crowetic/protocol
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
protocol/contracts/governance/test/ZeroExVotesMigration.sol
Elena bcbfbfa16c
Decentralised governance of 0x protocol and treasury (#641) 
* Install open zeppelin contracts

* Init foundry in governance

* Add wrapped ZRX token

* Add governance contracts testing to CI

* Set optimizer runs to default

* Upgrade to patched version of openzeppelin/contracts

* Test stakingakng / unwrapping ZRX

* Init npm package

* Lint fix, removing lib from gitignore

* Add openzeppelin contracts git submodule for foundry

* Add vanilla governor contract

* Fix reference paths to imported packages

* Temporarily switch to using a mocked version of ZRX

* Ignore foundry's lib in link checker

* Fix a conflict in gitignore between forge lib adn built lib

* Upload governance code coverage report to coveralls

* Flesh out test scenarios for wrapping/unwrapping

* Add basic ERC20 name and symbol tests

* Wire in basic timelock controller and governor test setup

* Test basic governor properties

* Add basic voting power delegation tests

* Add proposal execution happy path test

* Split ERC20Votes logic between wrapped token
and ZeroExVotes contracts

* Exclude BaseTest from coverage in coveralls

* Add protocol specific governor with produciton governance settings

* Add a dedicated instance for the treasury governor
This is currently using the default 1 token 1 vote mechanism but will be migrated

* Add test for updating governance settings
for voting delay, voting period and proposal threshold

* Create seperate timelock contract instance for treasury and protocol

* Test updating the timlock min delay

* Set timelock delay to 2 days for protocol and 1 sec for treasury

* Remove timelock from treasury governor

* Refactor _checkpointsLookup to return entire Checkpoint
instad of just number of votes

* Update the totalSupply checkpoints updating logic

* Quadratic voting power transfers and delegations

* Fix workflow yaml

* Initialise ZeroExVotes behind a ERC1967Proxy
Test it cannot be reinitialised

* Remove obsoleted console.logs from test

* Storage pack Checkpoint enum

* Remove keeping track of total balances for voting

* Switch to using the foundry artifact in test

* Fix rebase issue

* Add timelock control over the treasury governor

* Add test for wrapped token transfer

* Emit separate events for changing linear and quadratic voting power

* Add the ability to cancel a proposal

* Limit the governors' cancel function to security council only

* Eject security council after a proposal is cancelled

* Add ability for governance to set the security council

* Merge the governors test suites into one reusable set of tests

* Add an empty test function to base test contract
to remove it from coverage reports. Fudge but no other way to ignore it in report

* Security council can rollback protocol upgrades

* Upgrade to solidity 0.8.19

* Move IZeroExGovernor to src

* Abstract Security council interface into its own

* Emit events when assigning and ejecting the security council

* Use a cast to bytes4 instead of LibBytes

Co-authored-by: duncancmt <1207590+duncancmt@users.noreply.github.com>

* Writing total supply checkpoints and setup of
quorum percentage of quadratic total supply for treasure governor

* Add test for transferring tokens when delegating

* Rename IZeroExSecurityCouncil to ISecurityCouncil

* Add security council restrictions to governors

* Remove obsolete overflow check

* Improve test coverage

* Upgrade open-zeppelin contracts to 4.8.2

* Test delegation by signature

* Test non security council requests
to rollback protocol changes cannot be executed

* Better revert messages

* Test correct interfaces are supported

* Remove obsoleted funciton

* Further test delegation by signature scenario

* Split the delegation functionality tests

* Add test for initialisation of voting contract

* Add test for reading checkpoints

* Update code comments

* Fix compilation warnings

* Run smt checker

* Add checkpoint tests

* Rename parameter in moveEntireVotingPower to match the one in movePartialVotingPower

* Switch moveEntireVotingPower to a more generic moveVotingPower implementation
as in the open-zeppelin contracts

* Install foundry earlier in CI

* Switch movePartialVotingPower to the generic moveVotingPower implementation

* Write totalSupplyCheckpoints via the generic _writeCheckpoint

* Add threshold for quadratic voting power

* Remove autoinserted code by OZ

* Add openzeppelin/contracts-upgradable

* Add initializable base to Voting contract

* Fix terminogy error in natspec

* Fix code comment

* Remove obsoleted overrides and add a missing modifier to moveVotingPower

* Remove amount check

Co-authored-by: duncancmt <1207590+duncancmt@users.noreply.github.com>

* Fix a calculation error and clean tests

* Update thresholds for treasury governor

* Fix testShouldNotBeAbleToDelegateWithSignatureAfterExpiry

* Update from @duncancmt

without "memory-safe" the IR optimizer produces significantly worse code and it disables the stack limit evader

Co-authored-by: duncancmt <1207590+duncancmt@users.noreply.github.com>

* Add onlyProxy to initializer

* Fix quadratic voting weight base

* Rename voting parameter for clarity

* Make addresses immutable (#680)

* Make addresses immutable

* Fix linting issues

---------

Co-authored-by: elenadimitrova <elena@arenabg.com>

* Prevent griefing by a malicious ZeroExVotes upgrade (#681)

* Gas optimization

* Minimal change to prevent malicious ZeroExVotes from griefing

* Add demonstration of griefing upgrade

* Fix rebase issues with tests

* Fix prettier issues

* Add checks to test

---------

Co-authored-by: elenadimitrova <elena@arenabg.com>

* Rename SecurityCouncil contract

* Add timestamp to delegator balance updates

* Make quadraticThreshold `immutable` for gas efficiency

* Remove the logic for ejecting security council

* Switch balance timestamp to be a block number

* Test votes migration for adding a new vote weight mechanism (#674)

* Add Emacs files to .gitignore

* Make some functions unproected to demonstrate a migration

* Add example (broken) migration

* Add migration test for voting logic

* Try to simplify tests

* Fix compilation errors

* Fix underflow test with new logic

* Flesh out migration test for voting

* Replace cube root library

* Fix stack too deep in coverage

---------

Co-authored-by: elenadimitrova <elena@arenabg.com>

* Change test case to testFail

* Update contracts/governance/test/ZeroExVotesMigration.sol

Co-authored-by: duncancmt <1207590+duncancmt@users.noreply.github.com>

---------

Co-authored-by: duncancmt <1207590+duncancmt@users.noreply.github.com>
Co-authored-by: Duncan Townsend <git@duncancmt.com>
2023-03-22 15:03:05 +02:00

216 lines
8.2 KiB
Solidity
Raw Blame History

// SPDX-License-Identifier: Apache-2.0
/*
Copyright 2023 ZeroEx Intl.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
pragma solidity ^0.8.19;
import {ZeroExVotes} from "../src/ZeroExVotes.sol";
import {SafeCast} from "@openzeppelin/utils/math/SafeCast.sol";
import {Math} from "@openzeppelin/utils/math/Math.sol";
import {CubeRoot} from "./CubeRoot.sol";
contract ZeroExVotesMigration is ZeroExVotes {
uint32 public migrationBlock;
constructor(address _token, uint256 _quadraticThreshold) ZeroExVotes(_token, _quadraticThreshold) {}
function initialize() public virtual override onlyProxy reinitializer(2) {
migrationBlock = uint32(block.number);
}
struct CheckpointMigration {
uint32 fromBlock;
uint96 votes;
uint96 quadraticVotes;
uint32 migratedVotes;
}
function _toMigration(Checkpoint storage ckpt) internal pure returns (CheckpointMigration storage result) {
assembly {
result.slot := ckpt.slot
}
}
function _toMigration(Checkpoint[] storage ckpt) internal pure returns (CheckpointMigration[] storage result) {
assembly {
result.slot := ckpt.slot
}
}
function getMigratedVotes(address account) public view returns (uint256) {
uint256 pos = _checkpoints[account].length;
if (pos == 0) {
return 0;
}
Checkpoint storage ckpt = _unsafeAccess(_checkpoints[account], pos - 1);
if (ckpt.fromBlock <= migrationBlock) {
return 0;
}
return _toMigration(ckpt).migratedVotes;
}
function getPastMigratedVotes(address account, uint256 blockNumber) public view returns (uint256) {
require(blockNumber < block.number, "ZeroExVotesMigration: block not yet mined");
if (blockNumber <= migrationBlock) {
return 0;
}
Checkpoint storage checkpoint = _checkpointsLookupStorage(_checkpoints[account], blockNumber);
if (checkpoint.fromBlock <= migrationBlock) {
return 0;
}
return _toMigration(checkpoint).migratedVotes;
}
function _checkpointsLookupStorage(
Checkpoint[] storage ckpts,
uint256 blockNumber
) internal view returns (Checkpoint storage result) {
// We run a binary search to look for the earliest checkpoint taken after `blockNumber`.
//
// Initially we check if the block is recent to narrow the search range.
// During the loop, the index of the wanted checkpoint remains in the range [low-1, high).
// With each iteration, either `low` or `high` is moved towards the middle of the range to maintain the
// invariant.
// - If the middle checkpoint is after `blockNumber`, we look in [low, mid)
// - If the middle checkpoint is before or equal to `blockNumber`, we look in [mid+1, high)
// Once we reach a single value (when low == high), we've found the right checkpoint at the index high-1, if not
// out of bounds (in which case we're looking too far in the past and the result is 0).
// Note that if the latest checkpoint available is exactly for `blockNumber`, we end up with an index that is
// past the end of the array, so we technically don't find a checkpoint after `blockNumber`, but it works out
// the same.
uint256 length = ckpts.length;
uint256 low = 0;
uint256 high = length;
if (length > 5) {
uint256 mid = length - Math.sqrt(length);
if (_unsafeAccess(ckpts, mid).fromBlock > blockNumber) {
high = mid;
} else {
low = mid + 1;
}
}
while (low < high) {
uint256 mid = Math.average(low, high);
if (_unsafeAccess(ckpts, mid).fromBlock > blockNumber) {
high = mid;
} else {
low = mid + 1;
}
}
// Leaving here for posterity this is the original OZ implementation which we've replaced
// return high == 0 ? 0 : _unsafeAccess(ckpts, high - 1).votes;
// Checkpoint memory checkpoint = high == 0 ? Checkpoint(0, 0, 0) : _unsafeAccess(ckpts, high - 1);
// return checkpoint;
// TODO: bad. very bad. only works on accident
if (high > 0) {
result = _unsafeAccess(ckpts, high - 1);
} else {
// suppress compiler warning, which really shouldn't be suppressed
assembly {
result.slot := 0xDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF
}
}
}
// TODO: we're not handling totalSupply
// TODO: need to return the migrated weight
function _writeCheckpoint(
Checkpoint[] storage ckpts,
function(uint256, uint256) view returns (uint256) op,
uint256 userBalance,
uint96 balanceLastUpdated,
uint256 delta
)
internal
virtual
override
returns (uint256 oldWeight, uint256 newWeight, uint256 oldQuadraticWeight, uint256 newQuadraticWeight)
{
uint256 pos = ckpts.length;
CheckpointMigration memory oldCkpt = pos == 0
? CheckpointMigration(0, 0, 0, 0)
: _toMigration(_unsafeAccess(ckpts, pos - 1));
oldWeight = oldCkpt.votes;
newWeight = op(oldWeight, delta);
oldQuadraticWeight = oldCkpt.quadraticVotes;
if (pos > 0) {
deductOldWeightFromCheckpoint(oldCkpt, userBalance, balanceLastUpdated);
}
// if wallet > threshold, calculate quadratic power over the treshold only, below threshold is linear
uint256 newBalance = op(userBalance, delta);
uint256 newQuadraticBalance = newBalance <= quadraticThreshold
? newBalance
: quadraticThreshold + Math.sqrt((newBalance - quadraticThreshold) * 1e18);
newQuadraticWeight = oldCkpt.quadraticVotes + newQuadraticBalance;
uint256 newMigratedWeight = oldCkpt.migratedVotes + CubeRoot.cbrt(newBalance);
if (pos > 0 && oldCkpt.fromBlock == block.number) {
addCheckpoint(ckpts, pos, newWeight, newQuadraticWeight, newMigratedWeight);
} else {
_toMigration(ckpts).push(
CheckpointMigration({
fromBlock: SafeCast.toUint32(block.number),
votes: SafeCast.toUint96(newWeight),
quadraticVotes: SafeCast.toUint96(newQuadraticWeight),
migratedVotes: SafeCast.toUint32(newMigratedWeight)
})
);
}
}
function deductOldWeightFromCheckpoint(
CheckpointMigration memory oldCkpt,
uint256 userBalance,
uint96 balanceLastUpdated
) internal {
// Remove the entire sqrt userBalance from quadratic voting power.
// Note that `userBalance` is value _after_ transfer.
uint256 oldQuadraticVotingPower = userBalance <= quadraticThreshold
? userBalance
: quadraticThreshold + Math.sqrt((userBalance - quadraticThreshold) * 1e18);
oldCkpt.quadraticVotes -= SafeCast.toUint96(oldQuadraticVotingPower);
if (balanceLastUpdated > migrationBlock) {
oldCkpt.migratedVotes -= SafeCast.toUint32(CubeRoot.cbrt(userBalance));
}
}
function addCheckpoint(
Checkpoint[] storage ckpts,
uint256 pos,
uint256 newWeight,
uint256 newQuadraticWeight,
uint256 newMigratedWeight
) internal {
CheckpointMigration storage chpt = _toMigration(_unsafeAccess(ckpts, pos - 1));
chpt.votes = SafeCast.toUint96(newWeight);
chpt.quadraticVotes = SafeCast.toUint96(newQuadraticWeight);
chpt.migratedVotes = SafeCast.toUint32(newMigratedWeight);
}
}
Reference in New Issue View Git Blame Copy Permalink