Transpile dd04dfe75

Author: github-actions[bot]

.changeset/brave-islands-sparkle.md

@@ -0,0 +1,5 @@
+---
+'openzeppelin-solidity': minor
+---
+
+`GovernorSequentialProposalId`: Adds a `Governor` extension that sequentially numbers proposal ids instead of using the hash.

.changeset/cyan-taxis-travel.md

@@ -0,0 +1,5 @@
+---
+'openzeppelin-solidity': minor
+---
+
+`Address`: bubble up revert data on `sendValue` failed call

.changeset/long-walls-draw.md

@@ -0,0 +1,5 @@
+---
+'openzeppelin-solidity': minor
+---
+
+`IERC6909`: Add the interface for ERC-6909.

.changeset/ten-fishes-fold.md

@@ -0,0 +1,5 @@
+---
+'openzeppelin-solidity': minor
+---
+
+`IGovernor`: Add the `getProposalId` function to the governor interface.

.changeset/thin-eels-cross.md

@@ -0,0 +1,5 @@
+---
+'openzeppelin-solidity': patch
+---
+
+`ERC4626`: Use the `asset` getter in `totalAssets`, `_deposit` and `_withdraw`.

.github/workflows/checks.yml

@@ -97,7 +97,7 @@ jobs:
         uses: ./.github/actions/setup
       - name: Run coverage
         run: npm run coverage
-      - uses: codecov/codecov-action@v4
+      - uses: codecov/codecov-action@v5
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
 
@@ -118,11 +118,7 @@ jobs:
       - uses: actions/checkout@v4
       - name: Set up environment
         uses: ./.github/actions/setup
-      - run: rm foundry.toml
       - uses: crytic/[email protected]
-        with:
-          node-version: 18.15
-          slither-version: 0.10.1
 
   codespell:
     runs-on: ubuntu-latest

.github/workflows/formal-verification.yml

@@ -52,7 +52,7 @@ jobs:
       - name: Install python packages
         run: pip install -r fv-requirements.txt
       - name: Install java
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           distribution: temurin
           java-version: ${{ env.JAVA_VERSION }}

contracts/governance/GovernorUpgradeable.sol

@@ -113,6 +113,7 @@ abstract contract GovernorUpgradeable is Initializable, ContextUpgradeable, ERC1
     function supportsInterface(bytes4 interfaceId) public view virtual override(IERC165, ERC165Upgradeable) returns (bool) {
         return
             interfaceId == type(IGovernor).interfaceId ||
+            interfaceId == type(IGovernor).interfaceId ^ IGovernor.getProposalId.selector ||
             interfaceId == type(IERC1155Receiver).interfaceId ||
             super.supportsInterface(interfaceId);
     }
@@ -154,6 +155,18 @@ abstract contract GovernorUpgradeable is Initializable, ContextUpgradeable, ERC1
         return uint256(keccak256(abi.encode(targets, values, calldatas, descriptionHash)));
     }
 
+    /**
+     * @dev See {IGovernor-getProposalId}.
+     */
+    function getProposalId(
+        address[] memory targets,
+        uint256[] memory values,
+        bytes[] memory calldatas,
+        bytes32 descriptionHash
+    ) public view virtual returns (uint256) {
+        return hashProposal(targets, values, calldatas, descriptionHash);
+    }
+
     /**
      * @dev See {IGovernor-state}.
      */
@@ -346,7 +359,7 @@ abstract contract GovernorUpgradeable is Initializable, ContextUpgradeable, ERC1
         address proposer
     ) internal virtual returns (uint256 proposalId) {
         GovernorStorage storage $ = _getGovernorStorage();
-        proposalId = hashProposal(targets, values, calldatas, keccak256(bytes(description)));
+        proposalId = getProposalId(targets, values, calldatas, keccak256(bytes(description)));
 
         if (targets.length != values.length || targets.length != calldatas.length || targets.length == 0) {
             revert GovernorInvalidProposalLength(targets.length, calldatas.length, values.length);
@@ -388,7 +401,7 @@ abstract contract GovernorUpgradeable is Initializable, ContextUpgradeable, ERC1
         bytes32 descriptionHash
     ) public virtual returns (uint256) {
         GovernorStorage storage $ = _getGovernorStorage();
-        uint256 proposalId = hashProposal(targets, values, calldatas, descriptionHash);
+        uint256 proposalId = getProposalId(targets, values, calldatas, descriptionHash);
 
         _validateStateBitmap(proposalId, _encodeStateBitmap(ProposalState.Succeeded));
 
@@ -437,7 +450,7 @@ abstract contract GovernorUpgradeable is Initializable, ContextUpgradeable, ERC1
         bytes32 descriptionHash
     ) public payable virtual returns (uint256) {
         GovernorStorage storage $ = _getGovernorStorage();
-        uint256 proposalId = hashProposal(targets, values, calldatas, descriptionHash);
+        uint256 proposalId = getProposalId(targets, values, calldatas, descriptionHash);
 
         _validateStateBitmap(
             proposalId,
@@ -499,8 +512,8 @@ abstract contract GovernorUpgradeable is Initializable, ContextUpgradeable, ERC1
     ) public virtual returns (uint256) {
         // The proposalId will be recomputed in the `_cancel` call further down. However we need the value before we
         // do the internal call, because we need to check the proposal state BEFORE the internal `_cancel` call
-        // changes it. The `hashProposal` duplication has a cost that is limited, and that we accept.
-        uint256 proposalId = hashProposal(targets, values, calldatas, descriptionHash);
+        // changes it. The `getProposalId` duplication has a cost that is limited, and that we accept.
+        uint256 proposalId = getProposalId(targets, values, calldatas, descriptionHash);
 
         // public cancel restrictions (on top of existing _cancel restrictions).
         _validateStateBitmap(proposalId, _encodeStateBitmap(ProposalState.Pending));
@@ -524,7 +537,7 @@ abstract contract GovernorUpgradeable is Initializable, ContextUpgradeable, ERC1
         bytes32 descriptionHash
     ) internal virtual returns (uint256) {
         GovernorStorage storage $ = _getGovernorStorage();
-        uint256 proposalId = hashProposal(targets, values, calldatas, descriptionHash);
+        uint256 proposalId = getProposalId(targets, values, calldatas, descriptionHash);
 
         _validateStateBitmap(
             proposalId,

contracts/governance/extensions/GovernorSequentialProposalIdUpgradeable.sol

@@ -0,0 +1,98 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.20;
+
+import {GovernorUpgradeable} from "../GovernorUpgradeable.sol";
+import {Initializable} from "../../proxy/utils/Initializable.sol";
+
+/**
+ * @dev Extension of {Governor} that changes the numbering of proposal ids from the default hash-based approach to
+ * sequential ids.
+ */
+abstract contract GovernorSequentialProposalIdUpgradeable is Initializable, GovernorUpgradeable {
+    /// @custom:storage-location erc7201:openzeppelin.storage.GovernorSequentialProposalId
+    struct GovernorSequentialProposalIdStorage {
+        uint256 _latestProposalId;
+        mapping(uint256 proposalHash => uint256 proposalId) _proposalIds;
+    }
+
+    // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.GovernorSequentialProposalId")) - 1)) & ~bytes32(uint256(0xff))
+    bytes32 private constant GovernorSequentialProposalIdStorageLocation = 0x4b8c47b641115bbb755a0530712d89d8042b41728d36570a6119c90ae1b76800;
+
+    function _getGovernorSequentialProposalIdStorage() private pure returns (GovernorSequentialProposalIdStorage storage $) {
+        assembly {
+            $.slot := GovernorSequentialProposalIdStorageLocation
+        }
+    }
+
+    /**
+     * @dev The {latestProposalId} may only be initialized if it hasn't been set yet
+     * (through initialization or the creation of a proposal).
+     */
+    error GovernorAlreadyInitializedLatestProposalId();
+
+    function __GovernorSequentialProposalId_init() internal onlyInitializing {
+    }
+
+    function __GovernorSequentialProposalId_init_unchained() internal onlyInitializing {
+    }
+    /**
+     * @dev See {IGovernor-getProposalId}.
+     */
+    function getProposalId(
+        address[] memory targets,
+        uint256[] memory values,
+        bytes[] memory calldatas,
+        bytes32 descriptionHash
+    ) public view virtual override returns (uint256) {
+        GovernorSequentialProposalIdStorage storage $ = _getGovernorSequentialProposalIdStorage();
+        uint256 proposalHash = hashProposal(targets, values, calldatas, descriptionHash);
+        uint256 storedProposalId = $._proposalIds[proposalHash];
+        if (storedProposalId == 0) {
+            revert GovernorNonexistentProposal(0);
+        }
+        return storedProposalId;
+    }
+
+    /**
+     * @dev Returns the latest proposal id. A return value of 0 means no proposals have been created yet.
+     */
+    function latestProposalId() public view virtual returns (uint256) {
+        GovernorSequentialProposalIdStorage storage $ = _getGovernorSequentialProposalIdStorage();
+        return $._latestProposalId;
+    }
+
+    /**
+     * @dev See {IGovernor-_propose}.
+     * Hook into the proposing mechanism to increment proposal count.
+     */
+    function _propose(
+        address[] memory targets,
+        uint256[] memory values,
+        bytes[] memory calldatas,
+        string memory description,
+        address proposer
+    ) internal virtual override returns (uint256) {
+        GovernorSequentialProposalIdStorage storage $ = _getGovernorSequentialProposalIdStorage();
+        uint256 proposalHash = hashProposal(targets, values, calldatas, keccak256(bytes(description)));
+        uint256 storedProposalId = $._proposalIds[proposalHash];
+        if (storedProposalId == 0) {
+            $._proposalIds[proposalHash] = ++$._latestProposalId;
+        }
+        return super._propose(targets, values, calldatas, description, proposer);
+    }
+
+    /**
+     * @dev Internal function to set the {latestProposalId}. This function is helpful when transitioning
+     * from another governance system. The next proposal id will be `newLatestProposalId` + 1.
+     *
+     * May only call this function if the current value of {latestProposalId} is 0.
+     */
+    function _initializeLatestProposalId(uint256 newLatestProposalId) internal virtual {
+        GovernorSequentialProposalIdStorage storage $ = _getGovernorSequentialProposalIdStorage();
+        if ($._latestProposalId != 0) {
+            revert GovernorAlreadyInitializedLatestProposalId();
+        }
+        $._latestProposalId = newLatestProposalId;
+    }
+}

contracts/mocks/WithInit.sol

@@ -490,6 +490,13 @@ contract GovernorPreventLateQuorumMockUpgradeableWithInit is GovernorPreventLate
         __GovernorPreventLateQuorumMock_init(quorum_);
     }
 }
+import "./governance/GovernorSequentialProposalIdMockUpgradeable.sol";
+
+contract GovernorSequentialProposalIdMockUpgradeableWithInit is GovernorSequentialProposalIdMockUpgradeable {
+    constructor() payable initializer {
+        __GovernorSequentialProposalIdMock_init();
+    }
+}
 import "./governance/GovernorStorageMockUpgradeable.sol";
 
 contract GovernorStorageMockUpgradeableWithInit is GovernorStorageMockUpgradeable {

contracts/mocks/governance/GovernorSequentialProposalIdMockUpgradeable.sol

@@ -0,0 +1,45 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.20;
+
+import {GovernorUpgradeable} from "../../governance/GovernorUpgradeable.sol";
+import {GovernorSettingsUpgradeable} from "../../governance/extensions/GovernorSettingsUpgradeable.sol";
+import {GovernorCountingSimpleUpgradeable} from "../../governance/extensions/GovernorCountingSimpleUpgradeable.sol";
+import {GovernorVotesQuorumFractionUpgradeable} from "../../governance/extensions/GovernorVotesQuorumFractionUpgradeable.sol";
+import {GovernorSequentialProposalIdUpgradeable} from "../../governance/extensions/GovernorSequentialProposalIdUpgradeable.sol";
+import {Initializable} from "../../proxy/utils/Initializable.sol";
+
+abstract contract GovernorSequentialProposalIdMockUpgradeable is
+    Initializable, GovernorSettingsUpgradeable,
+    GovernorVotesQuorumFractionUpgradeable,
+    GovernorCountingSimpleUpgradeable,
+    GovernorSequentialProposalIdUpgradeable
+{
+    function __GovernorSequentialProposalIdMock_init() internal onlyInitializing {
+    }
+
+    function __GovernorSequentialProposalIdMock_init_unchained() internal onlyInitializing {
+    }
+    function proposalThreshold() public view override(GovernorUpgradeable, GovernorSettingsUpgradeable) returns (uint256) {
+        return super.proposalThreshold();
+    }
+
+    function getProposalId(
+        address[] memory targets,
+        uint256[] memory values,
+        bytes[] memory calldatas,
+        bytes32 descriptionHash
+    ) public view virtual override(GovernorUpgradeable, GovernorSequentialProposalIdUpgradeable) returns (uint256) {
+        return super.getProposalId(targets, values, calldatas, descriptionHash);
+    }
+
+    function _propose(
+        address[] memory targets,
+        uint256[] memory values,
+        bytes[] memory calldatas,
+        string memory description,
+        address proposer
+    ) internal virtual override(GovernorUpgradeable, GovernorSequentialProposalIdUpgradeable) returns (uint256 proposalId) {
+        return super._propose(targets, values, calldatas, description, proposer);
+    }
+}

contracts/token/ERC20/extensions/ERC4626Upgradeable.sol

@@ -136,8 +136,7 @@ abstract contract ERC4626Upgradeable is Initializable, ERC20Upgradeable, IERC462
 
     /** @dev See {IERC4626-totalAssets}. */
     function totalAssets() public view virtual returns (uint256) {
-        ERC4626Storage storage $ = _getERC4626Storage();
-        return $._asset.balanceOf(address(this));
+        return IERC20(asset()).balanceOf(address(this));
     }
 
     /** @dev See {IERC4626-convertToShares}. */
@@ -260,15 +259,14 @@ abstract contract ERC4626Upgradeable is Initializable, ERC20Upgradeable, IERC462
      * @dev Deposit/mint common workflow.
      */
     function _deposit(address caller, address receiver, uint256 assets, uint256 shares) internal virtual {
-        ERC4626Storage storage $ = _getERC4626Storage();
-        // If _asset is ERC-777, `transferFrom` can trigger a reentrancy BEFORE the transfer happens through the
+        // If asset() is ERC-777, `transferFrom` can trigger a reentrancy BEFORE the transfer happens through the
         // `tokensToSend` hook. On the other hand, the `tokenReceived` hook, that is triggered after the transfer,
         // calls the vault, which is assumed not malicious.
         //
         // Conclusion: we need to do the transfer before we mint so that any reentrancy would happen before the
         // assets are transferred and before the shares are minted, which is a valid state.
         // slither-disable-next-line reentrancy-no-eth
-        SafeERC20.safeTransferFrom($._asset, caller, address(this), assets);
+        SafeERC20.safeTransferFrom(IERC20(asset()), caller, address(this), assets);
         _mint(receiver, shares);
 
         emit Deposit(caller, receiver, assets, shares);
@@ -284,19 +282,18 @@ abstract contract ERC4626Upgradeable is Initializable, ERC20Upgradeable, IERC462
         uint256 assets,
         uint256 shares
     ) internal virtual {
-        ERC4626Storage storage $ = _getERC4626Storage();
         if (caller != owner) {
             _spendAllowance(owner, caller, shares);
         }
 
-        // If _asset is ERC-777, `transfer` can trigger a reentrancy AFTER the transfer happens through the
+        // If asset() is ERC-777, `transfer` can trigger a reentrancy AFTER the transfer happens through the
         // `tokensReceived` hook. On the other hand, the `tokensToSend` hook, that is triggered before the transfer,
         // calls the vault, which is assumed not malicious.
         //
         // Conclusion: we need to do the transfer after the burn so that any reentrancy would happen after the
         // shares are burned and after the assets are transferred, which is a valid state.
         _burn(owner, shares);
-        SafeERC20.safeTransfer($._asset, receiver, assets);
+        SafeERC20.safeTransfer(IERC20(asset()), receiver, assets);
 
         emit Withdraw(caller, receiver, owner, assets, shares);
     }

docs/modules/ROOT/pages/access-control.adoc

@@ -24,7 +24,7 @@ WARNING: Removing the owner altogether will mean that administrative tasks that
 
 Ownable is a simple and effective way to implement access control, but you should be mindful of the dangers associated with transferring the ownership to an incorrect account that can't interact with this contract anymore. An alternative to this problem is using xref:api:access.adoc#Ownable2Step[`Ownable2Step`]; a variant of Ownable that requires the new owner to explicitly accept the ownership transfer by calling xref:api:access.adoc#Ownable2Step-acceptOwnership--[`acceptOwnership`].
 
-Note that *a contract can also be the owner of another one*! This opens the door to using, for example, a https://gnosis-safe.io[Gnosis Safe], an https://aragon.org[Aragon DAO], or a totally custom contract that _you_ create.
+Note that *a contract can also be the owner of another one*! This opens the door to using, for example, a https://safe.global[Gnosis Safe], an https://aragon.org[Aragon DAO], or a totally custom contract that _you_ create.
 
 In this way, you can use _composability_ to add additional layers of access control complexity to your contracts. Instead of having a single regular Ethereum account (Externally Owned Account, or EOA) as the owner, you could use a 2-of-3 multisig run by your project leads, for example. Prominent projects in the space, such as https://makerdao.com[MakerDAO], use systems similar to this one.
 

docs/modules/ROOT/pages/index.adoc

@@ -63,7 +63,7 @@ The guides in the sidebar will teach about different concepts, and how to use th
 
 The xref:api:token/ERC20.adoc[full API] is also thoroughly documented, and serves as a great reference when developing your smart contract application. You can also ask for help or follow Contracts' development in the https://forum.openzeppelin.com[community forum].
 
-Finally, you may want to take a look at the https://blog.openzeppelin.com/guides/[guides on our blog], which cover several common use cases and good practices. The following articles provide great background reading, though please note, some of the referenced tools have changed as the tooling in the ecosystem continues to rapidly evolve.
+The following articles provide great background reading, though please note, some of the referenced tools have changed as the tooling in the ecosystem continues to rapidly evolve.
 
 * https://blog.openzeppelin.com/the-hitchhikers-guide-to-smart-contracts-in-ethereum-848f08001f05[The Hitchhiker’s Guide to Smart Contracts in Ethereum] will help you get an overview of the various tools available for smart contract development, and help you set up your environment.
 * https://blog.openzeppelin.com/a-gentle-introduction-to-ethereum-programming-part-1-783cc7796094[A Gentle Introduction to Ethereum Programming, Part 1] provides very useful information on an introductory level, including many basic concepts from the Ethereum platform.

fv-requirements.txt

@@ -1,4 +1,4 @@
 certora-cli==4.13.1
 # File uses a custom name (fv-requirements.txt) so that it isn't picked by Netlify's build
 # whose latest Python version is 0.3.8, incompatible with most recent versions of Halmos
-halmos==0.2.0
+halmos==0.2.3

hardhat/common-contracts.js

@@ -0,0 +1,31 @@
+const { task } = require('hardhat/config');
+const { TASK_TEST_SETUP_TEST_ENVIRONMENT } = require('hardhat/builtin-tasks/task-names');
+const { setCode } = require('@nomicfoundation/hardhat-network-helpers');
+
+const fs = require('fs');
+const path = require('path');
+
+const INSTANCES = {
+  entrypoint: {
+    address: '0x0000000071727De22E5E9d8BAf0edAc6f37da032',
+    abi: JSON.parse(fs.readFileSync(path.resolve(__dirname, '../test/bin/EntryPoint070.abi'), 'utf-8')),
+    bytecode: fs.readFileSync(path.resolve(__dirname, '../test/bin/EntryPoint070.bytecode'), 'hex'),
+  },
+  senderCreator: {
+    address: '0xEFC2c1444eBCC4Db75e7613d20C6a62fF67A167C',
+    abi: JSON.parse(fs.readFileSync(path.resolve(__dirname, '../test/bin/SenderCreator070.abi'), 'utf-8')),
+    bytecode: fs.readFileSync(path.resolve(__dirname, '../test/bin/SenderCreator070.bytecode'), 'hex'),
+  },
+};
+
+task(TASK_TEST_SETUP_TEST_ENVIRONMENT).setAction((_, env, runSuper) =>
+  runSuper().then(() =>
+    Promise.all(
+      Object.entries(INSTANCES).map(([name, { address, abi, bytecode }]) =>
+        setCode(address, '0x' + bytecode.replace(/0x/, '')).then(() =>
+          env.ethers.getContractAt(abi, address).then(instance => (env[name] = instance)),
+        ),
+      ),
+    ),
+  ),
+);