Rebase Bridging about to be completed

Author: Logic-gate-sys

.gitignore

@@ -11,4 +11,4 @@ out/
 docs/
 
 # Dotenv file
-.env
+.env

.gitmodules

@@ -4,3 +4,6 @@
 [submodule "lib/openzeppelin-contracts"]
 	path = lib/openzeppelin-contracts
 	url = https://github.com/openzeppelin/openzeppelin-contracts
+[submodule "lib/ccip"]
+	path = lib/ccip
+	url = https://github.com/smartcontractkit/ccip

README.md

@@ -31,4 +31,9 @@ Incentivizing Early Adopters: This design directly rewards early users. Because
 
 Handling Subsequent Deposits: If an existing user makes additional deposits at a later time, those new deposits would likely accrue interest based on the (potentially lower) global interest rate prevailing at the time of the new deposit. The exact mechanics for handling multiple deposits from the same user and their associated rates will be detailed during contract implementation.
 
-Conceptual Source of Yield: While the underlying assets in the Vault could theoretically be deployed in various DeFi strategies (e.g., staking, lending, liquidity provision) to generate yield, for this initial version, the "interest" is primarily a function of the rebase mechanism itself, designed to increase token adoption by directly rewarding token holders with more tokens.
+Conceptual Source of Yield: While the underlying assets in the Vault could theoretically be deployed in various DeFi strategies (e.g., staking, lending, liquidity provision) to generate yield, for this initial version, the "interest" is primarily a function of the rebase mechanism itself, designed to increase token adoption by directly rewarding token holders with more tokens.
+
+
+---------------- Vulnerabilities identified --------------------------------------------
+1.  When user deposit and amount and comes back to deposite another amount, their intial interest rate is applied instead of the recent adjusted interest rate. : this gives early adopters insane amount of benefit
+2. Because interest is derived by multiplying with the growth factor and the balanceOf(), it compounds rather than accumulating linearly

foundry.toml

@@ -4,6 +4,12 @@ out = "out"
 libs = ["lib"]
 
 remappings = [
-    "@openzeppelin/=lib/openzeppelin-contracts/"
+    "@openzeppelin/=lib/openzeppelin-contracts/",
+    '@ccip/=lib/ccip/'
 ]
+[fuzz]
+run=250
 # See more config options https://github.com/foundry-rs/foundry/blob/master/crates/config/README.md#all-options
+
+
+    

lib/ccip

@@ -0,0 +1,3 @@
+// remappings.txt
+@openzeppelin/=lib/openzeppelin-contracts/
+@ccip/=lib/ccip/

remapping.txt

@@ -172,11 +172,7 @@ contract RebaseToken is ERC20, Ownable, AccessControl {
      * @param _user The address of the user.
      * @return  The growth factor, scaled by PRECISION_FACTOR. (e.g., 1.05x growth is 1.05 * 1e18)
      */
-    function _calculateUserAccumulatedInterestSinceLastUpdate(address _user)
-        internal
-        view
-        returns (uint256)
-    {
+    function _calculateUserAccumulatedInterestSinceLastUpdate(address _user) internal view returns (uint256) {
         uint256 timeElapsed = block.timestamp - s_userLastTimestamp[_user];
         if (timeElapsed == 0 || s_userInterestRate[_user] == 0) {
             return PRECISION_FACTOR;
@@ -190,14 +186,8 @@ contract RebaseToken is ERC20, Ownable, AccessControl {
     }
 
     //------------- getters, views and pure functions ---------------------------------------
-    /**
-     * @notice Gets the locked-in interest rate for a specific user.
-     * @param _user The address of the user.
-     * @return The user's specific interest rate.
-     */
-    function getUserInterestRate(address _user) external view returns (uint256) {
-        return s_userInterestRate[_user];
-    }
+    
+  
 
     /**
      * @notice Gets the principle balance of a user (tokens actually minted to them), excluding any accrued interest.
@@ -215,4 +205,9 @@ contract RebaseToken is ERC20, Ownable, AccessControl {
     function getInterestRate() public view returns (uint256) {
         return s_interestRate;
     }
+
+    //get user's interets rate 
+    function getUserInterestRate(address _user) external returns (uint256){
+        return s_userInterestRate[_user];
+    }
 }

src/RebaseToken.sol

@@ -0,0 +1,72 @@
+//SPDX-License-Identifier:MIT
+pragma solidity^0.8.24;
+
+import {TokenPool} from "@ccip/contracts/src/v0.8/ccip/pools/TokenPool.sol";
+import {IERC20} from "@ccip/contracts/src/v0.8/vendor/openzeppelin-solidity/v4.8.3/contracts/token/ERC20/IERC20.sol";
+import {IRebaseToken} from "./interfaces/IRebaseToken.sol"; // Adjust path if your interface is elsewhere
+import {Pool} from "@ccip/contracts/src/v0.8/ccip/libraries/Pool.sol"; // For CCIP structs
+
+contract RebaseTokenPool is TokenPool{
+    
+  /*** The TokenPool base constructor requires:
+    * @_token: The address of the rebase token this pool will manage.
+    * @
+    * @localTokenDecimals: The decimals of the token. Here, it's hardcoded to 18.
+    * @
+    * @_allowlist: An array of addresses permitted to send tokens through this pool.
+    * @
+    * @_rnmProxy: The address of the CCIP Risk Management Network (RMN) proxy.
+    * @
+    * @_router: The address of the CCIP router contract.
+   */
+  constructor (
+    IERC20 _token,
+    address[] memory _allowList,
+    address i_rmnProxy,
+    address _router
+  )TokenPool(_token,_allowList,i_rmnProxy,_router){
+    //constructor body
+  }
+
+
+  // lockorburn function to process burning upon transfering
+  function lockOrBurn(Pool.LockOrBurnInV1 calldata lockOrBurnIn) external returns (Pool.LockOrBurnOutV1 memory lockOrBurnOut) {
+        _validateLockOrBurn(lockOrBurnIn);
+        // Decode the original sender's address
+        address originalSender = abi.decode(lockOrBurnIn.originalSender, (address));
+        
+        // Fetch the user's current interest rate from the rebase token
+        uint256 userInterestRate = IRebaseToken(address(i_token)).getUserInterestRate(originalSender);
+        // Burn the specified amount of tokens from this pool contract
+        // CCIP transfers tokens to the pool before lockOrBurn is called
+        IRebaseToken(address(i_token)).burn(address(this), lockOrBurnIn.amount);
+        // Prepare the output data for CCIP
+        lockOrBurnOut = Pool.LockOrBurnOutV1({
+            destTokenAddress: getRemoteToken(lockOrBurnIn.remoteChainSelector),
+            destPoolData: abi.encode(userInterestRate) // Encode the interest rate to send cross-chain
+        });
+        // No explicit return statement is needed due to the named return variable
+    }
+
+    // when tokens are beign receive on the chain where this RebaseTokenPool is deployed
+    function releaseOrMint(
+        Pool.ReleaseOrMintInV1 calldata releaseOrMintIn
+    ) external override returns (Pool.ReleaseOrMintOutV1 memory /* releaseOrMintOut */) { // Named return optional
+        _validateReleaseOrMint(releaseOrMintIn);
+        // Decode the user interest rate sent from the source pool
+        uint256 userInterestRate = abi.decode(releaseOrMintIn.sourcePoolData, (uint256));
+        
+        // The receiver address is directly available
+        address receiver = releaseOrMintIn.receiver;
+        // Mint tokens to the receiver, applying the propagated interest rate
+        IRebaseToken(address(i_token)).mint(
+            receiver,
+            releaseOrMintIn.amount,
+            userInterestRate // Pass the interest rate to the rebase token's mint function
+        );
+        return Pool.ReleaseOrMintOutV1({
+            destinationAmount: releaseOrMintIn.amount
+        });
+    }
+
+}

src/RebaseTokenPool.sol

@@ -30,8 +30,8 @@ contract Vault {
             revert Vault_NotEthSent();
         }
         //  give mint
-        i_rebaseToken.mint(msg.sender, amountToDeposite); yui
-        
+        i_rebaseToken.mint(msg.sender, amountToDeposite);
+
         emit Vault_EthDeposited(msg.sender, amountToDeposite);
     }
 
@@ -40,21 +40,22 @@ contract Vault {
      * @param _amount The amount of RebaseTokens to redeem.
      * @dev Follows Checks-Effects-Interactions pattern. Uses low-level .call for ETH transfer.
      */
-     function redeem(uint256 _amount) public {
+    function redeem(uint256 _amount) public {
         // burn token amount to be redeemed
         i_rebaseToken.burn(msg.sender, _amount);
-        //transfer token to user 
-        (bool success,)= payable(msg.sender).call{value:_amount}("");
-        if(!success){
+        //transfer token to user
+        (bool success,) = payable(msg.sender).call{value: _amount}("");
+        if (!success) {
             revert Vault_TransferFailed();
         }
-        // emit event 
+        // emit event
         emit Vault_EthRedeemed(msg.sender, _amount);
-     }
+    }
     // ------------ receiver ------------------
     /**
      * @notice if Eth is sent to the contract without function call
      */
+
     receive() external payable {} // when raw Eth is sent to the contract
 
     /**

src/Vault.sol

@@ -8,7 +8,7 @@ interface IRebaseToken {
      * @param _to The address to mint tokens to.
      * @param _amount The amount of tokens to mint.
      */
-    function mint(address _to, uint256 _amount) external;  
+    function mint(address _to, uint256 _amount) external;
     /**
      * @notice Burns tokens from a specified address.
      * @param _from The address to burn tokens from.
@@ -17,4 +17,4 @@ interface IRebaseToken {
     function burn(address _from, uint256 _amount) external;
     // Note: We only include functions that the Vault contract will call.
     // Other functions from the actual RebaseToken.sol are not needed here.
-}
+}