Two plain ERC20 share tokens minted by every metavault. lcSEN for senior, lcJUN for junior. Fungible, transferable, and the source of truth for tranche balances.
The TranchedMetaVault constructor deploys two PooledTrancheToken instances:
seniorToken: name LayerCover Senior Position, symbol lcSEN.
juniorToken: name LayerCover Junior Position, symbol lcJUN.
Each token is a standalone ERC20 receipt with EIP-2612 permit support (ERC20Permit). The metavault is the only minter/burner; depositors and withdrawers go through the metavault's depositSenior / withdrawSenior (or junior counterparts), which drive the tranche-token state. Notice locks use standard transferFrom / transfer, so a holder must approve (or sign a permit for) the metavault before filing a notice.
Each holder's position is a balance on the matching tranche token: seniorToken.balanceOf(holder) is the holder's lcSEN share count. There is no per-deposit metadata, no NFT, no per-position cooldown. New depositors buy in at the prevailing share price (lens.seniorSharePrice(vault) or lens.juniorSharePrice(vault)), which embeds the full state of the tranche NAV up to that block.
The metavault tracks the aggregates separately:
seniorNav / juniorNav: per-tranche NAV, in underlying asset units.
seniorWithdrawalNotices[holder] / juniorWithdrawalNotices[holder]: outstanding notice records, one per holder per tranche.
Share-price math is trancheNav × 1e18 / trancheToken.totalSupply(), surfaced via the Lens's seniorSharePrice(vault) and juniorSharePrice(vault) views — see the Lens contract page.
Pricing and capacity views live on the Lens, not on the token or the metavault. The Lens is stateless, takes the metavault address as its first argument, and runs the same sync the metavault would, so every read reflects up-to-the-block NAV:
maxJuniorWithdrawAssets (the asset value a junior holder can currently exit before the 4× leverage cap or underlying liquidity binds) is exposed as a field on the VaultSnapshot struct returned by lens.snapshot(vault) rather than as a standalone function — one call returns the full UI payload.
This keeps the receipt token simple and avoids stale ERC4626-style previews on the token itself. Integrators use the Lens for pricing and capacity, the metavault for deposits / notices / withdrawals, and the token for ownership, transferability, and approvals.
Filing a withdrawal notice via the metavault calls transferFrom(holder, metavault, shares) on the tranche token. That requires either a prior approve from the holder, or an EIP-2612 permit signature consumed in the same transaction. The shares sit on the metavault's own balance while the notice is pending; cancelling moves them back via transfer(holder, shares); executing burns them.
There is no privileged lock path. The metavault uses the public ERC20 surface like any other spender. The token also blocks direct transfers landing on the controller from any other caller, so a holder can't strand shares by transfer(controller, X) outside the notice flow.
function mint(address to, uint256 amount) external onlyController;function burn(address from, uint256 amount) external onlyController;
onlyController checks msg.sender == controller, where controller is the metavault set in the constructor. Any other caller reverts with OnlyController().
The metavault calls:
mint on every successful depositSenior / depositJunior.
transferFrom(holder, metavault, shares) when a holder files a withdrawal notice (after approve or permit).
transfer(holder, shares) when a holder cancels a withdrawal notice.
burn(metavault, shares) on every successful withdrawSenior / withdrawJunior (the redeemed amount, not the whole noticed balance, since partial redemptions are first-class).
PooledTrancheToken is a fully fungible ERC20 via OpenZeppelin's ERC20Permit base. balanceOf, transfer, transferFrom, approve, totalSupply, name, symbol, decimals, and the EIP-2612 permit / nonces / DOMAIN_SEPARATOR surface all behave standard. The tranche-specific behavior is intentionally kept on the metavault.
Standard ERC20 Transfer(from, to, value) events fire on mint (from == 0), burn (to == 0), and transfer.
Pull lens.seniorSharePrice(vault) (or junior) at the same block to convert shares to assets. There is no Transfer(...) payload field for the price.
Notice events live on the metavault, not the tranche token: SeniorWithdrawalNoticeRequested(account, shares, executableAt) and the symmetric junior + cancellation events.
