Checkout

.gitmodules

@@ -22,3 +22,6 @@
 [submodule "lib/dynamic-contracts"]
 	path = lib/dynamic-contracts
 	url = https://github.com/thirdweb-dev/dynamic-contracts
+[submodule "lib/prb-proxy"]
+	path = lib/prb-proxy
+	url = https://github.com/PaulRBerg/prb-proxy

contracts/prebuilts/unaudited/checkout/Checkout.sol

@@ -0,0 +1,78 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.11;
+
+import "@openzeppelin/contracts/proxy/Clones.sol";
+
+import "./interface/ICheckout.sol";
+import "./Vault.sol";
+import "./Executor.sol";
+
+import "../../../external-deps/openzeppelin/utils/Create2.sol";
+
+import "../../../extension/PermissionsEnumerable.sol";
+
+//   $$\     $$\       $$\                 $$\                         $$\
+//   $$ |    $$ |      \__|                $$ |                        $$ |
+// $$$$$$\   $$$$$$$\  $$\  $$$$$$\   $$$$$$$ |$$\  $$\  $$\  $$$$$$\  $$$$$$$\
+// \_$$  _|  $$  __$$\ $$ |$$  __$$\ $$  __$$ |$$ | $$ | $$ |$$  __$$\ $$  __$$\
+//   $$ |    $$ |  $$ |$$ |$$ |  \__|$$ /  $$ |$$ | $$ | $$ |$$$$$$$$ |$$ |  $$ |
+//   $$ |$$\ $$ |  $$ |$$ |$$ |      $$ |  $$ |$$ | $$ | $$ |$$   ____|$$ |  $$ |
+//   \$$$$  |$$ |  $$ |$$ |$$ |      \$$$$$$$ |\$$$$$\$$$$  |\$$$$$$$\ $$$$$$$  |
+//    \____/ \__|  \__|\__|\__|       \_______| \_____\____/  \_______|\_______/
+
+contract Checkout is PermissionsEnumerable, ICheckout {
+    /// @dev Registry of vaults created through this Checkout
+    mapping(address => bool) public isVaultRegistered;
+
+    /// @dev Registry of executors created through this Checkout
+    mapping(address => bool) public isExecutorRegistered;
+
+    address public immutable vaultImplementation;
+    address public immutable executorImplementation;
+
+    constructor(address _defaultAdmin, address _vaultImplementation, address _executorImplementation) {
+        vaultImplementation = _vaultImplementation;
+        executorImplementation = _executorImplementation;
+
+        _setupRole(DEFAULT_ADMIN_ROLE, _defaultAdmin);
+    }
+
+    function createVault(address _vaultAdmin, bytes32 _salt) external payable returns (address) {
+        bytes32 salthash = keccak256(abi.encodePacked(msg.sender, _salt));
+        address vault = Clones.cloneDeterministic(vaultImplementation, salthash);
+
+        (bool success, ) = vault.call(abi.encodeWithSelector(Vault.initialize.selector, _vaultAdmin));
+
+        require(success, "Deployment failed");
+
+        isVaultRegistered[vault] = true;
+
+        emit VaultCreated(vault, _vaultAdmin);
+
+        return vault;
+    }
+
+    function createExecutor(address _executorAdmin, bytes32 _salt) external payable returns (address) {
+        bytes32 salthash = keccak256(abi.encodePacked(msg.sender, _salt));
+        address executor = Clones.cloneDeterministic(executorImplementation, salthash);
+
+        (bool success, ) = executor.call(abi.encodeWithSelector(Executor.initialize.selector, _executorAdmin));
+
+        require(success, "Deployment failed");
+
+        isExecutorRegistered[executor] = true;
+
+        emit ExecutorCreated(executor, _executorAdmin);
+
+        return executor;
+    }
+
+    function authorizeVaultToExecutor(address _vault, address _executor) external {
+        require(IVault(_vault).canAuthorizeVaultToExecutor(msg.sender), "Not authorized");
+        require(isExecutorRegistered[_executor], "Executor not found");
+
+        IVault(_vault).setExecutor(_executor);
+
+        emit VaultAuthorizedToExecutor(_vault, _executor);
+    }
+}

contracts/prebuilts/unaudited/checkout/Executor.sol

@@ -0,0 +1,67 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.11;
+
+import "./interface/IExecutor.sol";
+import "./interface/IVault.sol";
+
+import "../../../lib/CurrencyTransferLib.sol";
+import "../../../eip/interface/IERC20.sol";
+
+import "../../../extension/PermissionsEnumerable.sol";
+import "../../../extension/Initializable.sol";
+
+//   $$\     $$\       $$\                 $$\                         $$\
+//   $$ |    $$ |      \__|                $$ |                        $$ |
+// $$$$$$\   $$$$$$$\  $$\  $$$$$$\   $$$$$$$ |$$\  $$\  $$\  $$$$$$\  $$$$$$$\
+// \_$$  _|  $$  __$$\ $$ |$$  __$$\ $$  __$$ |$$ | $$ | $$ |$$  __$$\ $$  __$$\
+//   $$ |    $$ |  $$ |$$ |$$ |  \__|$$ /  $$ |$$ | $$ | $$ |$$$$$$$$ |$$ |  $$ |
+//   $$ |$$\ $$ |  $$ |$$ |$$ |      $$ |  $$ |$$ | $$ | $$ |$$   ____|$$ |  $$ |
+//   \$$$$  |$$ |  $$ |$$ |$$ |      \$$$$$$$ |\$$$$$\$$$$  |\$$$$$$$\ $$$$$$$  |
+//    \____/ \__|  \__|\__|\__|       \_______| \_____\____/  \_______|\_______/
+
+contract Executor is Initializable, PermissionsEnumerable, IExecutor {
+    /// @dev Address of the Checkout entrypoint.
+    address public checkout;
+
+    constructor() {
+        _disableInitializers();
+    }
+
+    function initialize(address _defaultAdmin) external initializer {
+        checkout = msg.sender;
+        _setupRole(DEFAULT_ADMIN_ROLE, _defaultAdmin);
+    }
+
+    receive() external payable {}
+
+    function execute(UserOp calldata op) external {
+        require(_canExecute(), "Not authorized");
+
+        if (op.valueToSend != 0) {
+            IVault(op.vault).transferTokensToExecutor(op.currency, op.valueToSend);
+        }
+
+        bool success;
+        if (op.currency == CurrencyTransferLib.NATIVE_TOKEN) {
+            (success, ) = op.target.call{ value: op.valueToSend }(op.data);
+        } else {
+            if (op.approvalRequired) {
+                IERC20(op.currency).approve(op.target, op.valueToSend);
+            }
+
+            (success, ) = op.target.call(op.data);
+        }
+
+        require(success, "Execution failed");
+    }
+
+    // TODO: rethink design and interface here
+    function swapAndExecute(UserOp calldata op, SwapOp calldata swap) external {
+        require(_canExecute(), "Not authorized");
+        IVault(op.vault).swapAndTransferTokensToExecutor(op.currency, op.valueToSend, swap);
+    }
+
+    function _canExecute() internal view returns (bool) {
+        return hasRole(DEFAULT_ADMIN_ROLE, msg.sender);
+    }
+}

contracts/prebuilts/unaudited/checkout/Vault.sol

@@ -0,0 +1,164 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.11;
+
+import "./interface/IVault.sol";
+
+import "../../../lib/CurrencyTransferLib.sol";
+import "../../../eip/interface/IERC20.sol";
+
+import "../../../extension/PermissionsEnumerable.sol";
+import "../../../extension/Initializable.sol";
+
+//   $$\     $$\       $$\                 $$\                         $$\
+//   $$ |    $$ |      \__|                $$ |                        $$ |
+// $$$$$$\   $$$$$$$\  $$\  $$$$$$\   $$$$$$$ |$$\  $$\  $$\  $$$$$$\  $$$$$$$\
+// \_$$  _|  $$  __$$\ $$ |$$  __$$\ $$  __$$ |$$ | $$ | $$ |$$  __$$\ $$  __$$\
+//   $$ |    $$ |  $$ |$$ |$$ |  \__|$$ /  $$ |$$ | $$ | $$ |$$$$$$$$ |$$ |  $$ |
+//   $$ |$$\ $$ |  $$ |$$ |$$ |      $$ |  $$ |$$ | $$ | $$ |$$   ____|$$ |  $$ |
+//   \$$$$  |$$ |  $$ |$$ |$$ |      \$$$$$$$ |\$$$$$\$$$$  |\$$$$$$$\ $$$$$$$  |
+//    \____/ \__|  \__|\__|\__|       \_______| \_____\____/  \_______|\_______/
+
+contract Vault is Initializable, PermissionsEnumerable, IVault {
+    /// @dev Address of the executor for this vault.
+    address public executor;
+
+    /// @dev Address of the Checkout entrypoint.
+    address public checkout;
+
+    mapping(address => bool) public isApprovedRouter;
+
+    constructor() {
+        _disableInitializers();
+    }
+
+    function initialize(address _defaultAdmin) external initializer {
+        checkout = msg.sender;
+        _setupRole(DEFAULT_ADMIN_ROLE, _defaultAdmin);
+    }
+
+    // =================================================
+    // =============== Withdraw ========================
+    // =================================================
+
+    function withdraw(address _token, uint256 _amount) external {
+        require(hasRole(DEFAULT_ADMIN_ROLE, msg.sender), "Not authorized");
+
+        CurrencyTransferLib.transferCurrency(_token, address(this), msg.sender, _amount);
+
+        emit TokensWithdrawn(_token, _amount);
+    }
+
+    // =================================================
+    // =============== Executor functions ==============
+    // =================================================
+
+    function transferTokensToExecutor(address _token, uint256 _amount) external {
+        require(_canTransferTokens(), "Not authorized");
+
+        uint256 balance = _token == CurrencyTransferLib.NATIVE_TOKEN
+            ? address(this).balance
+            : IERC20(_token).balanceOf(address(this));
+
+        require(balance >= _amount, "Not enough balance");
+
+        CurrencyTransferLib.transferCurrency(_token, address(this), msg.sender, _amount);
+
+        emit TokensTransferredToExecutor(msg.sender, _token, _amount);
+    }
+
+    function swapAndTransferTokensToExecutor(address _token, uint256 _amount, SwapOp memory _swapOp) external {
+        require(_canTransferTokens(), "Not authorized");
+        require(isApprovedRouter[_swapOp.router], "Invalid router address");
+
+        _swap(_swapOp);
+
+        uint256 balance = _token == CurrencyTransferLib.NATIVE_TOKEN
+            ? address(this).balance
+            : IERC20(_token).balanceOf(address(this));
+
+        require(balance >= _amount, "Not enough balance");
+
+        CurrencyTransferLib.transferCurrency(_token, address(this), msg.sender, _amount);
+
+        emit TokensTransferredToExecutor(msg.sender, _token, _amount);
+    }
+
+    // =================================================
+    // =============== Swap functionality ==============
+    // =================================================
+
+    function swap(SwapOp memory _swapOp) external {
+        require(_canSwap(), "Not authorized");
+
+        _swap(_swapOp);
+    }
+
+    function _swap(SwapOp memory _swapOp) internal {
+        address _tokenIn = _swapOp.tokenIn;
+        address _router = _swapOp.router;
+
+        // get quote for amountIn
+        (, bytes memory quoteData) = _router.staticcall(_swapOp.quoteCalldata);
+        uint256 amountIn;
+        uint256 offset = _swapOp.amountInOffset;
+
+        assembly {
+            amountIn := mload(add(add(quoteData, 32), offset))
+        }
+
+        // perform swap
+        bool success;
+        if (_tokenIn == CurrencyTransferLib.NATIVE_TOKEN) {
+            (success, ) = _router.call{ value: amountIn }(_swapOp.swapCalldata);
+        } else {
+            IERC20(_tokenIn).approve(_swapOp.router, amountIn);
+            (success, ) = _router.call(_swapOp.swapCalldata);
+        }
+
+        require(success, "Swap failed");
+    }
+
+    // =================================================
+    // =============== Setter functions ================
+    // =================================================
+
+    function setExecutor(address _executor) external {
+        require(_canSetExecutor(), "Not authorized");
+        if (_executor == executor) {
+            revert("Executor already set");
+        }
+
+        executor = _executor;
+    }
+
+    function approveSwapRouter(address _swapRouter, bool _toApprove) external {
+        require(_canSetSwap(), "Not authorized");
+        require(_swapRouter != address(0), "Zero address");
+
+        isApprovedRouter[_swapRouter] = _toApprove;
+    }
+
+    // =================================================
+    // =============== Role checks =====================
+    // =================================================
+
+    function canAuthorizeVaultToExecutor(address _expectedAdmin) external view returns (bool) {
+        return hasRole(DEFAULT_ADMIN_ROLE, _expectedAdmin);
+    }
+
+    function _canSetExecutor() internal view returns (bool) {
+        return msg.sender == checkout;
+    }
+
+    function _canTransferTokens() internal view returns (bool) {
+        return msg.sender == executor;
+    }
+
+    function _canSwap() internal view returns (bool) {
+        return hasRole(DEFAULT_ADMIN_ROLE, msg.sender);
+    }
+
+    function _canSetSwap() internal view returns (bool) {
+        return hasRole(DEFAULT_ADMIN_ROLE, msg.sender);
+    }
+}

contracts/prebuilts/unaudited/checkout/interface/ICheckout.sol

@@ -0,0 +1,19 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.11;
+
+interface ICheckout {
+    /// @dev Emitted when an executor is authorized to use funds from the given vault.
+    event VaultAuthorizedToExecutor(address _vault, address _executor);
+
+    /// @dev Emitted when a new Executor contract is deployed.
+    event ExecutorCreated(address _executor, address _defaultAdmin);
+
+    /// @dev Emitted when a new Vault contrac is deployed.
+    event VaultCreated(address _vault, address _defaultAdmin);
+
+    function createVault(address _vaultAdmin, bytes32 _salt) external payable returns (address);
+
+    function createExecutor(address _executorAdmin, bytes32 _salt) external payable returns (address);
+
+    function authorizeVaultToExecutor(address _vault, address _executor) external;
+}

contracts/prebuilts/unaudited/checkout/interface/IExecutor.sol

@@ -0,0 +1,36 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.11;
+
+import "./ISwap.sol";
+
+interface IExecutor is ISwap {
+    /**
+     *  @notice Details of the transaction to execute on target contract.
+     *
+     *  @param target            Address to send the transaction to
+     *
+     *  @param currency          Represents both native token and erc20 token
+     *
+     *  @param vault             Vault providing liquidity for this transaction
+     *
+     *  @param approvalRequired  If need to approve erc20 to the target contract
+     *
+     *  @param swap              If need to swap first
+     *
+     *  @param valueToSend       Transaction value to send - both native and erc20
+     *
+     *  @param data              Transaction calldata
+     */
+    struct UserOp {
+        address target;
+        address currency;
+        address vault;
+        bool approvalRequired;
+        uint256 valueToSend;
+        bytes data;
+    }
+
+    function execute(UserOp calldata op) external;
+
+    function swapAndExecute(UserOp calldata op, SwapOp memory swapOp) external;
+}

contracts/prebuilts/unaudited/checkout/interface/ISwap.sol

@@ -0,0 +1,14 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.11;
+
+interface ISwap {
+    struct SwapOp {
+        address router;
+        address tokenOut;
+        address tokenIn;
+        uint256 amountIn;
+        uint256 amountInOffset;
+        bytes swapCalldata;
+        bytes quoteCalldata;
+    }
+}