Skip to content

feat: add master vault #126

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 13 commits into
base: main
Choose a base branch
from
Draft

feat: add master vault #126

wants to merge 13 commits into from

Conversation

@waelsy123
Copy link
Contributor

This isolate the implementation for the master vault and its related factory and subvault.

@cla-bot cla-bot bot added the cla-signed label Sep 29, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 29, 2025
View reviewed changes
contracts/tokenbridge/libraries/vault/MasterVault.sol
Comment on lines 201 to 213
function _deposit(
address caller,
address receiver,
uint256 assets,
uint256 shares
) internal virtual override {
super._deposit(caller, receiver, assets, shares);
totalPrincipal += assets;
ERC4626 _subVault = subVault;
if (address(_subVault) != address(0)) {
_subVault.deposit(assets, address(this));
}
}

Check warning

Code scanning / Slither

Unused return Medium

MasterVault._deposit(address,address,uint256,uint256) ignores return value by _subVault.deposit(assets,address(this))
contracts/tokenbridge/libraries/vault/MasterVault.sol
Comment on lines 218 to 254
function _withdraw(
address caller,
address receiver,
address _owner,
uint256 assets,
uint256 shares
) internal virtual override {
ERC4626 _subVault = subVault;
if (address(_subVault) != address(0)) {
_subVault.withdraw(assets, address(this), address(this));
}

////// PERF FEE STUFF //////
// determine profit portion and principal portion of assets
uint256 _totalProfit = totalProfit();
// use shares because they are rounded up vs assets which are rounded down
uint256 profitPortion = shares.mulDiv(_totalProfit, totalSupply(), Math.Rounding.Up);
uint256 principalPortion = assets - profitPortion;

// subtract principal portion from totalPrincipal
totalPrincipal -= principalPortion;

// send fee to owner (todo should be a separate beneficiary addr set by owner)
if (performanceFeeBps > 0 && profitPortion > 0) {
uint256 fee = profitPortion.mulDiv(performanceFeeBps, 10000, Math.Rounding.Up);
// send fee to owner
IERC20(asset()).safeTransfer(owner(), fee);

// note subtraction
assets -= fee;
}

////// END PERF FEE STUFF //////

// call super._withdraw with remaining assets
super._withdraw(caller, receiver, _owner, assets, shares);
}

Check warning

Code scanning / Slither

Unused return Medium

MasterVault._withdraw(address,address,address,uint256,uint256) ignores return value by _subVault.withdraw(assets,address(this),address(this))
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 29, 2025
View reviewed changes
contracts/tokenbridge/libraries/vault/MasterVault.sol
Comment on lines 162 to 174
function withdrawPerformanceFees() external onlyOwner {
if (!enablePerformanceFee) revert PerformanceFeeDisabled();
if (beneficiary == address(0)) revert BeneficiaryNotSet();

uint256 totalProfits = totalProfit();
if (totalProfits > 0) {
ERC4626 _subVault = subVault;
if (address(_subVault) != address(0)) {
_subVault.withdraw(totalProfits, address(this), address(this));
}
IERC20(asset()).safeTransfer(beneficiary, totalProfits);
}
}

Check warning

Code scanning / Slither

Unused return Medium

MasterVault.withdrawPerformanceFees() ignores return value by _subVault.withdraw(totalProfits,address(this),address(this))
@waelsy123 waelsy123 force-pushed the wa/master-vault-isolated branch from 590a713 to fc89964 Compare September 30, 2025 13:43
@godzillaba godzillaba marked this pull request as draft October 1, 2025 13:33
godzillaba
godzillaba reviewed Oct 1, 2025
View reviewed changes
contracts/tokenbridge/libraries/vault/MasterVault.sol
if (address(oldSubVault) == address(0)) revert NoExistingSubVault();

uint256 _totalSupply = totalSupply();
uint256 assetReceived = oldSubVault.withdraw(oldSubVault.maxWithdraw(address(this)), address(this), address(this));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there is an edge case here - the subvault may not have enough liquidity to serve this big withdrawal all at once.

we probably need to make switching vaults more robust to those liquidity constaints.

the same could be said about depositing to the new vault, it could be such a large deposit that slippage starts to become a serious issue

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we could do check whether maxWithdraw will return same amount of what master vault actually own

github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 22, 2025
View reviewed changes
contracts/tokenbridge/libraries/vault/MasterVault.sol
Comment on lines +108 to +123
function _setSubVault(IERC4626 _subVault, uint256 minSubVaultExchRateWad) internal {
if (address(_subVault) == address(0)) revert SubVaultCannotBeZeroAddress();
if (totalSupply() == 0) revert MustHaveSupplyBeforeSettingSubVault();
if (address(_subVault.asset()) != address(asset())) revert SubVaultAssetMismatch();

IERC20(asset()).safeApprove(address(_subVault), type(uint256).max);
uint256 subShares = _subVault.deposit(totalAssets(), address(this));

subVault = _subVault;

uint256 _subVaultExchRateWad = subShares.mulDiv(1e18, totalAssets(), MathUpgradeable.Rounding.Down);
if (_subVaultExchRateWad < minSubVaultExchRateWad) revert SubVaultExchangeRateTooLow();
subVaultExchRateWad = _subVaultExchRateWad;

emit SubvaultChanged(address(0), address(_subVault));
}

Check warning

Code scanning / Slither

Dangerous strict equalities Medium

MasterVault._setSubVault(IERC4626,uint256) uses a dangerous strict equality:
- totalSupply() == 0
contracts/tokenbridge/libraries/vault/MasterVault.sol
Comment on lines +108 to +123
function _setSubVault(IERC4626 _subVault, uint256 minSubVaultExchRateWad) internal {
if (address(_subVault) == address(0)) revert SubVaultCannotBeZeroAddress();
if (totalSupply() == 0) revert MustHaveSupplyBeforeSettingSubVault();
if (address(_subVault.asset()) != address(asset())) revert SubVaultAssetMismatch();

IERC20(asset()).safeApprove(address(_subVault), type(uint256).max);
uint256 subShares = _subVault.deposit(totalAssets(), address(this));

subVault = _subVault;

uint256 _subVaultExchRateWad = subShares.mulDiv(1e18, totalAssets(), MathUpgradeable.Rounding.Down);
if (_subVaultExchRateWad < minSubVaultExchRateWad) revert SubVaultExchangeRateTooLow();
subVaultExchRateWad = _subVaultExchRateWad;

emit SubvaultChanged(address(0), address(_subVault));
}
contracts/tokenbridge/libraries/vault/MasterVault.sol
Comment on lines +125 to +139
function _revokeSubVault(uint256 minAssetExchRateWad) internal {
IERC4626 oldSubVault = subVault;
if (address(oldSubVault) == address(0)) revert NoExistingSubVault();

uint256 _totalSupply = totalSupply();
uint256 assetReceived = oldSubVault.withdraw(oldSubVault.maxWithdraw(address(this)), address(this), address(this));
uint256 effectiveAssetExchRateWad = assetReceived.mulDiv(1e18, _totalSupply, MathUpgradeable.Rounding.Down);
if (effectiveAssetExchRateWad < minAssetExchRateWad) revert TooFewAssetsReceived();

IERC20(asset()).safeApprove(address(oldSubVault), 0);
subVault = IERC4626(address(0));
subVaultExchRateWad = 1e18;

emit SubvaultChanged(address(oldSubVault), address(0));
}
@sherlock-ai-beta
Copy link

Sherlock AI Findings

The automated tool identified the following potential security issues in the codebase. Please review the details for each issue in the linked dashboard.

# Title Severity Details
1 Unit mismatch in ERC4626 withdraw return breaks sub-vault transition exchange-rate validation Medium View Details
2 Miscalculated assets in _revokeSubVault due to using ERC4626.withdraw return value Medium View Details

Next Steps: Review the linked issues in the dashboard and address high-severity bugs first. Contact the team if you need assistance.

Full report available at: https://ai.sherlock.xyz/runs/989379e2-ffde-4590-953e-34652307e2a0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@godzillaba godzillaba godzillaba left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

cla-signed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@waelsy123 @godzillaba