ERC20 extension for governance tokens (vote delegation and snapshots) (#2632)

Co-authored-by: Francisco Giordano <frangio.1@gmail.com>

CHANGELOG.md

@@ -6,6 +6,10 @@
 
 ## 4.1.0 (2021-04-29)
 
+ * `ERC20Votes`: add a new extension of the `ERC20` token with support for voting snapshots and delegation. This extension is compatible with Compound's `Comp` token interface. ([#2632](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2632))
+
+## Unreleased
+
  * `IERC20Metadata`: add a new extended interface that includes the optional `name()`, `symbol()` and `decimals()` functions. ([#2561](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2561))
  * `ERC777`: make reception acquirement optional in `_mint`. ([#2552](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2552))
  * `ERC20Permit`: add a `_useNonce` to enable further usage of ERC712 signatures. ([#2565](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2565))

contracts/mocks/ERC20VotesMock.sol

@@ -0,0 +1,21 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.0;
+
+
+import "../token/ERC20/extensions/draft-ERC20Votes.sol";
+
+contract ERC20VotesMock is ERC20Votes {
+    constructor (
+        string memory name,
+        string memory symbol,
+        address initialAccount,
+        uint256 initialBalance
+    ) payable ERC20(name, symbol) ERC20Permit(name) {
+        _mint(initialAccount, initialBalance);
+    }
+
+    function getChainId() external view returns (uint256) {
+        return block.chainid;
+    }
+}

contracts/token/ERC20/README.adoc

@@ -21,6 +21,7 @@ Additionally there are multiple custom extensions, including:
 * {ERC20Snapshot}: efficient storage of past token balances to be later queried at any point in time.
 * {ERC20Permit}: gasless approval of tokens (standardized as ERC2612).
 * {ERC20FlashMint}: token level support for flash loans through the minting and burning of ephemeral tokens (standardized as ERC3156).
+* {ERC20Votes}: support for voting and vote delegation (compatible with Compound's token).
 
 Finally, there are some utilities to interact with ERC20 contracts in various ways.
 
@@ -31,6 +32,7 @@ The following related EIPs are in draft status.
 
 - {ERC20Permit}
 - {ERC20FlashMint}
+- {ERC20Votes}
 
 NOTE: This core set of contracts is designed to be unopinionated, allowing developers to access the internal functions in ERC20 (such as <<ERC20-_mint-address-uint256-,`_mint`>>) and expose them as external functions in the way they prefer. On the other hand, xref:ROOT:erc20.adoc#Presets[ERC20 Presets] (such as {ERC20PresetMinterPauser}) are designed using opinionated patterns to provide developers with ready to use, deployable contracts.
 
@@ -60,6 +62,8 @@ The following EIPs are still in Draft status. Due to their nature as drafts, the
 
 {{ERC20FlashMint}}
 
+{{ERC20Votes}}
+
 == Presets
 
 These contracts are preconfigured combinations of the above features. They can be used through inheritance or as models to copy and paste their source code.

contracts/token/ERC20/extensions/ERC20Snapshot.sol

@@ -20,6 +20,13 @@ import "../../../utils/Counters.sol";
  * id. To get the balance of an account at the time of a snapshot, call the {balanceOfAt} function with the snapshot id
  * and the account address.
  *
+ * NOTE: Snapshot policy can be customized by overriding the {_getCurrentSnapshotId} method. For example, having it
+ * return `block.number` will trigger the creation of snapshot at the begining of each new block. When overridding this
+ * function, be careful about the monotonicity of its result. Non-monotonic snapshot ids will break the contract.
+ *
+ * Implementing snapshots for every block using this method will incur significant gas costs. For a gas-efficient
+ * alternative consider {ERC20Votes}.
+ *
  * ==== Gas Costs
  *
  * Snapshots are efficient. Snapshot creation is _O(1)_. Retrieval of balances or total supply from a snapshot is _O(log
@@ -30,6 +37,7 @@ import "../../../utils/Counters.sol";
  * only significant for the first transfer that immediately follows a snapshot for a particular account. Subsequent
  * transfers will have normal cost until the next snapshot, and so on.
  */
+
 abstract contract ERC20Snapshot is ERC20 {
     // Inspired by Jordi Baylina's MiniMeToken to record historical balances:
     // https://github.com/Giveth/minimd/blob/ea04d950eea153a04c51fa510b068b9dded390cb/contracts/MiniMeToken.sol
@@ -79,11 +87,18 @@ abstract contract ERC20Snapshot is ERC20 {
     function _snapshot() internal virtual returns (uint256) {
         _currentSnapshotId.increment();
 
-        uint256 currentId = _currentSnapshotId.current();
+        uint256 currentId = _getCurrentSnapshotId();
         emit Snapshot(currentId);
         return currentId;
     }
 
+    /**
+     * @dev Get the current snapshotId
+     */
+    function _getCurrentSnapshotId() internal view virtual returns (uint256) {
+        return _currentSnapshotId.current();
+    }
+
     /**
      * @dev Retrieves the balance of `account` at the time `snapshotId` was created.
      */
@@ -102,7 +117,6 @@ abstract contract ERC20Snapshot is ERC20 {
         return snapshotted ? value : totalSupply();
     }
 
-
     // Update balance and/or total supply snapshots before the values are modified. This is implemented
     // in the _beforeTokenTransfer hook, which is executed for _mint, _burn, and _transfer operations.
     function _beforeTokenTransfer(address from, address to, uint256 amount) internal virtual override {
@@ -127,8 +141,7 @@ abstract contract ERC20Snapshot is ERC20 {
         private view returns (bool, uint256)
     {
         require(snapshotId > 0, "ERC20Snapshot: id is 0");
-        // solhint-disable-next-line max-line-length
-        require(snapshotId <= _currentSnapshotId.current(), "ERC20Snapshot: nonexistent id");
+        require(snapshotId <= _getCurrentSnapshotId(), "ERC20Snapshot: nonexistent id");
 
         // When a valid snapshot is queried, there are three possibilities:
         //  a) The queried value was not modified after the snapshot was taken. Therefore, a snapshot entry was never
@@ -162,7 +175,7 @@ abstract contract ERC20Snapshot is ERC20 {
     }
 
     function _updateSnapshot(Snapshots storage snapshots, uint256 currentValue) private {
-        uint256 currentId = _currentSnapshotId.current();
+        uint256 currentId = _getCurrentSnapshotId();
         if (_lastSnapshotId(snapshots.ids) < currentId) {
             snapshots.ids.push(currentId);
             snapshots.values.push(currentValue);

contracts/token/ERC20/extensions/draft-ERC20Votes.sol

@@ -0,0 +1,172 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.0;
+
+import "./draft-ERC20Permit.sol";
+import "./draft-IERC20Votes.sol";
+import "../../../utils/math/Math.sol";
+import "../../../utils/math/SafeCast.sol";
+import "../../../utils/cryptography/ECDSA.sol";
+
+/**
+ * @dev Extension of the ERC20 token contract to support Compound's voting and delegation.
+ *
+ * This extensions keeps a history (checkpoints) of each account's vote power. Vote power can be delegated either
+ * by calling the {delegate} function directly, or by providing a signature to be used with {delegateBySig}. Voting
+ * power can be queried through the public accessors {getCurrentVotes} and {getPriorVotes}.
+ *
+ * By default, token balance does not account for voting power. This makes transfers cheaper. The downside is that it
+ * requires users to delegate to themselves in order to activate checkpoints and have their voting power tracked.
+ * Enabling self-delegation can easily be done by overriding the {delegates} function. Keep in mind however that this
+ * will significantly increase the base gas cost of transfers.
+ *
+ * _Available since v4.2._
+ */
+abstract contract ERC20Votes is IERC20Votes, ERC20Permit {
+    bytes32 private constant _DELEGATION_TYPEHASH = keccak256("Delegation(address delegatee,uint256 nonce,uint256 expiry)");
+
+    mapping (address => address) private _delegates;
+    mapping (address => Checkpoint[]) private _checkpoints;
+
+    /**
+     * @dev Get the `pos`-th checkpoint for `account`.
+     */
+    function checkpoints(address account, uint32 pos) external view virtual override returns (Checkpoint memory) {
+        return _checkpoints[account][pos];
+    }
+
+    /**
+     * @dev Get number of checkpoints for `account`.
+     */
+    function numCheckpoints(address account) external view virtual override returns (uint32) {
+        return SafeCast.toUint32(_checkpoints[account].length);
+    }
+
+    /**
+     * @dev Get the address `account` is currently delegating to.
+     */
+    function delegates(address account) public view virtual override returns (address) {
+        return _delegates[account];
+    }
+
+    /**
+     * @dev Gets the current votes balance for `account`
+     */
+    function getCurrentVotes(address account) external view override returns (uint256) {
+        uint256 pos = _checkpoints[account].length;
+        return pos == 0 ? 0 : _checkpoints[account][pos - 1].votes;
+    }
+
+    /**
+     * @dev Determine the number of votes for `account` at the begining of `blockNumber`.
+     */
+    function getPriorVotes(address account, uint256 blockNumber) external view override returns (uint256) {
+        require(blockNumber < block.number, "ERC20Votes::getPriorVotes: not yet determined");
+
+        Checkpoint[] storage ckpts = _checkpoints[account];
+
+        // We run a binary search to look for the earliest checkpoint taken after `blockNumber`.
+        //
+        // During the loop, the index of the wanted checkpoint remains in the range [low, high).
+        // With each iteration, either `low` or `high` is moved towards the middle of the range to maintain the invariant.
+        // - If the middle checkpoint is after `blockNumber`, we look in [low, mid)
+        // - If the middle checkpoint is before `blockNumber`, we look in [mid+1, high)
+        // Once we reach a single value (when low == high), we've found the right checkpoint at the index high-1, if not
+        // out of bounds (in which case we're looking too far in the past and the result is 0).
+        // Note that if the latest checkpoint available is exactly for `blockNumber`, we end up with an index that is
+        // past the end of the array, so we technically don't find a checkpoint after `blockNumber`, but it works out
+        // the same.
+        uint256 high = ckpts.length;
+        uint256 low = 0;
+        while (low < high) {
+            uint256 mid = Math.average(low, high);
+            if (ckpts[mid].fromBlock > blockNumber) {
+                high = mid;
+            } else {
+                low = mid + 1;
+            }
+        }
+
+        return high == 0 ? 0 : ckpts[high - 1].votes;
+    }
+
+    /**
+     * @dev Delegate votes from the sender to `delegatee`.
+     */
+    function delegate(address delegatee) public virtual override {
+        return _delegate(_msgSender(), delegatee);
+    }
+
+    /**
+     * @dev Delegates votes from signer to `delegatee`
+     */
+    function delegateBySig(address delegatee, uint256 nonce, uint256 expiry, uint8 v, bytes32 r, bytes32 s)
+        public virtual override
+    {
+        require(block.timestamp <= expiry, "ERC20Votes::delegateBySig: signature expired");
+        address signer = ECDSA.recover(
+            _hashTypedDataV4(keccak256(abi.encode(
+                _DELEGATION_TYPEHASH,
+                delegatee,
+                nonce,
+                expiry
+            ))),
+            v, r, s
+        );
+        require(nonce == _useNonce(signer), "ERC20Votes::delegateBySig: invalid nonce");
+        return _delegate(signer, delegatee);
+    }
+
+    /**
+     * @dev Change delegation for `delegator` to `delegatee`.
+     */
+    function _delegate(address delegator, address delegatee) internal virtual {
+        address currentDelegate = delegates(delegator);
+        uint256 delegatorBalance = balanceOf(delegator);
+        _delegates[delegator] = delegatee;
+
+        emit DelegateChanged(delegator, currentDelegate, delegatee);
+
+        _moveVotingPower(currentDelegate, delegatee, delegatorBalance);
+    }
+
+    function _moveVotingPower(address src, address dst, uint256 amount) private {
+        if (src != dst && amount > 0) {
+            if (src != address(0)) {
+                uint256 srcCkptLen = _checkpoints[src].length;
+                uint256 srcCkptOld = srcCkptLen == 0 ? 0 : _checkpoints[src][srcCkptLen - 1].votes;
+                uint256 srcCkptNew = srcCkptOld - amount;
+                _writeCheckpoint(src, srcCkptLen, srcCkptOld, srcCkptNew);
+            }
+
+            if (dst != address(0)) {
+                uint256 dstCkptLen = _checkpoints[dst].length;
+                uint256 dstCkptOld = dstCkptLen == 0 ? 0 : _checkpoints[dst][dstCkptLen - 1].votes;
+                uint256 dstCkptNew = dstCkptOld + amount;
+                _writeCheckpoint(dst, dstCkptLen, dstCkptOld, dstCkptNew);
+            }
+        }
+    }
+
+    function _writeCheckpoint(address delegatee, uint256 pos, uint256 oldWeight, uint256 newWeight) private {
+      if (pos > 0 && _checkpoints[delegatee][pos - 1].fromBlock == block.number) {
+          _checkpoints[delegatee][pos - 1].votes = SafeCast.toUint224(newWeight);
+      } else {
+          _checkpoints[delegatee].push(Checkpoint({
+              fromBlock: SafeCast.toUint32(block.number),
+              votes: SafeCast.toUint224(newWeight)
+          }));
+      }
+
+      emit DelegateVotesChanged(delegatee, oldWeight, newWeight);
+    }
+
+    function _mint(address account, uint256 amount) internal virtual override {
+        super._mint(account, amount);
+        require(totalSupply() <= type(uint224).max, "ERC20Votes: total supply exceeds 2**224");
+    }
+
+    function _beforeTokenTransfer(address from, address to, uint256 amount) internal virtual override {
+        _moveVotingPower(delegates(from), delegates(to), amount);
+    }
+}

contracts/token/ERC20/extensions/draft-IERC20Votes.sol

@@ -0,0 +1,23 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.0;
+
+import "../IERC20.sol";
+
+interface IERC20Votes is IERC20 {
+    struct Checkpoint {
+        uint32  fromBlock;
+        uint224 votes;
+    }
+
+    event DelegateChanged(address indexed delegator, address indexed fromDelegate, address indexed toDelegate);
+    event DelegateVotesChanged(address indexed delegate, uint256 previousBalance, uint256 newBalance);
+
+    function delegates(address owner) external view returns (address);
+    function checkpoints(address account, uint32 pos) external view returns (Checkpoint memory);
+    function numCheckpoints(address account) external view returns (uint32);
+    function getCurrentVotes(address account) external view returns (uint256);
+    function getPriorVotes(address account, uint256 blockNumber) external view returns (uint256);
+    function delegate(address delegatee) external;
+    function delegateBySig(address delegatee, uint nonce, uint expiry, uint8 v, bytes32 r, bytes32 s) external;
+}

contracts/utils/math/SafeCast.sol

@@ -18,6 +18,21 @@ pragma solidity ^0.8.0;
  * all math on `uint256` and `int256` and then downcasting.
  */
 library SafeCast {
+    /**
+     * @dev Returns the downcasted uint224 from uint256, reverting on
+     * overflow (when the input is greater than largest uint224).
+     *
+     * Counterpart to Solidity's `uint224` operator.
+     *
+     * Requirements:
+     *
+     * - input must fit into 224 bits
+     */
+    function toUint224(uint256 value) internal pure returns (uint224) {
+        require(value < 2**224, "SafeCast: value doesn\'t fit in 224 bits");
+        return uint224(value);
+    }
+
     /**
      * @dev Returns the downcasted uint128 from uint256, reverting on
      * overflow (when the input is greater than largest uint128).

test/token/ERC20/extensions/draft-ERC20Votes.test.js

@@ -0,0 +1,458 @@
+/* eslint-disable */
+
+const { BN, constants, expectEvent, expectRevert, time } = require('@openzeppelin/test-helpers');
+const { expect } = require('chai');
+const { MAX_UINT256, ZERO_ADDRESS, ZERO_BYTES32 } = constants;
+
+const { fromRpcSig } = require('ethereumjs-util');
+const ethSigUtil = require('eth-sig-util');
+const Wallet = require('ethereumjs-wallet').default;
+
+const { promisify } = require('util');
+const queue = promisify(setImmediate);
+
+const ERC20VotesMock = artifacts.require('ERC20VotesMock');
+
+const { EIP712Domain, domainSeparator } = require('../../../helpers/eip712');
+
+const Delegation = [
+  { name: 'delegatee', type: 'address' },
+  { name: 'nonce', type: 'uint256' },
+  { name: 'expiry', type: 'uint256' },
+];
+
+async function countPendingTransactions() {
+  return parseInt(
+    await network.provider.send('eth_getBlockTransactionCountByNumber', ['pending'])
+  );
+}
+
+async function batchInBlock (txs) {
+  try {
+    // disable auto-mining
+    await network.provider.send('evm_setAutomine', [false]);
+    // send all transactions
+    const promises = txs.map(fn => fn());
+    // wait for node to have all pending transactions
+    while (txs.length > await countPendingTransactions()) {
+      await queue();
+    }
+    // mine one block
+    await network.provider.send('evm_mine');
+    // fetch receipts
+    const receipts = await Promise.all(promises);
+    // Sanity check, all tx should be in the same block
+    const minedBlocks = new Set(receipts.map(({ receipt }) => receipt.blockNumber));
+    expect(minedBlocks.size).to.equal(1);
+
+    return receipts;
+  } finally {
+    // enable auto-mining
+    await network.provider.send('evm_setAutomine', [true]);
+  }
+}
+
+contract('ERC20Votes', function (accounts) {
+  const [ holder, recipient, holderDelegatee, recipientDelegatee, other1, other2 ] = accounts;
+
+  const name = 'My Token';
+  const symbol = 'MTKN';
+  const version = '1';
+
+  const supply = new BN('10000000000000000000000000');
+
+  beforeEach(async function () {
+    this.token = await ERC20VotesMock.new(name, symbol, holder, supply);
+
+    // We get the chain id from the contract because Ganache (used for coverage) does not return the same chain id
+    // from within the EVM as from the JSON RPC interface.
+    // See https://github.com/trufflesuite/ganache-core/issues/515
+    this.chainId = await this.token.getChainId();
+  });
+
+  it('initial nonce is 0', async function () {
+    expect(await this.token.nonces(holder)).to.be.bignumber.equal('0');
+  });
+
+  it('domain separator', async function () {
+    expect(
+      await this.token.DOMAIN_SEPARATOR(),
+    ).to.equal(
+      await domainSeparator(name, version, this.chainId, this.token.address),
+    );
+  });
+
+  it('minting restriction', async function () {
+    const amount = new BN('2').pow(new BN('224'));
+    await expectRevert(
+      ERC20VotesMock.new(name, symbol, holder, amount),
+      'ERC20Votes: total supply exceeds 2**224',
+    );
+  });
+
+  describe('set delegation', function () {
+    describe('call', function () {
+      it('delegation with balance', async function () {
+        expect(await this.token.delegates(holder)).to.be.equal(ZERO_ADDRESS);
+
+        const { receipt } = await this.token.delegate(holder, { from: holder });
+        expectEvent(receipt, 'DelegateChanged', {
+          delegator: holder,
+          fromDelegate: ZERO_ADDRESS,
+          toDelegate: holder,
+        });
+        expectEvent(receipt, 'DelegateVotesChanged', {
+          delegate: holder,
+          previousBalance: '0',
+          newBalance: supply,
+        });
+
+        expect(await this.token.delegates(holder)).to.be.equal(holder);
+
+        expect(await this.token.getCurrentVotes(holder)).to.be.bignumber.equal(supply);
+        expect(await this.token.getPriorVotes(holder, receipt.blockNumber - 1)).to.be.bignumber.equal('0');
+        await time.advanceBlock();
+        expect(await this.token.getPriorVotes(holder, receipt.blockNumber)).to.be.bignumber.equal(supply);
+      });
+
+      it('delegation without balance', async function () {
+        expect(await this.token.delegates(recipient)).to.be.equal(ZERO_ADDRESS);
+
+        const { receipt } = await this.token.delegate(recipient, { from: recipient });
+        expectEvent(receipt, 'DelegateChanged', {
+          delegator: recipient,
+          fromDelegate: ZERO_ADDRESS,
+          toDelegate: recipient,
+        });
+        expectEvent.notEmitted(receipt, 'DelegateVotesChanged');
+
+        expect(await this.token.delegates(recipient)).to.be.equal(recipient);
+      });
+    });
+
+    describe('with signature', function () {
+      const delegator = Wallet.generate();
+      const delegatorAddress = web3.utils.toChecksumAddress(delegator.getAddressString());
+      const nonce = 0;
+
+      const buildData = (chainId, verifyingContract, message) => ({ data: {
+        primaryType: 'Delegation',
+        types: { EIP712Domain, Delegation },
+        domain: { name, version, chainId, verifyingContract },
+        message,
+      }});
+
+      beforeEach(async function () {
+        await this.token.transfer(delegatorAddress, supply, { from: holder });
+      });
+
+      it('accept signed delegation', async function () {
+        const { v, r, s } = fromRpcSig(ethSigUtil.signTypedMessage(
+          delegator.getPrivateKey(),
+          buildData(this.chainId, this.token.address, {
+            delegatee: delegatorAddress,
+            nonce,
+            expiry: MAX_UINT256,
+          }),
+        ));
+
+        expect(await this.token.delegates(delegatorAddress)).to.be.equal(ZERO_ADDRESS);
+
+        const { receipt } = await this.token.delegateBySig(delegatorAddress, nonce, MAX_UINT256, v, r, s);
+        expectEvent(receipt, 'DelegateChanged', {
+          delegator: delegatorAddress,
+          fromDelegate: ZERO_ADDRESS,
+          toDelegate: delegatorAddress,
+        });
+        expectEvent(receipt, 'DelegateVotesChanged', {
+          delegate: delegatorAddress,
+          previousBalance: '0',
+          newBalance: supply,
+        });
+
+        expect(await this.token.delegates(delegatorAddress)).to.be.equal(delegatorAddress);
+
+        expect(await this.token.getCurrentVotes(delegatorAddress)).to.be.bignumber.equal(supply);
+        expect(await this.token.getPriorVotes(delegatorAddress, receipt.blockNumber - 1)).to.be.bignumber.equal('0');
+        await time.advanceBlock();
+        expect(await this.token.getPriorVotes(delegatorAddress, receipt.blockNumber)).to.be.bignumber.equal(supply);
+      });
+
+      it('rejects reused signature', async function () {
+        const { v, r, s } = fromRpcSig(ethSigUtil.signTypedMessage(
+          delegator.getPrivateKey(),
+          buildData(this.chainId, this.token.address, {
+            delegatee: delegatorAddress,
+            nonce,
+            expiry: MAX_UINT256,
+          }),
+        ));
+
+        await this.token.delegateBySig(delegatorAddress, nonce, MAX_UINT256, v, r, s);
+
+        await expectRevert(
+          this.token.delegateBySig(delegatorAddress, nonce, MAX_UINT256, v, r, s),
+          'ERC20Votes::delegateBySig: invalid nonce',
+        );
+      });
+
+      it('rejects bad delegatee', async function () {
+        const { v, r, s } = fromRpcSig(ethSigUtil.signTypedMessage(
+          delegator.getPrivateKey(),
+          buildData(this.chainId, this.token.address, {
+            delegatee: delegatorAddress,
+            nonce,
+            expiry: MAX_UINT256,
+          }),
+        ));
+
+        const { logs } = await this.token.delegateBySig(holderDelegatee, nonce, MAX_UINT256, v, r, s);
+        const { args } = logs.find(({ event }) => event == 'DelegateChanged');
+        expect(args.delegator).to.not.be.equal(delegatorAddress);
+        expect(args.fromDelegate).to.be.equal(ZERO_ADDRESS);
+        expect(args.toDelegate).to.be.equal(holderDelegatee);
+      });
+
+      it('rejects bad nonce', async function () {
+        const { v, r, s } = fromRpcSig(ethSigUtil.signTypedMessage(
+          delegator.getPrivateKey(),
+          buildData(this.chainId, this.token.address, {
+            delegatee: delegatorAddress,
+            nonce,
+            expiry: MAX_UINT256,
+          }),
+        ));
+        await expectRevert(
+          this.token.delegateBySig(delegatorAddress, nonce + 1, MAX_UINT256, v, r, s),
+          'ERC20Votes::delegateBySig: invalid nonce',
+        );
+      });
+
+      it('rejects expired permit', async function () {
+        const expiry = (await time.latest()) - time.duration.weeks(1);
+        const { v, r, s } = fromRpcSig(ethSigUtil.signTypedMessage(
+          delegator.getPrivateKey(),
+          buildData(this.chainId, this.token.address, {
+            delegatee: delegatorAddress,
+            nonce,
+            expiry,
+          }),
+        ));
+
+        await expectRevert(
+          this.token.delegateBySig(delegatorAddress, nonce, expiry, v, r, s),
+          'ERC20Votes::delegateBySig: signature expired',
+        );
+      });
+    });
+  });
+
+  describe('change delegation', function () {
+    beforeEach(async function () {
+      await this.token.delegate(holder, { from: holder });
+    });
+
+    it('call', async function () {
+      expect(await this.token.delegates(holder)).to.be.equal(holder);
+
+      const { receipt } = await this.token.delegate(holderDelegatee, { from: holder });
+      expectEvent(receipt, 'DelegateChanged', {
+        delegator: holder,
+        fromDelegate: holder,
+        toDelegate: holderDelegatee,
+      });
+      expectEvent(receipt, 'DelegateVotesChanged', {
+        delegate: holder,
+        previousBalance: supply,
+        newBalance: '0',
+      });
+      expectEvent(receipt, 'DelegateVotesChanged', {
+        delegate: holderDelegatee,
+        previousBalance: '0',
+        newBalance: supply,
+      });
+
+      expect(await this.token.delegates(holder)).to.be.equal(holderDelegatee);
+
+      expect(await this.token.getCurrentVotes(holder)).to.be.bignumber.equal('0');
+      expect(await this.token.getCurrentVotes(holderDelegatee)).to.be.bignumber.equal(supply);
+      expect(await this.token.getPriorVotes(holder, receipt.blockNumber - 1)).to.be.bignumber.equal(supply);
+      expect(await this.token.getPriorVotes(holderDelegatee, receipt.blockNumber - 1)).to.be.bignumber.equal('0');
+      await time.advanceBlock();
+      expect(await this.token.getPriorVotes(holder, receipt.blockNumber)).to.be.bignumber.equal('0');
+      expect(await this.token.getPriorVotes(holderDelegatee, receipt.blockNumber)).to.be.bignumber.equal(supply);
+    });
+  });
+
+  describe('transfers', function () {
+    it('no delegation', async function () {
+      const { receipt } = await this.token.transfer(recipient, 1, { from: holder });
+      expectEvent(receipt, 'Transfer', { from: holder, to: recipient, value: '1' });
+      expectEvent.notEmitted(receipt, 'DelegateVotesChanged');
+
+      this.holderVotes = '0';
+      this.recipientVotes = '0';
+    });
+
+    it('sender delegation', async function () {
+      await this.token.delegate(holder, { from: holder });
+
+      const { receipt } = await this.token.transfer(recipient, 1, { from: holder });
+      expectEvent(receipt, 'Transfer', { from: holder, to: recipient, value: '1' });
+      expectEvent(receipt, 'DelegateVotesChanged', { delegate: holder, previousBalance: supply, newBalance: supply.subn(1) });
+
+      this.holderVotes = supply.subn(1);
+      this.recipientVotes = '0';
+    });
+
+    it('receiver delegation', async function () {
+      await this.token.delegate(recipient, { from: recipient });
+
+      const { receipt } = await this.token.transfer(recipient, 1, { from: holder });
+      expectEvent(receipt, 'Transfer', { from: holder, to: recipient, value: '1' });
+      expectEvent(receipt, 'DelegateVotesChanged', { delegate: recipient, previousBalance: '0', newBalance: '1' });
+
+      this.holderVotes = '0';
+      this.recipientVotes = '1';
+    });
+
+    it('full delegation', async function () {
+      await this.token.delegate(holder, { from: holder });
+      await this.token.delegate(recipient, { from: recipient });
+
+      const { receipt } = await this.token.transfer(recipient, 1, { from: holder });
+      expectEvent(receipt, 'Transfer', { from: holder, to: recipient, value: '1' });
+      expectEvent(receipt, 'DelegateVotesChanged', { delegate: holder, previousBalance: supply, newBalance: supply.subn(1) });
+      expectEvent(receipt, 'DelegateVotesChanged', { delegate: recipient, previousBalance: '0', newBalance: '1' });
+
+      this.holderVotes = supply.subn(1);
+      this.recipientVotes = '1';
+    });
+
+    afterEach(async function () {
+      expect(await this.token.getCurrentVotes(holder)).to.be.bignumber.equal(this.holderVotes);
+      expect(await this.token.getCurrentVotes(recipient)).to.be.bignumber.equal(this.recipientVotes);
+
+      // need to advance 2 blocks to see the effect of a transfer on "getPriorVotes"
+      const blockNumber = await time.latestBlock();
+      await time.advanceBlock();
+      expect(await this.token.getPriorVotes(holder, blockNumber)).to.be.bignumber.equal(this.holderVotes);
+      expect(await this.token.getPriorVotes(recipient, blockNumber)).to.be.bignumber.equal(this.recipientVotes);
+    });
+  });
+
+  // The following tests are a adaptation of https://github.com/compound-finance/compound-protocol/blob/master/tests/Governance/CompTest.js.
+  describe('Compound test suite', function () {
+    describe('balanceOf', function () {
+      it('grants to initial account', async function () {
+        expect(await this.token.balanceOf(holder)).to.be.bignumber.equal('10000000000000000000000000');
+      });
+    });
+
+    describe('numCheckpoints', function () {
+      it('returns the number of checkpoints for a delegate', async function () {
+        await this.token.transfer(recipient, '100', { from: holder }); //give an account a few tokens for readability
+        expect(await this.token.numCheckpoints(other1)).to.be.bignumber.equal('0');
+
+        const t1 = await this.token.delegate(other1, { from: recipient });
+        expect(await this.token.numCheckpoints(other1)).to.be.bignumber.equal('1');
+
+        const t2 = await this.token.transfer(other2, 10, { from: recipient });
+        expect(await this.token.numCheckpoints(other1)).to.be.bignumber.equal('2');
+
+        const t3 = await this.token.transfer(other2, 10, { from: recipient });
+        expect(await this.token.numCheckpoints(other1)).to.be.bignumber.equal('3');
+
+        const t4 = await this.token.transfer(recipient, 20, { from: holder });
+        expect(await this.token.numCheckpoints(other1)).to.be.bignumber.equal('4');
+
+        expect(await this.token.checkpoints(other1, 0)).to.be.deep.equal([ t1.receipt.blockNumber.toString(), '100' ]);
+        expect(await this.token.checkpoints(other1, 1)).to.be.deep.equal([ t2.receipt.blockNumber.toString(), '90' ]);
+        expect(await this.token.checkpoints(other1, 2)).to.be.deep.equal([ t3.receipt.blockNumber.toString(), '80' ]);
+        expect(await this.token.checkpoints(other1, 3)).to.be.deep.equal([ t4.receipt.blockNumber.toString(), '100' ]);
+
+        await time.advanceBlock();
+        expect(await this.token.getPriorVotes(other1, t1.receipt.blockNumber)).to.be.bignumber.equal('100');
+        expect(await this.token.getPriorVotes(other1, t2.receipt.blockNumber)).to.be.bignumber.equal('90');
+        expect(await this.token.getPriorVotes(other1, t3.receipt.blockNumber)).to.be.bignumber.equal('80');
+        expect(await this.token.getPriorVotes(other1, t4.receipt.blockNumber)).to.be.bignumber.equal('100');
+      });
+
+      it('does not add more than one checkpoint in a block', async function () {
+        await this.token.transfer(recipient, '100', { from: holder });
+        expect(await this.token.numCheckpoints(other1)).to.be.bignumber.equal('0');
+
+        const [ t1, t2, t3 ] = await batchInBlock([
+          () => this.token.delegate(other1, { from: recipient, gas: 100000 }),
+          () => this.token.transfer(other2, 10, { from: recipient, gas: 100000 }),
+          () => this.token.transfer(other2, 10, { from: recipient, gas: 100000 }),
+        ]);
+        expect(await this.token.numCheckpoints(other1)).to.be.bignumber.equal('1');
+        expect(await this.token.checkpoints(other1, 0)).to.be.deep.equal([ t1.receipt.blockNumber.toString(), '80' ]);
+        // expectReve(await this.token.checkpoints(other1, 1)).to.be.deep.equal([ '0', '0' ]); // Reverts due to array overflow check
+        // expect(await this.token.checkpoints(other1, 2)).to.be.deep.equal([ '0', '0' ]); // Reverts due to array overflow check
+
+        const t4 = await this.token.transfer(recipient, 20, { from: holder });
+        expect(await this.token.numCheckpoints(other1)).to.be.bignumber.equal('2');
+        expect(await this.token.checkpoints(other1, 1)).to.be.deep.equal([ t4.receipt.blockNumber.toString(), '100' ]);
+      });
+    });
+
+    describe('getPriorVotes', function () {
+      it('reverts if block number >= current block', async function () {
+        await expectRevert(
+          this.token.getPriorVotes(other1, 5e10),
+          'ERC20Votes::getPriorVotes: not yet determined',
+        );
+      });
+
+      it('returns 0 if there are no checkpoints', async function () {
+        expect(await this.token.getPriorVotes(other1, 0)).to.be.bignumber.equal('0');
+      });
+
+      it('returns the latest block if >= last checkpoint block', async function () {
+        const t1 = await this.token.delegate(other1, { from: holder });
+        await time.advanceBlock();
+        await time.advanceBlock();
+
+        expect(await this.token.getPriorVotes(other1, t1.receipt.blockNumber)).to.be.bignumber.equal('10000000000000000000000000');
+        expect(await this.token.getPriorVotes(other1, t1.receipt.blockNumber + 1)).to.be.bignumber.equal('10000000000000000000000000');
+      });
+
+      it('returns zero if < first checkpoint block', async function () {
+        await time.advanceBlock();
+        const t1 = await this.token.delegate(other1, { from: holder });
+        await time.advanceBlock();
+        await time.advanceBlock();
+
+        expect(await this.token.getPriorVotes(other1, t1.receipt.blockNumber - 1)).to.be.bignumber.equal('0');
+        expect(await this.token.getPriorVotes(other1, t1.receipt.blockNumber + 1)).to.be.bignumber.equal('10000000000000000000000000');
+      });
+
+      it('generally returns the voting balance at the appropriate checkpoint', async function () {
+        const t1 = await this.token.delegate(other1, { from: holder });
+        await time.advanceBlock();
+        await time.advanceBlock();
+        const t2 = await this.token.transfer(other2, 10, { from: holder });
+        await time.advanceBlock();
+        await time.advanceBlock();
+        const t3 = await this.token.transfer(other2, 10, { from: holder });
+        await time.advanceBlock();
+        await time.advanceBlock();
+        const t4 = await this.token.transfer(holder, 20, { from: other2 });
+        await time.advanceBlock();
+        await time.advanceBlock();
+
+        expect(await this.token.getPriorVotes(other1, t1.receipt.blockNumber - 1)).to.be.bignumber.equal('0');
+        expect(await this.token.getPriorVotes(other1, t1.receipt.blockNumber)).to.be.bignumber.equal('10000000000000000000000000');
+        expect(await this.token.getPriorVotes(other1, t1.receipt.blockNumber + 1)).to.be.bignumber.equal('10000000000000000000000000');
+        expect(await this.token.getPriorVotes(other1, t2.receipt.blockNumber)).to.be.bignumber.equal('9999999999999999999999990');
+        expect(await this.token.getPriorVotes(other1, t2.receipt.blockNumber + 1)).to.be.bignumber.equal('9999999999999999999999990');
+        expect(await this.token.getPriorVotes(other1, t3.receipt.blockNumber)).to.be.bignumber.equal('9999999999999999999999980');
+        expect(await this.token.getPriorVotes(other1, t3.receipt.blockNumber + 1)).to.be.bignumber.equal('9999999999999999999999980');
+        expect(await this.token.getPriorVotes(other1, t4.receipt.blockNumber)).to.be.bignumber.equal('10000000000000000000000000');
+        expect(await this.token.getPriorVotes(other1, t4.receipt.blockNumber + 1)).to.be.bignumber.equal('10000000000000000000000000');
+      });
+    });
+  });
+});