@rev-net/core-v6 0.0.29 → 0.0.31

package/src/REVLoans.sol

@@ -1,11 +1,12 @@
 // SPDX-License-Identifier: MIT
 pragma solidity 0.8.28;
 
+import {JBPermissioned} from "@bananapus/core-v6/src/abstract/JBPermissioned.sol";
 import {IJBController} from "@bananapus/core-v6/src/interfaces/IJBController.sol";
 import {IJBDirectory} from "@bananapus/core-v6/src/interfaces/IJBDirectory.sol";
 import {IJBPayoutTerminal} from "@bananapus/core-v6/src/interfaces/IJBPayoutTerminal.sol";
+import {IJBPermissioned} from "@bananapus/core-v6/src/interfaces/IJBPermissioned.sol";
 import {IJBPrices} from "@bananapus/core-v6/src/interfaces/IJBPrices.sol";
-import {IJBProjects} from "@bananapus/core-v6/src/interfaces/IJBProjects.sol";
 import {IJBTerminal} from "@bananapus/core-v6/src/interfaces/IJBTerminal.sol";
 import {IJBTokenUriResolver} from "@bananapus/core-v6/src/interfaces/IJBTokenUriResolver.sol";
 import {JBCashOuts} from "@bananapus/core-v6/src/libraries/JBCashOuts.sol";
@@ -16,6 +17,8 @@ import {JBSurplus} from "@bananapus/core-v6/src/libraries/JBSurplus.sol";
 import {JBAccountingContext} from "@bananapus/core-v6/src/structs/JBAccountingContext.sol";
 import {JBRuleset} from "@bananapus/core-v6/src/structs/JBRuleset.sol";
 import {JBSingleAllowance} from "@bananapus/core-v6/src/structs/JBSingleAllowance.sol";
+import {JBPermissionIds} from "@bananapus/permission-ids-v6/src/JBPermissionIds.sol";
+import {IJBSuckerRegistry} from "@bananapus/suckers-v6/src/interfaces/IJBSuckerRegistry.sol";
 import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol";
 import {ERC2771Context} from "@openzeppelin/contracts/metatx/ERC2771Context.sol";
 import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
@@ -45,7 +48,7 @@ import {REVLoanSource} from "./structs/REVLoanSource.sol";
 /// cannot be
 /// recouped.
 /// @dev The loaned amounts include the fees taken, meaning the amount paid back is the amount borrowed plus the fees.
-contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
+contract REVLoans is ERC721, ERC2771Context, JBPermissioned, Ownable, IREVLoans {
     // A library that parses the packed ruleset metadata into a friendlier format.
     using JBRulesetMetadataResolver for JBRuleset;
 
@@ -71,7 +74,6 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
     error REVLoans_PermitAllowanceNotEnough(uint256 allowanceAmount, uint256 requiredAmount);
     error REVLoans_ReallocatingMoreCollateralThanBorrowedAmountAllows(uint256 newBorrowAmount, uint256 loanAmount);
     error REVLoans_SourceMismatch();
-    error REVLoans_Unauthorized(address caller, address owner);
     error REVLoans_UnderMinBorrowAmount(uint256 minBorrowAmount, uint256 borrowAmount);
     error REVLoans_ZeroBorrowAmount();
     error REVLoans_ZeroCollateralLoanIsInvalid();
@@ -120,12 +122,12 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
     /// @notice A contract that stores prices for each revnet.
     IJBPrices public immutable override PRICES;
 
-    /// @notice Mints ERC-721s that represent revnet ownership and transfers.
-    IJBProjects public immutable override PROJECTS;
-
     /// @notice The ID of the REV revnet that will receive the fees.
     uint256 public immutable override REV_ID;
 
+    /// @notice The sucker registry used to discover peer chain suckers for cross-chain awareness.
+    IJBSuckerRegistry public immutable override SUCKER_REGISTRY;
+
     //*********************************************************************//
     // --------------------- public stored properties -------------------- //
     //*********************************************************************//
@@ -182,14 +184,14 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
     //*********************************************************************//
 
     /// @param controller The controller that manages revnets using this loans contract.
-    /// @param projects The contract that mints ERC-721s representing project ownership.
+    /// @param suckerRegistry The registry used to discover peer chain suckers for cross-chain supply/surplus awareness.
     /// @param revId The ID of the REV revnet that will receive the fees.
     /// @param owner The owner of the contract that can set the URI resolver.
     /// @param permit2 A permit2 utility.
     /// @param trustedForwarder A trusted forwarder of transactions to this contract.
     constructor(
         IJBController controller,
-        IJBProjects projects,
+        IJBSuckerRegistry suckerRegistry,
         uint256 revId,
         address owner,
         IPermit2 permit2,
@@ -197,14 +199,15 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
     )
         ERC721("REV Loans", "$REVLOAN")
         ERC2771Context(trustedForwarder)
+        JBPermissioned(IJBPermissioned(address(controller)).PERMISSIONS())
         Ownable(owner)
     {
         CONTROLLER = controller;
         DIRECTORY = controller.DIRECTORY();
         PRICES = controller.PRICES();
-        PROJECTS = projects;
         REV_ID = revId;
         PERMIT2 = permit2;
+        SUCKER_REGISTRY = suckerRegistry;
     }
 
     //*********************************************************************//
@@ -228,8 +231,7 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
         returns (uint256)
     {
         // Cache the current ruleset once — used by both _cashOutDelayOf and _borrowableAmountFrom.
-        // slither-disable-next-line unused-return
-        (JBRuleset memory currentRuleset,) = CONTROLLER.currentRulesetOf(revnetId);
+        JBRuleset memory currentRuleset = _currentRulesetOf(revnetId);
 
         // If the cash out delay hasn't passed yet, no amount is borrowable.
         if (_cashOutDelayOf({revnetId: revnetId, currentRuleset: currentRuleset}) > block.timestamp) return 0;
@@ -239,7 +241,7 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
             collateralCount: collateralCount,
             decimals: decimals,
             currency: currency,
-            terminals: DIRECTORY.terminalsOf(revnetId),
+            terminals: _terminalsOf(revnetId),
             currentStage: currentRuleset
         });
     }
@@ -295,32 +297,6 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
     // -------------------------- internal views ------------------------- //
     //*********************************************************************//
 
-    /// @notice Returns the cash out delay timestamp for a revnet by resolving the data hook from the current ruleset.
-    /// @param revnetId The ID of the revnet.
-    /// @return The cash out delay timestamp. Returns 0 if no data hook is set or no delay exists.
-    function _cashOutDelayOf(uint256 revnetId) internal view returns (uint256) {
-        // Get the revnet's current ruleset to find its data hook (the REVOwner contract).
-        // slither-disable-next-line unused-return
-        (JBRuleset memory currentRuleset,) = CONTROLLER.currentRulesetOf(revnetId);
-
-        return _cashOutDelayOf({revnetId: revnetId, currentRuleset: currentRuleset});
-    }
-
-    /// @notice Returns the cash out delay timestamp using a pre-fetched ruleset (avoids redundant external call).
-    /// @param revnetId The ID of the revnet.
-    /// @param currentRuleset The pre-fetched current ruleset.
-    /// @return The cash out delay timestamp. Returns 0 if no data hook is set or no delay exists.
-    function _cashOutDelayOf(uint256 revnetId, JBRuleset memory currentRuleset) internal view returns (uint256) {
-        // Extract the data hook address from the ruleset's packed metadata.
-        address dataHook = currentRuleset.dataHook();
-
-        // If there's no data hook, this isn't a revnet — no cash out delay applies.
-        if (dataHook == address(0)) return 0;
-
-        // Read the cash out delay from the REVOwner contract (the data hook).
-        return IREVOwner(dataHook).cashOutDelayOf(revnetId);
-    }
-
     /// @notice Checks this contract's balance of a specific token.
     /// @param token The address of the token to get this contract's balance of.
     /// @return This contract's balance.
@@ -357,33 +333,8 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
     /// @param decimals The decimals the resulting fixed point value will include.
     /// @param currency The currency that the resulting amount should be in terms of.
     /// @param terminals The terminals that the funds are being borrowed from.
+    /// @param currentStage The pre-fetched current ruleset.
     /// @return borrowableAmount The amount that can be borrowed from the revnet.
-    function _borrowableAmountFrom(
-        uint256 revnetId,
-        uint256 collateralCount,
-        uint256 decimals,
-        uint256 currency,
-        IJBTerminal[] memory terminals
-    )
-        internal
-        view
-        returns (uint256)
-    {
-        // Keep a reference to the current stage.
-        // slither-disable-next-line unused-return
-        (JBRuleset memory currentStage,) = CONTROLLER.currentRulesetOf(revnetId);
-
-        return _borrowableAmountFrom({
-            revnetId: revnetId,
-            collateralCount: collateralCount,
-            decimals: decimals,
-            currency: currency,
-            terminals: terminals,
-            currentStage: currentStage
-        });
-    }
-
-    /// @dev Overload that accepts a pre-fetched ruleset to avoid redundant `currentRulesetOf` calls.
     function _borrowableAmountFrom(
         uint256 revnetId,
         uint256 collateralCount,
@@ -411,53 +362,37 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
         // Get a refeerence to the collateral being used to secure loans.
         uint256 totalCollateral = totalCollateralOf[revnetId];
 
+        // The local supply includes both circulating tokens and tokens locked as loan collateral.
+        uint256 localSupply = totalSupply + totalCollateral;
+
+        // The local surplus includes both the treasury surplus and the outstanding borrowed amounts.
+        uint256 localSurplus = totalSurplus + totalBorrowed;
+
         // Proportional — uses the CURRENT stage's cashOutTaxRate.
         // NOTE: When a revnet transitions between stages with different cashOutTaxRate values, the borrowable amount
         // for the same collateral changes. A lower cashOutTaxRate in a later stage means more borrowable value per
         // collateral. This is by design: loan value tracks the current bonding curve parameters, just as cash-out
         // value does. Borrowers benefit from decreasing tax rates and are constrained by increasing ones.
-        return JBCashOuts.cashOutFrom({
-            surplus: totalSurplus + totalBorrowed,
+        // Add cross-chain remote values for proportional reclaim.
+        uint256 omnichainSurplus =
+            localSurplus + SUCKER_REGISTRY.remoteSurplusOf({projectId: revnetId, decimals: 18, currency: currency});
+        uint256 omnichainSupply = localSupply + SUCKER_REGISTRY.remoteTotalSupplyOf(revnetId);
+        uint256 reclaimable = JBCashOuts.cashOutFrom({
+            surplus: omnichainSurplus,
             cashOutCount: collateralCount,
-            totalSupply: totalSupply + totalCollateral,
+            totalSupply: omnichainSupply,
             cashOutTaxRate: currentStage.cashOutTaxRate()
         });
+        // Cap at local surplus — can't borrow more than what this chain's terminals actually hold.
+        return reclaimable > localSurplus ? localSurplus : reclaimable;
     }
 
     /// @notice The amount of the loan that should be borrowed for the given collateral amount.
     /// @param loan The loan having its borrow amount determined.
     /// @param revnetId The ID of the revnet to check for borrowable assets from.
     /// @param collateralCount The amount of collateral that the loan will be collateralized with.
+    /// @param currentRuleset The pre-fetched current ruleset.
     /// @return borrowAmount The amount of the loan that should be borrowed.
-    function _borrowAmountFrom(
-        REVLoan storage loan,
-        uint256 revnetId,
-        uint256 collateralCount
-    )
-        internal
-        view
-        returns (uint256)
-    {
-        // If there's no collateral, there's no loan.
-        if (collateralCount == 0) return 0;
-
-        // Get a reference to the accounting context for the source.
-        JBAccountingContext memory accountingContext =
-            loan.source.terminal.accountingContextForTokenOf({projectId: revnetId, token: loan.source.token});
-
-        // Keep a reference to the revnet's terminals.
-        IJBTerminal[] memory terminals = DIRECTORY.terminalsOf(revnetId);
-
-        return _borrowableAmountFrom({
-            revnetId: revnetId,
-            collateralCount: collateralCount,
-            decimals: accountingContext.decimals,
-            currency: accountingContext.currency,
-            terminals: terminals
-        });
-    }
-
-    /// @dev Overload that accepts a pre-fetched ruleset to avoid redundant `currentRulesetOf` calls.
     function _borrowAmountFrom(
         REVLoan storage loan,
         uint256 revnetId,
@@ -476,7 +411,7 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
             loan.source.terminal.accountingContextForTokenOf({projectId: revnetId, token: loan.source.token});
 
         // Keep a reference to the revnet's terminals.
-        IJBTerminal[] memory terminals = DIRECTORY.terminalsOf(revnetId);
+        IJBTerminal[] memory terminals = _terminalsOf(revnetId);
 
         return _borrowableAmountFrom({
             revnetId: revnetId,
@@ -488,11 +423,34 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
         });
     }
 
+    /// @notice Returns the cash out delay timestamp using a pre-fetched ruleset.
+    /// @param revnetId The ID of the revnet.
+    /// @param currentRuleset The pre-fetched current ruleset.
+    /// @return The cash out delay timestamp. Returns 0 if no data hook is set or no delay exists.
+    function _cashOutDelayOf(uint256 revnetId, JBRuleset memory currentRuleset) internal view returns (uint256) {
+        // Extract the data hook address from the ruleset's packed metadata.
+        address dataHook = currentRuleset.dataHook();
+
+        // If there's no data hook, this isn't a revnet — no cash out delay applies.
+        if (dataHook == address(0)) return 0;
+
+        // Read the cash out delay from the REVOwner contract (the data hook).
+        return IREVOwner(dataHook).cashOutDelayOf(revnetId);
+    }
+
     /// @dev `ERC-2771` specifies the context as being a single address (20 bytes).
     function _contextSuffixLength() internal view override(ERC2771Context, Context) returns (uint256) {
         return super._contextSuffixLength();
     }
 
+    /// @notice Returns the current ruleset for a revnet. Consolidates ABI encode/decode to a single site.
+    /// @param revnetId The ID of the revnet.
+    /// @return currentRuleset The current ruleset.
+    function _currentRulesetOf(uint256 revnetId) internal view returns (JBRuleset memory currentRuleset) {
+        // slither-disable-next-line unused-return
+        (currentRuleset,) = CONTROLLER.currentRulesetOf(revnetId);
+    }
+
     /// @notice Determines the source fee amount for a loan being paid off a certain amount.
     /// @param loan The loan having its source fee amount determined.
     /// @param amount The amount being paid off.
@@ -550,6 +508,13 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
         return ERC2771Context._msgSender();
     }
 
+    /// @notice Returns the terminals for a revnet. Consolidates ABI encode/decode to a single site.
+    /// @param revnetId The ID of the revnet.
+    /// @return The terminals registered for the revnet.
+    function _terminalsOf(uint256 revnetId) internal view returns (IJBTerminal[] memory) {
+        return DIRECTORY.terminalsOf(revnetId);
+    }
+
     /// @notice The total borrowed amount from a revnet, aggregated across all loan sources.
     /// @dev Each source's `totalBorrowedFrom` is stored in the source token's native decimals (e.g. 6 for USDC,
     /// 18 for ETH). Before aggregation, each amount is normalized to the target `decimals` to prevent mixed-decimal
@@ -632,6 +597,8 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
     /// @dev Collateral tokens are permanently burned when the loan is created. They are re-minted to the borrower
     /// only upon repayment. If the loan expires (after LOAN_LIQUIDATION_DURATION), the collateral is permanently
     /// lost and cannot be recovered.
+    /// @dev A delegated operator (with OPEN_LOAN permission) can set `beneficiary` to any address, directing borrowed
+    /// funds away from the holder. Holders should only grant OPEN_LOAN to fully trusted operators.
     /// @param revnetId The ID of the revnet being borrowed from.
     /// @param source The source of the loan being borrowed.
     /// @param minBorrowAmount The minimum amount being borrowed, denominated in the token of the source's accounting
@@ -648,12 +615,17 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
         uint256 minBorrowAmount,
         uint256 collateralCount,
         address payable beneficiary,
-        uint256 prepaidFeePercent
+        uint256 prepaidFeePercent,
+        address holder
     )
         public
         override
         returns (uint256 loanId, REVLoan memory)
     {
+        // Only the holder or a permissioned operator can open a loan on the holder's behalf.
+        // Note: the operator controls `beneficiary`, so they can direct borrowed funds to any address.
+        _requirePermissionFrom({account: holder, projectId: revnetId, permissionId: JBPermissionIds.OPEN_LOAN});
+
         // A loan needs to have collateral.
         if (collateralCount == 0) revert REVLoans_ZeroCollateralLoanIsInvalid();
 
@@ -672,8 +644,7 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
         }
 
         // Cache the current ruleset once — used by both _cashOutDelayOf and _borrowAmountFrom.
-        // slither-disable-next-line unused-return
-        (JBRuleset memory currentRuleset,) = CONTROLLER.currentRulesetOf(revnetId);
+        JBRuleset memory currentRuleset = _currentRulesetOf(revnetId);
 
         // Enforce the cash out delay.
         {
@@ -722,14 +693,12 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
             newBorrowAmount: borrowAmount,
             newCollateralCount: collateralCount,
             sourceFeeAmount: sourceFeeAmount,
-            beneficiary: beneficiary
+            beneficiary: beneficiary,
+            holder: holder
         });
 
-        // Cache the sender to avoid repeated ERC2771 context reads.
-        address sender = _msgSender();
-
-        // Mint the loan.
-        _mint({to: sender, tokenId: loanId});
+        // Mint the loan NFT to the holder.
+        _mint({to: holder, tokenId: loanId});
 
         emit Borrow({
             loanId: loanId,
@@ -740,7 +709,7 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
             collateralCount: collateralCount,
             sourceFeeAmount: sourceFeeAmount,
             beneficiary: beneficiary,
-            caller: sender
+            caller: _msgSender()
         });
 
         return (loanId, loan);
@@ -811,6 +780,8 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
     /// @dev Refinancing a loan will burn the original and create two new loans.
     /// @dev This function is intentionally not payable — it only moves existing collateral between loans and does
     /// not accept new funds. Any ETH sent with the call will be rejected by the EVM.
+    /// @dev A delegated operator (with REALLOCATE_LOAN permission) can set `beneficiary` to any address, directing
+    /// borrowed funds from the new loan away from the loan owner. Grant this permission only to trusted operators.
     /// @param loanId The ID of the loan to reallocate collateral from.
     /// @param collateralCountToTransfer The amount of collateral to transfer from the original loan.
     /// @param source The source of the loan to create.
@@ -836,14 +807,13 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
         override
         returns (uint256 reallocatedLoanId, uint256 newLoanId, REVLoan memory reallocatedLoan, REVLoan memory newLoan)
     {
-        // Cache the sender to avoid repeated ERC2771 context reads.
-        address sender = _msgSender();
+        // Keep a reference to the revnet ID of the loan being reallocated.
+        uint256 revnetId = revnetIdOfLoanWith(loanId);
 
-        // Make sure only the loan's owner can manage it.
-        {
-            address loanOwner = _ownerOf(loanId);
-            if (loanOwner != sender) revert REVLoans_Unauthorized(sender, loanOwner);
-        }
+        // Only the loan owner or a permissioned operator can reallocate.
+        // Note: the operator controls `beneficiary`, so they can direct new loan proceeds to any address.
+        address loanOwner = _ownerOf(loanId);
+        _requirePermissionFrom({account: loanOwner, projectId: revnetId, permissionId: JBPermissionIds.REALLOCATE_LOAN});
 
         // Make sure the loan hasn't expired.
         if (block.timestamp - _loanOf[loanId].createdAt > LOAN_LIQUIDATION_DURATION) {
@@ -860,27 +830,28 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
 
         // Note: this function is not payable, so the EVM prevents sending ETH at the call level.
 
-        // Keep a reference to the revnet ID of the loan being reallocated.
-        uint256 revnetId = revnetIdOfLoanWith(loanId);
-
         // Refinance the loan.
         (reallocatedLoanId, reallocatedLoan) = _reallocateCollateralFromLoan({
-            loanId: loanId, revnetId: revnetId, collateralCountToRemove: collateralCountToTransfer
+            loanId: loanId, revnetId: revnetId, collateralCountToRemove: collateralCountToTransfer, loanOwner: loanOwner
         });
 
         // Make a new loan with the leftover collateral from reallocating.
+        // The loan owner is the holder for the new loan (their tokens are used as collateral).
         (newLoanId, newLoan) = borrowFrom({
             revnetId: revnetId,
             source: source,
             minBorrowAmount: minBorrowAmount,
             collateralCount: collateralCountToTransfer + collateralCountToAdd,
             beneficiary: beneficiary,
-            prepaidFeePercent: prepaidFeePercent
+            prepaidFeePercent: prepaidFeePercent,
+            holder: loanOwner
         });
     }
 
     /// @notice Allows the owner of a loan to pay it back or receive returned collateral no longer necessary to support
     /// the loan.
+    /// @dev A delegated operator (with REPAY_LOAN permission) can set `beneficiary` to any address, directing returned
+    /// collateral tokens away from the loan owner. Grant this permission only to trusted operators.
     /// @param loanId The ID of the loan being adjusted.
     /// @param maxRepayBorrowAmount The maximum amount being paid off, denominated in the token of the source's
     /// accounting context.
@@ -904,11 +875,12 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
         // Cache the sender to avoid repeated ERC2771 context reads.
         address sender = _msgSender();
 
-        // Make sure only the loan's owner can manage it.
-        {
-            address loanOwner = _ownerOf(loanId);
-            if (loanOwner != sender) revert REVLoans_Unauthorized(sender, loanOwner);
-        }
+        // Only the loan owner or a permissioned operator can repay.
+        // Note: the operator controls `beneficiary`, so they can direct returned collateral to any address.
+        address loanOwner = _ownerOf(loanId);
+        _requirePermissionFrom({
+            account: loanOwner, projectId: revnetIdOfLoanWith(loanId), permissionId: JBPermissionIds.REPAY_LOAN
+        });
 
         // Keep a reference to the fee being iterated on.
         REVLoan storage loan = _loanOf[loanId];
@@ -920,12 +892,18 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
         // Get a reference to the revnet ID of the loan being repaid.
         uint256 revnetId = revnetIdOfLoanWith(loanId);
 
+        // Cache the current ruleset once for borrow amount calculation.
+        JBRuleset memory currentRuleset = _currentRulesetOf(revnetId);
+
         // Scope to limit newBorrowAmount's stack lifetime.
         uint256 repayBorrowAmount;
         {
             // Get the new borrow amount.
             uint256 newBorrowAmount = _borrowAmountFrom({
-                loan: loan, revnetId: revnetId, collateralCount: loan.collateral - collateralCountToReturn
+                loan: loan,
+                revnetId: revnetId,
+                collateralCount: loan.collateral - collateralCountToReturn,
+                currentRuleset: currentRuleset
             });
 
             // If the remaining collateral yields zero borrow amount, treat as full repay.
@@ -972,7 +950,8 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
             repayBorrowAmount: repayBorrowAmount,
             sourceFeeAmount: sourceFeeAmount,
             collateralCountToReturn: collateralCountToReturn,
-            beneficiary: beneficiary
+            beneficiary: beneficiary,
+            loanOwner: loanOwner
         });
 
         // If the max repay amount is greater than the repay amount, return the difference back to the payer.
@@ -1054,14 +1033,12 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
     /// loan is repaid. If the loan expires and is liquidated, the burned collateral is permanently lost.
     /// @param revnetId The ID of the revnet the loan is being added in.
     /// @param amount The new amount of collateral being added to the loan.
-    function _addCollateralTo(uint256 revnetId, uint256 amount) internal {
+    function _addCollateralTo(uint256 revnetId, uint256 amount, address holder) internal {
         // Increment the total amount of collateral tokens.
         totalCollateralOf[revnetId] += amount;
 
         // Permanently burn the tokens that are tracked as collateral. These are only re-minted upon repayment.
-        CONTROLLER.burnTokensOf({
-            holder: _msgSender(), projectId: revnetId, tokenCount: amount, memo: "Adding collateral to loan"
-        });
+        CONTROLLER.burnTokensOf({holder: holder, projectId: revnetId, tokenCount: amount, memo: ""});
     }
 
     /// @notice Add a new amount to the loan that is greater than the previous amount.
@@ -1108,7 +1085,7 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
                     minTokensPaidOut: 0,
                     beneficiary: payable(address(this)),
                     feeBeneficiary: beneficiary,
-                    memo: "Lending out to a borrower"
+                    memo: ""
                 });
         }
 
@@ -1120,33 +1097,16 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
             ? 0
             : JBFees.feeAmountFrom({amountBeforeFee: addedBorrowAmount, feePercent: REV_PREPAID_FEE_PERCENT});
 
+        // Try to pay the REV fee. If it fails, revFeeAmount is zeroed so the borrower receives it instead.
         if (revFeeAmount > 0) {
-            // Increase the allowance for the fee terminal.
-            uint256 payValue =
-                _beforeTransferTo({to: address(feeTerminal), token: loan.source.token, amount: revFeeAmount});
-
-            // Pay the fee. Send the REV to the beneficiary. If fee payment fails, give the amount back to the borrower.
-            // NOTE: When terminal.pay() reverts (e.g. due to a misconfigured terminal or paused payments),
-            // the REV fee is refunded to the borrower, resulting in an effectively interest-free loan for the
-            // REV fee portion. This is acceptable — it requires a broken/misconfigured fee terminal and the
-            // borrower still pays the source fee and protocol fee.
-            // slither-disable-next-line arbitrary-send-eth,unused-return
-            try feeTerminal.pay{value: payValue}({
-                projectId: REV_ID,
-                token: loan.source.token,
-                amount: revFeeAmount,
-                beneficiary: beneficiary,
-                minReturnedTokens: 0,
-                memo: "Fee from loan",
-                metadata: bytes(abi.encodePacked(revnetId))
-            }) {}
-            catch (bytes memory) {
-                // If the fee can't be processed, decrease the ERC-20 allowance and zero out the fee
-                // so the borrower receives it instead.
-                if (loan.source.token != JBConstants.NATIVE_TOKEN) {
-                    IERC20(loan.source.token)
-                        .safeDecreaseAllowance({spender: address(feeTerminal), requestedDecrease: revFeeAmount});
-                }
+            if (!_tryPayFee({
+                    terminal: feeTerminal,
+                    projectId: REV_ID,
+                    token: loan.source.token,
+                    amount: revFeeAmount,
+                    beneficiary: beneficiary,
+                    metadataProjectId: revnetId
+                })) {
                 revFeeAmount = 0;
             }
         }
@@ -1177,13 +1137,15 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
     /// @param newCollateralCount The new amount of collateral backing the loan.
     /// @param sourceFeeAmount The amount of the fee being taken from the revnet acting as the source of the loan.
     /// @param beneficiary The address receiving the returned collateral and any tokens resulting from paying fees.
+    /// @param holder The address whose tokens are used as collateral (burned).
     function _adjust(
         REVLoan storage loan,
         uint256 revnetId,
         uint256 newBorrowAmount,
         uint256 newCollateralCount,
         uint256 sourceFeeAmount,
-        address payable beneficiary
+        address payable beneficiary,
+        address holder
     )
         internal
     {
@@ -1227,7 +1189,7 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
 
         // Add collateral if needed...
         if (addedCollateralCount > 0) {
-            _addCollateralTo({revnetId: revnetId, amount: addedCollateralCount});
+            _addCollateralTo({revnetId: revnetId, amount: addedCollateralCount, holder: holder});
             // ... or return collateral if needed.
         } else if (returnedCollateralCount > 0) {
             _returnCollateralFrom({
@@ -1235,35 +1197,16 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
             });
         }
 
-        // If there is a source fee, pay it. Wrapped in try-catch so a reverting source terminal
-        // cannot block all loan operations (matching the REV fee pattern above).
+        // Try to pay the source fee. If it fails, transfer the amount to the beneficiary instead.
         if (sourceFeeAmount > 0) {
-            // Increase the allowance for the source terminal.
-            uint256 payValue =
-                _beforeTransferTo({to: address(sourceTerminal), token: sourceToken, amount: sourceFeeAmount});
-
-            // Pay the fee. If it fails, reclaim the allowance and give the amount back to the borrower.
-            // NOTE: When terminal.pay() reverts (e.g. due to a misconfigured terminal or paused payments),
-            // the source fee is refunded to the borrower, resulting in an effectively interest-free loan for the
-            // source fee portion. This is acceptable — it requires a broken/misconfigured source terminal and
-            // the borrower still pays the REV fee and protocol fee.
-            // slither-disable-next-line unused-return,arbitrary-send-eth
-            try sourceTerminal.pay{value: payValue}({
-                projectId: revnetId,
-                token: sourceToken,
-                amount: sourceFeeAmount,
-                beneficiary: beneficiary,
-                minReturnedTokens: 0,
-                memo: "Fee from loan",
-                metadata: bytes(abi.encodePacked(REV_ID))
-            }) {}
-            catch (bytes memory) {
-                // If the fee can't be processed, decrease the ERC-20 allowance and return the amount
-                // to the beneficiary instead.
-                if (sourceToken != JBConstants.NATIVE_TOKEN) {
-                    IERC20(sourceToken)
-                        .safeDecreaseAllowance({spender: address(sourceTerminal), requestedDecrease: sourceFeeAmount});
-                }
+            if (!_tryPayFee({
+                    terminal: IJBTerminal(address(sourceTerminal)),
+                    projectId: revnetId,
+                    token: sourceToken,
+                    amount: sourceFeeAmount,
+                    beneficiary: beneficiary,
+                    metadataProjectId: REV_ID
+                })) {
                 _transferFrom({from: address(this), to: beneficiary, token: sourceToken, amount: sourceFeeAmount});
             }
         }
@@ -1291,7 +1234,8 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
     function _reallocateCollateralFromLoan(
         uint256 loanId,
         uint256 revnetId,
-        uint256 collateralCountToRemove
+        uint256 collateralCountToRemove,
+        address loanOwner
     )
         internal
         returns (uint256 reallocatedLoanId, REVLoan storage reallocatedLoan)
@@ -1308,8 +1252,13 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
         // Keep a reference to the new collateral amount.
         uint256 newCollateralCount = loan.collateral - collateralCountToRemove;
 
+        // Cache the current ruleset for borrow amount calculation.
+        JBRuleset memory currentRuleset = _currentRulesetOf(revnetId);
+
         // Keep a reference to the new borrow amount.
-        uint256 borrowAmount = _borrowAmountFrom({loan: loan, revnetId: revnetId, collateralCount: newCollateralCount});
+        uint256 borrowAmount = _borrowAmountFrom({
+            loan: loan, revnetId: revnetId, collateralCount: newCollateralCount, currentRuleset: currentRuleset
+        });
 
         // Make sure the borrow amount is not less than the original loan's amount.
         if (borrowAmount < loan.amount) {
@@ -1340,12 +1289,13 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
             newBorrowAmount: reallocatedLoan.amount, // Don't change the borrow amount.
             newCollateralCount: newCollateralCount,
             sourceFeeAmount: 0,
-            beneficiary: payable(_msgSender()) // use the msgSender as the beneficiary, who will have the returned
+            beneficiary: payable(loanOwner), // Return collateral to the loan owner, who will have the returned
             // collateral tokens debited from their balance for the new loan.
+            holder: loanOwner // Only used if collateral is added (not the case here — collateral is being returned).
         });
 
-        // Mint the replacement loan.
-        _mint({to: _msgSender(), tokenId: reallocatedLoanId});
+        // Mint the replacement loan to the loan owner.
+        _mint({to: loanOwner, tokenId: reallocatedLoanId});
 
         // Clear stale loan data for gas refund.
         delete _loanOf[loanId];
@@ -1381,7 +1331,7 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
             token: loan.source.token,
             amount: repaidBorrowAmount,
             shouldReturnHeldFees: false,
-            memo: "Paying off loan",
+            memo: "",
             metadata: bytes(abi.encodePacked(REV_ID))
         });
     }
@@ -1394,6 +1344,7 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
     /// @param sourceFeeAmount The amount of the fee being taken from the revnet acting as the source of the loan.
     /// @param collateralCountToReturn The amount of collateral being returned that the loan no longer requires.
     /// @param beneficiary The address receiving the returned collateral and any tokens resulting from paying fees.
+    /// @param loanOwner The owner of the loan NFT (receives replacement loan if partial repay).
     // slither-disable-next-line reentrancy-eth,reentrancy-events
     function _repayLoan(
         uint256 loanId,
@@ -1402,7 +1353,8 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
         uint256 repayBorrowAmount,
         uint256 sourceFeeAmount,
         uint256 collateralCountToReturn,
-        address payable beneficiary
+        address payable beneficiary,
+        address loanOwner
     )
         internal
         returns (uint256, REVLoan memory)
@@ -1423,7 +1375,8 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
                 newBorrowAmount: 0,
                 newCollateralCount: 0,
                 sourceFeeAmount: sourceFeeAmount,
-                beneficiary: beneficiary
+                beneficiary: beneficiary,
+                holder: _msgSender() // Only used if collateral is added (not the case here — collateral is returned).
             });
 
             // Snapshot the zeroed loan for the return value (reflects post-repay state).
@@ -1466,8 +1419,8 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
             paidOffLoan.prepaidDuration = loan.prepaidDuration;
             paidOffLoan.source = loan.source;
 
-            // Mint the replacement loan FIRST so it exists before _adjust writes data.
-            _mint({to: _msgSender(), tokenId: paidOffLoanId});
+            // Mint the replacement loan to the loan owner FIRST so it exists before _adjust writes data.
+            _mint({to: loanOwner, tokenId: paidOffLoanId});
 
             // Then adjust the loan data.
             _adjust({
@@ -1476,7 +1429,8 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
                 newBorrowAmount: paidOffLoan.amount - (repayBorrowAmount - sourceFeeAmount),
                 newCollateralCount: paidOffLoan.collateral - collateralCountToReturn,
                 sourceFeeAmount: sourceFeeAmount,
-                beneficiary: beneficiary
+                beneficiary: beneficiary,
+                holder: _msgSender() // Only used if collateral is added (not the case here — collateral is returned).
             });
 
             emit RepayLoan({
@@ -1513,7 +1467,7 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
             projectId: revnetId,
             tokenCount: collateralCount,
             beneficiary: beneficiary,
-            memo: "Removing collateral from loan",
+            memo: "",
             useReservedPercent: false
         });
     }
@@ -1546,6 +1500,45 @@ contract REVLoans is ERC721, ERC2771Context, Ownable, IREVLoans {
         PERMIT2.transferFrom({from: from, to: to, amount: uint160(amount), token: token});
     }
 
+    /// @notice Attempts to pay a fee to a terminal. On failure, cleans up the ERC-20 allowance and returns false.
+    /// @param terminal The terminal to pay the fee to.
+    /// @param projectId The project receiving the fee.
+    /// @param token The token being used to pay the fee.
+    /// @param amount The fee amount.
+    /// @param beneficiary The address to credit for the fee payment.
+    /// @param metadataProjectId The project ID encoded in the payment metadata.
+    /// @return success Whether the fee was successfully paid.
+    function _tryPayFee(
+        IJBTerminal terminal,
+        uint256 projectId,
+        address token,
+        uint256 amount,
+        address beneficiary,
+        uint256 metadataProjectId
+    )
+        internal
+        returns (bool success)
+    {
+        uint256 payValue = _beforeTransferTo({to: address(terminal), token: token, amount: amount});
+
+        // slither-disable-next-line arbitrary-send-eth,unused-return
+        try terminal.pay{value: payValue}({
+            projectId: projectId,
+            token: token,
+            amount: amount,
+            beneficiary: beneficiary,
+            minReturnedTokens: 0,
+            memo: "",
+            metadata: bytes(abi.encodePacked(metadataProjectId))
+        }) {
+            success = true;
+        } catch (bytes memory) {
+            if (token != JBConstants.NATIVE_TOKEN) {
+                IERC20(token).safeDecreaseAllowance({spender: address(terminal), requestedDecrease: amount});
+            }
+        }
+    }
+
     fallback() external payable {}
     receive() external payable {}
 }