Sponsored
MetaMask
Open a perps trade in seconds on MetaMask Mobile Try Now!
Go long or short on 150 tokens in seconds with up to 40x leverage.
eToro
Crypto Trading Made Simple Buy Now!
Trusted, Multi-asset Broker with Powerful Tools for Real Traders Worldwide.
MoonPay
Buy Ethereum with 50% off MoonPay Fees, for your first 5 transactionsBuy Now!
T&C's apply, new users only and not for UK users.
Sponsored
Сoins.game
100 free spins for registration. Spin now!
Everyday giveaways up to 100 ETH, Lucky Spins. Deposit BONUS 300% and Cashbacks!
BC.GAME
The Best ETH Casino Claim Now!
5000+ Slots & Live Casino Games, 50+cryptos. Register with Etherscan and get 760% deposit bonus. Win Big$, withdraw it fast.
Stake
200% Bonus, Instant Withdrawals, 100K Daily Giveaways, BEST VIP Club Claim Bonus!
20+ Cryptos, 3000+ Slots, Daily & Monthly Bonuses, Exclusive Sports Promos - Provably Fair!
Sponsored
BC.GAME
- The Best ETH Casino Claim Now!
5000+ Slots & Live Casino Games, 50+cryptos. Register with Etherscan and get 760% deposit bonus. Win Big$, withdraw it fast.
CryptoSlots
25 Free Spins + ETH Slots, $1M Jackpot, Bonus Draws Play Now
Win big, play instantly, withdraw fast. Provably fair, 100% original games, anonymous ETH play.
CryptoWins
$15 free + 200% Welcome Bonus | Play ETH Casino Games Claim Now!
1,200+ games, live BidCoin Auctions, huge jackpots. TRIPLE your deposit & play in 30 seconds!
Feature Tip: Add private address tag to any address under My Name Tag !
Source Code
Overview
ETH Balance
0 ETH
Eth Value
$0.00Latest 11 from a total of 11 transactions
| Transaction Hash |
Method
|
Block
|
From
|
|
To
|
||||
|---|---|---|---|---|---|---|---|---|---|
| Register Fronten... | 22104680 | 342 days ago | IN | 0 ETH | 0.0000454 | ||||
| Register Fronten... | 22104611 | 342 days ago | IN | 0 ETH | 0.00003954 | ||||
| Invest | 22031390 | 352 days ago | IN | 0 ETH | 0.00016853 | ||||
| Transfer Fronten... | 21997569 | 357 days ago | IN | 0 ETH | 0.00003976 | ||||
| Withdraw Rewards | 21989458 | 358 days ago | IN | 0 ETH | 0.00016401 | ||||
| Invest | 21989409 | 358 days ago | IN | 0 ETH | 0.00038628 | ||||
| Register Fronten... | 21989399 | 358 days ago | IN | 0 ETH | 0.0001586 | ||||
| Register Fronten... | 21983224 | 359 days ago | IN | 0 ETH | 0.00006309 | ||||
| Register Fronten... | 21982630 | 359 days ago | IN | 0 ETH | 0.00005228 | ||||
| Invest | 21972758 | 360 days ago | IN | 0 ETH | 0.00015869 | ||||
| Init | 21888427 | 372 days ago | IN | 0 ETH | 0.00011764 |
View more zero value Internal Transactions in Advanced View mode
Advanced mode:
Loading...
Loading
Loading...
Loading
Cross-Chain Transactions
Loading...
Loading
Contract Name:
FrontendGateway
Compiler Version
v0.8.26+commit.8a97fa7a
Optimization Enabled:
Yes with 200 runs
Other Settings:
paris EvmVersion
Contract Source Code (Solidity Standard Json-Input format)
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import {Equity} from "../Equity.sol";
import {IDecentralizedEURO} from "../interface/IDecentralizedEURO.sol";
import {DEPSWrapper} from "../utils/DEPSWrapper.sol";
import {SavingsGateway} from "./SavingsGateway.sol";
import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol";
import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import {Context} from "@openzeppelin/contracts/utils/Context.sol";
import {IFrontendGateway} from "./interface/IFrontendGateway.sol";
import {IMintingHubGateway} from "./interface/IMintingHubGateway.sol";
contract FrontendGateway is IFrontendGateway, Context, Ownable {
IERC20 public immutable DEURO;
Equity public immutable EQUITY;
DEPSWrapper public immutable DEPS;
// solhint-disable-next-line var-name-mixedcase
IMintingHubGateway public MINTING_HUB;
// solhint-disable-next-line var-name-mixedcase
SavingsGateway public SAVINGS;
uint24 public feeRate; // Fee rate in PPM (parts per million), for example 10'000 = 1%
uint24 public savingsFeeRate; // Fee rate of savings in PPM (parts per million), for example 10 = 1%
uint24 public mintingFeeRate; // Reward rate of newly minted positions in PPM (parts per million), for example 10 = 1%
uint24 public nextFeeRate;
uint24 public nextSavingsFeeRate;
uint24 public nextMintingFeeRate;
uint256 public changeTimeLock;
mapping(bytes32 => FrontendCode) public frontendCodes;
mapping(address => bytes32) public referredPositions;
mapping(address => bytes32) public lastUsedFrontendCode;
modifier frontendCodeOwnerOnly(bytes32 frontendCode) {
if (frontendCodes[frontendCode].owner != _msgSender()) revert NotFrontendCodeOwner();
_;
}
modifier onlyGatewayService(address service) {
if (_msgSender() != address(service)) revert NotGatewayService();
_;
}
constructor(address deuro_, address deps_) Ownable(_msgSender()) {
DEURO = IERC20(deuro_);
EQUITY = Equity(address(IDecentralizedEURO(deuro_).reserve()));
DEPS = DEPSWrapper(deps_);
feeRate = 10_000; // 10_000/1_000_000 = 1% fee
savingsFeeRate = 50_000; // 50_000/1_000_000 = 5% fee of the of the savings interest
mintingFeeRate = 50_000; // 50_000/1_000_000 = 5% fee of the of the interest paid by the position owner
}
/**
* @notice Call this a wrapper method to obtain newly minted pool shares in exchange for
* DecentralizedEUROs and reward frontend providers with a small commission.
* No allowance required (i.e., it is hard-coded in the DecentralizedEURO token contract).
* Make sure to invest at least 10e-12 * market cap to avoid rounding losses.
*
* @dev If equity is close to zero or negative, you need to send enough dEURO to bring equity back to 1_000 dEURO.
*
* @param amount DecentralizedEUROs to invest
* @param expectedShares Minimum amount of expected shares for front running protection
* @param frontendCode Code of the used frontend or referrer
*/
function invest(uint256 amount, uint256 expectedShares, bytes32 frontendCode) external returns (uint256) {
uint256 actualShares = EQUITY.investFor(_msgSender(), amount, expectedShares);
updateFrontendAccount(frontendCode, amount);
return actualShares;
}
function redeem(
address target,
uint256 shares,
uint256 expectedProceeds,
bytes32 frontendCode
) external returns (uint256) {
uint256 actualProceeds = EQUITY.redeemFrom(_msgSender(), target, shares, expectedProceeds);
updateFrontendAccount(frontendCode, actualProceeds);
return actualProceeds;
}
function unwrapAndSell(uint256 amount, bytes32 frontendCode) external returns (uint256) {
DEPS.transferFrom(_msgSender(), address(this), amount);
uint256 actualProceeds = DEPS.unwrapAndSell(amount);
DEURO.transfer(_msgSender(), actualProceeds);
updateFrontendAccount(frontendCode, actualProceeds);
return actualProceeds;
}
///////////////////
// Accounting Logic
///////////////////
function updateFrontendAccount(bytes32 frontendCode, uint256 amount) internal {
if (frontendCode == bytes32(0)) return;
lastUsedFrontendCode[_msgSender()] = frontendCode;
frontendCodes[frontendCode].balance += (amount * feeRate) / 1_000_000;
}
function updateSavingCode(
address savingsOwner,
bytes32 frontendCode
) external onlyGatewayService(address(SAVINGS)) {
if (frontendCode == bytes32(0)) return;
lastUsedFrontendCode[savingsOwner] = frontendCode;
}
function updateSavingRewards(address saver, uint256 interest) external onlyGatewayService(address(SAVINGS)) {
if (lastUsedFrontendCode[saver] == bytes32(0)) return;
frontendCodes[lastUsedFrontendCode[saver]].balance += (interest * savingsFeeRate) / 1_000_000;
}
function registerPosition(
address position,
bytes32 frontendCode
) external onlyGatewayService(address(MINTING_HUB)) {
referredPositions[position] = frontendCode;
emit NewPositionRegistered(position, frontendCode);
}
function updatePositionRewards(address position, uint256 amount) external onlyGatewayService(address(MINTING_HUB)) {
if (referredPositions[position] == bytes32(0)) return;
frontendCodes[referredPositions[position]].balance += (amount * mintingFeeRate) / 1_000_000;
}
function getPositionFrontendCode(address position) external view returns (bytes32) {
return referredPositions[position];
}
//////////////////////
// Frontend Code Logic
//////////////////////
function registerFrontendCode(bytes32 frontendCode) external returns (bool) {
if (frontendCodes[frontendCode].owner != address(0) || frontendCode == bytes32(0))
revert FrontendCodeAlreadyExists();
frontendCodes[frontendCode].owner = _msgSender();
emit FrontendCodeRegistered(_msgSender(), frontendCode);
return true;
}
function transferFrontendCode(
bytes32 frontendCode,
address to
) external frontendCodeOwnerOnly(frontendCode) returns (bool) {
frontendCodes[frontendCode].owner = to;
emit FrontendCodeTransferred(_msgSender(), to, frontendCode);
return true;
}
function withdrawRewards(bytes32 frontendCode) external frontendCodeOwnerOnly(frontendCode) returns (uint256) {
return _withdrawRewardsTo(frontendCode, _msgSender());
}
function withdrawRewardsTo(
bytes32 frontendCode,
address to
) external frontendCodeOwnerOnly(frontendCode) returns (uint256) {
return _withdrawRewardsTo(frontendCode, to);
}
function _withdrawRewardsTo(bytes32 frontendCode, address to) internal returns (uint256) {
uint256 amount = frontendCodes[frontendCode].balance;
if (IDecentralizedEURO(address(DEURO)).equity() < amount) revert EquityTooLow();
frontendCodes[frontendCode].balance = 0;
IDecentralizedEURO(address(DEURO)).distributeProfits(to, amount);
emit FrontendCodeRewardsWithdrawn(to, amount, frontendCode);
return amount;
}
/**
* @notice Proposes new referral rates that will available to be executed after seven days.
* To cancel a proposal, just overwrite it with a new one proposing the current rate.
*/
function proposeChanges(
uint24 newFeeRatePPM_,
uint24 newSavingsFeeRatePPM_,
uint24 newMintingFeeRatePPM_,
address[] calldata helpers
) external {
if (newFeeRatePPM_ > 20_000 || newSavingsFeeRatePPM_ > 1_000_000 || newMintingFeeRatePPM_ > 1_000_000)
revert ProposedChangesToHigh();
EQUITY.checkQualified(_msgSender(), helpers);
nextFeeRate = newFeeRatePPM_;
nextSavingsFeeRate = newSavingsFeeRatePPM_;
nextMintingFeeRate = newMintingFeeRatePPM_;
changeTimeLock = block.timestamp + 7 days;
emit RateChangesProposed(
_msgSender(),
newFeeRatePPM_,
newSavingsFeeRatePPM_,
newMintingFeeRatePPM_,
changeTimeLock
);
}
function executeChanges() external {
if (nextFeeRate == feeRate && nextSavingsFeeRate == savingsFeeRate && nextMintingFeeRate == mintingFeeRate)
revert NoOpenChanges();
if (block.timestamp < changeTimeLock) revert NotDoneWaiting(changeTimeLock);
feeRate = nextFeeRate;
savingsFeeRate = nextSavingsFeeRate;
mintingFeeRate = nextMintingFeeRate;
emit RateChangesExecuted(_msgSender(), feeRate, savingsFeeRate, mintingFeeRate);
}
function init(address savings, address mintingHub) external onlyOwner {
SAVINGS = SavingsGateway(savings);
MINTING_HUB = IMintingHubGateway(mintingHub);
renounceOwnership();
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable.sol)
pragma solidity ^0.8.20;
import {Context} from "../utils/Context.sol";
/**
* @dev Contract module which provides a basic access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* The initial owner is set to the address provided by the deployer. This can
* later be changed with {transferOwnership}.
*
* This module is used through inheritance. It will make available the modifier
* `onlyOwner`, which can be applied to your functions to restrict their use to
* the owner.
*/
abstract contract Ownable is Context {
address private _owner;
/**
* @dev The caller account is not authorized to perform an operation.
*/
error OwnableUnauthorizedAccount(address account);
/**
* @dev The owner is not a valid owner account. (eg. `address(0)`)
*/
error OwnableInvalidOwner(address owner);
event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
/**
* @dev Initializes the contract setting the address provided by the deployer as the initial owner.
*/
constructor(address initialOwner) {
if (initialOwner == address(0)) {
revert OwnableInvalidOwner(address(0));
}
_transferOwnership(initialOwner);
}
/**
* @dev Throws if called by any account other than the owner.
*/
modifier onlyOwner() {
_checkOwner();
_;
}
/**
* @dev Returns the address of the current owner.
*/
function owner() public view virtual returns (address) {
return _owner;
}
/**
* @dev Throws if the sender is not the owner.
*/
function _checkOwner() internal view virtual {
if (owner() != _msgSender()) {
revert OwnableUnauthorizedAccount(_msgSender());
}
}
/**
* @dev Leaves the contract without owner. It will not be possible to call
* `onlyOwner` functions. Can only be called by the current owner.
*
* NOTE: Renouncing ownership will leave the contract without an owner,
* thereby disabling any functionality that is only available to the owner.
*/
function renounceOwnership() public virtual onlyOwner {
_transferOwnership(address(0));
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Can only be called by the current owner.
*/
function transferOwnership(address newOwner) public virtual onlyOwner {
if (newOwner == address(0)) {
revert OwnableInvalidOwner(address(0));
}
_transferOwnership(newOwner);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Internal function without access restriction.
*/
function _transferOwnership(address newOwner) internal virtual {
address oldOwner = _owner;
_owner = newOwner;
emit OwnershipTransferred(oldOwner, newOwner);
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (interfaces/draft-IERC6093.sol)
pragma solidity ^0.8.20;
/**
* @dev Standard ERC-20 Errors
* Interface of the https://eips.ethereum.org/EIPS/eip-6093[ERC-6093] custom errors for ERC-20 tokens.
*/
interface IERC20Errors {
/**
* @dev Indicates an error related to the current `balance` of a `sender`. Used in transfers.
* @param sender Address whose tokens are being transferred.
* @param balance Current balance for the interacting account.
* @param needed Minimum amount required to perform a transfer.
*/
error ERC20InsufficientBalance(address sender, uint256 balance, uint256 needed);
/**
* @dev Indicates a failure with the token `sender`. Used in transfers.
* @param sender Address whose tokens are being transferred.
*/
error ERC20InvalidSender(address sender);
/**
* @dev Indicates a failure with the token `receiver`. Used in transfers.
* @param receiver Address to which tokens are being transferred.
*/
error ERC20InvalidReceiver(address receiver);
/**
* @dev Indicates a failure with the `spender`’s `allowance`. Used in transfers.
* @param spender Address that may be allowed to operate on tokens without being their owner.
* @param allowance Amount of tokens a `spender` is allowed to operate with.
* @param needed Minimum amount required to perform a transfer.
*/
error ERC20InsufficientAllowance(address spender, uint256 allowance, uint256 needed);
/**
* @dev Indicates a failure with the `approver` of a token to be approved. Used in approvals.
* @param approver Address initiating an approval operation.
*/
error ERC20InvalidApprover(address approver);
/**
* @dev Indicates a failure with the `spender` to be approved. Used in approvals.
* @param spender Address that may be allowed to operate on tokens without being their owner.
*/
error ERC20InvalidSpender(address spender);
}
/**
* @dev Standard ERC-721 Errors
* Interface of the https://eips.ethereum.org/EIPS/eip-6093[ERC-6093] custom errors for ERC-721 tokens.
*/
interface IERC721Errors {
/**
* @dev Indicates that an address can't be an owner. For example, `address(0)` is a forbidden owner in ERC-20.
* Used in balance queries.
* @param owner Address of the current owner of a token.
*/
error ERC721InvalidOwner(address owner);
/**
* @dev Indicates a `tokenId` whose `owner` is the zero address.
* @param tokenId Identifier number of a token.
*/
error ERC721NonexistentToken(uint256 tokenId);
/**
* @dev Indicates an error related to the ownership over a particular token. Used in transfers.
* @param sender Address whose tokens are being transferred.
* @param tokenId Identifier number of a token.
* @param owner Address of the current owner of a token.
*/
error ERC721IncorrectOwner(address sender, uint256 tokenId, address owner);
/**
* @dev Indicates a failure with the token `sender`. Used in transfers.
* @param sender Address whose tokens are being transferred.
*/
error ERC721InvalidSender(address sender);
/**
* @dev Indicates a failure with the token `receiver`. Used in transfers.
* @param receiver Address to which tokens are being transferred.
*/
error ERC721InvalidReceiver(address receiver);
/**
* @dev Indicates a failure with the `operator`’s approval. Used in transfers.
* @param operator Address that may be allowed to operate on tokens without being their owner.
* @param tokenId Identifier number of a token.
*/
error ERC721InsufficientApproval(address operator, uint256 tokenId);
/**
* @dev Indicates a failure with the `approver` of a token to be approved. Used in approvals.
* @param approver Address initiating an approval operation.
*/
error ERC721InvalidApprover(address approver);
/**
* @dev Indicates a failure with the `operator` to be approved. Used in approvals.
* @param operator Address that may be allowed to operate on tokens without being their owner.
*/
error ERC721InvalidOperator(address operator);
}
/**
* @dev Standard ERC-1155 Errors
* Interface of the https://eips.ethereum.org/EIPS/eip-6093[ERC-6093] custom errors for ERC-1155 tokens.
*/
interface IERC1155Errors {
/**
* @dev Indicates an error related to the current `balance` of a `sender`. Used in transfers.
* @param sender Address whose tokens are being transferred.
* @param balance Current balance for the interacting account.
* @param needed Minimum amount required to perform a transfer.
* @param tokenId Identifier number of a token.
*/
error ERC1155InsufficientBalance(address sender, uint256 balance, uint256 needed, uint256 tokenId);
/**
* @dev Indicates a failure with the token `sender`. Used in transfers.
* @param sender Address whose tokens are being transferred.
*/
error ERC1155InvalidSender(address sender);
/**
* @dev Indicates a failure with the token `receiver`. Used in transfers.
* @param receiver Address to which tokens are being transferred.
*/
error ERC1155InvalidReceiver(address receiver);
/**
* @dev Indicates a failure with the `operator`’s approval. Used in transfers.
* @param operator Address that may be allowed to operate on tokens without being their owner.
* @param owner Address of the current owner of a token.
*/
error ERC1155MissingApprovalForAll(address operator, address owner);
/**
* @dev Indicates a failure with the `approver` of a token to be approved. Used in approvals.
* @param approver Address initiating an approval operation.
*/
error ERC1155InvalidApprover(address approver);
/**
* @dev Indicates a failure with the `operator` to be approved. Used in approvals.
* @param operator Address that may be allowed to operate on tokens without being their owner.
*/
error ERC1155InvalidOperator(address operator);
/**
* @dev Indicates an array length mismatch between ids and values in a safeBatchTransferFrom operation.
* Used in batch transfers.
* @param idsLength Length of the array of token identifiers
* @param valuesLength Length of the array of token amounts
*/
error ERC1155InvalidArrayLength(uint256 idsLength, uint256 valuesLength);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (interfaces/IERC1363.sol)
pragma solidity ^0.8.20;
import {IERC20} from "./IERC20.sol";
import {IERC165} from "./IERC165.sol";
/**
* @title IERC1363
* @dev Interface of the ERC-1363 standard as defined in the https://eips.ethereum.org/EIPS/eip-1363[ERC-1363].
*
* Defines an extension interface for ERC-20 tokens that supports executing code on a recipient contract
* after `transfer` or `transferFrom`, or code on a spender contract after `approve`, in a single transaction.
*/
interface IERC1363 is IERC20, IERC165 {
/*
* Note: the ERC-165 identifier for this interface is 0xb0202a11.
* 0xb0202a11 ===
* bytes4(keccak256('transferAndCall(address,uint256)')) ^
* bytes4(keccak256('transferAndCall(address,uint256,bytes)')) ^
* bytes4(keccak256('transferFromAndCall(address,address,uint256)')) ^
* bytes4(keccak256('transferFromAndCall(address,address,uint256,bytes)')) ^
* bytes4(keccak256('approveAndCall(address,uint256)')) ^
* bytes4(keccak256('approveAndCall(address,uint256,bytes)'))
*/
/**
* @dev Moves a `value` amount of tokens from the caller's account to `to`
* and then calls {IERC1363Receiver-onTransferReceived} on `to`.
* @param to The address which you want to transfer to.
* @param value The amount of tokens to be transferred.
* @return A boolean value indicating whether the operation succeeded unless throwing.
*/
function transferAndCall(address to, uint256 value) external returns (bool);
/**
* @dev Moves a `value` amount of tokens from the caller's account to `to`
* and then calls {IERC1363Receiver-onTransferReceived} on `to`.
* @param to The address which you want to transfer to.
* @param value The amount of tokens to be transferred.
* @param data Additional data with no specified format, sent in call to `to`.
* @return A boolean value indicating whether the operation succeeded unless throwing.
*/
function transferAndCall(address to, uint256 value, bytes calldata data) external returns (bool);
/**
* @dev Moves a `value` amount of tokens from `from` to `to` using the allowance mechanism
* and then calls {IERC1363Receiver-onTransferReceived} on `to`.
* @param from The address which you want to send tokens from.
* @param to The address which you want to transfer to.
* @param value The amount of tokens to be transferred.
* @return A boolean value indicating whether the operation succeeded unless throwing.
*/
function transferFromAndCall(address from, address to, uint256 value) external returns (bool);
/**
* @dev Moves a `value` amount of tokens from `from` to `to` using the allowance mechanism
* and then calls {IERC1363Receiver-onTransferReceived} on `to`.
* @param from The address which you want to send tokens from.
* @param to The address which you want to transfer to.
* @param value The amount of tokens to be transferred.
* @param data Additional data with no specified format, sent in call to `to`.
* @return A boolean value indicating whether the operation succeeded unless throwing.
*/
function transferFromAndCall(address from, address to, uint256 value, bytes calldata data) external returns (bool);
/**
* @dev Sets a `value` amount of tokens as the allowance of `spender` over the
* caller's tokens and then calls {IERC1363Spender-onApprovalReceived} on `spender`.
* @param spender The address which will spend the funds.
* @param value The amount of tokens to be spent.
* @return A boolean value indicating whether the operation succeeded unless throwing.
*/
function approveAndCall(address spender, uint256 value) external returns (bool);
/**
* @dev Sets a `value` amount of tokens as the allowance of `spender` over the
* caller's tokens and then calls {IERC1363Spender-onApprovalReceived} on `spender`.
* @param spender The address which will spend the funds.
* @param value The amount of tokens to be spent.
* @param data Additional data with no specified format, sent in call to `spender`.
* @return A boolean value indicating whether the operation succeeded unless throwing.
*/
function approveAndCall(address spender, uint256 value, bytes calldata data) external returns (bool);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC165.sol)
pragma solidity ^0.8.20;
import {IERC165} from "../utils/introspection/IERC165.sol";// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC20.sol)
pragma solidity ^0.8.20;
import {IERC20} from "../token/ERC20/IERC20.sol";// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC5267.sol)
pragma solidity ^0.8.20;
interface IERC5267 {
/**
* @dev MAY be emitted to signal that the domain could have changed.
*/
event EIP712DomainChanged();
/**
* @dev returns the fields and values that describe the domain separator used by this contract for EIP-712
* signature.
*/
function eip712Domain()
external
view
returns (
bytes1 fields,
string memory name,
string memory version,
uint256 chainId,
address verifyingContract,
bytes32 salt,
uint256[] memory extensions
);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (token/ERC20/ERC20.sol)
pragma solidity ^0.8.20;
import {IERC20} from "./IERC20.sol";
import {IERC20Metadata} from "./extensions/IERC20Metadata.sol";
import {Context} from "../../utils/Context.sol";
import {IERC20Errors} from "../../interfaces/draft-IERC6093.sol";
/**
* @dev Implementation of the {IERC20} interface.
*
* This implementation is agnostic to the way tokens are created. This means
* that a supply mechanism has to be added in a derived contract using {_mint}.
*
* TIP: For a detailed writeup see our guide
* https://forum.openzeppelin.com/t/how-to-implement-erc20-supply-mechanisms/226[How
* to implement supply mechanisms].
*
* The default value of {decimals} is 18. To change this, you should override
* this function so it returns a different value.
*
* We have followed general OpenZeppelin Contracts guidelines: functions revert
* instead returning `false` on failure. This behavior is nonetheless
* conventional and does not conflict with the expectations of ERC-20
* applications.
*/
abstract contract ERC20 is Context, IERC20, IERC20Metadata, IERC20Errors {
mapping(address account => uint256) private _balances;
mapping(address account => mapping(address spender => uint256)) private _allowances;
uint256 private _totalSupply;
string private _name;
string private _symbol;
/**
* @dev Sets the values for {name} and {symbol}.
*
* All two of these values are immutable: they can only be set once during
* construction.
*/
constructor(string memory name_, string memory symbol_) {
_name = name_;
_symbol = symbol_;
}
/**
* @dev Returns the name of the token.
*/
function name() public view virtual returns (string memory) {
return _name;
}
/**
* @dev Returns the symbol of the token, usually a shorter version of the
* name.
*/
function symbol() public view virtual returns (string memory) {
return _symbol;
}
/**
* @dev Returns the number of decimals used to get its user representation.
* For example, if `decimals` equals `2`, a balance of `505` tokens should
* be displayed to a user as `5.05` (`505 / 10 ** 2`).
*
* Tokens usually opt for a value of 18, imitating the relationship between
* Ether and Wei. This is the default value returned by this function, unless
* it's overridden.
*
* NOTE: This information is only used for _display_ purposes: it in
* no way affects any of the arithmetic of the contract, including
* {IERC20-balanceOf} and {IERC20-transfer}.
*/
function decimals() public view virtual returns (uint8) {
return 18;
}
/**
* @dev See {IERC20-totalSupply}.
*/
function totalSupply() public view virtual returns (uint256) {
return _totalSupply;
}
/**
* @dev See {IERC20-balanceOf}.
*/
function balanceOf(address account) public view virtual returns (uint256) {
return _balances[account];
}
/**
* @dev See {IERC20-transfer}.
*
* Requirements:
*
* - `to` cannot be the zero address.
* - the caller must have a balance of at least `value`.
*/
function transfer(address to, uint256 value) public virtual returns (bool) {
address owner = _msgSender();
_transfer(owner, to, value);
return true;
}
/**
* @dev See {IERC20-allowance}.
*/
function allowance(address owner, address spender) public view virtual returns (uint256) {
return _allowances[owner][spender];
}
/**
* @dev See {IERC20-approve}.
*
* NOTE: If `value` is the maximum `uint256`, the allowance is not updated on
* `transferFrom`. This is semantically equivalent to an infinite approval.
*
* Requirements:
*
* - `spender` cannot be the zero address.
*/
function approve(address spender, uint256 value) public virtual returns (bool) {
address owner = _msgSender();
_approve(owner, spender, value);
return true;
}
/**
* @dev See {IERC20-transferFrom}.
*
* Skips emitting an {Approval} event indicating an allowance update. This is not
* required by the ERC. See {xref-ERC20-_approve-address-address-uint256-bool-}[_approve].
*
* NOTE: Does not update the allowance if the current allowance
* is the maximum `uint256`.
*
* Requirements:
*
* - `from` and `to` cannot be the zero address.
* - `from` must have a balance of at least `value`.
* - the caller must have allowance for ``from``'s tokens of at least
* `value`.
*/
function transferFrom(address from, address to, uint256 value) public virtual returns (bool) {
address spender = _msgSender();
_spendAllowance(from, spender, value);
_transfer(from, to, value);
return true;
}
/**
* @dev Moves a `value` amount of tokens from `from` to `to`.
*
* This internal function is equivalent to {transfer}, and can be used to
* e.g. implement automatic token fees, slashing mechanisms, etc.
*
* Emits a {Transfer} event.
*
* NOTE: This function is not virtual, {_update} should be overridden instead.
*/
function _transfer(address from, address to, uint256 value) internal {
if (from == address(0)) {
revert ERC20InvalidSender(address(0));
}
if (to == address(0)) {
revert ERC20InvalidReceiver(address(0));
}
_update(from, to, value);
}
/**
* @dev Transfers a `value` amount of tokens from `from` to `to`, or alternatively mints (or burns) if `from`
* (or `to`) is the zero address. All customizations to transfers, mints, and burns should be done by overriding
* this function.
*
* Emits a {Transfer} event.
*/
function _update(address from, address to, uint256 value) internal virtual {
if (from == address(0)) {
// Overflow check required: The rest of the code assumes that totalSupply never overflows
_totalSupply += value;
} else {
uint256 fromBalance = _balances[from];
if (fromBalance < value) {
revert ERC20InsufficientBalance(from, fromBalance, value);
}
unchecked {
// Overflow not possible: value <= fromBalance <= totalSupply.
_balances[from] = fromBalance - value;
}
}
if (to == address(0)) {
unchecked {
// Overflow not possible: value <= totalSupply or value <= fromBalance <= totalSupply.
_totalSupply -= value;
}
} else {
unchecked {
// Overflow not possible: balance + value is at most totalSupply, which we know fits into a uint256.
_balances[to] += value;
}
}
emit Transfer(from, to, value);
}
/**
* @dev Creates a `value` amount of tokens and assigns them to `account`, by transferring it from address(0).
* Relies on the `_update` mechanism
*
* Emits a {Transfer} event with `from` set to the zero address.
*
* NOTE: This function is not virtual, {_update} should be overridden instead.
*/
function _mint(address account, uint256 value) internal {
if (account == address(0)) {
revert ERC20InvalidReceiver(address(0));
}
_update(address(0), account, value);
}
/**
* @dev Destroys a `value` amount of tokens from `account`, lowering the total supply.
* Relies on the `_update` mechanism.
*
* Emits a {Transfer} event with `to` set to the zero address.
*
* NOTE: This function is not virtual, {_update} should be overridden instead
*/
function _burn(address account, uint256 value) internal {
if (account == address(0)) {
revert ERC20InvalidSender(address(0));
}
_update(account, address(0), value);
}
/**
* @dev Sets `value` as the allowance of `spender` over the `owner` s tokens.
*
* This internal function is equivalent to `approve`, and can be used to
* e.g. set automatic allowances for certain subsystems, etc.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `owner` cannot be the zero address.
* - `spender` cannot be the zero address.
*
* Overrides to this logic should be done to the variant with an additional `bool emitEvent` argument.
*/
function _approve(address owner, address spender, uint256 value) internal {
_approve(owner, spender, value, true);
}
/**
* @dev Variant of {_approve} with an optional flag to enable or disable the {Approval} event.
*
* By default (when calling {_approve}) the flag is set to true. On the other hand, approval changes made by
* `_spendAllowance` during the `transferFrom` operation set the flag to false. This saves gas by not emitting any
* `Approval` event during `transferFrom` operations.
*
* Anyone who wishes to continue emitting `Approval` events on the`transferFrom` operation can force the flag to
* true using the following override:
*
* ```solidity
* function _approve(address owner, address spender, uint256 value, bool) internal virtual override {
* super._approve(owner, spender, value, true);
* }
* ```
*
* Requirements are the same as {_approve}.
*/
function _approve(address owner, address spender, uint256 value, bool emitEvent) internal virtual {
if (owner == address(0)) {
revert ERC20InvalidApprover(address(0));
}
if (spender == address(0)) {
revert ERC20InvalidSpender(address(0));
}
_allowances[owner][spender] = value;
if (emitEvent) {
emit Approval(owner, spender, value);
}
}
/**
* @dev Updates `owner` s allowance for `spender` based on spent `value`.
*
* Does not update the allowance value in case of infinite allowance.
* Revert if not enough allowance is available.
*
* Does not emit an {Approval} event.
*/
function _spendAllowance(address owner, address spender, uint256 value) internal virtual {
uint256 currentAllowance = allowance(owner, spender);
if (currentAllowance != type(uint256).max) {
if (currentAllowance < value) {
revert ERC20InsufficientAllowance(spender, currentAllowance, value);
}
unchecked {
_approve(owner, spender, currentAllowance - value, false);
}
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (token/ERC20/extensions/ERC20Permit.sol)
pragma solidity ^0.8.20;
import {IERC20Permit} from "./IERC20Permit.sol";
import {ERC20} from "../ERC20.sol";
import {ECDSA} from "../../../utils/cryptography/ECDSA.sol";
import {EIP712} from "../../../utils/cryptography/EIP712.sol";
import {Nonces} from "../../../utils/Nonces.sol";
/**
* @dev Implementation of the ERC-20 Permit extension allowing approvals to be made via signatures, as defined in
* https://eips.ethereum.org/EIPS/eip-2612[ERC-2612].
*
* Adds the {permit} method, which can be used to change an account's ERC-20 allowance (see {IERC20-allowance}) by
* presenting a message signed by the account. By not relying on `{IERC20-approve}`, the token holder account doesn't
* need to send a transaction, and thus is not required to hold Ether at all.
*/
abstract contract ERC20Permit is ERC20, IERC20Permit, EIP712, Nonces {
bytes32 private constant PERMIT_TYPEHASH =
keccak256("Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)");
/**
* @dev Permit deadline has expired.
*/
error ERC2612ExpiredSignature(uint256 deadline);
/**
* @dev Mismatched signature.
*/
error ERC2612InvalidSigner(address signer, address owner);
/**
* @dev Initializes the {EIP712} domain separator using the `name` parameter, and setting `version` to `"1"`.
*
* It's a good idea to use the same `name` that is defined as the ERC-20 token name.
*/
constructor(string memory name) EIP712(name, "1") {}
/**
* @inheritdoc IERC20Permit
*/
function permit(
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) public virtual {
if (block.timestamp > deadline) {
revert ERC2612ExpiredSignature(deadline);
}
bytes32 structHash = keccak256(abi.encode(PERMIT_TYPEHASH, owner, spender, value, _useNonce(owner), deadline));
bytes32 hash = _hashTypedDataV4(structHash);
address signer = ECDSA.recover(hash, v, r, s);
if (signer != owner) {
revert ERC2612InvalidSigner(signer, owner);
}
_approve(owner, spender, value);
}
/**
* @inheritdoc IERC20Permit
*/
function nonces(address owner) public view virtual override(IERC20Permit, Nonces) returns (uint256) {
return super.nonces(owner);
}
/**
* @inheritdoc IERC20Permit
*/
// solhint-disable-next-line func-name-mixedcase
function DOMAIN_SEPARATOR() external view virtual returns (bytes32) {
return _domainSeparatorV4();
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (token/ERC20/extensions/ERC20Wrapper.sol)
pragma solidity ^0.8.20;
import {IERC20, IERC20Metadata, ERC20} from "../ERC20.sol";
import {SafeERC20} from "../utils/SafeERC20.sol";
/**
* @dev Extension of the ERC-20 token contract to support token wrapping.
*
* Users can deposit and withdraw "underlying tokens" and receive a matching number of "wrapped tokens". This is useful
* in conjunction with other modules. For example, combining this wrapping mechanism with {ERC20Votes} will allow the
* wrapping of an existing "basic" ERC-20 into a governance token.
*
* WARNING: Any mechanism in which the underlying token changes the {balanceOf} of an account without an explicit transfer
* may desynchronize this contract's supply and its underlying balance. Please exercise caution when wrapping tokens that
* may undercollateralize the wrapper (i.e. wrapper's total supply is higher than its underlying balance). See {_recover}
* for recovering value accrued to the wrapper.
*/
abstract contract ERC20Wrapper is ERC20 {
IERC20 private immutable _underlying;
/**
* @dev The underlying token couldn't be wrapped.
*/
error ERC20InvalidUnderlying(address token);
constructor(IERC20 underlyingToken) {
if (underlyingToken == this) {
revert ERC20InvalidUnderlying(address(this));
}
_underlying = underlyingToken;
}
/**
* @dev See {ERC20-decimals}.
*/
function decimals() public view virtual override returns (uint8) {
try IERC20Metadata(address(_underlying)).decimals() returns (uint8 value) {
return value;
} catch {
return super.decimals();
}
}
/**
* @dev Returns the address of the underlying ERC-20 token that is being wrapped.
*/
function underlying() public view returns (IERC20) {
return _underlying;
}
/**
* @dev Allow a user to deposit underlying tokens and mint the corresponding number of wrapped tokens.
*/
function depositFor(address account, uint256 value) public virtual returns (bool) {
address sender = _msgSender();
if (sender == address(this)) {
revert ERC20InvalidSender(address(this));
}
if (account == address(this)) {
revert ERC20InvalidReceiver(account);
}
SafeERC20.safeTransferFrom(_underlying, sender, address(this), value);
_mint(account, value);
return true;
}
/**
* @dev Allow a user to burn a number of wrapped tokens and withdraw the corresponding number of underlying tokens.
*/
function withdrawTo(address account, uint256 value) public virtual returns (bool) {
if (account == address(this)) {
revert ERC20InvalidReceiver(account);
}
_burn(_msgSender(), value);
SafeERC20.safeTransfer(_underlying, account, value);
return true;
}
/**
* @dev Mint wrapped token to cover any underlyingTokens that would have been transferred by mistake or acquired from
* rebasing mechanisms. Internal function that can be exposed with access control if desired.
*/
function _recover(address account) internal virtual returns (uint256) {
uint256 value = _underlying.balanceOf(address(this)) - totalSupply();
_mint(account, value);
return value;
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (token/ERC20/extensions/IERC20Metadata.sol)
pragma solidity ^0.8.20;
import {IERC20} from "../IERC20.sol";
/**
* @dev Interface for the optional metadata functions from the ERC-20 standard.
*/
interface IERC20Metadata is IERC20 {
/**
* @dev Returns the name of the token.
*/
function name() external view returns (string memory);
/**
* @dev Returns the symbol of the token.
*/
function symbol() external view returns (string memory);
/**
* @dev Returns the decimals places of the token.
*/
function decimals() external view returns (uint8);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (token/ERC20/extensions/IERC20Permit.sol)
pragma solidity ^0.8.20;
/**
* @dev Interface of the ERC-20 Permit extension allowing approvals to be made via signatures, as defined in
* https://eips.ethereum.org/EIPS/eip-2612[ERC-2612].
*
* Adds the {permit} method, which can be used to change an account's ERC-20 allowance (see {IERC20-allowance}) by
* presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't
* need to send a transaction, and thus is not required to hold Ether at all.
*
* ==== Security Considerations
*
* There are two important considerations concerning the use of `permit`. The first is that a valid permit signature
* expresses an allowance, and it should not be assumed to convey additional meaning. In particular, it should not be
* considered as an intention to spend the allowance in any specific way. The second is that because permits have
* built-in replay protection and can be submitted by anyone, they can be frontrun. A protocol that uses permits should
* take this into consideration and allow a `permit` call to fail. Combining these two aspects, a pattern that may be
* generally recommended is:
*
* ```solidity
* function doThingWithPermit(..., uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s) public {
* try token.permit(msg.sender, address(this), value, deadline, v, r, s) {} catch {}
* doThing(..., value);
* }
*
* function doThing(..., uint256 value) public {
* token.safeTransferFrom(msg.sender, address(this), value);
* ...
* }
* ```
*
* Observe that: 1) `msg.sender` is used as the owner, leaving no ambiguity as to the signer intent, and 2) the use of
* `try/catch` allows the permit to fail and makes the code tolerant to frontrunning. (See also
* {SafeERC20-safeTransferFrom}).
*
* Additionally, note that smart contract wallets (such as Argent or Safe) are not able to produce permit signatures, so
* contracts should have entry points that don't rely on permit.
*/
interface IERC20Permit {
/**
* @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,
* given ``owner``'s signed approval.
*
* IMPORTANT: The same issues {IERC20-approve} has related to transaction
* ordering also apply here.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `spender` cannot be the zero address.
* - `deadline` must be a timestamp in the future.
* - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`
* over the EIP712-formatted function arguments.
* - the signature must use ``owner``'s current nonce (see {nonces}).
*
* For more information on the signature format, see the
* https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP
* section].
*
* CAUTION: See Security Considerations above.
*/
function permit(
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) external;
/**
* @dev Returns the current nonce for `owner`. This value must be
* included whenever a signature is generated for {permit}.
*
* Every successful call to {permit} increases ``owner``'s nonce by one. This
* prevents a signature from being used multiple times.
*/
function nonces(address owner) external view returns (uint256);
/**
* @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.
*/
// solhint-disable-next-line func-name-mixedcase
function DOMAIN_SEPARATOR() external view returns (bytes32);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (token/ERC20/IERC20.sol)
pragma solidity ^0.8.20;
/**
* @dev Interface of the ERC-20 standard as defined in the ERC.
*/
interface IERC20 {
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
/**
* @dev Returns the value of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the value of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves a `value` amount of tokens from the caller's account to `to`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address to, uint256 value) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets a `value` amount of tokens as the allowance of `spender` over the
* caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 value) external returns (bool);
/**
* @dev Moves a `value` amount of tokens from `from` to `to` using the
* allowance mechanism. `value` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(address from, address to, uint256 value) external returns (bool);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (token/ERC20/utils/SafeERC20.sol)
pragma solidity ^0.8.20;
import {IERC20} from "../IERC20.sol";
import {IERC1363} from "../../../interfaces/IERC1363.sol";
import {Address} from "../../../utils/Address.sol";
/**
* @title SafeERC20
* @dev Wrappers around ERC-20 operations that throw on failure (when the token
* contract returns false). Tokens that return no value (and instead revert or
* throw on failure) are also supported, non-reverting calls are assumed to be
* successful.
* To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
* which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
*/
library SafeERC20 {
/**
* @dev An operation with an ERC-20 token failed.
*/
error SafeERC20FailedOperation(address token);
/**
* @dev Indicates a failed `decreaseAllowance` request.
*/
error SafeERC20FailedDecreaseAllowance(address spender, uint256 currentAllowance, uint256 requestedDecrease);
/**
* @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeTransfer(IERC20 token, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeCall(token.transfer, (to, value)));
}
/**
* @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the
* calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.
*/
function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeCall(token.transferFrom, (from, to, value)));
}
/**
* @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*
* IMPORTANT: If the token implements ERC-7674 (ERC-20 with temporary allowance), and if the "client"
* smart contract uses ERC-7674 to set temporary allowances, then the "client" smart contract should avoid using
* this function. Performing a {safeIncreaseAllowance} or {safeDecreaseAllowance} operation on a token contract
* that has a non-zero temporary allowance (for that particular owner-spender) will result in unexpected behavior.
*/
function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {
uint256 oldAllowance = token.allowance(address(this), spender);
forceApprove(token, spender, oldAllowance + value);
}
/**
* @dev Decrease the calling contract's allowance toward `spender` by `requestedDecrease`. If `token` returns no
* value, non-reverting calls are assumed to be successful.
*
* IMPORTANT: If the token implements ERC-7674 (ERC-20 with temporary allowance), and if the "client"
* smart contract uses ERC-7674 to set temporary allowances, then the "client" smart contract should avoid using
* this function. Performing a {safeIncreaseAllowance} or {safeDecreaseAllowance} operation on a token contract
* that has a non-zero temporary allowance (for that particular owner-spender) will result in unexpected behavior.
*/
function safeDecreaseAllowance(IERC20 token, address spender, uint256 requestedDecrease) internal {
unchecked {
uint256 currentAllowance = token.allowance(address(this), spender);
if (currentAllowance < requestedDecrease) {
revert SafeERC20FailedDecreaseAllowance(spender, currentAllowance, requestedDecrease);
}
forceApprove(token, spender, currentAllowance - requestedDecrease);
}
}
/**
* @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval
* to be set to zero before setting it to a non-zero value, such as USDT.
*
* NOTE: If the token implements ERC-7674, this function will not modify any temporary allowance. This function
* only sets the "standard" allowance. Any temporary allowance will remain active, in addition to the value being
* set here.
*/
function forceApprove(IERC20 token, address spender, uint256 value) internal {
bytes memory approvalCall = abi.encodeCall(token.approve, (spender, value));
if (!_callOptionalReturnBool(token, approvalCall)) {
_callOptionalReturn(token, abi.encodeCall(token.approve, (spender, 0)));
_callOptionalReturn(token, approvalCall);
}
}
/**
* @dev Performs an {ERC1363} transferAndCall, with a fallback to the simple {ERC20} transfer if the target has no
* code. This can be used to implement an {ERC721}-like safe transfer that rely on {ERC1363} checks when
* targeting contracts.
*
* Reverts if the returned value is other than `true`.
*/
function transferAndCallRelaxed(IERC1363 token, address to, uint256 value, bytes memory data) internal {
if (to.code.length == 0) {
safeTransfer(token, to, value);
} else if (!token.transferAndCall(to, value, data)) {
revert SafeERC20FailedOperation(address(token));
}
}
/**
* @dev Performs an {ERC1363} transferFromAndCall, with a fallback to the simple {ERC20} transferFrom if the target
* has no code. This can be used to implement an {ERC721}-like safe transfer that rely on {ERC1363} checks when
* targeting contracts.
*
* Reverts if the returned value is other than `true`.
*/
function transferFromAndCallRelaxed(
IERC1363 token,
address from,
address to,
uint256 value,
bytes memory data
) internal {
if (to.code.length == 0) {
safeTransferFrom(token, from, to, value);
} else if (!token.transferFromAndCall(from, to, value, data)) {
revert SafeERC20FailedOperation(address(token));
}
}
/**
* @dev Performs an {ERC1363} approveAndCall, with a fallback to the simple {ERC20} approve if the target has no
* code. This can be used to implement an {ERC721}-like safe transfer that rely on {ERC1363} checks when
* targeting contracts.
*
* NOTE: When the recipient address (`to`) has no code (i.e. is an EOA), this function behaves as {forceApprove}.
* Opposedly, when the recipient address (`to`) has code, this function only attempts to call {ERC1363-approveAndCall}
* once without retrying, and relies on the returned value to be true.
*
* Reverts if the returned value is other than `true`.
*/
function approveAndCallRelaxed(IERC1363 token, address to, uint256 value, bytes memory data) internal {
if (to.code.length == 0) {
forceApprove(token, to, value);
} else if (!token.approveAndCall(to, value, data)) {
revert SafeERC20FailedOperation(address(token));
}
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*
* This is a variant of {_callOptionalReturnBool} that reverts if call fails to meet the requirements.
*/
function _callOptionalReturn(IERC20 token, bytes memory data) private {
uint256 returnSize;
uint256 returnValue;
assembly ("memory-safe") {
let success := call(gas(), token, 0, add(data, 0x20), mload(data), 0, 0x20)
// bubble errors
if iszero(success) {
let ptr := mload(0x40)
returndatacopy(ptr, 0, returndatasize())
revert(ptr, returndatasize())
}
returnSize := returndatasize()
returnValue := mload(0)
}
if (returnSize == 0 ? address(token).code.length == 0 : returnValue != 1) {
revert SafeERC20FailedOperation(address(token));
}
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*
* This is a variant of {_callOptionalReturn} that silently catches all reverts and returns a bool instead.
*/
function _callOptionalReturnBool(IERC20 token, bytes memory data) private returns (bool) {
bool success;
uint256 returnSize;
uint256 returnValue;
assembly ("memory-safe") {
success := call(gas(), token, 0, add(data, 0x20), mload(data), 0, 0x20)
returnSize := returndatasize()
returnValue := mload(0)
}
return success && (returnSize == 0 ? address(token).code.length > 0 : returnValue == 1);
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/Address.sol)
pragma solidity ^0.8.20;
import {Errors} from "./Errors.sol";
/**
* @dev Collection of functions related to the address type
*/
library Address {
/**
* @dev There's no code at `target` (it is not a contract).
*/
error AddressEmptyCode(address target);
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.8.20/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
if (address(this).balance < amount) {
revert Errors.InsufficientBalance(address(this).balance, amount);
}
(bool success, ) = recipient.call{value: amount}("");
if (!success) {
revert Errors.FailedCall();
}
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason or custom error, it is bubbled
* up by this function (like regular Solidity function calls). However, if
* the call reverted with no returned reason, this function reverts with a
* {Errors.FailedCall} error.
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*/
function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
if (address(this).balance < value) {
revert Errors.InsufficientBalance(address(this).balance, value);
}
(bool success, bytes memory returndata) = target.call{value: value}(data);
return verifyCallResultFromTarget(target, success, returndata);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*/
function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
(bool success, bytes memory returndata) = target.staticcall(data);
return verifyCallResultFromTarget(target, success, returndata);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a delegate call.
*/
function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
(bool success, bytes memory returndata) = target.delegatecall(data);
return verifyCallResultFromTarget(target, success, returndata);
}
/**
* @dev Tool to verify that a low level call to smart-contract was successful, and reverts if the target
* was not a contract or bubbling up the revert reason (falling back to {Errors.FailedCall}) in case
* of an unsuccessful call.
*/
function verifyCallResultFromTarget(
address target,
bool success,
bytes memory returndata
) internal view returns (bytes memory) {
if (!success) {
_revert(returndata);
} else {
// only check if target is a contract if the call was successful and the return data is empty
// otherwise we already know that it was a contract
if (returndata.length == 0 && target.code.length == 0) {
revert AddressEmptyCode(target);
}
return returndata;
}
}
/**
* @dev Tool to verify that a low level call was successful, and reverts if it wasn't, either by bubbling the
* revert reason or with a default {Errors.FailedCall} error.
*/
function verifyCallResult(bool success, bytes memory returndata) internal pure returns (bytes memory) {
if (!success) {
_revert(returndata);
} else {
return returndata;
}
}
/**
* @dev Reverts with returndata if present. Otherwise reverts with {Errors.FailedCall}.
*/
function _revert(bytes memory returndata) private pure {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly
assembly ("memory-safe") {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert Errors.FailedCall();
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)
pragma solidity ^0.8.20;
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract Context {
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
function _contextSuffixLength() internal view virtual returns (uint256) {
return 0;
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/cryptography/ECDSA.sol)
pragma solidity ^0.8.20;
/**
* @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.
*
* These functions can be used to verify that a message was signed by the holder
* of the private keys of a given address.
*/
library ECDSA {
enum RecoverError {
NoError,
InvalidSignature,
InvalidSignatureLength,
InvalidSignatureS
}
/**
* @dev The signature derives the `address(0)`.
*/
error ECDSAInvalidSignature();
/**
* @dev The signature has an invalid length.
*/
error ECDSAInvalidSignatureLength(uint256 length);
/**
* @dev The signature has an S value that is in the upper half order.
*/
error ECDSAInvalidSignatureS(bytes32 s);
/**
* @dev Returns the address that signed a hashed message (`hash`) with `signature` or an error. This will not
* return address(0) without also returning an error description. Errors are documented using an enum (error type)
* and a bytes32 providing additional information about the error.
*
* If no error is returned, then the address can be used for verification purposes.
*
* The `ecrecover` EVM precompile allows for malleable (non-unique) signatures:
* this function rejects them by requiring the `s` value to be in the lower
* half order, and the `v` value to be either 27 or 28.
*
* IMPORTANT: `hash` _must_ be the result of a hash operation for the
* verification to be secure: it is possible to craft signatures that
* recover to arbitrary addresses for non-hashed data. A safe way to ensure
* this is by receiving a hash of the original message (which may otherwise
* be too long), and then calling {MessageHashUtils-toEthSignedMessageHash} on it.
*
* Documentation for signature generation:
* - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]
* - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]
*/
function tryRecover(
bytes32 hash,
bytes memory signature
) internal pure returns (address recovered, RecoverError err, bytes32 errArg) {
if (signature.length == 65) {
bytes32 r;
bytes32 s;
uint8 v;
// ecrecover takes the signature parameters, and the only way to get them
// currently is to use assembly.
assembly ("memory-safe") {
r := mload(add(signature, 0x20))
s := mload(add(signature, 0x40))
v := byte(0, mload(add(signature, 0x60)))
}
return tryRecover(hash, v, r, s);
} else {
return (address(0), RecoverError.InvalidSignatureLength, bytes32(signature.length));
}
}
/**
* @dev Returns the address that signed a hashed message (`hash`) with
* `signature`. This address can then be used for verification purposes.
*
* The `ecrecover` EVM precompile allows for malleable (non-unique) signatures:
* this function rejects them by requiring the `s` value to be in the lower
* half order, and the `v` value to be either 27 or 28.
*
* IMPORTANT: `hash` _must_ be the result of a hash operation for the
* verification to be secure: it is possible to craft signatures that
* recover to arbitrary addresses for non-hashed data. A safe way to ensure
* this is by receiving a hash of the original message (which may otherwise
* be too long), and then calling {MessageHashUtils-toEthSignedMessageHash} on it.
*/
function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {
(address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, signature);
_throwError(error, errorArg);
return recovered;
}
/**
* @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.
*
* See https://eips.ethereum.org/EIPS/eip-2098[ERC-2098 short signatures]
*/
function tryRecover(
bytes32 hash,
bytes32 r,
bytes32 vs
) internal pure returns (address recovered, RecoverError err, bytes32 errArg) {
unchecked {
bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);
// We do not check for an overflow here since the shift operation results in 0 or 1.
uint8 v = uint8((uint256(vs) >> 255) + 27);
return tryRecover(hash, v, r, s);
}
}
/**
* @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.
*/
function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {
(address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, r, vs);
_throwError(error, errorArg);
return recovered;
}
/**
* @dev Overload of {ECDSA-tryRecover} that receives the `v`,
* `r` and `s` signature fields separately.
*/
function tryRecover(
bytes32 hash,
uint8 v,
bytes32 r,
bytes32 s
) internal pure returns (address recovered, RecoverError err, bytes32 errArg) {
// EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature
// unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
// the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most
// signatures from current libraries generate a unique signature with an s-value in the lower half order.
//
// If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value
// with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or
// vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept
// these malleable signatures as well.
if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
return (address(0), RecoverError.InvalidSignatureS, s);
}
// If the signature is valid (and not malleable), return the signer address
address signer = ecrecover(hash, v, r, s);
if (signer == address(0)) {
return (address(0), RecoverError.InvalidSignature, bytes32(0));
}
return (signer, RecoverError.NoError, bytes32(0));
}
/**
* @dev Overload of {ECDSA-recover} that receives the `v`,
* `r` and `s` signature fields separately.
*/
function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {
(address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, v, r, s);
_throwError(error, errorArg);
return recovered;
}
/**
* @dev Optionally reverts with the corresponding custom error according to the `error` argument provided.
*/
function _throwError(RecoverError error, bytes32 errorArg) private pure {
if (error == RecoverError.NoError) {
return; // no error: do nothing
} else if (error == RecoverError.InvalidSignature) {
revert ECDSAInvalidSignature();
} else if (error == RecoverError.InvalidSignatureLength) {
revert ECDSAInvalidSignatureLength(uint256(errorArg));
} else if (error == RecoverError.InvalidSignatureS) {
revert ECDSAInvalidSignatureS(errorArg);
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/cryptography/EIP712.sol)
pragma solidity ^0.8.20;
import {MessageHashUtils} from "./MessageHashUtils.sol";
import {ShortStrings, ShortString} from "../ShortStrings.sol";
import {IERC5267} from "../../interfaces/IERC5267.sol";
/**
* @dev https://eips.ethereum.org/EIPS/eip-712[EIP-712] is a standard for hashing and signing of typed structured data.
*
* The encoding scheme specified in the EIP requires a domain separator and a hash of the typed structured data, whose
* encoding is very generic and therefore its implementation in Solidity is not feasible, thus this contract
* does not implement the encoding itself. Protocols need to implement the type-specific encoding they need in order to
* produce the hash of their typed data using a combination of `abi.encode` and `keccak256`.
*
* This contract implements the EIP-712 domain separator ({_domainSeparatorV4}) that is used as part of the encoding
* scheme, and the final step of the encoding to obtain the message digest that is then signed via ECDSA
* ({_hashTypedDataV4}).
*
* The implementation of the domain separator was designed to be as efficient as possible while still properly updating
* the chain id to protect against replay attacks on an eventual fork of the chain.
*
* NOTE: This contract implements the version of the encoding known as "v4", as implemented by the JSON RPC method
* https://docs.metamask.io/guide/signing-data.html[`eth_signTypedDataV4` in MetaMask].
*
* NOTE: In the upgradeable version of this contract, the cached values will correspond to the address, and the domain
* separator of the implementation contract. This will cause the {_domainSeparatorV4} function to always rebuild the
* separator from the immutable values, which is cheaper than accessing a cached version in cold storage.
*
* @custom:oz-upgrades-unsafe-allow state-variable-immutable
*/
abstract contract EIP712 is IERC5267 {
using ShortStrings for *;
bytes32 private constant TYPE_HASH =
keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)");
// Cache the domain separator as an immutable value, but also store the chain id that it corresponds to, in order to
// invalidate the cached domain separator if the chain id changes.
bytes32 private immutable _cachedDomainSeparator;
uint256 private immutable _cachedChainId;
address private immutable _cachedThis;
bytes32 private immutable _hashedName;
bytes32 private immutable _hashedVersion;
ShortString private immutable _name;
ShortString private immutable _version;
string private _nameFallback;
string private _versionFallback;
/**
* @dev Initializes the domain separator and parameter caches.
*
* The meaning of `name` and `version` is specified in
* https://eips.ethereum.org/EIPS/eip-712#definition-of-domainseparator[EIP-712]:
*
* - `name`: the user readable name of the signing domain, i.e. the name of the DApp or the protocol.
* - `version`: the current major version of the signing domain.
*
* NOTE: These parameters cannot be changed except through a xref:learn::upgrading-smart-contracts.adoc[smart
* contract upgrade].
*/
constructor(string memory name, string memory version) {
_name = name.toShortStringWithFallback(_nameFallback);
_version = version.toShortStringWithFallback(_versionFallback);
_hashedName = keccak256(bytes(name));
_hashedVersion = keccak256(bytes(version));
_cachedChainId = block.chainid;
_cachedDomainSeparator = _buildDomainSeparator();
_cachedThis = address(this);
}
/**
* @dev Returns the domain separator for the current chain.
*/
function _domainSeparatorV4() internal view returns (bytes32) {
if (address(this) == _cachedThis && block.chainid == _cachedChainId) {
return _cachedDomainSeparator;
} else {
return _buildDomainSeparator();
}
}
function _buildDomainSeparator() private view returns (bytes32) {
return keccak256(abi.encode(TYPE_HASH, _hashedName, _hashedVersion, block.chainid, address(this)));
}
/**
* @dev Given an already https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct[hashed struct], this
* function returns the hash of the fully encoded EIP712 message for this domain.
*
* This hash can be used together with {ECDSA-recover} to obtain the signer of a message. For example:
*
* ```solidity
* bytes32 digest = _hashTypedDataV4(keccak256(abi.encode(
* keccak256("Mail(address to,string contents)"),
* mailTo,
* keccak256(bytes(mailContents))
* )));
* address signer = ECDSA.recover(digest, signature);
* ```
*/
function _hashTypedDataV4(bytes32 structHash) internal view virtual returns (bytes32) {
return MessageHashUtils.toTypedDataHash(_domainSeparatorV4(), structHash);
}
/**
* @dev See {IERC-5267}.
*/
function eip712Domain()
public
view
virtual
returns (
bytes1 fields,
string memory name,
string memory version,
uint256 chainId,
address verifyingContract,
bytes32 salt,
uint256[] memory extensions
)
{
return (
hex"0f", // 01111
_EIP712Name(),
_EIP712Version(),
block.chainid,
address(this),
bytes32(0),
new uint256[](0)
);
}
/**
* @dev The name parameter for the EIP712 domain.
*
* NOTE: By default this function reads _name which is an immutable value.
* It only reads from storage if necessary (in case the value is too large to fit in a ShortString).
*/
// solhint-disable-next-line func-name-mixedcase
function _EIP712Name() internal view returns (string memory) {
return _name.toStringWithFallback(_nameFallback);
}
/**
* @dev The version parameter for the EIP712 domain.
*
* NOTE: By default this function reads _version which is an immutable value.
* It only reads from storage if necessary (in case the value is too large to fit in a ShortString).
*/
// solhint-disable-next-line func-name-mixedcase
function _EIP712Version() internal view returns (string memory) {
return _version.toStringWithFallback(_versionFallback);
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/cryptography/MessageHashUtils.sol)
pragma solidity ^0.8.20;
import {Strings} from "../Strings.sol";
/**
* @dev Signature message hash utilities for producing digests to be consumed by {ECDSA} recovery or signing.
*
* The library provides methods for generating a hash of a message that conforms to the
* https://eips.ethereum.org/EIPS/eip-191[ERC-191] and https://eips.ethereum.org/EIPS/eip-712[EIP 712]
* specifications.
*/
library MessageHashUtils {
/**
* @dev Returns the keccak256 digest of an ERC-191 signed data with version
* `0x45` (`personal_sign` messages).
*
* The digest is calculated by prefixing a bytes32 `messageHash` with
* `"\x19Ethereum Signed Message:\n32"` and hashing the result. It corresponds with the
* hash signed when using the https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`] JSON-RPC method.
*
* NOTE: The `messageHash` parameter is intended to be the result of hashing a raw message with
* keccak256, although any bytes32 value can be safely used because the final digest will
* be re-hashed.
*
* See {ECDSA-recover}.
*/
function toEthSignedMessageHash(bytes32 messageHash) internal pure returns (bytes32 digest) {
assembly ("memory-safe") {
mstore(0x00, "\x19Ethereum Signed Message:\n32") // 32 is the bytes-length of messageHash
mstore(0x1c, messageHash) // 0x1c (28) is the length of the prefix
digest := keccak256(0x00, 0x3c) // 0x3c is the length of the prefix (0x1c) + messageHash (0x20)
}
}
/**
* @dev Returns the keccak256 digest of an ERC-191 signed data with version
* `0x45` (`personal_sign` messages).
*
* The digest is calculated by prefixing an arbitrary `message` with
* `"\x19Ethereum Signed Message:\n" + len(message)` and hashing the result. It corresponds with the
* hash signed when using the https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`] JSON-RPC method.
*
* See {ECDSA-recover}.
*/
function toEthSignedMessageHash(bytes memory message) internal pure returns (bytes32) {
return
keccak256(bytes.concat("\x19Ethereum Signed Message:\n", bytes(Strings.toString(message.length)), message));
}
/**
* @dev Returns the keccak256 digest of an ERC-191 signed data with version
* `0x00` (data with intended validator).
*
* The digest is calculated by prefixing an arbitrary `data` with `"\x19\x00"` and the intended
* `validator` address. Then hashing the result.
*
* See {ECDSA-recover}.
*/
function toDataWithIntendedValidatorHash(address validator, bytes memory data) internal pure returns (bytes32) {
return keccak256(abi.encodePacked(hex"19_00", validator, data));
}
/**
* @dev Returns the keccak256 digest of an EIP-712 typed data (ERC-191 version `0x01`).
*
* The digest is calculated from a `domainSeparator` and a `structHash`, by prefixing them with
* `\x19\x01` and hashing the result. It corresponds to the hash signed by the
* https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`] JSON-RPC method as part of EIP-712.
*
* See {ECDSA-recover}.
*/
function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 digest) {
assembly ("memory-safe") {
let ptr := mload(0x40)
mstore(ptr, hex"19_01")
mstore(add(ptr, 0x02), domainSeparator)
mstore(add(ptr, 0x22), structHash)
digest := keccak256(ptr, 0x42)
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/Errors.sol)
pragma solidity ^0.8.20;
/**
* @dev Collection of common custom errors used in multiple contracts
*
* IMPORTANT: Backwards compatibility is not guaranteed in future versions of the library.
* It is recommended to avoid relying on the error API for critical functionality.
*
* _Available since v5.1._
*/
library Errors {
/**
* @dev The ETH balance of the account is not enough to perform the operation.
*/
error InsufficientBalance(uint256 balance, uint256 needed);
/**
* @dev A call to an address target failed. The target may have reverted.
*/
error FailedCall();
/**
* @dev The deployment failed.
*/
error FailedDeployment();
/**
* @dev A necessary precompile is missing.
*/
error MissingPrecompile(address);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/introspection/ERC165.sol)
pragma solidity ^0.8.20;
import {IERC165} from "./IERC165.sol";
/**
* @dev Implementation of the {IERC165} interface.
*
* Contracts that want to implement ERC-165 should inherit from this contract and override {supportsInterface} to check
* for the additional interface id that will be supported. For example:
*
* ```solidity
* function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
* return interfaceId == type(MyInterface).interfaceId || super.supportsInterface(interfaceId);
* }
* ```
*/
abstract contract ERC165 is IERC165 {
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual returns (bool) {
return interfaceId == type(IERC165).interfaceId;
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/introspection/IERC165.sol)
pragma solidity ^0.8.20;
/**
* @dev Interface of the ERC-165 standard, as defined in the
* https://eips.ethereum.org/EIPS/eip-165[ERC].
*
* Implementers can declare support of contract interfaces, which can then be
* queried by others ({ERC165Checker}).
*
* For an implementation, see {ERC165}.
*/
interface IERC165 {
/**
* @dev Returns true if this contract implements the interface defined by
* `interfaceId`. See the corresponding
* https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[ERC section]
* to learn more about how these ids are created.
*
* This function call must use less than 30 000 gas.
*/
function supportsInterface(bytes4 interfaceId) external view returns (bool);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/math/Math.sol)
pragma solidity ^0.8.20;
import {Panic} from "../Panic.sol";
import {SafeCast} from "./SafeCast.sol";
/**
* @dev Standard math utilities missing in the Solidity language.
*/
library Math {
enum Rounding {
Floor, // Toward negative infinity
Ceil, // Toward positive infinity
Trunc, // Toward zero
Expand // Away from zero
}
/**
* @dev Returns the addition of two unsigned integers, with an success flag (no overflow).
*/
function tryAdd(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {
unchecked {
uint256 c = a + b;
if (c < a) return (false, 0);
return (true, c);
}
}
/**
* @dev Returns the subtraction of two unsigned integers, with an success flag (no overflow).
*/
function trySub(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {
unchecked {
if (b > a) return (false, 0);
return (true, a - b);
}
}
/**
* @dev Returns the multiplication of two unsigned integers, with an success flag (no overflow).
*/
function tryMul(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {
unchecked {
// Gas optimization: this is cheaper than requiring 'a' not being zero, but the
// benefit is lost if 'b' is also tested.
// See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522
if (a == 0) return (true, 0);
uint256 c = a * b;
if (c / a != b) return (false, 0);
return (true, c);
}
}
/**
* @dev Returns the division of two unsigned integers, with a success flag (no division by zero).
*/
function tryDiv(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {
unchecked {
if (b == 0) return (false, 0);
return (true, a / b);
}
}
/**
* @dev Returns the remainder of dividing two unsigned integers, with a success flag (no division by zero).
*/
function tryMod(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {
unchecked {
if (b == 0) return (false, 0);
return (true, a % b);
}
}
/**
* @dev Branchless ternary evaluation for `a ? b : c`. Gas costs are constant.
*
* IMPORTANT: This function may reduce bytecode size and consume less gas when used standalone.
* However, the compiler may optimize Solidity ternary operations (i.e. `a ? b : c`) to only compute
* one branch when needed, making this function more expensive.
*/
function ternary(bool condition, uint256 a, uint256 b) internal pure returns (uint256) {
unchecked {
// branchless ternary works because:
// b ^ (a ^ b) == a
// b ^ 0 == b
return b ^ ((a ^ b) * SafeCast.toUint(condition));
}
}
/**
* @dev Returns the largest of two numbers.
*/
function max(uint256 a, uint256 b) internal pure returns (uint256) {
return ternary(a > b, a, b);
}
/**
* @dev Returns the smallest of two numbers.
*/
function min(uint256 a, uint256 b) internal pure returns (uint256) {
return ternary(a < b, a, b);
}
/**
* @dev Returns the average of two numbers. The result is rounded towards
* zero.
*/
function average(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b) / 2 can overflow.
return (a & b) + (a ^ b) / 2;
}
/**
* @dev Returns the ceiling of the division of two numbers.
*
* This differs from standard division with `/` in that it rounds towards infinity instead
* of rounding towards zero.
*/
function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
if (b == 0) {
// Guarantee the same behavior as in a regular Solidity division.
Panic.panic(Panic.DIVISION_BY_ZERO);
}
// The following calculation ensures accurate ceiling division without overflow.
// Since a is non-zero, (a - 1) / b will not overflow.
// The largest possible result occurs when (a - 1) / b is type(uint256).max,
// but the largest value we can obtain is type(uint256).max - 1, which happens
// when a = type(uint256).max and b = 1.
unchecked {
return SafeCast.toUint(a > 0) * ((a - 1) / b + 1);
}
}
/**
* @dev Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or
* denominator == 0.
*
* Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv) with further edits by
* Uniswap Labs also under MIT license.
*/
function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {
unchecked {
// 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2²⁵⁶ and mod 2²⁵⁶ - 1, then use
// the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256
// variables such that product = prod1 * 2²⁵⁶ + prod0.
uint256 prod0 = x * y; // Least significant 256 bits of the product
uint256 prod1; // Most significant 256 bits of the product
assembly {
let mm := mulmod(x, y, not(0))
prod1 := sub(sub(mm, prod0), lt(mm, prod0))
}
// Handle non-overflow cases, 256 by 256 division.
if (prod1 == 0) {
// Solidity will revert if denominator == 0, unlike the div opcode on its own.
// The surrounding unchecked block does not change this fact.
// See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.
return prod0 / denominator;
}
// Make sure the result is less than 2²⁵⁶. Also prevents denominator == 0.
if (denominator <= prod1) {
Panic.panic(ternary(denominator == 0, Panic.DIVISION_BY_ZERO, Panic.UNDER_OVERFLOW));
}
///////////////////////////////////////////////
// 512 by 256 division.
///////////////////////////////////////////////
// Make division exact by subtracting the remainder from [prod1 prod0].
uint256 remainder;
assembly {
// Compute remainder using mulmod.
remainder := mulmod(x, y, denominator)
// Subtract 256 bit number from 512 bit number.
prod1 := sub(prod1, gt(remainder, prod0))
prod0 := sub(prod0, remainder)
}
// Factor powers of two out of denominator and compute largest power of two divisor of denominator.
// Always >= 1. See https://cs.stackexchange.com/q/138556/92363.
uint256 twos = denominator & (0 - denominator);
assembly {
// Divide denominator by twos.
denominator := div(denominator, twos)
// Divide [prod1 prod0] by twos.
prod0 := div(prod0, twos)
// Flip twos such that it is 2²⁵⁶ / twos. If twos is zero, then it becomes one.
twos := add(div(sub(0, twos), twos), 1)
}
// Shift in bits from prod1 into prod0.
prod0 |= prod1 * twos;
// Invert denominator mod 2²⁵⁶. Now that denominator is an odd number, it has an inverse modulo 2²⁵⁶ such
// that denominator * inv ≡ 1 mod 2²⁵⁶. Compute the inverse by starting with a seed that is correct for
// four bits. That is, denominator * inv ≡ 1 mod 2⁴.
uint256 inverse = (3 * denominator) ^ 2;
// Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also
// works in modular arithmetic, doubling the correct bits in each step.
inverse *= 2 - denominator * inverse; // inverse mod 2⁸
inverse *= 2 - denominator * inverse; // inverse mod 2¹⁶
inverse *= 2 - denominator * inverse; // inverse mod 2³²
inverse *= 2 - denominator * inverse; // inverse mod 2⁶⁴
inverse *= 2 - denominator * inverse; // inverse mod 2¹²⁸
inverse *= 2 - denominator * inverse; // inverse mod 2²⁵⁶
// Because the division is now exact we can divide by multiplying with the modular inverse of denominator.
// This will give us the correct result modulo 2²⁵⁶. Since the preconditions guarantee that the outcome is
// less than 2²⁵⁶, this is the final result. We don't need to compute the high bits of the result and prod1
// is no longer required.
result = prod0 * inverse;
return result;
}
}
/**
* @dev Calculates x * y / denominator with full precision, following the selected rounding direction.
*/
function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {
return mulDiv(x, y, denominator) + SafeCast.toUint(unsignedRoundsUp(rounding) && mulmod(x, y, denominator) > 0);
}
/**
* @dev Calculate the modular multiplicative inverse of a number in Z/nZ.
*
* If n is a prime, then Z/nZ is a field. In that case all elements are inversible, except 0.
* If n is not a prime, then Z/nZ is not a field, and some elements might not be inversible.
*
* If the input value is not inversible, 0 is returned.
*
* NOTE: If you know for sure that n is (big) a prime, it may be cheaper to use Fermat's little theorem and get the
* inverse using `Math.modExp(a, n - 2, n)`. See {invModPrime}.
*/
function invMod(uint256 a, uint256 n) internal pure returns (uint256) {
unchecked {
if (n == 0) return 0;
// The inverse modulo is calculated using the Extended Euclidean Algorithm (iterative version)
// Used to compute integers x and y such that: ax + ny = gcd(a, n).
// When the gcd is 1, then the inverse of a modulo n exists and it's x.
// ax + ny = 1
// ax = 1 + (-y)n
// ax ≡ 1 (mod n) # x is the inverse of a modulo n
// If the remainder is 0 the gcd is n right away.
uint256 remainder = a % n;
uint256 gcd = n;
// Therefore the initial coefficients are:
// ax + ny = gcd(a, n) = n
// 0a + 1n = n
int256 x = 0;
int256 y = 1;
while (remainder != 0) {
uint256 quotient = gcd / remainder;
(gcd, remainder) = (
// The old remainder is the next gcd to try.
remainder,
// Compute the next remainder.
// Can't overflow given that (a % gcd) * (gcd // (a % gcd)) <= gcd
// where gcd is at most n (capped to type(uint256).max)
gcd - remainder * quotient
);
(x, y) = (
// Increment the coefficient of a.
y,
// Decrement the coefficient of n.
// Can overflow, but the result is casted to uint256 so that the
// next value of y is "wrapped around" to a value between 0 and n - 1.
x - y * int256(quotient)
);
}
if (gcd != 1) return 0; // No inverse exists.
return ternary(x < 0, n - uint256(-x), uint256(x)); // Wrap the result if it's negative.
}
}
/**
* @dev Variant of {invMod}. More efficient, but only works if `p` is known to be a prime greater than `2`.
*
* From https://en.wikipedia.org/wiki/Fermat%27s_little_theorem[Fermat's little theorem], we know that if p is
* prime, then `a**(p-1) ≡ 1 mod p`. As a consequence, we have `a * a**(p-2) ≡ 1 mod p`, which means that
* `a**(p-2)` is the modular multiplicative inverse of a in Fp.
*
* NOTE: this function does NOT check that `p` is a prime greater than `2`.
*/
function invModPrime(uint256 a, uint256 p) internal view returns (uint256) {
unchecked {
return Math.modExp(a, p - 2, p);
}
}
/**
* @dev Returns the modular exponentiation of the specified base, exponent and modulus (b ** e % m)
*
* Requirements:
* - modulus can't be zero
* - underlying staticcall to precompile must succeed
*
* IMPORTANT: The result is only valid if the underlying call succeeds. When using this function, make
* sure the chain you're using it on supports the precompiled contract for modular exponentiation
* at address 0x05 as specified in https://eips.ethereum.org/EIPS/eip-198[EIP-198]. Otherwise,
* the underlying function will succeed given the lack of a revert, but the result may be incorrectly
* interpreted as 0.
*/
function modExp(uint256 b, uint256 e, uint256 m) internal view returns (uint256) {
(bool success, uint256 result) = tryModExp(b, e, m);
if (!success) {
Panic.panic(Panic.DIVISION_BY_ZERO);
}
return result;
}
/**
* @dev Returns the modular exponentiation of the specified base, exponent and modulus (b ** e % m).
* It includes a success flag indicating if the operation succeeded. Operation will be marked as failed if trying
* to operate modulo 0 or if the underlying precompile reverted.
*
* IMPORTANT: The result is only valid if the success flag is true. When using this function, make sure the chain
* you're using it on supports the precompiled contract for modular exponentiation at address 0x05 as specified in
* https://eips.ethereum.org/EIPS/eip-198[EIP-198]. Otherwise, the underlying function will succeed given the lack
* of a revert, but the result may be incorrectly interpreted as 0.
*/
function tryModExp(uint256 b, uint256 e, uint256 m) internal view returns (bool success, uint256 result) {
if (m == 0) return (false, 0);
assembly ("memory-safe") {
let ptr := mload(0x40)
// | Offset | Content | Content (Hex) |
// |-----------|------------|--------------------------------------------------------------------|
// | 0x00:0x1f | size of b | 0x0000000000000000000000000000000000000000000000000000000000000020 |
// | 0x20:0x3f | size of e | 0x0000000000000000000000000000000000000000000000000000000000000020 |
// | 0x40:0x5f | size of m | 0x0000000000000000000000000000000000000000000000000000000000000020 |
// | 0x60:0x7f | value of b | 0x<.............................................................b> |
// | 0x80:0x9f | value of e | 0x<.............................................................e> |
// | 0xa0:0xbf | value of m | 0x<.............................................................m> |
mstore(ptr, 0x20)
mstore(add(ptr, 0x20), 0x20)
mstore(add(ptr, 0x40), 0x20)
mstore(add(ptr, 0x60), b)
mstore(add(ptr, 0x80), e)
mstore(add(ptr, 0xa0), m)
// Given the result < m, it's guaranteed to fit in 32 bytes,
// so we can use the memory scratch space located at offset 0.
success := staticcall(gas(), 0x05, ptr, 0xc0, 0x00, 0x20)
result := mload(0x00)
}
}
/**
* @dev Variant of {modExp} that supports inputs of arbitrary length.
*/
function modExp(bytes memory b, bytes memory e, bytes memory m) internal view returns (bytes memory) {
(bool success, bytes memory result) = tryModExp(b, e, m);
if (!success) {
Panic.panic(Panic.DIVISION_BY_ZERO);
}
return result;
}
/**
* @dev Variant of {tryModExp} that supports inputs of arbitrary length.
*/
function tryModExp(
bytes memory b,
bytes memory e,
bytes memory m
) internal view returns (bool success, bytes memory result) {
if (_zeroBytes(m)) return (false, new bytes(0));
uint256 mLen = m.length;
// Encode call args in result and move the free memory pointer
result = abi.encodePacked(b.length, e.length, mLen, b, e, m);
assembly ("memory-safe") {
let dataPtr := add(result, 0x20)
// Write result on top of args to avoid allocating extra memory.
success := staticcall(gas(), 0x05, dataPtr, mload(result), dataPtr, mLen)
// Overwrite the length.
// result.length > returndatasize() is guaranteed because returndatasize() == m.length
mstore(result, mLen)
// Set the memory pointer after the returned data.
mstore(0x40, add(dataPtr, mLen))
}
}
/**
* @dev Returns whether the provided byte array is zero.
*/
function _zeroBytes(bytes memory byteArray) private pure returns (bool) {
for (uint256 i = 0; i < byteArray.length; ++i) {
if (byteArray[i] != 0) {
return false;
}
}
return true;
}
/**
* @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded
* towards zero.
*
* This method is based on Newton's method for computing square roots; the algorithm is restricted to only
* using integer operations.
*/
function sqrt(uint256 a) internal pure returns (uint256) {
unchecked {
// Take care of easy edge cases when a == 0 or a == 1
if (a <= 1) {
return a;
}
// In this function, we use Newton's method to get a root of `f(x) := x² - a`. It involves building a
// sequence x_n that converges toward sqrt(a). For each iteration x_n, we also define the error between
// the current value as `ε_n = | x_n - sqrt(a) |`.
//
// For our first estimation, we consider `e` the smallest power of 2 which is bigger than the square root
// of the target. (i.e. `2**(e-1) ≤ sqrt(a) < 2**e`). We know that `e ≤ 128` because `(2¹²⁸)² = 2²⁵⁶` is
// bigger than any uint256.
//
// By noticing that
// `2**(e-1) ≤ sqrt(a) < 2**e → (2**(e-1))² ≤ a < (2**e)² → 2**(2*e-2) ≤ a < 2**(2*e)`
// we can deduce that `e - 1` is `log2(a) / 2`. We can thus compute `x_n = 2**(e-1)` using a method similar
// to the msb function.
uint256 aa = a;
uint256 xn = 1;
if (aa >= (1 << 128)) {
aa >>= 128;
xn <<= 64;
}
if (aa >= (1 << 64)) {
aa >>= 64;
xn <<= 32;
}
if (aa >= (1 << 32)) {
aa >>= 32;
xn <<= 16;
}
if (aa >= (1 << 16)) {
aa >>= 16;
xn <<= 8;
}
if (aa >= (1 << 8)) {
aa >>= 8;
xn <<= 4;
}
if (aa >= (1 << 4)) {
aa >>= 4;
xn <<= 2;
}
if (aa >= (1 << 2)) {
xn <<= 1;
}
// We now have x_n such that `x_n = 2**(e-1) ≤ sqrt(a) < 2**e = 2 * x_n`. This implies ε_n ≤ 2**(e-1).
//
// We can refine our estimation by noticing that the middle of that interval minimizes the error.
// If we move x_n to equal 2**(e-1) + 2**(e-2), then we reduce the error to ε_n ≤ 2**(e-2).
// This is going to be our x_0 (and ε_0)
xn = (3 * xn) >> 1; // ε_0 := | x_0 - sqrt(a) | ≤ 2**(e-2)
// From here, Newton's method give us:
// x_{n+1} = (x_n + a / x_n) / 2
//
// One should note that:
// x_{n+1}² - a = ((x_n + a / x_n) / 2)² - a
// = ((x_n² + a) / (2 * x_n))² - a
// = (x_n⁴ + 2 * a * x_n² + a²) / (4 * x_n²) - a
// = (x_n⁴ + 2 * a * x_n² + a² - 4 * a * x_n²) / (4 * x_n²)
// = (x_n⁴ - 2 * a * x_n² + a²) / (4 * x_n²)
// = (x_n² - a)² / (2 * x_n)²
// = ((x_n² - a) / (2 * x_n))²
// ≥ 0
// Which proves that for all n ≥ 1, sqrt(a) ≤ x_n
//
// This gives us the proof of quadratic convergence of the sequence:
// ε_{n+1} = | x_{n+1} - sqrt(a) |
// = | (x_n + a / x_n) / 2 - sqrt(a) |
// = | (x_n² + a - 2*x_n*sqrt(a)) / (2 * x_n) |
// = | (x_n - sqrt(a))² / (2 * x_n) |
// = | ε_n² / (2 * x_n) |
// = ε_n² / | (2 * x_n) |
//
// For the first iteration, we have a special case where x_0 is known:
// ε_1 = ε_0² / | (2 * x_0) |
// ≤ (2**(e-2))² / (2 * (2**(e-1) + 2**(e-2)))
// ≤ 2**(2*e-4) / (3 * 2**(e-1))
// ≤ 2**(e-3) / 3
// ≤ 2**(e-3-log2(3))
// ≤ 2**(e-4.5)
//
// For the following iterations, we use the fact that, 2**(e-1) ≤ sqrt(a) ≤ x_n:
// ε_{n+1} = ε_n² / | (2 * x_n) |
// ≤ (2**(e-k))² / (2 * 2**(e-1))
// ≤ 2**(2*e-2*k) / 2**e
// ≤ 2**(e-2*k)
xn = (xn + a / xn) >> 1; // ε_1 := | x_1 - sqrt(a) | ≤ 2**(e-4.5) -- special case, see above
xn = (xn + a / xn) >> 1; // ε_2 := | x_2 - sqrt(a) | ≤ 2**(e-9) -- general case with k = 4.5
xn = (xn + a / xn) >> 1; // ε_3 := | x_3 - sqrt(a) | ≤ 2**(e-18) -- general case with k = 9
xn = (xn + a / xn) >> 1; // ε_4 := | x_4 - sqrt(a) | ≤ 2**(e-36) -- general case with k = 18
xn = (xn + a / xn) >> 1; // ε_5 := | x_5 - sqrt(a) | ≤ 2**(e-72) -- general case with k = 36
xn = (xn + a / xn) >> 1; // ε_6 := | x_6 - sqrt(a) | ≤ 2**(e-144) -- general case with k = 72
// Because e ≤ 128 (as discussed during the first estimation phase), we know have reached a precision
// ε_6 ≤ 2**(e-144) < 1. Given we're operating on integers, then we can ensure that xn is now either
// sqrt(a) or sqrt(a) + 1.
return xn - SafeCast.toUint(xn > a / xn);
}
}
/**
* @dev Calculates sqrt(a), following the selected rounding direction.
*/
function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = sqrt(a);
return result + SafeCast.toUint(unsignedRoundsUp(rounding) && result * result < a);
}
}
/**
* @dev Return the log in base 2 of a positive value rounded towards zero.
* Returns 0 if given 0.
*/
function log2(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
uint256 exp;
unchecked {
exp = 128 * SafeCast.toUint(value > (1 << 128) - 1);
value >>= exp;
result += exp;
exp = 64 * SafeCast.toUint(value > (1 << 64) - 1);
value >>= exp;
result += exp;
exp = 32 * SafeCast.toUint(value > (1 << 32) - 1);
value >>= exp;
result += exp;
exp = 16 * SafeCast.toUint(value > (1 << 16) - 1);
value >>= exp;
result += exp;
exp = 8 * SafeCast.toUint(value > (1 << 8) - 1);
value >>= exp;
result += exp;
exp = 4 * SafeCast.toUint(value > (1 << 4) - 1);
value >>= exp;
result += exp;
exp = 2 * SafeCast.toUint(value > (1 << 2) - 1);
value >>= exp;
result += exp;
result += SafeCast.toUint(value > 1);
}
return result;
}
/**
* @dev Return the log in base 2, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log2(value);
return result + SafeCast.toUint(unsignedRoundsUp(rounding) && 1 << result < value);
}
}
/**
* @dev Return the log in base 10 of a positive value rounded towards zero.
* Returns 0 if given 0.
*/
function log10(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >= 10 ** 64) {
value /= 10 ** 64;
result += 64;
}
if (value >= 10 ** 32) {
value /= 10 ** 32;
result += 32;
}
if (value >= 10 ** 16) {
value /= 10 ** 16;
result += 16;
}
if (value >= 10 ** 8) {
value /= 10 ** 8;
result += 8;
}
if (value >= 10 ** 4) {
value /= 10 ** 4;
result += 4;
}
if (value >= 10 ** 2) {
value /= 10 ** 2;
result += 2;
}
if (value >= 10 ** 1) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 10, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log10(value);
return result + SafeCast.toUint(unsignedRoundsUp(rounding) && 10 ** result < value);
}
}
/**
* @dev Return the log in base 256 of a positive value rounded towards zero.
* Returns 0 if given 0.
*
* Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.
*/
function log256(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
uint256 isGt;
unchecked {
isGt = SafeCast.toUint(value > (1 << 128) - 1);
value >>= isGt * 128;
result += isGt * 16;
isGt = SafeCast.toUint(value > (1 << 64) - 1);
value >>= isGt * 64;
result += isGt * 8;
isGt = SafeCast.toUint(value > (1 << 32) - 1);
value >>= isGt * 32;
result += isGt * 4;
isGt = SafeCast.toUint(value > (1 << 16) - 1);
value >>= isGt * 16;
result += isGt * 2;
result += SafeCast.toUint(value > (1 << 8) - 1);
}
return result;
}
/**
* @dev Return the log in base 256, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log256(value);
return result + SafeCast.toUint(unsignedRoundsUp(rounding) && 1 << (result << 3) < value);
}
}
/**
* @dev Returns whether a provided rounding mode is considered rounding up for unsigned integers.
*/
function unsignedRoundsUp(Rounding rounding) internal pure returns (bool) {
return uint8(rounding) % 2 == 1;
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/math/SafeCast.sol)
// This file was procedurally generated from scripts/generate/templates/SafeCast.js.
pragma solidity ^0.8.20;
/**
* @dev Wrappers over Solidity's uintXX/intXX/bool casting operators with added overflow
* checks.
*
* Downcasting from uint256/int256 in Solidity does not revert on overflow. This can
* easily result in undesired exploitation or bugs, since developers usually
* assume that overflows raise errors. `SafeCast` restores this intuition by
* reverting the transaction when such an operation overflows.
*
* Using this library instead of the unchecked operations eliminates an entire
* class of bugs, so it's recommended to use it always.
*/
library SafeCast {
/**
* @dev Value doesn't fit in an uint of `bits` size.
*/
error SafeCastOverflowedUintDowncast(uint8 bits, uint256 value);
/**
* @dev An int value doesn't fit in an uint of `bits` size.
*/
error SafeCastOverflowedIntToUint(int256 value);
/**
* @dev Value doesn't fit in an int of `bits` size.
*/
error SafeCastOverflowedIntDowncast(uint8 bits, int256 value);
/**
* @dev An uint value doesn't fit in an int of `bits` size.
*/
error SafeCastOverflowedUintToInt(uint256 value);
/**
* @dev Returns the downcasted uint248 from uint256, reverting on
* overflow (when the input is greater than largest uint248).
*
* Counterpart to Solidity's `uint248` operator.
*
* Requirements:
*
* - input must fit into 248 bits
*/
function toUint248(uint256 value) internal pure returns (uint248) {
if (value > type(uint248).max) {
revert SafeCastOverflowedUintDowncast(248, value);
}
return uint248(value);
}
/**
* @dev Returns the downcasted uint240 from uint256, reverting on
* overflow (when the input is greater than largest uint240).
*
* Counterpart to Solidity's `uint240` operator.
*
* Requirements:
*
* - input must fit into 240 bits
*/
function toUint240(uint256 value) internal pure returns (uint240) {
if (value > type(uint240).max) {
revert SafeCastOverflowedUintDowncast(240, value);
}
return uint240(value);
}
/**
* @dev Returns the downcasted uint232 from uint256, reverting on
* overflow (when the input is greater than largest uint232).
*
* Counterpart to Solidity's `uint232` operator.
*
* Requirements:
*
* - input must fit into 232 bits
*/
function toUint232(uint256 value) internal pure returns (uint232) {
if (value > type(uint232).max) {
revert SafeCastOverflowedUintDowncast(232, value);
}
return uint232(value);
}
/**
* @dev Returns the downcasted uint224 from uint256, reverting on
* overflow (when the input is greater than largest uint224).
*
* Counterpart to Solidity's `uint224` operator.
*
* Requirements:
*
* - input must fit into 224 bits
*/
function toUint224(uint256 value) internal pure returns (uint224) {
if (value > type(uint224).max) {
revert SafeCastOverflowedUintDowncast(224, value);
}
return uint224(value);
}
/**
* @dev Returns the downcasted uint216 from uint256, reverting on
* overflow (when the input is greater than largest uint216).
*
* Counterpart to Solidity's `uint216` operator.
*
* Requirements:
*
* - input must fit into 216 bits
*/
function toUint216(uint256 value) internal pure returns (uint216) {
if (value > type(uint216).max) {
revert SafeCastOverflowedUintDowncast(216, value);
}
return uint216(value);
}
/**
* @dev Returns the downcasted uint208 from uint256, reverting on
* overflow (when the input is greater than largest uint208).
*
* Counterpart to Solidity's `uint208` operator.
*
* Requirements:
*
* - input must fit into 208 bits
*/
function toUint208(uint256 value) internal pure returns (uint208) {
if (value > type(uint208).max) {
revert SafeCastOverflowedUintDowncast(208, value);
}
return uint208(value);
}
/**
* @dev Returns the downcasted uint200 from uint256, reverting on
* overflow (when the input is greater than largest uint200).
*
* Counterpart to Solidity's `uint200` operator.
*
* Requirements:
*
* - input must fit into 200 bits
*/
function toUint200(uint256 value) internal pure returns (uint200) {
if (value > type(uint200).max) {
revert SafeCastOverflowedUintDowncast(200, value);
}
return uint200(value);
}
/**
* @dev Returns the downcasted uint192 from uint256, reverting on
* overflow (when the input is greater than largest uint192).
*
* Counterpart to Solidity's `uint192` operator.
*
* Requirements:
*
* - input must fit into 192 bits
*/
function toUint192(uint256 value) internal pure returns (uint192) {
if (value > type(uint192).max) {
revert SafeCastOverflowedUintDowncast(192, value);
}
return uint192(value);
}
/**
* @dev Returns the downcasted uint184 from uint256, reverting on
* overflow (when the input is greater than largest uint184).
*
* Counterpart to Solidity's `uint184` operator.
*
* Requirements:
*
* - input must fit into 184 bits
*/
function toUint184(uint256 value) internal pure returns (uint184) {
if (value > type(uint184).max) {
revert SafeCastOverflowedUintDowncast(184, value);
}
return uint184(value);
}
/**
* @dev Returns the downcasted uint176 from uint256, reverting on
* overflow (when the input is greater than largest uint176).
*
* Counterpart to Solidity's `uint176` operator.
*
* Requirements:
*
* - input must fit into 176 bits
*/
function toUint176(uint256 value) internal pure returns (uint176) {
if (value > type(uint176).max) {
revert SafeCastOverflowedUintDowncast(176, value);
}
return uint176(value);
}
/**
* @dev Returns the downcasted uint168 from uint256, reverting on
* overflow (when the input is greater than largest uint168).
*
* Counterpart to Solidity's `uint168` operator.
*
* Requirements:
*
* - input must fit into 168 bits
*/
function toUint168(uint256 value) internal pure returns (uint168) {
if (value > type(uint168).max) {
revert SafeCastOverflowedUintDowncast(168, value);
}
return uint168(value);
}
/**
* @dev Returns the downcasted uint160 from uint256, reverting on
* overflow (when the input is greater than largest uint160).
*
* Counterpart to Solidity's `uint160` operator.
*
* Requirements:
*
* - input must fit into 160 bits
*/
function toUint160(uint256 value) internal pure returns (uint160) {
if (value > type(uint160).max) {
revert SafeCastOverflowedUintDowncast(160, value);
}
return uint160(value);
}
/**
* @dev Returns the downcasted uint152 from uint256, reverting on
* overflow (when the input is greater than largest uint152).
*
* Counterpart to Solidity's `uint152` operator.
*
* Requirements:
*
* - input must fit into 152 bits
*/
function toUint152(uint256 value) internal pure returns (uint152) {
if (value > type(uint152).max) {
revert SafeCastOverflowedUintDowncast(152, value);
}
return uint152(value);
}
/**
* @dev Returns the downcasted uint144 from uint256, reverting on
* overflow (when the input is greater than largest uint144).
*
* Counterpart to Solidity's `uint144` operator.
*
* Requirements:
*
* - input must fit into 144 bits
*/
function toUint144(uint256 value) internal pure returns (uint144) {
if (value > type(uint144).max) {
revert SafeCastOverflowedUintDowncast(144, value);
}
return uint144(value);
}
/**
* @dev Returns the downcasted uint136 from uint256, reverting on
* overflow (when the input is greater than largest uint136).
*
* Counterpart to Solidity's `uint136` operator.
*
* Requirements:
*
* - input must fit into 136 bits
*/
function toUint136(uint256 value) internal pure returns (uint136) {
if (value > type(uint136).max) {
revert SafeCastOverflowedUintDowncast(136, value);
}
return uint136(value);
}
/**
* @dev Returns the downcasted uint128 from uint256, reverting on
* overflow (when the input is greater than largest uint128).
*
* Counterpart to Solidity's `uint128` operator.
*
* Requirements:
*
* - input must fit into 128 bits
*/
function toUint128(uint256 value) internal pure returns (uint128) {
if (value > type(uint128).max) {
revert SafeCastOverflowedUintDowncast(128, value);
}
return uint128(value);
}
/**
* @dev Returns the downcasted uint120 from uint256, reverting on
* overflow (when the input is greater than largest uint120).
*
* Counterpart to Solidity's `uint120` operator.
*
* Requirements:
*
* - input must fit into 120 bits
*/
function toUint120(uint256 value) internal pure returns (uint120) {
if (value > type(uint120).max) {
revert SafeCastOverflowedUintDowncast(120, value);
}
return uint120(value);
}
/**
* @dev Returns the downcasted uint112 from uint256, reverting on
* overflow (when the input is greater than largest uint112).
*
* Counterpart to Solidity's `uint112` operator.
*
* Requirements:
*
* - input must fit into 112 bits
*/
function toUint112(uint256 value) internal pure returns (uint112) {
if (value > type(uint112).max) {
revert SafeCastOverflowedUintDowncast(112, value);
}
return uint112(value);
}
/**
* @dev Returns the downcasted uint104 from uint256, reverting on
* overflow (when the input is greater than largest uint104).
*
* Counterpart to Solidity's `uint104` operator.
*
* Requirements:
*
* - input must fit into 104 bits
*/
function toUint104(uint256 value) internal pure returns (uint104) {
if (value > type(uint104).max) {
revert SafeCastOverflowedUintDowncast(104, value);
}
return uint104(value);
}
/**
* @dev Returns the downcasted uint96 from uint256, reverting on
* overflow (when the input is greater than largest uint96).
*
* Counterpart to Solidity's `uint96` operator.
*
* Requirements:
*
* - input must fit into 96 bits
*/
function toUint96(uint256 value) internal pure returns (uint96) {
if (value > type(uint96).max) {
revert SafeCastOverflowedUintDowncast(96, value);
}
return uint96(value);
}
/**
* @dev Returns the downcasted uint88 from uint256, reverting on
* overflow (when the input is greater than largest uint88).
*
* Counterpart to Solidity's `uint88` operator.
*
* Requirements:
*
* - input must fit into 88 bits
*/
function toUint88(uint256 value) internal pure returns (uint88) {
if (value > type(uint88).max) {
revert SafeCastOverflowedUintDowncast(88, value);
}
return uint88(value);
}
/**
* @dev Returns the downcasted uint80 from uint256, reverting on
* overflow (when the input is greater than largest uint80).
*
* Counterpart to Solidity's `uint80` operator.
*
* Requirements:
*
* - input must fit into 80 bits
*/
function toUint80(uint256 value) internal pure returns (uint80) {
if (value > type(uint80).max) {
revert SafeCastOverflowedUintDowncast(80, value);
}
return uint80(value);
}
/**
* @dev Returns the downcasted uint72 from uint256, reverting on
* overflow (when the input is greater than largest uint72).
*
* Counterpart to Solidity's `uint72` operator.
*
* Requirements:
*
* - input must fit into 72 bits
*/
function toUint72(uint256 value) internal pure returns (uint72) {
if (value > type(uint72).max) {
revert SafeCastOverflowedUintDowncast(72, value);
}
return uint72(value);
}
/**
* @dev Returns the downcasted uint64 from uint256, reverting on
* overflow (when the input is greater than largest uint64).
*
* Counterpart to Solidity's `uint64` operator.
*
* Requirements:
*
* - input must fit into 64 bits
*/
function toUint64(uint256 value) internal pure returns (uint64) {
if (value > type(uint64).max) {
revert SafeCastOverflowedUintDowncast(64, value);
}
return uint64(value);
}
/**
* @dev Returns the downcasted uint56 from uint256, reverting on
* overflow (when the input is greater than largest uint56).
*
* Counterpart to Solidity's `uint56` operator.
*
* Requirements:
*
* - input must fit into 56 bits
*/
function toUint56(uint256 value) internal pure returns (uint56) {
if (value > type(uint56).max) {
revert SafeCastOverflowedUintDowncast(56, value);
}
return uint56(value);
}
/**
* @dev Returns the downcasted uint48 from uint256, reverting on
* overflow (when the input is greater than largest uint48).
*
* Counterpart to Solidity's `uint48` operator.
*
* Requirements:
*
* - input must fit into 48 bits
*/
function toUint48(uint256 value) internal pure returns (uint48) {
if (value > type(uint48).max) {
revert SafeCastOverflowedUintDowncast(48, value);
}
return uint48(value);
}
/**
* @dev Returns the downcasted uint40 from uint256, reverting on
* overflow (when the input is greater than largest uint40).
*
* Counterpart to Solidity's `uint40` operator.
*
* Requirements:
*
* - input must fit into 40 bits
*/
function toUint40(uint256 value) internal pure returns (uint40) {
if (value > type(uint40).max) {
revert SafeCastOverflowedUintDowncast(40, value);
}
return uint40(value);
}
/**
* @dev Returns the downcasted uint32 from uint256, reverting on
* overflow (when the input is greater than largest uint32).
*
* Counterpart to Solidity's `uint32` operator.
*
* Requirements:
*
* - input must fit into 32 bits
*/
function toUint32(uint256 value) internal pure returns (uint32) {
if (value > type(uint32).max) {
revert SafeCastOverflowedUintDowncast(32, value);
}
return uint32(value);
}
/**
* @dev Returns the downcasted uint24 from uint256, reverting on
* overflow (when the input is greater than largest uint24).
*
* Counterpart to Solidity's `uint24` operator.
*
* Requirements:
*
* - input must fit into 24 bits
*/
function toUint24(uint256 value) internal pure returns (uint24) {
if (value > type(uint24).max) {
revert SafeCastOverflowedUintDowncast(24, value);
}
return uint24(value);
}
/**
* @dev Returns the downcasted uint16 from uint256, reverting on
* overflow (when the input is greater than largest uint16).
*
* Counterpart to Solidity's `uint16` operator.
*
* Requirements:
*
* - input must fit into 16 bits
*/
function toUint16(uint256 value) internal pure returns (uint16) {
if (value > type(uint16).max) {
revert SafeCastOverflowedUintDowncast(16, value);
}
return uint16(value);
}
/**
* @dev Returns the downcasted uint8 from uint256, reverting on
* overflow (when the input is greater than largest uint8).
*
* Counterpart to Solidity's `uint8` operator.
*
* Requirements:
*
* - input must fit into 8 bits
*/
function toUint8(uint256 value) internal pure returns (uint8) {
if (value > type(uint8).max) {
revert SafeCastOverflowedUintDowncast(8, value);
}
return uint8(value);
}
/**
* @dev Converts a signed int256 into an unsigned uint256.
*
* Requirements:
*
* - input must be greater than or equal to 0.
*/
function toUint256(int256 value) internal pure returns (uint256) {
if (value < 0) {
revert SafeCastOverflowedIntToUint(value);
}
return uint256(value);
}
/**
* @dev Returns the downcasted int248 from int256, reverting on
* overflow (when the input is less than smallest int248 or
* greater than largest int248).
*
* Counterpart to Solidity's `int248` operator.
*
* Requirements:
*
* - input must fit into 248 bits
*/
function toInt248(int256 value) internal pure returns (int248 downcasted) {
downcasted = int248(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(248, value);
}
}
/**
* @dev Returns the downcasted int240 from int256, reverting on
* overflow (when the input is less than smallest int240 or
* greater than largest int240).
*
* Counterpart to Solidity's `int240` operator.
*
* Requirements:
*
* - input must fit into 240 bits
*/
function toInt240(int256 value) internal pure returns (int240 downcasted) {
downcasted = int240(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(240, value);
}
}
/**
* @dev Returns the downcasted int232 from int256, reverting on
* overflow (when the input is less than smallest int232 or
* greater than largest int232).
*
* Counterpart to Solidity's `int232` operator.
*
* Requirements:
*
* - input must fit into 232 bits
*/
function toInt232(int256 value) internal pure returns (int232 downcasted) {
downcasted = int232(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(232, value);
}
}
/**
* @dev Returns the downcasted int224 from int256, reverting on
* overflow (when the input is less than smallest int224 or
* greater than largest int224).
*
* Counterpart to Solidity's `int224` operator.
*
* Requirements:
*
* - input must fit into 224 bits
*/
function toInt224(int256 value) internal pure returns (int224 downcasted) {
downcasted = int224(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(224, value);
}
}
/**
* @dev Returns the downcasted int216 from int256, reverting on
* overflow (when the input is less than smallest int216 or
* greater than largest int216).
*
* Counterpart to Solidity's `int216` operator.
*
* Requirements:
*
* - input must fit into 216 bits
*/
function toInt216(int256 value) internal pure returns (int216 downcasted) {
downcasted = int216(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(216, value);
}
}
/**
* @dev Returns the downcasted int208 from int256, reverting on
* overflow (when the input is less than smallest int208 or
* greater than largest int208).
*
* Counterpart to Solidity's `int208` operator.
*
* Requirements:
*
* - input must fit into 208 bits
*/
function toInt208(int256 value) internal pure returns (int208 downcasted) {
downcasted = int208(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(208, value);
}
}
/**
* @dev Returns the downcasted int200 from int256, reverting on
* overflow (when the input is less than smallest int200 or
* greater than largest int200).
*
* Counterpart to Solidity's `int200` operator.
*
* Requirements:
*
* - input must fit into 200 bits
*/
function toInt200(int256 value) internal pure returns (int200 downcasted) {
downcasted = int200(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(200, value);
}
}
/**
* @dev Returns the downcasted int192 from int256, reverting on
* overflow (when the input is less than smallest int192 or
* greater than largest int192).
*
* Counterpart to Solidity's `int192` operator.
*
* Requirements:
*
* - input must fit into 192 bits
*/
function toInt192(int256 value) internal pure returns (int192 downcasted) {
downcasted = int192(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(192, value);
}
}
/**
* @dev Returns the downcasted int184 from int256, reverting on
* overflow (when the input is less than smallest int184 or
* greater than largest int184).
*
* Counterpart to Solidity's `int184` operator.
*
* Requirements:
*
* - input must fit into 184 bits
*/
function toInt184(int256 value) internal pure returns (int184 downcasted) {
downcasted = int184(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(184, value);
}
}
/**
* @dev Returns the downcasted int176 from int256, reverting on
* overflow (when the input is less than smallest int176 or
* greater than largest int176).
*
* Counterpart to Solidity's `int176` operator.
*
* Requirements:
*
* - input must fit into 176 bits
*/
function toInt176(int256 value) internal pure returns (int176 downcasted) {
downcasted = int176(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(176, value);
}
}
/**
* @dev Returns the downcasted int168 from int256, reverting on
* overflow (when the input is less than smallest int168 or
* greater than largest int168).
*
* Counterpart to Solidity's `int168` operator.
*
* Requirements:
*
* - input must fit into 168 bits
*/
function toInt168(int256 value) internal pure returns (int168 downcasted) {
downcasted = int168(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(168, value);
}
}
/**
* @dev Returns the downcasted int160 from int256, reverting on
* overflow (when the input is less than smallest int160 or
* greater than largest int160).
*
* Counterpart to Solidity's `int160` operator.
*
* Requirements:
*
* - input must fit into 160 bits
*/
function toInt160(int256 value) internal pure returns (int160 downcasted) {
downcasted = int160(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(160, value);
}
}
/**
* @dev Returns the downcasted int152 from int256, reverting on
* overflow (when the input is less than smallest int152 or
* greater than largest int152).
*
* Counterpart to Solidity's `int152` operator.
*
* Requirements:
*
* - input must fit into 152 bits
*/
function toInt152(int256 value) internal pure returns (int152 downcasted) {
downcasted = int152(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(152, value);
}
}
/**
* @dev Returns the downcasted int144 from int256, reverting on
* overflow (when the input is less than smallest int144 or
* greater than largest int144).
*
* Counterpart to Solidity's `int144` operator.
*
* Requirements:
*
* - input must fit into 144 bits
*/
function toInt144(int256 value) internal pure returns (int144 downcasted) {
downcasted = int144(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(144, value);
}
}
/**
* @dev Returns the downcasted int136 from int256, reverting on
* overflow (when the input is less than smallest int136 or
* greater than largest int136).
*
* Counterpart to Solidity's `int136` operator.
*
* Requirements:
*
* - input must fit into 136 bits
*/
function toInt136(int256 value) internal pure returns (int136 downcasted) {
downcasted = int136(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(136, value);
}
}
/**
* @dev Returns the downcasted int128 from int256, reverting on
* overflow (when the input is less than smallest int128 or
* greater than largest int128).
*
* Counterpart to Solidity's `int128` operator.
*
* Requirements:
*
* - input must fit into 128 bits
*/
function toInt128(int256 value) internal pure returns (int128 downcasted) {
downcasted = int128(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(128, value);
}
}
/**
* @dev Returns the downcasted int120 from int256, reverting on
* overflow (when the input is less than smallest int120 or
* greater than largest int120).
*
* Counterpart to Solidity's `int120` operator.
*
* Requirements:
*
* - input must fit into 120 bits
*/
function toInt120(int256 value) internal pure returns (int120 downcasted) {
downcasted = int120(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(120, value);
}
}
/**
* @dev Returns the downcasted int112 from int256, reverting on
* overflow (when the input is less than smallest int112 or
* greater than largest int112).
*
* Counterpart to Solidity's `int112` operator.
*
* Requirements:
*
* - input must fit into 112 bits
*/
function toInt112(int256 value) internal pure returns (int112 downcasted) {
downcasted = int112(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(112, value);
}
}
/**
* @dev Returns the downcasted int104 from int256, reverting on
* overflow (when the input is less than smallest int104 or
* greater than largest int104).
*
* Counterpart to Solidity's `int104` operator.
*
* Requirements:
*
* - input must fit into 104 bits
*/
function toInt104(int256 value) internal pure returns (int104 downcasted) {
downcasted = int104(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(104, value);
}
}
/**
* @dev Returns the downcasted int96 from int256, reverting on
* overflow (when the input is less than smallest int96 or
* greater than largest int96).
*
* Counterpart to Solidity's `int96` operator.
*
* Requirements:
*
* - input must fit into 96 bits
*/
function toInt96(int256 value) internal pure returns (int96 downcasted) {
downcasted = int96(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(96, value);
}
}
/**
* @dev Returns the downcasted int88 from int256, reverting on
* overflow (when the input is less than smallest int88 or
* greater than largest int88).
*
* Counterpart to Solidity's `int88` operator.
*
* Requirements:
*
* - input must fit into 88 bits
*/
function toInt88(int256 value) internal pure returns (int88 downcasted) {
downcasted = int88(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(88, value);
}
}
/**
* @dev Returns the downcasted int80 from int256, reverting on
* overflow (when the input is less than smallest int80 or
* greater than largest int80).
*
* Counterpart to Solidity's `int80` operator.
*
* Requirements:
*
* - input must fit into 80 bits
*/
function toInt80(int256 value) internal pure returns (int80 downcasted) {
downcasted = int80(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(80, value);
}
}
/**
* @dev Returns the downcasted int72 from int256, reverting on
* overflow (when the input is less than smallest int72 or
* greater than largest int72).
*
* Counterpart to Solidity's `int72` operator.
*
* Requirements:
*
* - input must fit into 72 bits
*/
function toInt72(int256 value) internal pure returns (int72 downcasted) {
downcasted = int72(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(72, value);
}
}
/**
* @dev Returns the downcasted int64 from int256, reverting on
* overflow (when the input is less than smallest int64 or
* greater than largest int64).
*
* Counterpart to Solidity's `int64` operator.
*
* Requirements:
*
* - input must fit into 64 bits
*/
function toInt64(int256 value) internal pure returns (int64 downcasted) {
downcasted = int64(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(64, value);
}
}
/**
* @dev Returns the downcasted int56 from int256, reverting on
* overflow (when the input is less than smallest int56 or
* greater than largest int56).
*
* Counterpart to Solidity's `int56` operator.
*
* Requirements:
*
* - input must fit into 56 bits
*/
function toInt56(int256 value) internal pure returns (int56 downcasted) {
downcasted = int56(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(56, value);
}
}
/**
* @dev Returns the downcasted int48 from int256, reverting on
* overflow (when the input is less than smallest int48 or
* greater than largest int48).
*
* Counterpart to Solidity's `int48` operator.
*
* Requirements:
*
* - input must fit into 48 bits
*/
function toInt48(int256 value) internal pure returns (int48 downcasted) {
downcasted = int48(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(48, value);
}
}
/**
* @dev Returns the downcasted int40 from int256, reverting on
* overflow (when the input is less than smallest int40 or
* greater than largest int40).
*
* Counterpart to Solidity's `int40` operator.
*
* Requirements:
*
* - input must fit into 40 bits
*/
function toInt40(int256 value) internal pure returns (int40 downcasted) {
downcasted = int40(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(40, value);
}
}
/**
* @dev Returns the downcasted int32 from int256, reverting on
* overflow (when the input is less than smallest int32 or
* greater than largest int32).
*
* Counterpart to Solidity's `int32` operator.
*
* Requirements:
*
* - input must fit into 32 bits
*/
function toInt32(int256 value) internal pure returns (int32 downcasted) {
downcasted = int32(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(32, value);
}
}
/**
* @dev Returns the downcasted int24 from int256, reverting on
* overflow (when the input is less than smallest int24 or
* greater than largest int24).
*
* Counterpart to Solidity's `int24` operator.
*
* Requirements:
*
* - input must fit into 24 bits
*/
function toInt24(int256 value) internal pure returns (int24 downcasted) {
downcasted = int24(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(24, value);
}
}
/**
* @dev Returns the downcasted int16 from int256, reverting on
* overflow (when the input is less than smallest int16 or
* greater than largest int16).
*
* Counterpart to Solidity's `int16` operator.
*
* Requirements:
*
* - input must fit into 16 bits
*/
function toInt16(int256 value) internal pure returns (int16 downcasted) {
downcasted = int16(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(16, value);
}
}
/**
* @dev Returns the downcasted int8 from int256, reverting on
* overflow (when the input is less than smallest int8 or
* greater than largest int8).
*
* Counterpart to Solidity's `int8` operator.
*
* Requirements:
*
* - input must fit into 8 bits
*/
function toInt8(int256 value) internal pure returns (int8 downcasted) {
downcasted = int8(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(8, value);
}
}
/**
* @dev Converts an unsigned uint256 into a signed int256.
*
* Requirements:
*
* - input must be less than or equal to maxInt256.
*/
function toInt256(uint256 value) internal pure returns (int256) {
// Note: Unsafe cast below is okay because `type(int256).max` is guaranteed to be positive
if (value > uint256(type(int256).max)) {
revert SafeCastOverflowedUintToInt(value);
}
return int256(value);
}
/**
* @dev Cast a boolean (false or true) to a uint256 (0 or 1) with no jump.
*/
function toUint(bool b) internal pure returns (uint256 u) {
assembly ("memory-safe") {
u := iszero(iszero(b))
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/math/SignedMath.sol)
pragma solidity ^0.8.20;
import {SafeCast} from "./SafeCast.sol";
/**
* @dev Standard signed math utilities missing in the Solidity language.
*/
library SignedMath {
/**
* @dev Branchless ternary evaluation for `a ? b : c`. Gas costs are constant.
*
* IMPORTANT: This function may reduce bytecode size and consume less gas when used standalone.
* However, the compiler may optimize Solidity ternary operations (i.e. `a ? b : c`) to only compute
* one branch when needed, making this function more expensive.
*/
function ternary(bool condition, int256 a, int256 b) internal pure returns (int256) {
unchecked {
// branchless ternary works because:
// b ^ (a ^ b) == a
// b ^ 0 == b
return b ^ ((a ^ b) * int256(SafeCast.toUint(condition)));
}
}
/**
* @dev Returns the largest of two signed numbers.
*/
function max(int256 a, int256 b) internal pure returns (int256) {
return ternary(a > b, a, b);
}
/**
* @dev Returns the smallest of two signed numbers.
*/
function min(int256 a, int256 b) internal pure returns (int256) {
return ternary(a < b, a, b);
}
/**
* @dev Returns the average of two signed numbers without overflow.
* The result is rounded towards zero.
*/
function average(int256 a, int256 b) internal pure returns (int256) {
// Formula from the book "Hacker's Delight"
int256 x = (a & b) + ((a ^ b) >> 1);
return x + (int256(uint256(x) >> 255) & (a ^ b));
}
/**
* @dev Returns the absolute unsigned value of a signed value.
*/
function abs(int256 n) internal pure returns (uint256) {
unchecked {
// Formula from the "Bit Twiddling Hacks" by Sean Eron Anderson.
// Since `n` is a signed integer, the generated bytecode will use the SAR opcode to perform the right shift,
// taking advantage of the most significant (or "sign" bit) in two's complement representation.
// This opcode adds new most significant bits set to the value of the previous most significant bit. As a result,
// the mask will either be `bytes32(0)` (if n is positive) or `~bytes32(0)` (if n is negative).
int256 mask = n >> 255;
// A `bytes32(0)` mask leaves the input unchanged, while a `~bytes32(0)` mask complements it.
return uint256((n + mask) ^ mask);
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/Nonces.sol)
pragma solidity ^0.8.20;
/**
* @dev Provides tracking nonces for addresses. Nonces will only increment.
*/
abstract contract Nonces {
/**
* @dev The nonce used for an `account` is not the expected current nonce.
*/
error InvalidAccountNonce(address account, uint256 currentNonce);
mapping(address account => uint256) private _nonces;
/**
* @dev Returns the next unused nonce for an address.
*/
function nonces(address owner) public view virtual returns (uint256) {
return _nonces[owner];
}
/**
* @dev Consumes a nonce.
*
* Returns the current value and increments nonce.
*/
function _useNonce(address owner) internal virtual returns (uint256) {
// For each account, the nonce has an initial value of 0, can only be incremented by one, and cannot be
// decremented or reset. This guarantees that the nonce never overflows.
unchecked {
// It is important to do x++ and not ++x here.
return _nonces[owner]++;
}
}
/**
* @dev Same as {_useNonce} but checking that `nonce` is the next valid for `owner`.
*/
function _useCheckedNonce(address owner, uint256 nonce) internal virtual {
uint256 current = _useNonce(owner);
if (nonce != current) {
revert InvalidAccountNonce(owner, current);
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/Panic.sol)
pragma solidity ^0.8.20;
/**
* @dev Helper library for emitting standardized panic codes.
*
* ```solidity
* contract Example {
* using Panic for uint256;
*
* // Use any of the declared internal constants
* function foo() { Panic.GENERIC.panic(); }
*
* // Alternatively
* function foo() { Panic.panic(Panic.GENERIC); }
* }
* ```
*
* Follows the list from https://github.com/ethereum/solidity/blob/v0.8.24/libsolutil/ErrorCodes.h[libsolutil].
*
* _Available since v5.1._
*/
// slither-disable-next-line unused-state
library Panic {
/// @dev generic / unspecified error
uint256 internal constant GENERIC = 0x00;
/// @dev used by the assert() builtin
uint256 internal constant ASSERT = 0x01;
/// @dev arithmetic underflow or overflow
uint256 internal constant UNDER_OVERFLOW = 0x11;
/// @dev division or modulo by zero
uint256 internal constant DIVISION_BY_ZERO = 0x12;
/// @dev enum conversion error
uint256 internal constant ENUM_CONVERSION_ERROR = 0x21;
/// @dev invalid encoding in storage
uint256 internal constant STORAGE_ENCODING_ERROR = 0x22;
/// @dev empty array pop
uint256 internal constant EMPTY_ARRAY_POP = 0x31;
/// @dev array out of bounds access
uint256 internal constant ARRAY_OUT_OF_BOUNDS = 0x32;
/// @dev resource error (too large allocation or too large array)
uint256 internal constant RESOURCE_ERROR = 0x41;
/// @dev calling invalid internal function
uint256 internal constant INVALID_INTERNAL_FUNCTION = 0x51;
/// @dev Reverts with a panic code. Recommended to use with
/// the internal constants with predefined codes.
function panic(uint256 code) internal pure {
assembly ("memory-safe") {
mstore(0x00, 0x4e487b71)
mstore(0x20, code)
revert(0x1c, 0x24)
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/ShortStrings.sol)
pragma solidity ^0.8.20;
import {StorageSlot} from "./StorageSlot.sol";
// | string | 0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA |
// | length | 0x BB |
type ShortString is bytes32;
/**
* @dev This library provides functions to convert short memory strings
* into a `ShortString` type that can be used as an immutable variable.
*
* Strings of arbitrary length can be optimized using this library if
* they are short enough (up to 31 bytes) by packing them with their
* length (1 byte) in a single EVM word (32 bytes). Additionally, a
* fallback mechanism can be used for every other case.
*
* Usage example:
*
* ```solidity
* contract Named {
* using ShortStrings for *;
*
* ShortString private immutable _name;
* string private _nameFallback;
*
* constructor(string memory contractName) {
* _name = contractName.toShortStringWithFallback(_nameFallback);
* }
*
* function name() external view returns (string memory) {
* return _name.toStringWithFallback(_nameFallback);
* }
* }
* ```
*/
library ShortStrings {
// Used as an identifier for strings longer than 31 bytes.
bytes32 private constant FALLBACK_SENTINEL = 0x00000000000000000000000000000000000000000000000000000000000000FF;
error StringTooLong(string str);
error InvalidShortString();
/**
* @dev Encode a string of at most 31 chars into a `ShortString`.
*
* This will trigger a `StringTooLong` error is the input string is too long.
*/
function toShortString(string memory str) internal pure returns (ShortString) {
bytes memory bstr = bytes(str);
if (bstr.length > 31) {
revert StringTooLong(str);
}
return ShortString.wrap(bytes32(uint256(bytes32(bstr)) | bstr.length));
}
/**
* @dev Decode a `ShortString` back to a "normal" string.
*/
function toString(ShortString sstr) internal pure returns (string memory) {
uint256 len = byteLength(sstr);
// using `new string(len)` would work locally but is not memory safe.
string memory str = new string(32);
assembly ("memory-safe") {
mstore(str, len)
mstore(add(str, 0x20), sstr)
}
return str;
}
/**
* @dev Return the length of a `ShortString`.
*/
function byteLength(ShortString sstr) internal pure returns (uint256) {
uint256 result = uint256(ShortString.unwrap(sstr)) & 0xFF;
if (result > 31) {
revert InvalidShortString();
}
return result;
}
/**
* @dev Encode a string into a `ShortString`, or write it to storage if it is too long.
*/
function toShortStringWithFallback(string memory value, string storage store) internal returns (ShortString) {
if (bytes(value).length < 32) {
return toShortString(value);
} else {
StorageSlot.getStringSlot(store).value = value;
return ShortString.wrap(FALLBACK_SENTINEL);
}
}
/**
* @dev Decode a string that was encoded to `ShortString` or written to storage using {setWithFallback}.
*/
function toStringWithFallback(ShortString value, string storage store) internal pure returns (string memory) {
if (ShortString.unwrap(value) != FALLBACK_SENTINEL) {
return toString(value);
} else {
return store;
}
}
/**
* @dev Return the length of a string that was encoded to `ShortString` or written to storage using
* {setWithFallback}.
*
* WARNING: This will return the "byte length" of the string. This may not reflect the actual length in terms of
* actual characters as the UTF-8 encoding of a single character can span over multiple bytes.
*/
function byteLengthWithFallback(ShortString value, string storage store) internal view returns (uint256) {
if (ShortString.unwrap(value) != FALLBACK_SENTINEL) {
return byteLength(value);
} else {
return bytes(store).length;
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/StorageSlot.sol)
// This file was procedurally generated from scripts/generate/templates/StorageSlot.js.
pragma solidity ^0.8.20;
/**
* @dev Library for reading and writing primitive types to specific storage slots.
*
* Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.
* This library helps with reading and writing to such slots without the need for inline assembly.
*
* The functions in this library return Slot structs that contain a `value` member that can be used to read or write.
*
* Example usage to set ERC-1967 implementation slot:
* ```solidity
* contract ERC1967 {
* // Define the slot. Alternatively, use the SlotDerivation library to derive the slot.
* bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
*
* function _getImplementation() internal view returns (address) {
* return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
* }
*
* function _setImplementation(address newImplementation) internal {
* require(newImplementation.code.length > 0);
* StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
* }
* }
* ```
*
* TIP: Consider using this library along with {SlotDerivation}.
*/
library StorageSlot {
struct AddressSlot {
address value;
}
struct BooleanSlot {
bool value;
}
struct Bytes32Slot {
bytes32 value;
}
struct Uint256Slot {
uint256 value;
}
struct Int256Slot {
int256 value;
}
struct StringSlot {
string value;
}
struct BytesSlot {
bytes value;
}
/**
* @dev Returns an `AddressSlot` with member `value` located at `slot`.
*/
function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {
assembly ("memory-safe") {
r.slot := slot
}
}
/**
* @dev Returns a `BooleanSlot` with member `value` located at `slot`.
*/
function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {
assembly ("memory-safe") {
r.slot := slot
}
}
/**
* @dev Returns a `Bytes32Slot` with member `value` located at `slot`.
*/
function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {
assembly ("memory-safe") {
r.slot := slot
}
}
/**
* @dev Returns a `Uint256Slot` with member `value` located at `slot`.
*/
function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {
assembly ("memory-safe") {
r.slot := slot
}
}
/**
* @dev Returns a `Int256Slot` with member `value` located at `slot`.
*/
function getInt256Slot(bytes32 slot) internal pure returns (Int256Slot storage r) {
assembly ("memory-safe") {
r.slot := slot
}
}
/**
* @dev Returns a `StringSlot` with member `value` located at `slot`.
*/
function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) {
assembly ("memory-safe") {
r.slot := slot
}
}
/**
* @dev Returns an `StringSlot` representation of the string storage pointer `store`.
*/
function getStringSlot(string storage store) internal pure returns (StringSlot storage r) {
assembly ("memory-safe") {
r.slot := store.slot
}
}
/**
* @dev Returns a `BytesSlot` with member `value` located at `slot`.
*/
function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) {
assembly ("memory-safe") {
r.slot := slot
}
}
/**
* @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`.
*/
function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) {
assembly ("memory-safe") {
r.slot := store.slot
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/Strings.sol)
pragma solidity ^0.8.20;
import {Math} from "./math/Math.sol";
import {SignedMath} from "./math/SignedMath.sol";
/**
* @dev String operations.
*/
library Strings {
bytes16 private constant HEX_DIGITS = "0123456789abcdef";
uint8 private constant ADDRESS_LENGTH = 20;
/**
* @dev The `value` string doesn't fit in the specified `length`.
*/
error StringsInsufficientHexLength(uint256 value, uint256 length);
/**
* @dev Converts a `uint256` to its ASCII `string` decimal representation.
*/
function toString(uint256 value) internal pure returns (string memory) {
unchecked {
uint256 length = Math.log10(value) + 1;
string memory buffer = new string(length);
uint256 ptr;
assembly ("memory-safe") {
ptr := add(buffer, add(32, length))
}
while (true) {
ptr--;
assembly ("memory-safe") {
mstore8(ptr, byte(mod(value, 10), HEX_DIGITS))
}
value /= 10;
if (value == 0) break;
}
return buffer;
}
}
/**
* @dev Converts a `int256` to its ASCII `string` decimal representation.
*/
function toStringSigned(int256 value) internal pure returns (string memory) {
return string.concat(value < 0 ? "-" : "", toString(SignedMath.abs(value)));
}
/**
* @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.
*/
function toHexString(uint256 value) internal pure returns (string memory) {
unchecked {
return toHexString(value, Math.log256(value) + 1);
}
}
/**
* @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.
*/
function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {
uint256 localValue = value;
bytes memory buffer = new bytes(2 * length + 2);
buffer[0] = "0";
buffer[1] = "x";
for (uint256 i = 2 * length + 1; i > 1; --i) {
buffer[i] = HEX_DIGITS[localValue & 0xf];
localValue >>= 4;
}
if (localValue != 0) {
revert StringsInsufficientHexLength(value, length);
}
return string(buffer);
}
/**
* @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal
* representation.
*/
function toHexString(address addr) internal pure returns (string memory) {
return toHexString(uint256(uint160(addr)), ADDRESS_LENGTH);
}
/**
* @dev Converts an `address` with fixed length of 20 bytes to its checksummed ASCII `string` hexadecimal
* representation, according to EIP-55.
*/
function toChecksumHexString(address addr) internal pure returns (string memory) {
bytes memory buffer = bytes(toHexString(addr));
// hash the hex part of buffer (skip length + 2 bytes, length 40)
uint256 hashValue;
assembly ("memory-safe") {
hashValue := shr(96, keccak256(add(buffer, 0x22), 40))
}
for (uint256 i = 41; i > 1; --i) {
// possible values for buffer[i] are 48 (0) to 57 (9) and 97 (a) to 102 (f)
if (hashValue & 0xf > 7 && uint8(buffer[i]) > 96) {
// case shift by xoring with 0x20
buffer[i] ^= 0x20;
}
hashValue >>= 4;
}
return string(buffer);
}
/**
* @dev Returns true if the two strings are equal.
*/
function equal(string memory a, string memory b) internal pure returns (bool) {
return bytes(a).length == bytes(b).length && keccak256(bytes(a)) == keccak256(bytes(b));
}
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import {Equity} from "./Equity.sol";
import {IDecentralizedEURO} from "./interface/IDecentralizedEURO.sol";
import {IReserve} from "./interface/IReserve.sol";
import {ERC20} from "@openzeppelin/contracts/token/ERC20/ERC20.sol";
import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import {ERC20Permit} from "@openzeppelin/contracts/token/ERC20/extensions/ERC20Permit.sol";
import {ERC165} from "@openzeppelin/contracts/utils/introspection/ERC165.sol";
import {ERC3009} from "./impl/ERC3009.sol";
/**
* @title DecentralizedEURO
* @notice The DecentralizedEURO (dEURO) is an ERC-20 token that is designed to track the value of the Euro.
* It is not upgradable, but open to arbitrary minting plugins. These are automatically accepted if none of the
* qualified pool shareholders casts a veto, leading to a flexible but conservative governance.
*/
contract DecentralizedEURO is ERC20Permit, ERC3009, IDecentralizedEURO, ERC165 {
/**
* @notice Minimal fee and application period when suggesting a new minter.
*/
uint256 public constant MIN_FEE = 1000 * (10 ** 18);
uint256 public immutable MIN_APPLICATION_PERIOD; // For example: 10 days
/**
* @notice The contract that holds the reserve.
*/
IReserve public immutable override reserve;
/**
* @notice How much of the reserve belongs to the minters. Everything else belongs to the pool shareholders.
* Stored with 6 additional digits of accuracy so no rounding is necessary when dealing with parts per
* million (ppm) in reserve calculations.
*/
uint256 private minterReserveE6;
/**
* @notice Map of minters to approval time stamps. If the time stamp is in the past, the minter contract is allowed
* to mint DecentralizedEUROs.
*/
mapping(address minter => uint256 validityStart) public minters;
/**
* @notice List of positions that are allowed to mint and the minter that registered them.
*/
mapping(address position => address registeringMinter) public positions;
event MinterApplied(address indexed minter, uint256 applicationPeriod, uint256 applicationFee, string message);
event MinterDenied(address indexed minter, string message);
event Loss(address indexed reportingMinter, uint256 amount);
event Profit(address indexed reportingMinter, uint256 amount);
event ProfitDistributed(address indexed recipient, uint256 amount);
error PeriodTooShort();
error FeeTooLow();
error AlreadyRegistered();
error NotMinter();
error TooLate();
modifier minterOnly() {
if (!isMinter(msg.sender) && !isMinter(positions[msg.sender])) revert NotMinter();
_;
}
/**
* @notice Initiates the DecentralizedEURO with the provided minimum application period for new plugins
* in seconds, for example 10 days, i.e. 3600*24*10 = 864000
*/
constructor(uint256 _minApplicationPeriod) ERC20Permit("DecentralizedEURO") ERC20("DecentralizedEURO", "dEURO") {
MIN_APPLICATION_PERIOD = _minApplicationPeriod;
reserve = new Equity(this);
}
function initialize(address _minter, string calldata _message) external {
require(totalSupply() == 0 && reserve.totalSupply() == 0);
minters[_minter] = block.timestamp;
emit MinterApplied(_minter, 0, 0, _message);
}
/**
* @notice Publicly accessible method to suggest a new way of minting DecentralizedEURO.
* @dev The caller has to pay an application fee that is irrevocably lost even if the new minter is vetoed.
* The caller must assume that someone will veto the new minter unless there is broad consensus that the new minter
* adds value to the DecentralizedEURO system. Complex proposals should have application periods and applications fees
* above the minimum. It is assumed that over time, informal ways to coordinate on new minters will emerge. The message
* parameter might be useful for initiating further communication. Maybe it contains a link to a website describing
* the proposed minter.
*
* @param _minter An address that is given the permission to mint DecentralizedEUROs
* @param _applicationPeriod The time others have to veto the suggestion, at least MIN_APPLICATION_PERIOD
* @param _applicationFee The fee paid by the caller, at least MIN_FEE
* @param _message An optional human readable message to everyone watching this contract
*/
function suggestMinter(
address _minter,
uint256 _applicationPeriod,
uint256 _applicationFee,
string calldata _message
) external override {
if (_applicationPeriod < MIN_APPLICATION_PERIOD) revert PeriodTooShort();
if (_applicationFee < MIN_FEE) revert FeeTooLow();
if (minters[_minter] != 0) revert AlreadyRegistered();
_collectProfits(address(this), msg.sender, _applicationFee);
minters[_minter] = block.timestamp + _applicationPeriod;
emit MinterApplied(_minter, _applicationPeriod, _applicationFee, _message);
}
/**
* @notice Make the system more user friendly by skipping the allowance in many cases.
* @dev We trust minters and the positions they have created to mint and burn as they please, so
* giving them arbitrary allowances does not pose an additional risk.
*/
function allowance(address owner, address spender) public view override(IERC20, ERC20) returns (uint256) {
uint256 explicit = super.allowance(owner, spender);
if (explicit > 0) {
return explicit; // don't waste gas checking minter
}
if (spender == address(reserve)) {
return type(uint256).max;
}
if (
(isMinter(spender) || isMinter(getPositionParent(spender))) &&
(isMinter(owner) || positions[owner] != address(0) || owner == address(reserve))
) {
return type(uint256).max;
}
return 0;
}
/**
* @notice The reserve provided by the owners of collateralized positions.
* @dev The minter reserve can be used to cover losses after the equity holders have been wiped out.
*/
function minterReserve() public view returns (uint256) {
return minterReserveE6 / 1000000;
}
/**
* @notice Allows minters to register collateralized debt positions, thereby giving them the ability to mint DecentralizedEUROs.
* @dev It is assumed that the responsible minter that registers the position ensures that the position can be trusted.
*/
function registerPosition(address _position) external override {
if (!isMinter(msg.sender)) revert NotMinter();
positions[_position] = msg.sender;
}
/**
* @notice The amount of equity of the DecentralizedEURO system in dEURO, owned by the holders of Native Decentralized Euro Protocol Shares.
* @dev Note that the equity contract technically holds both the minter reserve as well as the equity, so the minter
* reserve must be subtracted. All fees and other kinds of income are added to the Equity contract and essentially
* constitute profits attributable to the pool shareholders.
*/
function equity() public view returns (uint256) {
uint256 balance = balanceOf(address(reserve));
uint256 minReserve = minterReserve();
if (balance <= minReserve) {
return 0;
} else {
return balance - minReserve;
}
}
/**
* @notice Qualified pool shareholders can deny minters during the application period.
* @dev Calling this function is relatively cheap thanks to the deletion of a storage slot.
*/
function denyMinter(address _minter, address[] calldata _helpers, string calldata _message) external override {
if (block.timestamp > minters[_minter]) revert TooLate();
reserve.checkQualified(msg.sender, _helpers);
delete minters[_minter];
emit MinterDenied(_minter, _message);
}
/**
* @notice Mints the provided amount of dEURO to the target address, automatically forwarding
* the minting fee and the reserve to the right place.
*/
function mintWithReserve(
address _target,
uint256 _amount,
uint32 _reservePPM
) external override minterOnly {
uint256 usableMint = (_amount * (1000_000 - _reservePPM)) / 1000_000; // rounding down is fine
_mint(_target, usableMint);
_mint(address(reserve), _amount - usableMint); // rest goes to equity as reserves or as fees
minterReserveE6 += _amount * _reservePPM;
}
function mint(address _target, uint256 _amount) external override minterOnly {
_mint(_target, _amount);
}
/**
* Anyone is allowed to burn their dEURO.
*/
function burn(uint256 _amount) external {
_burn(msg.sender, _amount);
}
/**
* @notice Burn someone else's dEURO.
*/
function burnFrom(address _owner, uint256 _amount) external override minterOnly {
_spendAllowance(_owner, msg.sender, _amount);
_burn(_owner, _amount);
}
/**
* @notice Burn the amount without reclaiming the reserve, but freeing it up and thereby essentially donating it to the
* pool shareholders. This can make sense in combination with 'coverLoss', i.e. when it is the pool shareholders
* that bear the risk and depending on the outcome they make a profit or a loss.
*
* Design rule: Minters calling this method are only allowed to do so for token amounts they previously minted with
* the same _reservePPM amount.
*
* For example, if someone minted 50 dEURO earlier with a 20% reserve requirement (200000 ppm), they got 40 dEURO
* and paid 10 dEURO into the reserve. Now they want to repay the debt by burning 50 dEURO. When doing so using this
* method, 50 dEURO get burned and on top of that, 10 dEURO previously assigned to the minter's reserve are
* reassigned to the pool shareholders.
*/
function burnWithoutReserve(uint256 amount, uint32 reservePPM) public override minterOnly {
_burn(msg.sender, amount);
uint256 equityBefore = equity();
uint256 reserveReduction = amount * reservePPM;
minterReserveE6 = minterReserveE6 > reserveReduction ? minterReserveE6 - reserveReduction : 0;
uint256 equityAfter = equity();
if (equityAfter > equityBefore) {
emit Profit(msg.sender, equityAfter - equityBefore);
}
}
/**
* @notice Burns the target amount taking the tokens to be burned from the payer and the payer's reserve.
* Only use this method for tokens also minted by the caller with the same reservePPM.
*
* Example: the calling contract has previously minted 100 dEURO with a reserve ratio of 20% (i.e. 200000 ppm).
* To burn half of that again, the minter calls burnFromWithReserve with a target amount of 50 dEURO. Assuming that reserves
* are only 90% covered, this call will deduct 41 dEURO from the payer's balance and 9 from the reserve, while
* reducing the minter reserve by 10.
*/
function burnFromWithReserve(
address payer,
uint256 targetTotalBurnAmount,
uint32 reservePPM
) public override minterOnly returns (uint256) {
uint256 assigned = calculateAssignedReserve(targetTotalBurnAmount, reservePPM);
_spendAllowance(payer, msg.sender, targetTotalBurnAmount - assigned); // spend amount excluding the reserve
_burn(address(reserve), assigned); // burn reserve amount from the reserve
_burn(payer, targetTotalBurnAmount - assigned); // burn remaining amount from the payer
minterReserveE6 -= targetTotalBurnAmount * reservePPM; // reduce reserve requirements by original ratio
return assigned;
}
/**
* @notice Burns `amountExcludingReserve * (1e6 / (1e6 - reservePPM)) from payer with an adjustment for
* incurred reserve losses (handled by `calculateFreedAmount`). That is, `amountExcludingReserve` is the
* amount to be burnt excluding the reserve portion, i.e. the net amount.
*/
function burnFromWithReserveNet(
address payer,
uint256 amountExcludingReserve,
uint32 reservePPM
) external override minterOnly returns (uint256) {
uint256 freedAmount = calculateFreedAmount(amountExcludingReserve, reservePPM); // Add reserve portion
uint256 theoreticalAmount = (1000000 * amountExcludingReserve) / (1000000 - reservePPM);
minterReserveE6 -= theoreticalAmount * reservePPM; // reduce reserve requirements by original ratio
_transfer(address(reserve), payer, freedAmount - amountExcludingReserve); // collect assigned reserve
_burn(payer, freedAmount); // burn the freed amount
return freedAmount;
}
/**
* @notice Calculates the assigned reserve for a given amount and reserve requirement, adjusted for reserve losses.
* @return `amountExcludingReserve` plus its share of the reserve.
*/
function calculateFreedAmount(
uint256 amountExcludingReserve /* 41 */,
uint32 _reservePPM /* 20% */
) public view returns (uint256) {
uint256 currentReserve = balanceOf(address(reserve));
uint256 minterReserve_ = minterReserve();
uint256 adjustedReservePPM = currentReserve < minterReserve_
? (_reservePPM * currentReserve) / minterReserve_
: _reservePPM;
return (1000000 * amountExcludingReserve) / (1000000 - adjustedReservePPM);
}
/**
* @notice Calculates the reserve attributable to someone who minted the given amount with the given reserve requirement.
* Under normal circumstances, this is just the reserve requirement multiplied by the amount. However, after a
* severe loss of capital that burned into the minter's reserve, this can also be less than that.
*/
function calculateAssignedReserve(uint256 mintedAmount, uint32 _reservePPM) public view returns (uint256) {
uint256 theoreticalReserve = (_reservePPM * mintedAmount) / 1000000;
uint256 currentReserve = balanceOf(address(reserve));
uint256 minterReserve_ = minterReserve();
if (currentReserve < minterReserve_) {
// not enough reserves, owner has to take a loss
return (theoreticalReserve * currentReserve) / minterReserve_;
} else {
return theoreticalReserve;
}
}
/**
* @notice Notify the DecentralizedEURO that a minter lost economic access to some coins. This does not mean that the coins are
* literally lost. It just means that some dEURO will likely never be repaid and that in order to bring the system
* back into balance, the lost amount of dEURO must be removed from the reserve instead.
*
* For example, if a minter printed 1 million dEURO for a mortgage and the mortgage turned out to be unsound with
* the house only yielding 800,000 in the subsequent auction, there is a loss of 200,000 that needs to be covered
* by the reserve.
*/
function coverLoss(address source, uint256 _amount) external override minterOnly {
_withdrawFromReserve(source, _amount);
emit Loss(source, _amount);
}
/**
* @notice Distribute profits (e.g., savings interest) from the reserve to recipients.
*
* @param recipient The address receiving the payout.
* @param amount The amount of dEURO to distribute.
*/
function distributeProfits(address recipient, uint256 amount) external override minterOnly {
_withdrawFromReserve(recipient, amount);
emit ProfitDistributed(recipient, amount);
}
function collectProfits(address source, uint256 _amount) external override minterOnly {
_collectProfits(msg.sender, source, _amount);
}
function _collectProfits(address minter, address source, uint256 _amount) internal {
_transfer(source, address(reserve), _amount);
emit Profit(minter, _amount);
}
/**
* @notice Transfers the specified amount from the reserve if possible; mints the remainder if necessary.
* @param recipient The address receiving the funds.
* @param amount The total amount to be paid.
*/
function _withdrawFromReserve(address recipient, uint256 amount) internal {
uint256 reserveLeft = balanceOf(address(reserve));
if (reserveLeft >= amount) {
_transfer(address(reserve), recipient, amount);
} else {
_transfer(address(reserve), recipient, reserveLeft);
_mint(recipient, amount - reserveLeft);
}
}
/**
* @notice Returns true if the address is an approved minter.
*/
function isMinter(address _minter) public view override returns (bool) {
return minters[_minter] != 0 && block.timestamp >= minters[_minter];
}
/**
* @notice Returns the address of the minter that created this position or null if the provided address is unknown.
*/
function getPositionParent(address _position) public view override returns (address) {
return positions[_position];
}
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return
interfaceId == type(IERC20).interfaceId ||
interfaceId == type(ERC20Permit).interfaceId ||
interfaceId == type(ERC3009).interfaceId ||
interfaceId == type(IDecentralizedEURO).interfaceId ||
super.supportsInterface(interfaceId);
}
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import {DecentralizedEURO} from "./DecentralizedEURO.sol";
import {ERC165} from "@openzeppelin/contracts/utils/introspection/ERC165.sol";
import {ERC20Permit} from "@openzeppelin/contracts/token/ERC20/extensions/ERC20Permit.sol";
import {ERC20} from "@openzeppelin/contracts/token/ERC20/ERC20.sol";
import {ERC3009} from "./impl/ERC3009.sol";
import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import {IReserve} from "./interface/IReserve.sol";
import {MathUtil} from "./utils/MathUtil.sol";
/**
* @title Equity
* @notice If the DecentralizedEURO system was a bank, this contract would represent the equity on its balance sheet.
* Like a corporation, the owners of the equity capital are the shareholders, or in this case the holders
* of Native Decentralized Euro Protocol Share (nDEPS) tokens. Anyone can mint additional nDEPS tokens by adding DecentralizedEUROs to the
* reserve pool. Also, nDEPS tokens can be redeemed for DecentralizedEUROs again after a minimum holding period.
* Furthermore, the nDEPS shares come with some voting power. Anyone that held at least 2% of the holding-period-
* weighted reserve pool shares gains veto power and can veto new proposals.
*/
contract Equity is ERC20Permit, ERC3009, MathUtil, IReserve, ERC165 {
/**
* The VALUATION_FACTOR determines the market cap of the reserve pool shares relative to the equity reserves.
* The following always holds: Market Cap = Valuation Factor * Equity Reserve = Price * Supply
*
* In the absence of fees, profits and losses, the variables grow as follows when nDEPS tokens are minted:
*
* | Reserve | Market Cap | Price | Supply |
* | 1_000 | 5_000 | 0.0005 | 10_000_000 |
* | 100_000_000 | 500_000_000 | 5 | 100_000_000 |
* | 10_000_000_000_000 | 50_000_000_000_000 | 50_000 | 1_000_000_000 |
*
* i.e., the supply is proportional to the fifth root of the reserve and the price is proportional to the
* squared cubic root. When profits accumulate or losses materialize, the reserve, the market cap,
* and the price are adjusted proportionally. In the absence of extreme inflation of the Euro, it is unlikely
* that there will ever be more than ten million nDEPS.
*/
uint32 public constant VALUATION_FACTOR = 5; // Changed from 3 to 5 as requested
uint256 private constant MINIMUM_EQUITY = 1_000 * ONE_DEC18;
/**
* @notice The quorum in basis points. 100 is 1%.
*/
uint32 private constant QUORUM = 200;
/**
* @notice The number of digits to store the average holding time of share tokens.
*/
uint8 private constant TIME_RESOLUTION_BITS = 20;
/**
* @notice The minimum holding duration. You are not allowed to redeem your pool shares if you held them
* for less than the minimum holding duration at average. For example, if you have two pool shares at your
* address, one acquired 5 days ago and one acquired 105 days ago, you cannot redeem them as the average
* holding duration of your shares is only 55 days < 90 days.
*/
uint256 public constant MIN_HOLDING_DURATION = 90 days << TIME_RESOLUTION_BITS; // Set to 5 for local testing
DecentralizedEURO public immutable dEURO;
/**
* @dev To track the total number of votes we need to know the number of votes at the anchor time and when the
* anchor time was. This is (hopefully) stored in one 256 bit slot, with the anchor time taking 64 Bits and
* the total vote count 192 Bits. Given the sub-second resolution of 20 Bits, the implicit assumption is
* that the timestamp can always be stored in 44 Bits (i.e., it does not exceed half a million years). Further,
* given 18 decimals (about 60 Bits), this implies that the total supply cannot exceed
* 192 - 60 - 44 - 20 = 68 Bits
* Here, we are also safe, as 68 Bits would imply more than a trillion outstanding shares. In fact,
* a limit of about 2**36 shares (that's about 2**96 Bits when taking into account the decimals) is imposed
* when minting. This means that the maximum supply is billions of shares, which could only be reached in
* a scenario with hyperinflation, in which case the stablecoin is worthless anyway.
*/
uint192 private totalVotesAtAnchor; // Total number of votes at the anchor time
uint64 private totalVotesAnchorTime; // 44 Bits for the time stamp, 20 Bit sub-second resolution
/**
* @notice Keeping track of who delegated votes to whom.
* Note that delegation does not mean you cannot vote / veto anymore; it just means that the delegate can
* benefit from your votes when invoking a veto. Circular delegations are valid but do not help when voting.
*/
mapping(address owner => address delegate) public delegates;
/**
* @notice A time stamp in the past such that: votes = balance * (time passed since anchor was set).
*/
mapping(address owner => uint64 timestamp) private voteAnchor; // 44 bits for time stamp, 20 sub-second resolution
event Delegation(address indexed from, address indexed to); // indicates a delegation
event Trade(address who, int256 amount, uint256 totPrice, uint256 newprice); // amount pos or neg for mint or redemption
error BelowMinimumHoldingPeriod();
error NotQualified();
error NotMinter();
error InsufficientEquity();
error TooManyShares();
error TotalSupplyExceeded();
constructor(
DecentralizedEURO dEURO_
)
ERC20Permit("Native Decentralized Euro Protocol Share")
ERC20("Native Decentralized Euro Protocol Share", "nDEPS")
{
dEURO = dEURO_;
}
/**
* @notice Returns the price of one nDEPS in dEURO with 18 decimals precision.
*/
function price() public view returns (uint256) {
uint256 equity = dEURO.equity();
if (equity == 0 || totalSupply() == 0) {
return 10 ** 14;
} else {
return (VALUATION_FACTOR * dEURO.equity() * ONE_DEC18) / totalSupply();
}
}
function _update(address from, address to, uint256 value) internal override {
if (value > 0) {
// No need to adjust the sender's votes. When they send out 10% of their shares, they also lose 10% of
// their votes, so everything falls nicely into place. Recipient votes should stay the same, but grow
// faster in the future, requiring an adjustment of the anchor.
uint256 roundingLoss = _adjustRecipientVoteAnchor(to, value);
// The total also must be adjusted and kept accurate by taking into account the rounding error.
_adjustTotalVotes(from, value, roundingLoss);
}
super._update(from, to, value);
}
/**
* @notice Returns whether the given address is allowed to redeem nDEPS, which is the
* case after their average holding duration is larger than the required minimum.
*/
function canRedeem(address owner) public view returns (bool) {
return _anchorTime() - voteAnchor[owner] >= MIN_HOLDING_DURATION;
}
/**
* @notice Decrease the total votes anchor when tokens lose their voting power due to being moved.
* @param from sender
* @param amount amount to be sent
*/
function _adjustTotalVotes(address from, uint256 amount, uint256 roundingLoss) internal {
uint64 time = _anchorTime();
uint256 lostVotes = from == address(0x0) ? 0 : (time - voteAnchor[from]) * amount;
totalVotesAtAnchor = uint192(totalVotes() - roundingLoss - lostVotes);
totalVotesAnchorTime = time;
}
/**
* @notice The vote anchor of the recipient is moved forward such that the number of calculated
* votes does not change despite the higher balance.
* @param to receiver address
* @param amount amount to be received
* @return the number of votes lost due to rounding errors
*/
function _adjustRecipientVoteAnchor(address to, uint256 amount) internal returns (uint256) {
if (to != address(0x0)) {
uint256 recipientVotes = votes(to); // for example 21 if 7 shares were held for 3 seconds
uint256 newbalance = balanceOf(to) + amount; // for example 11 if 4 shares are added
// new example: anchor is only 21 / 11 = ~1 second in the past
voteAnchor[to] = uint64(_anchorTime() - recipientVotes / newbalance);
return recipientVotes % newbalance; // we have lost 21 % 11 = 10 votes
} else {
// optimization for burn, vote anchor of null address does not matter
return 0;
}
}
/**
* @notice Time stamp with some additional bits for higher resolution.
*/
function _anchorTime() internal view returns (uint64) {
return uint64(block.timestamp << TIME_RESOLUTION_BITS);
}
/**
* @notice The relative voting power of the address.
* @return A percentage with 1e18 being 100%
*/
function relativeVotes(address holder) external view returns (uint256) {
return (ONE_DEC18 * votes(holder)) / totalVotes();
}
/**
* @notice The votes of the holder, excluding votes from delegates.
*/
function votes(address holder) public view returns (uint256) {
return balanceOf(holder) * (_anchorTime() - voteAnchor[holder]);
}
/**
* @notice How long the holder already held onto their average nDEPS in seconds.
*/
function holdingDuration(address holder) public view returns (uint256) {
return (_anchorTime() - voteAnchor[holder]) >> TIME_RESOLUTION_BITS;
}
/**
* @notice Total number of votes in the system.
*/
function totalVotes() public view returns (uint256) {
return totalVotesAtAnchor + totalSupply() * (_anchorTime() - totalVotesAnchorTime);
}
/**
* @notice The number of votes the sender commands when taking the support of the helpers into account.
* @param sender The address whose total voting power is of interest
* @param helpers An incrementally sorted list of helpers without duplicates and without the sender.
* The call fails if the list contains an address that does not delegate to sender.
* For indirect delegates, i.e. a -> b -> c, both a and b must be included for both to count.
* @return The total number of votes of sender at the current point in time.
*/
function votesDelegated(address sender, address[] calldata helpers) public view returns (uint256) {
uint256 _votes = votes(sender);
require(_checkDuplicatesAndSorted(helpers));
for (uint i = 0; i < helpers.length; i++) {
address current = helpers[i];
require(current != sender);
require(_canVoteFor(sender, current));
_votes += votes(current);
}
return _votes;
}
function _checkDuplicatesAndSorted(address[] calldata helpers) internal pure returns (bool ok) {
if (helpers.length <= 1) {
return true;
} else {
address prevAddress = helpers[0];
for (uint i = 1; i < helpers.length; i++) {
if (helpers[i] <= prevAddress) {
return false;
}
prevAddress = helpers[i];
}
return true;
}
}
/**
* @notice Checks whether the sender address is qualified given a list of helpers that delegated their votes
* directly or indirectly to the sender. It is the responsibility of the caller to figure out whether
* helpers are necessary and to identify them by scanning the blockchain for Delegation events.
*/
function checkQualified(address sender, address[] calldata helpers) public view override {
uint256 _votes = votesDelegated(sender, helpers);
if (_votes * 10_000 < QUORUM * totalVotes()) revert NotQualified();
}
/**
* @notice Increases the voting power of the delegate by your number of votes without taking away any voting power
* from the sender.
*/
function delegateVoteTo(address delegate) external {
delegates[msg.sender] = delegate;
emit Delegation(msg.sender, delegate);
}
function _canVoteFor(address delegate, address owner) internal view returns (bool) {
if (owner == delegate) {
return true;
} else if (owner == address(0x0)) {
return false;
} else {
return _canVoteFor(delegate, delegates[owner]);
}
}
/**
* @notice Since quorum is rather low, it is important to have a way to prevent malicious minority holders
* from blocking the whole system. This method provides a way for the good guys to team up and destroy
* the bad guy's votes (at the cost of also reducing their own votes). This mechanism potentially
* gives full control over the system to whoever has 51% of the votes.
*
* Since this is a rather aggressive measure, delegation is not supported. Every holder must call this
* method on their own.
* @param targets The target addresses to remove votes from
* @param votesToDestroy The maximum number of votes the caller is willing to sacrifice
*/
function kamikaze(address[] calldata targets, uint256 votesToDestroy) external {
uint256 budget = _reduceVotes(msg.sender, votesToDestroy);
uint256 destroyedVotes = 0;
for (uint256 i = 0; i < targets.length && destroyedVotes < budget; i++) {
destroyedVotes += _reduceVotes(targets[i], budget - destroyedVotes);
}
require(destroyedVotes > 0); // sanity check
totalVotesAtAnchor = uint192(totalVotes() - destroyedVotes - budget);
totalVotesAnchorTime = _anchorTime();
}
function _reduceVotes(address target, uint256 amount) internal returns (uint256) {
uint256 votesBefore = votes(target);
if (amount >= votesBefore) {
amount = votesBefore;
voteAnchor[target] = _anchorTime();
return votesBefore;
} else {
voteAnchor[target] = uint64(_anchorTime() - (votesBefore - amount) / balanceOf(target));
return votesBefore - votes(target);
}
}
/**
* @notice Call this method to obtain newly minted pool shares in exchange for DecentralizedEUROs.
* No allowance required (i.e., it is hard-coded in the DecentralizedEURO token contract).
* Make sure to invest at least 10e-12 * market cap to avoid rounding losses.
*
* @dev If equity is close to zero or negative, you need to send enough dEURO to bring equity back to 1_000 dEURO.
*
* @param amount DecentralizedEUROs to invest
* @param expectedShares Minimum amount of expected shares for front running protection
*/
function invest(uint256 amount, uint256 expectedShares) external returns (uint256) {
return _invest(_msgSender(), amount, expectedShares);
}
function investFor(address investor, uint256 amount, uint256 expectedShares) external returns (uint256) {
if (!dEURO.isMinter(_msgSender())) revert NotMinter();
return _invest(investor, amount, expectedShares);
}
function _invest(address investor, uint256 amount, uint256 expectedShares) internal returns (uint256) {
dEURO.transferFrom(investor, address(this), amount);
uint256 equity = dEURO.equity();
if (equity < MINIMUM_EQUITY) revert InsufficientEquity(); // ensures that the initial deposit is at least 1_000 dEURO
uint256 shares = _calculateShares(equity <= amount ? 0 : equity - amount, amount);
require(shares >= expectedShares);
_mint(investor, shares);
emit Trade(investor, int(shares), amount, price());
// limit the total supply to a reasonable amount to guard against overflows with price and vote calculations
if(totalSupply() > type(uint96).max) revert TotalSupplyExceeded();
return shares;
}
/**
* @notice Calculate shares received when investing DecentralizedEUROs
* @param investment dEURO to be invested
* @return shares to be received in return
*/
function calculateShares(uint256 investment) external view returns (uint256) {
return _calculateShares(dEURO.equity(), investment);
}
function _calculateShares(uint256 capitalBefore, uint256 investment) internal view returns (uint256) {
uint256 totalShares = totalSupply();
uint256 investmentExFees = (investment * 980) / 1_000; // remove 2% fee
// Assign 10_000_000 nDEPS for the initial deposit, calculate the amount otherwise
uint256 newTotalShares = (capitalBefore < MINIMUM_EQUITY || totalShares == 0)
? totalShares + 10_000_000 * ONE_DEC18
: _mulD18(totalShares, _fifthRoot(_divD18(capitalBefore + investmentExFees, capitalBefore)));
return newTotalShares - totalShares;
}
/**
* @notice Redeem the given amount of shares owned by the sender and transfer the proceeds to the target.
* @return The amount of dEURO transferred to the target
*/
function redeem(address target, uint256 shares) external returns (uint256) {
return _redeemFrom(msg.sender, target, shares);
}
/**
* @notice Like redeem(...), but with an extra parameter to protect against front running.
* @param expectedProceeds The minimum acceptable redemption proceeds.
*/
function redeemExpected(address target, uint256 shares, uint256 expectedProceeds) external returns (uint256) {
uint256 proceeds = _redeemFrom(msg.sender, target, shares);
require(proceeds >= expectedProceeds);
return proceeds;
}
/**
* @notice Redeem nDEPS based on an allowance from the owner to the caller.
* See also redeemExpected(...).
*/
function redeemFrom(
address owner,
address target,
uint256 shares,
uint256 expectedProceeds
) external returns (uint256) {
_spendAllowance(owner, msg.sender, shares);
uint256 proceeds = _redeemFrom(owner, target, shares);
require(proceeds >= expectedProceeds);
return proceeds;
}
function _redeemFrom(address owner, address target, uint256 shares) internal returns (uint256) {
if(!canRedeem(owner)) revert BelowMinimumHoldingPeriod();
uint256 proceeds = calculateProceeds(shares);
_burn(owner, shares);
dEURO.transfer(target, proceeds);
emit Trade(owner, -int(shares), proceeds, price());
return proceeds;
}
/**
* @notice Calculate dEURO received when depositing shares
* @param shares number of shares we want to exchange for dEURO,
* in dec18 format
* @return amount of dEURO received for the shares
*/
function calculateProceeds(uint256 shares) public view returns (uint256) {
uint256 totalShares = totalSupply();
if (shares + ONE_DEC18 >= totalShares) revert TooManyShares(); // make sure there is always at least one share
uint256 capital = dEURO.equity();
uint256 reductionAfterFees = (shares * 980) / 1_000; // remove 2% fee
uint256 newCapital = _mulD18(capital, _power5(_divD18(totalShares - reductionAfterFees, totalShares)));
return capital - newCapital;
}
/**
* @notice If there is less than 1_000 dEURO in equity left (maybe even negative), the system is at risk
* and we should allow qualified nDEPS holders to restructure the system.
*
* Example: there was a devastating loss and equity stands at -1'000'000. Most shareholders have lost hope in the
* DecentralizedEURO system except for a group of small nDEPS holders who still believe in it and are willing to provide
* 2'000'000 dEURO to save it. These brave souls are essentially donating 1'000'000 to the minter reserve and it
* would be wrong to force them to share the other million with the passive nDEPS holders. Instead, they will get
* the possibility to bootstrap the system again owning 100% of all nDEPS shares.
*
* @param helpers A list of addresses that delegate to the caller in incremental order
* @param addressesToWipe A list of addresses whose nDEPS will be burned to zero
*/
function restructureCapTable(address[] calldata helpers, address[] calldata addressesToWipe) external {
require(dEURO.equity() < MINIMUM_EQUITY);
checkQualified(msg.sender, helpers);
for (uint256 i = 0; i < addressesToWipe.length; i++) {
address current = addressesToWipe[i];
_burn(current, balanceOf(current));
}
}
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return
interfaceId == type(IERC20).interfaceId ||
interfaceId == type(ERC20Permit).interfaceId ||
interfaceId == type(ERC3009).interfaceId ||
super.supportsInterface(interfaceId);
}
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
interface IFrontendGateway {
struct FrontendCode {
uint256 balance;
address owner;
}
event FrontendCodeRegistered(address owner, bytes32 frontendCode);
event FrontendCodeTransferred(address from, address to, bytes32 frontendCode);
event FrontendCodeRewardsWithdrawn(address to, uint256 amount, bytes32 frontendCode);
event NewPositionRegistered(address position, bytes32 frontendCode);
event RateChangesProposed(address who, uint24 nextFeeRate, uint24 nextSavingsFeeRate, uint24 nextMintingFeeRate, uint256 nextChange);
event RateChangesExecuted(address who, uint24 nextFeeRate, uint24 nextSavingsFeeRate, uint24 nextMintingFeeRate);
error FrontendCodeAlreadyExists();
error NotFrontendCodeOwner();
error NotGatewayService();
error ProposedChangesToHigh();
error NoOpenChanges();
error NotDoneWaiting(uint256 minmumExecutionTime);
error EquityTooLow();
function invest(uint256 amount, uint256 expectedShares, bytes32 frontendCode) external returns (uint256);
function redeem(address target, uint256 shares, uint256 expectedProceeds, bytes32 frontendCode) external returns (uint256);
function unwrapAndSell(uint256 amount, bytes32 frontendCode) external returns (uint256);
function updateSavingCode(address savingsOwner, bytes32 frontendCode) external;
function updateSavingRewards(address saver, uint256 interest) external;
function registerPosition(address position, bytes32 frontendCode) external;
function updatePositionRewards(address position, uint256 amount) external;
function getPositionFrontendCode(address position)view external returns(bytes32);
// Frontend Code Logic
function registerFrontendCode(bytes32 frontendCode) external returns (bool);
function transferFrontendCode(bytes32 frontendCode, address to) external returns (bool);
function withdrawRewards(bytes32 frontendCode) external returns (uint256);
function withdrawRewardsTo(bytes32 frontendCode, address to) external returns (uint256);
// Governance
function proposeChanges(uint24 newFeeRatePPM_, uint24 newSavingsFeeRatePPM_, uint24 newMintingFeeRatePPM_, address[] calldata helpers) external;
function executeChanges() external;
}// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.10;
import {IMintingHub} from "../../MintingHubV2/interface/IMintingHub.sol";
import {IFrontendGateway} from "./IFrontendGateway.sol";
interface IMintingHubGateway {
function GATEWAY() external view returns (IFrontendGateway);
function notifyInterestPaid(uint256 amount) external;
function openPosition(address _collateralAddress, uint256 _minCollateral, uint256 _initialCollateral, uint256 _mintingMaximum, uint40 _initPeriodSeconds, uint40 _expirationSeconds, uint40 _challengeSeconds, uint24 _riskPremium, uint256 _liqPrice, uint24 _reservePPM, bytes32 _frontendCode) external returns (address);
function clone(address owner, address parent, uint256 _initialCollateral, uint256 _initialMint, uint40 expiration, bytes32 frontendCode) external returns (address);
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.10;
import {IFrontendGateway} from "./interface/IFrontendGateway.sol";
import {Context} from "@openzeppelin/contracts/utils/Context.sol";
import {IDecentralizedEURO} from "../interface/IDecentralizedEURO.sol";
import {Savings} from "../Savings.sol";
contract SavingsGateway is Savings, Context {
IFrontendGateway public immutable GATEWAY;
constructor(IDecentralizedEURO deuro_, uint24 initialRatePPM, address gateway_) Savings(deuro_, initialRatePPM) {
GATEWAY = IFrontendGateway(gateway_);
}
function refresh(address accountOwner) internal override returns (Account storage) {
Account storage account = savings[accountOwner];
uint64 ticks = currentTicks();
if (ticks > account.ticks) {
uint192 earnedInterest = calculateInterest(account, ticks);
if (earnedInterest > 0) {
// collect interest as you go and trigger accounting event
(IDecentralizedEURO(address(deuro))).distributeProfits(address(this), earnedInterest);
account.saved += earnedInterest;
GATEWAY.updateSavingRewards(accountOwner, earnedInterest);
emit InterestCollected(accountOwner, earnedInterest);
}
account.ticks = ticks;
}
return account;
}
function save(uint192 amount, bytes32 frontendCode) public {
save(_msgSender(), amount, frontendCode);
}
function save(address owner, uint192 amount, bytes32 frontendCode) public {
GATEWAY.updateSavingCode(_msgSender(), frontendCode);
save(owner, amount);
}
function adjust(uint192 targetAmount, bytes32 frontendCode) public {
GATEWAY.updateSavingCode(_msgSender(), frontendCode);
adjust(targetAmount);
}
function withdraw(address target, uint192 amount, bytes32 frontendCode) public returns (uint256) {
GATEWAY.updateSavingCode(_msgSender(), frontendCode);
return withdraw(target, amount);
}
}// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.10;
import {ERC20} from "@openzeppelin/contracts/token/ERC20/ERC20.sol";
import {ECDSA} from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
import {EIP712} from "@openzeppelin/contracts/utils/cryptography/EIP712.sol";
abstract contract ERC3009 is ERC20, EIP712 {
bytes32 public constant TRANSFER_WITH_AUTHORIZATION_TYPEHASH =
keccak256(
"TransferWithAuthorization(address from,address to,uint256 value,uint256 validAfter,uint256 validBefore,bytes32 nonce)"
);
bytes32 public constant RECEIVE_WITH_AUTHORIZATION_TYPEHASH =
keccak256(
"ReceiveWithAuthorization(address from,address to,uint256 value,uint256 validAfter,uint256 validBefore,bytes32 nonce)"
);
bytes32 public constant CANCEL_AUTHORIZATION_TYPEHASH =
keccak256("CancelAuthorization(address authorizer,bytes32 nonce)");
/**
* @dev authorizer address => nonce => state (true = used / false = unused)
*/
mapping(address => mapping(bytes32 => bool)) internal _authorizationStates;
event AuthorizationUsed(address indexed authorizer, bytes32 indexed nonce);
event AuthorizationCanceled(address indexed authorizer, bytes32 indexed nonce);
string internal constant _INVALID_SIGNATURE_ERROR = "EIP3009: invalid signature";
string internal constant _AUTHORIZATION_USED_ERROR = "EIP3009: authorization is used";
/**
* @notice Returns the state of an authorization
* @dev Nonces are randomly generated 32-byte data unique to the authorizer's
* address
* @param authorizer Authorizer's address
* @param nonce Nonce of the authorization
* @return True if the nonce is used
*/
function authorizationState(address authorizer, bytes32 nonce) external view returns (bool) {
return _authorizationStates[authorizer][nonce];
}
/**
* @notice Execute a transfer with a signed authorization
* @param from Payer's address (Authorizer)
* @param to Payee's address
* @param value Amount to be transferred
* @param validAfter The time after which this is valid (unix time)
* @param validBefore The time before which this is valid (unix time)
* @param nonce Unique nonce
* @param v v of the signature
* @param r r of the signature
* @param s s of the signature
*/
function transferWithAuthorization(
address from,
address to,
uint256 value,
uint256 validAfter,
uint256 validBefore,
bytes32 nonce,
uint8 v,
bytes32 r,
bytes32 s
) external {
_transferWithAuthorization(
TRANSFER_WITH_AUTHORIZATION_TYPEHASH,
from,
to,
value,
validAfter,
validBefore,
nonce,
v,
r,
s
);
}
/**
* @notice Receive a transfer with a signed authorization from the payer
* @dev This has an additional check to ensure that the payee's address matches
* the caller of this function to prevent front-running attacks. (See security
* considerations)
* @param from Payer's address (Authorizer)
* @param to Payee's address
* @param value Amount to be transferred
* @param validAfter The time after which this is valid (unix time)
* @param validBefore The time before which this is valid (unix time)
* @param nonce Unique nonce
* @param v v of the signature
* @param r r of the signature
* @param s s of the signature
*/
function receiveWithAuthorization(
address from,
address to,
uint256 value,
uint256 validAfter,
uint256 validBefore,
bytes32 nonce,
uint8 v,
bytes32 r,
bytes32 s
) external {
require(to == msg.sender, "EIP3009: caller must be the payee");
_transferWithAuthorization(
RECEIVE_WITH_AUTHORIZATION_TYPEHASH,
from,
to,
value,
validAfter,
validBefore,
nonce,
v,
r,
s
);
}
/**
* @notice Attempt to cancel an authorization
* @param authorizer Authorizer's address
* @param nonce Nonce of the authorization
* @param v v of the signature
* @param r r of the signature
* @param s s of the signature
*/
function cancelAuthorization(address authorizer, bytes32 nonce, uint8 v, bytes32 r, bytes32 s) external {
require(!_authorizationStates[authorizer][nonce], _AUTHORIZATION_USED_ERROR);
bytes memory data = abi.encode(CANCEL_AUTHORIZATION_TYPEHASH, authorizer, nonce);
bytes32 hash = _hashTypedDataV4(keccak256(data));
require(ECDSA.recover(hash, v, r, s) == authorizer, _INVALID_SIGNATURE_ERROR);
_authorizationStates[authorizer][nonce] = true;
emit AuthorizationCanceled(authorizer, nonce);
}
function _transferWithAuthorization(
bytes32 typeHash,
address from,
address to,
uint256 value,
uint256 validAfter,
uint256 validBefore,
bytes32 nonce,
uint8 v,
bytes32 r,
bytes32 s
) internal {
require(block.timestamp > validAfter, "EIP3009: authorization is not yet valid");
require(block.timestamp < validBefore, "EIP3009: authorization is expired");
require(!_authorizationStates[from][nonce], _AUTHORIZATION_USED_ERROR);
bytes memory data = abi.encode(typeHash, from, to, value, validAfter, validBefore, nonce);
bytes32 hash = _hashTypedDataV4(keccak256(data));
require(ECDSA.recover(hash, v, r, s) == from, _INVALID_SIGNATURE_ERROR);
_authorizationStates[from][nonce] = true;
emit AuthorizationUsed(from, nonce);
_transfer(from, to, value);
}
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import {IReserve} from "./IReserve.sol";
import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
interface IDecentralizedEURO is IERC20 {
function suggestMinter(
address _minter,
uint256 _applicationPeriod,
uint256 _applicationFee,
string calldata _message
) external;
function registerPosition(address position) external;
function denyMinter(address minter, address[] calldata helpers, string calldata message) external;
function reserve() external view returns (IReserve);
function minterReserve() external view returns (uint256);
function calculateAssignedReserve(uint256 mintedAmount, uint32 _reservePPM) external view returns (uint256);
function equity() external view returns (uint256);
function isMinter(address minter) external view returns (bool);
function getPositionParent(address position) external view returns (address);
function mint(address target, uint256 amount) external;
function mintWithReserve(address target, uint256 amount, uint32 reservePPM) external;
function burn(uint256 amount) external;
function burnFrom(address target, uint256 amount) external;
function burnWithoutReserve(uint256 amount, uint32 reservePPM) external;
function burnFromWithReserveNet(
address payer,
uint256 amountExcludingReserve,
uint32 reservePPM
) external returns (uint256);
function burnFromWithReserve(
address payer,
uint256 targetTotalBurnAmount,
uint32 reservePPM
) external returns (uint256);
function coverLoss(address source, uint256 amount) external;
function distributeProfits(address recipient, uint256 amount) external;
function collectProfits(address source, uint256 _amount) external;
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
interface ILeadrate {
function currentRatePPM() external view returns (uint24);
function currentTicks() external view returns (uint64);
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
interface IReserve is IERC20 {
function invest(uint256 amount, uint256 expected) external returns (uint256);
function checkQualified(address sender, address[] calldata helpers) external view;
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import {IReserve} from "./interface/IReserve.sol";
/**
* @title Leadrate (attempt at translating the concise German term 'Leitzins')
*
* A module that can provide other modules with the leading interest rate for the system.
*
**/
contract Leadrate {
IReserve public immutable equity;
// The following five variables are less than 256 bits, so they should be stored
// in the same slot, making them cheaper to access together, right?
uint24 public currentRatePPM; // 24 bits allows rates of up to ~1670% per year
uint24 public nextRatePPM;
uint40 public nextChange;
uint40 private anchorTime; // 40 bits for time in seconds spans up to 1000 human generations
uint64 private ticksAnchor; // in bips * seconds
event RateProposed(address who, uint24 nextRate, uint40 nextChange);
event RateChanged(uint24 newRate);
error NoPendingChange();
error ChangeNotReady();
constructor(IReserve equity_, uint24 initialRatePPM) {
equity = equity_;
nextRatePPM = initialRatePPM;
currentRatePPM = initialRatePPM;
nextChange = uint40(block.timestamp);
anchorTime = nextChange;
ticksAnchor = 0;
emit RateChanged(initialRatePPM); // emit for initialization indexing, if desired
}
/**
* Proposes a new interest rate that will automatically be applied after seven days.
* To cancel a proposal, just overwrite it with a new one proposing the current rate.
*/
function proposeChange(uint24 newRatePPM_, address[] calldata helpers) external {
equity.checkQualified(msg.sender, helpers);
nextRatePPM = newRatePPM_;
nextChange = uint40(block.timestamp + 7 days);
emit RateProposed(msg.sender, nextRatePPM, nextChange);
}
/**
* Setting a previously proposed interest rate change into force.
*/
function applyChange() external {
if (currentRatePPM == nextRatePPM) revert NoPendingChange();
uint40 timeNow = uint40(block.timestamp);
if (timeNow < nextChange) revert ChangeNotReady();
ticksAnchor += (timeNow - anchorTime) * currentRatePPM;
anchorTime = timeNow;
currentRatePPM = nextRatePPM;
emit RateChanged(currentRatePPM);
}
/**
* Total accumulated 'interest ticks' since this contract was deployed.
* One 'tick' is a ppm-second, so one month of 12% annual interest is
* 120000*30*24*3600 = 311040000000 ticks.
* Two months of 6% annual interest would result in the same number of
* ticks. For simplicity, this is linear, so there is no "interest on interest".
*/
function currentTicks() public view returns (uint64) {
return ticks(block.timestamp);
}
function ticks(uint256 timestamp) public view returns (uint64) {
return ticksAnchor + (uint64(timestamp) - anchorTime) * currentRatePPM;
}
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.10;
import {ILeadrate} from "../../interface/ILeadrate.sol";
import {IPosition} from "./IPosition.sol";
import {PositionRoller} from "../PositionRoller.sol";
interface IMintingHub {
function RATE() external view returns (ILeadrate);
function ROLLER() external view returns (PositionRoller);
function challenge(
address _positionAddr,
uint256 _collateralAmount,
uint256 minimumPrice
) external returns (uint256);
function bid(uint32 _challengeNumber, uint256 size, bool postponeCollateralReturn) external;
function returnPostponedCollateral(address collateral, address target) external;
function buyExpiredCollateral(IPosition pos, uint256 upToAmount) external returns (uint256);
function clone(address owner, address parent, uint256 _initialCollateral, uint256 _initialMint, uint40 expiration) external returns (address);
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
interface IPosition {
function hub() external view returns (address);
function collateral() external view returns (IERC20);
function minimumCollateral() external view returns (uint256);
function price() external view returns (uint256);
function virtualPrice() external view returns (uint256);
function challengedAmount() external view returns (uint256);
function original() external view returns (address);
function expiration() external view returns (uint40);
function cooldown() external view returns (uint40);
function limit() external view returns (uint256);
function challengePeriod() external view returns (uint40);
function start() external view returns (uint40);
function riskPremiumPPM() external view returns (uint24);
function reserveContribution() external view returns (uint24);
function principal() external view returns (uint256);
function interest() external view returns (uint256);
function lastAccrual() external view returns (uint40);
function initialize(address parent, uint40 _expiration) external;
function assertCloneable() external;
function notifyMint(uint256 mint_) external;
function notifyRepaid(uint256 repaid_) external;
function availableForClones() external view returns (uint256);
function availableForMinting() external view returns (uint256);
function deny(address[] calldata helpers, string calldata message) external;
function getUsableMint(uint256 totalMint) external view returns (uint256);
function getMintAmount(uint256 usableMint) external view returns (uint256);
function adjust(uint256 newMinted, uint256 newCollateral, uint256 newPrice) external;
function adjustPrice(uint256 newPrice) external;
function mint(address target, uint256 amount) external;
function getDebt() external view returns (uint256);
function getInterest() external view returns (uint256);
function repay(uint256 amount) external returns (uint256);
function repayFull() external returns (uint256);
function forceSale(address buyer, uint256 colAmount, uint256 proceeds) external;
function withdraw(address token, address target, uint256 amount) external;
function withdrawCollateral(address target, uint256 amount) external;
function transferChallengedCollateral(address target, uint256 amount) external;
function challengeData() external view returns (uint256 liqPrice, uint40 phase);
function notifyChallengeStarted(uint256 size, uint256 _price) external;
function notifyChallengeAverted(uint256 size) external;
function notifyChallengeSucceeded(
uint256 _size
) external returns (address, uint256, uint256, uint256, uint32);
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import {IDecentralizedEURO} from "../interface/IDecentralizedEURO.sol";
import {IERC165} from "@openzeppelin/contracts/utils/introspection/IERC165.sol";
import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import {IMintingHubGateway} from "../gateway/interface/IMintingHubGateway.sol";
import {IMintingHub} from "./interface/IMintingHub.sol";
import {IPosition} from "./interface/IPosition.sol";
import {IReserve} from "../interface/IReserve.sol";
import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol";
/**
* @title PositionRoller
*
* Helper to roll over a debt from an old position to a new one.
* Both positions should have the same collateral. Otherwise, it does not make much sense.
*/
contract PositionRoller {
IDecentralizedEURO private deuro;
error NotOwner(address pos);
error NotPosition(address pos);
error Log(uint256, uint256, uint256);
event Roll(address source, uint256 collWithdraw, uint256 repay, uint256 interest, address target, uint256 collDeposit, uint256 mint);
constructor(address deuro_) {
deuro = IDecentralizedEURO(deuro_);
}
/**
* Convenience method to roll an old position into a new one.
*
* Pre-condition: an allowance for the roller to spend the collateral asset on behalf of the caller,
* i.e., one should set collateral.approve(roller, collateral.balanceOf(sourcePosition)).
*
* The following is assumed:
* - If the limit of the target position permits, the user wants to roll everything.
* - The user does not want to add additional collateral, but excess collateral is returned.
* - If not enough can be minted in the new position, it is acceptable for the roller to use dEURO from the msg.sender.
*/
function rollFully(IPosition source, IPosition target) external {
rollFullyWithExpiration(source, target, target.expiration());
}
/**
* Like rollFully, but with a custom expiration date for the new position.
*/
function rollFullyWithExpiration(IPosition source, IPosition target, uint40 expiration) public {
require(source.collateral() == target.collateral());
uint256 repay = source.principal();
uint256 usableMint = source.getUsableMint(repay);
uint256 mintAmount = target.getMintAmount(usableMint);
uint256 collateralToWithdraw = IERC20(source.collateral()).balanceOf(address(source));
uint256 targetPrice = target.price();
uint256 depositAmount = (mintAmount * 10 ** 18 + targetPrice - 1) / targetPrice; // round up
if (depositAmount > collateralToWithdraw) {
// If we need more collateral than available from the old position, we opt for taking
// the missing funds from the caller instead of requiring additional collateral.
depositAmount = collateralToWithdraw;
mintAmount = (depositAmount * target.price()) / 10 ** 18; // round down, rest will be taken from caller
}
roll(source, repay, collateralToWithdraw, target, mintAmount, depositAmount, expiration);
}
/**
* Rolls the source position into the target position using a flash loan.
* Both the source and the target position must recognize this roller.
* It is the responsibility of the caller to ensure that both positions are valid contracts.
*
* @param source The source position, must be owned by the msg.sender.
* @param repay The amount of principal to repay from the source position using a flash loan, freeing up some or all collateral .
* @param collWithdraw Collateral to move from the source position to the msg.sender.
* @param target The target position. If not owned by msg.sender or if it does not have the desired expiration,
* it is cloned to create a position owned by the msg.sender.
* @param mint The amount to be minted from the target position using collateral from msg.sender.
* @param collDeposit The amount of collateral to be sent from msg.sender to the target position.
* @param expiration The desired expiration date for the target position.
*/
function roll(
IPosition source,
uint256 repay,
uint256 collWithdraw,
IPosition target,
uint256 mint,
uint256 collDeposit,
uint40 expiration
) public valid(source) valid(target) own(source) {
uint256 interest = source.getInterest();
uint256 totRepayment = repay + interest; // add interest to repay
deuro.mint(address(this), totRepayment); // take a flash loan
uint256 used = source.repay(totRepayment);
source.withdrawCollateral(msg.sender, collWithdraw);
if (mint > 0) {
IERC20 targetCollateral = IERC20(target.collateral());
if (Ownable(address(target)).owner() != msg.sender || expiration != target.expiration()) {
targetCollateral.transferFrom(msg.sender, address(this), collDeposit); // get the new collateral
targetCollateral.approve(target.hub(), collDeposit); // approve the new collateral and clone:
target = _cloneTargetPosition(target, source, collDeposit, mint, expiration);
} else {
// We can roll into the provided existing position.
// We do not verify whether the target position was created by the known minting hub in order
// to allow positions to be rolled into future versions of the minting hub.
targetCollateral.transferFrom(msg.sender, address(target), collDeposit);
target.mint(msg.sender, mint);
}
}
// Transfer remaining flash loan to caller for repayment
if (totRepayment > used) {
deuro.transfer(msg.sender, totRepayment - used);
}
deuro.burnFrom(msg.sender, totRepayment); // repay the flash loan
emit Roll(address(source), collWithdraw, repay, interest, address(target), collDeposit, mint);
}
/**
* Clones the target position and mints the specified amount using the given collateral.
*/
function _cloneTargetPosition (
IPosition target,
IPosition source,
uint256 collDeposit,
uint256 mint,
uint40 expiration
) internal returns (IPosition) {
if (IERC165(target.hub()).supportsInterface(type(IMintingHubGateway).interfaceId)) {
bytes32 frontendCode = IMintingHubGateway(target.hub()).GATEWAY().getPositionFrontendCode(
address(source)
);
return IPosition(
IMintingHubGateway(target.hub()).clone(
msg.sender,
address(target),
collDeposit,
mint,
expiration,
frontendCode // use the same frontend code
)
);
} else {
return IPosition(
IMintingHub(target.hub()).clone(msg.sender, address(target), collDeposit, mint, expiration)
);
}
}
modifier own(IPosition pos) {
if (Ownable(address(pos)).owner() != msg.sender) revert NotOwner(address(pos));
_;
}
modifier valid(IPosition pos) {
if (deuro.getPositionParent(address(pos)) == address(0x0)) revert NotPosition(address(pos));
_;
}
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import {IDecentralizedEURO} from "./interface/IDecentralizedEURO.sol";
import {IReserve} from "./interface/IReserve.sol";
import {Leadrate} from "./Leadrate.sol";
/**
* @title Savings
*
* Module to enable savings based on a Leadrate ("Leitzins") module.
*
* As the interest rate changes, the speed at which 'ticks' are accumulated is
* adjusted. The ticks counter serves as the basis for calculating the interest
* due for the individual accounts.
*/
contract Savings is Leadrate {
IERC20 public immutable deuro;
mapping(address => Account) public savings;
struct Account {
uint192 saved;
uint64 ticks;
}
event Saved(address indexed account, uint192 amount);
event InterestCollected(address indexed account, uint256 interest);
event Withdrawn(address indexed account, uint192 amount);
// The module is considered disabled if the interest is zero or about to become zero within three days.
error ModuleDisabled();
constructor(IDecentralizedEURO deuro_, uint24 initialRatePPM) Leadrate(IReserve(deuro_.reserve()), initialRatePPM) {
deuro = IERC20(deuro_);
}
/**
* Shortcut for refreshBalance(msg.sender)
*/
function refreshMyBalance() public returns (uint192) {
return refreshBalance(msg.sender);
}
/**
* Collects the accrued interest and adds it to the account.
*
* It can be beneficial to do so every now and then in order to start collecting
* interest on the accrued interest.
*/
function refreshBalance(address owner) public returns (uint192) {
return refresh(owner).saved;
}
function refresh(address accountOwner) virtual internal returns (Account storage) {
Account storage account = savings[accountOwner];
uint64 ticks = currentTicks();
if (ticks > account.ticks) {
uint192 earnedInterest = calculateInterest(account, ticks);
if (earnedInterest > 0) {
// collect interest as you go and trigger accounting event
(IDecentralizedEURO(address(deuro))).distributeProfits(address(this), earnedInterest);
account.saved += earnedInterest;
emit InterestCollected(accountOwner, earnedInterest);
}
account.ticks = ticks;
}
return account;
}
function accruedInterest(address accountOwner) public view returns (uint192) {
return accruedInterest(accountOwner, block.timestamp);
}
function accruedInterest(address accountOwner, uint256 timestamp) public view returns (uint192) {
Account memory account = savings[accountOwner];
return calculateInterest(account, ticks(timestamp));
}
function calculateInterest(Account memory account, uint64 ticks) public view returns (uint192) {
if (ticks <= account.ticks || account.ticks == 0) {
return 0;
} else {
uint192 earnedInterest = uint192((uint256(ticks - account.ticks) * account.saved) / 1000000 / 365 days);
uint256 equity = IDecentralizedEURO(address(deuro)).equity();
if (earnedInterest > equity) {
return uint192(equity); // safe conversion as equity is smaller than uint192 earnedInterest
} else {
return earnedInterest;
}
}
}
/**
* Save 'amount'.
*/
function save(uint192 amount) public {
save(msg.sender, amount);
}
function adjust(uint192 targetAmount) public {
Account storage balance = refresh(msg.sender);
if (balance.saved < targetAmount) {
save(targetAmount - balance.saved);
} else if (balance.saved > targetAmount) {
withdraw(msg.sender, balance.saved - targetAmount);
}
}
/**
* Send 'amount' to the account of the provided owner.
*/
function save(address owner, uint192 amount) public {
if (currentRatePPM == 0) revert ModuleDisabled();
if (nextRatePPM == 0 && (nextChange <= block.timestamp)) revert ModuleDisabled();
Account storage balance = refresh(owner);
deuro.transferFrom(msg.sender, address(this), amount);
assert(balance.ticks >= currentTicks()); // @dev: should not differ, since there is no shift of interests
balance.saved += amount;
emit Saved(owner, amount);
}
/**
* Withdraw up to 'amount' to the target address.
* When trying to withdraw more than available, all that is available is withdrawn.
* Returns the actually transferred amount.
*/
function withdraw(address target, uint192 amount) public returns (uint256) {
Account storage account = refresh(msg.sender);
if (amount >= account.saved) {
amount = account.saved;
delete savings[msg.sender];
} else {
account.saved -= amount;
}
deuro.transfer(target, amount);
emit Withdrawn(msg.sender, amount);
return amount;
}
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import {Equity} from "../Equity.sol";
import {ERC20} from "@openzeppelin/contracts/token/ERC20/ERC20.sol";
import {ERC20Permit} from "@openzeppelin/contracts/token/ERC20/extensions/ERC20Permit.sol";
import {ERC20Wrapper} from "@openzeppelin/contracts/token/ERC20/extensions/ERC20Wrapper.sol";
contract DEPSWrapper is ERC20Permit, ERC20Wrapper {
Equity private immutable nDEPS;
constructor(
Equity nDEPS_
)
ERC20Permit("Decentralized Euro Protocol Share")
ERC20("Decentralized Euro Protocol Share", "DEPS")
ERC20Wrapper(nDEPS_)
{
nDEPS = nDEPS_;
}
// requires allowance
function wrap(uint256 amount) public {
depositFor(_msgSender(), amount);
}
function unwrap(uint256 amount) public {
withdrawTo(_msgSender(), amount);
}
function decimals() public view override(ERC20, ERC20Wrapper) returns (uint8) {
return ERC20Wrapper.decimals();
}
/**
* Sell immediately, bypassing the 90 day holding requirement if the
* average wrapped token has been around for long enough and no one
* cancelled the votes of this contract. Can help with market making
* between chains when this token is bridged.
*
* Anyone can prevent this method from being executable via the
* halveHoldingDuration function. Also, it won't be executable in an
* expanding market where the number of wrapped nDEPS doubles every
* 90 days such that the average holding period of this contract stays
* below that duration.
*/
function unwrapAndSell(uint256 amount) public returns (uint256) {
super._burn(_msgSender(), amount);
return nDEPS.redeem(_msgSender(), amount);
}
/**
* Reduces the recorded holding duration of the wrapped nDEPS. This has two effects:
* - Averts the risk of this contract accumulating too many votes over time (i.e. 98%)
* - Can prevent "unwrapAndSell" from succeeding (which can be desired to prevent short
* term arbitrage at the cost of all other nDEPS holders)
*
* Anyone with 2% of the votes can call this.
*/
function halveHoldingDuration(address[] calldata helpers) public {
nDEPS.checkQualified(_msgSender(), helpers);
// causes our votes to be cut in half
nDEPS.transfer(address(this), totalSupply());
}
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
/**
* @title Functions for share valuation
*/
contract MathUtil {
uint256 internal constant ONE_DEC18 = 10 ** 18;
// Let's go for 12 digits of precision (18-6)
uint256 internal constant THRESH_DEC18 = 10 ** 6;
/**
* @notice Fifth root with Halley approximation
* Number 1e18 decimal
* @param _v number for which we calculate x**(1/5)
* @return returns _v**(1/5)
*/
function _fifthRoot(uint256 _v) internal pure returns (uint256) {
// Good first guess for _v slightly above 1.0, which is often the case in the dEURO system
uint256 x = _v > ONE_DEC18 && _v < 10 ** 19 ? (_v - ONE_DEC18) / 5 + ONE_DEC18 : ONE_DEC18;
uint256 diff;
do {
uint256 powX5 = _power5(x);
uint256 xnew = (x * (2 * powX5 + 3 * _v)) / (3 * powX5 + 2 * _v);
diff = xnew > x ? xnew - x : x - xnew;
x = xnew;
} while (diff > THRESH_DEC18);
return x;
}
function _mulD18(uint256 _a, uint256 _b) internal pure returns (uint256) {
return (_a * _b) / ONE_DEC18;
}
function _divD18(uint256 _a, uint256 _b) internal pure returns (uint256) {
return (_a * ONE_DEC18) / _b;
}
function _power5(uint256 _x) internal pure returns (uint256) {
return _mulD18(_mulD18(_mulD18(_mulD18(_x, _x), _x), _x), _x);
}
function _min(uint256 a, uint256 b) internal pure returns (uint256) {
return a < b ? a : b;
}
}{
"optimizer": {
"enabled": true,
"runs": 200
},
"outputSelection": {
"*": {
"*": [
"evm.bytecode",
"evm.deployedBytecode",
"devdoc",
"userdoc",
"metadata",
"abi"
]
}
},
"evmVersion": "paris",
"metadata": {
"useLiteralContent": true
},
"libraries": {}
}Contract Security Audit
- No Contract Security Audit Submitted- Submit Audit Here
Contract ABI
API[{"inputs":[{"internalType":"address","name":"deuro_","type":"address"},{"internalType":"address","name":"deps_","type":"address"}],"stateMutability":"nonpayable","type":"constructor"},{"inputs":[],"name":"EquityTooLow","type":"error"},{"inputs":[],"name":"FrontendCodeAlreadyExists","type":"error"},{"inputs":[],"name":"NoOpenChanges","type":"error"},{"inputs":[{"internalType":"uint256","name":"minmumExecutionTime","type":"uint256"}],"name":"NotDoneWaiting","type":"error"},{"inputs":[],"name":"NotFrontendCodeOwner","type":"error"},{"inputs":[],"name":"NotGatewayService","type":"error"},{"inputs":[{"internalType":"address","name":"owner","type":"address"}],"name":"OwnableInvalidOwner","type":"error"},{"inputs":[{"internalType":"address","name":"account","type":"address"}],"name":"OwnableUnauthorizedAccount","type":"error"},{"inputs":[],"name":"ProposedChangesToHigh","type":"error"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"address","name":"owner","type":"address"},{"indexed":false,"internalType":"bytes32","name":"frontendCode","type":"bytes32"}],"name":"FrontendCodeRegistered","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"address","name":"to","type":"address"},{"indexed":false,"internalType":"uint256","name":"amount","type":"uint256"},{"indexed":false,"internalType":"bytes32","name":"frontendCode","type":"bytes32"}],"name":"FrontendCodeRewardsWithdrawn","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"address","name":"from","type":"address"},{"indexed":false,"internalType":"address","name":"to","type":"address"},{"indexed":false,"internalType":"bytes32","name":"frontendCode","type":"bytes32"}],"name":"FrontendCodeTransferred","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"address","name":"position","type":"address"},{"indexed":false,"internalType":"bytes32","name":"frontendCode","type":"bytes32"}],"name":"NewPositionRegistered","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"previousOwner","type":"address"},{"indexed":true,"internalType":"address","name":"newOwner","type":"address"}],"name":"OwnershipTransferred","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"address","name":"who","type":"address"},{"indexed":false,"internalType":"uint24","name":"nextFeeRate","type":"uint24"},{"indexed":false,"internalType":"uint24","name":"nextSavingsFeeRate","type":"uint24"},{"indexed":false,"internalType":"uint24","name":"nextMintingFeeRate","type":"uint24"}],"name":"RateChangesExecuted","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"address","name":"who","type":"address"},{"indexed":false,"internalType":"uint24","name":"nextFeeRate","type":"uint24"},{"indexed":false,"internalType":"uint24","name":"nextSavingsFeeRate","type":"uint24"},{"indexed":false,"internalType":"uint24","name":"nextMintingFeeRate","type":"uint24"},{"indexed":false,"internalType":"uint256","name":"nextChange","type":"uint256"}],"name":"RateChangesProposed","type":"event"},{"inputs":[],"name":"DEPS","outputs":[{"internalType":"contract DEPSWrapper","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"DEURO","outputs":[{"internalType":"contract IERC20","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"EQUITY","outputs":[{"internalType":"contract Equity","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"MINTING_HUB","outputs":[{"internalType":"contract IMintingHubGateway","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"SAVINGS","outputs":[{"internalType":"contract SavingsGateway","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"changeTimeLock","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"executeChanges","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"feeRate","outputs":[{"internalType":"uint24","name":"","type":"uint24"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"bytes32","name":"","type":"bytes32"}],"name":"frontendCodes","outputs":[{"internalType":"uint256","name":"balance","type":"uint256"},{"internalType":"address","name":"owner","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"position","type":"address"}],"name":"getPositionFrontendCode","outputs":[{"internalType":"bytes32","name":"","type":"bytes32"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"savings","type":"address"},{"internalType":"address","name":"mintingHub","type":"address"}],"name":"init","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"uint256","name":"amount","type":"uint256"},{"internalType":"uint256","name":"expectedShares","type":"uint256"},{"internalType":"bytes32","name":"frontendCode","type":"bytes32"}],"name":"invest","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"","type":"address"}],"name":"lastUsedFrontendCode","outputs":[{"internalType":"bytes32","name":"","type":"bytes32"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"mintingFeeRate","outputs":[{"internalType":"uint24","name":"","type":"uint24"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"nextFeeRate","outputs":[{"internalType":"uint24","name":"","type":"uint24"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"nextMintingFeeRate","outputs":[{"internalType":"uint24","name":"","type":"uint24"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"nextSavingsFeeRate","outputs":[{"internalType":"uint24","name":"","type":"uint24"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"owner","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"uint24","name":"newFeeRatePPM_","type":"uint24"},{"internalType":"uint24","name":"newSavingsFeeRatePPM_","type":"uint24"},{"internalType":"uint24","name":"newMintingFeeRatePPM_","type":"uint24"},{"internalType":"address[]","name":"helpers","type":"address[]"}],"name":"proposeChanges","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"target","type":"address"},{"internalType":"uint256","name":"shares","type":"uint256"},{"internalType":"uint256","name":"expectedProceeds","type":"uint256"},{"internalType":"bytes32","name":"frontendCode","type":"bytes32"}],"name":"redeem","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"","type":"address"}],"name":"referredPositions","outputs":[{"internalType":"bytes32","name":"","type":"bytes32"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"bytes32","name":"frontendCode","type":"bytes32"}],"name":"registerFrontendCode","outputs":[{"internalType":"bool","name":"","type":"bool"}],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"position","type":"address"},{"internalType":"bytes32","name":"frontendCode","type":"bytes32"}],"name":"registerPosition","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"renounceOwnership","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"savingsFeeRate","outputs":[{"internalType":"uint24","name":"","type":"uint24"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"bytes32","name":"frontendCode","type":"bytes32"},{"internalType":"address","name":"to","type":"address"}],"name":"transferFrontendCode","outputs":[{"internalType":"bool","name":"","type":"bool"}],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"newOwner","type":"address"}],"name":"transferOwnership","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"uint256","name":"amount","type":"uint256"},{"internalType":"bytes32","name":"frontendCode","type":"bytes32"}],"name":"unwrapAndSell","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"position","type":"address"},{"internalType":"uint256","name":"amount","type":"uint256"}],"name":"updatePositionRewards","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"savingsOwner","type":"address"},{"internalType":"bytes32","name":"frontendCode","type":"bytes32"}],"name":"updateSavingCode","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"saver","type":"address"},{"internalType":"uint256","name":"interest","type":"uint256"}],"name":"updateSavingRewards","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"bytes32","name":"frontendCode","type":"bytes32"}],"name":"withdrawRewards","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"bytes32","name":"frontendCode","type":"bytes32"},{"internalType":"address","name":"to","type":"address"}],"name":"withdrawRewardsTo","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"nonpayable","type":"function"}]Contract Creation Code
60e060405234801561001057600080fd5b5060405161186438038061186483398101604081905261002f9161016d565b338061005557604051631e4fbdf760e01b81526000600482015260240160405180910390fd5b61005e81610105565b506001600160a01b03821660808190526040805163669949ef60e11b8152905163cd3293de916004808201926020929091908290030181865afa1580156100a9573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906100cd91906101a7565b6001600160a01b0390811660a0521660c0525060028054600160a01b600160e81b031916670c35000c3500027160a41b1790556101cb565b600080546001600160a01b038381166001600160a01b0319831681178455604051919092169283917f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e09190a35050565b6001600160a01b038116811461016a57600080fd5b50565b6000806040838503121561018057600080fd5b825161018b81610155565b602084015190925061019c81610155565b809150509250929050565b6000602082840312156101b957600080fd5b81516101c481610155565b9392505050565b60805160a05160c0516116326102326000396000818161025f0152818161091a01526109d10152600081816104220152818161086401528181610bdd0152610e700152600081816104a301528181610a5201528181611087015261115d01526116326000f3fe608060405234801561001057600080fd5b50600436106101fb5760003560e01c80638da5cb5b1161011a578063d8f21747116100ad578063e28a0b961161007c578063e28a0b96146104f8578063f09a401614610507578063f2fde38b1461051a578063f83279501461052d578063fe9f9d2c1461054057600080fd5b8063d8f2174714610475578063dbe8a4c21461049e578063dc3012ef146104c5578063e0c01f79146104d857600080fd5b8063a34ca630116100e9578063a34ca6301461041d578063c275a20014610444578063c2db9d3214610457578063d8db60c91461045f57600080fd5b80638da5cb5b146103d0578063978bbdb9146103e15780639bfe870b146103f7578063a07377761461040a57600080fd5b8063423bf67411610192578063736a3f0511610161578063736a3f05146103715780637b025bdf146103945780637dfb6626146103aa5780638467004f146103bd57600080fd5b8063423bf6741461032357806357eac85f146103365780635ebdc04314610356578063715018a61461036957600080fd5b806331266ff5116101ce57806331266ff5146102965780633603f35d146102a9578063368da021146102f65780633f6068fb1461030c57600080fd5b806301137702146102005780631aa7a5591461022f5780631acad25d1461025a5780632a5e323114610281575b600080fd5b60025461021690600160e81b900462ffffff1681565b60405162ffffff90911681526020015b60405180910390f35b600254610242906001600160a01b031681565b6040516001600160a01b039091168152602001610226565b6102427f000000000000000000000000000000000000000000000000000000000000000081565b61029461028f36600461130e565b610553565b005b6102946102a436600461130e565b610605565b6102d96102b7366004611338565b600560205260009081526040902080546001909101546001600160a01b031682565b604080519283526001600160a01b03909116602083015201610226565b60025461021690600160b81b900462ffffff1681565b61031560045481565b604051908152602001610226565b61029461033136600461130e565b6106ac565b610315610344366004611351565b60076020526000908152604090205481565b61031561036436600461136c565b6106fc565b61029461074a565b61038461037f366004611338565b61075e565b6040519015158152602001610226565b60025461021690600160d01b900462ffffff1681565b6103156103b8366004611338565b61080a565b6103156103cb366004611398565b610857565b6000546001600160a01b0316610242565b60025461021690600160a01b900462ffffff1681565b6103156104053660046113c4565b61090e565b61029461041836600461130e565b610afd565b6102427f000000000000000000000000000000000000000000000000000000000000000081565b6102946104523660046113f9565b610b82565b610294610d04565b600354610216906301000000900462ffffff1681565b610315610483366004611351565b6001600160a01b031660009081526006602052604090205490565b6102427f000000000000000000000000000000000000000000000000000000000000000081565b6103156104d33660046114a0565b610e63565b6103156104e6366004611351565b60066020526000908152604090205481565b6003546102169062ffffff1681565b6102946105153660046114d9565b610f2b565b610294610528366004611351565b610f6f565b600154610242906001600160a01b031681565b61038461054e36600461136c565b610fad565b6001546001600160a01b031633811461057f576040516338b601a360e11b815260040160405180910390fd5b6001600160a01b0383166000908152600660205260409020541561060057600254620f4240906105bb90600160d01b900462ffffff1684611519565b6105c59190611530565b6001600160a01b03841660009081526006602090815260408083205483526005909152812080549091906105fa908490611552565b90915550505b505050565b6002546001600160a01b0316338114610631576040516338b601a360e11b815260040160405180910390fd5b6001600160a01b0383166000908152600760205260409020541561060057600254620f42409061066d90600160b81b900462ffffff1684611519565b6106779190611530565b6001600160a01b03841660009081526007602090815260408083205483526005909152812080549091906105fa908490611552565b6002546001600160a01b03163381146106d8576040516338b601a360e11b815260040160405180910390fd5b811561060057506001600160a01b0391909116600090815260076020526040902055565b60008281526005602052604081206001015483906001600160a01b031633146107385760405163729260b160e11b815260040160405180910390fd5b6107428484611068565b949350505050565b61075261120b565b61075c6000611238565b565b6000818152600560205260408120600101546001600160a01b0316151580610784575081155b156107a2576040516378d0770560e01b815260040160405180910390fd5b60008281526005602090815260409182902060010180546001600160a01b03191633908117909155825190815290810184905281517fac113b25e2f6da9f42c0fcfcb2a028fd74e615dca6ef2a71abffad4577797072929181900390910190a1506001919050565b60008181526005602052604081206001015482906001600160a01b031633146108465760405163729260b160e11b815260040160405180910390fd5b6108508333611068565b9392505050565b6000806001600160a01b037f00000000000000000000000000000000000000000000000000000000000000001663a1c1fb4f336040516001600160e01b031960e084901b1681526001600160a01b03909116600482015260248101889052604481018790526064016020604051808303816000875af11580156108de573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906109029190611565565b90506107428386611288565b60006001600160a01b037f0000000000000000000000000000000000000000000000000000000000000000166323b872dd336040516001600160e01b031960e084901b1681526001600160a01b039091166004820152306024820152604481018690526064016020604051808303816000875af1158015610993573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906109b7919061157e565b506040516387481e7360e01b8152600481018490526000907f00000000000000000000000000000000000000000000000000000000000000006001600160a01b0316906387481e73906024016020604051808303816000875af1158015610a22573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190610a469190611565565b90506001600160a01b037f00000000000000000000000000000000000000000000000000000000000000001663a9059cbb336040516001600160e01b031960e084901b1681526001600160a01b039091166004820152602481018490526044016020604051808303816000875af1158015610ac5573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190610ae9919061157e565b50610af48382611288565b90505b92915050565b6001546001600160a01b0316338114610b29576040516338b601a360e11b815260040160405180910390fd5b6001600160a01b038316600081815260066020908152604091829020859055815192835282018490527f9e429360cfeef15ad3c2ba1c39a2c8788c2774663312112e0af1b084a5d56010910160405180910390a1505050565b614e208562ffffff161180610b9e5750620f42408462ffffff16115b80610bb05750620f42408362ffffff16115b15610bce5760405163c2c7709b60e01b815260040160405180910390fd5b60405163352e3a8360e01b81527f00000000000000000000000000000000000000000000000000000000000000006001600160a01b03169063352e3a8390610c1e903390869086906004016115a0565b60006040518083038186803b158015610c3657600080fd5b505afa158015610c4a573d6000803e3d6000fd5b50506002805462ffffff808a16600160e81b026001600160e81b03909216919091179091556003805487831663010000000265ffffffffffff199091169289169290921791909117905550610ca490504262093a80611552565b60048190556040805133815262ffffff888116602083015287811682840152861660608201526080810192909252517f7675f8a1fec4ff7e3c4b4a7771beca147e122e702f5e632a812a983d74136e019181900360a00190a15050505050565b600254600160e81b810462ffffff908116600160a01b90920416148015610d3e575060025460035462ffffff908116600160b81b90920416145b8015610d6457506002546003546301000000900462ffffff908116600160d01b90920416145b15610d82576040516304fe479160e01b815260040160405180910390fd5b600454421015610dae57600480546040516374f75f6360e01b8152918201526024015b60405180910390fd5b60028054600354600160d01b6301000000820462ffffff908116820262ffffff60d01b19600160b81b948316850262ffffff60b81b19600160a01b600160e81b8904861681029190911665ffffffffffff60a01b19909816979097171716179485905560408051338152948604821660208601529285048116848401529304909216606082015290517fad985451be636dfc329b4c01326f5378dd03b425d9ddc03d21a38d7ebc8f6e599181900360800190a1565b6000806001600160a01b037f0000000000000000000000000000000000000000000000000000000000000000166391ac6f99336040516001600160e01b031960e084901b1681526001600160a01b039182166004820152908916602482015260448101889052606481018790526084016020604051808303816000875af1158015610ef2573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190610f169190611565565b9050610f228382611288565b95945050505050565b610f3361120b565b600280546001600160a01b038085166001600160a01b0319928316179092556001805492841692909116919091179055610f6b61074a565b5050565b610f7761120b565b6001600160a01b038116610fa157604051631e4fbdf760e01b815260006004820152602401610da5565b610faa81611238565b50565b60008281526005602052604081206001015483906001600160a01b03163314610fe95760405163729260b160e11b815260040160405180910390fd5b600084815260056020526040902060010180546001600160a01b0319166001600160a01b0385161790557f4f1b00fb86992889ee465121c65a60c82612738f92c5de138d81ed4576e2544733604080516001600160a01b0392831681529186166020830152810186905260600160405180910390a15060019392505050565b60008060056000858152602001908152602001600020600001549050807f00000000000000000000000000000000000000000000000000000000000000006001600160a01b03166391a0ac6a6040518163ffffffff1660e01b8152600401602060405180830381865afa1580156110e3573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906111079190611565565b101561112657604051639efc0a6960e01b815260040160405180910390fd5b60008481526005602052604080822091909155516308b8bb4b60e01b81526001600160a01b038481166004830152602482018390527f000000000000000000000000000000000000000000000000000000000000000016906308b8bb4b90604401600060405180830381600087803b1580156111a157600080fd5b505af11580156111b5573d6000803e3d6000fd5b5050604080516001600160a01b0387168152602081018590529081018790527f7728e907e9a9ce01e7031dcc773e276dab993b745d3295702af40a91d67683f89250606001905060405180910390a19392505050565b6000546001600160a01b0316331461075c5760405163118cdaa760e01b8152336004820152602401610da5565b600080546001600160a01b038381166001600160a01b0319831681178455604051919092169283917f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e09190a35050565b81611291575050565b336000908152600760205260409020829055600254620f4240906112c190600160a01b900462ffffff1683611519565b6112cb9190611530565b600083815260056020526040812080549091906112e9908490611552565b90915550505050565b80356001600160a01b038116811461130957600080fd5b919050565b6000806040838503121561132157600080fd5b61132a836112f2565b946020939093013593505050565b60006020828403121561134a57600080fd5b5035919050565b60006020828403121561136357600080fd5b610850826112f2565b6000806040838503121561137f57600080fd5b8235915061138f602084016112f2565b90509250929050565b6000806000606084860312156113ad57600080fd5b505081359360208301359350604090920135919050565b600080604083850312156113d757600080fd5b50508035926020909101359150565b803562ffffff8116811461130957600080fd5b60008060008060006080868803121561141157600080fd5b61141a866113e6565b9450611428602087016113e6565b9350611436604087016113e6565b9250606086013567ffffffffffffffff81111561145257600080fd5b8601601f8101881361146357600080fd5b803567ffffffffffffffff81111561147a57600080fd5b8860208260051b840101111561148f57600080fd5b959894975092955050506020019190565b600080600080608085870312156114b657600080fd5b6114bf856112f2565b966020860135965060408601359560600135945092505050565b600080604083850312156114ec57600080fd5b6114f5836112f2565b915061138f602084016112f2565b634e487b7160e01b600052601160045260246000fd5b8082028115828204841417610af757610af7611503565b60008261154d57634e487b7160e01b600052601260045260246000fd5b500490565b80820180821115610af757610af7611503565b60006020828403121561157757600080fd5b5051919050565b60006020828403121561159057600080fd5b81518015158114610af457600080fd5b6001600160a01b0384168152604060208201819052810182905260008360608301825b858110156115f1576001600160a01b036115dc846112f2565b168252602092830192909101906001016115c3565b50969550505050505056fea264697066735822122049051de2b59314bd26c5a13ebb41ce87e729a9f178b8e53020a6dc440ec7de2b64736f6c634300081a0033000000000000000000000000e56e05a3e1375a147c122e5883667e57159485e6000000000000000000000000315f8aa5823580d3135bdc5bdf1d658be9eeb2d6
Deployed Bytecode
0x608060405234801561001057600080fd5b50600436106101fb5760003560e01c80638da5cb5b1161011a578063d8f21747116100ad578063e28a0b961161007c578063e28a0b96146104f8578063f09a401614610507578063f2fde38b1461051a578063f83279501461052d578063fe9f9d2c1461054057600080fd5b8063d8f2174714610475578063dbe8a4c21461049e578063dc3012ef146104c5578063e0c01f79146104d857600080fd5b8063a34ca630116100e9578063a34ca6301461041d578063c275a20014610444578063c2db9d3214610457578063d8db60c91461045f57600080fd5b80638da5cb5b146103d0578063978bbdb9146103e15780639bfe870b146103f7578063a07377761461040a57600080fd5b8063423bf67411610192578063736a3f0511610161578063736a3f05146103715780637b025bdf146103945780637dfb6626146103aa5780638467004f146103bd57600080fd5b8063423bf6741461032357806357eac85f146103365780635ebdc04314610356578063715018a61461036957600080fd5b806331266ff5116101ce57806331266ff5146102965780633603f35d146102a9578063368da021146102f65780633f6068fb1461030c57600080fd5b806301137702146102005780631aa7a5591461022f5780631acad25d1461025a5780632a5e323114610281575b600080fd5b60025461021690600160e81b900462ffffff1681565b60405162ffffff90911681526020015b60405180910390f35b600254610242906001600160a01b031681565b6040516001600160a01b039091168152602001610226565b6102427f000000000000000000000000315f8aa5823580d3135bdc5bdf1d658be9eeb2d681565b61029461028f36600461130e565b610553565b005b6102946102a436600461130e565b610605565b6102d96102b7366004611338565b600560205260009081526040902080546001909101546001600160a01b031682565b604080519283526001600160a01b03909116602083015201610226565b60025461021690600160b81b900462ffffff1681565b61031560045481565b604051908152602001610226565b61029461033136600461130e565b6106ac565b610315610344366004611351565b60076020526000908152604090205481565b61031561036436600461136c565b6106fc565b61029461074a565b61038461037f366004611338565b61075e565b6040519015158152602001610226565b60025461021690600160d01b900462ffffff1681565b6103156103b8366004611338565b61080a565b6103156103cb366004611398565b610857565b6000546001600160a01b0316610242565b60025461021690600160a01b900462ffffff1681565b6103156104053660046113c4565b61090e565b61029461041836600461130e565b610afd565b6102427f000000000000000000000000e80bc6275aef1fc9664e5cfcfa2e2d92f342ec9381565b6102946104523660046113f9565b610b82565b610294610d04565b600354610216906301000000900462ffffff1681565b610315610483366004611351565b6001600160a01b031660009081526006602052604090205490565b6102427f000000000000000000000000e56e05a3e1375a147c122e5883667e57159485e681565b6103156104d33660046114a0565b610e63565b6103156104e6366004611351565b60066020526000908152604090205481565b6003546102169062ffffff1681565b6102946105153660046114d9565b610f2b565b610294610528366004611351565b610f6f565b600154610242906001600160a01b031681565b61038461054e36600461136c565b610fad565b6001546001600160a01b031633811461057f576040516338b601a360e11b815260040160405180910390fd5b6001600160a01b0383166000908152600660205260409020541561060057600254620f4240906105bb90600160d01b900462ffffff1684611519565b6105c59190611530565b6001600160a01b03841660009081526006602090815260408083205483526005909152812080549091906105fa908490611552565b90915550505b505050565b6002546001600160a01b0316338114610631576040516338b601a360e11b815260040160405180910390fd5b6001600160a01b0383166000908152600760205260409020541561060057600254620f42409061066d90600160b81b900462ffffff1684611519565b6106779190611530565b6001600160a01b03841660009081526007602090815260408083205483526005909152812080549091906105fa908490611552565b6002546001600160a01b03163381146106d8576040516338b601a360e11b815260040160405180910390fd5b811561060057506001600160a01b0391909116600090815260076020526040902055565b60008281526005602052604081206001015483906001600160a01b031633146107385760405163729260b160e11b815260040160405180910390fd5b6107428484611068565b949350505050565b61075261120b565b61075c6000611238565b565b6000818152600560205260408120600101546001600160a01b0316151580610784575081155b156107a2576040516378d0770560e01b815260040160405180910390fd5b60008281526005602090815260409182902060010180546001600160a01b03191633908117909155825190815290810184905281517fac113b25e2f6da9f42c0fcfcb2a028fd74e615dca6ef2a71abffad4577797072929181900390910190a1506001919050565b60008181526005602052604081206001015482906001600160a01b031633146108465760405163729260b160e11b815260040160405180910390fd5b6108508333611068565b9392505050565b6000806001600160a01b037f000000000000000000000000e80bc6275aef1fc9664e5cfcfa2e2d92f342ec931663a1c1fb4f336040516001600160e01b031960e084901b1681526001600160a01b03909116600482015260248101889052604481018790526064016020604051808303816000875af11580156108de573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906109029190611565565b90506107428386611288565b60006001600160a01b037f000000000000000000000000315f8aa5823580d3135bdc5bdf1d658be9eeb2d6166323b872dd336040516001600160e01b031960e084901b1681526001600160a01b039091166004820152306024820152604481018690526064016020604051808303816000875af1158015610993573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906109b7919061157e565b506040516387481e7360e01b8152600481018490526000907f000000000000000000000000315f8aa5823580d3135bdc5bdf1d658be9eeb2d66001600160a01b0316906387481e73906024016020604051808303816000875af1158015610a22573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190610a469190611565565b90506001600160a01b037f000000000000000000000000e56e05a3e1375a147c122e5883667e57159485e61663a9059cbb336040516001600160e01b031960e084901b1681526001600160a01b039091166004820152602481018490526044016020604051808303816000875af1158015610ac5573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190610ae9919061157e565b50610af48382611288565b90505b92915050565b6001546001600160a01b0316338114610b29576040516338b601a360e11b815260040160405180910390fd5b6001600160a01b038316600081815260066020908152604091829020859055815192835282018490527f9e429360cfeef15ad3c2ba1c39a2c8788c2774663312112e0af1b084a5d56010910160405180910390a1505050565b614e208562ffffff161180610b9e5750620f42408462ffffff16115b80610bb05750620f42408362ffffff16115b15610bce5760405163c2c7709b60e01b815260040160405180910390fd5b60405163352e3a8360e01b81527f000000000000000000000000e80bc6275aef1fc9664e5cfcfa2e2d92f342ec936001600160a01b03169063352e3a8390610c1e903390869086906004016115a0565b60006040518083038186803b158015610c3657600080fd5b505afa158015610c4a573d6000803e3d6000fd5b50506002805462ffffff808a16600160e81b026001600160e81b03909216919091179091556003805487831663010000000265ffffffffffff199091169289169290921791909117905550610ca490504262093a80611552565b60048190556040805133815262ffffff888116602083015287811682840152861660608201526080810192909252517f7675f8a1fec4ff7e3c4b4a7771beca147e122e702f5e632a812a983d74136e019181900360a00190a15050505050565b600254600160e81b810462ffffff908116600160a01b90920416148015610d3e575060025460035462ffffff908116600160b81b90920416145b8015610d6457506002546003546301000000900462ffffff908116600160d01b90920416145b15610d82576040516304fe479160e01b815260040160405180910390fd5b600454421015610dae57600480546040516374f75f6360e01b8152918201526024015b60405180910390fd5b60028054600354600160d01b6301000000820462ffffff908116820262ffffff60d01b19600160b81b948316850262ffffff60b81b19600160a01b600160e81b8904861681029190911665ffffffffffff60a01b19909816979097171716179485905560408051338152948604821660208601529285048116848401529304909216606082015290517fad985451be636dfc329b4c01326f5378dd03b425d9ddc03d21a38d7ebc8f6e599181900360800190a1565b6000806001600160a01b037f000000000000000000000000e80bc6275aef1fc9664e5cfcfa2e2d92f342ec93166391ac6f99336040516001600160e01b031960e084901b1681526001600160a01b039182166004820152908916602482015260448101889052606481018790526084016020604051808303816000875af1158015610ef2573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190610f169190611565565b9050610f228382611288565b95945050505050565b610f3361120b565b600280546001600160a01b038085166001600160a01b0319928316179092556001805492841692909116919091179055610f6b61074a565b5050565b610f7761120b565b6001600160a01b038116610fa157604051631e4fbdf760e01b815260006004820152602401610da5565b610faa81611238565b50565b60008281526005602052604081206001015483906001600160a01b03163314610fe95760405163729260b160e11b815260040160405180910390fd5b600084815260056020526040902060010180546001600160a01b0319166001600160a01b0385161790557f4f1b00fb86992889ee465121c65a60c82612738f92c5de138d81ed4576e2544733604080516001600160a01b0392831681529186166020830152810186905260600160405180910390a15060019392505050565b60008060056000858152602001908152602001600020600001549050807f000000000000000000000000e56e05a3e1375a147c122e5883667e57159485e66001600160a01b03166391a0ac6a6040518163ffffffff1660e01b8152600401602060405180830381865afa1580156110e3573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906111079190611565565b101561112657604051639efc0a6960e01b815260040160405180910390fd5b60008481526005602052604080822091909155516308b8bb4b60e01b81526001600160a01b038481166004830152602482018390527f000000000000000000000000e56e05a3e1375a147c122e5883667e57159485e616906308b8bb4b90604401600060405180830381600087803b1580156111a157600080fd5b505af11580156111b5573d6000803e3d6000fd5b5050604080516001600160a01b0387168152602081018590529081018790527f7728e907e9a9ce01e7031dcc773e276dab993b745d3295702af40a91d67683f89250606001905060405180910390a19392505050565b6000546001600160a01b0316331461075c5760405163118cdaa760e01b8152336004820152602401610da5565b600080546001600160a01b038381166001600160a01b0319831681178455604051919092169283917f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e09190a35050565b81611291575050565b336000908152600760205260409020829055600254620f4240906112c190600160a01b900462ffffff1683611519565b6112cb9190611530565b600083815260056020526040812080549091906112e9908490611552565b90915550505050565b80356001600160a01b038116811461130957600080fd5b919050565b6000806040838503121561132157600080fd5b61132a836112f2565b946020939093013593505050565b60006020828403121561134a57600080fd5b5035919050565b60006020828403121561136357600080fd5b610850826112f2565b6000806040838503121561137f57600080fd5b8235915061138f602084016112f2565b90509250929050565b6000806000606084860312156113ad57600080fd5b505081359360208301359350604090920135919050565b600080604083850312156113d757600080fd5b50508035926020909101359150565b803562ffffff8116811461130957600080fd5b60008060008060006080868803121561141157600080fd5b61141a866113e6565b9450611428602087016113e6565b9350611436604087016113e6565b9250606086013567ffffffffffffffff81111561145257600080fd5b8601601f8101881361146357600080fd5b803567ffffffffffffffff81111561147a57600080fd5b8860208260051b840101111561148f57600080fd5b959894975092955050506020019190565b600080600080608085870312156114b657600080fd5b6114bf856112f2565b966020860135965060408601359560600135945092505050565b600080604083850312156114ec57600080fd5b6114f5836112f2565b915061138f602084016112f2565b634e487b7160e01b600052601160045260246000fd5b8082028115828204841417610af757610af7611503565b60008261154d57634e487b7160e01b600052601260045260246000fd5b500490565b80820180821115610af757610af7611503565b60006020828403121561157757600080fd5b5051919050565b60006020828403121561159057600080fd5b81518015158114610af457600080fd5b6001600160a01b0384168152604060208201819052810182905260008360608301825b858110156115f1576001600160a01b036115dc846112f2565b168252602092830192909101906001016115c3565b50969550505050505056fea264697066735822122049051de2b59314bd26c5a13ebb41ce87e729a9f178b8e53020a6dc440ec7de2b64736f6c634300081a0033
Constructor Arguments (ABI-Encoded and is the last bytes of the Contract Creation Code above)
000000000000000000000000e56e05a3e1375a147c122e5883667e57159485e6000000000000000000000000315f8aa5823580d3135bdc5bdf1d658be9eeb2d6
-----Decoded View---------------
Arg [0] : deuro_ (address): 0xe56E05a3E1375a147C122E5883667e57159485e6
Arg [1] : deps_ (address): 0x315f8Aa5823580d3135Bdc5BDf1D658be9eeb2D6
-----Encoded View---------------
2 Constructor Arguments found :
Arg [0] : 000000000000000000000000e56e05a3e1375a147c122e5883667e57159485e6
Arg [1] : 000000000000000000000000315f8aa5823580d3135bdc5bdf1d658be9eeb2d6
Loading...
Loading
Loading...
Loading
0x4693ed9c9ACfeF5df8E7D9c8F97d5eEBf406e7C7
Net Worth in USD
$0.00
Net Worth in ETH
0
Multichain Portfolio | 33 Chains
| Chain | Token | Portfolio % | Price | Amount | Value |
|---|
Loading...
Loading
Loading...
Loading
Loading...
Loading
[ Download: CSV Export ]
A contract address hosts a smart contract, which is a set of code stored on the blockchain that runs when predetermined conditions are met. Learn more about addresses in our Knowledge Base.