feat(contracts): implement ERC20Votes policy

Author: ctrlc03

packages/contracts/contracts/extensions/erc20votes/ERC20VotesChecker.sol

@@ -0,0 +1,53 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.20;
+
+import {IVotes} from "@openzeppelin/contracts/governance/utils/IVotes.sol";
+
+import {BaseChecker} from "../../checker/BaseChecker.sol";
+
+/// @title ERC20VotesChecker
+/// @notice ERC20Votes validator.
+/// @dev Extends BaseChecker to implement ERC20Votes validation logic.
+contract ERC20VotesChecker is BaseChecker {
+    /// @notice the token to check
+    IVotes public token;
+
+    /// @notice the snapshot block
+    uint256 public snapshotBlock;
+
+    /// @notice the threshold
+    uint256 public threshold;
+
+    /// @notice the balance is too low
+    error BalanceTooLow();
+
+    /// @notice Initializes the contract.
+    function _initialize() internal override {
+        super._initialize();
+
+        bytes memory data = _getAppendedBytes();
+        (address _token, uint256 _snapshotBlock, uint256 _threshold) = abi.decode(data, (address, uint256, uint256));
+
+        token = IVotes(_token);
+        snapshotBlock = _snapshotBlock;
+        threshold = _threshold;
+    }
+
+    /// @notice Returns true for everycall.
+    /// @param subject Address to validate.
+    /// @param evidence Encoded data used for validation.
+    /// @return Boolean indicating whether the subject passes the check.
+    function _check(address subject, bytes calldata evidence) internal view override returns (bool) {
+        super._check(subject, evidence);
+
+        // get the token balance at the snapshot block
+        uint256 balance = token.getPastVotes(subject, snapshotBlock);
+
+        // check if the balance is enough
+        if (balance <= threshold) {
+            revert BalanceTooLow();
+        }
+
+        return true;
+    }
+}

packages/contracts/contracts/extensions/erc20votes/ERC20VotesCheckerFactory.sol

@@ -0,0 +1,21 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.20;
+
+import {Factory} from "../../proxy/Factory.sol";
+import {ERC20VotesChecker} from "./ERC20VotesChecker.sol";
+
+/// @title ERC20VotesCheckerFactory
+/// @notice Factory contract for deploying minimal proxy instances of ERC20VotesChecker.
+/// @dev Simplifies deployment of ERC20VotesChecker clones with appended configuration data.
+contract ERC20VotesCheckerFactory is Factory {
+    /// @notice Initializes the factory with the ERC20VotesChecker implementation.
+    constructor() Factory(address(new ERC20VotesChecker())) {}
+
+    /// @notice Deploys a new ERC20VotesChecker clone.
+    function deploy(address _token, uint256 _snapshotBlock, uint256 _threshold) public {
+        bytes memory data = abi.encode(_token, _snapshotBlock, _threshold);
+        address clone = super._deploy(data);
+
+        ERC20VotesChecker(clone).initialize();
+    }
+}

packages/contracts/contracts/extensions/erc20votes/ERC20VotesPolicy.sol

@@ -0,0 +1,35 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.20;
+
+import {BasePolicy} from "../../policy/BasePolicy.sol";
+
+/// @title ERC20VotesPolicy
+/// @notice A policy which allows anyone with a token balance > 0
+/// at snapshot time to sign up.
+contract ERC20VotesPolicy is BasePolicy {
+    /// @notice Store the addreses that have been enforced
+    mapping(address => bool) public enforcedUsers;
+
+    /// @notice Create a new instance of ERC20VotesPolicy
+    // solhint-disable-next-line no-empty-blocks
+    constructor() payable {}
+
+    /// @notice Enforce a user based on their token balance
+    /// @dev Throw if the token balance is not valid or just complete silently
+    /// @param subject The user's Ethereum address.
+    function _enforce(address subject, bytes calldata evidence) internal override {
+        if (enforcedUsers[subject]) {
+            revert AlreadyEnforced();
+        }
+
+        enforcedUsers[subject] = true;
+
+        super._enforce(subject, evidence);
+    }
+
+    /// @notice Get the trait of the Policy
+    /// @return The type of the Policy
+    function trait() public pure override returns (string memory) {
+        return "ERC20Votes";
+    }
+}

packages/contracts/contracts/extensions/erc20votes/ERC20VotesPolicyFactory.sol

@@ -0,0 +1,24 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.20;
+
+import {Factory} from "../../proxy/Factory.sol";
+import {ERC20VotesPolicy} from "./ERC20VotesPolicy.sol";
+
+/// @title ERC20VotesPolicyFactory
+/// @notice Factory contract for deploying minimal proxy instances of ERC20VotesPolicy.
+/// @dev Simplifies deployment of ERC20VotesPolicy clones with appended configuration data.
+contract ERC20VotesPolicyFactory is Factory {
+    /// @notice Initializes the factory with the ERC20VotesPolicy implementation.
+    constructor() Factory(address(new ERC20VotesPolicy())) {}
+
+    /// @notice Deploys a new ERC20VotesPolicy clone with the specified checker address.
+    /// @dev Encodes the checker address and caller as configuration data for the clone.
+    /// @param _checkerAddress Address of the checker to use for validation.
+    function deploy(address _checkerAddress) public {
+        bytes memory data = abi.encode(msg.sender, _checkerAddress);
+
+        address clone = super._deploy(data);
+
+        ERC20VotesPolicy(clone).initialize();
+    }
+}

packages/contracts/contracts/test/extensions/mocks/MockERC20Votes.sol

@@ -0,0 +1,18 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.20;
+
+import {ERC20} from "@openzeppelin/contracts/token/ERC20/ERC20.sol";
+
+/// @title MockERC20Votes
+/// @notice A mock ERC20Votes contract
+contract MockERC20Votes is ERC20 {
+    constructor(string memory name_, string memory symbol_) ERC20(name_, symbol_) {
+        _mint(msg.sender, 100e18);
+    }
+
+    /// @notice Get the past votes for an account
+    /// @return The past votes for the account
+    function getPastVotes(address subject, uint256) public view returns (uint256) {
+        return balanceOf(subject);
+    }
+}

packages/contracts/test/extensions/ERC20Votes.test.ts

@@ -0,0 +1,114 @@
+import { expect } from "chai"
+import { AbiCoder, Signer, ZeroAddress } from "ethers"
+import { ethers } from "hardhat"
+
+import {
+    ERC20VotesPolicy__factory as ERC20VotesPolicyFactory,
+    ERC20VotesPolicy,
+    MockERC20Votes,
+    ERC20VotesChecker,
+    ERC20VotesChecker__factory as ERC20VotesCheckerFactory
+} from "../../typechain-types"
+
+describe("ERC20Votes", () => {
+    let policy: ERC20VotesPolicy
+    let checker: ERC20VotesChecker
+    let mockERC20Votes: MockERC20Votes
+    let deployer: Signer
+    let subject: Signer
+    let target: Signer
+    let notSubject: Signer
+
+    const snapshotBlock = 1n
+    const threshold = 5n
+
+    before(async () => {
+        ;[deployer, subject, target, notSubject] = await ethers.getSigners()
+
+        const MockERC20VotesFactory = await ethers.getContractFactory("MockERC20Votes")
+        mockERC20Votes = await MockERC20VotesFactory.connect(deployer).deploy("MockERC20Votes", "MKV")
+        const mockERC20VotesAddress = await mockERC20Votes.getAddress()
+
+        await mockERC20Votes.transfer(await subject.getAddress(), threshold + 1n)
+        await mockERC20Votes.transfer(await notSubject.getAddress(), threshold - 1n)
+
+        const CheckerFactory = await ethers.getContractFactory("ERC20VotesCheckerFactory")
+        const checkerFactory = await CheckerFactory.connect(deployer).deploy()
+
+        const PolicyFactory = await ethers.getContractFactory("ERC20VotesPolicyFactory")
+        const policyFactory = await PolicyFactory.connect(deployer).deploy()
+
+        const checkerTx = await checkerFactory.deploy(mockERC20VotesAddress, snapshotBlock, threshold)
+        const checkerReceipt = await checkerTx.wait()
+
+        const checkerDeployEvent = CheckerFactory.interface.parseLog(
+            checkerReceipt?.logs[0] as unknown as { topics: string[]; data: string }
+        ) as unknown as {
+            args: {
+                clone: string
+            }
+        }
+
+        const policyTx = await policyFactory.deploy(checkerDeployEvent.args.clone)
+        const policyReceipt = await policyTx.wait()
+        const policyEvent = PolicyFactory.interface.parseLog(
+            policyReceipt?.logs[0] as unknown as { topics: string[]; data: string }
+        ) as unknown as {
+            args: {
+                clone: string
+            }
+        }
+
+        policy = ERC20VotesPolicyFactory.connect(policyEvent.args.clone, deployer)
+        checker = ERC20VotesCheckerFactory.connect(checkerDeployEvent.args.clone, deployer)
+    })
+
+    describe("Deployment", () => {
+        it("should be deployed correctly", () => {
+            expect(policy).to.not.eq(undefined)
+        })
+    })
+
+    describe("Policy", () => {
+        it("should set guarded target correctly", async () => {
+            await policy.setTarget(target).then((tx) => tx.wait())
+
+            expect(await policy.guarded()).to.eq(target)
+        })
+
+        it("should return trait properly", async () => {
+            expect(await policy.trait()).to.eq("ERC20Votes")
+        })
+
+        it("should fail to set guarded target when the caller is not the owner", async () => {
+            await expect(policy.connect(notSubject).setTarget(target)).to.be.revertedWithCustomError(
+                policy,
+                "OwnableUnauthorizedAccount"
+            )
+        })
+
+        it("should fail to set guarded target when the target is not valid", async () => {
+            await expect(policy.setTarget(ZeroAddress)).to.be.revertedWithCustomError(policy, "ZeroAddress")
+        })
+
+        it("should enforce a user if the function is called with the valid data", async () => {
+            const tx = await policy.connect(target).enforce(subject, AbiCoder.defaultAbiCoder().encode([], []))
+
+            const receipt = await tx.wait()
+
+            expect(receipt?.status).to.eq(1)
+        })
+
+        it("should not enforce twice", async () => {
+            await expect(
+                policy.connect(target).enforce(subject, AbiCoder.defaultAbiCoder().encode([], []))
+            ).to.be.revertedWithCustomError(policy, "AlreadyEnforced")
+        })
+
+        it("should revert when the balance is too low", async () => {
+            await expect(
+                policy.connect(target).enforce(notSubject, AbiCoder.defaultAbiCoder().encode([], []))
+            ).to.be.revertedWithCustomError(checker, "BalanceTooLow")
+        })
+    })
+})