Add proposal for Gho Incident Report 20231113

diffs/AaveV3Ethereum_GhoIncidentReport_20231113_before_AaveV3Ethereum_GhoIncidentReport_20231113_after.md

@@ -0,0 +1,25 @@
+## Reserve changes
+
+### Reserves altered
+
+#### GHO ([0x40D16FC0246aD3160Ccc09B8D0D3A2cD28aE6C2f](https://etherscan.io/address/0x40D16FC0246aD3160Ccc09B8D0D3A2cD28aE6C2f))
+
+| description | value before | value after |
+| --- | --- | --- |
+| variableDebtTokenImpl | [0x7aa606b1B341fFEeAfAdbbE4A2992EFB35972775](https://etherscan.io/address/0x7aa606b1B341fFEeAfAdbbE4A2992EFB35972775) | [0x20Cb2f303EDe313e2Cc44549Ad8653a5E8c0050e](https://etherscan.io/address/0x20Cb2f303EDe313e2Cc44549Ad8653a5E8c0050e) |
+
+
+## Raw diff
+
+```json
+{
+  "reserves": {
+    "0x40D16FC0246aD3160Ccc09B8D0D3A2cD28aE6C2f": {
+      "variableDebtTokenImpl": {
+        "from": "0x7aa606b1B341fFEeAfAdbbE4A2992EFB35972775",
+        "to": "0x20Cb2f303EDe313e2Cc44549Ad8653a5E8c0050e"
+      }
+    }
+  }
+}
+```

remappings.txt

@@ -6,4 +6,4 @@ aave-v3-core/=lib/aave-helpers/lib/aave-address-book/lib/aave-v3-core/
 aave-v3-periphery/=lib/aave-helpers/lib/aave-address-book/lib/aave-v3-periphery/
 ds-test/=lib/aave-helpers/lib/forge-std/lib/ds-test/src/
 forge-std/=lib/aave-helpers/lib/forge-std/src/
-solidity-utils/=lib/aave-helpers/lib/solidity-utils/src/
+solidity-utils/=lib/aave-helpers/lib/solidity-utils/src/

src/20231207_AaveV3Ethereum_GhoIncidentReport_20231126/AaveV3Ethereum_GhoIncidentReport_20231113.md

@@ -0,0 +1,27 @@
+---
+title: "GHO update on Aave V3 Ethereum Pool for 13/11/2023 Report"
+author: "Aave Labs @aave"
+discussions: "https://governance.aave.com/t/arfc-gho-technical-incident-13-11-2023/15642"
+---
+
+## Simple Summary
+
+This proposal patches the GHO integration with the Aave V3 Pool, fixing an issue reported by Immunefi on November 13, 2023. The patch, developed by Aave Labs in collaboration with Certora, upholds the highest safety standards.
+
+## Motivation
+
+The proposed patch guarantees a permanent solution for the technical issue that was identified and reported by Immunefi with the GHO integration with the Aave V3 Ethereum Pool. The fix will be implemented without altering any of the existing GHO features within the Aave V3 Pool.
+
+## Specification
+
+The proposal payload upgrades the implementation of GhoVariableDebtToken.
+
+## References
+
+- GhoVariableDebtToken implementation: [GhoVariableDebtToken](https://etherscan.io/address/0x20cb2f303ede313e2cc44549ad8653a5e8c0050e#code)
+- Implementation: [Payload](https://etherscan.io/address/0xbc9ffee8d18d75a412474b92192257d3c18471ff#code)
+- [Discussion](https://governance.aave.com/t/arfc-gho-technical-incident-13-11-2023/15642)
+
+## Copyright
+
+Copyright and related rights waived via [CC0](https://creativecommons.org/publicdomain/zero/1.0/).

src/20231207_AaveV3Ethereum_GhoIncidentReport_20231126/AaveV3Ethereum_GhoIncidentReport_20231113.s.sol

@@ -0,0 +1,55 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+import {AaveV3Ethereum_GhoIncidentReport_20231113} from './AaveV3Ethereum_GhoIncidentReport_20231113.sol';
+import {GovV3Helpers, IPayloadsControllerCore, PayloadsControllerUtils} from 'aave-helpers/GovV3Helpers.sol';
+import {EthereumScript} from 'aave-helpers/ScriptUtils.sol';
+
+/**
+ * @dev Deploy AaveV3Ethereum_GhoIncidentReport_20231113
+ * command: make deploy-ledger contract=src/20231207_AaveV3Ethereum_GhoIncidentReport_20231126/AaveV3Ethereum_GhoIncidentReport_20231113.s.sol:DeployEthereum chain=mainnet
+ */
+contract DeployEthereum is EthereumScript {
+  address constant NEW_VGHO_IMPL = 0x20Cb2f303EDe313e2Cc44549Ad8653a5E8c0050e;
+
+  function run() external broadcast {
+    // deploy payloads
+    AaveV3Ethereum_GhoIncidentReport_20231113 payload = new AaveV3Ethereum_GhoIncidentReport_20231113();
+
+    // compose action
+    IPayloadsControllerCore.ExecutionAction[]
+      memory actions = new IPayloadsControllerCore.ExecutionAction[](1);
+    actions[0] = GovV3Helpers.buildAction(address(payload));
+
+    // register action at payloadsController
+    GovV3Helpers.createPayload(actions);
+  }
+}
+
+/**
+ * @dev Create Proposal
+ * command: make deploy-ledger contract=src/20231207_AaveV3Ethereum_GhoIncidentReport_20231126/AaveV3Ethereum_GhoIncidentReport_20231113.s.sol:CreateProposal chain=mainnet
+ */
+contract CreateProposal is EthereumScript {
+  function run() external {
+    // create payloads
+    PayloadsControllerUtils.Payload[] memory payloads = new PayloadsControllerUtils.Payload[](1);
+
+    // compose actions for validation
+    IPayloadsControllerCore.ExecutionAction[]
+      memory actionsEthereum = new IPayloadsControllerCore.ExecutionAction[](1);
+    actionsEthereum[0] = GovV3Helpers.buildAction(0xbC9ffee8d18d75a412474B92192257d3c18471FF);
+    payloads[0] = GovV3Helpers.buildMainnetPayload(vm, actionsEthereum);
+
+    // create proposal
+    vm.startBroadcast();
+    GovV3Helpers.createProposal2_5(
+      vm,
+      payloads,
+      GovV3Helpers.ipfsHashFile(
+        vm,
+        'src/20231207_AaveV3Ethereum_GhoIncidentReport_20231126/AaveV3Ethereum_GhoIncidentReport_20231113.md'
+      )
+    );
+  }
+}

src/20231207_AaveV3Ethereum_GhoIncidentReport_20231126/AaveV3Ethereum_GhoIncidentReport_20231113.sol

@@ -0,0 +1,29 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+import {ConfiguratorInputTypes} from 'aave-address-book/AaveV3.sol';
+import {IERC20} from 'forge-std/interfaces/IERC20.sol';
+import {AaveV3Ethereum, AaveV3EthereumAssets} from 'aave-address-book/AaveV3Ethereum.sol';
+
+/**
+ * @title GHO update on Aave V3 Ethereum Pool for 13/11/2023 Report
+ * @dev Upgrades the implementation of the GhoVariableDebtToken contract
+ * @author Aave Labs (@aave)
+ * - Discussion: https://governance.aave.com/t/arfc-gho-technical-incident-13-11-2023/15642
+ */
+contract AaveV3Ethereum_GhoIncidentReport_20231113 {
+  address public constant NEW_VGHO_IMPL = 0x20Cb2f303EDe313e2Cc44549Ad8653a5E8c0050e;
+
+  function execute() external {
+    AaveV3Ethereum.POOL_CONFIGURATOR.updateVariableDebtToken(
+      ConfiguratorInputTypes.UpdateDebtTokenInput({
+        asset: AaveV3EthereumAssets.GHO_UNDERLYING,
+        incentivesController: AaveV3Ethereum.DEFAULT_INCENTIVES_CONTROLLER,
+        name: IERC20(AaveV3EthereumAssets.GHO_V_TOKEN).name(),
+        symbol: IERC20(AaveV3EthereumAssets.GHO_V_TOKEN).symbol(),
+        implementation: NEW_VGHO_IMPL,
+        params: bytes('')
+      })
+    );
+  }
+}

src/20231207_AaveV3Ethereum_GhoIncidentReport_20231126/AaveV3Ethereum_GhoIncidentReport_20231113.t.sol

@@ -0,0 +1,48 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+import 'forge-std/Test.sol';
+import {AaveV3EthereumAssets, AaveV3Ethereum} from 'aave-address-book/AaveV3Ethereum.sol';
+import {ProtocolV3TestBase} from 'aave-helpers/ProtocolV3TestBase.sol';
+import {IPoolConfigurator} from 'aave-address-book/AaveV3.sol';
+import {AaveV3Ethereum_GhoIncidentReport_20231113} from './AaveV3Ethereum_GhoIncidentReport_20231113.sol';
+
+interface IGhoVariableDebtTokenHelper {
+  function DEBT_TOKEN_REVISION() external view returns (uint256);
+}
+
+/**
+ * @dev Test for AaveV3Ethereum_GhoIncidentReport_20231113
+ * command: make test-contract filter=AaveV3Ethereum_GhoIncidentReport_20231113
+ */
+contract AaveV3Ethereum_GhoIncidentReport_20231113_Test is ProtocolV3TestBase {
+  address constant NEW_VGHO_IMPL = 0x20Cb2f303EDe313e2Cc44549Ad8653a5E8c0050e;
+
+  AaveV3Ethereum_GhoIncidentReport_20231113 internal proposal;
+
+  function setUp() public {
+    vm.createSelectFork(vm.rpcUrl('mainnet'), 18722500);
+    proposal = new AaveV3Ethereum_GhoIncidentReport_20231113();
+  }
+
+  function test_defaultProposalExecution() public {
+    // increase GHO borrow cap so test borrows can succeed
+    vm.prank(AaveV3Ethereum.CAPS_PLUS_RISK_STEWARD);
+    AaveV3Ethereum.POOL_CONFIGURATOR.setBorrowCap(AaveV3Ethereum.GHO_TOKEN, 36_000_000);
+    defaultTest(
+      'AaveV3Ethereum_GhoIncidentReport_20231113',
+      AaveV3Ethereum.POOL,
+      address(proposal)
+    );
+  }
+
+  function test_debtTokenRevisionUpdate() public {
+    assertTrue(
+      IGhoVariableDebtTokenHelper(AaveV3EthereumAssets.GHO_V_TOKEN).DEBT_TOKEN_REVISION() == 0x2
+    );
+    executePayload(vm, address(proposal));
+    assertTrue(
+      IGhoVariableDebtTokenHelper(AaveV3EthereumAssets.GHO_V_TOKEN).DEBT_TOKEN_REVISION() == 0x3
+    );
+  }
+}