@rev-net/core-v6 0.0.28 → 0.0.30

package/src/REVLoans.sol

@@ -4,10 +4,12 @@ pragma solidity 0.8.28;
 import {IJBController} from "@bananapus/core-v6/src/interfaces/IJBController.sol";
 import {IJBDirectory} from "@bananapus/core-v6/src/interfaces/IJBDirectory.sol";
 import {IJBPayoutTerminal} from "@bananapus/core-v6/src/interfaces/IJBPayoutTerminal.sol";
+import {IJBPermissioned} from "@bananapus/core-v6/src/interfaces/IJBPermissioned.sol";
+import {JBPermissioned} from "@bananapus/core-v6/src/abstract/JBPermissioned.sol";
 import {IJBPrices} from "@bananapus/core-v6/src/interfaces/IJBPrices.sol";
-import {IJBProjects} from "@bananapus/core-v6/src/interfaces/IJBProjects.sol";
 import {IJBTerminal} from "@bananapus/core-v6/src/interfaces/IJBTerminal.sol";
 import {IJBTokenUriResolver} from "@bananapus/core-v6/src/interfaces/IJBTokenUriResolver.sol";
+import {JBPermissionIds} from "@bananapus/permission-ids-v6/src/JBPermissionIds.sol";
 import {JBCashOuts} from "@bananapus/core-v6/src/libraries/JBCashOuts.sol";
 import {JBConstants} from "@bananapus/core-v6/src/libraries/JBConstants.sol";
 import {JBFees} from "@bananapus/core-v6/src/libraries/JBFees.sol";
@@ -45,7 +47,7 @@ import {REVLoanSource} from "./structs/REVLoanSource.sol";
 /// cannot be
 /// recouped.
 /// @dev The loaned amounts include the fees taken, meaning the amount paid back is the amount borrowed plus the fees.
-contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
+contract REVLoans is ERC721, ERC2771Context, JBPermissioned, Ownable, IREVLoans {
     // A library that parses the packed ruleset metadata into a friendlier format.
     using JBRulesetMetadataResolver for JBRuleset;
 
@@ -71,7 +73,6 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
     error REVLoans_PermitAllowanceNotEnough(uint256 allowanceAmount, uint256 requiredAmount);
     error REVLoans_ReallocatingMoreCollateralThanBorrowedAmountAllows(uint256 newBorrowAmount, uint256 loanAmount);
     error REVLoans_SourceMismatch();
-    error REVLoans_Unauthorized(address caller, address owner);
     error REVLoans_UnderMinBorrowAmount(uint256 minBorrowAmount, uint256 borrowAmount);
     error REVLoans_ZeroBorrowAmount();
     error REVLoans_ZeroCollateralLoanIsInvalid();
@@ -120,9 +121,6 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
     /// @notice A contract that stores prices for each revnet.
     IJBPrices public immutable override PRICES;
 
-    /// @notice Mints ERC-721s that represent revnet ownership and transfers.
-    IJBProjects public immutable override PROJECTS;
-
     /// @notice The ID of the REV revnet that will receive the fees.
     uint256 public immutable override REV_ID;
 
@@ -182,14 +180,12 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
     //*********************************************************************//
 
     /// @param controller The controller that manages revnets using this loans contract.
-    /// @param projects The contract that mints ERC-721s representing project ownership.
     /// @param revId The ID of the REV revnet that will receive the fees.
     /// @param owner The owner of the contract that can set the URI resolver.
     /// @param permit2 A permit2 utility.
     /// @param trustedForwarder A trusted forwarder of transactions to this contract.
     constructor(
         IJBController controller,
-        IJBProjects projects,
         uint256 revId,
         address owner,
         IPermit2 permit2,
@@ -197,12 +193,12 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
     )
         ERC721("REV Loans", "$REVLOAN")
         ERC2771Context(trustedForwarder)
+        JBPermissioned(IJBPermissioned(address(controller)).PERMISSIONS())
         Ownable(owner)
     {
         CONTROLLER = controller;
         DIRECTORY = controller.DIRECTORY();
         PRICES = controller.PRICES();
-        PROJECTS = projects;
         REV_ID = revId;
         PERMIT2 = permit2;
     }
@@ -227,15 +223,19 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
         view
         returns (uint256)
     {
+        // Cache the current ruleset once — used by both _cashOutDelayOf and _borrowableAmountFrom.
+        JBRuleset memory currentRuleset = _currentRulesetOf(revnetId);
+
         // If the cash out delay hasn't passed yet, no amount is borrowable.
-        if (_cashOutDelayOf(revnetId) > block.timestamp) return 0;
+        if (_cashOutDelayOf({revnetId: revnetId, currentRuleset: currentRuleset}) > block.timestamp) return 0;
 
         return _borrowableAmountFrom({
             revnetId: revnetId,
             collateralCount: collateralCount,
             decimals: decimals,
             currency: currency,
-            terminals: DIRECTORY.terminalsOf(revnetId)
+            terminals: _terminalsOf(revnetId),
+            currentStage: currentRuleset
         });
     }
 
@@ -290,24 +290,6 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
     // -------------------------- internal views ------------------------- //
     //*********************************************************************//
 
-    /// @notice Returns the cash out delay timestamp for a revnet by resolving the data hook from the current ruleset.
-    /// @param revnetId The ID of the revnet.
-    /// @return The cash out delay timestamp. Returns 0 if no data hook is set or no delay exists.
-    function _cashOutDelayOf(uint256 revnetId) internal view returns (uint256) {
-        // Get the revnet's current ruleset to find its data hook (the REVOwner contract).
-        // slither-disable-next-line unused-return
-        (JBRuleset memory currentRuleset,) = CONTROLLER.currentRulesetOf(revnetId);
-
-        // Extract the data hook address from the ruleset's packed metadata.
-        address dataHook = currentRuleset.dataHook();
-
-        // If there's no data hook, this isn't a revnet — no cash out delay applies.
-        if (dataHook == address(0)) return 0;
-
-        // Read the cash out delay from the REVOwner contract (the data hook).
-        return IREVOwner(dataHook).cashOutDelayOf(revnetId);
-    }
-
     /// @notice Checks this contract's balance of a specific token.
     /// @param token The address of the token to get this contract's balance of.
     /// @return This contract's balance.
@@ -344,22 +326,20 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
     /// @param decimals The decimals the resulting fixed point value will include.
     /// @param currency The currency that the resulting amount should be in terms of.
     /// @param terminals The terminals that the funds are being borrowed from.
+    /// @param currentStage The pre-fetched current ruleset.
     /// @return borrowableAmount The amount that can be borrowed from the revnet.
     function _borrowableAmountFrom(
         uint256 revnetId,
         uint256 collateralCount,
         uint256 decimals,
         uint256 currency,
-        IJBTerminal[] memory terminals
+        IJBTerminal[] memory terminals,
+        JBRuleset memory currentStage
     )
         internal
         view
         returns (uint256)
     {
-        // Keep a reference to the current stage.
-        // slither-disable-next-line unused-return
-        (JBRuleset memory currentStage,) = CONTROLLER.currentRulesetOf(revnetId);
-
         // Get the surplus of all the revnet's terminals in terms of the native currency.
         uint256 totalSurplus = JBSurplus.currentSurplusOf({
             projectId: revnetId, terminals: terminals, tokens: new address[](0), decimals: decimals, currency: currency
@@ -392,11 +372,13 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
     /// @param loan The loan having its borrow amount determined.
     /// @param revnetId The ID of the revnet to check for borrowable assets from.
     /// @param collateralCount The amount of collateral that the loan will be collateralized with.
+    /// @param currentRuleset The pre-fetched current ruleset.
     /// @return borrowAmount The amount of the loan that should be borrowed.
     function _borrowAmountFrom(
         REVLoan storage loan,
         uint256 revnetId,
-        uint256 collateralCount
+        uint256 collateralCount,
+        JBRuleset memory currentRuleset
     )
         internal
         view
@@ -410,22 +392,46 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
             loan.source.terminal.accountingContextForTokenOf({projectId: revnetId, token: loan.source.token});
 
         // Keep a reference to the revnet's terminals.
-        IJBTerminal[] memory terminals = DIRECTORY.terminalsOf(revnetId);
+        IJBTerminal[] memory terminals = _terminalsOf(revnetId);
 
         return _borrowableAmountFrom({
             revnetId: revnetId,
             collateralCount: collateralCount,
             decimals: accountingContext.decimals,
             currency: accountingContext.currency,
-            terminals: terminals
+            terminals: terminals,
+            currentStage: currentRuleset
         });
     }
 
+    /// @notice Returns the cash out delay timestamp using a pre-fetched ruleset.
+    /// @param revnetId The ID of the revnet.
+    /// @param currentRuleset The pre-fetched current ruleset.
+    /// @return The cash out delay timestamp. Returns 0 if no data hook is set or no delay exists.
+    function _cashOutDelayOf(uint256 revnetId, JBRuleset memory currentRuleset) internal view returns (uint256) {
+        // Extract the data hook address from the ruleset's packed metadata.
+        address dataHook = currentRuleset.dataHook();
+
+        // If there's no data hook, this isn't a revnet — no cash out delay applies.
+        if (dataHook == address(0)) return 0;
+
+        // Read the cash out delay from the REVOwner contract (the data hook).
+        return IREVOwner(dataHook).cashOutDelayOf(revnetId);
+    }
+
     /// @dev `ERC-2771` specifies the context as being a single address (20 bytes).
     function _contextSuffixLength() internal view override(ERC2771Context, Context) returns (uint256) {
         return super._contextSuffixLength();
     }
 
+    /// @notice Returns the current ruleset for a revnet. Consolidates ABI encode/decode to a single site.
+    /// @param revnetId The ID of the revnet.
+    /// @return currentRuleset The current ruleset.
+    function _currentRulesetOf(uint256 revnetId) internal view returns (JBRuleset memory currentRuleset) {
+        // slither-disable-next-line unused-return
+        (currentRuleset,) = CONTROLLER.currentRulesetOf(revnetId);
+    }
+
     /// @notice Determines the source fee amount for a loan being paid off a certain amount.
     /// @param loan The loan having its source fee amount determined.
     /// @param amount The amount being paid off.
@@ -483,6 +489,13 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
         return ERC2771Context._msgSender();
     }
 
+    /// @notice Returns the terminals for a revnet. Consolidates ABI encode/decode to a single site.
+    /// @param revnetId The ID of the revnet.
+    /// @return The terminals registered for the revnet.
+    function _terminalsOf(uint256 revnetId) internal view returns (IJBTerminal[] memory) {
+        return DIRECTORY.terminalsOf(revnetId);
+    }
+
     /// @notice The total borrowed amount from a revnet, aggregated across all loan sources.
     /// @dev Each source's `totalBorrowedFrom` is stored in the source token's native decimals (e.g. 6 for USDC,
     /// 18 for ETH). Before aggregation, each amount is normalized to the target `decimals` to prevent mixed-decimal
@@ -503,12 +516,13 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
         returns (uint256 borrowedAmount)
     {
         // Keep a reference to all sources being used to loaned out from this revnet.
-        REVLoanSource[] memory sources = _loanSourcesOf[revnetId];
+        // Use storage ref to avoid bulk-copying the entire array to memory.
+        REVLoanSource[] storage sources = _loanSourcesOf[revnetId];
 
         // Iterate over all sources being used to loaned out.
         for (uint256 i; i < sources.length; i++) {
             // Get a reference to the token being iterated on.
-            REVLoanSource memory source = sources[i];
+            REVLoanSource storage source = sources[i];
 
             // Get a reference to the accounting context for the source.
             // slither-disable-next-line calls-loop
@@ -564,6 +578,8 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
     /// @dev Collateral tokens are permanently burned when the loan is created. They are re-minted to the borrower
     /// only upon repayment. If the loan expires (after LOAN_LIQUIDATION_DURATION), the collateral is permanently
     /// lost and cannot be recovered.
+    /// @dev A delegated operator (with OPEN_LOAN permission) can set `beneficiary` to any address, directing borrowed
+    /// funds away from the holder. Holders should only grant OPEN_LOAN to fully trusted operators.
     /// @param revnetId The ID of the revnet being borrowed from.
     /// @param source The source of the loan being borrowed.
     /// @param minBorrowAmount The minimum amount being borrowed, denominated in the token of the source's accounting
@@ -580,12 +596,17 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
         uint256 minBorrowAmount,
         uint256 collateralCount,
         address payable beneficiary,
-        uint256 prepaidFeePercent
+        uint256 prepaidFeePercent,
+        address holder
     )
         public
         override
         returns (uint256 loanId, REVLoan memory)
     {
+        // Only the holder or a permissioned operator can open a loan on the holder's behalf.
+        // Note: the operator controls `beneficiary`, so they can direct borrowed funds to any address.
+        _requirePermissionFrom({account: holder, projectId: revnetId, permissionId: JBPermissionIds.OPEN_LOAN});
+
         // A loan needs to have collateral.
         if (collateralCount == 0) revert REVLoans_ZeroCollateralLoanIsInvalid();
 
@@ -603,9 +624,12 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
             );
         }
 
+        // Cache the current ruleset once — used by both _cashOutDelayOf and _borrowAmountFrom.
+        JBRuleset memory currentRuleset = _currentRulesetOf(revnetId);
+
         // Enforce the cash out delay.
         {
-            uint256 cashOutDelay = _cashOutDelayOf(revnetId);
+            uint256 cashOutDelay = _cashOutDelayOf({revnetId: revnetId, currentRuleset: currentRuleset});
             if (cashOutDelay > block.timestamp) {
                 revert REVLoans_CashOutDelayNotFinished(cashOutDelay, block.timestamp);
             }
@@ -628,8 +652,10 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
         loan.prepaidDuration =
             uint32(mulDiv({x: prepaidFeePercent, y: LOAN_LIQUIDATION_DURATION, denominator: MAX_PREPAID_FEE_PERCENT}));
 
-        // Get the amount of the loan.
-        uint256 borrowAmount = _borrowAmountFrom({loan: loan, revnetId: revnetId, collateralCount: collateralCount});
+        // Get the amount of the loan, using the cached ruleset.
+        uint256 borrowAmount = _borrowAmountFrom({
+            loan: loan, revnetId: revnetId, collateralCount: collateralCount, currentRuleset: currentRuleset
+        });
 
         // Revert if the bonding curve returns zero to prevent creating zero-amount loans.
         if (borrowAmount == 0) revert REVLoans_ZeroBorrowAmount();
@@ -648,11 +674,12 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
             newBorrowAmount: borrowAmount,
             newCollateralCount: collateralCount,
             sourceFeeAmount: sourceFeeAmount,
-            beneficiary: beneficiary
+            beneficiary: beneficiary,
+            holder: holder
         });
 
-        // Mint the loan.
-        _mint({to: _msgSender(), tokenId: loanId});
+        // Mint the loan NFT to the holder.
+        _mint({to: holder, tokenId: loanId});
 
         emit Borrow({
             loanId: loanId,
@@ -686,18 +713,21 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
         // Prevent cross-revnet accounting corruption: loan numbers must stay within the revnet's ID namespace.
         if (startingLoanId + count > _ONE_TRILLION) revert REVLoans_LoanIdOverflow();
 
+        // Cache the sender to avoid repeated ERC2771 context reads inside the loop.
+        address sender = _msgSender();
+
         // Iterate over the desired number of loans to check for liquidation.
         for (uint256 i; i < count; i++) {
             // Get a reference to the next loan ID.
             uint256 loanId = _generateLoanId({revnetId: revnetId, loanNumber: startingLoanId + i});
 
+            // Check createdAt via storage ref first to avoid loading the full struct for empty slots.
+            // slither-disable-next-line incorrect-equality
+            if (_loanOf[loanId].createdAt == 0) continue;
+
             // Get a reference to the loan being iterated on.
             REVLoan memory loan = _loanOf[loanId];
 
-            // If the loan doesn't exist (repaid or already liquidated), skip past this gap and continue.
-            // slither-disable-next-line incorrect-equality
-            if (loan.createdAt == 0) continue;
-
             // Keep a reference to the loan's owner.
             address owner = _ownerOf(loanId);
 
@@ -722,7 +752,7 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
                 totalBorrowedFrom[revnetId][loan.source.terminal][loan.source.token] -= loan.amount;
             }
 
-            emit Liquidate({loanId: loanId, revnetId: revnetId, loan: loan, caller: _msgSender()});
+            emit Liquidate({loanId: loanId, revnetId: revnetId, loan: loan, caller: sender});
         }
     }
 
@@ -731,6 +761,8 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
     /// @dev Refinancing a loan will burn the original and create two new loans.
     /// @dev This function is intentionally not payable — it only moves existing collateral between loans and does
     /// not accept new funds. Any ETH sent with the call will be rejected by the EVM.
+    /// @dev A delegated operator (with REALLOCATE_LOAN permission) can set `beneficiary` to any address, directing
+    /// borrowed funds from the new loan away from the loan owner. Grant this permission only to trusted operators.
     /// @param loanId The ID of the loan to reallocate collateral from.
     /// @param collateralCountToTransfer The amount of collateral to transfer from the original loan.
     /// @param source The source of the loan to create.
@@ -756,8 +788,13 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
         override
         returns (uint256 reallocatedLoanId, uint256 newLoanId, REVLoan memory reallocatedLoan, REVLoan memory newLoan)
     {
-        // Make sure only the loan's owner can manage it.
-        if (_ownerOf(loanId) != _msgSender()) revert REVLoans_Unauthorized(_msgSender(), _ownerOf(loanId));
+        // Keep a reference to the revnet ID of the loan being reallocated.
+        uint256 revnetId = revnetIdOfLoanWith(loanId);
+
+        // Only the loan owner or a permissioned operator can reallocate.
+        // Note: the operator controls `beneficiary`, so they can direct new loan proceeds to any address.
+        address loanOwner = _ownerOf(loanId);
+        _requirePermissionFrom({account: loanOwner, projectId: revnetId, permissionId: JBPermissionIds.REALLOCATE_LOAN});
 
         // Make sure the loan hasn't expired.
         if (block.timestamp - _loanOf[loanId].createdAt > LOAN_LIQUIDATION_DURATION) {
@@ -774,27 +811,28 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
 
         // Note: this function is not payable, so the EVM prevents sending ETH at the call level.
 
-        // Keep a reference to the revnet ID of the loan being reallocated.
-        uint256 revnetId = revnetIdOfLoanWith(loanId);
-
         // Refinance the loan.
         (reallocatedLoanId, reallocatedLoan) = _reallocateCollateralFromLoan({
-            loanId: loanId, revnetId: revnetId, collateralCountToRemove: collateralCountToTransfer
+            loanId: loanId, revnetId: revnetId, collateralCountToRemove: collateralCountToTransfer, loanOwner: loanOwner
         });
 
         // Make a new loan with the leftover collateral from reallocating.
+        // The loan owner is the holder for the new loan (their tokens are used as collateral).
         (newLoanId, newLoan) = borrowFrom({
             revnetId: revnetId,
             source: source,
             minBorrowAmount: minBorrowAmount,
             collateralCount: collateralCountToTransfer + collateralCountToAdd,
             beneficiary: beneficiary,
-            prepaidFeePercent: prepaidFeePercent
+            prepaidFeePercent: prepaidFeePercent,
+            holder: loanOwner
         });
     }
 
     /// @notice Allows the owner of a loan to pay it back or receive returned collateral no longer necessary to support
     /// the loan.
+    /// @dev A delegated operator (with REPAY_LOAN permission) can set `beneficiary` to any address, directing returned
+    /// collateral tokens away from the loan owner. Grant this permission only to trusted operators.
     /// @param loanId The ID of the loan being adjusted.
     /// @param maxRepayBorrowAmount The maximum amount being paid off, denominated in the token of the source's
     /// accounting context.
@@ -815,8 +853,15 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
         override
         returns (uint256 paidOffLoanId, REVLoan memory paidOffloan)
     {
-        // Make sure only the loan's owner can manage it.
-        if (_ownerOf(loanId) != _msgSender()) revert REVLoans_Unauthorized(_msgSender(), _ownerOf(loanId));
+        // Cache the sender to avoid repeated ERC2771 context reads.
+        address sender = _msgSender();
+
+        // Only the loan owner or a permissioned operator can repay.
+        // Note: the operator controls `beneficiary`, so they can direct returned collateral to any address.
+        address loanOwner = _ownerOf(loanId);
+        _requirePermissionFrom({
+            account: loanOwner, projectId: revnetIdOfLoanWith(loanId), permissionId: JBPermissionIds.REPAY_LOAN
+        });
 
         // Keep a reference to the fee being iterated on.
         REVLoan storage loan = _loanOf[loanId];
@@ -828,12 +873,18 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
         // Get a reference to the revnet ID of the loan being repaid.
         uint256 revnetId = revnetIdOfLoanWith(loanId);
 
+        // Cache the current ruleset once for borrow amount calculation.
+        JBRuleset memory currentRuleset = _currentRulesetOf(revnetId);
+
         // Scope to limit newBorrowAmount's stack lifetime.
         uint256 repayBorrowAmount;
         {
             // Get the new borrow amount.
             uint256 newBorrowAmount = _borrowAmountFrom({
-                loan: loan, revnetId: revnetId, collateralCount: loan.collateral - collateralCountToReturn
+                loan: loan,
+                revnetId: revnetId,
+                collateralCount: loan.collateral - collateralCountToReturn,
+                currentRuleset: currentRuleset
             });
 
             // If the remaining collateral yields zero borrow amount, treat as full repay.
@@ -880,14 +931,15 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
             repayBorrowAmount: repayBorrowAmount,
             sourceFeeAmount: sourceFeeAmount,
             collateralCountToReturn: collateralCountToReturn,
-            beneficiary: beneficiary
+            beneficiary: beneficiary,
+            loanOwner: loanOwner
         });
 
         // If the max repay amount is greater than the repay amount, return the difference back to the payer.
         if (maxRepayBorrowAmount > repayBorrowAmount) {
             _transferFrom({
                 from: address(this),
-                to: payable(_msgSender()),
+                to: payable(sender),
                 token: sourceToken,
                 amount: maxRepayBorrowAmount - repayBorrowAmount
             });
@@ -915,7 +967,7 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
     function _acceptFundsFor(
         address token,
         uint256 amount,
-        JBSingleAllowance memory allowance
+        JBSingleAllowance calldata allowance
     )
         internal
         returns (uint256)
@@ -962,14 +1014,12 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
     /// loan is repaid. If the loan expires and is liquidated, the burned collateral is permanently lost.
     /// @param revnetId The ID of the revnet the loan is being added in.
     /// @param amount The new amount of collateral being added to the loan.
-    function _addCollateralTo(uint256 revnetId, uint256 amount) internal {
+    function _addCollateralTo(uint256 revnetId, uint256 amount, address holder) internal {
         // Increment the total amount of collateral tokens.
         totalCollateralOf[revnetId] += amount;
 
         // Permanently burn the tokens that are tracked as collateral. These are only re-minted upon repayment.
-        CONTROLLER.burnTokensOf({
-            holder: _msgSender(), projectId: revnetId, tokenCount: amount, memo: "Adding collateral to loan"
-        });
+        CONTROLLER.burnTokensOf({holder: holder, projectId: revnetId, tokenCount: amount, memo: ""});
     }
 
     /// @notice Add a new amount to the loan that is greater than the previous amount.
@@ -1016,7 +1066,7 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
                     minTokensPaidOut: 0,
                     beneficiary: payable(address(this)),
                     feeBeneficiary: beneficiary,
-                    memo: "Lending out to a borrower"
+                    memo: ""
                 });
         }
 
@@ -1045,7 +1095,7 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
                 amount: revFeeAmount,
                 beneficiary: beneficiary,
                 minReturnedTokens: 0,
-                memo: "Fee from loan",
+                memo: "",
                 metadata: bytes(abi.encodePacked(revnetId))
             }) {}
             catch (bytes memory) {
@@ -1085,16 +1135,22 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
     /// @param newCollateralCount The new amount of collateral backing the loan.
     /// @param sourceFeeAmount The amount of the fee being taken from the revnet acting as the source of the loan.
     /// @param beneficiary The address receiving the returned collateral and any tokens resulting from paying fees.
+    /// @param holder The address whose tokens are used as collateral (burned).
     function _adjust(
         REVLoan storage loan,
         uint256 revnetId,
         uint256 newBorrowAmount,
         uint256 newCollateralCount,
         uint256 sourceFeeAmount,
-        address payable beneficiary
+        address payable beneficiary,
+        address holder
     )
         internal
     {
+        // Cache frequently-read storage fields to avoid repeated SLOAD.
+        address sourceToken = loan.source.token;
+        IJBPayoutTerminal sourceTerminal = loan.source.terminal;
+
         // Snapshot deltas from current state before writing.
         uint256 addedBorrowAmount = newBorrowAmount > loan.amount ? newBorrowAmount - loan.amount : 0;
         uint256 repaidBorrowAmount = loan.amount > newBorrowAmount ? loan.amount - newBorrowAmount : 0;
@@ -1131,7 +1187,7 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
 
         // Add collateral if needed...
         if (addedCollateralCount > 0) {
-            _addCollateralTo({revnetId: revnetId, amount: addedCollateralCount});
+            _addCollateralTo({revnetId: revnetId, amount: addedCollateralCount, holder: holder});
             // ... or return collateral if needed.
         } else if (returnedCollateralCount > 0) {
             _returnCollateralFrom({
@@ -1143,9 +1199,8 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
         // cannot block all loan operations (matching the REV fee pattern above).
         if (sourceFeeAmount > 0) {
             // Increase the allowance for the source terminal.
-            uint256 payValue = _beforeTransferTo({
-                to: address(loan.source.terminal), token: loan.source.token, amount: sourceFeeAmount
-            });
+            uint256 payValue =
+                _beforeTransferTo({to: address(sourceTerminal), token: sourceToken, amount: sourceFeeAmount});
 
             // Pay the fee. If it fails, reclaim the allowance and give the amount back to the borrower.
             // NOTE: When terminal.pay() reverts (e.g. due to a misconfigured terminal or paused payments),
@@ -1153,25 +1208,23 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
             // source fee portion. This is acceptable — it requires a broken/misconfigured source terminal and
             // the borrower still pays the REV fee and protocol fee.
             // slither-disable-next-line unused-return,arbitrary-send-eth
-            try loan.source.terminal.pay{value: payValue}({
+            try sourceTerminal.pay{value: payValue}({
                 projectId: revnetId,
-                token: loan.source.token,
+                token: sourceToken,
                 amount: sourceFeeAmount,
                 beneficiary: beneficiary,
                 minReturnedTokens: 0,
-                memo: "Fee from loan",
+                memo: "",
                 metadata: bytes(abi.encodePacked(REV_ID))
             }) {}
             catch (bytes memory) {
                 // If the fee can't be processed, decrease the ERC-20 allowance and return the amount
                 // to the beneficiary instead.
-                if (loan.source.token != JBConstants.NATIVE_TOKEN) {
-                    IERC20(loan.source.token)
-                        .safeDecreaseAllowance({
-                            spender: address(loan.source.terminal), requestedDecrease: sourceFeeAmount
-                        });
+                if (sourceToken != JBConstants.NATIVE_TOKEN) {
+                    IERC20(sourceToken)
+                        .safeDecreaseAllowance({spender: address(sourceTerminal), requestedDecrease: sourceFeeAmount});
                 }
-                _transferFrom({from: address(this), to: beneficiary, token: loan.source.token, amount: sourceFeeAmount});
+                _transferFrom({from: address(this), to: beneficiary, token: sourceToken, amount: sourceFeeAmount});
             }
         }
     }
@@ -1198,7 +1251,8 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
     function _reallocateCollateralFromLoan(
         uint256 loanId,
         uint256 revnetId,
-        uint256 collateralCountToRemove
+        uint256 collateralCountToRemove,
+        address loanOwner
     )
         internal
         returns (uint256 reallocatedLoanId, REVLoan storage reallocatedLoan)
@@ -1215,8 +1269,13 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
         // Keep a reference to the new collateral amount.
         uint256 newCollateralCount = loan.collateral - collateralCountToRemove;
 
+        // Cache the current ruleset for borrow amount calculation.
+        JBRuleset memory currentRuleset = _currentRulesetOf(revnetId);
+
         // Keep a reference to the new borrow amount.
-        uint256 borrowAmount = _borrowAmountFrom({loan: loan, revnetId: revnetId, collateralCount: newCollateralCount});
+        uint256 borrowAmount = _borrowAmountFrom({
+            loan: loan, revnetId: revnetId, collateralCount: newCollateralCount, currentRuleset: currentRuleset
+        });
 
         // Make sure the borrow amount is not less than the original loan's amount.
         if (borrowAmount < loan.amount) {
@@ -1247,12 +1306,13 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
             newBorrowAmount: reallocatedLoan.amount, // Don't change the borrow amount.
             newCollateralCount: newCollateralCount,
             sourceFeeAmount: 0,
-            beneficiary: payable(_msgSender()) // use the msgSender as the beneficiary, who will have the returned
+            beneficiary: payable(loanOwner), // Return collateral to the loan owner, who will have the returned
             // collateral tokens debited from their balance for the new loan.
+            holder: loanOwner // Only used if collateral is added (not the case here — collateral is being returned).
         });
 
-        // Mint the replacement loan.
-        _mint({to: _msgSender(), tokenId: reallocatedLoanId});
+        // Mint the replacement loan to the loan owner.
+        _mint({to: loanOwner, tokenId: reallocatedLoanId});
 
         // Clear stale loan data for gas refund.
         delete _loanOf[loanId];
@@ -1288,7 +1348,7 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
             token: loan.source.token,
             amount: repaidBorrowAmount,
             shouldReturnHeldFees: false,
-            memo: "Paying off loan",
+            memo: "",
             metadata: bytes(abi.encodePacked(REV_ID))
         });
     }
@@ -1301,6 +1361,7 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
     /// @param sourceFeeAmount The amount of the fee being taken from the revnet acting as the source of the loan.
     /// @param collateralCountToReturn The amount of collateral being returned that the loan no longer requires.
     /// @param beneficiary The address receiving the returned collateral and any tokens resulting from paying fees.
+    /// @param loanOwner The owner of the loan NFT (receives replacement loan if partial repay).
     // slither-disable-next-line reentrancy-eth,reentrancy-events
     function _repayLoan(
         uint256 loanId,
@@ -1309,7 +1370,8 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
         uint256 repayBorrowAmount,
         uint256 sourceFeeAmount,
         uint256 collateralCountToReturn,
-        address payable beneficiary
+        address payable beneficiary,
+        address loanOwner
     )
         internal
         returns (uint256, REVLoan memory)
@@ -1330,7 +1392,8 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
                 newBorrowAmount: 0,
                 newCollateralCount: 0,
                 sourceFeeAmount: sourceFeeAmount,
-                beneficiary: beneficiary
+                beneficiary: beneficiary,
+                holder: _msgSender() // Only used if collateral is added (not the case here — collateral is returned).
             });
 
             // Snapshot the zeroed loan for the return value (reflects post-repay state).
@@ -1364,7 +1427,8 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
             // Get a reference to the loan being paid off.
             REVLoan storage paidOffLoan = _loanOf[paidOffLoanId];
 
-            // Set the paid off loan's values the same as the original loan.
+            // Copy the original loan's values. amount and collateral are written here so _adjust
+            // can compute correct deltas, then _adjust overwrites them with the final values.
             paidOffLoan.amount = loan.amount;
             paidOffLoan.collateral = loan.collateral;
             paidOffLoan.createdAt = loan.createdAt;
@@ -1372,8 +1436,8 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
             paidOffLoan.prepaidDuration = loan.prepaidDuration;
             paidOffLoan.source = loan.source;
 
-            // Mint the replacement loan FIRST so it exists before _adjust writes data.
-            _mint({to: _msgSender(), tokenId: paidOffLoanId});
+            // Mint the replacement loan to the loan owner FIRST so it exists before _adjust writes data.
+            _mint({to: loanOwner, tokenId: paidOffLoanId});
 
             // Then adjust the loan data.
             _adjust({
@@ -1382,7 +1446,8 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
                 newBorrowAmount: paidOffLoan.amount - (repayBorrowAmount - sourceFeeAmount),
                 newCollateralCount: paidOffLoan.collateral - collateralCountToReturn,
                 sourceFeeAmount: sourceFeeAmount,
-                beneficiary: beneficiary
+                beneficiary: beneficiary,
+                holder: _msgSender() // Only used if collateral is added (not the case here — collateral is returned).
             });
 
             emit RepayLoan({
@@ -1419,7 +1484,7 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
             projectId: revnetId,
             tokenCount: collateralCount,
             beneficiary: beneficiary,
-            memo: "Removing collateral from loan",
+            memo: "",
             useReservedPercent: false
         });
     }