This commit introduces a function `migrateToVault(address)` that allows
`StakeVault`s to migrate to other `StakeVault` instances.
The idea is that, when an upgrade was done on the stake manager, it
might introduces functions that can't be accessed through the stake
vaults that are out there.
Users will have to create new stake vault instances that provide the
necessary functionality.
`migrateToVault()` allows them to do so.
Closes#127
Originally, I just wanted to simplify the certora rule that,
when emergency mode is enabled, only a few selected functions can be
called.
Instead of listing all the view function as "allowed", I've moved to
using CVLs `isView` flag on the function under verification.
This however uncovered a violation where
`RewardsStreamerMP.registerVault` is allowed to be called in emergency
mode.
In theory there's no harm in registering a vault when the system is in
emergency mode, but semantically it doesn't really make sense.
`registerVault` has been accidentally added to `isViewFunction()`.
This commit fixes this by adding `onlyNotEmergencyMode` modifier to
`registerVault()`.
This commit introduces proxy clones to make create `StakeVault`s as
cheap as possible.
Major changes here are:
- Introduce `VaultFactory` which takes care of creating clones and
registering them with the stake manager
- Make `StakeVault` and `Initializable` so it can be used as a
"template" contract to later have proxies point to it
- Adjust the deployment script to also deploy `VaultFactory` and ensure
The proxy is whitelisted in the stake manager
- Make use of the new proxy clones in tests
- Add a test for `TrustedCodehashAccess` that ensures the proxy
whitelisting works and setting up a (malicious) proxy is not going to
work
Closes#101
This was some version of the staking contract for demonstration purposes
and is not actually used as we're working on `RewardStreamerMP` version,
which is aware of multiplier points.
Closes#84
This commit introduces a deployment script for the stake manager which
can later be extended to work with other networks.
The deployment script is also used inside our testsuite, ensuring it's
working as intended.
Closes#88
Whenever `account.lastMPupdateTime` is set, we also call
`_updateAccountMP()` before that, which never reverts, so the value set
there will never differ from the ones we set later explicitly.
Closes#80
As mentioned in #82, increasing `currentTime` by 1 second isn't enough
to actually create new MPs, so the test could return false positives.
This change increases the time between checks arbritraryly longer, such
that MPs would actually be created if the max MP wasn't reached.
Closes#82
This commit introduces changes related to vault registrations in the
stake manager.
The stake manager needs to keep track of the vaults a users creates so
it can aggregate accumulated MP across vaults for any given user.
The `StakeVault` now comes with a `register()` function which needs to
be called to register itself with the stake manager. `StakeManager` has
a new `onlyRegisteredVault` modifier that ensures only registered vaults
can actually `stake` and `unstake`.
Closes#70
If there's a malicious upgrade which causes a stack overflow error when
`leave()` is called, the user of the vault should still be able to get
their funds out.
This commit adds a test that proofs this is happening.
This function allows users to `leave()` the system if they can't or
don't want to trust the stake manager. This is the case when the owner
of the stake manager performs an upgrade.
In case of such an upgrade, the stake manager will be marked as not
trusted which prevents the user from staking, unstaking, locking etc.
The user can then either explicitly trust stake manager (will happen in
future changes) to enable the vault's functionality again, or, `leave()`
the system at which point it will try to perform a benign `leave()`
operation and then move the funds out of the vault.
Closes#66
This commit introduces upgradeability of the `RewardsStreamerMP`
contract by leveraging the UUPS pattern.
This means, for deployment, we have to first deploy an instance of
`RewardsStreamerMP` contract as a "template" logic contract and then
create a ERC1967Proxy that points to it.
The proxy ensures the implementation address is stored in a
deterministic storage slot.
This will later be leveraged by the `StakeVault` contract to implement
the functionality to leave the system in case there was a malicious
upgrade.
Closes#22
