Merge pull request #76 from etherisc/feature/pool-controller-move-to-checks-effects-interactions

move to checks-effects-interaction for payouts

Author: doerfli

contracts/flows/PolicyDefaultFlow.sol

@@ -9,7 +9,6 @@ import "../modules/TreasuryModule.sol";
 import "../shared/WithRegistry.sol";
 
 import "@etherisc/gif-interface/contracts/modules/IPolicy.sol";
-// import "@etherisc/gif-interface/contracts/modules/IQuery.sol";
 import "@etherisc/gif-interface/contracts/modules/IRegistry.sol";
 import "@etherisc/gif-interface/contracts/modules/IPool.sol";
 
@@ -264,15 +263,17 @@ contract PolicyDefaultFlow is
             uint256 netPayoutAmount
         )
     {
-        TreasuryModule treasury = getTreasuryContract();
-        (feeAmount, netPayoutAmount) = treasury.processPayout(processId, payoutId);
+        PoolController pool = getPoolContract();
+        PolicyController policy = getPolicyContract();
+        IPolicy.Payout memory payout = policy.getPayout(processId, payoutId);
 
-        // if payout successful: update book keeping of policy and riskpool
-        IPolicy policy = getPolicyContract();
+        // book keeping of riskpool and policy
+        pool.processPayout(processId, payout.amount);
         policy.processPayout(processId, payoutId);
 
-        PoolController pool = getPoolContract();
-        pool.processPayout(processId, netPayoutAmount + feeAmount);
+        // move funds
+        TreasuryModule treasury = getTreasuryContract();
+        (feeAmount, netPayoutAmount) = treasury.processPayout(processId, payoutId);
     }
 
     function request(

contracts/modules/PoolController.sol

@@ -62,10 +62,20 @@ contract PoolController is
         _;
     }
 
-    modifier onlyTreasury() {
+    modifier onlyActivePool(uint256 riskpoolId) {
         require(
-            _msgSender() == _getContractAddress("Treasury"),
-            "ERROR:POL-003:NOT_TREASURY"
+            _component.getComponentState(riskpoolId) == IComponent.ComponentState.Active, 
+            "ERROR:POL-003:RISKPOOL_NOT_ACTIVE"
+        );
+        _;
+    }
+
+    modifier onlyActivePoolForProcess(bytes32 processId) {
+        IPolicy.Metadata memory metadata = _policy.getMetadata(processId);
+        uint256 riskpoolId = _riskpoolIdForProductId[metadata.productId];
+        require(
+            _component.getComponentState(riskpoolId) == IComponent.ComponentState.Active, 
+            "ERROR:POL-004:RISKPOOL_NOT_ACTIVE"
         );
         _;
     }
@@ -91,12 +101,12 @@ contract PoolController is
         _riskpoolIds.push(riskpoolId);
         _maxmimumNumberOfActiveBundlesForRiskpoolId[riskpoolId] = DEFAULT_MAX_NUMBER_OF_ACTIVE_BUNDLES;
 
-        require(pool.createdAt == 0, "ERROR:POL-004:RISKPOOL_ALREADY_REGISTERED");
+        require(pool.createdAt == 0, "ERROR:POL-005:RISKPOOL_ALREADY_REGISTERED");
 
-        require(wallet != address(0), "ERROR:POL-005:WALLET_ADDRESS_ZERO");
-        require(erc20Token != address(0), "ERROR:POL-006:ERC20_ADDRESS_ZERO");
-        require(collateralizationLevel <= COLLATERALIZATION_LEVEL_CAP, "ERROR:POL-007:COLLATERALIZATION_lEVEl_TOO_HIGH");
-        require(sumOfSumInsuredCap > 0, "ERROR:POL-008:SUM_OF_SUM_INSURED_CAP_ZERO");
+        require(wallet != address(0), "ERROR:POL-006:WALLET_ADDRESS_ZERO");
+        require(erc20Token != address(0), "ERROR:POL-007:ERC20_ADDRESS_ZERO");
+        require(collateralizationLevel <= COLLATERALIZATION_LEVEL_CAP, "ERROR:POL-008:COLLATERALIZATION_lEVEl_TOO_HIGH");
+        require(sumOfSumInsuredCap > 0, "ERROR:POL-009:SUM_OF_SUM_INSURED_CAP_ZERO");
 
         pool.id = riskpoolId; 
         pool.wallet = wallet; 
@@ -129,6 +139,7 @@ contract PoolController is
     function fund(uint256 riskpoolId, uint256 amount) 
         external
         onlyRiskpoolService
+        onlyActivePool(riskpoolId)
     {
         IPool.Pool storage pool = _riskpools[riskpoolId];
         pool.capital += amount;
@@ -139,6 +150,7 @@ contract PoolController is
     function defund(uint256 riskpoolId, uint256 amount) 
         external
         onlyRiskpoolService
+        onlyActivePool(riskpoolId)
     {
         IPool.Pool storage pool = _riskpools[riskpoolId];
 
@@ -152,6 +164,7 @@ contract PoolController is
     function underwrite(bytes32 processId) 
         external override 
         onlyPolicyFlow("Pool")
+        onlyActivePoolForProcess(processId)
         returns(bool success)
     {
         // check that application is in applied state
@@ -164,10 +177,6 @@ contract PoolController is
         // determine riskpool responsible for application
         IPolicy.Metadata memory metadata = _policy.getMetadata(processId);
         uint256 riskpoolId = _riskpoolIdForProductId[metadata.productId];
-        require(
-            _component.getComponentState(riskpoolId) == IComponent.ComponentState.Active, 
-            "ERROR:POL-021:RISKPOOL_NOT_ACTIVE"
-        );
 
         // calculate required collateral amount
         uint256 sumInsuredAmount = application.sumInsuredAmount;
@@ -223,6 +232,7 @@ contract PoolController is
     function processPremium(bytes32 processId, uint256 amount) 
         external override
         onlyPolicyFlow("Pool")
+        onlyActivePoolForProcess(processId)
     {
         IPolicy.Metadata memory metadata = _policy.getMetadata(processId);
         IRiskpool riskpool = _getRiskpoolComponent(metadata);
@@ -238,6 +248,7 @@ contract PoolController is
     function processPayout(bytes32 processId, uint256 amount) 
         external override
         onlyPolicyFlow("Pool")
+        onlyActivePoolForProcess(processId)
     {
         IPolicy.Metadata memory metadata = _policy.getMetadata(processId);
         uint256 riskpoolId = _riskpoolIdForProductId[metadata.productId];

contracts/modules/TreasuryModule.sol

@@ -315,16 +315,11 @@ contract TreasuryModule is
             uint256 netPayoutAmount
         )
     {
-        IPolicy.Payout memory payout =  _policy.getPayout(processId, payoutId);
-        require(
-            payout.state == IPolicy.PayoutState.Expected, 
-            "ERROR:TRS-040:PAYOUT_ALREADY_PROCESSED"
-        );
-
         IPolicy.Metadata memory metadata = _policy.getMetadata(processId);
         IERC20 token = getComponentToken(metadata.productId);
         (uint256 riskpoolId, address riskpoolWalletAddress) = _getRiskpoolWallet(processId);
 
+        IPolicy.Payout memory payout =  _policy.getPayout(processId, payoutId);
         require(
             token.balanceOf(riskpoolWalletAddress) >= payout.amount, 
             "ERROR:TRS-042:RISKPOOL_WALLET_BALANCE_TOO_SMALL"

tests/test_apply_underwrite_expire.py

@@ -492,7 +492,7 @@ def test_riskpool_inactive(
     applicationData = s2b32('application')
 
     # check that inactive product does not lead to policy creation
-    with brownie.reverts('ERROR:POL-021:RISKPOOL_NOT_ACTIVE'):
+    with brownie.reverts('ERROR:POL-004:RISKPOOL_NOT_ACTIVE'):
         apply_tx = product.applyForPolicy(
             premium,
             sumInsured,

tests/test_riskpool_lifecycle.py

@@ -16,6 +16,7 @@
 
 from scripts.setup import (
     fund_riskpool,
+    fund_customer,
     apply_for_policy,
 )
 
@@ -131,7 +132,7 @@ def test_pause_unpause(
         riskpool.burnBundle(bundleId, {'from':bundleOwner})
 
     # ensure underwriting new policies is not possible for paused riskpool
-    with brownie.reverts("ERROR:POL-021:RISKPOOL_NOT_ACTIVE"):
+    with brownie.reverts("ERROR:POL-004:RISKPOOL_NOT_ACTIVE"):
         policyId2 = apply_for_policy(instance, owner, product, customer, testCoin, 100, 1000)
 
     # ensure existing policies may be closed while riskpool is paused
@@ -290,6 +291,7 @@ def test_suspend_resume(
 
     assert bundle2Id == bundleId + 1
 
+
 def test_suspend_archive(
     instance: GifInstance, 
     testCoin,
@@ -688,4 +690,192 @@ def test_propose_decline(
 def _getBundle(instance, riskpool, bundleIdx):
     instanceService = instance.getInstanceService()
     bundleId = riskpool.getBundleId(bundleIdx)
-    return instanceService.getBundle(bundleId)
+    return instanceService.getBundle(bundleId)
+
+def test_policy_application_with_inactive_riskpool(
+    instance: GifInstance, 
+    testCoin,
+    gifTestProduct: GifTestProduct, 
+    instanceOperator: Account,
+    productOwner: Account,
+    riskpoolKeeper: Account,
+    customer: Account,
+    capitalOwner: Account
+):
+    # prepare funded riskpool
+    riskpool = gifTestProduct.getRiskpool().getContract()
+    riskpoolId = riskpool.getId()
+    initialFunding = 10000
+    fund_riskpool(instance, instanceOperator, capitalOwner, riskpool, riskpoolKeeper, testCoin, initialFunding)
+
+    # pause riskpool
+    componentOwnerService = instance.getComponentOwnerService()
+    componentOwnerService.pause(riskpoolId, {'from': riskpoolKeeper})    
+    assert riskpool.getState() == 4
+
+    # attempt to create policy
+    product = gifTestProduct.getContract()
+    premium = 300
+    sumInsured = 2000
+
+    with brownie.reverts('ERROR:POL-004:RISKPOOL_NOT_ACTIVE'):
+        product.applyForPolicy(premium, sumInsured, bytes(0), bytes(0), {'from': customer})
+
+    assert product.policies() == 0
+
+    # unpuase riskpool again
+    componentOwnerService.unpause(riskpoolId, {'from': riskpoolKeeper})    
+    assert riskpool.getState() == 3
+
+    # verify that policy creation works
+    tx = product.applyForPolicy(premium, sumInsured, bytes(0), bytes(0), {'from': customer})
+    processId = tx.return_value
+
+    assert product.policies() == 1
+
+
+def test_collect_premium_with_inactive_riskpool(
+    instance: GifInstance, 
+    testCoin,
+    gifTestProduct: GifTestProduct, 
+    instanceOperator: Account,
+    productOwner: Account,
+    riskpoolKeeper: Account,
+    customer: Account,
+    capitalOwner: Account
+):
+    # prepare funded riskpool
+    riskpool = gifTestProduct.getRiskpool().getContract()
+    riskpoolId = riskpool.getId()
+    initialFunding = 10000
+    fund_riskpool(instance, instanceOperator, capitalOwner, riskpool, riskpoolKeeper, testCoin, initialFunding)
+
+    # create policy
+    product = gifTestProduct.getContract()
+    premium = 300
+    sumInsured = 2000
+    tx = product.applyForPolicy(premium, sumInsured, bytes(0), bytes(0), {'from': customer})
+    processId = tx.return_value
+
+    # ComponentState {Created,Proposed,Declined,Active,Paused,Suspended}
+    assert product.policies() == 1
+    assert riskpool.getState() == 3
+
+    # pause riskpool
+    componentOwnerService = instance.getComponentOwnerService()
+    componentOwnerService.pause(riskpoolId, {'from': riskpoolKeeper})
+    
+    assert riskpool.getState() == 4
+    # fund customer to pay premium now
+    fund_customer(instance, instanceOperator, customer, testCoin, premium)
+    assert testCoin.balanceOf(customer) == premium
+    assert testCoin.allowance(customer, instance.getTreasury()) == premium
+
+    # attempt to collect premium with paused riskpool
+    with brownie.reverts('ERROR:POL-004:RISKPOOL_NOT_ACTIVE'):
+        product.collectPremium(processId, premium, {'from': productOwner})
+
+    assert testCoin.balanceOf(customer) == premium
+
+    # unpuase riskpool
+    componentOwnerService.unpause(riskpoolId, {'from': riskpoolKeeper})    
+    assert riskpool.getState() == 3
+
+    # ensure that collecting premiums works again
+    tx = product.collectPremium(processId, premium, {'from': productOwner})
+    (success, fee, netPremium) = tx.return_value
+
+    assert success
+    assert testCoin.balanceOf(customer) == 0
+
+
+
+
+def test_payout_processing_with_inactive_riskpool(
+    instance: GifInstance, 
+    testCoin,
+    gifTestProduct: GifTestProduct, 
+    instanceOperator: Account,
+    productOwner: Account,
+    riskpoolKeeper: Account,
+    customer: Account,
+    capitalOwner: Account
+):
+    instanceService = instance.getInstanceService()
+
+    # prepare funded riskpool
+    riskpool = gifTestProduct.getRiskpool().getContract()
+    riskpoolId = riskpool.getId()
+    initialFunding = 10000
+    fund_riskpool(instance, instanceOperator, capitalOwner, riskpool, riskpoolKeeper, testCoin, initialFunding)
+
+    # fund customer to pay premium now
+    premium = 300
+    fund_customer(instance, instanceOperator, customer, testCoin, premium)
+    assert testCoin.balanceOf(customer) == premium
+    assert testCoin.allowance(customer, instance.getTreasury()) == premium
+
+    # create policy
+    product = gifTestProduct.getContract()
+    sumInsured = 2000
+    tx = product.applyForPolicy(premium, sumInsured, bytes(0), bytes(0), {'from': customer})
+    processId = tx.return_value
+
+    # ComponentState {Created,Proposed,Declined,Active,Paused,Suspended}
+    assert instanceService.processIds() == 1
+    assert instanceService.claims(processId) == 0
+    assert product.policies() == 1
+    assert riskpool.getState() == 3
+
+    # pause riskpool
+    componentOwnerService = instance.getComponentOwnerService()
+    componentOwnerService.pause(riskpoolId, {'from': riskpoolKeeper})
+    
+    assert riskpool.getState() == 4
+
+    claimAmount = 3 * premium
+    (claimId, payoutId) = create_claim_no_oracle(product, customer, productOwner, processId, claimAmount)
+
+    assert instanceService.claims(processId) == 1
+    assert instanceService.payouts(processId) == 1
+    assert testCoin.balanceOf(customer) == 0
+
+    # attempt to process payout
+    with brownie.reverts('ERROR:POL-004:RISKPOOL_NOT_ACTIVE'):
+        product.processPayout(processId, payoutId, {'from':productOwner})
+
+    assert instanceService.claims(processId) == 1
+    assert instanceService.payouts(processId) == 1
+    assert testCoin.balanceOf(customer) == 0
+
+    # unpause riskpool
+    componentOwnerService = instance.getComponentOwnerService()
+    componentOwnerService.unpause(riskpoolId, {'from': riskpoolKeeper})
+    
+    assert riskpool.getState() == 3
+
+    # enwure process payout works again
+    product.processPayout(processId, payoutId, {'from':productOwner})
+
+    assert instanceService.claims(processId) == 1
+    assert instanceService.payouts(processId) == 1
+    assert testCoin.balanceOf(customer) == claimAmount
+
+    # ensure it's not possible to process same payout a 2nd time
+    with brownie.reverts('ERROR:POC-091:POLICY_WITHOUT_OPEN_CLAIMS'):
+        product.processPayout(processId, payoutId, {'from':productOwner})
+
+    assert instanceService.claims(processId) == 1
+    assert instanceService.payouts(processId) == 1
+    assert testCoin.balanceOf(customer) == claimAmount
+
+
+def create_claim_no_oracle(product, customer, productOwner, processId, claimAmount):
+    tx = product.submitClaimNoOracle(processId, claimAmount, {'from':customer})
+    claimId = tx.return_value
+    product.confirmClaim(processId, claimId, claimAmount, {'from':productOwner})
+
+    tx = product.newPayout(processId, claimId, claimAmount, {'from':productOwner})
+    payoutId = tx.return_value
+
+    return (claimId, payoutId)

tests/test_treasury_suspend_resume.py

@@ -218,6 +218,11 @@ def test_process_payout(
     # resume treasury
     instanceOperatorService.resumeTreasury(ioDict)
 
+    # check that no funds have moved
+    assert customerBalanceBeforePayout == erc20Token.balanceOf(customer)
+    assert riskpoolBalanceBeforePayout == erc20Token.balanceOf(riskpoolWallet)
+    assert riskpool.getBalance() == erc20Token.balanceOf(riskpoolWallet)
+
     # trigger payout
     product.createPayout(policyId, claimId, claimAmount, {'from': productOwner})