-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathPartyGovernance.sol
1091 lines (1020 loc) · 45.7 KB
/
PartyGovernance.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
// SPDX-License-Identifier: GPL-3.0
pragma solidity 0.8.17;
import "../distribution/ITokenDistributorParty.sol";
import "../distribution/ITokenDistributor.sol";
import "../utils/ReadOnlyDelegateCall.sol";
import "../tokens/IERC721.sol";
import "../tokens/IERC20.sol";
import "../tokens/IERC1155.sol";
import "../tokens/ERC721Receiver.sol";
import "../tokens/ERC1155Receiver.sol";
import "../utils/LibERC20Compat.sol";
import "../utils/LibRawResult.sol";
import "../utils/LibSafeCast.sol";
import "../globals/IGlobals.sol";
import "../globals/LibGlobals.sol";
import "../proposals/IProposalExecutionEngine.sol";
import "../proposals/LibProposal.sol";
import "../proposals/ProposalStorage.sol";
import "./IPartyFactory.sol";
/// @notice Base contract for a Party encapsulating all governance functionality.
abstract contract PartyGovernance is
ITokenDistributorParty,
ERC721Receiver,
ERC1155Receiver,
ProposalStorage,
Implementation,
ReadOnlyDelegateCall
{
using LibERC20Compat for IERC20;
using LibRawResult for bytes;
using LibSafeCast for uint256;
using LibSafeCast for int192;
using LibSafeCast for uint96;
// States a proposal can be in.
enum ProposalStatus {
// The proposal does not exist.
Invalid,
// The proposal has been proposed (via `propose()`), has not been vetoed
// by a party host, and is within the voting window. Members can vote on
// the proposal and party hosts can veto the proposal.
Voting,
// The proposal has either exceeded its voting window without reaching
// `passThresholdBps` of votes or was vetoed by a party host.
Defeated,
// The proposal reached at least `passThresholdBps` of votes but is still
// waiting for `executionDelay` to pass before it can be executed. Members
// can continue to vote on the proposal and party hosts can veto at this time.
Passed,
// Same as `Passed` but now `executionDelay` has been satisfied. Any member
// may execute the proposal via `execute()`, unless `maxExecutableTime`
// has arrived.
Ready,
// The proposal has been executed at least once but has further steps to
// complete so it needs to be executed again. No other proposals may be
// executed while a proposal is in the `InProgress` state. No voting or
// vetoing of the proposal is allowed, however it may be forcibly cancelled
// via `cancel()` if the `cancelDelay` has passed since being first executed.
InProgress,
// The proposal was executed and completed all its steps. No voting or
// vetoing can occur and it cannot be cancelled nor executed again.
Complete,
// The proposal was executed at least once but did not complete before
// `cancelDelay` seconds passed since the first execute and was forcibly cancelled.
Cancelled
}
struct GovernanceOpts {
// Address of initial party hosts.
address[] hosts;
// How long people can vote on a proposal.
uint40 voteDuration;
// How long to wait after a proposal passes before it can be
// executed.
uint40 executionDelay;
// Minimum ratio of accept votes to consider a proposal passed,
// in bps, where 10,000 == 100%.
uint16 passThresholdBps;
// Total voting power of governance NFTs.
uint96 totalVotingPower;
// Fee bps for distributions.
uint16 feeBps;
// Fee recipeint for distributions.
address payable feeRecipient;
}
// Subset of `GovernanceOpts` that are commonly read together for
// efficiency.
struct GovernanceValues {
uint40 voteDuration;
uint40 executionDelay;
uint16 passThresholdBps;
uint96 totalVotingPower;
}
// A snapshot of voting power for a member.
struct VotingPowerSnapshot {
// The timestamp when the snapshot was taken.
uint40 timestamp;
// Voting power that was delegated to this user by others.
uint96 delegatedVotingPower;
// The intrinsic (not delegated from someone else) voting power of this user.
uint96 intrinsicVotingPower;
// Whether the user was delegated to another at this snapshot.
bool isDelegated;
}
// Proposal details chosen by proposer.
struct Proposal {
// Time beyond which the proposal can no longer be executed.
// If the proposal has already been executed, and is still InProgress,
// this value is ignored.
uint40 maxExecutableTime;
// The minimum seconds this proposal can remain in the InProgress status
// before it can be cancelled.
uint40 cancelDelay;
// Encoded proposal data. The first 4 bytes are the proposal type, followed
// by encoded proposal args specific to the proposal type. See
// ProposalExecutionEngine for details.
bytes proposalData;
}
// Accounting and state tracking values for a proposal.
// Fits in a word.
struct ProposalStateValues {
// When the proposal was proposed.
uint40 proposedTime;
// When the proposal passed the vote.
uint40 passedTime;
// When the proposal was first executed.
uint40 executedTime;
// When the proposal completed.
uint40 completedTime;
// Number of accept votes.
uint96 votes; // -1 == vetoed
}
// Storage states for a proposal.
struct ProposalState {
// Accounting and state tracking values.
ProposalStateValues values;
// Hash of the proposal.
bytes32 hash;
// Whether a member has voted for (accepted) this proposal already.
mapping(address => bool) hasVoted;
}
event Proposed(uint256 proposalId, address proposer, Proposal proposal);
event ProposalAccepted(uint256 proposalId, address voter, uint256 weight);
event EmergencyExecute(address target, bytes data, uint256 amountEth);
event ProposalPassed(uint256 indexed proposalId);
event ProposalVetoed(uint256 indexed proposalId, address host);
event ProposalExecuted(uint256 indexed proposalId, address executor, bytes nextProgressData);
event ProposalCancelled(uint256 indexed proposalId);
event DistributionCreated(
ITokenDistributor.TokenType tokenType,
address token,
uint256 tokenId
);
event VotingPowerDelegated(address indexed owner, address indexed delegate);
event HostStatusTransferred(address oldHost, address newHost);
event EmergencyExecuteDisabled();
error MismatchedPreciousListLengths();
error BadProposalStatusError(ProposalStatus status);
error BadProposalHashError(bytes32 proposalHash, bytes32 actualHash);
error ExecutionTimeExceededError(uint40 maxExecutableTime, uint40 timestamp);
error OnlyPartyHostError();
error OnlyActiveMemberError();
error InvalidDelegateError();
error BadPreciousListError();
error OnlyPartyDaoError(address notDao, address partyDao);
error OnlyPartyDaoOrHostError(address notDao, address partyDao);
error OnlyWhenEmergencyActionsAllowedError();
error OnlyWhenEnabledError();
error AlreadyVotedError(address voter);
error InvalidNewHostError();
error ProposalCannotBeCancelledYetError(uint40 currentTime, uint40 cancelTime);
error InvalidBpsError(uint16 bps);
error DistributionsRequireVoteError();
error PartyNotStartedError();
uint256 private constant UINT40_HIGH_BIT = 1 << 39;
uint96 private constant VETO_VALUE = type(uint96).max;
// The `Globals` contract storing global configuration values. This contract
// is immutable and it’s address will never change.
IGlobals private immutable _GLOBALS;
/// @notice Whether the DAO has emergency powers for this party.
bool public emergencyExecuteDisabled;
/// @notice Distribution fee bps.
uint16 public feeBps;
/// @notice Distribution fee recipient.
address payable public feeRecipient;
/// @notice The hash of the list of precious NFTs guarded by the party.
bytes32 public preciousListHash;
/// @notice The last proposal ID that was used. 0 means no proposals have been made.
uint256 public lastProposalId;
/// @notice Whether an address is a party host.
mapping(address => bool) public isHost;
/// @notice The last person a voter delegated its voting power to.
mapping(address => address) public delegationsByVoter;
// Governance parameters for this party.
GovernanceValues internal _governanceValues;
// ProposalState by proposal ID.
mapping(uint256 => ProposalState) private _proposalStateByProposalId;
// Snapshots of voting power per user, each sorted by increasing time.
mapping(address => VotingPowerSnapshot[]) private _votingPowerSnapshotsByVoter;
modifier onlyHost() {
if (!isHost[msg.sender]) {
revert OnlyPartyHostError();
}
_;
}
// Caller must have voting power at the current time.
modifier onlyActiveMember() {
{
VotingPowerSnapshot memory snap = _getLastVotingPowerSnapshotForVoter(msg.sender);
// Must have either delegated voting power or intrinsic voting power.
if (snap.intrinsicVotingPower == 0 && snap.delegatedVotingPower == 0) {
revert OnlyActiveMemberError();
}
}
_;
}
// Only the party DAO multisig can call.
modifier onlyPartyDao() {
{
address partyDao = _GLOBALS.getAddress(LibGlobals.GLOBAL_DAO_WALLET);
if (msg.sender != partyDao) {
revert OnlyPartyDaoError(msg.sender, partyDao);
}
}
_;
}
// Only the party DAO multisig or a party host can call.
modifier onlyPartyDaoOrHost() {
address partyDao = _GLOBALS.getAddress(LibGlobals.GLOBAL_DAO_WALLET);
if (msg.sender != partyDao && !isHost[msg.sender]) {
revert OnlyPartyDaoOrHostError(msg.sender, partyDao);
}
_;
}
// Only if `emergencyExecuteDisabled` is not true.
modifier onlyWhenEmergencyExecuteAllowed() {
if (emergencyExecuteDisabled) {
revert OnlyWhenEmergencyActionsAllowedError();
}
_;
}
modifier onlyWhenNotGloballyDisabled() {
if (_GLOBALS.getBool(LibGlobals.GLOBAL_DISABLE_PARTY_ACTIONS)) {
revert OnlyWhenEnabledError();
}
_;
}
// Set the `Globals` contract.
constructor(IGlobals globals) {
_GLOBALS = globals;
}
// Initialize storage for proxy contracts and initialize the proposal execution engine.
function _initialize(
GovernanceOpts memory govOpts,
ProposalStorage.ProposalEngineOpts memory proposalEngineOpts,
IERC721[] memory preciousTokens,
uint256[] memory preciousTokenIds
) internal virtual {
// Check BPS are valid.
if (govOpts.feeBps > 1e4) {
revert InvalidBpsError(govOpts.feeBps);
}
if (govOpts.passThresholdBps > 1e4) {
revert InvalidBpsError(govOpts.passThresholdBps);
}
// Initialize the proposal execution engine.
_initProposalImpl(
IProposalExecutionEngine(_GLOBALS.getAddress(LibGlobals.GLOBAL_PROPOSAL_ENGINE_IMPL)),
abi.encode(proposalEngineOpts)
);
// Set the governance parameters.
_governanceValues = GovernanceValues({
voteDuration: govOpts.voteDuration,
executionDelay: govOpts.executionDelay,
passThresholdBps: govOpts.passThresholdBps,
totalVotingPower: govOpts.totalVotingPower
});
// Set fees.
feeBps = govOpts.feeBps;
feeRecipient = govOpts.feeRecipient;
// Set the precious list.
_setPreciousList(preciousTokens, preciousTokenIds);
// Set the party hosts.
for (uint256 i = 0; i < govOpts.hosts.length; ++i) {
isHost[govOpts.hosts[i]] = true;
}
}
/// @dev Forward all unknown read-only calls to the proposal execution engine.
/// Initial use case is to facilitate eip-1271 signatures.
fallback() external {
_readOnlyDelegateCall(address(_getSharedProposalStorage().engineImpl), msg.data);
}
/// @inheritdoc EIP165
/// @dev Combined logic for `ERC721Receiver` and `ERC1155Receiver`.
function supportsInterface(
bytes4 interfaceId
) public pure virtual override(ERC721Receiver, ERC1155Receiver) returns (bool) {
return
ERC721Receiver.supportsInterface(interfaceId) ||
ERC1155Receiver.supportsInterface(interfaceId);
}
/// @notice Get the current `ProposalExecutionEngine` instance.
function getProposalExecutionEngine() external view returns (IProposalExecutionEngine) {
return _getSharedProposalStorage().engineImpl;
}
/// @notice Get the current `ProposalEngineOpts` options.
function getProposalEngineOpts() external view returns (ProposalEngineOpts memory) {
return _getSharedProposalStorage().opts;
}
/// @notice Get the total voting power of `voter` at a `timestamp`.
/// @param voter The address of the voter.
/// @param timestamp The timestamp to get the voting power at.
/// @return votingPower The total voting power of `voter` at `timestamp`.
function getVotingPowerAt(
address voter,
uint40 timestamp
) external view returns (uint96 votingPower) {
return getVotingPowerAt(voter, timestamp, type(uint256).max);
}
/// @notice Get the total voting power of `voter` at a snapshot `snapIndex`, with checks to
/// make sure it is the latest voting snapshot =< `timestamp`.
/// @param voter The address of the voter.
/// @param timestamp The timestamp to get the voting power at.
/// @param snapIndex The index of the snapshot to get the voting power at.
/// @return votingPower The total voting power of `voter` at `timestamp`.
function getVotingPowerAt(
address voter,
uint40 timestamp,
uint256 snapIndex
) public view returns (uint96 votingPower) {
VotingPowerSnapshot memory snap = _getVotingPowerSnapshotAt(voter, timestamp, snapIndex);
return (snap.isDelegated ? 0 : snap.intrinsicVotingPower) + snap.delegatedVotingPower;
}
/// @notice Get the state of a proposal.
/// @param proposalId The ID of the proposal.
/// @return status The status of the proposal.
/// @return values The state of the proposal.
function getProposalStateInfo(
uint256 proposalId
) external view returns (ProposalStatus status, ProposalStateValues memory values) {
values = _proposalStateByProposalId[proposalId].values;
status = _getProposalStatus(values);
}
/// @notice Retrieve fixed governance parameters.
/// @return gv The governance parameters of this party.
function getGovernanceValues() external view returns (GovernanceValues memory gv) {
return _governanceValues;
}
/// @notice Get the hash of a proposal.
/// @dev Proposal details are not stored on-chain so the hash is used to enforce
/// consistency between calls.
/// @param proposal The proposal to hash.
/// @return proposalHash The hash of the proposal.
function getProposalHash(Proposal memory proposal) public pure returns (bytes32 proposalHash) {
// Hash the proposal in-place. Equivalent to:
// keccak256(abi.encode(
// proposal.maxExecutableTime,
// proposal.cancelDelay,
// keccak256(proposal.proposalData)
// ))
bytes32 dataHash = keccak256(proposal.proposalData);
assembly {
// Overwrite the data field with the hash of its contents and then
// hash the struct.
let dataPos := add(proposal, 0x40)
let t := mload(dataPos)
mstore(dataPos, dataHash)
proposalHash := keccak256(proposal, 0x60)
// Restore the data field.
mstore(dataPos, t)
}
}
/// @notice Get the index of the most recent voting power snapshot <= `timestamp`.
/// @param voter The address of the voter.
/// @param timestamp The timestamp to get the snapshot index at.
/// @return index The index of the snapshot.
function findVotingPowerSnapshotIndex(
address voter,
uint40 timestamp
) public view returns (uint256 index) {
VotingPowerSnapshot[] storage snaps = _votingPowerSnapshotsByVoter[voter];
// Derived from Open Zeppelin binary search
// ref: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/utils/Checkpoints.sol#L39
uint256 high = snaps.length;
uint256 low = 0;
while (low < high) {
uint256 mid = (low + high) / 2;
if (snaps[mid].timestamp > timestamp) {
// Entry is too recent.
high = mid;
} else {
// Entry is older. This is our best guess for now.
low = mid + 1;
}
}
// Return `type(uint256).max` if no valid voting snapshots found.
return high == 0 ? type(uint256).max : high - 1;
}
/// @notice Pledge your intrinsic voting power to a new delegate, removing it from
/// the old one (if any).
/// @param delegate The address to delegating voting power to.
function delegateVotingPower(address delegate) external onlyDelegateCall {
_adjustVotingPower(msg.sender, 0, delegate);
emit VotingPowerDelegated(msg.sender, delegate);
}
/// @notice Transfer party host status to another.
/// @param newPartyHost The address of the new host.
function abdicateHost(address newPartyHost) external onlyHost onlyDelegateCall {
// 0 is a special case burn address.
if (newPartyHost != address(0)) {
// Cannot transfer host status to an existing host.
if (isHost[newPartyHost]) {
revert InvalidNewHostError();
}
isHost[newPartyHost] = true;
}
isHost[msg.sender] = false;
emit HostStatusTransferred(msg.sender, newPartyHost);
}
/// @notice Create a token distribution by moving the party's entire balance
/// to the `TokenDistributor` contract and immediately creating a
/// distribution governed by this party.
/// @dev The `feeBps` and `feeRecipient` this party was created with will be
/// propagated to the distribution. Party members are entitled to a
/// share of the distribution's tokens proportionate to their relative
/// voting power in this party (less the fee).
/// @dev Allow this to be called by the party itself for `FractionalizeProposal`.
/// @param tokenType The type of token to distribute.
/// @param token The address of the token to distribute.
/// @param tokenId The ID of the token to distribute. Currently unused but
/// may be used in the future to support other distribution types.
/// @return distInfo The information about the created distribution.
function distribute(
uint256 amount,
ITokenDistributor.TokenType tokenType,
address token,
uint256 tokenId
)
external
onlyWhenNotGloballyDisabled
onlyDelegateCall
returns (ITokenDistributor.DistributionInfo memory distInfo)
{
// Ignore if the party is calling functions on itself, like with
// `FractionalizeProposal` and `DistributionProposal`.
if (msg.sender != address(this)) {
// Must not require a vote to create a distribution, otherwise
// distributions can only be created through a distribution
// proposal.
if (_getSharedProposalStorage().opts.distributionsRequireVote) {
revert DistributionsRequireVoteError();
}
// Must be an active member.
VotingPowerSnapshot memory snap = _getLastVotingPowerSnapshotForVoter(msg.sender);
if (snap.intrinsicVotingPower == 0 && snap.delegatedVotingPower == 0) {
revert OnlyActiveMemberError();
}
}
// Prevent creating a distribution if the party has not started.
if (_getTotalVotingPower() == 0) {
revert PartyNotStartedError();
}
// Get the address of the token distributor.
ITokenDistributor distributor = ITokenDistributor(
_GLOBALS.getAddress(LibGlobals.GLOBAL_TOKEN_DISTRIBUTOR)
);
emit DistributionCreated(tokenType, token, tokenId);
// Create a native token distribution.
address payable feeRecipient_ = feeRecipient;
uint16 feeBps_ = feeBps;
if (tokenType == ITokenDistributor.TokenType.Native) {
return
distributor.createNativeDistribution{ value: amount }(this, feeRecipient_, feeBps_);
}
// Otherwise must be an ERC20 token distribution.
assert(tokenType == ITokenDistributor.TokenType.Erc20);
IERC20(token).compatTransfer(address(distributor), amount);
return distributor.createErc20Distribution(IERC20(token), this, feeRecipient_, feeBps_);
}
/// @notice Make a proposal for members to vote on and cast a vote to accept it
/// as well.
/// @dev Only an active member (has voting power) can call this.
/// Afterwards, members can vote to support it with `accept()` or a party
/// host can unilaterally reject the proposal with `veto()`.
/// @param proposal The details of the proposal.
/// @param latestSnapIndex The index of the caller's most recent voting power
/// snapshot before the proposal was created. Should
/// be retrieved off-chain and passed in.
function propose(
Proposal memory proposal,
uint256 latestSnapIndex
) external onlyActiveMember onlyDelegateCall returns (uint256 proposalId) {
proposalId = ++lastProposalId;
// Store the time the proposal was created and the proposal hash.
(
_proposalStateByProposalId[proposalId].values,
_proposalStateByProposalId[proposalId].hash
) = (
ProposalStateValues({
proposedTime: uint40(block.timestamp),
passedTime: 0,
executedTime: 0,
completedTime: 0,
votes: 0
}),
getProposalHash(proposal)
);
emit Proposed(proposalId, msg.sender, proposal);
accept(proposalId, latestSnapIndex);
}
/// @notice Vote to support a proposed proposal.
/// @dev The voting power cast will be the effective voting power of the caller
/// just before `propose()` was called (see `getVotingPowerAt()`).
/// If the proposal reaches `passThresholdBps` acceptance ratio then the
/// proposal will be in the `Passed` state and will be executable after
/// the `executionDelay` has passed, putting it in the `Ready` state.
/// @param proposalId The ID of the proposal to accept.
/// @param snapIndex The index of the caller's last voting power snapshot
/// before the proposal was created. Should be retrieved
/// off-chain and passed in.
/// @return totalVotes The total votes cast on the proposal.
function accept(
uint256 proposalId,
uint256 snapIndex
) public onlyDelegateCall returns (uint256 totalVotes) {
// Get the information about the proposal.
ProposalState storage info = _proposalStateByProposalId[proposalId];
ProposalStateValues memory values = info.values;
// Can only vote in certain proposal statuses.
{
ProposalStatus status = _getProposalStatus(values);
// Allow voting even if the proposal is passed/ready so it can
// potentially reach 100% consensus, which unlocks special
// behaviors for certain proposal types.
if (
status != ProposalStatus.Voting &&
status != ProposalStatus.Passed &&
status != ProposalStatus.Ready
) {
revert BadProposalStatusError(status);
}
}
// Cannot vote twice.
if (info.hasVoted[msg.sender]) {
revert AlreadyVotedError(msg.sender);
}
// Mark the caller as having voted.
info.hasVoted[msg.sender] = true;
// Increase the total votes that have been cast on this proposal.
uint96 votingPower = getVotingPowerAt(msg.sender, values.proposedTime - 1, snapIndex);
values.votes += votingPower;
info.values = values;
emit ProposalAccepted(proposalId, msg.sender, votingPower);
// Update the proposal status if it has reached the pass threshold.
if (
values.passedTime == 0 &&
_areVotesPassing(
values.votes,
_governanceValues.totalVotingPower,
_governanceValues.passThresholdBps
)
) {
info.values.passedTime = uint40(block.timestamp);
emit ProposalPassed(proposalId);
}
return values.votes;
}
/// @notice As a party host, veto a proposal, unilaterally rejecting it.
/// @dev The proposal will never be executable and cannot be voted on anymore.
/// A proposal that has been already executed at least once (in the `InProgress` status)
/// cannot be vetoed.
/// @param proposalId The ID of the proposal to veto.
function veto(uint256 proposalId) external onlyHost onlyDelegateCall {
// Setting `votes` to -1 indicates a veto.
ProposalState storage info = _proposalStateByProposalId[proposalId];
ProposalStateValues memory values = info.values;
{
ProposalStatus status = _getProposalStatus(values);
// Proposal must be in one of the following states.
if (
status != ProposalStatus.Voting &&
status != ProposalStatus.Passed &&
status != ProposalStatus.Ready
) {
revert BadProposalStatusError(status);
}
}
// -1 indicates veto.
info.values.votes = VETO_VALUE;
emit ProposalVetoed(proposalId, msg.sender);
}
/// @notice Executes a proposal that has passed governance.
/// @dev The proposal must be in the `Ready` or `InProgress` status.
/// A `ProposalExecuted` event will be emitted with a non-empty `nextProgressData`
/// if the proposal has extra steps (must be executed again) to carry out,
/// in which case `nextProgressData` should be passed into the next `execute()` call.
/// The `ProposalExecutionEngine` enforces that only one `InProgress` proposal
/// is active at a time, so that proposal must be completed or cancelled via `cancel()`
/// in order to execute a different proposal.
/// `extraData` is optional, off-chain data a proposal might need to execute a step.
/// @param proposalId The ID of the proposal to execute.
/// @param proposal The details of the proposal.
/// @param preciousTokens The tokens that the party considers precious.
/// @param preciousTokenIds The token IDs associated with each precious token.
/// @param progressData The data returned from the last `execute()` call, if any.
/// @param extraData Off-chain data a proposal might need to execute a step.
function execute(
uint256 proposalId,
Proposal memory proposal,
IERC721[] memory preciousTokens,
uint256[] memory preciousTokenIds,
bytes calldata progressData,
bytes calldata extraData
) external payable onlyActiveMember onlyWhenNotGloballyDisabled onlyDelegateCall {
// Get information about the proposal.
ProposalState storage proposalState = _proposalStateByProposalId[proposalId];
// Proposal details must remain the same from `propose()`.
_validateProposalHash(proposal, proposalState.hash);
ProposalStateValues memory values = proposalState.values;
ProposalStatus status = _getProposalStatus(values);
// The proposal must be executable or have already been executed but still
// has more steps to go.
if (status != ProposalStatus.Ready && status != ProposalStatus.InProgress) {
revert BadProposalStatusError(status);
}
if (status == ProposalStatus.Ready) {
// If the proposal has not been executed yet, make sure it hasn't
// expired. Note that proposals that have been executed
// (but still have more steps) ignore `maxExecutableTime`.
if (proposal.maxExecutableTime < block.timestamp) {
revert ExecutionTimeExceededError(
proposal.maxExecutableTime,
uint40(block.timestamp)
);
}
proposalState.values.executedTime = uint40(block.timestamp);
}
// Check that the precious list is valid.
if (!_isPreciousListCorrect(preciousTokens, preciousTokenIds)) {
revert BadPreciousListError();
}
// Preemptively set the proposal to completed to avoid it being executed
// again in a deeper call.
proposalState.values.completedTime = uint40(block.timestamp);
// Execute the proposal.
bool completed = _executeProposal(
proposalId,
proposal,
preciousTokens,
preciousTokenIds,
_getProposalFlags(values),
progressData,
extraData
);
if (!completed) {
// Proposal did not complete.
proposalState.values.completedTime = 0;
}
}
/// @notice Cancel a (probably stuck) InProgress proposal.
/// @dev `proposal.cancelDelay` seconds must have passed since it was first
/// executed for this to be valid. The currently active proposal will
/// simply be yeeted out of existence so another proposal can execute.
/// This is intended to be a last resort and can leave the party in a
/// broken state. Whenever possible, active proposals should be
/// allowed to complete their lifecycle.
/// @param proposalId The ID of the proposal to cancel.
/// @param proposal The details of the proposal to cancel.
function cancel(
uint256 proposalId,
Proposal calldata proposal
) external onlyActiveMember onlyDelegateCall {
// Get information about the proposal.
ProposalState storage proposalState = _proposalStateByProposalId[proposalId];
// Proposal details must remain the same from `propose()`.
_validateProposalHash(proposal, proposalState.hash);
ProposalStateValues memory values = proposalState.values;
{
// Must be `InProgress`.
ProposalStatus status = _getProposalStatus(values);
if (status != ProposalStatus.InProgress) {
revert BadProposalStatusError(status);
}
}
{
// Limit the `cancelDelay` to the global max and min cancel delay
// to mitigate parties accidentally getting stuck forever by setting an
// unrealistic `cancelDelay` or being reckless with too low a
// cancel delay.
uint256 cancelDelay = proposal.cancelDelay;
uint256 globalMaxCancelDelay = _GLOBALS.getUint256(
LibGlobals.GLOBAL_PROPOSAL_MAX_CANCEL_DURATION
);
uint256 globalMinCancelDelay = _GLOBALS.getUint256(
LibGlobals.GLOBAL_PROPOSAL_MIN_CANCEL_DURATION
);
if (globalMaxCancelDelay != 0) {
// Only if we have one set.
if (cancelDelay > globalMaxCancelDelay) {
cancelDelay = globalMaxCancelDelay;
}
}
if (globalMinCancelDelay != 0) {
// Only if we have one set.
if (cancelDelay < globalMinCancelDelay) {
cancelDelay = globalMinCancelDelay;
}
}
uint256 cancelTime = values.executedTime + cancelDelay;
// Must not be too early.
if (block.timestamp < cancelTime) {
revert ProposalCannotBeCancelledYetError(
uint40(block.timestamp),
uint40(cancelTime)
);
}
}
// Mark the proposal as cancelled by setting the completed time to the current
// time with the high bit set.
proposalState.values.completedTime = uint40(block.timestamp | UINT40_HIGH_BIT);
{
// Delegatecall into the proposal engine impl to perform the cancel.
(bool success, bytes memory resultData) = (
address(_getSharedProposalStorage().engineImpl)
).delegatecall(abi.encodeCall(IProposalExecutionEngine.cancelProposal, (proposalId)));
if (!success) {
resultData.rawRevert();
}
}
emit ProposalCancelled(proposalId);
}
/// @notice As the DAO, execute an arbitrary function call from this contract.
/// @dev Emergency actions must not be revoked for this to work.
/// @param targetAddress The contract to call.
/// @param targetCallData The data to pass to the contract.
/// @param amountEth The amount of ETH to send to the contract.
function emergencyExecute(
address targetAddress,
bytes calldata targetCallData,
uint256 amountEth
) external payable onlyPartyDao onlyWhenEmergencyExecuteAllowed onlyDelegateCall {
(bool success, bytes memory res) = targetAddress.call{ value: amountEth }(targetCallData);
if (!success) {
res.rawRevert();
}
emit EmergencyExecute(targetAddress, targetCallData, amountEth);
}
/// @notice Revoke the DAO's ability to call emergencyExecute().
/// @dev Either the DAO or the party host can call this.
function disableEmergencyExecute() external onlyPartyDaoOrHost onlyDelegateCall {
emergencyExecuteDisabled = true;
emit EmergencyExecuteDisabled();
}
function _executeProposal(
uint256 proposalId,
Proposal memory proposal,
IERC721[] memory preciousTokens,
uint256[] memory preciousTokenIds,
uint256 flags,
bytes memory progressData,
bytes memory extraData
) private returns (bool completed) {
// Setup the arguments for the proposal execution engine.
IProposalExecutionEngine.ExecuteProposalParams
memory executeParams = IProposalExecutionEngine.ExecuteProposalParams({
proposalId: proposalId,
proposalData: proposal.proposalData,
progressData: progressData,
extraData: extraData,
preciousTokens: preciousTokens,
preciousTokenIds: preciousTokenIds,
flags: flags
});
// Get the progress data returned after the proposal is executed.
bytes memory nextProgressData;
{
// Execute the proposal.
(bool success, bytes memory resultData) = address(
_getSharedProposalStorage().engineImpl
).delegatecall(
abi.encodeCall(IProposalExecutionEngine.executeProposal, (executeParams))
);
if (!success) {
resultData.rawRevert();
}
nextProgressData = abi.decode(resultData, (bytes));
}
emit ProposalExecuted(proposalId, msg.sender, nextProgressData);
// If the returned progress data is empty, then the proposal completed
// and it should not be executed again.
return nextProgressData.length == 0;
}
// Get the most recent voting power snapshot <= timestamp using `hintindex` as a "hint".
function _getVotingPowerSnapshotAt(
address voter,
uint40 timestamp,
uint256 hintIndex
) internal view returns (VotingPowerSnapshot memory snap) {
VotingPowerSnapshot[] storage snaps = _votingPowerSnapshotsByVoter[voter];
uint256 snapsLength = snaps.length;
if (snapsLength != 0) {
if (
// Hint is within bounds.
hintIndex < snapsLength &&
// Snapshot is not too recent.
snaps[hintIndex].timestamp <= timestamp &&
// Snapshot is not too old.
(hintIndex == snapsLength - 1 || snaps[hintIndex + 1].timestamp > timestamp)
) {
return snaps[hintIndex];
}
// Hint was wrong, fallback to binary search to find snapshot.
hintIndex = findVotingPowerSnapshotIndex(voter, timestamp);
// Check that snapshot was found.
if (hintIndex != type(uint256).max) {
return snaps[hintIndex];
}
}
// No snapshot found.
return snap;
}
// Transfers some voting power of `from` to `to`. The total voting power of
// their respective delegates will be updated as well.
function _transferVotingPower(address from, address to, uint256 power) internal {
int192 powerI192 = power.safeCastUint256ToInt192();
_adjustVotingPower(from, -powerI192, address(0));
_adjustVotingPower(to, powerI192, address(0));
}
// Increase `voter`'s intrinsic voting power and update their delegate if delegate is nonzero.
function _adjustVotingPower(address voter, int192 votingPower, address delegate) internal {
VotingPowerSnapshot memory oldSnap = _getLastVotingPowerSnapshotForVoter(voter);
address oldDelegate = delegationsByVoter[voter];
// If `oldDelegate` is zero and `voter` never delegated, then have
// `voter` delegate to themself.
oldDelegate = oldDelegate == address(0) ? voter : oldDelegate;
// If the new `delegate` is zero, use the current (old) delegate.
delegate = delegate == address(0) ? oldDelegate : delegate;
VotingPowerSnapshot memory newSnap = VotingPowerSnapshot({
timestamp: uint40(block.timestamp),
delegatedVotingPower: oldSnap.delegatedVotingPower,
intrinsicVotingPower: (oldSnap.intrinsicVotingPower.safeCastUint96ToInt192() +
votingPower).safeCastInt192ToUint96(),
isDelegated: delegate != voter
});
_insertVotingPowerSnapshot(voter, newSnap);
delegationsByVoter[voter] = delegate;
// Handle rebalancing delegates.
_rebalanceDelegates(voter, oldDelegate, delegate, oldSnap, newSnap);
}
function _getTotalVotingPower() internal view returns (uint256) {
return _governanceValues.totalVotingPower;
}
// Update the delegated voting power of the old and new delegates delegated to
// by `voter` based on the snapshot change.
function _rebalanceDelegates(
address voter,
address oldDelegate,
address newDelegate,
VotingPowerSnapshot memory oldSnap,
VotingPowerSnapshot memory newSnap
) private {
if (newDelegate == address(0) || oldDelegate == address(0)) {
revert InvalidDelegateError();
}
if (oldDelegate != voter && oldDelegate != newDelegate) {
// Remove past voting power from old delegate.
VotingPowerSnapshot memory oldDelegateSnap = _getLastVotingPowerSnapshotForVoter(
oldDelegate
);
VotingPowerSnapshot memory updatedOldDelegateSnap = VotingPowerSnapshot({
timestamp: uint40(block.timestamp),
delegatedVotingPower: oldDelegateSnap.delegatedVotingPower -
oldSnap.intrinsicVotingPower,
intrinsicVotingPower: oldDelegateSnap.intrinsicVotingPower,
isDelegated: oldDelegateSnap.isDelegated
});
_insertVotingPowerSnapshot(oldDelegate, updatedOldDelegateSnap);
}
if (newDelegate != voter) {
// Not delegating to self.
// Add new voting power to new delegate.
VotingPowerSnapshot memory newDelegateSnap = _getLastVotingPowerSnapshotForVoter(
newDelegate
);
uint96 newDelegateDelegatedVotingPower = newDelegateSnap.delegatedVotingPower +
newSnap.intrinsicVotingPower;
if (newDelegate == oldDelegate) {
// If the old and new delegate are the same, subtract the old
// intrinsic voting power of the voter, or else we will double
// count a portion of it.
newDelegateDelegatedVotingPower -= oldSnap.intrinsicVotingPower;
}
VotingPowerSnapshot memory updatedNewDelegateSnap = VotingPowerSnapshot({
timestamp: uint40(block.timestamp),
delegatedVotingPower: newDelegateDelegatedVotingPower,
intrinsicVotingPower: newDelegateSnap.intrinsicVotingPower,
isDelegated: newDelegateSnap.isDelegated
});
_insertVotingPowerSnapshot(newDelegate, updatedNewDelegateSnap);
}
}
// Append a new voting power snapshot, overwriting the last one if possible.
function _insertVotingPowerSnapshot(address voter, VotingPowerSnapshot memory snap) private {
VotingPowerSnapshot[] storage voterSnaps = _votingPowerSnapshotsByVoter[voter];
uint256 n = voterSnaps.length;
// If same timestamp as last entry, overwrite the last snapshot, otherwise append.
if (n != 0) {
VotingPowerSnapshot memory lastSnap = voterSnaps[n - 1];
if (lastSnap.timestamp == snap.timestamp) {
voterSnaps[n - 1] = snap;
return;
}
}
voterSnaps.push(snap);
}
function _getLastVotingPowerSnapshotForVoter(
address voter
) private view returns (VotingPowerSnapshot memory snap) {
VotingPowerSnapshot[] storage voterSnaps = _votingPowerSnapshotsByVoter[voter];
uint256 n = voterSnaps.length;
if (n != 0) {
snap = voterSnaps[n - 1];
}
}
function _getProposalFlags(ProposalStateValues memory pv) private view returns (uint256) {
if (_isUnanimousVotes(pv.votes, _governanceValues.totalVotingPower)) {
return LibProposal.PROPOSAL_FLAG_UNANIMOUS;
}
return 0;
}
function _getProposalStatus(
ProposalStateValues memory pv
) private view returns (ProposalStatus status) {
// Never proposed.
if (pv.proposedTime == 0) {
return ProposalStatus.Invalid;
}