Guard v0 contract for generic adapter

.github/workflows/test.yml

@@ -10,7 +10,9 @@ jobs:
 
   test-python:
 
-    runs-on: ubuntu-latest
+    # Reserved multicore instance for running tests
+    runs-on:
+      group: Beefy runners
 
     # Only run the action for the latest push
     # See https://docs.github.com/en/actions/using-jobs/using-concurrency#example-only-cancel-in-progress-jobs-or-runs-for-the-current-workflow
@@ -56,10 +58,9 @@ jobs:
           poetry run install-aave-for-testing
 
       # Run tests parallel.
-      # By default Github gives us only 2 CPUs, but we want to parallerise a bit more.
       - name: Run test scripts
         run: |
-          poetry run pytest --tb=native -n 6 --dist loadscope
+          poetry run pytest --tb=native -n auto --dist loadscope
         env:
           BNB_CHAIN_JSON_RPC: ${{ secrets.BNB_CHAIN_JSON_RPC }}
           JSON_RPC_POLYGON_ARCHIVE: ${{ secrets.JSON_RPC_POLYGON_ARCHIVE }}

.gitmodules

@@ -10,6 +10,7 @@
 [submodule "contracts/enzyme"]
 	path = contracts/enzyme
 	url = https://github.com/enzymefinance/protocol.git
+    ignore = dirty
 [submodule "contracts/dhedge"]
 	path = contracts/dhedge
 	url = https://github.com/dhedge/V2-Public.git
@@ -25,3 +26,12 @@
 [submodule "contracts/1delta"]
 	path = contracts/1delta
 	url = https://github.com/1delta-DAO/contracts-delegation.git
+[submodule "contracts/guard/lib/forge-std"]
+	path = contracts/guard/lib/forge-std
+	url = https://github.com/foundry-rs/forge-std
+[submodule "contracts/guard/lib/openzeppelin-contracts"]
+	path = contracts/guard/lib/openzeppelin-contracts
+	url = https://github.com/OpenZeppelin/openzeppelin-contracts
+[submodule "contracts/terms-of-service"]
+	path = contracts/terms-of-service
+	url = https://github.com/tradingstrategy-ai/terms-of-service.git

CHANGELOG.md

@@ -1,8 +1,16 @@
 # Current
 
+- Bump web3.py to 6.12.x
+- Add [Terms of Service acceptance manager integration](https://github.com/tradingstrategy-ai/terms-of-service)
+- Add GuardV0 and SimpleVaultV0 implementations for creating safe automated asset managers
+- Added GuardV0 support for Enzyme vaults and generic adapters
 - Improve logging in `wait_and_broadcast_multiple_nodes` for post-mortem analysis
-- `hash(SignedTransactionWithNonce)` now is `SignedTransactionWithNonce.hash`, Ethereum transaction hash 
+- `hash(SignedTransactionWithNonce)` now is `SignedTransactionWithNonce.hash`, Ethereum transaction hash
 - Add 1delta price estimation helper `OneDeltaPriceHelper`
+- Improve various utility functions
+- Fix issues cleaning AST information from Enzyme contracts on certain UNIX shells
+- Fix log message in the fallback provider that if we have only a single 
+  provider don't call error handling "switching"
 
 # 0.24.6
 

Makefile

@@ -30,9 +30,33 @@ in-house: enzyme
 	    -o -name "VaultSpecificGenericAdapter.json" \
 	    -o -name "MockEIP3009Receiver.json" \
 	    -o -name "VaultUSDCPaymentForwarder.json" \
+	    -o -name "TermedVaultUSDCPaymentForwarder.json" \
+	    -o -name "GuardedGenericAdapter.json" \
 	    \) \
 	    -exec cp {} eth_defi/abi \;
 
+# Guard and simple vault contracts
+guard:
+	@mkdir -p eth_defi/abi/guard
+	@(cd contracts/guard && forge build)
+	@find contracts/guard/out \
+		\(  \
+		-name "GuardV0.json" \
+		-o \
+		-name "SimpleVaultV0.json" \
+		\) \
+		-exec cp {} eth_defi/abi/guard \;
+
+# Terms of service acceptance manager contract
+terms-of-service:
+	@mkdir -p eth_defi/abi/terms-of-service
+	@(cd contracts/terms-of-service && forge build)
+	@find contracts/terms-of-service/out \
+		\(  \
+		-name "TermsOfService.json" \
+		\) \
+		-exec cp {} eth_defi/abi/terms-of-service \;
+
 # Compile v3 core and periphery
 uniswapv3:
 	@(cd contracts/uniswap-v3-core && yarn install && yarn compile) > /dev/null
@@ -66,7 +90,8 @@ enzyme:
 	@(cd contracts/enzyme && forge build)
 	@mkdir -p eth_defi/abi/enzyme
 	@find contracts/enzyme/artifacts -iname "*.json" -exec cp {} eth_defi/abi/enzyme \;
-	@for abi_file in eth_defi/abi/enzyme/*.json ; do cat <<< $(jq 'del(.ast)' $abi_file) > $abi_file ; done
+	@scripts/clean-enzyme-abi.sh
+
 
 # Compile and copy dHEDGE
 # npm install also compiles the contracts here
@@ -101,7 +126,7 @@ clean-abi:
 # Compile all contracts we are using
 #
 # Move ABI files to within a Python package for PyPi distribution
-compile-projects-and-prepare-abi: clean-abi sushi in-house copy-uniswapv3-abi aavev3 enzyme dhedge centre 1delta
+compile-projects-and-prepare-abi: clean-abi sushi in-house guard copy-uniswapv3-abi aavev3 enzyme dhedge centre 1delta
 
 all: clean-docs compile-projects-and-prepare-abi build-docs
 

contracts/guard/.github/workflows/test.yml

@@ -0,0 +1,34 @@
+name: test
+
+on: workflow_dispatch
+
+env:
+  FOUNDRY_PROFILE: ci
+
+jobs:
+  check:
+    strategy:
+      fail-fast: true
+
+    name: Foundry project
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - name: Install Foundry
+        uses: foundry-rs/foundry-toolchain@v1
+        with:
+          version: nightly
+
+      - name: Run Forge build
+        run: |
+          forge --version
+          forge build --sizes
+        id: build
+
+      - name: Run Forge tests
+        run: |
+          forge test -vvv
+        id: test

contracts/guard/.gitignore

@@ -0,0 +1,14 @@
+# Compiler files
+cache/
+out/
+
+# Ignores development broadcast logs
+!/broadcast
+/broadcast/*/31337/
+/broadcast/**/dry-run/
+
+# Docs
+docs/
+
+# Dotenv file
+.env

contracts/guard/README.md

@@ -0,0 +1,48 @@
+# Guard and vault (prototype)
+
+This is a simple implementation of a guard smart contract and a vault smart contract
+
+- [GuardV0](./src/GuardV0.sol) can check whether an asset manager is allowed to do an action on behalf of the asset owners 
+- [SimpleVaultV0](./src/SimpleVaultV0.sol) is an example vault implementation with two roles
+  - Owner (who can withdraw assets)
+  - Asset manager (who can decide on trades)
+
+This code is prototype code for Trading Strategy Protocol Minimal Viable Product version
+and not indented for wider distribution.
+
+## Guard activities
+
+Guard will check for activities asset manager perform, all of them which need to be whitelisted by the owner: 
+- Any smart contract call (contract address, selector)
+- Whitelisted token (asset manager cannot trade into an unsupported token)
+- Withdrawal (transfer) of assets - assets can be only withdraw back to the owner
+- Uniswap v2 router swaps (approval + swap path)
+
+Guard can be used independently from the vault implementation.
+It can be used with any asset management protocol e.g. Enzyme.
+
+## Simple vault
+
+- The vault has a guard, an asset manager and an owner
+- Initially the vault is configured to allow withdrawals to the owner
+- Enabling asset manager allows perform trades
+- Each token needs to be separately whitelisted
+- Each router needs to be separately whitelisted
+
+Simple vault can be used as a layer of protection for cases where the hot wallet private key
+of the asset manager is compromised (asset manager can only perform legit trades, not withdraw any assets).
+
+## Supported protocols
+
+- Uniswap v2 compatibles
+- Uniswap v3 compatibles
+- Aave v3 compatibles (coming)
+- 1delta (coming)
+
+## Development
+
+Compiling
+
+```shell
+foundry build
+```

contracts/guard/foundry.toml

@@ -0,0 +1,6 @@
+[profile.default]
+src = "src"
+out = "out"
+libs = ["lib"]
+
+# See more config options https://github.com/foundry-rs/foundry/blob/master/crates/config/README.md#all-options

contracts/guard/remappings.txt

@@ -0,0 +1 @@
+@openzeppelin/=lib/openzeppelin-contracts/contracts

contracts/guard/script/Counter.s.sol

@@ -0,0 +1,12 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity ^0.8.13;
+
+import {Script, console2} from "forge-std/Script.sol";
+
+contract CounterScript is Script {
+    function setUp() public {}
+
+    function run() public {
+        vm.broadcast();
+    }
+}