ManagerWithMerkleVerification

Inherits: Auth

State Variables

manageRoot

A merkle tree root that restricts what data can be passed to the BoringVault.

Maps a strategist address to their specific merkle root.

*Each leaf is composed of the keccak256 hash of abi.encodePacked {decodersAndSanitizer, target, valueIsNonZero, selector, argumentAddress_0, ...., argumentAddress_N} Where:

• decodersAndSanitizer is the address to call to extract packed address arguments from the calldata

• target is the address to make the call to

• valueIsNonZero is a bool indicating whether or not the value is non-zero

• selector is the function selector on target

• argumentAddress is each allowed address argument in that call*

mapping(address => bytes32) public manageRoot;

performingFlashLoan

Bool indicating whether or not this contract is actively performing a flash loan.

Used to block flash loans that are initiated outside a manage call.

bool internal performingFlashLoan;

flashLoanIntentHash

keccak256 hash of flash loan data.

bytes32 internal flashLoanIntentHash = bytes32(0);

isPaused

Used to pause calls to manageVaultWithMerkleVerification.

bool public isPaused;

vault

The BoringVault this contract can manage.

BoringVault public immutable vault;

balancerVault

The balancer vault this contract can use for flash loans.

BalancerVault public immutable balancerVault;

Functions

constructor

constructor(address _owner, address _vault, address _balancerVault) Auth(_owner, Authority(address(0)));

setManageRoot

Sets the manageRoot.

Callable by OWNER_ROLE.

function setManageRoot(address strategist, bytes32 _manageRoot) external requiresAuth;

pause

Pause this contract, which prevents future calls to manageVaultWithMerkleVerification.

Callable by MULTISIG_ROLE.

function pause() external requiresAuth;

unpause

Unpause this contract, which allows future calls to manageVaultWithMerkleVerification.

Callable by MULTISIG_ROLE.

function unpause() external requiresAuth;

manageVaultWithMerkleVerification

Allows strategist to manage the BoringVault.

The strategist must provide a merkle proof for every call that verifiees they are allowed to make that call.

Callable by MANAGER_INTERNAL_ROLE.

Callable by STRATEGIST_ROLE.

Callable by MICRO_MANAGER_ROLE.

function manageVaultWithMerkleVerification(
    bytes32[][] calldata manageProofs,
    address[] calldata decodersAndSanitizers,
    address[] calldata targets,
    bytes[] calldata targetData,
    uint256[] calldata values
)
    external
    requiresAuth;

flashLoan

In order to perform a flash loan,

1. Merkle root must contain the leaf(address(this), this.flashLoan.selector, ARGUMENT_ADDRESSES ...)

2. Strategist must initiate the flash loan using manageVaultWithMerkleVerification

3. balancerVault MUST callback to this contract with the same userData

function flashLoan(
    address recipient,
    address[] calldata tokens,
    uint256[] calldata amounts,
    bytes calldata userData
)
    external;

receiveFlashLoan

Add support for balancer flash loans.

userData can optionally have salt encoded at the end of it, in order to change the intentHash, if a flash loan is exact userData is being repeated, and their is fear of 3rd parties front-running the rebalance.

function receiveFlashLoan(
    address[] calldata tokens,
    uint256[] calldata amounts,
    uint256[] calldata feeAmounts,
    bytes calldata userData
)
    external;

_verifyCallData

Helper function to decode, sanitize, and verify call data.

function _verifyCallData(
    bytes32 currentManageRoot,
    bytes32[] calldata manageProof,
    address decoderAndSanitizer,
    address target,
    uint256 value,
    bytes calldata targetData
)
    internal
    view;

_verifyManageProof

Helper function to verify a manageProof is valid.

function _verifyManageProof(
    bytes32 root,
    bytes32[] calldata proof,
    address target,
    address decoderAndSanitizer,
    uint256 value,
    bytes4 selector,
    bytes memory packedArgumentAddresses
)
    internal
    pure
    returns (bool);

Events

ManageRootUpdated

event ManageRootUpdated(address indexed strategist, bytes32 oldRoot, bytes32 newRoot);

BoringVaultManaged

event BoringVaultManaged(uint256 callsMade);

Paused

event Paused();

Unpaused

event Unpaused();

Errors

ManagerWithMerkleVerification__InvalidManageProofLength

error ManagerWithMerkleVerification__InvalidManageProofLength();

ManagerWithMerkleVerification__InvalidTargetDataLength

error ManagerWithMerkleVerification__InvalidTargetDataLength();

ManagerWithMerkleVerification__InvalidValuesLength

error ManagerWithMerkleVerification__InvalidValuesLength();

ManagerWithMerkleVerification__InvalidDecodersAndSanitizersLength

error ManagerWithMerkleVerification__InvalidDecodersAndSanitizersLength();

ManagerWithMerkleVerification__FlashLoanNotExecuted

error ManagerWithMerkleVerification__FlashLoanNotExecuted();

ManagerWithMerkleVerification__FlashLoanNotInProgress

error ManagerWithMerkleVerification__FlashLoanNotInProgress();

ManagerWithMerkleVerification__BadFlashLoanIntentHash

error ManagerWithMerkleVerification__BadFlashLoanIntentHash();

ManagerWithMerkleVerification__FailedToVerifyManageProof

error ManagerWithMerkleVerification__FailedToVerifyManageProof(address target, bytes targetData, uint256 value);

ManagerWithMerkleVerification__Paused

error ManagerWithMerkleVerification__Paused();

ManagerWithMerkleVerification__OnlyCallableByBoringVault

error ManagerWithMerkleVerification__OnlyCallableByBoringVault();

ManagerWithMerkleVerification__OnlyCallableByBalancerVault

error ManagerWithMerkleVerification__OnlyCallableByBalancerVault();

ManagerWithMerkleVerification__TotalSupplyMustRemainConstantDuringManagement

error ManagerWithMerkleVerification__TotalSupplyMustRemainConstantDuringManagement();