ETH0

High-Level Overview

The ETH0 contract is designed to manage the ETH0 ERC20 Token, implementing functionalities for minting, burning, and transfer operations while incorporating blacklist checks to restrict these operations to authorized addresses. The total ETH0 supply is collateralized with at minimum 1:1 in collateral tokens, ensuring the stability and security of the protocol.

Contract Summary

ETH0 is an ERC-20 compliant token that integrates additional security and access control features to enhance its governance and usability. It inherits functionalities from ERC20PausableUpgradable and ERC20PermitUpgradeable to support permit-based approvals and pausability.

Minting ETH0

Users can swap their collateral tokens via the DaoCollateral contract to mint an equivalent amount of ETH0. The minting process is subject to several checks:

• The amount must not exceed the current mint cap

• The total supply after minting must not exceed the total collateral backing

• The caller must have the ETH0_MINT role

Redeeming ETH0

Users can swap any ETH0 back to the underlying collateral tokens at any time via the DaoCollateral contract, burning the ETH0 in the process. The redemption process includes a configurable fee to prevent oracle manipulation attacks.

Regulatory Compliance

The contract includes a blacklist feature to ensure regulatory compliance. Sanctioned addresses are prevented from interacting with the contract, and the list is kept up to date.

Collateralization Enforcement

Minting of ETH0 is only possible if the total collateral backing equals or exceeds the ETH0 totalSupply(). The contract verifies this by:

• Checking the balance of all collateral tokens in the treasury

• Converting collateral amounts to ETH using oracle prices

• Ensuring the total collateral value in ETH exceeds the new total supply

Functionality Breakdown

Key Functionalities

• Minting: Tokens can be minted to an address, subject to role checks and collateralization requirements.

• Burning: Tokens can be burned from an address, subject to role checks.

• Transfers: Only non-blacklisted addresses can send or receive tokens.

• Mint Cap Management: The contract implements a mint cap that can be adjusted by authorized roles.

Functions Description

Public/External Functions

• pause(): Pauses all token transfer operations; callable only by the PAUSING_CONTRACTS_ROLE.

• unpause(): Resumes all token transfer operations; callable only by the UNPAUSING_CONTRACTS_ROLE.

• mint(address to, uint256 amount): Mints tokens to a non-blacklisted address if the caller has the ETH0_MINT role and collateralization requirements are met.

• burn(uint256 amount) and burnFrom(address account, uint256 amount): Burns tokens from an address, requiring the ETH0_BURN role.

• setMintCap(uint256 newMintCap): Updates the maximum amount of ETH0 that can be minted; callable only by the MINT_CAP_OPERATOR role.

• getMintCap(): Returns the current mint cap for ETH0.

• blacklist(address account) and unBlacklist(address account): Allows the admin to blacklist or remove from blacklist malicious users from using this token. Only callable by the BLACKLIST_ROLE.

• isBlacklisted(address account): Checks if an address is blacklisted.

Role-Based Access Control

The contract implements several roles for different operations:

• ETH0_MINT: Required for minting new tokens

• ETH0_BURN: Required for burning tokens

• BLACKLIST_ROLE: Required for managing the blacklist

• MINT_CAP_OPERATOR: Required for adjusting the mint cap

• PAUSING_CONTRACTS_ROLE: Required for pausing the contract

• UNPAUSING_CONTRACTS_ROLE: Required for unpausing the contract

Safeguards Implementation

• Pausability: Allows pausing of all token transfers in emergencies

• Blacklist: Prevents sanctioned addresses from interacting with the token

• Mint Cap: Limits the maximum supply of ETH0

• Collateralization Check: Ensures ETH0 remains fully backed by collateral

• Role-Based Access: Restricts sensitive operations to authorized roles