From 157a3fcd6b34a00cdb6091892797117fce8f9ee3 Mon Sep 17 00:00:00 2001 From: miguelmtz <36620902+miguelmtzinf@users.noreply.github.com> Date: Thu, 7 Dec 2023 21:19:45 +0100 Subject: [PATCH] Add proposal for Gho Incident Report 20231113 (#109) * Add proposal for Gho Incident Report 20231113 (#1) * chore: add payload and deploy script for update of GHO variable debt token * forge install: gho-core * chore: add gho-core to dependency * test: Add tests for update of gho variable token * test: Add tests for update of gho variable token * fix: add modifier in method of interface * fix: remove gho dependency from repo and fix test * fix: Remove unnecesary dependency * fix: Add latest details --------- Co-authored-by: miguelmtzinf * fix: Make new impl constant (#3) * fix: Amend AIP text (#4) * fix: Make new impl constant * fix: Fix AIP text * test: Tweak default tests with borrow cap update (#5) * fix: lint issue (#6) * test: Add diffs from test running (#7) * fix: Add payload address (#8) * fix: Fix payload address in script (#9) * fix: Remove unneeded diff file (#10) --------- Co-authored-by: Parth Patel --- ...hereum_GhoIncidentReport_20231113_after.md | 25 +++++++++ remappings.txt | 2 +- ...veV3Ethereum_GhoIncidentReport_20231113.md | 27 +++++++++ ...3Ethereum_GhoIncidentReport_20231113.s.sol | 55 +++++++++++++++++++ ...eV3Ethereum_GhoIncidentReport_20231113.sol | 29 ++++++++++ ...3Ethereum_GhoIncidentReport_20231113.t.sol | 48 ++++++++++++++++ 6 files changed, 185 insertions(+), 1 deletion(-) create mode 100644 diffs/AaveV3Ethereum_GhoIncidentReport_20231113_before_AaveV3Ethereum_GhoIncidentReport_20231113_after.md create mode 100644 src/20231207_AaveV3Ethereum_GhoIncidentReport_20231126/AaveV3Ethereum_GhoIncidentReport_20231113.md create mode 100644 src/20231207_AaveV3Ethereum_GhoIncidentReport_20231126/AaveV3Ethereum_GhoIncidentReport_20231113.s.sol create mode 100644 src/20231207_AaveV3Ethereum_GhoIncidentReport_20231126/AaveV3Ethereum_GhoIncidentReport_20231113.sol create mode 100644 src/20231207_AaveV3Ethereum_GhoIncidentReport_20231126/AaveV3Ethereum_GhoIncidentReport_20231113.t.sol diff --git a/diffs/AaveV3Ethereum_GhoIncidentReport_20231113_before_AaveV3Ethereum_GhoIncidentReport_20231113_after.md b/diffs/AaveV3Ethereum_GhoIncidentReport_20231113_before_AaveV3Ethereum_GhoIncidentReport_20231113_after.md new file mode 100644 index 000000000..1088d0e5d --- /dev/null +++ b/diffs/AaveV3Ethereum_GhoIncidentReport_20231113_before_AaveV3Ethereum_GhoIncidentReport_20231113_after.md @@ -0,0 +1,25 @@ +## Reserve changes + +### Reserves altered + +#### GHO ([0x40D16FC0246aD3160Ccc09B8D0D3A2cD28aE6C2f](https://etherscan.io/address/0x40D16FC0246aD3160Ccc09B8D0D3A2cD28aE6C2f)) + +| description | value before | value after | +| --- | --- | --- | +| variableDebtTokenImpl | [0x7aa606b1B341fFEeAfAdbbE4A2992EFB35972775](https://etherscan.io/address/0x7aa606b1B341fFEeAfAdbbE4A2992EFB35972775) | [0x20Cb2f303EDe313e2Cc44549Ad8653a5E8c0050e](https://etherscan.io/address/0x20Cb2f303EDe313e2Cc44549Ad8653a5E8c0050e) | + + +## Raw diff + +```json +{ + "reserves": { + "0x40D16FC0246aD3160Ccc09B8D0D3A2cD28aE6C2f": { + "variableDebtTokenImpl": { + "from": "0x7aa606b1B341fFEeAfAdbbE4A2992EFB35972775", + "to": "0x20Cb2f303EDe313e2Cc44549Ad8653a5E8c0050e" + } + } + } +} +``` \ No newline at end of file diff --git a/remappings.txt b/remappings.txt index b3b219556..620a76fc2 100644 --- a/remappings.txt +++ b/remappings.txt @@ -6,4 +6,4 @@ aave-v3-core/=lib/aave-helpers/lib/aave-address-book/lib/aave-v3-core/ aave-v3-periphery/=lib/aave-helpers/lib/aave-address-book/lib/aave-v3-periphery/ ds-test/=lib/aave-helpers/lib/forge-std/lib/ds-test/src/ forge-std/=lib/aave-helpers/lib/forge-std/src/ -solidity-utils/=lib/aave-helpers/lib/solidity-utils/src/ +solidity-utils/=lib/aave-helpers/lib/solidity-utils/src/ \ No newline at end of file diff --git a/src/20231207_AaveV3Ethereum_GhoIncidentReport_20231126/AaveV3Ethereum_GhoIncidentReport_20231113.md b/src/20231207_AaveV3Ethereum_GhoIncidentReport_20231126/AaveV3Ethereum_GhoIncidentReport_20231113.md new file mode 100644 index 000000000..2cf269d2a --- /dev/null +++ b/src/20231207_AaveV3Ethereum_GhoIncidentReport_20231126/AaveV3Ethereum_GhoIncidentReport_20231113.md @@ -0,0 +1,27 @@ +--- +title: "GHO update on Aave V3 Ethereum Pool for 13/11/2023 Report" +author: "Aave Labs @aave" +discussions: "https://governance.aave.com/t/arfc-gho-technical-incident-13-11-2023/15642" +--- + +## Simple Summary + +This proposal patches the GHO integration with the Aave V3 Pool, fixing an issue reported by Immunefi on November 13, 2023. The patch, developed by Aave Labs in collaboration with Certora, upholds the highest safety standards. + +## Motivation + +The proposed patch guarantees a permanent solution for the technical issue that was identified and reported by Immunefi with the GHO integration with the Aave V3 Ethereum Pool. The fix will be implemented without altering any of the existing GHO features within the Aave V3 Pool. + +## Specification + +The proposal payload upgrades the implementation of GhoVariableDebtToken. + +## References + +- GhoVariableDebtToken implementation: [GhoVariableDebtToken](https://etherscan.io/address/0x20cb2f303ede313e2cc44549ad8653a5e8c0050e#code) +- Implementation: [Payload](https://etherscan.io/address/0xbc9ffee8d18d75a412474b92192257d3c18471ff#code) +- [Discussion](https://governance.aave.com/t/arfc-gho-technical-incident-13-11-2023/15642) + +## Copyright + +Copyright and related rights waived via [CC0](https://creativecommons.org/publicdomain/zero/1.0/). diff --git a/src/20231207_AaveV3Ethereum_GhoIncidentReport_20231126/AaveV3Ethereum_GhoIncidentReport_20231113.s.sol b/src/20231207_AaveV3Ethereum_GhoIncidentReport_20231126/AaveV3Ethereum_GhoIncidentReport_20231113.s.sol new file mode 100644 index 000000000..4345823a2 --- /dev/null +++ b/src/20231207_AaveV3Ethereum_GhoIncidentReport_20231126/AaveV3Ethereum_GhoIncidentReport_20231113.s.sol @@ -0,0 +1,55 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.0; + +import {AaveV3Ethereum_GhoIncidentReport_20231113} from './AaveV3Ethereum_GhoIncidentReport_20231113.sol'; +import {GovV3Helpers, IPayloadsControllerCore, PayloadsControllerUtils} from 'aave-helpers/GovV3Helpers.sol'; +import {EthereumScript} from 'aave-helpers/ScriptUtils.sol'; + +/** + * @dev Deploy AaveV3Ethereum_GhoIncidentReport_20231113 + * command: make deploy-ledger contract=src/20231207_AaveV3Ethereum_GhoIncidentReport_20231126/AaveV3Ethereum_GhoIncidentReport_20231113.s.sol:DeployEthereum chain=mainnet + */ +contract DeployEthereum is EthereumScript { + address constant NEW_VGHO_IMPL = 0x20Cb2f303EDe313e2Cc44549Ad8653a5E8c0050e; + + function run() external broadcast { + // deploy payloads + AaveV3Ethereum_GhoIncidentReport_20231113 payload = new AaveV3Ethereum_GhoIncidentReport_20231113(); + + // compose action + IPayloadsControllerCore.ExecutionAction[] + memory actions = new IPayloadsControllerCore.ExecutionAction[](1); + actions[0] = GovV3Helpers.buildAction(address(payload)); + + // register action at payloadsController + GovV3Helpers.createPayload(actions); + } +} + +/** + * @dev Create Proposal + * command: make deploy-ledger contract=src/20231207_AaveV3Ethereum_GhoIncidentReport_20231126/AaveV3Ethereum_GhoIncidentReport_20231113.s.sol:CreateProposal chain=mainnet + */ +contract CreateProposal is EthereumScript { + function run() external { + // create payloads + PayloadsControllerUtils.Payload[] memory payloads = new PayloadsControllerUtils.Payload[](1); + + // compose actions for validation + IPayloadsControllerCore.ExecutionAction[] + memory actionsEthereum = new IPayloadsControllerCore.ExecutionAction[](1); + actionsEthereum[0] = GovV3Helpers.buildAction(0xbC9ffee8d18d75a412474B92192257d3c18471FF); + payloads[0] = GovV3Helpers.buildMainnetPayload(vm, actionsEthereum); + + // create proposal + vm.startBroadcast(); + GovV3Helpers.createProposal2_5( + vm, + payloads, + GovV3Helpers.ipfsHashFile( + vm, + 'src/20231207_AaveV3Ethereum_GhoIncidentReport_20231126/AaveV3Ethereum_GhoIncidentReport_20231113.md' + ) + ); + } +} diff --git a/src/20231207_AaveV3Ethereum_GhoIncidentReport_20231126/AaveV3Ethereum_GhoIncidentReport_20231113.sol b/src/20231207_AaveV3Ethereum_GhoIncidentReport_20231126/AaveV3Ethereum_GhoIncidentReport_20231113.sol new file mode 100644 index 000000000..08fc96cec --- /dev/null +++ b/src/20231207_AaveV3Ethereum_GhoIncidentReport_20231126/AaveV3Ethereum_GhoIncidentReport_20231113.sol @@ -0,0 +1,29 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.0; + +import {ConfiguratorInputTypes} from 'aave-address-book/AaveV3.sol'; +import {IERC20} from 'forge-std/interfaces/IERC20.sol'; +import {AaveV3Ethereum, AaveV3EthereumAssets} from 'aave-address-book/AaveV3Ethereum.sol'; + +/** + * @title GHO update on Aave V3 Ethereum Pool for 13/11/2023 Report + * @dev Upgrades the implementation of the GhoVariableDebtToken contract + * @author Aave Labs (@aave) + * - Discussion: https://governance.aave.com/t/arfc-gho-technical-incident-13-11-2023/15642 + */ +contract AaveV3Ethereum_GhoIncidentReport_20231113 { + address public constant NEW_VGHO_IMPL = 0x20Cb2f303EDe313e2Cc44549Ad8653a5E8c0050e; + + function execute() external { + AaveV3Ethereum.POOL_CONFIGURATOR.updateVariableDebtToken( + ConfiguratorInputTypes.UpdateDebtTokenInput({ + asset: AaveV3EthereumAssets.GHO_UNDERLYING, + incentivesController: AaveV3Ethereum.DEFAULT_INCENTIVES_CONTROLLER, + name: IERC20(AaveV3EthereumAssets.GHO_V_TOKEN).name(), + symbol: IERC20(AaveV3EthereumAssets.GHO_V_TOKEN).symbol(), + implementation: NEW_VGHO_IMPL, + params: bytes('') + }) + ); + } +} diff --git a/src/20231207_AaveV3Ethereum_GhoIncidentReport_20231126/AaveV3Ethereum_GhoIncidentReport_20231113.t.sol b/src/20231207_AaveV3Ethereum_GhoIncidentReport_20231126/AaveV3Ethereum_GhoIncidentReport_20231113.t.sol new file mode 100644 index 000000000..dcbfb4659 --- /dev/null +++ b/src/20231207_AaveV3Ethereum_GhoIncidentReport_20231126/AaveV3Ethereum_GhoIncidentReport_20231113.t.sol @@ -0,0 +1,48 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.0; + +import 'forge-std/Test.sol'; +import {AaveV3EthereumAssets, AaveV3Ethereum} from 'aave-address-book/AaveV3Ethereum.sol'; +import {ProtocolV3TestBase} from 'aave-helpers/ProtocolV3TestBase.sol'; +import {IPoolConfigurator} from 'aave-address-book/AaveV3.sol'; +import {AaveV3Ethereum_GhoIncidentReport_20231113} from './AaveV3Ethereum_GhoIncidentReport_20231113.sol'; + +interface IGhoVariableDebtTokenHelper { + function DEBT_TOKEN_REVISION() external view returns (uint256); +} + +/** + * @dev Test for AaveV3Ethereum_GhoIncidentReport_20231113 + * command: make test-contract filter=AaveV3Ethereum_GhoIncidentReport_20231113 + */ +contract AaveV3Ethereum_GhoIncidentReport_20231113_Test is ProtocolV3TestBase { + address constant NEW_VGHO_IMPL = 0x20Cb2f303EDe313e2Cc44549Ad8653a5E8c0050e; + + AaveV3Ethereum_GhoIncidentReport_20231113 internal proposal; + + function setUp() public { + vm.createSelectFork(vm.rpcUrl('mainnet'), 18722500); + proposal = new AaveV3Ethereum_GhoIncidentReport_20231113(); + } + + function test_defaultProposalExecution() public { + // increase GHO borrow cap so test borrows can succeed + vm.prank(AaveV3Ethereum.CAPS_PLUS_RISK_STEWARD); + AaveV3Ethereum.POOL_CONFIGURATOR.setBorrowCap(AaveV3Ethereum.GHO_TOKEN, 36_000_000); + defaultTest( + 'AaveV3Ethereum_GhoIncidentReport_20231113', + AaveV3Ethereum.POOL, + address(proposal) + ); + } + + function test_debtTokenRevisionUpdate() public { + assertTrue( + IGhoVariableDebtTokenHelper(AaveV3EthereumAssets.GHO_V_TOKEN).DEBT_TOKEN_REVISION() == 0x2 + ); + executePayload(vm, address(proposal)); + assertTrue( + IGhoVariableDebtTokenHelper(AaveV3EthereumAssets.GHO_V_TOKEN).DEBT_TOKEN_REVISION() == 0x3 + ); + } +}