From 053b186777b58aeecc91b627c6ebe6f43ae7b276 Mon Sep 17 00:00:00 2001 From: Lasse Herskind <16536249+LHerskind@users.noreply.github.com> Date: Mon, 31 May 2021 16:46:44 +0200 Subject: [PATCH] feat: Add contracts for static aToken with liquidity mining --- .../libraries/math/RayMathNoRounding.sol | 28 + .../protocol/tokenization/StaticATokenLM.sol | 573 ++++++++++++++++++ 2 files changed, 601 insertions(+) create mode 100644 contracts/protocol/libraries/math/RayMathNoRounding.sol create mode 100644 contracts/protocol/tokenization/StaticATokenLM.sol diff --git a/contracts/protocol/libraries/math/RayMathNoRounding.sol b/contracts/protocol/libraries/math/RayMathNoRounding.sol new file mode 100644 index 00000000..907d8693 --- /dev/null +++ b/contracts/protocol/libraries/math/RayMathNoRounding.sol @@ -0,0 +1,28 @@ +// SPDX-License-Identifier: agpl-3.0 +pragma solidity 0.6.12; +pragma experimental ABIEncoderV2; + +import {Errors} from '../helpers/Errors.sol'; + +library RayMathNoRounding { + uint256 internal constant RAY = 1e27; + uint256 internal constant WAD_RAY_RATIO = 1e9; + + function rayMulNoRounding(uint256 a, uint256 b) internal pure returns (uint256) { + if (a == 0 || b == 0) { + return 0; + } + require(a <= type(uint256).max / b, Errors.MATH_MULTIPLICATION_OVERFLOW); + return (a * b) / RAY; + } + + function rayDivNoRounding(uint256 a, uint256 b) internal pure returns (uint256) { + require(b != 0, Errors.MATH_DIVISION_BY_ZERO); + require(a <= (type(uint256).max) / RAY, Errors.MATH_MULTIPLICATION_OVERFLOW); + return (a * RAY) / b; + } + + function rayToWadNoRounding(uint256 a) internal pure returns (uint256) { + return a / WAD_RAY_RATIO; + } +} diff --git a/contracts/protocol/tokenization/StaticATokenLM.sol b/contracts/protocol/tokenization/StaticATokenLM.sol new file mode 100644 index 00000000..e22aa3e9 --- /dev/null +++ b/contracts/protocol/tokenization/StaticATokenLM.sol @@ -0,0 +1,573 @@ +// SPDX-License-Identifier: agpl-3.0 +pragma solidity 0.6.12; +pragma experimental ABIEncoderV2; + +import {ILendingPool} from '../../interfaces/ILendingPool.sol'; +import {IERC20} from '../../dependencies/openzeppelin/contracts/IERC20.sol'; +import {ERC20} from '../../dependencies/openzeppelin/contracts/ERC20.sol'; +import {SafeERC20} from '../../dependencies/openzeppelin/contracts/SafeERC20.sol'; +import {WadRayMath} from '../../protocol/libraries/math/WadRayMath.sol'; +import {RayMathNoRounding} from '../../protocol/libraries/math/RayMathNoRounding.sol'; + +import {SafeMath} from '../../dependencies/openzeppelin/contracts/SafeMath.sol'; + +interface IAaveIncentivesController { + function claimRewards( + address[] calldata assets, + uint256 amount, + address to + ) external returns (uint256); + + function REWARD_TOKEN() external view returns (address); +} + +interface IAToken is IERC20 { + function POOL() external view returns (ILendingPool); + + function UNDERLYING_ASSET_ADDRESS() external view returns (address); + + function getIncentivesController() external view returns (IAaveIncentivesController); +} + +contract StaticATokenLM is ERC20 { + using SafeERC20 for IERC20; + using SafeMath for uint256; + using WadRayMath for uint256; + using RayMathNoRounding for uint256; + + struct SignatureParams { + uint8 v; + bytes32 r; + bytes32 s; + } + + bytes public constant EIP712_REVISION = bytes('1'); + bytes32 internal constant EIP712_DOMAIN = + keccak256('EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)'); + bytes32 public constant PERMIT_TYPEHASH = + keccak256('Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)'); + bytes32 public constant METADEPOSIT_TYPEHASH = + keccak256( + 'Deposit(address depositor,address recipient,uint256 value,uint16 referralCode,bool fromUnderlying,uint256 nonce,uint256 deadline)' + ); + bytes32 public constant METAWITHDRAWAL_TYPEHASH = + keccak256( + 'Withdraw(address owner,address recipient,uint256 staticAmount,uint256 dynamicAmount,bool toUnderlying,uint256 nonce,uint256 deadline)' + ); + + ILendingPool public immutable LENDING_POOL; + IERC20 public immutable ATOKEN; + IERC20 public immutable ASSET; + + mapping(address => uint256) public _nonces; + + // Handling Liquidity Mining incentives. Unclear how we can handle multiple reward assets + uint256 public accRewardstokenPerShare; + uint256 public lastRewardBlock; + mapping(address => uint256) public rewardDebts; //Rays + mapping(address => uint256) public unclaimedRewards; //Rays + IAaveIncentivesController internal _incentivesController; + + // TODO: Implement the ability to change this. Should probably be a list of the reward tokens, [first, second, third...], where we can loop backwards to see if a user gas been there since before a change. + address public immutable currentRewardToken; + + constructor( + ILendingPool lendingPool, + address aToken, + string memory wrappedTokenName, + string memory wrappedTokenSymbol + ) public ERC20(wrappedTokenName, wrappedTokenSymbol) { + LENDING_POOL = lendingPool; + ATOKEN = IERC20(aToken); + + IERC20 underlyingAsset = IERC20(IAToken(aToken).UNDERLYING_ASSET_ADDRESS()); + ASSET = underlyingAsset; + underlyingAsset.approve(address(lendingPool), type(uint256).max); // Could an attacker max this out with flashminting or so? + + _incentivesController = IAToken(aToken).getIncentivesController(); + currentRewardToken = _incentivesController.REWARD_TOKEN(); + } + + /** + * @dev Deposits `ASSET` in the Aave protocol and mints static aTokens to msg.sender + * @param recipient The address that will receive the static aTokens + * @param amount The amount of underlying `ASSET` to deposit (e.g. deposit of 100 USDC) + * @param referralCode Code used to register the integrator originating the operation, for potential rewards. + * 0 if the action is executed directly by the user, without any middle-man + * @param fromUnderlying bool + * - `true` if the msg.sender comes with underlying tokens (e.g. USDC) + * - `false` if the msg.sender comes already with aTokens (e.g. aUSDC) + * @return uint256 The amount of StaticAToken minted, static balance + **/ + function deposit( + address recipient, + uint256 amount, + uint16 referralCode, + bool fromUnderlying + ) external returns (uint256) { + return _deposit(msg.sender, recipient, amount, referralCode, fromUnderlying); + } + + /** + * @dev Burns `amount` of static aToken, with recipient receiving the corresponding amount of `ASSET` + * @param recipient The address that will receive the amount of `ASSET` withdrawn from the Aave protocol + * @param amount The amount to withdraw, in static balance of StaticAToken + * @param toUnderlying bool + * - `true` for the recipient to get underlying tokens (e.g. USDC) + * - `false` for the recipient to get aTokens (e.g. aUSDC) + * @return amountToBurn: StaticATokens burnt, static balance + * @return amountToWithdraw: underlying/aToken send to `recipient`, dynamic balance + **/ + function withdraw( + address recipient, + uint256 amount, + bool toUnderlying + ) external returns (uint256, uint256) { + return _withdraw(msg.sender, recipient, amount, 0, toUnderlying); + } + + /** + * @dev Burns `amount` of static aToken, with recipient receiving the corresponding amount of `ASSET` + * @param recipient The address that will receive the amount of `ASSET` withdrawn from the Aave protocol + * @param amount The amount to withdraw, in dynamic balance of aToken/underlying asset + * @param toUnderlying bool + * - `true` for the recipient to get underlying tokens (e.g. USDC) + * - `false` for the recipient to get aTokens (e.g. aUSDC) + * @return amountToBurn: StaticATokens burnt, static balance + * @return amountToWithdraw: underlying/aToken send to `recipient`, dynamic balance + **/ + function withdrawDynamicAmount( + address recipient, + uint256 amount, + bool toUnderlying + ) external returns (uint256, uint256) { + return _withdraw(msg.sender, recipient, 0, amount, toUnderlying); + } + + /** + * @dev Implements the permit function as for + * https://github.com/ethereum/EIPs/blob/8a34d644aacf0f9f8f00815307fd7dd5da07655f/EIPS/eip-2612.md + * @param owner The owner of the funds + * @param spender The spender + * @param value The amount + * @param deadline The deadline timestamp, type(uint256).max for max deadline + * @param v Signature param + * @param s Signature param + * @param r Signature param + * @param chainId Passing the chainId in order to be fork-compatible + */ + function permit( + address owner, + address spender, + uint256 value, + uint256 deadline, + uint8 v, + bytes32 r, + bytes32 s, + uint256 chainId + ) external { + require(owner != address(0), 'INVALID_OWNER'); + //solium-disable-next-line + require(block.timestamp <= deadline, 'INVALID_EXPIRATION'); + uint256 currentValidNonce = _nonces[owner]; + bytes32 digest = + keccak256( + abi.encodePacked( + '\x19\x01', + getDomainSeparator(chainId), + keccak256(abi.encode(PERMIT_TYPEHASH, owner, spender, value, currentValidNonce, deadline)) + ) + ); + require(owner == ecrecover(digest, v, r, s), 'INVALID_SIGNATURE'); + _nonces[owner] = currentValidNonce.add(1); + _approve(owner, spender, value); + } + + /** + * @dev Allows to deposit on Aave via meta-transaction + * https://github.com/ethereum/EIPs/blob/8a34d644aacf0f9f8f00815307fd7dd5da07655f/EIPS/eip-2612.md + * @param depositor Address from which the funds to deposit are going to be pulled + * @param recipient Address that will receive the staticATokens, in the average case, same as the `depositor` + * @param value The amount to deposit + * @param referralCode Code used to register the integrator originating the operation, for potential rewards. + * 0 if the action is executed directly by the user, without any middle-man + * @param fromUnderlying bool + * - `true` if the msg.sender comes with underlying tokens (e.g. USDC) + * - `false` if the msg.sender comes already with aTokens (e.g. aUSDC) + * @param deadline The deadline timestamp, type(uint256).max for max deadline + * @param sigParams Signature params: v,r,s + * @param chainId Passing the chainId in order to be fork-compatible + * @return uint256 The amount of StaticAToken minted, static balance + */ + function metaDeposit( + address depositor, + address recipient, + uint256 value, + uint16 referralCode, + bool fromUnderlying, + uint256 deadline, + SignatureParams calldata sigParams, + uint256 chainId + ) external returns (uint256) { + require(depositor != address(0), 'INVALID_DEPOSITOR'); + //solium-disable-next-line + require(block.timestamp <= deadline, 'INVALID_EXPIRATION'); + uint256 currentValidNonce = _nonces[depositor]; + bytes32 digest = + keccak256( + abi.encodePacked( + '\x19\x01', + getDomainSeparator(chainId), + keccak256( + abi.encode( + METADEPOSIT_TYPEHASH, + depositor, + recipient, + value, + referralCode, + fromUnderlying, + currentValidNonce, + deadline + ) + ) + ) + ); + require( + depositor == ecrecover(digest, sigParams.v, sigParams.r, sigParams.s), + 'INVALID_SIGNATURE' + ); + _nonces[depositor] = currentValidNonce.add(1); + _deposit(depositor, recipient, value, referralCode, fromUnderlying); + } + + /** + * @dev Allows to withdraw from Aave via meta-transaction + * https://github.com/ethereum/EIPs/blob/8a34d644aacf0f9f8f00815307fd7dd5da07655f/EIPS/eip-2612.md + * @param owner Address owning the staticATokens + * @param recipient Address that will receive the underlying withdrawn from Aave + * @param staticAmount The amount of staticAToken to withdraw. If > 0, `dynamicAmount` needs to be 0 + * @param dynamicAmount The amount of underlying/aToken to withdraw. If > 0, `staticAmount` needs to be 0 + * @param toUnderlying bool + * - `true` for the recipient to get underlying tokens (e.g. USDC) + * - `false` for the recipient to get aTokens (e.g. aUSDC) + * @param deadline The deadline timestamp, type(uint256).max for max deadline + * @param sigParams Signature params: v,r,s + * @param chainId Passing the chainId in order to be fork-compatible + * @return amountToBurn: StaticATokens burnt, static balance + * @return amountToWithdraw: underlying/aToken send to `recipient`, dynamic balance + */ + function metaWithdraw( + address owner, + address recipient, + uint256 staticAmount, + uint256 dynamicAmount, + bool toUnderlying, + uint256 deadline, + SignatureParams calldata sigParams, + uint256 chainId + ) external returns (uint256, uint256) { + require(owner != address(0), 'INVALID_OWNER'); + //solium-disable-next-line + require(block.timestamp <= deadline, 'INVALID_EXPIRATION'); + uint256 currentValidNonce = _nonces[owner]; + bytes32 digest = + keccak256( + abi.encodePacked( + '\x19\x01', + getDomainSeparator(chainId), + keccak256( + abi.encode( + METAWITHDRAWAL_TYPEHASH, + owner, + recipient, + staticAmount, + dynamicAmount, + toUnderlying, + currentValidNonce, + deadline + ) + ) + ) + ); + + require(owner == ecrecover(digest, sigParams.v, sigParams.r, sigParams.s), 'INVALID_SIGNATURE'); + _nonces[owner] = currentValidNonce.add(1); + return _withdraw(owner, recipient, staticAmount, dynamicAmount, toUnderlying); + } + + /** + * @dev Utility method to get the current aToken balance of an user, from his staticAToken balance + * @param account The address of the user + * @return uint256 The aToken balance + **/ + function dynamicBalanceOf(address account) external view returns (uint256) { + return _staticToDynamicAmount(balanceOf(account), rate()); + } + + /** + * @dev Converts a static amount (scaled balance on aToken) to the aToken/underlying value, + * using the current liquidity index on Aave + * @param amount The amount to convert from + * @return uint256 The dynamic amount + **/ + function staticToDynamicAmount(uint256 amount) public view returns (uint256) { + return _staticToDynamicAmount(amount, rate()); + } + + /** + * @dev Converts an aToken or underlying amount to the what it is denominated on the aToken as + * scaled balance, function of the principal and the liquidity index + * @param amount The amount to convert from + * @return uint256 The static (scaled) amount + **/ + function dynamicToStaticAmount(uint256 amount) public view returns (uint256) { + return _dynamicToStaticAmount(amount, rate()); + } + + /** + * @dev Returns the Aave liquidity index of the underlying aToken, denominated rate here + * as it can be considered as an ever-increasing exchange rate + * @return bytes32 The domain separator + **/ + function rate() public view returns (uint256) { + return LENDING_POOL.getReserveNormalizedIncome(address(ASSET)); + } + + /** + * @dev Function to return a dynamic domain separator, in order to be compatible with forks changing chainId + * @param chainId The chain id + * @return bytes32 The domain separator + **/ + function getDomainSeparator(uint256 chainId) public view returns (bytes32) { + return + keccak256( + abi.encode( + EIP712_DOMAIN, + keccak256(bytes(name())), + keccak256(EIP712_REVISION), + chainId, + address(this) + ) + ); + } + + function _dynamicToStaticAmount(uint256 amount, uint256 rate) internal pure returns (uint256) { + return amount.rayDiv(rate); + } + + function _staticToDynamicAmount(uint256 amount, uint256 rate) internal pure returns (uint256) { + return amount.rayMul(rate); + } + + function _deposit( + address depositor, + address recipient, + uint256 amount, + uint16 referralCode, + bool fromUnderlying + ) internal returns (uint256) { + require(recipient != address(0), 'INVALID_RECIPIENT'); + updateRewards(); + + _updateUnclaimedRewards(recipient); + + if (fromUnderlying) { + ASSET.safeTransferFrom(depositor, address(this), amount); + LENDING_POOL.deposit(address(ASSET), amount, address(this), referralCode); + } else { + ATOKEN.safeTransferFrom(depositor, address(this), amount); + } + uint256 amountToMint = _dynamicToStaticAmount(amount, rate()); + _mint(recipient, amountToMint); + + _updateRewardDebt(recipient, balanceOf(recipient)); + + return amountToMint; + } + + function _withdraw( + address owner, + address recipient, + uint256 staticAmount, + uint256 dynamicAmount, + bool toUnderlying + ) internal returns (uint256, uint256) { + require(recipient != address(0), 'INVALID_RECIPIENT'); + require(staticAmount == 0 || dynamicAmount == 0, 'ONLY_ONE_AMOUNT_FORMAT_ALLOWED'); + updateRewards(); + + _updateUnclaimedRewards(owner); + + uint256 userBalance = balanceOf(owner); + + uint256 amountToWithdraw; + uint256 amountToBurn; + + uint256 currentRate = rate(); + if (staticAmount > 0) { + amountToBurn = (staticAmount > userBalance) ? userBalance : staticAmount; + amountToWithdraw = (staticAmount > userBalance) + ? _staticToDynamicAmount(userBalance, currentRate) + : _staticToDynamicAmount(staticAmount, currentRate); + } else { + uint256 dynamicUserBalance = _staticToDynamicAmount(userBalance, currentRate); + amountToWithdraw = (dynamicAmount > dynamicUserBalance) ? dynamicUserBalance : dynamicAmount; + amountToBurn = _dynamicToStaticAmount(amountToWithdraw, currentRate); + } + + _burn(owner, amountToBurn); + + if (toUnderlying) { + LENDING_POOL.withdraw(address(ASSET), amountToWithdraw, recipient); + } else { + ATOKEN.safeTransfer(recipient, amountToWithdraw); + } + + _updateRewardDebt(owner, balanceOf(owner)); + return (amountToBurn, amountToWithdraw); + } + + /** + * @dev Updates rewards for senders and receiver in a transfer (no mint or burn) + * @param from The address of the sender of tokens + * @param to The address of the receiver of tokens + * @param amount The amount of tokens to transfer in WAD + */ + function _beforeTokenTransfer( + address from, + address to, + uint256 amount + ) internal override { + // Only enter when not minting or burning. + if (from != address(0) && to != address(0)) { + // The rewards not claimed to the contract yet is transferrred to the buyer as well. + // Often the recent rewards < gas, so only needed for whales to run updateClaim before it + + // Pay out rewards (from) + _updateUnclaimedRewards(from); + _updateRewardDebt(from, balanceOf(from).sub(amount)); + + // Pay out rewards (to) + _updateUnclaimedRewards(to); + _updateRewardDebt(to, balanceOf(to).add(amount)); + } + } + + /** + * @dev Claims rewards from the `_incentivesController` and update `accRewardstokenPerShare` + */ + function updateRewards() public { + // Only need to claim rewards when once per block. Check with the _incentivesController + if (block.number > lastRewardBlock) { + lastRewardBlock = block.number; + uint256 _supply = totalSupply(); + if (_supply == 0) { + return; + } + + address[] memory assets = new address[](1); + assets[0] = address(ATOKEN); + + uint256 freshReward = + _incentivesController.claimRewards(assets, type(uint256).max, address(this)).wadToRay(); + accRewardstokenPerShare = accRewardstokenPerShare.add( + freshReward.rayDivNoRounding(_supply.wadToRay()) + ); + } + } + + /** + * @dev Update the rewards and claim rewards + * @param user The address of the user to claim rewards for + */ + function updateAndClaimRewards(address user) public { + updateRewards(); + claimRewards(user); + } + + /** + * @dev Claim rewards without retrieving the latest accrued rewards + * makes sense for small holders + * @param user The address of the user to claim rewards for + */ + function claimRewards(address user) public { + // Claim rewards without collecting the latest rewards + uint256 balance = balanceOf(user); + uint256 reward = _getClaimableRewards(user, balance); // Remember that this is converting to wad + if (reward > 0) { + unclaimedRewards[user] = 0; + _safeRewardTransfer(user, reward); + _updateRewardDebt(user, balance); + } + } + + /** + * @dev Safe transfer of the rewards, taking into account rounding errors to + * allow the last user to retrieve funds if 1 wei off etc + * @param to The address to receive rewards + * @param amount The amount of rewards to receive in WAD + */ + function _safeRewardTransfer(address to, uint256 amount) internal { + uint256 rewardBal = IERC20(currentRewardToken).balanceOf(address(this)); + if (amount > rewardBal) { + IERC20(currentRewardToken).safeTransfer(to, rewardBal); + } else { + IERC20(currentRewardToken).safeTransfer(to, amount); + } + } + + /** + * @dev Update the rewardDebt for a user with balance as his balance + * @param user The user to update + * @param balance The balance of the user + */ + function _updateRewardDebt(address user, uint256 balance) internal { + // If we round down here, we could underestimate the debt, thereby paying out too much. Better to overestimate. + uint256 rayBalance = balance.wadToRay(); + rewardDebts[user] = rayBalance.rayMul(accRewardstokenPerShare); + } + + /** + * @dev Adding the pending rewards to the unclaimed for specific user + * @param user The address of the user to update + */ + function _updateUnclaimedRewards(address user) internal { + uint256 balance = balanceOf(user); + if (balance > 0) { + uint256 pending = _getPendingRewards(user, balance); + unclaimedRewards[user] = unclaimedRewards[user].add(pending); + } + } + + /** + * @dev Compute the pending in RAY (rounded down). Pending is the amount to add (not yet unclaimed) rewards in RAY (rounded down). + * @param user The user to compute for + * @param balance The balance of the user + * @return The amound of pending rewards in RAY + */ + function _getPendingRewards(address user, uint256 balance) internal view returns (uint256) { + // Compute the pending rewards in ray, rounded down. + uint256 rayBalance = balance.wadToRay(); + uint256 _reward = rayBalance.rayMulNoRounding(accRewardstokenPerShare); + uint256 _debt = rewardDebts[user]; + if (_reward > _debt) { + // Safe because line above + return _reward - _debt; + } + return 0; + } + + function _getClaimableRewards(address user, uint256 balance) internal view returns (uint256) { + uint256 reward = unclaimedRewards[user].add(_getPendingRewards(user, balance)); + return reward.rayToWadNoRounding(); + } + + /** + * @dev Get the total claimable rewards for a user in WAD + * @param user The address of the user + * @return The claimable amount of rewards in WAD + */ + function getClaimableRewards(address user) public view returns (uint256) { + return _getClaimableRewards(user, balanceOf(user)); + } +}