Deploy Nio Governance (#297)

* Add deployment script for Nio governance contracts and update NioElection initialization to accept owner address.

* Update migration script to correct contract address storage and adjust salt calculation for NioGovernor deployment.

* Add vm.broadcast call before deploying NioGovernor contract in migration script for better deployment tracking.

* Add new JSON files for Nio governance broadcast and update addresses.json with new contract addresses for AccessManager, NioElection, NioGovernor, and NioGuardians.

* Refactor: Improve readability by reformatting long lines in 138-nio-governance.s.sol for better code clarity.

* Add migration script for transferring treasury ownership and update constants with NIO roles and execution delay.

* Refactor migration script for better readability by adjusting spacing and line breaks in function calls.

* Add slither annotations to disable uninitialized-state warnings for rateLimit, costLimit, and globalRateLimit mappings.

script/migrations/138-nio-governance.s.sol

@@ -0,0 +1,82 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.18;
+
+import {NioElection} from "@kinto-core/governance/NioElection.sol";
+import {NioGuardians} from "@kinto-core/tokens/NioGuardians.sol";
+import {BridgedKinto} from "@kinto-core/tokens/bridged/BridgedKinto.sol";
+import {UUPSProxy} from "@kinto-core-test/helpers/UUPSProxy.sol";
+import {AccessManager} from "@openzeppelin-5.0.1/contracts/access/manager/AccessManager.sol";
+import {NioGovernor} from "@kinto-core/governance/NioGovernor.sol";
+import {IKintoID} from "@kinto-core/interfaces/IKintoID.sol";
+
+import {MigrationHelper} from "@kinto-core-script/utils/MigrationHelper.sol";
+
+contract DeployScript is MigrationHelper {
+    function run() public override {
+        super.run();
+
+        (bytes32 salt, address expectedAddress) = mineSalt(
+            keccak256(abi.encodePacked(type(NioGuardians).creationCode, abi.encode(kintoAdminWallet))), "010000"
+        );
+
+        vm.broadcast(deployerPrivateKey);
+        NioGuardians nioNFT = new NioGuardians{salt: salt}(address(kintoAdminWallet));
+
+        assertEq(address(nioNFT), address(expectedAddress));
+        assertEq(nioNFT.owner(), address(kintoAdminWallet));
+
+        saveContractAddress("NioGuardians", address(nioNFT));
+
+        vm.broadcast(deployerPrivateKey);
+        NioElection election = new NioElection{salt: 0}(
+            BridgedKinto(_getChainDeployment("KINTO")), nioNFT, IKintoID(_getChainDeployment("KintoID"))
+        );
+
+        assertEq(address(election.kToken()), _getChainDeployment("KINTO"));
+        assertEq(address(election.nioNFT()), address(nioNFT));
+        assertEq(address(election.kintoID()), _getChainDeployment("KintoID"));
+
+        saveContractAddress("NioElectionV1-impl", address(election));
+
+        (salt, expectedAddress) =
+            mineSalt(keccak256(abi.encodePacked(type(UUPSProxy).creationCode, abi.encode(election, ""))), "010E1E");
+
+        vm.broadcast(deployerPrivateKey);
+        address proxy = address(new UUPSProxy{salt: salt}(address(election), ""));
+
+        assertEq(proxy, address(expectedAddress));
+
+        _whitelistApp(proxy);
+
+        _handleOps(abi.encodeWithSelector(NioElection.initialize.selector, kintoAdminWallet), proxy);
+
+        assertEq(NioElection(proxy).owner(), kintoAdminWallet);
+
+        saveContractAddress("NioElection", proxy);
+
+        (salt, expectedAddress) = mineSalt(
+            keccak256(abi.encodePacked(type(AccessManager).creationCode, abi.encode(kintoAdminWallet))), "ACC000"
+        );
+
+        vm.broadcast(deployerPrivateKey);
+        AccessManager accessManager = new AccessManager{salt: salt}(kintoAdminWallet);
+
+        assertEq(address(accessManager), address(expectedAddress));
+        (bool isMember,) = accessManager.hasRole(0, kintoAdminWallet);
+        assertTrue(isMember);
+
+        saveContractAddress("AccessManager", address(accessManager));
+
+        (salt, expectedAddress) = mineSalt(
+            keccak256(abi.encodePacked(type(NioGovernor).creationCode, abi.encode(nioNFT, accessManager))), "010600"
+        );
+        vm.broadcast(deployerPrivateKey);
+        NioGovernor governor = new NioGovernor{salt: salt}(nioNFT, address(accessManager));
+        assertEq(address(governor), address(expectedAddress));
+
+        assertEq(governor.quorum(block.number), 5);
+        assertEq(governor.proposalThreshold(), 1);
+
+        saveContractAddress("NioGovernor", address(governor));
+    }
+}

script/migrations/139-transfer-treasury-ownership.s.sol

@@ -0,0 +1,60 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.18;
+
+import {Treasury} from "@kinto-core/treasury/Treasury.sol";
+import {NioElection} from "@kinto-core/governance/NioElection.sol";
+import {NioGuardians} from "@kinto-core/tokens/NioGuardians.sol";
+import {BridgedKinto} from "@kinto-core/tokens/bridged/BridgedKinto.sol";
+import {UUPSProxy} from "@kinto-core-test/helpers/UUPSProxy.sol";
+import {AccessManager} from "@openzeppelin-5.0.1/contracts/access/manager/AccessManager.sol";
+import {Ownable} from "@openzeppelin-5.0.1/contracts/access/Ownable.sol";
+import {NioGovernor} from "@kinto-core/governance/NioGovernor.sol";
+import {IKintoID} from "@kinto-core/interfaces/IKintoID.sol";
+
+import {MigrationHelper} from "@kinto-core-script/utils/MigrationHelper.sol";
+
+contract DeployScript is MigrationHelper {
+    function run() public override {
+        super.run();
+
+        AccessManager accessManager = AccessManager(_getChainDeployment("AccessManager"));
+        address treasury = _getChainDeployment("Treasury");
+        address governor = _getChainDeployment("NioGovernor ");
+
+        _whitelistApp(address(accessManager));
+
+        bytes4[] memory selectors = new bytes4[](3);
+        selectors[0] = Treasury.sendFunds.selector;
+        selectors[1] = Treasury.sendETH.selector;
+        selectors[2] = Treasury.batchSendFunds.selector;
+
+        _handleOps(
+            abi.encodeWithSelector(AccessManager.setTargetFunctionRole.selector, treasury, selectors, NIO_GOVERNOR_ROLE),
+            address(accessManager)
+        );
+
+        _handleOps(
+            abi.encodeWithSelector(
+                AccessManager.grantRole.selector, NIO_GOVERNOR_ROLE, governor, uint32(NIO_EXECUTION_DELAY)
+            ),
+            address(accessManager)
+        );
+
+        _handleOps(
+            abi.encodeWithSelector(AccessManager.labelRole.selector, NIO_GOVERNOR_ROLE, "NIO_GOVERNOR_ROLE"),
+            address(accessManager)
+        );
+
+        _handleOps(abi.encodeWithSelector(Ownable.transferOwnership.selector, accessManager), address(treasury));
+
+        assertEq(Treasury(payable(treasury)).owner(), address(accessManager));
+
+        (bool immediate, uint32 delay) = accessManager.canCall(governor, treasury, Treasury.sendFunds.selector);
+        assertFalse(immediate);
+        assertEq(delay, NIO_EXECUTION_DELAY);
+
+        (bool isMember, uint32 currentDelay) = accessManager.hasRole(NIO_GOVERNOR_ROLE, governor);
+        assertTrue(isMember);
+        assertEq(currentDelay, NIO_EXECUTION_DELAY);
+    }
+}

script/migrations/const.sol

@@ -5,4 +5,6 @@ contract Constants {
     uint256 internal constant LEDGER = 0;
     uint256 internal constant TREZOR = 1;
     address WUSDM = 0x57F5E098CaD7A3D1Eed53991D4d66C45C9AF7812; // wUSDM
+    uint64 internal constant NIO_GOVERNOR_ROLE = uint64(uint256(keccak256("NIO_GOVERNOR_ROLE")));
+    uint256 internal constant NIO_EXECUTION_DELAY = 3 days;
 }

src/governance/NioElection.sol

@@ -117,9 +117,9 @@ contract NioElection is Initializable, UUPSUpgradeable, OwnableUpgradeable {
     }
 
     /// @dev initialize the proxy
-    function initialize() external virtual initializer {
+    function initialize(address owner) external virtual initializer {
         __UUPSUpgradeable_init();
-        __Ownable_init(msg.sender);
+        __Ownable_init(owner);
     }
 
     /**

src/paymasters/SponsorPaymaster.sol

@@ -152,10 +152,13 @@ contract SponsorPaymaster is Initializable, BasePaymaster, UUPSUpgradeable, Reen
     mapping(address => uint256) public unlockBlock;
 
     // rate & cost limits per user per app: user => app => RateLimitData
+    // slither-disable-next-line uninitialized-state
     mapping(address => mapping(address => ISponsorPaymaster.RateLimitData)) public rateLimit;
+    // slither-disable-next-line uninitialized-state
     mapping(address => mapping(address => ISponsorPaymaster.RateLimitData)) public costLimit;
 
     // rate limit across apps: user => RateLimitData
+    // slither-disable-next-line uninitialized-state
     mapping(address => ISponsorPaymaster.RateLimitData) public globalRateLimit;
 
     IKintoAppRegistry public override appRegistry;

test/artifacts/7887/addresses.json

@@ -1,4 +1,5 @@
 {
+  "AccessManager": "0xacC000818e5Bbd911D5d449aA81CB5cA24024739",
   "BridgedWethV1-impl": "0x4fA880Fa6B651a9C565af547b39B57DC24bBC8fE",
   "BridgerL2": "0x26181Dfc530d96523350e895180b09BAf3d816a0",
   "BridgerL2V1-impl": "0xb9d571bA2CdFBBfc4F190f8Baeb6781b8cbC9cd5",
@@ -149,6 +150,10 @@
   "L2WethGatewayV2-impl": "0xDEa0d8430991bae39E826C7625566792A025B45f",
   "MKR": "0x11A1e3777010fcbc31Bd1b9B095b2009ca04b1Ed",
   "MKR-impl": "0x7001b99EB73eBBC8602E5Ce94429D05b0c04daF2",
+  "NioElection": "0x010E1e3A2026c37F56A80361c23041c9746ddaB5",
+  "NioElectionV1-impl": "0x055bf37c47b3C9bCf7E0945dF304C7F6D8b038B9",
+  "NioGovernor": "0x010600ff5f36C8eF3b6Aaf2A88C2DE85C798594a",
+  "NioGuardians": "0x0100005D52Be9ab3ccE0C70Abf6F6FA2C48e91C9",
   "PAXG": "0x17A060E324A8629fbd096A295cC88EE4939d3646",
   "PAXG-impl": "0x2860E915C091a7695908dE3E4b8f6e0706C31525",
   "PerOpInflator": "0xfE3857666264Cf6394eDbAfF8907C2B1448D831b",