Treasury

📋 Contract Overview

Property

Value

📁 File

src/Treasury.sol

🔧 Type

Upgradeable UUPS Proxy

⚙️ Solidity

0.8.33

📜 License

MIT

🎯 Purpose: Multi-token vault holding DAO funds with built-in safety rails that prevent rapid drainage—even through governance attacks.

🛡️ Treasury Safety Rails

These limits cannot be bypassed, even by governance votes.

Limit

Value

Purpose

📝 Per Proposal

10%

Prevents single large withdrawal

📅 Daily

Limits daily outflow

📆 Monthly

20%

Caps monthly spending

🏦 Reserve Floor

15%

Maintains minimum reserves

🔧 Functions

📥 Deposit Functions

Deposit Tokens

function deposit(address token, uint256 amount) external

Access: Anyone (typically REVENUE_SOURCE_ROLE)

Deposits supported tokens into treasury.

Deposit ETH

function depositETH() external payable

Access: Anyone

Deposits ETH into treasury.

📤 Withdrawal Functions

Withdraw Tokens

function withdraw(address token, address to, uint256 amount) external

Access: GOVERNANCE_ROLE

Withdraws tokens subject to safety rails.

Validation Checks:

Amount ≤ 10% of treasury (per proposal)
Daily total ≤ 5% of treasury
Monthly total ≤ 20% of treasury
Remaining balance ≥ 15% of treasury

Withdraw ETH

function withdrawETH(address to, uint256 amount) external

Access: GOVERNANCE_ROLE

Same validation as above for ETH.

⚙️ Token Management

Add Token

function addSupportedToken(address token, uint8 decimals) external

Access: ADMIN_ROLE

Adds a new supported token.

Remove Token

function removeSupportedToken(address token) external

Access: ADMIN_ROLE

Removes token support.

👁️ View Functions

Total Value

function getTotalValue() external view returns (uint256)

Returns total treasury value in USD (6 decimals).

Token Balance

function getTokenBalance(address token) external view returns (uint256)

Returns balance of specific token.

Available to Withdraw

function getAvailableToWithdraw() external view returns (uint256)

Returns maximum withdrawal amount given current limits.

🛡️ Safety Rail Mechanics

Safety rails reset automatically on a rolling basis.

function _resetDailyIfNeeded() internal {
    if (block.timestamp >= lastDailyReset + 1 days) {
        dailyWithdrawals = 0;
        lastDailyReset = block.timestamp;
    }
}

Daily limit resets every 24 hours.

function _resetMonthlyIfNeeded() internal {
    if (block.timestamp >= lastMonthlyReset + 30 days) {
        monthlyWithdrawals = 0;
        lastMonthlyReset = block.timestamp;
    }
}

Monthly limit resets every 30 days.

function _validateWithdrawal(uint256 amount) internal view {
    uint256 totalValue = getTotalValue();

    // Per-proposal limit
    require(amount <= totalValue * MAX_PROPOSAL_PERCENTAGE / 10000);

    // Daily limit
    require(dailyWithdrawals + amount <= totalValue * MAX_DAILY_PERCENTAGE / 10000);

    // Monthly limit
    require(monthlyWithdrawals + amount <= totalValue * MAX_MONTHLY_PERCENTAGE / 10000);

    // Reserve floor
    require(totalValue - amount >= totalValue * RESERVE_FLOOR_PERCENTAGE / 10000);
}

🔒 Attack Resistance

Even if governance is compromised, the treasury cannot be drained quickly.

Scenario

Without Limits

With Limits

🎯 Governance attack

100% drained

Max 10% per proposal

🔓 Compromised multisig

Rapid drainage

Max 5% daily

⏱️ Extended attack

Full drainage

Max 20% monthly

🛡️ Any attack

Empty treasury

15% always preserved

Attack Timeline

Day

Max Damage

Cumulative

Response Time

Community alerted

10%

Investigation begins

15%

Countermeasures deployed

Week 1

~20%

Monthly cap hit

📜 Events & Errors

event Deposit(address indexed token, address indexed from, uint256 amount);
event Withdrawal(address indexed token, address indexed to, uint256 amount);
event ETHDeposit(address indexed from, uint256 amount);
event ETHWithdrawal(address indexed to, uint256 amount);
event TokenAdded(address indexed token, uint8 decimals);
event TokenRemoved(address indexed token);
event MultisigEnabled(address indexed multisig);

error WithdrawalExceedsProposalLimit(uint256 requested, uint256 limit);
error WithdrawalExceedsDailyLimit(uint256 requested, uint256 remaining);
error WithdrawalExceedsMonthlyLimit(uint256 requested, uint256 remaining);
error WithdrawalBelowReserveFloor(uint256 requested, uint256 floor);
error UnsupportedToken(address token);
error InsufficientBalance(address token, uint256 requested, uint256 available);

🔗 Contract Interactions

Contract

Interaction

⚖️ Governance

Calls withdraw after proposal approval

💼 DAOBusiness

Deposits revenue

🏠 RentalAndRebate

Deposits rent payments

🏪 BLTBYBank

Transfers token sale proceeds

💵 OperatingBudgetVault

Receives allocated funds

🔄 Upgrade Considerations

Treasury is upgradeable via UUPS proxy to allow future improvements.

Upgrade Reason

Example

🛡️ New safety features

Additional rate limits

🐛 Bug fixes

Security patches

🪙 New token types

Support new assets

📊 Enhanced reporting

Better analytics

Upgrades require governance approval.

💻 Integration Examples

Depositing Revenue

// Contract with REVENUE_SOURCE_ROLE
await treasury.deposit(usdcAddress, amount);

Governance Withdrawal

// Called by Governance contract after proposal passes
await treasury.withdraw(usdcAddress, recipientAddress, amount);

Checking Available

const available = await treasury.getAvailableToWithdraw();
// Returns max withdrawable given current limits

Governance https://github.com/urbanarray/builtbydocs/blob/main/docs/developers/contracts/operating-budget.md https://github.com/urbanarray/builtbydocs/blob/main/docs/developers/contracts/dao-business.md Treasury

PreviousInvestorMintContract NextGovernance

Last updated 15 days ago

Good evening

Treasury

📋 Contract Overview

🛡️ Treasury Safety Rails

⚙️ Technical Specifications

Inherits From

🔐 Access Control Roles

🪙 Supported Tokens

🔧 Functions

📥 Deposit Functions

Deposit Tokens

Deposit ETH

📤 Withdrawal Functions

Withdraw Tokens

Withdraw ETH

⚙️ Token Management

Add Token

Remove Token

👁️ View Functions

Total Value

Token Balance

Available to Withdraw

🛡️ Safety Rail Mechanics

🔒 Attack Resistance

Attack Timeline

📜 Events & Errors

🔗 Contract Interactions

🔄 Upgrade Considerations

Depositing Revenue

Governance Withdrawal

Checking Available

Good evening

hashtag📋 Contract Overview

hashtag🛡️ Treasury Safety Rails

hashtag⚙️ Technical Specifications

hashtagInherits From

hashtag🔐 Access Control Roles

hashtag🪙 Supported Tokens

hashtag🔧 Functions

hashtag📥 Deposit Functions

hashtagDeposit Tokens

hashtagDeposit ETH

hashtag📤 Withdrawal Functions

hashtagWithdraw Tokens

hashtagWithdraw ETH

hashtag⚙️ Token Management

hashtagAdd Token

hashtagRemove Token

hashtag👁️ View Functions

hashtagTotal Value

hashtagToken Balance

hashtagAvailable to Withdraw

hashtag🛡️ Safety Rail Mechanics

hashtag🔒 Attack Resistance

hashtagAttack Timeline

hashtag📜 Events & Errors

hashtag🔗 Contract Interactions

hashtag🔄 Upgrade Considerations

hashtagDepositing Revenue

hashtagGovernance Withdrawal

hashtagChecking Available

hashtag🔗 Related Pages

📋 Contract Overview

🛡️ Treasury Safety Rails

⚙️ Technical Specifications

Inherits From

🔐 Access Control Roles

🪙 Supported Tokens

🔧 Functions

📥 Deposit Functions

Deposit Tokens

Deposit ETH

📤 Withdrawal Functions

Withdraw Tokens

Withdraw ETH

⚙️ Token Management

Add Token

Remove Token

👁️ View Functions

Total Value

Token Balance

Available to Withdraw

🛡️ Safety Rail Mechanics

🔒 Attack Resistance

Attack Timeline

📜 Events & Errors

🔗 Contract Interactions

🔄 Upgrade Considerations

Depositing Revenue

Governance Withdrawal

Checking Available

🔗 Related Pages