Fix issues and add new features

[EvanWang-TKSpring]

Changelog

TermMaxOrderV2

• Replace fixed maturity with configurable orderExpiryTimestamp, allowing order makers to set custom expiry before market maturity
• Add setExpiryTimestamp() for owner to update order expiry
• Introduce transient storage (EIP-1153) to cache treasurer and maturity during swaps, reducing redundant cross-contract calls
• Refactor _daysToMaturity() to read maturity from transient cache with fallback to market config

TermMaxMarketV2

• Fix front-running vulnerability: deterministic clone salt now includes full OrderInitialParams instead of partial fields (maker, pool, swapTrigger)
• Allow custom maturity in _initalizeOrder() — only defaults to market maturity when params.maturity == 0

Access Control

• Extract role constants into centralized Roles contract
• Add WithAccessManagerRole abstract contract for delegating role checks to AccessManager via immutable reference
• Add WithWhitelistCheck abstract contract for immutable whitelist verification
• WhitelistManager.batchSetWhitelist permission changed from onlyOwner to hasRole(WHITELIST_ROLE)
• Add STABLE_ERC4626_BUFFER_ROLE and STABLE_ERC4626_INCOME_WITHDRAW_ROLE to AccessManagerV2
• Add updateBufferConfigAndAddReserves() and withdrawIncomeAssets() to AccessManagerV2

TermMaxRouterV2

• Migrate whitelist check from storage-based whitelistManager to immutable WithWhitelistCheck
• Add onlyWhitelisted(address(market)) modifier to all user-facing functions (leverage, borrowTokenFromCollateralAndXt, flashRepayFromCollateral, flashRepayToGetCollateral, rolloverGt, swapAndRepay)
• Add inline _checkWhitelisted(address(market)) inside rollover callback for decoded market address
• rolloverGt and swapAndRepay now take ITermMaxMarket instead of IGearingToken as parameter, deriving GT from market
• Move FlashRepayOptions.ROLLOVER branch inside the else block that reads/clears T_CALLER

TermMaxVaultV2

• Add WithWhitelistCheck for market and pool whitelist verification
• submitMarket() validates market against whitelist before submission
• submitPool() validates pool against whitelist; setting pool to address(0) bypasses timelock
• acceptMarket() re-validates market whitelist at acceptance time
• _setPool() validates pool whitelist before activation

TermMax4626Factory

• Refactor from immutable implementation addresses to dynamic mapping(bytes32 => address) with setImplementation() / getImplementations()
• Add WithAccessManagerRole and WithWhitelistCheck
• Add support for StableERC4626ForVenus and StableERC4626ForCustomize pool types
• Add generic createTermMax4626() for deploying pools by string key
• Auto-register created pools to whitelist via _registerAddress()

TermMaxFactoryV2 / TermMaxVaultFactoryV2

• Add WithAccessManagerRole and WithWhitelistCheck
• Replace onlyOwner with role-based access (MARKET_ROLE, VAULT_DEPLOYER_ROLE, TERMMAX_MARKET_FACTORY_ROLE)
• Auto-register created markets/vaults to whitelist

[immunefi-magnus]

🛡️ Immunefi PR Reviews

We’ve assigned 1 code reviewer(s) to this PR.

They’ll begin the review shortly and leave feedback directly in the pull request.

This review is based on the current state of your pull request. If you make changes after the review starts, they won’t be reflected here. To ensure the review includes your latest updates, you’ll need to open a new pull request.

[immunefi-magnus]

PR reviewed. The bug fixes are well implemented and all code changes appear solid overall. Whitelisting is consistently enforced across all external (user-facing) entry points, with no bypass paths. The front-running/collision risks are also adequately mitigated. No security issues were Found. Only A single gas optimization finding was noted. Details here:
https://docs.google.com/document/d/14l__KYbhqiSwjLqsuMh7w7oV5FiwwhscxLdYUpaxtgw/edit?tab=t.vcy0ihj9qhug

• abdul_rehman