ManagerWithMerkleVerification

This contract securely allows a strategist to rebalance a BoringVault, by restricting multiple attributes about what can and can’t be passed into BoringVault:manage. The contract can store multiple merkle roots known as ManageRoots. Each ManageRoot allows a specific caller access to a very specific set of possible function calls. This allows for increased flexibility in implementing various roles, such as risk managers and executors.

Merkle Tree Composition

The Merkle tree is composed of leafs following this structure.

abi.encodePacked(decodersAndSanitizer, target, valueIsNonZero, selector, argumentAddress_0, ...., argumentAddress_N)

• decodersAndSanitizer is the DecoderAndSanitizer address used to extract the packed addresses from the target data, and to sanitize the target data

• target is the address to make the function calls to

• valueIsNonZero is a bool indicating whether or not it is native value can be sent to the target

• selector is the bytes4 function selector to call on target

• argumentAddress_0, ...., argumentAddress_N is every address argument in target data

Using this leaf setup, the ManagerWithMerkleVerification can control what addresses a strategist can make calls to, what function selectors strategists have access to, whether or not value can be sent to a target, and exactly what address arguments can be passed into those function calls.

Additionally DecoderAndSanitizers can implement even more checks to sanitize non address arguments in target data.