Merge develop to main

.github/workflows/tests.yml

@@ -3,7 +3,6 @@ on:
   push:
     branches: [ main, staging, develop ]
   pull_request:
-    branches: [ main, staging, develop ]
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}

CHANGELOG.md

@@ -0,0 +1,33 @@
+# Changelog
+
+Notable changes to contracts.
+
+# Unreleased (0.3.0)
+
+BaseManaged:
+  - No direct ownership, instead has `onlyConfigHubOwner` modifier.
+  - `rescueTokens` removed. 
+  - All pausing removed.
+CollarTakerNFT, LoansNFT, EscrowSupplierNFT, CollarProviderNFT:
+  - Inheriting from updated BaseManaged (not ownable, not pausable).
+  - Different constructor interface. 
+  - Using `onlyConfigHubOwner` for admin methods.
+LoansNFT:
+  - removed the admin method for setting keeper, users can choose a keeper when approving
+CollarTakerNFT:
+  - `setOracle` is removed, and `settleAsCancelled` (for oracle failure) is added 
+CollarProviderNFT:
+  - `protocolFee` charges fee on full notional amount (cash value of loan input), and expects `callStrikePercent` argument.
+EscrowSupplierNFT:
+  - remove `loansCanOpen` and admin setter, and use canOpenPair on configHub for this auth instead
+Rolls:
+  - Update to use the updated protocolFee interface.
+  - Not inheriting from BaseManaged.
+  - Add `previewOffer` view 
+ConfigHub
+  - remove pause guardians
+  - make canOpenPair interface more loose to allow removing supplier's `loansCanOpen`    
+
+# 0.2.0 (All contracts)
+
+First version deployed to Base mainnet. 

devdocs/audits.briefing.md

@@ -1,23 +1,23 @@
-## 2024 Jan Scope:
+## 2025 Apr Scope:
 
 ```
 ------------------------------------------------------------------------------------------
 File                                        blank        comment           code
 ------------------------------------------------------------------------------------------
-src/LoansNFT.sol                              108            380            364
-src/EscrowSupplierNFT.sol                      75            230            270
-src/CollarTakerNFT.sol                         57            152            196
-src/Rolls.sol                                  54            205            196
-src/CollarProviderNFT.sol                      48            153            188
-src/ConfigHub.sol                              25             73             79
+src/LoansNFT.sol                              108            380            372
+src/EscrowSupplierNFT.sol                      72            227            262
+src/CollarTakerNFT.sol                         57            175            217
+src/CollarProviderNFT.sol                      55            176            199
+src/Rolls.sol                                  55            211            195
+src/ConfigHub.sol                              22             64             75
 src/CombinedOracle.sol                         14             40             56
 src/ChainlinkOracle.sol                        14             50             55
 src/SwapperUniV3.sol                            9             53             43
-src/base/BaseManaged.sol                       17             36             43
 src/base/BaseTakerOracle.sol                   14             57             34
-src/base/BaseNFT.sol                            8             13             24
+src/base/BaseManaged.sol                       14             22             25
+src/base/BaseNFT.sol                            7              9             16
 ------------------------------------------------------------------------------------------
-SUM:                                          443           1442           1548
+SUM:                                          441           1464           1549
 ------------------------------------------------------------------------------------------
 ```
 
@@ -30,7 +30,7 @@ SUM:                                          443           1442           1548
 - (for checklist use: check changes to https://github.com/d-xo/weird-erc20)
 
 ## Deployment Destinations
-Base and Arbitrum initially.
+Base, possibly Eth L1 later.
 
 ## Other Documentation
 - Solidity files comments contain the most up to date documentation 
@@ -40,8 +40,12 @@ Base and Arbitrum initially.
 ## Known Issues
 - Providers offers do not limit execution price (only strike percentages), nor have deadlines, and are expected to be actively managed.
 - No refund of protocol fee for position cancellations / rolls. Fee APR and roll frequency are assumed to be low, and rolls are assumed to be beneficial enough to users to be worth it. Accepted as low risk economic issue.
+- Protocol fee (charged from provider offer, on top of provider position) can be high relative to provider position's size, especially for smaller callStrikePercent.  
 - Because oracle prices undergo multiple conversions (feeds, tokens units), asset and price feed combinations w.r.t to decimals and price ranges (e.g., low price tokens) are assumed to be checked to allow sufficient precision.
 - In case of congestion, calls for `openPairedPosition` (`openLoan` that uses it), and rolls `executeRoll` can be executed at higher price than the user intended (if price is lower, `openLoan` and `executeRoll` have slippage protection, and `openPairedPosition` has better upside for the caller). This is accepted as low likelihood, and low impact: loss is small since short congestion will result in small price change vs. original intent, and long downtime may fail the oracle sequencer uptime check.
+- If an oracle becomes malicious, there isn't a way to "unset" it. ConfigHub can prevent opening new positions for that pair, but existing positions will remain vulnerable.
+- If a collar position is settled via `settleAsCancelled` (due an oracle malfunction, or no one calling regular settle for one week), the Loan using that position will still be possible to close, but the amount of underlying returned may not correspond well to current price (because the collar position will be settled at its opening price). The loan can also be cancelled if desired.    
+- Any tokens accidentally sent to any of the contracts cannot be rescued.
 - Issues and considerations explained in the Solidity comments and audit reports.
 
 ## Commonly Noted Non-issues (unless we're wrong, and they are)
@@ -58,13 +62,9 @@ Base and Arbitrum initially.
 - `minDuration` is at least 1 month.
 - `maxLTV` is reasonably far from 99.99% 
 
-## Owner privileges (for ownable contracts)
-- Can rescue tokens using `rescueTokens` **except** for the main asset of each contract: cannot rescue the cash asset from providerNFT or takerNFT, cannot rescue underlying from escrowNFT, cannot rescue takerNFT from loansNFT. Any asset can be rescued from Rolls.
-- Can pause and unpause all non-NFT user methods, including withdrawals, on each contract separately.
-- Can update the oracle address on the takerNFT.
-- Can update the loansNFT closing keeper address and allowed swappers.
-- Can update the values set in ConfigHub and replace the ConfigHub contract that's being used. This includes LTV range, durations range, protocol fee parameters, pause guardian addresses.
-- Can set what internal contracts are allowed to open positions (primarily via the ConfigHub).
+## ConfigHub's owner privileges (for BaseManaged contracts)
+- Can update the values set in ConfigHub and replace the ConfigHub contract that's being used. This includes what internal contracts are allowed to open positions, LTV range, durations range, protocol fee parameters.
+- Can update the loansNFT allowed swappers.
 
 ## Testing and POC
 - Install run tests excluding fork tests: `forge install && forge build && forge test --nmc Fork`

script/artifacts/8453/DEPRECATED-opbase_mainnet_collar_protocol_deployment-latest.json

@@ -0,0 +1,23 @@
+{
+  "configHub": "0x230158944A372dC8801DC112Ac565F59579E6b4e",
+  "0x4200000000000000000000000000000000000006_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_takerNFT": "0x68C5A88111b4d300734dBAECE7b16b809E712263",
+  "0x4200000000000000000000000000000000000006_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_providerNFT": "0x179ef7D08416CBeE440b50e63deEbc0b40770df3",
+  "0x4200000000000000000000000000000000000006_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_loansContract": "0x737837BCEA91Bb5b248bceF7A5Af3fCFD782B865",
+  "0x4200000000000000000000000000000000000006_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_escrowSupplierNFT": "0x8d1081e8A6E5c29Ec3E6bDFE4D09a622ef22c369",
+  "0x4200000000000000000000000000000000000006_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_rollsContract": "0x183C1bd07ab423A779F419A197618f94fAf8Efe7",
+  "0x4200000000000000000000000000000000000006_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_oracle": "0x6e084fEF7bbcd123Ed1932C2E89D8ABa7bB74BE4",
+  "0x4200000000000000000000000000000000000006_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_swapperUniV3": "0xCA8C969218c29A6A2F732E0a27a4EeB9217b318B",
+  "0x4200000000000000000000000000000000000006_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_cashAsset": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
+  "0x4200000000000000000000000000000000000006_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_underlying": "0x4200000000000000000000000000000000000006",
+  "0x4200000000000000000000000000000000000006_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_swapFeeTier": 500,
+  "0xcbB7C0000aB88B473b1f5aFd9ef808440eed33Bf_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_takerNFT": "0x28aff0dd8bb96E6cF4551bB1159B70746e84c072",
+  "0xcbB7C0000aB88B473b1f5aFd9ef808440eed33Bf_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_providerNFT": "0x9180d9CF00b772EA4CAB31e3b86886b561B3dd44",
+  "0xcbB7C0000aB88B473b1f5aFd9ef808440eed33Bf_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_loansContract": "0x117135AE96C46Fea950a487af224797011236609",
+  "0xcbB7C0000aB88B473b1f5aFd9ef808440eed33Bf_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_escrowSupplierNFT": "0xA6b0D40e218E29BA626eAD3da4E8F146027A802D",
+  "0xcbB7C0000aB88B473b1f5aFd9ef808440eed33Bf_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_rollsContract": "0xD243Ee8a96f56F0F28300aEba4e0D811f7550E16",
+  "0xcbB7C0000aB88B473b1f5aFd9ef808440eed33Bf_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_oracle": "0x688D5D1bBb6C9476ce9E838c78dE43DB9AB5E232",
+  "0xcbB7C0000aB88B473b1f5aFd9ef808440eed33Bf_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_swapperUniV3": "0x125A3CE7eB6a67ea29bC1E92Ce2b81962c4946dF",
+  "0xcbB7C0000aB88B473b1f5aFd9ef808440eed33Bf_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_cashAsset": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
+  "0xcbB7C0000aB88B473b1f5aFd9ef808440eed33Bf_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_underlying": "0xcbB7C0000aB88B473b1f5aFd9ef808440eed33Bf",
+  "0xcbB7C0000aB88B473b1f5aFd9ef808440eed33Bf_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_swapFeeTier": 500
+}

script/artifacts/8453/opbase_mainnet_collar_protocol_deployment-latest.json

@@ -1,22 +1,22 @@
 {
-  "configHub": "0x230158944A372dC8801DC112Ac565F59579E6b4e",
-  "0x4200000000000000000000000000000000000006_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_takerNFT": "0x68C5A88111b4d300734dBAECE7b16b809E712263",
-  "0x4200000000000000000000000000000000000006_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_providerNFT": "0x179ef7D08416CBeE440b50e63deEbc0b40770df3",
-  "0x4200000000000000000000000000000000000006_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_loansContract": "0x737837BCEA91Bb5b248bceF7A5Af3fCFD782B865",
-  "0x4200000000000000000000000000000000000006_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_escrowSupplierNFT": "0x8d1081e8A6E5c29Ec3E6bDFE4D09a622ef22c369",
-  "0x4200000000000000000000000000000000000006_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_rollsContract": "0x183C1bd07ab423A779F419A197618f94fAf8Efe7",
-  "0x4200000000000000000000000000000000000006_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_oracle": "0x6e084fEF7bbcd123Ed1932C2E89D8ABa7bB74BE4",
-  "0x4200000000000000000000000000000000000006_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_swapperUniV3": "0xCA8C969218c29A6A2F732E0a27a4EeB9217b318B",
+  "configHub": "0x9dF9982B320bBEf6930289E325B08be52B0da8Bb",
+  "0x4200000000000000000000000000000000000006_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_takerNFT": "0x674c357A26731874D3c1eAF2C00A1df4e0410121",
+  "0x4200000000000000000000000000000000000006_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_providerNFT": "0xdbC703F1DF19eC3f0A43461C84a8C31Db3C07b13",
+  "0x4200000000000000000000000000000000000006_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_loansContract": "0x149cee65F43913f21F2B72b4D45206fDE957E5E2",
+  "0x4200000000000000000000000000000000000006_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_escrowSupplierNFT": "0xF2c42a0707927d6582072aEAb7AcB8A700455676",
+  "0x4200000000000000000000000000000000000006_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_rollsContract": "0x5D189602FE891F56f00FA363BE1401291B4eb4CE",
+  "0x4200000000000000000000000000000000000006_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_oracle": "0xF8b51d10307f4076d43eD8646dFF0144AdBFd5b9",
+  "0x4200000000000000000000000000000000000006_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_swapperUniV3": "0x982214c1dEbABb12BA81a4CCe55412d0c50bAd34",
   "0x4200000000000000000000000000000000000006_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_cashAsset": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
   "0x4200000000000000000000000000000000000006_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_underlying": "0x4200000000000000000000000000000000000006",
   "0x4200000000000000000000000000000000000006_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_swapFeeTier": 500,
-  "0xcbB7C0000aB88B473b1f5aFd9ef808440eed33Bf_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_takerNFT": "0x28aff0dd8bb96E6cF4551bB1159B70746e84c072",
-  "0xcbB7C0000aB88B473b1f5aFd9ef808440eed33Bf_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_providerNFT": "0x9180d9CF00b772EA4CAB31e3b86886b561B3dd44",
-  "0xcbB7C0000aB88B473b1f5aFd9ef808440eed33Bf_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_loansContract": "0x117135AE96C46Fea950a487af224797011236609",
-  "0xcbB7C0000aB88B473b1f5aFd9ef808440eed33Bf_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_escrowSupplierNFT": "0xA6b0D40e218E29BA626eAD3da4E8F146027A802D",
-  "0xcbB7C0000aB88B473b1f5aFd9ef808440eed33Bf_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_rollsContract": "0xD243Ee8a96f56F0F28300aEba4e0D811f7550E16",
-  "0xcbB7C0000aB88B473b1f5aFd9ef808440eed33Bf_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_oracle": "0x688D5D1bBb6C9476ce9E838c78dE43DB9AB5E232",
-  "0xcbB7C0000aB88B473b1f5aFd9ef808440eed33Bf_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_swapperUniV3": "0x125A3CE7eB6a67ea29bC1E92Ce2b81962c4946dF",
+  "0xcbB7C0000aB88B473b1f5aFd9ef808440eed33Bf_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_takerNFT": "0x3Ec73f92aFE1F1FA862fA2d877e730221DF8065e",
+  "0xcbB7C0000aB88B473b1f5aFd9ef808440eed33Bf_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_providerNFT": "0xB560c3A66e0af8B08a4e5A290F8ea651bf9Dda4b",
+  "0xcbB7C0000aB88B473b1f5aFd9ef808440eed33Bf_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_loansContract": "0x67828bc77A84D12FbC8F0174797F2Aa9f2766cE8",
+  "0xcbB7C0000aB88B473b1f5aFd9ef808440eed33Bf_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_escrowSupplierNFT": "0x87C127D4413e67d38C25b543cF8fC2c4a5f2fBC3",
+  "0xcbB7C0000aB88B473b1f5aFd9ef808440eed33Bf_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_rollsContract": "0x9c7B346f85993F55c6fED828Cbcb93882B87060E",
+  "0xcbB7C0000aB88B473b1f5aFd9ef808440eed33Bf_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_oracle": "0xF286396153348974df4e7166619823e0230FF1EA",
+  "0xcbB7C0000aB88B473b1f5aFd9ef808440eed33Bf_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_swapperUniV3": "0x8886F99A7f38C4c3D1DbE48dAC62B3F2e33EC82f",
   "0xcbB7C0000aB88B473b1f5aFd9ef808440eed33Bf_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_cashAsset": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
   "0xcbB7C0000aB88B473b1f5aFd9ef808440eed33Bf_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_underlying": "0xcbB7C0000aB88B473b1f5aFd9ef808440eed33Bf",
   "0xcbB7C0000aB88B473b1f5aFd9ef808440eed33Bf_0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913_swapFeeTier": 500

script/artifacts/84532/DEPRECATED-opbase_sepolia_collar_protocol_deployment-latest.json

@@ -0,0 +1,23 @@
+{
+  "configHub": "0x30CaAe57aB5A0D5778277cB60a349344B710E254",
+  "0xA703Bb2faf4A977E9867DcbfC4c141c0a50F3Aec_0x17F5E1f30871D487612331d674765F610324a532_takerNFT": "0x6A6d7521c783D71855c0867D7710E3D95E677393",
+  "0xA703Bb2faf4A977E9867DcbfC4c141c0a50F3Aec_0x17F5E1f30871D487612331d674765F610324a532_providerNFT": "0xE58e48135fD1A8e16c141BD5C8Ce84537c2db135",
+  "0xA703Bb2faf4A977E9867DcbfC4c141c0a50F3Aec_0x17F5E1f30871D487612331d674765F610324a532_loansContract": "0x3Fa73aD9eC3527f1444283476CA74B81Cbb8e5b9",
+  "0xA703Bb2faf4A977E9867DcbfC4c141c0a50F3Aec_0x17F5E1f30871D487612331d674765F610324a532_escrowSupplierNFT": "0xc76a1bc79B876F8068fa695600c7A1A3E2f6545b",
+  "0xA703Bb2faf4A977E9867DcbfC4c141c0a50F3Aec_0x17F5E1f30871D487612331d674765F610324a532_rollsContract": "0x76850e70542CAbC29eeCCe74DE6d88340Ce4F55A",
+  "0xA703Bb2faf4A977E9867DcbfC4c141c0a50F3Aec_0x17F5E1f30871D487612331d674765F610324a532_oracle": "0xe86578D8feF3c70cB4FaccbD2DEbC66EA1d4B373",
+  "0xA703Bb2faf4A977E9867DcbfC4c141c0a50F3Aec_0x17F5E1f30871D487612331d674765F610324a532_swapperUniV3": "0x25911776584d581F5457e77eF868F6d1B9371882",
+  "0xA703Bb2faf4A977E9867DcbfC4c141c0a50F3Aec_0x17F5E1f30871D487612331d674765F610324a532_cashAsset": "0x17F5E1f30871D487612331d674765F610324a532",
+  "0xA703Bb2faf4A977E9867DcbfC4c141c0a50F3Aec_0x17F5E1f30871D487612331d674765F610324a532_underlying": "0xA703Bb2faf4A977E9867DcbfC4c141c0a50F3Aec",
+  "0xA703Bb2faf4A977E9867DcbfC4c141c0a50F3Aec_0x17F5E1f30871D487612331d674765F610324a532_swapFeeTier": 500,
+  "0x25361aD7C93F46e71434940d705815bD38BB0fa3_0x17F5E1f30871D487612331d674765F610324a532_takerNFT": "0x8f66ABE3012EB2B41429735723AFe8f577165f2E",
+  "0x25361aD7C93F46e71434940d705815bD38BB0fa3_0x17F5E1f30871D487612331d674765F610324a532_providerNFT": "0xA210d1B753f4c27567616Fc2526f7d049e71F981",
+  "0x25361aD7C93F46e71434940d705815bD38BB0fa3_0x17F5E1f30871D487612331d674765F610324a532_loansContract": "0x1807Fc1080D88d3a29aa01E9B975eB7967120d6d",
+  "0x25361aD7C93F46e71434940d705815bD38BB0fa3_0x17F5E1f30871D487612331d674765F610324a532_escrowSupplierNFT": "0x924E1c13B28f5C083Fa7a7972a14fF3A62011985",
+  "0x25361aD7C93F46e71434940d705815bD38BB0fa3_0x17F5E1f30871D487612331d674765F610324a532_rollsContract": "0xD821D17b2A32f651c58465EcDda97151bFCD1CF5",
+  "0x25361aD7C93F46e71434940d705815bD38BB0fa3_0x17F5E1f30871D487612331d674765F610324a532_oracle": "0x7e7a725FC89074E57b17977Cf5FAA867e619c64f",
+  "0x25361aD7C93F46e71434940d705815bD38BB0fa3_0x17F5E1f30871D487612331d674765F610324a532_swapperUniV3": "0x8b41cAdf6A85ff93De9946531d7C8867D6F83fB3",
+  "0x25361aD7C93F46e71434940d705815bD38BB0fa3_0x17F5E1f30871D487612331d674765F610324a532_cashAsset": "0x17F5E1f30871D487612331d674765F610324a532",
+  "0x25361aD7C93F46e71434940d705815bD38BB0fa3_0x17F5E1f30871D487612331d674765F610324a532_underlying": "0x25361aD7C93F46e71434940d705815bD38BB0fa3",
+  "0x25361aD7C93F46e71434940d705815bD38BB0fa3_0x17F5E1f30871D487612331d674765F610324a532_swapFeeTier": 500
+}