feat: add SlashingWithdrawalRouter (#1358)

**Motivation:**

We want to hold slashed funds in escrow temporarily to maintain protocol
security (prevent malicious actors from draining the contracts).

**Modifications:**

- Add `SlashingWithdrawalRouter`.

**Result:**

The `SlashingWithdrawalRouter` contract is added for managing slashed
funds in the EigenLayer protocol. It provides a mechanism to handle the
burning or redistribution of slashed shares after a delay period,
ensuring proper handling of slashed funds while maintaining protocol
security.

---------

Co-authored-by: Yash Patil <[email protected]>

test(redistribution): add unit tests  (#1383)

**Motivation:**

We want to ensure `SlashingWithdrawalRouter` has appropriate unit test
coverage.

**Modifications:**

- Add more unit tests.

**Result:**

90% coverage.

refactor: remove `v` prefix from `SemVerMixin` (#1385)

**Motivation:**

Slashing was deployed with using a `v` prefix, thus we're simply going
to drop the prefix moving forward.

**Modifications:**

Prefix removed, and tests updated.

**Result:**

SemVerMixin no longer requires a `v` prefix.

feat: escrow funds in unique clone contracts (#1387)

**Motivation:**

Current implementation is broken by rebase tokens.

**Modifications:**

- Rename SWR -> `SlashEscrowFactory`.
- Add factory logic that deploys clones unique to their slash ID.

**Result:**

Funds will now be stored in clone contracts unique to their slash ID.

fix: review issues (#1391)

**Motivation:**

We want to resolve any review issues that arise.

**Modifications:**

- Use larger of strategy or global delay: @non-fungible-nelson
- Fix storage overrides noted from `Deprecated_OwnableUpgradeable`
@wadealexc
- Use `EnumerableSet` instead of `EnumerableSetUpgradaeable` since it
doesn't contain storage
- Add missing event in `initialize()`.
- Prevent `address(0)` during `createRedistributableOperatorSets` for
event sanitation.
- Improve check legibility @wadealexc

**Result:**

Current review concerns have been addressed.

fix: storage checker (#1394)

**Motivation:**

Storage checker didn't have ALM added. Also we needed to fix the
deprecated ownable mixing.

**Modifications:**

Fix mixing to inherit from `ContextUpgradeable`. Add ALM to
storage-diff.json.

**Result:**

Correct storage checks.

---------

Co-authored-by: Yash Patil <[email protected]>

chore: use internal getters; update `isOperatorRedistributable` (#1401)

**Motivation:**

We want to use internal getters wherever possible for style.

**Modifications:**

- Use `getRedistributionRecipient` in `isOperatorRedistributable`
- Update `isOperatorRedistributable` to get all allocated/registered
sets and then check if slashable and redistributable set for each
- More comprehensive unit tests

**Result:**

Cleaner code + tests passing

chore: rename burnable -> burnOrRedistributable; fix storage gap; remove poc code (#1397)

**Motivation:**

Burn shares naming is confusing, since shares are burnOrRedistributable

**Modifications:**

- For the new withdrawal path, call it `burnOrRedistributable`, so
`burnOrRedistributableSharesIncreased` or
`burnOrRedistributableSharesDecreased`
- Bring back `burnableSharesDecreased` event for the legacy burn path
- Rename `_operatorSetBurnableShares` to `_burnOrRedistributableShares`
- Fix the storage gap, since `_burnOrRedistributableShares` is a mapping
pointing to an enumerable map, not an enumerable map
- Remove POC withdrawal queue code from the DM

**Result:**

Cleaner Redistribution code

chore: remove dm/alm code size optimizations (#1398)

**Motivation:**

We have several code size optimizations in the DM/ALM. These are not
needed anymore with the ownable deprecation. We can add in future
upgrade if we want.

**Modifications:**

Remove all internal `_check` and modifiers.

Make `slashOperatorShares` in the DM return to the original
non-arrayified method.

**Result:**

Smaller code diff for redistribution.

test: full coverage `SlashEscrowFactory` + `SlashEscrow` (#1403)

**Motivation:**

We want to ensure we have full coverage unit tests for
`SlashEscrowFactory` and `SlashEscrow` in preparation for audits.

**Modifications:**

- Adds checks for all view methods.

**Result:**

Brings coverage up to 100% for all branches/fns/etc.

feat: redistribution upgrade scripts

chore: remove added code

fix: epm paused status for sepolia

chore: format

fix: typo

Co-authored-by: bowenli86 <[email protected]>

Author: 2 people

.github/configs/storage-diff.json

@@ -1,5 +1,9 @@
 {
     "contracts": [
+      {
+        "name": "AllocationManager",
+        "address": "0x948a420b8CC1d6BFd0B6087C2E7c344a2CD0bc39"
+      },
       {
         "name": "AVSDirectory",
         "address": "0x135dda560e946695d6f155dacafc6f1f25c1f5af"

.gitmodules

@@ -1,9 +1,6 @@
 [submodule "lib/ds-test"]
 	path = lib/ds-test
 	url = https://github.com/dapphub/ds-test
-[submodule "lib/forge-std"]
-	path = lib/forge-std
-	url = https://github.com/foundry-rs/forge-std
 [submodule "lib/openzeppelin-contracts-v4.9.0"]
 	path = lib/openzeppelin-contracts-v4.9.0
 	url = https://github.com/OpenZeppelin/openzeppelin-contracts
@@ -13,3 +10,6 @@
 [submodule "lib/zeus-templates"]
 	path = lib/zeus-templates
 	url = https://github.com/Layr-Labs/zeus-templates
+[submodule "lib/forge-std"]
+	path = lib/forge-std
+	url = https://github.com/foundry-rs/forge-std

lib/forge-std

@@ -14,10 +14,11 @@ import "../../../src/contracts/core/AVSDirectory.sol";
 import "../../../src/contracts/core/RewardsCoordinator.sol";
 import "../../../src/contracts/core/AllocationManager.sol";
 import "../../../src/contracts/permissions/PermissionController.sol";
-
+import "../../../src/contracts/core/SlashEscrowFactory.sol";
 import "../../../src/contracts/strategies/StrategyBaseTVLLimits.sol";
 import "../../../src/contracts/strategies/StrategyFactory.sol";
 import "../../../src/contracts/strategies/StrategyBase.sol";
+import "../../../src/contracts/core/SlashEscrow.sol";
 
 import "../../../src/contracts/pods/EigenPod.sol";
 import "../../../src/contracts/pods/EigenPodManager.sol";
@@ -63,6 +64,8 @@ contract DeployFromScratch is Script, Test {
     AllocationManager public allocationManager;
     PermissionController public permissionController;
     PermissionController public permissionControllerImplementation;
+    SlashEscrowFactory public slashEscrowFactory;
+    SlashEscrowFactory public slashEscrowFactoryImplementation;
 
     EmptyContract public emptyContract;
 
@@ -214,6 +217,9 @@ contract DeployFromScratch is Script, Test {
         permissionController = PermissionController(
             address(new TransparentUpgradeableProxy(address(emptyContract), address(eigenLayerProxyAdmin), ""))
         );
+        slashEscrowFactory = SlashEscrowFactory(
+            address(new TransparentUpgradeableProxy(address(emptyContract), address(eigenLayerProxyAdmin), ""))
+        );
 
         // if on mainnet, use the ETH2 deposit contract address
         if (chainId == 1) ethPOSDeposit = IETHPOSDeposit(0x00000000219ab540356cBB839Cbe05303d7705Fa);
@@ -235,7 +241,7 @@ contract DeployFromScratch is Script, Test {
             SEMVER
         );
 
-        strategyManagerImplementation = new StrategyManager(delegation, eigenLayerPauserReg, SEMVER);
+        strategyManagerImplementation = new StrategyManager(delegation, slashEscrowFactory, eigenLayerPauserReg, SEMVER);
         avsDirectoryImplementation = new AVSDirectory(delegation, eigenLayerPauserReg, SEMVER);
         eigenPodManagerImplementation =
             new EigenPodManager(ethPOSDeposit, eigenPodBeacon, delegation, eigenLayerPauserReg, SEMVER);
@@ -264,6 +270,8 @@ contract DeployFromScratch is Script, Test {
         );
         permissionControllerImplementation = new PermissionController(SEMVER);
         strategyFactoryImplementation = new StrategyFactory(strategyManager, eigenLayerPauserReg, SEMVER);
+        slashEscrowFactoryImplementation =
+            new SlashEscrowFactory(allocationManager, strategyManager, eigenLayerPauserReg, new SlashEscrow(), SEMVER);
 
         // Third, upgrade the proxy contracts to use the correct implementation contracts and initialize them.
         {
@@ -537,9 +545,9 @@ contract DeployFromScratch is Script, Test {
 
     function _verifyInitialOwners() internal view {
         require(strategyManager.owner() == executorMultisig, "strategyManager: owner not set correctly");
-        require(delegation.owner() == executorMultisig, "delegation: owner not set correctly");
+        // require(delegation.owner() == executorMultisig, "delegation: owner not set correctly");
         require(eigenPodManager.owner() == executorMultisig, "eigenPodManager: owner not set correctly");
-        require(allocationManager.owner() == executorMultisig, "allocationManager: owner not set correctly");
+        // require(allocationManager.owner() == executorMultisig, "allocationManager: owner not set correctly");
         require(eigenLayerProxyAdmin.owner() == executorMultisig, "eigenLayerProxyAdmin: owner not set correctly");
         require(eigenPodBeacon.owner() == executorMultisig, "eigenPodBeacon: owner not set correctly");
         require(strategyBeacon.owner() == executorMultisig, "strategyBeacon: owner not set correctly");

script/deploy/devnet/deploy_from_scratch.s.sol

@@ -14,6 +14,8 @@ import "../../../src/contracts/core/AVSDirectory.sol";
 import "../../../src/contracts/core/RewardsCoordinator.sol";
 import "../../../src/contracts/core/AllocationManager.sol";
 import "../../../src/contracts/permissions/PermissionController.sol";
+import "../../../src/contracts/core/SlashEscrowFactory.sol";
+import "../../../src/contracts/core/SlashEscrow.sol";
 
 import "../../../src/contracts/strategies/StrategyBaseTVLLimits.sol";
 
@@ -66,6 +68,8 @@ contract DeployFromScratch is Script, Test {
     AllocationManager public allocationManager;
     PermissionController public permissionControllerImplementation;
     PermissionController public permissionController;
+    SlashEscrowFactory public slashEscrowFactory;
+    SlashEscrowFactory public slashEscrowFactoryImplementation;
 
     EmptyContract public emptyContract;
 
@@ -221,6 +225,9 @@ contract DeployFromScratch is Script, Test {
         permissionController = PermissionController(
             address(new TransparentUpgradeableProxy(address(emptyContract), address(eigenLayerProxyAdmin), ""))
         );
+        slashEscrowFactory = SlashEscrowFactory(
+            address(new TransparentUpgradeableProxy(address(emptyContract), address(eigenLayerProxyAdmin), ""))
+        );
 
         // if on mainnet, use the ETH2 deposit contract address
         if (chainId == 1) ethPOSDeposit = IETHPOSDeposit(0x00000000219ab540356cBB839Cbe05303d7705Fa);
@@ -241,7 +248,7 @@ contract DeployFromScratch is Script, Test {
             MIN_WITHDRAWAL_DELAY,
             SEMVER
         );
-        strategyManagerImplementation = new StrategyManager(delegation, eigenLayerPauserReg, SEMVER);
+        strategyManagerImplementation = new StrategyManager(delegation, slashEscrowFactory, eigenLayerPauserReg, SEMVER);
         avsDirectoryImplementation = new AVSDirectory(delegation, eigenLayerPauserReg, SEMVER);
         eigenPodManagerImplementation =
             new EigenPodManager(ethPOSDeposit, eigenPodBeacon, delegation, eigenLayerPauserReg, SEMVER);
@@ -269,6 +276,8 @@ contract DeployFromScratch is Script, Test {
             SEMVER
         );
         permissionControllerImplementation = new PermissionController(SEMVER);
+        slashEscrowFactoryImplementation =
+            new SlashEscrowFactory(allocationManager, strategyManager, eigenLayerPauserReg, new SlashEscrow(), SEMVER);
 
         // Third, upgrade the proxy contracts to use the correct implementation contracts and initialize them.
         {
@@ -538,7 +547,7 @@ contract DeployFromScratch is Script, Test {
 
     function _verifyInitialOwners() internal view {
         require(strategyManager.owner() == executorMultisig, "strategyManager: owner not set correctly");
-        require(delegation.owner() == executorMultisig, "delegation: owner not set correctly");
+        // require(delegation.owner() == executorMultisig, "delegation: owner not set correctly");
         require(eigenPodManager.owner() == executorMultisig, "eigenPodManager: owner not set correctly");
 
         require(eigenLayerProxyAdmin.owner() == executorMultisig, "eigenLayerProxyAdmin: owner not set correctly");

script/deploy/local/deploy_from_scratch.slashing.s.sol

@@ -15,6 +15,10 @@ import "src/contracts/core/RewardsCoordinator.sol";
 import "src/contracts/interfaces/IRewardsCoordinator.sol";
 import "src/contracts/core/StrategyManager.sol";
 
+/// slashEscrow/
+import "src/contracts/core/SlashEscrow.sol";
+import "src/contracts/core/SlashEscrowFactory.sol";
+
 /// permissions/
 import "src/contracts/permissions/PauserRegistry.sol";
 import "src/contracts/permissions/PermissionController.sol";
@@ -76,6 +80,10 @@ library Env {
         return _envAddress("operationsMultisig");
     }
 
+    function communityMultisig() internal view returns (address) {
+        return _envAddress("communityMultisig");
+    }
+
     function protocolCouncilMultisig() internal view returns (address) {
         return _envAddress("protocolCouncilMultisig");
     }
@@ -88,6 +96,10 @@ library Env {
         return _envAddress("proxyAdmin");
     }
 
+    function slashEscrowProxyAdmin() internal view returns (address) {
+        return _envAddress("slashEscrowProxyAdmin");
+    }
+
     function ethPOS() internal view returns (IETHPOSDeposit) {
         return IETHPOSDeposit(_envAddress("ethPOS"));
     }
@@ -148,6 +160,10 @@ library Env {
         return _envU256("REWARDS_COORDINATOR_PAUSE_STATUS");
     }
 
+    function SLASH_ESCROW_DELAY() internal view returns (uint32) {
+        return _envU32("SLASH_ESCROW_DELAY");
+    }
+
     /**
      * core/
      */
@@ -318,6 +334,27 @@ library Env {
         return StrategyFactory(_deployedImpl(type(StrategyFactory).name));
     }
 
+    /**
+     * slashEscrow/
+     */
+    function slashEscrow(
+        DeployedImpl
+    ) internal view returns (SlashEscrow) {
+        return SlashEscrow(_deployedImpl(type(SlashEscrow).name));
+    }
+
+    function slashEscrowFactory(
+        DeployedProxy
+    ) internal view returns (SlashEscrowFactory) {
+        return SlashEscrowFactory(_deployedProxy(type(SlashEscrowFactory).name));
+    }
+
+    function slashEscrowFactory(
+        DeployedImpl
+    ) internal view returns (SlashEscrowFactory) {
+        return SlashEscrowFactory(_deployedImpl(type(SlashEscrowFactory).name));
+    }
+
     /**
      * token/
      */