Transaction Hash:
Block:
21245661 at Nov-22-2024 08:29:23 PM +UTC
Transaction Fee:
0.000625201329299988 ETH
$1.28
Gas Used:
56,532 Gas / 11.059246609 Gwei
Emitted Events:
| 379 |
ERC1967Proxy.0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef( 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef, 0x00000000000000000000000003d03a026e71979be3b08d44b01eae4c5ff9da99, 0x000000000000000000000000e32e3bd2ec560513cab4757564ca50d13caf9f7f, 0000000000000000000000000000000000000000000000000f10787fafafc000 )
|
Account State Difference:
| Address | Before | After | State Difference | ||
|---|---|---|---|---|---|
| 0x03d03A02...C5FF9da99 |
0.611085080048509917 Eth
Nonce: 3136
|
0.610459878719209929 Eth
Nonce: 3137
| 0.000625201329299988 | ||
|
0x4838B106...B0BAD5f97
Miner
| (Titan Builder) | 8.568244685154786774 Eth | 8.568248883221106774 Eth | 0.00000419806632 | |
| 0xE72B141D...833Ce56a8 |
Execution Trace
ERC1967Proxy.a9059cbb( )
ERC1967Proxy.a9059cbb( )
-
RTokenP1.transfer( to=0xe32e3BD2EC560513CaB4757564cA50D13cAF9F7F, amount=1085500000000000000 ) => ( True )
File 1 of 2: ERC1967Proxy
File 2 of 2: RTokenP1
pragma solidity 0.8.17;
interface IERC1822Proxiable {
/**
* @dev Returns the storage slot that the proxiable contract assumes is being used to store the implementation
* address.
*
* IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks
* bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this
* function revert if invoked through a proxy.
*/
function proxiableUUID() external view returns (bytes32);
}
interface IBeacon {
/**
* @dev Must return an address that can be used as a delegate call target.
*
* {BeaconProxy} will check that this address is a contract.
*/
function implementation() external view returns (address);
}
abstract contract Proxy {
/**
* @dev Delegates the current call to `implementation`.
*
* This function does not return to its internal call site, it will return directly to the external caller.
*/
function _delegate(address implementation) internal virtual {
assembly {
// Copy msg.data. We take full control of memory in this inline assembly
// block because it will not return to Solidity code. We overwrite the
// Solidity scratch pad at memory position 0.
calldatacopy(0, 0, calldatasize())
// Call the implementation.
// out and outsize are 0 because we don't know the size yet.
let result := delegatecall(gas(), implementation, 0, calldatasize(), 0, 0)
// Copy the returned data.
returndatacopy(0, 0, returndatasize())
switch result
// delegatecall returns 0 on error.
case 0 {
revert(0, returndatasize())
}
default {
return(0, returndatasize())
}
}
}
/**
* @dev This is a virtual function that should be overridden so it returns the address to which the fallback function
* and {_fallback} should delegate.
*/
function _implementation() internal view virtual returns (address);
/**
* @dev Delegates the current call to the address returned by `_implementation()`.
*
* This function does not return to its internal call site, it will return directly to the external caller.
*/
function _fallback() internal virtual {
_beforeFallback();
_delegate(_implementation());
}
/**
* @dev Fallback function that delegates calls to the address returned by `_implementation()`. Will run if no other
* function in the contract matches the call data.
*/
fallback() external payable virtual {
_fallback();
}
/**
* @dev Fallback function that delegates calls to the address returned by `_implementation()`. Will run if call data
* is empty.
*/
receive() external payable virtual {
_fallback();
}
/**
* @dev Hook that is called before falling back to the implementation. Can happen as part of a manual `_fallback`
* call, or as part of the Solidity `fallback` or `receive` functions.
*
* If overridden should call `super._beforeFallback()`.
*/
function _beforeFallback() internal virtual {}
}
library StorageSlot {
struct AddressSlot {
address value;
}
struct BooleanSlot {
bool value;
}
struct Bytes32Slot {
bytes32 value;
}
struct Uint256Slot {
uint256 value;
}
/**
* @dev Returns an `AddressSlot` with member `value` located at `slot`.
*/
function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `BooleanSlot` with member `value` located at `slot`.
*/
function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Bytes32Slot` with member `value` located at `slot`.
*/
function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Uint256Slot` with member `value` located at `slot`.
*/
function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
}
library Address {
/**
* @dev Returns true if `account` is a contract.
*
* [IMPORTANT]
* ====
* It is unsafe to assume that an address for which this function returns
* false is an externally-owned account (EOA) and not a contract.
*
* Among others, `isContract` will return false for the following
* types of addresses:
*
* - an externally-owned account
* - a contract in construction
* - an address where a contract will be created
* - an address where a contract lived, but was destroyed
* ====
*
* [IMPORTANT]
* ====
* You shouldn't rely on `isContract` to protect against flash loan attacks!
*
* Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
* like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
* constructor.
* ====
*/
function isContract(address account) internal view returns (bool) {
// This method relies on extcodesize/address.code.length, which returns 0
// for contracts in construction, since the code is only stored at the end
// of the constructor execution.
return account.code.length > 0;
}
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
require(address(this).balance >= amount, "Address: insufficient balance");
(bool success, ) = recipient.call{value: amount}("");
require(success, "Address: unable to send value, recipient may have reverted");
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason, it is bubbled up by this
* function (like regular Solidity function calls).
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*
* _Available since v3.1._
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCall(target, data, "Address: low-level call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
* `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value
) internal returns (bytes memory) {
return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
}
/**
* @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
* with `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value,
string memory errorMessage
) internal returns (bytes memory) {
require(address(this).balance >= value, "Address: insufficient balance for call");
require(isContract(target), "Address: call to non-contract");
(bool success, bytes memory returndata) = target.call{value: value}(data);
return verifyCallResult(success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
return functionStaticCall(target, data, "Address: low-level static call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(
address target,
bytes memory data,
string memory errorMessage
) internal view returns (bytes memory) {
require(isContract(target), "Address: static call to non-contract");
(bool success, bytes memory returndata) = target.staticcall(data);
return verifyCallResult(success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
return functionDelegateCall(target, data, "Address: low-level delegate call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
require(isContract(target), "Address: delegate call to non-contract");
(bool success, bytes memory returndata) = target.delegatecall(data);
return verifyCallResult(success, returndata, errorMessage);
}
/**
* @dev Tool to verifies that a low level call was successful, and revert if it wasn't, either by bubbling the
* revert reason using the provided one.
*
* _Available since v4.3._
*/
function verifyCallResult(
bool success,
bytes memory returndata,
string memory errorMessage
) internal pure returns (bytes memory) {
if (success) {
return returndata;
} else {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly
/// @solidity memory-safe-assembly
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert(errorMessage);
}
}
}
}
/**
* @dev This abstract contract provides getters and event emitting update functions for
* https://eips.ethereum.org/EIPS/eip-1967[EIP1967] slots.
*
* _Available since v4.1._
*
* @custom:oz-upgrades-unsafe-allow delegatecall
*/
abstract contract ERC1967Upgrade {
// This is the keccak-256 hash of "eip1967.proxy.rollback" subtracted by 1
bytes32 private constant _ROLLBACK_SLOT = 0x4910fdfa16fed3260ed0e7147f7cc6da11a60208b5b9406d12a635614ffd9143;
/**
* @dev Storage slot with the address of the current implementation.
* This is the keccak-256 hash of "eip1967.proxy.implementation" subtracted by 1, and is
* validated in the constructor.
*/
bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
/**
* @dev Emitted when the implementation is upgraded.
*/
event Upgraded(address indexed implementation);
/**
* @dev Returns the current implementation address.
*/
function _getImplementation() internal view returns (address) {
return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
}
/**
* @dev Stores a new address in the EIP1967 implementation slot.
*/
function _setImplementation(address newImplementation) private {
require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract");
StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
}
/**
* @dev Perform implementation upgrade
*
* Emits an {Upgraded} event.
*/
function _upgradeTo(address newImplementation) internal {
_setImplementation(newImplementation);
emit Upgraded(newImplementation);
}
/**
* @dev Perform implementation upgrade with additional setup call.
*
* Emits an {Upgraded} event.
*/
function _upgradeToAndCall(
address newImplementation,
bytes memory data,
bool forceCall
) internal {
_upgradeTo(newImplementation);
if (data.length > 0 || forceCall) {
Address.functionDelegateCall(newImplementation, data);
}
}
/**
* @dev Perform implementation upgrade with security checks for UUPS proxies, and additional setup call.
*
* Emits an {Upgraded} event.
*/
function _upgradeToAndCallUUPS(
address newImplementation,
bytes memory data,
bool forceCall
) internal {
// Upgrades from old implementations will perform a rollback test. This test requires the new
// implementation to upgrade back to the old, non-ERC1822 compliant, implementation. Removing
// this special case will break upgrade paths from old UUPS implementation to new ones.
if (StorageSlot.getBooleanSlot(_ROLLBACK_SLOT).value) {
_setImplementation(newImplementation);
} else {
try IERC1822Proxiable(newImplementation).proxiableUUID() returns (bytes32 slot) {
require(slot == _IMPLEMENTATION_SLOT, "ERC1967Upgrade: unsupported proxiableUUID");
} catch {
revert("ERC1967Upgrade: new implementation is not UUPS");
}
_upgradeToAndCall(newImplementation, data, forceCall);
}
}
/**
* @dev Storage slot with the admin of the contract.
* This is the keccak-256 hash of "eip1967.proxy.admin" subtracted by 1, and is
* validated in the constructor.
*/
bytes32 internal constant _ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;
/**
* @dev Emitted when the admin account has changed.
*/
event AdminChanged(address previousAdmin, address newAdmin);
/**
* @dev Returns the current admin.
*/
function _getAdmin() internal view returns (address) {
return StorageSlot.getAddressSlot(_ADMIN_SLOT).value;
}
/**
* @dev Stores a new address in the EIP1967 admin slot.
*/
function _setAdmin(address newAdmin) private {
require(newAdmin != address(0), "ERC1967: new admin is the zero address");
StorageSlot.getAddressSlot(_ADMIN_SLOT).value = newAdmin;
}
/**
* @dev Changes the admin of the proxy.
*
* Emits an {AdminChanged} event.
*/
function _changeAdmin(address newAdmin) internal {
emit AdminChanged(_getAdmin(), newAdmin);
_setAdmin(newAdmin);
}
/**
* @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy.
* This is bytes32(uint256(keccak256('eip1967.proxy.beacon')) - 1)) and is validated in the constructor.
*/
bytes32 internal constant _BEACON_SLOT = 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50;
/**
* @dev Emitted when the beacon is upgraded.
*/
event BeaconUpgraded(address indexed beacon);
/**
* @dev Returns the current beacon.
*/
function _getBeacon() internal view returns (address) {
return StorageSlot.getAddressSlot(_BEACON_SLOT).value;
}
/**
* @dev Stores a new beacon in the EIP1967 beacon slot.
*/
function _setBeacon(address newBeacon) private {
require(Address.isContract(newBeacon), "ERC1967: new beacon is not a contract");
require(
Address.isContract(IBeacon(newBeacon).implementation()),
"ERC1967: beacon implementation is not a contract"
);
StorageSlot.getAddressSlot(_BEACON_SLOT).value = newBeacon;
}
/**
* @dev Perform beacon upgrade with additional setup call. Note: This upgrades the address of the beacon, it does
* not upgrade the implementation contained in the beacon (see {UpgradeableBeacon-_setImplementation} for that).
*
* Emits a {BeaconUpgraded} event.
*/
function _upgradeBeaconToAndCall(
address newBeacon,
bytes memory data,
bool forceCall
) internal {
_setBeacon(newBeacon);
emit BeaconUpgraded(newBeacon);
if (data.length > 0 || forceCall) {
Address.functionDelegateCall(IBeacon(newBeacon).implementation(), data);
}
}
}
contract ERC1967Proxy is Proxy, ERC1967Upgrade {
/**
* @dev Initializes the upgradeable proxy with an initial implementation specified by `_logic`.
*
* If `_data` is nonempty, it's used as data in a delegate call to `_logic`. This will typically be an encoded
* function call, and allows initializing the storage of the proxy like a Solidity constructor.
*/
constructor(address _logic, bytes memory _data) payable {
_upgradeToAndCall(_logic, _data, false);
}
/**
* @dev Returns the current implementation address.
*/
function _implementation() internal view virtual override returns (address impl) {
return ERC1967Upgrade._getImplementation();
}
}File 2 of 2: RTokenP1
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
interface AggregatorV3Interface {
function decimals() external view returns (uint8);
function description() external view returns (string memory);
function version() external view returns (uint256);
function getRoundData(uint80 _roundId)
external
view
returns (
uint80 roundId,
int256 answer,
uint256 startedAt,
uint256 updatedAt,
uint80 answeredInRound
);
function latestRoundData()
external
view
returns (
uint80 roundId,
int256 answer,
uint256 startedAt,
uint256 updatedAt,
uint80 answeredInRound
);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (access/IAccessControl.sol)
pragma solidity ^0.8.0;
/**
* @dev External interface of AccessControl declared to support ERC165 detection.
*/
interface IAccessControlUpgradeable {
/**
* @dev Emitted when `newAdminRole` is set as ``role``'s admin role, replacing `previousAdminRole`
*
* `DEFAULT_ADMIN_ROLE` is the starting admin for all roles, despite
* {RoleAdminChanged} not being emitted signaling this.
*
* _Available since v3.1._
*/
event RoleAdminChanged(bytes32 indexed role, bytes32 indexed previousAdminRole, bytes32 indexed newAdminRole);
/**
* @dev Emitted when `account` is granted `role`.
*
* `sender` is the account that originated the contract call, an admin role
* bearer except when using {AccessControl-_setupRole}.
*/
event RoleGranted(bytes32 indexed role, address indexed account, address indexed sender);
/**
* @dev Emitted when `account` is revoked `role`.
*
* `sender` is the account that originated the contract call:
* - if using `revokeRole`, it is the admin role bearer
* - if using `renounceRole`, it is the role bearer (i.e. `account`)
*/
event RoleRevoked(bytes32 indexed role, address indexed account, address indexed sender);
/**
* @dev Returns `true` if `account` has been granted `role`.
*/
function hasRole(bytes32 role, address account) external view returns (bool);
/**
* @dev Returns the admin role that controls `role`. See {grantRole} and
* {revokeRole}.
*
* To change a role's admin, use {AccessControl-_setRoleAdmin}.
*/
function getRoleAdmin(bytes32 role) external view returns (bytes32);
/**
* @dev Grants `role` to `account`.
*
* If `account` had not been already granted `role`, emits a {RoleGranted}
* event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*/
function grantRole(bytes32 role, address account) external;
/**
* @dev Revokes `role` from `account`.
*
* If `account` had been granted `role`, emits a {RoleRevoked} event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*/
function revokeRole(bytes32 role, address account) external;
/**
* @dev Revokes `role` from the calling account.
*
* Roles are often managed via {grantRole} and {revokeRole}: this function's
* purpose is to provide a mechanism for accounts to lose their privileges
* if they are compromised (such as when a trusted device is misplaced).
*
* If the calling account had been granted `role`, emits a {RoleRevoked}
* event.
*
* Requirements:
*
* - the caller must be `account`.
*/
function renounceRole(bytes32 role, address account) external;
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (interfaces/draft-IERC1822.sol)
pragma solidity ^0.8.0;
/**
* @dev ERC1822: Universal Upgradeable Proxy Standard (UUPS) documents a method for upgradeability through a simplified
* proxy whose upgrades are fully controlled by the current implementation.
*/
interface IERC1822ProxiableUpgradeable {
/**
* @dev Returns the storage slot that the proxiable contract assumes is being used to store the implementation
* address.
*
* IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks
* bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this
* function revert if invoked through a proxy.
*/
function proxiableUUID() external view returns (bytes32);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (interfaces/IERC1271.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC1271 standard signature validation method for
* contracts as defined in https://eips.ethereum.org/EIPS/eip-1271[ERC-1271].
*
* _Available since v4.1._
*/
interface IERC1271Upgradeable {
/**
* @dev Should return whether the signature provided is valid for the provided data
* @param hash Hash of the data to be signed
* @param signature Signature byte array associated with _data
*/
function isValidSignature(bytes32 hash, bytes memory signature) external view returns (bytes4 magicValue);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (interfaces/IERC1967.sol)
pragma solidity ^0.8.0;
/**
* @dev ERC-1967: Proxy Storage Slots. This interface contains the events defined in the ERC.
*
* _Available since v4.8.3._
*/
interface IERC1967Upgradeable {
/**
* @dev Emitted when the implementation is upgraded.
*/
event Upgraded(address indexed implementation);
/**
* @dev Emitted when the admin account has changed.
*/
event AdminChanged(address previousAdmin, address newAdmin);
/**
* @dev Emitted when the beacon is changed.
*/
event BeaconUpgraded(address indexed beacon);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (interfaces/IERC5267.sol)
pragma solidity ^0.8.0;
interface IERC5267Upgradeable {
/**
* @dev MAY be emitted to signal that the domain could have changed.
*/
event EIP712DomainChanged();
/**
* @dev returns the fields and values that describe the domain separator used by this contract for EIP-712
* signature.
*/
function eip712Domain()
external
view
returns (
bytes1 fields,
string memory name,
string memory version,
uint256 chainId,
address verifyingContract,
bytes32 salt,
uint256[] memory extensions
);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (proxy/beacon/IBeacon.sol)
pragma solidity ^0.8.0;
/**
* @dev This is the interface that {BeaconProxy} expects of its beacon.
*/
interface IBeaconUpgradeable {
/**
* @dev Must return an address that can be used as a delegate call target.
*
* {BeaconProxy} will check that this address is a contract.
*/
function implementation() external view returns (address);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (proxy/ERC1967/ERC1967Upgrade.sol)
pragma solidity ^0.8.2;
import "../beacon/IBeaconUpgradeable.sol";
import "../../interfaces/IERC1967Upgradeable.sol";
import "../../interfaces/draft-IERC1822Upgradeable.sol";
import "../../utils/AddressUpgradeable.sol";
import "../../utils/StorageSlotUpgradeable.sol";
import {Initializable} from "../utils/Initializable.sol";
/**
* @dev This abstract contract provides getters and event emitting update functions for
* https://eips.ethereum.org/EIPS/eip-1967[EIP1967] slots.
*
* _Available since v4.1._
*/
abstract contract ERC1967UpgradeUpgradeable is Initializable, IERC1967Upgradeable {
// This is the keccak-256 hash of "eip1967.proxy.rollback" subtracted by 1
bytes32 private constant _ROLLBACK_SLOT = 0x4910fdfa16fed3260ed0e7147f7cc6da11a60208b5b9406d12a635614ffd9143;
/**
* @dev Storage slot with the address of the current implementation.
* This is the keccak-256 hash of "eip1967.proxy.implementation" subtracted by 1, and is
* validated in the constructor.
*/
bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
function __ERC1967Upgrade_init() internal onlyInitializing {
}
function __ERC1967Upgrade_init_unchained() internal onlyInitializing {
}
/**
* @dev Returns the current implementation address.
*/
function _getImplementation() internal view returns (address) {
return StorageSlotUpgradeable.getAddressSlot(_IMPLEMENTATION_SLOT).value;
}
/**
* @dev Stores a new address in the EIP1967 implementation slot.
*/
function _setImplementation(address newImplementation) private {
require(AddressUpgradeable.isContract(newImplementation), "ERC1967: new implementation is not a contract");
StorageSlotUpgradeable.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
}
/**
* @dev Perform implementation upgrade
*
* Emits an {Upgraded} event.
*/
function _upgradeTo(address newImplementation) internal {
_setImplementation(newImplementation);
emit Upgraded(newImplementation);
}
/**
* @dev Perform implementation upgrade with additional setup call.
*
* Emits an {Upgraded} event.
*/
function _upgradeToAndCall(address newImplementation, bytes memory data, bool forceCall) internal {
_upgradeTo(newImplementation);
if (data.length > 0 || forceCall) {
AddressUpgradeable.functionDelegateCall(newImplementation, data);
}
}
/**
* @dev Perform implementation upgrade with security checks for UUPS proxies, and additional setup call.
*
* Emits an {Upgraded} event.
*/
function _upgradeToAndCallUUPS(address newImplementation, bytes memory data, bool forceCall) internal {
// Upgrades from old implementations will perform a rollback test. This test requires the new
// implementation to upgrade back to the old, non-ERC1822 compliant, implementation. Removing
// this special case will break upgrade paths from old UUPS implementation to new ones.
if (StorageSlotUpgradeable.getBooleanSlot(_ROLLBACK_SLOT).value) {
_setImplementation(newImplementation);
} else {
try IERC1822ProxiableUpgradeable(newImplementation).proxiableUUID() returns (bytes32 slot) {
require(slot == _IMPLEMENTATION_SLOT, "ERC1967Upgrade: unsupported proxiableUUID");
} catch {
revert("ERC1967Upgrade: new implementation is not UUPS");
}
_upgradeToAndCall(newImplementation, data, forceCall);
}
}
/**
* @dev Storage slot with the admin of the contract.
* This is the keccak-256 hash of "eip1967.proxy.admin" subtracted by 1, and is
* validated in the constructor.
*/
bytes32 internal constant _ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;
/**
* @dev Returns the current admin.
*/
function _getAdmin() internal view returns (address) {
return StorageSlotUpgradeable.getAddressSlot(_ADMIN_SLOT).value;
}
/**
* @dev Stores a new address in the EIP1967 admin slot.
*/
function _setAdmin(address newAdmin) private {
require(newAdmin != address(0), "ERC1967: new admin is the zero address");
StorageSlotUpgradeable.getAddressSlot(_ADMIN_SLOT).value = newAdmin;
}
/**
* @dev Changes the admin of the proxy.
*
* Emits an {AdminChanged} event.
*/
function _changeAdmin(address newAdmin) internal {
emit AdminChanged(_getAdmin(), newAdmin);
_setAdmin(newAdmin);
}
/**
* @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy.
* This is bytes32(uint256(keccak256('eip1967.proxy.beacon')) - 1)) and is validated in the constructor.
*/
bytes32 internal constant _BEACON_SLOT = 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50;
/**
* @dev Returns the current beacon.
*/
function _getBeacon() internal view returns (address) {
return StorageSlotUpgradeable.getAddressSlot(_BEACON_SLOT).value;
}
/**
* @dev Stores a new beacon in the EIP1967 beacon slot.
*/
function _setBeacon(address newBeacon) private {
require(AddressUpgradeable.isContract(newBeacon), "ERC1967: new beacon is not a contract");
require(
AddressUpgradeable.isContract(IBeaconUpgradeable(newBeacon).implementation()),
"ERC1967: beacon implementation is not a contract"
);
StorageSlotUpgradeable.getAddressSlot(_BEACON_SLOT).value = newBeacon;
}
/**
* @dev Perform beacon upgrade with additional setup call. Note: This upgrades the address of the beacon, it does
* not upgrade the implementation contained in the beacon (see {UpgradeableBeacon-_setImplementation} for that).
*
* Emits a {BeaconUpgraded} event.
*/
function _upgradeBeaconToAndCall(address newBeacon, bytes memory data, bool forceCall) internal {
_setBeacon(newBeacon);
emit BeaconUpgraded(newBeacon);
if (data.length > 0 || forceCall) {
AddressUpgradeable.functionDelegateCall(IBeaconUpgradeable(newBeacon).implementation(), data);
}
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[50] private __gap;
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (proxy/utils/Initializable.sol)
pragma solidity ^0.8.2;
import "../../utils/AddressUpgradeable.sol";
/**
* @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
* behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
* external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
* function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
*
* The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
* reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
* case an upgrade adds a module that needs to be initialized.
*
* For example:
*
* [.hljs-theme-light.nopadding]
* ```solidity
* contract MyToken is ERC20Upgradeable {
* function initialize() initializer public {
* __ERC20_init("MyToken", "MTK");
* }
* }
*
* contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
* function initializeV2() reinitializer(2) public {
* __ERC20Permit_init("MyToken");
* }
* }
* ```
*
* TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
* possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
*
* CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
* that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
*
* [CAUTION]
* ====
* Avoid leaving a contract uninitialized.
*
* An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
* contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
* the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
*
* [.hljs-theme-light.nopadding]
* ```
* /// @custom:oz-upgrades-unsafe-allow constructor
* constructor() {
* _disableInitializers();
* }
* ```
* ====
*/
abstract contract Initializable {
/**
* @dev Indicates that the contract has been initialized.
* @custom:oz-retyped-from bool
*/
uint8 private _initialized;
/**
* @dev Indicates that the contract is in the process of being initialized.
*/
bool private _initializing;
/**
* @dev Triggered when the contract has been initialized or reinitialized.
*/
event Initialized(uint8 version);
/**
* @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
* `onlyInitializing` functions can be used to initialize parent contracts.
*
* Similar to `reinitializer(1)`, except that functions marked with `initializer` can be nested in the context of a
* constructor.
*
* Emits an {Initialized} event.
*/
modifier initializer() {
bool isTopLevelCall = !_initializing;
require(
(isTopLevelCall && _initialized < 1) || (!AddressUpgradeable.isContract(address(this)) && _initialized == 1),
"Initializable: contract is already initialized"
);
_initialized = 1;
if (isTopLevelCall) {
_initializing = true;
}
_;
if (isTopLevelCall) {
_initializing = false;
emit Initialized(1);
}
}
/**
* @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
* contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
* used to initialize parent contracts.
*
* A reinitializer may be used after the original initialization step. This is essential to configure modules that
* are added through upgrades and that require initialization.
*
* When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`
* cannot be nested. If one is invoked in the context of another, execution will revert.
*
* Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
* a contract, executing them in the right order is up to the developer or operator.
*
* WARNING: setting the version to 255 will prevent any future reinitialization.
*
* Emits an {Initialized} event.
*/
modifier reinitializer(uint8 version) {
require(!_initializing && _initialized < version, "Initializable: contract is already initialized");
_initialized = version;
_initializing = true;
_;
_initializing = false;
emit Initialized(version);
}
/**
* @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
* {initializer} and {reinitializer} modifiers, directly or indirectly.
*/
modifier onlyInitializing() {
require(_initializing, "Initializable: contract is not initializing");
_;
}
/**
* @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
* Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
* to any version. It is recommended to use this to lock implementation contracts that are designed to be called
* through proxies.
*
* Emits an {Initialized} event the first time it is successfully executed.
*/
function _disableInitializers() internal virtual {
require(!_initializing, "Initializable: contract is initializing");
if (_initialized != type(uint8).max) {
_initialized = type(uint8).max;
emit Initialized(type(uint8).max);
}
}
/**
* @dev Returns the highest version that has been initialized. See {reinitializer}.
*/
function _getInitializedVersion() internal view returns (uint8) {
return _initialized;
}
/**
* @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.
*/
function _isInitializing() internal view returns (bool) {
return _initializing;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (proxy/utils/UUPSUpgradeable.sol)
pragma solidity ^0.8.0;
import "../../interfaces/draft-IERC1822Upgradeable.sol";
import "../ERC1967/ERC1967UpgradeUpgradeable.sol";
import {Initializable} from "./Initializable.sol";
/**
* @dev An upgradeability mechanism designed for UUPS proxies. The functions included here can perform an upgrade of an
* {ERC1967Proxy}, when this contract is set as the implementation behind such a proxy.
*
* A security mechanism ensures that an upgrade does not turn off upgradeability accidentally, although this risk is
* reinstated if the upgrade retains upgradeability but removes the security mechanism, e.g. by replacing
* `UUPSUpgradeable` with a custom implementation of upgrades.
*
* The {_authorizeUpgrade} function must be overridden to include access restriction to the upgrade mechanism.
*
* _Available since v4.1._
*/
abstract contract UUPSUpgradeable is Initializable, IERC1822ProxiableUpgradeable, ERC1967UpgradeUpgradeable {
/// @custom:oz-upgrades-unsafe-allow state-variable-immutable state-variable-assignment
address private immutable __self = address(this);
/**
* @dev Check that the execution is being performed through a delegatecall call and that the execution context is
* a proxy contract with an implementation (as defined in ERC1967) pointing to self. This should only be the case
* for UUPS and transparent proxies that are using the current contract as their implementation. Execution of a
* function through ERC1167 minimal proxies (clones) would not normally pass this test, but is not guaranteed to
* fail.
*/
modifier onlyProxy() {
require(address(this) != __self, "Function must be called through delegatecall");
require(_getImplementation() == __self, "Function must be called through active proxy");
_;
}
/**
* @dev Check that the execution is not being performed through a delegate call. This allows a function to be
* callable on the implementing contract but not through proxies.
*/
modifier notDelegated() {
require(address(this) == __self, "UUPSUpgradeable: must not be called through delegatecall");
_;
}
function __UUPSUpgradeable_init() internal onlyInitializing {
}
function __UUPSUpgradeable_init_unchained() internal onlyInitializing {
}
/**
* @dev Implementation of the ERC1822 {proxiableUUID} function. This returns the storage slot used by the
* implementation. It is used to validate the implementation's compatibility when performing an upgrade.
*
* IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks
* bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this
* function revert if invoked through a proxy. This is guaranteed by the `notDelegated` modifier.
*/
function proxiableUUID() external view virtual override notDelegated returns (bytes32) {
return _IMPLEMENTATION_SLOT;
}
/**
* @dev Upgrade the implementation of the proxy to `newImplementation`.
*
* Calls {_authorizeUpgrade}.
*
* Emits an {Upgraded} event.
*
* @custom:oz-upgrades-unsafe-allow-reachable delegatecall
*/
function upgradeTo(address newImplementation) public virtual onlyProxy {
_authorizeUpgrade(newImplementation);
_upgradeToAndCallUUPS(newImplementation, new bytes(0), false);
}
/**
* @dev Upgrade the implementation of the proxy to `newImplementation`, and subsequently execute the function call
* encoded in `data`.
*
* Calls {_authorizeUpgrade}.
*
* Emits an {Upgraded} event.
*
* @custom:oz-upgrades-unsafe-allow-reachable delegatecall
*/
function upgradeToAndCall(address newImplementation, bytes memory data) public payable virtual onlyProxy {
_authorizeUpgrade(newImplementation);
_upgradeToAndCallUUPS(newImplementation, data, true);
}
/**
* @dev Function that should revert when `msg.sender` is not authorized to upgrade the contract. Called by
* {upgradeTo} and {upgradeToAndCall}.
*
* Normally, this function will use an xref:access.adoc[access control] modifier such as {Ownable-onlyOwner}.
*
* ```solidity
* function _authorizeUpgrade(address) internal override onlyOwner {}
* ```
*/
function _authorizeUpgrade(address newImplementation) internal virtual;
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[50] private __gap;
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/ERC20.sol)
pragma solidity ^0.8.0;
import "./IERC20Upgradeable.sol";
import "./extensions/IERC20MetadataUpgradeable.sol";
import "../../utils/ContextUpgradeable.sol";
import {Initializable} from "../../proxy/utils/Initializable.sol";
/**
* @dev Implementation of the {IERC20} interface.
*
* This implementation is agnostic to the way tokens are created. This means
* that a supply mechanism has to be added in a derived contract using {_mint}.
* For a generic mechanism see {ERC20PresetMinterPauser}.
*
* TIP: For a detailed writeup see our guide
* https://forum.openzeppelin.com/t/how-to-implement-erc20-supply-mechanisms/226[How
* to implement supply mechanisms].
*
* The default value of {decimals} is 18. To change this, you should override
* this function so it returns a different value.
*
* We have followed general OpenZeppelin Contracts guidelines: functions revert
* instead returning `false` on failure. This behavior is nonetheless
* conventional and does not conflict with the expectations of ERC20
* applications.
*
* Additionally, an {Approval} event is emitted on calls to {transferFrom}.
* This allows applications to reconstruct the allowance for all accounts just
* by listening to said events. Other implementations of the EIP may not emit
* these events, as it isn't required by the specification.
*
* Finally, the non-standard {decreaseAllowance} and {increaseAllowance}
* functions have been added to mitigate the well-known issues around setting
* allowances. See {IERC20-approve}.
*/
contract ERC20Upgradeable is Initializable, ContextUpgradeable, IERC20Upgradeable, IERC20MetadataUpgradeable {
mapping(address => uint256) private _balances;
mapping(address => mapping(address => uint256)) private _allowances;
uint256 private _totalSupply;
string private _name;
string private _symbol;
/**
* @dev Sets the values for {name} and {symbol}.
*
* All two of these values are immutable: they can only be set once during
* construction.
*/
function __ERC20_init(string memory name_, string memory symbol_) internal onlyInitializing {
__ERC20_init_unchained(name_, symbol_);
}
function __ERC20_init_unchained(string memory name_, string memory symbol_) internal onlyInitializing {
_name = name_;
_symbol = symbol_;
}
/**
* @dev Returns the name of the token.
*/
function name() public view virtual override returns (string memory) {
return _name;
}
/**
* @dev Returns the symbol of the token, usually a shorter version of the
* name.
*/
function symbol() public view virtual override returns (string memory) {
return _symbol;
}
/**
* @dev Returns the number of decimals used to get its user representation.
* For example, if `decimals` equals `2`, a balance of `505` tokens should
* be displayed to a user as `5.05` (`505 / 10 ** 2`).
*
* Tokens usually opt for a value of 18, imitating the relationship between
* Ether and Wei. This is the default value returned by this function, unless
* it's overridden.
*
* NOTE: This information is only used for _display_ purposes: it in
* no way affects any of the arithmetic of the contract, including
* {IERC20-balanceOf} and {IERC20-transfer}.
*/
function decimals() public view virtual override returns (uint8) {
return 18;
}
/**
* @dev See {IERC20-totalSupply}.
*/
function totalSupply() public view virtual override returns (uint256) {
return _totalSupply;
}
/**
* @dev See {IERC20-balanceOf}.
*/
function balanceOf(address account) public view virtual override returns (uint256) {
return _balances[account];
}
/**
* @dev See {IERC20-transfer}.
*
* Requirements:
*
* - `to` cannot be the zero address.
* - the caller must have a balance of at least `amount`.
*/
function transfer(address to, uint256 amount) public virtual override returns (bool) {
address owner = _msgSender();
_transfer(owner, to, amount);
return true;
}
/**
* @dev See {IERC20-allowance}.
*/
function allowance(address owner, address spender) public view virtual override returns (uint256) {
return _allowances[owner][spender];
}
/**
* @dev See {IERC20-approve}.
*
* NOTE: If `amount` is the maximum `uint256`, the allowance is not updated on
* `transferFrom`. This is semantically equivalent to an infinite approval.
*
* Requirements:
*
* - `spender` cannot be the zero address.
*/
function approve(address spender, uint256 amount) public virtual override returns (bool) {
address owner = _msgSender();
_approve(owner, spender, amount);
return true;
}
/**
* @dev See {IERC20-transferFrom}.
*
* Emits an {Approval} event indicating the updated allowance. This is not
* required by the EIP. See the note at the beginning of {ERC20}.
*
* NOTE: Does not update the allowance if the current allowance
* is the maximum `uint256`.
*
* Requirements:
*
* - `from` and `to` cannot be the zero address.
* - `from` must have a balance of at least `amount`.
* - the caller must have allowance for ``from``'s tokens of at least
* `amount`.
*/
function transferFrom(address from, address to, uint256 amount) public virtual override returns (bool) {
address spender = _msgSender();
_spendAllowance(from, spender, amount);
_transfer(from, to, amount);
return true;
}
/**
* @dev Atomically increases the allowance granted to `spender` by the caller.
*
* This is an alternative to {approve} that can be used as a mitigation for
* problems described in {IERC20-approve}.
*
* Emits an {Approval} event indicating the updated allowance.
*
* Requirements:
*
* - `spender` cannot be the zero address.
*/
function increaseAllowance(address spender, uint256 addedValue) public virtual returns (bool) {
address owner = _msgSender();
_approve(owner, spender, allowance(owner, spender) + addedValue);
return true;
}
/**
* @dev Atomically decreases the allowance granted to `spender` by the caller.
*
* This is an alternative to {approve} that can be used as a mitigation for
* problems described in {IERC20-approve}.
*
* Emits an {Approval} event indicating the updated allowance.
*
* Requirements:
*
* - `spender` cannot be the zero address.
* - `spender` must have allowance for the caller of at least
* `subtractedValue`.
*/
function decreaseAllowance(address spender, uint256 subtractedValue) public virtual returns (bool) {
address owner = _msgSender();
uint256 currentAllowance = allowance(owner, spender);
require(currentAllowance >= subtractedValue, "ERC20: decreased allowance below zero");
unchecked {
_approve(owner, spender, currentAllowance - subtractedValue);
}
return true;
}
/**
* @dev Moves `amount` of tokens from `from` to `to`.
*
* This internal function is equivalent to {transfer}, and can be used to
* e.g. implement automatic token fees, slashing mechanisms, etc.
*
* Emits a {Transfer} event.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `from` must have a balance of at least `amount`.
*/
function _transfer(address from, address to, uint256 amount) internal virtual {
require(from != address(0), "ERC20: transfer from the zero address");
require(to != address(0), "ERC20: transfer to the zero address");
_beforeTokenTransfer(from, to, amount);
uint256 fromBalance = _balances[from];
require(fromBalance >= amount, "ERC20: transfer amount exceeds balance");
unchecked {
_balances[from] = fromBalance - amount;
// Overflow not possible: the sum of all balances is capped by totalSupply, and the sum is preserved by
// decrementing then incrementing.
_balances[to] += amount;
}
emit Transfer(from, to, amount);
_afterTokenTransfer(from, to, amount);
}
/** @dev Creates `amount` tokens and assigns them to `account`, increasing
* the total supply.
*
* Emits a {Transfer} event with `from` set to the zero address.
*
* Requirements:
*
* - `account` cannot be the zero address.
*/
function _mint(address account, uint256 amount) internal virtual {
require(account != address(0), "ERC20: mint to the zero address");
_beforeTokenTransfer(address(0), account, amount);
_totalSupply += amount;
unchecked {
// Overflow not possible: balance + amount is at most totalSupply + amount, which is checked above.
_balances[account] += amount;
}
emit Transfer(address(0), account, amount);
_afterTokenTransfer(address(0), account, amount);
}
/**
* @dev Destroys `amount` tokens from `account`, reducing the
* total supply.
*
* Emits a {Transfer} event with `to` set to the zero address.
*
* Requirements:
*
* - `account` cannot be the zero address.
* - `account` must have at least `amount` tokens.
*/
function _burn(address account, uint256 amount) internal virtual {
require(account != address(0), "ERC20: burn from the zero address");
_beforeTokenTransfer(account, address(0), amount);
uint256 accountBalance = _balances[account];
require(accountBalance >= amount, "ERC20: burn amount exceeds balance");
unchecked {
_balances[account] = accountBalance - amount;
// Overflow not possible: amount <= accountBalance <= totalSupply.
_totalSupply -= amount;
}
emit Transfer(account, address(0), amount);
_afterTokenTransfer(account, address(0), amount);
}
/**
* @dev Sets `amount` as the allowance of `spender` over the `owner` s tokens.
*
* This internal function is equivalent to `approve`, and can be used to
* e.g. set automatic allowances for certain subsystems, etc.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `owner` cannot be the zero address.
* - `spender` cannot be the zero address.
*/
function _approve(address owner, address spender, uint256 amount) internal virtual {
require(owner != address(0), "ERC20: approve from the zero address");
require(spender != address(0), "ERC20: approve to the zero address");
_allowances[owner][spender] = amount;
emit Approval(owner, spender, amount);
}
/**
* @dev Updates `owner` s allowance for `spender` based on spent `amount`.
*
* Does not update the allowance amount in case of infinite allowance.
* Revert if not enough allowance is available.
*
* Might emit an {Approval} event.
*/
function _spendAllowance(address owner, address spender, uint256 amount) internal virtual {
uint256 currentAllowance = allowance(owner, spender);
if (currentAllowance != type(uint256).max) {
require(currentAllowance >= amount, "ERC20: insufficient allowance");
unchecked {
_approve(owner, spender, currentAllowance - amount);
}
}
}
/**
* @dev Hook that is called before any transfer of tokens. This includes
* minting and burning.
*
* Calling conditions:
*
* - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens
* will be transferred to `to`.
* - when `from` is zero, `amount` tokens will be minted for `to`.
* - when `to` is zero, `amount` of ``from``'s tokens will be burned.
* - `from` and `to` are never both zero.
*
* To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks].
*/
function _beforeTokenTransfer(address from, address to, uint256 amount) internal virtual {}
/**
* @dev Hook that is called after any transfer of tokens. This includes
* minting and burning.
*
* Calling conditions:
*
* - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens
* has been transferred to `to`.
* - when `from` is zero, `amount` tokens have been minted for `to`.
* - when `to` is zero, `amount` of ``from``'s tokens have been burned.
* - `from` and `to` are never both zero.
*
* To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks].
*/
function _afterTokenTransfer(address from, address to, uint256 amount) internal virtual {}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[45] private __gap;
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/extensions/draft-IERC20Permit.sol)
pragma solidity ^0.8.0;
// EIP-2612 is Final as of 2022-11-01. This file is deprecated.
import "./IERC20PermitUpgradeable.sol";
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (token/ERC20/extensions/IERC20Metadata.sol)
pragma solidity ^0.8.0;
import "../IERC20Upgradeable.sol";
/**
* @dev Interface for the optional metadata functions from the ERC20 standard.
*
* _Available since v4.1._
*/
interface IERC20MetadataUpgradeable is IERC20Upgradeable {
/**
* @dev Returns the name of the token.
*/
function name() external view returns (string memory);
/**
* @dev Returns the symbol of the token.
*/
function symbol() external view returns (string memory);
/**
* @dev Returns the decimals places of the token.
*/
function decimals() external view returns (uint8);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.4) (token/ERC20/extensions/IERC20Permit.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
* https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
*
* Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
* presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't
* need to send a transaction, and thus is not required to hold Ether at all.
*
* ==== Security Considerations
*
* There are two important considerations concerning the use of `permit`. The first is that a valid permit signature
* expresses an allowance, and it should not be assumed to convey additional meaning. In particular, it should not be
* considered as an intention to spend the allowance in any specific way. The second is that because permits have
* built-in replay protection and can be submitted by anyone, they can be frontrun. A protocol that uses permits should
* take this into consideration and allow a `permit` call to fail. Combining these two aspects, a pattern that may be
* generally recommended is:
*
* ```solidity
* function doThingWithPermit(..., uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s) public {
* try token.permit(msg.sender, address(this), value, deadline, v, r, s) {} catch {}
* doThing(..., value);
* }
*
* function doThing(..., uint256 value) public {
* token.safeTransferFrom(msg.sender, address(this), value);
* ...
* }
* ```
*
* Observe that: 1) `msg.sender` is used as the owner, leaving no ambiguity as to the signer intent, and 2) the use of
* `try/catch` allows the permit to fail and makes the code tolerant to frontrunning. (See also
* {SafeERC20-safeTransferFrom}).
*
* Additionally, note that smart contract wallets (such as Argent or Safe) are not able to produce permit signatures, so
* contracts should have entry points that don't rely on permit.
*/
interface IERC20PermitUpgradeable {
/**
* @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,
* given ``owner``'s signed approval.
*
* IMPORTANT: The same issues {IERC20-approve} has related to transaction
* ordering also apply here.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `spender` cannot be the zero address.
* - `deadline` must be a timestamp in the future.
* - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`
* over the EIP712-formatted function arguments.
* - the signature must use ``owner``'s current nonce (see {nonces}).
*
* For more information on the signature format, see the
* https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP
* section].
*
* CAUTION: See Security Considerations above.
*/
function permit(
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) external;
/**
* @dev Returns the current nonce for `owner`. This value must be
* included whenever a signature is generated for {permit}.
*
* Every successful call to {permit} increases ``owner``'s nonce by one. This
* prevents a signature from being used multiple times.
*/
function nonces(address owner) external view returns (uint256);
/**
* @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.
*/
// solhint-disable-next-line func-name-mixedcase
function DOMAIN_SEPARATOR() external view returns (bytes32);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/IERC20.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/
interface IERC20Upgradeable {
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
/**
* @dev Returns the amount of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the amount of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves `amount` tokens from the caller's account to `to`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address to, uint256 amount) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 amount) external returns (bool);
/**
* @dev Moves `amount` tokens from `from` to `to` using the
* allowance mechanism. `amount` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(address from, address to, uint256 amount) external returns (bool);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.3) (token/ERC20/utils/SafeERC20.sol)
pragma solidity ^0.8.0;
import "../IERC20Upgradeable.sol";
import "../extensions/IERC20PermitUpgradeable.sol";
import "../../../utils/AddressUpgradeable.sol";
/**
* @title SafeERC20
* @dev Wrappers around ERC20 operations that throw on failure (when the token
* contract returns false). Tokens that return no value (and instead revert or
* throw on failure) are also supported, non-reverting calls are assumed to be
* successful.
* To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
* which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
*/
library SafeERC20Upgradeable {
using AddressUpgradeable for address;
/**
* @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeTransfer(IERC20Upgradeable token, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));
}
/**
* @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the
* calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.
*/
function safeTransferFrom(IERC20Upgradeable token, address from, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));
}
/**
* @dev Deprecated. This function has issues similar to the ones found in
* {IERC20-approve}, and its usage is discouraged.
*
* Whenever possible, use {safeIncreaseAllowance} and
* {safeDecreaseAllowance} instead.
*/
function safeApprove(IERC20Upgradeable token, address spender, uint256 value) internal {
// safeApprove should only be called when setting an initial allowance,
// or when resetting it to zero. To increase and decrease it, use
// 'safeIncreaseAllowance' and 'safeDecreaseAllowance'
require(
(value == 0) || (token.allowance(address(this), spender) == 0),
"SafeERC20: approve from non-zero to non-zero allowance"
);
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));
}
/**
* @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeIncreaseAllowance(IERC20Upgradeable token, address spender, uint256 value) internal {
uint256 oldAllowance = token.allowance(address(this), spender);
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance + value));
}
/**
* @dev Decrease the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeDecreaseAllowance(IERC20Upgradeable token, address spender, uint256 value) internal {
unchecked {
uint256 oldAllowance = token.allowance(address(this), spender);
require(oldAllowance >= value, "SafeERC20: decreased allowance below zero");
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance - value));
}
}
/**
* @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval
* to be set to zero before setting it to a non-zero value, such as USDT.
*/
function forceApprove(IERC20Upgradeable token, address spender, uint256 value) internal {
bytes memory approvalCall = abi.encodeWithSelector(token.approve.selector, spender, value);
if (!_callOptionalReturnBool(token, approvalCall)) {
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, 0));
_callOptionalReturn(token, approvalCall);
}
}
/**
* @dev Use a ERC-2612 signature to set the `owner` approval toward `spender` on `token`.
* Revert on invalid signature.
*/
function safePermit(
IERC20PermitUpgradeable token,
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) internal {
uint256 nonceBefore = token.nonces(owner);
token.permit(owner, spender, value, deadline, v, r, s);
uint256 nonceAfter = token.nonces(owner);
require(nonceAfter == nonceBefore + 1, "SafeERC20: permit did not succeed");
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*/
function _callOptionalReturn(IERC20Upgradeable token, bytes memory data) private {
// We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
// we're implementing it ourselves. We use {Address-functionCall} to perform this call, which verifies that
// the target address contains contract code and also asserts for success in the low-level call.
bytes memory returndata = address(token).functionCall(data, "SafeERC20: low-level call failed");
require(returndata.length == 0 || abi.decode(returndata, (bool)), "SafeERC20: ERC20 operation did not succeed");
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*
* This is a variant of {_callOptionalReturn} that silents catches all reverts and returns a bool instead.
*/
function _callOptionalReturnBool(IERC20Upgradeable token, bytes memory data) private returns (bool) {
// We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
// we're implementing it ourselves. We cannot use {Address-functionCall} here since this should return false
// and not revert is the subcall reverts.
(bool success, bytes memory returndata) = address(token).call(data);
return
success && (returndata.length == 0 || abi.decode(returndata, (bool))) && AddressUpgradeable.isContract(address(token));
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)
pragma solidity ^0.8.1;
/**
* @dev Collection of functions related to the address type
*/
library AddressUpgradeable {
/**
* @dev Returns true if `account` is a contract.
*
* [IMPORTANT]
* ====
* It is unsafe to assume that an address for which this function returns
* false is an externally-owned account (EOA) and not a contract.
*
* Among others, `isContract` will return false for the following
* types of addresses:
*
* - an externally-owned account
* - a contract in construction
* - an address where a contract will be created
* - an address where a contract lived, but was destroyed
*
* Furthermore, `isContract` will also return true if the target contract within
* the same transaction is already scheduled for destruction by `SELFDESTRUCT`,
* which only has an effect at the end of a transaction.
* ====
*
* [IMPORTANT]
* ====
* You shouldn't rely on `isContract` to protect against flash loan attacks!
*
* Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
* like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
* constructor.
* ====
*/
function isContract(address account) internal view returns (bool) {
// This method relies on extcodesize/address.code.length, which returns 0
// for contracts in construction, since the code is only stored at the end
// of the constructor execution.
return account.code.length > 0;
}
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
require(address(this).balance >= amount, "Address: insufficient balance");
(bool success, ) = recipient.call{value: amount}("");
require(success, "Address: unable to send value, recipient may have reverted");
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason, it is bubbled up by this
* function (like regular Solidity function calls).
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*
* _Available since v3.1._
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, "Address: low-level call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
* `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*
* _Available since v3.1._
*/
function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
}
/**
* @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
* with `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value,
string memory errorMessage
) internal returns (bytes memory) {
require(address(this).balance >= value, "Address: insufficient balance for call");
(bool success, bytes memory returndata) = target.call{value: value}(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
return functionStaticCall(target, data, "Address: low-level static call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(
address target,
bytes memory data,
string memory errorMessage
) internal view returns (bytes memory) {
(bool success, bytes memory returndata) = target.staticcall(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
return functionDelegateCall(target, data, "Address: low-level delegate call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
(bool success, bytes memory returndata) = target.delegatecall(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling
* the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.
*
* _Available since v4.8._
*/
function verifyCallResultFromTarget(
address target,
bool success,
bytes memory returndata,
string memory errorMessage
) internal view returns (bytes memory) {
if (success) {
if (returndata.length == 0) {
// only check isContract if the call was successful and the return data is empty
// otherwise we already know that it was a contract
require(isContract(target), "Address: call to non-contract");
}
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
/**
* @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the
* revert reason or using the provided one.
*
* _Available since v4.3._
*/
function verifyCallResult(
bool success,
bytes memory returndata,
string memory errorMessage
) internal pure returns (bytes memory) {
if (success) {
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
function _revert(bytes memory returndata, string memory errorMessage) private pure {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly
/// @solidity memory-safe-assembly
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert(errorMessage);
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.4) (utils/Context.sol)
pragma solidity ^0.8.0;
import {Initializable} from "../proxy/utils/Initializable.sol";
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract ContextUpgradeable is Initializable {
function __Context_init() internal onlyInitializing {
}
function __Context_init_unchained() internal onlyInitializing {
}
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
function _contextSuffixLength() internal view virtual returns (uint256) {
return 0;
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[50] private __gap;
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/Counters.sol)
pragma solidity ^0.8.0;
/**
* @title Counters
* @author Matt Condon (@shrugs)
* @dev Provides counters that can only be incremented, decremented or reset. This can be used e.g. to track the number
* of elements in a mapping, issuing ERC721 ids, or counting request ids.
*
* Include with `using Counters for Counters.Counter;`
*/
library CountersUpgradeable {
struct Counter {
// This variable should never be directly accessed by users of the library: interactions must be restricted to
// the library's function. As of Solidity v0.5.2, this cannot be enforced, though there is a proposal to add
// this feature: see https://github.com/ethereum/solidity/issues/4637
uint256 _value; // default: 0
}
function current(Counter storage counter) internal view returns (uint256) {
return counter._value;
}
function increment(Counter storage counter) internal {
unchecked {
counter._value += 1;
}
}
function decrement(Counter storage counter) internal {
uint256 value = counter._value;
require(value > 0, "Counter: decrement overflow");
unchecked {
counter._value = value - 1;
}
}
function reset(Counter storage counter) internal {
counter._value = 0;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (utils/cryptography/draft-EIP712.sol)
pragma solidity ^0.8.0;
// EIP-712 is Final as of 2022-08-11. This file is deprecated.
import "./EIP712Upgradeable.sol";
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/ECDSA.sol)
pragma solidity ^0.8.0;
import "../StringsUpgradeable.sol";
/**
* @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.
*
* These functions can be used to verify that a message was signed by the holder
* of the private keys of a given address.
*/
library ECDSAUpgradeable {
enum RecoverError {
NoError,
InvalidSignature,
InvalidSignatureLength,
InvalidSignatureS,
InvalidSignatureV // Deprecated in v4.8
}
function _throwError(RecoverError error) private pure {
if (error == RecoverError.NoError) {
return; // no error: do nothing
} else if (error == RecoverError.InvalidSignature) {
revert("ECDSA: invalid signature");
} else if (error == RecoverError.InvalidSignatureLength) {
revert("ECDSA: invalid signature length");
} else if (error == RecoverError.InvalidSignatureS) {
revert("ECDSA: invalid signature 's' value");
}
}
/**
* @dev Returns the address that signed a hashed message (`hash`) with
* `signature` or error string. This address can then be used for verification purposes.
*
* The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:
* this function rejects them by requiring the `s` value to be in the lower
* half order, and the `v` value to be either 27 or 28.
*
* IMPORTANT: `hash` _must_ be the result of a hash operation for the
* verification to be secure: it is possible to craft signatures that
* recover to arbitrary addresses for non-hashed data. A safe way to ensure
* this is by receiving a hash of the original message (which may otherwise
* be too long), and then calling {toEthSignedMessageHash} on it.
*
* Documentation for signature generation:
* - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]
* - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]
*
* _Available since v4.3._
*/
function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError) {
if (signature.length == 65) {
bytes32 r;
bytes32 s;
uint8 v;
// ecrecover takes the signature parameters, and the only way to get them
// currently is to use assembly.
/// @solidity memory-safe-assembly
assembly {
r := mload(add(signature, 0x20))
s := mload(add(signature, 0x40))
v := byte(0, mload(add(signature, 0x60)))
}
return tryRecover(hash, v, r, s);
} else {
return (address(0), RecoverError.InvalidSignatureLength);
}
}
/**
* @dev Returns the address that signed a hashed message (`hash`) with
* `signature`. This address can then be used for verification purposes.
*
* The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:
* this function rejects them by requiring the `s` value to be in the lower
* half order, and the `v` value to be either 27 or 28.
*
* IMPORTANT: `hash` _must_ be the result of a hash operation for the
* verification to be secure: it is possible to craft signatures that
* recover to arbitrary addresses for non-hashed data. A safe way to ensure
* this is by receiving a hash of the original message (which may otherwise
* be too long), and then calling {toEthSignedMessageHash} on it.
*/
function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {
(address recovered, RecoverError error) = tryRecover(hash, signature);
_throwError(error);
return recovered;
}
/**
* @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.
*
* See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures]
*
* _Available since v4.3._
*/
function tryRecover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address, RecoverError) {
bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);
uint8 v = uint8((uint256(vs) >> 255) + 27);
return tryRecover(hash, v, r, s);
}
/**
* @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.
*
* _Available since v4.2._
*/
function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {
(address recovered, RecoverError error) = tryRecover(hash, r, vs);
_throwError(error);
return recovered;
}
/**
* @dev Overload of {ECDSA-tryRecover} that receives the `v`,
* `r` and `s` signature fields separately.
*
* _Available since v4.3._
*/
function tryRecover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address, RecoverError) {
// EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature
// unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
// the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most
// signatures from current libraries generate a unique signature with an s-value in the lower half order.
//
// If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value
// with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or
// vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept
// these malleable signatures as well.
if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
return (address(0), RecoverError.InvalidSignatureS);
}
// If the signature is valid (and not malleable), return the signer address
address signer = ecrecover(hash, v, r, s);
if (signer == address(0)) {
return (address(0), RecoverError.InvalidSignature);
}
return (signer, RecoverError.NoError);
}
/**
* @dev Overload of {ECDSA-recover} that receives the `v`,
* `r` and `s` signature fields separately.
*/
function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {
(address recovered, RecoverError error) = tryRecover(hash, v, r, s);
_throwError(error);
return recovered;
}
/**
* @dev Returns an Ethereum Signed Message, created from a `hash`. This
* produces hash corresponding to the one signed with the
* https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]
* JSON-RPC method as part of EIP-191.
*
* See {recover}.
*/
function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32 message) {
// 32 is the length in bytes of hash,
// enforced by the type signature above
/// @solidity memory-safe-assembly
assembly {
mstore(0x00, "\\x19Ethereum Signed Message:\
32")
mstore(0x1c, hash)
message := keccak256(0x00, 0x3c)
}
}
/**
* @dev Returns an Ethereum Signed Message, created from `s`. This
* produces hash corresponding to the one signed with the
* https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]
* JSON-RPC method as part of EIP-191.
*
* See {recover}.
*/
function toEthSignedMessageHash(bytes memory s) internal pure returns (bytes32) {
return keccak256(abi.encodePacked("\\x19Ethereum Signed Message:\
", StringsUpgradeable.toString(s.length), s));
}
/**
* @dev Returns an Ethereum Signed Typed Data, created from a
* `domainSeparator` and a `structHash`. This produces hash corresponding
* to the one signed with the
* https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`]
* JSON-RPC method as part of EIP-712.
*
* See {recover}.
*/
function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 data) {
/// @solidity memory-safe-assembly
assembly {
let ptr := mload(0x40)
mstore(ptr, "\\x19\\x01")
mstore(add(ptr, 0x02), domainSeparator)
mstore(add(ptr, 0x22), structHash)
data := keccak256(ptr, 0x42)
}
}
/**
* @dev Returns an Ethereum Signed Data with intended validator, created from a
* `validator` and `data` according to the version 0 of EIP-191.
*
* See {recover}.
*/
function toDataWithIntendedValidatorHash(address validator, bytes memory data) internal pure returns (bytes32) {
return keccak256(abi.encodePacked("\\x19\\x00", validator, data));
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/EIP712.sol)
pragma solidity ^0.8.8;
import "./ECDSAUpgradeable.sol";
import "../../interfaces/IERC5267Upgradeable.sol";
import {Initializable} from "../../proxy/utils/Initializable.sol";
/**
* @dev https://eips.ethereum.org/EIPS/eip-712[EIP 712] is a standard for hashing and signing of typed structured data.
*
* The encoding specified in the EIP is very generic, and such a generic implementation in Solidity is not feasible,
* thus this contract does not implement the encoding itself. Protocols need to implement the type-specific encoding
* they need in their contracts using a combination of `abi.encode` and `keccak256`.
*
* This contract implements the EIP 712 domain separator ({_domainSeparatorV4}) that is used as part of the encoding
* scheme, and the final step of the encoding to obtain the message digest that is then signed via ECDSA
* ({_hashTypedDataV4}).
*
* The implementation of the domain separator was designed to be as efficient as possible while still properly updating
* the chain id to protect against replay attacks on an eventual fork of the chain.
*
* NOTE: This contract implements the version of the encoding known as "v4", as implemented by the JSON RPC method
* https://docs.metamask.io/guide/signing-data.html[`eth_signTypedDataV4` in MetaMask].
*
* NOTE: In the upgradeable version of this contract, the cached values will correspond to the address, and the domain
* separator of the implementation contract. This will cause the `_domainSeparatorV4` function to always rebuild the
* separator from the immutable values, which is cheaper than accessing a cached version in cold storage.
*
* _Available since v3.4._
*
* @custom:storage-size 52
*/
abstract contract EIP712Upgradeable is Initializable, IERC5267Upgradeable {
bytes32 private constant _TYPE_HASH =
keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)");
/// @custom:oz-renamed-from _HASHED_NAME
bytes32 private _hashedName;
/// @custom:oz-renamed-from _HASHED_VERSION
bytes32 private _hashedVersion;
string private _name;
string private _version;
/**
* @dev Initializes the domain separator and parameter caches.
*
* The meaning of `name` and `version` is specified in
* https://eips.ethereum.org/EIPS/eip-712#definition-of-domainseparator[EIP 712]:
*
* - `name`: the user readable name of the signing domain, i.e. the name of the DApp or the protocol.
* - `version`: the current major version of the signing domain.
*
* NOTE: These parameters cannot be changed except through a xref:learn::upgrading-smart-contracts.adoc[smart
* contract upgrade].
*/
function __EIP712_init(string memory name, string memory version) internal onlyInitializing {
__EIP712_init_unchained(name, version);
}
function __EIP712_init_unchained(string memory name, string memory version) internal onlyInitializing {
_name = name;
_version = version;
// Reset prior values in storage if upgrading
_hashedName = 0;
_hashedVersion = 0;
}
/**
* @dev Returns the domain separator for the current chain.
*/
function _domainSeparatorV4() internal view returns (bytes32) {
return _buildDomainSeparator();
}
function _buildDomainSeparator() private view returns (bytes32) {
return keccak256(abi.encode(_TYPE_HASH, _EIP712NameHash(), _EIP712VersionHash(), block.chainid, address(this)));
}
/**
* @dev Given an already https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct[hashed struct], this
* function returns the hash of the fully encoded EIP712 message for this domain.
*
* This hash can be used together with {ECDSA-recover} to obtain the signer of a message. For example:
*
* ```solidity
* bytes32 digest = _hashTypedDataV4(keccak256(abi.encode(
* keccak256("Mail(address to,string contents)"),
* mailTo,
* keccak256(bytes(mailContents))
* )));
* address signer = ECDSA.recover(digest, signature);
* ```
*/
function _hashTypedDataV4(bytes32 structHash) internal view virtual returns (bytes32) {
return ECDSAUpgradeable.toTypedDataHash(_domainSeparatorV4(), structHash);
}
/**
* @dev See {EIP-5267}.
*
* _Available since v4.9._
*/
function eip712Domain()
public
view
virtual
override
returns (
bytes1 fields,
string memory name,
string memory version,
uint256 chainId,
address verifyingContract,
bytes32 salt,
uint256[] memory extensions
)
{
// If the hashed name and version in storage are non-zero, the contract hasn't been properly initialized
// and the EIP712 domain is not reliable, as it will be missing name and version.
require(_hashedName == 0 && _hashedVersion == 0, "EIP712: Uninitialized");
return (
hex"0f", // 01111
_EIP712Name(),
_EIP712Version(),
block.chainid,
address(this),
bytes32(0),
new uint256[](0)
);
}
/**
* @dev The name parameter for the EIP712 domain.
*
* NOTE: This function reads from storage by default, but can be redefined to return a constant value if gas costs
* are a concern.
*/
function _EIP712Name() internal virtual view returns (string memory) {
return _name;
}
/**
* @dev The version parameter for the EIP712 domain.
*
* NOTE: This function reads from storage by default, but can be redefined to return a constant value if gas costs
* are a concern.
*/
function _EIP712Version() internal virtual view returns (string memory) {
return _version;
}
/**
* @dev The hash of the name parameter for the EIP712 domain.
*
* NOTE: In previous versions this function was virtual. In this version you should override `_EIP712Name` instead.
*/
function _EIP712NameHash() internal view returns (bytes32) {
string memory name = _EIP712Name();
if (bytes(name).length > 0) {
return keccak256(bytes(name));
} else {
// If the name is empty, the contract may have been upgraded without initializing the new storage.
// We return the name hash in storage if non-zero, otherwise we assume the name is empty by design.
bytes32 hashedName = _hashedName;
if (hashedName != 0) {
return hashedName;
} else {
return keccak256("");
}
}
}
/**
* @dev The hash of the version parameter for the EIP712 domain.
*
* NOTE: In previous versions this function was virtual. In this version you should override `_EIP712Version` instead.
*/
function _EIP712VersionHash() internal view returns (bytes32) {
string memory version = _EIP712Version();
if (bytes(version).length > 0) {
return keccak256(bytes(version));
} else {
// If the version is empty, the contract may have been upgraded without initializing the new storage.
// We return the version hash in storage if non-zero, otherwise we assume the version is empty by design.
bytes32 hashedVersion = _hashedVersion;
if (hashedVersion != 0) {
return hashedVersion;
} else {
return keccak256("");
}
}
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[48] private __gap;
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/SignatureChecker.sol)
pragma solidity ^0.8.0;
import "./ECDSAUpgradeable.sol";
import "../../interfaces/IERC1271Upgradeable.sol";
/**
* @dev Signature verification helper that can be used instead of `ECDSA.recover` to seamlessly support both ECDSA
* signatures from externally owned accounts (EOAs) as well as ERC1271 signatures from smart contract wallets like
* Argent and Gnosis Safe.
*
* _Available since v4.1._
*/
library SignatureCheckerUpgradeable {
/**
* @dev Checks if a signature is valid for a given signer and data hash. If the signer is a smart contract, the
* signature is validated against that smart contract using ERC1271, otherwise it's validated using `ECDSA.recover`.
*
* NOTE: Unlike ECDSA signatures, contract signatures are revocable, and the outcome of this function can thus
* change through time. It could return true at block N and false at block N+1 (or the opposite).
*/
function isValidSignatureNow(address signer, bytes32 hash, bytes memory signature) internal view returns (bool) {
(address recovered, ECDSAUpgradeable.RecoverError error) = ECDSAUpgradeable.tryRecover(hash, signature);
return
(error == ECDSAUpgradeable.RecoverError.NoError && recovered == signer) ||
isValidERC1271SignatureNow(signer, hash, signature);
}
/**
* @dev Checks if a signature is valid for a given signer and data hash. The signature is validated
* against the signer smart contract using ERC1271.
*
* NOTE: Unlike ECDSA signatures, contract signatures are revocable, and the outcome of this function can thus
* change through time. It could return true at block N and false at block N+1 (or the opposite).
*/
function isValidERC1271SignatureNow(
address signer,
bytes32 hash,
bytes memory signature
) internal view returns (bool) {
(bool success, bytes memory result) = signer.staticcall(
abi.encodeWithSelector(IERC1271Upgradeable.isValidSignature.selector, hash, signature)
);
return (success &&
result.length >= 32 &&
abi.decode(result, (bytes32)) == bytes32(IERC1271Upgradeable.isValidSignature.selector));
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/math/Math.sol)
pragma solidity ^0.8.0;
/**
* @dev Standard math utilities missing in the Solidity language.
*/
library MathUpgradeable {
enum Rounding {
Down, // Toward negative infinity
Up, // Toward infinity
Zero // Toward zero
}
/**
* @dev Returns the largest of two numbers.
*/
function max(uint256 a, uint256 b) internal pure returns (uint256) {
return a > b ? a : b;
}
/**
* @dev Returns the smallest of two numbers.
*/
function min(uint256 a, uint256 b) internal pure returns (uint256) {
return a < b ? a : b;
}
/**
* @dev Returns the average of two numbers. The result is rounded towards
* zero.
*/
function average(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b) / 2 can overflow.
return (a & b) + (a ^ b) / 2;
}
/**
* @dev Returns the ceiling of the division of two numbers.
*
* This differs from standard division with `/` in that it rounds up instead
* of rounding down.
*/
function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b - 1) / b can overflow on addition, so we distribute.
return a == 0 ? 0 : (a - 1) / b + 1;
}
/**
* @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or denominator == 0
* @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv)
* with further edits by Uniswap Labs also under MIT license.
*/
function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {
unchecked {
// 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use
// use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256
// variables such that product = prod1 * 2^256 + prod0.
uint256 prod0; // Least significant 256 bits of the product
uint256 prod1; // Most significant 256 bits of the product
assembly {
let mm := mulmod(x, y, not(0))
prod0 := mul(x, y)
prod1 := sub(sub(mm, prod0), lt(mm, prod0))
}
// Handle non-overflow cases, 256 by 256 division.
if (prod1 == 0) {
// Solidity will revert if denominator == 0, unlike the div opcode on its own.
// The surrounding unchecked block does not change this fact.
// See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.
return prod0 / denominator;
}
// Make sure the result is less than 2^256. Also prevents denominator == 0.
require(denominator > prod1, "Math: mulDiv overflow");
///////////////////////////////////////////////
// 512 by 256 division.
///////////////////////////////////////////////
// Make division exact by subtracting the remainder from [prod1 prod0].
uint256 remainder;
assembly {
// Compute remainder using mulmod.
remainder := mulmod(x, y, denominator)
// Subtract 256 bit number from 512 bit number.
prod1 := sub(prod1, gt(remainder, prod0))
prod0 := sub(prod0, remainder)
}
// Factor powers of two out of denominator and compute largest power of two divisor of denominator. Always >= 1.
// See https://cs.stackexchange.com/q/138556/92363.
// Does not overflow because the denominator cannot be zero at this stage in the function.
uint256 twos = denominator & (~denominator + 1);
assembly {
// Divide denominator by twos.
denominator := div(denominator, twos)
// Divide [prod1 prod0] by twos.
prod0 := div(prod0, twos)
// Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.
twos := add(div(sub(0, twos), twos), 1)
}
// Shift in bits from prod1 into prod0.
prod0 |= prod1 * twos;
// Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such
// that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for
// four bits. That is, denominator * inv = 1 mod 2^4.
uint256 inverse = (3 * denominator) ^ 2;
// Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also works
// in modular arithmetic, doubling the correct bits in each step.
inverse *= 2 - denominator * inverse; // inverse mod 2^8
inverse *= 2 - denominator * inverse; // inverse mod 2^16
inverse *= 2 - denominator * inverse; // inverse mod 2^32
inverse *= 2 - denominator * inverse; // inverse mod 2^64
inverse *= 2 - denominator * inverse; // inverse mod 2^128
inverse *= 2 - denominator * inverse; // inverse mod 2^256
// Because the division is now exact we can divide by multiplying with the modular inverse of denominator.
// This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is
// less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1
// is no longer required.
result = prod0 * inverse;
return result;
}
}
/**
* @notice Calculates x * y / denominator with full precision, following the selected rounding direction.
*/
function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {
uint256 result = mulDiv(x, y, denominator);
if (rounding == Rounding.Up && mulmod(x, y, denominator) > 0) {
result += 1;
}
return result;
}
/**
* @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded down.
*
* Inspired by Henry S. Warren, Jr.'s "Hacker's Delight" (Chapter 11).
*/
function sqrt(uint256 a) internal pure returns (uint256) {
if (a == 0) {
return 0;
}
// For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.
//
// We know that the "msb" (most significant bit) of our target number `a` is a power of 2 such that we have
// `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.
//
// This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`
// → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`
// → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`
//
// Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.
uint256 result = 1 << (log2(a) >> 1);
// At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,
// since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at
// every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision
// into the expected uint128 result.
unchecked {
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
return min(result, a / result);
}
}
/**
* @notice Calculates sqrt(a), following the selected rounding direction.
*/
function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = sqrt(a);
return result + (rounding == Rounding.Up && result * result < a ? 1 : 0);
}
}
/**
* @dev Return the log in base 2, rounded down, of a positive value.
* Returns 0 if given 0.
*/
function log2(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >> 128 > 0) {
value >>= 128;
result += 128;
}
if (value >> 64 > 0) {
value >>= 64;
result += 64;
}
if (value >> 32 > 0) {
value >>= 32;
result += 32;
}
if (value >> 16 > 0) {
value >>= 16;
result += 16;
}
if (value >> 8 > 0) {
value >>= 8;
result += 8;
}
if (value >> 4 > 0) {
value >>= 4;
result += 4;
}
if (value >> 2 > 0) {
value >>= 2;
result += 2;
}
if (value >> 1 > 0) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 2, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log2(value);
return result + (rounding == Rounding.Up && 1 << result < value ? 1 : 0);
}
}
/**
* @dev Return the log in base 10, rounded down, of a positive value.
* Returns 0 if given 0.
*/
function log10(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >= 10 ** 64) {
value /= 10 ** 64;
result += 64;
}
if (value >= 10 ** 32) {
value /= 10 ** 32;
result += 32;
}
if (value >= 10 ** 16) {
value /= 10 ** 16;
result += 16;
}
if (value >= 10 ** 8) {
value /= 10 ** 8;
result += 8;
}
if (value >= 10 ** 4) {
value /= 10 ** 4;
result += 4;
}
if (value >= 10 ** 2) {
value /= 10 ** 2;
result += 2;
}
if (value >= 10 ** 1) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 10, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log10(value);
return result + (rounding == Rounding.Up && 10 ** result < value ? 1 : 0);
}
}
/**
* @dev Return the log in base 256, rounded down, of a positive value.
* Returns 0 if given 0.
*
* Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.
*/
function log256(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >> 128 > 0) {
value >>= 128;
result += 16;
}
if (value >> 64 > 0) {
value >>= 64;
result += 8;
}
if (value >> 32 > 0) {
value >>= 32;
result += 4;
}
if (value >> 16 > 0) {
value >>= 16;
result += 2;
}
if (value >> 8 > 0) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 256, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log256(value);
return result + (rounding == Rounding.Up && 1 << (result << 3) < value ? 1 : 0);
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (utils/math/SignedMath.sol)
pragma solidity ^0.8.0;
/**
* @dev Standard signed math utilities missing in the Solidity language.
*/
library SignedMathUpgradeable {
/**
* @dev Returns the largest of two signed numbers.
*/
function max(int256 a, int256 b) internal pure returns (int256) {
return a > b ? a : b;
}
/**
* @dev Returns the smallest of two signed numbers.
*/
function min(int256 a, int256 b) internal pure returns (int256) {
return a < b ? a : b;
}
/**
* @dev Returns the average of two signed numbers without overflow.
* The result is rounded towards zero.
*/
function average(int256 a, int256 b) internal pure returns (int256) {
// Formula from the book "Hacker's Delight"
int256 x = (a & b) + ((a ^ b) >> 1);
return x + (int256(uint256(x) >> 255) & (a ^ b));
}
/**
* @dev Returns the absolute unsigned value of a signed value.
*/
function abs(int256 n) internal pure returns (uint256) {
unchecked {
// must be unchecked in order to support `n = type(int256).min`
return uint256(n >= 0 ? n : -n);
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/StorageSlot.sol)
// This file was procedurally generated from scripts/generate/templates/StorageSlot.js.
pragma solidity ^0.8.0;
/**
* @dev Library for reading and writing primitive types to specific storage slots.
*
* Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.
* This library helps with reading and writing to such slots without the need for inline assembly.
*
* The functions in this library return Slot structs that contain a `value` member that can be used to read or write.
*
* Example usage to set ERC1967 implementation slot:
* ```solidity
* contract ERC1967 {
* bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
*
* function _getImplementation() internal view returns (address) {
* return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
* }
*
* function _setImplementation(address newImplementation) internal {
* require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract");
* StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
* }
* }
* ```
*
* _Available since v4.1 for `address`, `bool`, `bytes32`, `uint256`._
* _Available since v4.9 for `string`, `bytes`._
*/
library StorageSlotUpgradeable {
struct AddressSlot {
address value;
}
struct BooleanSlot {
bool value;
}
struct Bytes32Slot {
bytes32 value;
}
struct Uint256Slot {
uint256 value;
}
struct StringSlot {
string value;
}
struct BytesSlot {
bytes value;
}
/**
* @dev Returns an `AddressSlot` with member `value` located at `slot`.
*/
function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `BooleanSlot` with member `value` located at `slot`.
*/
function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Bytes32Slot` with member `value` located at `slot`.
*/
function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Uint256Slot` with member `value` located at `slot`.
*/
function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `StringSlot` with member `value` located at `slot`.
*/
function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `StringSlot` representation of the string storage pointer `store`.
*/
function getStringSlot(string storage store) internal pure returns (StringSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := store.slot
}
}
/**
* @dev Returns an `BytesSlot` with member `value` located at `slot`.
*/
function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`.
*/
function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := store.slot
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/Strings.sol)
pragma solidity ^0.8.0;
import "./math/MathUpgradeable.sol";
import "./math/SignedMathUpgradeable.sol";
/**
* @dev String operations.
*/
library StringsUpgradeable {
bytes16 private constant _SYMBOLS = "0123456789abcdef";
uint8 private constant _ADDRESS_LENGTH = 20;
/**
* @dev Converts a `uint256` to its ASCII `string` decimal representation.
*/
function toString(uint256 value) internal pure returns (string memory) {
unchecked {
uint256 length = MathUpgradeable.log10(value) + 1;
string memory buffer = new string(length);
uint256 ptr;
/// @solidity memory-safe-assembly
assembly {
ptr := add(buffer, add(32, length))
}
while (true) {
ptr--;
/// @solidity memory-safe-assembly
assembly {
mstore8(ptr, byte(mod(value, 10), _SYMBOLS))
}
value /= 10;
if (value == 0) break;
}
return buffer;
}
}
/**
* @dev Converts a `int256` to its ASCII `string` decimal representation.
*/
function toString(int256 value) internal pure returns (string memory) {
return string(abi.encodePacked(value < 0 ? "-" : "", toString(SignedMathUpgradeable.abs(value))));
}
/**
* @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.
*/
function toHexString(uint256 value) internal pure returns (string memory) {
unchecked {
return toHexString(value, MathUpgradeable.log256(value) + 1);
}
}
/**
* @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.
*/
function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {
bytes memory buffer = new bytes(2 * length + 2);
buffer[0] = "0";
buffer[1] = "x";
for (uint256 i = 2 * length + 1; i > 1; --i) {
buffer[i] = _SYMBOLS[value & 0xf];
value >>= 4;
}
require(value == 0, "Strings: hex length insufficient");
return string(buffer);
}
/**
* @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation.
*/
function toHexString(address addr) internal pure returns (string memory) {
return toHexString(uint256(uint160(addr)), _ADDRESS_LENGTH);
}
/**
* @dev Returns true if the two strings are equal.
*/
function equal(string memory a, string memory b) internal pure returns (bool) {
return keccak256(bytes(a)) == keccak256(bytes(b));
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (token/ERC20/extensions/IERC20Metadata.sol)
pragma solidity ^0.8.0;
import "../IERC20.sol";
/**
* @dev Interface for the optional metadata functions from the ERC20 standard.
*
* _Available since v4.1._
*/
interface IERC20Metadata is IERC20 {
/**
* @dev Returns the name of the token.
*/
function name() external view returns (string memory);
/**
* @dev Returns the symbol of the token.
*/
function symbol() external view returns (string memory);
/**
* @dev Returns the decimals places of the token.
*/
function decimals() external view returns (uint8);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/IERC20.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/
interface IERC20 {
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
/**
* @dev Returns the amount of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the amount of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves `amount` tokens from the caller's account to `to`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address to, uint256 amount) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 amount) external returns (bool);
/**
* @dev Moves `amount` tokens from `from` to `to` using the
* allowance mechanism. `amount` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(address from, address to, uint256 amount) external returns (bool);
}
// SPDX-License-Identifier: BlueOak-1.0.0
pragma solidity 0.8.19;
import "@chainlink/contracts/src/v0.8/interfaces/AggregatorV3Interface.sol";
import "@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol";
import "../libraries/Fixed.sol";
import "./IMain.sol";
import "./IRewardable.sol";
// Not used directly in the IAsset interface, but used by many consumers to save stack space
struct Price {
uint192 low; // {UoA/tok}
uint192 high; // {UoA/tok}
}
/**
* @title IAsset
* @notice Supertype. Any token that interacts with our system must be wrapped in an asset,
* whether it is used as RToken backing or not. Any token that can report a price in the UoA
* is eligible to be an asset.
*/
interface IAsset is IRewardable {
/// Refresh saved price
/// The Reserve protocol calls this at least once per transaction, before relying on
/// the Asset's other functions.
/// @dev Called immediately after deployment, before use
function refresh() external;
/// Should not revert
/// low should be nonzero if the asset could be worth selling
/// @return low {UoA/tok} The lower end of the price estimate
/// @return high {UoA/tok} The upper end of the price estimate
function price() external view returns (uint192 low, uint192 high);
/// Should not revert
/// lotLow should be nonzero when the asset might be worth selling
/// @dev Deprecated. Phased out in 3.1.0, but left on interface for backwards compatibility
/// @return lotLow {UoA/tok} The lower end of the lot price estimate
/// @return lotHigh {UoA/tok} The upper end of the lot price estimate
function lotPrice() external view returns (uint192 lotLow, uint192 lotHigh);
/// @return {tok} The balance of the ERC20 in whole tokens
function bal(address account) external view returns (uint192);
/// @return The ERC20 contract of the token with decimals() available
function erc20() external view returns (IERC20Metadata);
/// @return The number of decimals in the ERC20; just for gas optimization
function erc20Decimals() external view returns (uint8);
/// @return If the asset is an instance of ICollateral or not
function isCollateral() external view returns (bool);
/// @return {UoA} The max trade volume, in UoA
function maxTradeVolume() external view returns (uint192);
/// @return {s} The timestamp of the last refresh() that saved prices
function lastSave() external view returns (uint48);
}
// Used only in Testing. Strictly speaking an Asset does not need to adhere to this interface
interface TestIAsset is IAsset {
/// @return The address of the chainlink feed
function chainlinkFeed() external view returns (AggregatorV3Interface);
/// {1} The max % deviation allowed by the oracle
function oracleError() external view returns (uint192);
/// @return {s} Seconds that an oracle value is considered valid
function oracleTimeout() external view returns (uint48);
/// @return {s} The maximum of all oracle timeouts on the plugin
function maxOracleTimeout() external view returns (uint48);
/// @return {s} Seconds that the price() should decay over, after stale price
function priceTimeout() external view returns (uint48);
/// @return {UoA/tok} The last saved low price
function savedLowPrice() external view returns (uint192);
/// @return {UoA/tok} The last saved high price
function savedHighPrice() external view returns (uint192);
}
/// CollateralStatus must obey a linear ordering. That is:
/// - being DISABLED is worse than being IFFY, or SOUND
/// - being IFFY is worse than being SOUND.
enum CollateralStatus {
SOUND,
IFFY, // When a peg is not holding or a chainlink feed is stale
DISABLED // When the collateral has completely defaulted
}
/// Upgrade-safe maximum operator for CollateralStatus
library CollateralStatusComparator {
/// @return Whether a is worse than b
function worseThan(CollateralStatus a, CollateralStatus b) internal pure returns (bool) {
return uint256(a) > uint256(b);
}
}
/**
* @title ICollateral
* @notice A subtype of Asset that consists of the tokens eligible to back the RToken.
*/
interface ICollateral is IAsset {
/// Emitted whenever the collateral status is changed
/// @param newStatus The old CollateralStatus
/// @param newStatus The updated CollateralStatus
event CollateralStatusChanged(
CollateralStatus indexed oldStatus,
CollateralStatus indexed newStatus
);
/// @dev refresh()
/// Refresh exchange rates and update default status.
/// VERY IMPORTANT: In any valid implemntation, status() MUST become DISABLED in refresh() if
/// refPerTok() has ever decreased since last call.
/// @return The canonical name of this collateral's target unit.
function targetName() external view returns (bytes32);
/// @return The status of this collateral asset. (Is it defaulting? Might it soon?)
function status() external view returns (CollateralStatus);
// ==== Exchange Rates ====
/// @return {ref/tok} Quantity of whole reference units per whole collateral tokens
function refPerTok() external view returns (uint192);
/// @return {target/ref} Quantity of whole target units per whole reference unit in the peg
function targetPerRef() external view returns (uint192);
}
// Used only in Testing. Strictly speaking a Collateral does not need to adhere to this interface
interface TestICollateral is TestIAsset, ICollateral {
/// @return The epoch timestamp when the collateral will default from IFFY to DISABLED
function whenDefault() external view returns (uint256);
/// @return The amount of time a collateral must be in IFFY status until being DISABLED
function delayUntilDefault() external view returns (uint48);
/// @return The underlying refPerTok, likely not included in all collaterals however.
function underlyingRefPerTok() external view returns (uint192);
}
// SPDX-License-Identifier: BlueOak-1.0.0
pragma solidity 0.8.19;
import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import "./IAsset.sol";
import "./IComponent.sol";
/// A serialization of the AssetRegistry to be passed around in the P1 impl for gas optimization
struct Registry {
IERC20[] erc20s;
IAsset[] assets;
}
/**
* @title IAssetRegistry
* @notice The AssetRegistry is in charge of maintaining the ERC20 tokens eligible
* to be handled by the rest of the system. If an asset is in the registry, this means:
* 1. Its ERC20 contract has been vetted
* 2. The asset is the only asset for that ERC20
* 3. The asset can be priced in the UoA, usually via an oracle
*/
interface IAssetRegistry is IComponent {
/// Emitted when an asset is added to the registry
/// @param erc20 The ERC20 contract for the asset
/// @param asset The asset contract added to the registry
event AssetRegistered(IERC20 indexed erc20, IAsset indexed asset);
/// Emitted when an asset is removed from the registry
/// @param erc20 The ERC20 contract for the asset
/// @param asset The asset contract removed from the registry
event AssetUnregistered(IERC20 indexed erc20, IAsset indexed asset);
// Initialization
function init(IMain main_, IAsset[] memory assets_) external;
/// Fully refresh all asset state
/// @custom:refresher
function refresh() external;
/// Register `asset`
/// If either the erc20 address or the asset was already registered, fail
/// @return true if the erc20 address was not already registered.
/// @custom:governance
function register(IAsset asset) external returns (bool);
/// Register `asset` if and only if its erc20 address is already registered.
/// If the erc20 address was not registered, revert.
/// @return swapped If the asset was swapped for a previously-registered asset
/// @custom:governance
function swapRegistered(IAsset asset) external returns (bool swapped);
/// Unregister an asset, requiring that it is already registered
/// @custom:governance
function unregister(IAsset asset) external;
/// @return {s} The timestamp of the last refresh
function lastRefresh() external view returns (uint48);
/// @return The corresponding asset for ERC20, or reverts if not registered
function toAsset(IERC20 erc20) external view returns (IAsset);
/// @return The corresponding collateral, or reverts if unregistered or not collateral
function toColl(IERC20 erc20) external view returns (ICollateral);
/// @return If the ERC20 is registered
function isRegistered(IERC20 erc20) external view returns (bool);
/// @return A list of all registered ERC20s
function erc20s() external view returns (IERC20[] memory);
/// @return reg The list of registered ERC20s and Assets, in the same order
function getRegistry() external view returns (Registry memory reg);
/// @return The number of registered ERC20s
function size() external view returns (uint256);
}
// SPDX-License-Identifier: BlueOak-1.0.0
pragma solidity 0.8.19;
import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import "./IAssetRegistry.sol";
import "./IBasketHandler.sol";
import "./IComponent.sol";
import "./IRToken.sol";
import "./IStRSR.sol";
import "./ITrading.sol";
/// Memory struct for RecollateralizationLibP1 + RTokenAsset
/// Struct purposes:
/// 1. Configure trading
/// 2. Stay under stack limit with fewer vars
/// 3. Cache information such as component addresses and basket quantities, to save on gas
struct TradingContext {
BasketRange basketsHeld; // {BU}
// basketsHeld.top is the number of partial baskets units held
// basketsHeld.bottom is the number of full basket units held
// Components
IBasketHandler bh;
IAssetRegistry ar;
IStRSR stRSR;
IERC20 rsr;
IRToken rToken;
// Gov Vars
uint192 minTradeVolume; // {UoA}
uint192 maxTradeSlippage; // {1}
// Cached values
uint192[] quantities; // {tok/BU} basket quantities
uint192[] bals; // {tok} balances in BackingManager + out on trades
}
/**
* @title IBackingManager
* @notice The BackingManager handles changes in the ERC20 balances that back an RToken.
* - It computes which trades to perform, if any, and initiates these trades with the Broker.
* - rebalance()
* - If already collateralized, excess assets are transferred to RevenueTraders.
* - forwardRevenue(IERC20[] calldata erc20s)
*/
interface IBackingManager is IComponent, ITrading {
/// Emitted when the trading delay is changed
/// @param oldVal The old trading delay
/// @param newVal The new trading delay
event TradingDelaySet(uint48 oldVal, uint48 newVal);
/// Emitted when the backing buffer is changed
/// @param oldVal The old backing buffer
/// @param newVal The new backing buffer
event BackingBufferSet(uint192 oldVal, uint192 newVal);
// Initialization
function init(
IMain main_,
uint48 tradingDelay_,
uint192 backingBuffer_,
uint192 maxTradeSlippage_,
uint192 minTradeVolume_
) external;
// Give RToken max allowance over a registered token
/// @custom:refresher
/// @custom:interaction
function grantRTokenAllowance(IERC20) external;
/// Apply the overall backing policy using the specified TradeKind, taking a haircut if unable
/// @param kind TradeKind.DUTCH_AUCTION or TradeKind.BATCH_AUCTION
/// @custom:interaction RCEI
function rebalance(TradeKind kind) external;
/// Forward revenue to RevenueTraders; reverts if not fully collateralized
/// @param erc20s The tokens to forward
/// @custom:interaction RCEI
function forwardRevenue(IERC20[] calldata erc20s) external;
/// Structs for trading
/// @param basketsHeld The number of baskets held by the BackingManager
/// @return ctx The TradingContext
/// @return reg Contents of AssetRegistry.getRegistry()
function tradingContext(BasketRange memory basketsHeld)
external
view
returns (TradingContext memory ctx, Registry memory reg);
}
interface TestIBackingManager is IBackingManager, TestITrading {
function tradingDelay() external view returns (uint48);
function backingBuffer() external view returns (uint192);
function setTradingDelay(uint48 val) external;
function setBackingBuffer(uint192 val) external;
}
// SPDX-License-Identifier: BlueOak-1.0.0
pragma solidity 0.8.19;
import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import "../libraries/Fixed.sol";
import "./IAsset.sol";
import "./IComponent.sol";
struct BasketRange {
uint192 bottom; // {BU}
uint192 top; // {BU}
}
/**
* @title IBasketHandler
* @notice The BasketHandler aims to maintain a reference basket of constant target unit amounts.
* When a collateral token defaults, a new reference basket of equal target units is set.
* When _all_ collateral tokens default for a target unit, only then is the basket allowed to fall
* in terms of target unit amounts. The basket is considered defaulted in this case.
*/
interface IBasketHandler is IComponent {
/// Emitted when the prime basket is set
/// @param erc20s The collateral tokens for the prime basket
/// @param targetAmts {target/BU} A list of quantities of target unit per basket unit
/// @param targetNames Each collateral token's targetName
event PrimeBasketSet(IERC20[] erc20s, uint192[] targetAmts, bytes32[] targetNames);
/// Emitted when the reference basket is set
/// @param nonce {basketNonce} The basket nonce
/// @param erc20s The list of collateral tokens in the reference basket
/// @param refAmts {ref/BU} The reference amounts of the basket collateral tokens
/// @param disabled True when the list of erc20s + refAmts may not be correct
event BasketSet(uint256 indexed nonce, IERC20[] erc20s, uint192[] refAmts, bool disabled);
/// Emitted when a backup config is set for a target unit
/// @param targetName The name of the target unit as a bytes32
/// @param max The max number to use from `erc20s`
/// @param erc20s The set of backup collateral tokens
event BackupConfigSet(bytes32 indexed targetName, uint256 max, IERC20[] erc20s);
/// Emitted when the warmup period is changed
/// @param oldVal The old warmup period
/// @param newVal The new warmup period
event WarmupPeriodSet(uint48 oldVal, uint48 newVal);
/// Emitted when the status of a basket has changed
/// @param oldStatus The previous basket status
/// @param newStatus The new basket status
event BasketStatusChanged(CollateralStatus oldStatus, CollateralStatus newStatus);
/// Emitted when the last basket nonce available for redemption is changed
/// @param oldVal The old value of lastCollateralized
/// @param newVal The new value of lastCollateralized
event LastCollateralizedChanged(uint48 oldVal, uint48 newVal);
// Initialization
function init(
IMain main_,
uint48 warmupPeriod_,
bool reweightable_
) external;
/// Set the prime basket
/// For an index RToken (reweightable = true), use forceSetPrimeBasket to skip normalization
/// @param erc20s The collateral tokens for the new prime basket
/// @param targetAmts The target amounts (in) {target/BU} for the new prime basket
/// required range: 1e9 values; absolute range irrelevant.
/// @custom:governance
function setPrimeBasket(IERC20[] calldata erc20s, uint192[] calldata targetAmts) external;
/// Set the prime basket without normalizing targetAmts by the UoA of the current basket
/// Works the same as setPrimeBasket for non-index RTokens (reweightable = false)
/// @param erc20s The collateral tokens for the new prime basket
/// @param targetAmts The target amounts (in) {target/BU} for the new prime basket
/// required range: 1e9 values; absolute range irrelevant.
/// @custom:governance
function forceSetPrimeBasket(IERC20[] calldata erc20s, uint192[] calldata targetAmts) external;
/// Set the backup configuration for a given target
/// @param targetName The name of the target as a bytes32
/// @param max The maximum number of collateral tokens to use from this target
/// Required range: 1-255
/// @param erc20s A list of ordered backup collateral tokens
/// @custom:governance
function setBackupConfig(
bytes32 targetName,
uint256 max,
IERC20[] calldata erc20s
) external;
/// Default the basket in order to schedule a basket refresh
/// @custom:protected
function disableBasket() external;
/// Governance-controlled setter to cause a basket switch explicitly
/// @custom:governance
/// @custom:interaction
function refreshBasket() external;
/// Track basket status and collateralization changes
/// @custom:refresher
function trackStatus() external;
/// @return If the BackingManager has sufficient collateral to redeem the entire RToken supply
function fullyCollateralized() external view returns (bool);
/// @return status The worst CollateralStatus of all collateral in the basket
function status() external view returns (CollateralStatus status);
/// @return If the basket is ready to issue and trade
function isReady() external view returns (bool);
/// @param erc20 The ERC20 token contract for the asset
/// @return {tok/BU} The whole token quantity of token in the reference basket
/// Returns 0 if erc20 is not registered or not in the basket
/// Returns FIX_MAX (in lieu of +infinity) if Collateral.refPerTok() is 0.
/// Otherwise, returns (token's basket.refAmts / token's Collateral.refPerTok())
function quantity(IERC20 erc20) external view returns (uint192);
/// Like quantity(), but unsafe because it DOES NOT CONFIRM THAT THE ASSET IS CORRECT
/// @param erc20 The ERC20 token contract for the asset
/// @param asset The registered asset plugin contract for the erc20
/// @return {tok/BU} The whole token quantity of token in the reference basket
/// Returns 0 if erc20 is not registered or not in the basket
/// Returns FIX_MAX (in lieu of +infinity) if Collateral.refPerTok() is 0.
/// Otherwise, returns (token's basket.refAmts / token's Collateral.refPerTok())
function quantityUnsafe(IERC20 erc20, IAsset asset) external view returns (uint192);
/// @param amount {BU}
/// @return erc20s The addresses of the ERC20 tokens in the reference basket
/// @return quantities {qTok} The quantity of each ERC20 token to issue `amount` baskets
function quote(uint192 amount, RoundingMode rounding)
external
view
returns (address[] memory erc20s, uint256[] memory quantities);
/// Return the redemption value of `amount` BUs for a linear combination of historical baskets
/// @param basketNonces An array of basket nonces to do redemption from
/// @param portions {1} An array of Fix quantities that must add up to FIX_ONE
/// @param amount {BU}
/// @return erc20s The backing collateral erc20s
/// @return quantities {qTok} ERC20 token quantities equal to `amount` BUs
function quoteCustomRedemption(
uint48[] memory basketNonces,
uint192[] memory portions,
uint192 amount
) external view returns (address[] memory erc20s, uint256[] memory quantities);
/// @return top {BU} The number of partial basket units: e.g max(coll.map((c) => c.balAsBUs())
/// bottom {BU} The number of whole basket units held by the account
function basketsHeldBy(address account) external view returns (BasketRange memory);
/// Should not revert
/// low should be nonzero when BUs are worth selling
/// @return low {UoA/BU} The lower end of the price estimate
/// @return high {UoA/BU} The upper end of the price estimate
function price() external view returns (uint192 low, uint192 high);
/// Should not revert
/// lotLow should be nonzero if a BU could be worth selling
/// @dev Deprecated. Phased out in 3.1.0, but left on interface for backwards compatibility
/// @return lotLow {UoA/tok} The lower end of the lot price estimate
/// @return lotHigh {UoA/tok} The upper end of the lot price estimate
function lotPrice() external view returns (uint192 lotLow, uint192 lotHigh);
/// @return timestamp The timestamp at which the basket was last set
function timestamp() external view returns (uint48);
/// @return The current basket nonce, regardless of status
function nonce() external view returns (uint48);
}
interface TestIBasketHandler is IBasketHandler {
function lastCollateralized() external view returns (uint48);
function warmupPeriod() external view returns (uint48);
function setWarmupPeriod(uint48 val) external;
}
// SPDX-License-Identifier: BlueOak-1.0.0
pragma solidity 0.8.19;
import "@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol";
import "./IAsset.sol";
import "./IComponent.sol";
import "./IGnosis.sol";
import "./ITrade.sol";
enum TradeKind {
DUTCH_AUCTION,
BATCH_AUCTION
}
/// Cache of all prices for a pair to prevent re-lookup
struct TradePrices {
uint192 sellLow; // {UoA/sellTok} can be 0
uint192 sellHigh; // {UoA/sellTok} should not be 0
uint192 buyLow; // {UoA/buyTok} should not be 0
uint192 buyHigh; // {UoA/buyTok} should not be 0 or FIX_MAX
}
/// The data format that describes a request for trade with the Broker
struct TradeRequest {
IAsset sell;
IAsset buy;
uint256 sellAmount; // {qSellTok}
uint256 minBuyAmount; // {qBuyTok}
}
/**
* @title IBroker
* @notice The Broker deploys oneshot Trade contracts for Traders and monitors
* the continued proper functioning of trading platforms.
*/
interface IBroker is IComponent {
event GnosisSet(IGnosis oldVal, IGnosis newVal);
event BatchTradeImplementationSet(ITrade oldVal, ITrade newVal);
event DutchTradeImplementationSet(ITrade oldVal, ITrade newVal);
event BatchAuctionLengthSet(uint48 oldVal, uint48 newVal);
event DutchAuctionLengthSet(uint48 oldVal, uint48 newVal);
event BatchTradeDisabledSet(bool prevVal, bool newVal);
event DutchTradeDisabledSet(IERC20Metadata indexed erc20, bool prevVal, bool newVal);
// Initialization
function init(
IMain main_,
IGnosis gnosis_,
ITrade batchTradeImplemention_,
uint48 batchAuctionLength_,
ITrade dutchTradeImplemention_,
uint48 dutchAuctionLength_
) external;
/// Request a trade from the broker
/// @dev Requires setting an allowance in advance
/// @custom:interaction
function openTrade(
TradeKind kind,
TradeRequest memory req,
TradePrices memory prices
) external returns (ITrade);
/// Only callable by one of the trading contracts the broker deploys
function reportViolation() external;
function batchTradeDisabled() external view returns (bool);
function dutchTradeDisabled(IERC20Metadata erc20) external view returns (bool);
}
interface TestIBroker is IBroker {
function gnosis() external view returns (IGnosis);
function batchTradeImplementation() external view returns (ITrade);
function dutchTradeImplementation() external view returns (ITrade);
function batchAuctionLength() external view returns (uint48);
function dutchAuctionLength() external view returns (uint48);
function setGnosis(IGnosis newGnosis) external;
function setBatchTradeImplementation(ITrade newTradeImplementation) external;
function setBatchAuctionLength(uint48 newAuctionLength) external;
function setDutchTradeImplementation(ITrade newTradeImplementation) external;
function setDutchAuctionLength(uint48 newAuctionLength) external;
function enableBatchTrade() external;
function enableDutchTrade(IERC20Metadata erc20) external;
// only present on pre-3.0.0 Brokers; used by EasyAuction regression test
function disabled() external view returns (bool);
}
// SPDX-License-Identifier: BlueOak-1.0.0
pragma solidity 0.8.19;
import "./IMain.sol";
import "./IVersioned.sol";
/**
* @title IComponent
* @notice A Component is the central building block of all our system contracts. Components
* contain important state that must be migrated during upgrades, and they delegate
* their ownership to Main's owner.
*/
interface IComponent is IVersioned {
function main() external view returns (IMain);
}
// SPDX-License-Identifier: BlueOak-1.0.0
pragma solidity 0.8.19;
import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import "./IComponent.sol";
uint256 constant MAX_DISTRIBUTION = 1e4; // 10,000
uint8 constant MAX_DESTINATIONS = 100; // maximum number of RevenueShare destinations
struct RevenueShare {
uint16 rTokenDist; // {revShare} A value between [0, 10,000]
uint16 rsrDist; // {revShare} A value between [0, 10,000]
}
/// Assumes no more than 100 independent distributions.
struct RevenueTotals {
uint24 rTokenTotal; // {revShare}
uint24 rsrTotal; // {revShare}
}
/**
* @title IDistributor
* @notice The Distributor Component maintains a revenue distribution table that dictates
* how to divide revenue across the Furnace, StRSR, and any other destinations.
*/
interface IDistributor is IComponent {
/// Emitted when a distribution is set
/// @param dest The address set to receive the distribution
/// @param rTokenDist The distribution of RToken that should go to `dest`
/// @param rsrDist The distribution of RSR that should go to `dest`
event DistributionSet(address indexed dest, uint16 rTokenDist, uint16 rsrDist);
/// Emitted when revenue is distributed
/// @param erc20 The token being distributed, either RSR or the RToken itself
/// @param source The address providing the revenue
/// @param amount The amount of the revenue
event RevenueDistributed(IERC20 indexed erc20, address indexed source, uint256 amount);
// Initialization
function init(IMain main_, RevenueShare memory dist) external;
/// @custom:governance
function setDistribution(address dest, RevenueShare memory share) external;
/// Distribute the `erc20` token across all revenue destinations
/// Only callable by RevenueTraders
/// @custom:protected
function distribute(IERC20 erc20, uint256 amount) external;
/// @return revTotals The total of all destinations
function totals() external view returns (RevenueTotals memory revTotals);
}
interface TestIDistributor is IDistributor {
// solhint-disable-next-line func-name-mixedcase
function FURNACE() external view returns (address);
// solhint-disable-next-line func-name-mixedcase
function ST_RSR() external view returns (address);
/// @return rTokenDist The RToken distribution for the address
/// @return rsrDist The RSR distribution for the address
function distribution(address) external view returns (uint16 rTokenDist, uint16 rsrDist);
}
// SPDX-License-Identifier: BlueOak-1.0.0
pragma solidity 0.8.19;
import "../libraries/Fixed.sol";
import "./IComponent.sol";
/**
* @title IFurnace
* @notice A helper contract to burn RTokens slowly and permisionlessly.
*/
interface IFurnace is IComponent {
// Initialization
function init(IMain main_, uint192 ratio_) external;
/// Emitted when the melting ratio is changed
/// @param oldRatio The old ratio
/// @param newRatio The new ratio
event RatioSet(uint192 oldRatio, uint192 newRatio);
function ratio() external view returns (uint192);
/// Needed value range: [0, 1], granularity 1e-9
/// @custom:governance
function setRatio(uint192) external;
/// Performs any RToken melting that has vested since the last payout.
/// @custom:refresher
function melt() external;
}
interface TestIFurnace is IFurnace {
function lastPayout() external view returns (uint256);
function lastPayoutBal() external view returns (uint256);
}
// SPDX-License-Identifier: BlueOak-1.0.0
pragma solidity 0.8.19;
import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
struct GnosisAuctionData {
IERC20 auctioningToken;
IERC20 biddingToken;
uint256 orderCancellationEndDate;
uint256 auctionEndDate;
bytes32 initialAuctionOrder;
uint256 minimumBiddingAmountPerOrder;
uint256 interimSumBidAmount;
bytes32 interimOrder;
bytes32 clearingPriceOrder;
uint96 volumeClearingPriceOrder;
bool minFundingThresholdNotReached;
bool isAtomicClosureAllowed;
uint256 feeNumerator;
uint256 minFundingThreshold;
}
/// The relevant portion of the interface of the live Gnosis EasyAuction contract
/// https://github.com/gnosis/ido-contracts/blob/main/contracts/EasyAuction.sol
interface IGnosis {
function initiateAuction(
IERC20 auctioningToken,
IERC20 biddingToken,
uint256 orderCancellationEndDate,
uint256 auctionEndDate,
uint96 auctionedSellAmount,
uint96 minBuyAmount,
uint256 minimumBiddingAmountPerOrder,
uint256 minFundingThreshold,
bool isAtomicClosureAllowed,
address accessManagerContract,
bytes memory accessManagerContractData
) external returns (uint256 auctionId);
function auctionData(uint256 auctionId) external view returns (GnosisAuctionData memory);
/// @param auctionId The external auction id
/// @dev See here for decoding: https://git.io/JMang
/// @return encodedOrder The order, encoded in a bytes 32
function settleAuction(uint256 auctionId) external returns (bytes32 encodedOrder);
/// @return The numerator over a 1000-valued denominator
function feeNumerator() external returns (uint256);
}
// SPDX-License-Identifier: BlueOak-1.0.0
pragma solidity 0.8.19;
import "@openzeppelin/contracts-upgradeable/access/IAccessControlUpgradeable.sol";
import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import "./IAssetRegistry.sol";
import "./IBasketHandler.sol";
import "./IBackingManager.sol";
import "./IBroker.sol";
import "./IDistributor.sol";
import "./IFurnace.sol";
import "./IGnosis.sol";
import "./IRToken.sol";
import "./IRevenueTrader.sol";
import "./IStRSR.sol";
import "./ITrading.sol";
import "./IVersioned.sol";
// === Auth roles ===
bytes32 constant OWNER = bytes32(bytes("OWNER"));
bytes32 constant SHORT_FREEZER = bytes32(bytes("SHORT_FREEZER"));
bytes32 constant LONG_FREEZER = bytes32(bytes("LONG_FREEZER"));
bytes32 constant PAUSER = bytes32(bytes("PAUSER"));
/**
* Main is a central hub that maintains a list of Component contracts.
*
* Components:
* - perform a specific function
* - defer auth to Main
* - usually (but not always) contain sizeable state that require a proxy
*/
struct Components {
// Definitely need proxy
IRToken rToken;
IStRSR stRSR;
IAssetRegistry assetRegistry;
IBasketHandler basketHandler;
IBackingManager backingManager;
IDistributor distributor;
IFurnace furnace;
IBroker broker;
IRevenueTrader rsrTrader;
IRevenueTrader rTokenTrader;
}
interface IAuth is IAccessControlUpgradeable {
/// Emitted when `unfreezeAt` is changed
/// @param oldVal The old value of `unfreezeAt`
/// @param newVal The new value of `unfreezeAt`
event UnfreezeAtSet(uint48 oldVal, uint48 newVal);
/// Emitted when the short freeze duration governance param is changed
/// @param oldDuration The old short freeze duration
/// @param newDuration The new short freeze duration
event ShortFreezeDurationSet(uint48 oldDuration, uint48 newDuration);
/// Emitted when the long freeze duration governance param is changed
/// @param oldDuration The old long freeze duration
/// @param newDuration The new long freeze duration
event LongFreezeDurationSet(uint48 oldDuration, uint48 newDuration);
/// Emitted when the system is paused or unpaused for trading
/// @param oldVal The old value of `tradingPaused`
/// @param newVal The new value of `tradingPaused`
event TradingPausedSet(bool oldVal, bool newVal);
/// Emitted when the system is paused or unpaused for issuance
/// @param oldVal The old value of `issuancePaused`
/// @param newVal The new value of `issuancePaused`
event IssuancePausedSet(bool oldVal, bool newVal);
/**
* Trading Paused: Disable everything except for OWNER actions, RToken.issue, RToken.redeem,
* StRSR.stake, and StRSR.payoutRewards
* Issuance Paused: Disable RToken.issue
* Frozen: Disable everything except for OWNER actions + StRSR.stake (for governance)
*/
function tradingPausedOrFrozen() external view returns (bool);
function issuancePausedOrFrozen() external view returns (bool);
function frozen() external view returns (bool);
function shortFreeze() external view returns (uint48);
function longFreeze() external view returns (uint48);
// ====
// onlyRole(OWNER)
function freezeForever() external;
// onlyRole(SHORT_FREEZER)
function freezeShort() external;
// onlyRole(LONG_FREEZER)
function freezeLong() external;
// onlyRole(OWNER)
function unfreeze() external;
function pauseTrading() external;
function unpauseTrading() external;
function pauseIssuance() external;
function unpauseIssuance() external;
}
interface IComponentRegistry {
// === Component setters/getters ===
event RTokenSet(IRToken indexed oldVal, IRToken indexed newVal);
function rToken() external view returns (IRToken);
event StRSRSet(IStRSR oldVal, IStRSR newVal);
function stRSR() external view returns (IStRSR);
event AssetRegistrySet(IAssetRegistry oldVal, IAssetRegistry newVal);
function assetRegistry() external view returns (IAssetRegistry);
event BasketHandlerSet(IBasketHandler oldVal, IBasketHandler newVal);
function basketHandler() external view returns (IBasketHandler);
event BackingManagerSet(IBackingManager oldVal, IBackingManager newVal);
function backingManager() external view returns (IBackingManager);
event DistributorSet(IDistributor oldVal, IDistributor newVal);
function distributor() external view returns (IDistributor);
event RSRTraderSet(IRevenueTrader oldVal, IRevenueTrader newVal);
function rsrTrader() external view returns (IRevenueTrader);
event RTokenTraderSet(IRevenueTrader oldVal, IRevenueTrader newVal);
function rTokenTrader() external view returns (IRevenueTrader);
event FurnaceSet(IFurnace oldVal, IFurnace newVal);
function furnace() external view returns (IFurnace);
event BrokerSet(IBroker oldVal, IBroker newVal);
function broker() external view returns (IBroker);
}
/**
* @title IMain
* @notice The central hub for the entire system. Maintains components and an owner singleton role
*/
interface IMain is IVersioned, IAuth, IComponentRegistry {
function poke() external; // not used in p1
// === Initialization ===
event MainInitialized();
function init(
Components memory components,
IERC20 rsr_,
uint48 shortFreeze_,
uint48 longFreeze_
) external;
function rsr() external view returns (IERC20);
}
interface TestIMain is IMain {
/// @custom:governance
function setShortFreeze(uint48) external;
/// @custom:governance
function setLongFreeze(uint48) external;
function shortFreeze() external view returns (uint48);
function longFreeze() external view returns (uint48);
function longFreezes(address account) external view returns (uint256);
function tradingPaused() external view returns (bool);
function issuancePaused() external view returns (bool);
}
// SPDX-License-Identifier: BlueOak-1.0.0
pragma solidity 0.8.19;
import "./IComponent.sol";
import "./ITrading.sol";
/**
* @title IRevenueTrader
* @notice The RevenueTrader is an extension of the trading mixin that trades all
* assets at its address for a single target asset. There are two runtime instances
* of the RevenueTrader, 1 for RToken and 1 for RSR.
*/
interface IRevenueTrader is IComponent, ITrading {
// Initialization
function init(
IMain main_,
IERC20 tokenToBuy_,
uint192 maxTradeSlippage_,
uint192 minTradeVolume_
) external;
/// Distribute tokenToBuy to its destinations
/// @dev Special-case of manageTokens()
/// @custom:interaction
function distributeTokenToBuy() external;
/// Return registered ERC20s to the BackingManager if distribution for tokenToBuy is 0
/// @custom:interaction
function returnTokens(IERC20[] memory erc20s) external;
/// Process some number of tokens
/// If the tokenToBuy is included in erc20s, RevenueTrader will distribute it at end of the tx
/// @param erc20s The ERC20s to manage; can be tokenToBuy or anything registered
/// @param kinds The kinds of auctions to launch: DUTCH_AUCTION | BATCH_AUCTION
/// @custom:interaction
function manageTokens(IERC20[] memory erc20s, TradeKind[] memory kinds) external;
function tokenToBuy() external view returns (IERC20);
}
// solhint-disable-next-line no-empty-blocks
interface TestIRevenueTrader is IRevenueTrader, TestITrading {
}
// SPDX-License-Identifier: BlueOak-1.0.0
pragma solidity 0.8.19;
import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
/**
* @title IRewardable
* @notice A simple interface mixin to support claiming of rewards.
*/
interface IRewardable {
/// Emitted whenever a reward token balance is claimed
/// @param erc20 The ERC20 of the reward token
/// @param amount {qTok}
event RewardsClaimed(IERC20 indexed erc20, uint256 amount);
/// Claim rewards earned by holding a balance of the ERC20 token
/// Must emit `RewardsClaimed` for each token rewards are claimed for
/// @custom:interaction
function claimRewards() external;
}
/**
* @title IRewardableComponent
* @notice A simple interface mixin to support claiming of rewards.
*/
interface IRewardableComponent is IRewardable {
/// Claim rewards for a single ERC20
/// Must emit `RewardsClaimed` for each token rewards are claimed for
/// @custom:interaction
function claimRewardsSingle(IERC20 erc20) external;
}
// SPDX-License-Identifier: BlueOak-1.0.0
pragma solidity 0.8.19;
import "@openzeppelin/contracts-upgradeable/token/ERC20/extensions/IERC20MetadataUpgradeable.sol";
// solhint-disable-next-line max-line-length
import "@openzeppelin/contracts-upgradeable/token/ERC20/extensions/draft-IERC20PermitUpgradeable.sol";
import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import "../libraries/Fixed.sol";
import "../libraries/Throttle.sol";
import "./IComponent.sol";
/**
* @title IRToken
* @notice An RToken is an ERC20 that is permissionlessly issuable/redeemable and tracks an
* exchange rate against a single unit: baskets, or {BU} in our type notation.
*/
interface IRToken is IComponent, IERC20MetadataUpgradeable, IERC20PermitUpgradeable {
/// Emitted when an issuance of RToken occurs, whether it occurs via slow minting or not
/// @param issuer The address holding collateral tokens
/// @param recipient The address of the recipient of the RTokens
/// @param amount The quantity of RToken being issued
/// @param baskets The corresponding number of baskets
event Issuance(
address indexed issuer,
address indexed recipient,
uint256 amount,
uint192 baskets
);
/// Emitted when a redemption of RToken occurs
/// @param redeemer The address holding RToken
/// @param recipient The address of the account receiving the backing collateral tokens
/// @param amount The quantity of RToken being redeemed
/// @param baskets The corresponding number of baskets
/// @param amount {qRTok} The amount of RTokens canceled
event Redemption(
address indexed redeemer,
address indexed recipient,
uint256 amount,
uint192 baskets
);
/// Emitted when the number of baskets needed changes
/// @param oldBasketsNeeded Previous number of baskets units needed
/// @param newBasketsNeeded New number of basket units needed
event BasketsNeededChanged(uint192 oldBasketsNeeded, uint192 newBasketsNeeded);
/// Emitted when RToken is melted, i.e the RToken supply is decreased but basketsNeeded is not
/// @param amount {qRTok}
event Melted(uint256 amount);
/// Emitted when issuance SupplyThrottle params are set
event IssuanceThrottleSet(ThrottleLib.Params oldVal, ThrottleLib.Params newVal);
/// Emitted when redemption SupplyThrottle params are set
event RedemptionThrottleSet(ThrottleLib.Params oldVal, ThrottleLib.Params newVal);
// Initialization
function init(
IMain main_,
string memory name_,
string memory symbol_,
string memory mandate_,
ThrottleLib.Params calldata issuanceThrottleParams,
ThrottleLib.Params calldata redemptionThrottleParams
) external;
/// Issue an RToken with basket collateral
/// @param amount {qRTok} The quantity of RToken to issue
/// @custom:interaction
function issue(uint256 amount) external;
/// Issue an RToken with basket collateral, to a particular recipient
/// @param recipient The address to receive the issued RTokens
/// @param amount {qRTok} The quantity of RToken to issue
/// @custom:interaction
function issueTo(address recipient, uint256 amount) external;
/// Redeem RToken for basket collateral
/// @dev Use redeemCustom for non-current baskets
/// @param amount {qRTok} The quantity {qRToken} of RToken to redeem
/// @custom:interaction
function redeem(uint256 amount) external;
/// Redeem RToken for basket collateral to a particular recipient
/// @dev Use redeemCustom for non-current baskets
/// @param recipient The address to receive the backing collateral tokens
/// @param amount {qRTok} The quantity {qRToken} of RToken to redeem
/// @custom:interaction
function redeemTo(address recipient, uint256 amount) external;
/// Redeem RToken for a linear combination of historical baskets, to a particular recipient
/// @dev Allows partial redemptions up to the minAmounts
/// @param recipient The address to receive the backing collateral tokens
/// @param amount {qRTok} The quantity {qRToken} of RToken to redeem
/// @param basketNonces An array of basket nonces to do redemption from
/// @param portions {1} An array of Fix quantities that must add up to FIX_ONE
/// @param expectedERC20sOut An array of ERC20s expected out
/// @param minAmounts {qTok} The minimum ERC20 quantities the caller should receive
/// @custom:interaction
function redeemCustom(
address recipient,
uint256 amount,
uint48[] memory basketNonces,
uint192[] memory portions,
address[] memory expectedERC20sOut,
uint256[] memory minAmounts
) external;
/// Mint an amount of RToken equivalent to baskets BUs, scaling basketsNeeded up
/// Callable only by BackingManager
/// @param baskets {BU} The number of baskets to mint RToken for
/// @custom:protected
function mint(uint192 baskets) external;
/// Melt a quantity of RToken from the caller's account
/// @param amount {qRTok} The amount to be melted
/// @custom:protected
function melt(uint256 amount) external;
/// Burn an amount of RToken from caller's account and scale basketsNeeded down
/// Callable only by BackingManager
/// @custom:protected
function dissolve(uint256 amount) external;
/// Set the number of baskets needed directly, callable only by the BackingManager
/// @param basketsNeeded {BU} The number of baskets to target
/// needed range: pretty interesting
/// @custom:protected
function setBasketsNeeded(uint192 basketsNeeded) external;
/// @return {BU} How many baskets are being targeted
function basketsNeeded() external view returns (uint192);
/// @return {qRTok} The maximum issuance that can be performed in the current block
function issuanceAvailable() external view returns (uint256);
/// @return {qRTok} The maximum redemption that can be performed in the current block
function redemptionAvailable() external view returns (uint256);
}
interface TestIRToken is IRToken {
function setIssuanceThrottleParams(ThrottleLib.Params calldata) external;
function setRedemptionThrottleParams(ThrottleLib.Params calldata) external;
function issuanceThrottleParams() external view returns (ThrottleLib.Params memory);
function redemptionThrottleParams() external view returns (ThrottleLib.Params memory);
function increaseAllowance(address, uint256) external returns (bool);
function decreaseAllowance(address, uint256) external returns (bool);
function monetizeDonations(IERC20) external;
}
// SPDX-License-Identifier: BlueOak-1.0.0
pragma solidity 0.8.19;
import "@openzeppelin/contracts-upgradeable/token/ERC20/extensions/IERC20MetadataUpgradeable.sol";
// solhint-disable-next-line max-line-length
import "@openzeppelin/contracts-upgradeable/token/ERC20/extensions/draft-IERC20PermitUpgradeable.sol";
import "../libraries/Fixed.sol";
import "./IComponent.sol";
/**
* @title IStRSR
* @notice An ERC20 token representing shares of the RSR over-collateralization pool.
*
* StRSR permits the BackingManager to take RSR in times of need. In return, the BackingManager
* benefits the StRSR pool with RSR rewards purchased with a portion of its revenue.
*
* In the absence of collateral default or losses due to slippage, StRSR should have a
* monotonically increasing exchange rate with respect to RSR, meaning that over time
* StRSR is redeemable for more RSR. It is non-rebasing.
*/
interface IStRSR is IERC20MetadataUpgradeable, IERC20PermitUpgradeable, IComponent {
/// Emitted when RSR is staked
/// @param era The era at time of staking
/// @param staker The address of the staker
/// @param rsrAmount {qRSR} How much RSR was staked
/// @param stRSRAmount {qStRSR} How much stRSR was minted by this staking
event Staked(
uint256 indexed era,
address indexed staker,
uint256 rsrAmount,
uint256 stRSRAmount
);
/// Emitted when an unstaking is started
/// @param draftId The id of the draft.
/// @param draftEra The era of the draft.
/// @param staker The address of the unstaker
/// The triple (staker, draftEra, draftId) is a unique ID
/// @param rsrAmount {qRSR} How much RSR this unstaking will be worth, absent seizures
/// @param stRSRAmount {qStRSR} How much stRSR was burned by this unstaking
event UnstakingStarted(
uint256 indexed draftId,
uint256 indexed draftEra,
address indexed staker,
uint256 rsrAmount,
uint256 stRSRAmount,
uint256 availableAt
);
/// Emitted when RSR is unstaked
/// @param firstId The beginning of the range of draft IDs withdrawn in this transaction
/// @param endId The end of range of draft IDs withdrawn in this transaction
/// (ID i was withdrawn if firstId <= i < endId)
/// @param draftEra The era of the draft.
/// The triple (staker, draftEra, id) is a unique ID among drafts
/// @param staker The address of the unstaker
/// @param rsrAmount {qRSR} How much RSR this unstaking was worth
event UnstakingCompleted(
uint256 indexed firstId,
uint256 indexed endId,
uint256 draftEra,
address indexed staker,
uint256 rsrAmount
);
/// Emitted when RSR unstaking is cancelled
/// @param firstId The beginning of the range of draft IDs withdrawn in this transaction
/// @param endId The end of range of draft IDs withdrawn in this transaction
/// (ID i was withdrawn if firstId <= i < endId)
/// @param draftEra The era of the draft.
/// The triple (staker, draftEra, id) is a unique ID among drafts
/// @param staker The address of the unstaker
/// @param rsrAmount {qRSR} How much RSR this unstaking was worth
event UnstakingCancelled(
uint256 indexed firstId,
uint256 indexed endId,
uint256 draftEra,
address indexed staker,
uint256 rsrAmount
);
/// Emitted whenever the exchange rate changes
event ExchangeRateSet(uint192 oldVal, uint192 newVal);
/// Emitted whenever RSR are paids out
event RewardsPaid(uint256 rsrAmt);
/// Emitted if all the RSR in the staking pool is seized and all balances are reset to zero.
event AllBalancesReset(uint256 indexed newEra);
/// Emitted if all the RSR in the unstakin pool is seized, and all ongoing unstaking is voided.
event AllUnstakingReset(uint256 indexed newEra);
event UnstakingDelaySet(uint48 oldVal, uint48 newVal);
event RewardRatioSet(uint192 oldVal, uint192 newVal);
event WithdrawalLeakSet(uint192 oldVal, uint192 newVal);
// Initialization
function init(
IMain main_,
string memory name_,
string memory symbol_,
uint48 unstakingDelay_,
uint192 rewardRatio_,
uint192 withdrawalLeak_
) external;
/// Gather and payout rewards from rsrTrader
/// @custom:interaction
function payoutRewards() external;
/// Stakes an RSR `amount` on the corresponding RToken to earn yield and over-collateralized
/// the system
/// @param amount {qRSR}
/// @custom:interaction
function stake(uint256 amount) external;
/// Begins a delayed unstaking for `amount` stRSR
/// @param amount {qStRSR}
/// @custom:interaction
function unstake(uint256 amount) external;
/// Complete delayed unstaking for the account, up to (but not including!) `endId`
/// @custom:interaction
function withdraw(address account, uint256 endId) external;
/// Cancel unstaking for the account, up to (but not including!) `endId`
/// @custom:interaction
function cancelUnstake(uint256 endId) external;
/// Seize RSR, only callable by main.backingManager()
/// @custom:protected
function seizeRSR(uint256 amount) external;
/// Reset all stakes and advance era
/// @custom:governance
function resetStakes() external;
/// Return the maximum valid value of endId such that withdraw(endId) should immediately work
function endIdForWithdraw(address account) external view returns (uint256 endId);
/// @return {qRSR/qStRSR} The exchange rate between RSR and StRSR
function exchangeRate() external view returns (uint192);
}
interface TestIStRSR is IStRSR {
function rewardRatio() external view returns (uint192);
function setRewardRatio(uint192) external;
function unstakingDelay() external view returns (uint48);
function setUnstakingDelay(uint48) external;
function withdrawalLeak() external view returns (uint192);
function setWithdrawalLeak(uint192) external;
function increaseAllowance(address, uint256) external returns (bool);
function decreaseAllowance(address, uint256) external returns (bool);
/// @return {qStRSR/qRSR} The exchange rate between StRSR and RSR
function exchangeRate() external view returns (uint192);
}
// SPDX-License-Identifier: BlueOak-1.0.0
pragma solidity 0.8.19;
import "@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol";
import "./IBroker.sol";
import "./IVersioned.sol";
enum TradeStatus {
NOT_STARTED, // before init()
OPEN, // after init() and before settle()
CLOSED, // after settle()
// === Intermediate-tx state ===
PENDING // during init() or settle() (reentrancy protection)
}
/**
* Simple generalized trading interface for all Trade contracts to obey
*
* Usage: if (canSettle()) settle()
*/
interface ITrade is IVersioned {
/// Complete the trade and transfer tokens back to the origin trader
/// @return soldAmt {qSellTok} The quantity of tokens sold
/// @return boughtAmt {qBuyTok} The quantity of tokens bought
function settle() external returns (uint256 soldAmt, uint256 boughtAmt);
function sell() external view returns (IERC20Metadata);
function buy() external view returns (IERC20Metadata);
/// @return {tok} The sell amount of the trade, in whole tokens
function sellAmount() external view returns (uint192);
/// @return The timestamp at which the trade is projected to become settle-able
function endTime() external view returns (uint48);
/// @return True if the trade can be settled
/// @dev Should be guaranteed to be true eventually as an invariant
function canSettle() external view returns (bool);
/// @return TradeKind.DUTCH_AUCTION or TradeKind.BATCH_AUCTION
// solhint-disable-next-line func-name-mixedcase
function KIND() external view returns (TradeKind);
}
// SPDX-License-Identifier: BlueOak-1.0.0
pragma solidity 0.8.19;
import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import "../libraries/Fixed.sol";
import "./IComponent.sol";
import "./ITrade.sol";
import "./IRewardable.sol";
/**
* @title ITrading
* @notice Common events and refresher function for all Trading contracts
*/
interface ITrading is IComponent, IRewardableComponent {
event MaxTradeSlippageSet(uint192 oldVal, uint192 newVal);
event MinTradeVolumeSet(uint192 oldVal, uint192 newVal);
/// Emitted when a trade is started
/// @param trade The one-time-use trade contract that was just deployed
/// @param sell The token to sell
/// @param buy The token to buy
/// @param sellAmount {qSellTok} The quantity of the selling token
/// @param minBuyAmount {qBuyTok} The minimum quantity of the buying token to accept
event TradeStarted(
ITrade indexed trade,
IERC20 indexed sell,
IERC20 indexed buy,
uint256 sellAmount,
uint256 minBuyAmount
);
/// Emitted after a trade ends
/// @param trade The one-time-use trade contract
/// @param sell The token to sell
/// @param buy The token to buy
/// @param sellAmount {qSellTok} The quantity of the token sold
/// @param buyAmount {qBuyTok} The quantity of the token bought
event TradeSettled(
ITrade indexed trade,
IERC20 indexed sell,
IERC20 indexed buy,
uint256 sellAmount,
uint256 buyAmount
);
/// Settle a single trade, expected to be used with multicall for efficient mass settlement
/// @param sell The sell token in the trade
/// @return The trade settled
/// @custom:refresher
function settleTrade(IERC20 sell) external returns (ITrade);
/// @return {%} The maximum trade slippage acceptable
function maxTradeSlippage() external view returns (uint192);
/// @return {UoA} The minimum trade volume in UoA, applies to all assets
function minTradeVolume() external view returns (uint192);
/// @return The ongoing trade for a sell token, or the zero address
function trades(IERC20 sell) external view returns (ITrade);
/// @return The number of ongoing trades open
function tradesOpen() external view returns (uint48);
/// @return The number of total trades ever opened
function tradesNonce() external view returns (uint256);
}
interface TestITrading is ITrading {
/// @custom:governance
function setMaxTradeSlippage(uint192 val) external;
/// @custom:governance
function setMinTradeVolume(uint192 val) external;
}
// SPDX-License-Identifier: BlueOak-1.0.0
pragma solidity 0.8.19;
interface IVersioned {
function version() external view returns (string memory);
}
// SPDX-License-Identifier: BlueOak-1.0.0
// solhint-disable func-name-mixedcase func-visibility
// slither-disable-start divide-before-multiply
pragma solidity ^0.8.19;
/// @title FixedPoint, a fixed-point arithmetic library defining the custom type uint192
/// @author Matt Elder <matt.elder@reserve.org> and the Reserve Team <https://reserve.org>
/** The logical type `uint192 ` is a 192 bit value, representing an 18-decimal Fixed-point
fractional value. This is what's described in the Solidity documentation as
"fixed192x18" -- a value represented by 192 bits, that makes 18 digits available to
the right of the decimal point.
The range of values that uint192 can represent is about [-1.7e20, 1.7e20].
Unless a function explicitly says otherwise, it will fail on overflow.
To be clear, the following should hold:
toFix(0) == 0
toFix(1) == 1e18
*/
// Analysis notes:
// Every function should revert iff its result is out of bounds.
// Unless otherwise noted, when a rounding mode is given, that mode is applied to
// a single division that may happen as the last step in the computation.
// Unless otherwise noted, when a rounding mode is *not* given but is needed, it's FLOOR.
// For each, we comment:
// - @return is the value expressed in "value space", where uint192(1e18) "is" 1.0
// - as-ints: is the value expressed in "implementation space", where uint192(1e18) "is" 1e18
// The "@return" expression is suitable for actually using the library
// The "as-ints" expression is suitable for testing
// A uint value passed to this library was out of bounds for uint192 operations
error UIntOutOfBounds();
bytes32 constant UIntOutofBoundsHash = keccak256(abi.encodeWithSignature("UIntOutOfBounds()"));
// Used by P1 implementation for easier casting
uint256 constant FIX_ONE_256 = 1e18;
uint8 constant FIX_DECIMALS = 18;
// If a particular uint192 is represented by the uint192 n, then the uint192 represents the
// value n/FIX_SCALE.
uint64 constant FIX_SCALE = 1e18;
// FIX_SCALE Squared:
uint128 constant FIX_SCALE_SQ = 1e36;
// The largest integer that can be converted to uint192 .
// This is a bit bigger than 3.1e39
uint192 constant FIX_MAX_INT = type(uint192).max / FIX_SCALE;
uint192 constant FIX_ZERO = 0; // The uint192 representation of zero.
uint192 constant FIX_ONE = FIX_SCALE; // The uint192 representation of one.
uint192 constant FIX_MAX = type(uint192).max; // The largest uint192. (Not an integer!)
uint192 constant FIX_MIN = 0; // The smallest uint192.
/// An enum that describes a rounding approach for converting to ints
enum RoundingMode {
FLOOR, // Round towards zero
ROUND, // Round to the nearest int
CEIL // Round away from zero
}
RoundingMode constant FLOOR = RoundingMode.FLOOR;
RoundingMode constant ROUND = RoundingMode.ROUND;
RoundingMode constant CEIL = RoundingMode.CEIL;
/* @dev Solidity 0.8.x only allows you to change one of type or size per type conversion.
Thus, all the tedious-looking double conversions like uint256(uint256 (foo))
See: https://docs.soliditylang.org/en/v0.8.17/080-breaking-changes.html#new-restrictions
*/
/// Explicitly convert a uint256 to a uint192. Revert if the input is out of bounds.
function _safeWrap(uint256 x) pure returns (uint192) {
if (FIX_MAX < x) revert UIntOutOfBounds();
return uint192(x);
}
/// Convert a uint to its Fix representation.
/// @return x
// as-ints: x * 1e18
function toFix(uint256 x) pure returns (uint192) {
return _safeWrap(x * FIX_SCALE);
}
/// Convert a uint to its fixed-point representation, and left-shift its value `shiftLeft`
/// decimal digits.
/// @return x * 10**shiftLeft
// as-ints: x * 10**(shiftLeft + 18)
function shiftl_toFix(uint256 x, int8 shiftLeft) pure returns (uint192) {
return shiftl_toFix(x, shiftLeft, FLOOR);
}
/// @return x * 10**shiftLeft
// as-ints: x * 10**(shiftLeft + 18)
function shiftl_toFix(
uint256 x,
int8 shiftLeft,
RoundingMode rounding
) pure returns (uint192) {
// conditions for avoiding overflow
if (x == 0) return 0;
if (shiftLeft <= -96) return (rounding == CEIL ? 1 : 0); // 0 < uint.max / 10**77 < 0.5
if (40 <= shiftLeft) revert UIntOutOfBounds(); // 10**56 < FIX_MAX < 10**57
shiftLeft += 18;
uint256 coeff = 10**abs(shiftLeft);
uint256 shifted = (shiftLeft >= 0) ? x * coeff : _divrnd(x, coeff, rounding);
return _safeWrap(shifted);
}
/// Divide a uint by a uint192, yielding a uint192
/// This may also fail if the result is MIN_uint192! not fixing this for optimization's sake.
/// @return x / y
// as-ints: x * 1e36 / y
function divFix(uint256 x, uint192 y) pure returns (uint192) {
// If we didn't have to worry about overflow, we'd just do `return x * 1e36 / _y`
// If it's safe to do this operation the easy way, do it:
if (x < uint256(type(uint256).max / FIX_SCALE_SQ)) {
return _safeWrap(uint256(x * FIX_SCALE_SQ) / y);
} else {
return _safeWrap(mulDiv256(x, FIX_SCALE_SQ, y));
}
}
/// Divide a uint by a uint, yielding a uint192
/// @return x / y
// as-ints: x * 1e18 / y
function divuu(uint256 x, uint256 y) pure returns (uint192) {
return _safeWrap(mulDiv256(FIX_SCALE, x, y));
}
/// @return min(x,y)
// as-ints: min(x,y)
function fixMin(uint192 x, uint192 y) pure returns (uint192) {
return x < y ? x : y;
}
/// @return max(x,y)
// as-ints: max(x,y)
function fixMax(uint192 x, uint192 y) pure returns (uint192) {
return x > y ? x : y;
}
/// @return absoluteValue(x,y)
// as-ints: absoluteValue(x,y)
function abs(int256 x) pure returns (uint256) {
return x < 0 ? uint256(-x) : uint256(x);
}
/// Divide two uints, returning a uint, using rounding mode `rounding`.
/// @return numerator / divisor
// as-ints: numerator / divisor
function _divrnd(
uint256 numerator,
uint256 divisor,
RoundingMode rounding
) pure returns (uint256) {
uint256 result = numerator / divisor;
if (rounding == FLOOR) return result;
if (rounding == ROUND) {
if (numerator % divisor > (divisor - 1) / 2) {
result++;
}
} else {
if (numerator % divisor != 0) {
result++;
}
}
return result;
}
library FixLib {
/// Again, all arithmetic functions fail if and only if the result is out of bounds.
/// Convert this fixed-point value to a uint. Round towards zero if needed.
/// @return x
// as-ints: x / 1e18
function toUint(uint192 x) internal pure returns (uint136) {
return toUint(x, FLOOR);
}
/// Convert this uint192 to a uint
/// @return x
// as-ints: x / 1e18 with rounding
function toUint(uint192 x, RoundingMode rounding) internal pure returns (uint136) {
return uint136(_divrnd(uint256(x), FIX_SCALE, rounding));
}
/// Return the uint192 shifted to the left by `decimal` digits
/// (Similar to a bitshift but in base 10)
/// @return x * 10**decimals
// as-ints: x * 10**decimals
function shiftl(uint192 x, int8 decimals) internal pure returns (uint192) {
return shiftl(x, decimals, FLOOR);
}
/// Return the uint192 shifted to the left by `decimal` digits
/// (Similar to a bitshift but in base 10)
/// @return x * 10**decimals
// as-ints: x * 10**decimals
function shiftl(
uint192 x,
int8 decimals,
RoundingMode rounding
) internal pure returns (uint192) {
// Handle overflow cases
if (x == 0) return 0;
if (decimals <= -59) return (rounding == CEIL ? 1 : 0); // 59, because 1e58 > 2**192
if (58 <= decimals) revert UIntOutOfBounds(); // 58, because x * 1e58 > 2 ** 192 if x != 0
uint256 coeff = uint256(10**abs(decimals));
return _safeWrap(decimals >= 0 ? x * coeff : _divrnd(x, coeff, rounding));
}
/// Add a uint192 to this uint192
/// @return x + y
// as-ints: x + y
function plus(uint192 x, uint192 y) internal pure returns (uint192) {
return x + y;
}
/// Add a uint to this uint192
/// @return x + y
// as-ints: x + y*1e18
function plusu(uint192 x, uint256 y) internal pure returns (uint192) {
return _safeWrap(x + y * FIX_SCALE);
}
/// Subtract a uint192 from this uint192
/// @return x - y
// as-ints: x - y
function minus(uint192 x, uint192 y) internal pure returns (uint192) {
return x - y;
}
/// Subtract a uint from this uint192
/// @return x - y
// as-ints: x - y*1e18
function minusu(uint192 x, uint256 y) internal pure returns (uint192) {
return _safeWrap(uint256(x) - uint256(y * FIX_SCALE));
}
/// Multiply this uint192 by a uint192
/// Round truncated values to the nearest available value. 5e-19 rounds away from zero.
/// @return x * y
// as-ints: x * y/1e18 [division using ROUND, not FLOOR]
function mul(uint192 x, uint192 y) internal pure returns (uint192) {
return mul(x, y, ROUND);
}
/// Multiply this uint192 by a uint192
/// @return x * y
// as-ints: x * y/1e18
function mul(
uint192 x,
uint192 y,
RoundingMode rounding
) internal pure returns (uint192) {
return _safeWrap(_divrnd(uint256(x) * uint256(y), FIX_SCALE, rounding));
}
/// Multiply this uint192 by a uint
/// @return x * y
// as-ints: x * y
function mulu(uint192 x, uint256 y) internal pure returns (uint192) {
return _safeWrap(x * y);
}
/// Divide this uint192 by a uint192
/// @return x / y
// as-ints: x * 1e18 / y
function div(uint192 x, uint192 y) internal pure returns (uint192) {
return div(x, y, FLOOR);
}
/// Divide this uint192 by a uint192
/// @return x / y
// as-ints: x * 1e18 / y
function div(
uint192 x,
uint192 y,
RoundingMode rounding
) internal pure returns (uint192) {
// Multiply-in FIX_SCALE before dividing by y to preserve precision.
return _safeWrap(_divrnd(uint256(x) * FIX_SCALE, y, rounding));
}
/// Divide this uint192 by a uint
/// @return x / y
// as-ints: x / y
function divu(uint192 x, uint256 y) internal pure returns (uint192) {
return divu(x, y, FLOOR);
}
/// Divide this uint192 by a uint
/// @return x / y
// as-ints: x / y
function divu(
uint192 x,
uint256 y,
RoundingMode rounding
) internal pure returns (uint192) {
return _safeWrap(_divrnd(x, y, rounding));
}
uint64 constant FIX_HALF = uint64(FIX_SCALE) / 2;
/// Raise this uint192 to a nonnegative integer power. Requires that x_ <= FIX_ONE
/// Gas cost is O(lg(y)), precision is +- 1e-18.
/// @return x_ ** y
// as-ints: x_ ** y / 1e18**(y-1) <- technically correct for y = 0. :D
function powu(uint192 x_, uint48 y) internal pure returns (uint192) {
require(x_ <= FIX_ONE);
if (y == 1) return x_;
if (x_ == FIX_ONE || y == 0) return FIX_ONE;
uint256 x = uint256(x_) * FIX_SCALE; // x is D36
uint256 result = FIX_SCALE_SQ; // result is D36
while (true) {
if (y & 1 == 1) result = (result * x + FIX_SCALE_SQ / 2) / FIX_SCALE_SQ;
if (y <= 1) break;
y = (y >> 1);
x = (x * x + FIX_SCALE_SQ / 2) / FIX_SCALE_SQ;
}
return _safeWrap(result / FIX_SCALE);
}
function sqrt(uint192 x) internal pure returns (uint192) {
return _safeWrap(sqrt256(x * FIX_ONE_256)); // FLOOR
}
/// Comparison operators...
function lt(uint192 x, uint192 y) internal pure returns (bool) {
return x < y;
}
function lte(uint192 x, uint192 y) internal pure returns (bool) {
return x <= y;
}
function gt(uint192 x, uint192 y) internal pure returns (bool) {
return x > y;
}
function gte(uint192 x, uint192 y) internal pure returns (bool) {
return x >= y;
}
function eq(uint192 x, uint192 y) internal pure returns (bool) {
return x == y;
}
function neq(uint192 x, uint192 y) internal pure returns (bool) {
return x != y;
}
/// Return whether or not this uint192 is less than epsilon away from y.
/// @return |x - y| < epsilon
// as-ints: |x - y| < epsilon
function near(
uint192 x,
uint192 y,
uint192 epsilon
) internal pure returns (bool) {
uint192 diff = x <= y ? y - x : x - y;
return diff < epsilon;
}
// ================ Chained Operations ================
// The operation foo_bar() always means:
// Do foo() followed by bar(), and overflow only if the _end_ result doesn't fit in an uint192
/// Shift this uint192 left by `decimals` digits, and convert to a uint
/// @return x * 10**decimals
// as-ints: x * 10**(decimals - 18)
function shiftl_toUint(uint192 x, int8 decimals) internal pure returns (uint256) {
return shiftl_toUint(x, decimals, FLOOR);
}
/// Shift this uint192 left by `decimals` digits, and convert to a uint.
/// @return x * 10**decimals
// as-ints: x * 10**(decimals - 18)
function shiftl_toUint(
uint192 x,
int8 decimals,
RoundingMode rounding
) internal pure returns (uint256) {
// Handle overflow cases
if (x == 0) return 0; // always computable, no matter what decimals is
if (decimals <= -42) return (rounding == CEIL ? 1 : 0);
if (96 <= decimals) revert UIntOutOfBounds();
decimals -= 18; // shift so that toUint happens at the same time.
uint256 coeff = uint256(10**abs(decimals));
return decimals >= 0 ? uint256(x * coeff) : uint256(_divrnd(x, coeff, rounding));
}
/// Multiply this uint192 by a uint, and output the result as a uint
/// @return x * y
// as-ints: x * y / 1e18
function mulu_toUint(uint192 x, uint256 y) internal pure returns (uint256) {
return mulDiv256(uint256(x), y, FIX_SCALE);
}
/// Multiply this uint192 by a uint, and output the result as a uint
/// @return x * y
// as-ints: x * y / 1e18
function mulu_toUint(
uint192 x,
uint256 y,
RoundingMode rounding
) internal pure returns (uint256) {
return mulDiv256(uint256(x), y, FIX_SCALE, rounding);
}
/// Multiply this uint192 by a uint192 and output the result as a uint
/// @return x * y
// as-ints: x * y / 1e36
function mul_toUint(uint192 x, uint192 y) internal pure returns (uint256) {
return mulDiv256(uint256(x), uint256(y), FIX_SCALE_SQ);
}
/// Multiply this uint192 by a uint192 and output the result as a uint
/// @return x * y
// as-ints: x * y / 1e36
function mul_toUint(
uint192 x,
uint192 y,
RoundingMode rounding
) internal pure returns (uint256) {
return mulDiv256(uint256(x), uint256(y), FIX_SCALE_SQ, rounding);
}
/// Compute x * y / z avoiding intermediate overflow
/// @dev Only use if you need to avoid overflow; costlier than x * y / z
/// @return x * y / z
// as-ints: x * y / z
function muluDivu(
uint192 x,
uint256 y,
uint256 z
) internal pure returns (uint192) {
return muluDivu(x, y, z, FLOOR);
}
/// Compute x * y / z, avoiding intermediate overflow
/// @dev Only use if you need to avoid overflow; costlier than x * y / z
/// @return x * y / z
// as-ints: x * y / z
function muluDivu(
uint192 x,
uint256 y,
uint256 z,
RoundingMode rounding
) internal pure returns (uint192) {
return _safeWrap(mulDiv256(x, y, z, rounding));
}
/// Compute x * y / z on Fixes, avoiding intermediate overflow
/// @dev Only use if you need to avoid overflow; costlier than x * y / z
/// @return x * y / z
// as-ints: x * y / z
function mulDiv(
uint192 x,
uint192 y,
uint192 z
) internal pure returns (uint192) {
return mulDiv(x, y, z, FLOOR);
}
/// Compute x * y / z on Fixes, avoiding intermediate overflow
/// @dev Only use if you need to avoid overflow; costlier than x * y / z
/// @return x * y / z
// as-ints: x * y / z
function mulDiv(
uint192 x,
uint192 y,
uint192 z,
RoundingMode rounding
) internal pure returns (uint192) {
return _safeWrap(mulDiv256(x, y, z, rounding));
}
// === safe*() ===
/// Multiply two fixes, rounding up to FIX_MAX and down to 0
/// @param a First param to multiply
/// @param b Second param to multiply
function safeMul(
uint192 a,
uint192 b,
RoundingMode rounding
) internal pure returns (uint192) {
// untestable:
// a will never = 0 here because of the check in _price()
if (a == 0 || b == 0) return 0;
// untestable:
// a = FIX_MAX iff b = 0
if (a == FIX_MAX || b == FIX_MAX) return FIX_MAX;
// return FIX_MAX instead of throwing overflow errors.
unchecked {
// p and mul *are* Fix values, so have 18 decimals (D18)
uint256 rawDelta = uint256(b) * a; // {D36} = {D18} * {D18}
// if we overflowed, then return FIX_MAX
if (rawDelta / b != a) return FIX_MAX;
uint256 shiftDelta = rawDelta;
// add in rounding
if (rounding == RoundingMode.ROUND) shiftDelta += (FIX_ONE / 2);
else if (rounding == RoundingMode.CEIL) shiftDelta += FIX_ONE - 1;
// untestable (here there be dragons):
// (below explanation is for the ROUND case, but it extends to the FLOOR/CEIL too)
// A) shiftDelta = rawDelta + (FIX_ONE / 2)
// shiftDelta overflows if:
// B) shiftDelta = MAX_UINT256 - FIX_ONE/2 + 1
// rawDelta + (FIX_ONE/2) = MAX_UINT256 - FIX_ONE/2 + 1
// b * a = MAX_UINT256 - FIX_ONE + 1
// therefore shiftDelta overflows if:
// C) b = (MAX_UINT256 - FIX_ONE + 1) / a
// MAX_UINT256 ~= 1e77 , FIX_MAX ~= 6e57 (6e20 difference in magnitude)
// a <= 1e21 (MAX_TARGET_AMT)
// a must be between 1e19 & 1e20 in order for b in (C) to be uint192,
// but a would have to be < 1e18 in order for (A) to overflow
if (shiftDelta < rawDelta) return FIX_MAX;
// return FIX_MAX if return result would truncate
if (shiftDelta / FIX_ONE > FIX_MAX) return FIX_MAX;
// return _div(rawDelta, FIX_ONE, rounding)
return uint192(shiftDelta / FIX_ONE); // {D18} = {D36} / {D18}
}
}
/// Divide two fixes, rounding up to FIX_MAX and down to 0
/// @param a Numerator
/// @param b Denominator
function safeDiv(
uint192 a,
uint192 b,
RoundingMode rounding
) internal pure returns (uint192) {
if (a == 0) return 0;
if (b == 0) return FIX_MAX;
uint256 raw = _divrnd(FIX_ONE_256 * a, uint256(b), rounding);
if (raw >= FIX_MAX) return FIX_MAX;
return uint192(raw); // don't need _safeWrap
}
/// Multiplies two fixes and divide by a third
/// @param a First to multiply
/// @param b Second to multiply
/// @param c Denominator
function safeMulDiv(
uint192 a,
uint192 b,
uint192 c,
RoundingMode rounding
) internal pure returns (uint192 result) {
if (a == 0 || b == 0) return 0;
if (a == FIX_MAX || b == FIX_MAX || c == 0) return FIX_MAX;
uint256 result_256;
unchecked {
(uint256 hi, uint256 lo) = fullMul(a, b);
if (hi >= c) return FIX_MAX;
uint256 mm = mulmod(a, b, c);
if (mm > lo) hi -= 1;
lo -= mm;
uint256 pow2 = c & (0 - c);
uint256 c_256 = uint256(c);
// Warning: Should not access c below this line
c_256 /= pow2;
lo /= pow2;
lo += hi * ((0 - pow2) / pow2 + 1);
uint256 r = 1;
r *= 2 - c_256 * r;
r *= 2 - c_256 * r;
r *= 2 - c_256 * r;
r *= 2 - c_256 * r;
r *= 2 - c_256 * r;
r *= 2 - c_256 * r;
r *= 2 - c_256 * r;
r *= 2 - c_256 * r;
result_256 = lo * r;
// Apply rounding
if (rounding == CEIL) {
if (mm != 0) result_256 += 1;
} else if (rounding == ROUND) {
if (mm > ((c_256 - 1) / 2)) result_256 += 1;
}
}
if (result_256 >= FIX_MAX) return FIX_MAX;
return uint192(result_256);
}
}
// ================ a couple pure-uint helpers================
// as-ints comments are omitted here, because they're the same as @return statements, because
// these are all pure uint functions
/// Return (x*y/z), avoiding intermediate overflow.
// Adapted from sources:
// https://medium.com/coinmonks/4db014e080b1, https://medium.com/wicketh/afa55870a65
// and quite a few of the other excellent "Mathemagic" posts from https://medium.com/wicketh
/// @dev Only use if you need to avoid overflow; costlier than x * y / z
/// @return result x * y / z
function mulDiv256(
uint256 x,
uint256 y,
uint256 z
) pure returns (uint256 result) {
unchecked {
(uint256 hi, uint256 lo) = fullMul(x, y);
if (hi >= z) revert UIntOutOfBounds();
uint256 mm = mulmod(x, y, z);
if (mm > lo) hi -= 1;
lo -= mm;
uint256 pow2 = z & (0 - z);
z /= pow2;
lo /= pow2;
lo += hi * ((0 - pow2) / pow2 + 1);
uint256 r = 1;
r *= 2 - z * r;
r *= 2 - z * r;
r *= 2 - z * r;
r *= 2 - z * r;
r *= 2 - z * r;
r *= 2 - z * r;
r *= 2 - z * r;
r *= 2 - z * r;
result = lo * r;
}
}
/// Return (x*y/z), avoiding intermediate overflow.
/// @dev Only use if you need to avoid overflow; costlier than x * y / z
/// @return x * y / z
function mulDiv256(
uint256 x,
uint256 y,
uint256 z,
RoundingMode rounding
) pure returns (uint256) {
uint256 result = mulDiv256(x, y, z);
if (rounding == FLOOR) return result;
uint256 mm = mulmod(x, y, z);
if (rounding == CEIL) {
if (mm != 0) result += 1;
} else {
if (mm > ((z - 1) / 2)) result += 1; // z should be z-1
}
return result;
}
/// Return (x*y) as a "virtual uint512" (lo, hi), representing (hi*2**256 + lo)
/// Adapted from sources:
/// https://medium.com/wicketh/27650fec525d, https://medium.com/coinmonks/4db014e080b1
/// @dev Intended to be internal to this library
/// @return hi (hi, lo) satisfies hi*(2**256) + lo == x * y
/// @return lo (paired with `hi`)
function fullMul(uint256 x, uint256 y) pure returns (uint256 hi, uint256 lo) {
unchecked {
uint256 mm = mulmod(x, y, uint256(0) - uint256(1));
lo = x * y;
hi = mm - lo;
if (mm < lo) hi -= 1;
}
}
// =============== from prbMath at commit 28055f6cd9a2367f9ad7ab6c8e01c9ac8e9acc61 ===============
/// @notice Calculates the square root of x using the Babylonian method.
///
/// @dev See https://en.wikipedia.org/wiki/Methods_of_computing_square_roots#Babylonian_method.
///
/// Notes:
/// - If x is not a perfect square, the result is rounded down.
/// - Credits to OpenZeppelin for the explanations in comments below.
///
/// @param x The uint256 number for which to calculate the square root.
/// @return result The result as a uint256.
function sqrt256(uint256 x) pure returns (uint256 result) {
if (x == 0) {
return 0;
}
// For our first guess, we calculate the biggest power of 2 which is smaller than the square root of x.
//
// We know that the "msb" (most significant bit) of x is a power of 2 such that we have:
//
// $$
// msb(x) <= x <= 2*msb(x)$
// $$
//
// We write $msb(x)$ as $2^k$, and we get:
//
// $$
// k = log_2(x)
// $$
//
// Thus, we can write the initial inequality as:
//
// $$
// 2^{log_2(x)} <= x <= 2*2^{log_2(x)+1} \\\\
// sqrt(2^k) <= sqrt(x) < sqrt(2^{k+1}) \\\\
// 2^{k/2} <= sqrt(x) < 2^{(k+1)/2} <= 2^{(k/2)+1}
// $$
//
// Consequently, $2^{log_2(x) /2} is a good first approximation of sqrt(x) with at least one correct bit.
uint256 xAux = uint256(x);
result = 1;
if (xAux >= 2**128) {
xAux >>= 128;
result <<= 64;
}
if (xAux >= 2**64) {
xAux >>= 64;
result <<= 32;
}
if (xAux >= 2**32) {
xAux >>= 32;
result <<= 16;
}
if (xAux >= 2**16) {
xAux >>= 16;
result <<= 8;
}
if (xAux >= 2**8) {
xAux >>= 8;
result <<= 4;
}
if (xAux >= 2**4) {
xAux >>= 4;
result <<= 2;
}
if (xAux >= 2**2) {
result <<= 1;
}
// At this point, `result` is an estimation with at least one bit of precision. We know the true value has at
// most 128 bits, since it is the square root of a uint256. Newton's method converges quadratically (precision
// doubles at every iteration). We thus need at most 7 iteration to turn our partial result with one bit of
// precision into the expected uint128 result.
unchecked {
result = (result + x / result) >> 1;
result = (result + x / result) >> 1;
result = (result + x / result) >> 1;
result = (result + x / result) >> 1;
result = (result + x / result) >> 1;
result = (result + x / result) >> 1;
result = (result + x / result) >> 1;
// If x is not a perfect square, round the result toward zero.
uint256 roundedResult = x / result;
if (result >= roundedResult) {
result = roundedResult;
}
}
}
// slither-disable-end divide-before-multiply
// SPDX-License-Identifier: BlueOak-1.0.0
pragma solidity 0.8.19;
import "@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol";
import "@openzeppelin/contracts-upgradeable/utils/cryptography/SignatureCheckerUpgradeable.sol";
/// Internal library for verifying metatx sigs for EOAs and smart contract wallets
/// See ERC1271
library PermitLib {
function requireSignature(
address owner,
bytes32 hash,
uint8 v,
bytes32 r,
bytes32 s
) internal view {
if (AddressUpgradeable.isContract(owner)) {
require(
IERC1271Upgradeable(owner).isValidSignature(hash, abi.encodePacked(r, s, v)) ==
0x1626ba7e,
"ERC1271: Unauthorized"
);
} else {
require(
SignatureCheckerUpgradeable.isValidSignatureNow(
owner,
hash,
abi.encodePacked(r, s, v)
),
"ERC20Permit: invalid signature"
);
}
}
}
// SPDX-License-Identifier: BlueOak-1.0.0
pragma solidity 0.8.19;
import "./Fixed.sol";
uint48 constant ONE_HOUR = 3600; // {seconds/hour}
/**
* @title ThrottleLib
* A library that implements a usage throttle that can be used to ensure net issuance
* or net redemption for an RToken never exceeds some bounds per unit time (hour).
*
* It is expected for the RToken to use this library with two instances, one for issuance
* and one for redemption. Issuance causes the available redemption amount to increase, and
* visa versa.
*/
library ThrottleLib {
using FixLib for uint192;
struct Params {
uint256 amtRate; // {qRTok/hour} a quantity of RToken hourly; cannot be 0
uint192 pctRate; // {1/hour} a fraction of RToken hourly; can be 0
}
struct Throttle {
// === Gov params ===
Params params;
// === Cache ===
uint48 lastTimestamp; // {seconds}
uint256 lastAvailable; // {qRTok}
}
/// Reverts if usage amount exceeds available amount
/// @param supply {qRTok} Total RToken supply beforehand
/// @param amount {qRTok} Amount of RToken to use. Should be negative for the issuance
/// throttle during redemption and for the redemption throttle during issuance.
function useAvailable(
Throttle storage throttle,
uint256 supply,
int256 amount
) internal {
// untestable: amtRate will always be > 0 due to previous validations
if (throttle.params.amtRate == 0 && throttle.params.pctRate == 0) return;
// Calculate hourly limit
uint256 limit = hourlyLimit(throttle, supply); // {qRTok}
// Calculate available amount before supply change
uint256 available = currentlyAvailable(throttle, limit);
// Update throttle.timestamp if available amount changed or at limit
if (available != throttle.lastAvailable || available == limit) {
throttle.lastTimestamp = uint48(block.timestamp);
}
// Update throttle.lastAvailable
if (amount > 0) {
require(uint256(amount) <= available, "supply change throttled");
available -= uint256(amount);
// untestable: the final else statement, amount will never be 0
} else if (amount < 0) {
available += uint256(-amount);
}
throttle.lastAvailable = available;
}
/// @param limit {qRTok/hour} The hourly limit
/// @return available {qRTok} Amount currently available for consumption
function currentlyAvailable(Throttle storage throttle, uint256 limit)
internal
view
returns (uint256 available)
{
uint48 delta = uint48(block.timestamp) - throttle.lastTimestamp; // {seconds}
available = throttle.lastAvailable + (limit * delta) / ONE_HOUR;
if (available > limit) available = limit;
}
/// @return limit {qRTok} The hourly limit
function hourlyLimit(Throttle storage throttle, uint256 supply)
internal
view
returns (uint256 limit)
{
Params storage params = throttle.params;
// Calculate hourly limit as: max(params.amtRate, supply.mul(params.pctRate))
limit = (supply * params.pctRate) / FIX_ONE_256; // {qRTok}
if (params.amtRate > limit) limit = params.amtRate;
}
}
// SPDX-License-Identifier: BlueOak-1.0.0
pragma solidity 0.8.19;
import "../interfaces/IVersioned.sol";
// This value should be updated on each release
string constant VERSION = "3.4.0";
/**
* @title Versioned
* @notice A mix-in to track semantic versioning uniformly across contracts.
*/
abstract contract Versioned is IVersioned {
function version() public pure virtual override returns (string memory) {
return VERSION;
}
}
// SPDX-License-Identifier: BlueOak-1.0.0
pragma solidity 0.8.19;
import "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
import "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
import "@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol";
import "../../interfaces/IComponent.sol";
import "../../interfaces/IMain.sol";
import "../../mixins/Versioned.sol";
/**
* Abstract superclass for system contracts registered in Main
*/
abstract contract ComponentP1 is
Versioned,
Initializable,
ContextUpgradeable,
UUPSUpgradeable,
IComponent
{
IMain public main;
/// @custom:oz-upgrades-unsafe-allow constructor
// solhint-disable-next-line no-empty-blocks
constructor() initializer {}
// Sets main for the component - Can only be called during initialization
// untestable:
// `else` branch of `onlyInitializing` (ie. revert) is currently untestable.
// This function is only called inside other `init` functions, each of which is wrapped
// in an `initializer` modifier, which would fail first.
// solhint-disable-next-line func-name-mixedcase
function __Component_init(IMain main_) internal onlyInitializing {
require(address(main_) != address(0), "main is zero address");
__UUPSUpgradeable_init();
main = main_;
}
// === See docs/pause-freeze-states.md ===
modifier notTradingPausedOrFrozen() {
require(!main.tradingPausedOrFrozen(), "frozen or trading paused");
_;
}
modifier notIssuancePausedOrFrozen() {
require(!main.issuancePausedOrFrozen(), "frozen or issuance paused");
_;
}
modifier notFrozen() {
require(!main.frozen(), "frozen");
_;
}
modifier governance() {
require(main.hasRole(OWNER, _msgSender()), "governance only");
_;
}
// solhint-disable-next-line no-empty-blocks
function _authorizeUpgrade(address newImplementation) internal view override governance {}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[49] private __gap;
}
// SPDX-License-Identifier: BlueOak-1.0.0
pragma solidity 0.8.19;
// solhint-disable-next-line max-line-length
import "@openzeppelin/contracts-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol";
import "../interfaces/IMain.sol";
import "../interfaces/IRToken.sol";
import "../libraries/Fixed.sol";
import "../libraries/Throttle.sol";
import "../vendor/ERC20PermitUpgradeable.sol";
import "./mixins/Component.sol";
/**
* @title RTokenP1
* An ERC20 with an elastic supply and governable exchange rate to basket units.
*/
contract RTokenP1 is ComponentP1, ERC20PermitUpgradeable, IRToken {
using FixLib for uint192;
using ThrottleLib for ThrottleLib.Throttle;
using SafeERC20Upgradeable for IERC20Upgradeable;
uint256 public constant MIN_THROTTLE_RATE_AMT = 1e18; // {qRTok}
uint256 public constant MAX_THROTTLE_RATE_AMT = 1e48; // {qRTok}
uint192 public constant MAX_THROTTLE_PCT_AMT = 1e18; // {qRTok}
uint192 public constant MIN_EXCHANGE_RATE = 1e9; // D18{BU/rTok}
uint192 public constant MAX_EXCHANGE_RATE = 1e27; // D18{BU/rTok}
/// The mandate describes what goals its governors should try to achieve. By succinctly
/// explaining the RToken’s purpose and what the RToken is intended to do, it provides common
/// ground for the governors to decide upon priorities and how to weigh tradeoffs.
///
/// Example Mandates:
///
/// - Capital preservation first. Spending power preservation second. Permissionless
/// access third.
/// - Capital preservation above all else. All revenues fund the over-collateralization pool.
/// - Risk-neutral pursuit of profit for token holders.
/// Maximize (gross revenue - payments for over-collateralization and governance).
/// - This RToken holds only FooCoin, to provide a trade for hedging against its
/// possible collapse.
///
/// The mandate may also be a URI to a longer body of text, presumably on IPFS or some other
/// immutable data store.
string public mandate;
// ==== Peer components ====
IAssetRegistry private assetRegistry;
IBasketHandler private basketHandler;
IBackingManager private backingManager;
IFurnace private furnace;
// The number of baskets that backingManager must hold
// in order for this RToken to be fully collateralized.
// The exchange rate for issuance and redemption is totalSupply()/basketsNeeded {BU}/{qRTok}.
uint192 public basketsNeeded; // D18{BU}
// === Supply throttles ===
ThrottleLib.Throttle private issuanceThrottle;
ThrottleLib.Throttle private redemptionThrottle;
function init(
IMain main_,
string calldata name_,
string calldata symbol_,
string calldata mandate_,
ThrottleLib.Params calldata issuanceThrottleParams_,
ThrottleLib.Params calldata redemptionThrottleParams_
) external initializer {
require(bytes(name_).length != 0, "name empty");
require(bytes(symbol_).length != 0, "symbol empty");
require(bytes(mandate_).length != 0, "mandate empty");
__Component_init(main_);
__ERC20_init(name_, symbol_);
__ERC20Permit_init(name_);
assetRegistry = main_.assetRegistry();
basketHandler = main_.basketHandler();
backingManager = main_.backingManager();
furnace = main_.furnace();
mandate = mandate_;
setIssuanceThrottleParams(issuanceThrottleParams_);
setRedemptionThrottleParams(redemptionThrottleParams_);
issuanceThrottle.lastTimestamp = uint48(block.timestamp);
redemptionThrottle.lastTimestamp = uint48(block.timestamp);
}
/// Issue an RToken on the current basket
/// Do no use inifite approvals. Instead, use BasketHandler.quote() to determine the amount
/// of backing tokens to approve.
/// @param amount {qTok} The quantity of RToken to issue
/// @custom:interaction nearly CEI, but see comments around handling of refunds
function issue(uint256 amount) public {
issueTo(_msgSender(), amount);
}
/// Issue an RToken on the current basket, to a particular recipient
/// Do no use inifite approvals. Instead, use BasketHandler.quote() to determine the amount
/// of backing tokens to approve.
/// @param recipient The address to receive the issued RTokens
/// @param amount {qRTok} The quantity of RToken to issue
/// @custom:interaction RCEI
// BU exchange rate cannot decrease, and it can only increase when < FIX_ONE.
function issueTo(address recipient, uint256 amount) public notIssuancePausedOrFrozen {
require(amount != 0, "Cannot issue zero");
// == Refresh ==
assetRegistry.refresh();
// == Checks-effects block ==
address issuer = _msgSender(); // OK to save: it can't be changed in reentrant runs
// Ensure basket is ready, SOUND and not in warmup period
require(basketHandler.isReady(), "basket not ready");
uint256 supply = totalSupply();
// Revert if issuance exceeds either supply throttle
issuanceThrottle.useAvailable(supply, int256(amount)); // reverts on over-issuance
redemptionThrottle.useAvailable(supply, -int256(amount)); // shouldn't revert
// AT THIS POINT:
// all contract invariants hold
// furnace melting is up-to-date
// asset states are up-to-date
// throttle is up-to-date
// amtBaskets: the BU change to be recorded by this issuance
// D18{BU} = D18{BU} * {qRTok} / {qRTok}
// revert-on-overflow provided by FixLib functions
uint192 amtBaskets = supply != 0
? basketsNeeded.muluDivu(amount, supply, CEIL)
: _safeWrap(amount);
emit Issuance(issuer, recipient, amount, amtBaskets);
(address[] memory erc20s, uint256[] memory deposits) = basketHandler.quote(
amtBaskets,
CEIL
);
// == Interactions: Create RToken + transfer tokens to BackingManager ==
_scaleUp(recipient, amtBaskets, supply);
for (uint256 i = 0; i < erc20s.length; ++i) {
IERC20Upgradeable(erc20s[i]).safeTransferFrom(
issuer,
address(backingManager),
deposits[i]
);
}
}
/// Redeem RToken for basket collateral
/// @param amount {qTok} The quantity {qRToken} of RToken to redeem
/// @custom:interaction CEI
function redeem(uint256 amount) external {
redeemTo(_msgSender(), amount);
}
/// Redeem RToken for basket collateral to a particular recipient
// checks:
// amount > 0
// amount <= balanceOf(caller)
//
// effects:
// (so totalSupply -= amount and balanceOf(caller) -= amount)
// basketsNeeded' / totalSupply' >== basketsNeeded / totalSupply
// burn(caller, amount)
//
// actions:
// let erc20s = basketHandler.erc20s()
// for each token in erc20s:
// let tokenAmt = (amount * basketsNeeded / totalSupply) current baskets
// do token.transferFrom(backingManager, caller, tokenAmt)
// BU exchange rate cannot decrease, and it can only increase when < FIX_ONE.
/// @param recipient The address to receive the backing collateral tokens
/// @param amount {qRTok} The quantity {qRToken} of RToken to redeem
/// @custom:interaction RCEI
function redeemTo(address recipient, uint256 amount) public notFrozen {
// == Refresh ==
assetRegistry.refresh();
// == Checks and Effects ==
address caller = _msgSender();
require(amount != 0, "Cannot redeem zero");
require(amount <= balanceOf(caller), "insufficient balance");
require(basketHandler.fullyCollateralized(), "partial redemption; use redeemCustom");
// redemption while IFFY/DISABLED allowed
uint256 supply = totalSupply();
// Revert if redemption exceeds either supply throttle
issuanceThrottle.useAvailable(supply, -int256(amount));
redemptionThrottle.useAvailable(supply, int256(amount)); // reverts on over-redemption
// {BU}
uint192 baskets = _scaleDown(caller, amount);
emit Redemption(caller, recipient, amount, baskets);
(address[] memory erc20s, uint256[] memory amounts) = basketHandler.quote(baskets, FLOOR);
// === Interactions ===
for (uint256 i = 0; i < erc20s.length; ++i) {
if (amounts[i] == 0) continue;
// Send withdrawal
// slither-disable-next-line arbitrary-send-erc20
IERC20Upgradeable(erc20s[i]).safeTransferFrom(
address(backingManager),
recipient,
amounts[i]
);
}
}
/// Redeem RToken for a linear combination of historical baskets, to a particular recipient
// checks:
// amount > 0
// amount <= balanceOf(caller)
// sum(portions) == FIX_ONE
// nonce >= basketHandler.primeNonce() for nonce in basketNonces
//
// effects:
// (so totalSupply -= amount and balanceOf(caller) -= amount)
// basketsNeeded' / totalSupply' >== basketsNeeded / totalSupply
// burn(caller, amount)
//
// actions:
// for each token in erc20s:
// let tokenAmt = (amount * basketsNeeded / totalSupply) custom baskets
// let prorataAmt = (amount / totalSupply) * token.balanceOf(backingManager)
// do token.transferFrom(backingManager, caller, min(tokenAmt, prorataAmt))
// BU exchange rate cannot decrease, and it can only increase when < FIX_ONE.
/// @dev Allows partial redemptions up to the minAmounts
/// @param recipient The address to receive the backing collateral tokens
/// @param amount {qRTok} The quantity {qRToken} of RToken to redeem
/// @param basketNonces An array of basket nonces to do redemption from
/// @param portions {1} An array of Fix quantities that must add up to FIX_ONE
/// @param expectedERC20sOut An array of ERC20s expected out
/// @param minAmounts {qTok} The minimum ERC20 quantities the caller should receive
/// @custom:interaction RCEI
function redeemCustom(
address recipient,
uint256 amount,
uint48[] memory basketNonces,
uint192[] memory portions,
address[] memory expectedERC20sOut,
uint256[] memory minAmounts
) external notFrozen {
// == Refresh ==
assetRegistry.refresh();
// == Checks and Effects ==
require(amount != 0, "Cannot redeem zero");
require(amount <= balanceOf(_msgSender()), "insufficient balance");
uint256 portionsSum;
for (uint256 i = 0; i < portions.length; ++i) {
portionsSum += portions[i];
}
require(portionsSum == FIX_ONE, "portions do not add up to FIX_ONE");
uint256 supply = totalSupply();
// Revert if redemption exceeds either supply throttle
issuanceThrottle.useAvailable(supply, -int256(amount));
redemptionThrottle.useAvailable(supply, int256(amount)); // reverts on over-redemption
// {BU}
uint192 baskets = _scaleDown(_msgSender(), amount);
emit Redemption(_msgSender(), recipient, amount, baskets);
// === Get basket redemption amounts ===
(address[] memory erc20s, uint256[] memory amounts) = basketHandler.quoteCustomRedemption(
basketNonces,
portions,
baskets
);
// ==== Prorate redemption ====
// i.e, set amounts = min(amounts, balances * amount / totalSupply)
// where balances[i] = erc20s[i].balanceOf(backingManager)
// Bound each withdrawal by the prorata share, in case we're currently under-collateralized
for (uint256 i = 0; i < erc20s.length; ++i) {
// {qTok} = {qTok} * {qRTok} / {qRTok}
uint256 prorata = mulDiv256(
IERC20(erc20s[i]).balanceOf(address(backingManager)),
amount,
supply
); // FLOOR
if (prorata < amounts[i]) amounts[i] = prorata;
}
// === Save initial recipient balances ===
uint256[] memory pastBals = new uint256[](expectedERC20sOut.length);
for (uint256 i = 0; i < expectedERC20sOut.length; ++i) {
pastBals[i] = IERC20(expectedERC20sOut[i]).balanceOf(recipient);
// we haven't verified this ERC20 is registered but this is always a staticcall
}
// === Interactions ===
// Distribute tokens; revert if empty redemption
{
bool allZero = true;
for (uint256 i = 0; i < erc20s.length; ++i) {
if (amounts[i] == 0) continue; // unregistered ERC20s will have 0 amount
if (allZero) allZero = false;
// Send withdrawal
// slither-disable-next-line arbitrary-send-erc20
IERC20Upgradeable(erc20s[i]).safeTransferFrom(
address(backingManager),
recipient,
amounts[i]
);
}
if (allZero) revert("empty redemption");
}
// === Post-checks ===
// Check post-balances
for (uint256 i = 0; i < expectedERC20sOut.length; ++i) {
uint256 bal = IERC20(expectedERC20sOut[i]).balanceOf(recipient);
// we haven't verified this ERC20 is registered but this is always a staticcall
require(bal - pastBals[i] >= minAmounts[i], "redemption below minimum");
}
}
/// Mint an amount of RToken equivalent to baskets BUs, scaling basketsNeeded up
/// Callable only by BackingManager
/// @param baskets {BU} The number of baskets to mint RToken for
/// @custom:protected
// checks: caller is backingManager
// effects:
// bal'[recipient] = bal[recipient] + amtRToken
// totalSupply' = totalSupply + amtRToken
// basketsNeeded' = basketsNeeded + baskets
// BU exchange rate cannot decrease, and it can only increase when < FIX_ONE.
function mint(uint192 baskets) external {
require(_msgSender() == address(backingManager), "not backing manager");
_scaleUp(address(backingManager), baskets, totalSupply());
}
/// Melt a quantity of RToken from the caller's account, increasing the basket rate
/// @param amtRToken {qRTok} The amtRToken to be melted
/// @custom:protected
// checks: caller is furnace
// effects:
// bal'[caller] = bal[caller] - amtRToken
// totalSupply' = totalSupply - amtRToken
// BU exchange rate cannot decrease
// BU exchange rate CAN increase, but we already trust furnace to do this slowly
function melt(uint256 amtRToken) external {
address caller = _msgSender();
require(caller == address(furnace), "furnace only");
_burn(caller, amtRToken);
emit Melted(amtRToken);
}
/// Burn an amount of RToken from caller's account and scale basketsNeeded down
/// Callable only by backingManager
/// @param amount {qRTok}
/// @custom:protected
// checks: caller is backingManager
// effects:
// bal'[recipient] = bal[recipient] - amtRToken
// totalSupply' = totalSupply - amtRToken
// basketsNeeded' = basketsNeeded - baskets
// BU exchange rate cannot decrease, and it can only increase when < FIX_ONE.
function dissolve(uint256 amount) external {
address caller = _msgSender();
require(caller == address(backingManager), "not backing manager");
_scaleDown(caller, amount);
}
/// An affordance of last resort for Main in order to ensure re-capitalization
/// @custom:protected
// checks: caller is backingManager
// effects: basketsNeeded' = basketsNeeded_
function setBasketsNeeded(uint192 basketsNeeded_) external notTradingPausedOrFrozen {
require(_msgSender() == address(backingManager), "not backing manager");
emit BasketsNeededChanged(basketsNeeded, basketsNeeded_);
basketsNeeded = basketsNeeded_;
// == P0 exchangeRateIsValidAfter modifier ==
uint256 supply = totalSupply();
require(supply != 0, "0 supply");
// Note: These are D18s, even though they are uint256s. This is because
// we cannot assume we stay inside our valid range here, as that is what
// we are checking in the first place
uint256 low = (FIX_ONE_256 * basketsNeeded_) / supply; // D18{BU/rTok}
uint256 high = (FIX_ONE_256 * basketsNeeded_ + (supply - 1)) / supply; // D18{BU/rTok}
// here we take advantage of an implicit upcast from uint192 exchange rates
require(low >= MIN_EXCHANGE_RATE && high <= MAX_EXCHANGE_RATE, "BU rate out of range");
}
/// Sends all token balance of erc20 (if it is registered) to the BackingManager
/// @custom:interaction
function monetizeDonations(IERC20 erc20) external notTradingPausedOrFrozen {
require(assetRegistry.isRegistered(erc20), "erc20 unregistered");
IERC20Upgradeable(address(erc20)).safeTransfer(
address(backingManager),
erc20.balanceOf(address(this))
);
}
// ==== Throttle setters/getters ====
/// @return {qRTok} The maximum issuance that can be performed in the current block
function issuanceAvailable() external view returns (uint256) {
return issuanceThrottle.currentlyAvailable(issuanceThrottle.hourlyLimit(totalSupply()));
}
/// @return available {qRTok} The maximum redemption that can be performed in the current block
function redemptionAvailable() external view returns (uint256 available) {
uint256 supply = totalSupply();
available = redemptionThrottle.currentlyAvailable(redemptionThrottle.hourlyLimit(supply));
if (supply < available) available = supply;
}
/// @return The issuance throttle parametrization
function issuanceThrottleParams() external view returns (ThrottleLib.Params memory) {
return issuanceThrottle.params;
}
/// @return The redemption throttle parametrization
function redemptionThrottleParams() external view returns (ThrottleLib.Params memory) {
return redemptionThrottle.params;
}
/// @custom:governance
function setIssuanceThrottleParams(ThrottleLib.Params calldata params) public governance {
require(params.amtRate >= MIN_THROTTLE_RATE_AMT, "issuance amtRate too small");
require(params.amtRate <= MAX_THROTTLE_RATE_AMT, "issuance amtRate too big");
require(params.pctRate <= MAX_THROTTLE_PCT_AMT, "issuance pctRate too big");
issuanceThrottle.useAvailable(totalSupply(), 0);
emit IssuanceThrottleSet(issuanceThrottle.params, params);
issuanceThrottle.params = params;
}
/// @custom:governance
function setRedemptionThrottleParams(ThrottleLib.Params calldata params) public governance {
require(params.amtRate >= MIN_THROTTLE_RATE_AMT, "redemption amtRate too small");
require(params.amtRate <= MAX_THROTTLE_RATE_AMT, "redemption amtRate too big");
require(params.pctRate <= MAX_THROTTLE_PCT_AMT, "redemption pctRate too big");
redemptionThrottle.useAvailable(totalSupply(), 0);
emit RedemptionThrottleSet(redemptionThrottle.params, params);
redemptionThrottle.params = params;
}
// ==== Private ====
/// Mint an amount of RToken equivalent to amtBaskets and scale basketsNeeded up
/// @param recipient The address to receive the RTokens
/// @param amtBaskets {BU} The number of amtBaskets to mint RToken for
/// @param totalSupply {qRTok} The current totalSupply
// effects:
// bal'[recipient] = bal[recipient] + amtRToken
// totalSupply' = totalSupply + amtRToken
// basketsNeeded' = basketsNeeded + amtBaskets
// BU exchange rate cannot decrease, and it can only increase when < FIX_ONE.
function _scaleUp(
address recipient,
uint192 amtBaskets,
uint256 totalSupply
) private {
// take advantage of 18 decimals during casting
uint256 amtRToken = totalSupply != 0
? amtBaskets.muluDivu(totalSupply, basketsNeeded) // {rTok} = {BU} * {qRTok} * {qRTok}
: amtBaskets; // {rTok}
emit BasketsNeededChanged(basketsNeeded, basketsNeeded + amtBaskets);
basketsNeeded += amtBaskets;
// Mint RToken to recipient
_mint(recipient, amtRToken);
}
/// Burn an amount of RToken and scale basketsNeeded down
/// @param account The address to dissolve RTokens from
/// @param amtRToken {qRTok} The amount of RToken to be dissolved
/// @return amtBaskets {BU} The equivalent number of baskets dissolved
// effects:
// bal'[recipient] = bal[recipient] - amtRToken
// totalSupply' = totalSupply - amtRToken
// basketsNeeded' = basketsNeeded - amtBaskets
// BU exchange rate cannot decrease, and it can only increase when < FIX_ONE.
function _scaleDown(address account, uint256 amtRToken) private returns (uint192 amtBaskets) {
// D18{BU} = D18{BU} * {qRTok} / {qRTok}
amtBaskets = basketsNeeded.muluDivu(amtRToken, totalSupply()); // FLOOR
emit BasketsNeededChanged(basketsNeeded, basketsNeeded - amtBaskets);
basketsNeeded -= amtBaskets;
// Burn RToken from account; reverts if not enough balance
_burn(account, amtRToken);
}
/**
* @dev Hook that is called before any transfer of tokens. This includes
* minting and burning.
*
* Calling conditions:
*
* - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens
* will be transferred to `to`.
* - when `from` is zero, `amount` tokens will be minted for `to`.
* - when `to` is zero, `amount` of ``from``'s tokens will be burned.
* - `from` and `to` are never both zero.
*/
function _beforeTokenTransfer(
address,
address to,
uint256
) internal virtual override {
require(to != address(this), "RToken transfer to self");
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*
* RToken uses 56 slots, not 50.
*/
uint256[42] private __gap;
}
// SPDX-License-Identifier: MIT
// Taken from OZ release 4.7.3 at commit a035b235b4f2c9af4ba88edc4447f02e37f8d124
// The only modification that has been made is in the body of the `permit` function at line 83,
/// where we failover to SignatureChecker in order to handle approvals for smart contracts.
pragma solidity 0.8.19;
import "@openzeppelin/contracts-upgradeable/token/ERC20/extensions/draft-IERC20PermitUpgradeable.sol";
import "@openzeppelin/contracts-upgradeable/token/ERC20/ERC20Upgradeable.sol";
import "@openzeppelin/contracts-upgradeable/utils/cryptography/draft-EIP712Upgradeable.sol";
import "@openzeppelin/contracts-upgradeable/utils/CountersUpgradeable.sol";
import "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
import "../libraries/Permit.sol";
import "../mixins/Versioned.sol";
/**
* @dev Implementation of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
* https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
*
* Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
* presenting a message signed by the account. By not relying on `{IERC20-approve}`, the token holder account doesn't
* need to send a transaction, and thus is not required to hold Ether at all.
*
* Note: We have modified `permit` to support EIP-1271, technically violating EIP-2612.
*
* _Available since v3.4._
*
* @custom:storage-size 51
*/
abstract contract ERC20PermitUpgradeable is
Initializable,
ERC20Upgradeable,
IERC20PermitUpgradeable,
EIP712Upgradeable
{
using CountersUpgradeable for CountersUpgradeable.Counter;
mapping(address => CountersUpgradeable.Counter) private _nonces;
// solhint-disable-next-line var-name-mixedcase
bytes32 private constant _PERMIT_TYPEHASH =
keccak256(
"Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)"
);
/**
* @dev In previous versions `_PERMIT_TYPEHASH` was declared as `immutable`.
* However, to ensure consistency with the upgradeable transpiler, we will continue
* to reserve a slot.
* @custom:oz-renamed-from _PERMIT_TYPEHASH
*/
// solhint-disable-next-line var-name-mixedcase
bytes32 private _PERMIT_TYPEHASH_DEPRECATED_SLOT;
// untestable:
// `else` branch of `onlyInitializing` (ie. revert) is currently untestable.
// This function is only called inside other `init` functions, each of which is wrapped
// in an `initializer` modifier, which would fail first.
/**
* @dev Initializes the {EIP712} domain separator using the `name` parameter, and setting `version` to
* the system-wide semver release version.
*
* It's a good idea to use the same `name` that is defined as the ERC20 token name.
*/
function __ERC20Permit_init(string memory name) internal onlyInitializing {
__EIP712_init_unchained(name, VERSION);
}
// untestable:
// This is not needed in the way we handle initializations
function __ERC20Permit_init_unchained(string memory) internal onlyInitializing {}
/**
* @dev See {IERC20Permit-permit}.
*/
function permit(
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) public virtual override {
require(block.timestamp <= deadline, "ERC20Permit: expired deadline");
bytes32 structHash = keccak256(
abi.encode(_PERMIT_TYPEHASH, owner, spender, value, _useNonce(owner), deadline)
);
/// ==== MODIFICATIONS START ====
PermitLib.requireSignature(owner, _hashTypedDataV4(structHash), v, r, s);
/// ==== MODIFICATIONS END ====
_approve(owner, spender, value);
}
/**
* @dev See {IERC20Permit-nonces}.
*/
function nonces(address owner) public view virtual override returns (uint256) {
return _nonces[owner].current();
}
/**
* @dev See {IERC20Permit-DOMAIN_SEPARATOR}.
*/
// solhint-disable-next-line func-name-mixedcase
function DOMAIN_SEPARATOR() external view override returns (bytes32) {
return _domainSeparatorV4();
}
/**
* @dev "Consume a nonce": return the current value and increment.
*
* _Available since v4.1._
*/
function _useNonce(address owner) internal virtual returns (uint256 current) {
CountersUpgradeable.Counter storage nonce = _nonces[owner];
current = nonce.current();
nonce.increment();
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[48] private __gap;
}