From b0f4074f49a28bd77faf2accfd40c486f5b06946 Mon Sep 17 00:00:00 2001
From: ilin <alina@k-f.co>
Date: Tue, 24 Oct 2023 12:22:03 +0100
Subject: [PATCH 1/4] fix permit

---
 src/LiquidityPool.sol    | 7 +++++--
 test/LiquidityPool.t.sol | 4 ++++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/LiquidityPool.sol b/src/LiquidityPool.sol
index aa3a3e5b..13d9234e 100644
--- a/src/LiquidityPool.sol
+++ b/src/LiquidityPool.sol
@@ -224,6 +224,7 @@ contract LiquidityPool is Auth, IERC4626 {
     function requestDepositWithPermit(uint256 assets, address owner, uint256 deadline, uint8 v, bytes32 r, bytes32 s)
         public
     {
+        require(msg.sender == owner, "LiquidityPool/sender-not-owner");
         _withPermit(asset, owner, address(manager), assets, deadline, v, r, s);
         manager.requestDeposit(address(this), assets, owner);
         emit DepositRequest(owner, assets);
@@ -337,9 +338,11 @@ contract LiquidityPool is Auth, IERC4626 {
         bytes32 s
     ) internal {
         try ERC20PermitLike(token).permit(owner, spender, value, deadline, v, r, s) {
-            return;
+            if (IERC20(token).allowance(owner, spender) == value) {
+                return;
+            }
         } catch {
-            if (IERC20(token).allowance(owner, spender) >= value) {
+            if (IERC20(token).allowance(owner, spender) == value) {
                 return;
             }
         }
diff --git a/test/LiquidityPool.t.sol b/test/LiquidityPool.t.sol
index 346f0f19..c1d2146b 100644
--- a/test/LiquidityPool.t.sol
+++ b/test/LiquidityPool.t.sol
@@ -994,6 +994,7 @@ contract LiquidityPoolTest is TestSetup {
         erc20.permit(investor, address(investmentManager), amount, block.timestamp, v, r, s);
 
         // investor still able to requestDepositWithPermit
+        vm.prank(vm.addr(0xABCD));
         lPool.requestDepositWithPermit(amount, investor, block.timestamp, v, r, s);
 
         // ensure funds are locked in escrow
@@ -1029,6 +1030,9 @@ contract LiquidityPoolTest is TestSetup {
             )
         );
 
+        vm.expectRevert(bytes( "LiquidityPool/sender-not-owner"));
+        lPool.requestDepositWithPermit(amount, investor, block.timestamp, v, r, s);
+        vm.prank(vm.addr(0xABCD));
         lPool.requestDepositWithPermit(amount, investor, block.timestamp, v, r, s);
         // To avoid stack too deep errors
         delete v;

From 9945769e8eba4bc27c31dc78cea685a38b87e8bc Mon Sep 17 00:00:00 2001
From: ilin <alina@k-f.co>
Date: Tue, 24 Oct 2023 12:52:20 +0100
Subject: [PATCH 2/4] consolidate code

---
 src/LiquidityPool.sol    | 31 +++++--------------------------
 test/LiquidityPool.t.sol |  8 ++++----
 2 files changed, 9 insertions(+), 30 deletions(-)

diff --git a/src/LiquidityPool.sol b/src/LiquidityPool.sol
index 13d9234e..818caae5 100644
--- a/src/LiquidityPool.sol
+++ b/src/LiquidityPool.sol
@@ -221,13 +221,13 @@ contract LiquidityPool is Auth, IERC4626 {
     }
 
     /// @notice Similar to requestDeposit, but with a permit option
-    function requestDepositWithPermit(uint256 assets, address owner, uint256 deadline, uint8 v, bytes32 r, bytes32 s)
+    function requestDepositWithPermit(uint256 assets, uint256 deadline, uint8 v, bytes32 r, bytes32 s)
         public
     {
-        require(msg.sender == owner, "LiquidityPool/sender-not-owner");
-        _withPermit(asset, owner, address(manager), assets, deadline, v, r, s);
-        manager.requestDeposit(address(this), assets, owner);
-        emit DepositRequest(owner, assets);
+        try ERC20PermitLike(asset).permit(msg.sender, address(manager), assets, deadline, v, r, s) {} catch {}
+        require(IERC20(asset).allowance(msg.sender, address(manager)) == assets, "LiquidityPool/permit-failure");
+        manager.requestDeposit(address(this), assets, msg.sender);
+        emit DepositRequest(msg.sender, assets);
     }
 
     /// @notice View the total amount the user has requested to deposit but isn't able to deposit or mint yet
@@ -327,27 +327,6 @@ contract LiquidityPool is Auth, IERC4626 {
     }
 
     // --- Helpers ---
-    function _withPermit(
-        address token,
-        address owner,
-        address spender,
-        uint256 value,
-        uint256 deadline,
-        uint8 v,
-        bytes32 r,
-        bytes32 s
-    ) internal {
-        try ERC20PermitLike(token).permit(owner, spender, value, deadline, v, r, s) {
-            if (IERC20(token).allowance(owner, spender) == value) {
-                return;
-            }
-        } catch {
-            if (IERC20(token).allowance(owner, spender) == value) {
-                return;
-            }
-        }
-        revert("LiquidityPool/permit-failure");
-    }
 
     /// @dev In case of unsuccessful tx, parse the revert message
     function _successCheck(bool success) internal pure {
diff --git a/test/LiquidityPool.t.sol b/test/LiquidityPool.t.sol
index c1d2146b..0d2e13c0 100644
--- a/test/LiquidityPool.t.sol
+++ b/test/LiquidityPool.t.sol
@@ -995,7 +995,7 @@ contract LiquidityPoolTest is TestSetup {
 
         // investor still able to requestDepositWithPermit
         vm.prank(vm.addr(0xABCD));
-        lPool.requestDepositWithPermit(amount, investor, block.timestamp, v, r, s);
+        lPool.requestDepositWithPermit(amount, block.timestamp, v, r, s);
 
         // ensure funds are locked in escrow
         assertEq(erc20.balanceOf(address(escrow)), amount);
@@ -1030,10 +1030,10 @@ contract LiquidityPoolTest is TestSetup {
             )
         );
 
-        vm.expectRevert(bytes( "LiquidityPool/sender-not-owner"));
-        lPool.requestDepositWithPermit(amount, investor, block.timestamp, v, r, s);
+        vm.expectRevert(bytes("LiquidityPool/permit-failure"));
+        lPool.requestDepositWithPermit(amount, block.timestamp, v, r, s);
         vm.prank(vm.addr(0xABCD));
-        lPool.requestDepositWithPermit(amount, investor, block.timestamp, v, r, s);
+        lPool.requestDepositWithPermit(amount, block.timestamp, v, r, s);
         // To avoid stack too deep errors
         delete v;
         delete r;

From 5ba045204fcef4fb97ca48ca12db3d037929e2b8 Mon Sep 17 00:00:00 2001
From: ilin <alina@k-f.co>
Date: Tue, 24 Oct 2023 12:52:32 +0100
Subject: [PATCH 3/4] fmt

---
 src/LiquidityPool.sol | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/LiquidityPool.sol b/src/LiquidityPool.sol
index 818caae5..b1f6e07d 100644
--- a/src/LiquidityPool.sol
+++ b/src/LiquidityPool.sol
@@ -221,9 +221,7 @@ contract LiquidityPool is Auth, IERC4626 {
     }
 
     /// @notice Similar to requestDeposit, but with a permit option
-    function requestDepositWithPermit(uint256 assets, uint256 deadline, uint8 v, bytes32 r, bytes32 s)
-        public
-    {
+    function requestDepositWithPermit(uint256 assets, uint256 deadline, uint8 v, bytes32 r, bytes32 s) public {
         try ERC20PermitLike(asset).permit(msg.sender, address(manager), assets, deadline, v, r, s) {} catch {}
         require(IERC20(asset).allowance(msg.sender, address(manager)) == assets, "LiquidityPool/permit-failure");
         manager.requestDeposit(address(this), assets, msg.sender);

From 0f6f9dba75a4c851107d1ab9145da387c45a8f51 Mon Sep 17 00:00:00 2001
From: ilin <alina@k-f.co>
Date: Tue, 24 Oct 2023 14:23:27 +0100
Subject: [PATCH 4/4] remove redundant require from permitted deposit request

---
 src/LiquidityPool.sol    | 1 -
 test/LiquidityPool.t.sol | 6 ++++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/LiquidityPool.sol b/src/LiquidityPool.sol
index fbac4f8a..f4597931 100644
--- a/src/LiquidityPool.sol
+++ b/src/LiquidityPool.sol
@@ -188,7 +188,6 @@ contract LiquidityPool is Auth, IERC7540 {
     /// @notice Similar to requestDeposit, but with a permit option
     function requestDepositWithPermit(uint256 assets, uint256 deadline, uint8 v, bytes32 r, bytes32 s) public {
         try IERC20Permit(asset).permit(msg.sender, address(this), assets, deadline, v, r, s) {} catch {}
-        require(IERC20(asset).allowance(msg.sender, address(this)) == assets, "LiquidityPool/permit-failure");
         require(
             manager.requestDeposit(address(this), assets, msg.sender, msg.sender),
             "LiquidityPool/request-deposit-failed"
diff --git a/test/LiquidityPool.t.sol b/test/LiquidityPool.t.sol
index 0c6d3e18..e820dd17 100644
--- a/test/LiquidityPool.t.sol
+++ b/test/LiquidityPool.t.sol
@@ -1048,7 +1048,8 @@ contract LiquidityPoolTest is TestSetup {
         vm.startPrank(random_); // random fr permit
         erc20.permit(investor, lPool_, amount, block.timestamp, v, r, s);
          // frontrunnign not possible
-        vm.expectRevert(bytes("LiquidityPool/permit-failure"));
+        centrifugeChain.updateMember(lPool.poolId(), lPool.trancheId(), random_, type(uint64).max);
+        vm.expectRevert(bytes("SafeTransferLib/safe-transfer-from-failed"));
         lPool.requestDepositWithPermit((amount), block.timestamp, v, r, s);
         vm.stopPrank();
 
@@ -1073,6 +1074,7 @@ contract LiquidityPoolTest is TestSetup {
         LiquidityPool lPool = LiquidityPool(lPool_);
         erc20.mint(investor, amount);
         centrifugeChain.updateMember(lPool.poolId(), lPool.trancheId(), investor, type(uint64).max);
+        centrifugeChain.updateMember(lPool.poolId(), lPool.trancheId(), address(this), type(uint64).max);
 
         // Sign permit for depositing investment currency
         (uint8 v, bytes32 r, bytes32 s) = vm.sign(
@@ -1091,7 +1093,7 @@ contract LiquidityPoolTest is TestSetup {
         );  
 
         // premit functions can only be executed by the owner
-        vm.expectRevert(bytes("LiquidityPool/permit-failure"));
+        vm.expectRevert(bytes("SafeTransferLib/safe-transfer-from-failed"));
         lPool.requestDepositWithPermit(amount, block.timestamp, v, r, s);
         vm.prank(vm.addr(0xABCD));
         lPool.requestDepositWithPermit(amount, block.timestamp, v, r, s);