npm - @rev-net/core-v6 - Versions diffs - 0.0.36 → 0.0.39 - Mend

@rev-net/core-v6 0.0.36 → 0.0.39

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (101) hide show

package/CHANGELOG.md +2 -2
package/README.md +6 -7
package/foundry.toml +1 -1
package/package.json +23 -16
package/references/operations.md +1 -1
package/references/runtime.md +1 -1
package/script/Deploy.s.sol +12 -9
package/src/REVDeployer.sol +60 -65
package/src/REVHiddenTokens.sol +2 -2
package/src/REVLoans.sol +134 -90
package/src/REVOwner.sol +124 -17
package/src/interfaces/IREVDeployer.sol +2 -1
package/src/interfaces/IREVHiddenTokens.sol +4 -1
package/src/interfaces/IREVOwner.sol +5 -0
package/ADMINISTRATION.md +0 -73
package/ARCHITECTURE.md +0 -116
package/AUDIT_INSTRUCTIONS.md +0 -90
package/RISKS.md +0 -97
package/SKILLS.md +0 -46
package/STYLE_GUIDE.md +0 -610
package/USER_JOURNEYS.md +0 -195
package/foundry.lock +0 -11
package/slither-ci.config.json +0 -10
package/sphinx.lock +0 -507
package/test/REV.integrations.t.sol +0 -573
package/test/REVAutoIssuanceFuzz.t.sol +0 -328
package/test/REVDeployerRegressions.t.sol +0 -396
package/test/REVInvincibility.t.sol +0 -1371
package/test/REVInvincibilityHandler.sol +0 -387
package/test/REVLifecycle.t.sol +0 -420
package/test/REVLoans.invariants.t.sol +0 -724
package/test/REVLoansAttacks.t.sol +0 -816
package/test/REVLoansFeeRecovery.t.sol +0 -783
package/test/REVLoansFindings.t.sol +0 -711
package/test/REVLoansRegressions.t.sol +0 -364
package/test/REVLoansSourceFeeRecovery.t.sol +0 -517
package/test/REVLoansSourced.t.sol +0 -1839
package/test/REVLoansUnSourced.t.sol +0 -409
package/test/TestAuditFixVerification.t.sol +0 -675
package/test/TestBurnHeldTokens.t.sol +0 -394
package/test/TestCEIPattern.t.sol +0 -508
package/test/TestCashOutCallerValidation.t.sol +0 -452
package/test/TestConversionDocumentation.t.sol +0 -368
package/test/TestCrossCurrencyReclaim.t.sol +0 -610
package/test/TestCrossSourceReallocation.t.sol +0 -361
package/test/TestERC2771MetaTx.t.sol +0 -585
package/test/TestEmptyBuybackSpecs.t.sol +0 -300
package/test/TestFlashLoanSurplus.t.sol +0 -365
package/test/TestHiddenTokens.t.sol +0 -474
package/test/TestHookArrayOOB.t.sol +0 -278
package/test/TestLiquidationBehavior.t.sol +0 -398
package/test/TestLoanSourceRotation.t.sol +0 -553
package/test/TestLoansCashOutDelay.t.sol +0 -493
package/test/TestLongTailEconomics.t.sol +0 -677
package/test/TestLowFindings.t.sol +0 -677
package/test/TestMixedFixes.t.sol +0 -593
package/test/TestPermit2Signatures.t.sol +0 -683
package/test/TestReallocationSandwich.t.sol +0 -412
package/test/TestRevnetRegressions.t.sol +0 -350
package/test/TestSplitWeightAdjustment.t.sol +0 -527
package/test/TestSplitWeightE2E.t.sol +0 -605
package/test/TestSplitWeightFork.t.sol +0 -855
package/test/TestStageTransitionBorrowable.t.sol +0 -301
package/test/TestSwapTerminalPermission.t.sol +0 -262
package/test/TestTerminalEncodingInHash.t.sol +0 -326
package/test/TestUint112Overflow.t.sol +0 -311
package/test/TestZeroAmountLoanGuard.t.sol +0 -378
package/test/TestZeroRepayment.t.sol +0 -354
package/test/audit/CodexCrossChainBuybackRouteMismatch.t.sol +0 -184
package/test/audit/CodexPhantomSurplusTerminal.t.sol +0 -367
package/test/audit/CodexREVOwnerRemoteSurplusCurrencyMismatch.t.sol +0 -142
package/test/audit/LoanIdOverflowGuard.t.sol +0 -523
package/test/audit/NemesisOperatorDelegation.t.sol +0 -356
package/test/audit/SupportsInterfaceTest.t.sol +0 -51
package/test/audit/TestFeeAllowanceLeak.t.sol +0 -197
package/test/audit/TestLoansAndDeployerFixes.t.sol +0 -576
package/test/fork/ForkTestBase.sol +0 -727
package/test/fork/TestAutoIssuanceFork.t.sol +0 -148
package/test/fork/TestCashOutFork.t.sol +0 -253
package/test/fork/TestIssuanceDecayFork.t.sol +0 -158
package/test/fork/TestLoanBorrowFork.t.sol +0 -163
package/test/fork/TestLoanCrossRulesetFork.t.sol +0 -308
package/test/fork/TestLoanERC20Fork.t.sol +0 -465
package/test/fork/TestLoanLiquidationFork.t.sol +0 -135
package/test/fork/TestLoanReallocateFork.t.sol +0 -113
package/test/fork/TestLoanRepayFork.t.sol +0 -188
package/test/fork/TestLoanTransferFork.t.sol +0 -143
package/test/fork/TestPermit2PaymentFork.t.sol +0 -300
package/test/fork/TestSplitWeightFork.t.sol +0 -189
package/test/helpers/MaliciousContracts.sol +0 -247
package/test/helpers/REVEmpty721Config.sol +0 -45
package/test/mock/MockBuybackCashOutRecorder.sol +0 -84
package/test/mock/MockBuybackDataHook.sol +0 -112
package/test/mock/MockBuybackDataHookMintPath.sol +0 -68
package/test/mock/MockSuckerRegistry.sol +0 -17
package/test/regression/TestBurnPermissionRequired.t.sol +0 -294
package/test/regression/TestCashOutBuybackFeeLeak.t.sol +0 -232
package/test/regression/TestCrossRevnetLiquidation.t.sol +0 -255
package/test/regression/TestCumulativeLoanCounter.t.sol +0 -361
package/test/regression/TestLiquidateGapHandling.t.sol +0 -394
package/test/regression/TestZeroPriceFeed.t.sol +0 -422

package/test/audit/NemesisOperatorDelegation.t.sol DELETED Viewed

@@ -1,356 +0,0 @@
-// SPDX-License-Identifier: MIT
-pragma solidity 0.8.28;
-import "forge-std/Test.sol";
-import "@bananapus/core-v6/test/helpers/TestBaseWorkflow.sol";
-import "@bananapus/core-v6/script/helpers/CoreDeploymentLib.sol";
-import "@bananapus/721-hook-v6/script/helpers/Hook721DeploymentLib.sol";
-import "@bananapus/suckers-v6/script/helpers/SuckerDeploymentLib.sol";
-import "@croptop/core-v6/script/helpers/CroptopDeploymentLib.sol";
-import "@bananapus/router-terminal-v6/script/helpers/RouterTerminalDeploymentLib.sol";
-import "@croptop/core-v6/src/CTPublisher.sol";
-import "@bananapus/suckers-v6/src/JBSuckerRegistry.sol";
-import "@bananapus/721-hook-v6/src/JB721TiersHook.sol";
-import "@bananapus/721-hook-v6/src/JB721TiersHookDeployer.sol";
-import "@bananapus/721-hook-v6/src/JB721TiersHookStore.sol";
-import "@bananapus/721-hook-v6/src/JB721CheckpointsDeployer.sol";
-import {IJB721CheckpointsDeployer} from "@bananapus/721-hook-v6/src/interfaces/IJB721CheckpointsDeployer.sol";
-import "@bananapus/address-registry-v6/src/JBAddressRegistry.sol";
-import "@bananapus/address-registry-v6/src/interfaces/IJBAddressRegistry.sol";
-import "@bananapus/buyback-hook-v6/src/interfaces/IJBBuybackHookRegistry.sol";
-import "@bananapus/core-v6/src/libraries/JBConstants.sol";
-import "@bananapus/permission-ids-v6/src/JBPermissionIds.sol";
-import "@bananapus/core-v6/src/structs/JBAccountingContext.sol";
-import "@bananapus/core-v6/src/structs/JBPermissionsData.sol";
-import "@bananapus/core-v6/src/structs/JBTerminalConfig.sol";
-import "@bananapus/core-v6/src/structs/JBSplit.sol";
-import "@bananapus/suckers-v6/src/structs/JBSuckerDeployerConfig.sol";
-import {MockBuybackDataHook} from "../mock/MockBuybackDataHook.sol";
-import {REVEmpty721Config} from "../helpers/REVEmpty721Config.sol";
-import {REVDeployer} from "../../src/REVDeployer.sol";
-import {REVHiddenTokens} from "../../src/REVHiddenTokens.sol";
-import {REVLoans} from "../../src/REVLoans.sol";
-import {REVOwner} from "../../src/REVOwner.sol";
-import {IREVLoans} from "../../src/interfaces/IREVLoans.sol";
-import {IREVHiddenTokens} from "../../src/interfaces/IREVHiddenTokens.sol";
-import {REVConfig} from "../../src/structs/REVConfig.sol";
-import {REVDescription} from "../../src/structs/REVDescription.sol";
-import {REVLoanSource} from "../../src/structs/REVLoanSource.sol";
-import {REVStageConfig} from "../../src/structs/REVStageConfig.sol";
-import {REVAutoIssuance} from "../../src/structs/REVAutoIssuance.sol";
-import {REVSuckerDeploymentConfig} from "../../src/structs/REVSuckerDeploymentConfig.sol";
-import {IREVDeployer} from "../../src/interfaces/IREVDeployer.sol";
-import {MockSuckerRegistry} from "../mock/MockSuckerRegistry.sol";
-contract NemesisOperatorDelegationTest is TestBaseWorkflow {
-    bytes32 internal constant REV_DEPLOYER_SALT = "REVDeployer";
-    bytes32 internal constant ERC20_SALT = "REV_TOKEN";
-    address internal constant TRUSTED_FORWARDER = 0xB2b5841DBeF766d4b521221732F9B618fCf34A87;
-    address internal USER = makeAddr("user");
-    address internal OPERATOR = makeAddr("operator");
-    REVDeployer internal REV_DEPLOYER;
-    REVOwner internal REV_OWNER;
-    REVHiddenTokens internal HIDDEN_TOKENS;
-    REVLoans internal LOANS;
-    JB721TiersHook internal EXAMPLE_HOOK;
-    IJB721TiersHookDeployer internal HOOK_DEPLOYER;
-    IJB721TiersHookStore internal HOOK_STORE;
-    IJBAddressRegistry internal ADDRESS_REGISTRY;
-    IJBSuckerRegistry internal SUCKER_REGISTRY;
-    CTPublisher internal PUBLISHER;
-    MockBuybackDataHook internal MOCK_BUYBACK;
-    uint256 internal FEE_PROJECT_ID;
-    uint256 internal REVNET_ID;
-    function setUp() public override {
-        super.setUp();
-        FEE_PROJECT_ID = jbProjects().createFor(multisig());
-        SUCKER_REGISTRY = new JBSuckerRegistry(jbDirectory(), jbPermissions(), multisig(), address(0));
-        HOOK_STORE = new JB721TiersHookStore();
-        EXAMPLE_HOOK = new JB721TiersHook(
-            jbDirectory(),
-            jbPermissions(),
-            jbPrices(),
-            jbRulesets(),
-            HOOK_STORE,
-            jbSplits(),
-            IJB721CheckpointsDeployer(address(new JB721CheckpointsDeployer())),
-            multisig()
-        );
-        ADDRESS_REGISTRY = new JBAddressRegistry();
-        HOOK_DEPLOYER = new JB721TiersHookDeployer(EXAMPLE_HOOK, HOOK_STORE, ADDRESS_REGISTRY, multisig());
-        PUBLISHER = new CTPublisher(jbDirectory(), jbPermissions(), FEE_PROJECT_ID, multisig());
-        MOCK_BUYBACK = new MockBuybackDataHook();
-        LOANS = new REVLoans({
-            controller: jbController(),
-            suckerRegistry: IJBSuckerRegistry(address(new MockSuckerRegistry())),
-            revId: FEE_PROJECT_ID,
-            owner: address(this),
-            permit2: permit2(),
-            trustedForwarder: TRUSTED_FORWARDER
-        });
-        HIDDEN_TOKENS = new REVHiddenTokens(jbController(), TRUSTED_FORWARDER);
-        REV_OWNER = new REVOwner(
-            IJBBuybackHookRegistry(address(MOCK_BUYBACK)),
-            jbDirectory(),
-            FEE_PROJECT_ID,
-            SUCKER_REGISTRY,
-            address(LOANS),
-            address(HIDDEN_TOKENS)
-        );
-        REV_DEPLOYER = new REVDeployer{salt: REV_DEPLOYER_SALT}(
-            jbController(),
-            SUCKER_REGISTRY,
-            FEE_PROJECT_ID,
-            HOOK_DEPLOYER,
-            PUBLISHER,
-            IJBBuybackHookRegistry(address(MOCK_BUYBACK)),
-            address(LOANS),
-            TRUSTED_FORWARDER,
-            address(REV_OWNER)
-        );
-        REV_OWNER.setDeployer(IREVDeployer(REV_DEPLOYER));
-        vm.prank(multisig());
-        jbProjects().approve(address(REV_DEPLOYER), FEE_PROJECT_ID);
-        _deployFeeProject();
-        REVNET_ID = _deployRevnet();
-        vm.deal(USER, 100e18);
-    }
-    function test_openLoanOperatorCanRedirectBorrowedFunds() public {
-        uint256 userTokens = _payUserIntoRevnet(10e18);
-        _grantPermission(USER, REVNET_ID, address(LOANS), JBPermissionIds.BURN_TOKENS);
-        _grantPermission(USER, REVNET_ID, OPERATOR, JBPermissionIds.OPEN_LOAN);
-        REVLoanSource memory source = REVLoanSource({token: JBConstants.NATIVE_TOKEN, terminal: jbMultiTerminal()});
-        uint256 operatorBalanceBefore = OPERATOR.balance;
-        vm.prank(OPERATOR);
-        (uint256 loanId,) = LOANS.borrowFrom(REVNET_ID, source, 0, userTokens / 2, payable(OPERATOR), 25, USER);
-        assertEq(LOANS.ownerOf(loanId), USER, "loan NFT stays with the holder");
-        assertGt(OPERATOR.balance, operatorBalanceBefore, "operator receives the borrowed funds");
-        assertLt(
-            jbController().TOKENS().totalBalanceOf(USER, REVNET_ID),
-            userTokens,
-            "holder lost collateral even though proceeds were redirected"
-        );
-    }
-    function test_hiddenTokensOperatorCanAllowHolderToHideOwnTokens() public {
-        uint256 userTokens = _payUserIntoRevnet(10e18);
-        uint256 hiddenCount = userTokens / 2;
-        _grantPermission(USER, REVNET_ID, address(HIDDEN_TOKENS), JBPermissionIds.BURN_TOKENS);
-        _allowHolderToHide(USER);
-        vm.prank(USER);
-        HIDDEN_TOKENS.hideTokensOf(REVNET_ID, hiddenCount, USER);
-        vm.prank(USER);
-        HIDDEN_TOKENS.revealTokensOf(REVNET_ID, hiddenCount, USER);
-        assertEq(HIDDEN_TOKENS.hiddenBalanceOf(USER, REVNET_ID), 0, "holder hidden balance was consumed");
-        assertEq(
-            jbController().TOKENS().totalBalanceOf(USER, REVNET_ID),
-            userTokens,
-            "holder gets their own revealed tokens back"
-        );
-    }
-    function test_hiddenTokensPermissionedOperatorCanHideOwnTokens() public {
-        vm.deal(OPERATOR, 10e18);
-        vm.prank(OPERATOR);
-        uint256 operatorTokens = jbMultiTerminal().pay{value: 10e18}({
-            projectId: REVNET_ID,
-            token: JBConstants.NATIVE_TOKEN,
-            amount: 10e18,
-            beneficiary: OPERATOR,
-            minReturnedTokens: 0,
-            memo: "",
-            metadata: ""
-        });
-        uint256 hiddenCount = operatorTokens / 2;
-        _grantPermission(OPERATOR, REVNET_ID, address(HIDDEN_TOKENS), JBPermissionIds.BURN_TOKENS);
-        _grantOperatorHidePermission(OPERATOR);
-        vm.prank(OPERATOR);
-        HIDDEN_TOKENS.hideTokensOf(REVNET_ID, hiddenCount, OPERATOR);
-        assertEq(HIDDEN_TOKENS.hiddenBalanceOf(OPERATOR, REVNET_ID), hiddenCount, "operator hidden balance was updated");
-        assertEq(
-            jbController().TOKENS().totalBalanceOf(OPERATOR, REVNET_ID),
-            operatorTokens - hiddenCount,
-            "operator's visible balance was reduced"
-        );
-    }
-    function test_hiddenTokensDelegateCannotHideAnotherHoldersTokens() public {
-        uint256 userTokens = _payUserIntoRevnet(10e18);
-        _grantPermission(USER, REVNET_ID, address(HIDDEN_TOKENS), JBPermissionIds.BURN_TOKENS);
-        _allowHolderToHide(USER);
-        vm.prank(OPERATOR);
-        vm.expectRevert(
-            abi.encodeWithSelector(REVHiddenTokens.REVHiddenTokens_Unauthorized.selector, REVNET_ID, OPERATOR)
-        );
-        HIDDEN_TOKENS.hideTokensOf(REVNET_ID, userTokens / 2, USER);
-    }
-    function test_hiddenTokensOperatorCanDisallowHolder() public {
-        uint256 userTokens = _payUserIntoRevnet(10e18);
-        _grantPermission(USER, REVNET_ID, address(HIDDEN_TOKENS), JBPermissionIds.BURN_TOKENS);
-        _allowHolderToHide(USER);
-        vm.prank(address(REV_DEPLOYER));
-        HIDDEN_TOKENS.setTokenHidingAllowedFor(REVNET_ID, USER, false);
-        vm.prank(USER);
-        vm.expectRevert(abi.encodeWithSelector(REVHiddenTokens.REVHiddenTokens_Unauthorized.selector, REVNET_ID, USER));
-        HIDDEN_TOKENS.hideTokensOf(REVNET_ID, userTokens / 2, USER);
-    }
-    function _grantPermission(address account, uint256 revnetId, address operator, uint8 permissionId) internal {
-        uint8[] memory permissionIds = new uint8[](1);
-        permissionIds[0] = permissionId;
-        vm.prank(account);
-        jbPermissions()
-            .setPermissionsFor(
-                account,
-                JBPermissionsData({operator: operator, projectId: uint56(revnetId), permissionIds: permissionIds})
-            );
-    }
-    function _payUserIntoRevnet(uint256 amount) internal returns (uint256 tokenCount) {
-        vm.prank(USER);
-        tokenCount = jbMultiTerminal().pay{value: amount}({
-            projectId: REVNET_ID,
-            token: JBConstants.NATIVE_TOKEN,
-            amount: amount,
-            beneficiary: USER,
-            minReturnedTokens: 0,
-            memo: "",
-            metadata: ""
-        });
-        assertGt(tokenCount, 0, "payment should mint revnet tokens");
-    }
-    function _allowHolderToHide(address holder) internal {
-        vm.prank(address(REV_DEPLOYER));
-        HIDDEN_TOKENS.setTokenHidingAllowedFor(REVNET_ID, holder, true);
-    }
-    function _grantOperatorHidePermission(address operator) internal {
-        uint8[] memory permissionIds = new uint8[](1);
-        permissionIds[0] = JBPermissionIds.HIDE_TOKENS;
-        vm.prank(address(REV_DEPLOYER));
-        jbPermissions()
-            .setPermissionsFor(
-                address(REV_DEPLOYER),
-                JBPermissionsData({operator: operator, projectId: uint56(REVNET_ID), permissionIds: permissionIds})
-            );
-    }
-    function _deployFeeProject() internal {
-        JBAccountingContext[] memory acc = new JBAccountingContext[](1);
-        acc[0] = JBAccountingContext({
-            token: JBConstants.NATIVE_TOKEN, decimals: 18, currency: uint32(uint160(JBConstants.NATIVE_TOKEN))
-        });
-        JBTerminalConfig[] memory tc = new JBTerminalConfig[](1);
-        tc[0] = JBTerminalConfig({terminal: jbMultiTerminal(), accountingContextsToAccept: acc});
-        REVStageConfig[] memory stages = new REVStageConfig[](1);
-        stages[0] = REVStageConfig({
-            startsAtOrAfter: uint40(block.timestamp),
-            autoIssuances: new REVAutoIssuance[](0),
-            splitPercent: 0,
-            splits: new JBSplit[](0),
-            initialIssuance: uint112(1000e18),
-            issuanceCutFrequency: 0,
-            issuanceCutPercent: 0,
-            cashOutTaxRate: 0,
-            extraMetadata: 0
-        });
-        REVConfig memory feeConfig = REVConfig({
-            description: REVDescription("Fee Revnet", "FEE", "", ERC20_SALT),
-            baseCurrency: uint32(uint160(JBConstants.NATIVE_TOKEN)),
-            splitOperator: multisig(),
-            stageConfigurations: stages
-        });
-        vm.prank(multisig());
-        REV_DEPLOYER.deployFor({
-            revnetId: FEE_PROJECT_ID,
-            configuration: feeConfig,
-            terminalConfigurations: tc,
-            suckerDeploymentConfiguration: REVSuckerDeploymentConfig({
-                deployerConfigurations: new JBSuckerDeployerConfig[](0), salt: keccak256("FEE")
-            }),
-            tiered721HookConfiguration: REVEmpty721Config.empty721Config(uint32(uint160(JBConstants.NATIVE_TOKEN))),
-            allowedPosts: REVEmpty721Config.emptyAllowedPosts()
-        });
-    }
-    function _deployRevnet() internal returns (uint256 revnetId) {
-        JBAccountingContext[] memory acc = new JBAccountingContext[](1);
-        acc[0] = JBAccountingContext({
-            token: JBConstants.NATIVE_TOKEN, decimals: 18, currency: uint32(uint160(JBConstants.NATIVE_TOKEN))
-        });
-        JBTerminalConfig[] memory tc = new JBTerminalConfig[](1);
-        tc[0] = JBTerminalConfig({terminal: jbMultiTerminal(), accountingContextsToAccept: acc});
-        REVStageConfig[] memory stages = new REVStageConfig[](1);
-        JBSplit[] memory splits = new JBSplit[](1);
-        splits[0].beneficiary = payable(multisig());
-        splits[0].percent = 10_000;
-        stages[0] = REVStageConfig({
-            startsAtOrAfter: uint40(block.timestamp),
-            autoIssuances: new REVAutoIssuance[](0),
-            splitPercent: 2000,
-            splits: splits,
-            initialIssuance: uint112(1000e18),
-            issuanceCutFrequency: 90 days,
-            issuanceCutPercent: JBConstants.MAX_WEIGHT_CUT_PERCENT / 2,
-            cashOutTaxRate: 6000,
-            extraMetadata: 0
-        });
-        REVConfig memory config = REVConfig({
-            description: REVDescription("Revnet", "REV", "", bytes32("REV_TOKEN_2")),
-            baseCurrency: uint32(uint160(JBConstants.NATIVE_TOKEN)),
-            splitOperator: multisig(),
-            stageConfigurations: stages
-        });
-        (revnetId,) = REV_DEPLOYER.deployFor({
-            revnetId: 0,
-            configuration: config,
-            terminalConfigurations: tc,
-            suckerDeploymentConfiguration: REVSuckerDeploymentConfig({
-                deployerConfigurations: new JBSuckerDeployerConfig[](0), salt: keccak256("REV")
-            }),
-            tiered721HookConfiguration: REVEmpty721Config.empty721Config(uint32(uint160(JBConstants.NATIVE_TOKEN))),
-            allowedPosts: REVEmpty721Config.emptyAllowedPosts()
-        });
-    }
-}

package/test/audit/SupportsInterfaceTest.t.sol DELETED Viewed

@@ -1,51 +0,0 @@
-// SPDX-License-Identifier: MIT
-pragma solidity 0.8.28;
-import {Test} from "forge-std/Test.sol";
-import {IJBBuybackHookRegistry} from "@bananapus/buyback-hook-v6/src/interfaces/IJBBuybackHookRegistry.sol";
-import {IJBCashOutHook} from "@bananapus/core-v6/src/interfaces/IJBCashOutHook.sol";
-import {IJBDirectory} from "@bananapus/core-v6/src/interfaces/IJBDirectory.sol";
-import {IJBRulesetDataHook} from "@bananapus/core-v6/src/interfaces/IJBRulesetDataHook.sol";
-import {IJBSuckerRegistry} from "@bananapus/suckers-v6/src/interfaces/IJBSuckerRegistry.sol";
-import {IERC165} from "@openzeppelin/contracts/utils/introspection/IERC165.sol";
-import {REVOwner} from "../../src/REVOwner.sol";
-/// @notice Regression test for missing IERC165 support: REVOwner.supportsInterface omits IERC165.
-contract AuditFixL17Test is Test {
-    REVOwner revOwner;
-    function setUp() public {
-        revOwner = new REVOwner(
-            IJBBuybackHookRegistry(makeAddr("buybackHook")),
-            IJBDirectory(makeAddr("directory")),
-            1, // feeRevnetId
-            IJBSuckerRegistry(makeAddr("suckerRegistry")),
-            makeAddr("loans"),
-            makeAddr("hiddenTokens")
-        );
-    }
-    /// @notice supportsInterface returns true for IERC165 (0x01ffc9a7).
-    function test_supportsInterface_IERC165() public view {
-        assertTrue(revOwner.supportsInterface(type(IERC165).interfaceId), "should support IERC165");
-        assertEq(type(IERC165).interfaceId, bytes4(0x01ffc9a7), "IERC165 interface ID should be 0x01ffc9a7");
-    }
-    /// @notice supportsInterface returns true for IJBRulesetDataHook.
-    function test_supportsInterface_IJBRulesetDataHook() public view {
-        assertTrue(
-            revOwner.supportsInterface(type(IJBRulesetDataHook).interfaceId), "should support IJBRulesetDataHook"
-        );
-    }
-    /// @notice supportsInterface returns true for IJBCashOutHook.
-    function test_supportsInterface_IJBCashOutHook() public view {
-        assertTrue(revOwner.supportsInterface(type(IJBCashOutHook).interfaceId), "should support IJBCashOutHook");
-    }
-    /// @notice supportsInterface returns false for an unsupported interface.
-    function test_supportsInterface_unsupported() public view {
-        assertFalse(revOwner.supportsInterface(bytes4(0xdeadbeef)), "should not support random interface");
-    }
-}

package/test/audit/TestFeeAllowanceLeak.t.sol DELETED Viewed

@@ -1,197 +0,0 @@
-// SPDX-License-Identifier: MIT
-pragma solidity 0.8.28;
-import {ERC165} from "@openzeppelin/contracts/utils/introspection/ERC165.sol";
-import {IERC165} from "@openzeppelin/contracts/utils/introspection/IERC165.sol";
-import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
-import {IJBDirectory} from "@bananapus/core-v6/src/interfaces/IJBDirectory.sol";
-import {IJBTerminal} from "@bananapus/core-v6/src/interfaces/IJBTerminal.sol";
-import {IJBPayoutTerminal} from "@bananapus/core-v6/src/interfaces/IJBPayoutTerminal.sol";
-import {JBAccountingContext} from "@bananapus/core-v6/src/structs/JBAccountingContext.sol";
-import {JBConstants} from "@bananapus/core-v6/src/libraries/JBConstants.sol";
-import {JBRuleset} from "@bananapus/core-v6/src/structs/JBRuleset.sol";
-import {JBPayHookSpecification} from "@bananapus/core-v6/src/structs/JBPayHookSpecification.sol";
-import {REVLoanSource} from "../../src/structs/REVLoanSource.sol";
-import {REVLoansFeeRecovery} from "../REVLoansFeeRecovery.t.sol";
-contract StickyAllowanceFeeTerminal is ERC165, IJBPayoutTerminal {
-    IERC20 public immutable token;
-    address public immutable loans;
-    address public thief;
-    uint256 public stealAmount;
-    constructor(IERC20 _token, address _loans) {
-        token = _token;
-        loans = _loans;
-    }
-    function configureSteal(address _thief, uint256 _stealAmount) external {
-        thief = _thief;
-        stealAmount = _stealAmount;
-    }
-    function pay(
-        uint256,
-        address,
-        uint256,
-        address,
-        uint256,
-        string calldata,
-        bytes calldata
-    )
-        external
-        payable
-        override
-        returns (uint256)
-    {
-        uint256 amount = stealAmount;
-        if (amount != 0) {
-            stealAmount = 0;
-            token.transferFrom(loans, thief, amount);
-        }
-        return 0;
-    }
-    function accountingContextForTokenOf(uint256, address) external view override returns (JBAccountingContext memory) {
-        return JBAccountingContext({token: address(token), decimals: 6, currency: uint32(uint160(address(token)))});
-    }
-    function accountingContextsOf(uint256) external pure override returns (JBAccountingContext[] memory) {
-        return new JBAccountingContext[](0);
-    }
-    function addAccountingContextsFor(uint256, JBAccountingContext[] calldata) external override {}
-    function addToBalanceOf(
-        uint256,
-        address,
-        uint256,
-        bool,
-        string calldata,
-        bytes calldata
-    )
-        external
-        payable
-        override
-    {}
-    function currentSurplusOf(uint256, address[] calldata, uint256, uint256) external pure override returns (uint256) {
-        return 0;
-    }
-    function migrateBalanceOf(uint256, address, IJBTerminal) external pure override returns (uint256) {
-        return 0;
-    }
-    function sendPayoutsOf(uint256, address, uint256, uint256, uint256) external pure override returns (uint256) {
-        return 0;
-    }
-    function useAllowanceOf(
-        uint256,
-        address,
-        uint256,
-        uint256,
-        uint256,
-        address payable,
-        address payable,
-        string calldata
-    )
-        external
-        pure
-        override
-        returns (uint256)
-    {
-        return 0;
-    }
-    function previewPayFor(
-        uint256,
-        address,
-        uint256,
-        address,
-        bytes calldata
-    )
-        external
-        pure
-        override
-        returns (JBRuleset memory, uint256, uint256, JBPayHookSpecification[] memory)
-    {
-        JBRuleset memory ruleset;
-        return (ruleset, 0, 0, new JBPayHookSpecification[](0));
-    }
-    function supportsInterface(bytes4 interfaceId) public view override(ERC165, IERC165) returns (bool) {
-        return interfaceId == type(IJBTerminal).interfaceId || interfaceId == type(IJBPayoutTerminal).interfaceId
-            || super.supportsInterface(interfaceId);
-    }
-}
-contract TestFeeAllowanceLeak is REVLoansFeeRecovery {
-    StickyAllowanceFeeTerminal internal stickyFeeTerminal;
-    address internal attacker = makeAddr("attacker");
-    function _stickyFeeTerminal() internal returns (StickyAllowanceFeeTerminal) {
-        if (address(stickyFeeTerminal) == address(0)) {
-            stickyFeeTerminal = new StickyAllowanceFeeTerminal(TOKEN, address(LOANS_CONTRACT));
-        }
-        return stickyFeeTerminal;
-    }
-    /// @notice Verifies that stale allowance is cleared — the original exploit no longer works.
-    /// @dev Previously, a sticky fee terminal could accumulate reusable allowance across borrows.
-    ///      After the fix (_afterTransferTo clears allowance on success), the allowance is zero.
-    function test_feeTerminalCannotHarvestStaleAllowanceAfterFix() public {
-        StickyAllowanceFeeTerminal terminal = _stickyFeeTerminal();
-        vm.mockCall(
-            address(jbDirectory()),
-            abi.encodeWithSelector(IJBDirectory.primaryTerminalOf.selector, FEE_PROJECT_ID, address(TOKEN)),
-            abi.encode(address(terminal))
-        );
-        REVLoanSource memory source = REVLoanSource({token: address(TOKEN), terminal: jbMultiTerminal()});
-        uint256 payAmount = 1_000_000;
-        deal(address(TOKEN), USER, payAmount * 2);
-        vm.startPrank(USER);
-        TOKEN.approve(address(jbMultiTerminal()), payAmount * 2);
-        uint256 firstTokenCount = jbMultiTerminal().pay(REVNET_ID, address(TOKEN), payAmount, USER, 0, "", "");
-        vm.stopPrank();
-        _mockLoanPermission(USER);
-        vm.prank(USER);
-        LOANS_CONTRACT.borrowFrom(REVNET_ID, source, 0, firstTokenCount, payable(USER), 25, USER);
-        // Allowance is now cleared after successful fee payment.
-        uint256 allowanceAfterBorrow = TOKEN.allowance(address(LOANS_CONTRACT), address(stickyFeeTerminal));
-        assertEq(allowanceAfterBorrow, 0, "no stale allowance after successful borrow");
-        // The uncollected fee is still parked in REVLoans (terminal didn't pull it),
-        // but there's no allowance for the terminal to steal it later.
-        uint256 loansBalance = TOKEN.balanceOf(address(LOANS_CONTRACT));
-        assertGt(loansBalance, 0, "uncollected fee is parked in REVLoans");
-        // Second borrow — terminal tries to steal but can't because allowance is 0.
-        vm.prank(USER);
-        uint256 secondTokenCount = jbMultiTerminal().pay(REVNET_ID, address(TOKEN), payAmount, USER, 0, "", "");
-        terminal.configureSteal(attacker, loansBalance);
-        _mockLoanPermission(USER);
-        vm.prank(USER);
-        LOANS_CONTRACT.borrowFrom(REVNET_ID, source, 0, secondTokenCount, payable(USER), 25, USER);
-        // The attacker gets nothing — the steal attempt fails silently (transferFrom reverts,
-        // caught by _tryPayFee's try-catch).
-        assertEq(TOKEN.balanceOf(attacker), 0, "attacker cannot drain stale allowance");
-        // And the current borrow also leaves zero allowance.
-        assertEq(
-            TOKEN.allowance(address(LOANS_CONTRACT), address(terminal)),
-            0,
-            "no fresh stale allowance after second borrow"
-        );
-    }
-}