@sentrix-labs/canonical-contracts 1.1.0

package/contracts/CoinBlastFactory.sol

@@ -0,0 +1,76 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity 0.8.24;
+
+import {CoinBlastCurve} from "./CoinBlastCurve.sol";
+
+/// @title CoinBlastFactory
+/// @author Sentrix Labs
+/// @notice Canonical deployer for CoinBlast bonding-curve launches.
+///         Wrapping CoinBlastCurve construction here means every
+///         launch fires a single CurveCreated event from a known
+///         contract, so any indexer / launchpad / explorer can scan
+///         this one address to enumerate every curve on chain.
+///         Without it, frontends would have to scrape per-curve
+///         bytecode signatures across every block — tractable but
+///         wasteful when one event source does the job.
+///
+/// @dev    The factory is a passthrough: createCurve() does
+///         `new CoinBlastCurve(p)` and emits + records. Each curve
+///         is its own contract; the factory holds no state for the
+///         curve's trading logic. Constructor bounds + reentrancy
+///         guards live on CoinBlastCurve as before.
+contract CoinBlastFactory {
+    /// @notice Every curve ever deployed through this factory, oldest first.
+    address[] public allCurves;
+    /// @dev    Curves grouped by msg.sender — i.e. the address that
+    ///         called createCurve, NOT the address that ends up owning
+    ///         the underlying ERC-20 supply (the curve itself owns it
+    ///         per CoinBlastCurve's design).
+    mapping(address => address[]) private _curvesOfOwner;
+
+    /// @notice Fires once per createCurve call. Indexed fields cover
+    ///         the lookups frontends need most: curve address, token
+    ///         address, and the deploying EOA.
+    event CurveCreated(
+        address indexed curve,
+        address indexed token,
+        address indexed owner,
+        string name,
+        string symbol,
+        uint256 curveSupply,
+        uint256 graduationSrxThreshold
+    );
+
+    /// @notice Deploy a new CoinBlastCurve and register it. msg.sender
+    ///         is recorded as the launcher; the curve itself owns the
+    ///         token supply per CoinBlastCurve mechanics.
+    function createCurve(CoinBlastCurve.InitParams memory p)
+        external
+        returns (CoinBlastCurve curve)
+    {
+        curve = new CoinBlastCurve(p);
+        address curveAddr = address(curve);
+        address tokenAddr = address(curve.token());
+        allCurves.push(curveAddr);
+        _curvesOfOwner[msg.sender].push(curveAddr);
+        emit CurveCreated(
+            curveAddr,
+            tokenAddr,
+            msg.sender,
+            p.name,
+            p.symbol,
+            p.curveSupply,
+            p.graduationSrxThreshold
+        );
+    }
+
+    /// @notice All curves deployed by `owner` via this factory.
+    function curvesOf(address owner) external view returns (address[] memory) {
+        return _curvesOfOwner[owner];
+    }
+
+    /// @notice Total curves deployed via this factory.
+    function totalCurves() external view returns (uint256) {
+        return allCurves.length;
+    }
+}

package/contracts/MerkleAirdrop.sol

@@ -0,0 +1,142 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity 0.8.24;
+
+/// @title MerkleAirdrop
+/// @author Sentrix Labs
+/// @notice Generic merkle-tree airdrop claim contract for Sentrix airdrop phases.
+/// @dev Minimal & immutable: deploy with merkle root + total amount, pre-fund with
+///      native SRX, recipients claim with a merkle proof. After the claim window
+///      expires, the owner sweeps unclaimed balance back to a configured recipient.
+///
+///      Designed for one phase per deploy — Phase 1 (Testnet Heroes) gets its own
+///      MerkleAirdrop instance pre-funded from Strategic Reserve. Subsequent phases
+///      deploy fresh instances.
+///
+///      Tree leaf format: keccak256(abi.encodePacked(address, uint256))
+///      Proof verification follows OpenZeppelin's MerkleProof convention
+///      (sorted siblings).
+contract MerkleAirdrop {
+    // ── Immutable config ─────────────────────────────────────
+    bytes32 public immutable merkleRoot;
+    uint256 public immutable claimDeadline; // unix timestamp; after this, no more claims
+    address public immutable sweepRecipient; // where unclaimed SRX returns (e.g. Strategic Reserve)
+    address public immutable owner; // address allowed to call sweep() after deadline
+
+    // ── State ────────────────────────────────────────────────
+    /// @dev address => has-claimed flag
+    mapping(address => bool) public claimed;
+
+    /// @dev cumulative claimed amount (for accounting / introspection)
+    uint256 public totalClaimed;
+
+    /// @dev set true after sweep() is called; locks any further state changes
+    bool public swept;
+
+    // ── Events ───────────────────────────────────────────────
+    event Claimed(address indexed recipient, uint256 amount);
+    event Swept(address indexed recipient, uint256 amount);
+
+    // ── Errors ───────────────────────────────────────────────
+    error AlreadyClaimed();
+    error InvalidProof();
+    error ClaimWindowClosed();
+    error ClaimWindowOpen();
+    error AlreadySwept();
+    error NotOwner();
+    error TransferFailed();
+    error ZeroAddress();
+
+    // ── Constructor ──────────────────────────────────────────
+    /// @param _merkleRoot Root of the airdrop merkle tree. Leaves are
+    ///        `keccak256(abi.encodePacked(address, uint256))` sorted-pair internal hashes.
+    /// @param _claimDeadline Unix timestamp after which claims are rejected.
+    /// @param _sweepRecipient Address that receives unclaimed balance after sweep().
+    /// @param _owner Address allowed to call sweep() after deadline (typically SentrixSafe).
+    constructor(
+        bytes32 _merkleRoot,
+        uint256 _claimDeadline,
+        address _sweepRecipient,
+        address _owner
+    ) {
+        if (_sweepRecipient == address(0)) revert ZeroAddress();
+        if (_owner == address(0)) revert ZeroAddress();
+        merkleRoot = _merkleRoot;
+        claimDeadline = _claimDeadline;
+        sweepRecipient = _sweepRecipient;
+        owner = _owner;
+    }
+
+    // ── Pre-fund ─────────────────────────────────────────────
+    /// @notice Anyone can fund the contract by sending SRX to it.
+    ///         Typically the Strategic Reserve owner pre-funds at deploy time.
+    receive() external payable {}
+
+    // ── Claim ────────────────────────────────────────────────
+    /// @notice Claim airdrop allocation by submitting a merkle proof.
+    /// @param amount The allocated amount (in wei) for the calling address.
+    /// @param proof Merkle proof showing `(msg.sender, amount)` is in the tree.
+    function claim(uint256 amount, bytes32[] calldata proof) external {
+        if (block.timestamp > claimDeadline) revert ClaimWindowClosed();
+        if (claimed[msg.sender]) revert AlreadyClaimed();
+        if (swept) revert AlreadySwept();
+
+        bytes32 leaf = keccak256(abi.encodePacked(msg.sender, amount));
+        if (!_verify(proof, merkleRoot, leaf)) revert InvalidProof();
+
+        claimed[msg.sender] = true;
+        totalClaimed += amount;
+
+        (bool ok,) = msg.sender.call{value: amount}("");
+        if (!ok) revert TransferFailed();
+
+        emit Claimed(msg.sender, amount);
+    }
+
+    // ── Sweep ────────────────────────────────────────────────
+    /// @notice After claim window closes, sweep remaining balance to sweepRecipient.
+    ///         Only callable by owner. Locks state to prevent re-sweep.
+    function sweep() external {
+        if (msg.sender != owner) revert NotOwner();
+        if (block.timestamp <= claimDeadline) revert ClaimWindowOpen();
+        if (swept) revert AlreadySwept();
+
+        swept = true;
+
+        uint256 balance = address(this).balance;
+        if (balance > 0) {
+            (bool ok,) = sweepRecipient.call{value: balance}("");
+            if (!ok) revert TransferFailed();
+        }
+
+        emit Swept(sweepRecipient, balance);
+    }
+
+    // ── View helpers ─────────────────────────────────────────
+    /// @notice Check whether `account` is eligible (proof valid) without claiming.
+    function isEligible(address account, uint256 amount, bytes32[] calldata proof)
+        external
+        view
+        returns (bool)
+    {
+        bytes32 leaf = keccak256(abi.encodePacked(account, amount));
+        return _verify(proof, merkleRoot, leaf);
+    }
+
+    // ── Merkle verification (OpenZeppelin-compatible sorted siblings) ──
+    function _verify(bytes32[] calldata proof, bytes32 root, bytes32 leaf)
+        private
+        pure
+        returns (bool)
+    {
+        bytes32 computed = leaf;
+        for (uint256 i = 0; i < proof.length; i++) {
+            bytes32 sibling = proof[i];
+            if (computed < sibling) {
+                computed = keccak256(abi.encodePacked(computed, sibling));
+            } else {
+                computed = keccak256(abi.encodePacked(sibling, computed));
+            }
+        }
+        return computed == root;
+    }
+}

package/contracts/Multicall3.sol

@@ -0,0 +1,125 @@
+// SPDX-License-Identifier: MIT
+pragma solidity 0.8.24;
+
+/// @title Multicall3
+/// @author Matt Solomon (upstream) - vendored verbatim by Sentrix Labs
+/// @notice Aggregate read/write contract calls into a single tx.
+/// @dev Mirror of github.com/mds1/multicall (canonical address
+///      0xcA11bde05977b3631167028862bE2a173976CA11 across most chains).
+///      Reproduced here verbatim to keep the canonical-contracts repo
+///      self-contained. License preserved (MIT - owner: Matt Solomon).
+contract Multicall3 {
+    struct Call {
+        address target;
+        bytes callData;
+    }
+
+    struct Call3 {
+        address target;
+        bool allowFailure;
+        bytes callData;
+    }
+
+    struct Call3Value {
+        address target;
+        bool allowFailure;
+        uint256 value;
+        bytes callData;
+    }
+
+    struct Result {
+        bool success;
+        bytes returnData;
+    }
+
+    /// @notice Backwards-compatible aggregate (reverts on any failure).
+    function aggregate(Call[] calldata calls) external payable returns (uint256 blockNumber, bytes[] memory returnData) {
+        blockNumber = block.number;
+        uint256 length = calls.length;
+        returnData = new bytes[](length);
+        Call calldata call;
+        for (uint256 i = 0; i < length; ) {
+            bool success;
+            call = calls[i];
+            (success, returnData[i]) = call.target.call(call.callData);
+            require(success, "Multicall3: call failed");
+            unchecked { ++i; }
+        }
+    }
+
+    /// @notice Aggregate calls; per-call failure mode controllable.
+    function aggregate3(Call3[] calldata calls) external payable returns (Result[] memory returnData) {
+        uint256 length = calls.length;
+        returnData = new Result[](length);
+        Call3 calldata calli;
+        for (uint256 i = 0; i < length; ) {
+            Result memory result = returnData[i];
+            calli = calls[i];
+            (result.success, result.returnData) = calli.target.call(calli.callData);
+            assembly {
+                if iszero(or(calldataload(add(calli, 0x20)), mload(result))) {
+                    mstore(0x00, 0x08c379a0)
+                    mstore(0x20, 0x20)
+                    mstore(0x40, 0x17)
+                    mstore(0x60, 0x4d756c746963616c6c333a2063616c6c206661696c6564000000000000000000)
+                    revert(0x1c, 0x64)
+                }
+            }
+            unchecked { ++i; }
+        }
+    }
+
+    /// @notice Aggregate calls with values; per-call failure mode controllable.
+    function aggregate3Value(Call3Value[] calldata calls) external payable returns (Result[] memory returnData) {
+        uint256 valAccumulator;
+        uint256 length = calls.length;
+        returnData = new Result[](length);
+        Call3Value calldata calli;
+        for (uint256 i = 0; i < length; ) {
+            Result memory result = returnData[i];
+            calli = calls[i];
+            uint256 val = calli.value;
+            unchecked { valAccumulator += val; }
+            (result.success, result.returnData) = calli.target.call{value: val}(calli.callData);
+            assembly {
+                if iszero(or(calldataload(add(calli, 0x40)), mload(result))) {
+                    mstore(0x00, 0x08c379a0)
+                    mstore(0x20, 0x20)
+                    mstore(0x40, 0x17)
+                    mstore(0x60, 0x4d756c746963616c6c333a2063616c6c206661696c6564000000000000000000)
+                    revert(0x1c, 0x64)
+                }
+            }
+            unchecked { ++i; }
+        }
+        require(msg.value == valAccumulator, "Multicall3: value mismatch");
+    }
+
+    function blockAndAggregate(Call[] calldata calls) external payable returns (uint256 blockNumber, bytes32 blockHash, Result[] memory returnData) {
+        (blockNumber, blockHash, returnData) = tryBlockAndAggregate(calls);
+    }
+
+    function tryBlockAndAggregate(Call[] calldata calls) public payable returns (uint256 blockNumber, bytes32 blockHash, Result[] memory returnData) {
+        blockNumber = block.number;
+        blockHash = blockhash(block.number);
+        uint256 length = calls.length;
+        returnData = new Result[](length);
+        Call calldata call;
+        for (uint256 i = 0; i < length; ) {
+            Result memory result = returnData[i];
+            call = calls[i];
+            (result.success, result.returnData) = call.target.call(call.callData);
+            unchecked { ++i; }
+        }
+    }
+
+    function getBlockNumber() external view returns (uint256) { return block.number; }
+    function getBlockHash(uint256 blockNumber) external view returns (bytes32) { return blockhash(blockNumber); }
+    function getCurrentBlockTimestamp() external view returns (uint256) { return block.timestamp; }
+    function getCurrentBlockGasLimit() external view returns (uint256) { return block.gaslimit; }
+    function getCurrentBlockCoinbase() external view returns (address) { return block.coinbase; }
+    function getEthBalance(address addr) external view returns (uint256) { return addr.balance; }
+    function getLastBlockHash() external view returns (bytes32) { return blockhash(block.number - 1); }
+    function getChainId() external view returns (uint256) { return block.chainid; }
+    function getBasefee() external view returns (uint256) { return block.basefee; }
+}

package/contracts/SentrixSafe.sol

@@ -0,0 +1,252 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity 0.8.24;
+
+/// @title SentrixSafe
+/// @author Sentrix Labs
+/// @notice Minimal multi-signature wallet for treasury management.
+/// @dev Inspired by Gnosis Safe v1.4.1 but trimmed to the
+///      execute-from-N-of-M-owners core. No modules, no guards,
+///      no fallback handlers - those are out of scope for canonical
+///      treasury use. Owners sign tx hashes off-chain (EIP-712 typed
+///      hashing); on-chain `execTransaction` verifies threshold + nonce.
+///
+/// SECURITY (audit 2026-05-07 v1.1):
+///   - C1: delegatecall path now properly copies calldata into memory before
+///         the DELEGATECALL opcode. Pre-fix the assembly used `data.offset`
+///         as a memory pointer, but DELEGATECALL reads from MEMORY not
+///         CALLDATA — so owners signed one payload and the contract executed
+///         arbitrary memory bytes (or reverted). FIXED.
+///   - C2: full Safe.t.sol test suite added covering execTransaction,
+///         signature verification, replay, delegatecall, owner management.
+///   - H1: ExecutionFailure now reverts (instead of silently succeeding +
+///         emitting an event) so callers can't be fooled into thinking a
+///         failed treasury op succeeded.
+///   - H2: DOMAIN_SEPARATOR rebuilds on chainid mismatch (replay-safe across
+///         hard forks of the host chain).
+///   - H3: removeOwner enforces threshold ≤ remaining-owners floor.
+contract SentrixSafe {
+    // ── Storage ──────────────────────────────────────────────
+    address[] public owners;
+    mapping(address => bool) public isOwner;
+    uint256 public threshold;
+    uint256 public nonce;
+
+    // EIP-712 domain separator
+    /// @dev Audit H2: cached at construction; if `block.chainid` ever differs
+    ///      (i.e. the host chain hard-forks the chainid) we recompute on the
+    ///      fly. The immutable cache stays as the fast path for the 99.99% case.
+    bytes32 private immutable _CACHED_DOMAIN_SEPARATOR;
+    uint256 private immutable _CACHED_CHAIN_ID;
+
+    bytes32 private constant TX_TYPEHASH = keccak256(
+        "SafeTx(address to,uint256 value,bytes data,uint256 operation,uint256 nonce)"
+    );
+
+    // ── Events ───────────────────────────────────────────────
+    event ExecutionSuccess(bytes32 indexed txHash, uint256 nonce);
+    event ExecutionFailure(bytes32 indexed txHash, uint256 nonce);
+    event AddedOwner(address indexed owner);
+    event RemovedOwner(address indexed owner);
+    event ChangedThreshold(uint256 threshold);
+
+    // ── Constructor ──────────────────────────────────────────
+    constructor(address[] memory _owners, uint256 _threshold) {
+        require(_owners.length > 0, "Safe: no owners");
+        require(_threshold > 0 && _threshold <= _owners.length, "Safe: invalid threshold");
+
+        for (uint256 i = 0; i < _owners.length; i++) {
+            address owner = _owners[i];
+            require(owner != address(0) && owner != address(this), "Safe: invalid owner");
+            require(!isOwner[owner], "Safe: duplicate owner");
+            isOwner[owner] = true;
+            owners.push(owner);
+            emit AddedOwner(owner);
+        }
+        threshold = _threshold;
+        emit ChangedThreshold(_threshold);
+
+        _CACHED_CHAIN_ID = block.chainid;
+        _CACHED_DOMAIN_SEPARATOR = _buildDomainSeparator(block.chainid);
+    }
+
+    /// @dev Build the EIP-712 domain separator for a given chain id.
+    ///      Audit H2: previously the constructor-built separator was
+    ///      cached as `immutable`; if the host chain ever changes its
+    ///      chainid (hard fork or re-org) the cached value would be
+    ///      stale and signatures would fail to verify even with the
+    ///      same (chainId, verifyingContract) intent. We rebuild on
+    ///      mismatch.
+    function _buildDomainSeparator(uint256 chainId) private view returns (bytes32) {
+        return keccak256(
+            abi.encode(
+                keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"),
+                keccak256(bytes("SentrixSafe")),
+                keccak256(bytes("1.1")),
+                chainId,
+                address(this)
+            )
+        );
+    }
+
+    /// @notice Public domain separator, recomputed if host chainid drifted.
+    /// @dev Audit H2 fix.
+    function DOMAIN_SEPARATOR() public view returns (bytes32) {
+        if (block.chainid == _CACHED_CHAIN_ID) {
+            return _CACHED_DOMAIN_SEPARATOR;
+        }
+        return _buildDomainSeparator(block.chainid);
+    }
+
+    // ── Core: execute with N-of-M signatures ─────────────────
+    /// @notice Execute a transaction with `threshold` signatures.
+    /// @param to Target address.
+    /// @param value Native value (wei) to send.
+    /// @param data Calldata.
+    /// @param operation 0 = call, 1 = delegatecall.
+    /// @param signatures Concatenated 65-byte ECDSA signatures, sorted by signer address ascending.
+    function execTransaction(
+        address to,
+        uint256 value,
+        bytes calldata data,
+        uint256 operation,
+        bytes calldata signatures
+    ) external returns (bool success) {
+        bytes32 txHash = getTransactionHash(to, value, data, operation, nonce);
+        checkSignatures(txHash, signatures);
+        nonce++;
+
+        if (operation == 1) {
+            // Audit C1 (CRITICAL, 2026-05-07): pre-fix this assembly used
+            // `data.offset` (a CALLDATA offset) directly as the DELEGATECALL
+            // argsOffset argument, but the DELEGATECALL opcode reads from
+            // MEMORY. Owners signed one payload, the contract executed
+            // arbitrary memory bytes — or reverted. FIX: copy calldata to
+            // a fresh memory region first, then DELEGATECALL points at THAT.
+            //
+            // We use Solidity's standard pattern (`bytes memory`) which
+            // does the calldatacopy + memory layout for free.
+            bytes memory dataMem = data;
+            assembly {
+                // dataMem layout: [length (32 bytes)][bytes...]
+                // argsOffset = dataMem + 32 (skip length prefix)
+                // argsLength = mload(dataMem)
+                let dataPtr := add(dataMem, 0x20)
+                let dataLen := mload(dataMem)
+                success := delegatecall(gas(), to, dataPtr, dataLen, 0, 0)
+            }
+        } else {
+            (success, ) = to.call{value: value}(data);
+        }
+
+        if (success) {
+            emit ExecutionSuccess(txHash, nonce - 1);
+        } else {
+            // Audit H1 (HIGH): pre-fix this only emitted ExecutionFailure +
+            // returned `false`, so callers using the standard "(bool success
+            // = safe.execTransaction(...))" pattern saw `success = false`
+            // but no revert. A treasury op that failed silently would still
+            // count as "executed" in audit logs — confusing at best.
+            // Now revert with the inner-call's revert reason bubbled up.
+            emit ExecutionFailure(txHash, nonce - 1);
+            assembly {
+                let returnSize := returndatasize()
+                returndatacopy(0, 0, returnSize)
+                revert(0, returnSize)
+            }
+        }
+    }
+
+    // ── Signature verification ───────────────────────────────
+    function checkSignatures(bytes32 dataHash, bytes calldata signatures) public view {
+        uint256 _threshold = threshold;
+        require(signatures.length >= _threshold * 65, "Safe: signatures too short");
+
+        address lastOwner = address(0);
+        for (uint256 i = 0; i < _threshold; i++) {
+            address currentOwner = recoverSigner(dataHash, signatures, i);
+            require(currentOwner > lastOwner, "Safe: signatures not sorted");
+            require(isOwner[currentOwner], "Safe: signer not owner");
+            lastOwner = currentOwner;
+        }
+    }
+
+    function recoverSigner(bytes32 dataHash, bytes calldata signatures, uint256 pos) internal pure returns (address) {
+        uint8 v;
+        bytes32 r;
+        bytes32 s;
+        assembly {
+            let sigPtr := add(signatures.offset, mul(pos, 65))
+            r := calldataload(sigPtr)
+            s := calldataload(add(sigPtr, 32))
+            v := byte(0, calldataload(add(sigPtr, 64)))
+        }
+        return ecrecover(dataHash, v, r, s);
+    }
+
+    function getTransactionHash(
+        address to,
+        uint256 value,
+        bytes calldata data,
+        uint256 operation,
+        uint256 _nonce
+    ) public view returns (bytes32) {
+        bytes32 structHash = keccak256(abi.encode(
+            TX_TYPEHASH,
+            to,
+            value,
+            keccak256(data),
+            operation,
+            _nonce
+        ));
+        return keccak256(abi.encodePacked("\x19\x01", DOMAIN_SEPARATOR(), structHash));
+    }
+
+    // ── Receive native SRX ──────────────────────────────────
+    receive() external payable {}
+
+    // ── Owner management (self-call only via execTransaction) ─
+    function addOwner(address owner, uint256 _threshold) external {
+        require(msg.sender == address(this), "Safe: self-call only");
+        require(owner != address(0) && !isOwner[owner], "Safe: invalid or existing owner");
+        isOwner[owner] = true;
+        owners.push(owner);
+        emit AddedOwner(owner);
+        if (_threshold != threshold) {
+            require(_threshold > 0 && _threshold <= owners.length, "Safe: invalid threshold");
+            threshold = _threshold;
+            emit ChangedThreshold(_threshold);
+        }
+    }
+
+    function removeOwner(address owner, uint256 _threshold) external {
+        require(msg.sender == address(this), "Safe: self-call only");
+        require(isOwner[owner], "Safe: not owner");
+        // Audit H3 (HIGH): minimum-owner floor. Without this, a 1-of-N safe
+        // could remove its only remaining owner and brick itself, OR a
+        // 2-of-2 safe could remove an owner without lowering threshold and
+        // brick itself (threshold > owners.length means no signature set
+        // can verify). require(_threshold <= owners.length - 1) covers it.
+        require(owners.length > 1, "Safe: cannot remove last owner");
+        require(_threshold > 0, "Safe: invalid threshold");
+        require(_threshold <= owners.length - 1, "Safe: threshold too high");
+
+        isOwner[owner] = false;
+        for (uint256 i = 0; i < owners.length; i++) {
+            if (owners[i] == owner) {
+                owners[i] = owners[owners.length - 1];
+                owners.pop();
+                break;
+            }
+        }
+        emit RemovedOwner(owner);
+
+        if (_threshold != threshold) {
+            threshold = _threshold;
+            emit ChangedThreshold(_threshold);
+        }
+    }
+
+    function getOwners() external view returns (address[] memory) {
+        return owners;
+    }
+}