@venusprotocol/governance-contracts 0.0.1

package/contracts/Governance/GovernorBravoInterfaces.sol

@@ -0,0 +1,234 @@
+pragma solidity ^0.5.16;
+pragma experimental ABIEncoderV2;
+
+contract GovernorBravoEvents {
+    /// @notice An event emitted when a new proposal is created
+    event ProposalCreated(
+        uint id,
+        address proposer,
+        address[] targets,
+        uint[] values,
+        string[] signatures,
+        bytes[] calldatas,
+        uint startBlock,
+        uint endBlock,
+        string description,
+        uint8 proposalType
+    );
+
+    /// @notice An event emitted when a vote has been cast on a proposal
+    /// @param voter The address which casted a vote
+    /// @param proposalId The proposal id which was voted on
+    /// @param support Support value for the vote. 0=against, 1=for, 2=abstain
+    /// @param votes Number of votes which were cast by the voter
+    /// @param reason The reason given for the vote by the voter
+    event VoteCast(address indexed voter, uint proposalId, uint8 support, uint votes, string reason);
+
+    /// @notice An event emitted when a proposal has been canceled
+    event ProposalCanceled(uint id);
+
+    /// @notice An event emitted when a proposal has been queued in the Timelock
+    event ProposalQueued(uint id, uint eta);
+
+    /// @notice An event emitted when a proposal has been executed in the Timelock
+    event ProposalExecuted(uint id);
+
+    /// @notice An event emitted when the voting delay is set
+    event VotingDelaySet(uint oldVotingDelay, uint newVotingDelay);
+
+    /// @notice An event emitted when the voting period is set
+    event VotingPeriodSet(uint oldVotingPeriod, uint newVotingPeriod);
+
+    /// @notice Emitted when implementation is changed
+    event NewImplementation(address oldImplementation, address newImplementation);
+
+    /// @notice Emitted when proposal threshold is set
+    event ProposalThresholdSet(uint oldProposalThreshold, uint newProposalThreshold);
+
+    /// @notice Emitted when pendingAdmin is changed
+    event NewPendingAdmin(address oldPendingAdmin, address newPendingAdmin);
+
+    /// @notice Emitted when pendingAdmin is accepted, which means admin is updated
+    event NewAdmin(address oldAdmin, address newAdmin);
+
+    /// @notice Emitted when the new guardian address is set
+    event NewGuardian(address oldGuardian, address newGuardian);
+
+    /// @notice Emitted when the maximum number of operations in one proposal is updated
+    event ProposalMaxOperationsUpdated(uint oldMaxOperations, uint newMaxOperations);
+}
+
+contract GovernorBravoDelegatorStorage {
+    /// @notice Administrator for this contract
+    address public admin;
+
+    /// @notice Pending administrator for this contract
+    address public pendingAdmin;
+
+    /// @notice Active brains of Governor
+    address public implementation;
+}
+
+/**
+ * @title Storage for Governor Bravo Delegate
+ * @notice For future upgrades, do not change GovernorBravoDelegateStorageV1. Create a new
+ * contract which implements GovernorBravoDelegateStorageV1 and following the naming convention
+ * GovernorBravoDelegateStorageVX.
+ */
+contract GovernorBravoDelegateStorageV1 is GovernorBravoDelegatorStorage {
+    /// @notice DEPRECATED The delay before voting on a proposal may take place, once proposed, in blocks
+    uint public votingDelay;
+
+    /// @notice DEPRECATED The duration of voting on a proposal, in blocks
+    uint public votingPeriod;
+
+    /// @notice DEPRECATED The number of votes required in order for a voter to become a proposer
+    uint public proposalThreshold;
+
+    /// @notice Initial proposal id set at become
+    uint public initialProposalId;
+
+    /// @notice The total number of proposals
+    uint public proposalCount;
+
+    /// @notice The address of the Venus Protocol Timelock
+    TimelockInterface public timelock;
+
+    /// @notice The address of the Venus governance token
+    XvsVaultInterface public xvsVault;
+
+    /// @notice The official record of all proposals ever proposed
+    mapping(uint => Proposal) public proposals;
+
+    /// @notice The latest proposal for each proposer
+    mapping(address => uint) public latestProposalIds;
+
+    struct Proposal {
+        /// @notice Unique id for looking up a proposal
+        uint id;
+        /// @notice Creator of the proposal
+        address proposer;
+        /// @notice The timestamp that the proposal will be available for execution, set once the vote succeeds
+        uint eta;
+        /// @notice the ordered list of target addresses for calls to be made
+        address[] targets;
+        /// @notice The ordered list of values (i.e. msg.value) to be passed to the calls to be made
+        uint[] values;
+        /// @notice The ordered list of function signatures to be called
+        string[] signatures;
+        /// @notice The ordered list of calldata to be passed to each call
+        bytes[] calldatas;
+        /// @notice The block at which voting begins: holders must delegate their votes prior to this block
+        uint startBlock;
+        /// @notice The block at which voting ends: votes must be cast prior to this block
+        uint endBlock;
+        /// @notice Current number of votes in favor of this proposal
+        uint forVotes;
+        /// @notice Current number of votes in opposition to this proposal
+        uint againstVotes;
+        /// @notice Current number of votes for abstaining for this proposal
+        uint abstainVotes;
+        /// @notice Flag marking whether the proposal has been canceled
+        bool canceled;
+        /// @notice Flag marking whether the proposal has been executed
+        bool executed;
+        /// @notice Receipts of ballots for the entire set of voters
+        mapping(address => Receipt) receipts;
+        /// @notice The type of the proposal
+        uint8 proposalType;
+    }
+
+    /// @notice Ballot receipt record for a voter
+    struct Receipt {
+        /// @notice Whether or not a vote has been cast
+        bool hasVoted;
+        /// @notice Whether or not the voter supports the proposal or abstains
+        uint8 support;
+        /// @notice The number of votes the voter had, which were cast
+        uint96 votes;
+    }
+
+    /// @notice Possible states that a proposal may be in
+    enum ProposalState {
+        Pending,
+        Active,
+        Canceled,
+        Defeated,
+        Succeeded,
+        Queued,
+        Expired,
+        Executed
+    }
+
+    /// @notice The maximum number of actions that can be included in a proposal
+    uint public proposalMaxOperations;
+
+    /// @notice A privileged role that can cancel any proposal
+    address public guardian;
+}
+
+contract GovernorBravoDelegateStorageV2 is GovernorBravoDelegateStorageV1 {
+    enum ProposalType {
+        NORMAL,
+        FASTTRACK,
+        CRITICAL
+    }
+
+    struct ProposalConfig {
+        /// @notice The delay before voting on a proposal may take place, once proposed, in blocks
+        uint256 votingDelay;
+        /// @notice The duration of voting on a proposal, in blocks
+        uint256 votingPeriod;
+        /// @notice The number of votes required in order for a voter to become a proposer
+        uint256 proposalThreshold;
+    }
+
+    /// @notice mapping containing configuration for each proposal type
+    mapping(uint => ProposalConfig) public proposalConfigs;
+
+    /// @notice mapping containing Timelock addresses for each proposal type
+    mapping(uint => TimelockInterface) public proposalTimelocks;
+}
+
+interface TimelockInterface {
+    function delay() external view returns (uint);
+
+    function GRACE_PERIOD() external view returns (uint);
+
+    function acceptAdmin() external;
+
+    function queuedTransactions(bytes32 hash) external view returns (bool);
+
+    function queueTransaction(
+        address target,
+        uint value,
+        string calldata signature,
+        bytes calldata data,
+        uint eta
+    ) external returns (bytes32);
+
+    function cancelTransaction(
+        address target,
+        uint value,
+        string calldata signature,
+        bytes calldata data,
+        uint eta
+    ) external;
+
+    function executeTransaction(
+        address target,
+        uint value,
+        string calldata signature,
+        bytes calldata data,
+        uint eta
+    ) external payable returns (bytes memory);
+}
+
+interface XvsVaultInterface {
+    function getPriorVotes(address account, uint blockNumber) external view returns (uint96);
+}
+
+interface GovernorAlphaInterface {
+    /// @notice The total number of proposals
+    function proposalCount() external returns (uint);
+}

package/contracts/Governance/IAccessControlManagerV5.sol

@@ -0,0 +1,120 @@
+// SPDX-License-Identifier: BSD-3-Clause
+pragma solidity 0.5.16;
+
+interface IAccessControlManagerV5 {
+    /**
+     * @dev Emitted when `newAdminRole` is set as ``role``'s admin role, replacing `previousAdminRole`
+     *
+     * `DEFAULT_ADMIN_ROLE` is the starting admin for all roles, despite
+     * {RoleAdminChanged} not being emitted signaling this.
+     *
+     */
+    event RoleAdminChanged(bytes32 indexed role, bytes32 indexed previousAdminRole, bytes32 indexed newAdminRole);
+
+    /**
+     * @dev Emitted when `account` is granted `role`.
+     *
+     * `sender` is the account that originated the contract call, an admin role
+     * bearer except when using {AccessControl-_setupRole}.
+     */
+    event RoleGranted(bytes32 indexed role, address indexed account, address indexed sender);
+
+    /**
+     * @dev Emitted when `account` is revoked `role`.
+     *
+     * `sender` is the account that originated the contract call:
+     *   - if using `revokeRole`, it is the admin role bearer
+     *   - if using `renounceRole`, it is the role bearer (i.e. `account`)
+     */
+    event RoleRevoked(bytes32 indexed role, address indexed account, address indexed sender);
+
+    /**
+     * @dev Returns `true` if `account` has been granted `role`.
+     */
+    function hasRole(bytes32 role, address account) external view returns (bool);
+
+    /**
+     * @dev Returns the admin role that controls `role`. See {grantRole} and
+     * {revokeRole}.
+     *
+     * To change a role's admin, use {AccessControl-_setRoleAdmin}.
+     */
+    function getRoleAdmin(bytes32 role) external view returns (bytes32);
+
+    /**
+     * @dev Grants `role` to `account`.
+     *
+     * If `account` had not been already granted `role`, emits a {RoleGranted}
+     * event.
+     *
+     * Requirements:
+     *
+     * - the caller must have ``role``'s admin role.
+     */
+    function grantRole(bytes32 role, address account) external;
+
+    /**
+     * @dev Revokes `role` from `account`.
+     *
+     * If `account` had been granted `role`, emits a {RoleRevoked} event.
+     *
+     * Requirements:
+     *
+     * - the caller must have ``role``'s admin role.
+     */
+    function revokeRole(bytes32 role, address account) external;
+
+    /**
+     * @dev Revokes `role` from the calling account.
+     *
+     * Roles are often managed via {grantRole} and {revokeRole}: this function's
+     * purpose is to provide a mechanism for accounts to lose their privileges
+     * if they are compromised (such as when a trusted device is misplaced).
+     *
+     * If the calling account had been granted `role`, emits a {RoleRevoked}
+     * event.
+     *
+     * Requirements:
+     *
+     * - the caller must be `account`.
+     */
+    function renounceRole(bytes32 role, address account) external;
+
+    /**
+     * @notice Gives a function call permission to one single account
+     * @dev this function can be called only from Role Admin or DEFAULT_ADMIN_ROLE
+     * 		May emit a {RoleGranted} event.
+     * @param contractAddress address of contract for which call permissions will be granted
+     * @param functionSig signature e.g. "functionName(uint,bool)"
+     */
+    function giveCallPermission(address contractAddress, string calldata functionSig, address accountToPermit) external;
+
+    /**
+     * @notice Revokes an account's permission to a particular function call
+     * @dev this function can be called only from Role Admin or DEFAULT_ADMIN_ROLE
+     * 		May emit a {RoleRevoked} event.
+     * @param contractAddress address of contract for which call permissions will be revoked
+     * @param functionSig signature e.g. "functionName(uint,bool)"
+     */
+    function revokeCallPermission(
+        address contractAddress,
+        string calldata functionSig,
+        address accountToRevoke
+    ) external;
+
+    /**
+     * @notice Verifies if the given account can call a praticular contract's function
+     * @dev Since the contract is calling itself this function, we can get contracts address with msg.sender
+     * @param account address (eoa or contract) for which call permissions will be checked
+     * @param functionSig signature e.g. "functionName(uint,bool)"
+     * @return false if the user account cannot call the particular contract function
+     *
+     */
+    function isAllowedToCall(address account, string calldata functionSig) external view returns (bool);
+
+    function hasPermission(
+        address account,
+        address contractAddress,
+        string calldata functionSig
+    ) external view returns (bool);
+}

package/contracts/Governance/IAccessControlManagerV8.sol

@@ -0,0 +1,22 @@
+// SPDX-License-Identifier: BSD-3-Clause
+pragma solidity 0.8.13;
+
+import "@openzeppelin/contracts/access/IAccessControl.sol";
+
+interface IAccessControlManagerV8 is IAccessControl {
+    function giveCallPermission(address contractAddress, string calldata functionSig, address accountToPermit) external;
+
+    function revokeCallPermission(
+        address contractAddress,
+        string calldata functionSig,
+        address accountToRevoke
+    ) external;
+
+    function isAllowedToCall(address account, string calldata functionSig) external view returns (bool);
+
+    function hasPermission(
+        address account,
+        address contractAddress,
+        string calldata functionSig
+    ) external view returns (bool);
+}

package/contracts/Governance/Timelock.sol

@@ -0,0 +1,152 @@
+pragma solidity ^0.5.16;
+
+import "../Utils/SafeMath.sol";
+
+contract Timelock {
+    using SafeMath for uint;
+
+    event NewAdmin(address indexed newAdmin);
+    event NewPendingAdmin(address indexed newPendingAdmin);
+    event NewDelay(uint indexed newDelay);
+    event CancelTransaction(
+        bytes32 indexed txHash,
+        address indexed target,
+        uint value,
+        string signature,
+        bytes data,
+        uint eta
+    );
+    event ExecuteTransaction(
+        bytes32 indexed txHash,
+        address indexed target,
+        uint value,
+        string signature,
+        bytes data,
+        uint eta
+    );
+    event QueueTransaction(
+        bytes32 indexed txHash,
+        address indexed target,
+        uint value,
+        string signature,
+        bytes data,
+        uint eta
+    );
+
+    uint public constant GRACE_PERIOD = 14 days;
+    uint public constant MINIMUM_DELAY = 1 hours;
+    uint public constant MAXIMUM_DELAY = 30 days;
+
+    address public admin;
+    address public pendingAdmin;
+    uint public delay;
+
+    mapping(bytes32 => bool) public queuedTransactions;
+
+    constructor(address admin_, uint delay_) public {
+        require(delay_ >= MINIMUM_DELAY, "Timelock::constructor: Delay must exceed minimum delay.");
+        require(delay_ <= MAXIMUM_DELAY, "Timelock::setDelay: Delay must not exceed maximum delay.");
+
+        admin = admin_;
+        delay = delay_;
+    }
+
+    function() external payable {}
+
+    function setDelay(uint delay_) public {
+        require(msg.sender == address(this), "Timelock::setDelay: Call must come from Timelock.");
+        require(delay_ >= MINIMUM_DELAY, "Timelock::setDelay: Delay must exceed minimum delay.");
+        require(delay_ <= MAXIMUM_DELAY, "Timelock::setDelay: Delay must not exceed maximum delay.");
+        delay = delay_;
+
+        emit NewDelay(delay);
+    }
+
+    function acceptAdmin() public {
+        require(msg.sender == pendingAdmin, "Timelock::acceptAdmin: Call must come from pendingAdmin.");
+        admin = msg.sender;
+        pendingAdmin = address(0);
+
+        emit NewAdmin(admin);
+    }
+
+    function setPendingAdmin(address pendingAdmin_) public {
+        require(msg.sender == address(this), "Timelock::setPendingAdmin: Call must come from Timelock.");
+        pendingAdmin = pendingAdmin_;
+
+        emit NewPendingAdmin(pendingAdmin);
+    }
+
+    function queueTransaction(
+        address target,
+        uint value,
+        string memory signature,
+        bytes memory data,
+        uint eta
+    ) public returns (bytes32) {
+        require(msg.sender == admin, "Timelock::queueTransaction: Call must come from admin.");
+        require(
+            eta >= getBlockTimestamp().add(delay),
+            "Timelock::queueTransaction: Estimated execution block must satisfy delay."
+        );
+
+        bytes32 txHash = keccak256(abi.encode(target, value, signature, data, eta));
+        queuedTransactions[txHash] = true;
+
+        emit QueueTransaction(txHash, target, value, signature, data, eta);
+        return txHash;
+    }
+
+    function cancelTransaction(
+        address target,
+        uint value,
+        string memory signature,
+        bytes memory data,
+        uint eta
+    ) public {
+        require(msg.sender == admin, "Timelock::cancelTransaction: Call must come from admin.");
+
+        bytes32 txHash = keccak256(abi.encode(target, value, signature, data, eta));
+        queuedTransactions[txHash] = false;
+
+        emit CancelTransaction(txHash, target, value, signature, data, eta);
+    }
+
+    function executeTransaction(
+        address target,
+        uint value,
+        string memory signature,
+        bytes memory data,
+        uint eta
+    ) public payable returns (bytes memory) {
+        require(msg.sender == admin, "Timelock::executeTransaction: Call must come from admin.");
+
+        bytes32 txHash = keccak256(abi.encode(target, value, signature, data, eta));
+        require(queuedTransactions[txHash], "Timelock::executeTransaction: Transaction hasn't been queued.");
+        require(getBlockTimestamp() >= eta, "Timelock::executeTransaction: Transaction hasn't surpassed time lock.");
+        require(getBlockTimestamp() <= eta.add(GRACE_PERIOD), "Timelock::executeTransaction: Transaction is stale.");
+
+        queuedTransactions[txHash] = false;
+
+        bytes memory callData;
+
+        if (bytes(signature).length == 0) {
+            callData = data;
+        } else {
+            callData = abi.encodePacked(bytes4(keccak256(bytes(signature))), data);
+        }
+
+        // solium-disable-next-line security/no-call-value
+        (bool success, bytes memory returnData) = target.call.value(value)(callData);
+        require(success, "Timelock::executeTransaction: Transaction execution reverted.");
+
+        emit ExecuteTransaction(txHash, target, value, signature, data, eta);
+
+        return returnData;
+    }
+
+    function getBlockTimestamp() internal view returns (uint) {
+        // solium-disable-next-line security/no-block-members
+        return block.timestamp;
+    }
+}

package/contracts/Utils/SafeMath.sol

@@ -0,0 +1,163 @@
+pragma solidity ^0.5.16;
+
+/**
+ * @dev Wrappers over Solidity's arithmetic operations with added overflow
+ * checks.
+ *
+ * Arithmetic operations in Solidity wrap on overflow. This can easily result
+ * in bugs, because programmers usually assume that an overflow raises an
+ * error, which is the standard behavior in high level programming languages.
+ * `SafeMath` restores this intuition by reverting the transaction when an
+ * operation overflows.
+ *
+ * Using this library instead of the unchecked operations eliminates an entire
+ * class of bugs, so it's recommended to use it always.
+ */
+library SafeMath {
+    /**
+     * @dev Returns the addition of two unsigned integers, reverting on
+     * overflow.
+     *
+     * Counterpart to Solidity's `+` operator.
+     *
+     * Requirements:
+     * - Addition cannot overflow.
+     */
+    function add(uint256 a, uint256 b) internal pure returns (uint256) {
+        return add(a, b, "SafeMath: addition overflow");
+    }
+
+    /**
+     * @dev Returns the subtraction of two unsigned integers, reverting with custom message on
+     * overflow (when the result is negative).
+     *
+     * Counterpart to Solidity's `-` operator.
+     *
+     * Requirements:
+     * - Subtraction cannot overflow.
+     */
+    function add(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {
+        uint256 c = a + b;
+        require(c >= a, errorMessage);
+
+        return c;
+    }
+
+    /**
+     * @dev Returns the subtraction of two unsigned integers, reverting on
+     * overflow (when the result is negative).
+     *
+     * Counterpart to Solidity's `-` operator.
+     *
+     * Requirements:
+     * - Subtraction cannot overflow.
+     */
+    function sub(uint256 a, uint256 b) internal pure returns (uint256) {
+        return sub(a, b, "SafeMath: subtraction overflow");
+    }
+
+    /**
+     * @dev Returns the subtraction of two unsigned integers, reverting with custom message on
+     * overflow (when the result is negative).
+     *
+     * Counterpart to Solidity's `-` operator.
+     *
+     * Requirements:
+     * - Subtraction cannot overflow.
+     */
+    function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {
+        require(b <= a, errorMessage);
+        uint256 c = a - b;
+
+        return c;
+    }
+
+    /**
+     * @dev Returns the multiplication of two unsigned integers, reverting on
+     * overflow.
+     *
+     * Counterpart to Solidity's `*` operator.
+     *
+     * Requirements:
+     * - Multiplication cannot overflow.
+     */
+    function mul(uint256 a, uint256 b) internal pure returns (uint256) {
+        // Gas optimization: this is cheaper than requiring 'a' not being zero, but the
+        // benefit is lost if 'b' is also tested.
+        // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522
+        if (a == 0) {
+            return 0;
+        }
+
+        uint256 c = a * b;
+        require(c / a == b, "SafeMath: multiplication overflow");
+
+        return c;
+    }
+
+    /**
+     * @dev Returns the integer division of two unsigned integers. Reverts on
+     * division by zero. The result is rounded towards zero.
+     *
+     * Counterpart to Solidity's `/` operator. Note: this function uses a
+     * `revert` opcode (which leaves remaining gas untouched) while Solidity
+     * uses an invalid opcode to revert (consuming all remaining gas).
+     *
+     * Requirements:
+     * - The divisor cannot be zero.
+     */
+    function div(uint256 a, uint256 b) internal pure returns (uint256) {
+        return div(a, b, "SafeMath: division by zero");
+    }
+
+    /**
+     * @dev Returns the integer division of two unsigned integers. Reverts with custom message on
+     * division by zero. The result is rounded towards zero.
+     *
+     * Counterpart to Solidity's `/` operator. Note: this function uses a
+     * `revert` opcode (which leaves remaining gas untouched) while Solidity
+     * uses an invalid opcode to revert (consuming all remaining gas).
+     *
+     * Requirements:
+     * - The divisor cannot be zero.
+     */
+    function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {
+        // Solidity only automatically asserts when dividing by 0
+        require(b > 0, errorMessage);
+        uint256 c = a / b;
+        // assert(a == b * c + a % b); // There is no case in which this doesn't hold
+
+        return c;
+    }
+
+    /**
+     * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),
+     * Reverts when dividing by zero.
+     *
+     * Counterpart to Solidity's `%` operator. This function uses a `revert`
+     * opcode (which leaves remaining gas untouched) while Solidity uses an
+     * invalid opcode to revert (consuming all remaining gas).
+     *
+     * Requirements:
+     * - The divisor cannot be zero.
+     */
+    function mod(uint256 a, uint256 b) internal pure returns (uint256) {
+        return mod(a, b, "SafeMath: modulo by zero");
+    }
+
+    /**
+     * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),
+     * Reverts with custom message when dividing by zero.
+     *
+     * Counterpart to Solidity's `%` operator. This function uses a `revert`
+     * opcode (which leaves remaining gas untouched) while Solidity uses an
+     * invalid opcode to revert (consuming all remaining gas).
+     *
+     * Requirements:
+     * - The divisor cannot be zero.
+     */
+    function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {
+        require(b != 0, errorMessage);
+        return a % b;
+    }
+}