Merge pull request #22 from lombard-finance/feat/audit-2

update contracts
lombard-finance · Oct 10, 2024 · 438ddbf · 438ddbf
2 parents 6e5e9cd + f44febd
commit 438ddbf
Show file tree

Hide file tree

Showing 12 changed files with 26 additions and 43 deletions.
diff --git a/contracts/LBTC/ILBTC.sol b/contracts/LBTC/ILBTC.sol
@@ -12,9 +12,7 @@ interface ILBTC {
     error BadDestination();
     error KnownDestination();
     error UnknownDestination();
-    error BadCommission();
     error ScriptPubkeyUnsupported();
-    error AmountTooSmallToPayRelativeFee();
     error AmountLessThanCommission(uint256 fee);
     error AmountBelowDustLimit(uint256 dustLimit);
     error InvalidDustFeeRate();

diff --git a/contracts/LBTC/LBTC.sol b/contracts/LBTC/LBTC.sol
@@ -1,8 +1,6 @@
 // SPDX-License-Identifier: MIT
 pragma solidity 0.8.24;
 
-import {SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
-import {IERC20Metadata} from "@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol";
 import {ERC20Upgradeable, IERC20} from "@openzeppelin/contracts-upgradeable/token/ERC20/ERC20Upgradeable.sol";
 import {ERC20PausableUpgradeable} from "@openzeppelin/contracts-upgradeable/token/ERC20/extensions/ERC20PausableUpgradeable.sol";
 import {ERC20PermitUpgradeable} from "@openzeppelin/contracts-upgradeable/token/ERC20/extensions/ERC20PermitUpgradeable.sol";
@@ -11,10 +9,10 @@ import {ReentrancyGuardUpgradeable} from "@openzeppelin/contracts-upgradeable/ut
 import { BitcoinUtils, OutputType } from "../libs/BitcoinUtils.sol";
 import { IBascule } from "../bascule/interfaces/IBascule.sol";
 import { FeeUtils } from "../libs/FeeUtils.sol";
-import "./ILBTC.sol";
-import "../libs/OutputCodec.sol";
-import "../libs/BridgeDepositCodec.sol";
-import "../libs/EIP1271SignatureUtils.sol";
+import {ILBTC} from "./ILBTC.sol";
+import {OutputCodec, OutputWithPayload} from "../libs/OutputCodec.sol";
+import {BridgeDepositCodec, BridgeDepositPayload} from "../libs/BridgeDepositCodec.sol";
+import {EIP1271SignatureUtils} from "../libs/EIP1271SignatureUtils.sol";
 
 /**
  * @title ERC20 representation of Lombard Staked Bitcoin
@@ -83,11 +81,11 @@ contract LBTC is ILBTC, ERC20PausableUpgradeable, Ownable2StepUpgradeable, Reent
         _changeBurnCommission(burnCommission_);
     }
 
-    function initialize(address consortium_, uint64 burnCommission_, address owner) external initializer {
+    function initialize(address consortium_, uint64 burnCommission_, address owner_) external initializer {
         __ERC20_init("LBTC", "LBTC");
         __ERC20Pausable_init();
 
-        __Ownable_init(owner);
+        __Ownable_init(owner_);
         __Ownable2Step_init();
 
         __ReentrancyGuard_init();

diff --git a/contracts/bascule/Bascule.sol b/contracts/bascule/Bascule.sol
@@ -1,11 +1,10 @@
 // SPDX-License-Identifier: MIT
 // Compatible with OpenZeppelin Contracts ^5.0.0
-pragma solidity ^0.8.24;
+pragma solidity 0.8.24;
 
-import "@openzeppelin/contracts/utils/Pausable.sol";
-import "@openzeppelin/contracts/access/AccessControl.sol";
-import "@openzeppelin/contracts/access/extensions/AccessControlDefaultAdminRules.sol";
-import "./interfaces/IBascule.sol";
+import {Pausable} from "@openzeppelin/contracts/utils/Pausable.sol";
+import {AccessControlDefaultAdminRules} from "@openzeppelin/contracts/access/extensions/AccessControlDefaultAdminRules.sol";
+import {IBascule} from "./interfaces/IBascule.sol";
 
 /// Bascule contract for preventing bridge hacks from hitting the chain.
 /// This is the on-chain component of an off-chain/on-chain system.

diff --git a/contracts/bascule/interfaces/IBascule.sol b/contracts/bascule/interfaces/IBascule.sol
@@ -1,6 +1,6 @@
 // SPDX-License-Identifier: MIT
 // Compatible with OpenZeppelin Contracts ^5.0.0
-pragma solidity ^0.8.24;
+pragma solidity 0.8.24;
 
 /// Interface of the Bascule contract as used by on-chain contracts.
 /// @custom:security-contact [email protected]

diff --git a/contracts/consortium/LombardConsortium.sol b/contracts/consortium/LombardConsortium.sol
@@ -1,10 +1,10 @@
 // SPDX-License-Identifier: MIT
 pragma solidity 0.8.24;
 
-import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
-import "@openzeppelin/contracts/interfaces/IERC1271.sol";
-import "@openzeppelin/contracts-upgradeable/access/Ownable2StepUpgradeable.sol";
-import "../libs/EIP1271SignatureUtils.sol";
+import {ECDSA} from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
+import {IERC1271} from "@openzeppelin/contracts/interfaces/IERC1271.sol";
+import {Ownable2StepUpgradeable} from "@openzeppelin/contracts-upgradeable/access/Ownable2StepUpgradeable.sol";
+import {EIP1271SignatureUtils} from "../libs/EIP1271SignatureUtils.sol";
 
 /**
  * @title The contract utilize consortium governance functions

diff --git a/contracts/consortium/LombardTimeLock.sol b/contracts/consortium/LombardTimeLock.sol
@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: MIT
 pragma solidity 0.8.24;
 
-import "@openzeppelin/contracts/governance/TimelockController.sol";
+import {TimelockController} from "@openzeppelin/contracts/governance/TimelockController.sol";
 
 /**
  * @title Use for Consortium 

diff --git a/contracts/Factory/ProxyFactory.sol → contracts/factory/ProxyFactory.sol b/contracts/Factory/ProxyFactory.sol → contracts/factory/ProxyFactory.sol
@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-pragma solidity ^0.8.24;
+pragma solidity 0.8.24;
 
 import {CREATE3} from "solmate/src/utils/CREATE3.sol";
 import {TransparentUpgradeableProxy} from "@openzeppelin/contracts/proxy/transparent/TransparentUpgradeableProxy.sol";

diff --git a/contracts/libs/EIP1271SignatureUtils.sol b/contracts/libs/EIP1271SignatureUtils.sol
@@ -1,9 +1,8 @@
 // SPDX-License-Identifier: MIT
 pragma solidity 0.8.24;
 
-import "@openzeppelin/contracts/interfaces/IERC1271.sol";
-import "@openzeppelin/contracts/utils/Address.sol";
-import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
+import {IERC1271} from "@openzeppelin/contracts/interfaces/IERC1271.sol";
+import {ECDSA} from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
 
 /**
  * @title Library of utilities for making EIP1271-compliant signature checks.

diff --git a/contracts/libs/OutputCodec.sol b/contracts/libs/OutputCodec.sol
@@ -1,8 +1,6 @@
 // SPDX-License-Identifier: MIT
 pragma solidity 0.8.24;
 
-
-
 struct OutputWithPayload {
     uint256 chainId;
     address to;
@@ -11,7 +9,6 @@ struct OutputWithPayload {
     uint32 index;
 }
 
-
 library OutputCodec {
     error WrongDataLength();
     error WrongChainIdEncoding();

diff --git a/contracts/mock/BasculeMock.sol b/contracts/mock/BasculeMock.sol
diff --git a/contracts/mock/WBTCMock.sol b/contracts/mock/WBTCMock.sol
@@ -1,8 +1,7 @@
 // SPDX-License-Identifier: MIT
 pragma solidity 0.8.24;
 
-import { SafeERC20 } from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
-import { ERC20Upgradeable, IERC20 } from "@openzeppelin/contracts-upgradeable/token/ERC20/ERC20Upgradeable.sol";
+import { ERC20Upgradeable } from "@openzeppelin/contracts-upgradeable/token/ERC20/ERC20Upgradeable.sol";
 
 /**
  * @title Mock implementation of WBTC token

diff --git a/contracts/pmm/BTCB/BTCB.sol b/contracts/pmm/BTCB/BTCB.sol
@@ -5,17 +5,15 @@ import {PausableUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/Pau
 import {AccessControlUpgradeable} from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol";
 import {IERC20Metadata} from "@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol";
 import {SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
-import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
 import {FeeUtils} from "../../../contracts/libs/FeeUtils.sol";
 
-interface ILBTC {
+interface ILBTC is IERC20Metadata {
     function mint(address to, uint256 amount) external;
-    function transfer(address to, uint256 amount) external;
-    function decimals() external view returns (uint256);
 }
 
 contract BTCBPMM is PausableUpgradeable, AccessControlUpgradeable {
     using SafeERC20 for IERC20Metadata;
+    using SafeERC20 for ILBTC;
 
     struct PMMStorage {
         IERC20Metadata btcb;
@@ -28,7 +26,7 @@ contract BTCBPMM is PausableUpgradeable, AccessControlUpgradeable {
         address withdrawAddress;
         uint16 relativeFee;
     }
-
+    
     bytes32 public constant PAUSER_ROLE = keccak256("PAUSER_ROLE");
 
     // keccak256(abi.encode(uint256(keccak256("lombardfinance.storage.BTCBPMM")) - 1)) & ~bytes32(uint256(0xff))
@@ -53,7 +51,7 @@ contract BTCBPMM is PausableUpgradeable, AccessControlUpgradeable {
         PMMStorage storage $ = _getPMMStorage();
         $.stakeLimit = _stakeLimit;
         $.withdrawAddress = withdrawAddress;
-
+        
         $.lbtc = ILBTC(_lbtc);
         $.btcb = IERC20Metadata(_btcb);
         $.relativeFee = _relativeFee;
@@ -100,12 +98,12 @@ contract BTCBPMM is PausableUpgradeable, AccessControlUpgradeable {
 
     function withdrawBTCB(uint256 amount) external whenNotPaused onlyRole(DEFAULT_ADMIN_ROLE) {
         PMMStorage storage $ = _getPMMStorage();
-        $.btcb.transfer($.withdrawAddress, amount);
+        $.btcb.safeTransfer($.withdrawAddress, amount); 
     }
 
     function withdrawLBTC(uint256 amount) external whenNotPaused onlyRole(DEFAULT_ADMIN_ROLE) {
         PMMStorage storage $ = _getPMMStorage();
-        $.lbtc.transfer($.withdrawAddress, amount);
+        $.lbtc.safeTransfer($.withdrawAddress, amount); 
     }
 
     function setWithdrawalAddress(address newWithdrawAddress) external onlyRole(DEFAULT_ADMIN_ROLE) {