Forkchoice Ethereum Mainnet

// SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.28;

import {Ownable2Step, Ownable} from "@openzeppelin/contracts/access/Ownable2Step.sol";

import {IStrategy} from "src/interfaces/IStrategy.sol";
import {IRewardVault} from "src/interfaces/IRewardVault.sol";
import {IProtocolController} from "src/interfaces/IProtocolController.sol";

/// @title ProtocolController.
/// @author Stake DAO
/// @custom:github @stake-dao
/// @custom:contact [email protected]

/// @notice ProtocolController is the central registry that facilitate the management of protocols integrations.
///         It allows the registration of vaults, management of protocol components (strategy, allocator, accountant, etc.),
///         and provides a permission system for granular access control.
///         It also supports pausing deposits for specific protocols while allowing withdrawals, and shutdown mechanisms per vault or at the protocol level.
contract ProtocolController is IProtocolController, Ownable2Step {
    /// @notice Stores the core components for each protocol integration.
    /// @dev    Each protocol (Curve, Balancer, etc.) has its own set of components.
    struct ProtocolComponents {
        address locker;
        address gateway;
        address strategy;
        address allocator;
        address accountant;
        address feeReceiver;
        address factory;
    }

    /// @notice Links a gauge to its associated vault and protocol.
    /// @dev    A gauge is the external yield source (e.g., Curve gauge) that the vault interacts with.
    struct Gauge {
        address vault;
        address asset;
        address rewardReceiver;
        bytes4 protocolId;
        bool isShutdown;
    }

    //////////////////////////////////////////////////////
    // --- STATE VARIABLES
    //////////////////////////////////////////////////////

    /// @notice Maps each gauge address to its configuration.
    mapping(address => Gauge) public gauge;

    /// @notice Authorized addresses that can register new vaults, such as factory contracts.
    mapping(address => bool) public registrar;

    /// @notice Addresses authorized to manage granular function-level permissions.
    mapping(address => bool) public permissionSetters;

    /// @notice Core components for each protocol, indexed by protocol ID.
    /// @dev    Protocol ID is typically keccak256("PROTOCOL_NAME") truncated to bytes4.
    mapping(bytes4 => ProtocolComponents) internal _protocolComponents;

    /// @notice Whitelisted allocation targets for each gauge.
    /// @dev    Strategies can only allocate funds to these pre-approved destinations (e.g., locker, sidecars).
    mapping(address => mapping(address => bool)) internal _isValidAllocationTargets;

    /// @notice Granular permission system: contract -> caller -> function -> allowed.
    /// @dev    Enables fine-grained access control for specific function calls. Main usecase is to allow router contracts
    ///         to deposit on behalf or claim on behalf of accounts.
    mapping(address => mapping(address => mapping(bytes4 => bool))) internal _permissions;

    /// @notice Per-protocol deposit pause state.
    /// @dev    When true for a protocol, deposits are paused but withdrawals remain functional.
    mapping(bytes4 => bool) public isPaused;

    //////////////////////////////////////////////////////
    // --- ERRORS & EVENTS
    //////////////////////////////////////////////////////

    /// @notice Event emitted when a protocol component is set.
    /// @param  protocolId The protocol identifier.
    /// @param  componentId The component identifier ("Strategy", "Allocator", "Accountant", "FeeReceiver", "Locker", "Gateway", "Factory").
    /// @param  component The component address.
    event ProtocolComponentSet(bytes4 indexed protocolId, string indexed componentId, address indexed component);

    /// @notice Event emitted when a vault is registered.
    /// @param  gauge The gauge address.
    /// @param  vault The vault address.
    /// @param  asset The asset address.
    /// @param  rewardReceiver The reward receiver address.
    /// @param  protocolId The protocol identifier.
    event VaultRegistered(
        address indexed gauge, address indexed vault, address indexed asset, address rewardReceiver, bytes4 protocolId
    );

    /// @notice Event emitted when a gauge is shutdown.
    /// @param  gauge The gauge address that is being shutdown.
    event GaugeShutdown(address indexed gauge);

    /// @notice Event emitted when a gauge is unshut down.
    /// @param  gauge The gauge address that is being unshut down.
    event GaugeUnshutdown(address indexed gauge);

    /// @notice Event emitted when a protocol is shutdown.
    /// @param  protocolId The protocol identifier of the protocol integration that is being shutdown.
    event ProtocolShutdown(bytes4 indexed protocolId);

    /// @notice Event emitted when a permission is set.
    /// @param  target The contract address where the permission is valid.
    /// @param  caller The caller address that is allowed to call the function.
    /// @param  selector The function selector that is being allowed or disallowed.
    /// @param  allowed Whether the caller is allowed to call the function on the contract.
    event PermissionSet(address indexed target, address indexed caller, bytes4 indexed selector, bool allowed);

    /// @notice Event emitted when a registrar is added or removed to the list of authorized registrars.
    /// @param  registrar The registrar address that is being set or unset.
    /// @param  allowed Whether the registrar is allowed to manage vault registrations and rewards tokens.
    event RegistrarPermissionSet(address indexed registrar, bool allowed);

    /// @notice Event emitted when a permission setter is set.
    /// @param  setter The permission setter address that is being set or unset and have rights to set permissions.
    /// @param  allowed Whether the permission setter is allowed to set permissions.
    event PermissionSetterSet(address indexed setter, bool allowed);

    /// @notice Event emitted when deposits are paused for a protocol.
    /// @param  protocolId The protocol identifier of the protocol integration that is being paused.
    event Paused(bytes4 indexed protocolId);

    /// @notice Event emitted when deposits are unpaused for a protocol.
    /// @param  protocolId The protocol identifier of the protocol integration that is being unpaused.
    event Unpaused(bytes4 indexed protocolId);

    /// @notice Thrown when a non-strategy calls a strategy-only function.
    error OnlyStrategy();

    /// @notice Thrown when a non-registrar calls a registrar-only function.
    error OnlyRegistrar();

    /// @notice Thrown when a zero address is used.
    error ZeroAddress();

    /// @notice Thrown when an accountant is already set.
    error AccountantAlreadySet();

    /// @notice Thrown when an unauthorized address tries to set permissions.
    error NotPermissionSetter();

    /// @notice Thrown when trying to unshutdown a gauge that is not shutdown.
    error GaugeNotShutdown();

    /// @notice Thrown when trying to shutdown a gauge that is already shutdown.
    error GaugeAlreadyShutdown();

    /// @notice Thrown when trying to set an allocation target that is already whitelisted.
    error InvalidAllocationTarget();

    //////////////////////////////////////////////////////
    // --- MODIFIERS
    //////////////////////////////////////////////////////

    /// @notice Ensures only authorized registrars or owner can register vaults.
    modifier onlyRegistrar() {
        require(registrar[msg.sender] || msg.sender == owner(), OnlyRegistrar());
        _;
    }

    /// @notice Ensures only authorized permission setters can modify permissions.
    modifier onlyPermissionSetter() {
        require(permissionSetters[msg.sender] || msg.sender == owner(), NotPermissionSetter());
        _;
    }

    constructor(address owner) Ownable(owner) {}

    //////////////////////////////////////////////////////
    // --- PERMISSION MANAGEMENT
    //////////////////////////////////////////////////////

    /// @notice Sets or revokes registrar permission for an address.
    /// @param  registrar_ The registrar address.
    /// @param  allowed Whether the registrar is allowed to register vaults.
    /// @custom:reverts Throws an error if the registrar address is zero.
    function setRegistrar(address registrar_, bool allowed) external onlyOwner {
        require(registrar_ != address(0), ZeroAddress());
        registrar[registrar_] = allowed;
        emit RegistrarPermissionSet(registrar_, allowed);
    }

    /// @notice Sets or revokes permission setter status for an address.
    /// @param  setter The permission setter address.
    /// @param  allowed Whether the address is allowed to set permissions.
    /// @custom:reverts Throws an error if the setter address is zero.
    function setPermissionSetter(address setter, bool allowed) external onlyOwner {
        require(setter != address(0), ZeroAddress());
        permissionSetters[setter] = allowed;
        emit PermissionSetterSet(setter, allowed);
    }

    /// @notice Sets a permission for a contract, caller, and function selector.
    /// @param  target The contract address where the permission is valid.
    /// @param  caller The caller address that is allowed to call the function.
    /// @param  selector The function selector that is being allowed or disallowed.
    /// @param  allowed Whether the caller is allowed to call the function.
    /// @custom:reverts Throws an error if the target or caller address is zero, or if the caller is not a permission setter.
    function setPermission(address target, address caller, bytes4 selector, bool allowed)
        external
        onlyPermissionSetter
    {
        require(target != address(0) && caller != address(0), ZeroAddress());
        _permissions[target][caller][selector] = allowed;
        emit PermissionSet(target, caller, selector, allowed);
    }

    //////////////////////////////////////////////////////
    // --- PROTOCOL COMPONENTS MANAGEMENT
    //////////////////////////////////////////////////////

    /// @notice Sets a protocol strategy.
    /// @param  protocolId The protocol identifier.
    /// @param  strategy The strategy address.
    /// @custom:reverts Throws an error if the _strategy address is zero.
    function setStrategy(bytes4 protocolId, address strategy) external onlyOwner {
        require(strategy != address(0), ZeroAddress());
        _protocolComponents[protocolId].strategy = strategy;
        emit ProtocolComponentSet(protocolId, "Strategy", strategy);
    }

    /// @notice Sets a protocol allocator.
    /// @param  protocolId The protocol identifier.
    /// @param  allocator The allocator address.
    /// @custom:reverts Throws an error if the allocator address is zero.
    function setAllocator(bytes4 protocolId, address allocator) external onlyOwner {
        require(allocator != address(0), ZeroAddress());
        _protocolComponents[protocolId].allocator = allocator;
        emit ProtocolComponentSet(protocolId, "Allocator", allocator);
    }

    /// @notice Sets a protocol accountant.
    /// @dev    Accountant is immutable once set to prevent reward accounting disruption.
    /// @param  protocolId The protocol identifier.
    /// @param  accountant The accountant address.
    /// @custom:reverts Throws an error if the accountant address is zero or if it was previously set.
    function setAccountant(bytes4 protocolId, address accountant) external onlyOwner {
        require(accountant != address(0), ZeroAddress());
        require(_protocolComponents[protocolId].accountant == address(0), AccountantAlreadySet());

        _protocolComponents[protocolId].accountant = accountant;
        emit ProtocolComponentSet(protocolId, "Accountant", accountant);
    }

    /// @notice Sets a protocol fee receiver.
    /// @param  protocolId The protocol identifier.
    /// @param  feeReceiver The fee receiver address.
    /// @custom:reverts Throws an error if the feeReceiver address is zero.
    function setFeeReceiver(bytes4 protocolId, address feeReceiver) external onlyOwner {
        require(feeReceiver != address(0), ZeroAddress());
        _protocolComponents[protocolId].feeReceiver = feeReceiver;
        emit ProtocolComponentSet(protocolId, "FeeReceiver", feeReceiver);
    }

    /// @notice Sets a protocol factory.
    /// @param  protocolId The protocol identifier.
    /// @param  factory The factory address.
    /// @custom:reverts Throws an error if the factory address is zero.
    function setFactory(bytes4 protocolId, address factory) external onlyOwner {
        require(factory != address(0), ZeroAddress());
        _protocolComponents[protocolId].factory = factory;
        emit ProtocolComponentSet(protocolId, "Factory", factory);
    }

    /// @notice Sets a protocol locker.
    /// @param  protocolId The protocol identifier.
    /// @param  locker The locker address.
    /// @custom:reverts Throws an error if the locker address is zero.
    function setLocker(bytes4 protocolId, address locker) external onlyOwner {
        require(locker != address(0), ZeroAddress());
        _protocolComponents[protocolId].locker = locker;
        emit ProtocolComponentSet(protocolId, "Locker", locker);
    }

    /// @notice Sets a protocol gateway
    /// @param  protocolId The protocol identifier
    /// @param  gateway The gateway address
    /// @custom:reverts Throws an error if the gateway address is zero.
    function setGateway(bytes4 protocolId, address gateway) external onlyOwner {
        require(gateway != address(0), ZeroAddress());
        _protocolComponents[protocolId].gateway = gateway;
        emit ProtocolComponentSet(protocolId, "Gateway", gateway);
    }

    //////////////////////////////////////////////////////
    // --- VAULT REGISTRATION & SHUTDOWN
    //////////////////////////////////////////////////////

    /// @notice Registers a vault for a gauge.
    /// @dev    Creates the association between an external gauge and our vault system.
    /// @param  gauge_ The gauge address (external protocol's staking contract).
    /// @param  vault The vault address (our ERC4626 vault).
    /// @param  asset The asset address (Token that users deposit).
    /// @param  rewardReceiver The reward receiver address (receives extra rewards from gauge).
    /// @param  protocolId The protocol identifier for the gauge.
    /// @custom:reverts Throws an error if any of the addresses are zero.
    function registerVault(address gauge_, address vault, address asset, address rewardReceiver, bytes4 protocolId)
        external
        onlyRegistrar
    {
        require(
            gauge_ != address(0) && vault != address(0) && asset != address(0) && rewardReceiver != address(0),
            ZeroAddress()
        );

        Gauge storage g = gauge[gauge_];
        g.vault = vault;
        g.asset = asset;
        g.protocolId = protocolId;
        g.rewardReceiver = rewardReceiver;

        emit VaultRegistered(gauge_, vault, asset, rewardReceiver, protocolId);
    }

    /// @notice Whitelists an allocation target for a gauge.
    /// @dev    Strategies can only send funds to whitelisted targets for security.
    /// @param  gauge The gauge address.
    /// @param  target The target address (e.g., locker or sidecar contract).
    /// @custom:reverts InvalidAllocationTarget if target is already whitelisted.
    function setValidAllocationTarget(address gauge, address target) external onlyRegistrar {
        require(!_isValidAllocationTargets[gauge][target], InvalidAllocationTarget());

        _isValidAllocationTargets[gauge][target] = true;
    }

    /// @notice Removes an allocation target from the whitelist.
    /// @dev    Used when a target is no longer needed or trusted.
    /// @param  gauge The gauge address.
    /// @param  target The target address to remove.
    /// @custom:reverts InvalidAllocationTarget if target is not currently whitelisted.
    function removeValidAllocationTarget(address gauge, address target) external onlyRegistrar {
        require(_isValidAllocationTargets[gauge][target], InvalidAllocationTarget());

        _isValidAllocationTargets[gauge][target] = false;
    }

    /// @notice Emergency shutdown for a specific gauge.
    /// @dev    Prevents new deposits while allowing withdrawals for user fund recovery.
    /// @param  gauge_ The gauge address to shut down.
    /// @custom:reverts GaugeAlreadyShutdown if gauge was previously shutdown.
    function shutdown(address gauge_) external onlyOwner {
        Gauge storage g = gauge[gauge_];
        require(!g.isShutdown, GaugeAlreadyShutdown());

        gauge[gauge_].isShutdown = true;

        // Shutdown the gauge and withdraw all funds.
        IStrategy(_protocolComponents[g.protocolId].strategy).shutdown(gauge_);

        emit GaugeShutdown(gauge_);
    }

    /// @notice Unshuts down a gauge.
    /// @dev    Allows a previously shutdown gauge to resume operations.
    /// @param  gauge_ The gauge address to unshut down.
    /// @custom:reverts GaugeNotShutdown if gauge was not previously shutdown.
    function unshutdown(address gauge_) external onlyOwner {
        require(gauge[gauge_].isShutdown, GaugeNotShutdown());

        // Mark the gauge as not shutdown.
        gauge[gauge_].isShutdown = false;

        // Resume the vault operations.
        IRewardVault(gauge[gauge_].vault).resumeVault();

        emit GaugeUnshutdown(gauge_);
    }

    /// @notice Pauses deposits for a specific protocol.
    /// @dev    Withdrawals remain functional during pause.
    /// @param  protocolId The protocol identifier to pause.
    function pause(bytes4 protocolId) external onlyOwner {
        isPaused[protocolId] = true;
        emit Paused(protocolId);
    }

    /// @notice Unpauses deposits for a specific protocol.
    /// @param  protocolId The protocol identifier to unpause.
    function unpause(bytes4 protocolId) external onlyOwner {
        isPaused[protocolId] = false;
        emit Unpaused(protocolId);
    }

    //////////////////////////////////////////////////////
    // --- VIEW FUNCTIONS
    //////////////////////////////////////////////////////

    /// @notice Returns the strategy address for a protocol.
    /// @param  protocolId The protocol identifier.
    /// @return _ The strategy address.
    function strategy(bytes4 protocolId) external view returns (address) {
        return _protocolComponents[protocolId].strategy;
    }

    /// @notice Returns the allocator address for a protocol.
    /// @param  protocolId The protocol identifier.
    /// @return _ The allocator address.
    function allocator(bytes4 protocolId) external view returns (address) {
        return _protocolComponents[protocolId].allocator;
    }

    /// @notice Returns the accountant address for a protocol.
    /// @param  protocolId The protocol identifier.
    /// @return _ The accountant address.
    function accountant(bytes4 protocolId) external view returns (address) {
        return _protocolComponents[protocolId].accountant;
    }

    /// @notice Returns the fee receiver address for a protocol.
    /// @param  protocolId The protocol identifier.
    /// @return _ The fee receiver address.
    function feeReceiver(bytes4 protocolId) external view returns (address) {
        return _protocolComponents[protocolId].feeReceiver;
    }

    /// @notice Returns the factory address for a protocol.
    /// @param  protocolId The protocol identifier.
    /// @return _ The factory address.
    function factory(bytes4 protocolId) external view returns (address) {
        return _protocolComponents[protocolId].factory;
    }

    /// @notice Returns the locker for a given protocol.
    /// @param  protocolId The protocol identifier.
    /// @return _ The locker address.
    function locker(bytes4 protocolId) external view returns (address) {
        return _protocolComponents[protocolId].locker;
    }

    /// @notice Returns the gateway for a given protocol.
    /// @param  protocolId The protocol identifier.
    /// @return _ The locker address.
    function gateway(bytes4 protocolId) external view returns (address) {
        return _protocolComponents[protocolId].gateway;
    }

    /// @notice Checks if an address is an authorized registrar.
    /// @param  registrar_ The address to check.
    /// @return _ Whether the address is an authorized registrar.
    function isRegistrar(address registrar_) external view returns (bool) {
        return registrar[registrar_];
    }

    /// @notice Returns the vault address for a gauge.
    /// @param  gauge_ The gauge address.
    /// @return _ The vault address.
    function vault(address gauge_) external view returns (address) {
        return gauge[gauge_].vault;
    }

    /// @notice Returns the reward receiver address for a gauge.
    /// @param  gauge_ The gauge address.
    /// @return _ The reward receiver address.
    function rewardReceiver(address gauge_) external view returns (address) {
        return gauge[gauge_].rewardReceiver;
    }

    /// @notice Returns the asset address for a gauge.
    /// @param  gauge_ The gauge address.
    /// @return _ The asset address.
    function asset(address gauge_) external view returns (address) {
        return gauge[gauge_].asset;
    }

    /// @notice Checks if a caller is allowed to call a function on a contract.
    /// @param  target The contract address.
    /// @param  caller The caller address.
    /// @param  selector The function selector.
    /// @return _ Whether the caller is allowed.
    function allowed(address target, address caller, bytes4 selector) external view returns (bool) {
        return _permissions[target][caller][selector] || caller == owner();
    }

    /// @notice Checks if a gauge is shutdown.
    /// @dev    Returns true if either the gauge itself or its protocol is shutdown.
    /// @param  gauge_ The gauge address.
    /// @return _ Whether the gauge is shutdown.
    function isShutdown(address gauge_) external view returns (bool) {
        return gauge[gauge_].isShutdown;
    }

    /// @notice Checks if a target is a valid allocation target for a gauge
    /// @param  gauge The gauge address
    /// @param  target The target address
    /// @return _ Whether the target is a valid allocation target
    function isValidAllocationTarget(address gauge, address target) external view returns (bool) {
        return _isValidAllocationTargets[gauge][target];
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (access/Ownable2Step.sol)

pragma solidity ^0.8.20;

import {Ownable} from "./Ownable.sol";

/**
 * @dev Contract module which provides access control mechanism, where
 * there is an account (an owner) that can be granted exclusive access to
 * specific functions.
 *
 * This extension of the {Ownable} contract includes a two-step mechanism to transfer
 * ownership, where the new owner must call {acceptOwnership} in order to replace the
 * old one. This can help prevent common mistakes, such as transfers of ownership to
 * incorrect accounts, or to contracts that are unable to interact with the
 * permission system.
 *
 * The initial owner is specified at deployment time in the constructor for `Ownable`. This
 * can later be changed with {transferOwnership} and {acceptOwnership}.
 *
 * This module is used through inheritance. It will make available all functions
 * from parent (Ownable).
 */
abstract contract Ownable2Step is Ownable {
    address private _pendingOwner;

    event OwnershipTransferStarted(address indexed previousOwner, address indexed newOwner);

    /**
     * @dev Returns the address of the pending owner.
     */
    function pendingOwner() public view virtual returns (address) {
        return _pendingOwner;
    }

    /**
     * @dev Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one.
     * Can only be called by the current owner.
     *
     * Setting `newOwner` to the zero address is allowed; this can be used to cancel an initiated ownership transfer.
     */
    function transferOwnership(address newOwner) public virtual override onlyOwner {
        _pendingOwner = newOwner;
        emit OwnershipTransferStarted(owner(), newOwner);
    }

    /**
     * @dev Transfers ownership of the contract to a new account (`newOwner`) and deletes any pending owner.
     * Internal function without access restriction.
     */
    function _transferOwnership(address newOwner) internal virtual override {
        delete _pendingOwner;
        super._transferOwnership(newOwner);
    }

    /**
     * @dev The new owner accepts the ownership transfer.
     */
    function acceptOwnership() public virtual {
        address sender = _msgSender();
        if (pendingOwner() != sender) {
            revert OwnableUnauthorizedAccount(sender);
        }
        _transferOwnership(sender);
    }
}

// SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.28;

import "src/interfaces/IAllocator.sol";

interface IStrategy {
    /// @notice The policy for harvesting rewards.
    enum HarvestPolicy {
        CHECKPOINT,
        HARVEST
    }

    struct PendingRewards {
        uint128 feeSubjectAmount;
        uint128 totalAmount;
    }

    function deposit(IAllocator.Allocation calldata allocation, HarvestPolicy policy)
        external
        returns (PendingRewards memory pendingRewards);
    function withdraw(IAllocator.Allocation calldata allocation, HarvestPolicy policy, address receiver)
        external
        returns (PendingRewards memory pendingRewards);

    function balanceOf(address gauge) external view returns (uint256 balance);

    function harvest(address gauge, bytes calldata extraData) external returns (PendingRewards memory pendingRewards);
    function flush() external;

    function shutdown(address gauge) external;
}

// SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.28;

import {IERC4626} from "@openzeppelin/contracts/interfaces/IERC4626.sol";
import {IAccountant} from "src/interfaces/IAccountant.sol";

/// @title IRewardVault
/// @notice Interface for the RewardVault contract
interface IRewardVault is IERC4626 {
    function addRewardToken(address rewardsToken, address distributor) external;

    function depositRewards(address _rewardsToken, uint128 _amount) external;

    function deposit(uint256 assets, address receiver, address referrer) external returns (uint256 shares);

    function deposit(address account, address receiver, uint256 assets, address referrer)
        external
        returns (uint256 shares);

    function claim(address[] calldata tokens, address receiver) external returns (uint256[] memory amounts);

    function claim(address account, address[] calldata tokens, address receiver)
        external
        returns (uint256[] memory amounts);

    function getRewardsDistributor(address token) external view returns (address);

    function getLastUpdateTime(address token) external view returns (uint32);

    function getPeriodFinish(address token) external view returns (uint32);

    function getRewardRate(address token) external view returns (uint128);

    function getRewardPerTokenStored(address token) external view returns (uint128);

    function getRewardPerTokenPaid(address token, address account) external view returns (uint128);

    function getClaimable(address token, address account) external view returns (uint128);

    function getRewardTokens() external view returns (address[] memory);

    function lastTimeRewardApplicable(address token) external view returns (uint256);

    function rewardPerToken(address token) external view returns (uint128);

    function earned(address account, address token) external view returns (uint128);

    function isRewardToken(address rewardToken) external view returns (bool);

    function resumeVault() external;

    function gauge() external view returns (address);

    function ACCOUNTANT() external view returns (IAccountant);

    function checkpoint(address account) external;

    function PROTOCOL_ID() external view returns (bytes4);
}

/// SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.28;

interface IProtocolController {
    function vault(address) external view returns (address);
    function asset(address) external view returns (address);
    function rewardReceiver(address) external view returns (address);

    function allowed(address, address, bytes4 selector) external view returns (bool);
    function permissionSetters(address) external view returns (bool);
    function isRegistrar(address) external view returns (bool);

    function strategy(bytes4 protocolId) external view returns (address);
    function allocator(bytes4 protocolId) external view returns (address);
    function accountant(bytes4 protocolId) external view returns (address);
    function feeReceiver(bytes4 protocolId) external view returns (address);
    function factory(bytes4 protocolId) external view returns (address);

    function isPaused(bytes4) external view returns (bool);
    function isShutdown(address) external view returns (bool);

    function registerVault(address _gauge, address _vault, address _asset, address _rewardReceiver, bytes4 _protocolId)
        external;

    function setValidAllocationTarget(address _gauge, address _target) external;
    function removeValidAllocationTarget(address _gauge, address _target) external;
    function isValidAllocationTarget(address _gauge, address _target) external view returns (bool);

    function shutdown(address _gauge) external;

    function setPermissionSetter(address _setter, bool _allowed) external;
    function setPermission(address _contract, address _caller, bytes4 _selector, bool _allowed) external;
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable.sol)

pragma solidity ^0.8.20;

import {Context} from "../utils/Context.sol";

/**
 * @dev Contract module which provides a basic access control mechanism, where
 * there is an account (an owner) that can be granted exclusive access to
 * specific functions.
 *
 * The initial owner is set to the address provided by the deployer. This can
 * later be changed with {transferOwnership}.
 *
 * This module is used through inheritance. It will make available the modifier
 * `onlyOwner`, which can be applied to your functions to restrict their use to
 * the owner.
 */
abstract contract Ownable is Context {
    address private _owner;

    /**
     * @dev The caller account is not authorized to perform an operation.
     */
    error OwnableUnauthorizedAccount(address account);

    /**
     * @dev The owner is not a valid owner account. (eg. `address(0)`)
     */
    error OwnableInvalidOwner(address owner);

    event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);

    /**
     * @dev Initializes the contract setting the address provided by the deployer as the initial owner.
     */
    constructor(address initialOwner) {
        if (initialOwner == address(0)) {
            revert OwnableInvalidOwner(address(0));
        }
        _transferOwnership(initialOwner);
    }

    /**
     * @dev Throws if called by any account other than the owner.
     */
    modifier onlyOwner() {
        _checkOwner();
        _;
    }

    /**
     * @dev Returns the address of the current owner.
     */
    function owner() public view virtual returns (address) {
        return _owner;
    }

    /**
     * @dev Throws if the sender is not the owner.
     */
    function _checkOwner() internal view virtual {
        if (owner() != _msgSender()) {
            revert OwnableUnauthorizedAccount(_msgSender());
        }
    }

    /**
     * @dev Leaves the contract without owner. It will not be possible to call
     * `onlyOwner` functions. Can only be called by the current owner.
     *
     * NOTE: Renouncing ownership will leave the contract without an owner,
     * thereby disabling any functionality that is only available to the owner.
     */
    function renounceOwnership() public virtual onlyOwner {
        _transferOwnership(address(0));
    }

    /**
     * @dev Transfers ownership of the contract to a new account (`newOwner`).
     * Can only be called by the current owner.
     */
    function transferOwnership(address newOwner) public virtual onlyOwner {
        if (newOwner == address(0)) {
            revert OwnableInvalidOwner(address(0));
        }
        _transferOwnership(newOwner);
    }

    /**
     * @dev Transfers ownership of the contract to a new account (`newOwner`).
     * Internal function without access restriction.
     */
    function _transferOwnership(address newOwner) internal virtual {
        address oldOwner = _owner;
        _owner = newOwner;
        emit OwnershipTransferred(oldOwner, newOwner);
    }
}

// SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.28;

interface IAllocator {
    struct Allocation {
        address asset;
        address gauge;
        address[] targets;
        uint256[] amounts;
    }

    function getDepositAllocation(address asset, address gauge, uint256 amount)
        external
        view
        returns (Allocation memory);
    function getWithdrawalAllocation(address asset, address gauge, uint256 amount)
        external
        view
        returns (Allocation memory);
    function getRebalancedAllocation(address asset, address gauge, uint256 amount)
        external
        view
        returns (Allocation memory);

    function getAllocationTargets(address gauge) external view returns (address[] memory);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (interfaces/IERC4626.sol)

pragma solidity ^0.8.20;

import {IERC20} from "../token/ERC20/IERC20.sol";
import {IERC20Metadata} from "../token/ERC20/extensions/IERC20Metadata.sol";

/**
 * @dev Interface of the ERC-4626 "Tokenized Vault Standard", as defined in
 * https://eips.ethereum.org/EIPS/eip-4626[ERC-4626].
 */
interface IERC4626 is IERC20, IERC20Metadata {
    event Deposit(address indexed sender, address indexed owner, uint256 assets, uint256 shares);

    event Withdraw(
        address indexed sender,
        address indexed receiver,
        address indexed owner,
        uint256 assets,
        uint256 shares
    );

    /**
     * @dev Returns the address of the underlying token used for the Vault for accounting, depositing, and withdrawing.
     *
     * - MUST be an ERC-20 token contract.
     * - MUST NOT revert.
     */
    function asset() external view returns (address assetTokenAddress);

    /**
     * @dev Returns the total amount of the underlying asset that is “managed” by Vault.
     *
     * - SHOULD include any compounding that occurs from yield.
     * - MUST be inclusive of any fees that are charged against assets in the Vault.
     * - MUST NOT revert.
     */
    function totalAssets() external view returns (uint256 totalManagedAssets);

    /**
     * @dev Returns the amount of shares that the Vault would exchange for the amount of assets provided, in an ideal
     * scenario where all the conditions are met.
     *
     * - MUST NOT be inclusive of any fees that are charged against assets in the Vault.
     * - MUST NOT show any variations depending on the caller.
     * - MUST NOT reflect slippage or other on-chain conditions, when performing the actual exchange.
     * - MUST NOT revert.
     *
     * NOTE: This calculation MAY NOT reflect the “per-user” price-per-share, and instead should reflect the
     * “average-user’s” price-per-share, meaning what the average user should expect to see when exchanging to and
     * from.
     */
    function convertToShares(uint256 assets) external view returns (uint256 shares);

    /**
     * @dev Returns the amount of assets that the Vault would exchange for the amount of shares provided, in an ideal
     * scenario where all the conditions are met.
     *
     * - MUST NOT be inclusive of any fees that are charged against assets in the Vault.
     * - MUST NOT show any variations depending on the caller.
     * - MUST NOT reflect slippage or other on-chain conditions, when performing the actual exchange.
     * - MUST NOT revert.
     *
     * NOTE: This calculation MAY NOT reflect the “per-user” price-per-share, and instead should reflect the
     * “average-user’s” price-per-share, meaning what the average user should expect to see when exchanging to and
     * from.
     */
    function convertToAssets(uint256 shares) external view returns (uint256 assets);

    /**
     * @dev Returns the maximum amount of the underlying asset that can be deposited into the Vault for the receiver,
     * through a deposit call.
     *
     * - MUST return a limited value if receiver is subject to some deposit limit.
     * - MUST return 2 ** 256 - 1 if there is no limit on the maximum amount of assets that may be deposited.
     * - MUST NOT revert.
     */
    function maxDeposit(address receiver) external view returns (uint256 maxAssets);

    /**
     * @dev Allows an on-chain or off-chain user to simulate the effects of their deposit at the current block, given
     * current on-chain conditions.
     *
     * - MUST return as close to and no more than the exact amount of Vault shares that would be minted in a deposit
     *   call in the same transaction. I.e. deposit should return the same or more shares as previewDeposit if called
     *   in the same transaction.
     * - MUST NOT account for deposit limits like those returned from maxDeposit and should always act as though the
     *   deposit would be accepted, regardless if the user has enough tokens approved, etc.
     * - MUST be inclusive of deposit fees. Integrators should be aware of the existence of deposit fees.
     * - MUST NOT revert.
     *
     * NOTE: any unfavorable discrepancy between convertToShares and previewDeposit SHOULD be considered slippage in
     * share price or some other type of condition, meaning the depositor will lose assets by depositing.
     */
    function previewDeposit(uint256 assets) external view returns (uint256 shares);

    /**
     * @dev Mints shares Vault shares to receiver by depositing exactly amount of underlying tokens.
     *
     * - MUST emit the Deposit event.
     * - MAY support an additional flow in which the underlying tokens are owned by the Vault contract before the
     *   deposit execution, and are accounted for during deposit.
     * - MUST revert if all of assets cannot be deposited (due to deposit limit being reached, slippage, the user not
     *   approving enough underlying tokens to the Vault contract, etc).
     *
     * NOTE: most implementations will require pre-approval of the Vault with the Vault’s underlying asset token.
     */
    function deposit(uint256 assets, address receiver) external returns (uint256 shares);

    /**
     * @dev Returns the maximum amount of the Vault shares that can be minted for the receiver, through a mint call.
     * - MUST return a limited value if receiver is subject to some mint limit.
     * - MUST return 2 ** 256 - 1 if there is no limit on the maximum amount of shares that may be minted.
     * - MUST NOT revert.
     */
    function maxMint(address receiver) external view returns (uint256 maxShares);

    /**
     * @dev Allows an on-chain or off-chain user to simulate the effects of their mint at the current block, given
     * current on-chain conditions.
     *
     * - MUST return as close to and no fewer than the exact amount of assets that would be deposited in a mint call
     *   in the same transaction. I.e. mint should return the same or fewer assets as previewMint if called in the
     *   same transaction.
     * - MUST NOT account for mint limits like those returned from maxMint and should always act as though the mint
     *   would be accepted, regardless if the user has enough tokens approved, etc.
     * - MUST be inclusive of deposit fees. Integrators should be aware of the existence of deposit fees.
     * - MUST NOT revert.
     *
     * NOTE: any unfavorable discrepancy between convertToAssets and previewMint SHOULD be considered slippage in
     * share price or some other type of condition, meaning the depositor will lose assets by minting.
     */
    function previewMint(uint256 shares) external view returns (uint256 assets);

    /**
     * @dev Mints exactly shares Vault shares to receiver by depositing amount of underlying tokens.
     *
     * - MUST emit the Deposit event.
     * - MAY support an additional flow in which the underlying tokens are owned by the Vault contract before the mint
     *   execution, and are accounted for during mint.
     * - MUST revert if all of shares cannot be minted (due to deposit limit being reached, slippage, the user not
     *   approving enough underlying tokens to the Vault contract, etc).
     *
     * NOTE: most implementations will require pre-approval of the Vault with the Vault’s underlying asset token.
     */
    function mint(uint256 shares, address receiver) external returns (uint256 assets);

    /**
     * @dev Returns the maximum amount of the underlying asset that can be withdrawn from the owner balance in the
     * Vault, through a withdraw call.
     *
     * - MUST return a limited value if owner is subject to some withdrawal limit or timelock.
     * - MUST NOT revert.
     */
    function maxWithdraw(address owner) external view returns (uint256 maxAssets);

    /**
     * @dev Allows an on-chain or off-chain user to simulate the effects of their withdrawal at the current block,
     * given current on-chain conditions.
     *
     * - MUST return as close to and no fewer than the exact amount of Vault shares that would be burned in a withdraw
     *   call in the same transaction. I.e. withdraw should return the same or fewer shares as previewWithdraw if
     *   called
     *   in the same transaction.
     * - MUST NOT account for withdrawal limits like those returned from maxWithdraw and should always act as though
     *   the withdrawal would be accepted, regardless if the user has enough shares, etc.
     * - MUST be inclusive of withdrawal fees. Integrators should be aware of the existence of withdrawal fees.
     * - MUST NOT revert.
     *
     * NOTE: any unfavorable discrepancy between convertToShares and previewWithdraw SHOULD be considered slippage in
     * share price or some other type of condition, meaning the depositor will lose assets by depositing.
     */
    function previewWithdraw(uint256 assets) external view returns (uint256 shares);

    /**
     * @dev Burns shares from owner and sends exactly assets of underlying tokens to receiver.
     *
     * - MUST emit the Withdraw event.
     * - MAY support an additional flow in which the underlying tokens are owned by the Vault contract before the
     *   withdraw execution, and are accounted for during withdraw.
     * - MUST revert if all of assets cannot be withdrawn (due to withdrawal limit being reached, slippage, the owner
     *   not having enough shares, etc).
     *
     * Note that some implementations will require pre-requesting to the Vault before a withdrawal may be performed.
     * Those methods should be performed separately.
     */
    function withdraw(uint256 assets, address receiver, address owner) external returns (uint256 shares);

    /**
     * @dev Returns the maximum amount of Vault shares that can be redeemed from the owner balance in the Vault,
     * through a redeem call.
     *
     * - MUST return a limited value if owner is subject to some withdrawal limit or timelock.
     * - MUST return balanceOf(owner) if owner is not subject to any withdrawal limit or timelock.
     * - MUST NOT revert.
     */
    function maxRedeem(address owner) external view returns (uint256 maxShares);

    /**
     * @dev Allows an on-chain or off-chain user to simulate the effects of their redeemption at the current block,
     * given current on-chain conditions.
     *
     * - MUST return as close to and no more than the exact amount of assets that would be withdrawn in a redeem call
     *   in the same transaction. I.e. redeem should return the same or more assets as previewRedeem if called in the
     *   same transaction.
     * - MUST NOT account for redemption limits like those returned from maxRedeem and should always act as though the
     *   redemption would be accepted, regardless if the user has enough shares, etc.
     * - MUST be inclusive of withdrawal fees. Integrators should be aware of the existence of withdrawal fees.
     * - MUST NOT revert.
     *
     * NOTE: any unfavorable discrepancy between convertToAssets and previewRedeem SHOULD be considered slippage in
     * share price or some other type of condition, meaning the depositor will lose assets by redeeming.
     */
    function previewRedeem(uint256 shares) external view returns (uint256 assets);

    /**
     * @dev Burns exactly shares from owner and sends assets of underlying tokens to receiver.
     *
     * - MUST emit the Withdraw event.
     * - MAY support an additional flow in which the underlying tokens are owned by the Vault contract before the
     *   redeem execution, and are accounted for during redeem.
     * - MUST revert if all of shares cannot be redeemed (due to withdrawal limit being reached, slippage, the owner
     *   not having enough shares, etc).
     *
     * NOTE: some implementations will require pre-requesting to the Vault before a withdrawal may be performed.
     * Those methods should be performed separately.
     */
    function redeem(uint256 shares, address receiver, address owner) external returns (uint256 assets);
}

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.7;

import {IStrategy} from "src/interfaces/IStrategy.sol";

interface IAccountant {
    function checkpoint(
        address gauge,
        address from,
        address to,
        uint128 amount,
        IStrategy.PendingRewards calldata pendingRewards,
        IStrategy.HarvestPolicy policy
    ) external;

    function checkpoint(
        address gauge,
        address from,
        address to,
        uint128 amount,
        IStrategy.PendingRewards calldata pendingRewards,
        IStrategy.HarvestPolicy policy,
        address referrer
    ) external;

    function totalSupply(address asset) external view returns (uint128);
    function balanceOf(address asset, address account) external view returns (uint128);

    function claim(address[] calldata _gauges, bytes[] calldata harvestData) external;
    function claim(address[] calldata _gauges, bytes[] calldata harvestData, address receiver) external;
    function claim(address[] calldata _gauges, address account, bytes[] calldata harvestData, address receiver)
        external;

    function claimProtocolFees() external;
    function harvest(address[] calldata _gauges, bytes[] calldata _harvestData, address _receiver) external;

    function REWARD_TOKEN() external view returns (address);

    function getPendingRewards(address vault) external view returns (uint128);
    function getPendingRewards(address vault, address account) external view returns (uint256);

    function SCALING_FACTOR() external view returns (uint128);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)

pragma solidity ^0.8.20;

/**
 * @dev Provides information about the current execution context, including the
 * sender of the transaction and its data. While these are generally available
 * via msg.sender and msg.data, they should not be accessed in such a direct
 * manner, since when dealing with meta-transactions the account sending and
 * paying for execution may not be the actual sender (as far as an application
 * is concerned).
 *
 * This contract is only required for intermediate, library-like contracts.
 */
abstract contract Context {
    function _msgSender() internal view virtual returns (address) {
        return msg.sender;
    }

    function _msgData() internal view virtual returns (bytes calldata) {
        return msg.data;
    }

    function _contextSuffixLength() internal view virtual returns (uint256) {
        return 0;
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (token/ERC20/IERC20.sol)

pragma solidity ^0.8.20;

/**
 * @dev Interface of the ERC-20 standard as defined in the ERC.
 */
interface IERC20 {
    /**
     * @dev Emitted when `value` tokens are moved from one account (`from`) to
     * another (`to`).
     *
     * Note that `value` may be zero.
     */
    event Transfer(address indexed from, address indexed to, uint256 value);

    /**
     * @dev Emitted when the allowance of a `spender` for an `owner` is set by
     * a call to {approve}. `value` is the new allowance.
     */
    event Approval(address indexed owner, address indexed spender, uint256 value);

    /**
     * @dev Returns the value of tokens in existence.
     */
    function totalSupply() external view returns (uint256);

    /**
     * @dev Returns the value of tokens owned by `account`.
     */
    function balanceOf(address account) external view returns (uint256);

    /**
     * @dev Moves a `value` amount of tokens from the caller's account to `to`.
     *
     * Returns a boolean value indicating whether the operation succeeded.
     *
     * Emits a {Transfer} event.
     */
    function transfer(address to, uint256 value) external returns (bool);

    /**
     * @dev Returns the remaining number of tokens that `spender` will be
     * allowed to spend on behalf of `owner` through {transferFrom}. This is
     * zero by default.
     *
     * This value changes when {approve} or {transferFrom} are called.
     */
    function allowance(address owner, address spender) external view returns (uint256);

    /**
     * @dev Sets a `value` amount of tokens as the allowance of `spender` over the
     * caller's tokens.
     *
     * Returns a boolean value indicating whether the operation succeeded.
     *
     * IMPORTANT: Beware that changing an allowance with this method brings the risk
     * that someone may use both the old and the new allowance by unfortunate
     * transaction ordering. One possible solution to mitigate this race
     * condition is to first reduce the spender's allowance to 0 and set the
     * desired value afterwards:
     * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
     *
     * Emits an {Approval} event.
     */
    function approve(address spender, uint256 value) external returns (bool);

    /**
     * @dev Moves a `value` amount of tokens from `from` to `to` using the
     * allowance mechanism. `value` is then deducted from the caller's
     * allowance.
     *
     * Returns a boolean value indicating whether the operation succeeded.
     *
     * Emits a {Transfer} event.
     */
    function transferFrom(address from, address to, uint256 value) external returns (bool);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (token/ERC20/extensions/IERC20Metadata.sol)

pragma solidity ^0.8.20;

import {IERC20} from "../IERC20.sol";

/**
 * @dev Interface for the optional metadata functions from the ERC-20 standard.
 */
interface IERC20Metadata is IERC20 {
    /**
     * @dev Returns the name of the token.
     */
    function name() external view returns (string memory);

    /**
     * @dev Returns the symbol of the token.
     */
    function symbol() external view returns (string memory);

    /**
     * @dev Returns the decimals places of the token.
     */
    function decimals() external view returns (uint8);
}