For CI, deploy to Arbitrum Sepolia instead of Base Sepolia

.github/workflows/ci-dev-contracts.yml

@@ -10,7 +10,6 @@ on:
     branches:
       - "main*"
       - "development*"
-      - "ops*"
     paths:
       - "packages/contracts/**"
       - ".github/workflows/ci-dev-contracts.yml"
@@ -46,14 +45,14 @@ jobs:
     environment: testnet
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           submodules: recursive
 
       - name: Install Foundry
         uses: foundry-rs/foundry-toolchain@v1
         with:
-          version: nightly
+          version: nightly-f625d0fa7c51e65b4bf1e8f7931cd1c6e2e285e9
 
       # re-run the tests here on purpose to ensure quality.
       - name: Run tests
@@ -79,7 +78,8 @@ jobs:
         run: yarn deploy:ci
         env:
           ENVIRONMENT: "testnet"
-          DEPLOYER_PRIVATE_KEY: ${{ secrets.BASE_SEPOLIA_DEPLOYER_PRIVATE_KEY }}
+          DEPLOYER_PRIVATE_KEY: ${{ secrets.ARBITRUM_SEPOLIA_DEPLOYER_PRIVATE_KEY }}
+          ARBITRUM_SEPOLIA_ETHERSCAN_API_KEY: ${{ secrets.ARBITRUM_SEPOLIA_ETHERSCAN_API_KEY }}
+          ETHERSCAN_API_KEY: ${{ secrets.ARBITRUM_SEPOLIA_ETHERSCAN_API_KEY }}
           ALCHEMY_API_KEY: ${{ secrets.TESTNET_ALCHEMY_API_KEY }}
-          BASE_SEPOLIA_ETHERSCAN_API_KEY: ${{ secrets.BASE_SEPOLIA_ETHERSCAN_API_KEY }}
           SUPABASE_SERVICE_ROLE_KEY: ${{ secrets.TEST_SUPABASE_SERVICE_ROLE_KEY }}

packages/contracts/CBL_README.md

@@ -112,3 +112,9 @@ error CBL__InvalidOwnerAddress();
 error CBL__InvalidMinterAddress();
 ```
 
+## Roadmap - Future Features
+
+### Governance & Governance Token ($gCBL) Contract
+
+Governance will be implemented in a separate Governance Token ($gCBL) smart contract.   The $gCBL contract will include functions 
+related to governance and voting.  Users lock $CBL to receive Governance Tokens ($gCBL) in return.

packages/contracts/Makefile

@@ -1,43 +1,44 @@
-# NOTE (JL,2024-05-20): Hierarchical Environment loading does not simply work with `make`. A custom 
-#	solution may be possible, but given that `forge` auto-loads any `.env` file in the invocation 
+# NOTE (JL,2024-05-20): Hierarchical Environment loading does not simply work with `make`. A custom
+#	solution may be possible, but given that `forge` auto-loads any `.env` file in the invocation
 #	directory and our deployment scripts depend on this, it seems unnecessary to change this now.
 -include .env
 
-build:; forge build
+DEPLOY_SCRIPT ?= script/DeployVaultFactory.s.sol:DeployVaultFactory
 
-anvil: anvil
+# How the deployer is authenticated. Can override to use `cast wallet` output or `--account x --password y` etc.
+DEPLOYER_AUTHENTICATION ?= --private-key $(DEPLOYER_PRIVATE_KEY)
 
 deploy-local:
 	$(MAKE) deploy RPC_URL=localhost EXTRA_FLAGS=
 
-# TODO: change this to use the network config from foundry.toml
-deploy-arbSepolia:
+deploy-arbitrumSepolia:
 	$(MAKE) deploy RPC_URL=arbitrumSepolia EXTRA_FLAGS="--verify --slow"
 
-resume-arbSepolia:
+resume-arbitrumSepolia:
 	$(MAKE) deploy RPC_URL=arbitrumSepolia EXTRA_FLAGS="--verify --slow --resume"
 
 deploy-baseSepolia:
 	$(MAKE) deploy RPC_URL=baseSepolia EXTRA_FLAGS="--verify --slow"
 
-# NOTE (JL,2024-05-20): `forge` auto-includes any `.env` file in the invocation directory.
-deploy:
-	@echo "Running deploy '$(RPC_URL)' for '$(ENVIRONMENT)' environment."
-	@rm -rf out && \
-	forge script script/DeployVaultFactory.s.sol:DeployVaultFactory --rpc-url $(RPC_URL) \
-		--private-key $(DEPLOYER_PRIVATE_KEY) --broadcast $(EXTRA_FLAGS) -vvvv && \
-	yarn gen-types && \
-	yarn db-export
-
 # TODO: add --verifier flag.  forge isn't happy --etherscan-api-key is empty.
 deploy-bitlayerTestnet:
 	$(MAKE) deploy RPC_URL="https://testnet-rpc.bitlayer.org" \
-	EXTRA_FLAGS='--etherscan-api-key "" --verifier-url "https://testnet-scan.bitlayer.org" --legacy --slow'
+		EXTRA_FLAGS='--etherscan-api-key "" --verifier-url "https://testnet-scan.bitlayer.org" --legacy --slow'
 
+# NOTE (JL,2024-05-20): `forge` auto-includes any `.env` file in the invocation directory.
+# NOTE (JL,2024-08-08): For verification, ensure that ETHERSCAN_API_KEY is explicitly set.
+# NOTE (JL,2024-08-08): We run a `clean` and `build` to ensure the local build state is consistent.
+deploy:
+	@echo "Running deploy script '$(DEPLOY_SCRIPT)' against '$(RPC_URL)' for '$(ENVIRONMENT)' environment."
+	@yarn clean
+	@yarn build
+	@forge script $(DEPLOY_SCRIPT) --rpc-url $(RPC_URL) $(DEPLOYER_AUTHENTICATION) --broadcast $(EXTRA_FLAGS) -vvvv
+	@yarn db-export
+
+# NOTE (JL,2024-08-08): Verify is a 'recovery' operation, requiring the `broadcast` directory contrents. So, no `clean`.
+#	Also, as such, we run `db-export` afterwards in case it resumed Contract Deployment.
 verify:
-	@echo "Running verify '$(RPC_URL)' for '$(ENVIRONMENT)' environment."
-	rm -rf out && \
-	forge script script/DeployVaultFactory.s.sol:DeployVaultFactory --rpc-url $(RPC_URL) \
-		--private-key $(DEPLOYER_PRIVATE_KEY) --verify --resume -vvvv && \
-	yarn gen-types && \
-	yarn db-export
+	@echo "Running verify of script '$(DEPLOY_SCRIPT)' against '$(RPC_URL)' for '$(ENVIRONMENT)' environment."
+	@yarn build
+	@forge script $(DEPLOY_SCRIPT) --rpc-url $(RPC_URL) $(DEPLOYER_AUTHENTICATION) --verify --resume -vvvv
+	@yarn db-export

packages/contracts/foundry.toml

@@ -3,7 +3,7 @@ src = "src"
 out = "out"
 libs = ["lib"]
 fs_permissions = [{ access = "read-write", path = "./" }]
-solc_version="0.8.23"
+solc_version = "0.8.23"
 
 [fmt]
 bracket_spacing = true
@@ -25,9 +25,9 @@ bitlayerTestnet = "https://testnet-rpc.bitlayer.org"
 
 
 [etherscan]
-localhost = { key = "" , url="http://127.0.0.1:8545"}
+localhost = { key = "", url = "http://127.0.0.1:8545" }
 base = { key = "${BASE_ETHERSCAN_API_KEY}" }
 baseSepolia = { key = "${BASE_SEPOLIA_ETHERSCAN_API_KEY}" }
-arbitrumSepolia = { key = "${ARB_SEPOLIA_ETHERSCAN_API_KEY}", url = "https://api-sepolia.arbiscan.io/api", chain=421614 }
-bitlayer = { key = "bitlayer", url="https://rpc.bitlayer.org" }
-bitlayerTestnet = { key = "bitlayerTestnet", url="https://testnet-scan.bitlayer.org" }
+arbitrumSepolia = { key = "${ARBITRUM_SEPOLIA_ETHERSCAN_API_KEY}", url = "https://api-sepolia.arbiscan.io/api?", chain = 421614 }
+bitlayer = { key = "bitlayer", url = "https://rpc.bitlayer.org" }
+bitlayerTestnet = { key = "bitlayerTestnet", url = "https://testnet-scan.bitlayer.org" }

packages/contracts/package.json

@@ -8,15 +8,15 @@
     "chain": "yarn rm-dbdata && anvil --config-out localhost.json",
     "clean": "forge clean && rm -rf broadcast cache deployments types localhost.json index.js",
     "dev": "yarn rm-dbdata && anvil --config-out localhost.json & make deploy-local",
-    "build": "forge build && yarn gen-types",
+    "build": "forge build && yarn gen-types && tsc",
     "test": "forge test",
     "format": "forge fmt && prettier './script/**/*.js' --write",
     "lint": "forge fmt && eslint --fix --ignore-path .gitignore && yarn solhint './*(test|src)/**/*.sol'",
     "db-check": "tsc && node ./script/utils/checkDb.js",
     "db-export": "tsc && node ./script/utils/exporter.js",
     "deploy": "make deploy-local",
-    "deploy:ci": "yarn db-export && make deploy-baseSepolia",
-    "gen-types": "yarn typechain --target ethers-v5 --out-dir ./types ./out/*.sol/*.json && tsc",
+    "deploy:ci": "make deploy-arbitrumSepolia",
+    "gen-types": "yarn typechain --target ethers-v5 --out-dir ./types ./out/*.sol/*.json",
     "postinstall": "yarn build && yarn gen-types"
   },
   "packageManager": "[email protected]",
@@ -28,7 +28,7 @@
     "eslint-config-prettier": "^9.1.0",
     "eslint-plugin-prettier": "^5.1.3",
     "prettier": "^3.2.2",
-    "solhint": "^5.0.1",
+    "solhint": "^5.0.3",
     "typechain": "^8.3.2",
     "typescript": "^5.4.5"
   },

packages/contracts/resource/testnet.toml

@@ -4,7 +4,7 @@
 
 [evm]
 # blockchain id, e.g. baseSepolia=84532, arbSepolia=421614
-chain_id = 84532
+chain_id = 421614
 deploy_mocks = true
 
 [evm.address]

packages/contracts/script/utils/exporter.js

@@ -102,6 +102,7 @@ async function clearExistingData(client) {
     await exportAddress(loadConfiguration());
   } catch (e) {
     console.log(e);
+    process.exitCode = 1;
   } finally {
     console.log(`Finished exporting contracts`);
   }

packages/contracts/src/CredbullFixedYieldVaultFactory.sol

@@ -19,8 +19,9 @@ contract CredbullFixedYieldVaultFactory is VaultFactory {
     { }
 
     /**
-     * @notice - Function to create a new vault. Should be called only by the owner
-     * @param params - The VaultParams
+     * @notice Function to create a new vault.
+     * @param params The [VaultParams] that defines the [Vault] to create.
+     * @param options A [string] of options, emitted in the [VaultDeployed] event.
      */
     function createVault(CredbullFixedYieldVault.FixedYieldVaultParams memory params, string memory options)
         public

packages/contracts/src/factory/VaultFactory.sol

@@ -14,6 +14,21 @@ abstract contract VaultFactory is AccessControl {
     /// @notice Error to revert if custodian is not allowed
     error CredbullVaultFactory__CustodianNotAllowed();
 
+    /// @notice Error to indicate that the provided owner address is invalid.
+    error CredbullVaultFactory__InvalidOwnerAddress();
+
+    /// @notice Error to indicate that the provided operator address is invalid.
+    error CredbullVaultFactory__InvalidOperatorAddress();
+
+    /// @notice Error to indicate that the provided custodian address is invalid.
+    error CredbullVaultFactory__InvalidCustodianAddress();
+
+    /// @notice Event to emit when a new custodian is allowed
+    event CustodianAllowed(address indexed custodian);
+
+    /// @notice Event to emit when a custodian is removed
+    event CustodianRemoved(address indexed custodian);
+
     /// @notice Address set that contains list of all vault address
     EnumerableSet.AddressSet internal allVaults;
 
@@ -29,12 +44,22 @@ abstract contract VaultFactory is AccessControl {
      * @param custodians - Initial set of custodians allowable for the vaults
      */
     constructor(address owner, address operator, address[] memory custodians) {
+        if (owner == address(0)) {
+            revert CredbullVaultFactory__InvalidOwnerAddress();
+        }
+
+        if (operator == address(0)) {
+            revert CredbullVaultFactory__InvalidOperatorAddress();
+        }
         _grantRole(DEFAULT_ADMIN_ROLE, owner);
         _grantRole(OPERATOR_ROLE, operator);
 
         // set the allowed custodians directly in the constructor, without access restriction
         bool[] memory result = new bool[](custodians.length);
         for (uint256 i = 0; i < custodians.length; i++) {
+            if (custodians[i] == address(0)) {
+                revert CredbullVaultFactory__InvalidCustodianAddress();
+            }
             result[i] = allowedCustodians.add(custodians[i]);
         }
     }
@@ -58,13 +83,19 @@ abstract contract VaultFactory is AccessControl {
 
     /// @notice Add custodian address to the set
     function allowCustodian(address _custodian) public onlyRole(DEFAULT_ADMIN_ROLE) returns (bool) {
+        if (_custodian == address(0)) {
+            revert CredbullVaultFactory__InvalidCustodianAddress();
+        }
+
+        emit CustodianAllowed(_custodian);
         return allowedCustodians.add(_custodian);
     }
 
     /// @notice Remove custodian address from the set
     function removeCustodian(address _custodian) public onlyRole(DEFAULT_ADMIN_ROLE) {
         if (allowedCustodians.contains(_custodian)) {
             allowedCustodians.remove(_custodian);
+            emit CustodianRemoved(_custodian);
         }
     }
 

packages/contracts/src/plugin/MaxCapPlugin.sol

@@ -6,6 +6,12 @@ pragma solidity ^0.8.20;
 abstract contract MaxCapPlugin {
     error CredbullVault__MaxCapReached();
 
+    /// @notice Event emitted when the max cap is updated
+    event MaxCapUpdated(uint256 indexed maxCap);
+
+    /// @notice Event emitted when the max cap check is updated
+    event MaxCapCheckUpdated(bool indexed checkMaxCap);
+
     /// @notice - Params for the MaxCap Plugin
     struct MaxCapPluginParams {
         uint256 maxCap;
@@ -33,12 +39,16 @@ abstract contract MaxCapPlugin {
     }
 
     /// @notice - Toggle the max cap check status
-    function _toggleMaxCapCheck(bool status) internal virtual {
-        checkMaxCap = status;
+    function _setCheckMaxCap(bool _checkMaxCapStatus) internal virtual {
+        checkMaxCap = _checkMaxCapStatus;
+
+        emit MaxCapCheckUpdated(checkMaxCap);
     }
 
     /// @notice - Update the max cap value
     function _updateMaxCap(uint256 _value) internal virtual {
         maxCap = _value;
+
+        emit MaxCapUpdated(maxCap);
     }
 }

packages/contracts/src/plugin/WhiteListPlugin.sol

@@ -11,40 +11,44 @@ abstract contract WhiteListPlugin {
     /// @notice Error to revert if the address is not whiteListed
     error CredbullVault__NotWhiteListed(address, uint256);
 
+    /// @notice Event emitted when the whiteList check is updated
+    event WhiteListCheckUpdated(bool indexed checkWhiteList);
+
     /// @notice - Params for the WhiteList Plugin
     struct WhiteListPluginParams {
         address whiteListProvider;
         uint256 depositThresholdForWhiteListing;
     }
 
     /// @notice - Address of the White List Provider.
-    IWhiteListProvider public whiteListProvider;
+    IWhiteListProvider public immutable WHITELIST_PROVIDER;
 
     /// @notice - Flag to check for whiteList
     bool public checkWhiteList;
 
     /// @notice - Deposit threshold amount to check for whiteListing
-    uint256 public depositThresholdForWhiteListing;
+    uint256 public immutable DEPOSIT_THRESHOLD_FOR_WHITE_LISTING;
 
     constructor(WhiteListPluginParams memory params) {
         if (params.whiteListProvider == address(0)) {
             revert CredbullVault__InvalidWhiteListProviderAddress(params.whiteListProvider);
         }
 
-        whiteListProvider = IWhiteListProvider(params.whiteListProvider);
+        WHITELIST_PROVIDER = IWhiteListProvider(params.whiteListProvider);
         checkWhiteList = true; // Set the check to true by default
-        depositThresholdForWhiteListing = params.depositThresholdForWhiteListing;
+        DEPOSIT_THRESHOLD_FOR_WHITE_LISTING = params.depositThresholdForWhiteListing;
     }
 
     /// @notice - Function to check for whiteListed address
     function _checkIsWhiteListed(address receiver, uint256 amount) internal view virtual {
-        if (checkWhiteList && amount >= depositThresholdForWhiteListing && !whiteListProvider.status(receiver)) {
+        if (checkWhiteList && amount >= DEPOSIT_THRESHOLD_FOR_WHITE_LISTING && !WHITELIST_PROVIDER.status(receiver)) {
             revert CredbullVault__NotWhiteListed(receiver, amount);
         }
     }
 
     /// @notice - Function to toggle check for whiteListed address
-    function _toggleWhiteListCheck(bool status) internal virtual {
-        checkWhiteList = status;
+    function _toggleWhiteListCheck() internal virtual {
+        checkWhiteList = !checkWhiteList;
+        emit WhiteListCheckUpdated(checkWhiteList);
     }
 }