Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Guard v0 contract for generic adapter #184

Merged
merged 42 commits into from
Jan 15, 2024
Merged
Changes from 1 commit
Commits
Show all changes
42 commits
Select commit Hold shift + click to select a range
0e30a88
Started to work on Terms of Service acceptange management
miohtama Dec 20, 2023
7032c59
Working on Guard smart contract
miohtama Jan 11, 2024
5fef3d7
Allow Enzyme submodule to be dirty
miohtama Jan 11, 2024
888cd26
chore: forge init
miohtama Jan 11, 2024
a119973
forge install: forge-std
miohtama Jan 11, 2024
b418636
Cleaning up guard contract
miohtama Jan 11, 2024
7211bc9
forge install: openzeppelin-contracts
miohtama Jan 11, 2024
f437fac
Added OpenZeppelin dependency
miohtama Jan 11, 2024
a3bf92e
It compiles
miohtama Jan 11, 2024
2e58f24
More guards
miohtama Jan 11, 2024
329d903
Updating README
miohtama Jan 11, 2024
31af8ce
Update README
miohtama Jan 11, 2024
1d63173
Add ABI file copy for guard
miohtama Jan 11, 2024
4341e54
Adding guard tests
miohtama Jan 12, 2024
0332dcf
Adding guard tests
miohtama Jan 12, 2024
f257c4b
Working on Guard init
miohtama Jan 13, 2024
70c4c18
Call site checks work
miohtama Jan 13, 2024
6492780
Swap works
miohtama Jan 13, 2024
1507be0
Check for TRANSFER_FROM_FAILED
miohtama Jan 13, 2024
9b86e6d
Add exit scam test
miohtama Jan 13, 2024
7fe8032
Add exit scam test
miohtama Jan 13, 2024
d901262
Adding test coverage
miohtama Jan 13, 2024
2620102
And more tests
miohtama Jan 13, 2024
5d34cb1
Adding guard and terms of service integrations
miohtama Jan 14, 2024
59202b2
Finally guard integration compiles
miohtama Jan 14, 2024
2fbdb1d
Integrate terms of service
miohtama Jan 15, 2024
d64976a
Terms of service integration to deposit tested
miohtama Jan 15, 2024
2281b11
Guard deployes
miohtama Jan 15, 2024
3bb592d
USDC-WETH pool properly deployed for Guarded enzyme
miohtama Jan 15, 2024
4ae3eea
Fixing tests
miohtama Jan 15, 2024
77210d2
Fixing tests
miohtama Jan 15, 2024
d1138ac
Fixing tests
miohtama Jan 15, 2024
adb208f
Guarded swap works
miohtama Jan 15, 2024
81df0db
Check for unauthorised token with GuardV0 + Enzyme
miohtama Jan 15, 2024
a13ed4c
Add check for an unauthorised approve
miohtama Jan 15, 2024
c68e54a
Fix tests
miohtama Jan 15, 2024
692eca6
All tests green
miohtama Jan 15, 2024
43ab92a
Updating CHANGELOG
miohtama Jan 15, 2024
ae15ca7
Bump 1delta
miohtama Jan 15, 2024
cf60d8e
Fix case sensitive with guard/GuardV0 path
miohtama Jan 15, 2024
024e2b5
Fix log message in the fallback provider that if we have only a sing…
miohtama Jan 15, 2024
c3af891
Switch Actions runner
miohtama Jan 15, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Working on Guard smart contract
  • Loading branch information
miohtama committed Jan 15, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
commit 7032c592ee4a96b2781834fb9200fcdb8f83c305
2 changes: 2 additions & 0 deletions contracts/in-house/foundry.toml
Original file line number Diff line number Diff line change
@@ -6,6 +6,8 @@ allow_paths = ["*", "/"]
# For VaultUSDCPaymentForwarder.sol
solc_version = "0.6.12"

# auto_detect_solc = true

[profile.ci.fuzz]
runs = 10_000

1 change: 0 additions & 1 deletion contracts/in-house/remappings.txt
Original file line number Diff line number Diff line change
@@ -1,3 +1,2 @@
# @openzeppelin/=lib/openzeppelin-contracts
@openzeppelin/=../enzyme/node_modules/@openzeppelin
@enzyme/=../enzyme/contracts
127 changes: 127 additions & 0 deletions contracts/in-house/src/GuardV0.sol
Original file line number Diff line number Diff line change
@@ -0,0 +1,127 @@
/**
* Check for legit trade execution actions.
*
*/

pragma solidity 0.6.12;

interface IGuard {
function validateCall(address target, bytes callData) public;
}

interface IUniswapV2Router02 {
function swapTokensForExactTokens(
uint amountOut,
uint amountInMax,
address[] calldata path,
address to,
uint deadline
) external returns (uint[] memory amounts);
}

/**
* Prototype guard implementation.
*
* - Hardcoded actions for Uniswap v2, v3, 1delta
*
*/
contract GuardV0 is IGuard, Ownable {

// Allowed ERC20.approve()
mapping(address target => mapping(bytes4 selector => bool allowed)) public allowedCallSites;

// Allowed ERC-20 tokens we may receive or send in a trade
mapping(address token => bool allowed) public allowedAssets;

// Allowed trade executors
mapping(address address => bool allowed) public allowedSenders;

// Allowed ERC20.approve()
mapping(address target => bool allowed) public uniswapV2Routers;

mapping(address target => bool allowed) public uniswapV2Routers;

event CallSiteApproved(address target, bytes4 selector, string notes);
event CallSiteRemoved(address target, bytes4 selector, string notes);

event SenderApproved(address sender, string notes);
event SenderRemoved(address sender, string notes);

constructor() Ownable {
governance = owner;
}

/**
* Get the address of the proto DAO
*/
function getGovernanceAddress() public view returns (address) {
return owner();
}

function approveCallSite(address target, bytes4 selector, notes string) onlyOwner {
allowedCallSites[target][selector] = true;
emit CallSiteApproved(target, selector, notes);
}

function removeCallSite(address target, bytes4 selector) onlyOwner {
delete allowedCallSites[target][selector];
emit CallSiteApproved(target, selector);
}

function allowSender(address sender, string notes) onlyOwner {
allowedSender[sender] = true;
emit SenderApproved(sender, notes);
}

function removeSender(address sender, string notes) onlyOwner {
delete allowedSender[sender];
emit SenderRemoved(sender, notes);
}

function removeCallSite(address target, bytes4 selector, string notes) onlyOwner {
delete allowedCallSites[target][selector];
emit CallSiteApproved(target, selector, notes);
}
// Basic check if any target contract is whitelisted
function canCall(address target, bytes4 selector) public view bool {
return allowedCallSites[target][selector];
}

function isAllowedSender(address sender) public view bool {
return allowedSenders[sender] == true;
}

function isAllowedAsset(address token) public view bool {
return allowedAssets[sender] == true;
}

// Validate Uniswap v2 trade
function validate_swapTokensForExactTokens(bytes callData) public view bool {
(uint amountOut, uint amountInMax, address[] calldata path, address to, uint deadline) = abi.decode(callData, uint, uint, address[] calldata, address, uint));
address tokenIn = path[0];
address tokenOut = path[-1];
require(isAllowedToken(tokenIn), "Token in not allowed");
require(isAllowedToken(tokenOut), "Token out not allowed");
}

function validateCall(address sender, address target, bytes callData) {

if(sender == getGovernanceAddress()) {
// Governance can manually recover any issue
return;
}

requre(!isAllowedCaller(sender), "Sender not allowed");

// Assume sender is trade-executor hot wallet

bytes4 selector = bytes4(callData[:4]);
require(!canCall(target, selector), "Call site not allowed");

if(selector == abi.encodeCall(IUniswapV2Router02.swapTokensForExactTokens)) {
validate_swapTokensForExactTokens(callData[4:]);
} else {
revert("Unknown function selector");
}
}
}
44 changes: 0 additions & 44 deletions contracts/in-house/src/TermsOfService.sol

This file was deleted.