feat: Add v1.4.0 with audits

feat: Add v1.4.0 release and audit reports

Author: lucas-manuel

README.md

@@ -64,7 +64,7 @@ This is a linear rate limit that increases over time with a maximum limit. This
 Below are all stated trust assumptions for using this contract in production:
 - The `DEFAULT_ADMIN_ROLE` is fully trusted, to be run by governance.
 - The `RELAYER` role is assumed to be able to be fully compromised by a malicious actor. **This should be a major consideration during auditing engagements.**
-  - The logic in the smart contracts must prevent the movement of value anywhere outside of the ALM system of contracts.
+  - The logic in the smart contracts must prevent the movement of value anywhere outside of the ALM system of contracts. The exception for this is in asynchronous style integrations such as BUIDL, where `transferAsset` can be used to send funds to a whitelisted address. LP tokens are then asynchronously minted into the ALMProxy in a separate transaction.
   - Any action must be limited to "reasonable" slippage/losses/opportunity cost by rate limits.
   - The `FREEZER` must be able to stop the compromised `RELAYER` from performing more harmful actions within the max rate limits by using the `removeRelayer` function.
 - A compromised `RELAYER` can perform DOS attacks. These attacks along with their respective recovery procedures are outlined in the `Attacks.t.sol` test files.
@@ -110,12 +110,16 @@ anvil --fork-url $MAINNET_RPC_URL
 ```
 anvil --fork-url $BASE_RPC_URL -p 8546
 ```
+```
+anvil --fork-url $ARBITRUM_ONE_RPC_URL -p 8547
+```
 
 2. Point to local RPCs.
 
 ```
 export MAINNET_RPC_URL=http://127.0.0.1:8545
 export BASE_RPC_URL=http://127.0.0.1:8546
+export ARBITRUM_ONE_RPC_URL=http://127.0.0.1:8547
 ```
 
 3. Upgrade mainnet contracts impersonating as the `SPARK_PROXY`.

audits/v100-beta-cantina-audit.pdf renamed to audits/v100-cantina-beta-audit.pdf

@@ -4,7 +4,7 @@ out = "out"
 libs = ["lib"]
 solc_version = '0.8.25'
 optimizer = true
-optimizer_runs = 200
+optimizer_runs = 1
 fs_permissions = [
     { access = "read", path = "./script/input/"},
     { access = "read-write", path = "./script/output/"}
@@ -14,6 +14,10 @@ evm_version = 'cancun'
 [fuzz]
 runs = 1000
 
+[invariant]
+runs = 1
+depth = 100
+
 [etherscan]
 mainnet = { key = "${ETHERSCAN_API_KEY}" }
 optimism = { key = "${OPTIMISMSCAN_API_KEY}" }

audits/v140-cantina-audit.pdf

@@ -0,0 +1,13 @@
+{
+    "admin": "0x62B5262D3639eA5A8ec0D8Aa442f1135ecF77205",
+    "almProxy": "0xe25DD602aA54B1346B8D004D10D51851C451fbF3",
+    "cctpTokenMessenger": "0x19330d10D9Cc8751218eaf51E8885D058642E08A",
+    "controller": "0x149aCa3bC479EfB254aea74EB8c71625AEC55465",
+    "freezer": "0x19C6728873c6d247582A8b39fF410B42C4AE5a3F",
+    "psm": "0x2B05F8e1cACC6974fD79A673a341Fe1f58d27266",
+    "rateLimits": "0x7B843f95AA7a6A72836F1fFE2B10ca226236BB14",
+    "relayer": "0x19C6728873c6d247582A8b39fF410B42C4AE5a3F",
+    "susds": "0xdDb46999F8891663a8F2828d25298f70416d7610",
+    "usdc": "0xaf88d065e77c8cC2239327C5EDb3A432268e5831",
+    "usds": "0x6491c05A82219b8D1479057361ff1654749b876b"
+}

audits/v140-chainsecurity-audit.pdf

@@ -2,11 +2,12 @@
     "admin": "0xF93B7122450A50AF3e5A76E1d546e95Ac1d0F579",
     "almProxy": "0x2917956eFF0B5eaF030abDB4EF4296DF775009cA",
     "cctpTokenMessenger": "0x1682Ae6375C4E4A97e4B583BC394c861A46D8962",
+    "controller": "0x5F032555353f3A1D16aA6A4ADE0B35b369da0440",
+    "freezer": "0x90D8c80C028B4C09C0d8dcAab9bbB057F0513431",
     "psm": "0x1601843c5E9bC251A3272907010AFa41Fa18347E",
     "rateLimits": "0x983eC82E45C61a42FDDA7B3c43B8C767004c8A74",
     "relayer": "0x8a25A24EDE9482C4Fc0738F99611BE58F1c839AB",
-    "freezer": "0x90D8c80C028B4C09C0d8dcAab9bbB057F0513431",
+    "susds": "0x5875eEE11Cf8398102FdAd704C9E96607675467a",
     "usdc": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
-    "usds": "0x820C137fa70C8691f0e44Dc420a5e53c168921Dc",
-    "susds": "0x5875eEE11Cf8398102FdAd704C9E96607675467a"
+    "usds": "0x820C137fa70C8691f0e44Dc420a5e53c168921Dc"
 }

foundry.toml

@@ -1,9 +1,13 @@
 {
+    "admin": "0x62B5262D3639eA5A8ec0D8Aa442f1135ecF77205",
+    "almProxy": "0x5c077cC797B2b0C2ea99c0583e096c243cEa9Db0",
     "cctpTokenMessenger": "0x1682Ae6375C4E4A97e4B583BC394c861A46D8962",
-    "relayer": "0xaB959A6F88b8D966c44a7cDC2049Ba9669EBf047",
+    "controller": "0x2eD26eF498B2e9A623Cdb6af9b48afF1a1cF920A",
     "freezer": "0xaB959A6F88b8D966c44a7cDC2049Ba9669EBf047",
-    "usdc": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
     "psm": "0x1601843c5E9bC251A3272907010AFa41Fa18347E",
-    "usds": "0x820C137fa70C8691f0e44Dc420a5e53c168921Dc",
-    "susds": "0x5875eEE11Cf8398102FdAd704C9E96607675467a"
+    "rateLimits": "0xf13600B1fC2ec6BF98e1d8B924E5e478De85B123",
+    "relayer": "0xaB959A6F88b8D966c44a7cDC2049Ba9669EBf047",
+    "susds": "0x5875eEE11Cf8398102FdAd704C9E96607675467a",
+    "usdc": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
+    "usds": "0x820C137fa70C8691f0e44Dc420a5e53c168921Dc"
 }

lib/spark-address-registry

@@ -3,12 +3,13 @@
     "allocatorVault": "0x691a6c29e9e96dd897718305427Ad5D534db16BA",
     "almProxy": "0x1601843c5E9bC251A3272907010AFa41Fa18347E",
     "cctpTokenMessenger": "0xBd3fa81B58Ba92a82136038B25aDec7066af3155",
+    "controller": "0x5cf73FDb7057E436A6eEaDFAd27E45E7ab6E431e",
     "dai": "0x6B175474E89094C44Da98b954EedeAC495271d0F",
     "daiUsds": "0x3225737a9Bbb6473CB4a45b7244ACa2BeFdB276A",
+    "freezer": "0x90D8c80C028B4C09C0d8dcAab9bbB057F0513431",
     "psm": "0xf6e72Db5454dd049d0788e411b06CfAF16853042",
     "rateLimits": "0x7A5FD5cf045e010e62147F065cEAe59e5344b188",
     "relayer": "0x8a25A24EDE9482C4Fc0738F99611BE58F1c839AB",
-    "freezer": "0x90D8c80C028B4C09C0d8dcAab9bbB057F0513431",
     "susds": "0xa3931d71877C0E7a3148CB7Eb4463524FEc27fbD",
     "usdc": "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48",
     "usds": "0xdC035D45d973E3EC169d2276DDab16f1e407384F"

script/input/1/arbitrum_one-staging.json

@@ -1,14 +1,27 @@
 {
-    "ilk": "ALLOCATOR-SPARK-A",
-    "usdcUnitSize": 10,
-    "usdsUnitSize": 10,
+    "admin": "0x62B5262D3639eA5A8ec0D8Aa442f1135ecF77205",
+    "allocatorBuffer": "0x511ecc909b49d5F6Db5ff0DD8DcDB272c8Bc6569",
+    "allocatorOracle": "0x011533ddfcd6566cF1ab1c03375a4Cdbdd289607",
+    "allocatorRegistry": "0x94a01e71Abe2f441aa976F89f85Ba6438DCdC3e2",
+    "allocatorRoles": "0x56E492C966E9704F865df436ceb6306FFf4A6fd9",
+    "allocatorVault": "0x1fFd8A8382bCdB872ac62e36933c4e8Fc462728A",
+    "almProxy": "0x07EF00D45C85a2046c714D0E944EB6dc28618C08",
     "cctpTokenMessenger": "0xBd3fa81B58Ba92a82136038B25aDec7066af3155",
+    "controller": "0x3ba940F029a93Ba2FBBD10cE7507e9126f9dff6c",
     "dai": "0x6B175474E89094C44Da98b954EedeAC495271d0F",
     "daiUsds": "0x3225737a9Bbb6473CB4a45b7244ACa2BeFdB276A",
+    "freezer": "0x611C7c37F296240c2fF5a92f0B4a398B01B237c4",
+    "ilk": "ALLOCATOR-SPARK-A",
+    "jug": "0xa42473893FfEAf666e9632c1d4200E2d1046E1Ec",
     "psm": "0xf6e72Db5454dd049d0788e411b06CfAF16853042",
+    "psmWrapper": "0x96B0da3F44a5E1d545530F1C33b1485afa8Ee6E8",
+    "rateLimits": "0xc0117e8600FE666AE0CCA1b4fC1890ABF8E1ec49",
     "relayer": "0x611C7c37F296240c2fF5a92f0B4a398B01B237c4",
-    "freezer": "0x611C7c37F296240c2fF5a92f0B4a398B01B237c4",
     "susds": "0xa3931d71877C0E7a3148CB7Eb4463524FEc27fbD",
     "usdc": "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48",
-    "usds": "0xdC035D45d973E3EC169d2276DDab16f1e407384F"
+    "usdcUnitSize": 10,
+    "usds": "0xdC035D45d973E3EC169d2276DDab16f1e407384F",
+    "usdsJoin": "0xc1Ca37dfDf716bf863e055820454E9a8581E03f4",
+    "usdsUnitSize": 10,
+    "vat": "0x1a698C8E8f32a2ec193589c98Bb5a4CbBDD65dE4"
 }

script/input/1/base-production.json

@@ -0,0 +1,5 @@
+{
+    "almProxy": "0xBC1B4aF7E41fcBD26472fa72490d777f95014E3F",
+    "controller": "0xfd6B8A9CEbd4f2204245B6c403704BF929DCAFEF",
+    "rateLimits": "0x52CC503225Bf7CE0D2267165f6860C7F701e71bE"
+  }

script/input/1/base-staging.json

@@ -0,0 +1,8 @@
+{
+  "admin": "0x62B5262D3639eA5A8ec0D8Aa442f1135ecF77205",
+  "almProxy": "0xe25DD602aA54B1346B8D004D10D51851C451fbF3",
+  "controller": "0x149aCa3bC479EfB254aea74EB8c71625AEC55465",
+  "freezer": "0x19C6728873c6d247582A8b39fF410B42C4AE5a3F",
+  "rateLimits": "0x7B843f95AA7a6A72836F1fFE2B10ca226236BB14",
+  "relayer": "0x19C6728873c6d247582A8b39fF410B42C4AE5a3F"
+}

script/input/1/mainnet-production.json

@@ -0,0 +1,8 @@
+{
+  "admin": "0x62B5262D3639eA5A8ec0D8Aa442f1135ecF77205",
+  "almProxy": "0x5c077cC797B2b0C2ea99c0583e096c243cEa9Db0",
+  "controller": "0x2eD26eF498B2e9A623Cdb6af9b48afF1a1cF920A",
+  "freezer": "0xaB959A6F88b8D966c44a7cDC2049Ba9669EBf047",
+  "rateLimits": "0xf13600B1fC2ec6BF98e1d8B924E5e478De85B123",
+  "relayer": "0xaB959A6F88b8D966c44a7cDC2049Ba9669EBf047"
+}

script/input/1/mainnet-staging.json

@@ -0,0 +1,17 @@
+{
+  "admin": "0x62B5262D3639eA5A8ec0D8Aa442f1135ecF77205",
+  "allocatorBuffer": "0x511ecc909b49d5F6Db5ff0DD8DcDB272c8Bc6569",
+  "allocatorOracle": "0x011533ddfcd6566cF1ab1c03375a4Cdbdd289607",
+  "allocatorRegistry": "0x94a01e71Abe2f441aa976F89f85Ba6438DCdC3e2",
+  "allocatorRoles": "0x56E492C966E9704F865df436ceb6306FFf4A6fd9",
+  "allocatorVault": "0x1fFd8A8382bCdB872ac62e36933c4e8Fc462728A",
+  "almProxy": "0x07EF00D45C85a2046c714D0E944EB6dc28618C08",
+  "controller": "0x3ba940F029a93Ba2FBBD10cE7507e9126f9dff6c",
+  "freezer": "0x611C7c37F296240c2fF5a92f0B4a398B01B237c4",
+  "jug": "0xa42473893FfEAf666e9632c1d4200E2d1046E1Ec",
+  "psmWrapper": "0x96B0da3F44a5E1d545530F1C33b1485afa8Ee6E8",
+  "rateLimits": "0xc0117e8600FE666AE0CCA1b4fC1890ABF8E1ec49",
+  "relayer": "0x611C7c37F296240c2fF5a92f0B4a398B01B237c4",
+  "usdsJoin": "0xc1Ca37dfDf716bf863e055820454E9a8581E03f4",
+  "vat": "0x1a698C8E8f32a2ec193589c98Bb5a4CbBDD65dE4"
+}