller} from "../PositionRoller.sol";
+
+interface IMintingHub {
+    function RATE() external view returns (ILeadrate);
+
+    function ROLLER() external view returns (PositionRoller);
+
+    function challenge(
+        address _positionAddr,
+        uint256 _collateralAmount,
+        uint256 minimumPrice
+    ) external returns (uint256);
+
+    function bid(uint32 _challengeNumber, uint256 size, bool postponeCollateralReturn) external;
+
+    function returnPostponedCollateral(address collateral, address target) external;
+
+    function buyExpiredCollateral(IPosition pos, uint256 upToAmount) external returns (uint256);
+
+    function clone(address owner, address parent, uint256 _initialCollateral, uint256 _initialMint, uint40 expiration) external returns (address);
+}

package/contracts/MintingHubV2/interface/IPosition.sol

@@ -0,0 +1,90 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
+
+interface IPosition {
+    function hub() external view returns (address);
+
+    function collateral() external view returns (IERC20);
+
+    function minimumCollateral() external view returns (uint256);
+
+    function price() external view returns (uint256);
+
+    function virtualPrice() external view returns (uint256);
+
+    function challengedAmount() external view returns (uint256);
+
+    function original() external view returns (address);
+
+    function expiration() external view returns (uint40);
+
+    function cooldown() external view returns (uint40);
+
+    function limit() external view returns (uint256);
+
+    function challengePeriod() external view returns (uint40);
+
+    function start() external view returns (uint40);
+
+    function riskPremiumPPM() external view returns (uint24);
+
+    function reserveContribution() external view returns (uint24);
+
+    function principal() external view returns (uint256);
+
+    function interest() external view returns (uint256);
+
+    function lastAccrual() external view returns (uint40);
+
+    function initialize(address parent, uint40 _expiration) external;
+
+    function assertCloneable() external;
+
+    function notifyMint(uint256 mint_) external;
+
+    function notifyRepaid(uint256 repaid_) external;
+
+    function availableForClones() external view returns (uint256);
+
+    function availableForMinting() external view returns (uint256);
+
+    function deny(address[] calldata helpers, string calldata message) external;
+
+    function getUsableMint(uint256 totalMint) external view returns (uint256);
+
+    function getMintAmount(uint256 usableMint) external view returns (uint256);
+
+    function adjust(uint256 newMinted, uint256 newCollateral, uint256 newPrice) external;
+
+    function adjustPrice(uint256 newPrice) external;
+
+    function mint(address target, uint256 amount) external;
+
+    function getDebt() external view returns (uint256);
+
+    function getInterest() external view returns (uint256);
+
+    function repay(uint256 amount) external returns (uint256);
+
+    function repayFull() external returns (uint256);
+
+    function forceSale(address buyer, uint256 colAmount, uint256 proceeds) external;
+
+    function withdraw(address token, address target, uint256 amount) external;
+
+    function withdrawCollateral(address target, uint256 amount) external;
+
+    function transferChallengedCollateral(address target, uint256 amount) external;
+
+    function challengeData() external view returns (uint256 liqPrice, uint40 phase);
+
+    function notifyChallengeStarted(uint256 size, uint256 _price) external;
+
+    function notifyChallengeAverted(uint256 size) external;
+
+    function notifyChallengeSucceeded(
+        uint256 _size
+    ) external returns (address, uint256, uint256, uint256, uint32);
+}

package/contracts/MintingHubV2/interface/IPositionFactory.sol

@@ -0,0 +1,20 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+interface IPositionFactory {
+    function createNewPosition(
+        address _owner,
+        address _jusd,
+        address _collateral,
+        uint256 _minCollateral,
+        uint256 _initialLimit,
+        uint40 _initPeriod,
+        uint40 _duration,
+        uint40 _challengePeriod,
+        uint24 _riskPremiumPPM,
+        uint256 _liqPrice,
+        uint24 _reserve
+    ) external returns (address);
+
+    function clonePosition(address _parent) external returns (address);
+}

package/contracts/Savings.sol

@@ -0,0 +1,141 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
+import {IJuiceDollar} from "./interface/IJuiceDollar.sol";
+import {IReserve} from "./interface/IReserve.sol";
+import {Leadrate} from "./Leadrate.sol";
+
+/**
+ * @title Savings
+ *
+ * Module to enable savings based on a Leadrate ("Leitzins") module.
+ *
+ * As the interest rate changes, the speed at which 'ticks' are accumulated is
+ * adjusted. The ticks counter serves as the basis for calculating the interest
+ * due for the individual accounts.
+ */
+contract Savings is Leadrate {
+    IERC20 public immutable jusd;
+
+    mapping(address => Account) public savings;
+
+    struct Account {
+        uint192 saved;
+        uint64 ticks;
+    }
+
+    event Saved(address indexed account, uint192 amount);
+    event InterestCollected(address indexed account, uint256 interest);
+    event Withdrawn(address indexed account, uint192 amount);
+
+    // The module is considered disabled if the interest is zero or about to become zero within three days.
+    error ModuleDisabled();
+
+    constructor(IJuiceDollar jusd_, uint24 initialRatePPM) Leadrate(IReserve(jusd_.reserve()), initialRatePPM) {
+        jusd = IERC20(jusd_);
+    }
+
+    /**
+     * Shortcut for refreshBalance(msg.sender)
+     */
+    function refreshMyBalance() public returns (uint192) {
+        return refreshBalance(msg.sender);
+    }
+
+    /**
+     * Collects the accrued interest and adds it to the account.
+     *
+     * It can be beneficial to do so every now and then in order to start collecting
+     * interest on the accrued interest.
+     */
+    function refreshBalance(address owner) public returns (uint192) {
+        return refresh(owner).saved;
+    }
+
+    function refresh(address accountOwner) virtual internal returns (Account storage) {
+        Account storage account = savings[accountOwner];
+        uint64 ticks = currentTicks();
+        if (ticks > account.ticks) {
+            uint192 earnedInterest = calculateInterest(account, ticks);
+            if (earnedInterest > 0) {
+                // collect interest as you go and trigger accounting event
+                (IJuiceDollar(address(jusd))).distributeProfits(address(this), earnedInterest);
+                account.saved += earnedInterest;
+                emit InterestCollected(accountOwner, earnedInterest);
+            }
+            account.ticks = ticks;
+        }
+        return account;
+    }
+
+    function accruedInterest(address accountOwner) public view returns (uint192) {
+        return accruedInterest(accountOwner, block.timestamp);
+    }
+
+    function accruedInterest(address accountOwner, uint256 timestamp) public view returns (uint192) {
+        Account memory account = savings[accountOwner];
+        return calculateInterest(account, ticks(timestamp));
+    }
+
+    function calculateInterest(Account memory account, uint64 ticks) public view returns (uint192) {
+        if (ticks <= account.ticks || account.ticks == 0) {
+            return 0;
+        } else {
+            uint192 earnedInterest = uint192((uint256(ticks - account.ticks) * account.saved) / 1_000_000 / 365 days);
+            uint256 equity = IJuiceDollar(address(jusd)).equity();
+            if (earnedInterest > equity) {
+                return uint192(equity); // safe conversion as equity is smaller than uint192 earnedInterest
+            } else {
+                return earnedInterest;
+            }
+        }
+    }
+
+    /**
+     * Save 'amount'.
+     */
+    function save(uint192 amount) public {
+        save(msg.sender, amount);
+    }
+
+    function adjust(uint192 targetAmount) public {
+        Account storage balance = refresh(msg.sender);
+        if (balance.saved < targetAmount) {
+            save(targetAmount - balance.saved);
+        } else if (balance.saved > targetAmount) {
+            withdraw(msg.sender, balance.saved - targetAmount);
+        }
+    }
+
+    /**
+     * Send 'amount' to the account of the provided owner.
+     */
+    function save(address owner, uint192 amount) public {
+        if (currentRatePPM == 0) revert ModuleDisabled();
+        if (nextRatePPM == 0 && (nextChange <= block.timestamp)) revert ModuleDisabled();
+        Account storage balance = refresh(owner);
+        jusd.transferFrom(msg.sender, address(this), amount);
+        assert(balance.ticks >= currentTicks()); // @dev: should not differ, since there is no shift of interests
+        balance.saved += amount;
+        emit Saved(owner, amount);
+    }
+
+    /**
+     * Withdraw up to 'amount' to the target address.
+     * When trying to withdraw more than available, all that is available is withdrawn.
+     * Returns the actually transferred amount.
+     */
+    function withdraw(address target, uint192 amount) public returns (uint256) {
+        Account storage account = refresh(msg.sender);
+        if (amount >= account.saved) {
+            amount = account.saved;
+            delete savings[msg.sender];
+        } else {
+            account.saved -= amount;
+        }
+        jusd.transfer(target, amount);
+        emit Withdrawn(msg.sender, amount);
+        return amount;
+    }
+}

package/contracts/SavingsVaultJUSD.sol

@@ -0,0 +1,140 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.20;
+
+import {Math} from "@openzeppelin/contracts/utils/math/Math.sol";
+import {SafeCast} from "@openzeppelin/contracts/utils/math/SafeCast.sol";
+import {SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
+import {ERC4626, ERC20, IERC20} from "@openzeppelin/contracts/token/ERC20/extensions/ERC4626.sol";
+
+import {ISavingsJUSD} from "./interface/ISavingsJUSD.sol";
+
+/**
+ * @title SavingsVaultJUSD
+ * @notice ERC-4626-compatible vault adapter for the JUSD Savings module.
+ *         This vault tracks interest-bearing deposits using a custom price-based mechanism,
+ *         where share value increases over time as interest accrues.
+ *
+ * @dev The vault mitigates dilution and price manipulation attacks on empty vaults
+ *      (a known vulnerability in ERC-4626) by using an explicit price model that starts at 1e18,
+ *      instead of relying on the default totalAssets / totalSupply ratio when supply is zero.
+ *
+ *      Interest is recognized through a manual `_accrueInterest()` call, which updates the internal
+ *      price based on newly accrued interest.
+ */
+contract SavingsVaultJUSD is ERC4626 {
+    using Math for uint256;
+    using SafeCast for uint256;
+
+    ISavingsJUSD public immutable SAVINGS;
+    uint256 public totalClaimed;
+
+    event InterestClaimed(uint256 interest, uint256 totalClaimed);
+
+    constructor(
+        IERC20 _coin,
+        ISavingsJUSD _savings,
+        string memory _name,
+        string memory _symbol
+    ) ERC4626(_coin) ERC20(_name, _symbol) {
+        SAVINGS = _savings;
+        // Approve the savings contract to transfer tokens from this vault
+        SafeERC20.forceApprove(_coin, address(_savings), type(uint256).max);
+    }
+
+    // ---------------------------------------------------------------------------------------
+
+    /// @notice Returns the current savings account state for this contract
+    /// @dev Uses the external `savings` contract to fetch the account details
+    function info() public view returns (ISavingsJUSD.Account memory) {
+        return SAVINGS.savings(address(this));
+    }
+
+    /// @notice Returns the current price per share of the contract
+    /// @dev If no shares exist, it defaults to 1 ether (implying 1:1 value)
+    function price() public view returns (uint256) {
+        uint256 totalShares = totalSupply();
+        if (totalShares == 0) return 1 ether;
+        return (totalAssets() * 1 ether) / totalShares;
+    }
+
+    /// @notice Calculates the accrued interest for this contract
+    function _interest() internal view returns (uint256) {
+        return SAVINGS.accruedInterest(address(this));
+    }
+
+    // ---------------------------------------------------------------------------------------
+    // Override functions of ERC4626
+
+    function totalAssets() public view override returns (uint256) {
+        return SAVINGS.savings(address(this)).saved + _interest();
+    }
+
+    function _convertToShares(uint256 assets, Math.Rounding rounding) internal view virtual override returns (uint256) {
+        return assets.mulDiv(1 ether, price(), rounding);
+    }
+
+    function _convertToAssets(uint256 shares, Math.Rounding rounding) internal view virtual override returns (uint256) {
+        return shares.mulDiv(price(), 1 ether, rounding);
+    }
+
+    // ---------------------------------------------------------------------------------------
+
+    function _deposit(address caller, address receiver, uint256 assets, uint256 shares) internal virtual override {
+        _accrueInterest();
+
+        // If _asset is ERC-777, `transferFrom` can trigger a reentrancy BEFORE the transfer happens through the
+        // `tokensToSend` hook. On the other hand, the `tokenReceived` hook, that is triggered after the transfer,
+        // calls the vault, which is assumed not malicious.
+        //
+        // Conclusion: we need to do the transfer before we mint so that any reentrancy would happen before the
+        // assets are transferred and before the shares are minted, which is a valid state.
+        // slither-disable-next-line reentrancy-no-eth
+        SafeERC20.safeTransferFrom(IERC20(asset()), caller, address(this), assets);
+
+        SAVINGS.save(assets.toUint192());
+
+        _mint(receiver, shares);
+
+        emit Deposit(caller, receiver, assets, shares);
+    }
+
+    function _withdraw(
+        address caller,
+        address receiver,
+        address owner,
+        uint256 assets,
+        uint256 shares
+    ) internal virtual override {
+        _accrueInterest();
+
+        if (caller != owner) {
+            _spendAllowance(owner, caller, shares);
+        }
+
+        // If _asset is ERC-777, `transfer` can trigger a reentrancy AFTER the transfer happens through the
+        // `tokensReceived` hook. On the other hand, the `tokensToSend` hook, that is triggered before the transfer,
+        // calls the vault, which is assumed not malicious.
+        //
+        // Conclusion: we need to do the transfer after the burn so that any reentrancy would happen after the
+        // shares are burned and after the assets are transferred, which is a valid state.
+        _burn(owner, shares);
+
+        SAVINGS.withdraw(receiver, assets.toUint192());
+
+        emit Withdraw(caller, receiver, owner, assets, shares);
+    }
+
+    // ---------------------------------------------------------------------------------------
+
+    /// @notice Internal function to accrue and record interest if available
+    /// @dev Retrieves net interest via `_interest()`
+    /// @dev If there is interest and shares exist, adds it to `totalClaimed` and emits an event
+    function _accrueInterest() internal {
+        uint256 interest = _interest();
+
+        if (interest > 0 && totalSupply() > 0) {
+            totalClaimed += interest;
+            emit InterestClaimed(interest, totalClaimed);
+        }
+    }
+}