@rev-net/core-v6 0.0.35 → 0.0.37

package/RISKS.md

@@ -27,7 +27,7 @@ This file focuses on the staged-economics, runtime-hook, hidden-supply, and loan
 
 - **Stage immutability cuts both ways.** A bad stage schedule or bad cash-out tax choice is expensive to unwind.
 - **Borrowability depends on live economics.** If surplus, supply, or cross-chain state are wrong, loan capacity becomes wrong.
-- **Zero or degraded price feeds can undercount debt.** If a source becomes invisible to debt aggregation, later borrowing can become too permissive.
+- **Zero or degraded price feeds can undercount debt.** If a source becomes invisible to debt aggregation, later borrowing can become too permissive. Specifically, `_debtOf` skips sources where `pricePerUnitOf` returns zero, treating them as if the borrower has no debt in that source. If a feed breaks or returns zero, existing debt in that currency is effectively invisible, inflating the borrower's apparent borrowable amount.
 - **Hidden-token mechanics change visible supply.** That affects per-token cash-out value and can change the economics seen by other holders.
 - **Auto-issuance dilutes holders predictably but still materially.** Timing is permissionless, even if the amounts are fixed at deployment.
 - **Omnichain expansion can corrupt surplus aggregation.** Since borrowability aggregates surplus from all registered terminals across chains, a compromised or misconfigured terminal on a remote chain affects global surplus accounting.
@@ -87,3 +87,21 @@ The model assumes that attempts to inflate surplus through donations are not pro
 ### 8.5 Omnichain terminal expansion inherits remote-chain trust
 
 A project that expands to a new chain can register additional terminals on that chain. Because borrowability calculations aggregate surplus from all registered terminals across all chains, a compromised or misconfigured terminal on a remote chain can corrupt the project's surplus accounting globally. This is mitigated by including terminal addresses in the `encodedConfigurationHash` — cross-chain expansions via suckers must use the exact same terminal address as the host chain. Terminal addresses are deterministic across chains (same CREATE2 deployment), so this prevents expansions from silently using a different terminal. Project operators should still treat each chain expansion as a trust-boundary decision since bridge integrity and network assumptions remain outside protocol control.
+
+### 8.6 Cross-chain surplus staleness
+
+`REVLoans._borrowableAmountFrom` and `REVOwner.beforeCashOutRecordedWith` add `remoteSurplusOf()` and `remoteTotalSupplyOf()` to local values. These remote values update only when `toRemote()` is called on the peer chain -- no heartbeat or staleness check. Stale data can inflate per-token borrowable amounts when remote supply has grown since the last bridge message. Primary safeguard: borrowable is capped at `localSurplus` (REVLoans line 386-387), preventing extraction beyond what the local terminal holds.
+
+### 8.7 REVLoans CEI violation in `_adjust`
+
+In `REVLoans._adjust`, `totalCollateralOf[revnetId]` is incremented after external calls (`useAllowanceOf`, fee payment). A reentrant `borrowFrom` would see a lower `totalCollateralOf`. This is documented inline (lines 1128-1132) and requires an adversarial pay hook on the revnet's own terminal -- a trust-level configuration that is not realistic in standard deployments.
+
+### 8.8 Remote loan corrections not reflected in local borrowability
+
+`_borrowableAmountFrom` adds back local `totalBorrowed` and `totalCollateral` to reconstitute pre-loan economic state for the bonding curve. However, remote chain snapshots (built by `JBSuckerLib.buildSnapshotMessage`) capture raw surplus/supply WITHOUT loan corrections from the remote chain. This is accepted because:
+
+1. Suckers are a general-purpose bridging layer and should not need knowledge of revnet-specific loan mechanics.
+2. The `localSurplus` cap (REVLoans line 386-387) prevents extraction beyond what the local terminal actually holds.
+3. The over-lending exposure is bounded by the difference between corrected and uncorrected remote values, which is proportional to remote outstanding loans — typically a small fraction of total surplus.
+
+Project operators deploying cross-chain revnets with active loan markets on multiple chains should understand that local borrowability calculations do not account for remote outstanding loans.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rev-net/core-v6",
-  "version": "0.0.35",
+  "version": "0.0.37",
   "license": "MIT",
   "repository": {
     "type": "git",
@@ -19,14 +19,14 @@
     "artifacts": "source ./.env && npx sphinx artifacts --org-id 'ea165b21-7cdc-4d7b-be59-ecdd4c26bee4' --project-name 'revnet-core-v6'"
   },
   "dependencies": {
-    "@bananapus/721-hook-v6": "^0.0.35",
-    "@bananapus/buyback-hook-v6": "^0.0.27",
-    "@bananapus/core-v6": "^0.0.34",
-    "@bananapus/ownable-v6": "^0.0.17",
-    "@bananapus/permission-ids-v6": "^0.0.17",
-    "@bananapus/router-terminal-v6": "^0.0.26",
-    "@bananapus/suckers-v6": "^0.0.25",
-    "@croptop/core-v6": "github:mejango/croptop-core-v6",
+    "@bananapus/721-hook-v6": "^0.0.38",
+    "@bananapus/buyback-hook-v6": "^0.0.30",
+    "@bananapus/core-v6": "^0.0.36",
+    "@bananapus/ownable-v6": "^0.0.20",
+    "@bananapus/permission-ids-v6": "^0.0.19",
+    "@bananapus/router-terminal-v6": "^0.0.30",
+    "@bananapus/suckers-v6": "^0.0.28",
+    "@croptop/core-v6": "^0.0.36",
     "@openzeppelin/contracts": "^5.6.1",
     "@uniswap/v4-core": "^1.0.2",
     "@uniswap/v4-periphery": "^1.0.3"

package/src/REVDeployer.sol

@@ -798,7 +798,7 @@ contract REVDeployer is ERC2771Context, IREVDeployer, IERC721Receiver {
         if (shouldDeployNewRevnet) {
             // If we're deploying a new revnet, launch a Juicebox project for it.
             // Sanity check that we deployed the `revnetId` that we expected to deploy.
-            // slither-disable-next-line reentrancy-benign,reentrancy-events
+            // slither-disable-next-line incorrect-equality,reentrancy-benign,reentrancy-events
             assert(
                 CONTROLLER.launchProjectFor({
                     owner: address(this),
@@ -970,6 +970,12 @@ contract REVDeployer is ERC2771Context, IREVDeployer, IERC721Receiver {
         JBFundAccessLimitGroup[] memory fundAccessLimitGroups =
             _makeLoanFundAccessLimits({terminalConfigurations: terminalConfigurations});
 
+        // Track the previous stage's effective start time for ordering validation.
+        // When stage 0 uses `startsAtOrAfter == 0`, the effective value is `block.timestamp`.
+        // Subsequent stages must be validated against this normalized value, not the raw calldata,
+        // so that cross-chain deployments can reproduce the same encoded configuration hash.
+        uint256 previousStageStart;
+
         // Iterate through each stage to set up its ruleset.
         for (uint256 i; i < configuration.stageConfigurations.length;) {
             // Set the stage being iterated on.
@@ -981,12 +987,19 @@ contract REVDeployer is ERC2771Context, IREVDeployer, IERC721Receiver {
                 revert REVDeployer_MustHaveSplits();
             }
 
+            // Compute the effective start time for this stage.
+            uint256 effectiveStart = (i == 0 && stageConfiguration.startsAtOrAfter == 0)
+                ? block.timestamp
+                : stageConfiguration.startsAtOrAfter;
+
             // If the stage's start time is not after the previous stage's start time, revert.
-            if (i > 0 && stageConfiguration.startsAtOrAfter <= configuration.stageConfigurations[i - 1].startsAtOrAfter)
-            {
+            if (i > 0 && effectiveStart <= previousStageStart) {
                 revert REVDeployer_StageTimesMustIncrease();
             }
 
+            // Store for the next iteration's ordering check.
+            previousStageStart = effectiveStart;
+
             // Make sure the revnet doesn't prevent cashouts all together.
             if (stageConfiguration.cashOutTaxRate >= JBConstants.MAX_CASH_OUT_TAX_RATE) {
                 revert REVDeployer_CashOutsCantBeTurnedOffCompletely(
@@ -1004,13 +1017,9 @@ contract REVDeployer is ERC2771Context, IREVDeployer, IERC721Receiver {
             // Add the stage's properties to the byte-encoded configuration.
             encodedConfiguration = abi.encode(
                 encodedConfiguration,
-                // If no start time is provided for the first stage, use the current block's timestamp.
-                // In the future, revnets deployed on other networks can match this revnet's encoded stage by specifying
-                // the
-                // same start time.
-                (i == 0 && stageConfiguration.startsAtOrAfter == 0)
-                    ? block.timestamp
-                    : stageConfiguration.startsAtOrAfter,
+                // Use the effective start time (normalized from 0 to block.timestamp for the first stage).
+                // Cross-chain deployments reproduce the hash by specifying the origin chain's timestamp.
+                effectiveStart,
                 stageConfiguration.splitPercent,
                 stageConfiguration.initialIssuance,
                 stageConfiguration.issuanceCutFrequency,

package/src/REVLoans.sol

@@ -543,17 +543,18 @@ contract REVLoans is ERC721, ERC2771Context, JBPermissioned, Ownable, IREVLoans
             // Get a reference to the token being iterated on.
             REVLoanSource storage source = sources[i];
 
-            // Get a reference to the accounting context for the source.
-            // slither-disable-next-line calls-loop
-            JBAccountingContext memory accountingContext =
-                source.terminal.accountingContextForTokenOf({projectId: revnetId, token: source.token});
-
             // Get a reference to the amount of tokens loaned out.
             uint256 tokensLoaned = totalBorrowedFrom[revnetId][source.terminal][source.token];
 
-            // Skip if no tokens are loaned from this source.
+            // Skip if no tokens are loaned from this source. Checked before the external call below to avoid
+            // reverting on stale sources whose terminals may no longer support this token.
             if (tokensLoaned == 0) continue;
 
+            // Get a reference to the accounting context for the source.
+            // slither-disable-next-line calls-loop
+            JBAccountingContext memory accountingContext =
+                source.terminal.accountingContextForTokenOf({projectId: revnetId, token: source.token});
+
             // Normalize the token amount from the source's decimals to the target decimals.
             uint256 normalizedTokens;
             if (accountingContext.decimals > decimals) {
@@ -626,93 +627,15 @@ contract REVLoans is ERC721, ERC2771Context, JBPermissioned, Ownable, IREVLoans
         // Note: the operator controls `beneficiary`, so they can direct borrowed funds to any address.
         _requirePermissionFrom({account: holder, projectId: revnetId, permissionId: JBPermissionIds.OPEN_LOAN});
 
-        // A loan needs to have collateral.
-        if (collateralCount == 0) revert REVLoans_ZeroCollateralLoanIsInvalid();
-
-        // Make sure the source terminal is registered in the directory for this revnet.
-        if (!DIRECTORY.isTerminalOf({projectId: revnetId, terminal: IJBTerminal(address(source.terminal))})) {
-            revert REVLoans_InvalidTerminal(address(source.terminal), revnetId);
-        }
-
-        // Make sure the prepaid fee percent is between `MIN_PREPAID_FEE_PERCENT` and `MAX_PREPAID_FEE_PERCENT`. Meaning
-        // an 16 year loan can be paid upfront with a
-        // payment of 50% of the borrowed assets, the cheapest possible rate.
-        if (prepaidFeePercent < MIN_PREPAID_FEE_PERCENT || prepaidFeePercent > MAX_PREPAID_FEE_PERCENT) {
-            revert REVLoans_InvalidPrepaidFeePercent(
-                prepaidFeePercent, MIN_PREPAID_FEE_PERCENT, MAX_PREPAID_FEE_PERCENT
-            );
-        }
-
-        // Cache the current ruleset once — used by both _cashOutDelayOf and _borrowAmountFrom.
-        JBRuleset memory currentRuleset = _currentRulesetOf(revnetId);
-
-        // Enforce the cash out delay.
-        {
-            uint256 cashOutDelay = _cashOutDelayOf({revnetId: revnetId, currentRuleset: currentRuleset});
-            if (cashOutDelay > block.timestamp) {
-                revert REVLoans_CashOutDelayNotFinished(cashOutDelay, block.timestamp);
-            }
-        }
-
-        // Prevent the loan number from exceeding the ID namespace for this revnet.
-        if (totalLoansBorrowedFor[revnetId] >= _ONE_TRILLION) revert REVLoans_LoanIdOverflow();
-
-        // Get a reference to the loan ID.
-        loanId = _generateLoanId({revnetId: revnetId, loanNumber: ++totalLoansBorrowedFor[revnetId]});
-
-        // Get a reference to the loan being created.
-        REVLoan storage loan = _loanOf[loanId];
-
-        // Set the loan's values.
-        loan.source = source;
-        loan.createdAt = uint48(block.timestamp);
-        // forge-lint: disable-next-line(unsafe-typecast)
-        loan.prepaidFeePercent = uint16(prepaidFeePercent);
-        loan.prepaidDuration =
-            uint32(mulDiv({x: prepaidFeePercent, y: LOAN_LIQUIDATION_DURATION, denominator: MAX_PREPAID_FEE_PERCENT}));
-
-        // Get the amount of the loan, using the cached ruleset.
-        uint256 borrowAmount = _borrowAmountFrom({
-            loan: loan, revnetId: revnetId, collateralCount: collateralCount, currentRuleset: currentRuleset
-        });
-
-        // Revert if the bonding curve returns zero to prevent creating zero-amount loans.
-        if (borrowAmount == 0) revert REVLoans_ZeroBorrowAmount();
-
-        // Make sure the minimum borrow amount is met.
-        if (borrowAmount < minBorrowAmount) revert REVLoans_UnderMinBorrowAmount(minBorrowAmount, borrowAmount);
-
-        // Get the amount of additional fee to take for the revnet issuing the loan.
-        // Fee rounding may leave a few wei of dust — economically insignificant relative to gas costs.
-        uint256 sourceFeeAmount = JBFees.feeAmountFrom({amountBeforeFee: borrowAmount, feePercent: prepaidFeePercent});
-
-        // Borrow the amount.
-        _adjust({
-            loan: loan,
+        return _borrowFrom({
             revnetId: revnetId,
-            newBorrowAmount: borrowAmount,
-            newCollateralCount: collateralCount,
-            sourceFeeAmount: sourceFeeAmount,
-            beneficiary: beneficiary,
-            holder: holder
-        });
-
-        // Mint the loan NFT to the holder.
-        _mint({to: holder, tokenId: loanId});
-
-        emit Borrow({
-            loanId: loanId,
-            revnetId: revnetId,
-            loan: loan,
             source: source,
-            borrowAmount: borrowAmount,
+            minBorrowAmount: minBorrowAmount,
             collateralCount: collateralCount,
-            sourceFeeAmount: sourceFeeAmount,
             beneficiary: beneficiary,
-            caller: _msgSender()
+            prepaidFeePercent: prepaidFeePercent,
+            holder: holder
         });
-
-        return (loanId, loan);
     }
 
     /// @notice Liquidates loans that have exceeded the 10-year liquidation duration.
@@ -837,7 +760,9 @@ contract REVLoans is ERC721, ERC2771Context, JBPermissioned, Ownable, IREVLoans
 
         // Make a new loan with the leftover collateral from reallocating.
         // The loan owner is the holder for the new loan (their tokens are used as collateral).
-        (newLoanId, newLoan) = borrowFrom({
+        // Uses _borrowFrom to skip the OPEN_LOAN permission check — the caller already proved REALLOCATE_LOAN
+        // permission above, and requiring OPEN_LOAN here would block operators with only REALLOCATE_LOAN.
+        (newLoanId, newLoan) = _borrowFrom({
             revnetId: revnetId,
             source: source,
             minBorrowAmount: minBorrowAmount,
@@ -1225,6 +1150,127 @@ contract REVLoans is ERC721, ERC2771Context, JBPermissioned, Ownable, IREVLoans
         return 0;
     }
 
+    /// @notice Clears any token allowance granted by `_beforeTransferTo`.
+    /// @param to The address that was granted the allowance.
+    /// @param token The token whose allowance should be cleared.
+    function _afterTransferTo(address to, address token) internal {
+        if (token == JBConstants.NATIVE_TOKEN) return;
+        IERC20(token).forceApprove({spender: to, value: 0});
+    }
+
+    /// @notice Internal implementation of loan creation, without the OPEN_LOAN permission check.
+    /// @dev Called by `borrowFrom` (after its own permission check) and by `reallocateCollateralFromLoan`
+    /// (which only requires REALLOCATE_LOAN permission).
+    /// @param revnetId The ID of the revnet being borrowed from.
+    /// @param source The source of the loan being borrowed.
+    /// @param minBorrowAmount The minimum amount being borrowed.
+    /// @param collateralCount The amount of tokens to use as collateral for the loan.
+    /// @param beneficiary The address that'll receive the borrowed funds and the tokens resulting from fee payments.
+    /// @param prepaidFeePercent The fee percent that will be charged upfront.
+    /// @param holder The address whose tokens are used as collateral and who receives the loan NFT.
+    /// @return loanId The ID of the loan created from borrowing.
+    /// @return loan The loan created from borrowing.
+    function _borrowFrom(
+        uint256 revnetId,
+        REVLoanSource calldata source,
+        uint256 minBorrowAmount,
+        uint256 collateralCount,
+        address payable beneficiary,
+        uint256 prepaidFeePercent,
+        address holder
+    )
+        internal
+        returns (uint256 loanId, REVLoan memory)
+    {
+        // A loan needs to have collateral.
+        if (collateralCount == 0) revert REVLoans_ZeroCollateralLoanIsInvalid();
+
+        // Make sure the source terminal is registered in the directory for this revnet.
+        if (!DIRECTORY.isTerminalOf({projectId: revnetId, terminal: IJBTerminal(address(source.terminal))})) {
+            revert REVLoans_InvalidTerminal(address(source.terminal), revnetId);
+        }
+
+        // Make sure the prepaid fee percent is between `MIN_PREPAID_FEE_PERCENT` and `MAX_PREPAID_FEE_PERCENT`. Meaning
+        // an 16 year loan can be paid upfront with a
+        // payment of 50% of the borrowed assets, the cheapest possible rate.
+        if (prepaidFeePercent < MIN_PREPAID_FEE_PERCENT || prepaidFeePercent > MAX_PREPAID_FEE_PERCENT) {
+            revert REVLoans_InvalidPrepaidFeePercent(
+                prepaidFeePercent, MIN_PREPAID_FEE_PERCENT, MAX_PREPAID_FEE_PERCENT
+            );
+        }
+
+        // Cache the current ruleset once — used by both _cashOutDelayOf and _borrowAmountFrom.
+        JBRuleset memory currentRuleset = _currentRulesetOf(revnetId);
+
+        // Enforce the cash out delay.
+        {
+            uint256 cashOutDelay = _cashOutDelayOf({revnetId: revnetId, currentRuleset: currentRuleset});
+            if (cashOutDelay > block.timestamp) {
+                revert REVLoans_CashOutDelayNotFinished(cashOutDelay, block.timestamp);
+            }
+        }
+
+        // Prevent the loan number from exceeding the ID namespace for this revnet.
+        if (totalLoansBorrowedFor[revnetId] >= _ONE_TRILLION) revert REVLoans_LoanIdOverflow();
+
+        // Get a reference to the loan ID.
+        loanId = _generateLoanId({revnetId: revnetId, loanNumber: ++totalLoansBorrowedFor[revnetId]});
+
+        // Get a reference to the loan being created.
+        REVLoan storage loan = _loanOf[loanId];
+
+        // Set the loan's values.
+        loan.source = source;
+        loan.createdAt = uint48(block.timestamp);
+        // forge-lint: disable-next-line(unsafe-typecast)
+        loan.prepaidFeePercent = uint16(prepaidFeePercent);
+        loan.prepaidDuration =
+            uint32(mulDiv({x: prepaidFeePercent, y: LOAN_LIQUIDATION_DURATION, denominator: MAX_PREPAID_FEE_PERCENT}));
+
+        // Get the amount of the loan, using the cached ruleset.
+        uint256 borrowAmount = _borrowAmountFrom({
+            loan: loan, revnetId: revnetId, collateralCount: collateralCount, currentRuleset: currentRuleset
+        });
+
+        // Revert if the bonding curve returns zero to prevent creating zero-amount loans.
+        if (borrowAmount == 0) revert REVLoans_ZeroBorrowAmount();
+
+        // Make sure the minimum borrow amount is met.
+        if (borrowAmount < minBorrowAmount) revert REVLoans_UnderMinBorrowAmount(minBorrowAmount, borrowAmount);
+
+        // Get the amount of additional fee to take for the revnet issuing the loan.
+        // Fee rounding may leave a few wei of dust — economically insignificant relative to gas costs.
+        uint256 sourceFeeAmount = JBFees.feeAmountFrom({amountBeforeFee: borrowAmount, feePercent: prepaidFeePercent});
+
+        // Borrow the amount.
+        _adjust({
+            loan: loan,
+            revnetId: revnetId,
+            newBorrowAmount: borrowAmount,
+            newCollateralCount: collateralCount,
+            sourceFeeAmount: sourceFeeAmount,
+            beneficiary: beneficiary,
+            holder: holder
+        });
+
+        // Mint the loan NFT to the holder.
+        _mint({to: holder, tokenId: loanId});
+
+        emit Borrow({
+            loanId: loanId,
+            revnetId: revnetId,
+            loan: loan,
+            source: source,
+            borrowAmount: borrowAmount,
+            collateralCount: collateralCount,
+            sourceFeeAmount: sourceFeeAmount,
+            beneficiary: beneficiary,
+            caller: _msgSender()
+        });
+
+        return (loanId, loan);
+    }
+
     /// @notice Reallocates collateral from a loan by making a new loan based on the original, with reduced collateral.
     /// @param loanId The ID of the loan to reallocate collateral from.
     /// @param revnetId The ID of the revnet the loan is from.
@@ -1334,6 +1380,8 @@ contract REVLoans is ERC721, ERC2771Context, JBPermissioned, Ownable, IREVLoans
             memo: "",
             metadata: bytes(abi.encodePacked(REV_ID))
         });
+
+        _afterTransferTo({to: address(loan.source.terminal), token: loan.source.token});
     }
 
     /// @notice Pays down a loan.
@@ -1532,6 +1580,7 @@ contract REVLoans is ERC721, ERC2771Context, JBPermissioned, Ownable, IREVLoans
             metadata: bytes(abi.encodePacked(metadataProjectId))
         }) {
             success = true;
+            _afterTransferTo({to: address(terminal), token: token});
         } catch (bytes memory) {
             if (token != JBConstants.NATIVE_TOKEN) {
                 IERC20(token).safeDecreaseAllowance({spender: address(terminal), requestedDecrease: amount});

package/src/REVOwner.sol

@@ -16,6 +16,7 @@ import {JBCashOutHookSpecification} from "@bananapus/core-v6/src/structs/JBCashO
 import {JBPayHookSpecification} from "@bananapus/core-v6/src/structs/JBPayHookSpecification.sol";
 import {JBRuleset} from "@bananapus/core-v6/src/structs/JBRuleset.sol";
 import {IJBSuckerRegistry} from "@bananapus/suckers-v6/src/interfaces/IJBSuckerRegistry.sol";
+import {IERC165} from "@openzeppelin/contracts/utils/introspection/IERC165.sol";
 import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
 import {SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
 import {mulDiv} from "@prb/math/src/Common.sol";
@@ -177,7 +178,7 @@ contract REVOwner is IJBRulesetDataHook, IJBCashOutHook {
             + SUCKER_REGISTRY.remoteSurplusOf({
                 projectId: context.projectId,
                 decimals: context.surplus.decimals,
-                currency: uint256(uint160(context.surplus.token))
+                currency: uint256(context.surplus.currency)
             });
 
         // If there's no cash out tax (100% cash out tax rate), if there's no fee terminal, or if the beneficiary is
@@ -396,8 +397,8 @@ contract REVOwner is IJBRulesetDataHook, IJBCashOutHook {
             if (context.forwardedAmount.token != JBConstants.NATIVE_TOKEN) {
                 IERC20(context.forwardedAmount.token)
                     .safeDecreaseAllowance({
-                        spender: address(feeTerminal), requestedDecrease: context.forwardedAmount.value
-                    });
+                    spender: address(feeTerminal), requestedDecrease: context.forwardedAmount.value
+                });
             }
 
             // If the fee can't be processed, return the funds to the project.
@@ -458,7 +459,8 @@ contract REVOwner is IJBRulesetDataHook, IJBCashOutHook {
     /// @dev See `IERC165.supportsInterface`.
     /// @return A flag indicating if the provided interface ID is supported.
     function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
-        return interfaceId == type(IJBRulesetDataHook).interfaceId || interfaceId == type(IJBCashOutHook).interfaceId;
+        return interfaceId == type(IERC165).interfaceId || interfaceId == type(IJBRulesetDataHook).interfaceId
+            || interfaceId == type(IJBCashOutHook).interfaceId;
     }
 
     //*********************************************************************//

package/test/REV.integrations.t.sol

@@ -531,25 +531,25 @@ contract REVnet_Integrations is TestBaseWorkflow {
         // The loans contract should have USE_ALLOWANCE permission for any revnet via the wildcard grant.
         bool hasPermission = jbPermissions()
             .hasPermission({
-                operator: address(REV_DEPLOYER.LOANS()),
-                account: address(REV_DEPLOYER),
-                projectId: REVNET_ID,
-                permissionId: JBPermissionIds.USE_ALLOWANCE,
-                includeRoot: false,
-                includeWildcardProjectId: true
-            });
+            operator: address(REV_DEPLOYER.LOANS()),
+            account: address(REV_DEPLOYER),
+            projectId: REVNET_ID,
+            permissionId: JBPermissionIds.USE_ALLOWANCE,
+            includeRoot: false,
+            includeWildcardProjectId: true
+        });
         assertTrue(hasPermission, "LOANS should have USE_ALLOWANCE for deployed revnet");
 
         // Also holds for a revnet that doesn't exist yet — the wildcard covers all projects.
         bool hasPermissionForFuture = jbPermissions()
             .hasPermission({
-                operator: address(REV_DEPLOYER.LOANS()),
-                account: address(REV_DEPLOYER),
-                projectId: 999,
-                permissionId: JBPermissionIds.USE_ALLOWANCE,
-                includeRoot: false,
-                includeWildcardProjectId: true
-            });
+            operator: address(REV_DEPLOYER.LOANS()),
+            account: address(REV_DEPLOYER),
+            projectId: 999,
+            permissionId: JBPermissionIds.USE_ALLOWANCE,
+            includeRoot: false,
+            includeWildcardProjectId: true
+        });
         assertTrue(hasPermissionForFuture, "LOANS should have USE_ALLOWANCE for any project via wildcard");
     }
 

package/test/REVInvincibility.t.sol

@@ -692,14 +692,14 @@ contract REVInvincibility_PropertyTests is TestBaseWorkflow {
         vm.prank(USER);
         try jbMultiTerminal()
             .cashOutTokensOf({
-                holder: USER,
-                projectId: REVNET_ID,
-                cashOutCount: tokens,
-                tokenToReclaim: JBConstants.NATIVE_TOKEN,
-                minTokensReclaimed: 0,
-                beneficiary: payable(USER),
-                metadata: ""
-            }) returns (
+            holder: USER,
+            projectId: REVNET_ID,
+            cashOutCount: tokens,
+            tokenToReclaim: JBConstants.NATIVE_TOKEN,
+            minTokensReclaimed: 0,
+            beneficiary: payable(USER),
+            metadata: ""
+        }) returns (
             uint256 reclaimAmount
         ) {
             // The reclaim amount should be bounded by the bonding curve
@@ -944,14 +944,14 @@ contract REVInvincibility_PropertyTests is TestBaseWorkflow {
         vm.prank(USER);
         try jbMultiTerminal()
             .cashOutTokensOf({
-                holder: USER,
-                projectId: REVNET_ID,
-                cashOutCount: tokens / 2,
-                tokenToReclaim: JBConstants.NATIVE_TOKEN,
-                minTokensReclaimed: 0,
-                beneficiary: payable(USER),
-                metadata: ""
-            }) returns (
+            holder: USER,
+            projectId: REVNET_ID,
+            cashOutCount: tokens / 2,
+            tokenToReclaim: JBConstants.NATIVE_TOKEN,
+            minTokensReclaimed: 0,
+            beneficiary: payable(USER),
+            metadata: ""
+        }) returns (
             uint256 reclaimAmount
         ) {
             // The double fee means the fee project gets more than expected

package/test/REVLifecycle.t.sol

@@ -265,14 +265,14 @@ contract REVLifecycle_Local is TestBaseWorkflow {
         vm.prank(USER1);
         uint256 reclaimed = jbMultiTerminal()
             .cashOutTokensOf({
-                holder: USER1,
-                projectId: REVNET_ID,
-                cashOutCount: cashOutAmount,
-                tokenToReclaim: JBConstants.NATIVE_TOKEN,
-                minTokensReclaimed: 0,
-                beneficiary: payable(USER1),
-                metadata: ""
-            });
+            holder: USER1,
+            projectId: REVNET_ID,
+            cashOutCount: cashOutAmount,
+            tokenToReclaim: JBConstants.NATIVE_TOKEN,
+            minTokensReclaimed: 0,
+            beneficiary: payable(USER1),
+            metadata: ""
+        });
         assertGt(reclaimed, 0, "should reclaim some ETH");
 
         // Total supply should decrease after cash out
@@ -311,14 +311,14 @@ contract REVLifecycle_Local is TestBaseWorkflow {
         vm.prank(USER1);
         uint256 reclaimedStage0 = jbMultiTerminal()
             .cashOutTokensOf({
-                holder: USER1,
-                projectId: REVNET_ID,
-                cashOutCount: halfTokens,
-                tokenToReclaim: JBConstants.NATIVE_TOKEN,
-                minTokensReclaimed: 0,
-                beneficiary: payable(USER1),
-                metadata: ""
-            });
+            holder: USER1,
+            projectId: REVNET_ID,
+            cashOutCount: halfTokens,
+            tokenToReclaim: JBConstants.NATIVE_TOKEN,
+            minTokensReclaimed: 0,
+            beneficiary: payable(USER1),
+            metadata: ""
+        });
         assertGt(reclaimedStage0, 0, "should reclaim in stage 0");
 
         // Cash out tax with 50% rate means you get less than proportional share
@@ -344,14 +344,14 @@ contract REVLifecycle_Local is TestBaseWorkflow {
         vm.prank(USER1);
         uint256 reclaimed = jbMultiTerminal()
             .cashOutTokensOf({
-                holder: USER1,
-                projectId: REVNET_ID,
-                cashOutCount: tokens,
-                tokenToReclaim: JBConstants.NATIVE_TOKEN,
-                minTokensReclaimed: 0,
-                beneficiary: payable(USER1),
-                metadata: ""
-            });
+            holder: USER1,
+            projectId: REVNET_ID,
+            cashOutCount: tokens,
+            tokenToReclaim: JBConstants.NATIVE_TOKEN,
+            minTokensReclaimed: 0,
+            beneficiary: payable(USER1),
+            metadata: ""
+        });
 
         // With 50% cash out tax and single holder, reclaiming full supply
         // should return less than full amount (due to tax)
@@ -386,14 +386,14 @@ contract REVLifecycle_Local is TestBaseWorkflow {
         vm.prank(USER1);
         uint256 reclaimed1 = jbMultiTerminal()
             .cashOutTokensOf({
-                holder: USER1,
-                projectId: REVNET_ID,
-                cashOutCount: tokens1,
-                tokenToReclaim: JBConstants.NATIVE_TOKEN,
-                minTokensReclaimed: 0,
-                beneficiary: payable(USER1),
-                metadata: ""
-            });
+            holder: USER1,
+            projectId: REVNET_ID,
+            cashOutCount: tokens1,
+            tokenToReclaim: JBConstants.NATIVE_TOKEN,
+            minTokensReclaimed: 0,
+            beneficiary: payable(USER1),
+            metadata: ""
+        });
 
         // Should reclaim proportional share (minus tax)
         assertGt(reclaimed1, 0, "user1 should reclaim some ETH");