eBTC Rate Provider

Fixes #134

.github/ISSUE_TEMPLATE/review-request.yml

@@ -31,15 +31,23 @@ body:
     id: contract
     attributes:
       label: Contract Source Code
-      description: Please link to the verified contract deployment on etherscan. If not yet deployed, please link to the contract source on GitHub.
-      placeholder: https://etherscan.io/address/0xBA12222222228d8Ba445958a75a0704d566BF2C8#code
+      description: Please link to the verified contract deployment on the block explorer. If not yet deployed, please link to the contract source on GitHub.
+      placeholder: https://etherscan.io/address/0x1a8f81c256aee9c640e14bb0453ce247ea0dfe6f#code
     validations:
       required: true
+  - type: input
+    id: asset-contract
+    attributes:
+      label: Asset Contract Source Code
+      description: Please link to the verified contract deployment of the underlying asset this rate provider corresponds to on the block explorer.
+      placeholder: https://etherscan.io/address/0xae78736cd615f374d3085123a210448e74fc6393#code
+    validations:
+      required: false
   - type: textarea
     id: more-links
     attributes:
       label: Additional Links
-      description: If this contract has multiple instances or is deployed to multiple networks, please provide the remaining links here.
+      description: If this contract has multiple instances or is deployed to multiple networks, please provide the remaining links for both the contract and the corresponding assets here.
       placeholder: https://etherscan.io/address/0xBA12222222228d8Ba445958a75a0704d566BF2C8#code
     validations:
       required: false
@@ -73,3 +81,11 @@ body:
           required: true
         - label: If upgradeable, the contract's administrator is not an EOA.
           required: true
+  - type: textarea
+    id: comments
+    attributes:
+      label: Additional Comments & Clarifications
+      description: If the submitted contract(s) or their dependencies require additional comments or clarifications, please provide them here.
+      placeholder: This contract currently appears to be upgradeable by an EOA, but will be transferred to a 3/5 safe before pool deployment.
+    validations:
+      required: false

README.md

@@ -3,3 +3,20 @@
 A collection of smart contract code reviews performed upon friendly request.
 
 NOTHING IN THIS REPOSITORY CONSTITUTES A FORMAL AUDIT, AND CODE SHOULD NEVER BE DEPLOYED TO PRODUCTION WITHOUT A FORMAL AUDIT. REVIEWERS ARE HUMAN; MISTAKES WILL BE MADE AND BUGS MISSED. REVIEWERS ARE NOT LIABLE FOR ANY INCIDENT THAT OCCURS POST-REVIEW. THIS IS MERELY A FRIENDLY PEER-REVIEW SERVICE AND SHOULD NOT BE TREATED AS A STAMP OF APPROVAL. REVIEWED CODE IS NOT NECESSARILY BUG-FREE. ALWAYS TRIPLE-CHECK BEFORE INTERACTING WITH SMART CONTRACTS, AND DO NOT TRUST REVIEWERS ON THE BASIS OF REPUTATION ALONE.
+
+Rate Provider Factories for reference
+
+| Network    | ChainlinkRateProviderFactory               | ERC4626RateProviderFactory                 |
+| ---------- | ------------------------------------------ | ------------------------------------------ |
+| Arbitrum   | 0x1311Fbc9F60359639174c1e7cC2032DbDb5Cc4d1 | 0xe548a29631f9E49830bE8edc22d407b2D2915F31 |
+| Avalanche  | 0x76578ecf9a141296Ec657847fb45B0585bCDa3a6 | 0xfCe81cafe4b3F7e2263EFc2d907f488EBF2B238E |
+| Base       | 0x0A973B6DB16C2ded41dC91691Cc347BEb0e2442B | 0xEfD3aF73d3359014f3B864d37AC672A6d3D7ff1A |
+| Fraxtal    | 0x3f170631ed9821Ca51A59D996aB095162438DC10 | N/A                                        |
+| Gnosis     | 0xDB8d758BCb971e482B2C45f7F8a7740283A1bd3A | 0x15e86Be6084C6A5a8c17732D398dFbC2Ec574CEC |
+| Mainnet    | 0x1311Fbc9F60359639174c1e7cC2032DbDb5Cc4d1 | 0xFC541f8d8c5e907E236C8931F0Df9F58e0C259Ec |
+| Mode       | 0x96484f2aBF5e58b15176dbF1A799627B53F13B6d | 0x0767bECE12a327A1eD896c48E843AE53a0c313E9 |
+| Optimism   | 0x83E443EF4f9963C77bd860f94500075556668cb8 | 0x02a569eea6f85736E2D63C59E60d27d075E75c33 |
+| Polygon    | 0xa3b370092aeb56770B23315252aB5E16DAcBF62B | 0x3e89cc86307aF44A77EB29d0c4163d515D348313 |
+| Sepolia    | 0xA8920455934Da4D853faac1f94Fe7bEf72943eF1 | N/A                                        |
+| zkEVM      | 0x4132f7AcC9dB7A6cF7BE2Dd3A9DC8b30C7E6E6c8 | N/A                                        |
+

erc4626/AaveV3.md

@@ -0,0 +1,31 @@
+# ERC4626: `Aave V3`
+
+## Details
+- Reviewed by: @mkflow27
+- Checked by: @danielmkm
+- Deployed at:
+    - DAI:
+        - [sepolia:0xDE46e43F46ff74A23a65EBb0580cbe3dFE684a17](https://sepolia.etherscan.io/address/0xDE46e43F46ff74A23a65EBb0580cbe3dFE684a17)
+    - USDC: 
+        - [sepolia:0x8A88124522dbBF1E56352ba3DE1d9F78C143751e](https://sepolia.etherscan.io/address/0x8A88124522dbBF1E56352ba3DE1d9F78C143751e)
+    - USDT: 
+        - [sepolia:0x978206fAe13faF5a8d293FB614326B237684B750](https://sepolia.etherscan.io/address/0x978206fAe13faF5a8d293FB614326B237684B750)
+- Audit report(s):
+    - 
+
+## Context
+
+## Review Checklist: Bare Minimum Compatibility
+
+## Review Checklist: Common Findings
+
+### Administrative Privileges
+
+### Oracles
+
+### Common Manipulation Vectors
+
+## Additional Findings
+
+## Conclusion
+**Summary judgment: SAFE**

erc4626/registry.json

@@ -0,0 +1,25 @@
+{
+    "sepolia":{
+        "0xDE46e43F46ff74A23a65EBb0580cbe3dFE684a17":{
+            "asset":"0xff34b3d4aee8ddcd6f9afffb6fe49bd371b8a357",
+            "name": "Static Aave Ethereum DAI",
+            "summary": "safe",
+            "review": "./AaveV3.md",
+            "warnings": []
+        },
+        "0x94a9d9ac8a22534e3faca9f4e7f2e2cf85d5e4c8":{
+            "asset":"0xff34b3d4aee8ddcd6f9afffb6fe49bd371b8a357",
+            "name": "Static Aave Ethereum USDT",
+            "summary": "safe",
+            "review": "./AaveV3.md",
+            "warnings": []
+        },
+        "0x978206fAe13faF5a8d293FB614326B237684B750":{
+            "asset":"0xaa8e23fb1079ea71e0a56f48a2aa51851d8433d0",
+            "name": "Static Aave Ethereum USDC",
+            "summary": "safe",
+            "review": "./AaveV3.md",
+            "warnings": []
+        }
+    }
+}

hooks/DirectionalFeeHook.md

@@ -0,0 +1,26 @@
+# Hook: `Directional Fee`
+
+## Details
+- Reviewed by: @mkflow27
+- Checked by: @danielmkm
+- Deployed at:
+    - [sepolia:0xcdF93FaB48405bb9df9c321b6306e701be6F9859](https://sepolia.etherscan.io/address/0xcdF93FaB48405bb9df9c321b6306e701be6F9859)
+- Audit report(s):
+    - 
+
+## Context
+
+## Review Checklist: Bare Minimum Compatibility
+
+## Review Checklist: Common Findings
+
+### Administrative Privileges
+
+### Oracles
+
+### Common Manipulation Vectors
+
+## Additional Findings
+
+## Conclusion
+**Summary judgment: SAFE**

hooks/ExitFeeHook.md

@@ -0,0 +1,26 @@
+# Hook: `Exit Fee`
+
+## Details
+- Reviewed by: @mkflow27
+- Checked by: @danielmkm
+- Deployed at:
+    - [sepolia:0x307d96183f133c738Af11D1971BF0A5ee15312be](https://sepolia.etherscan.io/address/0x307d96183f133c738Af11D1971BF0A5ee15312be)
+- Audit report(s):
+    - 
+
+## Context
+
+## Review Checklist: Bare Minimum Compatibility
+
+## Review Checklist: Common Findings
+
+### Administrative Privileges
+
+### Oracles
+
+### Common Manipulation Vectors
+
+## Additional Findings
+
+## Conclusion
+**Summary judgment: SAFE**

hooks/FeeTakingHook.md

@@ -0,0 +1,26 @@
+# Hook: `Fee Taking`
+
+## Details
+- Reviewed by: @mkflow27
+- Checked by: @danielmkm
+- Deployed at:
+    - [sepolia:0x5c7FB0734d327ECeE2cA5cF2F5fE0f5Ff32dbf0b](https://sepolia.etherscan.io/address/0x5c7FB0734d327ECeE2cA5cF2F5fE0f5Ff32dbf0b)
+- Audit report(s):
+    - 
+
+## Context
+
+## Review Checklist: Bare Minimum Compatibility
+
+## Review Checklist: Common Findings
+
+### Administrative Privileges
+
+### Oracles
+
+### Common Manipulation Vectors
+
+## Additional Findings
+
+## Conclusion
+**Summary judgment: SAFE**

hooks/LotteryHook.md

@@ -0,0 +1,26 @@
+# Hook: `Lottery`
+
+## Details
+- Reviewed by: @mkflow27
+- Checked by: @danielmkm
+- Deployed at:
+    - [sepolia:0xb4b339a93B7E3D9B8266d52C96608F0615326B98](https://sepolia.etherscan.io/address/0xb4b339a93B7E3D9B8266d52C96608F0615326B98)
+- Audit report(s):
+    - 
+
+## Context
+
+## Review Checklist: Bare Minimum Compatibility
+
+## Review Checklist: Common Findings
+
+### Administrative Privileges
+
+### Oracles
+
+### Common Manipulation Vectors
+
+## Additional Findings
+
+## Conclusion
+**Summary judgment: SAFE**

hooks/StableSurge.md

@@ -0,0 +1,26 @@
+# Hook: `Lottery`
+
+## Details
+- Reviewed by: @mkflow27
+- Checked by: @danielmkm
+- Deployed at:
+    - [sepolia:0x1adc55adb4caae71abb4c33f606493f4114d2091](https://sepolia.etherscan.io/address/0xb4b339a93B7E3D9B8266d52C96608F0615326B98)
+- Audit report(s):
+    - 
+
+## Context
+
+## Review Checklist: Bare Minimum Compatibility
+
+## Review Checklist: Common Findings
+
+### Administrative Privileges
+
+### Oracles
+
+### Common Manipulation Vectors
+
+## Additional Findings
+
+## Conclusion
+**Summary judgment: SAFE**

hooks/registry.json

@@ -0,0 +1,34 @@
+{
+    "sepolia":{
+        "0x5c7FB0734d327ECeE2cA5cF2F5fE0f5Ff32dbf0b":{
+            "name": "FeeTakingHookExample",
+            "summary": "safe",
+            "review": "./FeeTakingHook.md",
+            "warnings": []
+        },
+        "0x307d96183f133c738Af11D1971BF0A5ee15312be":{
+            "name": "ExitFeeHookExample",
+            "summary": "safe",
+            "review": "./ExitFeeHook.md",
+            "warnings": []
+        },
+        "0xcdF93FaB48405bb9df9c321b6306e701be6F9859":{
+            "name": "DirectionalFeeHookExample",
+            "summary": "safe",
+            "review": "./DirectionalFeeHook.md",
+            "warnings": []
+        },
+        "0xb4b339a93B7E3D9B8266d52C96608F0615326B98":{
+            "name": "LotteryHookExample",
+            "summary": "safe",
+            "review": "./LotteryHook.md",
+            "warnings": []
+        },
+        "0x1adc55adb4caae71abb4c33f606493f4114d2091":{
+            "name": "StableSurgeHook",
+            "summary": "safe",
+            "review": "./StableSurge.md",
+            "warnings": []
+        }
+    }
+}

rate-providers/API3RateProvider.md

@@ -0,0 +1,96 @@
+# Rate Provider: `Api3AggregatorAdaptor`
+
+## Details
+- Reviewed by: @mkflow27
+- Checked by: @danielmkm
+- Deployed at:
+    - [mode:0x97e0E416dA48a0592E6ea8ac0dfD26D410Ba5C22](https://modescan.io/address/0x97e0E416dA48a0592E6ea8ac0dfD26D410Ba5C22/contract/34443/code)
+    - [mode:0xE91237236Bab7b39CA5CEE86F339a18C6C91F25c](https://explorer.mode.network/address/0xE91237236Bab7b39CA5CEE86F339a18C6C91F25c?tab=contract)
+    - [fraxtal:0x08e12d1a6d0F47518f05b009Bb4A24113D82f33d](https://fraxscan.com/address/0x08e12d1a6d0F47518f05b009Bb4A24113D82f33d#readContract)
+    - [mode:0x6Ad582604472DAdB4Af7B955388cAc6aDD6D511B](https://explorer.mode.network/address/0x6Ad582604472DAdB4Af7B955388cAc6aDD6D511B?tab=read_contract)
+- Audit report(s):
+    - [API3 audits](https://dapi-docs.api3.org/reference/dapis/understand/security.html)
+
+## Context
+dAPIs are on-chain data feeds sourced from off-chain first-party oracles owned and operated by API providers themselves and are continuously updated using signed data. dApp owners can read the on-chain value of any dAPI in realtime.
+
+## Review Checklist: Bare Minimum Compatibility
+Each of the items below represents an absolute requirement for the Rate Provider. If any of these is unchecked, the Rate Provider is unfit to use.
+
+- [x] Implements the [`IRateProvider`](https://github.com/balancer/balancer-v2-monorepo/blob/bc3b3fee6e13e01d2efe610ed8118fdb74dfc1f2/pkg/interfaces/contracts/pool-utils/IRateProvider.sol) interface.
+- [x] `getRate` returns an 18-decimal fixed point number (i.e., 1 == 1e18) regardless of underlying token decimals.
+
+## Review Checklist: Common Findings
+Each of the items below represents a common red flag found in Rate Provider contracts.
+
+If none of these is checked, then this might be a pretty great Rate Provider! If any of these is checked, we must thoroughly elaborate on the conditions that lead to the potential issue. Decision points are not binary; a Rate Provider can be safe despite these boxes being checked. A check simply indicates that thorough vetting is required in a specific area, and this vetting should be used to inform a holistic analysis of the Rate Provider.
+
+### Administrative Privileges
+- [ ] The Rate Provider is upgradeable (e.g., via a proxy architecture or an `onlyOwner` function that updates the price source address).
+
+- [ ] Some other portion of the price pipeline is upgradeable (e.g., the token itself, an oracle, or some piece of a larger system that tracks the price). 
+
+### Oracles
+- [x] Price data is provided by an off-chain source (e.g., a Chainlink oracle, a multisig, or a network of nodes).
+    - source: API3.
+    - source address: The data is sourced from multiple "beacon" which are a set of airnodes which provide the data. These individual datapoints are aggregated and form the oracle value. [mode:https://modescan.io/address/0x709944a48cAf83535e43471680fDA4905FB3920a](https://modescan.io/address/0x709944a48cAf83535e43471680fDA4905FB3920a)
+    - any protections? The data points being aggregated are medianized across the beacons used to form the value.
+    ```solidity
+    function aggregateBeacons(
+        bytes32[] memory beaconIds
+    ) internal view returns (int224 value, uint32 timestamp) {
+        uint256 beaconCount = beaconIds.length;
+        require(beaconCount > 1, "Specified less than two Beacons");
+        int256[] memory values = new int256[](beaconCount);
+        int256[] memory timestamps = new int256[](beaconCount);
+        for (uint256 ind = 0; ind < beaconCount; ) {
+            DataFeed storage dataFeed = _dataFeeds[beaconIds[ind]];
+            values[ind] = dataFeed.value;
+            timestamps[ind] = int256(uint256(dataFeed.timestamp));
+            unchecked {
+                ind++;
+            }
+        }
+        value = int224(median(values));
+        timestamp = uint32(uint256(median(timestamps)));
+    }
+    ```
+    An individual beacon can only be updated by an airnode. This is checked by recovering the signer from a signature
+    ```solidity
+    function updateBeaconWithSignedData(
+        address airnode,
+        bytes32 templateId,
+        uint256 timestamp,
+        bytes calldata data,
+        bytes calldata signature
+    ) external override returns (bytes32 beaconId) {
+        require(
+            (
+                keccak256(abi.encodePacked(templateId, timestamp, data))
+                    .toEthSignedMessageHash()
+            ).recover(signature) == airnode,
+            "Signature mismatch"
+        );
+        beaconId = deriveBeaconId(airnode, templateId);
+        int224 updatedValue = processBeaconUpdate(beaconId, timestamp, data);
+        emit UpdatedBeaconWithSignedData(
+            beaconId,
+            updatedValue,
+            uint32(timestamp)
+        );
+    }
+    ```
+
+- [ ] Price data is expected to be volatile (e.g., because it represents an open market price instead of a (mostly) monotonically increasing price).
+
+### Common Manipulation Vectors
+- [ ] The Rate Provider is susceptible to donation attacks.
+
+
+## Additional Findings
+To save time, we do not bother pointing out low-severity/informational issues or gas optimizations (unless the gas usage is particularly egregious). Instead, we focus only on high- and medium-severity findings which materially impact the contract's functionality and could harm users.
+
+## Conclusion
+**Summary judgment: SAFE**
+
+These rate providers should work well with Balancer pools. API3 updates the rate on mode & fraxtal regularly and has various protections in place to ensure appropriate values are forwarded.