ANY_COMPONENT

DEFAULT_ADMIN_ROLE

GUARDIAN_ROLE

LEVEL1_ROLE

LEVEL2_ROLE

LEVEL3_ROLE

component

role

account

alsoGlobal

checkComponentRole

role1

role2

checkComponentRole2

checkRole

checkRole2

getComponentRole

getRoleAdmin

grantComponentRole

grantRole

hasComponentRole

hasRole

initialize

proxiableUUID

renounceRole

revokeRole

adminRole

setComponentRoleAdmin

setRoleAdmin

interfaceId

supportsInterface

newImplementation

upgradeTo

data

upgradeToAndCall

previousAdmin

newAdmin

AdminChanged

beacon

BeaconUpgraded

version

Initialized

previousAdminRole

newAdminRole

RoleAdminChanged

sender

RoleGranted

RoleRevoked

implementation

Upgraded

// SPDX-License-Identifier: MIT
pragma solidity 0.8.16;

import {AccessControlUpgradeable} from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol";
import {Initializable} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
import {IAccessManager} from "./interfaces/IAccessManager.sol";

/**
 * @title AccessManager - Protocol access roles
 * @dev Contract that holds the access roles for PolicyPool and other components of the protocol.
 *
 * Roles can be delegated globally (traditional OZ's AccessControl) or per-component using component roles.
 *
 * Component roles are computed by doing a bitwise XOR between the component's address (padded to 32
 * bytes with zeros on the right) and the role's hash.
 *
 * For more details and examples see
 * https://docs.ensuro.co/product-docs/smart-contracts/contracts/accessmanager#component-roles
 *
 * [CAUTION]
 * ====
 * Avoid leaving a this contract without DEFAULT_ADMIN_ROLE.
 *
 * This contract includes the methods `revokeRole()` and `renounceRole()` that allow to revoke or renounce to
 * specific roles. Even when there are valid reasons to leave these methods (for example revoking the initial
 * DEFAULT_ADMIN_ROLE of the deployer account to leave just the governance account), it's good to mention these
 * methods have to be used with care, avoiding leaving the contract without any default admin.
 *
 * @custom:security-contact security@ensuro.co
 * @author Ensuro
 */
contract AccessManager is Initializable, AccessControlUpgradeable, UUPSUpgradeable, IAccessManager {
  // Core governance roles
  bytes32 public constant GUARDIAN_ROLE = keccak256("GUARDIAN_ROLE");
  bytes32 public constant LEVEL1_ROLE = keccak256("LEVEL1_ROLE");
  bytes32 public constant LEVEL2_ROLE = keccak256("LEVEL2_ROLE");
  bytes32 public constant LEVEL3_ROLE = keccak256("LEVEL3_ROLE");

  //
  /**
   * @notice Special address used for setting component-role admin for a specific role on any component.
   *
   * Note that granting component roles using this address has no meaning.
   */
  address public constant ANY_COMPONENT = address(0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE);

  /**
    @dev Modifier that checks if the caller has either role1 or role2.
    */
  modifier onlyRole2(bytes32 role1, bytes32 role2) {
    if (!hasRole(role1, _msgSender())) _checkRole(role2, _msgSender());
    _;
  }

  /**
    @dev Modifier that checks if the caller has admin access to the specific component-role.
    */
  modifier onlyComponentRoleAdmin(address component, bytes32 role) {
    require(component != address(0), "AccessManager: invalid address for component");
    require(
      // The caller has admin on this specific component-role
      hasRole(getRoleAdmin(getComponentRole(component, role)), _msgSender()) ||
        // or no admin was explicitly defined for this component-role combination and the caller has
        // admin for the role on any component
        (getRoleAdmin(getComponentRole(component, role)) == DEFAULT_ADMIN_ROLE &&
          hasRole(getRoleAdmin(getComponentRole(ANY_COMPONENT, role)), _msgSender())),
      "AccessManager: msg.sender needs componentRoleAdmin"
    );
    _;
  }

  /// @custom:oz-upgrades-unsafe-allow constructor
  constructor() {
    _disableInitializers();
  }

  function initialize() public initializer {
    __AccessControl_init();
    __UUPSUpgradeable_init();
    __AccessManager_init_unchained();
  }

  // solhint-disable-next-line func-name-mixedcase
  function __AccessManager_init_unchained() internal onlyInitializing {
    _setupRole(DEFAULT_ADMIN_ROLE, _msgSender());
  }

  // solhint-disable-next-line no-empty-blocks
  function _authorizeUpgrade(address) internal override onlyRole2(GUARDIAN_ROLE, LEVEL1_ROLE) {}

  /**
   * @dev See {IERC165-supportsInterface}.
   */
  function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
    return super.supportsInterface(interfaceId) || interfaceId == type(IAccessManager).interfaceId;
  }

  /**
   * @dev Computes a component role
   * @param component The component address
   * @param role The role to get
   * @return The component role
   */
  function getComponentRole(address component, bytes32 role) public pure override returns (bytes32) {
    return bytes32(bytes20(component)) ^ role;
  }

  /**
   * @dev Checks if an account has a component role
   * @param component The component address
   * @param role The role to check
   * @param account The account to check
   * @param alsoGlobal If true, check for the global role as well
   * @return Whether the account has the role
   */
  function hasComponentRole(
    address component,
    bytes32 role,
    address account,
    bool alsoGlobal
  ) public view override returns (bool) {
    return (alsoGlobal && hasRole(role, account)) || hasRole(getComponentRole(component, role), account);
  }

  /**
   * @dev Checks if an account has a component role and reverts if not
   * @param component The component address
   * @param role The role to check
   * @param account The account to check
   * @param alsoGlobal If true, check for the global role as well
   */
  function checkComponentRole(
    address component,
    bytes32 role,
    address account,
    bool alsoGlobal
  ) external view override {
    if (!alsoGlobal || !hasRole(role, account)) {
      _checkRole(getComponentRole(component, role), account);
    }
  }

  /**
   * @dev Checks if an account has either of the role1 or role2 component roles and reverts if not
   * @param component The component address
   * @param role1 The first role to check
   * @param role2 The second role to check
   * @param account The account to check
   * @param alsoGlobal If true, check for the global role as well
   */
  function checkComponentRole2(
    address component,
    bytes32 role1,
    bytes32 role2,
    address account,
    bool alsoGlobal
  ) external view override {
    if (alsoGlobal && hasRole(role1, account)) return;
    if (hasRole(getComponentRole(component, role1), account)) return;
    if (alsoGlobal && hasRole(role2, account)) return;
    _checkRole(getComponentRole(component, role2), account);
  }

  /**
   * @dev Checks if an account has a specific role and revert if not
   * @param role The role to check.
   * @param account The account to check for the role.
   */
  function checkRole(bytes32 role, address account) external view override {
    _checkRole(role, account);
  }

  /**
   * @dev Checks if an account has a either role1 or role2 and revert if not
   * @param role1 The first role to check.
   * @param role2 The second role to check.
   * @param account The account to check for the role.
   */
  function checkRole2(bytes32 role1, bytes32 role2, address account) external view override {
    if (!hasRole(role1, account)) _checkRole(role2, account);
  }

  /**
   * @dev Grants `account` the component role `role` for the component with address `component`.
   *
   * Requirements:
   * - the caller must have role admin for this component-role combination or role admin for any component
   *
   * @param component Address of the component for which the role is being granted.
   * @param role Bytes32 identifier of the role being granted.
   * @param account Address of the account being granted the role.
   */
  function grantComponentRole(
    address component,
    bytes32 role,
    address account
  ) external onlyComponentRoleAdmin(component, role) {
    _grantRole(getComponentRole(component, role), account);
  }

  /**
   * @dev Sets `adminRole` as the component-role admin for a specific component or for any component.
   *
   * To set the admin for any component use the ANY_COMPONENT constant.
   *
   * Requirements:
   * - caller must be the current admin for the role
   *
   */
  function setComponentRoleAdmin(
    address component,
    bytes32 role,
    bytes32 adminRole
  ) external onlyComponentRoleAdmin(component, role) {
    _setRoleAdmin(getComponentRole(component, role), adminRole);
  }

  /**
   * @dev Set `adminRole` as the admin role of `role`.
   * Requirements:
   * - the caller must be the current admin of the given `role`.
   *
   * [CAUTION]
   * This method allows bypassing checks done by setComponentRoleAdmin. It should not be used for component roles.
   */
  function setRoleAdmin(bytes32 role, bytes32 adminRole) external onlyRole(getRoleAdmin(role)) {
    _setRoleAdmin(role, adminRole);
  }

  /**
   * @dev This empty reserved space is put in place to allow future versions to add new
   * variables without shifting down storage in the inheritance chain.
   * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
   */
  uint256[50] private __gap;
}


The AccessManager contract manages access control for a protocol, allowing roles to be assigned globally or per component. It supports role hierarchy, role administration, and upgradeability via UUPS. It includes checks for role possession and provides functions to grant roles, set role admins, and verify role assignments, including component-specific roles.

AccessManager - Protocol access roles

asset_

vault_

connect

deinvestAll

earnings

getInvestmentValue

liquidityMax

liquidityMiddle

liquidityMin

rebalance

recordEarnings

paymentAmount

refillWallet

deinvest

middle

setLiquidityThresholds

EarningsRecorded

action

value

GovernanceAction

amount

MoneyDeinvested

MoneyInvested

// SPDX-License-Identifier: Apache-2.0
pragma solidity 0.8.16;

import {SafeCast} from "@openzeppelin/contracts/utils/math/SafeCast.sol";
import {IERC20Metadata} from "@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol";
import {IERC4626} from "@openzeppelin/contracts/interfaces/IERC4626.sol";
import {LiquidityThresholdAssetManager} from "./LiquidityThresholdAssetManager.sol";

/**
 * @title Asset Manager that deploys the funds into an ERC4626 vault
 * @dev Using liquidity thresholds defined in {LiquidityThresholdAssetManager}, deploys the funds into an ERC4626 vault.
 * @custom:security-contact security@ensuro.co
 * @author Ensuro
 *
 * @notice This contracts uses Diamond Storage and should not define state variables outside of that. See the diamondStorage method for more details.
 */
contract ERC4626AssetManager is LiquidityThresholdAssetManager {
  using SafeCast for uint256;

  IERC4626 internal immutable _vault;

  constructor(IERC20Metadata asset_, IERC4626 vault_) LiquidityThresholdAssetManager(asset_) {
    require(address(vault_) != address(0), "ERC4626AssetManager: vault cannot be zero address");
    require(address(asset_) == vault_.asset(), "ERC4626AssetManager: vault must have the same asset");
    _vault = vault_;
  }

  function connect() public virtual override {
    super.connect();
    _asset.approve(address(_vault), type(uint256).max); // infinite approval to the vault
  }

  function _invest(uint256 amount) internal virtual override {
    super._invest(amount);
    _vault.deposit(amount, address(this));
  }

  function _deinvest(uint256 amount) internal virtual override {
    super._deinvest(amount);
    _vault.withdraw(amount, address(this), address(this));
  }

  function deinvestAll() external virtual override returns (int256 earnings) {
    DiamondStorage storage ds = diamondStorage();
    uint256 assets = _vault.redeem(_vault.balanceOf(address(this)), address(this), address(this));
    earnings = int256(assets) - int256(uint256(ds.lastInvestmentValue));
    ds.lastInvestmentValue = 0;
    emit MoneyDeinvested(assets);
    emit EarningsRecorded(earnings);
    return earnings;
  }

  function getInvestmentValue() public view virtual override returns (uint256) {
    return _vault.convertToAssets(_vault.balanceOf(address(this)));
  }
}


The `ERC4626AssetManager` contract manages funds by investing in an ERC4626-compliant vault. It allows for depositing assets into the vault, withdrawing them, and deinvesting all assets. It also tracks the investment value and handles approvals for asset transfers.

Asset Manager that deploys the funds into an ERC4626 vault

discretionaryVault_

discretionaryToVault

vaultToDiscretionary

// SPDX-License-Identifier: Apache-2.0
pragma solidity ^0.8.0;

import {Math} from "@openzeppelin/contracts/utils/math/Math.sol";
import {IERC20Metadata} from "@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol";
import {IERC4626} from "@openzeppelin/contracts/interfaces/IERC4626.sol";
import {ERC4626AssetManager} from "./ERC4626AssetManager.sol";
import {LiquidityThresholdAssetManager} from "./LiquidityThresholdAssetManager.sol";

/**
 * @title Asset Manager that deploys the funds into a given ERC4626 but also, at request, can deploy the funds in
 *         another vault, the discretionary vault.
 * @dev Using liquidity thresholds defined in {LiquidityThresholdAssetManager}, deploys the funds into _vault.
 *      By request of the administrator it can also deploy the funds in _discretionaryVault. When deinvesting, if
 *      funds in _vault are not enough, it tries to withdraw from _discretionaryVault.
 * @custom:security-contact security@ensuro.co
 * @author Ensuro
 */
contract ERC4626PlusVaultAssetManager is ERC4626AssetManager {
  IERC4626 internal immutable _discretionaryVault;

  constructor(
    IERC20Metadata asset_,
    IERC4626 vault_,
    IERC4626 discretionaryVault_
  ) ERC4626AssetManager(asset_, vault_) {
    require(address(discretionaryVault_) != address(0), "ERC4626PlusVaultAssetManager: vault cannot be zero address");
    require(
      address(asset_) == discretionaryVault_.asset(),
      "ERC4626PlusVaultAssetManager: vault must have the same asset"
    );
    require(vault_ != discretionaryVault_, "ERC4626PlusVaultAssetManager: vaults must be different");
    _discretionaryVault = discretionaryVault_;
  }

  function _deinvest(uint256 amount) internal virtual override {
    LiquidityThresholdAssetManager._deinvest(amount);
    uint256 vaultAmount = Math.min(amount, _vault.maxWithdraw(address(this)));
    if (vaultAmount != 0) _vault.withdraw(vaultAmount, address(this), address(this));
    if (amount - vaultAmount != 0) _discretionaryVault.withdraw(amount - vaultAmount, address(this), address(this));
  }

  function connect() public override {
    super.connect();
    _asset.approve(address(_discretionaryVault), type(uint256).max); // infinite approval to the vault
  }

  function deinvestAll() external virtual override returns (int256 earnings) {
    DiamondStorage storage ds = diamondStorage();
    uint256 fromVault = _vault.redeem(_vault.balanceOf(address(this)), address(this), address(this));
    /**
     * WARNING: this was implemented withdrawing as much as possible from the vault WITHOUT failing.
     * This implementation might leave some assets (those that aren't withdrawable) in the vault and those will
     * be reported as losses.
     */
    uint256 redeemable = _discretionaryVault.maxRedeem(address(this));
    uint256 fromDiscVault = redeemable != 0 ? _discretionaryVault.redeem(redeemable, address(this), address(this)) : 0;
    earnings = int256(fromVault + fromDiscVault) - int256(uint256(ds.lastInvestmentValue));
    ds.lastInvestmentValue = 0;
    emit MoneyDeinvested(fromDiscVault + fromVault);
    emit EarningsRecorded(earnings);
    return earnings;
  }

  function _erc4626Assets(IERC4626 vault) internal view returns (uint256) {
    return vault.convertToAssets(vault.balanceOf(address(this)));
  }

  function getInvestmentValue() public view virtual override returns (uint256) {
    return _erc4626Assets(_vault) + _erc4626Assets(_discretionaryVault);
  }

  /**
   * @dev Transfers the given amount from _vault to the _discretionaryVault
   *
   * @param amount The amount to transfer. If that amount isn't available in _vault it reverts.
   *               If amount = type(uint256).max it withdraws all the withdrawable funds from _vault.
   */
  function vaultToDiscretionary(uint256 amount) external {
    if (amount == type(uint256).max) amount = _vault.maxWithdraw(address(this));
    _vault.withdraw(amount, address(this), address(this));
    _discretionaryVault.deposit(amount, address(this));
  }

  /**
   * @dev Transfers the given amount from the _discretionaryVault to _vault
   *
   * @param amount The amount to transfer. If that amount isn't available in the _discretionaryVault it reverts.
   *               If amount = type(uint256).max it withdraws all the funds withdrawable in the _discretionaryVault
   */
  function discretionaryToVault(uint256 amount) external {
    uint256 withdrawn;
    if (amount == type(uint256).max) {
      withdrawn = _discretionaryVault.redeem(
        _discretionaryVault.maxRedeem(address(this)),
        address(this),
        address(this)
      );
    } else {
      _discretionaryVault.withdraw(amount, address(this), address(this));
      withdrawn = amount;
    }
    _vault.deposit(withdrawn, address(this));
  }
}


This contract manages assets by investing in two ERC4626 vaults: a primary vault and a discretionary vault. It allows for investment, deinvestment, and transfer of funds between vaults. It also tracks investment value and can deinvest all funds, recording earnings or losses.

Asset Manager that deploys the funds into a given ERC4626 but also, at request, can deploy the funds in         another vault, the discretionary vault.

policyPool_

TWEAK_EXPIRATION

borrower

addBorrower

owner

spender

allowance

approve

assetManager

balanceOf

checkpoint

currency

decimals

subtractedValue

decreaseAllowance

provider

deposit

functionCall

forwardToAssetManager

fundsAvailable

fundsAvailableToLock

updated

getCurrentScale

getLoan

user

getScaledUserBalanceAndSupply

addedValue

increaseAllowance

name_

symbol_

maxUtilizationRate_

internalLoanInterestRate_

receiver

internalLoan

internalLoanInterestRate

lastTweak

liquidityRequirement

scrAmount

policyInterestRate

lockScr

maxNegativeAdjustment

maxUtilizationRate

minUtilizationRate

name

pause

paused

policyPool

removeBorrower

onBehalfOf

repayLoan

scaledBalanceOf

scaledTotalSupply

scrInterestRate

newAM

force

setAssetManager

param

newValue

setParam

lpWhitelist_

setWhitelist

symbol

tokenInterestRate

totalSupply

totalWithdrawable

recipient

transfer

transferFrom

adjustment

unlockScr

unpause

utilizationRate

whitelist

withdraw

Approval

ComponentChanged

InternalBorrowerAdded

defaultedDebt

InternalBorrowerRemoved

amountAsked

InternalLoan

InternalLoanRepaid

Paused

interestRate

SCRLocked

SCRUnlocked

from

Transfer

Unpaused

NoZeroPolicyPool

UpgradeCannotChangePolicyPool

The `EToken` contract is an interest-bearing token for the Ensuro protocol, an insurance-like service on Ethereum. It allows liquidity providers to deposit and withdraw funds, manages solvency capital requirements (SCR) for backing policies, and handles internal loans to policy pools. It includes features like utilization rate checks, whitelisting, and adjustable parameters for liquidity requirements and interest rates.

Ensuro ERC20 EToken - interest-bearing token

LP_WHITELIST_ADMIN_ROLE

LP_WHITELIST_ROLE

acceptsDeposit

providerFrom

providerTo

acceptsTransfer

acceptsWithdrawal

getWhitelistDefaults

defaultStatus

newStatus

setWhitelistDefaults

whitelistAddress

whitelisted

LPWhitelistStatusChanged

// SPDX-License-Identifier: Apache-2.0
pragma solidity 0.8.16;

import {IPolicyPool} from "./interfaces/IPolicyPool.sol";
import {PolicyPoolComponent} from "./PolicyPoolComponent.sol";
import {ILPWhitelist} from "./interfaces/ILPWhitelist.sol";
import {IEToken} from "./interfaces/IEToken.sol";

/**
 * @title Manual Whitelisting contract
 * @dev LP addresses are whitelisted (and un-whitelisted) manually with transactions by user with given role
 * @custom:security-contact security@ensuro.co
 * @author Ensuro
 */
contract LPManualWhitelist is ILPWhitelist, PolicyPoolComponent {
  bytes32 public constant LP_WHITELIST_ROLE = keccak256("LP_WHITELIST_ROLE");
  bytes32 public constant LP_WHITELIST_ADMIN_ROLE = keccak256("LP_WHITELIST_ADMIN_ROLE");

  /**
   * @dev Enum with the different options for whitelisting status
   */
  enum WhitelistOptions {
    undefined,
    whitelisted,
    blacklisted
  }

  struct WhitelistStatus {
    WhitelistOptions deposit;
    WhitelistOptions withdraw;
    WhitelistOptions sendTransfer;
    WhitelistOptions receiveTransfer;
  }

  mapping(address => WhitelistStatus) private _wlStatus;

  event LPWhitelistStatusChanged(address provider, WhitelistStatus whitelisted);

  /// @custom:oz-upgrades-unsafe-allow constructor
  // solhint-disable-next-line no-empty-blocks
  constructor(IPolicyPool policyPool_) PolicyPoolComponent(policyPool_) {}

  /**
   * @dev Initializes the Whitelist contract
   */
  function initialize(WhitelistStatus calldata defaultStatus) public virtual initializer {
    __LPManualWhitelist_init(defaultStatus);
  }

  // solhint-disable-next-line func-name-mixedcase
  function __LPManualWhitelist_init(WhitelistStatus calldata defaultStatus) internal onlyInitializing {
    __PolicyPoolComponent_init();
    __LPManualWhitelist_init_unchained(defaultStatus);
  }

  // solhint-disable-next-line func-name-mixedcase
  function __LPManualWhitelist_init_unchained(WhitelistStatus calldata defaultStatus) internal onlyInitializing {
    _checkDefaultStatus(defaultStatus);
    _wlStatus[address(0)] = defaultStatus;
    emit LPWhitelistStatusChanged(address(0), defaultStatus);
  }

  function whitelistAddress(
    address provider,
    WhitelistStatus calldata newStatus
  ) external onlyComponentRole(LP_WHITELIST_ROLE) {
    require(provider != address(0), "You can't change the defaults");
    _whitelistAddress(provider, newStatus);
  }

  function _checkDefaultStatus(WhitelistStatus calldata newStatus) internal pure {
    require(
      newStatus.deposit != WhitelistOptions.undefined &&
        newStatus.withdraw != WhitelistOptions.undefined &&
        newStatus.sendTransfer != WhitelistOptions.undefined &&
        newStatus.receiveTransfer != WhitelistOptions.undefined,
      "You need to define the default status for all the operations"
    );
  }

  function setWhitelistDefaults(
    WhitelistStatus calldata newStatus
  ) external onlyComponentRole(LP_WHITELIST_ADMIN_ROLE) {
    _checkDefaultStatus(newStatus);
    _whitelistAddress(address(0), newStatus);
  }

  function getWhitelistDefaults() external view returns (WhitelistStatus memory) {
    return _wlStatus[address(0)];
  }

  function _whitelistAddress(address provider, WhitelistStatus memory newStatus) internal {
    _wlStatus[provider] = newStatus;
    emit LPWhitelistStatusChanged(provider, newStatus);
  }

  /**
   * @dev See {IERC165-supportsInterface}.
   */
  function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
    return super.supportsInterface(interfaceId) || interfaceId == type(ILPWhitelist).interfaceId;
  }

  function acceptsDeposit(IEToken, address provider, uint256) external view override returns (bool) {
    WhitelistOptions wl = _wlStatus[provider].deposit;
    if (wl == WhitelistOptions.undefined) {
      wl = _wlStatus[address(0)].deposit;
    }
    return wl == WhitelistOptions.whitelisted;
  }

  function acceptsWithdrawal(IEToken, address provider, uint256) external view override returns (bool) {
    WhitelistOptions wl = _wlStatus[provider].withdraw;
    if (wl == WhitelistOptions.undefined) {
      wl = _wlStatus[address(0)].withdraw;
    }
    return wl == WhitelistOptions.whitelisted;
  }

  function acceptsTransfer(
    IEToken,
    address providerFrom,
    address providerTo,
    uint256
  ) external view override returns (bool) {
    WhitelistOptions wl = _wlStatus[providerFrom].sendTransfer;
    if (wl == WhitelistOptions.undefined) {
      wl = _wlStatus[address(0)].sendTransfer;
    }
    if (wl != WhitelistOptions.whitelisted) return false;
    wl = _wlStatus[providerTo].receiveTransfer;
    if (wl == WhitelistOptions.undefined) {
      wl = _wlStatus[address(0)].receiveTransfer;
    }
    return wl == WhitelistOptions.whitelisted;
  }

  /**
   * @dev This empty reserved space is put in place to allow future versions to add new
   * variables without shifting down storage in the inheritance chain.
   * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
   */
  uint256[49] private __gap;
}


The `LPManualWhitelist` contract manages a manual whitelist for liquidity providers (LPs), allowing specific addresses to deposit, withdraw, send, or receive transfers based on their whitelist status. It emits events when the whitelist status changes and provides functions to set and check the default and specific address statuses. It also supports interface checks for compatibility.

Manual Whitelisting contract

// SPDX-License-Identifier: Apache-2.0
pragma solidity 0.8.16;

import {SafeCast} from "@openzeppelin/contracts/utils/math/SafeCast.sol";
import {IERC20Metadata} from "@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol";
import {IERC165} from "@openzeppelin/contracts/utils/introspection/IERC165.sol";
import {IPolicyPoolComponent} from "./interfaces/IPolicyPoolComponent.sol";
import {IAssetManager} from "./interfaces/IAssetManager.sol";
import {IAccessManager} from "./interfaces/IAccessManager.sol";
import {Math} from "@openzeppelin/contracts/utils/math/Math.sol";

/**
 * @title Base class for asset management strategies that use thresholds for cash and investment balance
 * @dev Base class for asset management strategies that use thresholds for cash and investment balance.
 *      The specific asset management strategy needs to be implemented by child contracts.
 *      Settings liquidityMin, liquidityMiddle, liquidityMax are the thresholds used to define how much liquidity
 *      to keep in the PolicyPool and when to invest/deinvest. Every invest/deinvest operation tries to leave the
 *      cash at liquidityMiddle.
 * @custom:security-contact security@ensuro.co
 * @author Ensuro
 *
 * @notice This contracts uses Diamond Storage and should not define state variables outside of that. See the diamondStorage method for more details.
 */
abstract contract LiquidityThresholdAssetManager is IAssetManager {
  using SafeCast for uint256;

  IERC20Metadata internal immutable _asset;
  event GovernanceAction(IAccessManager.GovernanceActions indexed action, uint256 value);

  struct DiamondStorage {
    uint32 liquidityMin; // stored with 0 decimals
    uint32 liquidityMiddle; // stored with 0 decimals
    uint32 liquidityMax; // stored with 0 decimals
    uint128 lastInvestmentValue;
  }

  modifier validateParamsAfterChange() {
    _;
    _validateParameters();
  }

  constructor(IERC20Metadata asset_) {
    require(address(asset_) != address(0), "LiquidityThresholdAssetManager: asset cannot be zero address");
    _asset = asset_;
  }

  function diamondStorage() internal pure returns (DiamondStorage storage ds) {
    // Inspired from https://eips.ethereum.org/EIPS/eip-2535#facets-state-variables-and-diamond-storage
    // Set the position of our struct in contract storage
    bytes32 storagePosition = keccak256("co.ensuro.LiquidityThresholdAssetManager");
    // solhint-disable-next-line no-inline-assembly
    assembly {
      ds.slot := storagePosition
    }
  }

  function _validateParameters() internal view {
    DiamondStorage storage ds = diamondStorage();

    require(
      ds.liquidityMin <= ds.liquidityMiddle && ds.liquidityMiddle <= ds.liquidityMax,
      "Validation: Liquidity limits are invalid"
    );
  }

  function connect() public virtual override {
    require(IPolicyPoolComponent(address(this)).policyPool().currency() == _asset, "Asset mismatch");
    DiamondStorage storage ds = diamondStorage();
    // When connecting I make sure the storage is clean, to avoid reusing data from previous AM that left
    // the data in a wrong state.
    ds.liquidityMin = 0;
    ds.liquidityMiddle = 0;
    ds.liquidityMax = 0;
    ds.lastInvestmentValue = 0;
  }

  function recordEarnings() external virtual override returns (int256) {
    uint256 investmentValue = getInvestmentValue();
    DiamondStorage storage ds = diamondStorage();
    int256 earnings = int256(investmentValue) - int256(uint256(ds.lastInvestmentValue));
    ds.lastInvestmentValue = investmentValue.toUint128();
    emit EarningsRecorded(earnings);
    return earnings;
  }

  /**
   * @dev Returns the current value of the investment portfolio
   */
  function getInvestmentValue() public view virtual returns (uint256);

  /**
   * @dev Rebalances cash between PolicyPool wallet and
   */
  function rebalance() external virtual override {
    uint256 cash = _asset.balanceOf(address(this));
    if (cash > liquidityMax()) {
      _invest(cash - liquidityMiddle());
    } else if (cash < liquidityMin()) {
      uint256 deinvestAmount = Math.min(getInvestmentValue(), liquidityMiddle() - cash);
      if (deinvestAmount > 0) {
        _deinvest(deinvestAmount);
      }
    }
  }

  /**
   * @dev This is called from PolicyPool when doesn't have enough money for payment.
   *      After the call, there should be enough money in PolicyPool.currency().balanceOf(this) to
   *      do the payment
   * @param paymentAmount The amount of the payment
   */
  function refillWallet(uint256 paymentAmount) external override returns (uint256 deinvest) {
    uint256 cash = _asset.balanceOf(address(this));
    require(cash < paymentAmount, "No need to refill the wallet for this payment");
    uint256 investmentValue = getInvestmentValue();
    // try to leave the pool balance at liquidity_middle after the payment
    deinvest = paymentAmount + liquidityMiddle() - cash;
    if (deinvest > investmentValue) deinvest = investmentValue;
    _deinvest(deinvest);
    return deinvest;
  }

  function _invest(uint256 amount) internal virtual {
    DiamondStorage storage ds = diamondStorage();
    ds.lastInvestmentValue += amount.toUint128();
    emit MoneyInvested(amount);
    // must be reimplemented do the actual cash movement
  }

  function _deinvest(uint256 amount) internal virtual {
    DiamondStorage storage ds = diamondStorage();
    ds.lastInvestmentValue -= Math.min(uint256(ds.lastInvestmentValue), amount).toUint128();
    emit MoneyDeinvested(amount);
    // must be reimplemented do the actual cash movement
  }

  function liquidityMin() public view returns (uint256) {
    return diamondStorage().liquidityMin * 10 ** _asset.decimals();
  }

  function liquidityMiddle() public view returns (uint256) {
    return diamondStorage().liquidityMiddle * 10 ** _asset.decimals();
  }

  function liquidityMax() public view returns (uint256) {
    return diamondStorage().liquidityMax * 10 ** _asset.decimals();
  }

  function setLiquidityThresholds(uint256 min, uint256 middle, uint256 max) external validateParamsAfterChange {
    DiamondStorage storage ds = diamondStorage();
    if (min != type(uint256).max) {
      ds.liquidityMin = (min / 10 ** _asset.decimals()).toUint32();
      emit GovernanceAction(IAccessManager.GovernanceActions.setLiquidityMin, min);
    }
    if (middle != type(uint256).max) {
      ds.liquidityMiddle = (middle / 10 ** _asset.decimals()).toUint32();
      emit GovernanceAction(IAccessManager.GovernanceActions.setLiquidityMiddle, middle);
    }
    if (max != type(uint256).max) {
      ds.liquidityMax = (max / 10 ** _asset.decimals()).toUint32();
      emit GovernanceAction(IAccessManager.GovernanceActions.setLiquidityMax, max);
    }
  }

  /**
   * @dev See {IERC165-supportsInterface}.
   */
  function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
    return interfaceId == type(IERC165).interfaceId || interfaceId == type(IAssetManager).interfaceId;
  }
}


This abstract contract defines a liquidity management strategy for a policy pool using thresholds (min, middle, max) to determine when to invest or deinvest funds. It records earnings, rebalances funds, refills the policy pool wallet, and allows setting liquidity thresholds. It uses Diamond Storage for state and supports IERC165 and IAssetManager interfaces.

Base class for asset management strategies that use thresholds for cash and investment balance

// SPDX-License-Identifier: Apache-2.0
pragma solidity 0.8.16;
import {WadRayMath} from "./dependencies/WadRayMath.sol";
import {IRiskModule} from "./interfaces/IRiskModule.sol";

/**
 * @title Policy library
 * @dev Library for PolicyData struct. This struct represents an active policy, how the premium is
 *      distributed, the probability of payout, duration and how the capital is locked.
 * @custom:security-contact security@ensuro.co
 * @author Ensuro
 */
library Policy {
  using WadRayMath for uint256;

  uint256 internal constant SECONDS_PER_YEAR = 365 days;

  // Active Policies
  struct PolicyData {
    uint256 id;
    uint256 payout;
    uint256 premium;
    uint256 jrScr;
    uint256 srScr;
    uint256 lossProb; // original loss probability (in wad)
    uint256 purePremium; // share of the premium that covers expected losses
    // equal to payout * lossProb * riskModule.moc
    uint256 ensuroCommission; // share of the premium that goes for Ensuro
    uint256 partnerCommission; // share of the premium that goes for the RM
    uint256 jrCoc; // share of the premium that goes to junior liquidity providers (won or not)
    uint256 srCoc; // share of the premium that goes to senior liquidity providers (won or not)
    IRiskModule riskModule;
    uint40 start;
    uint40 expiration;
  }

  struct PremiumComposition {
    uint256 purePremium;
    uint256 jrScr;
    uint256 srScr;
    uint256 jrCoc;
    uint256 srCoc;
    uint256 ensuroCommission;
    uint256 partnerCommission;
    uint256 totalPremium;
  }

  function getMinimumPremium(
    IRiskModule.Params memory rmParams,
    uint256 payout,
    uint256 lossProb,
    uint40 expiration,
    uint40 start
  ) internal pure returns (PremiumComposition memory minPremium) {
    minPremium.purePremium = payout.wadMul(lossProb.wadMul(rmParams.moc));
    minPremium.jrScr = payout.wadMul(rmParams.jrCollRatio);
    if (minPremium.jrScr > minPremium.purePremium) {
      minPremium.jrScr -= minPremium.purePremium;
    } else {
      minPremium.jrScr = 0;
    }

    minPremium.srScr = payout.wadMul(rmParams.collRatio);
    if (minPremium.srScr > (minPremium.purePremium + minPremium.jrScr)) {
      minPremium.srScr -= minPremium.purePremium + minPremium.jrScr;
    } else {
      minPremium.srScr = 0;
    }

    // Calculate CoCs
    minPremium.jrCoc = minPremium.jrScr.wadMul((rmParams.jrRoc * (expiration - start)) / SECONDS_PER_YEAR);
    minPremium.srCoc = minPremium.srScr.wadMul((rmParams.srRoc * (expiration - start)) / SECONDS_PER_YEAR);
    uint256 totalCoc = minPremium.jrCoc + minPremium.srCoc;

    minPremium.ensuroCommission =
      minPremium.purePremium.wadMul(rmParams.ensuroPpFee) +
      totalCoc.wadMul(rmParams.ensuroCocFee);

    minPremium.totalPremium = minPremium.purePremium + minPremium.ensuroCommission + totalCoc;
  }

  function initialize(
    IRiskModule riskModule,
    IRiskModule.Params memory rmParams,
    uint256 premium,
    uint256 payout,
    uint256 lossProb,
    uint40 expiration,
    uint40 start
  ) internal pure returns (PolicyData memory newPolicy) {
    require(premium <= payout, "Premium cannot be more than payout");
    PolicyData memory policy;

    policy.riskModule = riskModule;
    policy.premium = premium;
    policy.payout = payout;
    policy.lossProb = lossProb;
    policy.start = start;
    policy.expiration = expiration;

    PremiumComposition memory minPremium = getMinimumPremium(rmParams, payout, lossProb, expiration, start);

    policy.purePremium = minPremium.purePremium;
    policy.jrScr = minPremium.jrScr;
    policy.srScr = minPremium.srScr;
    policy.jrCoc = minPremium.jrCoc;
    policy.srCoc = minPremium.srCoc;
    policy.ensuroCommission = minPremium.ensuroCommission;

    require(minPremium.totalPremium <= premium, "Premium less than minimum");

    policy.partnerCommission = premium - minPremium.totalPremium;
    return policy;
  }

  function jrInterestRate(PolicyData memory policy) internal pure returns (uint256) {
    return ((policy.jrCoc * SECONDS_PER_YEAR) / (policy.expiration - policy.start)).wadDiv(policy.jrScr);
  }

  function jrAccruedInterest(PolicyData memory policy) internal view returns (uint256) {
    return (policy.jrCoc * (block.timestamp - policy.start)) / (policy.expiration - policy.start);
  }

  function srInterestRate(PolicyData memory policy) internal pure returns (uint256) {
    return ((policy.srCoc * SECONDS_PER_YEAR) / (policy.expiration - policy.start)).wadDiv(policy.srScr);
  }

  function srAccruedInterest(PolicyData memory policy) internal view returns (uint256) {
    return (policy.srCoc * (block.timestamp - policy.start)) / (policy.expiration - policy.start);
  }

  function hash(PolicyData memory policy) internal pure returns (bytes32 retHash) {
    retHash = keccak256(abi.encode(policy));
    require(retHash != bytes32(0), "Policy: hash cannot be 0");
    return retHash;
  }
}


This Solidity library defines a `PolicyData` struct to represent an insurance policy, including its financial parameters and associated risk module. It provides functions to calculate minimum premiums, initialize policies, compute interest rates, and accrued interests for junior and senior capital providers, and generate a unique hash for a policy.

Policy library

Ensuro is the first decentralized, licensed (re)insurer on a public blockchain. Our mission is to allow anyone to invest in insurance risk and reap its benefits