bgd-labs · sendra · Feb 12, 2024 · Feb 5, 2024 · Feb 5, 2024 · Feb 6, 2024
diff --git a/...0240205_before_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205_after.md b/...0240205_before_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205_after.md
@@ -0,0 +1,5 @@
+## Raw diff
+
+```json
+{}
+```
diff --git a/...troactiveBugBountyPreImmunefi/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.sol b/...troactiveBugBountyPreImmunefi/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.sol
@@ -0,0 +1,51 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+import {AaveV2Ethereum, AaveV2EthereumAssets} from 'aave-address-book/AaveV2Ethereum.sol';
+import {IProposalGenericExecutor} from 'aave-helpers/interfaces/IProposalGenericExecutor.sol';
+
+/**
+ * @title Retroactive Bug Bounty Pre-Immunefi
+ * @author BGD Labs @bgdlabs
+ * - Snapshot: https://snapshot.org/#/aave.eth/proposal/0xb707cff629af03eeaa44bbbb7e38def2907a53791eb16d472dac1d45fb5ec26b
+ * - Discussion: https://governance.aave.com/t/bgd-retroactive-bug-bounties-proposal-pre-immunefi/15989
+ */
+contract AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205 is IProposalGenericExecutor {
+  // Used for both bounties and Immunefi fees
+  struct Bounty {
+    address asset;
+    address recipient;
+    uint256 amount;
+  }
+
+  function execute() external {
+    Bounty[3] memory bounties = getBounties();
+    for (uint256 i = 0; i < bounties.length; i++) {
+      AaveV2Ethereum.COLLECTOR.transfer(
+        bounties[i].asset,
+        bounties[i].recipient,
+        bounties[i].amount
+      );
+    }
+  }
+
+  function getBounties() public pure returns (Bounty[3] memory) {
+    return [
+      Bounty({
+        asset: AaveV2EthereumAssets.USDC_A_TOKEN,
+        recipient: 0xFa760444A229e78A50Ca9b3779f4ce4CcE10E170,
+        amount: 65_000e6
+      }),
+      Bounty({
+        asset: AaveV2EthereumAssets.USDC_A_TOKEN,
+        recipient: 0x7dF98A6e1895fd247aD4e75B8EDa59889fa7310b,
+        amount: 15_000e6
+      }),
+      Bounty({
+        asset: AaveV2EthereumAssets.USDC_A_TOKEN,
+        recipient: 0x2BC5fFc5De1a83a9e4cDDfA138bAEd516D70414b,
+        amount: 6_500e6
+      })
+    ];
+  }
+}
diff --git a/...oactiveBugBountyPreImmunefi/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.t.sol b/...oactiveBugBountyPreImmunefi/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.t.sol
@@ -0,0 +1,70 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+import {AaveV3Ethereum} from 'aave-address-book/AaveV3Ethereum.sol';
+import {AaveV2Ethereum, AaveV2EthereumAssets} from 'aave-address-book/AaveV2Ethereum.sol';
+
+import {ProtocolV3TestBase} from 'aave-helpers/ProtocolV3TestBase.sol';
+import {IERC20} from 'solidity-utils/contracts/oz-common/interfaces/IERC20.sol';
+import {AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205} from './AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.sol';
+
+/**
+ * @dev Test for AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205
+ * command: make test-contract filter=AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205
+ */
+contract AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205_Test is ProtocolV3TestBase {
+  AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205 internal proposal;
+
+  function setUp() public {
+    vm.createSelectFork(vm.rpcUrl('mainnet'), 19162484);
+    proposal = new AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205();
+  }
+
+  /**
+   * @dev executes the generic test suite including e2e and config snapshots
+   */
+  function test_defaultProposalExecution() public {
+    defaultTest(
+      'AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205',
+      AaveV3Ethereum.POOL,
+      address(proposal)
+    );
+  }
+
+  function test_consistentBalances() public {
+    AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.Bounty[3] memory bounties = proposal
+      .getBounties();
+
+    uint256 TOTAL_AMOUNT = 86_500e6;
+
+    uint256[] memory balancesRecipientsBefore = new uint256[](3);
+    uint256 balanceCollectorBefore = IERC20(AaveV2EthereumAssets.USDC_A_TOKEN).balanceOf(
+      address(AaveV2Ethereum.COLLECTOR)
+    );
+
+    // Validate the Collector has enough aUSDC v3
+    assertGe(balanceCollectorBefore, TOTAL_AMOUNT);
+
+    for (uint256 i = 0; i < bounties.length; i++) {
+      balancesRecipientsBefore[i] = IERC20(AaveV2EthereumAssets.USDC_A_TOKEN).balanceOf(
+        bounties[i].recipient
+      );
+    }
+
+    executePayload(vm, address(proposal));
+
+    for (uint256 i = 0; i < bounties.length; i++) {
+      assertApproxEqAbs(
+        IERC20(AaveV2EthereumAssets.USDC_A_TOKEN).balanceOf(bounties[i].recipient),
+        balancesRecipientsBefore[i] + bounties[i].amount,
+        1
+      );
+    }
+
+    uint256 balanceCollectorAfter = IERC20(AaveV2EthereumAssets.USDC_A_TOKEN).balanceOf(
+      address(AaveV2Ethereum.COLLECTOR)
+    );
+    // Checking worst case scenario of 3 wei imprecision, but probabilistically pretty rare
+    assertApproxEqAbs(balanceCollectorAfter, balanceCollectorBefore - TOTAL_AMOUNT, 3);
+  }
+}
diff --git a/...veV3Ethereum_RetroactiveBugBountyPreImmunefi/RetroactiveBugBountyPreImmunefi.md b/...veV3Ethereum_RetroactiveBugBountyPreImmunefi/RetroactiveBugBountyPreImmunefi.md
@@ -0,0 +1,41 @@
+---
+title: "Retroactive Bug Bounty Pre-Immunefi"
+author: "BGD Labs @bgdlabs"
+discussions: "https://governance.aave.com/t/bgd-retroactive-bug-bounties-proposal-pre-immunefi/15989"
+snapshot: "https://snapshot.org/#/aave.eth/proposal/0xb707cff629af03eeaa44bbbb7e38def2907a53791eb16d472dac1d45fb5ec26b"
+---
+
+## Simple Summary
+
+Proposal to release a grand total of 86’500 USDC, for bounties pending from before the setup of the Aave <> Immunefi official bug bounty program.
+
+## Motivation
+
+Before the setup of the Aave <> Immunefi bug bounty program on [September 25th 2023](https://governance-v2.aave.com/governance/proposal/325/), security reports by white hats were evaluated in an ad-hoc basis.
+
+Currently, every report is being processed via Immunefi and the rules of the Aave program, however, there were other reports submitted via other channel before that. As these reports should be evaluated at time of submission for fairness, and outside of the Immunefi scope defined afterwards, we think it is a good idea to reward them separately and retro-actively outside the program.
+
+In one of the cases, we had recommended the white hat to submit the report via Immunefi, in order to have access to the mediation procedure of the platform. As this mediation process was finally requested by the white hat, Immunefi charges the corresponding fee of 10% of the amount.
+
+## Specification
+
+This proposal, will release the following funds to white-hat addresses and the Immunefi platform, from the Aave Ethereum Collector:
+
+- $65’000 to `0xFa760444A229e78A50Ca9b3779f4ce4CcE10E170`.
+
+- $15’000 to `0x7dF98A6e1895fd247aD4e75B8EDa59889fa7310b`.
+
+- $6'500 to `0x2BC5fFc5De1a83a9e4cDDfA138bAEd516D70414b` (immunefi.eth). This is the fee corresponding to the 10% of the bounty being paid.
+
+_Note: After checking with a financial contributor to the DAO (TokenLogic & Karpatkey), the asset used for the transfers is aUSDC v2 Ethereum_
+
+## References
+
+- Implementation: [AaveV3Ethereum](https://github.com/bgd-labs/aave-proposals-v3/blob/main/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.sol)
+- Tests: [AaveV3Ethereum](https://github.com/bgd-labs/aave-proposals-v3/blob/main/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.t.sol)
+- [Snapshot](https://snapshot.org/#/aave.eth/proposal/0xb707cff629af03eeaa44bbbb7e38def2907a53791eb16d472dac1d45fb5ec26b)
+- [Discussion](https://governance.aave.com/t/bgd-retroactive-bug-bounties-proposal-pre-immunefi/15989)
+
+## Copyright
+
+Copyright and related rights waived via [CC0](https://creativecommons.org/publicdomain/zero/1.0/).
diff --git a/...V3Ethereum_RetroactiveBugBountyPreImmunefi/RetroactiveBugBountyPreImmunefi_20240205.s.sol b/...V3Ethereum_RetroactiveBugBountyPreImmunefi/RetroactiveBugBountyPreImmunefi_20240205.s.sol
@@ -0,0 +1,58 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+import {GovV3Helpers, IPayloadsControllerCore, PayloadsControllerUtils} from 'aave-helpers/GovV3Helpers.sol';
+import {EthereumScript} from 'aave-helpers/ScriptUtils.sol';
+import {AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205} from './AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205.sol';
+
+/**
+ * @dev Deploy Ethereum
+ * deploy-command: make deploy-ledger contract=src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/RetroactiveBugBountyPreImmunefi_20240205.s.sol:DeployEthereum chain=mainnet
+ * verify-command: npx catapulta-verify -b broadcast/RetroactiveBugBountyPreImmunefi_20240205.s.sol/1/run-latest.json
+ */
+contract DeployEthereum is EthereumScript {
+  function run() external broadcast {
+    // deploy payloads
+    address payload0 = GovV3Helpers.deployDeterministic(
+      type(AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205).creationCode
+    );
+
+    // compose action
+    IPayloadsControllerCore.ExecutionAction[]
+      memory actions = new IPayloadsControllerCore.ExecutionAction[](1);
+    actions[0] = GovV3Helpers.buildAction(payload0);
+
+    // register action at payloadsController
+    GovV3Helpers.createPayload(actions);
+  }
+}
+
+/**
+ * @dev Create Proposal
+ * command: make deploy-ledger contract=src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/RetroactiveBugBountyPreImmunefi_20240205.s.sol:CreateProposal chain=mainnet
+ */
+contract CreateProposal is EthereumScript {
+  function run() external {
+    // create payloads
+    PayloadsControllerUtils.Payload[] memory payloads = new PayloadsControllerUtils.Payload[](1);
+
+    // compose actions for validation
+    IPayloadsControllerCore.ExecutionAction[]
+      memory actionsEthereum = new IPayloadsControllerCore.ExecutionAction[](1);
+    actionsEthereum[0] = GovV3Helpers.buildAction(
+      type(AaveV3Ethereum_RetroactiveBugBountyPreImmunefi_20240205).creationCode
+    );
+    payloads[0] = GovV3Helpers.buildMainnetPayload(vm, actionsEthereum);
+
+    // create proposal
+    vm.startBroadcast();
+    GovV3Helpers.createProposal(
+      vm,
+      payloads,
+      GovV3Helpers.ipfsHashFile(
+        vm,
+        'src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/RetroactiveBugBountyPreImmunefi.md'
+      )
+    );
+  }
+}
diff --git a/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/config.ts b/src/20240205_AaveV3Ethereum_RetroactiveBugBountyPreImmunefi/config.ts
@@ -0,0 +1,15 @@
+import {ConfigFile} from '../../generator/types';
+export const config: ConfigFile = {
+  rootOptions: {
+    pools: ['AaveV3Ethereum'],
+    title: 'Retroactive Bug Bounty Pre-Immunefi',
+    shortName: 'RetroactiveBugBountyPreImmunefi',
+    date: '20240205',
+    author: 'BGD Labs @bgdlabs',
+    discussion:
+      'https://governance.aave.com/t/bgd-retroactive-bug-bounties-proposal-pre-immunefi/15989',
+    snapshot:
+      'https://snapshot.org/#/aave.eth/proposal/0xb707cff629af03eeaa44bbbb7e38def2907a53791eb16d472dac1d45fb5ec26b',
+  },
+  poolOptions: {AaveV3Ethereum: {configs: {OTHERS: {}}, cache: {blockNumber: 19162484}}},
+};