Transaction Hash:
Block:
22998292 at Jul-25-2025 07:38:23 PM +UTC
Transaction Fee:
0.000008325904040145 ETH
$0.02
Gas Used:
30,549 Gas / 0.272542605 Gwei
Account State Difference:
| Address | Before | After | State Difference | ||
|---|---|---|---|---|---|
|
0x4838B106...B0BAD5f97
Miner
| (Titan Builder) |
16.615595978470576813 Eth
Nonce: 2560720
|
16.59660534090502983 Eth
Nonce: 2560721
| 0.018990637565546983 | |
| 0x7D16d2c4...7EcbDB48b | (Liquid Collective: Fee Recipient) | 1.073242143408024471 Eth | 1.092224455069531309 Eth | 0.018982311661506838 |
Execution Trace
ETH 0.018982311661506838
TUPProxy.CALL( )
- ETH 0.018982311661506838
ELFeeRecipientV1.DELEGATECALL( )
File 1 of 2: TUPProxy
File 2 of 2: ELFeeRecipientV1
//SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.10;
import "openzeppelin-contracts/contracts/proxy/transparent/TransparentUpgradeableProxy.sol";
/// @title TUPProxy (Transparent Upgradeable Pausable Proxy)
/// @author Kiln
/// @notice This contract extends the Transparent Upgradeable proxy and adds a system wide pause feature.
/// When the system is paused, the fallback will fail no matter what calls are made.
/// Address Zero is allowed to perform calls even if paused to allow view calls made
/// from RPC providers to properly work.
contract TUPProxy is TransparentUpgradeableProxy {
/// @notice Storage slot of the pause status value
bytes32 private constant _PAUSE_SLOT = bytes32(uint256(keccak256("river.tupproxy.pause")) - 1);
/// @notice A call happened while the system was paused
error CallWhenPaused();
/// @notice The system is now paused
/// @param admin The admin at the time of the pause event
event Paused(address admin);
/// @notice The system is now unpaused
/// @param admin The admin at the time of the unpause event
event Unpaused(address admin);
/// @dev The Admin of the proxy should not be the same as the
/// @dev admin on the implementation logics. The admin here is
/// @dev the only account allowed to perform calls on the proxy
/// @dev (the calls are never delegated to the implementation)
/// @param _logic Address of the implementation
/// @param __admin Address of the admin in charge of the proxy
/// @param _data Calldata for an atomic initialization
constructor(address _logic, address __admin, bytes memory _data)
payable
TransparentUpgradeableProxy(_logic, __admin, _data)
{}
/// @dev Retrieves Paused state
/// @return Paused state
function paused() external ifAdmin returns (bool) {
return StorageSlot.getBooleanSlot(_PAUSE_SLOT).value;
}
/// @dev Pauses system
function pause() external ifAdmin {
StorageSlot.getBooleanSlot(_PAUSE_SLOT).value = true;
emit Paused(msg.sender);
}
/// @dev Unpauses system
function unpause() external ifAdmin {
StorageSlot.getBooleanSlot(_PAUSE_SLOT).value = false;
emit Unpaused(msg.sender);
}
/// @dev Overrides the fallback method to check if system is not paused before
/// @dev Address Zero is allowed to perform calls even if system is paused. This allows
/// view functions to be called when the system is paused as rpc providers can easily
/// set the sender address to zero.
function _beforeFallback() internal override {
if (!StorageSlot.getBooleanSlot(_PAUSE_SLOT).value || msg.sender == address(0)) {
super._beforeFallback();
} else {
revert CallWhenPaused();
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (interfaces/draft-IERC1822.sol)
pragma solidity ^0.8.0;
/**
* @dev ERC1822: Universal Upgradeable Proxy Standard (UUPS) documents a method for upgradeability through a simplified
* proxy whose upgrades are fully controlled by the current implementation.
*/
interface IERC1822Proxiable {
/**
* @dev Returns the storage slot that the proxiable contract assumes is being used to store the implementation
* address.
*
* IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks
* bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this
* function revert if invoked through a proxy.
*/
function proxiableUUID() external view returns (bytes32);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (proxy/ERC1967/ERC1967Proxy.sol)
pragma solidity ^0.8.0;
import "../Proxy.sol";
import "./ERC1967Upgrade.sol";
/**
* @dev This contract implements an upgradeable proxy. It is upgradeable because calls are delegated to an
* implementation address that can be changed. This address is stored in storage in the location specified by
* https://eips.ethereum.org/EIPS/eip-1967[EIP1967], so that it doesn't conflict with the storage layout of the
* implementation behind the proxy.
*/
contract ERC1967Proxy is Proxy, ERC1967Upgrade {
/**
* @dev Initializes the upgradeable proxy with an initial implementation specified by `_logic`.
*
* If `_data` is nonempty, it's used as data in a delegate call to `_logic`. This will typically be an encoded
* function call, and allows initializing the storage of the proxy like a Solidity constructor.
*/
constructor(address _logic, bytes memory _data) payable {
_upgradeToAndCall(_logic, _data, false);
}
/**
* @dev Returns the current implementation address.
*/
function _implementation() internal view virtual override returns (address impl) {
return ERC1967Upgrade._getImplementation();
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (proxy/ERC1967/ERC1967Upgrade.sol)
pragma solidity ^0.8.2;
import "../beacon/IBeacon.sol";
import "../../interfaces/draft-IERC1822.sol";
import "../../utils/Address.sol";
import "../../utils/StorageSlot.sol";
/**
* @dev This abstract contract provides getters and event emitting update functions for
* https://eips.ethereum.org/EIPS/eip-1967[EIP1967] slots.
*
* _Available since v4.1._
*
* @custom:oz-upgrades-unsafe-allow delegatecall
*/
abstract contract ERC1967Upgrade {
// This is the keccak-256 hash of "eip1967.proxy.rollback" subtracted by 1
bytes32 private constant _ROLLBACK_SLOT = 0x4910fdfa16fed3260ed0e7147f7cc6da11a60208b5b9406d12a635614ffd9143;
/**
* @dev Storage slot with the address of the current implementation.
* This is the keccak-256 hash of "eip1967.proxy.implementation" subtracted by 1, and is
* validated in the constructor.
*/
bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
/**
* @dev Emitted when the implementation is upgraded.
*/
event Upgraded(address indexed implementation);
/**
* @dev Returns the current implementation address.
*/
function _getImplementation() internal view returns (address) {
return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
}
/**
* @dev Stores a new address in the EIP1967 implementation slot.
*/
function _setImplementation(address newImplementation) private {
require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract");
StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
}
/**
* @dev Perform implementation upgrade
*
* Emits an {Upgraded} event.
*/
function _upgradeTo(address newImplementation) internal {
_setImplementation(newImplementation);
emit Upgraded(newImplementation);
}
/**
* @dev Perform implementation upgrade with additional setup call.
*
* Emits an {Upgraded} event.
*/
function _upgradeToAndCall(
address newImplementation,
bytes memory data,
bool forceCall
) internal {
_upgradeTo(newImplementation);
if (data.length > 0 || forceCall) {
Address.functionDelegateCall(newImplementation, data);
}
}
/**
* @dev Perform implementation upgrade with security checks for UUPS proxies, and additional setup call.
*
* Emits an {Upgraded} event.
*/
function _upgradeToAndCallUUPS(
address newImplementation,
bytes memory data,
bool forceCall
) internal {
// Upgrades from old implementations will perform a rollback test. This test requires the new
// implementation to upgrade back to the old, non-ERC1822 compliant, implementation. Removing
// this special case will break upgrade paths from old UUPS implementation to new ones.
if (StorageSlot.getBooleanSlot(_ROLLBACK_SLOT).value) {
_setImplementation(newImplementation);
} else {
try IERC1822Proxiable(newImplementation).proxiableUUID() returns (bytes32 slot) {
require(slot == _IMPLEMENTATION_SLOT, "ERC1967Upgrade: unsupported proxiableUUID");
} catch {
revert("ERC1967Upgrade: new implementation is not UUPS");
}
_upgradeToAndCall(newImplementation, data, forceCall);
}
}
/**
* @dev Storage slot with the admin of the contract.
* This is the keccak-256 hash of "eip1967.proxy.admin" subtracted by 1, and is
* validated in the constructor.
*/
bytes32 internal constant _ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;
/**
* @dev Emitted when the admin account has changed.
*/
event AdminChanged(address previousAdmin, address newAdmin);
/**
* @dev Returns the current admin.
*/
function _getAdmin() internal view returns (address) {
return StorageSlot.getAddressSlot(_ADMIN_SLOT).value;
}
/**
* @dev Stores a new address in the EIP1967 admin slot.
*/
function _setAdmin(address newAdmin) private {
require(newAdmin != address(0), "ERC1967: new admin is the zero address");
StorageSlot.getAddressSlot(_ADMIN_SLOT).value = newAdmin;
}
/**
* @dev Changes the admin of the proxy.
*
* Emits an {AdminChanged} event.
*/
function _changeAdmin(address newAdmin) internal {
emit AdminChanged(_getAdmin(), newAdmin);
_setAdmin(newAdmin);
}
/**
* @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy.
* This is bytes32(uint256(keccak256('eip1967.proxy.beacon')) - 1)) and is validated in the constructor.
*/
bytes32 internal constant _BEACON_SLOT = 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50;
/**
* @dev Emitted when the beacon is upgraded.
*/
event BeaconUpgraded(address indexed beacon);
/**
* @dev Returns the current beacon.
*/
function _getBeacon() internal view returns (address) {
return StorageSlot.getAddressSlot(_BEACON_SLOT).value;
}
/**
* @dev Stores a new beacon in the EIP1967 beacon slot.
*/
function _setBeacon(address newBeacon) private {
require(Address.isContract(newBeacon), "ERC1967: new beacon is not a contract");
require(
Address.isContract(IBeacon(newBeacon).implementation()),
"ERC1967: beacon implementation is not a contract"
);
StorageSlot.getAddressSlot(_BEACON_SLOT).value = newBeacon;
}
/**
* @dev Perform beacon upgrade with additional setup call. Note: This upgrades the address of the beacon, it does
* not upgrade the implementation contained in the beacon (see {UpgradeableBeacon-_setImplementation} for that).
*
* Emits a {BeaconUpgraded} event.
*/
function _upgradeBeaconToAndCall(
address newBeacon,
bytes memory data,
bool forceCall
) internal {
_setBeacon(newBeacon);
emit BeaconUpgraded(newBeacon);
if (data.length > 0 || forceCall) {
Address.functionDelegateCall(IBeacon(newBeacon).implementation(), data);
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.6.0) (proxy/Proxy.sol)
pragma solidity ^0.8.0;
/**
* @dev This abstract contract provides a fallback function that delegates all calls to another contract using the EVM
* instruction `delegatecall`. We refer to the second contract as the _implementation_ behind the proxy, and it has to
* be specified by overriding the virtual {_implementation} function.
*
* Additionally, delegation to the implementation can be triggered manually through the {_fallback} function, or to a
* different contract through the {_delegate} function.
*
* The success and return data of the delegated call will be returned back to the caller of the proxy.
*/
abstract contract Proxy {
/**
* @dev Delegates the current call to `implementation`.
*
* This function does not return to its internal call site, it will return directly to the external caller.
*/
function _delegate(address implementation) internal virtual {
assembly {
// Copy msg.data. We take full control of memory in this inline assembly
// block because it will not return to Solidity code. We overwrite the
// Solidity scratch pad at memory position 0.
calldatacopy(0, 0, calldatasize())
// Call the implementation.
// out and outsize are 0 because we don't know the size yet.
let result := delegatecall(gas(), implementation, 0, calldatasize(), 0, 0)
// Copy the returned data.
returndatacopy(0, 0, returndatasize())
switch result
// delegatecall returns 0 on error.
case 0 {
revert(0, returndatasize())
}
default {
return(0, returndatasize())
}
}
}
/**
* @dev This is a virtual function that should be overridden so it returns the address to which the fallback function
* and {_fallback} should delegate.
*/
function _implementation() internal view virtual returns (address);
/**
* @dev Delegates the current call to the address returned by `_implementation()`.
*
* This function does not return to its internal call site, it will return directly to the external caller.
*/
function _fallback() internal virtual {
_beforeFallback();
_delegate(_implementation());
}
/**
* @dev Fallback function that delegates calls to the address returned by `_implementation()`. Will run if no other
* function in the contract matches the call data.
*/
fallback() external payable virtual {
_fallback();
}
/**
* @dev Fallback function that delegates calls to the address returned by `_implementation()`. Will run if call data
* is empty.
*/
receive() external payable virtual {
_fallback();
}
/**
* @dev Hook that is called before falling back to the implementation. Can happen as part of a manual `_fallback`
* call, or as part of the Solidity `fallback` or `receive` functions.
*
* If overridden should call `super._beforeFallback()`.
*/
function _beforeFallback() internal virtual {}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (proxy/beacon/IBeacon.sol)
pragma solidity ^0.8.0;
/**
* @dev This is the interface that {BeaconProxy} expects of its beacon.
*/
interface IBeacon {
/**
* @dev Must return an address that can be used as a delegate call target.
*
* {BeaconProxy} will check that this address is a contract.
*/
function implementation() external view returns (address);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (proxy/transparent/TransparentUpgradeableProxy.sol)
pragma solidity ^0.8.0;
import "../ERC1967/ERC1967Proxy.sol";
/**
* @dev This contract implements a proxy that is upgradeable by an admin.
*
* To avoid https://medium.com/nomic-labs-blog/malicious-backdoors-in-ethereum-proxies-62629adf3357[proxy selector
* clashing], which can potentially be used in an attack, this contract uses the
* https://blog.openzeppelin.com/the-transparent-proxy-pattern/[transparent proxy pattern]. This pattern implies two
* things that go hand in hand:
*
* 1. If any account other than the admin calls the proxy, the call will be forwarded to the implementation, even if
* that call matches one of the admin functions exposed by the proxy itself.
* 2. If the admin calls the proxy, it can access the admin functions, but its calls will never be forwarded to the
* implementation. If the admin tries to call a function on the implementation it will fail with an error that says
* "admin cannot fallback to proxy target".
*
* These properties mean that the admin account can only be used for admin actions like upgrading the proxy or changing
* the admin, so it's best if it's a dedicated account that is not used for anything else. This will avoid headaches due
* to sudden errors when trying to call a function from the proxy implementation.
*
* Our recommendation is for the dedicated account to be an instance of the {ProxyAdmin} contract. If set up this way,
* you should think of the `ProxyAdmin` instance as the real administrative interface of your proxy.
*/
contract TransparentUpgradeableProxy is ERC1967Proxy {
/**
* @dev Initializes an upgradeable proxy managed by `_admin`, backed by the implementation at `_logic`, and
* optionally initialized with `_data` as explained in {ERC1967Proxy-constructor}.
*/
constructor(
address _logic,
address admin_,
bytes memory _data
) payable ERC1967Proxy(_logic, _data) {
_changeAdmin(admin_);
}
/**
* @dev Modifier used internally that will delegate the call to the implementation unless the sender is the admin.
*/
modifier ifAdmin() {
if (msg.sender == _getAdmin()) {
_;
} else {
_fallback();
}
}
/**
* @dev Returns the current admin.
*
* NOTE: Only the admin can call this function. See {ProxyAdmin-getProxyAdmin}.
*
* TIP: To get this value clients can read directly from the storage slot shown below (specified by EIP1967) using the
* https://eth.wiki/json-rpc/API#eth_getstorageat[`eth_getStorageAt`] RPC call.
* `0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103`
*/
function admin() external ifAdmin returns (address admin_) {
admin_ = _getAdmin();
}
/**
* @dev Returns the current implementation.
*
* NOTE: Only the admin can call this function. See {ProxyAdmin-getProxyImplementation}.
*
* TIP: To get this value clients can read directly from the storage slot shown below (specified by EIP1967) using the
* https://eth.wiki/json-rpc/API#eth_getstorageat[`eth_getStorageAt`] RPC call.
* `0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc`
*/
function implementation() external ifAdmin returns (address implementation_) {
implementation_ = _implementation();
}
/**
* @dev Changes the admin of the proxy.
*
* Emits an {AdminChanged} event.
*
* NOTE: Only the admin can call this function. See {ProxyAdmin-changeProxyAdmin}.
*/
function changeAdmin(address newAdmin) external virtual ifAdmin {
_changeAdmin(newAdmin);
}
/**
* @dev Upgrade the implementation of the proxy.
*
* NOTE: Only the admin can call this function. See {ProxyAdmin-upgrade}.
*/
function upgradeTo(address newImplementation) external ifAdmin {
_upgradeToAndCall(newImplementation, bytes(""), false);
}
/**
* @dev Upgrade the implementation of the proxy, and then call a function from the new implementation as specified
* by `data`, which should be an encoded function call. This is useful to initialize new storage variables in the
* proxied contract.
*
* NOTE: Only the admin can call this function. See {ProxyAdmin-upgradeAndCall}.
*/
function upgradeToAndCall(address newImplementation, bytes calldata data) external payable ifAdmin {
_upgradeToAndCall(newImplementation, data, true);
}
/**
* @dev Returns the current admin.
*/
function _admin() internal view virtual returns (address) {
return _getAdmin();
}
/**
* @dev Makes sure the admin cannot access the fallback function. See {Proxy-_beforeFallback}.
*/
function _beforeFallback() internal virtual override {
require(msg.sender != _getAdmin(), "TransparentUpgradeableProxy: admin cannot fallback to proxy target");
super._beforeFallback();
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (utils/Address.sol)
pragma solidity ^0.8.1;
/**
* @dev Collection of functions related to the address type
*/
library Address {
/**
* @dev Returns true if `account` is a contract.
*
* [IMPORTANT]
* ====
* It is unsafe to assume that an address for which this function returns
* false is an externally-owned account (EOA) and not a contract.
*
* Among others, `isContract` will return false for the following
* types of addresses:
*
* - an externally-owned account
* - a contract in construction
* - an address where a contract will be created
* - an address where a contract lived, but was destroyed
* ====
*
* [IMPORTANT]
* ====
* You shouldn't rely on `isContract` to protect against flash loan attacks!
*
* Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
* like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
* constructor.
* ====
*/
function isContract(address account) internal view returns (bool) {
// This method relies on extcodesize/address.code.length, which returns 0
// for contracts in construction, since the code is only stored at the end
// of the constructor execution.
return account.code.length > 0;
}
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
require(address(this).balance >= amount, "Address: insufficient balance");
(bool success, ) = recipient.call{value: amount}("");
require(success, "Address: unable to send value, recipient may have reverted");
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason, it is bubbled up by this
* function (like regular Solidity function calls).
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*
* _Available since v3.1._
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCall(target, data, "Address: low-level call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
* `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value
) internal returns (bytes memory) {
return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
}
/**
* @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
* with `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value,
string memory errorMessage
) internal returns (bytes memory) {
require(address(this).balance >= value, "Address: insufficient balance for call");
require(isContract(target), "Address: call to non-contract");
(bool success, bytes memory returndata) = target.call{value: value}(data);
return verifyCallResult(success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
return functionStaticCall(target, data, "Address: low-level static call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(
address target,
bytes memory data,
string memory errorMessage
) internal view returns (bytes memory) {
require(isContract(target), "Address: static call to non-contract");
(bool success, bytes memory returndata) = target.staticcall(data);
return verifyCallResult(success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
return functionDelegateCall(target, data, "Address: low-level delegate call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
require(isContract(target), "Address: delegate call to non-contract");
(bool success, bytes memory returndata) = target.delegatecall(data);
return verifyCallResult(success, returndata, errorMessage);
}
/**
* @dev Tool to verifies that a low level call was successful, and revert if it wasn't, either by bubbling the
* revert reason using the provided one.
*
* _Available since v4.3._
*/
function verifyCallResult(
bool success,
bytes memory returndata,
string memory errorMessage
) internal pure returns (bytes memory) {
if (success) {
return returndata;
} else {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly
/// @solidity memory-safe-assembly
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert(errorMessage);
}
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (utils/StorageSlot.sol)
pragma solidity ^0.8.0;
/**
* @dev Library for reading and writing primitive types to specific storage slots.
*
* Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.
* This library helps with reading and writing to such slots without the need for inline assembly.
*
* The functions in this library return Slot structs that contain a `value` member that can be used to read or write.
*
* Example usage to set ERC1967 implementation slot:
* ```
* contract ERC1967 {
* bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
*
* function _getImplementation() internal view returns (address) {
* return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
* }
*
* function _setImplementation(address newImplementation) internal {
* require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract");
* StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
* }
* }
* ```
*
* _Available since v4.1 for `address`, `bool`, `bytes32`, and `uint256`._
*/
library StorageSlot {
struct AddressSlot {
address value;
}
struct BooleanSlot {
bool value;
}
struct Bytes32Slot {
bytes32 value;
}
struct Uint256Slot {
uint256 value;
}
/**
* @dev Returns an `AddressSlot` with member `value` located at `slot`.
*/
function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `BooleanSlot` with member `value` located at `slot`.
*/
function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Bytes32Slot` with member `value` located at `slot`.
*/
function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Uint256Slot` with member `value` located at `slot`.
*/
function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
}
File 2 of 2: ELFeeRecipientV1
//SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.20;
import "./interfaces/IRiver.1.sol";
import "./interfaces/IELFeeRecipient.1.sol";
import "./interfaces/IProtocolVersion.sol";
import "./libraries/LibUint256.sol";
import "./Initializable.sol";
import "./state/shared/RiverAddress.sol";
/// @title Execution Layer Fee Recipient (v1)
/// @author Alluvial Finance Inc.
/// @notice This contract receives all the execution layer fees from the proposed blocks + bribes
contract ELFeeRecipientV1 is Initializable, IELFeeRecipientV1, IProtocolVersion {
/// @inheritdoc IELFeeRecipientV1
function initELFeeRecipientV1(address _riverAddress) external init(0) {
RiverAddress.set(_riverAddress);
emit SetRiver(_riverAddress);
}
/// @inheritdoc IELFeeRecipientV1
function pullELFees(uint256 _maxAmount) external {
address river = RiverAddress.get();
if (msg.sender != river) {
revert LibErrors.Unauthorized(msg.sender);
}
uint256 amount = LibUint256.min(_maxAmount, address(this).balance);
if (amount > 0) {
IRiverV1(payable(river)).sendELFees{value: amount}();
}
}
/// @inheritdoc IELFeeRecipientV1
receive() external payable {
this;
}
/// @inheritdoc IELFeeRecipientV1
fallback() external payable {
revert InvalidCall();
}
function version() external pure returns (string memory) {
return "1.2.1";
}
}
//SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.20;
import "./state/shared/Version.sol";
/// @title Initializable
/// @author Alluvial Finance Inc.
/// @notice This contract ensures that initializers are called only once per version
contract Initializable {
/// @notice Disable initialization on implementations
constructor() {
Version.set(type(uint256).max);
emit Initialize(type(uint256).max, msg.data);
}
/// @notice An error occured during the initialization
/// @param version The version that was attempting to be initialized
/// @param expectedVersion The version that was expected
error InvalidInitialization(uint256 version, uint256 expectedVersion);
/// @notice Emitted when the contract is properly initialized
/// @param version New version of the contracts
/// @param cdata Complete calldata that was used during the initialization
event Initialize(uint256 version, bytes cdata);
/// @notice Use this modifier on initializers along with a hard-coded version number
/// @param _version Version to initialize
modifier init(uint256 _version) {
if (_version != Version.get()) {
revert InvalidInitialization(_version, Version.get());
}
Version.set(_version + 1); // prevents reentrency on the called method
_;
emit Initialize(_version, msg.data);
}
}
//SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.20;
/// @title Consensys Layer Deposit Manager Interface (v1)
/// @author Alluvial Finance Inc.
/// @notice This interface exposes methods to handle the interactions with the official deposit contract
interface IConsensusLayerDepositManagerV1 {
/// @notice The stored deposit contract address changed
/// @param depositContract Address of the deposit contract
event SetDepositContractAddress(address indexed depositContract);
/// @notice The stored withdrawal credentials changed
/// @param withdrawalCredentials The withdrawal credentials to use for deposits
event SetWithdrawalCredentials(bytes32 withdrawalCredentials);
/// @notice Emitted when the deposited validator count is updated
/// @param oldDepositedValidatorCount The old deposited validator count value
/// @param newDepositedValidatorCount The new deposited validator count value
event SetDepositedValidatorCount(uint256 oldDepositedValidatorCount, uint256 newDepositedValidatorCount);
/// @notice Not enough funds to deposit one validator
error NotEnoughFunds();
/// @notice The length of the BLS Public key is invalid during deposit
error InconsistentPublicKeys();
/// @notice The length of the BLS Signature is invalid during deposit
error InconsistentSignatures();
/// @notice The internal key retrieval returned no keys
error NoAvailableValidatorKeys();
/// @notice The received count of public keys to deposit is invalid
error InvalidPublicKeyCount();
/// @notice The received count of signatures to deposit is invalid
error InvalidSignatureCount();
/// @notice The withdrawal credentials value is null
error InvalidWithdrawalCredentials();
/// @notice An error occured during the deposit
error ErrorOnDeposit();
/// @notice Invalid deposit root
error InvalidDepositRoot();
// @notice Not keeper
error OnlyKeeper();
/// @notice Returns the amount of ETH not yet committed for deposit
/// @return The amount of ETH not yet committed for deposit
function getBalanceToDeposit() external view returns (uint256);
/// @notice Returns the amount of ETH committed for deposit
/// @return The amount of ETH committed for deposit
function getCommittedBalance() external view returns (uint256);
/// @notice Retrieve the withdrawal credentials
/// @return The withdrawal credentials
function getWithdrawalCredentials() external view returns (bytes32);
/// @notice Get the deposited validator count (the count of deposits made by the contract)
/// @return The deposited validator count
function getDepositedValidatorCount() external view returns (uint256);
/// @notice Get the keeper address
/// @return The keeper address
function getKeeper() external view returns (address);
/// @notice Deposits current balance to the Consensus Layer by batches of 32 ETH
/// @param _maxCount The maximum amount of validator keys to fund
/// @param _depositRoot The root of the deposit tree
function depositToConsensusLayerWithDepositRoot(uint256 _maxCount, bytes32 _depositRoot) external;
}
//SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.20;
import "../../state/river/CLSpec.sol";
import "../../state/river/ReportBounds.sol";
/// @title Oracle Manager (v1)
/// @author Alluvial Finance Inc.
/// @notice This interface exposes methods to handle the inputs provided by the oracle
interface IOracleManagerV1 {
/// @notice The stored oracle address changed
/// @param oracleAddress The new oracle address
event SetOracle(address indexed oracleAddress);
/// @notice The consensus layer data provided by the oracle has been updated
/// @param validatorCount The new count of validators running on the consensus layer
/// @param validatorTotalBalance The new total balance sum of all validators
/// @param roundId Round identifier
event ConsensusLayerDataUpdate(uint256 validatorCount, uint256 validatorTotalBalance, bytes32 roundId);
/// @notice The Consensus Layer Spec is changed
/// @param epochsPerFrame The number of epochs inside a frame
/// @param slotsPerEpoch The number of slots inside an epoch
/// @param secondsPerSlot The number of seconds inside a slot
/// @param genesisTime The genesis timestamp
/// @param epochsToAssumedFinality The number of epochs before an epoch is considered final
event SetSpec(
uint64 epochsPerFrame,
uint64 slotsPerEpoch,
uint64 secondsPerSlot,
uint64 genesisTime,
uint64 epochsToAssumedFinality
);
/// @notice The Report Bounds are changed
/// @param annualAprUpperBound The reporting upper bound
/// @param relativeLowerBound The reporting lower bound
event SetBounds(uint256 annualAprUpperBound, uint256 relativeLowerBound);
/// @notice The provided report has beend processed
/// @param report The report that was provided
/// @param trace The trace structure providing more insights on internals
event ProcessedConsensusLayerReport(
IOracleManagerV1.ConsensusLayerReport report, ConsensusLayerDataReportingTrace trace
);
/// @notice The reported validator count is invalid
/// @param providedValidatorCount The received validator count value
/// @param depositedValidatorCount The number of deposits performed by the system
/// @param lastReportedValidatorCount The last reported validator count
error InvalidValidatorCountReport(
uint256 providedValidatorCount, uint256 depositedValidatorCount, uint256 lastReportedValidatorCount
);
/// @notice Thrown when an invalid epoch was reported
/// @param epoch Invalid epoch
error InvalidEpoch(uint256 epoch);
/// @notice The balance increase is higher than the maximum allowed by the upper bound
/// @param prevTotalEthIncludingExited The previous total balance, including all exited balance
/// @param postTotalEthIncludingExited The post-report total balance, including all exited balance
/// @param timeElapsed The time in seconds since last report
/// @param annualAprUpperBound The upper bound value that was used
error TotalValidatorBalanceIncreaseOutOfBound(
uint256 prevTotalEthIncludingExited,
uint256 postTotalEthIncludingExited,
uint256 timeElapsed,
uint256 annualAprUpperBound
);
/// @notice The balance decrease is higher than the maximum allowed by the lower bound
/// @param prevTotalEthIncludingExited The previous total balance, including all exited balance
/// @param postTotalEthIncludingExited The post-report total balance, including all exited balance
/// @param timeElapsed The time in seconds since last report
/// @param relativeLowerBound The lower bound value that was used
error TotalValidatorBalanceDecreaseOutOfBound(
uint256 prevTotalEthIncludingExited,
uint256 postTotalEthIncludingExited,
uint256 timeElapsed,
uint256 relativeLowerBound
);
/// @notice The total exited balance decreased
/// @param currentValidatorsExitedBalance The current exited balance
/// @param newValidatorsExitedBalance The new exited balance
error InvalidDecreasingValidatorsExitedBalance(
uint256 currentValidatorsExitedBalance, uint256 newValidatorsExitedBalance
);
/// @notice The total skimmed balance decreased
/// @param currentValidatorsSkimmedBalance The current exited balance
/// @param newValidatorsSkimmedBalance The new exited balance
error InvalidDecreasingValidatorsSkimmedBalance(
uint256 currentValidatorsSkimmedBalance, uint256 newValidatorsSkimmedBalance
);
/// @notice Trace structure emitted via logs during reporting
struct ConsensusLayerDataReportingTrace {
uint256 rewards;
uint256 pulledELFees;
uint256 pulledRedeemManagerExceedingEthBuffer;
uint256 pulledCoverageFunds;
}
/// @notice The format of the oracle report
struct ConsensusLayerReport {
// this is the epoch at which the report was performed
// data should be fetched up to the state of this epoch by the oracles
uint256 epoch;
// the sum of all the validator balances on the consensus layer
// when a validator enters the exit queue, the validator is considered stopped, its balance is accounted in both validatorsExitingBalance and validatorsBalance
// when a validator leaves the exit queue and the funds are sweeped onto the execution layer, the balance is only accounted in validatorsExitedBalance and not in validatorsBalance
// this value can decrease between reports
uint256 validatorsBalance;
// the sum of all the skimmings performed on the validators
// these values can be found in the execution layer block bodies under the withdrawals field
// a withdrawal is considered skimming if
// - the epoch at which it happened is < validator.withdrawableEpoch
// - the epoch at which it happened is >= validator.withdrawableEpoch and in that case we only account for what would be above 32 eth as skimming
// this value cannot decrease over reports
uint256 validatorsSkimmedBalance;
// the sum of all the exits performed on the validators
// these values can be found in the execution layer block bodies under the withdrawals field
// a withdrawal is considered exit if
// - the epoch at which it happened is >= validator.withdrawableEpoch and in that case we only account for what would be <= 32 eth as exit
// this value cannot decrease over reports
uint256 validatorsExitedBalance;
// the sum of all the exiting balance, which is all the validators on their way to get sweeped and exited
// this includes voluntary exits and slashings
// this value can decrease between reports
uint256 validatorsExitingBalance;
// the count of activated validators
// even validators that are exited are still accounted
// this value cannot decrease over reports
uint32 validatorsCount;
// an array containing the count of stopped validators per operator
// the first element of the array is the sum of all stopped validators
// then index 1 would be operator 0
// these values cannot decrease over reports
uint32[] stoppedValidatorCountPerOperator;
// flag enabled by the oracles when the buffer rebalancing is activated
// the activation logic is written in the oracle specification and all oracle members must agree on the activation
// when active, the eth in the deposit buffer can be used to pay for exits in the redeem manager
bool rebalanceDepositToRedeemMode;
// flag enabled by the oracles when the slashing containment is activated
// the activation logic is written in the oracle specification and all oracle members must agree on the activation
// This flag is activated when a pre-defined threshold of slashed validators in our set of validators is reached
// This flag is deactivated when a bottom threshold is met, this means that when we reach the upper threshold and activate the flag, we will deactivate it when we reach the bottom threshold and not before
// when active, no more validator exits can be requested by the protocol
bool slashingContainmentMode;
}
/// @notice The format of the oracle report in storage
/// @notice These fields have the exact same function as the ones in ConsensusLayerReport, but this struct is optimized for storage
struct StoredConsensusLayerReport {
uint256 epoch;
uint256 validatorsBalance;
uint256 validatorsSkimmedBalance;
uint256 validatorsExitedBalance;
uint256 validatorsExitingBalance;
uint32 validatorsCount;
bool rebalanceDepositToRedeemMode;
bool slashingContainmentMode;
}
/// @notice Get oracle address
/// @return The oracle address
function getOracle() external view returns (address);
/// @notice Get CL validator total balance
/// @return The CL Validator total balance
function getCLValidatorTotalBalance() external view returns (uint256);
/// @notice Get CL validator count (the amount of validator reported by the oracles)
/// @return The CL validator count
function getCLValidatorCount() external view returns (uint256);
/// @notice Verifies if the provided epoch is valid
/// @param epoch The epoch to lookup
/// @return True if valid
function isValidEpoch(uint256 epoch) external view returns (bool);
/// @notice Retrieve the block timestamp
/// @return The current timestamp from the EVM context
function getTime() external view returns (uint256);
/// @notice Retrieve expected epoch id
/// @return The current expected epoch id
function getExpectedEpochId() external view returns (uint256);
/// @notice Retrieve the last completed epoch id
/// @return The last completed epoch id
function getLastCompletedEpochId() external view returns (uint256);
/// @notice Retrieve the current epoch id based on block timestamp
/// @return The current epoch id
function getCurrentEpochId() external view returns (uint256);
/// @notice Retrieve the current cl spec
/// @return The Consensus Layer Specification
function getCLSpec() external view returns (CLSpec.CLSpecStruct memory);
/// @notice Retrieve the current frame details
/// @return _startEpochId The epoch at the beginning of the frame
/// @return _startTime The timestamp of the beginning of the frame in seconds
/// @return _endTime The timestamp of the end of the frame in seconds
function getCurrentFrame() external view returns (uint256 _startEpochId, uint256 _startTime, uint256 _endTime);
/// @notice Retrieve the first epoch id of the frame of the provided epoch id
/// @param _epochId Epoch id used to get the frame
/// @return The first epoch id of the frame containing the given epoch id
function getFrameFirstEpochId(uint256 _epochId) external view returns (uint256);
/// @notice Retrieve the report bounds
/// @return The report bounds
function getReportBounds() external view returns (ReportBounds.ReportBoundsStruct memory);
/// @notice Retrieve the last consensus layer report
/// @return The stored consensus layer report
function getLastConsensusLayerReport() external view returns (IOracleManagerV1.StoredConsensusLayerReport memory);
/// @notice Set the oracle address
/// @param _oracleAddress Address of the oracle
function setOracle(address _oracleAddress) external;
/// @notice Set the consensus layer spec
/// @param _newValue The new consensus layer spec value
function setCLSpec(CLSpec.CLSpecStruct calldata _newValue) external;
/// @notice Set the report bounds
/// @param _newValue The new report bounds value
function setReportBounds(ReportBounds.ReportBoundsStruct calldata _newValue) external;
/// @notice Performs all the reporting logics
/// @param _report The consensus layer report structure
function setConsensusLayerData(ConsensusLayerReport calldata _report) external;
}
//SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.20;
import "openzeppelin-contracts/contracts/token/ERC20/IERC20.sol";
/// @title Shares Manager Interface (v1)
/// @author Alluvial Finance Inc.
/// @notice This interface exposes methods to handle the shares of the depositor and the ERC20 interface
interface ISharesManagerV1 is IERC20 {
/// @notice Emitted when the total supply is changed
event SetTotalSupply(uint256 totalSupply);
/// @notice Balance too low to perform operation
error BalanceTooLow();
/// @notice Allowance too low to perform operation
/// @param _from Account where funds are sent from
/// @param _operator Account attempting the transfer
/// @param _allowance Current allowance
/// @param _value Requested transfer value in shares
error AllowanceTooLow(address _from, address _operator, uint256 _allowance, uint256 _value);
/// @notice Invalid empty transfer
error NullTransfer();
/// @notice Invalid transfer recipients
/// @param _from Account sending the funds in the invalid transfer
/// @param _to Account receiving the funds in the invalid transfer
error UnauthorizedTransfer(address _from, address _to);
/// @notice Retrieve the token name
/// @return The token name
function name() external pure returns (string memory);
/// @notice Retrieve the token symbol
/// @return The token symbol
function symbol() external pure returns (string memory);
/// @notice Retrieve the decimal count
/// @return The decimal count
function decimals() external pure returns (uint8);
/// @notice Retrieve the total token supply
/// @return The total supply in shares
function totalSupply() external view returns (uint256);
/// @notice Retrieve the total underlying asset supply
/// @return The total underlying asset supply
function totalUnderlyingSupply() external view returns (uint256);
/// @notice Retrieve the balance of an account
/// @param _owner Address to be checked
/// @return The balance of the account in shares
function balanceOf(address _owner) external view returns (uint256);
/// @notice Retrieve the underlying asset balance of an account
/// @param _owner Address to be checked
/// @return The underlying balance of the account
function balanceOfUnderlying(address _owner) external view returns (uint256);
/// @notice Retrieve the underlying asset balance from an amount of shares
/// @param _shares Amount of shares to convert
/// @return The underlying asset balance represented by the shares
function underlyingBalanceFromShares(uint256 _shares) external view returns (uint256);
/// @notice Retrieve the shares count from an underlying asset amount
/// @param _underlyingAssetAmount Amount of underlying asset to convert
/// @return The amount of shares worth the underlying asset amopunt
function sharesFromUnderlyingBalance(uint256 _underlyingAssetAmount) external view returns (uint256);
/// @notice Retrieve the allowance value for a spender
/// @param _owner Address that issued the allowance
/// @param _spender Address that received the allowance
/// @return The allowance in shares for a given spender
function allowance(address _owner, address _spender) external view returns (uint256);
/// @notice Performs a transfer from the message sender to the provided account
/// @param _to Address receiving the tokens
/// @param _value Amount of shares to be sent
/// @return True if success
function transfer(address _to, uint256 _value) external returns (bool);
/// @notice Performs a transfer between two recipients
/// @param _from Address sending the tokens
/// @param _to Address receiving the tokens
/// @param _value Amount of shares to be sent
/// @return True if success
function transferFrom(address _from, address _to, uint256 _value) external returns (bool);
/// @notice Approves an account for future spendings
/// @dev An approved account can use transferFrom to transfer funds on behalf of the token owner
/// @param _spender Address that is allowed to spend the tokens
/// @param _value The allowed amount in shares, will override previous value
/// @return True if success
function approve(address _spender, uint256 _value) external returns (bool);
/// @notice Increase allowance to another account
/// @param _spender Spender that receives the allowance
/// @param _additionalValue Amount of shares to add
/// @return True if success
function increaseAllowance(address _spender, uint256 _additionalValue) external returns (bool);
/// @notice Decrease allowance to another account
/// @param _spender Spender that receives the allowance
/// @param _subtractableValue Amount of shares to subtract
/// @return True if success
function decreaseAllowance(address _spender, uint256 _subtractableValue) external returns (bool);
}
//SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.20;
/// @title User Deposit Manager (v1)
/// @author Alluvial Finance Inc.
/// @notice This interface exposes methods to handle the inbound transfers cases or the explicit submissions
interface IUserDepositManagerV1 {
/// @notice User deposited ETH in the system
/// @param depositor Address performing the deposit
/// @param recipient Address receiving the minted shares
/// @param amount Amount in ETH deposited
event UserDeposit(address indexed depositor, address indexed recipient, uint256 amount);
/// @notice And empty deposit attempt was made
error EmptyDeposit();
/// @notice Explicit deposit method to mint on msg.sender
function deposit() external payable;
/// @notice Explicit deposit method to mint on msg.sender and transfer to _recipient
/// @param _recipient Address receiving the minted LsETH
function depositAndTransfer(address _recipient) external payable;
/// @notice Implicit deposit method, when the user performs a regular transfer to the contract
receive() external payable;
/// @notice Invalid call, when the user sends a transaction with a data payload but no method matched
fallback() external payable;
}
//SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.20;
/// @title Execution Layer Fee Recipient Interface (v1)
/// @author Alluvial Finance Inc.
/// @notice This interface exposes methods to receive all the execution layer fees from the proposed blocks + bribes
interface IELFeeRecipientV1 {
/// @notice The storage river address has changed
/// @param river The new river address
event SetRiver(address indexed river);
/// @notice The fallback has been triggered
error InvalidCall();
/// @notice Initialize the fee recipient with the required arguments
/// @param _riverAddress Address of River
function initELFeeRecipientV1(address _riverAddress) external;
/// @notice Pulls ETH to the River contract
/// @dev Only callable by the River contract
/// @param _maxAmount The maximum amount to pull into the system
function pullELFees(uint256 _maxAmount) external;
/// @notice Ether receiver
receive() external payable;
/// @notice Invalid fallback detector
fallback() external payable;
}
//SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.20;
interface IProtocolVersion {
/// @notice Retrieves the version of the contract
/// @return Version of the contract
function version() external pure returns (string memory);
}
//SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.20;
import "../state/river/DailyCommittableLimits.sol";
import "./components/IConsensusLayerDepositManager.1.sol";
import "./components/IOracleManager.1.sol";
import "./components/ISharesManager.1.sol";
import "./components/IUserDepositManager.1.sol";
/// @title River Interface (v1)
/// @author Alluvial Finance Inc.
/// @notice The main system interface
interface IRiverV1 is IConsensusLayerDepositManagerV1, IUserDepositManagerV1, ISharesManagerV1, IOracleManagerV1 {
/// @notice Funds have been pulled from the Execution Layer Fee Recipient
/// @param amount The amount pulled
event PulledELFees(uint256 amount);
/// @notice Funds have been pulled from the Coverage Fund
/// @param amount The amount pulled
event PulledCoverageFunds(uint256 amount);
/// @notice Emitted when funds are pulled from the redeem manager
/// @param amount The amount pulled
event PulledRedeemManagerExceedingEth(uint256 amount);
/// @notice Emitted when funds are pulled from the CL recipient
/// @param pulledSkimmedEthAmount The amount of skimmed ETH pulled
/// @param pullExitedEthAmount The amount of exited ETH pulled
event PulledCLFunds(uint256 pulledSkimmedEthAmount, uint256 pullExitedEthAmount);
/// @notice The stored Execution Layer Fee Recipient has been changed
/// @param elFeeRecipient The new Execution Layer Fee Recipient
event SetELFeeRecipient(address indexed elFeeRecipient);
/// @notice The stored Coverage Fund has been changed
/// @param coverageFund The new Coverage Fund
event SetCoverageFund(address indexed coverageFund);
/// @notice The stored Collector has been changed
/// @param collector The new Collector
event SetCollector(address indexed collector);
/// @notice The stored Allowlist has been changed
/// @param allowlist The new Allowlist
event SetAllowlist(address indexed allowlist);
/// @notice The stored Global Fee has been changed
/// @param fee The new Global Fee
event SetGlobalFee(uint256 fee);
/// @notice The stored Operators Registry has been changed
/// @param operatorRegistry The new Operators Registry
event SetOperatorsRegistry(address indexed operatorRegistry);
/// @notice The stored Metadata URI string has been changed
/// @param metadataURI The new Metadata URI string
event SetMetadataURI(string metadataURI);
/// @notice The system underlying supply increased. This is a snapshot of the balances for accounting purposes
/// @param _collector The address of the collector during this event
/// @param _oldTotalUnderlyingBalance Old total ETH balance under management by River
/// @param _oldTotalSupply Old total supply in shares
/// @param _newTotalUnderlyingBalance New total ETH balance under management by River
/// @param _newTotalSupply New total supply in shares
event RewardsEarned(
address indexed _collector,
uint256 _oldTotalUnderlyingBalance,
uint256 _oldTotalSupply,
uint256 _newTotalUnderlyingBalance,
uint256 _newTotalSupply
);
/// @notice Emitted when the daily committable limits are changed
/// @param minNetAmount The minimum amount that must be used as the daily committable amount
/// @param maxRelativeAmount The maximum amount that can be used as the daily committable amount, relative to the total underlying supply
event SetMaxDailyCommittableAmounts(uint256 minNetAmount, uint256 maxRelativeAmount);
/// @notice Emitted when the redeem manager address is changed
/// @param redeemManager The address of the redeem manager
event SetRedeemManager(address redeemManager);
/// @notice Emitted when the balance to deposit is updated
/// @param oldAmount The old balance to deposit
/// @param newAmount The new balance to deposit
event SetBalanceToDeposit(uint256 oldAmount, uint256 newAmount);
/// @notice Emitted when the balance to redeem is updated
/// @param oldAmount The old balance to redeem
/// @param newAmount The new balance to redeem
event SetBalanceToRedeem(uint256 oldAmount, uint256 newAmount);
/// @notice Emitted when the balance committed to deposit
/// @param oldAmount The old balance committed to deposit
/// @param newAmount The new balance committed to deposit
event SetBalanceCommittedToDeposit(uint256 oldAmount, uint256 newAmount);
/// @notice Emitted when the redeem manager received a withdraw event report
/// @param redeemManagerDemand The total demand in LsETH of the redeem manager
/// @param suppliedRedeemManagerDemand The amount of LsETH demand actually supplied
/// @param suppliedRedeemManagerDemandInEth The amount in ETH of the supplied demand
event ReportedRedeemManager(
uint256 redeemManagerDemand, uint256 suppliedRedeemManagerDemand, uint256 suppliedRedeemManagerDemandInEth
);
/// @notice Thrown when the amount received from the Withdraw contract doe not match the requested amount
/// @param requested The amount that was requested
/// @param received The amount that was received
error InvalidPulledClFundsAmount(uint256 requested, uint256 received);
/// @notice The computed amount of shares to mint is 0
error ZeroMintedShares();
/// @notice The access was denied
/// @param account The account that was denied
error Denied(address account);
/// @notice Initializes the River system
/// @param _depositContractAddress Address to make Consensus Layer deposits
/// @param _elFeeRecipientAddress Address that receives the execution layer fees
/// @param _withdrawalCredentials Credentials to use for every validator deposit
/// @param _oracleAddress The address of the Oracle contract
/// @param _systemAdministratorAddress Administrator address
/// @param _allowlistAddress Address of the allowlist contract
/// @param _operatorRegistryAddress Address of the operator registry
/// @param _collectorAddress Address receiving the the global fee on revenue
/// @param _globalFee Amount retained when the ETH balance increases and sent to the collector
function initRiverV1(
address _depositContractAddress,
address _elFeeRecipientAddress,
bytes32 _withdrawalCredentials,
address _oracleAddress,
address _systemAdministratorAddress,
address _allowlistAddress,
address _operatorRegistryAddress,
address _collectorAddress,
uint256 _globalFee
) external;
/// @notice Initialized version 1.1 of the River System
/// @param _redeemManager The redeem manager address
/// @param _epochsPerFrame The amounts of epochs in a frame
/// @param _slotsPerEpoch The slots inside an epoch
/// @param _secondsPerSlot The seconds inside a slot
/// @param _genesisTime The genesis timestamp
/// @param _epochsToAssumedFinality The number of epochs before an epoch is considered final on-chain
/// @param _annualAprUpperBound The reporting upper bound
/// @param _relativeLowerBound The reporting lower bound
/// @param _maxDailyNetCommittableAmount_ The net daily committable limit
/// @param _maxDailyRelativeCommittableAmount_ The relative daily committable limit
function initRiverV1_1(
address _redeemManager,
uint64 _epochsPerFrame,
uint64 _slotsPerEpoch,
uint64 _secondsPerSlot,
uint64 _genesisTime,
uint64 _epochsToAssumedFinality,
uint256 _annualAprUpperBound,
uint256 _relativeLowerBound,
uint128 _maxDailyNetCommittableAmount_,
uint128 _maxDailyRelativeCommittableAmount_
) external;
/// @notice Initializes version 1.2 of the River System
function initRiverV1_2() external;
/// @notice Get the current global fee
/// @return The global fee
function getGlobalFee() external view returns (uint256);
/// @notice Retrieve the allowlist address
/// @return The allowlist address
function getAllowlist() external view returns (address);
/// @notice Retrieve the collector address
/// @return The collector address
function getCollector() external view returns (address);
/// @notice Retrieve the execution layer fee recipient
/// @return The execution layer fee recipient address
function getELFeeRecipient() external view returns (address);
/// @notice Retrieve the coverage fund
/// @return The coverage fund address
function getCoverageFund() external view returns (address);
/// @notice Retrieve the redeem manager
/// @return The redeem manager address
function getRedeemManager() external view returns (address);
/// @notice Retrieve the operators registry
/// @return The operators registry address
function getOperatorsRegistry() external view returns (address);
/// @notice Retrieve the metadata uri string value
/// @return The metadata uri string value
function getMetadataURI() external view returns (string memory);
/// @notice Retrieve the configured daily committable limits
/// @return The daily committable limits structure
function getDailyCommittableLimits()
external
view
returns (DailyCommittableLimits.DailyCommittableLimitsStruct memory);
/// @notice Resolves the provided redeem requests by calling the redeem manager
/// @param _redeemRequestIds The list of redeem requests to resolve
/// @return withdrawalEventIds The list of matching withdrawal events, or error codes
function resolveRedeemRequests(uint32[] calldata _redeemRequestIds)
external
view
returns (int64[] memory withdrawalEventIds);
/// @notice Set the daily committable limits
/// @param _dcl The Daily Committable Limits structure
function setDailyCommittableLimits(DailyCommittableLimits.DailyCommittableLimitsStruct memory _dcl) external;
/// @notice Retrieve the current balance to redeem
/// @return The current balance to redeem
function getBalanceToRedeem() external view returns (uint256);
/// @notice Performs a redeem request on the redeem manager
/// @param _lsETHAmount The amount of LsETH to redeem
/// @param _recipient The address that will own the redeem request
/// @return redeemRequestId The ID of the newly created redeem request
function requestRedeem(uint256 _lsETHAmount, address _recipient) external returns (uint32 redeemRequestId);
/// @notice Claims several redeem requests
/// @param _redeemRequestIds The list of redeem requests to claim
/// @param _withdrawalEventIds The list of resolved withdrawal event ids
/// @return claimStatuses The operation status results
function claimRedeemRequests(uint32[] calldata _redeemRequestIds, uint32[] calldata _withdrawalEventIds)
external
returns (uint8[] memory claimStatuses);
/// @notice Changes the global fee parameter
/// @param _newFee New fee value
function setGlobalFee(uint256 _newFee) external;
/// @notice Changes the allowlist address
/// @param _newAllowlist New address for the allowlist
function setAllowlist(address _newAllowlist) external;
/// @notice Changes the collector address
/// @param _newCollector New address for the collector
function setCollector(address _newCollector) external;
/// @notice Changes the execution layer fee recipient
/// @param _newELFeeRecipient New address for the recipient
function setELFeeRecipient(address _newELFeeRecipient) external;
/// @notice Changes the coverage fund
/// @param _newCoverageFund New address for the fund
function setCoverageFund(address _newCoverageFund) external;
/// @notice Sets the metadata uri string value
/// @param _metadataURI The new metadata uri string value
function setMetadataURI(string memory _metadataURI) external;
/// @notice Input for execution layer fee earnings
function sendELFees() external payable;
/// @notice Input for consensus layer funds, containing both exit and skimming
function sendCLFunds() external payable;
/// @notice Input for coverage funds
function sendCoverageFunds() external payable;
/// @notice Input for the redeem manager funds
function sendRedeemManagerExceedingFunds() external payable;
}
//SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.20;
/// @title Lib Basis Points
/// @notice Holds the basis points max value
library LibBasisPoints {
/// @notice The max value for basis points (represents 100%)
uint256 internal constant BASIS_POINTS_MAX = 10_000;
}
//SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.20;
/// @title Lib Errors
/// @notice Library of common errors
library LibErrors {
/// @notice The operator is unauthorized for the caller
/// @param caller Address performing the call
error Unauthorized(address caller);
/// @notice The call was invalid
error InvalidCall();
/// @notice The argument was invalid
error InvalidArgument();
/// @notice The address is zero
error InvalidZeroAddress();
/// @notice The string is empty
error InvalidEmptyString();
/// @notice The fee is invalid
error InvalidFee();
}
//SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.20;
import "./LibErrors.sol";
import "./LibBasisPoints.sol";
/// @title Lib Sanitize
/// @notice Utilities to sanitize input values
library LibSanitize {
/// @notice Reverts if address is 0
/// @param _address Address to check
function _notZeroAddress(address _address) internal pure {
if (_address == address(0)) {
revert LibErrors.InvalidZeroAddress();
}
}
/// @notice Reverts if string is empty
/// @param _string String to check
function _notEmptyString(string memory _string) internal pure {
if (bytes(_string).length == 0) {
revert LibErrors.InvalidEmptyString();
}
}
/// @notice Reverts if fee is invalid
/// @param _fee Fee to check
function _validFee(uint256 _fee) internal pure {
if (_fee > LibBasisPoints.BASIS_POINTS_MAX) {
revert LibErrors.InvalidFee();
}
}
}
//SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.20;
/// @title Lib Uint256
/// @notice Utilities to perform uint operations
library LibUint256 {
/// @notice Converts a value to little endian (64 bits)
/// @param _value The value to convert
/// @return result The converted value
function toLittleEndian64(uint256 _value) internal pure returns (uint256 result) {
uint256 tempValue = _value;
result = tempValue & 0xFF;
tempValue >>= 8;
result = (result << 8) | (tempValue & 0xFF);
tempValue >>= 8;
result = (result << 8) | (tempValue & 0xFF);
tempValue >>= 8;
result = (result << 8) | (tempValue & 0xFF);
tempValue >>= 8;
result = (result << 8) | (tempValue & 0xFF);
tempValue >>= 8;
result = (result << 8) | (tempValue & 0xFF);
tempValue >>= 8;
result = (result << 8) | (tempValue & 0xFF);
tempValue >>= 8;
result = (result << 8) | (tempValue & 0xFF);
tempValue >>= 8;
assert(0 == tempValue); // fully converted
result <<= (24 * 8);
}
/// @notice Returns the minimum value
/// @param _a First value
/// @param _b Second value
/// @return Smallest value between _a and _b
function min(uint256 _a, uint256 _b) internal pure returns (uint256) {
return (_a > _b ? _b : _a);
}
/// @notice Returns the max value
/// @param _a First value
/// @param _b Second value
/// @return Highest value between _a and _b
function max(uint256 _a, uint256 _b) internal pure returns (uint256) {
return (_a < _b ? _b : _a);
}
/// @notice Performs a ceiled division
/// @param _a Numerator
/// @param _b Denominator
/// @return ceil(_a / _b)
function ceil(uint256 _a, uint256 _b) internal pure returns (uint256) {
return (_a / _b) + (_a % _b > 0 ? 1 : 0);
}
}
// SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.20;
/// @title Lib Unstructured Storage
/// @notice Utilities to work with unstructured storage
library LibUnstructuredStorage {
/// @notice Retrieve a bool value at a storage slot
/// @param _position The storage slot to retrieve
/// @return data The bool value
function getStorageBool(bytes32 _position) internal view returns (bool data) {
// solhint-disable-next-line no-inline-assembly
assembly {
data := sload(_position)
}
}
/// @notice Retrieve an address value at a storage slot
/// @param _position The storage slot to retrieve
/// @return data The address value
function getStorageAddress(bytes32 _position) internal view returns (address data) {
// solhint-disable-next-line no-inline-assembly
assembly {
data := sload(_position)
}
}
/// @notice Retrieve a bytes32 value at a storage slot
/// @param _position The storage slot to retrieve
/// @return data The bytes32 value
function getStorageBytes32(bytes32 _position) internal view returns (bytes32 data) {
// solhint-disable-next-line no-inline-assembly
assembly {
data := sload(_position)
}
}
/// @notice Retrieve an uint256 value at a storage slot
/// @param _position The storage slot to retrieve
/// @return data The uint256 value
function getStorageUint256(bytes32 _position) internal view returns (uint256 data) {
// solhint-disable-next-line no-inline-assembly
assembly {
data := sload(_position)
}
}
/// @notice Sets a bool value at a storage slot
/// @param _position The storage slot to set
/// @param _data The bool value to set
function setStorageBool(bytes32 _position, bool _data) internal {
// solhint-disable-next-line no-inline-assembly
assembly {
sstore(_position, _data)
}
}
/// @notice Sets an address value at a storage slot
/// @param _position The storage slot to set
/// @param _data The address value to set
function setStorageAddress(bytes32 _position, address _data) internal {
// solhint-disable-next-line no-inline-assembly
assembly {
sstore(_position, _data)
}
}
/// @notice Sets a bytes32 value at a storage slot
/// @param _position The storage slot to set
/// @param _data The bytes32 value to set
function setStorageBytes32(bytes32 _position, bytes32 _data) internal {
// solhint-disable-next-line no-inline-assembly
assembly {
sstore(_position, _data)
}
}
/// @notice Sets an uint256 value at a storage slot
/// @param _position The storage slot to set
/// @param _data The uint256 value to set
function setStorageUint256(bytes32 _position, uint256 _data) internal {
// solhint-disable-next-line no-inline-assembly
assembly {
sstore(_position, _data)
}
}
}
//SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.20;
/// @title Consensus Layer Spec Storage
/// @notice Utility to manage the Consensus Layer Spec in storage
library CLSpec {
/// @notice Storage slot of the Consensus Layer Spec
bytes32 internal constant CL_SPEC_SLOT = bytes32(uint256(keccak256("river.state.clSpec")) - 1);
/// @notice The Consensus Layer Spec structure
struct CLSpecStruct {
/// @custom:attribute The count of epochs per frame, 225 means 24h
uint64 epochsPerFrame;
/// @custom:attribute The count of slots in an epoch (32 on mainnet)
uint64 slotsPerEpoch;
/// @custom:attribute The seconds in a slot (12 on mainnet)
uint64 secondsPerSlot;
/// @custom:attribute The block timestamp of the first consensus layer block
uint64 genesisTime;
/// @custom:attribute The count of epochs before considering an epoch final on-chain
uint64 epochsToAssumedFinality;
}
/// @notice The structure in storage
struct Slot {
/// @custom:attribute The structure in storage
CLSpecStruct value;
}
/// @notice Retrieve the Consensus Layer Spec from storage
/// @return The Consensus Layer Spec
function get() internal view returns (CLSpecStruct memory) {
bytes32 slot = CL_SPEC_SLOT;
Slot storage r;
// solhint-disable-next-line no-inline-assembly
assembly {
r.slot := slot
}
return r.value;
}
/// @notice Set the Consensus Layer Spec value in storage
/// @param _newCLSpec The new value to set in storage
function set(CLSpecStruct memory _newCLSpec) internal {
bytes32 slot = CL_SPEC_SLOT;
Slot storage r;
// solhint-disable-next-line no-inline-assembly
assembly {
r.slot := slot
}
r.value = _newCLSpec;
}
}
//SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.20;
import "../../libraries/LibSanitize.sol";
/// @title Daily Committable Limits storage
/// @notice Utility to manage the Daily Committable Limits in storage
library DailyCommittableLimits {
/// @notice Storage slot of the Daily Committable Limits storage
bytes32 internal constant DAILY_COMMITTABLE_LIMITS_SLOT =
bytes32(uint256(keccak256("river.state.dailyCommittableLimits")) - 1);
/// @notice The daily committable limits structure
struct DailyCommittableLimitsStruct {
uint128 minDailyNetCommittableAmount;
uint128 maxDailyRelativeCommittableAmount;
}
/// @notice The structure in storage
struct Slot {
/// @custom:attribute The structure in storage
DailyCommittableLimitsStruct value;
}
/// @notice Retrieve the Daily Committable Limits from storage
/// @return The Daily Committable Limits
function get() internal view returns (DailyCommittableLimitsStruct memory) {
bytes32 slot = DAILY_COMMITTABLE_LIMITS_SLOT;
Slot storage r;
// solhint-disable-next-line no-inline-assembly
assembly {
r.slot := slot
}
return r.value;
}
/// @notice Set the Daily Committable Limits value in storage
/// @param _newValue The new value to set in storage
function set(DailyCommittableLimitsStruct memory _newValue) internal {
bytes32 slot = DAILY_COMMITTABLE_LIMITS_SLOT;
Slot storage r;
// solhint-disable-next-line no-inline-assembly
assembly {
r.slot := slot
}
r.value = _newValue;
}
}
//SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.20;
/// @title Report Bounds Storage
/// @notice Utility to manage the Report Bounds in storage
library ReportBounds {
/// @notice Storage slot of the Report Bounds
bytes32 internal constant REPORT_BOUNDS_SLOT = bytes32(uint256(keccak256("river.state.reportBounds")) - 1);
/// @notice The Report Bounds structure
struct ReportBoundsStruct {
/// @custom:attribute The maximum allowed annual apr, checked before submitting a report to River
uint256 annualAprUpperBound;
/// @custom:attribute The maximum allowed balance decrease, also checked before submitting a report to River
uint256 relativeLowerBound;
}
/// @notice The structure in storage
struct Slot {
/// @custom:attribute The structure in storage
ReportBoundsStruct value;
}
/// @notice Retrieve the Report Bounds from storage
/// @return The Report Bounds
function get() internal view returns (ReportBoundsStruct memory) {
bytes32 slot = REPORT_BOUNDS_SLOT;
Slot storage r;
// solhint-disable-next-line no-inline-assembly
assembly {
r.slot := slot
}
return r.value;
}
/// @notice Set the Report Bounds in storage
/// @param _newReportBounds The new Report Bounds value
function set(ReportBoundsStruct memory _newReportBounds) internal {
bytes32 slot = REPORT_BOUNDS_SLOT;
Slot storage r;
// solhint-disable-next-line no-inline-assembly
assembly {
r.slot := slot
}
r.value = _newReportBounds;
}
}
//SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.20;
import "../../libraries/LibSanitize.sol";
import "../../libraries/LibUnstructuredStorage.sol";
/// @title River Address Storage
/// @notice Utility to manage the River Address in storage
library RiverAddress {
/// @notice Storage slot of the River Address
bytes32 internal constant RIVER_ADDRESS_SLOT = bytes32(uint256(keccak256("river.state.riverAddress")) - 1);
/// @notice Retrieve the River Address
/// @return The River Address
function get() internal view returns (address) {
return LibUnstructuredStorage.getStorageAddress(RIVER_ADDRESS_SLOT);
}
/// @notice Sets the River Address
/// @param _newValue New River Address
function set(address _newValue) internal {
LibSanitize._notZeroAddress(_newValue);
LibUnstructuredStorage.setStorageAddress(RIVER_ADDRESS_SLOT, _newValue);
}
}
//SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.20;
import "../../libraries/LibUnstructuredStorage.sol";
/// @title Version Storage
/// @notice Utility to manage the Version in storage
library Version {
/// @notice Storage slot of the Version
bytes32 public constant VERSION_SLOT = bytes32(uint256(keccak256("river.state.version")) - 1);
/// @notice Retrieve the Version
/// @return The Version
function get() internal view returns (uint256) {
return LibUnstructuredStorage.getStorageUint256(VERSION_SLOT);
}
/// @notice Sets the Version
/// @param _newValue New Version
function set(uint256 _newValue) internal {
LibUnstructuredStorage.setStorageUint256(VERSION_SLOT, _newValue);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/IERC20.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/
interface IERC20 {
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
/**
* @dev Returns the amount of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the amount of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves `amount` tokens from the caller's account to `to`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address to, uint256 amount) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 amount) external returns (bool);
/**
* @dev Moves `amount` tokens from `from` to `to` using the
* allowance mechanism. `amount` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(address from, address to, uint256 amount) external returns (bool);
}