Recon Coverage Report

66% lib/chimera/src/CryticAsserts.sol

Lines covered: 8 / 12 (66%)

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

import {Asserts} from "./Asserts.sol";

contract CryticAsserts is Asserts {
    event Log(string);

    function gt(uint256 a, uint256 b, string memory reason) internal virtual override {
        if (!(a > b)) {
            emit Log(reason);
            assert(false);
        }
    }

    function gte(uint256 a, uint256 b, string memory reason) internal virtual override {
        if (!(a >= b)) {
            emit Log(reason);
            assert(false);
        }
    }

    function lt(uint256 a, uint256 b, string memory reason) internal virtual override {
        if (!(a < b)) {
            emit Log(reason);
            assert(false);
        }
    }

    function lte(uint256 a, uint256 b, string memory reason) internal virtual override {
        if (!(a <= b)) {
            emit Log(reason);
            assert(false);
        }
    }

    function eq(uint256 a, uint256 b, string memory reason) internal virtual override {
        if (!(a == b)) {
            emit Log(reason);
            assert(false);
        }
    }

    function t(bool b, string memory reason) internal virtual override {
        if (!b) {
            emit Log(reason);
            assert(false);
        }
    }

    function between(uint256 value, uint256 low, uint256 high) internal virtual override returns (uint256) {
        if (value < low || value > high) {
            uint256 ans = low + (value % (high - low + 1));
            return ans;
        }
        return value;
    }

    function between(int256 value, int256 low, int256 high) internal virtual override returns (int256) {
        if (value < low || value > high) {
            int256 range = high - low + 1;
            int256 clamped = (value - low) % (range);
            if (clamped < 0) clamped += range;
            int256 ans = low + clamped;
            return ans;
        }
        return value;
    }

    function precondition(bool p) internal virtual override {
        require(p);
    }
}

100% lib/chimera/src/Hevm.sol

Lines covered: 1 / 1 (100%)

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

// slither-disable-start shadowing-local

interface IHevm {
    // Set block.timestamp to newTimestamp
    function warp(uint256 newTimestamp) external;

    // Set block.number to newNumber
    function roll(uint256 newNumber) external;

    // Add the condition b to the assumption base for the current branch
    // This function is almost identical to require
    function assume(bool b) external;

    // Sets the eth balance of usr to amt
    function deal(address usr, uint256 amt) external;

    // Loads a storage slot from an address
    function load(address where, bytes32 slot) external returns (bytes32);

    // Stores a value to an address' storage slot
    function store(address where, bytes32 slot, bytes32 value) external;

    // Signs data (privateKey, digest) => (v, r, s)
    function sign(uint256 privateKey, bytes32 digest) external returns (uint8 v, bytes32 r, bytes32 s);

    // Gets address for a given private key
    function addr(uint256 privateKey) external returns (address addr);

    // Performs a foreign function call via terminal
    function ffi(string[] calldata inputs) external returns (bytes memory result);

    // Performs the next smart contract call with specified `msg.sender`
    function prank(address newSender) external;

    // Creates a new fork with the given endpoint and the latest block and returns the identifier of the fork
    function createFork(string calldata urlOrAlias) external returns (uint256);

    // Takes a fork identifier created by createFork and sets the corresponding forked state as active
    function selectFork(uint256 forkId) external;

    // Returns the identifier of the current fork
    function activeFork() external returns (uint256);

    // Labels the address in traces
    function label(address addr, string calldata label) external;

    /// Sets an address' code.
    function etch(address target, bytes calldata newRuntimeBytecode) external;
}

IHevm constant vm = IHevm(0x7109709ECfa91a80626fF3989D68f67F5b1DD12D);

// slither-disable-end shadowing-local

100% lib/forge-std/src/StdChains.sol

Lines covered: 1 / 1 (100%)

// SPDX-License-Identifier: MIT
pragma solidity >=0.6.2 <0.9.0;

import {VmSafe} from "./Vm.sol";

/**
 * StdChains provides information about EVM compatible chains that can be used in scripts/tests.
 * For each chain, the chain's name, chain ID, and a default RPC URL are provided. Chains are
 * identified by their alias, which is the same as the alias in the `[rpc_endpoints]` section of
 * the `foundry.toml` file. For best UX, ensure the alias in the `foundry.toml` file match the
 * alias used in this contract, which can be found as the first argument to the
 * `setChainWithDefaultRpcUrl` call in the `initializeStdChains` function.
 *
 * There are two main ways to use this contract:
 *   1. Set a chain with `setChain(string memory chainAlias, ChainData memory chain)` or
 *      `setChain(string memory chainAlias, Chain memory chain)`
 *   2. Get a chain with `getChain(string memory chainAlias)` or `getChain(uint256 chainId)`.
 *
 * The first time either of those are used, chains are initialized with the default set of RPC URLs.
 * This is done in `initializeStdChains`, which uses `setChainWithDefaultRpcUrl`. Defaults are recorded in
 * `defaultRpcUrls`.
 *
 * The `setChain` function is straightforward, and it simply saves off the given chain data.
 *
 * The `getChain` methods use `getChainWithUpdatedRpcUrl` to return a chain. For example, let's say
 * we want to retrieve the RPC URL for `mainnet`:
 *   - If you have specified data with `setChain`, it will return that.
 *   - If you have configured a mainnet RPC URL in `foundry.toml`, it will return the URL, provided it
 *     is valid (e.g. a URL is specified, or an environment variable is given and exists).
 *   - If neither of the above conditions is met, the default data is returned.
 *
 * Summarizing the above, the prioritization hierarchy is `setChain` -> `foundry.toml` -> environment variable -> defaults.
 */
abstract contract StdChains {
    VmSafe private constant vm = VmSafe(address(uint160(uint256(keccak256("hevm cheat code")))));

    bool private stdChainsInitialized;

    struct ChainData {
        string name;
        uint256 chainId;
        string rpcUrl;
    }

    struct Chain {
        // The chain name.
        string name;
        // The chain's Chain ID.
        uint256 chainId;
        // The chain's alias. (i.e. what gets specified in `foundry.toml`).
        string chainAlias;
        // A default RPC endpoint for this chain.
        // NOTE: This default RPC URL is included for convenience to facilitate quick tests and
        // experimentation. Do not use this RPC URL for production test suites, CI, or other heavy
        // usage as you will be throttled and this is a disservice to others who need this endpoint.
        string rpcUrl;
    }

    // Maps from the chain's alias (matching the alias in the `foundry.toml` file) to chain data.
    mapping(string => Chain) private chains;
    // Maps from the chain's alias to it's default RPC URL.
    mapping(string => string) private defaultRpcUrls;
    // Maps from a chain ID to it's alias.
    mapping(uint256 => string) private idToAlias;

    bool private fallbackToDefaultRpcUrls = true;

    // The RPC URL will be fetched from config or defaultRpcUrls if possible.
    function getChain(string memory chainAlias) internal virtual returns (Chain memory chain) {
        require(bytes(chainAlias).length != 0, "StdChains getChain(string): Chain alias cannot be the empty string.");

        initializeStdChains();
        chain = chains[chainAlias];
        require(
            chain.chainId != 0,
            string(abi.encodePacked("StdChains getChain(string): Chain with alias \"", chainAlias, "\" not found."))
        );

        chain = getChainWithUpdatedRpcUrl(chainAlias, chain);
    }

    function getChain(uint256 chainId) internal virtual returns (Chain memory chain) {
        require(chainId != 0, "StdChains getChain(uint256): Chain ID cannot be 0.");
        initializeStdChains();
        string memory chainAlias = idToAlias[chainId];

        chain = chains[chainAlias];

        require(
            chain.chainId != 0,
            string(abi.encodePacked("StdChains getChain(uint256): Chain with ID ", vm.toString(chainId), " not found."))
        );

        chain = getChainWithUpdatedRpcUrl(chainAlias, chain);
    }

    // set chain info, with priority to argument's rpcUrl field.
    function setChain(string memory chainAlias, ChainData memory chain) internal virtual {
        require(
            bytes(chainAlias).length != 0,
            "StdChains setChain(string,ChainData): Chain alias cannot be the empty string."
        );

        require(chain.chainId != 0, "StdChains setChain(string,ChainData): Chain ID cannot be 0.");

        initializeStdChains();
        string memory foundAlias = idToAlias[chain.chainId];

        require(
            bytes(foundAlias).length == 0 || keccak256(bytes(foundAlias)) == keccak256(bytes(chainAlias)),
            string(
                abi.encodePacked(
                    "StdChains setChain(string,ChainData): Chain ID ",
                    vm.toString(chain.chainId),
                    " already used by \"",
                    foundAlias,
                    "\"."
                )
            )
        );

        uint256 oldChainId = chains[chainAlias].chainId;
        delete idToAlias[oldChainId];

        chains[chainAlias] =
            Chain({name: chain.name, chainId: chain.chainId, chainAlias: chainAlias, rpcUrl: chain.rpcUrl});
        idToAlias[chain.chainId] = chainAlias;
    }

    // set chain info, with priority to argument's rpcUrl field.
    function setChain(string memory chainAlias, Chain memory chain) internal virtual {
        setChain(chainAlias, ChainData({name: chain.name, chainId: chain.chainId, rpcUrl: chain.rpcUrl}));
    }

    function _toUpper(string memory str) private pure returns (string memory) {
        bytes memory strb = bytes(str);
        bytes memory copy = new bytes(strb.length);
        for (uint256 i = 0; i < strb.length; i++) {
            bytes1 b = strb[i];
            if (b >= 0x61 && b <= 0x7A) {
                copy[i] = bytes1(uint8(b) - 32);
            } else {
                copy[i] = b;
            }
        }
        return string(copy);
    }

    // lookup rpcUrl, in descending order of priority:
    // current -> config (foundry.toml) -> environment variable -> default
    function getChainWithUpdatedRpcUrl(string memory chainAlias, Chain memory chain)
        private
        view
        returns (Chain memory)
    {
        if (bytes(chain.rpcUrl).length == 0) {
            try vm.rpcUrl(chainAlias) returns (string memory configRpcUrl) {
                chain.rpcUrl = configRpcUrl;
            } catch (bytes memory err) {
                string memory envName = string(abi.encodePacked(_toUpper(chainAlias), "_RPC_URL"));
                if (fallbackToDefaultRpcUrls) {
                    chain.rpcUrl = vm.envOr(envName, defaultRpcUrls[chainAlias]);
                } else {
                    chain.rpcUrl = vm.envString(envName);
                }
                // Distinguish 'not found' from 'cannot read'
                // The upstream error thrown by forge for failing cheats changed so we check both the old and new versions
                bytes memory oldNotFoundError =
                    abi.encodeWithSignature("CheatCodeError", string(abi.encodePacked("invalid rpc url ", chainAlias)));
                bytes memory newNotFoundError = abi.encodeWithSignature(
                    "CheatcodeError(string)", string(abi.encodePacked("invalid rpc url: ", chainAlias))
                );
                bytes32 errHash = keccak256(err);
                if (
                    (errHash != keccak256(oldNotFoundError) && errHash != keccak256(newNotFoundError))
                        || bytes(chain.rpcUrl).length == 0
                ) {
                    /// @solidity memory-safe-assembly
                    assembly {
                        revert(add(32, err), mload(err))
                    }
                }
            }
        }
        return chain;
    }

    function setFallbackToDefaultRpcUrls(bool useDefault) internal {
        fallbackToDefaultRpcUrls = useDefault;
    }

    function initializeStdChains() private {
        if (stdChainsInitialized) return;

        stdChainsInitialized = true;

        // If adding an RPC here, make sure to test the default RPC URL in `testRpcs`
        setChainWithDefaultRpcUrl("anvil", ChainData("Anvil", 31337, "http://127.0.0.1:8545"));
        setChainWithDefaultRpcUrl(
            "mainnet", ChainData("Mainnet", 1, "https://eth-mainnet.alchemyapi.io/v2/pwc5rmJhrdoaSEfimoKEmsvOjKSmPDrP")
        );
        setChainWithDefaultRpcUrl(
            "sepolia", ChainData("Sepolia", 11155111, "https://sepolia.infura.io/v3/b9794ad1ddf84dfb8c34d6bb5dca2001")
        );
        setChainWithDefaultRpcUrl("holesky", ChainData("Holesky", 17000, "https://rpc.holesky.ethpandaops.io"));
        setChainWithDefaultRpcUrl("optimism", ChainData("Optimism", 10, "https://mainnet.optimism.io"));
        setChainWithDefaultRpcUrl(
            "optimism_sepolia", ChainData("Optimism Sepolia", 11155420, "https://sepolia.optimism.io")
        );
        setChainWithDefaultRpcUrl("arbitrum_one", ChainData("Arbitrum One", 42161, "https://arb1.arbitrum.io/rpc"));
        setChainWithDefaultRpcUrl(
            "arbitrum_one_sepolia", ChainData("Arbitrum One Sepolia", 421614, "https://sepolia-rollup.arbitrum.io/rpc")
        );
        setChainWithDefaultRpcUrl("arbitrum_nova", ChainData("Arbitrum Nova", 42170, "https://nova.arbitrum.io/rpc"));
        setChainWithDefaultRpcUrl("polygon", ChainData("Polygon", 137, "https://polygon-rpc.com"));
        setChainWithDefaultRpcUrl(
            "polygon_amoy", ChainData("Polygon Amoy", 80002, "https://rpc-amoy.polygon.technology")
        );
        setChainWithDefaultRpcUrl("avalanche", ChainData("Avalanche", 43114, "https://api.avax.network/ext/bc/C/rpc"));
        setChainWithDefaultRpcUrl(
            "avalanche_fuji", ChainData("Avalanche Fuji", 43113, "https://api.avax-test.network/ext/bc/C/rpc")
        );
        setChainWithDefaultRpcUrl(
            "bnb_smart_chain", ChainData("BNB Smart Chain", 56, "https://bsc-dataseed1.binance.org")
        );
        setChainWithDefaultRpcUrl(
            "bnb_smart_chain_testnet",
            ChainData("BNB Smart Chain Testnet", 97, "https://rpc.ankr.com/bsc_testnet_chapel")
        );
        setChainWithDefaultRpcUrl("gnosis_chain", ChainData("Gnosis Chain", 100, "https://rpc.gnosischain.com"));
        setChainWithDefaultRpcUrl("moonbeam", ChainData("Moonbeam", 1284, "https://rpc.api.moonbeam.network"));
        setChainWithDefaultRpcUrl(
            "moonriver", ChainData("Moonriver", 1285, "https://rpc.api.moonriver.moonbeam.network")
        );
        setChainWithDefaultRpcUrl("moonbase", ChainData("Moonbase", 1287, "https://rpc.testnet.moonbeam.network"));
        setChainWithDefaultRpcUrl("base_sepolia", ChainData("Base Sepolia", 84532, "https://sepolia.base.org"));
        setChainWithDefaultRpcUrl("base", ChainData("Base", 8453, "https://mainnet.base.org"));
        setChainWithDefaultRpcUrl("fraxtal", ChainData("Fraxtal", 252, "https://rpc.frax.com"));
        setChainWithDefaultRpcUrl("fraxtal_testnet", ChainData("Fraxtal Testnet", 2522, "https://rpc.testnet.frax.com"));
    }

    // set chain info, with priority to chainAlias' rpc url in foundry.toml
    function setChainWithDefaultRpcUrl(string memory chainAlias, ChainData memory chain) private {
        string memory rpcUrl = chain.rpcUrl;
        defaultRpcUrls[chainAlias] = rpcUrl;
        chain.rpcUrl = "";
        setChain(chainAlias, chain);
        chain.rpcUrl = rpcUrl; // restore argument
    }
}

20% lib/forge-std/src/StdInvariant.sol

Lines covered: 4 / 20 (20%)

// SPDX-License-Identifier: MIT
pragma solidity >=0.6.2 <0.9.0;

pragma experimental ABIEncoderV2;

abstract contract StdInvariant {
    struct FuzzSelector {
        address addr;
        bytes4[] selectors;
    }

    struct FuzzArtifactSelector {
        string artifact;
        bytes4[] selectors;
    }

    struct FuzzInterface {
        address addr;
        string[] artifacts;
    }

    address[] private _excludedContracts;
    address[] private _excludedSenders;
    address[] private _targetedContracts;
    address[] private _targetedSenders;

    string[] private _excludedArtifacts;
    string[] private _targetedArtifacts;

    FuzzArtifactSelector[] private _targetedArtifactSelectors;

    FuzzSelector[] private _targetedSelectors;

    FuzzInterface[] private _targetedInterfaces;

    // Functions for users:
    // These are intended to be called in tests.

    function excludeContract(address newExcludedContract_) internal {
        _excludedContracts.push(newExcludedContract_);
    }

    function excludeSender(address newExcludedSender_) internal {
        _excludedSenders.push(newExcludedSender_);
    }

    function excludeArtifact(string memory newExcludedArtifact_) internal {
        _excludedArtifacts.push(newExcludedArtifact_);
    }

    function targetArtifact(string memory newTargetedArtifact_) internal {
        _targetedArtifacts.push(newTargetedArtifact_);
    }

    function targetArtifactSelector(FuzzArtifactSelector memory newTargetedArtifactSelector_) internal {
        _targetedArtifactSelectors.push(newTargetedArtifactSelector_);
    }

    function targetContract(address newTargetedContract_) internal {
        _targetedContracts.push(newTargetedContract_);
    }

    function targetSelector(FuzzSelector memory newTargetedSelector_) internal {
        _targetedSelectors.push(newTargetedSelector_);
    }

    function targetSender(address newTargetedSender_) internal {
        _targetedSenders.push(newTargetedSender_);
    }

    function targetInterface(FuzzInterface memory newTargetedInterface_) internal {
        _targetedInterfaces.push(newTargetedInterface_);
    }

    // Functions for forge:
    // These are called by forge to run invariant tests and don't need to be called in tests.

    function excludeArtifacts() public view returns (string[] memory excludedArtifacts_) {
        excludedArtifacts_ = _excludedArtifacts;
    }

    function excludeContracts() public view returns (address[] memory excludedContracts_) {
        excludedContracts_ = _excludedContracts;
    }

    function excludeSenders() public view returns (address[] memory excludedSenders_) {
        excludedSenders_ = _excludedSenders;
    }

    function targetArtifacts() public view returns (string[] memory targetedArtifacts_) {
        targetedArtifacts_ = _targetedArtifacts;
    }

    function targetArtifactSelectors() public view returns (FuzzArtifactSelector[] memory targetedArtifactSelectors_) {
        targetedArtifactSelectors_ = _targetedArtifactSelectors;
    }

    function targetContracts() public view returns (address[] memory targetedContracts_) {
        targetedContracts_ = _targetedContracts;
    }

    function targetSelectors() public view returns (FuzzSelector[] memory targetedSelectors_) {
        targetedSelectors_ = _targetedSelectors;
    }

    function targetSenders() public view returns (address[] memory targetedSenders_) {
        targetedSenders_ = _targetedSenders;
    }

    function targetInterfaces() public view returns (FuzzInterface[] memory targetedInterfaces_) {
        targetedInterfaces_ = _targetedInterfaces;
    }
}

100% lib/forge-std/src/Test.sol

Lines covered: 1 / 1 (100%)

// SPDX-License-Identifier: MIT
pragma solidity >=0.6.2 <0.9.0;

pragma experimental ABIEncoderV2;

// 💬 ABOUT
// Forge Std's default Test.

// 🧩 MODULES
import {console} from "./console.sol";
import {console2} from "./console2.sol";
import {safeconsole} from "./safeconsole.sol";
import {StdAssertions} from "./StdAssertions.sol";
import {StdChains} from "./StdChains.sol";
import {StdCheats} from "./StdCheats.sol";
import {stdError} from "./StdError.sol";
import {StdInvariant} from "./StdInvariant.sol";
import {stdJson} from "./StdJson.sol";
import {stdMath} from "./StdMath.sol";
import {StdStorage, stdStorage} from "./StdStorage.sol";
import {StdStyle} from "./StdStyle.sol";
import {stdToml} from "./StdToml.sol";
import {StdUtils} from "./StdUtils.sol";
import {Vm} from "./Vm.sol";

// 📦 BOILERPLATE
import {TestBase} from "./Base.sol";

// ⭐️ TEST
abstract contract Test is TestBase, StdAssertions, StdChains, StdCheats, StdInvariant, StdUtils {
    // Note: IS_TEST() must return true.
    bool public IS_TEST = true;
}

42% lib/forge-std/src/mocks/MockERC20.sol

Lines covered: 34 / 80 (42%)

// SPDX-License-Identifier: MIT
pragma solidity >=0.6.2 <0.9.0;

import {IERC20} from "../interfaces/IERC20.sol";

/// @notice This is a mock contract of the ERC20 standard for testing purposes only, it SHOULD NOT be used in production.
/// @dev Forked from: https://github.com/transmissions11/solmate/blob/0384dbaaa4fcb5715738a9254a7c0a4cb62cf458/src/tokens/ERC20.sol
contract MockERC20 is IERC20 {
    /*//////////////////////////////////////////////////////////////
                            METADATA STORAGE
    //////////////////////////////////////////////////////////////*/

    string internal _name;

    string internal _symbol;

    uint8 internal _decimals;

    function name() external view override returns (string memory) {
        return _name;
    }

    function symbol() external view override returns (string memory) {
        return _symbol;
    }

    function decimals() external view override returns (uint8) {
        return _decimals;
    }

    /*//////////////////////////////////////////////////////////////
                              ERC20 STORAGE
    //////////////////////////////////////////////////////////////*/

    uint256 internal _totalSupply;

    mapping(address => uint256) internal _balanceOf;

    mapping(address => mapping(address => uint256)) internal _allowance;

    function totalSupply() external view override returns (uint256) {
        return _totalSupply;
    }

    function balanceOf(address owner) external view override returns (uint256) {
        return _balanceOf[owner];
    }

    function allowance(address owner, address spender) external view override returns (uint256) {
        return _allowance[owner][spender];
    }

    /*//////////////////////////////////////////////////////////////
                            EIP-2612 STORAGE
    //////////////////////////////////////////////////////////////*/

    uint256 internal INITIAL_CHAIN_ID;

    bytes32 internal INITIAL_DOMAIN_SEPARATOR;

    mapping(address => uint256) public nonces;

    /*//////////////////////////////////////////////////////////////
                               INITIALIZE
    //////////////////////////////////////////////////////////////*/

    /// @dev A bool to track whether the contract has been initialized.
    bool private initialized;

    /// @dev To hide constructor warnings across solc versions due to different constructor visibility requirements and
    /// syntaxes, we add an initialization function that can be called only once.
    function initialize(string memory name_, string memory symbol_, uint8 decimals_) public {
        require(!initialized, "ALREADY_INITIALIZED");

        _name = name_;
        _symbol = symbol_;
        _decimals = decimals_;

        INITIAL_CHAIN_ID = _pureChainId();
        INITIAL_DOMAIN_SEPARATOR = computeDomainSeparator();

        initialized = true;
    }

    /*//////////////////////////////////////////////////////////////
                               ERC20 LOGIC
    //////////////////////////////////////////////////////////////*/

    function approve(address spender, uint256 amount) public virtual override returns (bool) {
        _allowance[msg.sender][spender] = amount;

        emit Approval(msg.sender, spender, amount);

        return true;
    }

    function transfer(address to, uint256 amount) public virtual override returns (bool) {
        _balanceOf[msg.sender] = _sub(_balanceOf[msg.sender], amount);
        _balanceOf[to] = _add(_balanceOf[to], amount);

        emit Transfer(msg.sender, to, amount);

        return true;
    }

    function transferFrom(address from, address to, uint256 amount) public virtual override returns (bool) {
        uint256 allowed = _allowance[from][msg.sender]; // Saves gas for limited approvals.

        if (allowed != ~uint256(0)) _allowance[from][msg.sender] = _sub(allowed, amount);

        _balanceOf[from] = _sub(_balanceOf[from], amount);
        _balanceOf[to] = _add(_balanceOf[to], amount);

        emit Transfer(from, to, amount);

        return true;
    }

    /*//////////////////////////////////////////////////////////////
                             EIP-2612 LOGIC
    //////////////////////////////////////////////////////////////*/

    function permit(address owner, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s)
        public
        virtual
    {
        require(deadline >= block.timestamp, "PERMIT_DEADLINE_EXPIRED");

        address recoveredAddress = ecrecover(
            keccak256(
                abi.encodePacked(
                    "\x19\x01",
                    DOMAIN_SEPARATOR(),
                    keccak256(
                        abi.encode(
                            keccak256(
                                "Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)"
                            ),
                            owner,
                            spender,
                            value,
                            nonces[owner]++,
                            deadline
                        )
                    )
                )
            ),
            v,
            r,
            s
        );

        require(recoveredAddress != address(0) && recoveredAddress == owner, "INVALID_SIGNER");

        _allowance[recoveredAddress][spender] = value;

        emit Approval(owner, spender, value);
    }

    function DOMAIN_SEPARATOR() public view virtual returns (bytes32) {
        return _pureChainId() == INITIAL_CHAIN_ID ? INITIAL_DOMAIN_SEPARATOR : computeDomainSeparator();
    }

    function computeDomainSeparator() internal view virtual returns (bytes32) {
        return keccak256(
            abi.encode(
                keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"),
                keccak256(bytes(_name)),
                keccak256("1"),
                _pureChainId(),
                address(this)
            )
        );
    }

    /*//////////////////////////////////////////////////////////////
                        INTERNAL MINT/BURN LOGIC
    //////////////////////////////////////////////////////////////*/

    function _mint(address to, uint256 amount) internal virtual {
        _totalSupply = _add(_totalSupply, amount);
        _balanceOf[to] = _add(_balanceOf[to], amount);

        emit Transfer(address(0), to, amount);
    }

    function _burn(address from, uint256 amount) internal virtual {
        _balanceOf[from] = _sub(_balanceOf[from], amount);
        _totalSupply = _sub(_totalSupply, amount);

        emit Transfer(from, address(0), amount);
    }

    /*//////////////////////////////////////////////////////////////
                        INTERNAL SAFE MATH LOGIC
    //////////////////////////////////////////////////////////////*/

    function _add(uint256 a, uint256 b) internal pure returns (uint256) {
        uint256 c = a + b;
        require(c >= a, "ERC20: addition overflow");
        return c;
    }

    function _sub(uint256 a, uint256 b) internal pure returns (uint256) {
        require(a >= b, "ERC20: subtraction underflow");
        return a - b;
    }

    /*//////////////////////////////////////////////////////////////
                                HELPERS
    //////////////////////////////////////////////////////////////*/

    // We use this complex approach of `_viewChainId` and `_pureChainId` to ensure there are no
    // compiler warnings when accessing chain ID in any solidity version supported by forge-std. We
    // can't simply access the chain ID in a normal view or pure function because the solc View Pure
    // Checker changed `chainid` from pure to view in 0.8.0.
    function _viewChainId() private view returns (uint256 chainId) {
        // Assembly required since `block.chainid` was introduced in 0.8.0.
        assembly {
            chainId := chainid()
        }

        address(this); // Silence warnings in older Solc versions.
    }

    function _pureChainId() private pure returns (uint256 chainId) {
        function() internal view returns (uint256) fnIn = _viewChainId;
        function() internal pure returns (uint256) pureChainId;
        assembly {
            pureChainId := fnIn
        }
        chainId = pureChainId();
    }
}

94% lib/openzeppelin-contracts/contracts/proxy/Clones.sol

Lines covered: 18 / 19 (94%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (proxy/Clones.sol)

pragma solidity ^0.8.20;

/**
 * @dev https://eips.ethereum.org/EIPS/eip-1167[EIP 1167] is a standard for
 * deploying minimal proxy contracts, also known as "clones".
 *
 * > To simply and cheaply clone contract functionality in an immutable way, this standard specifies
 * > a minimal bytecode implementation that delegates all calls to a known, fixed address.
 *
 * The library includes functions to deploy a proxy using either `create` (traditional deployment) or `create2`
 * (salted deterministic deployment). It also includes functions to predict the addresses of clones deployed using the
 * deterministic method.
 */
library Clones {
    /**
     * @dev A clone instance deployment failed.
     */
    error ERC1167FailedCreateClone();

    /**
     * @dev Deploys and returns the address of a clone that mimics the behaviour of `implementation`.
     *
     * This function uses the create opcode, which should never revert.
     */
    function clone(address implementation) internal returns (address instance) {
        /// @solidity memory-safe-assembly
        assembly {
            // Cleans the upper 96 bits of the `implementation` word, then packs the first 3 bytes
            // of the `implementation` address with the bytecode before the address.
            mstore(0x00, or(shr(0xe8, shl(0x60, implementation)), 0x3d602d80600a3d3981f3363d3d373d3d3d363d73000000))
            // Packs the remaining 17 bytes of `implementation` with the bytecode after the address.
            mstore(0x20, or(shl(0x78, implementation), 0x5af43d82803e903d91602b57fd5bf3))
            instance := create(0, 0x09, 0x37)
        }
        if (instance == address(0)) {
            revert ERC1167FailedCreateClone();
        }
    }

    /**
     * @dev Deploys and returns the address of a clone that mimics the behaviour of `implementation`.
     *
     * This function uses the create2 opcode and a `salt` to deterministically deploy
     * the clone. Using the same `implementation` and `salt` multiple time will revert, since
     * the clones cannot be deployed twice at the same address.
     */
    function cloneDeterministic(address implementation, bytes32 salt) internal returns (address instance) {
        /// @solidity memory-safe-assembly
        assembly {
            // Cleans the upper 96 bits of the `implementation` word, then packs the first 3 bytes
            // of the `implementation` address with the bytecode before the address.
            mstore(0x00, or(shr(0xe8, shl(0x60, implementation)), 0x3d602d80600a3d3981f3363d3d373d3d3d363d73000000))
            // Packs the remaining 17 bytes of `implementation` with the bytecode after the address.
            mstore(0x20, or(shl(0x78, implementation), 0x5af43d82803e903d91602b57fd5bf3))
            instance := create2(0, 0x09, 0x37, salt)
        }
        if (instance == address(0)) {
            revert ERC1167FailedCreateClone();
        }
    }

    /**
     * @dev Computes the address of a clone deployed using {Clones-cloneDeterministic}.
     */
    function predictDeterministicAddress(
        address implementation,
        bytes32 salt,
        address deployer
    ) internal pure returns (address predicted) {
        /// @solidity memory-safe-assembly
        assembly {
            let ptr := mload(0x40)
            mstore(add(ptr, 0x38), deployer)
            mstore(add(ptr, 0x24), 0x5af43d82803e903d91602b57fd5bf3ff)
            mstore(add(ptr, 0x14), implementation)
            mstore(ptr, 0x3d602d80600a3d3981f3363d3d373d3d3d363d73)
            mstore(add(ptr, 0x58), salt)
            mstore(add(ptr, 0x78), keccak256(add(ptr, 0x0c), 0x37))
            predicted := keccak256(add(ptr, 0x43), 0x55)
        }
    }

    /**
     * @dev Computes the address of a clone deployed using {Clones-cloneDeterministic}.
     */
    function predictDeterministicAddress(
        address implementation,
        bytes32 salt
    ) internal view returns (address predicted) {
        return predictDeterministicAddress(implementation, salt, address(this));
    }
}

77% lib/openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol

Lines covered: 7 / 9 (77%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/utils/SafeERC20.sol)

pragma solidity ^0.8.20;

import {IERC20} from "../IERC20.sol";
import {IERC20Permit} from "../extensions/IERC20Permit.sol";
import {Address} from "../../../utils/Address.sol";

/**
 * @title SafeERC20
 * @dev Wrappers around ERC20 operations that throw on failure (when the token
 * contract returns false). Tokens that return no value (and instead revert or
 * throw on failure) are also supported, non-reverting calls are assumed to be
 * successful.
 * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
 * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
 */
library SafeERC20 {
    using Address for address;

    /**
     * @dev An operation with an ERC20 token failed.
     */
    error SafeERC20FailedOperation(address token);

    /**
     * @dev Indicates a failed `decreaseAllowance` request.
     */
    error SafeERC20FailedDecreaseAllowance(address spender, uint256 currentAllowance, uint256 requestedDecrease);

    /**
     * @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,
     * non-reverting calls are assumed to be successful.
     */
    function safeTransfer(IERC20 token, address to, uint256 value) internal {
        _callOptionalReturn(token, abi.encodeCall(token.transfer, (to, value)));
    }

    /**
     * @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the
     * calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.
     */
    function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {
        _callOptionalReturn(token, abi.encodeCall(token.transferFrom, (from, to, value)));
    }

    /**
     * @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
     * non-reverting calls are assumed to be successful.
     */
    function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {
        uint256 oldAllowance = token.allowance(address(this), spender);
        forceApprove(token, spender, oldAllowance + value);
    }

    /**
     * @dev Decrease the calling contract's allowance toward `spender` by `requestedDecrease`. If `token` returns no
     * value, non-reverting calls are assumed to be successful.
     */
    function safeDecreaseAllowance(IERC20 token, address spender, uint256 requestedDecrease) internal {
        unchecked {
            uint256 currentAllowance = token.allowance(address(this), spender);
            if (currentAllowance < requestedDecrease) {
                revert SafeERC20FailedDecreaseAllowance(spender, currentAllowance, requestedDecrease);
            }
            forceApprove(token, spender, currentAllowance - requestedDecrease);
        }
    }

    /**
     * @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,
     * non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval
     * to be set to zero before setting it to a non-zero value, such as USDT.
     */
    function forceApprove(IERC20 token, address spender, uint256 value) internal {
        bytes memory approvalCall = abi.encodeCall(token.approve, (spender, value));

        if (!_callOptionalReturnBool(token, approvalCall)) {
            _callOptionalReturn(token, abi.encodeCall(token.approve, (spender, 0)));
            _callOptionalReturn(token, approvalCall);
        }
    }

    /**
     * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
     * on the return value: the return value is optional (but if data is returned, it must not be false).
     * @param token The token targeted by the call.
     * @param data The call data (encoded using abi.encode or one of its variants).
     */
    function _callOptionalReturn(IERC20 token, bytes memory data) private {
        // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
        // we're implementing it ourselves. We use {Address-functionCall} to perform this call, which verifies that
        // the target address contains contract code and also asserts for success in the low-level call.

        bytes memory returndata = address(token).functionCall(data);
        if (returndata.length != 0 && !abi.decode(returndata, (bool))) {
            revert SafeERC20FailedOperation(address(token));
        }
    }

    /**
     * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
     * on the return value: the return value is optional (but if data is returned, it must not be false).
     * @param token The token targeted by the call.
     * @param data The call data (encoded using abi.encode or one of its variants).
     *
     * This is a variant of {_callOptionalReturn} that silents catches all reverts and returns a bool instead.
     */
    function _callOptionalReturnBool(IERC20 token, bytes memory data) private returns (bool) {
        // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
        // we're implementing it ourselves. We cannot use {Address-functionCall} here since this should return false
        // and not revert is the subcall reverts.

        (bool success, bytes memory returndata) = address(token).call(data);
        return success && (returndata.length == 0 || abi.decode(returndata, (bool))) && address(token).code.length > 0;
    }
}

80% lib/openzeppelin-contracts/contracts/utils/Address.sol

Lines covered: 16 / 20 (80%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/Address.sol)

pragma solidity ^0.8.20;

/**
 * @dev Collection of functions related to the address type
 */
library Address {
    /**
     * @dev The ETH balance of the account is not enough to perform the operation.
     */
    error AddressInsufficientBalance(address account);

    /**
     * @dev There's no code at `target` (it is not a contract).
     */
    error AddressEmptyCode(address target);

    /**
     * @dev A call to an address target failed. The target may have reverted.
     */
    error FailedInnerCall();

    /**
     * @dev Replacement for Solidity's `transfer`: sends `amount` wei to
     * `recipient`, forwarding all available gas and reverting on errors.
     *
     * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
     * of certain opcodes, possibly making contracts go over the 2300 gas limit
     * imposed by `transfer`, making them unable to receive funds via
     * `transfer`. {sendValue} removes this limitation.
     *
     * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
     *
     * IMPORTANT: because control is transferred to `recipient`, care must be
     * taken to not create reentrancy vulnerabilities. Consider using
     * {ReentrancyGuard} or the
     * https://solidity.readthedocs.io/en/v0.8.20/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
     */
    function sendValue(address payable recipient, uint256 amount) internal {
        if (address(this).balance < amount) {
            revert AddressInsufficientBalance(address(this));
        }

        (bool success, ) = recipient.call{value: amount}("");
        if (!success) {
            revert FailedInnerCall();
        }
    }

    /**
     * @dev Performs a Solidity function call using a low level `call`. A
     * plain `call` is an unsafe replacement for a function call: use this
     * function instead.
     *
     * If `target` reverts with a revert reason or custom error, it is bubbled
     * up by this function (like regular Solidity function calls). However, if
     * the call reverted with no returned reason, this function reverts with a
     * {FailedInnerCall} error.
     *
     * Returns the raw returned data. To convert to the expected return value,
     * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
     *
     * Requirements:
     *
     * - `target` must be a contract.
     * - calling `target` with `data` must not revert.
     */
    function functionCall(address target, bytes memory data) internal returns (bytes memory) {
        return functionCallWithValue(target, data, 0);
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
     * but also transferring `value` wei to `target`.
     *
     * Requirements:
     *
     * - the calling contract must have an ETH balance of at least `value`.
     * - the called Solidity function must be `payable`.
     */
    function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
        if (address(this).balance < value) {
            revert AddressInsufficientBalance(address(this));
        }
        (bool success, bytes memory returndata) = target.call{value: value}(data);
        return verifyCallResultFromTarget(target, success, returndata);
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
     * but performing a static call.
     */
    function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
        (bool success, bytes memory returndata) = target.staticcall(data);
        return verifyCallResultFromTarget(target, success, returndata);
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
     * but performing a delegate call.
     */
    function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
        (bool success, bytes memory returndata) = target.delegatecall(data);
        return verifyCallResultFromTarget(target, success, returndata);
    }

    /**
     * @dev Tool to verify that a low level call to smart-contract was successful, and reverts if the target
     * was not a contract or bubbling up the revert reason (falling back to {FailedInnerCall}) in case of an
     * unsuccessful call.
     */
    function verifyCallResultFromTarget(
        address target,
        bool success,
        bytes memory returndata
    ) internal view returns (bytes memory) {
        if (!success) {
            _revert(returndata);
        } else {
            // only check if target is a contract if the call was successful and the return data is empty
            // otherwise we already know that it was a contract
            if (returndata.length == 0 && target.code.length == 0) {
                revert AddressEmptyCode(target);
            }
            return returndata;
        }
    }

    /**
     * @dev Tool to verify that a low level call was successful, and reverts if it wasn't, either by bubbling the
     * revert reason or with a default {FailedInnerCall} error.
     */
    function verifyCallResult(bool success, bytes memory returndata) internal pure returns (bytes memory) {
        if (!success) {
            _revert(returndata);
        } else {
            return returndata;
        }
    }

    /**
     * @dev Reverts with returndata if present. Otherwise reverts with {FailedInnerCall}.
     */
    function _revert(bytes memory returndata) private pure {
        // Look for revert reason and bubble it up if present
        if (returndata.length > 0) {
            // The easiest way to bubble the revert reason is using memory via assembly
            /// @solidity memory-safe-assembly
            assembly {
                let returndata_size := mload(returndata)
                revert(add(32, returndata), returndata_size)
            }
        } else {
            revert FailedInnerCall();
        }
    }
}

83% lib/openzeppelin-contracts/contracts/utils/ReentrancyGuard.sol

Lines covered: 10 / 12 (83%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/ReentrancyGuard.sol)

pragma solidity ^0.8.20;

/**
 * @dev Contract module that helps prevent reentrant calls to a function.
 *
 * Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier
 * available, which can be applied to functions to make sure there are no nested
 * (reentrant) calls to them.
 *
 * Note that because there is a single `nonReentrant` guard, functions marked as
 * `nonReentrant` may not call one another. This can be worked around by making
 * those functions `private`, and then adding `external` `nonReentrant` entry
 * points to them.
 *
 * TIP: If you would like to learn more about reentrancy and alternative ways
 * to protect against it, check out our blog post
 * https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul].
 */
abstract contract ReentrancyGuard {
    // Booleans are more expensive than uint256 or any type that takes up a full
    // word because each write operation emits an extra SLOAD to first read the
    // slot's contents, replace the bits taken up by the boolean, and then write
    // back. This is the compiler's defense against contract upgrades and
    // pointer aliasing, and it cannot be disabled.

    // The values being non-zero value makes deployment a bit more expensive,
    // but in exchange the refund on every call to nonReentrant will be lower in
    // amount. Since refunds are capped to a percentage of the total
    // transaction's gas, it is best to keep them low in cases like this one, to
    // increase the likelihood of the full refund coming into effect.
    uint256 private constant NOT_ENTERED = 1;
    uint256 private constant ENTERED = 2;

    uint256 private _status;

    /**
     * @dev Unauthorized reentrant call.
     */
    error ReentrancyGuardReentrantCall();

    constructor() {
        _status = NOT_ENTERED;
    }

    /**
     * @dev Prevents a contract from calling itself, directly or indirectly.
     * Calling a `nonReentrant` function from another `nonReentrant`
     * function is not supported. It is possible to prevent this from happening
     * by making the `nonReentrant` function external, and making it call a
     * `private` function that does the actual work.
     */
    modifier nonReentrant() {
        _nonReentrantBefore();
        _;
        _nonReentrantAfter();
    }

    function _nonReentrantBefore() private {
        // On the first call to nonReentrant, _status will be NOT_ENTERED
        if (_status == ENTERED) {
            revert ReentrancyGuardReentrantCall();
        }

        // Any calls to nonReentrant after this point will fail
        _status = ENTERED;
    }

    function _nonReentrantAfter() private {
        // By storing the original value once again, a refund is triggered (see
        // https://eips.ethereum.org/EIPS/eip-2200)
        _status = NOT_ENTERED;
    }

    /**
     * @dev Returns true if the reentrancy guard is currently set to "entered", which indicates there is a
     * `nonReentrant` function in the call stack.
     */
    function _reentrancyGuardEntered() internal view returns (bool) {
        return _status == ENTERED;
    }
}

73% src/BribeInitiative.sol

Lines covered: 76 / 104 (73%)

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;

import {IERC20} from "openzeppelin-contracts/contracts/interfaces/IERC20.sol";
import {SafeERC20} from "openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol";

import {IGovernance} from "./interfaces/IGovernance.sol";
import {IInitiative} from "./interfaces/IInitiative.sol";
import {IBribeInitiative} from "./interfaces/IBribeInitiative.sol";

import {DoubleLinkedList} from "./utils/DoubleLinkedList.sol";

contract BribeInitiative is IInitiative, IBribeInitiative {
    using SafeERC20 for IERC20;
    using DoubleLinkedList for DoubleLinkedList.List;

    /// @inheritdoc IBribeInitiative
    IGovernance public immutable governance;
    /// @inheritdoc IBribeInitiative
    IERC20 public immutable bold;
    /// @inheritdoc IBribeInitiative
    IERC20 public immutable bribeToken;

    /// @inheritdoc IBribeInitiative
    mapping(uint16 => Bribe) public bribeByEpoch;
    /// @inheritdoc IBribeInitiative
    mapping(address => mapping(uint16 => bool)) public claimedBribeAtEpoch;

    /// Double linked list of the total LQTY allocated at a given epoch
    DoubleLinkedList.List internal totalLQTYAllocationByEpoch;
    /// Double linked list of LQTY allocated by a user at a given epoch
    mapping(address => DoubleLinkedList.List) internal lqtyAllocationByUserAtEpoch;

    constructor(address _governance, address _bold, address _bribeToken) {
        governance = IGovernance(_governance);
        bold = IERC20(_bold);
        bribeToken = IERC20(_bribeToken);
    }

    modifier onlyGovernance() {
        require(msg.sender == address(governance), "BribeInitiative: invalid-sender");
        _;
    }

    /// @inheritdoc IBribeInitiative
    function totalLQTYAllocatedByEpoch(uint16 _epoch) external view returns (uint88) {
        return totalLQTYAllocationByEpoch.getValue(_epoch);
    }

    /// @inheritdoc IBribeInitiative
    function lqtyAllocatedByUserAtEpoch(address _user, uint16 _epoch) external view returns (uint88) {
        return lqtyAllocationByUserAtEpoch[_user].getValue(_epoch);
    }

    /// @inheritdoc IBribeInitiative
    function depositBribe(uint128 _boldAmount, uint128 _bribeTokenAmount, uint16 _epoch) external {
        bold.safeTransferFrom(msg.sender, address(this), _boldAmount);
        bribeToken.safeTransferFrom(msg.sender, address(this), _bribeTokenAmount);

        uint16 epoch = governance.epoch();
        require(_epoch > epoch, "BribeInitiative: only-future-epochs");

        Bribe memory bribe = bribeByEpoch[_epoch];
        bribe.boldAmount += _boldAmount;
        bribe.bribeTokenAmount += _bribeTokenAmount;
        bribeByEpoch[_epoch] = bribe;

        emit DepositBribe(msg.sender, _boldAmount, _bribeTokenAmount, _epoch);
    }

    function _claimBribe(
        address _user,
        uint16 _epoch,
        uint16 _prevLQTYAllocationEpoch,
        uint16 _prevTotalLQTYAllocationEpoch
    ) internal returns (uint256 boldAmount, uint256 bribeTokenAmount) {
        require(_epoch != governance.epoch(), "BribeInitiative: cannot-claim-for-current-epoch");
        require(!claimedBribeAtEpoch[_user][_epoch], "BribeInitiative: already-claimed");

        Bribe memory bribe = bribeByEpoch[_epoch];
        require(bribe.boldAmount != 0 || bribe.bribeTokenAmount != 0, "BribeInitiative: no-bribe");

        DoubleLinkedList.Item memory lqtyAllocation =
            lqtyAllocationByUserAtEpoch[_user].getItem(_prevLQTYAllocationEpoch);

        require(
            lqtyAllocation.value != 0 && _prevLQTYAllocationEpoch <= _epoch
                && (lqtyAllocation.next > _epoch || lqtyAllocation.next == 0),
            "BribeInitiative: invalid-prev-lqty-allocation-epoch"
        );
        DoubleLinkedList.Item memory totalLQTYAllocation =
            totalLQTYAllocationByEpoch.getItem(_prevTotalLQTYAllocationEpoch);
        require(
            totalLQTYAllocation.value != 0 && _prevTotalLQTYAllocationEpoch <= _epoch
                && (totalLQTYAllocation.next > _epoch || totalLQTYAllocation.next == 0),
            "BribeInitiative: invalid-prev-total-lqty-allocation-epoch"
        );

        boldAmount = uint256(bribe.boldAmount) * uint256(lqtyAllocation.value) / uint256(totalLQTYAllocation.value);
        bribeTokenAmount =
            uint256(bribe.bribeTokenAmount) * uint256(lqtyAllocation.value) / uint256(totalLQTYAllocation.value);

        claimedBribeAtEpoch[_user][_epoch] = true;

        emit ClaimBribe(_user, _epoch, boldAmount, bribeTokenAmount);
    }

    /// @inheritdoc IBribeInitiative
    function claimBribes(ClaimData[] calldata _claimData)
        external
        returns (uint256 boldAmount, uint256 bribeTokenAmount)
    {
        for (uint256 i = 0; i < _claimData.length; i++) {
            ClaimData memory claimData = _claimData[i];
            (uint256 boldAmount_, uint256 bribeTokenAmount_) = _claimBribe(
                msg.sender, claimData.epoch, claimData.prevLQTYAllocationEpoch, claimData.prevTotalLQTYAllocationEpoch
            );
            boldAmount += boldAmount_;
            bribeTokenAmount += bribeTokenAmount_;
        }

        if (boldAmount != 0) bold.safeTransfer(msg.sender, boldAmount);
        if (bribeTokenAmount != 0) bribeToken.safeTransfer(msg.sender, bribeTokenAmount);
    }

    /// @inheritdoc IInitiative
    function onRegisterInitiative(uint16) external virtual override onlyGovernance {}

    /// @inheritdoc IInitiative
    function onUnregisterInitiative(uint16) external virtual override onlyGovernance {}

    function _setTotalLQTYAllocationByEpoch(uint16 _epoch, uint88 _value, bool _insert) private {
        if (_insert) {
            totalLQTYAllocationByEpoch.insert(_epoch, _value, 0);
        } else {
            totalLQTYAllocationByEpoch.items[_epoch].value = _value;
        }
        emit ModifyTotalLQTYAllocation(_epoch, _value);
    }

    function _setLQTYAllocationByUserAtEpoch(address _user, uint16 _epoch, uint88 _value, bool _insert) private {
        if (_insert) {
            lqtyAllocationByUserAtEpoch[_user].insert(_epoch, _value, 0);
        } else {
            lqtyAllocationByUserAtEpoch[_user].items[_epoch].value = _value;
        }
        emit ModifyLQTYAllocation(_user, _epoch, _value);
    }

    /// @inheritdoc IInitiative
    function onAfterAllocateLQTY(uint16 _currentEpoch, address _user, uint88 _voteLQTY, uint88 _vetoLQTY)
        external
        virtual
        onlyGovernance
    {
        uint16 mostRecentUserEpoch = lqtyAllocationByUserAtEpoch[_user].getHead();

        if (_currentEpoch == 0) return;

        // if this is the first user allocation in the epoch, then insert a new item into the user allocation DLL
        if (mostRecentUserEpoch != _currentEpoch) {
            uint88 prevVoteLQTY = lqtyAllocationByUserAtEpoch[_user].items[mostRecentUserEpoch].value;
            uint88 newVoteLQTY = (_vetoLQTY == 0) ? _voteLQTY : 0;
            uint16 mostRecentTotalEpoch = totalLQTYAllocationByEpoch.getHead();
            // if this is the first allocation in the epoch, then insert a new item into the total allocation DLL
            if (mostRecentTotalEpoch != _currentEpoch) {
                uint88 prevTotalLQTYAllocation = totalLQTYAllocationByEpoch.items[mostRecentTotalEpoch].value;
                if (_vetoLQTY == 0) {
                    // no veto to no veto
                    _setTotalLQTYAllocationByEpoch(
                        _currentEpoch, prevTotalLQTYAllocation + newVoteLQTY - prevVoteLQTY, true
                    );
                } else {
                    if (prevVoteLQTY != 0) {
                        // if the prev user allocation was counted in, then remove the prev user allocation from the
                        // total allocation (no veto to veto)
                        _setTotalLQTYAllocationByEpoch(_currentEpoch, prevTotalLQTYAllocation - prevVoteLQTY, true);
                    } else {
                        // veto to veto
                        _setTotalLQTYAllocationByEpoch(_currentEpoch, prevTotalLQTYAllocation, true);
                    }
                }
            } else {
                if (_vetoLQTY == 0) {
                    // no veto to no veto
                    _setTotalLQTYAllocationByEpoch(
                        _currentEpoch,
                        totalLQTYAllocationByEpoch.items[_currentEpoch].value + newVoteLQTY - prevVoteLQTY,
                        false
                    );
                } else if (prevVoteLQTY != 0) {
                    // no veto to veto
                    _setTotalLQTYAllocationByEpoch(
                        _currentEpoch, totalLQTYAllocationByEpoch.items[_currentEpoch].value - prevVoteLQTY, false
                    );
                }
            }
            // insert a new item into the user allocation DLL
            _setLQTYAllocationByUserAtEpoch(_user, _currentEpoch, newVoteLQTY, true);
        } else {
            uint88 prevVoteLQTY = lqtyAllocationByUserAtEpoch[_user].getItem(_currentEpoch).value;
            if (_vetoLQTY == 0) {
                // update the allocation for the current epoch by adding the new allocation and subtracting
                // the previous one (no veto to no veto)
                _setTotalLQTYAllocationByEpoch(
                    _currentEpoch,
                    totalLQTYAllocationByEpoch.items[_currentEpoch].value + _voteLQTY - prevVoteLQTY,
                    false
                );
                _setLQTYAllocationByUserAtEpoch(_user, _currentEpoch, _voteLQTY, false);
            } else {
                // if the user vetoed the initiative, subtract the allocation from the DLLs (no veto to veto)
                _setTotalLQTYAllocationByEpoch(
                    _currentEpoch, totalLQTYAllocationByEpoch.items[_currentEpoch].value - prevVoteLQTY, false
                );
                _setLQTYAllocationByUserAtEpoch(_user, _currentEpoch, 0, false);
            }
        }
    }

    /// @inheritdoc IInitiative
    function onClaimForInitiative(uint16, uint256) external virtual override onlyGovernance {}
}

0% src/CurveV2GaugeRewards.sol

Lines covered: 0 / 12 (0%)

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;

import {ILiquidityGauge} from "./../src/interfaces/ILiquidityGauge.sol";

import {BribeInitiative} from "./BribeInitiative.sol";

contract CurveV2GaugeRewards is BribeInitiative {
    ILiquidityGauge public immutable gauge;
    uint256 public immutable duration;

    event DepositIntoGauge(uint256 amount);

    constructor(address _governance, address _bold, address _bribeToken, address _gauge, uint256 _duration)
        BribeInitiative(_governance, _bold, _bribeToken)
    {
        gauge = ILiquidityGauge(_gauge);
        duration = _duration;
    }

    function depositIntoGauge() external returns (uint256) {
        uint256 amount = governance.claimForInitiative(address(this));

        bold.approve(address(gauge), amount);
        gauge.deposit_reward_token(address(bold), amount, duration);

        emit DepositIntoGauge(amount);

        return amount;
    }
}

0% src/ForwardBribe.sol

Lines covered: 0 / 10 (0%)

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;

import {IERC20} from "openzeppelin-contracts/contracts/interfaces/IERC20.sol";
import {SafeERC20} from "openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol";

import {BribeInitiative} from "./BribeInitiative.sol";

contract ForwardBribe is BribeInitiative {
    using SafeERC20 for IERC20;

    address public immutable receiver;

    constructor(address _governance, address _bold, address _bribeToken, address _receiver)
        BribeInitiative(_governance, _bold, _bribeToken)
    {
        receiver = _receiver;
    }

    function forwardBribe() external {
        governance.claimForInitiative(address(this));

        uint boldAmount = bold.balanceOf(address(this));
        uint bribeTokenAmount = bribeToken.balanceOf(address(this));

        if (boldAmount != 0) bold.transfer(receiver, boldAmount);
        if (bribeTokenAmount != 0) bribeToken.transfer(receiver, bribeTokenAmount);
    }
}

84% src/Governance.sol

Lines covered: 243 / 289 (84%)

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;

import {console} from "forge-std/console.sol";

import {IERC20} from "openzeppelin-contracts/contracts/interfaces/IERC20.sol";
import {SafeERC20} from "openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol";
import {ReentrancyGuard} from "openzeppelin-contracts/contracts/utils/ReentrancyGuard.sol";

import {IGovernance} from "./interfaces/IGovernance.sol";
import {IInitiative} from "./interfaces/IInitiative.sol";
import {ILQTYStaking} from "./interfaces/ILQTYStaking.sol";

import {UserProxy} from "./UserProxy.sol";
import {UserProxyFactory} from "./UserProxyFactory.sol";

import {add, max, abs} from "./utils/Math.sol";
import {Multicall} from "./utils/Multicall.sol";
import {WAD, PermitParams} from "./utils/Types.sol";

import {SafeCastLib} from "lib/solmate/src/utils/SafeCastLib.sol";

/// @title Governance: Modular Initiative based Governance
contract Governance is Multicall, UserProxyFactory, ReentrancyGuard, IGovernance {
    using SafeERC20 for IERC20;

    /// @inheritdoc IGovernance
    ILQTYStaking public immutable stakingV1;
    /// @inheritdoc IGovernance
    IERC20 public immutable lqty;
    /// @inheritdoc IGovernance
    IERC20 public immutable bold;
    /// @inheritdoc IGovernance
    uint256 public immutable EPOCH_START;
    /// @inheritdoc IGovernance
    uint256 public immutable EPOCH_DURATION;
    /// @inheritdoc IGovernance
    uint256 public immutable EPOCH_VOTING_CUTOFF;
    /// @inheritdoc IGovernance
    uint256 public immutable MIN_CLAIM;
    /// @inheritdoc IGovernance
    uint256 public immutable MIN_ACCRUAL;
    /// @inheritdoc IGovernance
    uint256 public immutable REGISTRATION_FEE;
    /// @inheritdoc IGovernance
    uint256 public immutable REGISTRATION_THRESHOLD_FACTOR;
    /// @inheritdoc IGovernance
    uint256 public immutable UNREGISTRATION_THRESHOLD_FACTOR;
    /// @inheritdoc IGovernance
    uint256 public immutable REGISTRATION_WARM_UP_PERIOD;
    /// @inheritdoc IGovernance
    uint256 public immutable UNREGISTRATION_AFTER_EPOCHS;
    /// @inheritdoc IGovernance
    uint256 public immutable VOTING_THRESHOLD_FACTOR;

    /// @inheritdoc IGovernance
    uint256 public boldAccrued;

    /// @inheritdoc IGovernance
    VoteSnapshot public votesSnapshot;
    /// @inheritdoc IGovernance
    mapping(address => InitiativeVoteSnapshot) public votesForInitiativeSnapshot;

    /// @inheritdoc IGovernance
    GlobalState public globalState;
    /// @inheritdoc IGovernance
    mapping(address => UserState) public userStates;
    /// @inheritdoc IGovernance
    mapping(address => InitiativeState) public initiativeStates;
    /// @inheritdoc IGovernance
    mapping(address => mapping(address => Allocation)) public lqtyAllocatedByUserToInitiative;
    /// @inheritdoc IGovernance
    mapping(address => uint16) public override registeredInitiatives;

    uint16 constant UNREGISTERED_INITIATIVE = type(uint16).max;

    constructor(
        address _lqty,
        address _lusd,
        address _stakingV1,
        address _bold,
        Configuration memory _config,
        address[] memory _initiatives
    ) UserProxyFactory(_lqty, _lusd, _stakingV1) {
        stakingV1 = ILQTYStaking(_stakingV1);
        lqty = IERC20(_lqty);
        bold = IERC20(_bold);
        require(_config.minClaim <= _config.minAccrual, "Gov: min-claim-gt-min-accrual");
        REGISTRATION_FEE = _config.registrationFee;
        REGISTRATION_THRESHOLD_FACTOR = _config.registrationThresholdFactor;
        UNREGISTRATION_THRESHOLD_FACTOR = _config.unregistrationThresholdFactor;
        REGISTRATION_WARM_UP_PERIOD = _config.registrationWarmUpPeriod;
        UNREGISTRATION_AFTER_EPOCHS = _config.unregistrationAfterEpochs;
        VOTING_THRESHOLD_FACTOR = _config.votingThresholdFactor;
        MIN_CLAIM = _config.minClaim;
        MIN_ACCRUAL = _config.minAccrual;
        EPOCH_START = _config.epochStart;
        require(_config.epochDuration > 0, "Gov: epoch-duration-zero");
        EPOCH_DURATION = _config.epochDuration;
        require(_config.epochVotingCutoff < _config.epochDuration, "Gov: epoch-voting-cutoff-gt-epoch-duration");
        EPOCH_VOTING_CUTOFF = _config.epochVotingCutoff;
        for (uint256 i = 0; i < _initiatives.length; i++) {
            initiativeStates[_initiatives[i]] = InitiativeState(0, 0, 0, 0, 0);
            registeredInitiatives[_initiatives[i]] = 1;
        }
    }

    function _averageAge(uint32 _currentTimestamp, uint32 _averageTimestamp) internal pure returns (uint32) {
        if (_averageTimestamp == 0 || _currentTimestamp < _averageTimestamp) return 0;
        return _currentTimestamp - _averageTimestamp;
    }

    function _calculateAverageTimestamp(
        uint32 _prevOuterAverageTimestamp,
        uint32 _newInnerAverageTimestamp,
        uint88 _prevLQTYBalance,
        uint88 _newLQTYBalance
    ) internal view returns (uint32) {
        if (_newLQTYBalance == 0) return 0;

        uint32 prevOuterAverageAge = _averageAge(uint32(block.timestamp), _prevOuterAverageTimestamp);
        uint32 newInnerAverageAge = _averageAge(uint32(block.timestamp), _newInnerAverageTimestamp);

        uint88 newOuterAverageAge;
        if (_prevLQTYBalance <= _newLQTYBalance) {
            uint88 deltaLQTY = _newLQTYBalance - _prevLQTYBalance;
            uint240 prevVotes = uint240(_prevLQTYBalance) * uint240(prevOuterAverageAge);
            uint240 newVotes = uint240(deltaLQTY) * uint240(newInnerAverageAge);
            uint240 votes = prevVotes + newVotes;
            newOuterAverageAge = (_newLQTYBalance == 0) ? 0 : uint32(votes / uint240(_newLQTYBalance));
        } else {
            uint88 deltaLQTY = _prevLQTYBalance - _newLQTYBalance;
            uint240 prevVotes = uint240(_prevLQTYBalance) * uint240(prevOuterAverageAge);
            uint240 newVotes = uint240(deltaLQTY) * uint240(newInnerAverageAge);
            uint240 votes = (prevVotes >= newVotes) ? prevVotes - newVotes : 0;
            newOuterAverageAge = (_newLQTYBalance == 0) ? 0 : uint32(votes / uint240(_newLQTYBalance));
        }

        if (newOuterAverageAge > block.timestamp) return 0;
        return uint32(block.timestamp - newOuterAverageAge);
    }

    /*//////////////////////////////////////////////////////////////
                                STAKING
    //////////////////////////////////////////////////////////////*/

    function _deposit(uint88 _lqtyAmount) private returns (UserProxy) {
        require(_lqtyAmount > 0, "Governance: zero-lqty-amount");

        address userProxyAddress = deriveUserProxyAddress(msg.sender);

        if (userProxyAddress.code.length == 0) {
            deployUserProxy();
        }

        UserProxy userProxy = UserProxy(payable(userProxyAddress));

        uint88 lqtyStaked = uint88(stakingV1.stakes(userProxyAddress));

        // update the average staked timestamp for LQTY staked by the user
        UserState memory userState = userStates[msg.sender];
        userState.averageStakingTimestamp = _calculateAverageTimestamp(
            userState.averageStakingTimestamp, uint32(block.timestamp), lqtyStaked, lqtyStaked + _lqtyAmount
        );
        userStates[msg.sender] = userState;

        emit DepositLQTY(msg.sender, _lqtyAmount);

        return userProxy;
    }

    /// @inheritdoc IGovernance
    function depositLQTY(uint88 _lqtyAmount) external nonReentrant {
        UserProxy userProxy = _deposit(_lqtyAmount);
        userProxy.stake(_lqtyAmount, msg.sender);
    }

    /// @inheritdoc IGovernance
    function depositLQTYViaPermit(uint88 _lqtyAmount, PermitParams calldata _permitParams) external nonReentrant {
        UserProxy userProxy = _deposit(_lqtyAmount);
        userProxy.stakeViaPermit(_lqtyAmount, msg.sender, _permitParams);
    }

    /// @inheritdoc IGovernance
    function withdrawLQTY(uint88 _lqtyAmount) external nonReentrant {
        UserProxy userProxy = UserProxy(payable(deriveUserProxyAddress(msg.sender)));
        require(address(userProxy).code.length != 0, "Governance: user-proxy-not-deployed");

        uint88 lqtyStaked = uint88(stakingV1.stakes(address(userProxy)));

        UserState storage userState = userStates[msg.sender];

        // check if user has enough unallocated lqty
        require(_lqtyAmount <= lqtyStaked - userState.allocatedLQTY, "Governance: insufficient-unallocated-lqty");

        (uint256 accruedLUSD, uint256 accruedETH) = userProxy.unstake(_lqtyAmount, msg.sender, msg.sender);

        emit WithdrawLQTY(msg.sender, _lqtyAmount, accruedLUSD, accruedETH);
    }

    /// @inheritdoc IGovernance
    function claimFromStakingV1(address _rewardRecipient) external returns (uint256 accruedLUSD, uint256 accruedETH) {
        address payable userProxyAddress = payable(deriveUserProxyAddress(msg.sender));
        require(userProxyAddress.code.length != 0, "Governance: user-proxy-not-deployed");
        return UserProxy(userProxyAddress).unstake(0, _rewardRecipient, _rewardRecipient);
    }

    /*//////////////////////////////////////////////////////////////
                                 VOTING
    //////////////////////////////////////////////////////////////*/

    /// @inheritdoc IGovernance
    function epoch() public view returns (uint16) {
        if (block.timestamp < EPOCH_START) return 0;
        return uint16(((block.timestamp - EPOCH_START) / EPOCH_DURATION) + 1);
    }

    /// @inheritdoc IGovernance
    function epochStart() public view returns (uint32) {
        uint16 currentEpoch = epoch();
        if (currentEpoch == 0) return 0;
        return uint32(EPOCH_START + (currentEpoch - 1) * EPOCH_DURATION);
    }

    /// @inheritdoc IGovernance
    function secondsWithinEpoch() public view returns (uint32) {
        if (block.timestamp < EPOCH_START) return 0;
        return uint32((block.timestamp - EPOCH_START) % EPOCH_DURATION);
    }

    /// @inheritdoc IGovernance
    function lqtyToVotes(uint88 _lqtyAmount, uint256 _currentTimestamp, uint32 _averageTimestamp)
        public
        pure
        returns (uint240)
    {
        return uint240(_lqtyAmount) * _averageAge(uint32(_currentTimestamp), _averageTimestamp);
    }

    /// @inheritdoc IGovernance
    function calculateVotingThreshold() public view returns (uint256) {
        uint256 snapshotVotes = votesSnapshot.votes;
        if (snapshotVotes == 0) return 0;

        uint256 minVotes; // to reach MIN_CLAIM: snapshotVotes * MIN_CLAIM / boldAccrued
        uint256 payoutPerVote = boldAccrued * WAD / snapshotVotes;
        if (payoutPerVote != 0) {
            minVotes = MIN_CLAIM * WAD / payoutPerVote;
        }
        return max(snapshotVotes * VOTING_THRESHOLD_FACTOR / WAD, minVotes);
    }

    // Snapshots votes for the previous epoch and accrues funds for the current epoch
    function _snapshotVotes() internal returns (VoteSnapshot memory snapshot, GlobalState memory state) {
        uint16 currentEpoch = epoch();
        snapshot = votesSnapshot;
        state = globalState;
        if (snapshot.forEpoch < currentEpoch - 1) {
            snapshot.votes = lqtyToVotes(state.countedVoteLQTY, epochStart(), state.countedVoteLQTYAverageTimestamp);
            snapshot.forEpoch = currentEpoch - 1;
            votesSnapshot = snapshot;
            uint256 boldBalance = bold.balanceOf(address(this));
            boldAccrued = (boldBalance < MIN_ACCRUAL) ? 0 : boldBalance;
            emit SnapshotVotes(snapshot.votes, snapshot.forEpoch);
        }
    }

    // Snapshots votes for an initiative for the previous epoch but only count the votes
    // if the received votes meet the voting threshold
    function _snapshotVotesForInitiative(address _initiative)
        internal
        returns (InitiativeVoteSnapshot memory initiativeSnapshot, InitiativeState memory initiativeState)
    {
        uint16 currentEpoch = epoch();
        initiativeSnapshot = votesForInitiativeSnapshot[_initiative];
        initiativeState = initiativeStates[_initiative];
        if (initiativeSnapshot.forEpoch < currentEpoch - 1) {
            uint256 votingThreshold = calculateVotingThreshold();
            uint32 start = epochStart();
            uint240 votes =
                lqtyToVotes(initiativeState.voteLQTY, start, initiativeState.averageStakingTimestampVoteLQTY);
            uint240 vetos =
                lqtyToVotes(initiativeState.vetoLQTY, start, initiativeState.averageStakingTimestampVetoLQTY);
            // if the votes didn't meet the voting threshold then no votes qualify
            /// @audit TODO TEST THIS
            /// The change means that all logic for votes and rewards must be done in `getInitiativeState`
            initiativeSnapshot.votes = uint224(votes); /// @audit TODO: We should change this to check the treshold, we should instead use the snapshot to just report all the valid data

            initiativeSnapshot.vetos = uint224(vetos); /// @audit TODO: Overflow + order of operations

            initiativeSnapshot.forEpoch = currentEpoch - 1; 

            /// @audit Conditional
            /// If we meet the threshold then we increase this
            /// TODO: Either simplify, or use this for the state machine as well
            if(
                initiativeSnapshot.votes > initiativeSnapshot.vetos &&
                initiativeSnapshot.votes >= votingThreshold
            ) {
                initiativeSnapshot.lastCountedEpoch = currentEpoch - 1; /// @audit This updating makes it so that we lose track | TODO: Find a better way
            }

            votesForInitiativeSnapshot[_initiative] = initiativeSnapshot;
            emit SnapshotVotesForInitiative(_initiative, initiativeSnapshot.votes, initiativeSnapshot.forEpoch);
        }
    }

    /// @inheritdoc IGovernance
    function snapshotVotesForInitiative(address _initiative)
        external
        nonReentrant
        returns (VoteSnapshot memory voteSnapshot, InitiativeVoteSnapshot memory initiativeVoteSnapshot)
    {
        (voteSnapshot,) = _snapshotVotes();
        (initiativeVoteSnapshot,) = _snapshotVotesForInitiative(_initiative);
    }


    /// @notice Given an initiative, return whether the initiative will be unregisted, whether it can claim and which epoch it last claimed at
    enum InitiativeStatus {
        SKIP, /// This epoch will result in no rewards and no unregistering
        CLAIMABLE, /// This epoch will result in claiming rewards
        CLAIMED, /// The rewards for this epoch have been claimed
        UNREGISTERABLE, /// Can be unregistered
        DISABLED // It was already Unregistered
    }
    /**
        FSM:
            - Can claim (false, true, epoch - 1 - X)
            - Has claimed (false, false, epoch - 1)
            - Cannot claim and should not be kicked (false, false, epoch - 1 - [0, X])
            - Should be kicked (true, false, epoch - 1 - [UNREGISTRATION_AFTER_EPOCHS, UNREGISTRATION_AFTER_EPOCHS + X])
     */

    function getInitiativeState(address _initiative) public returns (InitiativeStatus status, uint16 lastEpochClaim, uint256 claimableAmount) {
        (VoteSnapshot memory votesSnapshot_,) = _snapshotVotes();
        (InitiativeVoteSnapshot memory votesForInitiativeSnapshot_, InitiativeState memory initiativeState) = _snapshotVotesForInitiative(_initiative);

        lastEpochClaim = initiativeStates[_initiative].lastEpochClaim;

        // == Already Claimed Condition == //
        if(lastEpochClaim >= epoch() - 1) {
            // early return, we have already claimed
            return (InitiativeStatus.CLAIMED, lastEpochClaim, claimableAmount);
        }

        // == Disabled Condition == //
        // TODO: If a initiative is disabled, we return false and the last epoch claim
        if(registeredInitiatives[_initiative] == UNREGISTERED_INITIATIVE) {
            return (InitiativeStatus.DISABLED, lastEpochClaim, 0); /// @audit By definition it must have zero rewards
        }


        // == Unregister Condition == //
        /// @audit epoch() - 1 because we can have Now - 1 and that's not a removal case | TODO: Double check | Worst case QA, off by one epoch
        // TODO: IMO we can use the claimed variable here
        /// This shifts the logic by 1 epoch
        if((votesForInitiativeSnapshot_.lastCountedEpoch + UNREGISTRATION_AFTER_EPOCHS < epoch() - 1)
            ||  votesForInitiativeSnapshot_.vetos > votesForInitiativeSnapshot_.votes
                        && votesForInitiativeSnapshot_.vetos > calculateVotingThreshold() * UNREGISTRATION_THRESHOLD_FACTOR / WAD
        ) {
            return (InitiativeStatus.UNREGISTERABLE, lastEpochClaim, 0);
        }

        // How do we know that they have canClaimRewards?
        // They must have votes / totalVotes AND meet the Requirement AND not be vetoed
        /// @audit if we already are above, then why are we re-computing this?
        // Ultimately the checkpoint logic for initiative is fine, so we can skip this
        
        // TODO: Where does this fit exactly?
        // Edge case of 0 votes
        if(votesSnapshot_.votes == 0) {
            return (InitiativeStatus.SKIP, lastEpochClaim, 0);
        }


        // == Vetoed this Epoch Condition == //
        if(votesForInitiativeSnapshot_.vetos >= votesForInitiativeSnapshot_.votes) {
            return (InitiativeStatus.SKIP, lastEpochClaim, 0); /// @audit Technically VETOED
        }

        // == Not meeting threshold Condition == //

        if(calculateVotingThreshold() > votesForInitiativeSnapshot_.votes) {
            return (InitiativeStatus.SKIP, lastEpochClaim, 0);
        }

        // == Rewards Conditions (votes can be zero, logic is the same) == //
        uint256 claim = votesForInitiativeSnapshot_.votes * boldAccrued / votesSnapshot_.votes;
        return (InitiativeStatus.CLAIMABLE, lastEpochClaim, claim);
    }

    /// @inheritdoc IGovernance
    function registerInitiative(address _initiative) external nonReentrant {
        bold.safeTransferFrom(msg.sender, address(this), REGISTRATION_FEE);

        require(_initiative != address(0), "Governance: zero-address");
        require(registeredInitiatives[_initiative] == 0, "Governance: initiative-already-registered");

        address userProxyAddress = deriveUserProxyAddress(msg.sender);
        (VoteSnapshot memory snapshot,) = _snapshotVotes();
        UserState memory userState = userStates[msg.sender];

        // an initiative can be registered if the registrant has more voting power (LQTY * age)
        // than the registration threshold derived from the previous epoch's total global votes
        require(
            lqtyToVotes(uint88(stakingV1.stakes(userProxyAddress)), block.timestamp, userState.averageStakingTimestamp)
                >= snapshot.votes * REGISTRATION_THRESHOLD_FACTOR / WAD,
            "Governance: insufficient-lqty"
        );

        uint16 currentEpoch = epoch();

        registeredInitiatives[_initiative] = currentEpoch;

        emit RegisterInitiative(_initiative, msg.sender, currentEpoch);

        try IInitiative(_initiative).onRegisterInitiative(currentEpoch) {} catch {}
    }

    /// @inheritdoc IGovernance
    function allocateLQTY(
        address[] calldata _initiatives,
        int88[] calldata _deltaLQTYVotes,
        int88[] calldata _deltaLQTYVetos
    ) external nonReentrant {
        require(
            _initiatives.length == _deltaLQTYVotes.length && _initiatives.length == _deltaLQTYVetos.length,
            "Governance: array-length-mismatch"
        );

        (, GlobalState memory state) = _snapshotVotes();

        uint256 votingThreshold = calculateVotingThreshold();
        uint16 currentEpoch = epoch();

        UserState memory userState = userStates[msg.sender];

        for (uint256 i = 0; i < _initiatives.length; i++) {
            address initiative = _initiatives[i];
            int88 deltaLQTYVotes = _deltaLQTYVotes[i];
            int88 deltaLQTYVetos = _deltaLQTYVetos[i];

            // TODO: Better assertion
            /// Can remove or add
            /// But cannot add or remove both

            // only allow vetoing post the voting cutoff
            require(
                deltaLQTYVotes <= 0 || deltaLQTYVotes >= 0 && secondsWithinEpoch() <= EPOCH_VOTING_CUTOFF,
                "Governance: epoch-voting-cutoff"
            );
            
            {
                uint16 registeredAtEpoch = registeredInitiatives[initiative];
                if(deltaLQTYVotes > 0 || deltaLQTYVetos > 0) {
                    require(currentEpoch > registeredAtEpoch && registeredAtEpoch != 0, "Governance: initiative-not-active");
                } /// @audit TODO: We must allow removals for Proposals that are disabled | Should use the flag u16
                
                if(registeredAtEpoch == UNREGISTERED_INITIATIVE) {
                    require(deltaLQTYVotes <= 0 && deltaLQTYVetos <= 0, "Must be a withdrawal");
                }
            }
            // TODO: CHANGE
            // Can add if active
            // Can remove if inactive
            // only allow allocations to initiatives that are active
            // an initiative becomes active in the epoch after it is registered


            (, InitiativeState memory initiativeState) = _snapshotVotesForInitiative(initiative);

            // deep copy of the initiative's state before the allocation
            InitiativeState memory prevInitiativeState = InitiativeState(
                initiativeState.voteLQTY,
                initiativeState.vetoLQTY,
                initiativeState.averageStakingTimestampVoteLQTY,
                initiativeState.averageStakingTimestampVetoLQTY,
                initiativeState.lastEpochClaim
            );

            // update the average staking timestamp for the initiative based on the user's average staking timestamp
            initiativeState.averageStakingTimestampVoteLQTY = _calculateAverageTimestamp(
                initiativeState.averageStakingTimestampVoteLQTY,
                userState.averageStakingTimestamp,
                initiativeState.voteLQTY,
                add(initiativeState.voteLQTY, deltaLQTYVotes)
            );
            initiativeState.averageStakingTimestampVetoLQTY = _calculateAverageTimestamp(
                initiativeState.averageStakingTimestampVetoLQTY,
                userState.averageStakingTimestamp,
                initiativeState.vetoLQTY,
                add(initiativeState.vetoLQTY, deltaLQTYVetos)
            );

            // allocate the voting and vetoing LQTY to the initiative
            initiativeState.voteLQTY = add(initiativeState.voteLQTY, deltaLQTYVotes);
            initiativeState.vetoLQTY = add(initiativeState.vetoLQTY, deltaLQTYVetos);

            // update the initiative's state
            initiativeStates[initiative] = initiativeState;

            // update the average staking timestamp for all counted voting LQTY
            state.countedVoteLQTYAverageTimestamp = _calculateAverageTimestamp(
                state.countedVoteLQTYAverageTimestamp,
                initiativeState.averageStakingTimestampVoteLQTY,
                state.countedVoteLQTY,
                state.countedVoteLQTY - prevInitiativeState.voteLQTY
            );
            state.countedVoteLQTY -= prevInitiativeState.voteLQTY;

            state.countedVoteLQTYAverageTimestamp = _calculateAverageTimestamp(
                state.countedVoteLQTYAverageTimestamp,
                initiativeState.averageStakingTimestampVoteLQTY,
                state.countedVoteLQTY,
                state.countedVoteLQTY + initiativeState.voteLQTY
            );
            state.countedVoteLQTY += initiativeState.voteLQTY;



            // allocate the voting and vetoing LQTY to the initiative
            Allocation memory allocation = lqtyAllocatedByUserToInitiative[msg.sender][initiative];
            allocation.voteLQTY = add(allocation.voteLQTY, deltaLQTYVotes);
            allocation.vetoLQTY = add(allocation.vetoLQTY, deltaLQTYVetos);
            allocation.atEpoch = currentEpoch;
            require(!(allocation.voteLQTY != 0 && allocation.vetoLQTY != 0), "Governance: vote-and-veto");
            lqtyAllocatedByUserToInitiative[msg.sender][initiative] = allocation;

            userState.allocatedLQTY = add(userState.allocatedLQTY, deltaLQTYVotes + deltaLQTYVetos);

            emit AllocateLQTY(msg.sender, initiative, deltaLQTYVotes, deltaLQTYVetos, currentEpoch);

            try IInitiative(initiative).onAfterAllocateLQTY(
                currentEpoch, msg.sender, allocation.voteLQTY, allocation.vetoLQTY
            ) {} catch {}
        }

        require(
            userState.allocatedLQTY == 0
                || userState.allocatedLQTY <= uint88(stakingV1.stakes(deriveUserProxyAddress(msg.sender))),
            "Governance: insufficient-or-unallocated-lqty"
        );

        globalState = state;
        userStates[msg.sender] = userState;
    }

    /// @inheritdoc IGovernance
    function unregisterInitiative(address _initiative) external nonReentrant {
        uint16 registrationEpoch = registeredInitiatives[_initiative];
        require(registrationEpoch != 0, "Governance: initiative-not-registered");
        uint16 currentEpoch = epoch();
        require(registrationEpoch + REGISTRATION_WARM_UP_PERIOD < currentEpoch, "Governance: initiative-in-warm-up");

        (, GlobalState memory state) = _snapshotVotes();
        (InitiativeVoteSnapshot memory votesForInitiativeSnapshot_, InitiativeState memory initiativeState) =
            _snapshotVotesForInitiative(_initiative);

        /// Invariant: Must only claim once or unregister
        require(initiativeState.lastEpochClaim < epoch() - 1);
        
        (InitiativeStatus status, , )= getInitiativeState(_initiative);
        require(status == InitiativeStatus.UNREGISTERABLE, "Governance: cannot-unregister-initiative");

        /// @audit TODO: Verify that the FSM here is correct

        // recalculate the average staking timestamp for all counted voting LQTY if the initiative was counted in
        state.countedVoteLQTYAverageTimestamp = _calculateAverageTimestamp(
            state.countedVoteLQTYAverageTimestamp,
            initiativeState.averageStakingTimestampVoteLQTY,
            state.countedVoteLQTY,
            state.countedVoteLQTY - initiativeState.voteLQTY
        );
        state.countedVoteLQTY -= initiativeState.voteLQTY;
        globalState = state;

        /// @audit removal math causes issues
        // delete initiativeStates[_initiative]; 

        /// @audit Should not delete this
        /// weeks * 2^16 > u32 so the contract will stop working before this is an issue
        registeredInitiatives[_initiative] = UNREGISTERED_INITIATIVE; 

        emit UnregisterInitiative(_initiative, currentEpoch);

        try IInitiative(_initiative).onUnregisterInitiative(currentEpoch) {} catch {}
    }

    /// @inheritdoc IGovernance
    function claimForInitiative(address _initiative) external nonReentrant returns (uint256) {
        (VoteSnapshot memory votesSnapshot_,) = _snapshotVotes();
        (InitiativeVoteSnapshot memory votesForInitiativeSnapshot_, InitiativeState memory initiativeState_) = _snapshotVotesForInitiative(_initiative);

        // TODO: Return type from state FSM can be standardized
        (InitiativeStatus status, , uint256 claimableAmount ) = getInitiativeState(_initiative);

        /// @audit Return 0 if we cannot claim
        /// INVARIANT:
        /// We cannot claim only for 2 reasons:
        /// We have already claimed
        /// We do not meet the threshold
        /// TODO: Enforce this with assertions
        if(status != InitiativeStatus.CLAIMABLE) {
            return 0;
        }
        
        assert(votesSnapshot_.forEpoch == epoch() - 1); /// @audit INVARIANT: You can only claim for previous epoch
        /// All unclaimed rewards are always recycled

        initiativeStates[_initiative].lastEpochClaim = epoch() - 1;
        votesForInitiativeSnapshot[_initiative] = votesForInitiativeSnapshot_; // implicitly prevents double claiming

        bold.safeTransfer(_initiative, claimableAmount);

        emit ClaimForInitiative(_initiative, claimableAmount, votesSnapshot_.forEpoch);

        try IInitiative(_initiative).onClaimForInitiative(votesSnapshot_.forEpoch, claimableAmount) {} catch {}

        return claimableAmount;
    }
}

0% src/UniV4Donations.sol

Lines covered: 0 / 67 (0%)

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;

import {IERC20} from "openzeppelin-contracts/contracts/interfaces/IERC20.sol";
import {SafeERC20} from "openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol";

import {IPoolManager} from "v4-core/src/interfaces/IPoolManager.sol";
import {IHooks} from "v4-core/src/interfaces/IHooks.sol";
import {PoolKey} from "v4-core/src/types/PoolKey.sol";
import {PoolId, PoolIdLibrary} from "v4-core/src/types/PoolId.sol";
import {Currency, CurrencyLibrary} from "v4-core/src/types/Currency.sol";
import {BalanceDelta} from "v4-core/src/types/BalanceDelta.sol";

import {BaseHook, Hooks} from "./utils/BaseHook.sol";
import {BribeInitiative} from "./BribeInitiative.sol";

contract UniV4Donations is BribeInitiative, BaseHook {
    using SafeERC20 for IERC20;
    using CurrencyLibrary for Currency;
    using PoolIdLibrary for PoolKey;

    event DonateToPool(uint256 amount);
    event RestartVesting(uint16 epoch, uint240 amount);

    uint256 public immutable VESTING_EPOCH_START;
    uint256 public immutable VESTING_EPOCH_DURATION;

    address private immutable currency0;
    address private immutable currency1;
    uint24 private immutable fee;
    int24 private immutable tickSpacing;

    struct Vesting {
        uint240 amount;
        uint16 epoch;
        uint256 released;
    }

    Vesting public vesting;

    constructor(
        address _governance,
        address _bold,
        address _bribeToken,
        uint256 _vestingEpochStart,
        uint256 _vestingEpochDuration,
        address _poolManager,
        address _token,
        uint24 _fee,
        int24 _tickSpacing
    ) BribeInitiative(_governance, _bold, _bribeToken) BaseHook(IPoolManager(_poolManager)) {
        VESTING_EPOCH_START = _vestingEpochStart;
        VESTING_EPOCH_DURATION = _vestingEpochDuration;

        if (uint256(uint160(address(_bold))) <= uint256(uint160(address(_token)))) {
            currency0 = _bold;
            currency1 = _token;
        } else {
            currency1 = _token;
            currency0 = _bold;
        }
        fee = _fee;
        tickSpacing = _tickSpacing;
    }

    function vestingEpoch() public view returns (uint16) {
        return uint16(((block.timestamp - VESTING_EPOCH_START) / VESTING_EPOCH_DURATION)) + 1;
    }

    function vestingEpochStart() public view returns (uint256) {
        return VESTING_EPOCH_START + ((vestingEpoch() - 1) * VESTING_EPOCH_DURATION);
    }

    function _restartVesting(uint240 claimed) internal returns (Vesting memory) {
        uint16 epoch = vestingEpoch();
        Vesting memory _vesting = vesting;
        if (_vesting.epoch < epoch) {
            _vesting.amount = claimed + _vesting.amount - uint240(_vesting.released); // roll over unclaimed amount
            _vesting.epoch = epoch;
            _vesting.released = 0;
            vesting = _vesting;
            emit RestartVesting(epoch, _vesting.amount);
        }
        return _vesting;
    }

    function _donateToPool() internal returns (uint256) {
        Vesting memory _vesting = _restartVesting(uint240(governance.claimForInitiative(address(this))));
        uint256 amount =
            (_vesting.amount * (block.timestamp - vestingEpochStart()) / VESTING_EPOCH_DURATION) - _vesting.released;

        if (amount != 0) {
            PoolKey memory key = poolKey();

            manager.donate(key, amount, 0, bytes(""));
            manager.sync(key.currency0);
            IERC20(Currency.unwrap(key.currency0)).safeTransfer(address(manager), amount);
            manager.settle(key.currency0);

            vesting.released += amount;

            emit DonateToPool(amount);
        }

        return amount;
    }

    function donateToPool() public returns (uint256) {
        return abi.decode(manager.unlock(abi.encode(address(this), poolKey())), (uint256));
    }

    function poolKey() public view returns (PoolKey memory key) {
        key = PoolKey({
            currency0: Currency.wrap(currency0),
            currency1: Currency.wrap(currency1),
            fee: fee,
            tickSpacing: tickSpacing,
            hooks: IHooks(address(this))
        });
    }

    function getHookPermissions() public pure override returns (Hooks.Permissions memory) {
        return Hooks.Permissions({
            beforeInitialize: false,
            afterInitialize: true,
            beforeAddLiquidity: false,
            beforeRemoveLiquidity: false,
            afterAddLiquidity: true,
            afterRemoveLiquidity: false,
            beforeSwap: false,
            afterSwap: false,
            beforeDonate: false,
            afterDonate: false,
            beforeSwapReturnDelta: false,
            afterSwapReturnDelta: false,
            afterAddLiquidityReturnDelta: false,
            afterRemoveLiquidityReturnDelta: false
        });
    }

    function afterInitialize(address, PoolKey calldata key, uint160, int24, bytes calldata)
        external
        view
        override
        onlyByManager
        returns (bytes4)
    {
        require(PoolId.unwrap(poolKey().toId()) == PoolId.unwrap(key.toId()), "UniV4Donations: invalid-pool-id");
        return this.afterInitialize.selector;
    }

    function afterAddLiquidity(
        address,
        PoolKey calldata key,
        IPoolManager.ModifyLiquidityParams calldata,
        BalanceDelta delta,
        bytes calldata
    ) external override onlyByManager returns (bytes4, BalanceDelta) {
        require(PoolId.unwrap(poolKey().toId()) == PoolId.unwrap(key.toId()), "UniV4Donations: invalid-pool-id");
        _donateToPool();
        return (this.afterAddLiquidity.selector, delta);
    }

    function _unlockCallback(bytes calldata data) internal override returns (bytes memory) {
        (address sender, PoolKey memory key) = abi.decode(data, (address, PoolKey));
        require(sender == address(this), "UniV4Donations: invalid-sender");
        require(PoolId.unwrap(poolKey().toId()) == PoolId.unwrap(key.toId()), "UniV4Donations: invalid-pool-id");
        return abi.encode(_donateToPool());
    }
}

65% src/UserProxy.sol

Lines covered: 27 / 41 (65%)

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;

import {IERC20} from "openzeppelin-contracts/contracts/interfaces/IERC20.sol";
import {IERC20Permit} from "openzeppelin-contracts/contracts/token/ERC20/extensions/IERC20Permit.sol";
import {SafeERC20} from "openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol";

import {IUserProxy} from "./interfaces/IUserProxy.sol";
import {ILQTYStaking} from "./interfaces/ILQTYStaking.sol";
import {PermitParams} from "./utils/Types.sol";

contract UserProxy is IUserProxy {
    using SafeERC20 for IERC20;

    /// @inheritdoc IUserProxy
    IERC20 public immutable lqty;
    /// @inheritdoc IUserProxy
    IERC20 public immutable lusd;

    /// @inheritdoc IUserProxy
    ILQTYStaking public immutable stakingV1;
    /// @inheritdoc IUserProxy
    address public immutable stakingV2;

    constructor(address _lqty, address _lusd, address _stakingV1) {
        lqty = IERC20(_lqty);
        lusd = IERC20(_lusd);
        stakingV1 = ILQTYStaking(_stakingV1);
        stakingV2 = msg.sender;
    }

    modifier onlyStakingV2() {
        require(msg.sender == stakingV2, "UserProxy: caller-not-stakingV2");
        _;
    }

    /// @inheritdoc IUserProxy
    function stake(uint256 _amount, address _lqtyFrom) public onlyStakingV2 {
        lqty.transferFrom(_lqtyFrom, address(this), _amount);
        lqty.approve(address(stakingV1), _amount);
        stakingV1.stake(_amount);
        emit Stake(_amount, _lqtyFrom);
    }

    /// @inheritdoc IUserProxy
    function stakeViaPermit(uint256 _amount, address _lqtyFrom, PermitParams calldata _permitParams)
        public
        onlyStakingV2
    {
        require(_lqtyFrom == _permitParams.owner, "UserProxy: owner-not-sender");
        try IERC20Permit(address(lqty)).permit(
            _permitParams.owner,
            _permitParams.spender,
            _permitParams.value,
            _permitParams.deadline,
            _permitParams.v,
            _permitParams.r,
            _permitParams.s
        ) {} catch {}
        stake(_amount, _lqtyFrom);
    }

    /// @inheritdoc IUserProxy
    function unstake(uint256 _amount, address _lqtyRecipient, address _lusdEthRecipient)
        public
        onlyStakingV2
        returns (uint256 lusdAmount, uint256 ethAmount)
    {
        stakingV1.unstake(_amount);

        uint256 lqtyAmount = lqty.balanceOf(address(this));
        if (lqtyAmount > 0) lqty.safeTransfer(_lqtyRecipient, lqtyAmount);
        lusdAmount = lusd.balanceOf(address(this));
        if (lusdAmount > 0) lusd.safeTransfer(_lusdEthRecipient, lusdAmount);
        ethAmount = address(this).balance;
        if (ethAmount > 0) {
            (bool success,) = payable(_lusdEthRecipient).call{value: ethAmount}("");
            success;
        }

        emit Unstake(_amount, _lqtyRecipient, _lusdEthRecipient, lusdAmount, ethAmount);
    }

    /// @inheritdoc IUserProxy
    function staked() external view returns (uint88) {
        return uint88(stakingV1.stakes(address(this)));
    }

    receive() external payable {}
}

40% src/UserProxyFactory.sol

Lines covered: 4 / 10 (40%)

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;

import {Clones} from "openzeppelin-contracts/contracts/proxy/Clones.sol";

import {IUserProxyFactory} from "./interfaces/IUserProxyFactory.sol";
import {UserProxy} from "./UserProxy.sol";

contract UserProxyFactory is IUserProxyFactory {
    /// @inheritdoc IUserProxyFactory
    address public immutable userProxyImplementation;

    constructor(address _lqty, address _lusd, address _stakingV1) {
        userProxyImplementation = address(new UserProxy(_lqty, _lusd, _stakingV1));
    }

    /// @inheritdoc IUserProxyFactory
    function deriveUserProxyAddress(address _user) public view returns (address) {
        return Clones.predictDeterministicAddress(userProxyImplementation, bytes32(uint256(uint160(_user))));
    }

    /// @inheritdoc IUserProxyFactory
    function deployUserProxy() public returns (address) {
        // reverts if the user already has a proxy
        address userProxy = Clones.cloneDeterministic(userProxyImplementation, bytes32(uint256(uint160(msg.sender))));

        emit DeployUserProxy(msg.sender, userProxy);

        return userProxy;
    }
}

0% src/utils/BaseHook.sol

Lines covered: 0 / 22 (0%)

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;

import {Hooks} from "v4-core/src/libraries/Hooks.sol";
import {IPoolManager} from "v4-core/src/interfaces/IPoolManager.sol";
import {IHooks} from "v4-core/src/interfaces/IHooks.sol";
import {BalanceDelta} from "v4-core/src/types/BalanceDelta.sol";
import {PoolKey} from "v4-core/src/types/PoolKey.sol";
import {BeforeSwapDelta} from "v4-core/src/types/BeforeSwapDelta.sol";
import {IUnlockCallback} from "v4-core/src/interfaces/callback/IUnlockCallback.sol";

contract ImmutableState {
    IPoolManager public immutable manager;

    constructor(IPoolManager _manager) {
        manager = _manager;
    }
}

abstract contract SafeCallback is ImmutableState, IUnlockCallback {
    error NotManager();

    modifier onlyByManager() {
        if (msg.sender != address(manager)) revert NotManager();
        _;
    }

    /// @dev We force the onlyByManager modifier by exposing a virtual function after the onlyByManager check.
    function unlockCallback(bytes calldata data) external onlyByManager returns (bytes memory) {
        return _unlockCallback(data);
    }

    function _unlockCallback(bytes calldata data) internal virtual returns (bytes memory);
}

abstract contract BaseHook is IHooks, SafeCallback {
    error NotSelf();
    error InvalidPool();
    error LockFailure();
    error HookNotImplemented();

    constructor(IPoolManager _manager) ImmutableState(_manager) {
        validateHookAddress(this);
    }

    /// @dev Only this address may call this function
    modifier selfOnly() {
        if (msg.sender != address(this)) revert NotSelf();
        _;
    }

    /// @dev Only pools with hooks set to this contract may call this function
    modifier onlyValidPools(IHooks hooks) {
        if (hooks != this) revert InvalidPool();
        _;
    }

    function getHookPermissions() public pure virtual returns (Hooks.Permissions memory);

    // this function is virtual so that we can override it during testing,
    // which allows us to deploy an implementation to any address
    // and then etch the bytecode into the correct address
    function validateHookAddress(BaseHook _this) internal pure virtual {
        Hooks.validateHookPermissions(_this, getHookPermissions());
    }

    function _unlockCallback(bytes calldata data) internal virtual override returns (bytes memory) {
        (bool success, bytes memory returnData) = address(this).call(data);
        if (success) return returnData;
        if (returnData.length == 0) revert LockFailure();
        // if the call failed, bubble up the reason
        /// @solidity memory-safe-assembly
        assembly {
            revert(add(returnData, 32), mload(returnData))
        }
    }

    function beforeInitialize(address, PoolKey calldata, uint160, bytes calldata) external virtual returns (bytes4) {
        revert HookNotImplemented();
    }

    function afterInitialize(address, PoolKey calldata, uint160, int24, bytes calldata)
        external
        virtual
        returns (bytes4)
    {
        revert HookNotImplemented();
    }

    function beforeAddLiquidity(address, PoolKey calldata, IPoolManager.ModifyLiquidityParams calldata, bytes calldata)
        external
        virtual
        returns (bytes4)
    {
        revert HookNotImplemented();
    }

    function beforeRemoveLiquidity(
        address,
        PoolKey calldata,
        IPoolManager.ModifyLiquidityParams calldata,
        bytes calldata
    ) external virtual returns (bytes4) {
        revert HookNotImplemented();
    }

    function afterAddLiquidity(
        address,
        PoolKey calldata,
        IPoolManager.ModifyLiquidityParams calldata,
        BalanceDelta,
        bytes calldata
    ) external virtual returns (bytes4, BalanceDelta) {
        revert HookNotImplemented();
    }

    function afterRemoveLiquidity(
        address,
        PoolKey calldata,
        IPoolManager.ModifyLiquidityParams calldata,
        BalanceDelta,
        bytes calldata
    ) external virtual returns (bytes4, BalanceDelta) {
        revert HookNotImplemented();
    }

    function beforeSwap(address, PoolKey calldata, IPoolManager.SwapParams calldata, bytes calldata)
        external
        virtual
        returns (bytes4, BeforeSwapDelta, uint24)
    {
        revert HookNotImplemented();
    }

    function afterSwap(address, PoolKey calldata, IPoolManager.SwapParams calldata, BalanceDelta, bytes calldata)
        external
        virtual
        returns (bytes4, int128)
    {
        revert HookNotImplemented();
    }

    function beforeDonate(address, PoolKey calldata, uint256, uint256, bytes calldata)
        external
        virtual
        returns (bytes4)
    {
        revert HookNotImplemented();
    }

    function afterDonate(address, PoolKey calldata, uint256, uint256, bytes calldata)
        external
        virtual
        returns (bytes4)
    {
        revert HookNotImplemented();
    }
}

68% src/utils/DoubleLinkedList.sol

Lines covered: 15 / 22 (68%)

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;

/// @title DoubleLinkedList
/// @notice Implements a double linked list where the head is defined as the null item's prev pointer
/// and the tail is defined as the null item's next pointer ([tail][prev][item][next][head])
library DoubleLinkedList {
    struct Item {
        uint88 value;
        uint16 prev;
        uint16 next;
    }

    struct List {
        mapping(uint16 => Item) items;
    }

    error IdIsZero();
    error ItemNotInList();
    error ItemInList();

    /// @notice Returns the head item id of the list
    /// @param list Linked list which contains the item
    /// @return _ Id of the head item
    function getHead(List storage list) internal view returns (uint16) {
        return list.items[0].prev;
    }

    /// @notice Returns the tail item id of the list
    /// @param list Linked list which contains the item
    /// @return _ Id of the tail item
    function getTail(List storage list) internal view returns (uint16) {
        return list.items[0].next;
    }

    /// @notice Returns the item id which follows item `id`. Returns the head item id of the list if the `id` is 0.
    /// @param list Linked list which contains the items
    /// @param id Id of the current item
    /// @return _ Id of the current item's next item
    function getNext(List storage list, uint16 id) internal view returns (uint16) {
        return list.items[id].next;
    }

    /// @notice Returns the item id which precedes item `id`. Returns the tail item id of the list if the `id` is 0.
    /// @param list Linked list which contains the items
    /// @param id Id of the current item
    /// @return _ Id of the current item's previous item
    function getPrev(List storage list, uint16 id) internal view returns (uint16) {
        return list.items[id].prev;
    }

    /// @notice Returns the value of item `id`
    /// @param list Linked list which contains the item
    /// @param id Id of the item
    /// @return _ Value of the item
    function getValue(List storage list, uint16 id) internal view returns (uint88) {
        return list.items[id].value;
    }

    /// @notice Returns the item `id`
    /// @param list Linked list which contains the item
    /// @param id Id of the item
    /// @return _ Item
    function getItem(List storage list, uint16 id) internal view returns (Item memory) {
        return list.items[id];
    }

    /// @notice Returns whether the list contains item `id`
    /// @param list Linked list which should contain the item
    /// @param id Id of the item to check
    /// @return _ True if the list contains the item, false otherwise
    function contains(List storage list, uint16 id) internal view returns (bool) {
        if (id == 0) revert IdIsZero();
        return (list.items[id].prev != 0 || list.items[id].next != 0 || list.items[0].next == id);
    }

    /// @notice Inserts an item with `id` in the list before item `next`
    /// - if `next` is 0, the item is inserted at the start (head) of the list
    /// @dev This function should not be called with an `id` that is already in the list.
    /// @param list Linked list which contains the next item and into which the new item will be inserted
    /// @param id Id of the item to insert
    /// @param value Value of the item to insert
    /// @param next Id of the item which should follow item `id`
    function insert(List storage list, uint16 id, uint88 value, uint16 next) internal {
        if (contains(list, id)) revert ItemInList();
        if (next != 0 && !contains(list, next)) revert ItemNotInList();
        uint16 prev = list.items[next].prev;
        list.items[prev].next = id;
        list.items[next].prev = id;
        list.items[id].prev = prev;
        list.items[id].next = next;
        list.items[id].value = value;
    }
}

100% src/utils/Math.sol

Lines covered: 8 / 8 (100%)

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;

function add(uint88 a, int88 b) pure returns (uint88) {
    if (b < 0) {
        return a - abs(b);
    }
    return a + abs(b);
}

function max(uint256 a, uint256 b) pure returns (uint256) {
    return a > b ? a : b;
}

function abs(int88 a) pure returns (uint88) {
    return a < 0 ? uint88(uint256(-int256(a))) : uint88(a);
}

22% src/utils/Multicall.sol

Lines covered: 2 / 9 (22%)

// SPDX-License-Identifier: GPL-2.0-or-later
pragma solidity ^0.8.24;

import {IMulticall} from "../interfaces/IMulticall.sol";

/// Copied from: https://github.com/Uniswap/v3-periphery/blob/main/contracts/base/Multicall.sol
/// @title Multicall
/// @notice Enables calling multiple methods in a single call to the contract
abstract contract Multicall is IMulticall {
    /// @inheritdoc IMulticall
    function multicall(bytes[] calldata data) public payable override returns (bytes[] memory results) {
        results = new bytes[](data.length);
        for (uint256 i = 0; i < data.length; i++) {
            (bool success, bytes memory result) = address(this).delegatecall(data[i]);

            if (!success) {
                // Next 5 lines from https://ethereum.stackexchange.com/a/83577
                if (result.length < 68) revert();
                assembly {
                    result := add(result, 0x04)
                }
                revert(abi.decode(result, (string)));
            }

            results[i] = result;
        }
    }
}

100% src/utils/Types.sol

Lines covered: 1 / 1 (100%)

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;

struct PermitParams {
    address owner;
    address spender;
    uint256 value;
    uint256 deadline;
    uint8 v;
    bytes32 r;
    bytes32 s;
}

uint256 constant WAD = 1e18;

12% test/mocks/MockERC20Tester.sol

Lines covered: 1 / 8 (12%)

// SPDX-License-Identifier: GPL-2.0
pragma solidity ^0.8.0;

import {MockERC20} from "forge-std/mocks/MockERC20.sol";

contract MockERC20Tester is MockERC20 {
    address owner;

    modifier onlyOwner() {
        require(msg.sender == owner);
        _;
    }

    constructor(address recipient, uint256 mintAmount, string memory name, string memory symbol, uint8 decimals) {
        super.initialize(name, symbol, decimals);
        _mint(recipient, mintAmount);

        owner = msg.sender;
    }

    function mint(address to, uint256 amount) public onlyOwner {
        _mint(to, amount);
    }
}

90% test/mocks/MockStakingV1.sol

Lines covered: 10 / 11 (90%)

// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.24;

import {IERC20} from "openzeppelin-contracts/contracts/interfaces/IERC20.sol";

contract MockStakingV1 {
    IERC20 public immutable lqty;

    mapping(address => uint256) public stakes;

    constructor(address _lqty) {
        lqty = IERC20(_lqty);
    }

    function stake(uint256 _LQTYamount) external {
        stakes[msg.sender] += _LQTYamount;
        lqty.transferFrom(msg.sender, address(this), _LQTYamount);
    }

    function unstake(uint256 _LQTYamount) external {
        stakes[msg.sender] -= _LQTYamount;
        lqty.transfer(msg.sender, _LQTYamount);
    }
}

100% test/recon/BeforeAfter.sol

Lines covered: 22 / 22 (100%)


// SPDX-License-Identifier: GPL-2.0
pragma solidity ^0.8.0;

import {Asserts} from "@chimera/Asserts.sol";
import {Setup} from "./Setup.sol";
import {IGovernance} from "../../src/interfaces/IGovernance.sol";
import {IBribeInitiative} from "../../src/interfaces/IBribeInitiative.sol";
import {Governance} from "../../src/Governance.sol";


abstract contract BeforeAfter is Setup, Asserts {
    struct Vars {
        uint16 epoch;
        mapping(address => Governance.InitiativeStatus) initiativeStatus;
        // initiative => user => epoch => claimed
        mapping(address => mapping(address => mapping(uint16 => bool))) claimedBribeForInitiativeAtEpoch;
        uint128 lqtyBalance;
        uint128 lusdBalance;
    }

    Vars internal _before;
    Vars internal _after;

    modifier withChecks {
        __before();
        _;
        __after();
    }

    function __before() internal {
        uint16 currentEpoch = governance.epoch();
        _before.epoch = currentEpoch;
        for(uint8 i; i < deployedInitiatives.length; i++) {
            address initiative = deployedInitiatives[i];
            (Governance.InitiativeStatus status,,) = governance.getInitiativeState(initiative);
            _before.initiativeStatus[initiative] = status;
            _before.claimedBribeForInitiativeAtEpoch[initiative][user][currentEpoch] = IBribeInitiative(initiative).claimedBribeAtEpoch(user, currentEpoch);
        }

        _before.lqtyBalance = uint128(lqty.balanceOf(user));
        _before.lusdBalance = uint128(lusd.balanceOf(user));
    }

    function __after() internal {
        uint16 currentEpoch = governance.epoch();
        _after.epoch = currentEpoch;
        for(uint8 i; i < deployedInitiatives.length; i++) {
            address initiative = deployedInitiatives[i];
            (Governance.InitiativeStatus status,,) = governance.getInitiativeState(initiative);
            _after.initiativeStatus[initiative] = status;
            _after.claimedBribeForInitiativeAtEpoch[initiative][user][currentEpoch] = IBribeInitiative(initiative).claimedBribeAtEpoch(user, currentEpoch);
        }

        _after.lqtyBalance = uint128(lqty.balanceOf(user));
        _after.lusdBalance = uint128(lusd.balanceOf(user));
    }
}

100% test/recon/CryticTester.sol

Lines covered: 2 / 2 (100%)

// SPDX-License-Identifier: GPL-2.0
pragma solidity ^0.8.0;

import {TargetFunctions} from "./TargetFunctions.sol";
import {CryticAsserts} from "@chimera/CryticAsserts.sol";

// echidna . --contract CryticTester --config echidna.yaml
// medusa fuzz
contract CryticTester is TargetFunctions, CryticAsserts {
    constructor() payable {
        setup();
    }
}

63% test/recon/Properties.sol

Lines covered: 14 / 22 (63%)

// SPDX-License-Identifier: GPL-2.0
pragma solidity ^0.8.0;

import {GovernanceProperties} from "./properties/GovernanceProperties.sol";
import {BribeInitiativeProperties} from "./properties/BribeInitiativeProperties.sol";

abstract contract Properties is GovernanceProperties, BribeInitiativeProperties {
    string internal constant ASSERTION_CANARY = "!!! canary assertion";
    string internal constant ASSERTION_GV01 =
        "!!! GV-01: Initiative state should only return one state per epoch";
    string internal constant ASSERTION_BI01_LQTY =
        "!!! BI-01: User should receive percentage of bribes corresponding to their allocation";
    string internal constant ASSERTION_BI01_BOLD =
        "!!! BI-01: User should receive percentage of BOLD bribes corresponding to their allocation";
    string internal constant ASSERTION_BI02 =
        "!!! BI-02: User can only claim bribes once in an epoch";
    string internal constant ASSERTION_BI03 =
        "!!! BI-03: Accounting for user allocation amount is always correct";
    string internal constant ASSERTION_BI04 =
        "!!! BI-04: Accounting for total allocation amount is always correct";
    string internal constant ASSERTION_BI05_BRIBE_DUST =
        "!!! BI-05: Bribe token dust amount remaining after claiming should be less than 100 million wei";
    string internal constant ASSERTION_BI05_BOLD_DUST =
        "!!! BI-05: Bold token dust amount remaining after claiming should be less than 100 million wei";
    string internal constant INVARIANT_CANARY_GLOBAL_INVARIANT_FAILURE =
        "Canary invariant";

    function _assertionGV01() internal pure virtual override returns (string memory) {
        return ASSERTION_GV01;
    }

    function _assertionBI01Lqty() internal pure virtual override returns (string memory) {
        return ASSERTION_BI01_LQTY;
    }

    function _assertionBI01Bold() internal pure virtual override returns (string memory) {
        return ASSERTION_BI01_BOLD;
    }

    function _assertionBI02() internal pure virtual override returns (string memory) {
        return ASSERTION_BI02;
    }

    function _assertionBI03() internal pure virtual override returns (string memory) {
        return ASSERTION_BI03;
    }

    function _assertionBI04() internal pure virtual override returns (string memory) {
        return ASSERTION_BI04;
    }

    function _assertionBI05BribeDust() internal pure virtual override returns (string memory) {
        return ASSERTION_BI05_BRIBE_DUST;
    }

    function _assertionBI05BoldDust() internal pure virtual override returns (string memory) {
        return ASSERTION_BI05_BOLD_DUST;
    }

    /// @dev Canary assertion helper. A failing input is expected to be discovered during fuzzing.
    function assert_canary_ASSERTION_CANARY(uint256 entropy) public {
        t(entropy > 0, ASSERTION_CANARY);
    }

    /// @dev Canary global invariant expected to fail immediately.
    function invariant_canary()
        public
        virtual
        returns (bool)
    {
        t(false, INVARIANT_CANARY_GLOBAL_INVARIANT_FAILURE);
        return true;
    }
}

100% test/recon/Setup.sol

Lines covered: 39 / 39 (100%)


// SPDX-License-Identifier: GPL-2.0
pragma solidity ^0.8.0;

import {BaseSetup} from "@chimera/BaseSetup.sol";
import {console2} from "forge-std/Test.sol";
import {vm} from "@chimera/Hevm.sol";
import {IERC20} from "forge-std/interfaces/IERC20.sol";

import {MockERC20Tester} from "../mocks/MockERC20Tester.sol";
import {MockStakingV1} from "../mocks/MockStakingV1.sol";
import {MaliciousInitiative} from "../mocks/MaliciousInitiative.sol";
import {Governance} from "src/Governance.sol";
import {BribeInitiative} from "../../src/BribeInitiative.sol";
import {IBribeInitiative} from "../../src/interfaces/IBribeInitiative.sol";
import {IGovernance} from "src/interfaces/IGovernance.sol";
import {IInitiative} from "src/interfaces/IInitiative.sol";

abstract contract Setup is BaseSetup {
    Governance governance;
    MockERC20Tester internal lqty;
    MockERC20Tester internal lusd;
    IBribeInitiative internal initiative1;

    address internal user = address(this);
    address internal user2 = address(0x537C8f3d3E18dF5517a58B3fB9D9143697996802); // derived using makeAddrAndKey
    address internal stakingV1;
    address internal userProxy;
    address[] internal users = new address[](2);
    address[] internal deployedInitiatives;
    uint256 internal user2Pk = 23868421370328131711506074113045611601786642648093516849953535378706721142721; // derived using makeAddrAndKey
    bool internal claimedTwice;

    mapping(uint16 => uint88) internal ghostTotalAllocationAtEpoch;
    mapping(address => uint88) internal ghostLqtyAllocationByUserAtEpoch;

    uint128 internal constant REGISTRATION_FEE = 1e18;
    uint128 internal constant REGISTRATION_THRESHOLD_FACTOR = 0.01e18;
    uint128 internal constant UNREGISTRATION_THRESHOLD_FACTOR = 4e18;
    uint16 internal constant REGISTRATION_WARM_UP_PERIOD = 4;
    uint16 internal constant UNREGISTRATION_AFTER_EPOCHS = 4;
    uint128 internal constant VOTING_THRESHOLD_FACTOR = 0.04e18;
    uint88 internal constant MIN_CLAIM = 500e18;
    uint88 internal constant MIN_ACCRUAL = 1000e18;
    uint32 internal constant EPOCH_DURATION = 604800;
    uint32 internal constant EPOCH_VOTING_CUTOFF = 518400;


  function setup() internal virtual override {
      users.push(user);
      users.push(user2);

      uint256 initialMintAmount = type(uint88).max;
      lqty = new MockERC20Tester(user, initialMintAmount, "Liquity", "LQTY", 18);
      lusd = new MockERC20Tester(user, initialMintAmount, "Liquity USD", "LUSD", 18);
      lqty.mint(user2, initialMintAmount);

      stakingV1 = address(new MockStakingV1(address(lqty)));
      governance = new Governance(
          address(lqty),
          address(lusd),
          stakingV1,
          address(lusd), // bold
          IGovernance.Configuration({
              registrationFee: REGISTRATION_FEE,
              registrationThresholdFactor: REGISTRATION_THRESHOLD_FACTOR,
              unregistrationThresholdFactor: UNREGISTRATION_THRESHOLD_FACTOR,
              registrationWarmUpPeriod: REGISTRATION_WARM_UP_PERIOD,
              unregistrationAfterEpochs: UNREGISTRATION_AFTER_EPOCHS,
              votingThresholdFactor: VOTING_THRESHOLD_FACTOR,
              minClaim: MIN_CLAIM,
              minAccrual: MIN_ACCRUAL,
              epochStart: uint32(block.timestamp),
              epochDuration: EPOCH_DURATION,
              epochVotingCutoff: EPOCH_VOTING_CUTOFF
          }),
          deployedInitiatives // no initial initiatives passed in because don't have cheatcodes for calculating address where gov will be deployed
      );

      // deploy proxy so user can approve it
      userProxy = governance.deployUserProxy();
      lqty.approve(address(userProxy), initialMintAmount);
      lusd.approve(address(userProxy), initialMintAmount);

      // approve governance for user's tokens
      lqty.approve(address(governance), initialMintAmount);
      lusd.approve(address(governance), initialMintAmount);

      // register one of the initiatives, leave the other for registering/unregistering via TargetFunction
      initiative1 = IBribeInitiative(address(new BribeInitiative(address(governance), address(lusd), address(lqty))));
      deployedInitiatives.push(address(initiative1));

      governance.registerInitiative(address(initiative1));
  }

  function _getDeployedInitiative(uint8 index) internal returns (address initiative) {
    return deployedInitiatives[index % deployedInitiatives.length];
  }

  function _getClampedTokenBalance(address token, address holder) internal returns (uint256 balance) {
    return IERC20(token).balanceOf(holder);
  }

  function _getRandomUser(uint8 index) internal returns (address randomUser) {
    return users[index % users.length];
  }

}

100% test/recon/TargetFunctions.sol

Lines covered: 6 / 6 (100%)


// SPDX-License-Identifier: GPL-2.0
pragma solidity ^0.8.0;

import {BaseTargetFunctions} from "@chimera/BaseTargetFunctions.sol";
import {vm} from "@chimera/Hevm.sol";
import {IERC20Permit} from "openzeppelin-contracts/contracts/token/ERC20/extensions/IERC20Permit.sol";
import {console2} from "forge-std/Test.sol";

import {Properties} from "./Properties.sol";
import {GovernanceTargets} from "./targets/GovernanceTargets.sol";
import {BribeInitiativeTargets} from "./targets/BribeInitiativeTargets.sol";
import {MaliciousInitiative} from "../mocks/MaliciousInitiative.sol";
import {BribeInitiative} from "../../src/BribeInitiative.sol";
import {ILQTYStaking} from "../../src/interfaces/ILQTYStaking.sol";
import {IInitiative} from "../../src/interfaces/IInitiative.sol";
import {IUserProxy} from "../../src/interfaces/IUserProxy.sol";
import {PermitParams} from "../../src/utils/Types.sol";


abstract contract TargetFunctions is GovernanceTargets, BribeInitiativeTargets {

    // helper to deploy initiatives for registering that results in more bold transferred to the Governance contract
    function helper_deployInitiative() withChecks public {
        address initiative = address(new BribeInitiative(address(governance), address(lusd), address(lqty)));
        deployedInitiatives.push(initiative);
    }

    // helper to simulate bold accrual in Governance contract
    function helper_accrueBold(uint88 boldAmount) withChecks public {
        boldAmount = uint88(boldAmount % lusd.balanceOf(user));
        // target contract is the user so it can transfer directly
        lusd.transfer(address(governance), boldAmount);
    }
}

50% test/recon/properties/BribeInitiativeProperties.sol

Lines covered: 33 / 65 (50%)

// SPDX-License-Identifier: GPL-2.0
pragma solidity ^0.8.0;

import {BeforeAfter} from "../BeforeAfter.sol";
import {IBribeInitiative} from "../../../src/interfaces/IBribeInitiative.sol";

abstract contract BribeInitiativeProperties is BeforeAfter {
    function _assertionBI01Lqty() internal pure virtual returns (string memory);
    function _assertionBI01Bold() internal pure virtual returns (string memory);
    function _assertionBI02() internal pure virtual returns (string memory);
    function _assertionBI03() internal pure virtual returns (string memory);
    function _assertionBI04() internal pure virtual returns (string memory);
    function _assertionBI05BribeDust() internal pure virtual returns (string memory);
    function _assertionBI05BoldDust() internal pure virtual returns (string memory);

    function invariant_BI01() public returns (bool) {
        uint16 currentEpoch = governance.epoch();
        for (uint8 i; i < deployedInitiatives.length; i++) {
            address initiative = deployedInitiatives[i];
            // if the bool switches, the user has claimed their bribe for the epoch
            if (
                _before.claimedBribeForInitiativeAtEpoch[initiative][user][currentEpoch]
                    != _after.claimedBribeForInitiativeAtEpoch[initiative][user][currentEpoch]
            ) {
                // calculate user balance delta of the bribe tokens
                uint128 lqtyBalanceDelta = _after.lqtyBalance - _before.lqtyBalance;
                uint128 lusdBalanceDelta = _after.lusdBalance - _before.lusdBalance;

                // calculate balance delta as a percentage of the total bribe for this epoch
                (uint128 bribeBoldAmount, uint128 bribeBribeTokenAmount) =
                    IBribeInitiative(initiative).bribeByEpoch(currentEpoch);
                uint128 lqtyPercentageOfBribe = (lqtyBalanceDelta / bribeBribeTokenAmount) * 10_000;
                uint128 lusdPercentageOfBribe = (lusdBalanceDelta / bribeBoldAmount) * 10_000;

                // Shift right by 40 bits (128 - 88) to get the 88 most significant bits
                uint88 lqtyPercentageOfBribe88 = uint88(lqtyPercentageOfBribe >> 40);
                uint88 lusdPercentageOfBribe88 = uint88(lusdPercentageOfBribe >> 40);

                // calculate user allocation percentage of total for this epoch
                uint88 lqtyAllocatedByUserAtEpoch =
                    IBribeInitiative(initiative).lqtyAllocatedByUserAtEpoch(user, currentEpoch);
                uint88 totalLQTYAllocatedAtEpoch = IBribeInitiative(initiative).totalLQTYAllocatedByEpoch(currentEpoch);
                uint88 allocationPercentageOfTotal = (lqtyAllocatedByUserAtEpoch / totalLQTYAllocatedAtEpoch) * 10_000;

                // check that allocation percentage and received bribe percentage match
                eq(
                    lqtyPercentageOfBribe88,
                    allocationPercentageOfTotal,
                    _assertionBI01Lqty()
                );
                eq(
                    lusdPercentageOfBribe88,
                    allocationPercentageOfTotal,
                    _assertionBI01Bold()
                );
            }
        }
        return true;
    }

    function invariant_BI02() public returns (bool) {
        t(!claimedTwice, _assertionBI02());
        return true;
    }

    function invariant_BI03() public returns (bool) {
        uint16 currentEpoch = governance.epoch();
        for (uint8 i; i < deployedInitiatives.length; i++) {
            IBribeInitiative initiative = IBribeInitiative(deployedInitiatives[i]);
            uint88 lqtyAllocatedByUserAtEpoch = initiative.lqtyAllocatedByUserAtEpoch(user, currentEpoch);
            eq(
                ghostLqtyAllocationByUserAtEpoch[user],
                lqtyAllocatedByUserAtEpoch,
                _assertionBI03()
            );
        }
        return true;
    }

    function invariant_BI04() public returns (bool) {
        uint16 currentEpoch = governance.epoch();
        for (uint8 i; i < deployedInitiatives.length; i++) {
            IBribeInitiative initiative = IBribeInitiative(deployedInitiatives[i]);
            uint88 totalLQTYAllocatedAtEpoch = initiative.totalLQTYAllocatedByEpoch(currentEpoch);
            eq(
                ghostTotalAllocationAtEpoch[currentEpoch],
                totalLQTYAllocatedAtEpoch,
                _assertionBI04()
            );
        }
        return true;
    }

    // TODO: double check that this implementation is correct
    function invariant_BI05() public returns (bool) {
        uint16 currentEpoch = governance.epoch();
        for (uint8 i; i < deployedInitiatives.length; i++) {
            address initiative = deployedInitiatives[i];
            // if the bool switches, the user has claimed their bribe for the epoch
            if (
                _before.claimedBribeForInitiativeAtEpoch[initiative][user][currentEpoch]
                    != _after.claimedBribeForInitiativeAtEpoch[initiative][user][currentEpoch]
            ) {
                // check that the remaining bribe amount left over is less than 100 million wei
                uint256 bribeTokenBalanceInitiative = lqty.balanceOf(initiative);
                uint256 boldTokenBalanceInitiative = lusd.balanceOf(initiative);

                lte(
                    bribeTokenBalanceInitiative,
                    1e8,
                    _assertionBI05BribeDust()
                );
                lte(
                    boldTokenBalanceInitiative,
                    1e8,
                    _assertionBI05BoldDust()
                );
            }
        }
        return true;
    }
}

100% test/recon/properties/GovernanceProperties.sol

Lines covered: 9 / 9 (100%)

// SPDX-License-Identifier: GPL-2.0
pragma solidity ^0.8.0;

import {BeforeAfter} from "../BeforeAfter.sol";

abstract contract GovernanceProperties is BeforeAfter {
    function _assertionGV01() internal pure virtual returns (string memory);

    function invariant_GV01() public returns (bool) {
        // first check that epoch hasn't changed after the operation
        if(_before.epoch == _after.epoch) {
            // loop through the initiatives and check that their status hasn't changed
            for(uint8 i; i < deployedInitiatives.length; i++) {
                address initiative = deployedInitiatives[i];
                eq(
                    uint256(_before.initiativeStatus[initiative]),
                    uint256(_after.initiativeStatus[initiative]),
                    _assertionGV01()
                );
            }
        }
        return true;
    }

}

89% test/recon/targets/BribeInitiativeTargets.sol

Lines covered: 17 / 19 (89%)

// SPDX-License-Identifier: GPL-2.0
pragma solidity ^0.8.0;

import {Test} from "forge-std/Test.sol";
import {BaseTargetFunctions} from "@chimera/BaseTargetFunctions.sol";
import {vm} from "@chimera/Hevm.sol";

import {IInitiative} from "../../../src/interfaces/IInitiative.sol";
import {IBribeInitiative} from "../../../src/interfaces/IBribeInitiative.sol";
import {DoubleLinkedList} from "../../../src/utils/DoubleLinkedList.sol";
import {Properties} from "../Properties.sol";


abstract contract BribeInitiativeTargets is Test, BaseTargetFunctions, Properties {
    using DoubleLinkedList for DoubleLinkedList.List;

    // NOTE: initiatives that get called here are deployed but not necessarily registered

    function initiative_depositBribe(uint128 boldAmount, uint128 bribeTokenAmount, uint16 epoch, uint8 initiativeIndex) withChecks public {
        IBribeInitiative initiative = IBribeInitiative(_getDeployedInitiative(initiativeIndex));

        // clamp token amounts using user balance
        boldAmount = uint128(boldAmount % lusd.balanceOf(user));
        bribeTokenAmount = uint128(bribeTokenAmount % lqty.balanceOf(user));

        initiative.depositBribe(boldAmount, bribeTokenAmount, epoch);
    }

    function initiative_claimBribes(uint16 epoch, uint16 prevAllocationEpoch, uint16 prevTotalAllocationEpoch, uint8 initiativeIndex) withChecks public {
        IBribeInitiative initiative = IBribeInitiative(_getDeployedInitiative(initiativeIndex));

        // clamp epochs by using the current governance epoch
        epoch = epoch % governance.epoch();
        prevAllocationEpoch = prevAllocationEpoch % governance.epoch();
        prevTotalAllocationEpoch = prevTotalAllocationEpoch % governance.epoch();

        IBribeInitiative.ClaimData[] memory claimData = new IBribeInitiative.ClaimData[](1);
        claimData[0] =  IBribeInitiative.ClaimData({
            epoch: epoch,
            prevLQTYAllocationEpoch: prevAllocationEpoch,
            prevTotalLQTYAllocationEpoch: prevTotalAllocationEpoch
        });

        bool alreadyClaimed = initiative.claimedBribeAtEpoch(user, epoch);

        initiative.claimBribes(claimData);

        // check if the bribe was already claimed at the given epoch
        if(alreadyClaimed) {
            // toggle canary that breaks the BI-02 property
            claimedTwice = true;
        }
    }
}

84% test/recon/targets/GovernanceTargets.sol

Lines covered: 48 / 57 (84%)


// SPDX-License-Identifier: GPL-2.0
pragma solidity ^0.8.0;

import {BaseTargetFunctions} from "@chimera/BaseTargetFunctions.sol";
import {vm} from "@chimera/Hevm.sol";
import {IERC20Permit} from "openzeppelin-contracts/contracts/token/ERC20/extensions/IERC20Permit.sol";
import {console2} from "forge-std/Test.sol";

import {Properties} from "../Properties.sol";
import {MaliciousInitiative} from "../../mocks/MaliciousInitiative.sol";
import {BribeInitiative} from "../../../src/BribeInitiative.sol";
import {ILQTYStaking} from "../../../src/interfaces/ILQTYStaking.sol";
import {IInitiative} from "../../../src/interfaces/IInitiative.sol";
import {IUserProxy} from "../../../src/interfaces/IUserProxy.sol";
import {PermitParams} from "../../../src/utils/Types.sol";
import {add} from "../../../src/utils/Math.sol";



abstract contract GovernanceTargets is BaseTargetFunctions, Properties {

    // clamps to a single initiative to ensure coverage in case both haven't been registered yet
    function governance_allocateLQTY_clamped_single_initiative(uint8 initiativesIndex, uint96 deltaLQTYVotes, uint96 deltaLQTYVetos) withChecks public {
        uint16 currentEpoch = governance.epoch();
        uint96 stakedAmount = IUserProxy(governance.deriveUserProxyAddress(user)).staked(); // clamp using the user's staked balance

        address[] memory initiatives = new address[](1);
        initiatives[0] = _getDeployedInitiative(initiativesIndex);
        int88[] memory deltaLQTYVotesArray = new int88[](1);
        deltaLQTYVotesArray[0] = int88(uint88(deltaLQTYVotes % stakedAmount));
        int88[] memory deltaLQTYVetosArray = new int88[](1);
        deltaLQTYVetosArray[0] = int88(uint88(deltaLQTYVetos % stakedAmount));

        governance.allocateLQTY(initiatives, deltaLQTYVotesArray, deltaLQTYVetosArray);

        // if call was successful update the ghost tracking variables
        // allocation only allows voting OR vetoing at a time so need to check which was executed
        if(deltaLQTYVotesArray[0] > 0) {
            ghostLqtyAllocationByUserAtEpoch[user] = add(ghostLqtyAllocationByUserAtEpoch[user], deltaLQTYVotesArray[0]);
            ghostTotalAllocationAtEpoch[currentEpoch] = add(ghostTotalAllocationAtEpoch[currentEpoch], deltaLQTYVotesArray[0]);
        } else {
            ghostLqtyAllocationByUserAtEpoch[user] = add(ghostLqtyAllocationByUserAtEpoch[user], deltaLQTYVetosArray[0]);
            ghostTotalAllocationAtEpoch[currentEpoch] = add(ghostTotalAllocationAtEpoch[currentEpoch], deltaLQTYVetosArray[0]);
        }
    }

    function governance_allocateLQTY(int88[] calldata _deltaLQTYVotes, int88[] calldata _deltaLQTYVetos) withChecks public {
        governance.allocateLQTY(deployedInitiatives, _deltaLQTYVotes, _deltaLQTYVetos);
    }

    function governance_claimForInitiative(uint8 initiativeIndex) withChecks public {
        address initiative = _getDeployedInitiative(initiativeIndex);
        governance.claimForInitiative(initiative);
    }

    function governance_claimFromStakingV1(uint8 recipientIndex) withChecks public {
        address rewardRecipient = _getRandomUser(recipientIndex);
        governance.claimFromStakingV1(rewardRecipient);
    }

    function governance_deployUserProxy() withChecks public {
        governance.deployUserProxy();
    }

    function governance_depositLQTY(uint88 lqtyAmount) withChecks public {
        lqtyAmount = uint88(lqtyAmount % lqty.balanceOf(user));
        governance.depositLQTY(lqtyAmount);
    }

    function governance_depositLQTYViaPermit(uint88 _lqtyAmount) withChecks public {
         // Get the current block timestamp for the deadline
        uint256 deadline = block.timestamp + 1 hours;

        // Create the permit message
        bytes32 permitTypeHash = keccak256("Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)");
        bytes32 domainSeparator = IERC20Permit(address(lqty)).DOMAIN_SEPARATOR();


        uint256 nonce = IERC20Permit(address(lqty)).nonces(user);

        bytes32 structHash = keccak256(abi.encode(
            permitTypeHash,
            user,
            address(governance),
            _lqtyAmount,
            nonce,
            deadline
        ));

        bytes32 digest = keccak256(abi.encodePacked(
            "\x19\x01",
            domainSeparator,
            structHash
        ));

        (uint8 v, bytes32 r, bytes32 s) = vm.sign(user2Pk, digest);

        PermitParams memory permitParams = PermitParams({
            owner: user2,
            spender: user,
            value: _lqtyAmount,
            deadline: deadline,
            v: v,
            r: r,
            s: s
        });

        governance.depositLQTYViaPermit(_lqtyAmount, permitParams);
    }

    function governance_registerInitiative(uint8 initiativeIndex) withChecks public {
        address initiative = _getDeployedInitiative(initiativeIndex);
        governance.registerInitiative(initiative);
    }

    function governance_snapshotVotesForInitiative(address _initiative) withChecks public {
        governance.snapshotVotesForInitiative(_initiative);
    }

    function governance_unregisterInitiative(uint8 initiativeIndex) withChecks public {
        address initiative = _getDeployedInitiative(initiativeIndex);
        governance.unregisterInitiative(initiative);
    }

    function governance_withdrawLQTY(uint88 _lqtyAmount) withChecks public {
        governance.withdrawLQTY(_lqtyAmount);
    }
}

1		// SPDX-License-Identifier: MIT
2		pragma solidity ^0.8.0;
3
4		import {Asserts} from "./Asserts.sol";
5
6	0	contract CryticAsserts is Asserts {
7		event Log(string);
8
9		function gt(uint256 a, uint256 b, string memory reason) internal virtual override {
10		if (!(a > b)) {
11		emit Log(reason);
12		assert(false);
13		}
14		}
15
16		function gte(uint256 a, uint256 b, string memory reason) internal virtual override {
17		if (!(a >= b)) {
18		emit Log(reason);
19		assert(false);
20		}
21		}
22
23		function lt(uint256 a, uint256 b, string memory reason) internal virtual override {
24		if (!(a < b)) {
25		emit Log(reason);
26		assert(false);
27		}
28		}
29
30	0	function lte(uint256 a, uint256 b, string memory reason) internal virtual override {
31	0	if (!(a <= b)) {
32	0	emit Log(reason);
33		assert(false);
34		}
35		}
36
37	1×	function eq(uint256 a, uint256 b, string memory reason) internal virtual override {
38	5×	if (!(a == b)) {
39	17×	emit Log(reason);
40	3×	assert(false);
41		}
42		}
43
44	4×	function t(bool b, string memory reason) internal virtual override {
45	3×	if (!b) {
46	17×	emit Log(reason);
47	4×	assert(false);
48		}
49		}
50
51		function between(uint256 value, uint256 low, uint256 high) internal virtual override returns (uint256) {
52		if (value < low \|\| value > high) {
53		uint256 ans = low + (value % (high - low + 1));
54		return ans;
55		}
56		return value;
57		}
58
59		function between(int256 value, int256 low, int256 high) internal virtual override returns (int256) {
60		if (value < low \|\| value > high) {
61		int256 range = high - low + 1;
62		int256 clamped = (value - low) % (range);
63		if (clamped < 0) clamped += range;
64		int256 ans = low + clamped;
65		return ans;
66		}
67		return value;
68		}
69
70		function precondition(bool p) internal virtual override {
71		require(p);
72		}
73		}

1		// SPDX-License-Identifier: MIT
2		pragma solidity ^0.8.0;
3
4		// slither-disable-start shadowing-local
5
6		interface IHevm {
7		// Set block.timestamp to newTimestamp
8		function warp(uint256 newTimestamp) external;
9
10		// Set block.number to newNumber
11		function roll(uint256 newNumber) external;
12
13		// Add the condition b to the assumption base for the current branch
14		// This function is almost identical to require
15		function assume(bool b) external;
16
17		// Sets the eth balance of usr to amt
18		function deal(address usr, uint256 amt) external;
19
20		// Loads a storage slot from an address
21		function load(address where, bytes32 slot) external returns (bytes32);
22
23		// Stores a value to an address' storage slot
24		function store(address where, bytes32 slot, bytes32 value) external;
25
26		// Signs data (privateKey, digest) => (v, r, s)
27		function sign(uint256 privateKey, bytes32 digest) external returns (uint8 v, bytes32 r, bytes32 s);
28
29		// Gets address for a given private key
30		function addr(uint256 privateKey) external returns (address addr);
31
32		// Performs a foreign function call via terminal
33		function ffi(string[] calldata inputs) external returns (bytes memory result);
34
35		// Performs the next smart contract call with specified `msg.sender`
36		function prank(address newSender) external;
37
38		// Creates a new fork with the given endpoint and the latest block and returns the identifier of the fork
39		function createFork(string calldata urlOrAlias) external returns (uint256);
40
41		// Takes a fork identifier created by createFork and sets the corresponding forked state as active
42		function selectFork(uint256 forkId) external;
43
44		// Returns the identifier of the current fork
45		function activeFork() external returns (uint256);
46
47		// Labels the address in traces
48		function label(address addr, string calldata label) external;
49
50		/// Sets an address' code.
51		function etch(address target, bytes calldata newRuntimeBytecode) external;
52		}
53
54	2×	IHevm constant vm = IHevm(0x7109709ECfa91a80626fF3989D68f67F5b1DD12D);
55
56		// slither-disable-end shadowing-local

1		// SPDX-License-Identifier: MIT
2		pragma solidity >=0.6.2 <0.9.0;
3
4		import {VmSafe} from "./Vm.sol";
5
6		/**
7		* StdChains provides information about EVM compatible chains that can be used in scripts/tests.
8		* For each chain, the chain's name, chain ID, and a default RPC URL are provided. Chains are
9		* identified by their alias, which is the same as the alias in the `[rpc_endpoints]` section of
10		* the `foundry.toml` file. For best UX, ensure the alias in the `foundry.toml` file match the
11		* alias used in this contract, which can be found as the first argument to the
12		* `setChainWithDefaultRpcUrl` call in the `initializeStdChains` function.
13		*
14		* There are two main ways to use this contract:
15		* 1. Set a chain with `setChain(string memory chainAlias, ChainData memory chain)` or
16		* `setChain(string memory chainAlias, Chain memory chain)`
17		* 2. Get a chain with `getChain(string memory chainAlias)` or `getChain(uint256 chainId)`.
18		*
19		* The first time either of those are used, chains are initialized with the default set of RPC URLs.
20		* This is done in `initializeStdChains`, which uses `setChainWithDefaultRpcUrl`. Defaults are recorded in
21		* `defaultRpcUrls`.
22		*
23		* The `setChain` function is straightforward, and it simply saves off the given chain data.
24		*
25		* The `getChain` methods use `getChainWithUpdatedRpcUrl` to return a chain. For example, let's say
26		* we want to retrieve the RPC URL for `mainnet`:
27		* - If you have specified data with `setChain`, it will return that.
28		* - If you have configured a mainnet RPC URL in `foundry.toml`, it will return the URL, provided it
29		* is valid (e.g. a URL is specified, or an environment variable is given and exists).
30		* - If neither of the above conditions is met, the default data is returned.
31		*
32		* Summarizing the above, the prioritization hierarchy is `setChain` -> `foundry.toml` -> environment variable -> defaults.
33		*/
34		abstract contract StdChains {
35		VmSafe private constant vm = VmSafe(address(uint160(uint256(keccak256("hevm cheat code")))));
36
37		bool private stdChainsInitialized;
38
39		struct ChainData {
40		string name;
41		uint256 chainId;
42		string rpcUrl;
43		}
44
45		struct Chain {
46		// The chain name.
47		string name;
48		// The chain's Chain ID.
49		uint256 chainId;
50		// The chain's alias. (i.e. what gets specified in `foundry.toml`).
51		string chainAlias;
52		// A default RPC endpoint for this chain.
53		// NOTE: This default RPC URL is included for convenience to facilitate quick tests and
54		// experimentation. Do not use this RPC URL for production test suites, CI, or other heavy
55		// usage as you will be throttled and this is a disservice to others who need this endpoint.
56		string rpcUrl;
57		}
58
59		// Maps from the chain's alias (matching the alias in the `foundry.toml` file) to chain data.
60		mapping(string => Chain) private chains;
61		// Maps from the chain's alias to it's default RPC URL.
62		mapping(string => string) private defaultRpcUrls;
63		// Maps from a chain ID to it's alias.
64		mapping(uint256 => string) private idToAlias;
65
66	13×	bool private fallbackToDefaultRpcUrls = true;
67
68		// The RPC URL will be fetched from config or defaultRpcUrls if possible.
69		function getChain(string memory chainAlias) internal virtual returns (Chain memory chain) {
70		require(bytes(chainAlias).length != 0, "StdChains getChain(string): Chain alias cannot be the empty string.");
71
72		initializeStdChains();
73		chain = chains[chainAlias];
74		require(
75		chain.chainId != 0,
76		string(abi.encodePacked("StdChains getChain(string): Chain with alias \"", chainAlias, "\" not found."))
77		);
78
79		chain = getChainWithUpdatedRpcUrl(chainAlias, chain);
80		}
81
82		function getChain(uint256 chainId) internal virtual returns (Chain memory chain) {
83		require(chainId != 0, "StdChains getChain(uint256): Chain ID cannot be 0.");
84		initializeStdChains();
85		string memory chainAlias = idToAlias[chainId];
86
87		chain = chains[chainAlias];
88
89		require(
90		chain.chainId != 0,
91		string(abi.encodePacked("StdChains getChain(uint256): Chain with ID ", vm.toString(chainId), " not found."))
92		);
93
94		chain = getChainWithUpdatedRpcUrl(chainAlias, chain);
95		}
96
97		// set chain info, with priority to argument's rpcUrl field.
98		function setChain(string memory chainAlias, ChainData memory chain) internal virtual {
99		require(
100		bytes(chainAlias).length != 0,
101		"StdChains setChain(string,ChainData): Chain alias cannot be the empty string."
102		);
103
104		require(chain.chainId != 0, "StdChains setChain(string,ChainData): Chain ID cannot be 0.");
105
106		initializeStdChains();
107		string memory foundAlias = idToAlias[chain.chainId];
108
109		require(
110		bytes(foundAlias).length == 0 \|\| keccak256(bytes(foundAlias)) == keccak256(bytes(chainAlias)),
111		string(
112		abi.encodePacked(
113		"StdChains setChain(string,ChainData): Chain ID ",
114		vm.toString(chain.chainId),
115		" already used by \"",
116		foundAlias,
117		"\"."
118		)
119		)
120		);
121
122		uint256 oldChainId = chains[chainAlias].chainId;
123		delete idToAlias[oldChainId];
124
125		chains[chainAlias] =
126		Chain({name: chain.name, chainId: chain.chainId, chainAlias: chainAlias, rpcUrl: chain.rpcUrl});
127		idToAlias[chain.chainId] = chainAlias;
128		}
129
130		// set chain info, with priority to argument's rpcUrl field.
131		function setChain(string memory chainAlias, Chain memory chain) internal virtual {
132		setChain(chainAlias, ChainData({name: chain.name, chainId: chain.chainId, rpcUrl: chain.rpcUrl}));
133		}
134
135		function _toUpper(string memory str) private pure returns (string memory) {
136		bytes memory strb = bytes(str);
137		bytes memory copy = new bytes(strb.length);
138		for (uint256 i = 0; i < strb.length; i++) {
139		bytes1 b = strb[i];
140		if (b >= 0x61 && b <= 0x7A) {
141		copy[i] = bytes1(uint8(b) - 32);
142		} else {
143		copy[i] = b;
144		}
145		}
146		return string(copy);
147		}
148
149		// lookup rpcUrl, in descending order of priority:
150		// current -> config (foundry.toml) -> environment variable -> default
151		function getChainWithUpdatedRpcUrl(string memory chainAlias, Chain memory chain)
152		private
153		view
154		returns (Chain memory)
155		{
156		if (bytes(chain.rpcUrl).length == 0) {
157		try vm.rpcUrl(chainAlias) returns (string memory configRpcUrl) {
158		chain.rpcUrl = configRpcUrl;
159		} catch (bytes memory err) {
160		string memory envName = string(abi.encodePacked(_toUpper(chainAlias), "_RPC_URL"));
161		if (fallbackToDefaultRpcUrls) {
162		chain.rpcUrl = vm.envOr(envName, defaultRpcUrls[chainAlias]);
163		} else {
164		chain.rpcUrl = vm.envString(envName);
165		}
166		// Distinguish 'not found' from 'cannot read'
167		// The upstream error thrown by forge for failing cheats changed so we check both the old and new versions
168		bytes memory oldNotFoundError =
169		abi.encodeWithSignature("CheatCodeError", string(abi.encodePacked("invalid rpc url ", chainAlias)));
170		bytes memory newNotFoundError = abi.encodeWithSignature(
171		"CheatcodeError(string)", string(abi.encodePacked("invalid rpc url: ", chainAlias))
172		);
173		bytes32 errHash = keccak256(err);
174		if (
175		(errHash != keccak256(oldNotFoundError) && errHash != keccak256(newNotFoundError))
176		\|\| bytes(chain.rpcUrl).length == 0
177		) {
178		/// @solidity memory-safe-assembly
179		assembly {
180		revert(add(32, err), mload(err))
181		}
182		}
183		}
184		}
185		return chain;
186		}
187
188		function setFallbackToDefaultRpcUrls(bool useDefault) internal {
189		fallbackToDefaultRpcUrls = useDefault;
190		}
191
192		function initializeStdChains() private {
193		if (stdChainsInitialized) return;
194
195		stdChainsInitialized = true;
196
197		// If adding an RPC here, make sure to test the default RPC URL in `testRpcs`
198		setChainWithDefaultRpcUrl("anvil", ChainData("Anvil", 31337, "http://127.0.0.1:8545"));
199		setChainWithDefaultRpcUrl(
200		"mainnet", ChainData("Mainnet", 1, "https://eth-mainnet.alchemyapi.io/v2/pwc5rmJhrdoaSEfimoKEmsvOjKSmPDrP")
201		);
202		setChainWithDefaultRpcUrl(
203		"sepolia", ChainData("Sepolia", 11155111, "https://sepolia.infura.io/v3/b9794ad1ddf84dfb8c34d6bb5dca2001")
204		);
205		setChainWithDefaultRpcUrl("holesky", ChainData("Holesky", 17000, "https://rpc.holesky.ethpandaops.io"));
206		setChainWithDefaultRpcUrl("optimism", ChainData("Optimism", 10, "https://mainnet.optimism.io"));
207		setChainWithDefaultRpcUrl(
208		"optimism_sepolia", ChainData("Optimism Sepolia", 11155420, "https://sepolia.optimism.io")
209		);
210		setChainWithDefaultRpcUrl("arbitrum_one", ChainData("Arbitrum One", 42161, "https://arb1.arbitrum.io/rpc"));
211		setChainWithDefaultRpcUrl(
212		"arbitrum_one_sepolia", ChainData("Arbitrum One Sepolia", 421614, "https://sepolia-rollup.arbitrum.io/rpc")
213		);
214		setChainWithDefaultRpcUrl("arbitrum_nova", ChainData("Arbitrum Nova", 42170, "https://nova.arbitrum.io/rpc"));
215		setChainWithDefaultRpcUrl("polygon", ChainData("Polygon", 137, "https://polygon-rpc.com"));
216		setChainWithDefaultRpcUrl(
217		"polygon_amoy", ChainData("Polygon Amoy", 80002, "https://rpc-amoy.polygon.technology")
218		);
219		setChainWithDefaultRpcUrl("avalanche", ChainData("Avalanche", 43114, "https://api.avax.network/ext/bc/C/rpc"));
220		setChainWithDefaultRpcUrl(
221		"avalanche_fuji", ChainData("Avalanche Fuji", 43113, "https://api.avax-test.network/ext/bc/C/rpc")
222		);
223		setChainWithDefaultRpcUrl(
224		"bnb_smart_chain", ChainData("BNB Smart Chain", 56, "https://bsc-dataseed1.binance.org")
225		);
226		setChainWithDefaultRpcUrl(
227		"bnb_smart_chain_testnet",
228		ChainData("BNB Smart Chain Testnet", 97, "https://rpc.ankr.com/bsc_testnet_chapel")
229		);
230		setChainWithDefaultRpcUrl("gnosis_chain", ChainData("Gnosis Chain", 100, "https://rpc.gnosischain.com"));
231		setChainWithDefaultRpcUrl("moonbeam", ChainData("Moonbeam", 1284, "https://rpc.api.moonbeam.network"));
232		setChainWithDefaultRpcUrl(
233		"moonriver", ChainData("Moonriver", 1285, "https://rpc.api.moonriver.moonbeam.network")
234		);
235		setChainWithDefaultRpcUrl("moonbase", ChainData("Moonbase", 1287, "https://rpc.testnet.moonbeam.network"));
236		setChainWithDefaultRpcUrl("base_sepolia", ChainData("Base Sepolia", 84532, "https://sepolia.base.org"));
237		setChainWithDefaultRpcUrl("base", ChainData("Base", 8453, "https://mainnet.base.org"));
238		setChainWithDefaultRpcUrl("fraxtal", ChainData("Fraxtal", 252, "https://rpc.frax.com"));
239		setChainWithDefaultRpcUrl("fraxtal_testnet", ChainData("Fraxtal Testnet", 2522, "https://rpc.testnet.frax.com"));
240		}
241
242		// set chain info, with priority to chainAlias' rpc url in foundry.toml
243		function setChainWithDefaultRpcUrl(string memory chainAlias, ChainData memory chain) private {
244		string memory rpcUrl = chain.rpcUrl;
245		defaultRpcUrls[chainAlias] = rpcUrl;
246		chain.rpcUrl = "";
247		setChain(chainAlias, chain);
248		chain.rpcUrl = rpcUrl; // restore argument
249		}
250		}

1		// SPDX-License-Identifier: MIT
2		pragma solidity >=0.6.2 <0.9.0;
3
4		pragma experimental ABIEncoderV2;
5
6		abstract contract StdInvariant {
7		struct FuzzSelector {
8		address addr;
9		bytes4[] selectors;
10		}
11
12		struct FuzzArtifactSelector {
13		string artifact;
14		bytes4[] selectors;
15		}
16
17		struct FuzzInterface {
18		address addr;
19		string[] artifacts;
20		}
21
22		address[] private _excludedContracts;
23		address[] private _excludedSenders;
24		address[] private _targetedContracts;
25		address[] private _targetedSenders;
26
27		string[] private _excludedArtifacts;
28		string[] private _targetedArtifacts;
29
30		FuzzArtifactSelector[] private _targetedArtifactSelectors;
31
32		FuzzSelector[] private _targetedSelectors;
33
34		FuzzInterface[] private _targetedInterfaces;
35
36		// Functions for users:
37		// These are intended to be called in tests.
38
39		function excludeContract(address newExcludedContract_) internal {
40		_excludedContracts.push(newExcludedContract_);
41		}
42
43		function excludeSender(address newExcludedSender_) internal {
44		_excludedSenders.push(newExcludedSender_);
45		}
46
47		function excludeArtifact(string memory newExcludedArtifact_) internal {
48		_excludedArtifacts.push(newExcludedArtifact_);
49		}
50
51		function targetArtifact(string memory newTargetedArtifact_) internal {
52		_targetedArtifacts.push(newTargetedArtifact_);
53		}
54
55		function targetArtifactSelector(FuzzArtifactSelector memory newTargetedArtifactSelector_) internal {
56		_targetedArtifactSelectors.push(newTargetedArtifactSelector_);
57		}
58
59		function targetContract(address newTargetedContract_) internal {
60	0	_targetedContracts.push(newTargetedContract_);
61		}
62
63		function targetSelector(FuzzSelector memory newTargetedSelector_) internal {
64		_targetedSelectors.push(newTargetedSelector_);
65		}
66
67		function targetSender(address newTargetedSender_) internal {
68	0	_targetedSenders.push(newTargetedSender_);
69		}
70
71		function targetInterface(FuzzInterface memory newTargetedInterface_) internal {
72		_targetedInterfaces.push(newTargetedInterface_);
73		}
74
75		// Functions for forge:
76		// These are called by forge to run invariant tests and don't need to be called in tests.
77
78	0	function excludeArtifacts() public view returns (string[] memory excludedArtifacts_) {
79	0	excludedArtifacts_ = _excludedArtifacts;
80		}
81
82	0	function excludeContracts() public view returns (address[] memory excludedContracts_) {
83	0	excludedContracts_ = _excludedContracts;
84		}
85
86	0	function excludeSenders() public view returns (address[] memory excludedSenders_) {
87	0	excludedSenders_ = _excludedSenders;
88		}
89
90	0	function targetArtifacts() public view returns (string[] memory targetedArtifacts_) {
91	0	targetedArtifacts_ = _targetedArtifacts;
92		}
93
94	14×	function targetArtifactSelectors() public view returns (FuzzArtifactSelector[] memory targetedArtifactSelectors_) {
95	33×	targetedArtifactSelectors_ = _targetedArtifactSelectors;
96		}
97
98	0	function targetContracts() public view returns (address[] memory targetedContracts_) {
99	0	targetedContracts_ = _targetedContracts;
100		}
101
102	0	function targetSelectors() public view returns (FuzzSelector[] memory targetedSelectors_) {
103	0	targetedSelectors_ = _targetedSelectors;
104		}
105
106	0	function targetSenders() public view returns (address[] memory targetedSenders_) {
107	0	targetedSenders_ = _targetedSenders;
108		}
109
110	2×	function targetInterfaces() public view returns (FuzzInterface[] memory targetedInterfaces_) {
111	7×	targetedInterfaces_ = _targetedInterfaces;
112		}
113		}

1		// SPDX-License-Identifier: MIT
2		pragma solidity >=0.6.2 <0.9.0;
3
4		import {IERC20} from "../interfaces/IERC20.sol";
5
6		/// @notice This is a mock contract of the ERC20 standard for testing purposes only, it SHOULD NOT be used in production.
7		/// @dev Forked from: https://github.com/transmissions11/solmate/blob/0384dbaaa4fcb5715738a9254a7c0a4cb62cf458/src/tokens/ERC20.sol
8	0	contract MockERC20 is IERC20 {
9		/*//////////////////////////////////////////////////////////////
10		METADATA STORAGE
11		//////////////////////////////////////////////////////////////*/
12
13		string internal _name;
14
15		string internal _symbol;
16
17		uint8 internal _decimals;
18
19	32×	function name() external view override returns (string memory) {
20	0	return _name;
21		}
22
23	0	function symbol() external view override returns (string memory) {
24	0	return _symbol;
25		}
26
27	0	function decimals() external view override returns (uint8) {
28	0	return _decimals;
29		}
30
31		/*//////////////////////////////////////////////////////////////
32		ERC20 STORAGE
33		//////////////////////////////////////////////////////////////*/
34
35		uint256 internal _totalSupply;
36
37		mapping(address => uint256) internal _balanceOf;
38
39		mapping(address => mapping(address => uint256)) internal _allowance;
40
41	12×	function totalSupply() external view override returns (uint256) {
42	0	return _totalSupply;
43		}
44
45	30×	function balanceOf(address owner) external view override returns (uint256) {
46	39×	return _balanceOf[owner];
47		}
48
49	0	function allowance(address owner, address spender) external view override returns (uint256) {
50	0	return _allowance[owner][spender];
51		}
52
53		/*//////////////////////////////////////////////////////////////
54		EIP-2612 STORAGE
55		//////////////////////////////////////////////////////////////*/
56
57		uint256 internal INITIAL_CHAIN_ID;
58
59		bytes32 internal INITIAL_DOMAIN_SEPARATOR;
60
61	21×	mapping(address => uint256) public nonces;
62
63		/*//////////////////////////////////////////////////////////////
64		INITIALIZE
65		//////////////////////////////////////////////////////////////*/
66
67		/// @dev A bool to track whether the contract has been initialized.
68		bool private initialized;
69
70		/// @dev To hide constructor warnings across solc versions due to different constructor visibility requirements and
71		/// syntaxes, we add an initialization function that can be called only once.
72	0	function initialize(string memory name_, string memory symbol_, uint8 decimals_) public {
73	16×	require(!initialized, "ALREADY_INITIALIZED");
74
75	0	_name = name_;
76	0	_symbol = symbol_;
77	0	_decimals = decimals_;
78
79	0	INITIAL_CHAIN_ID = _pureChainId();
80	0	INITIAL_DOMAIN_SEPARATOR = computeDomainSeparator();
81
82	0	initialized = true;
83		}
84
85		/*//////////////////////////////////////////////////////////////
86		ERC20 LOGIC
87		//////////////////////////////////////////////////////////////*/
88
89	54×	function approve(address spender, uint256 amount) public virtual override returns (bool) {
90	30×	_allowance[msg.sender][spender] = amount;
91
92	37×	emit Approval(msg.sender, spender, amount);
93
94	4×	return true;
95		}
96
97	48×	function transfer(address to, uint256 amount) public virtual override returns (bool) {
98	136×	_balanceOf[msg.sender] = _sub(_balanceOf[msg.sender], amount);
99	124×	_balanceOf[to] = _add(_balanceOf[to], amount);
100
101	36×	emit Transfer(msg.sender, to, amount);
102
103		return true;
104		}
105
106	42×	function transferFrom(address from, address to, uint256 amount) public virtual override returns (bool) {
107	72×	uint256 allowed = _allowance[from][msg.sender]; // Saves gas for limited approvals.
108
109	111×	if (allowed != ~uint256(0)) _allowance[from][msg.sender] = _sub(allowed, amount);
110
111	117×	_balanceOf[from] = _sub(_balanceOf[from], amount);
112	99×	_balanceOf[to] = _add(_balanceOf[to], amount);
113
114	57×	emit Transfer(from, to, amount);
115
116	6×	return true;
117		}
118
119		/*//////////////////////////////////////////////////////////////
120		EIP-2612 LOGIC
121		//////////////////////////////////////////////////////////////*/
122
123	0	function permit(address owner, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s)
124		public
125		virtual
126	0	{
127	0	require(deadline >= block.timestamp, "PERMIT_DEADLINE_EXPIRED");
128
129	0	address recoveredAddress = ecrecover(
130	0	keccak256(
131	0	abi.encodePacked(
132		"\x19\x01",
133	0	DOMAIN_SEPARATOR(),
134	0	keccak256(
135	0	abi.encode(
136	0	keccak256(
137		"Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)"
138		),
139	0	owner,
140	0	spender,
141	0	value,
142	0	nonces[owner]++,
143		deadline
144		)
145		)
146		)
147		),
148		v,
149		r,
150		s
151		);
152
153	0	require(recoveredAddress != address(0) && recoveredAddress == owner, "INVALID_SIGNER");
154
155	0	_allowance[recoveredAddress][spender] = value;
156
157	0	emit Approval(owner, spender, value);
158		}
159
160	7×	function DOMAIN_SEPARATOR() public view virtual returns (bytes32) {
161	13×	return _pureChainId() == INITIAL_CHAIN_ID ? INITIAL_DOMAIN_SEPARATOR : computeDomainSeparator();
162		}
163
164	0	function computeDomainSeparator() internal view virtual returns (bytes32) {
165	0	return keccak256(
166	0	abi.encode(
167	0	keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"),
168	0	keccak256(bytes(_name)),
169	0	keccak256("1"),
170	0	_pureChainId(),
171	0	address(this)
172		)
173		);
174		}
175
176		/*//////////////////////////////////////////////////////////////
177		INTERNAL MINT/BURN LOGIC
178		//////////////////////////////////////////////////////////////*/
179
180	0	function _mint(address to, uint256 amount) internal virtual {
181	0	_totalSupply = _add(_totalSupply, amount);
182	0	_balanceOf[to] = _add(_balanceOf[to], amount);
183
184	0	emit Transfer(address(0), to, amount);
185		}
186
187		function _burn(address from, uint256 amount) internal virtual {
188		_balanceOf[from] = _sub(_balanceOf[from], amount);
189		_totalSupply = _sub(_totalSupply, amount);
190
191		emit Transfer(from, address(0), amount);
192		}
193
194		/*//////////////////////////////////////////////////////////////
195		INTERNAL SAFE MATH LOGIC
196		//////////////////////////////////////////////////////////////*/
197
198	12×	function _add(uint256 a, uint256 b) internal pure returns (uint256) {
199	32×	uint256 c = a + b;
200	24×	require(c >= a, "ERC20: addition overflow");
201	0	return c;
202		}
203
204	16×	function _sub(uint256 a, uint256 b) internal pure returns (uint256) {
205	46×	require(a >= b, "ERC20: subtraction underflow");
206	28×	return a - b;
207		}
208
209		/*//////////////////////////////////////////////////////////////
210		HELPERS
211		//////////////////////////////////////////////////////////////*/
212
213		// We use this complex approach of `_viewChainId` and `_pureChainId` to ensure there are no
214		// compiler warnings when accessing chain ID in any solidity version supported by forge-std. We
215		// can't simply access the chain ID in a normal view or pure function because the solc View Pure
216		// Checker changed `chainid` from pure to view in 0.8.0.
217	2×	function _viewChainId() private view returns (uint256 chainId) {
218		// Assembly required since `block.chainid` was introduced in 0.8.0.
219		assembly {
220	2×	chainId := chainid()
221		}
222
223		address(this); // Silence warnings in older Solc versions.
224		}
225
226	6×	function _pureChainId() private pure returns (uint256 chainId) {
227	2×	function() internal view returns (uint256) fnIn = _viewChainId;
228		function() internal pure returns (uint256) pureChainId;
229		assembly {
230		pureChainId := fnIn
231		}
232	8×	chainId = pureChainId();
233		}
234		}

1		// SPDX-License-Identifier: MIT
2		// OpenZeppelin Contracts (last updated v5.0.0) (proxy/Clones.sol)
3
4		pragma solidity ^0.8.20;
5
6		/**
7		* @dev https://eips.ethereum.org/EIPS/eip-1167[EIP 1167] is a standard for
8		* deploying minimal proxy contracts, also known as "clones".
9		*
10		* > To simply and cheaply clone contract functionality in an immutable way, this standard specifies
11		* > a minimal bytecode implementation that delegates all calls to a known, fixed address.
12		*
13		* The library includes functions to deploy a proxy using either `create` (traditional deployment) or `create2`
14		* (salted deterministic deployment). It also includes functions to predict the addresses of clones deployed using the
15		* deterministic method.
16		*/
17	0	library Clones {
18		/**
19		* @dev A clone instance deployment failed.
20		*/
21		error ERC1167FailedCreateClone();
22
23		/**
24		* @dev Deploys and returns the address of a clone that mimics the behaviour of `implementation`.
25		*
26		* This function uses the create opcode, which should never revert.
27		*/
28		function clone(address implementation) internal returns (address instance) {
29		/// @solidity memory-safe-assembly
30		assembly {
31		// Cleans the upper 96 bits of the `implementation` word, then packs the first 3 bytes
32		// of the `implementation` address with the bytecode before the address.
33		mstore(0x00, or(shr(0xe8, shl(0x60, implementation)), 0x3d602d80600a3d3981f3363d3d373d3d3d363d73000000))
34		// Packs the remaining 17 bytes of `implementation` with the bytecode after the address.
35		mstore(0x20, or(shl(0x78, implementation), 0x5af43d82803e903d91602b57fd5bf3))
36		instance := create(0, 0x09, 0x37)
37		}
38		if (instance == address(0)) {
39		revert ERC1167FailedCreateClone();
40		}
41		}
42
43		/**
44		* @dev Deploys and returns the address of a clone that mimics the behaviour of `implementation`.
45		*
46		* This function uses the create2 opcode and a `salt` to deterministically deploy
47		* the clone. Using the same `implementation` and `salt` multiple time will revert, since
48		* the clones cannot be deployed twice at the same address.
49		*/
50	2×	function cloneDeterministic(address implementation, bytes32 salt) internal returns (address instance) {
51		/// @solidity memory-safe-assembly
52		assembly {
53		// Cleans the upper 96 bits of the `implementation` word, then packs the first 3 bytes
54		// of the `implementation` address with the bytecode before the address.
55	9×	mstore(0x00, or(shr(0xe8, shl(0x60, implementation)), 0x3d602d80600a3d3981f3363d3d373d3d3d363d73000000))
56		// Packs the remaining 17 bytes of `implementation` with the bytecode after the address.
57	7×	mstore(0x20, or(shl(0x78, implementation), 0x5af43d82803e903d91602b57fd5bf3))
58	6×	instance := create2(0, 0x09, 0x37, salt)
59		}
60	5×	if (instance == address(0)) {
61	14×	revert ERC1167FailedCreateClone();
62		}
63		}
64
65		/**
66		* @dev Computes the address of a clone deployed using {Clones-cloneDeterministic}.
67		*/
68	1×	function predictDeterministicAddress(
69		address implementation,
70		bytes32 salt,
71		address deployer
72		) internal pure returns (address predicted) {
73		/// @solidity memory-safe-assembly
74		assembly {
75	2×	let ptr := mload(0x40)
76	4×	mstore(add(ptr, 0x38), deployer)
77	5×	mstore(add(ptr, 0x24), 0x5af43d82803e903d91602b57fd5bf3ff)
78	5×	mstore(add(ptr, 0x14), implementation)
79	3×	mstore(ptr, 0x3d602d80600a3d3981f3363d3d373d3d3d363d73)
80	6×	mstore(add(ptr, 0x58), salt)
81	9×	mstore(add(ptr, 0x78), keccak256(add(ptr, 0x0c), 0x37))
82	6×	predicted := keccak256(add(ptr, 0x43), 0x55)
83		}
84		}
85
86		/**
87		* @dev Computes the address of a clone deployed using {Clones-cloneDeterministic}.
88		*/
89	1×	function predictDeterministicAddress(
90		address implementation,
91		bytes32 salt
92	2×	) internal view returns (address predicted) {
93	2×	return predictDeterministicAddress(implementation, salt, address(this));
94		}
95		}

1		// SPDX-License-Identifier: MIT
2		pragma solidity ^0.8.24;
3
4		import {IERC20} from "openzeppelin-contracts/contracts/interfaces/IERC20.sol";
5		import {SafeERC20} from "openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol";
6
7		import {IGovernance} from "./interfaces/IGovernance.sol";
8		import {IInitiative} from "./interfaces/IInitiative.sol";
9		import {IBribeInitiative} from "./interfaces/IBribeInitiative.sol";
10
11		import {DoubleLinkedList} from "./utils/DoubleLinkedList.sol";
12
13	234×	contract BribeInitiative is IInitiative, IBribeInitiative {
14		using SafeERC20 for IERC20;
15		using DoubleLinkedList for DoubleLinkedList.List;
16
17		/// @inheritdoc IBribeInitiative
18	0	IGovernance public immutable governance;
19		/// @inheritdoc IBribeInitiative
20	0	IERC20 public immutable bold;
21		/// @inheritdoc IBribeInitiative
22	0	IERC20 public immutable bribeToken;
23
24		/// @inheritdoc IBribeInitiative
25	0	mapping(uint16 => Bribe) public bribeByEpoch;
26		/// @inheritdoc IBribeInitiative
27	38×	mapping(address => mapping(uint16 => bool)) public claimedBribeAtEpoch;
28
29		/// Double linked list of the total LQTY allocated at a given epoch
30		DoubleLinkedList.List internal totalLQTYAllocationByEpoch;
31		/// Double linked list of LQTY allocated by a user at a given epoch
32		mapping(address => DoubleLinkedList.List) internal lqtyAllocationByUserAtEpoch;
33
34	27×	constructor(address _governance, address _bold, address _bribeToken) {
35	5×	governance = IGovernance(_governance);
36	5×	bold = IERC20(_bold);
37	3×	bribeToken = IERC20(_bribeToken);
38		}
39
40		modifier onlyGovernance() {
41	33×	require(msg.sender == address(governance), "BribeInitiative: invalid-sender");
42	2×	_;
43		}
44
45		/// @inheritdoc IBribeInitiative
46	25×	function totalLQTYAllocatedByEpoch(uint16 _epoch) external view returns (uint88) {
47	3×	return totalLQTYAllocationByEpoch.getValue(_epoch);
48		}
49
50		/// @inheritdoc IBribeInitiative
51	16×	function lqtyAllocatedByUserAtEpoch(address _user, uint16 _epoch) external view returns (uint88) {
52	19×	return lqtyAllocationByUserAtEpoch[_user].getValue(_epoch);
53		}
54
55		/// @inheritdoc IBribeInitiative
56	17×	function depositBribe(uint128 _boldAmount, uint128 _bribeTokenAmount, uint16 _epoch) external {
57	12×	bold.safeTransferFrom(msg.sender, address(this), _boldAmount);
58	12×	bribeToken.safeTransferFrom(msg.sender, address(this), _bribeTokenAmount);
59
60	62×	uint16 epoch = governance.epoch();
61	19×	require(_epoch > epoch, "BribeInitiative: only-future-epochs");
62
63	46×	Bribe memory bribe = bribeByEpoch[_epoch];
64	13×	bribe.boldAmount += _boldAmount;
65	22×	bribe.bribeTokenAmount += _bribeTokenAmount;
66	32×	bribeByEpoch[_epoch] = bribe;
67
68	12×	emit DepositBribe(msg.sender, _boldAmount, _bribeTokenAmount, _epoch);
69		}
70
71	1×	function _claimBribe(
72		address _user,
73		uint16 _epoch,
74		uint16 _prevLQTYAllocationEpoch,
75		uint16 _prevTotalLQTYAllocationEpoch
76	2×	) internal returns (uint256 boldAmount, uint256 bribeTokenAmount) {
77	68×	require(_epoch != governance.epoch(), "BribeInitiative: cannot-claim-for-current-epoch");
78	33×	require(!claimedBribeAtEpoch[_user][_epoch], "BribeInitiative: already-claimed");
79
80	44×	Bribe memory bribe = bribeByEpoch[_epoch];
81	25×	require(bribe.boldAmount != 0 \|\| bribe.bribeTokenAmount != 0, "BribeInitiative: no-bribe");
82
83	0	DoubleLinkedList.Item memory lqtyAllocation =
84	0	lqtyAllocationByUserAtEpoch[_user].getItem(_prevLQTYAllocationEpoch);
85
86	0	require(
87	0	lqtyAllocation.value != 0 && _prevLQTYAllocationEpoch <= _epoch
88	0	&& (lqtyAllocation.next > _epoch \|\| lqtyAllocation.next == 0),
89		"BribeInitiative: invalid-prev-lqty-allocation-epoch"
90		);
91	0	DoubleLinkedList.Item memory totalLQTYAllocation =
92	0	totalLQTYAllocationByEpoch.getItem(_prevTotalLQTYAllocationEpoch);
93	0	require(
94	0	totalLQTYAllocation.value != 0 && _prevTotalLQTYAllocationEpoch <= _epoch
95	0	&& (totalLQTYAllocation.next > _epoch \|\| totalLQTYAllocation.next == 0),
96		"BribeInitiative: invalid-prev-total-lqty-allocation-epoch"
97		);
98
99	0	boldAmount = uint256(bribe.boldAmount) * uint256(lqtyAllocation.value) / uint256(totalLQTYAllocation.value);
100	0	bribeTokenAmount =
101	0	uint256(bribe.bribeTokenAmount) * uint256(lqtyAllocation.value) / uint256(totalLQTYAllocation.value);
102
103	0	claimedBribeAtEpoch[_user][_epoch] = true;
104
105	0	emit ClaimBribe(_user, _epoch, boldAmount, bribeTokenAmount);
106		}
107
108		/// @inheritdoc IBribeInitiative
109	11×	function claimBribes(ClaimData[] calldata _claimData)
110		external
111	2×	returns (uint256 boldAmount, uint256 bribeTokenAmount)
112		{
113	8×	for (uint256 i = 0; i < _claimData.length; i++) {
114	29×	ClaimData memory claimData = _claimData[i];
115	5×	(uint256 boldAmount_, uint256 bribeTokenAmount_) = _claimBribe(
116	13×	msg.sender, claimData.epoch, claimData.prevLQTYAllocationEpoch, claimData.prevTotalLQTYAllocationEpoch
117		);
118	0	boldAmount += boldAmount_;
119	0	bribeTokenAmount += bribeTokenAmount_;
120		}
121
122	0	if (boldAmount != 0) bold.safeTransfer(msg.sender, boldAmount);
123	0	if (bribeTokenAmount != 0) bribeToken.safeTransfer(msg.sender, bribeTokenAmount);
124		}
125
126		/// @inheritdoc IInitiative
127		function onRegisterInitiative(uint16) external virtual override onlyGovernance {}
128
129		/// @inheritdoc IInitiative
130	15×	function onUnregisterInitiative(uint16) external virtual override onlyGovernance {}
131
132	5×	function _setTotalLQTYAllocationByEpoch(uint16 _epoch, uint88 _value, bool _insert) private {
133	8×	if (_insert) {
134	8×	totalLQTYAllocationByEpoch.insert(_epoch, _value, 0);
135		} else {
136	23×	totalLQTYAllocationByEpoch.items[_epoch].value = _value;
137		}
138	12×	emit ModifyTotalLQTYAllocation(_epoch, _value);
139		}
140
141	6×	function _setLQTYAllocationByUserAtEpoch(address _user, uint16 _epoch, uint88 _value, bool _insert) private {
142	8×	if (_insert) {
143	22×	lqtyAllocationByUserAtEpoch[_user].insert(_epoch, _value, 0);
144		} else {
145	36×	lqtyAllocationByUserAtEpoch[_user].items[_epoch].value = _value;
146		}
147	13×	emit ModifyLQTYAllocation(_user, _epoch, _value);
148		}
149
150		/// @inheritdoc IInitiative
151	21×	function onAfterAllocateLQTY(uint16 _currentEpoch, address _user, uint88 _voteLQTY, uint88 _vetoLQTY)
152		external
153		virtual
154		onlyGovernance
155	1×	{
156	18×	uint16 mostRecentUserEpoch = lqtyAllocationByUserAtEpoch[_user].getHead();
157
158	8×	if (_currentEpoch == 0) return;
159
160		// if this is the first user allocation in the epoch, then insert a new item into the user allocation DLL
161	16×	if (mostRecentUserEpoch != _currentEpoch) {
162	33×	uint88 prevVoteLQTY = lqtyAllocationByUserAtEpoch[_user].items[mostRecentUserEpoch].value;
163	13×	uint88 newVoteLQTY = (_vetoLQTY == 0) ? _voteLQTY : 0;
164	2×	uint16 mostRecentTotalEpoch = totalLQTYAllocationByEpoch.getHead();
165		// if this is the first allocation in the epoch, then insert a new item into the total allocation DLL
166	9×	if (mostRecentTotalEpoch != _currentEpoch) {
167	19×	uint88 prevTotalLQTYAllocation = totalLQTYAllocationByEpoch.items[mostRecentTotalEpoch].value;
168	10×	if (_vetoLQTY == 0) {
169		// no veto to no veto
170	4×	_setTotalLQTYAllocationByEpoch(
171	15×	_currentEpoch, prevTotalLQTYAllocation + newVoteLQTY - prevVoteLQTY, true
172		);
173		} else {
174	7×	if (prevVoteLQTY != 0) {
175		// if the prev user allocation was counted in, then remove the prev user allocation from the
176		// total allocation (no veto to veto)
177	0	_setTotalLQTYAllocationByEpoch(_currentEpoch, prevTotalLQTYAllocation - prevVoteLQTY, true);
178		} else {
179		// veto to veto
180	7×	_setTotalLQTYAllocationByEpoch(_currentEpoch, prevTotalLQTYAllocation, true);
181		}
182		}
183		} else {
184	0	if (_vetoLQTY == 0) {
185		// no veto to no veto
186	2×	_setTotalLQTYAllocationByEpoch(
187	0	_currentEpoch,
188	7×	totalLQTYAllocationByEpoch.items[_currentEpoch].value + newVoteLQTY - prevVoteLQTY,
189	1×	false
190		);
191	0	} else if (prevVoteLQTY != 0) {
192		// no veto to veto
193	1×	_setTotalLQTYAllocationByEpoch(
194	0	_currentEpoch, totalLQTYAllocationByEpoch.items[_currentEpoch].value - prevVoteLQTY, false
195		);
196		}
197		}
198		// insert a new item into the user allocation DLL
199	8×	_setLQTYAllocationByUserAtEpoch(_user, _currentEpoch, newVoteLQTY, true);
200	1×	} else {
201	19×	uint88 prevVoteLQTY = lqtyAllocationByUserAtEpoch[_user].getItem(_currentEpoch).value;
202	9×	if (_vetoLQTY == 0) {
203		// update the allocation for the current epoch by adding the new allocation and subtracting
204		// the previous one (no veto to no veto)
205	3×	_setTotalLQTYAllocationByEpoch(
206	2×	_currentEpoch,
207	24×	totalLQTYAllocationByEpoch.items[_currentEpoch].value + _voteLQTY - prevVoteLQTY,
208		false
209		);
210	8×	_setLQTYAllocationByUserAtEpoch(_user, _currentEpoch, _voteLQTY, false);
211		} else {
212		// if the user vetoed the initiative, subtract the allocation from the DLLs (no veto to veto)
213	3×	_setTotalLQTYAllocationByEpoch(
214	24×	_currentEpoch, totalLQTYAllocationByEpoch.items[_currentEpoch].value - prevVoteLQTY, false
215		);
216	8×	_setLQTYAllocationByUserAtEpoch(_user, _currentEpoch, 0, false);
217		}
218		}
219		}
220
221		/// @inheritdoc IInitiative
222	18×	function onClaimForInitiative(uint16, uint256) external virtual override onlyGovernance {}
223		}

1		// SPDX-License-Identifier: MIT
2		pragma solidity ^0.8.24;
3
4		import {ILiquidityGauge} from "./../src/interfaces/ILiquidityGauge.sol";
5
6		import {BribeInitiative} from "./BribeInitiative.sol";
7
8	0	contract CurveV2GaugeRewards is BribeInitiative {
9	0	ILiquidityGauge public immutable gauge;
10	0	uint256 public immutable duration;
11
12		event DepositIntoGauge(uint256 amount);
13
14	0	constructor(address _governance, address _bold, address _bribeToken, address _gauge, uint256 _duration)
15		BribeInitiative(_governance, _bold, _bribeToken)
16		{
17	0	gauge = ILiquidityGauge(_gauge);
18	0	duration = _duration;
19		}
20
21	0	function depositIntoGauge() external returns (uint256) {
22	0	uint256 amount = governance.claimForInitiative(address(this));
23
24	0	bold.approve(address(gauge), amount);
25	0	gauge.deposit_reward_token(address(bold), amount, duration);
26
27	0	emit DepositIntoGauge(amount);
28
29	0	return amount;
30		}
31		}

1		// SPDX-License-Identifier: MIT
2		pragma solidity ^0.8.24;
3
4		import {Clones} from "openzeppelin-contracts/contracts/proxy/Clones.sol";
5
6		import {IUserProxyFactory} from "./interfaces/IUserProxyFactory.sol";
7		import {UserProxy} from "./UserProxy.sol";
8
9	0	contract UserProxyFactory is IUserProxyFactory {
10		/// @inheritdoc IUserProxyFactory
11	0	address public immutable userProxyImplementation;
12
13	0	constructor(address _lqty, address _lusd, address _stakingV1) {
14	0	userProxyImplementation = address(new UserProxy(_lqty, _lusd, _stakingV1));
15		}
16
17		/// @inheritdoc IUserProxyFactory
18	22×	function deriveUserProxyAddress(address _user) public view returns (address) {
19	11×	return Clones.predictDeterministicAddress(userProxyImplementation, bytes32(uint256(uint160(_user))));
20		}
21
22		/// @inheritdoc IUserProxyFactory
23	18×	function deployUserProxy() public returns (address) {
24		// reverts if the user already has a proxy
25	5×	address userProxy = Clones.cloneDeterministic(userProxyImplementation, bytes32(uint256(uint160(msg.sender))));
26
27	0	emit DeployUserProxy(msg.sender, userProxy);
28
29	0	return userProxy;
30		}
31		}

1		// SPDX-License-Identifier: MIT
2		pragma solidity ^0.8.24;
3
4		import {Hooks} from "v4-core/src/libraries/Hooks.sol";
5		import {IPoolManager} from "v4-core/src/interfaces/IPoolManager.sol";
6		import {IHooks} from "v4-core/src/interfaces/IHooks.sol";
7		import {BalanceDelta} from "v4-core/src/types/BalanceDelta.sol";
8		import {PoolKey} from "v4-core/src/types/PoolKey.sol";
9		import {BeforeSwapDelta} from "v4-core/src/types/BeforeSwapDelta.sol";
10		import {IUnlockCallback} from "v4-core/src/interfaces/callback/IUnlockCallback.sol";
11
12	0	contract ImmutableState {
13	0	IPoolManager public immutable manager;
14
15	0	constructor(IPoolManager _manager) {
16	0	manager = _manager;
17		}
18		}
19
20		abstract contract SafeCallback is ImmutableState, IUnlockCallback {
21		error NotManager();
22
23		modifier onlyByManager() {
24	0	if (msg.sender != address(manager)) revert NotManager();
25		_;
26		}
27
28		/// @dev We force the onlyByManager modifier by exposing a virtual function after the onlyByManager check.
29	0	function unlockCallback(bytes calldata data) external onlyByManager returns (bytes memory) {
30	0	return _unlockCallback(data);
31		}
32
33		function _unlockCallback(bytes calldata data) internal virtual returns (bytes memory);
34		}
35
36		abstract contract BaseHook is IHooks, SafeCallback {
37		error NotSelf();
38		error InvalidPool();
39		error LockFailure();
40		error HookNotImplemented();
41
42		constructor(IPoolManager _manager) ImmutableState(_manager) {
43	0	validateHookAddress(this);
44		}
45
46		/// @dev Only this address may call this function
47		modifier selfOnly() {
48		if (msg.sender != address(this)) revert NotSelf();
49		_;
50		}
51
52		/// @dev Only pools with hooks set to this contract may call this function
53		modifier onlyValidPools(IHooks hooks) {
54		if (hooks != this) revert InvalidPool();
55		_;
56		}
57
58		function getHookPermissions() public pure virtual returns (Hooks.Permissions memory);
59
60		// this function is virtual so that we can override it during testing,
61		// which allows us to deploy an implementation to any address
62		// and then etch the bytecode into the correct address
63	0	function validateHookAddress(BaseHook _this) internal pure virtual {
64	0	Hooks.validateHookPermissions(_this, getHookPermissions());
65		}
66
67		function _unlockCallback(bytes calldata data) internal virtual override returns (bytes memory) {
68		(bool success, bytes memory returnData) = address(this).call(data);
69		if (success) return returnData;
70		if (returnData.length == 0) revert LockFailure();
71		// if the call failed, bubble up the reason
72		/// @solidity memory-safe-assembly
73		assembly {
74		revert(add(returnData, 32), mload(returnData))
75		}
76		}
77
78	0	function beforeInitialize(address, PoolKey calldata, uint160, bytes calldata) external virtual returns (bytes4) {
79		revert HookNotImplemented();
80		}
81
82		function afterInitialize(address, PoolKey calldata, uint160, int24, bytes calldata)
83		external
84		virtual
85		returns (bytes4)
86		{
87		revert HookNotImplemented();
88		}
89
90		function beforeAddLiquidity(address, PoolKey calldata, IPoolManager.ModifyLiquidityParams calldata, bytes calldata)
91		external
92		virtual
93		returns (bytes4)
94		{
95		revert HookNotImplemented();
96		}
97
98	0	function beforeRemoveLiquidity(
99		address,
100		PoolKey calldata,
101		IPoolManager.ModifyLiquidityParams calldata,
102		bytes calldata
103	0	) external virtual returns (bytes4) {
104	0	revert HookNotImplemented();
105		}
106
107		function afterAddLiquidity(
108		address,
109		PoolKey calldata,
110		IPoolManager.ModifyLiquidityParams calldata,
111		BalanceDelta,
112		bytes calldata
113		) external virtual returns (bytes4, BalanceDelta) {
114		revert HookNotImplemented();
115		}
116
117	0	function afterRemoveLiquidity(
118		address,
119		PoolKey calldata,
120		IPoolManager.ModifyLiquidityParams calldata,
121		BalanceDelta,
122		bytes calldata
123	0	) external virtual returns (bytes4, BalanceDelta) {
124	0	revert HookNotImplemented();
125		}
126
127	0	function beforeSwap(address, PoolKey calldata, IPoolManager.SwapParams calldata, bytes calldata)
128		external
129		virtual
130	0	returns (bytes4, BeforeSwapDelta, uint24)
131		{
132	0	revert HookNotImplemented();
133		}
134
135	0	function afterSwap(address, PoolKey calldata, IPoolManager.SwapParams calldata, BalanceDelta, bytes calldata)
136		external
137		virtual
138		returns (bytes4, int128)
139		{
140		revert HookNotImplemented();
141		}
142
143	0	function beforeDonate(address, PoolKey calldata, uint256, uint256, bytes calldata)
144		external
145		virtual
146		returns (bytes4)
147		{
148		revert HookNotImplemented();
149		}
150
151		function afterDonate(address, PoolKey calldata, uint256, uint256, bytes calldata)
152		external
153		virtual
154		returns (bytes4)
155		{
156		revert HookNotImplemented();
157		}
158		}

1		// SPDX-License-Identifier: MIT
2		pragma solidity ^0.8.24;
3
4		/// @title DoubleLinkedList
5		/// @notice Implements a double linked list where the head is defined as the null item's prev pointer
6		/// and the tail is defined as the null item's next pointer ([tail][prev][item][next][head])
7	0	library DoubleLinkedList {
8		struct Item {
9		uint88 value;
10		uint16 prev;
11		uint16 next;
12		}
13
14		struct List {
15		mapping(uint16 => Item) items;
16		}
17
18		error IdIsZero();
19		error ItemNotInList();
20		error ItemInList();
21
22		/// @notice Returns the head item id of the list
23		/// @param list Linked list which contains the item
24		/// @return _ Id of the head item
25		function getHead(List storage list) internal view returns (uint16) {
26	28×	return list.items[0].prev;
27		}
28
29		/// @notice Returns the tail item id of the list
30		/// @param list Linked list which contains the item
31		/// @return _ Id of the tail item
32		function getTail(List storage list) internal view returns (uint16) {
33	0	return list.items[0].next;
34		}
35
36		/// @notice Returns the item id which follows item `id`. Returns the head item id of the list if the `id` is 0.
37		/// @param list Linked list which contains the items
38		/// @param id Id of the current item
39		/// @return _ Id of the current item's next item
40	0	function getNext(List storage list, uint16 id) internal view returns (uint16) {
41	0	return list.items[id].next;
42		}
43
44		/// @notice Returns the item id which precedes item `id`. Returns the tail item id of the list if the `id` is 0.
45		/// @param list Linked list which contains the items
46		/// @param id Id of the current item
47		/// @return _ Id of the current item's previous item
48		function getPrev(List storage list, uint16 id) internal view returns (uint16) {
49	0	return list.items[id].prev;
50		}
51
52		/// @notice Returns the value of item `id`
53		/// @param list Linked list which contains the item
54		/// @param id Id of the item
55		/// @return _ Value of the item
56	0	function getValue(List storage list, uint16 id) internal view returns (uint88) {
57	27×	return list.items[id].value;
58		}
59
60		/// @notice Returns the item `id`
61		/// @param list Linked list which contains the item
62		/// @param id Id of the item
63		/// @return _ Item
64	0	function getItem(List storage list, uint16 id) internal view returns (Item memory) {
65	46×	return list.items[id];
66		}
67
68		/// @notice Returns whether the list contains item `id`
69		/// @param list Linked list which should contain the item
70		/// @param id Id of the item to check
71		/// @return _ True if the list contains the item, false otherwise
72	7×	function contains(List storage list, uint16 id) internal view returns (bool) {
73	8×	if (id == 0) revert IdIsZero();
74	76×	return (list.items[id].prev != 0 \|\| list.items[id].next != 0 \|\| list.items[0].next == id);
75		}
76
77		/// @notice Inserts an item with `id` in the list before item `next`
78		/// - if `next` is 0, the item is inserted at the start (head) of the list
79		/// @dev This function should not be called with an `id` that is already in the list.
80		/// @param list Linked list which contains the next item and into which the new item will be inserted
81		/// @param id Id of the item to insert
82		/// @param value Value of the item to insert
83		/// @param next Id of the item which should follow item `id`
84	2×	function insert(List storage list, uint16 id, uint88 value, uint16 next) internal {
85	10×	if (contains(list, id)) revert ItemInList();
86	14×	if (next != 0 && !contains(list, next)) revert ItemNotInList();
87	26×	uint16 prev = list.items[next].prev;
88	27×	list.items[prev].next = id;
89	11×	list.items[next].prev = id;
90	13×	list.items[id].prev = prev;
91	15×	list.items[id].next = next;
92	10×	list.items[id].value = value;
93		}
94		}

1		// SPDX-License-Identifier: GPL-2.0-or-later
2		pragma solidity ^0.8.24;
3
4		import {IMulticall} from "../interfaces/IMulticall.sol";
5
6		/// Copied from: https://github.com/Uniswap/v3-periphery/blob/main/contracts/base/Multicall.sol
7		/// @title Multicall
8		/// @notice Enables calling multiple methods in a single call to the contract
9		abstract contract Multicall is IMulticall {
10		/// @inheritdoc IMulticall
11	5×	function multicall(bytes[] calldata data) public payable override returns (bytes[] memory results) {
12	0	results = new bytes[](data.length);
13	2×	for (uint256 i = 0; i < data.length; i++) {
14	0	(bool success, bytes memory result) = address(this).delegatecall(data[i]);
15
16	0	if (!success) {
17		// Next 5 lines from https://ethereum.stackexchange.com/a/83577
18	0	if (result.length < 68) revert();
19		assembly {
20	0	result := add(result, 0x04)
21		}
22	0	revert(abi.decode(result, (string)));
23		}
24
25	0	results[i] = result;
26		}
27		}
28		}

1		// SPDX-License-Identifier: MIT
2		pragma solidity ^0.8.24;
3
4		struct PermitParams {
5		address owner;
6		address spender;
7		uint256 value;
8		uint256 deadline;
9		uint8 v;
10		bytes32 r;
11		bytes32 s;
12		}
13
14	6×	uint256 constant WAD = 1e18;

1		// SPDX-License-Identifier: GPL-2.0
2		pragma solidity ^0.8.0;
3
4		import {MockERC20} from "forge-std/mocks/MockERC20.sol";
5
6	279×	contract MockERC20Tester is MockERC20 {
7		address owner;
8
9		modifier onlyOwner() {
10	0	require(msg.sender == owner);
11		_;
12		}
13
14	0	constructor(address recipient, uint256 mintAmount, string memory name, string memory symbol, uint8 decimals) {
15	0	super.initialize(name, symbol, decimals);
16	0	_mint(recipient, mintAmount);
17
18	0	owner = msg.sender;
19		}
20
21	0	function mint(address to, uint256 amount) public onlyOwner {
22	0	_mint(to, amount);
23		}
24		}

1		// SPDX-License-Identifier: UNLICENSED
2		pragma solidity ^0.8.24;
3
4		import {IERC20} from "openzeppelin-contracts/contracts/interfaces/IERC20.sol";
5
6	115×	contract MockStakingV1 {
7	0	IERC20 public immutable lqty;
8
9	66×	mapping(address => uint256) public stakes;
10
11	27×	constructor(address _lqty) {
12	3×	lqty = IERC20(_lqty);
13		}
14
15	11×	function stake(uint256 _LQTYamount) external {
16	27×	stakes[msg.sender] += _LQTYamount;
17	17×	lqty.transferFrom(msg.sender, address(this), _LQTYamount);
18		}
19
20	15×	function unstake(uint256 _LQTYamount) external {
21	27×	stakes[msg.sender] -= _LQTYamount;
22	62×	lqty.transfer(msg.sender, _LQTYamount);
23		}
24		}

1
2		// SPDX-License-Identifier: GPL-2.0
3		pragma solidity ^0.8.0;
4
5		import {Asserts} from "@chimera/Asserts.sol";
6		import {Setup} from "./Setup.sol";
7		import {IGovernance} from "../../src/interfaces/IGovernance.sol";
8		import {IBribeInitiative} from "../../src/interfaces/IBribeInitiative.sol";
9		import {Governance} from "../../src/Governance.sol";
10
11
12		abstract contract BeforeAfter is Setup, Asserts {
13		struct Vars {
14		uint16 epoch;
15		mapping(address => Governance.InitiativeStatus) initiativeStatus;
16		// initiative => user => epoch => claimed
17		mapping(address => mapping(address => mapping(uint16 => bool))) claimedBribeForInitiativeAtEpoch;
18		uint128 lqtyBalance;
19		uint128 lusdBalance;
20		}
21
22		Vars internal _before;
23		Vars internal _after;
24
25		modifier withChecks {
26	60×	__before();
27		_;
28	28×	__after();
29		}
30
31	2×	function __before() internal {
32	70×	uint16 currentEpoch = governance.epoch();
33	12×	_before.epoch = currentEpoch;
34	22×	for(uint8 i; i < deployedInitiatives.length; i++) {
35	27×	address initiative = deployedInitiatives[i];
36	69×	(Governance.InitiativeStatus status,,) = governance.getInitiativeState(initiative);
37	29×	_before.initiativeStatus[initiative] = status;
38	119×	_before.claimedBribeForInitiativeAtEpoch[initiative][user][currentEpoch] = IBribeInitiative(initiative).claimedBribeAtEpoch(user, currentEpoch);
39		}
40
41	81×	_before.lqtyBalance = uint128(lqty.balanceOf(user));
42	82×	_before.lusdBalance = uint128(lusd.balanceOf(user));
43		}
44
45	2×	function __after() internal {
46	70×	uint16 currentEpoch = governance.epoch();
47	12×	_after.epoch = currentEpoch;
48	22×	for(uint8 i; i < deployedInitiatives.length; i++) {
49	27×	address initiative = deployedInitiatives[i];
50	69×	(Governance.InitiativeStatus status,,) = governance.getInitiativeState(initiative);
51	29×	_after.initiativeStatus[initiative] = status;
52	119×	_after.claimedBribeForInitiativeAtEpoch[initiative][user][currentEpoch] = IBribeInitiative(initiative).claimedBribeAtEpoch(user, currentEpoch);
53		}
54
55	81×	_after.lqtyBalance = uint128(lqty.balanceOf(user));
56	82×	_after.lusdBalance = uint128(lusd.balanceOf(user));
57		}
58		}

1		// SPDX-License-Identifier: GPL-2.0
2		pragma solidity ^0.8.0;
3
4		import {TargetFunctions} from "./TargetFunctions.sol";
5		import {CryticAsserts} from "@chimera/CryticAsserts.sol";
6
7		// echidna . --contract CryticTester --config echidna.yaml
8		// medusa fuzz
9	372×	contract CryticTester is TargetFunctions, CryticAsserts {
10		constructor() payable {
11	4×	setup();
12		}
13		}

1		// SPDX-License-Identifier: GPL-2.0
2		pragma solidity ^0.8.0;
3
4		import {GovernanceProperties} from "./properties/GovernanceProperties.sol";
5		import {BribeInitiativeProperties} from "./properties/BribeInitiativeProperties.sol";
6
7		abstract contract Properties is GovernanceProperties, BribeInitiativeProperties {
8		string internal constant ASSERTION_CANARY = "!!! canary assertion";
9		string internal constant ASSERTION_GV01 =
10		"!!! GV-01: Initiative state should only return one state per epoch";
11		string internal constant ASSERTION_BI01_LQTY =
12		"!!! BI-01: User should receive percentage of bribes corresponding to their allocation";
13		string internal constant ASSERTION_BI01_BOLD =
14		"!!! BI-01: User should receive percentage of BOLD bribes corresponding to their allocation";
15		string internal constant ASSERTION_BI02 =
16		"!!! BI-02: User can only claim bribes once in an epoch";
17		string internal constant ASSERTION_BI03 =
18		"!!! BI-03: Accounting for user allocation amount is always correct";
19		string internal constant ASSERTION_BI04 =
20		"!!! BI-04: Accounting for total allocation amount is always correct";
21		string internal constant ASSERTION_BI05_BRIBE_DUST =
22		"!!! BI-05: Bribe token dust amount remaining after claiming should be less than 100 million wei";
23		string internal constant ASSERTION_BI05_BOLD_DUST =
24		"!!! BI-05: Bold token dust amount remaining after claiming should be less than 100 million wei";
25		string internal constant INVARIANT_CANARY_GLOBAL_INVARIANT_FAILURE =
26		"Canary invariant";
27
28	4×	function _assertionGV01() internal pure virtual override returns (string memory) {
29	19×	return ASSERTION_GV01;
30		}
31
32	0	function _assertionBI01Lqty() internal pure virtual override returns (string memory) {
33	0	return ASSERTION_BI01_LQTY;
34		}
35
36	0	function _assertionBI01Bold() internal pure virtual override returns (string memory) {
37	0	return ASSERTION_BI01_BOLD;
38		}
39
40	4×	function _assertionBI02() internal pure virtual override returns (string memory) {
41	19×	return ASSERTION_BI02;
42		}
43
44	4×	function _assertionBI03() internal pure virtual override returns (string memory) {
45	19×	return ASSERTION_BI03;
46		}
47
48	4×	function _assertionBI04() internal pure virtual override returns (string memory) {
49	19×	return ASSERTION_BI04;
50		}
51
52	0	function _assertionBI05BribeDust() internal pure virtual override returns (string memory) {
53	0	return ASSERTION_BI05_BRIBE_DUST;
54		}
55
56	0	function _assertionBI05BoldDust() internal pure virtual override returns (string memory) {
57	0	return ASSERTION_BI05_BOLD_DUST;
58		}
59
60		/// @dev Canary assertion helper. A failing input is expected to be discovered during fuzzing.
61	11×	function assert_canary_ASSERTION_CANARY(uint256 entropy) public {
62	23×	t(entropy > 0, ASSERTION_CANARY);
63		}
64
65		/// @dev Canary global invariant expected to fail immediately.
66	17×	function invariant_canary()
67		public
68		virtual
69	1×	returns (bool)
70		{
71	22×	t(false, INVARIANT_CANARY_GLOBAL_INVARIANT_FAILURE);
72	2×	return true;
73		}
74		}

1
2		// SPDX-License-Identifier: GPL-2.0
3		pragma solidity ^0.8.0;
4
5		import {BaseSetup} from "@chimera/BaseSetup.sol";
6		import {console2} from "forge-std/Test.sol";
7		import {vm} from "@chimera/Hevm.sol";
8		import {IERC20} from "forge-std/interfaces/IERC20.sol";
9
10		import {MockERC20Tester} from "../mocks/MockERC20Tester.sol";
11		import {MockStakingV1} from "../mocks/MockStakingV1.sol";
12		import {MaliciousInitiative} from "../mocks/MaliciousInitiative.sol";
13		import {Governance} from "src/Governance.sol";
14		import {BribeInitiative} from "../../src/BribeInitiative.sol";
15		import {IBribeInitiative} from "../../src/interfaces/IBribeInitiative.sol";
16		import {IGovernance} from "src/interfaces/IGovernance.sol";
17		import {IInitiative} from "src/interfaces/IInitiative.sol";
18
19		abstract contract Setup is BaseSetup {
20		Governance governance;
21		MockERC20Tester internal lqty;
22		MockERC20Tester internal lusd;
23		IBribeInitiative internal initiative1;
24
25	11×	address internal user = address(this);
26	10×	address internal user2 = address(0x537C8f3d3E18dF5517a58B3fB9D9143697996802); // derived using makeAddrAndKey
27		address internal stakingV1;
28		address internal userProxy;
29	26×	address[] internal users = new address[](2);
30		address[] internal deployedInitiatives;
31	3×	uint256 internal user2Pk = 23868421370328131711506074113045611601786642648093516849953535378706721142721; // derived using makeAddrAndKey
32		bool internal claimedTwice;
33
34		mapping(uint16 => uint88) internal ghostTotalAllocationAtEpoch;
35		mapping(address => uint88) internal ghostLqtyAllocationByUserAtEpoch;
36
37	1×	uint128 internal constant REGISTRATION_FEE = 1e18;
38	1×	uint128 internal constant REGISTRATION_THRESHOLD_FACTOR = 0.01e18;
39	1×	uint128 internal constant UNREGISTRATION_THRESHOLD_FACTOR = 4e18;
40	1×	uint16 internal constant REGISTRATION_WARM_UP_PERIOD = 4;
41		uint16 internal constant UNREGISTRATION_AFTER_EPOCHS = 4;
42	1×	uint128 internal constant VOTING_THRESHOLD_FACTOR = 0.04e18;
43	1×	uint88 internal constant MIN_CLAIM = 500e18;
44	1×	uint88 internal constant MIN_ACCRUAL = 1000e18;
45	1×	uint32 internal constant EPOCH_DURATION = 604800;
46	1×	uint32 internal constant EPOCH_VOTING_CUTOFF = 518400;
47
48
49	3×	function setup() internal virtual override {
50	32×	users.push(user);
51	26×	users.push(user2);
52
53	3×	uint256 initialMintAmount = type(uint88).max;
54	41×	lqty = new MockERC20Tester(user, initialMintAmount, "Liquity", "LQTY", 18);
55	41×	lusd = new MockERC20Tester(user, initialMintAmount, "Liquity USD", "LUSD", 18);
56	45×	lqty.mint(user2, initialMintAmount);
57
58	43×	stakingV1 = address(new MockStakingV1(address(lqty)));
59	51×	governance = new Governance(
60	6×	address(lqty),
61	7×	address(lusd),
62		stakingV1,
63		address(lusd), // bold
64	57×	IGovernance.Configuration({
65		registrationFee: REGISTRATION_FEE,
66		registrationThresholdFactor: REGISTRATION_THRESHOLD_FACTOR,
67		unregistrationThresholdFactor: UNREGISTRATION_THRESHOLD_FACTOR,
68		registrationWarmUpPeriod: REGISTRATION_WARM_UP_PERIOD,
69		unregistrationAfterEpochs: UNREGISTRATION_AFTER_EPOCHS,
70		votingThresholdFactor: VOTING_THRESHOLD_FACTOR,
71		minClaim: MIN_CLAIM,
72		minAccrual: MIN_ACCRUAL,
73	1×	epochStart: uint32(block.timestamp),
74		epochDuration: EPOCH_DURATION,
75		epochVotingCutoff: EPOCH_VOTING_CUTOFF
76		}),
77	2×	deployedInitiatives // no initial initiatives passed in because don't have cheatcodes for calculating address where gov will be deployed
78		);
79
80		// deploy proxy so user can approve it
81	81×	userProxy = governance.deployUserProxy();
82	60×	lqty.approve(address(userProxy), initialMintAmount);
83	64×	lusd.approve(address(userProxy), initialMintAmount);
84
85		// approve governance for user's tokens
86	67×	lqty.approve(address(governance), initialMintAmount);
87	67×	lusd.approve(address(governance), initialMintAmount);
88
89		// register one of the initiatives, leave the other for registering/unregistering via TargetFunction
90	57×	initiative1 = IBribeInitiative(address(new BribeInitiative(address(governance), address(lusd), address(lqty))));
91	21×	deployedInitiatives.push(address(initiative1));
92
93	53×	governance.registerInitiative(address(initiative1));
94		}
95
96	5×	function _getDeployedInitiative(uint8 index) internal returns (address initiative) {
97	32×	return deployedInitiatives[index % deployedInitiatives.length];
98		}
99
100		function _getClampedTokenBalance(address token, address holder) internal returns (uint256 balance) {
101		return IERC20(token).balanceOf(holder);
102		}
103
104	3×	function _getRandomUser(uint8 index) internal returns (address randomUser) {
105	11×	return users[index % users.length];
106		}
107
108		}

1
2		// SPDX-License-Identifier: GPL-2.0
3		pragma solidity ^0.8.0;
4
5		import {BaseTargetFunctions} from "@chimera/BaseTargetFunctions.sol";
6		import {vm} from "@chimera/Hevm.sol";
7		import {IERC20Permit} from "openzeppelin-contracts/contracts/token/ERC20/extensions/IERC20Permit.sol";
8		import {console2} from "forge-std/Test.sol";
9
10		import {Properties} from "./Properties.sol";
11		import {GovernanceTargets} from "./targets/GovernanceTargets.sol";
12		import {BribeInitiativeTargets} from "./targets/BribeInitiativeTargets.sol";
13		import {MaliciousInitiative} from "../mocks/MaliciousInitiative.sol";
14		import {BribeInitiative} from "../../src/BribeInitiative.sol";
15		import {ILQTYStaking} from "../../src/interfaces/ILQTYStaking.sol";
16		import {IInitiative} from "../../src/interfaces/IInitiative.sol";
17		import {IUserProxy} from "../../src/interfaces/IUserProxy.sol";
18		import {PermitParams} from "../../src/utils/Types.sol";
19
20
21		abstract contract TargetFunctions is GovernanceTargets, BribeInitiativeTargets {
22
23		// helper to deploy initiatives for registering that results in more bold transferred to the Governance contract
24	6×	function helper_deployInitiative() withChecks public {
25	43×	address initiative = address(new BribeInitiative(address(governance), address(lusd), address(lqty)));
26	29×	deployedInitiatives.push(initiative);
27		}
28
29		// helper to simulate bold accrual in Governance contract
30	11×	function helper_accrueBold(uint88 boldAmount) withChecks public {
31	73×	boldAmount = uint88(boldAmount % lusd.balanceOf(user));
32		// target contract is the user so it can transfer directly
33	69×	lusd.transfer(address(governance), boldAmount);
34		}
35		}

1		// SPDX-License-Identifier: GPL-2.0
2		pragma solidity ^0.8.0;
3
4		import {BeforeAfter} from "../BeforeAfter.sol";
5		import {IBribeInitiative} from "../../../src/interfaces/IBribeInitiative.sol";
6
7		abstract contract BribeInitiativeProperties is BeforeAfter {
8		function _assertionBI01Lqty() internal pure virtual returns (string memory);
9		function _assertionBI01Bold() internal pure virtual returns (string memory);
10		function _assertionBI02() internal pure virtual returns (string memory);
11		function _assertionBI03() internal pure virtual returns (string memory);
12		function _assertionBI04() internal pure virtual returns (string memory);
13		function _assertionBI05BribeDust() internal pure virtual returns (string memory);
14		function _assertionBI05BoldDust() internal pure virtual returns (string memory);
15
16	6×	function invariant_BI01() public returns (bool) {
17	72×	uint16 currentEpoch = governance.epoch();
18	22×	for (uint8 i; i < deployedInitiatives.length; i++) {
19	30×	address initiative = deployedInitiatives[i];
20		// if the bool switches, the user has claimed their bribe for the epoch
21	3×	if (
22	37×	_before.claimedBribeForInitiativeAtEpoch[initiative][user][currentEpoch]
23	40×	!= _after.claimedBribeForInitiativeAtEpoch[initiative][user][currentEpoch]
24	0	) {
25		// calculate user balance delta of the bribe tokens
26	0	uint128 lqtyBalanceDelta = _after.lqtyBalance - _before.lqtyBalance;
27	0	uint128 lusdBalanceDelta = _after.lusdBalance - _before.lusdBalance;
28
29		// calculate balance delta as a percentage of the total bribe for this epoch
30	0	(uint128 bribeBoldAmount, uint128 bribeBribeTokenAmount) =
31	0	IBribeInitiative(initiative).bribeByEpoch(currentEpoch);
32	0	uint128 lqtyPercentageOfBribe = (lqtyBalanceDelta / bribeBribeTokenAmount) * 10_000;
33	0	uint128 lusdPercentageOfBribe = (lusdBalanceDelta / bribeBoldAmount) * 10_000;
34
35		// Shift right by 40 bits (128 - 88) to get the 88 most significant bits
36	0	uint88 lqtyPercentageOfBribe88 = uint88(lqtyPercentageOfBribe >> 40);
37	0	uint88 lusdPercentageOfBribe88 = uint88(lusdPercentageOfBribe >> 40);
38
39		// calculate user allocation percentage of total for this epoch
40	0	uint88 lqtyAllocatedByUserAtEpoch =
41	0	IBribeInitiative(initiative).lqtyAllocatedByUserAtEpoch(user, currentEpoch);
42	0	uint88 totalLQTYAllocatedAtEpoch = IBribeInitiative(initiative).totalLQTYAllocatedByEpoch(currentEpoch);
43	0	uint88 allocationPercentageOfTotal = (lqtyAllocatedByUserAtEpoch / totalLQTYAllocatedAtEpoch) * 10_000;
44
45		// check that allocation percentage and received bribe percentage match
46	0	eq(
47	0	lqtyPercentageOfBribe88,
48	0	allocationPercentageOfTotal,
49	0	_assertionBI01Lqty()
50		);
51	0	eq(
52	0	lusdPercentageOfBribe88,
53	0	allocationPercentageOfTotal,
54	0	_assertionBI01Bold()
55		);
56		}
57		}
58		return true;
59		}
60
61	7×	function invariant_BI02() public returns (bool) {
62	13×	t(!claimedTwice, _assertionBI02());
63		return true;
64		}
65
66	6×	function invariant_BI03() public returns (bool) {
67	72×	uint16 currentEpoch = governance.epoch();
68	25×	for (uint8 i; i < deployedInitiatives.length; i++) {
69	27×	IBribeInitiative initiative = IBribeInitiative(deployedInitiatives[i]);
70	61×	uint88 lqtyAllocatedByUserAtEpoch = initiative.lqtyAllocatedByUserAtEpoch(user, currentEpoch);
71	5×	eq(
72	20×	ghostLqtyAllocationByUserAtEpoch[user],
73		lqtyAllocatedByUserAtEpoch,
74	3×	_assertionBI03()
75		);
76		}
77		return true;
78		}
79
80	8×	function invariant_BI04() public returns (bool) {
81	72×	uint16 currentEpoch = governance.epoch();
82	27×	for (uint8 i; i < deployedInitiatives.length; i++) {
83	28×	IBribeInitiative initiative = IBribeInitiative(deployedInitiatives[i]);
84	56×	uint88 totalLQTYAllocatedAtEpoch = initiative.totalLQTYAllocatedByEpoch(currentEpoch);
85	7×	eq(
86	19×	ghostTotalAllocationAtEpoch[currentEpoch],
87		totalLQTYAllocatedAtEpoch,
88	4×	_assertionBI04()
89		);
90		}
91	4×	return true;
92		}
93
94		// TODO: double check that this implementation is correct
95	6×	function invariant_BI05() public returns (bool) {
96	72×	uint16 currentEpoch = governance.epoch();
97	22×	for (uint8 i; i < deployedInitiatives.length; i++) {
98	30×	address initiative = deployedInitiatives[i];
99		// if the bool switches, the user has claimed their bribe for the epoch
100	3×	if (
101	37×	_before.claimedBribeForInitiativeAtEpoch[initiative][user][currentEpoch]
102	40×	!= _after.claimedBribeForInitiativeAtEpoch[initiative][user][currentEpoch]
103	0	) {
104		// check that the remaining bribe amount left over is less than 100 million wei
105	0	uint256 bribeTokenBalanceInitiative = lqty.balanceOf(initiative);
106	0	uint256 boldTokenBalanceInitiative = lusd.balanceOf(initiative);
107
108	0	lte(
109	0	bribeTokenBalanceInitiative,
110	0	1e8,
111	0	_assertionBI05BribeDust()
112		);
113	0	lte(
114	0	boldTokenBalanceInitiative,
115	0	1e8,
116	0	_assertionBI05BoldDust()
117		);
118		}
119		}
120		return true;
121		}
122		}

1		// SPDX-License-Identifier: GPL-2.0
2		pragma solidity ^0.8.0;
3
4		import {Test} from "forge-std/Test.sol";
5		import {BaseTargetFunctions} from "@chimera/BaseTargetFunctions.sol";
6		import {vm} from "@chimera/Hevm.sol";
7
8		import {IInitiative} from "../../../src/interfaces/IInitiative.sol";
9		import {IBribeInitiative} from "../../../src/interfaces/IBribeInitiative.sol";
10		import {DoubleLinkedList} from "../../../src/utils/DoubleLinkedList.sol";
11		import {Properties} from "../Properties.sol";
12
13
14		abstract contract BribeInitiativeTargets is Test, BaseTargetFunctions, Properties {
15		using DoubleLinkedList for DoubleLinkedList.List;
16
17		// NOTE: initiatives that get called here are deployed but not necessarily registered
18
19	17×	function initiative_depositBribe(uint128 boldAmount, uint128 bribeTokenAmount, uint16 epoch, uint8 initiativeIndex) withChecks public {
20	8×	IBribeInitiative initiative = IBribeInitiative(_getDeployedInitiative(initiativeIndex));
21
22		// clamp token amounts using user balance
23	74×	boldAmount = uint128(boldAmount % lusd.balanceOf(user));
24	74×	bribeTokenAmount = uint128(bribeTokenAmount % lqty.balanceOf(user));
25
26	51×	initiative.depositBribe(boldAmount, bribeTokenAmount, epoch);
27		}
28
29	11×	function initiative_claimBribes(uint16 epoch, uint16 prevAllocationEpoch, uint16 prevTotalAllocationEpoch, uint8 initiativeIndex) withChecks public {
30	8×	IBribeInitiative initiative = IBribeInitiative(_getDeployedInitiative(initiativeIndex));
31
32		// clamp epochs by using the current governance epoch
33	77×	epoch = epoch % governance.epoch();
34	77×	prevAllocationEpoch = prevAllocationEpoch % governance.epoch();
35	77×	prevTotalAllocationEpoch = prevTotalAllocationEpoch % governance.epoch();
36
37	36×	IBribeInitiative.ClaimData[] memory claimData = new IBribeInitiative.ClaimData[](1);
38	44×	claimData[0] = IBribeInitiative.ClaimData({
39	1×	epoch: epoch,
40	1×	prevLQTYAllocationEpoch: prevAllocationEpoch,
41	1×	prevTotalLQTYAllocationEpoch: prevTotalAllocationEpoch
42		});
43
44	67×	bool alreadyClaimed = initiative.claimedBribeAtEpoch(user, epoch);
45
46	43×	initiative.claimBribes(claimData);
47
48		// check if the bribe was already claimed at the given epoch
49	0	if(alreadyClaimed) {
50		// toggle canary that breaks the BI-02 property
51	0	claimedTwice = true;
52		}
53		}
54		}