Feat/permissioned mtoken

contracts/mTokenPermissioned.sol

@@ -0,0 +1,52 @@
+// SPDX-License-Identifier: MIT
+pragma solidity 0.8.9;
+
+import "./mToken.sol";
+
+/**
+ * @title mTokenPermissioned
+ * @notice mToken with fully permissioned transfers
+ * @author RedDuck Software
+ */
+//solhint-disable contract-name-camelcase
+abstract contract mTokenPermissioned is mToken {
+    /**
+     * @dev leaving a storage gap for futures updates
+     */
+    uint256[50] private __gap;
+
+    /**
+     * @dev overrides _beforeTokenTransfer function to allow
+     * greenlisted users to use the token transfers functions
+     */
+    function _beforeTokenTransfer(
+        address from,
+        address to,
+        uint256 amount
+    ) internal virtual override(mToken) {
+        if (to != address(0)) {
+            if (from != address(0)) {
+                _onlyGreenlisted(from);
+            }
+            _onlyGreenlisted(to);
+        }
+
+        mToken._beforeTokenTransfer(from, to, amount);
+    }
+
+    /**
+     * @notice AC role of a greenlist
+     * @return role bytes32 role
+     */
+    function _greenlistedRole() internal pure virtual returns (bytes32);
+
+    /**
+     * @dev checks that a given `account`
+     * have `greenlistedRole()`
+     */
+    function _onlyGreenlisted(address account)
+        private
+        view
+        onlyRole(_greenlistedRole(), account)
+    {}
+}

contracts/testers/mTokenPermissionedTest.sol

@@ -0,0 +1,46 @@
+// SPDX-License-Identifier: MIT
+pragma solidity 0.8.9;
+
+import "../mTokenPermissioned.sol";
+
+//solhint-disable contract-name-camelcase
+contract mTokenPermissionedTest is mTokenPermissioned {
+    bytes32 public constant M_TOKEN_TEST_MINT_OPERATOR_ROLE =
+        keccak256("M_TOKEN_TEST_MINT_OPERATOR_ROLE");
+
+    bytes32 public constant M_TOKEN_TEST_BURN_OPERATOR_ROLE =
+        keccak256("M_TOKEN_TEST_BURN_OPERATOR_ROLE");
+
+    bytes32 public constant M_TOKEN_TEST_PAUSE_OPERATOR_ROLE =
+        keccak256("M_TOKEN_TEST_PAUSE_OPERATOR_ROLE");
+
+    bytes32 public constant M_TOKEN_TEST_GREENLISTED_ROLE =
+        keccak256("M_TOKEN_TEST_GREENLISTED_ROLE");
+
+    function _disableInitializers() internal override {}
+
+    function _getNameSymbol()
+        internal
+        pure
+        override
+        returns (string memory, string memory)
+    {
+        return ("mTokenPermissionedTest", "mTokenPermissionedTest");
+    }
+
+    function _minterRole() internal pure override returns (bytes32) {
+        return M_TOKEN_TEST_MINT_OPERATOR_ROLE;
+    }
+
+    function _burnerRole() internal pure override returns (bytes32) {
+        return M_TOKEN_TEST_BURN_OPERATOR_ROLE;
+    }
+
+    function _pauserRole() internal pure override returns (bytes32) {
+        return M_TOKEN_TEST_PAUSE_OPERATOR_ROLE;
+    }
+
+    function _greenlistedRole() internal pure override returns (bytes32) {
+        return M_TOKEN_TEST_GREENLISTED_ROLE;
+    }
+}

helpers/mtokens-metadata.ts

@@ -2,7 +2,7 @@ import { MTokenName } from '../config';
 
 export const mTokensMetadata: Record<
   MTokenName,
-  { name: string; symbol: string }
+  { name: string; symbol: string; isPermissioned?: boolean }
 > = {
   mTBILL: {
     name: 'Midas US Treasury Bill Token',

helpers/roles.ts

@@ -83,6 +83,7 @@ type TokenRoles = {
   depositVaultAdmin: string;
   redemptionVaultAdmin: string;
   customFeedAdmin: string | null;
+  greenlisted: string;
 };
 
 type CommonRoles = {
@@ -118,6 +119,7 @@ export const getRolesNamesForToken = (token: MTokenName): TokenRoles => {
       : `${tokenPrefix}_CUSTOM_AGGREGATOR_FEED_ADMIN_ROLE`,
     depositVaultAdmin: `${restPrefix}DEPOSIT_VAULT_ADMIN_ROLE`,
     redemptionVaultAdmin: `${restPrefix}REDEMPTION_VAULT_ADMIN_ROLE`,
+    greenlisted: `${restPrefix}GREENLISTED_ROLE`,
   };
 };
 export const getRolesNamesCommon = (): CommonRoles => {

scripts/deploy/codegen/common/index.ts

@@ -30,6 +30,8 @@
 import {
   getConfigFromUser,
   getContractsToGenerateFromUser,
+  getShouldUseTokenLevelGreenListFromUser,
+  getShouldUseTokenPermissionedFromUser,
 } from './ui/deployment-contracts';
 
 import { MTokenName } from '../../../../config';
@@ -45,7 +47,10 @@
 const generatorPerContract: Partial<
   Record<
     keyof TokenContractNames | 'layerZeroMinterBurner',
-    (mToken: MTokenName) =>
+    (
+      mToken: MTokenName,
+      optionalParams?: Record<string, unknown>,
+    ) =>
       | Promise<
           | {
               name: string;
@@ -78,12 +83,14 @@
     name,
     symbol,
     mToken,
+    isPermissioned,
   }: {
     contractNamePrefix: string;
     rolesPrefix: string;
     name: string;
     symbol: string;
     mToken: string;
+    isPermissioned?: true;
   },
 ) => {
   const project = new Project();
@@ -159,7 +166,12 @@
         initializer: (writer) =>
           writer.write(`{
             name: '${name}',
-            symbol: '${symbol}'
+            symbol: '${symbol}'${
+            isPermissioned
+              ? `,
+              isPermissioned: true`
+              : ''
+          }
           }`),
       });
     }
@@ -195,7 +207,7 @@
         stdio: 'inherit',
       },
     );
   } catch (error) {
     cancel('Failed to run lint&format fix for generated contracts');
     process.exit(1);
   }
@@ -209,7 +221,7 @@
         stdio: 'inherit',
       },
     );
   } catch (error) {
     cancel('Failed to run lint&format fix for generated contracts');
     process.exit(1);
   }
@@ -505,6 +517,20 @@
 
   const contractsToGenerate = await getContractsToGenerateFromUser();
 
+  let shouldUseTokenLevelGreenList = false;
+  let shouldUseTokenPermissioned = false;
+
+  if (
+    contractsToGenerate.find((v) => v.startsWith('dv') || v.startsWith('rv'))
+  ) {
+    shouldUseTokenLevelGreenList =
+      await getShouldUseTokenLevelGreenListFromUser();
+  }
+
+  if (contractsToGenerate.includes('token')) {
+    shouldUseTokenPermissioned = await getShouldUseTokenPermissionedFromUser();
+  }
+
   const mToken = config.tokenContractName;
 
   const folder = path.join(
@@ -523,11 +549,12 @@
           name: config.tokenName,
           symbol: config.tokenSymbol,
           mToken,
+          isPermissioned: shouldUseTokenPermissioned ? true : undefined,
         });
       },
     },
     {
-      title: 'Generation files',
+      title: 'Generating files',
       task: async () => {
         const isFolderExists = await fs
           .access(folder)
@@ -547,7 +574,12 @@
         ].filter((v) => v !== undefined);
 
         const generatedContracts = await Promise.all(
-          generators.map((generator) => generator(mToken as MTokenName)),
+          generators.map((generator) =>
+            generator(mToken as MTokenName, {
+              vaultUseTokenLevelGreenList: shouldUseTokenLevelGreenList,
+              isPermissionedMToken: shouldUseTokenPermissioned,
+            }),
+          ),
         );
 
         for (const contract of generatedContracts) {

scripts/deploy/codegen/common/templates/dv.template.ts

@@ -1,7 +1,12 @@
 import { MTokenName } from '../../../../../config';
 import { importWithoutCache } from '../../../../../helpers/utils';
 
-export const getDvContractFromTemplate = async (mToken: MTokenName) => {
+export const getDvContractFromTemplate = async (
+  mToken: MTokenName,
+  optionalParams?: Record<string, unknown>,
+) => {
+  const { vaultUseTokenLevelGreenList = false } = optionalParams || {};
+
   const { getTokenContractNames } = await importWithoutCache(
     require.resolve('../../../../../helpers/contracts'),
   );
@@ -38,6 +43,19 @@ export const getDvContractFromTemplate = async (mToken: MTokenName) => {
       function vaultRole() public pure override returns (bytes32) {
           return ${roles.depositVaultAdmin};
       }
+
+      ${
+        vaultUseTokenLevelGreenList
+          ? `
+        /**
+         * @inheritdoc Greenlistable
+         */
+        function greenlistedRole() public pure override returns (bytes32) {
+            return ${roles.greenlisted};
+        }
+        `
+          : ''
+      }
   }`,
   };
 };

scripts/deploy/codegen/common/templates/mtoken.template.ts

@@ -1,7 +1,11 @@
 import { MTokenName } from '../../../../../config';
 import { importWithoutCache } from '../../../../../helpers/utils';
 
-export const getTokenContractFromTemplate = async (mToken: MTokenName) => {
+export const getTokenContractFromTemplate = async (
+  mToken: MTokenName,
+  optionalParams?: Record<string, unknown>,
+) => {
+  const { isPermissionedMToken = false } = optionalParams || {};
   const { getTokenContractNames } = await importWithoutCache(
     require.resolve('../../../../../helpers/contracts'),
   );
@@ -25,14 +29,17 @@ export const getTokenContractFromTemplate = async (mToken: MTokenName) => {
   // SPDX-License-Identifier: MIT
   pragma solidity 0.8.9;
 
-  import "../../mToken.sol";
+  import "../../mToken${isPermissionedMToken ? 'Permissioned' : ''}.sol";
+  ${isPermissionedMToken ? `import "./${contractNames.roles}.sol";` : ''}
 
   /**
    * @title ${contractNames.token}
    * @author RedDuck Software
    */
   //solhint-disable contract-name-camelcase
-  contract ${contractNames.token} is mToken {
+  contract ${contractNames.token} is mToken${
+      isPermissionedMToken ? `Permissioned, ${contractNames.roles}` : ''
+    } {
       /**
        * @notice actor that can mint ${contractNames.token}
        */
@@ -88,6 +95,18 @@ export const getTokenContractFromTemplate = async (mToken: MTokenName) => {
       function _pauserRole() internal pure override returns (bytes32) {
           return ${roles.pauser};
       }
+
+      ${
+        isPermissionedMToken
+          ? `
+       /**
+       * @inheritdoc mTokenPermissioned
+       */
+      function _greenlistedRole() internal pure override returns (bytes32) {
+          return ${roles.greenlisted};
+      }`
+          : ''
+      }
   }`,
   };
 };

scripts/deploy/codegen/common/templates/rv-swapper.template.ts

@@ -1,7 +1,12 @@
 import { MTokenName } from '../../../../../config';
 import { importWithoutCache } from '../../../../../helpers/utils';
 
-export const getRvSwapperContractFromTemplate = async (mToken: MTokenName) => {
+export const getRvSwapperContractFromTemplate = async (
+  mToken: MTokenName,
+  optionalParams?: Record<string, unknown>,
+) => {
+  const { vaultUseTokenLevelGreenList = false } = optionalParams || {};
+
   const { getTokenContractNames } = await importWithoutCache(
     require.resolve('../../../../../helpers/contracts'),
   );
@@ -41,6 +46,19 @@ export const getRvSwapperContractFromTemplate = async (mToken: MTokenName) => {
       function vaultRole() public pure override returns (bytes32) {
           return ${roles.redemptionVaultAdmin};
       }
+
+      ${
+        vaultUseTokenLevelGreenList
+          ? `
+        /**
+         * @inheritdoc Greenlistable
+         */
+        function greenlistedRole() public pure override returns (bytes32) {
+            return ${roles.greenlisted};
+        }
+        `
+          : ''
+      }
   }`,
   };
 };

scripts/deploy/codegen/common/templates/rv-ustb.template.ts

@@ -1,7 +1,12 @@
 import { MTokenName } from '../../../../../config';
 import { importWithoutCache } from '../../../../../helpers/utils';
 
-export const getRvUstbContractFromTemplate = async (mToken: MTokenName) => {
+export const getRvUstbContractFromTemplate = async (
+  mToken: MTokenName,
+  optionalParams?: Record<string, unknown>,
+) => {
+  const { vaultUseTokenLevelGreenList = false } = optionalParams || {};
+
   const { getTokenContractNames } = await importWithoutCache(
     require.resolve('../../../../../helpers/contracts'),
   );
@@ -41,6 +46,19 @@ export const getRvUstbContractFromTemplate = async (mToken: MTokenName) => {
         function vaultRole() public pure override returns (bytes32) {
             return ${roles.redemptionVaultAdmin};
         }
+
+        ${
+          vaultUseTokenLevelGreenList
+            ? `
+          /**
+           * @inheritdoc Greenlistable
+           */
+          function greenlistedRole() public pure override returns (bytes32) {
+              return ${roles.greenlisted};
+          }
+          `
+            : ''
+        }
     }`,
   };
 };