p2p-org · sanbir · Mar 17, 2025 · Mar 19, 2025 · Mar 19, 2025 · Mar 19, 2025
diff --git a/README.md b/README.md
@@ -1,7 +1,7 @@
 ## p2p-yield-proxy
 
 Contracts for depositing and withdrawing ERC-20 tokens from yield protocols.
-The current implementation is only compatible with [Ethena](https://ethena.fi/) protocol. 
+The current implementation is only compatible with [Superform](https://www.superform.xyz/) protocol. 
 
 ## Running tests
 
@@ -18,25 +18,35 @@ forge test
 forge script script/Deploy.s.sol:Deploy --rpc-url $RPC_URL --private-key $PRIVATE_KEY --broadcast --chain $CHAIN_ID --json --verify --etherscan-api-key $ETHERSCAN_API_KEY -vvvvv
 ```
 
+`Deploy.s.sol` deterministically deploys the shared Superform tooling using CREATE2 so that every network produces the same contract addresses.  
+Set the following environment variables (override the defaults only when a network requires different endpoints):
+
+- `PRIVATE_KEY` – broadcaster key (also becomes the default `P2P_SIGNER`)
+- `P2P_SIGNER` – optional override for the signer account
+- `P2P_OPERATOR` – optional override for the operator account (defaults to `P2P_SIGNER`)
+- `SUPERFORM_ROUTER`
+- `SUPER_POSITIONS`
+- `P2P_TREASURY`
+- `REWARDS_DISTRIBUTOR`
+
 This script will:
 
-- deploy and verify on Etherscan the **P2pEthenaProxyFactory** and **P2pEthenaProxy** contracts
-- set the **P2pTreasury** address permanently in the P2pEthenaProxyFactory
-- set the rules for Ethena specific deposit and withdrawal functions
+- deploy and verify on Etherscan the **P2pSuperformProxyFactory**, its reference **P2pSuperformProxy**, the **AllowedCalldataChecker** implementation, proxy, and **ProxyAdmin**
+- ensure all CREATE2 salts are reused so the deployed addresses stay identical on Base, Optimism, Mainnet, and any additional chains
 
 ## Basic use case
 
 ![Basic use case diagram](image-1.png)
 
-#### Ethena Deposit flow
+#### Superform Deposit flow
 
-Look at [function _doDeposit()](test/MainnetIntegration.sol#L1000) for a reference implementation of the flow.
+Look at [function _doDeposit()](test/OptimismUSDT.t.sol#L430) for a reference implementation of the flow.
 
 1. Website User (called Client in contracts) calls Backend with its (User's) Ethereum address and some Merchant info.
 
 2. Backend uses Merchant info to determine the P2P fee (expressed as client basis points in the contracts).
 
-3. Backend calls P2pEthenaProxyFactory's `getHashForP2pSigner` function to get the hash for the P2pSigner.
+3. Backend calls P2pSuperformProxyFactory's `getHashForP2pSigner` function to get the hash for the P2pSigner.
 
 ```solidity
     /// @dev Gets the hash for the P2pSigner
@@ -46,101 +56,96 @@ Look at [function _doDeposit()](test/MainnetIntegration.sol#L1000) for a referen
     /// @return The hash for the P2pSigner
     function getHashForP2pSigner(
         address _client,
-        uint96 _clientBasisPoints,
+        uint48 _clientBasisPoints,
         uint256 _p2pSignerSigDeadline
     ) external view returns (bytes32);
 ```
 
 4. Backend signs the hash with the P2pSigner's private key using `eth_sign`. Signing is necessary to authenticate the client basis points in the contracts.
 
-5. Backend returns JSON to the User with (client address, client basis points, signature deadline, and the signature).
+5. Backend calls Superform API to generate Superform deposit calldata.
+
+6. Backend returns JSON to the User with (client address, client basis points, signature deadline, and the signature).
 
-6. Client-side JS code prepares all the necessary data for the Morpho deposit function. Since the deposited tokens will first go from the client to the client's P2pEthenaProxy instance and then from the P2pEthenaProxy instance into the Ethena protocol, both of these transfers are approved by the client via Permit2. The client's P2pEthenaProxy instance address is fetched from the P2pEthenaProxyFactory contract's `predictP2pEthenaProxyAddress` function:
+7. Client-side JS code prepares all the necessary data for the Morpho deposit function. The client's P2pSuperformProxy instance address is fetched from the P2pSuperformProxyFactory contract's `predictP2pYieldProxyAddress` function:
 
 ```solidity
-    /// @dev Computes the address of a P2pEthenaProxy created by `_createP2pEthenaProxy` function
-    /// @dev P2pEthenaProxy instances are guaranteed to have the same address if _feeDistributorInstance is the same
+    /// @dev Computes the address of a P2pYieldProxy created by `_getOrCreateP2pYieldProxy` function
+    /// @dev P2pYieldProxy instances are guaranteed to have the same address if _feeDistributorInstance is the same
     /// @param _client The address of client
-    /// @return address The address of the P2pEthenaProxy instance
-    function predictP2pEthenaProxyAddress(
+    /// @param _clientBasisPointsOfDeposit The client basis points (share) of deposit
+    /// @param _clientBasisPointsOfProfit The client basis points (share) of profit
+    /// @return address The address of the P2pYieldProxy instance
+    function predictP2pYieldProxyAddress(
         address _client,
-        uint96 _clientBasisPoints
+        uint48 _clientBasisPointsOfDeposit,
+        uint48 _clientBasisPointsOfProfit
     ) external view returns (address);
 ```
 
-7. Client-side JS code checks if User has already approved the required amount of the deposited token for Permit2. If not, it prompts the User to call the `approve` function of the deposited token contract with the uint256 MAX value and Permit2 contract as the spender.
+8. Client-side JS code checks if the user has already approved the required amount of the deposited token for the P2pSuperformProxy instance. If not, it prompts the user to call the ERC20 `approve` function with an allowance that covers the intended deposit amount.
 
-8. Client-side JS code prompts the User to do `eth_signTypedData_v4` to sign `PermitSingle` from the User's wallet into the P2pEthenaProxy instance
-
-9. Client-side JS code prompts the User to call the `deposit` function of the P2pEthenaProxyFactory contract:
+9. Client-side JS code prompts the user to call the `deposit` function of the P2pSuperformProxyFactory contract:
 
 ```solidity
-    /// @dev Deposits the yield protocol
-    /// @param _permitSingleForP2pEthenaProxy The permit single for P2pEthenaProxy
-    /// @param _permit2SignatureForP2pEthenaProxy The permit2 signature for P2pEthenaProxy
-    /// @param _clientBasisPoints The client basis points
+    /// @dev Initiates a deposit through a client specific P2pYieldProxy instance
+    /// @param _yieldProtocolCalldata Yield protocol calldata
+    /// @param _clientBasisPointsOfDeposit The client basis points (share) of deposit
+    /// @param _clientBasisPointsOfProfit The client basis points (share) of profit
     /// @param _p2pSignerSigDeadline The P2pSigner signature deadline
     /// @param _p2pSignerSignature The P2pSigner signature
-    /// @return P2pEthenaProxyAddress The client's P2pEthenaProxy instance address
+    /// @return p2pYieldProxyAddress The client's P2pYieldProxy instance address
     function deposit(
-        IAllowanceTransfer.PermitSingle memory _permitSingleForP2pEthenaProxy,
-        bytes calldata _permit2SignatureForP2pEthenaProxy,
-
-        uint96 _clientBasisPoints,
+        bytes calldata _yieldProtocolCalldata,
+        uint48 _clientBasisPointsOfDeposit,
+        uint48 _clientBasisPointsOfProfit,
         uint256 _p2pSignerSigDeadline,
         bytes calldata _p2pSignerSignature
     )
     external
-    returns (address P2pEthenaProxyAddress);
+    payable
+    returns (address p2pYieldProxyAddress);
 ```
 
-#### Ethena Withdrawal flow
+#### Superform Withdrawal flow
 
-Look at [function _doWithdraw()](test/MainnetIntegration.sol#L1024) for a reference implementation of the flow.
+Look at [function _doWithdraw()](test/OptimismUSDT.t.sol#L486) for a reference implementation of the flow.
 
-1. Client-side JS code prepares all the necessary data for the Ethena `cooldownShares` function.
+1. Website User calls P2P.org's backend for Superform withdrawal calldata.
 
-2. Client-side JS code prompts the User to call the `cooldownShares` function of the client's instance of the P2pEthenaProxy contract:
+2. P2P.org's backend calls Superform API for Superform withdrawal calldata.
 
-```solidity
-    /// @notice redeem shares into assets and starts a cooldown to claim the converted underlying asset
-    /// @param _shares shares to redeem
-    function cooldownShares(uint256 _shares) external returns (uint256 assets);
-```
+3. P2P.org's backend returns Superform withdrawal calldata to the User.
 
-3. Wait for the [cooldownDuration](https://etherscan.io/address/0x9d39a5de30e57443bff2a8307a4256c8797a3497#readContract#F9). (Currently, 7 days).
+4. Client-side JS code prepares all the necessary data for the Superform `singleDirectSingleVaultWithdraw` function.
 
-2. Client-side JS code prompts the User to call the `withdrawAfterCooldown` function of the client's instance of the P2pEthenaProxy contract:
+5. Client-side JS code prompts the User to call the `withdraw` function of the client's instance of the P2pSuperformProxy contract:
 
 ```solidity
-    /// @notice withdraw assets after cooldown has elapsed
-    function withdrawAfterCooldown() external;
+    /// @notice Withdraw assets from Superform protocol
+    /// @param _superformCalldata calldata for withdraw function of Superform protocol
+    function withdraw(
+        bytes calldata _superformCalldata
+    ) external;
 ```
 
-The P2pEthenaProxy contract will redeem the tokens from Ethena and send them to User. The amount on top of the deposited amount is split between the User and the P2pTreasury according to the client basis points.
+The P2pSuperformProxy contract will redeem the tokens from Superform and send them to User. The amount on top of the deposited amount is split between the User and the P2pTreasury according to the client basis points.
 
 
-## Calling any function on any contracts via P2pEthenaProxy
+## Calling any function on any contracts via P2pSuperformProxy
 
-It's possible for the User to call any function on any contracts via P2pEthenaProxy. This can be useful if it appears that functions of yield protocols beyond simple deposit and withdrawal are needed. Also, it can be useful for claiming any airdrops unknown in advance.
+It's possible for the User to call any function on any contracts via P2pSuperformProxy. This can be useful if it appears that functions of yield protocols beyond simple deposit and withdrawal are needed. Also, it can be useful for claiming any airdrops unknown in advance.
 
-Before the User can use this feature, the P2P operator needs to set the rules for the function call via the `setCalldataRules` function of the P2pEthenaProxyFactory contract:
+Before the User can use this feature, the P2P operator needs to deploy a new contract implementing the `IAllowedCalldataChecker` interface and then the function `upgrade` function on ProxyAdmin:
 
 ```solidity
-    /// @dev Sets the calldata rules
-    /// @param _contract The contract address
-    /// @param _selector The selector
-    /// @param _rules The rules
-    function setCalldataRules(
-        address _contract,
-        bytes4 _selector,
-        P2pStructs.Rule[] calldata _rules
-    ) external;
+    MockAllowedCalldataChecker newImplementation = new MockAllowedCalldataChecker();
+    admin.upgrade(ITransparentUpgradeableProxy(address(tup)), address(newImplementation));
 ```
 
 The rules should be as strict as possible to prevent any undesired function calls.
 
-Once the rules are set, the User can call the permitted function on the permitted contract with the permitted calldata via P2pEthenaProxy's `callAnyFunction` function:
+Once the rules are set, the User can call the permitted function on the permitted contract with the permitted calldata via P2pSuperformProxy's `callAnyFunction` function:
 
 ```solidity
     /// @notice Calls an arbitrary allowed function

diff --git a/foundry.toml b/foundry.toml
@@ -1,4 +1,6 @@
 [profile.default]
+ffi = true
+fs_permissions = [{ access = "read-write", path = "./" }]
 src = "src"
 out = "out"
 libs = ["lib"]
@@ -9,4 +11,4 @@ via_ir = true
 optimizer = true
 optimizer-runs = 2000
 
-rpc_endpoints = { mainnet = "https://rpc.ankr.com/eth", sepolia = "https://rpc.ankr.com/eth_sepolia", base = "https://mainnet.base.org" }
+rpc_endpoints = { mainnet = "https://eth.drpc.org", optimism = "https://mainnet.optimism.io", base = "https://mainnet.base.org" }
diff --git a/image-1.png b/image-1.png
diff --git a/lib/forge-std b/lib/forge-std
+1 −0		.github/CODEOWNERS
+6 −0		.github/dependabot.yml
+114 −100		.github/workflows/ci.yml
+6 −1		.github/workflows/sync.yml
+2 −2		README.md
+12 −0		RELEASE_CHECKLIST.md
+8 −4		foundry.toml
+1 −1		package.json
+22 −9		src/Base.sol
+60 −0		src/Config.sol
+477 −0		src/LibVariable.sol
+1 −0		src/Script.sol
+142 −47		src/StdAssertions.sol
+3 −3		src/StdChains.sol
+612 −0		src/StdConfig.sol
+30 −0		src/StdConstants.sol
+2 −2		src/StdStorage.sol
+0 −18		src/StdUtils.sol
+1 −0		src/Test.sol
+268 −19		src/Vm.sol
+1 −1		src/interfaces/IERC1155.sol
+1 −1		src/interfaces/IERC4626.sol
+72 −0		src/interfaces/IERC6909.sol
+1 −1		src/interfaces/IERC721.sol
+150 −0		src/interfaces/IERC7540.sol
+241 −0		src/interfaces/IERC7575.sol
+0 −234		src/mocks/MockERC20.sol
+0 −231		src/mocks/MockERC721.sol
+44 −0		test/CommonBase.t.sol
+352 −0		test/Config.t.sol
+434 −0		test/LibVariable.t.sol
+0 −4		test/StdAssertions.t.sol
+3 −3		test/StdChains.t.sol
+45 −24		test/StdCheats.t.sol
+38 −0		test/StdConstants.t.sol
+20 −3		test/StdStorage.t.sol
+2 −2		test/Vm.t.sol
+1 −1		test/compilation/CompilationScript.sol
+1 −1		test/compilation/CompilationScriptBase.sol
+1 −1		test/compilation/CompilationTest.sol
+1 −1		test/compilation/CompilationTestBase.sol
+81 −0		test/fixtures/config.toml
+0 −441		test/mocks/MockERC20.t.sol
+0 −721		test/mocks/MockERC721.t.sol