Merge audited changes#26
Merged
Merged
Conversation
…deployment scripts
…e deployment scripts and tests
… via accessmanger)
…d update factories to utilize access manager roles
…p permission consistency issues in gt implementation
Changelog TermMaxOrderV2 Replace fixed maturity with configurable orderExpiryTimestamp, allowing order makers to set custom expiry before market maturity Add setExpiryTimestamp() for owner to update order expiry Introduce transient storage (EIP-1153) to cache treasurer and maturity during swaps, reducing redundant cross-contract calls Refactor _daysToMaturity() to read maturity from transient cache with fallback to market config TermMaxMarketV2 Fix front-running vulnerability: deterministic clone salt now includes full OrderInitialParams instead of partial fields (maker, pool, swapTrigger) Allow custom maturity in _initalizeOrder() — only defaults to market maturity when params.maturity == 0 Access Control Extract role constants into centralized Roles contract Add WithAccessManagerRole abstract contract for delegating role checks to AccessManager via immutable reference Add WithWhitelistCheck abstract contract for immutable whitelist verification WhitelistManager.batchSetWhitelist permission changed from onlyOwner to hasRole(WHITELIST_ROLE) Add STABLE_ERC4626_BUFFER_ROLE and STABLE_ERC4626_INCOME_WITHDRAW_ROLE to AccessManagerV2 Add updateBufferConfigAndAddReserves() and withdrawIncomeAssets() to AccessManagerV2 TermMaxRouterV2 Migrate whitelist check from storage-based whitelistManager to immutable WithWhitelistCheck Add onlyWhitelisted(address(market)) modifier to all user-facing functions (leverage, borrowTokenFromCollateralAndXt, flashRepayFromCollateral, flashRepayToGetCollateral, rolloverGt, swapAndRepay) Add inline _checkWhitelisted(address(market)) inside rollover callback for decoded market address rolloverGt and swapAndRepay now take ITermMaxMarket instead of IGearingToken as parameter, deriving GT from market Move FlashRepayOptions.ROLLOVER branch inside the else block that reads/clears T_CALLER TermMaxVaultV2 Add WithWhitelistCheck for market and pool whitelist verification submitMarket() validates market against whitelist before submission submitPool() validates pool against whitelist; setting pool to address(0) bypasses timelock acceptMarket() re-validates market whitelist at acceptance time _setPool() validates pool whitelist before activation TermMax4626Factory Refactor from immutable implementation addresses to dynamic mapping(bytes32 => address) with setImplementation() / getImplementations() Add WithAccessManagerRole and WithWhitelistCheck Add support for StableERC4626ForVenus and StableERC4626ForCustomize pool types Add generic createTermMax4626() for deploying pools by string key Auto-register created pools to whitelist via _registerAddress() TermMaxFactoryV2 / TermMaxVaultFactoryV2 Add WithAccessManagerRole and WithWhitelistCheck Replace onlyOwner with role-based access (MARKET_ROLE, VAULT_DEPLOYER_ROLE, TERMMAX_MARKET_FACTORY_ROLE) Auto-register created markets/vaults to whitelist
🛡️ Immunefi PR ReviewsWe noticed that your project isn't set up for automatic code reviews. If you'd like this PR reviewed by the Immunefi team, you can request it manually using the link below: Once submitted, we'll take care of assigning a reviewer and follow up here. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.