Sponsored
MoonPay
Buy, sell and swap Ethereum with MoonPay.Buy Now!
20M+ users trust MoonPay worldwide. Checkout with your preferred payment method.
MetaMask
Manage your web3 everything with MetaMask Portfolio. Try Now!
Ready to onboard to Ethereum? With MetaMask Portfolio, you're in control.
eToro
One-stop crypto shop: trusted, simple & safe.
Don’t invest unless you’re prepared to lose all the money you invest.
Sponsored
Сoins.game
100 free spins for registration. Spin now!
Everyday giveaways up to 100 ETH, Lucky Spins. Deposit BONUS 300% and Cashbacks!
BC.GAME
- The Best ETH Casino Claim Now!
5000+ Slots & Live Casino Games, 50+cryptos. Register with Etherscan and get 760% deposit bonus. Win Big$, withdraw it fast.
Stake
200% Bonus, 100K Daily Giveaways, Instant Withdrawals Play Now!
Slots, Roulette, Poker & more - Proud sponsors of UFC, Everton & StakeF1 team!
Sponsored
BC.GAME
- The Best ETH Casino Claim Now!
5000+ Slots & Live Casino Games, 50+cryptos. Register with Etherscan and get 760% deposit bonus. Win Big$, withdraw it fast.
CryptoSlots
Play & Get 25 Free Spins at CryptoSlots Play Now
Anonymous play on awesome games - sign up now for 25 free jackpot spins - worth $100s!
CryptoWins
200% More Funds to Play on Us up to 4 BTC! Claim Now!
100s of games, generous bonuses, 20+ years of trusted gaming. Join CryptoWins & start winning today!
Overview
ETH Balance
0 ETH
Eth Value
$0.00More Info
Private Name Tags
ContractCreator
Latest 1 from a total of 1 transactions
| Transaction Hash |
Method
|
Block
|
From
|
To
|
|||||
|---|---|---|---|---|---|---|---|---|---|
| 0x60806040 | 18290586 | 414 days ago | IN | 0 ETH | 0.00084604 |
Loading...
Loading
Contract Name:
EmptyContract
Compiler Version
v0.8.20+commit.a1b79de6
Optimization Enabled:
Yes with 1000000 runs
Other Settings:
paris EvmVersion
Contract Source Code (Solidity Standard Json-Input format)
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;
import {
ITransparentUpgradeableProxy,
TransparentUpgradeableProxy
} from "openzeppelin/proxy/transparent/TransparentUpgradeableProxy.sol";
import {TimelockController} from "openzeppelin/governance/TimelockController.sol";
import {AccessControlUpgradeable} from "openzeppelin-upgradeable/access/AccessControlUpgradeable.sol";
import {AccessControl} from "openzeppelin/access/AccessControl.sol";
import {IDepositContract} from "../../src/interfaces/IDepositContract.sol";
import {Pauser} from "../../src/Pauser.sol";
import {Oracle} from "../../src/Oracle.sol";
import {OracleQuorumManager} from "../../src/OracleQuorumManager.sol";
import {ReturnsReceiver} from "../../src/ReturnsReceiver.sol";
import {ReturnsAggregator} from "../../src/ReturnsAggregator.sol";
import {UnstakeRequestsManager} from "../../src/UnstakeRequestsManager.sol";
import {Staking} from "../../src/Staking.sol";
import {METH} from "../../src/METH.sol";
// EmptyContract serves as a dud implementation for the proxy, which lets us point
// to something and deploy the proxy before we deploy the implementation.
// This helps avoid the cyclic dependencies in init.
contract EmptyContract {}
struct Deployments {
TimelockController proxyAdmin;
METH mETH;
Oracle oracle;
OracleQuorumManager quorumManager;
Pauser pauser;
ReturnsAggregator aggregator;
ReturnsReceiver consensusLayerReceiver;
ReturnsReceiver executionLayerReceiver;
Staking staking;
UnstakeRequestsManager unstakeRequestsManager;
}
/// @notice Deployment paramaters for the protocol contract
/// @dev These are mostly externally controlled addresses
/// @param admin the admin of the timelock controller that administers the proxy contracts.
/// @param upgrader the proposer and executor of the timelock controller that administers the proxy contracts.
/// @param manager the manager of the contracts (allowed to access setters, etc.). Using the same manager for all
/// contracts is our default for now but might change in the future.
/// @param pauser the address that can pause the protocol.
/// @param unpauser the address that can unpause the protocol.
/// @param allocatorService the address of the allocator service that can allocate ETH on the staking contract.
/// @param initiatorService the address of the initiator service that can initiate new validators.
/// @param requestCanceller the address of the request canceller that can cancel unfinalized unstake requests.
/// @param depositContract the address of the deposit contract.
/// @param pendingResolver the address that can resolve pending oracle records.
/// @param reporterModifier the address that can modify the reporter set on the oracle quorum manager.
/// @param reporters the addresses of the initial set of reporters on the oracle quorum manager.
/// @param feesReceiver the address that receives the protocol fees.
struct DeploymentParams {
address admin;
address manager;
address upgrader;
address pauser;
address unpauser;
address allocatorService;
address initiatorService;
address requestCanceller;
address depositContract;
address pendingResolver;
address reporterModifier;
address[] reporters;
address payable feesReceiver;
}
function deployAll(DeploymentParams memory params) returns (Deployments memory) {
return deployAll(params, msg.sender);
}
/// @notice Deploys all proxy and implementation contract, initializes them and returns a struct containing all the
/// addresses.
/// @dev All upgradeable contracts are deployed using the transparent proxy pattern, with the proxy admin being a
/// timelock controller with `params.upgrader` as proposer and executor, and `params.admin` as timelock admin.
/// The `deployer` will be added as admin, proposer and executer for the duration of the deployment. The permissions are
/// renounced accordingly at the end of the deployment.
/// @param params the configuration to use for the deployment.
/// @param deployer the address executing this function. While this will always be `msg.sender` in deployement scripts,
/// it will need to be set in tests as `prank`s will not affect `msg.sender` in free functions.
function deployAll(DeploymentParams memory params, address deployer) returns (Deployments memory) {
address[] memory controllers = new address[](2);
controllers[0] = params.upgrader;
controllers[1] = deployer;
TimelockController proxyAdmin =
new TimelockController({minDelay: 0, admin: deployer, proposers: controllers, executors: controllers});
// Create empty contract for proxy pointer
EmptyContract empty = new EmptyContract();
// Create proxies for all contracts
Deployments memory ds = Deployments({
proxyAdmin: proxyAdmin,
oracle: Oracle(address(newProxy(empty, proxyAdmin))),
quorumManager: OracleQuorumManager(address(newProxy(empty, proxyAdmin))),
unstakeRequestsManager: UnstakeRequestsManager(payable(newProxy(empty, proxyAdmin))),
mETH: METH(address(newProxy(empty, proxyAdmin))),
pauser: Pauser(address(newProxy(empty, proxyAdmin))),
staking: Staking(payable(newProxy(empty, proxyAdmin))),
consensusLayerReceiver: ReturnsReceiver(payable(newProxy(empty, proxyAdmin))),
executionLayerReceiver: ReturnsReceiver(payable(newProxy(empty, proxyAdmin))),
aggregator: ReturnsAggregator(payable(newProxy(empty, proxyAdmin)))
});
// Upgrade and iniitialize contracts
ds.consensusLayerReceiver = initReturnsReceiver(
proxyAdmin,
ITransparentUpgradeableProxy(address(ds.consensusLayerReceiver)),
ReturnsReceiver.Init({admin: params.admin, manager: params.manager, withdrawer: address(ds.aggregator)})
);
ds.executionLayerReceiver = initReturnsReceiver(
proxyAdmin,
ITransparentUpgradeableProxy(address(ds.executionLayerReceiver)),
ReturnsReceiver.Init({admin: params.admin, manager: params.manager, withdrawer: address(ds.aggregator)})
);
// Add the provided pauser address from params and the oracle to the PAUSER_ROLE on the pausing contract.
// This gives the oracle the ability to pause the contracts if the sanity check fails.
ds.pauser = initPauser(
proxyAdmin,
ITransparentUpgradeableProxy(address(ds.pauser)),
Pauser.Init({admin: params.admin, pauser: params.pauser, unpauser: params.unpauser, oracle: ds.oracle})
);
ds.mETH = initMETH(
proxyAdmin,
ITransparentUpgradeableProxy(address(ds.mETH)),
METH.Init({admin: params.admin, staking: ds.staking, unstakeRequestsManager: ds.unstakeRequestsManager})
);
// Oracle relies on staking and aggregator to process oracle records, so we need to deploy those first.
ds.staking = initStaking(
proxyAdmin,
ITransparentUpgradeableProxy(address(ds.staking)),
Staking.Init({
admin: params.admin,
manager: params.manager,
pauser: ds.pauser,
allocatorService: params.allocatorService,
initiatorService: params.initiatorService,
withdrawalWallet: address(ds.consensusLayerReceiver),
mETH: ds.mETH,
depositContract: IDepositContract(params.depositContract),
oracle: ds.oracle,
returnsAggregator: address(ds.aggregator),
unstakeRequestsManager: ds.unstakeRequestsManager
})
);
ds.aggregator = initReturnsAggregator(
proxyAdmin,
ITransparentUpgradeableProxy(address(ds.aggregator)),
ReturnsAggregator.Init({
admin: params.admin,
manager: params.manager,
staking: ds.staking,
pauser: ds.pauser,
oracle: ds.oracle,
consensusLayerReceiver: ds.consensusLayerReceiver,
executionLayerReceiver: ds.executionLayerReceiver,
feesReceiver: params.feesReceiver
})
);
ds.oracle = initOracle(
proxyAdmin,
ITransparentUpgradeableProxy(address(ds.oracle)),
Oracle.Init({
admin: params.admin,
manager: params.manager,
oracleUpdater: address(ds.quorumManager),
aggregator: ds.aggregator,
pauser: ds.pauser,
pendingResolver: params.pendingResolver,
staking: Staking(payable(address(ds.staking)))
})
);
ds.quorumManager = initOracleQuorumManager(
proxyAdmin,
ITransparentUpgradeableProxy(address(ds.quorumManager)),
OracleQuorumManager.Init({
admin: params.admin,
manager: params.manager,
reporterModifier: params.reporterModifier,
allowedReporters: params.reporters,
oracle: ds.oracle
})
);
ds.unstakeRequestsManager = initUnstakeRequestsManager(
proxyAdmin,
ITransparentUpgradeableProxy(address(ds.unstakeRequestsManager)),
UnstakeRequestsManager.Init({
admin: params.admin,
manager: params.manager,
requestCanceller: params.requestCanceller,
oracle: ds.oracle,
mETH: ds.mETH,
stakingContract: Staking(payable(address(ds.staking))),
numberOfBlocksToFinalize: 128 // 4 epochs (in blocks) to finalize unstake requests.
})
);
// Renounce all roles, now that we have deployed everything
// Keep roles only if the deployer was also set as admin or upgrader, repspectively.
if (deployer != params.admin) {
proxyAdmin.grantRole(proxyAdmin.TIMELOCK_ADMIN_ROLE(), params.admin);
proxyAdmin.renounceRole(proxyAdmin.TIMELOCK_ADMIN_ROLE(), deployer);
}
if (deployer != params.upgrader) {
proxyAdmin.renounceRole(proxyAdmin.PROPOSER_ROLE(), deployer);
proxyAdmin.renounceRole(proxyAdmin.EXECUTOR_ROLE(), deployer);
proxyAdmin.renounceRole(proxyAdmin.CANCELLER_ROLE(), deployer);
}
return ds;
}
function newProxy(EmptyContract empty, TimelockController admin) returns (TransparentUpgradeableProxy) {
return new TransparentUpgradeableProxy(address(empty), address(admin), "");
}
function scheduleAndExecute(TimelockController controller, address target, uint256 value, bytes memory data) {
controller.schedule({target: target, value: value, data: data, predecessor: bytes32(0), delay: 0, salt: bytes32(0)});
controller.execute{value: value}({
target: target,
value: value,
payload: data,
predecessor: bytes32(0),
salt: bytes32(0)
});
}
function upgradeToAndCall(
TimelockController controller,
ITransparentUpgradeableProxy proxy,
address implementation,
uint256 value,
bytes memory data
) {
scheduleAndExecute(
controller,
address(proxy),
value,
abi.encodeCall(ITransparentUpgradeableProxy.upgradeToAndCall, (implementation, data))
);
}
function upgradeToAndCall(
TimelockController controller,
ITransparentUpgradeableProxy proxy,
address implementation,
bytes memory data
) {
upgradeToAndCall(controller, proxy, implementation, 0, data);
}
function upgradeTo(TimelockController controller, ITransparentUpgradeableProxy proxy, address implementation) {
scheduleAndExecute(
controller, address(proxy), 0, abi.encodeCall(ITransparentUpgradeableProxy.upgradeTo, (implementation))
);
}
function initReturnsReceiver(
TimelockController proxyAdmin,
ITransparentUpgradeableProxy proxy,
ReturnsReceiver.Init memory init
) returns (ReturnsReceiver) {
ReturnsReceiver impl = new ReturnsReceiver();
upgradeToAndCall(proxyAdmin, proxy, address(impl), abi.encodeCall(ReturnsReceiver.initialize, init));
return ReturnsReceiver(payable(address(proxy)));
}
function initReturnsAggregator(
TimelockController proxyAdmin,
ITransparentUpgradeableProxy proxy,
ReturnsAggregator.Init memory init
) returns (ReturnsAggregator) {
ReturnsAggregator impl = new ReturnsAggregator();
upgradeToAndCall(proxyAdmin, proxy, address(impl), abi.encodeCall(ReturnsAggregator.initialize, init));
return ReturnsAggregator(payable(address(proxy)));
}
function initOracle(TimelockController proxyAdmin, ITransparentUpgradeableProxy proxy, Oracle.Init memory init)
returns (Oracle)
{
Oracle impl = new Oracle();
upgradeToAndCall(proxyAdmin, proxy, address(impl), abi.encodeCall(Oracle.initialize, init));
return Oracle(address(proxy));
}
function initOracleQuorumManager(
TimelockController proxyAdmin,
ITransparentUpgradeableProxy proxy,
OracleQuorumManager.Init memory init
) returns (OracleQuorumManager) {
OracleQuorumManager impl = new OracleQuorumManager();
upgradeToAndCall(proxyAdmin, proxy, address(impl), abi.encodeCall(OracleQuorumManager.initialize, init));
return OracleQuorumManager(payable(address(proxy)));
}
function initPauser(TimelockController proxyAdmin, ITransparentUpgradeableProxy proxy, Pauser.Init memory init)
returns (Pauser)
{
Pauser impl = new Pauser();
upgradeToAndCall(proxyAdmin, proxy, address(impl), abi.encodeCall(Pauser.initialize, init));
return Pauser(payable(address(proxy)));
}
function initUnstakeRequestsManager(
TimelockController proxyAdmin,
ITransparentUpgradeableProxy proxy,
UnstakeRequestsManager.Init memory init
) returns (UnstakeRequestsManager) {
UnstakeRequestsManager impl = new UnstakeRequestsManager();
upgradeToAndCall(proxyAdmin, proxy, address(impl), abi.encodeCall(UnstakeRequestsManager.initialize, init));
return UnstakeRequestsManager(payable(address(proxy)));
}
function initStaking(TimelockController proxyAdmin, ITransparentUpgradeableProxy proxy, Staking.Init memory init)
returns (Staking)
{
Staking impl = new Staking();
upgradeToAndCall(proxyAdmin, proxy, address(impl), abi.encodeCall(Staking.initialize, init));
return Staking(payable(address(proxy)));
}
function initMETH(TimelockController proxyAdmin, ITransparentUpgradeableProxy proxy, METH.Init memory init)
returns (METH)
{
METH impl = new METH();
upgradeToAndCall(proxyAdmin, proxy, address(impl), abi.encodeCall(METH.initialize, init));
return METH(address(proxy));
}
function grantAndRenounce(AccessControlUpgradeable controllable, bytes32 role, address sender, address newAccount) {
grantAndRenounce(AccessControl(address(controllable)), role, sender, newAccount);
}
function grantAndRenounce(AccessControl controllable, bytes32 role, address sender, address newAccount) {
// To prevent reassigning to self and renouncing later leaving the role empty
if (sender != newAccount) {
controllable.grantRole(role, newAccount);
controllable.renounceRole(role, sender);
}
}
/// @notice Grants roles to addresses as specified in `params` and renounces the roles from `sender`.
/// @dev Assumes that all contracts were deployed using `sender` as admin/manager/etc.
function grantAndRenounceAllRoles(DeploymentParams memory params, Deployments memory ds, address sender) {
grantAndRenounce(
ds.consensusLayerReceiver, ds.consensusLayerReceiver.RECEIVER_MANAGER_ROLE(), sender, params.manager
);
grantAndRenounce(ds.consensusLayerReceiver, ds.consensusLayerReceiver.DEFAULT_ADMIN_ROLE(), sender, params.admin);
grantAndRenounce(
ds.executionLayerReceiver, ds.executionLayerReceiver.RECEIVER_MANAGER_ROLE(), sender, params.manager
);
grantAndRenounce(ds.executionLayerReceiver, ds.executionLayerReceiver.DEFAULT_ADMIN_ROLE(), sender, params.admin);
grantAndRenounce(ds.pauser, ds.pauser.PAUSER_ROLE(), sender, params.pauser);
grantAndRenounce(ds.pauser, ds.pauser.UNPAUSER_ROLE(), sender, params.unpauser);
grantAndRenounce(ds.pauser, ds.pauser.DEFAULT_ADMIN_ROLE(), sender, params.admin);
grantAndRenounce(ds.mETH, ds.mETH.DEFAULT_ADMIN_ROLE(), sender, params.admin);
grantAndRenounce(ds.staking, ds.staking.STAKING_MANAGER_ROLE(), sender, params.manager);
grantAndRenounce(ds.staking, ds.staking.DEFAULT_ADMIN_ROLE(), sender, params.admin);
grantAndRenounce(ds.aggregator, ds.aggregator.AGGREGATOR_MANAGER_ROLE(), sender, params.manager);
grantAndRenounce(ds.aggregator, ds.aggregator.DEFAULT_ADMIN_ROLE(), sender, params.admin);
grantAndRenounce(ds.oracle, ds.oracle.ORACLE_MANAGER_ROLE(), sender, params.manager);
grantAndRenounce(ds.oracle, ds.oracle.ORACLE_PENDING_UPDATE_RESOLVER_ROLE(), sender, params.pendingResolver);
grantAndRenounce(ds.oracle, ds.oracle.DEFAULT_ADMIN_ROLE(), sender, params.admin);
grantAndRenounce(ds.quorumManager, ds.quorumManager.QUORUM_MANAGER_ROLE(), sender, params.manager);
grantAndRenounce(ds.quorumManager, ds.quorumManager.REPORTER_MODIFIER_ROLE(), sender, params.reporterModifier);
grantAndRenounce(ds.quorumManager, ds.quorumManager.DEFAULT_ADMIN_ROLE(), sender, params.admin);
grantAndRenounce(ds.unstakeRequestsManager, ds.unstakeRequestsManager.MANAGER_ROLE(), sender, params.manager);
grantAndRenounce(
ds.unstakeRequestsManager, ds.unstakeRequestsManager.REQUEST_CANCELLER_ROLE(), sender, params.requestCanceller
);
grantAndRenounce(ds.unstakeRequestsManager, ds.unstakeRequestsManager.DEFAULT_ADMIN_ROLE(), sender, params.admin);
// Proxy admin
grantAndRenounce(ds.proxyAdmin, ds.proxyAdmin.PROPOSER_ROLE(), sender, params.upgrader);
grantAndRenounce(ds.proxyAdmin, ds.proxyAdmin.EXECUTOR_ROLE(), sender, params.upgrader);
grantAndRenounce(ds.proxyAdmin, ds.proxyAdmin.CANCELLER_ROLE(), sender, params.upgrader);
grantAndRenounce(ds.proxyAdmin, ds.proxyAdmin.TIMELOCK_ADMIN_ROLE(), sender, params.admin);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.3) (proxy/transparent/TransparentUpgradeableProxy.sol)
pragma solidity ^0.8.0;
import "../ERC1967/ERC1967Proxy.sol";
/**
* @dev Interface for {TransparentUpgradeableProxy}. In order to implement transparency, {TransparentUpgradeableProxy}
* does not implement this interface directly, and some of its functions are implemented by an internal dispatch
* mechanism. The compiler is unaware that these functions are implemented by {TransparentUpgradeableProxy} and will not
* include them in the ABI so this interface must be used to interact with it.
*/
interface ITransparentUpgradeableProxy is IERC1967 {
function admin() external view returns (address);
function implementation() external view returns (address);
function changeAdmin(address) external;
function upgradeTo(address) external;
function upgradeToAndCall(address, bytes memory) external payable;
}
/**
* @dev This contract implements a proxy that is upgradeable by an admin.
*
* To avoid https://medium.com/nomic-labs-blog/malicious-backdoors-in-ethereum-proxies-62629adf3357[proxy selector
* clashing], which can potentially be used in an attack, this contract uses the
* https://blog.openzeppelin.com/the-transparent-proxy-pattern/[transparent proxy pattern]. This pattern implies two
* things that go hand in hand:
*
* 1. If any account other than the admin calls the proxy, the call will be forwarded to the implementation, even if
* that call matches one of the admin functions exposed by the proxy itself.
* 2. If the admin calls the proxy, it can access the admin functions, but its calls will never be forwarded to the
* implementation. If the admin tries to call a function on the implementation it will fail with an error that says
* "admin cannot fallback to proxy target".
*
* These properties mean that the admin account can only be used for admin actions like upgrading the proxy or changing
* the admin, so it's best if it's a dedicated account that is not used for anything else. This will avoid headaches due
* to sudden errors when trying to call a function from the proxy implementation.
*
* Our recommendation is for the dedicated account to be an instance of the {ProxyAdmin} contract. If set up this way,
* you should think of the `ProxyAdmin` instance as the real administrative interface of your proxy.
*
* NOTE: The real interface of this proxy is that defined in `ITransparentUpgradeableProxy`. This contract does not
* inherit from that interface, and instead the admin functions are implicitly implemented using a custom dispatch
* mechanism in `_fallback`. Consequently, the compiler will not produce an ABI for this contract. This is necessary to
* fully implement transparency without decoding reverts caused by selector clashes between the proxy and the
* implementation.
*
* WARNING: It is not recommended to extend this contract to add additional external functions. If you do so, the compiler
* will not check that there are no selector conflicts, due to the note above. A selector clash between any new function
* and the functions declared in {ITransparentUpgradeableProxy} will be resolved in favor of the new one. This could
* render the admin operations inaccessible, which could prevent upgradeability. Transparency may also be compromised.
*/
contract TransparentUpgradeableProxy is ERC1967Proxy {
/**
* @dev Initializes an upgradeable proxy managed by `_admin`, backed by the implementation at `_logic`, and
* optionally initialized with `_data` as explained in {ERC1967Proxy-constructor}.
*/
constructor(address _logic, address admin_, bytes memory _data) payable ERC1967Proxy(_logic, _data) {
_changeAdmin(admin_);
}
/**
* @dev Modifier used internally that will delegate the call to the implementation unless the sender is the admin.
*
* CAUTION: This modifier is deprecated, as it could cause issues if the modified function has arguments, and the
* implementation provides a function with the same selector.
*/
modifier ifAdmin() {
if (msg.sender == _getAdmin()) {
_;
} else {
_fallback();
}
}
/**
* @dev If caller is the admin process the call internally, otherwise transparently fallback to the proxy behavior
*/
function _fallback() internal virtual override {
if (msg.sender == _getAdmin()) {
bytes memory ret;
bytes4 selector = msg.sig;
if (selector == ITransparentUpgradeableProxy.upgradeTo.selector) {
ret = _dispatchUpgradeTo();
} else if (selector == ITransparentUpgradeableProxy.upgradeToAndCall.selector) {
ret = _dispatchUpgradeToAndCall();
} else if (selector == ITransparentUpgradeableProxy.changeAdmin.selector) {
ret = _dispatchChangeAdmin();
} else if (selector == ITransparentUpgradeableProxy.admin.selector) {
ret = _dispatchAdmin();
} else if (selector == ITransparentUpgradeableProxy.implementation.selector) {
ret = _dispatchImplementation();
} else {
revert("TransparentUpgradeableProxy: admin cannot fallback to proxy target");
}
assembly {
return(add(ret, 0x20), mload(ret))
}
} else {
super._fallback();
}
}
/**
* @dev Returns the current admin.
*
* TIP: To get this value clients can read directly from the storage slot shown below (specified by EIP1967) using the
* https://eth.wiki/json-rpc/API#eth_getstorageat[`eth_getStorageAt`] RPC call.
* `0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103`
*/
function _dispatchAdmin() private returns (bytes memory) {
_requireZeroValue();
address admin = _getAdmin();
return abi.encode(admin);
}
/**
* @dev Returns the current implementation.
*
* TIP: To get this value clients can read directly from the storage slot shown below (specified by EIP1967) using the
* https://eth.wiki/json-rpc/API#eth_getstorageat[`eth_getStorageAt`] RPC call.
* `0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc`
*/
function _dispatchImplementation() private returns (bytes memory) {
_requireZeroValue();
address implementation = _implementation();
return abi.encode(implementation);
}
/**
* @dev Changes the admin of the proxy.
*
* Emits an {AdminChanged} event.
*/
function _dispatchChangeAdmin() private returns (bytes memory) {
_requireZeroValue();
address newAdmin = abi.decode(msg.data[4:], (address));
_changeAdmin(newAdmin);
return "";
}
/**
* @dev Upgrade the implementation of the proxy.
*/
function _dispatchUpgradeTo() private returns (bytes memory) {
_requireZeroValue();
address newImplementation = abi.decode(msg.data[4:], (address));
_upgradeToAndCall(newImplementation, bytes(""), false);
return "";
}
/**
* @dev Upgrade the implementation of the proxy, and then call a function from the new implementation as specified
* by `data`, which should be an encoded function call. This is useful to initialize new storage variables in the
* proxied contract.
*/
function _dispatchUpgradeToAndCall() private returns (bytes memory) {
(address newImplementation, bytes memory data) = abi.decode(msg.data[4:], (address, bytes));
_upgradeToAndCall(newImplementation, data, true);
return "";
}
/**
* @dev Returns the current admin.
*
* CAUTION: This function is deprecated. Use {ERC1967Upgrade-_getAdmin} instead.
*/
function _admin() internal view virtual returns (address) {
return _getAdmin();
}
/**
* @dev To keep this contract fully transparent, all `ifAdmin` functions must be payable. This helper is here to
* emulate some proxy functions being non-payable while still allowing value to pass through.
*/
function _requireZeroValue() private {
require(msg.value == 0);
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.2) (governance/TimelockController.sol)
pragma solidity ^0.8.0;
import "../access/AccessControl.sol";
import "../token/ERC721/IERC721Receiver.sol";
import "../token/ERC1155/IERC1155Receiver.sol";
/**
* @dev Contract module which acts as a timelocked controller. When set as the
* owner of an `Ownable` smart contract, it enforces a timelock on all
* `onlyOwner` maintenance operations. This gives time for users of the
* controlled contract to exit before a potentially dangerous maintenance
* operation is applied.
*
* By default, this contract is self administered, meaning administration tasks
* have to go through the timelock process. The proposer (resp executor) role
* is in charge of proposing (resp executing) operations. A common use case is
* to position this {TimelockController} as the owner of a smart contract, with
* a multisig or a DAO as the sole proposer.
*
* _Available since v3.3._
*/
contract TimelockController is AccessControl, IERC721Receiver, IERC1155Receiver {
bytes32 public constant TIMELOCK_ADMIN_ROLE = keccak256("TIMELOCK_ADMIN_ROLE");
bytes32 public constant PROPOSER_ROLE = keccak256("PROPOSER_ROLE");
bytes32 public constant EXECUTOR_ROLE = keccak256("EXECUTOR_ROLE");
bytes32 public constant CANCELLER_ROLE = keccak256("CANCELLER_ROLE");
uint256 internal constant _DONE_TIMESTAMP = uint256(1);
mapping(bytes32 => uint256) private _timestamps;
uint256 private _minDelay;
/**
* @dev Emitted when a call is scheduled as part of operation `id`.
*/
event CallScheduled(
bytes32 indexed id,
uint256 indexed index,
address target,
uint256 value,
bytes data,
bytes32 predecessor,
uint256 delay
);
/**
* @dev Emitted when a call is performed as part of operation `id`.
*/
event CallExecuted(bytes32 indexed id, uint256 indexed index, address target, uint256 value, bytes data);
/**
* @dev Emitted when new proposal is scheduled with non-zero salt.
*/
event CallSalt(bytes32 indexed id, bytes32 salt);
/**
* @dev Emitted when operation `id` is cancelled.
*/
event Cancelled(bytes32 indexed id);
/**
* @dev Emitted when the minimum delay for future operations is modified.
*/
event MinDelayChange(uint256 oldDuration, uint256 newDuration);
/**
* @dev Initializes the contract with the following parameters:
*
* - `minDelay`: initial minimum delay for operations
* - `proposers`: accounts to be granted proposer and canceller roles
* - `executors`: accounts to be granted executor role
* - `admin`: optional account to be granted admin role; disable with zero address
*
* IMPORTANT: The optional admin can aid with initial configuration of roles after deployment
* without being subject to delay, but this role should be subsequently renounced in favor of
* administration through timelocked proposals. Previous versions of this contract would assign
* this admin to the deployer automatically and should be renounced as well.
*/
constructor(uint256 minDelay, address[] memory proposers, address[] memory executors, address admin) {
_setRoleAdmin(TIMELOCK_ADMIN_ROLE, TIMELOCK_ADMIN_ROLE);
_setRoleAdmin(PROPOSER_ROLE, TIMELOCK_ADMIN_ROLE);
_setRoleAdmin(EXECUTOR_ROLE, TIMELOCK_ADMIN_ROLE);
_setRoleAdmin(CANCELLER_ROLE, TIMELOCK_ADMIN_ROLE);
// self administration
_setupRole(TIMELOCK_ADMIN_ROLE, address(this));
// optional admin
if (admin != address(0)) {
_setupRole(TIMELOCK_ADMIN_ROLE, admin);
}
// register proposers and cancellers
for (uint256 i = 0; i < proposers.length; ++i) {
_setupRole(PROPOSER_ROLE, proposers[i]);
_setupRole(CANCELLER_ROLE, proposers[i]);
}
// register executors
for (uint256 i = 0; i < executors.length; ++i) {
_setupRole(EXECUTOR_ROLE, executors[i]);
}
_minDelay = minDelay;
emit MinDelayChange(0, minDelay);
}
/**
* @dev Modifier to make a function callable only by a certain role. In
* addition to checking the sender's role, `address(0)` 's role is also
* considered. Granting a role to `address(0)` is equivalent to enabling
* this role for everyone.
*/
modifier onlyRoleOrOpenRole(bytes32 role) {
if (!hasRole(role, address(0))) {
_checkRole(role, _msgSender());
}
_;
}
/**
* @dev Contract might receive/hold ETH as part of the maintenance process.
*/
receive() external payable {}
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override(IERC165, AccessControl) returns (bool) {
return interfaceId == type(IERC1155Receiver).interfaceId || super.supportsInterface(interfaceId);
}
/**
* @dev Returns whether an id correspond to a registered operation. This
* includes both Pending, Ready and Done operations.
*/
function isOperation(bytes32 id) public view virtual returns (bool) {
return getTimestamp(id) > 0;
}
/**
* @dev Returns whether an operation is pending or not. Note that a "pending" operation may also be "ready".
*/
function isOperationPending(bytes32 id) public view virtual returns (bool) {
return getTimestamp(id) > _DONE_TIMESTAMP;
}
/**
* @dev Returns whether an operation is ready for execution. Note that a "ready" operation is also "pending".
*/
function isOperationReady(bytes32 id) public view virtual returns (bool) {
uint256 timestamp = getTimestamp(id);
return timestamp > _DONE_TIMESTAMP && timestamp <= block.timestamp;
}
/**
* @dev Returns whether an operation is done or not.
*/
function isOperationDone(bytes32 id) public view virtual returns (bool) {
return getTimestamp(id) == _DONE_TIMESTAMP;
}
/**
* @dev Returns the timestamp at which an operation becomes ready (0 for
* unset operations, 1 for done operations).
*/
function getTimestamp(bytes32 id) public view virtual returns (uint256) {
return _timestamps[id];
}
/**
* @dev Returns the minimum delay for an operation to become valid.
*
* This value can be changed by executing an operation that calls `updateDelay`.
*/
function getMinDelay() public view virtual returns (uint256) {
return _minDelay;
}
/**
* @dev Returns the identifier of an operation containing a single
* transaction.
*/
function hashOperation(
address target,
uint256 value,
bytes calldata data,
bytes32 predecessor,
bytes32 salt
) public pure virtual returns (bytes32) {
return keccak256(abi.encode(target, value, data, predecessor, salt));
}
/**
* @dev Returns the identifier of an operation containing a batch of
* transactions.
*/
function hashOperationBatch(
address[] calldata targets,
uint256[] calldata values,
bytes[] calldata payloads,
bytes32 predecessor,
bytes32 salt
) public pure virtual returns (bytes32) {
return keccak256(abi.encode(targets, values, payloads, predecessor, salt));
}
/**
* @dev Schedule an operation containing a single transaction.
*
* Emits {CallSalt} if salt is nonzero, and {CallScheduled}.
*
* Requirements:
*
* - the caller must have the 'proposer' role.
*/
function schedule(
address target,
uint256 value,
bytes calldata data,
bytes32 predecessor,
bytes32 salt,
uint256 delay
) public virtual onlyRole(PROPOSER_ROLE) {
bytes32 id = hashOperation(target, value, data, predecessor, salt);
_schedule(id, delay);
emit CallScheduled(id, 0, target, value, data, predecessor, delay);
if (salt != bytes32(0)) {
emit CallSalt(id, salt);
}
}
/**
* @dev Schedule an operation containing a batch of transactions.
*
* Emits {CallSalt} if salt is nonzero, and one {CallScheduled} event per transaction in the batch.
*
* Requirements:
*
* - the caller must have the 'proposer' role.
*/
function scheduleBatch(
address[] calldata targets,
uint256[] calldata values,
bytes[] calldata payloads,
bytes32 predecessor,
bytes32 salt,
uint256 delay
) public virtual onlyRole(PROPOSER_ROLE) {
require(targets.length == values.length, "TimelockController: length mismatch");
require(targets.length == payloads.length, "TimelockController: length mismatch");
bytes32 id = hashOperationBatch(targets, values, payloads, predecessor, salt);
_schedule(id, delay);
for (uint256 i = 0; i < targets.length; ++i) {
emit CallScheduled(id, i, targets[i], values[i], payloads[i], predecessor, delay);
}
if (salt != bytes32(0)) {
emit CallSalt(id, salt);
}
}
/**
* @dev Schedule an operation that is to become valid after a given delay.
*/
function _schedule(bytes32 id, uint256 delay) private {
require(!isOperation(id), "TimelockController: operation already scheduled");
require(delay >= getMinDelay(), "TimelockController: insufficient delay");
_timestamps[id] = block.timestamp + delay;
}
/**
* @dev Cancel an operation.
*
* Requirements:
*
* - the caller must have the 'canceller' role.
*/
function cancel(bytes32 id) public virtual onlyRole(CANCELLER_ROLE) {
require(isOperationPending(id), "TimelockController: operation cannot be cancelled");
delete _timestamps[id];
emit Cancelled(id);
}
/**
* @dev Execute an (ready) operation containing a single transaction.
*
* Emits a {CallExecuted} event.
*
* Requirements:
*
* - the caller must have the 'executor' role.
*/
// This function can reenter, but it doesn't pose a risk because _afterCall checks that the proposal is pending,
// thus any modifications to the operation during reentrancy should be caught.
// slither-disable-next-line reentrancy-eth
function execute(
address target,
uint256 value,
bytes calldata payload,
bytes32 predecessor,
bytes32 salt
) public payable virtual onlyRoleOrOpenRole(EXECUTOR_ROLE) {
bytes32 id = hashOperation(target, value, payload, predecessor, salt);
_beforeCall(id, predecessor);
_execute(target, value, payload);
emit CallExecuted(id, 0, target, value, payload);
_afterCall(id);
}
/**
* @dev Execute an (ready) operation containing a batch of transactions.
*
* Emits one {CallExecuted} event per transaction in the batch.
*
* Requirements:
*
* - the caller must have the 'executor' role.
*/
// This function can reenter, but it doesn't pose a risk because _afterCall checks that the proposal is pending,
// thus any modifications to the operation during reentrancy should be caught.
// slither-disable-next-line reentrancy-eth
function executeBatch(
address[] calldata targets,
uint256[] calldata values,
bytes[] calldata payloads,
bytes32 predecessor,
bytes32 salt
) public payable virtual onlyRoleOrOpenRole(EXECUTOR_ROLE) {
require(targets.length == values.length, "TimelockController: length mismatch");
require(targets.length == payloads.length, "TimelockController: length mismatch");
bytes32 id = hashOperationBatch(targets, values, payloads, predecessor, salt);
_beforeCall(id, predecessor);
for (uint256 i = 0; i < targets.length; ++i) {
address target = targets[i];
uint256 value = values[i];
bytes calldata payload = payloads[i];
_execute(target, value, payload);
emit CallExecuted(id, i, target, value, payload);
}
_afterCall(id);
}
/**
* @dev Execute an operation's call.
*/
function _execute(address target, uint256 value, bytes calldata data) internal virtual {
(bool success, ) = target.call{value: value}(data);
require(success, "TimelockController: underlying transaction reverted");
}
/**
* @dev Checks before execution of an operation's calls.
*/
function _beforeCall(bytes32 id, bytes32 predecessor) private view {
require(isOperationReady(id), "TimelockController: operation is not ready");
require(predecessor == bytes32(0) || isOperationDone(predecessor), "TimelockController: missing dependency");
}
/**
* @dev Checks after execution of an operation's calls.
*/
function _afterCall(bytes32 id) private {
require(isOperationReady(id), "TimelockController: operation is not ready");
_timestamps[id] = _DONE_TIMESTAMP;
}
/**
* @dev Changes the minimum timelock duration for future operations.
*
* Emits a {MinDelayChange} event.
*
* Requirements:
*
* - the caller must be the timelock itself. This can only be achieved by scheduling and later executing
* an operation where the timelock is the target and the data is the ABI-encoded call to this function.
*/
function updateDelay(uint256 newDelay) external virtual {
require(msg.sender == address(this), "TimelockController: caller must be timelock");
emit MinDelayChange(_minDelay, newDelay);
_minDelay = newDelay;
}
/**
* @dev See {IERC721Receiver-onERC721Received}.
*/
function onERC721Received(address, address, uint256, bytes memory) public virtual override returns (bytes4) {
return this.onERC721Received.selector;
}
/**
* @dev See {IERC1155Receiver-onERC1155Received}.
*/
function onERC1155Received(
address,
address,
uint256,
uint256,
bytes memory
) public virtual override returns (bytes4) {
return this.onERC1155Received.selector;
}
/**
* @dev See {IERC1155Receiver-onERC1155BatchReceived}.
*/
function onERC1155BatchReceived(
address,
address,
uint256[] memory,
uint256[] memory,
bytes memory
) public virtual override returns (bytes4) {
return this.onERC1155BatchReceived.selector;
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (access/AccessControl.sol)
pragma solidity ^0.8.0;
import "./IAccessControlUpgradeable.sol";
import "../utils/ContextUpgradeable.sol";
import "../utils/StringsUpgradeable.sol";
import "../utils/introspection/ERC165Upgradeable.sol";
import "../proxy/utils/Initializable.sol";
/**
* @dev Contract module that allows children to implement role-based access
* control mechanisms. This is a lightweight version that doesn't allow enumerating role
* members except through off-chain means by accessing the contract event logs. Some
* applications may benefit from on-chain enumerability, for those cases see
* {AccessControlEnumerable}.
*
* Roles are referred to by their `bytes32` identifier. These should be exposed
* in the external API and be unique. The best way to achieve this is by
* using `public constant` hash digests:
*
* ```solidity
* bytes32 public constant MY_ROLE = keccak256("MY_ROLE");
* ```
*
* Roles can be used to represent a set of permissions. To restrict access to a
* function call, use {hasRole}:
*
* ```solidity
* function foo() public {
* require(hasRole(MY_ROLE, msg.sender));
* ...
* }
* ```
*
* Roles can be granted and revoked dynamically via the {grantRole} and
* {revokeRole} functions. Each role has an associated admin role, and only
* accounts that have a role's admin role can call {grantRole} and {revokeRole}.
*
* By default, the admin role for all roles is `DEFAULT_ADMIN_ROLE`, which means
* that only accounts with this role will be able to grant or revoke other
* roles. More complex role relationships can be created by using
* {_setRoleAdmin}.
*
* WARNING: The `DEFAULT_ADMIN_ROLE` is also its own admin: it has permission to
* grant and revoke this role. Extra precautions should be taken to secure
* accounts that have been granted it. We recommend using {AccessControlDefaultAdminRules}
* to enforce additional security measures for this role.
*/
abstract contract AccessControlUpgradeable is Initializable, ContextUpgradeable, IAccessControlUpgradeable, ERC165Upgradeable {
function __AccessControl_init() internal onlyInitializing {
}
function __AccessControl_init_unchained() internal onlyInitializing {
}
struct RoleData {
mapping(address => bool) members;
bytes32 adminRole;
}
mapping(bytes32 => RoleData) private _roles;
bytes32 public constant DEFAULT_ADMIN_ROLE = 0x00;
/**
* @dev Modifier that checks that an account has a specific role. Reverts
* with a standardized message including the required role.
*
* The format of the revert reason is given by the following regular expression:
*
* /^AccessControl: account (0x[0-9a-f]{40}) is missing role (0x[0-9a-f]{64})$/
*
* _Available since v4.1._
*/
modifier onlyRole(bytes32 role) {
_checkRole(role);
_;
}
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return interfaceId == type(IAccessControlUpgradeable).interfaceId || super.supportsInterface(interfaceId);
}
/**
* @dev Returns `true` if `account` has been granted `role`.
*/
function hasRole(bytes32 role, address account) public view virtual override returns (bool) {
return _roles[role].members[account];
}
/**
* @dev Revert with a standard message if `_msgSender()` is missing `role`.
* Overriding this function changes the behavior of the {onlyRole} modifier.
*
* Format of the revert message is described in {_checkRole}.
*
* _Available since v4.6._
*/
function _checkRole(bytes32 role) internal view virtual {
_checkRole(role, _msgSender());
}
/**
* @dev Revert with a standard message if `account` is missing `role`.
*
* The format of the revert reason is given by the following regular expression:
*
* /^AccessControl: account (0x[0-9a-f]{40}) is missing role (0x[0-9a-f]{64})$/
*/
function _checkRole(bytes32 role, address account) internal view virtual {
if (!hasRole(role, account)) {
revert(
string(
abi.encodePacked(
"AccessControl: account ",
StringsUpgradeable.toHexString(account),
" is missing role ",
StringsUpgradeable.toHexString(uint256(role), 32)
)
)
);
}
}
/**
* @dev Returns the admin role that controls `role`. See {grantRole} and
* {revokeRole}.
*
* To change a role's admin, use {_setRoleAdmin}.
*/
function getRoleAdmin(bytes32 role) public view virtual override returns (bytes32) {
return _roles[role].adminRole;
}
/**
* @dev Grants `role` to `account`.
*
* If `account` had not been already granted `role`, emits a {RoleGranted}
* event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*
* May emit a {RoleGranted} event.
*/
function grantRole(bytes32 role, address account) public virtual override onlyRole(getRoleAdmin(role)) {
_grantRole(role, account);
}
/**
* @dev Revokes `role` from `account`.
*
* If `account` had been granted `role`, emits a {RoleRevoked} event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*
* May emit a {RoleRevoked} event.
*/
function revokeRole(bytes32 role, address account) public virtual override onlyRole(getRoleAdmin(role)) {
_revokeRole(role, account);
}
/**
* @dev Revokes `role` from the calling account.
*
* Roles are often managed via {grantRole} and {revokeRole}: this function's
* purpose is to provide a mechanism for accounts to lose their privileges
* if they are compromised (such as when a trusted device is misplaced).
*
* If the calling account had been revoked `role`, emits a {RoleRevoked}
* event.
*
* Requirements:
*
* - the caller must be `account`.
*
* May emit a {RoleRevoked} event.
*/
function renounceRole(bytes32 role, address account) public virtual override {
require(account == _msgSender(), "AccessControl: can only renounce roles for self");
_revokeRole(role, account);
}
/**
* @dev Grants `role` to `account`.
*
* If `account` had not been already granted `role`, emits a {RoleGranted}
* event. Note that unlike {grantRole}, this function doesn't perform any
* checks on the calling account.
*
* May emit a {RoleGranted} event.
*
* [WARNING]
* ====
* This function should only be called from the constructor when setting
* up the initial roles for the system.
*
* Using this function in any other way is effectively circumventing the admin
* system imposed by {AccessControl}.
* ====
*
* NOTE: This function is deprecated in favor of {_grantRole}.
*/
function _setupRole(bytes32 role, address account) internal virtual {
_grantRole(role, account);
}
/**
* @dev Sets `adminRole` as ``role``'s admin role.
*
* Emits a {RoleAdminChanged} event.
*/
function _setRoleAdmin(bytes32 role, bytes32 adminRole) internal virtual {
bytes32 previousAdminRole = getRoleAdmin(role);
_roles[role].adminRole = adminRole;
emit RoleAdminChanged(role, previousAdminRole, adminRole);
}
/**
* @dev Grants `role` to `account`.
*
* Internal function without access restriction.
*
* May emit a {RoleGranted} event.
*/
function _grantRole(bytes32 role, address account) internal virtual {
if (!hasRole(role, account)) {
_roles[role].members[account] = true;
emit RoleGranted(role, account, _msgSender());
}
}
/**
* @dev Revokes `role` from `account`.
*
* Internal function without access restriction.
*
* May emit a {RoleRevoked} event.
*/
function _revokeRole(bytes32 role, address account) internal virtual {
if (hasRole(role, account)) {
_roles[role].members[account] = false;
emit RoleRevoked(role, account, _msgSender());
}
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[49] private __gap;
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (access/AccessControl.sol)
pragma solidity ^0.8.0;
import "./IAccessControl.sol";
import "../utils/Context.sol";
import "../utils/Strings.sol";
import "../utils/introspection/ERC165.sol";
/**
* @dev Contract module that allows children to implement role-based access
* control mechanisms. This is a lightweight version that doesn't allow enumerating role
* members except through off-chain means by accessing the contract event logs. Some
* applications may benefit from on-chain enumerability, for those cases see
* {AccessControlEnumerable}.
*
* Roles are referred to by their `bytes32` identifier. These should be exposed
* in the external API and be unique. The best way to achieve this is by
* using `public constant` hash digests:
*
* ```solidity
* bytes32 public constant MY_ROLE = keccak256("MY_ROLE");
* ```
*
* Roles can be used to represent a set of permissions. To restrict access to a
* function call, use {hasRole}:
*
* ```solidity
* function foo() public {
* require(hasRole(MY_ROLE, msg.sender));
* ...
* }
* ```
*
* Roles can be granted and revoked dynamically via the {grantRole} and
* {revokeRole} functions. Each role has an associated admin role, and only
* accounts that have a role's admin role can call {grantRole} and {revokeRole}.
*
* By default, the admin role for all roles is `DEFAULT_ADMIN_ROLE`, which means
* that only accounts with this role will be able to grant or revoke other
* roles. More complex role relationships can be created by using
* {_setRoleAdmin}.
*
* WARNING: The `DEFAULT_ADMIN_ROLE` is also its own admin: it has permission to
* grant and revoke this role. Extra precautions should be taken to secure
* accounts that have been granted it. We recommend using {AccessControlDefaultAdminRules}
* to enforce additional security measures for this role.
*/
abstract contract AccessControl is Context, IAccessControl, ERC165 {
struct RoleData {
mapping(address => bool) members;
bytes32 adminRole;
}
mapping(bytes32 => RoleData) private _roles;
bytes32 public constant DEFAULT_ADMIN_ROLE = 0x00;
/**
* @dev Modifier that checks that an account has a specific role. Reverts
* with a standardized message including the required role.
*
* The format of the revert reason is given by the following regular expression:
*
* /^AccessControl: account (0x[0-9a-f]{40}) is missing role (0x[0-9a-f]{64})$/
*
* _Available since v4.1._
*/
modifier onlyRole(bytes32 role) {
_checkRole(role);
_;
}
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return interfaceId == type(IAccessControl).interfaceId || super.supportsInterface(interfaceId);
}
/**
* @dev Returns `true` if `account` has been granted `role`.
*/
function hasRole(bytes32 role, address account) public view virtual override returns (bool) {
return _roles[role].members[account];
}
/**
* @dev Revert with a standard message if `_msgSender()` is missing `role`.
* Overriding this function changes the behavior of the {onlyRole} modifier.
*
* Format of the revert message is described in {_checkRole}.
*
* _Available since v4.6._
*/
function _checkRole(bytes32 role) internal view virtual {
_checkRole(role, _msgSender());
}
/**
* @dev Revert with a standard message if `account` is missing `role`.
*
* The format of the revert reason is given by the following regular expression:
*
* /^AccessControl: account (0x[0-9a-f]{40}) is missing role (0x[0-9a-f]{64})$/
*/
function _checkRole(bytes32 role, address account) internal view virtual {
if (!hasRole(role, account)) {
revert(
string(
abi.encodePacked(
"AccessControl: account ",
Strings.toHexString(account),
" is missing role ",
Strings.toHexString(uint256(role), 32)
)
)
);
}
}
/**
* @dev Returns the admin role that controls `role`. See {grantRole} and
* {revokeRole}.
*
* To change a role's admin, use {_setRoleAdmin}.
*/
function getRoleAdmin(bytes32 role) public view virtual override returns (bytes32) {
return _roles[role].adminRole;
}
/**
* @dev Grants `role` to `account`.
*
* If `account` had not been already granted `role`, emits a {RoleGranted}
* event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*
* May emit a {RoleGranted} event.
*/
function grantRole(bytes32 role, address account) public virtual override onlyRole(getRoleAdmin(role)) {
_grantRole(role, account);
}
/**
* @dev Revokes `role` from `account`.
*
* If `account` had been granted `role`, emits a {RoleRevoked} event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*
* May emit a {RoleRevoked} event.
*/
function revokeRole(bytes32 role, address account) public virtual override onlyRole(getRoleAdmin(role)) {
_revokeRole(role, account);
}
/**
* @dev Revokes `role` from the calling account.
*
* Roles are often managed via {grantRole} and {revokeRole}: this function's
* purpose is to provide a mechanism for accounts to lose their privileges
* if they are compromised (such as when a trusted device is misplaced).
*
* If the calling account had been revoked `role`, emits a {RoleRevoked}
* event.
*
* Requirements:
*
* - the caller must be `account`.
*
* May emit a {RoleRevoked} event.
*/
function renounceRole(bytes32 role, address account) public virtual override {
require(account == _msgSender(), "AccessControl: can only renounce roles for self");
_revokeRole(role, account);
}
/**
* @dev Grants `role` to `account`.
*
* If `account` had not been already granted `role`, emits a {RoleGranted}
* event. Note that unlike {grantRole}, this function doesn't perform any
* checks on the calling account.
*
* May emit a {RoleGranted} event.
*
* [WARNING]
* ====
* This function should only be called from the constructor when setting
* up the initial roles for the system.
*
* Using this function in any other way is effectively circumventing the admin
* system imposed by {AccessControl}.
* ====
*
* NOTE: This function is deprecated in favor of {_grantRole}.
*/
function _setupRole(bytes32 role, address account) internal virtual {
_grantRole(role, account);
}
/**
* @dev Sets `adminRole` as ``role``'s admin role.
*
* Emits a {RoleAdminChanged} event.
*/
function _setRoleAdmin(bytes32 role, bytes32 adminRole) internal virtual {
bytes32 previousAdminRole = getRoleAdmin(role);
_roles[role].adminRole = adminRole;
emit RoleAdminChanged(role, previousAdminRole, adminRole);
}
/**
* @dev Grants `role` to `account`.
*
* Internal function without access restriction.
*
* May emit a {RoleGranted} event.
*/
function _grantRole(bytes32 role, address account) internal virtual {
if (!hasRole(role, account)) {
_roles[role].members[account] = true;
emit RoleGranted(role, account, _msgSender());
}
}
/**
* @dev Revokes `role` from `account`.
*
* Internal function without access restriction.
*
* May emit a {RoleRevoked} event.
*/
function _revokeRole(bytes32 role, address account) internal virtual {
if (hasRole(role, account)) {
_roles[role].members[account] = false;
emit RoleRevoked(role, account, _msgSender());
}
}
}// ┏━━━┓━┏┓━┏┓━━┏━━━┓━━┏━━━┓━━━━┏━━━┓━━━━━━━━━━━━━━━━━━━┏┓━━━━━┏━━━┓━━━━━━━━━┏┓━━━━━━━━━━━━━━┏┓━
// ┃┏━━┛┏┛┗┓┃┃━━┃┏━┓┃━━┃┏━┓┃━━━━┗┓┏┓┃━━━━━━━━━━━━━━━━━━┏┛┗┓━━━━┃┏━┓┃━━━━━━━━┏┛┗┓━━━━━━━━━━━━┏┛┗┓
// ┃┗━━┓┗┓┏┛┃┗━┓┗┛┏┛┃━━┃┃━┃┃━━━━━┃┃┃┃┏━━┓┏━━┓┏━━┓┏━━┓┏┓┗┓┏┛━━━━┃┃━┗┛┏━━┓┏━┓━┗┓┏┛┏━┓┏━━┓━┏━━┓┗┓┏┛
// ┃┏━━┛━┃┃━┃┏┓┃┏━┛┏┛━━┃┃━┃┃━━━━━┃┃┃┃┃┏┓┃┃┏┓┃┃┏┓┃┃━━┫┣┫━┃��━━━━━┃┃━┏┓┃┏┓┃┃┏┓┓━┃┃━┃┏┛┗━┓┃━┃┏━┛━┃┃━
// ┃┗━━┓━┃┗┓┃┃┃┃┃┃┗━┓┏┓┃┗━┛┃━━━━┏┛┗┛┃┃┃━┫┃┗┛┃┃┗┛┃┣━━┃┃┃━┃┗┓━━━━┃┗━┛┃┃┗┛┃┃┃┃┃━┃┗┓┃┃━┃┗┛┗┓┃┗━┓━┃┗┓
// ┗━━━┛━┗━┛┗┛┗┛┗━━━┛┗┛┗━━━┛━━━━┗━━━┛┗━━┛┃┏━┛┗━━┛┗━━┛┗┛━┗━┛━━━━┗━━━┛┗━━┛┗┛┗┛━┗━┛┗┛━┗━━━┛┗━━┛━┗━┛
// ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┃┃━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
// ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┗┛━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
//
// From: https://github.com/ethereum/consensus-specs/blob/dev/solidity_deposit_contract/deposit_contract.sol
// SPDX-License-Identifier: CC0-1.0
pragma solidity ^0.8.20;
// This interface is designed to be compatible with the Vyper version.
/// @notice This is the Ethereum 2.0 deposit contract interface.
/// For more information see the Phase 0 specification under https://github.com/ethereum/eth2.0-specs
interface IDepositContract {
/// @notice A processed deposit event.
event DepositEvent(bytes pubkey, bytes withdrawal_credentials, bytes amount, bytes signature, bytes index);
/// @notice Submit a Phase 0 DepositData object.
/// @param pubkey A BLS12-381 public key.
/// @param withdrawal_credentials Commitment to a public key for withdrawals.
/// @param signature A BLS12-381 signature.
/// @param deposit_data_root The SHA-256 hash of the SSZ-encoded DepositData object.
/// Used as a protection against malformed input.
function deposit(
bytes calldata pubkey,
bytes calldata withdrawal_credentials,
bytes calldata signature,
bytes32 deposit_data_root
) external payable;
/// @notice Query the current deposit root hash.
/// @return The deposit root hash.
function get_deposit_root() external view returns (bytes32);
/// @notice Query the current deposit count.
/// @return The deposit count encoded as a little endian 64-bit number.
function get_deposit_count() external view returns (bytes memory);
}
// Based on official specification in https://eips.ethereum.org/EIPS/eip-165
interface ERC165 {
/// @notice Query if a contract implements an interface
/// @param interfaceId The interface identifier, as specified in ERC-165
/// @dev Interface identification is specified in ERC-165. This function
/// uses less than 30,000 gas.
/// @return `true` if the contract implements `interfaceId` and
/// `interfaceId` is not 0xffffffff, `false` otherwise
function supportsInterface(bytes4 interfaceId) external pure returns (bool);
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;
import {Initializable} from "openzeppelin-upgradeable/proxy/utils/Initializable.sol";
import {AccessControlEnumerableUpgradeable} from
"openzeppelin-upgradeable/access/AccessControlEnumerableUpgradeable.sol";
import {AccessControlEnumerable} from "openzeppelin/access/AccessControlEnumerable.sol";
import {IPauser, IPauserWrite, IPauserRead} from "./interfaces/IPauser.sol";
import {IOracle} from "./interfaces/IOracle.sol";
interface PauserEvents {
/// @notice Emitted when a flag has been updated.
/// @param selector The selector of the flag that was updated.
/// @param isPaused The new value of the flag.
/// @param flagName The name of the flag that was updated.
event FlagUpdated(bytes4 indexed selector, bool indexed isPaused, string flagName);
}
/// @title Pauser
/// @notice Keeps the state of all actions that can be paused in case of exceptional circumstances. Pause state
/// is stored as boolean properties on the contract. This design was intentionally chosen to ensure there are explicit
/// compiler checks for the names and states of the different actions.
contract Pauser is Initializable, AccessControlEnumerableUpgradeable, IPauser, PauserEvents {
// Errors.
error PauserRoleOrOracleRequired(address sender);
/// @notice Pauser role can pause flags in the contract.
bytes32 public constant PAUSER_ROLE = keccak256("PAUSER_ROLE");
/// @notice Unpauser role can unpause flags in the contract.
bytes32 public constant UNPAUSER_ROLE = keccak256("UNPAUSER_ROLE");
/// @inheritdoc IPauserRead
bool public isStakingPaused;
/// @inheritdoc IPauserRead
bool public isUnstakeRequestsAndClaimsPaused;
/// @inheritdoc IPauserRead
bool public isInitiateValidatorsPaused;
/// @inheritdoc IPauserRead
bool public isSubmitOracleRecordsPaused;
/// @inheritdoc IPauserRead
bool public isAllocateETHPaused;
/// @notice Oracle contract which has permissions to pause the protocol.
IOracle public oracle;
/// @notice Configuration for contract initialization.
struct Init {
address admin;
address pauser;
address unpauser;
IOracle oracle;
}
constructor() {
_disableInitializers();
}
/// @notice Inititalizes the contract.
/// @dev MUST be called during the contract upgrade to set up the proxies state.
function initialize(Init memory init) external initializer {
__AccessControlEnumerable_init();
_grantRole(DEFAULT_ADMIN_ROLE, init.admin);
_grantRole(PAUSER_ROLE, init.pauser);
_grantRole(UNPAUSER_ROLE, init.unpauser);
oracle = init.oracle;
}
/// @notice Pauses or unpauses staking.
/// @dev If pausing, checks if the caller has the pauser role. If unpausing,
/// checks if the caller has the unpauser role.
function setIsStakingPaused(bool isPaused) external onlyPauserUnpauserRole(isPaused) {
_setIsStakingPaused(isPaused);
}
/// @notice Pauses or unpauses unstake requests.
/// @dev If pausing, checks if the caller has the pauser role. If unpausing,
/// checks if the caller has the unpauser role.
function setIsUnstakeRequestsAndClaimsPaused(bool isPaused) external onlyPauserUnpauserRole(isPaused) {
_setIsUnstakeRequestsAndClaimsPaused(isPaused);
}
/// @notice Pauses or unpauses initiate validators.
/// @dev If pausing, checks if the caller has the pauser role. If unpausing,
/// checks if the caller has the unpauser role.
function setIsInitiateValidatorsPaused(bool isPaused) external onlyPauserUnpauserRole(isPaused) {
_setIsInitiateValidatorsPaused(isPaused);
}
/// @notice Pauses or unpauses submit oracle records.
/// @dev If pausing, checks if the caller has the pauser role. If unpausing,
/// checks if the caller has the unpauser role.
function setIsSubmitOracleRecordsPaused(bool isPaused) external onlyPauserUnpauserRole(isPaused) {
_setIsSubmitOracleRecordsPaused(isPaused);
}
/// @notice Pauses or unpauses allocate ETH.
/// @dev If pausing, checks if the caller has the pauser role. If unpausing,
/// checks if the caller has the unpauser role.
function setIsAllocateETHPaused(bool isPaused) external onlyPauserUnpauserRole(isPaused) {
_setIsAllocateETHPaused(isPaused);
}
/// @inheritdoc IPauserWrite
/// @dev Can be called by the oracle or any account with the pauser role.
function pauseAll() external {
_verifyPauserOrOracle();
_setIsStakingPaused(true);
_setIsUnstakeRequestsAndClaimsPaused(true);
_setIsInitiateValidatorsPaused(true);
_setIsSubmitOracleRecordsPaused(true);
_setIsAllocateETHPaused(true);
}
/// @notice Unpauses all actions.
function unpauseAll() external onlyRole(UNPAUSER_ROLE) {
_setIsStakingPaused(false);
_setIsUnstakeRequestsAndClaimsPaused(false);
_setIsInitiateValidatorsPaused(false);
_setIsSubmitOracleRecordsPaused(false);
_setIsAllocateETHPaused(false);
}
function _verifyPauserOrOracle() internal view {
if (hasRole(PAUSER_ROLE, msg.sender) || msg.sender == address(oracle)) {
return;
}
revert PauserRoleOrOracleRequired(msg.sender);
}
// Internal setter functions.
function _setIsStakingPaused(bool isPaused) internal {
isStakingPaused = isPaused;
emit FlagUpdated(this.isStakingPaused.selector, isPaused, "isStakingPaused");
}
function _setIsUnstakeRequestsAndClaimsPaused(bool isPaused) internal {
isUnstakeRequestsAndClaimsPaused = isPaused;
emit FlagUpdated(this.isUnstakeRequestsAndClaimsPaused.selector, isPaused, "isUnstakeRequestsAndClaimsPaused");
}
function _setIsInitiateValidatorsPaused(bool isPaused) internal {
isInitiateValidatorsPaused = isPaused;
emit FlagUpdated(this.isInitiateValidatorsPaused.selector, isPaused, "isInitiateValidatorsPaused");
}
function _setIsSubmitOracleRecordsPaused(bool isPaused) internal {
isSubmitOracleRecordsPaused = isPaused;
emit FlagUpdated(this.isSubmitOracleRecordsPaused.selector, isPaused, "isSubmitOracleRecordsPaused");
}
function _setIsAllocateETHPaused(bool isPaused) internal {
isAllocateETHPaused = isPaused;
emit FlagUpdated(this.isAllocateETHPaused.selector, isPaused, "isAllocateETHPaused");
}
modifier onlyPauserUnpauserRole(bool isPaused) {
if (isPaused) {
_checkRole(PAUSER_ROLE);
} else {
_checkRole(UNPAUSER_ROLE);
}
_;
}
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;
import {Initializable} from "openzeppelin-upgradeable/proxy/utils/Initializable.sol";
import {AccessControlEnumerableUpgradeable} from
"openzeppelin-upgradeable/access/AccessControlEnumerableUpgradeable.sol";
import {Math} from "openzeppelin/utils/math/Math.sol";
import {ProtocolEvents} from "./interfaces/ProtocolEvents.sol";
import {
IOracle,
IOracleReadRecord,
IOracleReadPending,
IOracleWrite,
IOracleManager,
OracleRecord
} from "./interfaces/IOracle.sol";
import {IStakingInitiationRead} from "./interfaces/IStaking.sol";
import {IReturnsAggregatorWrite} from "./interfaces/IReturnsAggregator.sol";
import {IPauser} from "./interfaces/IPauser.sol";
/// @notice Events emitted by the oracle contract.
interface OracleEvents {
/// @notice Emitted when a new oracle record was added to the list of oracle records. A pending record will only
/// emit this event if it was accepted by the admin.
/// @param index The index of the new record.
/// @param record The new record that was added to the list.
event OracleRecordAdded(uint256 indexed index, OracleRecord record);
/// @notice Emitted when a record has been modified.
/// @param index The index of the record that was modified.
/// @param record The newly modified record.
event OracleRecordModified(uint256 indexed index, OracleRecord record);
/// @notice Emitted when a pending update has been rejected.
/// @param pendingUpdate The rejected pending update.
event OraclePendingUpdateRejected(OracleRecord pendingUpdate);
/// @notice Emitted when the oracle's record did not pass a sanity check.
/// @param reasonHash The hash of the reason for the record rejection.
/// @param reason The reason for the record rejection.
/// @param record The record that was rejected.
/// @param value The value that violated a bound.
/// @param bound The bound of the rejected update.
event OracleRecordFailedSanityCheck(
bytes32 indexed reasonHash, string reason, OracleRecord record, uint256 value, uint256 bound
);
}
/// @title Oracle
/// @notice The oracle contract stores records which are snapshots of consensus layer state over discrete periods of
/// time. These records provide consensus layer data to the protocol's onchain contracts for their accounting logic.
contract Oracle is Initializable, AccessControlEnumerableUpgradeable, IOracle, OracleEvents, ProtocolEvents {
// Errors.
error CannotUpdateWhileUpdatePending();
error CannotModifyInitialRecord();
error InvalidConfiguration();
error InvalidRecordModification();
error InvalidUpdateStartBlock(uint256 wantUpdateStartBlock, uint256 gotUpdateStartBlock);
error InvalidUpdateEndBeforeStartBlock(uint256 end, uint256 start);
error InvalidUpdateMoreDepositsProcessedThanSent(uint256 processed, uint256 sent);
error InvalidUpdateMoreValidatorsThanInitiated(uint256 numValidatorsOnRecord, uint256 numInitiatedValidators);
error NoUpdatePending();
error Paused();
error RecordDoesNotExist(uint256 idx);
error UnauthorizedOracleUpdater(address sender, address oracleUpdater);
error UpdateEndBlockNumberNotFinal(uint256 updateFinalizingBlock);
error ZeroAddress();
/// @notice Role allowed to modify the settable properties on the contract.
bytes32 public constant ORACLE_MANAGER_ROLE = keccak256("ORACLE_MANAGER_ROLE");
/// @notice Role allowed to modify an existing oracle record.
bytes32 public constant ORACLE_MODIFIER_ROLE = keccak256("ORACLE_MODIFIER_ROLE");
/// @notice Role allowed to resolve or replace pending oracle updates which have failed the sanity check.
bytes32 public constant ORACLE_PENDING_UPDATE_RESOLVER_ROLE = keccak256("ORACLE_PENDING_UPDATE_RESOLVER_ROLE");
/// @notice Finalization block number delta upper bound for the setter.
uint256 internal constant _FINALIZATION_BLOCK_NUMBER_DELTA_UPPER_BOUND = 2048;
/// @notice Stores the oracle records.
/// @dev Must not be pushed directly to, use `_pushRecord` instead.
OracleRecord[] internal _records;
/// @inheritdoc IOracleReadPending
bool public hasPendingUpdate;
/// @notice The pending oracle update, if it was rejected by `_sanityCheckUpdate`.
/// @dev Undefined if `hasPendingUpdate` is false.
OracleRecord internal _pendingUpdate;
// @notice The number of blocks which must have passed before we accept an oracle update to ensure that the analysed
// period is finalised.
// NOTE: We cannot make guarantees about the consensus layer's state, but it is expected that
// finalisation takes 2 epochs.
uint256 public finalizationBlockNumberDelta;
/// @notice The address allowed to push oracle updates.
address public oracleUpdater;
/// @notice The pauser contract.
/// @dev Keeps the pause state across the protocol.
IPauser public pauser;
/// @notice The staking contract.
/// @dev Quantities tracked by the staking contract during validator initiation are used to sanity check oracle
/// updates.
IStakingInitiationRead public staking;
/// @notice The aggregator contract.
/// @dev Called when pushing an oracle record to process.
IReturnsAggregatorWrite public aggregator;
//
// Sanity check parameters
//
/// @notice The minimum deposit per new validator (on average).
/// @dev This is used to put constraints on the reported processed deposits. Even thought this will foreseeably be
/// 32 ETH, we keep it as a configurable parameter to allow for future changes.
uint256 public minDepositPerValidator;
/// @notice The maximum deposit per new validator (on average).
/// @dev This is used to put constraints on the reported processed deposits. Even thought this will foreseeably be
/// 32 ETH, we keep it as a configurable parameter to allow for future changes.
uint256 public maxDepositPerValidator;
/// @notice The minimum consensus layer gain per block (in part-per-trillion, i.e. in units of 1e-12).
/// @dev This is used to put constraints on the reported change of the total consensus layer balance.
uint40 public minConsensusLayerGainPerBlockPPT;
/// @notice The maximum consensus layer gain per block (in part-per-trillion, i.e. in units of 1e-12).
/// @dev This is used to put constraints on the reported change of the total consensus layer balance.
uint40 public maxConsensusLayerGainPerBlockPPT;
/// @notice The maximum consensus layer loss (in part-per-million, i.e. in units of 1e-6).
/// This value doesn't scale with time and represents a total loss over a given period, remaining independent of the
/// blocks. It encapsulates scenarios such as a single substantial slashing event or concurrent off-chain oracle
/// service downtime with validators incurring attestation penalties.
/// @dev This is used to put constraints on the reported change of the total consensus layer balance.
uint24 public maxConsensusLayerLossPPM;
/// @notice The minimum report size to allow for any report.
/// @dev This value helps defend against the extreme bounds of checks in the case of malicious oracles.
uint16 public minReportSizeBlocks;
/// @notice The denominator of a parts-per-million (PPM) fraction.
uint24 internal constant _PPM_DENOMINATOR = 1e6;
/// @notice The denominator of a parts-per-trillion (PPT) fraction.
uint40 internal constant _PPT_DENOMINATOR = 1e12;
/// @notice Configuration for contract initialization.
struct Init {
address admin;
address manager;
address oracleUpdater;
address pendingResolver;
IReturnsAggregatorWrite aggregator;
IPauser pauser;
IStakingInitiationRead staking;
}
constructor() {
_disableInitializers();
}
/// @notice Inititalizes the contract.
/// @dev MUST be called during the contract upgrade to set up the proxies state.
function initialize(Init memory init) external initializer {
__AccessControlEnumerable_init();
// We intentionally do not assign an address to the ORACLE_MODIFIER_ROLE. This is to prevent
// unintentional oracle modifications outside of exceptional circumstances.
_grantRole(DEFAULT_ADMIN_ROLE, init.admin);
_grantRole(ORACLE_MANAGER_ROLE, init.manager);
_grantRole(ORACLE_PENDING_UPDATE_RESOLVER_ROLE, init.pendingResolver);
aggregator = init.aggregator;
oracleUpdater = init.oracleUpdater;
pauser = init.pauser;
staking = init.staking;
// Assumes 2 epochs (in blocks).
finalizationBlockNumberDelta = 64;
minReportSizeBlocks = 100;
minDepositPerValidator = 32 ether;
maxDepositPerValidator = 32 ether;
// 7200 slots per day * 365 days per year = 2628000 slots per year
// assuming 5% yield per year
// 5% / 2628000 = 1.9025e-8
// 1.9025e-8 per slot = 19025 PPT
maxConsensusLayerGainPerBlockPPT = 190250; // 10x approximate rate
minConsensusLayerGainPerBlockPPT = 1903; // 0.1x approximate rate
// We chose a lower bound of a 0.1% loss for the protocol based on several factors:
//
// - Sanity check should not fail for normal operations where we define normal operations as attestation
// penalties due to offline validators. Supposing all our validators go offline, the protocol is expected
// to have a 0.03% missed attestation penalty on mainnet for all validators' balance for a single day.
// - For a major slashing event, (i.e. 1 ETH slashed for half of our validators), we should expect a drop of
// 1.56% of the entire protocol. This *must* trigger the consensus layer loss lower bound.
maxConsensusLayerLossPPM = 1000;
// Initializing the oracle with a zero record, so that all contract functions (e.g. `latestRecord`) work as
// expected. We set updateEndBlock to be the block at which the staking contract was initialized, so that the
// first time an Oracle computes a report, it doesn't bother looking at blocks earlier than when the protocol
// was deployed. That would be a waste, as our system would not have been running then.
_pushRecord(OracleRecord(0, uint64(staking.initializationBlockNumber()), 0, 0, 0, 0, 0, 0));
}
/// @inheritdoc IOracleWrite
/// @dev Reverts if the update is invalid. If the update is valid but does not pass the `_sanityCheckUpdate`, the
/// update is marked as pending and must be approved or replaced by the `ORACLE_PENDING_UPDATE_RESOLVER_ROLE`. If
/// the update fails the sanity check, it will also pause the protocol.
/// @param newRecord The oracle record to update to.
function receiveRecord(OracleRecord calldata newRecord) external {
if (pauser.isSubmitOracleRecordsPaused()) {
revert Paused();
}
if (msg.sender != oracleUpdater) {
revert UnauthorizedOracleUpdater(msg.sender, oracleUpdater);
}
if (hasPendingUpdate) {
revert CannotUpdateWhileUpdatePending();
}
validateUpdate(_records.length - 1, newRecord);
uint256 updateFinalizingBlock = newRecord.updateEndBlock + finalizationBlockNumberDelta;
if (block.number < updateFinalizingBlock) {
revert UpdateEndBlockNumberNotFinal(updateFinalizingBlock);
}
(string memory rejectionReason, uint256 value, uint256 bound) = sanityCheckUpdate(latestRecord(), newRecord);
if (bytes(rejectionReason).length > 0) {
_pendingUpdate = newRecord;
hasPendingUpdate = true;
emit OracleRecordFailedSanityCheck({
reasonHash: keccak256(bytes(rejectionReason)),
reason: rejectionReason,
record: newRecord,
value: value,
bound: bound
});
// Failing the sanity check will pause the protocol providing the admins time to accept or reject the
// pending update.
pauser.pauseAll();
return;
}
_pushRecord(newRecord);
}
/// @notice Modifies an existing record's balances due to errors or malicious behavior. Modifiying the latest
/// oracle record will have an effect on the total controlled supply, thereby altering the exchange rate.
/// Note that users who have already requested to unstake, and are in the queue, will not be affected by the new
/// exchange rate.
/// @dev This function should only be called in an emergency situation where the oracle has posted an invalid
/// record, either due to a calculations issue (or in the unlikely event of a compromise). If the new record
/// reports higher returns in the window, then we need to reprocess the difference. If the new record reports
/// lower returns in the window, then we need to top up the difference in the consensusLayerReceiver wallet. Without
/// adding the missing funds in the consensusLayerReceiver wallet this function will revert in the future.
/// @param idx The index of the oracle record to modify.
/// @param record The new oracle record that will modify the existing one.
function modifyExistingRecord(uint256 idx, OracleRecord calldata record) external onlyRole(ORACLE_MODIFIER_ROLE) {
if (idx == 0) {
revert CannotModifyInitialRecord();
}
if (idx >= _records.length) {
revert RecordDoesNotExist(idx);
}
OracleRecord storage existingRecord = _records[idx];
// Cannot modify the bounds of the record to prevent gaps in the
// records.
if (
existingRecord.updateStartBlock != record.updateStartBlock
|| existingRecord.updateEndBlock != record.updateEndBlock
) {
revert InvalidRecordModification();
}
validateUpdate(idx - 1, record);
// If the new record has a higher windowWithdrawnRewardAmount or windowWithdrawnPrincipalAmount, we need to
// process the difference. If this is the case, then when we processed the event, we didn't take enough from
// the consensus layer returns wallet.
uint256 missingRewards = 0;
uint256 missingPrincipals = 0;
if (record.windowWithdrawnRewardAmount > existingRecord.windowWithdrawnRewardAmount) {
missingRewards = record.windowWithdrawnRewardAmount - existingRecord.windowWithdrawnRewardAmount;
}
if (record.windowWithdrawnPrincipalAmount > existingRecord.windowWithdrawnPrincipalAmount) {
missingPrincipals = record.windowWithdrawnPrincipalAmount - existingRecord.windowWithdrawnPrincipalAmount;
}
_records[idx] = record;
emit OracleRecordModified(idx, record);
// Move external call to the end to avoid any reentrancy issues.
if (missingRewards > 0 || missingPrincipals > 0) {
aggregator.processReturns({
rewardAmount: missingRewards,
principalAmount: missingPrincipals,
shouldIncludeELRewards: false
});
}
}
/// @notice Check that the new oracle record is technically valid by comparing it to the previous
/// record.
/// @dev Reverts if the oracle record fails to pass validation. This is much stricter compared to the sanityCheck
/// as the validation logic ensures that our oracle invariants are kept intact.
/// @param prevRecordIndex The index of the previous record.
/// @param newRecord The oracle record to validate.
function validateUpdate(uint256 prevRecordIndex, OracleRecord calldata newRecord) public view {
OracleRecord storage prevRecord = _records[prevRecordIndex];
if (newRecord.updateEndBlock <= newRecord.updateStartBlock) {
revert InvalidUpdateEndBeforeStartBlock(newRecord.updateEndBlock, newRecord.updateStartBlock);
}
// Ensure that oracle records are aligned i.e. making sure that the new record window picks up where the
// previous one left off.
if (newRecord.updateStartBlock != prevRecord.updateEndBlock + 1) {
revert InvalidUpdateStartBlock(prevRecord.updateEndBlock + 1, newRecord.updateStartBlock);
}
// Ensure that the offchain oracle has only tracked deposits from the protocol. The processed deposits on the
// consensus layer can be at most the amount of ether the protocol has deposited into the deposit contract.
if (newRecord.cumulativeProcessedDepositAmount > staking.totalDepositedInValidators()) {
revert InvalidUpdateMoreDepositsProcessedThanSent(
newRecord.cumulativeProcessedDepositAmount, staking.totalDepositedInValidators()
);
}
if (
uint256(newRecord.currentNumValidatorsNotWithdrawable)
+ uint256(newRecord.cumulativeNumValidatorsWithdrawable) > staking.numInitiatedValidators()
) {
revert InvalidUpdateMoreValidatorsThanInitiated(
newRecord.currentNumValidatorsNotWithdrawable + newRecord.cumulativeNumValidatorsWithdrawable,
staking.numInitiatedValidators()
);
}
}
/// @notice Sanity checks an incoming oracle update. If it fails, the update is rejected and marked as pending to be
/// approved or replaced by the `ORACLE_PENDING_UPDATE_RESOLVER_ROLE`.
/// @dev If the record fails the sanity check, the function does not revert as we want to store the offending oracle
/// record in a pending state.
/// @param newRecord The incoming record to check.
/// @return A tuple containing the reason for the rejection, the value that failed the check and the bound that it
/// violated. The reason is the empty string if the update is valid.
function sanityCheckUpdate(OracleRecord memory prevRecord, OracleRecord calldata newRecord)
public
view
returns (string memory, uint256, uint256)
{
uint64 reportSize = newRecord.updateEndBlock - newRecord.updateStartBlock + 1;
{
//
// Report size
//
// We implement this as a sanity check rather than a validation because the report is technically valid
// and there may be a feasible reason to accept small report at some point.
if (reportSize < minReportSizeBlocks) {
return ("Report blocks below minimum bound", reportSize, minReportSizeBlocks);
}
}
{
//
// Number of validators
//
// Checks that the total number of validators and the number of validators that are in the withdrawable state
// did not decrease in the new oracle period.
if (newRecord.cumulativeNumValidatorsWithdrawable < prevRecord.cumulativeNumValidatorsWithdrawable) {
return (
"Cumulative number of withdrawable validators decreased",
newRecord.cumulativeNumValidatorsWithdrawable,
prevRecord.cumulativeNumValidatorsWithdrawable
);
}
{
uint256 prevNumValidators =
prevRecord.currentNumValidatorsNotWithdrawable + prevRecord.cumulativeNumValidatorsWithdrawable;
uint256 newNumValidators =
newRecord.currentNumValidatorsNotWithdrawable + newRecord.cumulativeNumValidatorsWithdrawable;
if (newNumValidators < prevNumValidators) {
return ("Total number of validators decreased", newNumValidators, prevNumValidators);
}
}
}
{
//
// Deposits
//
// Checks that the total amount of deposits processed by the oracle did not decrease in the new oracle
// period. It also checks that the amount of newly deposited ETH is possible given how many validators
// we have included in the new period.
if (newRecord.cumulativeProcessedDepositAmount < prevRecord.cumulativeProcessedDepositAmount) {
return (
"Processed deposit amount decreased",
newRecord.cumulativeProcessedDepositAmount,
prevRecord.cumulativeProcessedDepositAmount
);
}
uint256 newDeposits =
(newRecord.cumulativeProcessedDepositAmount - prevRecord.cumulativeProcessedDepositAmount);
uint256 newValidators = (
newRecord.currentNumValidatorsNotWithdrawable + newRecord.cumulativeNumValidatorsWithdrawable
- prevRecord.currentNumValidatorsNotWithdrawable - prevRecord.cumulativeNumValidatorsWithdrawable
);
if (newDeposits < newValidators * minDepositPerValidator) {
return (
"New deposits below min deposit per validator", newDeposits, newValidators * minDepositPerValidator
);
}
if (newDeposits > newValidators * maxDepositPerValidator) {
return (
"New deposits above max deposit per validator", newDeposits, newValidators * maxDepositPerValidator
);
}
}
{
//
// Consensus layer balance change from the previous period.
//
// Checks that the change in the consensus layer balance is within the bounds given by the maximum loss and
// minimum gain parameters. For example, a major slashing event will cause an out of bounds loss in the
// consensus layer.
// The baselineGrossCLBalance represents the expected growth of our validators balance in the new period
// given no slashings, no rewards, etc. It's used as the baseline in our upper (growth) and lower (loss)
// bounds calculations.
uint256 baselineGrossCLBalance = prevRecord.currentTotalValidatorBalance
+ (newRecord.cumulativeProcessedDepositAmount - prevRecord.cumulativeProcessedDepositAmount);
// The newGrossCLBalance is the actual amount of ETH we have recorded in the consensus layer for the new
// record period.
uint256 newGrossCLBalance = newRecord.currentTotalValidatorBalance
+ newRecord.windowWithdrawnPrincipalAmount + newRecord.windowWithdrawnRewardAmount;
{
// Relative lower bound on the net decrease of ETH on the consensus layer.
// Depending on the parameters the loss term might completely dominate over the minGain one.
//
// Using a minConsensusLayerGainPerBlockPPT greater than 0, the lower bound becomes an upward slope.
// Setting minConsensusLayerGainPerBlockPPT, the lower bound becomes a constant.
uint256 lowerBound = baselineGrossCLBalance
- Math.mulDiv(maxConsensusLayerLossPPM, baselineGrossCLBalance, _PPM_DENOMINATOR)
+ Math.mulDiv(minConsensusLayerGainPerBlockPPT * reportSize, baselineGrossCLBalance, _PPT_DENOMINATOR);
if (newGrossCLBalance < lowerBound) {
return ("Consensus layer change below min gain or max loss", newGrossCLBalance, lowerBound);
}
}
{
// Upper bound on the rewards generated by validators scaled linearly with time and number of active
// validators.
uint256 upperBound = baselineGrossCLBalance
+ Math.mulDiv(maxConsensusLayerGainPerBlockPPT * reportSize, baselineGrossCLBalance, _PPT_DENOMINATOR);
if (newGrossCLBalance > upperBound) {
return ("Consensus layer change above max gain", newGrossCLBalance, upperBound);
}
}
}
return ("", 0, 0);
}
/// @dev Pushes a record to the list of records, emits an oracle added event, and processes the
/// oracle record in the aggregator.
/// @param record The record to push.
function _pushRecord(OracleRecord memory record) internal {
emit OracleRecordAdded(_records.length, record);
_records.push(record);
aggregator.processReturns({
rewardAmount: record.windowWithdrawnRewardAmount,
principalAmount: record.windowWithdrawnPrincipalAmount,
shouldIncludeELRewards: true
});
}
/// @notice Accepts the current pending update and adds it to the list of oracle records.
/// @dev Accepting the current pending update resets the update pending state.
function acceptPendingUpdate() external onlyRole(ORACLE_PENDING_UPDATE_RESOLVER_ROLE) {
if (!hasPendingUpdate) {
revert NoUpdatePending();
}
_pushRecord(_pendingUpdate);
_resetPending();
}
/// @notice Rejects the current pending update.
/// @dev Rejecting the current pending update resets the pending state.
function rejectPendingUpdate() external onlyRole(ORACLE_PENDING_UPDATE_RESOLVER_ROLE) {
if (!hasPendingUpdate) {
revert NoUpdatePending();
}
emit OraclePendingUpdateRejected(_pendingUpdate);
_resetPending();
}
/// @inheritdoc IOracleReadRecord
function latestRecord() public view returns (OracleRecord memory) {
return _records[_records.length - 1];
}
/// @inheritdoc IOracleReadPending
function pendingUpdate() external view returns (OracleRecord memory) {
if (!hasPendingUpdate) {
revert NoUpdatePending();
}
return _pendingUpdate;
}
/// @inheritdoc IOracleReadRecord
function recordAt(uint256 idx) external view returns (OracleRecord memory) {
return _records[idx];
}
/// @inheritdoc IOracleReadRecord
function numRecords() external view returns (uint256) {
return _records.length;
}
/// @dev Resets the pending update by removing the update from storage and resetting the hasPendingUpdate flag.
function _resetPending() internal {
delete _pendingUpdate;
hasPendingUpdate = false;
}
/// @notice Sets the finalization block number delta in the contract.
/// See also {finalizationBlockNumberDelta}.
/// @param finalizationBlockNumberDelta_ The new finalization block number delta.
function setFinalizationBlockNumberDelta(uint256 finalizationBlockNumberDelta_)
external
onlyRole(ORACLE_MANAGER_ROLE)
{
if (
finalizationBlockNumberDelta_ == 0
|| finalizationBlockNumberDelta_ > _FINALIZATION_BLOCK_NUMBER_DELTA_UPPER_BOUND
) {
revert InvalidConfiguration();
}
finalizationBlockNumberDelta = finalizationBlockNumberDelta_;
emit ProtocolConfigChanged(
this.setFinalizationBlockNumberDelta.selector,
"setFinalizationBlockNumberDelta(uint256)",
abi.encode(finalizationBlockNumberDelta_)
);
}
/// @inheritdoc IOracleManager
/// @dev See also {oracleUpdater}.
function setOracleUpdater(address newUpdater) external onlyRole(ORACLE_MANAGER_ROLE) notZeroAddress(newUpdater) {
oracleUpdater = newUpdater;
emit ProtocolConfigChanged(this.setOracleUpdater.selector, "setOracleUpdater(address)", abi.encode(newUpdater));
}
/// @notice Sets min deposit per validator in the contract.
/// See also {minDepositPerValidator}.
/// @param minDepositPerValidator_ The new min deposit per validator.
function setMinDepositPerValidator(uint256 minDepositPerValidator_) external onlyRole(ORACLE_MANAGER_ROLE) {
minDepositPerValidator = minDepositPerValidator_;
emit ProtocolConfigChanged(
this.setMinDepositPerValidator.selector,
"setMinDepositPerValidator(uint256)",
abi.encode(minDepositPerValidator_)
);
}
/// @notice Sets max deposit per validator in the contract.
/// See also {maxDepositPerValidator}.
/// @param maxDepositPerValidator_ The new max deposit per validator.
function setMaxDepositPerValidator(uint256 maxDepositPerValidator_) external onlyRole(ORACLE_MANAGER_ROLE) {
maxDepositPerValidator = maxDepositPerValidator_;
emit ProtocolConfigChanged(
this.setMaxDepositPerValidator.selector,
"setMaxDepositPerValidator(uint256)",
abi.encode(maxDepositPerValidator)
);
}
/// @notice Sets min consensus layer gain per block in the contract.
/// See also {minConsensusLayerGainPerBlockPPT}.
/// @param minConsensusLayerGainPerBlockPPT_ The new min consensus layer gain per block in parts per trillion.
function setMinConsensusLayerGainPerBlockPPT(uint40 minConsensusLayerGainPerBlockPPT_)
external
onlyRole(ORACLE_MANAGER_ROLE)
onlyFractionLeqOne(minConsensusLayerGainPerBlockPPT_, _PPT_DENOMINATOR)
{
minConsensusLayerGainPerBlockPPT = minConsensusLayerGainPerBlockPPT_;
emit ProtocolConfigChanged(
this.setMinConsensusLayerGainPerBlockPPT.selector,
"setMinConsensusLayerGainPerBlockPPT(uint40)",
abi.encode(minConsensusLayerGainPerBlockPPT_)
);
}
/// @notice Sets max consensus layer gain per block in the contract.
/// See also {maxConsensusLayerGainPerBlockPPT}.
/// @param maxConsensusLayerGainPerBlockPPT_ The new max consensus layer gain per block in parts per million.
function setMaxConsensusLayerGainPerBlockPPT(uint40 maxConsensusLayerGainPerBlockPPT_)
external
onlyRole(ORACLE_MANAGER_ROLE)
onlyFractionLeqOne(maxConsensusLayerGainPerBlockPPT_, _PPT_DENOMINATOR)
{
maxConsensusLayerGainPerBlockPPT = maxConsensusLayerGainPerBlockPPT_;
emit ProtocolConfigChanged(
this.setMaxConsensusLayerGainPerBlockPPT.selector,
"setMaxConsensusLayerGainPerBlockPPT(uint40)",
abi.encode(maxConsensusLayerGainPerBlockPPT_)
);
}
/// @notice Sets max consensus layer loss per block in the contract.
/// See also {maxConsensusLayerLossPPM}.
/// @param maxConsensusLayerLossPPM_ The new max consensus layer loss per block in parts per million.
function setMaxConsensusLayerLossPPM(uint24 maxConsensusLayerLossPPM_)
external
onlyRole(ORACLE_MANAGER_ROLE)
onlyFractionLeqOne(maxConsensusLayerLossPPM_, _PPM_DENOMINATOR)
{
maxConsensusLayerLossPPM = maxConsensusLayerLossPPM_;
emit ProtocolConfigChanged(
this.setMaxConsensusLayerLossPPM.selector,
"setMaxConsensusLayerLossPPM(uint24)",
abi.encode(maxConsensusLayerLossPPM_)
);
}
/// @notice Sets the minimum report size.
/// See also {minReportSizeBlocks}.
/// @param minReportSizeBlocks_ The new minimum report size, in blocks.
function setMinReportSizeBlocks(uint16 minReportSizeBlocks_) external onlyRole(ORACLE_MANAGER_ROLE) {
// Sanity check on upper bound is covered by uint16 which is ~9 days.
minReportSizeBlocks = minReportSizeBlocks_;
emit ProtocolConfigChanged(
this.setMinReportSizeBlocks.selector, "setMinReportSizeBlocks(uint16)", abi.encode(minReportSizeBlocks_)
);
}
/// @notice Ensures that the given fraction is less than or equal to one.
/// @param numerator The numerator of the fraction.
/// @param denominator The denominator of the fraction.
modifier onlyFractionLeqOne(uint256 numerator, uint256 denominator) {
if (numerator > denominator) {
revert InvalidConfiguration();
}
_;
}
/// @notice Ensures that the given address is not the zero address.
/// @param addr The address to check.
modifier notZeroAddress(address addr) {
if (addr == address(0)) {
revert ZeroAddress();
}
_;
}
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;
import {ProtocolEvents} from "./interfaces/ProtocolEvents.sol";
import {Initializable} from "openzeppelin-upgradeable/proxy/utils/Initializable.sol";
import {AccessControlEnumerableUpgradeable} from
"openzeppelin-upgradeable/access/AccessControlEnumerableUpgradeable.sol";
import {OracleRecord, IOracle} from "./interfaces/IOracle.sol";
interface OracleQuorumManagerEvents {
/// @notice Emitted when a record has passed quorum and was submitted to the oracle.
/// @param block The block the record was finalized on.
event ReportQuorumReached(uint64 indexed block);
/// @notice Emitted when a record has been reported by a reporter.
/// @param block The block the record was recorded on.
/// @param reporter The reporter that reported the record.
/// @param recordHash The hash of the record that was reported.
/// @param record The record that was received.
event ReportReceived(
uint64 indexed block, address indexed reporter, bytes32 indexed recordHash, OracleRecord record
);
/// @notice Emitted when the oracle failed to receive a record from the oracle quorum manager.
/// @param reason The reason for the failure, i.e. the caught error.
event OracleRecordReceivedError(bytes reason);
}
/// @title OracleQuorumManager
/// @notice Responsible for managing the quorum of oracle reporters.
contract OracleQuorumManager is
Initializable,
AccessControlEnumerableUpgradeable,
OracleQuorumManagerEvents,
ProtocolEvents
{
error InvalidReporter();
error AlreadyReporter();
error RelativeThresholdExceedsOne();
/// @notice Oracle manager role can update properties in the OracleQuorumManager.
bytes32 public constant QUORUM_MANAGER_ROLE = keccak256("QUORUM_MANAGER_ROLE");
/// @notice Any reporter modifier can change the set of oracle services which can produce a valid
/// oracle report. This means that this is quite a crucial role and should have elevated access
/// requirements.
bytes32 public constant REPORTER_MODIFIER_ROLE = keccak256("REPORTER_MODIFIER_ROLE");
/// @notice The service oracle reporter role is used to identify which oracle services can
/// produce a valid oracle report. Note that granting this role to an address may have consequences
/// for the logic of the contract - e.g. the contract may calculate quorum based on the number of
/// members in this set. So you should not add the role to anything other than an oracle service.
/// @dev To discover all oracle services, you can use `getRoleMemberCount`and
/// getRoleMember(role, N)` (on the same block).
bytes32 public constant SERVICE_ORACLE_REPORTER = keccak256("SERVICE_ORACLE_REPORTER");
/// @dev A basis point (often denoted as bp, 1bp = 0.01%) is a unit of measure used in finance to describe
/// the percentage change in a financial instrument. This is a constant value set as 10000 which represents
/// 100% in basis point terms.
uint16 internal constant _BASIS_POINTS_DENOMINATOR = 10000;
/// @notice Oracle to finalize reports for.
IOracle public oracle;
/// @notice Report hashes by block by reporter.
/// This can be used for a reporter to verify a record computation and update it in case of an error.
mapping(uint64 block => mapping(address reporter => bytes32 recordHash)) public reporterRecordHashesByBlock;
/// @notice The number of times a record hash has been reported for a block.
mapping(uint64 block => mapping(bytes32 recordHash => uint256)) public recordHashCountByBlock;
/// @notice The target number of blocks in a report window.
uint64 public targetReportWindowBlocks;
/// @notice The absolute number of reporters that have to submit the same report for it to be accepted.
uint16 public absoluteThreshold;
/// @notice The relative number of reporters (in basis points) that have to submit the same report for it to be
/// accepted. It is a value between 0 and 10000 basis points (i.e., 0 to 100%). It's used to determine what
/// proportion of the total number of reporters need to agree on a report for it to be accepted.
/// @dev Scaled with `getRoleMemberCount(SERVICE_ORACLE_REPORTER)`.
uint16 public relativeThresholdBasisPoints;
/// @notice Configuration for contract initialization.
struct Init {
address admin;
address reporterModifier;
address manager;
address[] allowedReporters;
IOracle oracle;
}
constructor() {
_disableInitializers();
}
/// @notice Inititalizes the contract.
/// @dev MUST be called during the contract upgrade to set up the proxies state.
function initialize(Init memory init) external initializer {
__AccessControlEnumerable_init();
_grantRole(DEFAULT_ADMIN_ROLE, init.admin);
_grantRole(REPORTER_MODIFIER_ROLE, init.reporterModifier);
_setRoleAdmin(SERVICE_ORACLE_REPORTER, REPORTER_MODIFIER_ROLE);
_grantRole(QUORUM_MANAGER_ROLE, init.manager);
oracle = init.oracle;
uint256 len = init.allowedReporters.length;
for (uint256 i = 0; i < len; i++) {
_grantRole(SERVICE_ORACLE_REPORTER, init.allowedReporters[i]);
}
// Assumes that a block is created every 12 seconds.
// Might be slightly longer than the 8 hours target in practice as slots can be empty.
targetReportWindowBlocks = 8 hours / 12 seconds;
absoluteThreshold = 1;
relativeThresholdBasisPoints = 0;
}
/// @notice Determines if a given record hash has reached quorum for a given block.
/// @dev True if the number of reporters agreeing on the record hash is greater than or equal to the absolute and
/// relative threshold.
/// @param blockNumber The block number.
/// @param recordHash The record hash.
function _hasReachedQuroum(uint64 blockNumber, bytes32 recordHash) internal view returns (bool) {
uint256 numReports = recordHashCountByBlock[blockNumber][recordHash];
uint256 numReporters = getRoleMemberCount(SERVICE_ORACLE_REPORTER);
return (numReports >= absoluteThreshold)
&& (numReports * _BASIS_POINTS_DENOMINATOR >= numReporters * relativeThresholdBasisPoints);
}
/// @notice Determines if a record with given end block number has already been received by the oracle.
/// @dev This includes added and pending records.
/// @param updateEndBlock The end block number.
function _wasReceivedByOracle(uint256 updateEndBlock) internal view returns (bool) {
return oracle.latestRecord().updateEndBlock >= updateEndBlock
|| (oracle.hasPendingUpdate() && oracle.pendingUpdate().updateEndBlock >= updateEndBlock);
}
/// @notice Returns the record hash for a given block and reporter.
/// @param blockNumber The block number.
/// @param sender The reporter.
function recordHashByBlockAndSender(uint64 blockNumber, address sender) external view returns (bytes32) {
return reporterRecordHashesByBlock[blockNumber][sender];
}
/// @notice Tracks received records to determine consensus.
/// @param reporter The address of the off-chain service that submitted the record.
/// @param record The received record.
function _trackReceivedRecord(address reporter, OracleRecord calldata record) internal returns (bytes32) {
bytes32 newHash = keccak256(abi.encode(record));
emit ReportReceived(record.updateEndBlock, reporter, newHash, record);
bytes32 previousHash = reporterRecordHashesByBlock[record.updateEndBlock][reporter];
if (newHash == previousHash) {
return newHash;
}
if (previousHash != 0) {
recordHashCountByBlock[record.updateEndBlock][previousHash] -= 1;
}
// Record the hash of the data for this report.
recordHashCountByBlock[record.updateEndBlock][newHash] += 1;
reporterRecordHashesByBlock[record.updateEndBlock][reporter] = newHash;
return newHash;
}
/// @notice Receives an oracle report.
/// @dev This function should be called by the oracle service.
/// We explicitly allow oracles to 'update' their report for a given block. This allows repairs
/// in the case of inconsistency without requiring a new window to be started.
/// This function deliberately never reverts to log all reports received as events for off-chain performance metrics
/// and to simplify the interaction with the oracle services.
/// @param record The new oracle record update.
function receiveRecord(OracleRecord calldata record) external onlyRole(SERVICE_ORACLE_REPORTER) {
bytes32 recordHash = _trackReceivedRecord(msg.sender, record);
if (!_hasReachedQuroum(record.updateEndBlock, recordHash)) {
return;
}
if (_wasReceivedByOracle(record.updateEndBlock)) {
// This branch will be taken if the reporter submits their report after quorum has already been reached,
// e.g. the 3rd reporter in a 2/3 threshold setting.
return;
}
emit ReportQuorumReached(record.updateEndBlock);
// Deliberately not reverting to simplify the integration in off-chain oracle services, but wrapping any oracle
// errors as events for observability.
try oracle.receiveRecord(record) {}
catch (bytes memory reason) {
emit OracleRecordReceivedError(reason);
}
}
/// @notice Sets the target report window size in the number of blocks.
/// @param newTargetReportWindowBlocks The new target report window size in blocks.
/// NOTE: Setting this lower than the minimum report size as defined by the oracle is technically valid,
/// but will result in a failing sanity check.
function setTargetReportWindowBlocks(uint64 newTargetReportWindowBlocks) external onlyRole(QUORUM_MANAGER_ROLE) {
targetReportWindowBlocks = newTargetReportWindowBlocks;
emit ProtocolConfigChanged(
this.setTargetReportWindowBlocks.selector,
"setTargetReportWindowBlocks(uint64)",
abi.encode(newTargetReportWindowBlocks)
);
}
/// @notice Sets the absolute and relative thresholds (i.e. the number of reporters that have to agree) for a report
/// to be accepted.
/// @param absoluteThreshold_ The new absolute threshold which sets the absoluteThreshold.
/// See also {absoluteThreshold}
/// @param relativeThresholdBasisPoints_ The new relative threshold in basis points which sets the
/// relativeThresholdBasisPoints.
/// See also {relativeThresholdBasisPoints}
function setQuorumThresholds(uint16 absoluteThreshold_, uint16 relativeThresholdBasisPoints_)
external
onlyRole(QUORUM_MANAGER_ROLE)
{
if (relativeThresholdBasisPoints_ > _BASIS_POINTS_DENOMINATOR) {
revert RelativeThresholdExceedsOne();
}
emit ProtocolConfigChanged(
this.setQuorumThresholds.selector,
"setQuorumThresholds(uint16,uint16)",
abi.encode(absoluteThreshold_, relativeThresholdBasisPoints_)
);
absoluteThreshold = absoluteThreshold_;
relativeThresholdBasisPoints = relativeThresholdBasisPoints_;
}
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;
import {Initializable} from "openzeppelin-upgradeable/proxy/utils/Initializable.sol";
import {AccessControlEnumerableUpgradeable} from
"openzeppelin-upgradeable/access/AccessControlEnumerableUpgradeable.sol";
import {Address} from "openzeppelin/utils/Address.sol";
import {IERC20} from "openzeppelin/interfaces/IERC20.sol";
import {SafeERC20} from "openzeppelin/token/ERC20/utils/SafeERC20.sol";
/// @title ReturnsReceiver
/// @notice Receives protocol level returns and manages who can withdraw the returns. Deployed as the
/// consensus layer withdrawal wallet and execution layer rewards wallet in the protocol.
contract ReturnsReceiver is Initializable, AccessControlEnumerableUpgradeable {
/// @notice The manager role is responsible for managing the WITHDRAWER_ROLE.
bytes32 public constant RECEIVER_MANAGER_ROLE = keccak256("RECEIVER_MANAGER_ROLE");
/// @notice The withdrawer role can withdraw ETH and ERC20 tokens from this contract.
bytes32 public constant WITHDRAWER_ROLE = keccak256("WITHDRAWER_ROLE");
/// @notice Configuration for contract initialization.
struct Init {
address admin;
address manager;
address withdrawer;
}
constructor() {
_disableInitializers();
}
/// @notice Inititalizes the contract.
/// @dev MUST be called during the contract upgrade to set up the proxies state.
function initialize(Init memory init) external initializer {
__AccessControlEnumerable_init();
_grantRole(DEFAULT_ADMIN_ROLE, init.admin);
_grantRole(RECEIVER_MANAGER_ROLE, init.manager);
_setRoleAdmin(WITHDRAWER_ROLE, RECEIVER_MANAGER_ROLE);
_grantRole(WITHDRAWER_ROLE, init.withdrawer);
}
/// @notice Transfers the given amount of ETH to an address.
/// @dev Only called by the withdrawer.
function transfer(address payable to, uint256 amount) external onlyRole(WITHDRAWER_ROLE) {
Address.sendValue(to, amount);
}
/// @notice Transfers the given amount of an ERC20 token to an address.
/// @dev Only called by the withdrawer.
function transferERC20(IERC20 token, address to, uint256 amount) external onlyRole(WITHDRAWER_ROLE) {
SafeERC20.safeTransfer(token, to, amount);
}
receive() external payable {}
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;
import {Initializable} from "openzeppelin-upgradeable/proxy/utils/Initializable.sol";
import {AccessControlEnumerableUpgradeable} from
"openzeppelin-upgradeable/access/AccessControlEnumerableUpgradeable.sol";
import {Math} from "openzeppelin/utils/math/Math.sol";
import {IERC20} from "openzeppelin/token/ERC20/IERC20.sol";
import {SafeERC20} from "openzeppelin/token/ERC20/utils/SafeERC20.sol";
import {Address} from "openzeppelin/utils/Address.sol";
import {ProtocolEvents} from "./interfaces/ProtocolEvents.sol";
import {IPauserRead} from "./interfaces/IPauser.sol";
import {IOracleReadRecord, OracleRecord} from "./interfaces/IOracle.sol";
import {IStakingReturnsWrite} from "./interfaces/IStaking.sol";
import {IReturnsAggregatorWrite} from "./interfaces/IReturnsAggregator.sol";
import {ReturnsReceiver} from "./ReturnsReceiver.sol";
interface ReturnsAggregatorEvents {
/// @notice Emitted when the protocol collects fees when processing rewards.
/// @param amount The amount of fees collected.
event FeesCollected(uint256 amount);
}
/// @title ReturnsAggregator
/// @notice Aggregator contract that aggregates returns from wallets the protocol controls, takes fees where applicable,
/// and forwards the net returns to the staking contract.
contract ReturnsAggregator is
Initializable,
AccessControlEnumerableUpgradeable,
ProtocolEvents,
ReturnsAggregatorEvents,
IReturnsAggregatorWrite
{
error InvalidConfiguration();
error NotOracle();
error Paused();
error ZeroAddress();
/// @notice The manager role can set the fees receiver wallet and fees basis points.
bytes32 public constant AGGREGATOR_MANAGER_ROLE = keccak256("AGGREGATOR_MANAGER_ROLE");
/// @dev A basis point (often denoted as bp, 1bp = 0.01%) is a unit of measure used in finance to describe
/// the percentage change in a financial instrument. This is a constant value set as 10000 which represents
/// 100% in basis point terms.
uint16 internal constant _BASIS_POINTS_DENOMINATOR = 10_000;
/// @notice The staking contract to which the aggregated returns are forwarded after subtracting protocol fees.
IStakingReturnsWrite public staking;
/// @notice The oracle contract from which the returns information is read.
IOracleReadRecord public oracle;
/// @notice The contract receiving consensus layer returns, i.e. partial and full withdraws including rewards and
/// principals.
ReturnsReceiver public consensusLayerReceiver;
/// @notice The contract receiving execution layer rewards, i.e. tips and MEV rewards.
ReturnsReceiver public executionLayerReceiver;
/// @notice The pauser contract.
/// @dev Keeps the pause state across the protocol.
IPauserRead public pauser;
/// @notice The address receiving protocol fees.
address payable public feesReceiver;
/// @notice The protocol fees in basis points (1/10000).
uint16 public feesBasisPoints;
/// @notice Configuration for contract initialization.
struct Init {
address admin;
address manager;
IOracleReadRecord oracle;
IPauserRead pauser;
ReturnsReceiver consensusLayerReceiver;
ReturnsReceiver executionLayerReceiver;
IStakingReturnsWrite staking;
address payable feesReceiver;
}
constructor() {
_disableInitializers();
}
/// @notice Inititalizes the contract.
/// @dev MUST be called during the contract upgrade to set up the proxies state.
function initialize(Init memory init) external initializer {
__AccessControlEnumerable_init();
_grantRole(DEFAULT_ADMIN_ROLE, init.admin);
_grantRole(AGGREGATOR_MANAGER_ROLE, init.manager);
oracle = init.oracle;
pauser = init.pauser;
consensusLayerReceiver = init.consensusLayerReceiver;
executionLayerReceiver = init.executionLayerReceiver;
staking = init.staking;
feesReceiver = init.feesReceiver;
// Default fees are 10%
feesBasisPoints = 1_000;
}
/// @inheritdoc IReturnsAggregatorWrite
/// @dev Calculates the amount of funds to be forwarded to the staking contract, takes the fees, and forwards them.
/// Note that we also validate that the funds are forwarded to the staking contract and none are sent to this
/// contract.
function processReturns(uint256 rewardAmount, uint256 principalAmount, bool shouldIncludeELRewards)
external
assertBalanceUnchanged
{
if (msg.sender != address(oracle)) {
revert NotOracle();
}
// Calculate the total amount of returns that will be aggregated.
uint256 clTotal = rewardAmount + principalAmount;
uint256 totalRewards = rewardAmount;
uint256 elRewards = 0;
if (shouldIncludeELRewards) {
elRewards = address(executionLayerReceiver).balance;
totalRewards += elRewards;
}
// Calculate protocol fees.
uint256 fees = Math.mulDiv(feesBasisPoints, totalRewards, _BASIS_POINTS_DENOMINATOR);
// Aggregate returns in this contract
address payable self = payable(address(this));
if (elRewards > 0) {
executionLayerReceiver.transfer(self, elRewards);
}
if (clTotal > 0) {
consensusLayerReceiver.transfer(self, clTotal);
}
// Forward the net returns (if they exist) to the staking contract.
uint256 netReturns = clTotal + elRewards - fees;
if (netReturns > 0) {
staking.receiveReturns{value: netReturns}();
}
// Send protocol fees (if they exist) to the fee receiver wallet.
if (fees > 0) {
emit FeesCollected(fees);
Address.sendValue(feesReceiver, fees);
}
}
/// @notice Sets the fees receiver wallet for the protocol.
/// @param newReceiver The new fees receiver wallet.
function setFeesReceiver(address payable newReceiver)
external
onlyRole(AGGREGATOR_MANAGER_ROLE)
notZeroAddress(newReceiver)
{
feesReceiver = newReceiver;
emit ProtocolConfigChanged(this.setFeesReceiver.selector, "setFeesReceiver(address)", abi.encode(newReceiver));
}
/// @notice Sets the fees basis points.
/// @param newBasisPoints The new fees basis points.
function setFeeBasisPoints(uint16 newBasisPoints) external onlyRole(AGGREGATOR_MANAGER_ROLE) {
if (newBasisPoints > _BASIS_POINTS_DENOMINATOR) {
revert InvalidConfiguration();
}
feesBasisPoints = newBasisPoints;
emit ProtocolConfigChanged(
this.setFeeBasisPoints.selector, "setFeeBasisPoints(uint16)", abi.encode(newBasisPoints)
);
}
receive() external payable {}
/// @notice Ensures that the given address is not the zero address.
/// @param addr The address to check.
modifier notZeroAddress(address addr) {
if (addr == address(0)) {
revert ZeroAddress();
}
_;
}
/// @notice Ensures that the balance of the contract remains unchanged after the function returns.
modifier assertBalanceUnchanged() {
uint256 before = address(this).balance;
_;
assert(address(this).balance == before);
}
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;
import {Initializable} from "openzeppelin-upgradeable/proxy/utils/Initializable.sol";
import {AccessControlEnumerableUpgradeable} from
"openzeppelin-upgradeable/access/AccessControlEnumerableUpgradeable.sol";
import {Address} from "openzeppelin/utils/Address.sol";
import {Math} from "openzeppelin/utils/math/Math.sol";
import {SafeERC20Upgradeable} from "openzeppelin-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol";
import {ProtocolEvents} from "./interfaces/ProtocolEvents.sol";
import {IMETH} from "./interfaces/IMETH.sol";
import {IOracleReadRecord} from "./interfaces/IOracle.sol";
import {
IUnstakeRequestsManager,
IUnstakeRequestsManagerWrite,
IUnstakeRequestsManagerRead,
UnstakeRequest
} from "./interfaces/IUnstakeRequestsManager.sol";
import {IStakingReturnsWrite} from "./interfaces/IStaking.sol";
/// @notice Events emitted by the unstake requests manager.
interface UnstakeRequestsManagerEvents {
/// @notice Created emitted when an unstake request has been created.
/// @param id The id of the unstake request.
/// @param requester The address of the user who requested to unstake.
/// @param mETHLocked The amount of mETH that will be burned when the request is claimed.
/// @param ethRequested The amount of ETH that will be returned to the requester.
/// @param cumulativeETHRequested The cumulative amount of ETH requested at the time of the unstake request.
/// @param blockNumber The block number at the point at which the request was created.
event UnstakeRequestCreated(
uint256 indexed id,
address indexed requester,
uint256 mETHLocked,
uint256 ethRequested,
uint256 cumulativeETHRequested,
uint256 blockNumber
);
/// @notice Claimed emitted when an unstake request has been claimed.
/// @param id The id of the unstake request.
/// @param requester The address of the user who requested to unstake.
/// @param mETHLocked The amount of mETH that will be burned when the request is claimed.
/// @param ethRequested The amount of ETH that will be returned to the requester.
/// @param cumulativeETHRequested The cumulative amount of ETH requested at the time of the unstake request.
/// @param blockNumber The block number at the point at which the request was created.
event UnstakeRequestClaimed(
uint256 indexed id,
address indexed requester,
uint256 mETHLocked,
uint256 ethRequested,
uint256 cumulativeETHRequested,
uint256 blockNumber
);
/// @notice Cancelled emitted when an unstake request has been cancelled by an admin.
/// @param id The id of the unstake request.
/// @param requester The address of the user who requested to unstake.
/// @param mETHLocked The amount of mETH that will be burned when the request is claimed.
/// @param ethRequested The amount of ETH that will be returned to the requester.
/// @param cumulativeETHRequested The cumulative amount of ETH requested at the time of the unstake request.
/// @param blockNumber The block number at the point at which the request was created.
event UnstakeRequestCancelled(
uint256 indexed id,
address indexed requester,
uint256 mETHLocked,
uint256 ethRequested,
uint256 cumulativeETHRequested,
uint256 blockNumber
);
}
/// @title UnstakeRequestsManager
/// @notice Manages unstake requests from the staking contract.
contract UnstakeRequestsManager is
Initializable,
AccessControlEnumerableUpgradeable,
IUnstakeRequestsManager,
UnstakeRequestsManagerEvents,
ProtocolEvents
{
// Errors.
error AlreadyClaimed();
error DoesNotReceiveETH();
error NotEnoughFunds(uint256 cumulativeETHOnRequest, uint256 allocatedETHForClaims);
error NotFinalized();
error NotRequester();
error NotStakingContract();
/// @notice Role allowed to set properties of the contract.
bytes32 public constant MANAGER_ROLE = keccak256("MANAGER_ROLE");
/// @notice Role that is allowed to cancel unfinalized requests if the protocol is in emergency state.
bytes32 public constant REQUEST_CANCELLER_ROLE = keccak256("REQUEST_CANCELLER_ROLE");
/// @notice The staking contract to which the unstake requests manager accepts claims and new unstake requests from.
IStakingReturnsWrite public stakingContract;
/// @notice The oracle contract that the finalization criteria relies on.
IOracleReadRecord public oracle;
/// @notice The total amount of ether sent by the staking contract.
/// @dev This value can be decreased when reclaiming surplus allocatedETHs.
uint256 public allocatedETHForClaims;
/// @notice The total amount of ether claimed by requesters.
uint256 public totalClaimed;
/// @notice A request's block number on creation plus numberOfBlocksToFinalize determines
/// if the request is finalized.
uint256 public numberOfBlocksToFinalize;
/// @notice The mETH token contract.
/// @dev Tokens will be minted / burned during staking / unstaking.
IMETH public mETH;
/// @dev Cache the latest cumulative ETH requested value instead of checking latest element in the array.
/// This prevents encountering an invalid value if someone claims the request which resets it.
uint128 public latestCumulativeETHRequested;
/// @dev The internal queue of unstake requests.
UnstakeRequest[] internal _unstakeRequests;
/// @notice Configuration for contract initialization.
struct Init {
address admin;
address manager;
address requestCanceller;
IMETH mETH;
IStakingReturnsWrite stakingContract;
IOracleReadRecord oracle;
uint256 numberOfBlocksToFinalize;
}
constructor() {
_disableInitializers();
}
/// @notice Inititalizes the contract.
/// @dev MUST be called during the contract upgrade to set up the proxies state.
function initialize(Init memory init) external initializer {
__AccessControlEnumerable_init();
_grantRole(DEFAULT_ADMIN_ROLE, init.admin);
numberOfBlocksToFinalize = init.numberOfBlocksToFinalize;
stakingContract = init.stakingContract;
oracle = init.oracle;
mETH = init.mETH;
_grantRole(MANAGER_ROLE, init.manager);
_grantRole(REQUEST_CANCELLER_ROLE, init.requestCanceller);
}
/// @inheritdoc IUnstakeRequestsManagerWrite
/// @dev Increases the cumulative ETH requested counter and pushes a new unstake request to the array. This function
/// can only be called by the staking contract.
function create(address requester, uint128 mETHLocked, uint128 ethRequested)
external
onlyStakingContract
returns (uint256)
{
uint128 currentCumulativeETHRequested = latestCumulativeETHRequested + ethRequested;
uint256 requestID = _unstakeRequests.length;
UnstakeRequest memory unstakeRequest = UnstakeRequest({
id: uint128(requestID),
requester: requester,
mETHLocked: mETHLocked,
ethRequested: ethRequested,
cumulativeETHRequested: currentCumulativeETHRequested,
blockNumber: uint64(block.number)
});
_unstakeRequests.push(unstakeRequest);
latestCumulativeETHRequested = currentCumulativeETHRequested;
emit UnstakeRequestCreated(
requestID, requester, mETHLocked, ethRequested, currentCumulativeETHRequested, block.number
);
return requestID;
}
/// @inheritdoc IUnstakeRequestsManagerWrite
/// @dev Verifies the requester's identity, finality of the request, and availability of funds before transferring
/// the requested ETH. The unstake request is then removed from the array.
function claim(uint256 requestID, address requester) external onlyStakingContract {
UnstakeRequest memory request = _unstakeRequests[requestID];
if (request.requester == address(0)) {
revert AlreadyClaimed();
}
if (requester != request.requester) {
revert NotRequester();
}
if (!_isFinalized(request)) {
revert NotFinalized();
}
if (request.cumulativeETHRequested > allocatedETHForClaims) {
revert NotEnoughFunds(request.cumulativeETHRequested, allocatedETHForClaims);
}
delete _unstakeRequests[requestID];
totalClaimed += request.ethRequested;
emit UnstakeRequestClaimed({
id: requestID,
requester: requester,
mETHLocked: request.mETHLocked,
ethRequested: request.ethRequested,
cumulativeETHRequested: request.cumulativeETHRequested,
blockNumber: request.blockNumber
});
// Claiming the request burns the locked mETH tokens from this contract.
// Note that it is intentional that burning happens here rather than at unstake time.
// Please see the docs folder for more information.
mETH.burn(request.mETHLocked);
Address.sendValue(payable(requester), request.ethRequested);
}
/// @inheritdoc IUnstakeRequestsManagerWrite
/// @dev Iteratively checks the finality of the latest requests and cancels the unfinalized ones until reaching a
/// finalized request or the max loop bound. Adjusts the state of the latest cumulative ETH accordingly.
function cancelUnfinalizedRequests(uint256 maxCancel) external onlyRole(REQUEST_CANCELLER_ROLE) returns (bool) {
uint256 length = _unstakeRequests.length;
if (length == 0) {
return false;
}
if (length < maxCancel) {
maxCancel = length;
}
// Cache all cancelled requests to perform the refunds after processing all local effects to strictly follow the
// checks-effects-interaction pattern.
UnstakeRequest[] memory requests = new UnstakeRequest[](maxCancel);
// Find the number of requests that have not been finalized.
uint256 numCancelled = 0;
while (numCancelled < maxCancel) {
UnstakeRequest memory request = _unstakeRequests[_unstakeRequests.length - 1];
if (_isFinalized(request)) {
break;
}
_unstakeRequests.pop();
requests[numCancelled] = request;
++numCancelled;
emit UnstakeRequestCancelled(
request.id,
request.requester,
request.mETHLocked,
request.ethRequested,
request.cumulativeETHRequested,
request.blockNumber
);
}
// Reset the latest cumulative ETH state and check whether there are more unfinalized requests to cancel.
bool hasMore;
uint256 remainingRequestsLength = _unstakeRequests.length;
if (remainingRequestsLength == 0) {
latestCumulativeETHRequested = 0;
hasMore = false;
} else {
UnstakeRequest memory latestRemainingRequest = _unstakeRequests[remainingRequestsLength - 1];
latestCumulativeETHRequested = latestRemainingRequest.cumulativeETHRequested;
hasMore = !_isFinalized(latestRemainingRequest);
}
// Return the locked mETH of all cancelled requests.
for (uint256 i = 0; i < numCancelled; i++) {
SafeERC20Upgradeable.safeTransfer(mETH, requests[i].requester, requests[i].mETHLocked);
}
return hasMore;
}
/// @inheritdoc IUnstakeRequestsManagerWrite
/// @dev Handles incoming ether from the staking contract, increasing the allocatedETHForClaims counter by the value
/// of the incoming allocatedETH.
function allocateETH() external payable onlyStakingContract {
allocatedETHForClaims += msg.value;
}
/// @inheritdoc IUnstakeRequestsManagerWrite
/// @dev Helps during the emergency scenario where we cancel unstake requests and we want to move ether back into
/// the staking contract.
function withdrawAllocatedETHSurplus() external onlyStakingContract {
uint256 toSend = allocatedETHSurplus();
if (toSend == 0) {
return;
}
allocatedETHForClaims -= toSend;
stakingContract.receiveFromUnstakeRequestsManager{value: toSend}();
}
/// @notice Returns the ID of the next unstake requests to be created.
function nextRequestId() external view returns (uint256) {
return _unstakeRequests.length;
}
/// @inheritdoc IUnstakeRequestsManagerRead
function requestByID(uint256 requestID) external view returns (UnstakeRequest memory) {
return _unstakeRequests[requestID];
}
/// @inheritdoc IUnstakeRequestsManagerRead
function requestInfo(uint256 requestID) external view returns (bool, uint256) {
UnstakeRequest memory request = _unstakeRequests[requestID];
bool isFinalized = _isFinalized(request);
uint256 claimableAmount = 0;
// The cumulative ETH requested also includes the ETH requested and must be subtracted from the cumulative total
// to find partially filled amounts.
uint256 allocatedEthRequired = request.cumulativeETHRequested - request.ethRequested;
if (allocatedEthRequired < allocatedETHForClaims) {
// The allocatedETHForClaims increases over time whereas the request's cumulative ETH requested stays the
// same. This means the difference between the two will also increase over time. Given we only want to
// return the partially filled amount up to the full ETH requested, we take the minimum of the two.
claimableAmount = Math.min(allocatedETHForClaims - allocatedEthRequired, request.ethRequested);
}
return (isFinalized, claimableAmount);
}
/// @inheritdoc IUnstakeRequestsManagerRead
/// @dev Compares the latest the allocatedETHForClaims value and the cumulative ETH requested value to determine if
/// there's a surplus.
function allocatedETHSurplus() public view returns (uint256) {
if (allocatedETHForClaims > latestCumulativeETHRequested) {
return allocatedETHForClaims - latestCumulativeETHRequested;
}
return 0;
}
/// @inheritdoc IUnstakeRequestsManagerRead
/// @dev Compares the latest cumulative ETH requested value and the allocatedETHForClaims value to determine if
/// there's a deficit.
function allocatedETHDeficit() external view returns (uint256) {
if (latestCumulativeETHRequested > allocatedETHForClaims) {
return latestCumulativeETHRequested - allocatedETHForClaims;
}
return 0;
}
/// @inheritdoc IUnstakeRequestsManagerRead
/// @dev The difference between allocatedETHForClaims and totalClaimed represents the amount of ether waiting to be
/// claimed.
function balance() external view returns (uint256) {
if (allocatedETHForClaims > totalClaimed) {
return allocatedETHForClaims - totalClaimed;
}
return 0;
}
/// @notice Updates the number of blocks required to finalize requests.
/// @param numberOfBlocksToFinalize_ The number of blocks required to finalize requests.
function setNumberOfBlocksToFinalize(uint256 numberOfBlocksToFinalize_) external onlyRole(MANAGER_ROLE) {
numberOfBlocksToFinalize = numberOfBlocksToFinalize_;
emit ProtocolConfigChanged(
this.setNumberOfBlocksToFinalize.selector,
"setNumberOfBlocksToFinalize(uint256)",
abi.encode(numberOfBlocksToFinalize_)
);
}
/// @notice Used by the claim function to check whether the request can be claimed (i.e. is finalized).
/// @dev Finalization relies on the latest record of the oracle. This way, users can only claim their unstake
/// requests in a period where the protocol has a valid record. We also use numberOfBlocksToFinalize as another
/// safety buffer that can be set depending on the needs of the protocol.
/// See also {claim}
/// @return A boolean indicating whether the unstake request is finalized or not.
function _isFinalized(UnstakeRequest memory request) internal view returns (bool) {
return (request.blockNumber + numberOfBlocksToFinalize) <= oracle.latestRecord().updateEndBlock;
}
/// @dev Validates that the caller is the staking contract.
modifier onlyStakingContract() {
if (msg.sender != address(stakingContract)) {
revert NotStakingContract();
}
_;
}
// Fallbacks.
receive() external payable {
revert DoesNotReceiveETH();
}
fallback() external payable {
revert DoesNotReceiveETH();
}
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;
import {Initializable} from "openzeppelin-upgradeable/proxy/utils/Initializable.sol";
import {AccessControlEnumerableUpgradeable} from
"openzeppelin-upgradeable/access/AccessControlEnumerableUpgradeable.sol";
import {Math} from "openzeppelin/utils/math/Math.sol";
import {IERC20} from "openzeppelin/token/ERC20/IERC20.sol";
import {SafeERC20Upgradeable} from "openzeppelin-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol";
import {ProtocolEvents} from "./interfaces/ProtocolEvents.sol";
import {IDepositContract} from "./interfaces/IDepositContract.sol";
import {IMETH} from "./interfaces/IMETH.sol";
import {IOracleReadRecord, OracleRecord} from "./interfaces/IOracle.sol";
import {IPauserRead} from "./interfaces/IPauser.sol";
import {IStaking, IStakingReturnsWrite, IStakingInitiationRead} from "./interfaces/IStaking.sol";
import {UnstakeRequest, IUnstakeRequestsManager} from "./interfaces/IUnstakeRequestsManager.sol";
/// @notice Events emitted by the staking contract.
interface StakingEvents {
/// @notice Emitted when a user stakes ETH and receives mETH.
/// @param staker The address of the user staking ETH.
/// @param ethAmount The amount of ETH staked.
/// @param mETHAmount The amount of mETH received.
event Staked(address indexed staker, uint256 ethAmount, uint256 mETHAmount);
/// @notice Emitted when a user unstakes mETH in exchange for ETH.
/// @param id The ID of the unstake request.
/// @param staker The address of the user unstaking mETH.
/// @param ethAmount The amount of ETH that the staker will receive.
/// @param mETHLocked The amount of mETH that will be burned.
event UnstakeRequested(uint256 indexed id, address indexed staker, uint256 ethAmount, uint256 mETHLocked);
/// @notice Emitted when a user claims their unstake request.
/// @param id The ID of the unstake request.
/// @param staker The address of the user claiming their unstake request.
event UnstakeRequestClaimed(uint256 indexed id, address indexed staker);
/// @notice Emitted when a validator has been initiated (i.e. the protocol has deposited into the deposit contract).
/// @param id The ID of the validator which is the hash of its pubkey.
/// @param operatorID The ID of the node operator to which the validator belongs to.
/// @param pubkey The pubkey of the validator.
/// @param amountDeposited The amount of ETH deposited into the deposit contract for that validator.
event ValidatorInitiated(bytes32 indexed id, uint256 indexed operatorID, bytes pubkey, uint256 amountDeposited);
/// @notice Emitted when the protocol has allocated ETH to the UnstakeRequestsManager.
/// @param amount The amount of ETH allocated to the UnstakeRequestsManager.
event AllocatedETHToUnstakeRequestsManager(uint256 amount);
/// @notice Emitted when the protocol has allocated ETH to use for deposits into the deposit contract.
/// @param amount The amount of ETH allocated to deposits.
event AllocatedETHToDeposits(uint256 amount);
/// @notice Emitted when the protocol has received returns from the returns aggregator.
/// @param amount The amount of ETH received.
event ReturnsReceived(uint256 amount);
}
/// @title Staking
/// @notice Manages stake and unstake requests by users, keeps track of the total amount of ETH controlled by the
/// protocol, and initiates new validators.
contract Staking is Initializable, AccessControlEnumerableUpgradeable, IStaking, StakingEvents, ProtocolEvents {
// Errors.
error DoesNotReceiveETH();
error InvalidConfiguration();
error MaximumValidatorDepositExceeded();
error MaximumMETHSupplyExceeded();
error MinimumStakeBoundNotSatisfied();
error MinimumUnstakeBoundNotSatisfied();
error MinimumValidatorDepositNotSatisfied();
error NotEnoughDepositETH();
error NotEnoughUnallocatedETH();
error NotReturnsAggregator();
error NotUnstakeRequestsManager();
error Paused();
error PreviouslyUsedValidator();
error ZeroAddress();
error InvalidDepositRoot(bytes32);
error StakeBelowMinimumMETHAmount(uint256 methAmount, uint256 expectedMinimum);
error UnstakeBelowMinimumETHAmount(uint256 ethAmount, uint256 expectedMinimum);
error InvalidWithdrawalCredentialsWrongLength(uint256);
error InvalidWithdrawalCredentialsNotETH1(bytes12);
error InvalidWithdrawalCredentialsWrongAddress(address);
/// @notice Role allowed trigger administrative tasks such as allocating funds to / withdrawing surplusses from the
/// UnstakeRequestsManager and setting various parameters on the contract.
bytes32 public constant STAKING_MANAGER_ROLE = keccak256("STAKING_MANAGER_ROLE");
/// @notice Role allowed to allocate funds to unstake requests manager and reserve funds to deposit into the
/// validators.
bytes32 public constant ALLOCATOR_SERVICE_ROLE = keccak256("ALLOCATER_SERVICE_ROLE");
/// @notice Role allowed to initiate new validators by sending funds from the allocatedETHForDeposits balance
/// to the beacon chain deposit contract.
bytes32 public constant INITIATOR_SERVICE_ROLE = keccak256("INITIATOR_SERVICE_ROLE");
/// @notice Role to manage the staking allowlist.
bytes32 public constant STAKING_ALLOWLIST_MANAGER_ROLE = keccak256("STAKING_ALLOWLIST_MANAGER_ROLE");
/// @notice Role allowed to stake ETH when allowlist is enabled.
bytes32 public constant STAKING_ALLOWLIST_ROLE = keccak256("STAKING_ALLOWLIST_ROLE");
/// @notice Role allowed to top up the unallocated ETH in the protocol.
bytes32 public constant TOP_UP_ROLE = keccak256("TOP_UP_ROLE");
/// @notice Payload struct submitted for validator initiation.
/// @dev See also {initiateValidatorsWithDeposits}.
struct ValidatorParams {
uint256 operatorID;
uint256 depositAmount;
bytes pubkey;
bytes withdrawalCredentials;
bytes signature;
bytes32 depositDataRoot;
}
/// @notice Keeps track of already initiated validators.
/// @dev This is tracked to ensure that we never deposit for the same validator public key twice, which is a base
/// assumption of this contract and the related off-chain accounting.
mapping(bytes pubkey => bool exists) public usedValidators;
/// @inheritdoc IStakingInitiationRead
/// @dev This is needed to account for ETH that is still in flight, i.e. that has been sent to the deposit contract
/// but has not been processed by the beacon chain yet. Once the off-chain oracle detects those deposits, they are
/// recorded as `totalDepositsProcessed` in the oracle contract to avoid double counting. See also
/// {totalControlled}.
uint256 public totalDepositedInValidators;
/// @inheritdoc IStakingInitiationRead
uint256 public numInitiatedValidators;
/// @notice The amount of ETH that is used to allocate to deposits and fill the pending unstake requests.
uint256 public unallocatedETH;
/// @notice The amount of ETH that is used deposit into validators.
uint256 public allocatedETHForDeposits;
/// @notice The minimum amount of ETH users can stake.
uint256 public minimumStakeBound;
/// @notice The minimum amount of mETH users can unstake.
uint256 public minimumUnstakeBound;
/// @notice When staking on Ethereum, validators must go through an entry queue to bring money into the system, and
/// an exit queue to bring it back out. The entry queue increases in size as more people want to stake. While the
/// money is in the entry queue, it is not earning any rewards. When a validator is active, or in the exit queue, it
/// is earning rewards. Once a validator enters the entry queue, the only way that the money can be retrieved is by
/// waiting for it to become active and then to exit it again. As of July 2023, the entry queue is approximately 40
/// days and the exit queue is 0 days (with ~6 days of processing time).
///
/// In a non-optimal scenario for the protocol, a user could stake (for example) 32 ETH to receive mETH, wait
/// until a validator enters the queue, and then request to unstake to recover their 32 ETH. Now we have 32 ETH in
/// the system which affects the exchange rate, but is not earning rewards.
///
/// In this case, the 'fair' thing to do would be to make the user wait for the queue processing to finish before
/// returning their funds. Because the tokens are fungible however, we have no way of matching 'pending' stakes to a
/// particular user. This means that in order to fulfill unstake requests quickly, we must exit a different
/// validator to return the user's funds. If we exit a validator, we can return the funds after ~5 days, but the
/// original 32 ETH will not be earning for another 35 days, leading to a small but repeatable socialised loss of
/// efficiency for the protocol. As we can only exit validators in chunks of 32 ETH, this case is also exacerbated
/// by a user unstaking smaller amounts of ETH.
///
/// To compensate for the fact that these two queues differ in length, we apply an adjustment to the exchange rate
/// to reflect the difference and mitigate its effect on the protocol. This protects the protocol from the case
/// above, and also from griefing attacks following the same principle. Essentially, when you stake you are
/// receiving a value of mETH that discounts ~35 days worth of rewards in return for being able to access your
/// money without waiting the full 40 days when unstaking. As the adjustment is applied to the exchange rate, this
/// results in a small 'improvement' to the rate for all existing stakers (i.e. it is not a fee levied by the
/// protocol itself).
///
/// As the adjustment is applied to the exchange rate, the result is reflected in any user interface which shows the
/// amount of mETH received when staking, meaning there is no surprise for users when staking or unstaking.
/// @dev The value is in basis points (1/10000).
uint16 public exchangeAdjustmentRate;
/// @dev A basis point (often denoted as bp, 1bp = 0.01%) is a unit of measure used in finance to describe
/// the percentage change in a financial instrument. This is a constant value set as 10000 which represents
/// 100% in basis point terms.
uint16 internal constant _BASIS_POINTS_DENOMINATOR = 10_000;
/// @notice The maximum amount the exchange adjustment rate (10%) that can be set by the admin.
uint16 internal constant _MAX_EXCHANGE_ADJUSTMENT_RATE = _BASIS_POINTS_DENOMINATOR / 10; // 10%
/// @notice The minimum amount of ETH that the staking contract can send to the deposit contract to initiate new
/// validators.
/// @dev This is used as an additional safeguard to prevent sending deposits that would result in non-activated
/// validators (since we don't do top-ups), that would need to be exited again to get the ETH back.
uint256 public minimumDepositAmount;
/// @notice The maximum amount of ETH that the staking contract can send to the deposit contract to initiate new
/// validators.
/// @dev This is used as an additional safeguard to prevent sending too large deposits. While this is not a critical
/// issue as any surplus >32 ETH (at the time of writing) will automatically be withdrawn again at some point, it is
/// still undesireable as it locks up not-earning ETH for the duration of the round trip decreasing the efficiency
/// of the protocol.
uint256 public maximumDepositAmount;
/// @notice The beacon chain deposit contract.
/// @dev ETH will be sent there during validator initiation.
IDepositContract public depositContract;
/// @notice The mETH token contract.
/// @dev Tokens will be minted / burned during staking / unstaking.
IMETH public mETH;
/// @notice The oracle contract.
/// @dev Tracks ETH on the beacon chain and other accounting relevant quantities.
IOracleReadRecord public oracle;
/// @notice The pauser contract.
/// @dev Keeps the pause state across the protocol.
IPauserRead public pauser;
/// @notice The contract tracking unstake requests and related allocation and claim operations.
IUnstakeRequestsManager public unstakeRequestsManager;
/// @notice The address to receive beacon chain withdrawals (i.e. validator rewards and exits).
/// @dev Changing this variable will not have an immediate effect as all exisiting validators will still have the
/// original value set.
address public withdrawalWallet;
/// @notice The address for the returns aggregator contract to push funds.
/// @dev See also {receiveReturns}.
address public returnsAggregator;
/// @notice The staking allowlist flag which, when enabled, allows staking only for addresses in allowlist.
bool public isStakingAllowlist;
/// @inheritdoc IStakingInitiationRead
/// @dev This will be used to give off-chain services a sensible point in time to start their analysis from.
uint256 public initializationBlockNumber;
/// @notice The maximum amount of mETH that can be minted during the staking process.
/// @dev This is used as an additional safeguard to create a maximum stake amount in the protocol. As the protocol
/// scales up this value will be increased to allow for more staking.
uint256 public maximumMETHSupply;
/// @notice Configuration for contract initialization.
struct Init {
address admin;
address manager;
address allocatorService;
address initiatorService;
address returnsAggregator;
address withdrawalWallet;
IMETH mETH;
IDepositContract depositContract;
IOracleReadRecord oracle;
IPauserRead pauser;
IUnstakeRequestsManager unstakeRequestsManager;
}
constructor() {
_disableInitializers();
}
/// @notice Inititalizes the contract.
/// @dev MUST be called during the contract upgrade to set up the proxies state.
function initialize(Init memory init) external initializer {
__AccessControlEnumerable_init();
_grantRole(DEFAULT_ADMIN_ROLE, init.admin);
_grantRole(STAKING_MANAGER_ROLE, init.manager);
_grantRole(ALLOCATOR_SERVICE_ROLE, init.allocatorService);
_grantRole(INITIATOR_SERVICE_ROLE, init.initiatorService);
// Intentionally does not set anyone as the TOP_UP_ROLE as it will only be granted
// in the off-chance that the top up functionality is required.
// Set up roles for the staking allowlist. Intentionally do not grant anyone the
// STAKING_ALLOWLIST_MANAGER_ROLE as it will only be granted later.
_setRoleAdmin(STAKING_ALLOWLIST_MANAGER_ROLE, STAKING_MANAGER_ROLE);
_setRoleAdmin(STAKING_ALLOWLIST_ROLE, STAKING_ALLOWLIST_MANAGER_ROLE);
mETH = init.mETH;
depositContract = init.depositContract;
oracle = init.oracle;
pauser = init.pauser;
returnsAggregator = init.returnsAggregator;
unstakeRequestsManager = init.unstakeRequestsManager;
withdrawalWallet = init.withdrawalWallet;
minimumStakeBound = 0.1 ether;
minimumUnstakeBound = 0.01 ether;
minimumDepositAmount = 32 ether;
maximumDepositAmount = 32 ether;
isStakingAllowlist = true;
initializationBlockNumber = block.number;
// Set the maximum mETH supply to some sensible amount which is expected to be changed as the
// protocol ramps up.
maximumMETHSupply = 1024 ether;
}
/// @notice Interface for users to stake their ETH with the protocol. Note: when allowlist is enabled, only users
/// with the allowlist can stake.
/// @dev Mints the corresponding amount of mETH (relative to the stake's share in the total ETH controlled by the
/// protocol) to the user.
/// @param minMETHAmount The minimum amount of mETH that the user expects to receive in return.
function stake(uint256 minMETHAmount) external payable {
if (pauser.isStakingPaused()) {
revert Paused();
}
if (isStakingAllowlist) {
_checkRole(STAKING_ALLOWLIST_ROLE);
}
if (msg.value < minimumStakeBound) {
revert MinimumStakeBoundNotSatisfied();
}
uint256 mETHMintAmount = ethToMETH(msg.value);
if (mETHMintAmount + mETH.totalSupply() > maximumMETHSupply) {
revert MaximumMETHSupplyExceeded();
}
if (mETHMintAmount < minMETHAmount) {
revert StakeBelowMinimumMETHAmount(mETHMintAmount, minMETHAmount);
}
// Increment unallocated ETH after calculating the exchange rate to ensure
// a consistent rate.
unallocatedETH += msg.value;
emit Staked(msg.sender, msg.value, mETHMintAmount);
mETH.mint(msg.sender, mETHMintAmount);
}
/// @notice Interface for users to submit a request to unstake.
/// @dev Transfers the specified amount of mETH to the staking contract and locks it there until it is burned on
/// request claim. The staking contract must therefore be approved to move the user's mETH on their behalf.
/// @param methAmount The amount of mETH to unstake.
/// @param minETHAmount The minimum amount of ETH that the user expects to receive.
/// @return The request ID.
function unstakeRequest(uint128 methAmount, uint128 minETHAmount) external returns (uint256) {
return _unstakeRequest(methAmount, minETHAmount);
}
/// @notice Interface for users to submit a request to unstake with an ERC20 permit.
/// @dev Transfers the specified amount of mETH to the staking contract and locks it there until it is burned on
/// request claim. The permit must therefore allow the staking contract to move the user's mETH on their behalf.
/// @return The request ID.
function unstakeRequestWithPermit(
uint128 methAmount,
uint128 minETHAmount,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) external returns (uint256) {
SafeERC20Upgradeable.safePermit(mETH, msg.sender, address(this), methAmount, deadline, v, r, s);
return _unstakeRequest(methAmount, minETHAmount);
}
/// @notice Processes a user's request to unstake by transferring the corresponding mETH to the staking contract
/// and creating the request on the unstake requests manager.
/// @param methAmount The amount of mETH to unstake.
/// @param minETHAmount The minimum amount of ETH that the user expects to receive.
function _unstakeRequest(uint128 methAmount, uint128 minETHAmount) internal returns (uint256) {
if (pauser.isUnstakeRequestsAndClaimsPaused()) {
revert Paused();
}
if (methAmount < minimumUnstakeBound) {
revert MinimumUnstakeBoundNotSatisfied();
}
uint128 ethAmount = uint128(mETHToETH(methAmount));
if (ethAmount < minETHAmount) {
revert UnstakeBelowMinimumETHAmount(ethAmount, minETHAmount);
}
uint256 requestID =
unstakeRequestsManager.create({requester: msg.sender, mETHLocked: methAmount, ethRequested: ethAmount});
emit UnstakeRequested({id: requestID, staker: msg.sender, ethAmount: ethAmount, mETHLocked: methAmount});
SafeERC20Upgradeable.safeTransferFrom(mETH, msg.sender, address(unstakeRequestsManager), methAmount);
return requestID;
}
/// @notice Interface for users to claim their finalized and filled unstaking requests.
/// @dev See also {UnstakeRequestsManager} for a more detailed explanation of finalization and request filling.
function claimUnstakeRequest(uint256 unstakeRequestID) external {
if (pauser.isUnstakeRequestsAndClaimsPaused()) {
revert Paused();
}
emit UnstakeRequestClaimed(unstakeRequestID, msg.sender);
unstakeRequestsManager.claim(unstakeRequestID, msg.sender);
}
/// @notice Returns the status of the request whether it is finalized and how much ETH has been filled.
/// See also {UnstakeRequestsManager.requestInfo} for a more detailed explanation of finalization and request
/// filling.
/// @param unstakeRequestID The ID of the unstake request.
/// @return bool indicating if the unstake request is finalized, and the amount of ETH that has been filled.
function unstakeRequestInfo(uint256 unstakeRequestID) external view returns (bool, uint256) {
return unstakeRequestsManager.requestInfo(unstakeRequestID);
}
/// @notice Withdraws any surplus from the unstake requests manager.
/// @dev The request manager is expected to return the funds by pushing them using
/// {receiveFromUnstakeRequestsManager}.
function reclaimAllocatedETHSurplus() external onlyRole(STAKING_MANAGER_ROLE) {
// Calls the receiveFromUnstakeRequestsManager() where we perform
// the accounting.
unstakeRequestsManager.withdrawAllocatedETHSurplus();
}
/// @notice Allocates ETH from the unallocatedETH balance to the unstake requests manager to fill pending requests
/// and adds to the allocatedETHForDeposits balance that is used to initiate new validators.
function allocateETH(uint256 allocateToUnstakeRequestsManager, uint256 allocateToDeposits)
external
onlyRole(ALLOCATOR_SERVICE_ROLE)
{
if (pauser.isAllocateETHPaused()) {
revert Paused();
}
if (allocateToUnstakeRequestsManager + allocateToDeposits > unallocatedETH) {
revert NotEnoughUnallocatedETH();
}
unallocatedETH -= allocateToUnstakeRequestsManager + allocateToDeposits;
if (allocateToDeposits > 0) {
allocatedETHForDeposits += allocateToDeposits;
emit AllocatedETHToDeposits(allocateToDeposits);
}
if (allocateToUnstakeRequestsManager > 0) {
emit AllocatedETHToUnstakeRequestsManager(allocateToUnstakeRequestsManager);
unstakeRequestsManager.allocateETH{value: allocateToUnstakeRequestsManager}();
}
}
/// @notice Initiates new validators by sending ETH to the beacon chain deposit contract.
/// @dev Cannot initiate the same validator (public key) twice. Since BLS signatures cannot be feasibly verified on
/// the EVM, the caller must carefully make sure that the sent payloads (public keys + signatures) are correct,
/// otherwise the sent ETH will be lost.
function initiateValidatorsWithDeposits(ValidatorParams[] calldata validators, bytes32 expectedDepositRoot)
external
onlyRole(INITIATOR_SERVICE_ROLE)
{
if (pauser.isInitiateValidatorsPaused()) {
revert Paused();
}
if (validators.length == 0) {
return;
}
// Check that the deposit root matches the given value. This ensures that the deposit contract state
// has not changed since the transaction was submitted, which means that a rogue node operator cannot
// front-run deposit transactions.
bytes32 actualRoot = depositContract.get_deposit_root();
if (expectedDepositRoot != actualRoot) {
revert InvalidDepositRoot(actualRoot);
}
// First loop is to check that all validators are valid according to our constraints and we record the
// validators and how much we have deposited.
uint256 amountDeposited = 0;
for (uint256 i = 0; i < validators.length; ++i) {
ValidatorParams calldata validator = validators[i];
if (usedValidators[validator.pubkey]) {
revert PreviouslyUsedValidator();
}
if (validator.depositAmount < minimumDepositAmount) {
revert MinimumValidatorDepositNotSatisfied();
}
if (validator.depositAmount > maximumDepositAmount) {
revert MaximumValidatorDepositExceeded();
}
_requireProtocolWithdrawalAccount(validator.withdrawalCredentials);
usedValidators[validator.pubkey] = true;
amountDeposited += validator.depositAmount;
emit ValidatorInitiated({
id: keccak256(validator.pubkey),
operatorID: validator.operatorID,
pubkey: validator.pubkey,
amountDeposited: validator.depositAmount
});
}
if (amountDeposited > allocatedETHForDeposits) {
revert NotEnoughDepositETH();
}
allocatedETHForDeposits -= amountDeposited;
totalDepositedInValidators += amountDeposited;
numInitiatedValidators += validators.length;
// Second loop is to send the deposits to the deposit contract. Keeps external calls to the deposit contract
// separate from state changes.
for (uint256 i = 0; i < validators.length; ++i) {
ValidatorParams calldata validator = validators[i];
depositContract.deposit{value: validator.depositAmount}({
pubkey: validator.pubkey,
withdrawal_credentials: validator.withdrawalCredentials,
signature: validator.signature,
deposit_data_root: validator.depositDataRoot
});
}
}
/// @inheritdoc IStakingReturnsWrite
/// @dev Intended to be the called in the same transaction initiated by reclaimAllocatedETHSurplus().
/// This should only be called in emergency scenarios, e.g. if the unstake requests manager has cancelled
/// unfinalized requests and there is a surplus balance.
/// Adds the received funds to the unallocated balance.
function receiveFromUnstakeRequestsManager() external payable onlyUnstakeRequestsManager {
unallocatedETH += msg.value;
}
/// @notice Tops up the unallocated ETH balance to increase the amount of ETH in the protocol.
/// @dev Bypasses the returns aggregator fee collection to inject ETH directly into the protocol.
function topUp() external payable onlyRole(TOP_UP_ROLE) {
unallocatedETH += msg.value;
}
/// @notice Converts from mETH to ETH using the current exchange rate.
/// The exchange rate is given by the total supply of mETH and total ETH controlled by the protocol.
function ethToMETH(uint256 ethAmount) public view returns (uint256) {
// 1:1 exchange rate on the first stake.
// Using `METH.totalSupply` over `totalControlled` to check if the protocol is in its bootstrap phase since
// the latter can be manipulated, for example by transferring funds to the `ExecutionLayerReturnsReceiver`, and
// therefore be non-zero by the time the first stake is made
if (mETH.totalSupply() == 0) {
return ethAmount;
}
// deltaMETH = (1 - exchangeAdjustmentRate) * (mETHSupply / totalControlled) * ethAmount
// This rounds down to zero in the case of `(1 - exchangeAdjustmentRate) * ethAmount * mETHSupply <
// totalControlled`.
// While this scenario is theoretically possible, it can only be realised feasibly during the protocol's
// bootstrap phase and if `totalControlled` and `mETHSupply` can be changed independently of each other. Since
// the former is permissioned, and the latter is not permitted by the protocol, this cannot be exploited by an
// attacker.
return Math.mulDiv(
ethAmount,
mETH.totalSupply() * uint256(_BASIS_POINTS_DENOMINATOR - exchangeAdjustmentRate),
totalControlled() * uint256(_BASIS_POINTS_DENOMINATOR)
);
}
/// @notice Converts from ETH to mETH using the current exchange rate.
/// The exchange rate is given by the total supply of mETH and total ETH controlled by the protocol.
function mETHToETH(uint256 mETHAmount) public view returns (uint256) {
// 1:1 exchange rate on the first stake.
// Using `METH.totalSupply` over `totalControlled` to check if the protocol is in its bootstrap phase since
// the latter can be manipulated, for example by transferring funds to the `ExecutionLayerReturnsReceiver`, and
// therefore be non-zero by the time the first stake is made
if (mETH.totalSupply() == 0) {
return mETHAmount;
}
// deltaETH = (totalControlled / mETHSupply) * mETHAmount
// This rounds down to zero in the case of `mETHAmount * totalControlled < mETHSupply`.
// While this scenario is theoretically possible, it can only be realised feasibly during the protocol's
// bootstrap phase and if `totalControlled` and `mETHSupply` can be changed independently of each other. Since
// the former is permissioned, and the latter is not permitted by the protocol, this cannot be exploited by an
// attacker.
return Math.mulDiv(mETHAmount, totalControlled(), mETH.totalSupply());
}
/// @notice The total amount of ETH controlled by the protocol.
/// @dev Sums over the balances of various contracts and the beacon chain information from the oracle.
function totalControlled() public view returns (uint256) {
OracleRecord memory record = oracle.latestRecord();
uint256 total = 0;
total += unallocatedETH;
total += allocatedETHForDeposits;
/// The total ETH deposited to the beacon chain must be decreased by the deposits processed by the off-chain
/// oracle since it will be accounted for in the currentTotalValidatorBalance from that point onwards.
total += totalDepositedInValidators - record.cumulativeProcessedDepositAmount;
total += record.currentTotalValidatorBalance;
total += unstakeRequestsManager.balance();
return total;
}
/// @notice Checks if the given withdrawal credentials are a valid 0x01 prefixed withdrawal address.
/// @dev See also
/// https://github.com/ethereum/consensus-specs/blob/master/specs/phase0/validator.md#eth1_address_withdrawal_prefix
function _requireProtocolWithdrawalAccount(bytes calldata withdrawalCredentials) internal view {
if (withdrawalCredentials.length != 32) {
revert InvalidWithdrawalCredentialsWrongLength(withdrawalCredentials.length);
}
// Check the ETH1_ADDRESS_WITHDRAWAL_PREFIX and that all other bytes are zero.
bytes12 prefixAndPadding = bytes12(withdrawalCredentials[:12]);
if (prefixAndPadding != 0x010000000000000000000000) {
revert InvalidWithdrawalCredentialsNotETH1(prefixAndPadding);
}
address addr = address(bytes20(withdrawalCredentials[12:32]));
if (addr != withdrawalWallet) {
revert InvalidWithdrawalCredentialsWrongAddress(addr);
}
}
/// @inheritdoc IStakingReturnsWrite
/// @dev Adds the received funds to the unallocated balance.
function receiveReturns() external payable onlyReturnsAggregator {
emit ReturnsReceived(msg.value);
unallocatedETH += msg.value;
}
/// @notice Ensures that the caller is the returns aggregator.
modifier onlyReturnsAggregator() {
if (msg.sender != returnsAggregator) {
revert NotReturnsAggregator();
}
_;
}
/// @notice Ensures that the caller is the unstake requests manager.
modifier onlyUnstakeRequestsManager() {
if (msg.sender != address(unstakeRequestsManager)) {
revert NotUnstakeRequestsManager();
}
_;
}
/// @notice Ensures that the given address is not the zero address.
modifier notZeroAddress(address addr) {
if (addr == address(0)) {
revert ZeroAddress();
}
_;
}
/// @notice Sets the minimum amount of ETH users can stake.
function setMinimumStakeBound(uint256 minimumStakeBound_) external onlyRole(STAKING_MANAGER_ROLE) {
minimumStakeBound = minimumStakeBound_;
emit ProtocolConfigChanged(
this.setMinimumStakeBound.selector, "setMinimumStakeBound(uint256)", abi.encode(minimumStakeBound_)
);
}
/// @notice Sets the minimum amount of mETH users can unstake.
function setMinimumUnstakeBound(uint256 minimumUnstakeBound_) external onlyRole(STAKING_MANAGER_ROLE) {
minimumUnstakeBound = minimumUnstakeBound_;
emit ProtocolConfigChanged(
this.setMinimumUnstakeBound.selector, "setMinimumUnstakeBound(uint256)", abi.encode(minimumUnstakeBound_)
);
}
/// @notice Sets the staking adjust rate.
function setExchangeAdjustmentRate(uint16 exchangeAdjustmentRate_) external onlyRole(STAKING_MANAGER_ROLE) {
if (exchangeAdjustmentRate_ > _MAX_EXCHANGE_ADJUSTMENT_RATE) {
revert InvalidConfiguration();
}
// even though this check is redundant with the one above, this function will be rarely used so we keep it as a
// reminder for future upgrades that this must never be violated.
assert(exchangeAdjustmentRate_ <= _BASIS_POINTS_DENOMINATOR);
exchangeAdjustmentRate = exchangeAdjustmentRate_;
emit ProtocolConfigChanged(
this.setExchangeAdjustmentRate.selector,
"setExchangeAdjustmentRate(uint16)",
abi.encode(exchangeAdjustmentRate_)
);
}
/// @notice Sets the minimum amount of ETH that the staking contract can send to the deposit contract to initiate
/// new validators.
function setMinimumDepositAmount(uint256 minimumDepositAmount_) external onlyRole(STAKING_MANAGER_ROLE) {
minimumDepositAmount = minimumDepositAmount_;
emit ProtocolConfigChanged(
this.setMinimumDepositAmount.selector, "setMinimumDepositAmount(uint256)", abi.encode(minimumDepositAmount_)
);
}
/// @notice Sets the maximum amount of ETH that the staking contract can send to the deposit contract to initiate
/// new validators.
function setMaximumDepositAmount(uint256 maximumDepositAmount_) external onlyRole(STAKING_MANAGER_ROLE) {
maximumDepositAmount = maximumDepositAmount_;
emit ProtocolConfigChanged(
this.setMaximumDepositAmount.selector, "setMaximumDepositAmount(uint256)", abi.encode(maximumDepositAmount_)
);
}
/// @notice Sets the maximumMETHSupply variable.
/// Note: We intentionally allow this to be set lower than the current totalSupply so that the amount can be
/// adjusted downwards by unstaking.
/// See also {maximumMETHSupply}.
function setMaximumMETHSupply(uint256 maximumMETHSupply_) external onlyRole(STAKING_MANAGER_ROLE) {
maximumMETHSupply = maximumMETHSupply_;
emit ProtocolConfigChanged(
this.setMaximumMETHSupply.selector, "setMaximumMETHSupply(uint256)", abi.encode(maximumMETHSupply_)
);
}
/// @notice Sets the address to receive beacon chain withdrawals (i.e. validator rewards and exits).
/// @dev Changing this variable will not have an immediate effect as all exisiting validators will still have the
/// original value set.
function setWithdrawalWallet(address withdrawalWallet_)
external
onlyRole(STAKING_MANAGER_ROLE)
notZeroAddress(withdrawalWallet_)
{
withdrawalWallet = withdrawalWallet_;
emit ProtocolConfigChanged(
this.setWithdrawalWallet.selector, "setWithdrawalWallet(address)", abi.encode(withdrawalWallet_)
);
}
/// @notice Sets the staking allowlist flag.
function setStakingAllowlist(bool isStakingAllowlist_) external onlyRole(STAKING_MANAGER_ROLE) {
isStakingAllowlist = isStakingAllowlist_;
emit ProtocolConfigChanged(
this.setStakingAllowlist.selector, "setStakingAllowlist(bool)", abi.encode(isStakingAllowlist_)
);
}
receive() external payable {
revert DoesNotReceiveETH();
}
fallback() external payable {
revert DoesNotReceiveETH();
}
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;
import {Initializable} from "openzeppelin-upgradeable/proxy/utils/Initializable.sol";
import {AccessControlEnumerableUpgradeable} from
"openzeppelin-upgradeable/access/AccessControlEnumerableUpgradeable.sol";
import {AccessControlEnumerable} from "openzeppelin/access/AccessControlEnumerable.sol";
import {
ERC20PermitUpgradeable,
IERC20PermitUpgradeable
} from "openzeppelin-upgradeable/token/ERC20/extensions/ERC20PermitUpgradeable.sol";
import {IMETH} from "./interfaces/IMETH.sol";
import {IStaking} from "./interfaces/IStaking.sol";
import {IUnstakeRequestsManager} from "./interfaces/IUnstakeRequestsManager.sol";
/// @title METH
/// @notice METH is the ERC20 LSD token for the protocol.
contract METH is Initializable, AccessControlEnumerableUpgradeable, ERC20PermitUpgradeable, IMETH {
// Errors.
error NotStakingContract();
error NotUnstakeRequestsManagerContract();
/// @notice The staking contract which has permissions to mint tokens.
IStaking public stakingContract;
/// @notice The unstake requests manager contract which has permissions to burn tokens.
IUnstakeRequestsManager public unstakeRequestsManagerContract;
/// @notice Configuration for contract initialization.
struct Init {
address admin;
IStaking staking;
IUnstakeRequestsManager unstakeRequestsManager;
}
constructor() {
_disableInitializers();
}
/// @notice Inititalizes the contract.
/// @dev MUST be called during the contract upgrade to set up the proxies state.
function initialize(Init memory init) external initializer {
__AccessControlEnumerable_init();
__ERC20_init("mETH", "mETH");
__ERC20Permit_init("mETH");
_grantRole(DEFAULT_ADMIN_ROLE, init.admin);
stakingContract = init.staking;
unstakeRequestsManagerContract = init.unstakeRequestsManager;
}
/// @inheritdoc IMETH
/// @dev Expected to be called during the stake operation.
function mint(address staker, uint256 amount) external {
if (msg.sender != address(stakingContract)) {
revert NotStakingContract();
}
_mint(staker, amount);
}
/// @inheritdoc IMETH
/// @dev Expected to be called when a user has claimed their unstake request.
function burn(uint256 amount) external {
if (msg.sender != address(unstakeRequestsManagerContract)) {
revert NotUnstakeRequestsManagerContract();
}
_burn(msg.sender, amount);
}
/// @dev See {IERC20Permit-nonces}.
function nonces(address owner)
public
view
virtual
override(ERC20PermitUpgradeable, IERC20PermitUpgradeable)
returns (uint256)
{
return ERC20PermitUpgradeable.nonces(owner);
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (proxy/ERC1967/ERC1967Proxy.sol)
pragma solidity ^0.8.0;
import "../Proxy.sol";
import "./ERC1967Upgrade.sol";
/**
* @dev This contract implements an upgradeable proxy. It is upgradeable because calls are delegated to an
* implementation address that can be changed. This address is stored in storage in the location specified by
* https://eips.ethereum.org/EIPS/eip-1967[EIP1967], so that it doesn't conflict with the storage layout of the
* implementation behind the proxy.
*/
contract ERC1967Proxy is Proxy, ERC1967Upgrade {
/**
* @dev Initializes the upgradeable proxy with an initial implementation specified by `_logic`.
*
* If `_data` is nonempty, it's used as data in a delegate call to `_logic`. This will typically be an encoded
* function call, and allows initializing the storage of the proxy like a Solidity constructor.
*/
constructor(address _logic, bytes memory _data) payable {
_upgradeToAndCall(_logic, _data, false);
}
/**
* @dev Returns the current implementation address.
*/
function _implementation() internal view virtual override returns (address impl) {
return ERC1967Upgrade._getImplementation();
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.6.0) (token/ERC721/IERC721Receiver.sol)
pragma solidity ^0.8.0;
/**
* @title ERC721 token receiver interface
* @dev Interface for any contract that wants to support safeTransfers
* from ERC721 asset contracts.
*/
interface IERC721Receiver {
/**
* @dev Whenever an {IERC721} `tokenId` token is transferred to this contract via {IERC721-safeTransferFrom}
* by `operator` from `from`, this function is called.
*
* It must return its Solidity selector to confirm the token transfer.
* If any other value is returned or the interface is not implemented by the recipient, the transfer will be reverted.
*
* The selector can be obtained in Solidity with `IERC721Receiver.onERC721Received.selector`.
*/
function onERC721Received(
address operator,
address from,
uint256 tokenId,
bytes calldata data
) external returns (bytes4);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (token/ERC1155/IERC1155Receiver.sol)
pragma solidity ^0.8.0;
import "../../utils/introspection/IERC165.sol";
/**
* @dev _Available since v3.1._
*/
interface IERC1155Receiver is IERC165 {
/**
* @dev Handles the receipt of a single ERC1155 token type. This function is
* called at the end of a `safeTransferFrom` after the balance has been updated.
*
* NOTE: To accept the transfer, this must return
* `bytes4(keccak256("onERC1155Received(address,address,uint256,uint256,bytes)"))`
* (i.e. 0xf23a6e61, or its own function selector).
*
* @param operator The address which initiated the transfer (i.e. msg.sender)
* @param from The address which previously owned the token
* @param id The ID of the token being transferred
* @param value The amount of tokens being transferred
* @param data Additional data with no specified format
* @return `bytes4(keccak256("onERC1155Received(address,address,uint256,uint256,bytes)"))` if transfer is allowed
*/
function onERC1155Received(
address operator,
address from,
uint256 id,
uint256 value,
bytes calldata data
) external returns (bytes4);
/**
* @dev Handles the receipt of a multiple ERC1155 token types. This function
* is called at the end of a `safeBatchTransferFrom` after the balances have
* been updated.
*
* NOTE: To accept the transfer(s), this must return
* `bytes4(keccak256("onERC1155BatchReceived(address,address,uint256[],uint256[],bytes)"))`
* (i.e. 0xbc197c81, or its own function selector).
*
* @param operator The address which initiated the batch transfer (i.e. msg.sender)
* @param from The address which previously owned the token
* @param ids An array containing ids of each token being transferred (order and length must match values array)
* @param values An array containing amounts of each token being transferred (order and length must match ids array)
* @param data Additional data with no specified format
* @return `bytes4(keccak256("onERC1155BatchReceived(address,address,uint256[],uint256[],bytes)"))` if transfer is allowed
*/
function onERC1155BatchReceived(
address operator,
address from,
uint256[] calldata ids,
uint256[] calldata values,
bytes calldata data
) external returns (bytes4);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (access/IAccessControl.sol)
pragma solidity ^0.8.0;
/**
* @dev External interface of AccessControl declared to support ERC165 detection.
*/
interface IAccessControlUpgradeable {
/**
* @dev Emitted when `newAdminRole` is set as ``role``'s admin role, replacing `previousAdminRole`
*
* `DEFAULT_ADMIN_ROLE` is the starting admin for all roles, despite
* {RoleAdminChanged} not being emitted signaling this.
*
* _Available since v3.1._
*/
event RoleAdminChanged(bytes32 indexed role, bytes32 indexed previousAdminRole, bytes32 indexed newAdminRole);
/**
* @dev Emitted when `account` is granted `role`.
*
* `sender` is the account that originated the contract call, an admin role
* bearer except when using {AccessControl-_setupRole}.
*/
event RoleGranted(bytes32 indexed role, address indexed account, address indexed sender);
/**
* @dev Emitted when `account` is revoked `role`.
*
* `sender` is the account that originated the contract call:
* - if using `revokeRole`, it is the admin role bearer
* - if using `renounceRole`, it is the role bearer (i.e. `account`)
*/
event RoleRevoked(bytes32 indexed role, address indexed account, address indexed sender);
/**
* @dev Returns `true` if `account` has been granted `role`.
*/
function hasRole(bytes32 role, address account) external view returns (bool);
/**
* @dev Returns the admin role that controls `role`. See {grantRole} and
* {revokeRole}.
*
* To change a role's admin, use {AccessControl-_setRoleAdmin}.
*/
function getRoleAdmin(bytes32 role) external view returns (bytes32);
/**
* @dev Grants `role` to `account`.
*
* If `account` had not been already granted `role`, emits a {RoleGranted}
* event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*/
function grantRole(bytes32 role, address account) external;
/**
* @dev Revokes `role` from `account`.
*
* If `account` had been granted `role`, emits a {RoleRevoked} event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*/
function revokeRole(bytes32 role, address account) external;
/**
* @dev Revokes `role` from the calling account.
*
* Roles are often managed via {grantRole} and {revokeRole}: this function's
* purpose is to provide a mechanism for accounts to lose their privileges
* if they are compromised (such as when a trusted device is misplaced).
*
* If the calling account had been granted `role`, emits a {RoleRevoked}
* event.
*
* Requirements:
*
* - the caller must be `account`.
*/
function renounceRole(bytes32 role, address account) external;
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)
pragma solidity ^0.8.0;
import "../proxy/utils/Initializable.sol";
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract ContextUpgradeable is Initializable {
function __Context_init() internal onlyInitializing {
}
function __Context_init_unchained() internal onlyInitializing {
}
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[50] private __gap;
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/Strings.sol)
pragma solidity ^0.8.0;
import "./math/MathUpgradeable.sol";
import "./math/SignedMathUpgradeable.sol";
/**
* @dev String operations.
*/
library StringsUpgradeable {
bytes16 private constant _SYMBOLS = "0123456789abcdef";
uint8 private constant _ADDRESS_LENGTH = 20;
/**
* @dev Converts a `uint256` to its ASCII `string` decimal representation.
*/
function toString(uint256 value) internal pure returns (string memory) {
unchecked {
uint256 length = MathUpgradeable.log10(value) + 1;
string memory buffer = new string(length);
uint256 ptr;
/// @solidity memory-safe-assembly
assembly {
ptr := add(buffer, add(32, length))
}
while (true) {
ptr--;
/// @solidity memory-safe-assembly
assembly {
mstore8(ptr, byte(mod(value, 10), _SYMBOLS))
}
value /= 10;
if (value == 0) break;
}
return buffer;
}
}
/**
* @dev Converts a `int256` to its ASCII `string` decimal representation.
*/
function toString(int256 value) internal pure returns (string memory) {
return string(abi.encodePacked(value < 0 ? "-" : "", toString(SignedMathUpgradeable.abs(value))));
}
/**
* @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.
*/
function toHexString(uint256 value) internal pure returns (string memory) {
unchecked {
return toHexString(value, MathUpgradeable.log256(value) + 1);
}
}
/**
* @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.
*/
function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {
bytes memory buffer = new bytes(2 * length + 2);
buffer[0] = "0";
buffer[1] = "x";
for (uint256 i = 2 * length + 1; i > 1; --i) {
buffer[i] = _SYMBOLS[value & 0xf];
value >>= 4;
}
require(value == 0, "Strings: hex length insufficient");
return string(buffer);
}
/**
* @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation.
*/
function toHexString(address addr) internal pure returns (string memory) {
return toHexString(uint256(uint160(addr)), _ADDRESS_LENGTH);
}
/**
* @dev Returns true if the two strings are equal.
*/
function equal(string memory a, string memory b) internal pure returns (bool) {
return keccak256(bytes(a)) == keccak256(bytes(b));
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/introspection/ERC165.sol)
pragma solidity ^0.8.0;
import "./IERC165Upgradeable.sol";
import "../../proxy/utils/Initializable.sol";
/**
* @dev Implementation of the {IERC165} interface.
*
* Contracts that want to implement ERC165 should inherit from this contract and override {supportsInterface} to check
* for the additional interface id that will be supported. For example:
*
* ```solidity
* function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
* return interfaceId == type(MyInterface).interfaceId || super.supportsInterface(interfaceId);
* }
* ```
*
* Alternatively, {ERC165Storage} provides an easier to use but more expensive implementation.
*/
abstract contract ERC165Upgradeable is Initializable, IERC165Upgradeable {
function __ERC165_init() internal onlyInitializing {
}
function __ERC165_init_unchained() internal onlyInitializing {
}
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return interfaceId == type(IERC165Upgradeable).interfaceId;
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[50] private __gap;
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (proxy/utils/Initializable.sol)
pragma solidity ^0.8.2;
import "../../utils/AddressUpgradeable.sol";
/**
* @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
* behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
* external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
* function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
*
* The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
* reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
* case an upgrade adds a module that needs to be initialized.
*
* For example:
*
* [.hljs-theme-light.nopadding]
* ```solidity
* contract MyToken is ERC20Upgradeable {
* function initialize() initializer public {
* __ERC20_init("MyToken", "MTK");
* }
* }
*
* contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
* function initializeV2() reinitializer(2) public {
* __ERC20Permit_init("MyToken");
* }
* }
* ```
*
* TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
* possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
*
* CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
* that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
*
* [CAUTION]
* ====
* Avoid leaving a contract uninitialized.
*
* An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
* contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
* the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
*
* [.hljs-theme-light.nopadding]
* ```
* /// @custom:oz-upgrades-unsafe-allow constructor
* constructor() {
* _disableInitializers();
* }
* ```
* ====
*/
abstract contract Initializable {
/**
* @dev Indicates that the contract has been initialized.
* @custom:oz-retyped-from bool
*/
uint8 private _initialized;
/**
* @dev Indicates that the contract is in the process of being initialized.
*/
bool private _initializing;
/**
* @dev Triggered when the contract has been initialized or reinitialized.
*/
event Initialized(uint8 version);
/**
* @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
* `onlyInitializing` functions can be used to initialize parent contracts.
*
* Similar to `reinitializer(1)`, except that functions marked with `initializer` can be nested in the context of a
* constructor.
*
* Emits an {Initialized} event.
*/
modifier initializer() {
bool isTopLevelCall = !_initializing;
require(
(isTopLevelCall && _initialized < 1) || (!AddressUpgradeable.isContract(address(this)) && _initialized == 1),
"Initializable: contract is already initialized"
);
_initialized = 1;
if (isTopLevelCall) {
_initializing = true;
}
_;
if (isTopLevelCall) {
_initializing = false;
emit Initialized(1);
}
}
/**
* @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
* contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
* used to initialize parent contracts.
*
* A reinitializer may be used after the original initialization step. This is essential to configure modules that
* are added through upgrades and that require initialization.
*
* When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`
* cannot be nested. If one is invoked in the context of another, execution will revert.
*
* Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
* a contract, executing them in the right order is up to the developer or operator.
*
* WARNING: setting the version to 255 will prevent any future reinitialization.
*
* Emits an {Initialized} event.
*/
modifier reinitializer(uint8 version) {
require(!_initializing && _initialized < version, "Initializable: contract is already initialized");
_initialized = version;
_initializing = true;
_;
_initializing = false;
emit Initialized(version);
}
/**
* @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
* {initializer} and {reinitializer} modifiers, directly or indirectly.
*/
modifier onlyInitializing() {
require(_initializing, "Initializable: contract is not initializing");
_;
}
/**
* @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
* Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
* to any version. It is recommended to use this to lock implementation contracts that are designed to be called
* through proxies.
*
* Emits an {Initialized} event the first time it is successfully executed.
*/
function _disableInitializers() internal virtual {
require(!_initializing, "Initializable: contract is initializing");
if (_initialized != type(uint8).max) {
_initialized = type(uint8).max;
emit Initialized(type(uint8).max);
}
}
/**
* @dev Returns the highest version that has been initialized. See {reinitializer}.
*/
function _getInitializedVersion() internal view returns (uint8) {
return _initialized;
}
/**
* @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.
*/
function _isInitializing() internal view returns (bool) {
return _initializing;
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (access/IAccessControl.sol)
pragma solidity ^0.8.0;
/**
* @dev External interface of AccessControl declared to support ERC165 detection.
*/
interface IAccessControl {
/**
* @dev Emitted when `newAdminRole` is set as ``role``'s admin role, replacing `previousAdminRole`
*
* `DEFAULT_ADMIN_ROLE` is the starting admin for all roles, despite
* {RoleAdminChanged} not being emitted signaling this.
*
* _Available since v3.1._
*/
event RoleAdminChanged(bytes32 indexed role, bytes32 indexed previousAdminRole, bytes32 indexed newAdminRole);
/**
* @dev Emitted when `account` is granted `role`.
*
* `sender` is the account that originated the contract call, an admin role
* bearer except when using {AccessControl-_setupRole}.
*/
event RoleGranted(bytes32 indexed role, address indexed account, address indexed sender);
/**
* @dev Emitted when `account` is revoked `role`.
*
* `sender` is the account that originated the contract call:
* - if using `revokeRole`, it is the admin role bearer
* - if using `renounceRole`, it is the role bearer (i.e. `account`)
*/
event RoleRevoked(bytes32 indexed role, address indexed account, address indexed sender);
/**
* @dev Returns `true` if `account` has been granted `role`.
*/
function hasRole(bytes32 role, address account) external view returns (bool);
/**
* @dev Returns the admin role that controls `role`. See {grantRole} and
* {revokeRole}.
*
* To change a role's admin, use {AccessControl-_setRoleAdmin}.
*/
function getRoleAdmin(bytes32 role) external view returns (bytes32);
/**
* @dev Grants `role` to `account`.
*
* If `account` had not been already granted `role`, emits a {RoleGranted}
* event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*/
function grantRole(bytes32 role, address account) external;
/**
* @dev Revokes `role` from `account`.
*
* If `account` had been granted `role`, emits a {RoleRevoked} event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*/
function revokeRole(bytes32 role, address account) external;
/**
* @dev Revokes `role` from the calling account.
*
* Roles are often managed via {grantRole} and {revokeRole}: this function's
* purpose is to provide a mechanism for accounts to lose their privileges
* if they are compromised (such as when a trusted device is misplaced).
*
* If the calling account had been granted `role`, emits a {RoleRevoked}
* event.
*
* Requirements:
*
* - the caller must be `account`.
*/
function renounceRole(bytes32 role, address account) external;
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)
pragma solidity ^0.8.0;
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract Context {
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (utils/Strings.sol)
pragma solidity ^0.8.0;
import "./math/Math.sol";
import "./math/SignedMath.sol";
/**
* @dev String operations.
*/
library Strings {
bytes16 private constant _SYMBOLS = "0123456789abcdef";
uint8 private constant _ADDRESS_LENGTH = 20;
/**
* @dev Converts a `uint256` to its ASCII `string` decimal representation.
*/
function toString(uint256 value) internal pure returns (string memory) {
unchecked {
uint256 length = Math.log10(value) + 1;
string memory buffer = new string(length);
uint256 ptr;
/// @solidity memory-safe-assembly
assembly {
ptr := add(buffer, add(32, length))
}
while (true) {
ptr--;
/// @solidity memory-safe-assembly
assembly {
mstore8(ptr, byte(mod(value, 10), _SYMBOLS))
}
value /= 10;
if (value == 0) break;
}
return buffer;
}
}
/**
* @dev Converts a `int256` to its ASCII `string` decimal representation.
*/
function toString(int256 value) internal pure returns (string memory) {
return string(abi.encodePacked(value < 0 ? "-" : "", toString(SignedMath.abs(value))));
}
/**
* @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.
*/
function toHexString(uint256 value) internal pure returns (string memory) {
unchecked {
return toHexString(value, Math.log256(value) + 1);
}
}
/**
* @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.
*/
function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {
bytes memory buffer = new bytes(2 * length + 2);
buffer[0] = "0";
buffer[1] = "x";
for (uint256 i = 2 * length + 1; i > 1; --i) {
buffer[i] = _SYMBOLS[value & 0xf];
value >>= 4;
}
require(value == 0, "Strings: hex length insufficient");
return string(buffer);
}
/**
* @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation.
*/
function toHexString(address addr) internal pure returns (string memory) {
return toHexString(uint256(uint160(addr)), _ADDRESS_LENGTH);
}
/**
* @dev Returns true if the two strings are equal.
*/
function equal(string memory a, string memory b) internal pure returns (bool) {
return keccak256(bytes(a)) == keccak256(bytes(b));
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/introspection/ERC165.sol)
pragma solidity ^0.8.0;
import "./IERC165.sol";
/**
* @dev Implementation of the {IERC165} interface.
*
* Contracts that want to implement ERC165 should inherit from this contract and override {supportsInterface} to check
* for the additional interface id that will be supported. For example:
*
* ```solidity
* function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
* return interfaceId == type(MyInterface).interfaceId || super.supportsInterface(interfaceId);
* }
* ```
*
* Alternatively, {ERC165Storage} provides an easier to use but more expensive implementation.
*/
abstract contract ERC165 is IERC165 {
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return interfaceId == type(IERC165).interfaceId;
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (access/AccessControlEnumerable.sol)
pragma solidity ^0.8.0;
import "./IAccessControlEnumerableUpgradeable.sol";
import "./AccessControlUpgradeable.sol";
import "../utils/structs/EnumerableSetUpgradeable.sol";
import "../proxy/utils/Initializable.sol";
/**
* @dev Extension of {AccessControl} that allows enumerating the members of each role.
*/
abstract contract AccessControlEnumerableUpgradeable is Initializable, IAccessControlEnumerableUpgradeable, AccessControlUpgradeable {
function __AccessControlEnumerable_init() internal onlyInitializing {
}
function __AccessControlEnumerable_init_unchained() internal onlyInitializing {
}
using EnumerableSetUpgradeable for EnumerableSetUpgradeable.AddressSet;
mapping(bytes32 => EnumerableSetUpgradeable.AddressSet) private _roleMembers;
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return interfaceId == type(IAccessControlEnumerableUpgradeable).interfaceId || super.supportsInterface(interfaceId);
}
/**
* @dev Returns one of the accounts that have `role`. `index` must be a
* value between 0 and {getRoleMemberCount}, non-inclusive.
*
* Role bearers are not sorted in any particular way, and their ordering may
* change at any point.
*
* WARNING: When using {getRoleMember} and {getRoleMemberCount}, make sure
* you perform all queries on the same block. See the following
* https://forum.openzeppelin.com/t/iterating-over-elements-on-enumerableset-in-openzeppelin-contracts/2296[forum post]
* for more information.
*/
function getRoleMember(bytes32 role, uint256 index) public view virtual override returns (address) {
return _roleMembers[role].at(index);
}
/**
* @dev Returns the number of accounts that have `role`. Can be used
* together with {getRoleMember} to enumerate all bearers of a role.
*/
function getRoleMemberCount(bytes32 role) public view virtual override returns (uint256) {
return _roleMembers[role].length();
}
/**
* @dev Overload {_grantRole} to track enumerable memberships
*/
function _grantRole(bytes32 role, address account) internal virtual override {
super._grantRole(role, account);
_roleMembers[role].add(account);
}
/**
* @dev Overload {_revokeRole} to track enumerable memberships
*/
function _revokeRole(bytes32 role, address account) internal virtual override {
super._revokeRole(role, account);
_roleMembers[role].remove(account);
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[49] private __gap;
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (access/AccessControlEnumerable.sol)
pragma solidity ^0.8.0;
import "./IAccessControlEnumerable.sol";
import "./AccessControl.sol";
import "../utils/structs/EnumerableSet.sol";
/**
* @dev Extension of {AccessControl} that allows enumerating the members of each role.
*/
abstract contract AccessControlEnumerable is IAccessControlEnumerable, AccessControl {
using EnumerableSet for EnumerableSet.AddressSet;
mapping(bytes32 => EnumerableSet.AddressSet) private _roleMembers;
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return interfaceId == type(IAccessControlEnumerable).interfaceId || super.supportsInterface(interfaceId);
}
/**
* @dev Returns one of the accounts that have `role`. `index` must be a
* value between 0 and {getRoleMemberCount}, non-inclusive.
*
* Role bearers are not sorted in any particular way, and their ordering may
* change at any point.
*
* WARNING: When using {getRoleMember} and {getRoleMemberCount}, make sure
* you perform all queries on the same block. See the following
* https://forum.openzeppelin.com/t/iterating-over-elements-on-enumerableset-in-openzeppelin-contracts/2296[forum post]
* for more information.
*/
function getRoleMember(bytes32 role, uint256 index) public view virtual override returns (address) {
return _roleMembers[role].at(index);
}
/**
* @dev Returns the number of accounts that have `role`. Can be used
* together with {getRoleMember} to enumerate all bearers of a role.
*/
function getRoleMemberCount(bytes32 role) public view virtual override returns (uint256) {
return _roleMembers[role].length();
}
/**
* @dev Overload {_grantRole} to track enumerable memberships
*/
function _grantRole(bytes32 role, address account) internal virtual override {
super._grantRole(role, account);
_roleMembers[role].add(account);
}
/**
* @dev Overload {_revokeRole} to track enumerable memberships
*/
function _revokeRole(bytes32 role, address account) internal virtual override {
super._revokeRole(role, account);
_roleMembers[role].remove(account);
}
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;
interface IPauserRead {
/// @notice Flag indicating if staking is paused.
function isStakingPaused() external view returns (bool);
/// @notice Flag indicating if unstake requests are paused.
function isUnstakeRequestsAndClaimsPaused() external view returns (bool);
/// @notice Flag indicating if initiate validators is paused
function isInitiateValidatorsPaused() external view returns (bool);
/// @notice Flag indicating if submit oracle records is paused.
function isSubmitOracleRecordsPaused() external view returns (bool);
/// @notice Flag indicating if allocate ETH is paused.
function isAllocateETHPaused() external view returns (bool);
}
interface IPauserWrite {
/// @notice Pauses all actions.
function pauseAll() external;
}
interface IPauser is IPauserRead, IPauserWrite {}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;
/// @notice The records stored by the oracle contract informing the protocol about consensus layer activity. It is
/// computed and reported by off-chain oracle services.
/// @dev "current" quantities refer to the state at the `updateEndBlock` block number.
/// @dev "cumulative" quantities refer to sums up to the `updateEndBlock` block number.
/// @dev "window" quantities refer to sums over the block window between the `updateStartBlock` and `updateEndBlock`.
/// @param updateStartBlock The start of the oracle record block window. This should be 1 higher than the
/// updateEndBlock of the previous oracle record.
/// @param updateEndBlock The block number up to which this oracle record was computed (inclusive).
/// @param currentNumValidatorsNotWithdrawable The number of our validators that do not have the withdrawable status.
/// @param cumulativeNumValidatorsWithdrawable The total number of our validators that have the withdrawable status.
/// These validators have either the status `withdrawal_possible` or `withdrawal_done`. Note: validators can
/// fluctuate between the two statuses due to top ups.
/// @param windowWithdrawnPrincipalAmount The amount of principal that has been withdrawn from the consensus layer in
/// the analyzed block window.
/// @param windowWithdrawnRewardAmount The amount of rewards that has been withdrawn from the consensus layer in the
/// analysed block window.
/// @param currentTotalValidatorBalance The total amount of ETH in the consensus layer (i.e. the sum of all validator
/// balances). This is one of the major quantities to compute the total value controlled by the protocol.
/// @param cumulativeProcessedDepositAmount The total amount of ETH that has been deposited into and processed by the
/// consensus layer. This is used to prevent double counting of the ETH deposited to the consensus layer.
struct OracleRecord {
uint64 updateStartBlock;
uint64 updateEndBlock;
uint64 currentNumValidatorsNotWithdrawable;
uint64 cumulativeNumValidatorsWithdrawable;
uint128 windowWithdrawnPrincipalAmount;
uint128 windowWithdrawnRewardAmount;
uint128 currentTotalValidatorBalance;
uint128 cumulativeProcessedDepositAmount;
}
interface IOracleWrite {
/// @notice Pushes a new record to the oracle.
function receiveRecord(OracleRecord calldata record) external;
}
interface IOracleReadRecord {
/// @notice Returns the latest validated record.
/// @return `OracleRecord` The latest validated record.
function latestRecord() external view returns (OracleRecord calldata);
/// @notice Returns the record at the given index.
/// @param idx The index of the record to retrieve.
/// @return `OracleRecord` The record at the given index.
function recordAt(uint256 idx) external view returns (OracleRecord calldata);
/// @notice Returns the number of records in the oracle.
/// @return `uint256` The number of records in the oracle.
function numRecords() external view returns (uint256);
}
interface IOracleReadPending {
/// @notice Returns the pending update.
/// @return `OracleRecord` The pending update.
function pendingUpdate() external view returns (OracleRecord calldata);
/// @notice Indicates whether an oracle update is pending, i.e. if it was rejected by `_sanityCheckUpdate`.
function hasPendingUpdate() external view returns (bool);
}
interface IOracleRead is IOracleReadRecord, IOracleReadPending {}
interface IOracleManager {
/// @notice Sets the new oracle updater for the contract.
/// @param newUpdater The new oracle updater.
function setOracleUpdater(address newUpdater) external;
}
interface IOracle is IOracleWrite, IOracleRead, IOracleManager {}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (utils/math/Math.sol)
pragma solidity ^0.8.0;
/**
* @dev Standard math utilities missing in the Solidity language.
*/
library Math {
enum Rounding {
Down, // Toward negative infinity
Up, // Toward infinity
Zero // Toward zero
}
/**
* @dev Returns the largest of two numbers.
*/
function max(uint256 a, uint256 b) internal pure returns (uint256) {
return a > b ? a : b;
}
/**
* @dev Returns the smallest of two numbers.
*/
function min(uint256 a, uint256 b) internal pure returns (uint256) {
return a < b ? a : b;
}
/**
* @dev Returns the average of two numbers. The result is rounded towards
* zero.
*/
function average(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b) / 2 can overflow.
return (a & b) + (a ^ b) / 2;
}
/**
* @dev Returns the ceiling of the division of two numbers.
*
* This differs from standard division with `/` in that it rounds up instead
* of rounding down.
*/
function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b - 1) / b can overflow on addition, so we distribute.
return a == 0 ? 0 : (a - 1) / b + 1;
}
/**
* @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or denominator == 0
* @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv)
* with further edits by Uniswap Labs also under MIT license.
*/
function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {
unchecked {
// 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use
// use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256
// variables such that product = prod1 * 2^256 + prod0.
uint256 prod0; // Least significant 256 bits of the product
uint256 prod1; // Most significant 256 bits of the product
assembly {
let mm := mulmod(x, y, not(0))
prod0 := mul(x, y)
prod1 := sub(sub(mm, prod0), lt(mm, prod0))
}
// Handle non-overflow cases, 256 by 256 division.
if (prod1 == 0) {
// Solidity will revert if denominator == 0, unlike the div opcode on its own.
// The surrounding unchecked block does not change this fact.
// See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.
return prod0 / denominator;
}
// Make sure the result is less than 2^256. Also prevents denominator == 0.
require(denominator > prod1, "Math: mulDiv overflow");
///////////////////////////////////////////////
// 512 by 256 division.
///////////////////////////////////////////////
// Make division exact by subtracting the remainder from [prod1 prod0].
uint256 remainder;
assembly {
// Compute remainder using mulmod.
remainder := mulmod(x, y, denominator)
// Subtract 256 bit number from 512 bit number.
prod1 := sub(prod1, gt(remainder, prod0))
prod0 := sub(prod0, remainder)
}
// Factor powers of two out of denominator and compute largest power of two divisor of denominator. Always >= 1.
// See https://cs.stackexchange.com/q/138556/92363.
// Does not overflow because the denominator cannot be zero at this stage in the function.
uint256 twos = denominator & (~denominator + 1);
assembly {
// Divide denominator by twos.
denominator := div(denominator, twos)
// Divide [prod1 prod0] by twos.
prod0 := div(prod0, twos)
// Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.
twos := add(div(sub(0, twos), twos), 1)
}
// Shift in bits from prod1 into prod0.
prod0 |= prod1 * twos;
// Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such
// that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for
// four bits. That is, denominator * inv = 1 mod 2^4.
uint256 inverse = (3 * denominator) ^ 2;
// Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also works
// in modular arithmetic, doubling the correct bits in each step.
inverse *= 2 - denominator * inverse; // inverse mod 2^8
inverse *= 2 - denominator * inverse; // inverse mod 2^16
inverse *= 2 - denominator * inverse; // inverse mod 2^32
inverse *= 2 - denominator * inverse; // inverse mod 2^64
inverse *= 2 - denominator * inverse; // inverse mod 2^128
inverse *= 2 - denominator * inverse; // inverse mod 2^256
// Because the division is now exact we can divide by multiplying with the modular inverse of denominator.
// This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is
// less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1
// is no longer required.
result = prod0 * inverse;
return result;
}
}
/**
* @notice Calculates x * y / denominator with full precision, following the selected rounding direction.
*/
function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {
uint256 result = mulDiv(x, y, denominator);
if (rounding == Rounding.Up && mulmod(x, y, denominator) > 0) {
result += 1;
}
return result;
}
/**
* @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded down.
*
* Inspired by Henry S. Warren, Jr.'s "Hacker's Delight" (Chapter 11).
*/
function sqrt(uint256 a) internal pure returns (uint256) {
if (a == 0) {
return 0;
}
// For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.
//
// We know that the "msb" (most significant bit) of our target number `a` is a power of 2 such that we have
// `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.
//
// This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`
// → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`
// → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`
//
// Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.
uint256 result = 1 << (log2(a) >> 1);
// At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,
// since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at
// every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision
// into the expected uint128 result.
unchecked {
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
return min(result, a / result);
}
}
/**
* @notice Calculates sqrt(a), following the selected rounding direction.
*/
function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = sqrt(a);
return result + (rounding == Rounding.Up && result * result < a ? 1 : 0);
}
}
/**
* @dev Return the log in base 2, rounded down, of a positive value.
* Returns 0 if given 0.
*/
function log2(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >> 128 > 0) {
value >>= 128;
result += 128;
}
if (value >> 64 > 0) {
value >>= 64;
result += 64;
}
if (value >> 32 > 0) {
value >>= 32;
result += 32;
}
if (value >> 16 > 0) {
value >>= 16;
result += 16;
}
if (value >> 8 > 0) {
value >>= 8;
result += 8;
}
if (value >> 4 > 0) {
value >>= 4;
result += 4;
}
if (value >> 2 > 0) {
value >>= 2;
result += 2;
}
if (value >> 1 > 0) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 2, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log2(value);
return result + (rounding == Rounding.Up && 1 << result < value ? 1 : 0);
}
}
/**
* @dev Return the log in base 10, rounded down, of a positive value.
* Returns 0 if given 0.
*/
function log10(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >= 10 ** 64) {
value /= 10 ** 64;
result += 64;
}
if (value >= 10 ** 32) {
value /= 10 ** 32;
result += 32;
}
if (value >= 10 ** 16) {
value /= 10 ** 16;
result += 16;
}
if (value >= 10 ** 8) {
value /= 10 ** 8;
result += 8;
}
if (value >= 10 ** 4) {
value /= 10 ** 4;
result += 4;
}
if (value >= 10 ** 2) {
value /= 10 ** 2;
result += 2;
}
if (value >= 10 ** 1) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 10, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log10(value);
return result + (rounding == Rounding.Up && 10 ** result < value ? 1 : 0);
}
}
/**
* @dev Return the log in base 256, rounded down, of a positive value.
* Returns 0 if given 0.
*
* Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.
*/
function log256(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >> 128 > 0) {
value >>= 128;
result += 16;
}
if (value >> 64 > 0) {
value >>= 64;
result += 8;
}
if (value >> 32 > 0) {
value >>= 32;
result += 4;
}
if (value >> 16 > 0) {
value >>= 16;
result += 2;
}
if (value >> 8 > 0) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 256, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log256(value);
return result + (rounding == Rounding.Up && 1 << (result << 3) < value ? 1 : 0);
}
}
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;
interface ProtocolEvents {
/// @notice Emitted when a protocol configuration has been updated.
/// @param setterSelector The selector of the function that updated the configuration.
/// @param setterSignature The signature of the function that updated the configuration.
/// @param value The abi-encoded data passed to the function that updated the configuration. Since this event will
/// only be emitted by setters, this data corresponds to the updated values in the protocol configuration.
event ProtocolConfigChanged(bytes4 indexed setterSelector, string setterSignature, bytes value);
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;
interface IStakingInitiationRead {
/// @notice The total amount of ETH sent to the beacon chain deposit contract.
function totalDepositedInValidators() external view returns (uint256);
/// @notice The number of validators initiated by the staking contract.
function numInitiatedValidators() external view returns (uint256);
/// @notice The block number at which the staking contract has been initialised.
function initializationBlockNumber() external view returns (uint256);
}
interface IStakingReturnsWrite {
/// @notice Accepts funds sent by the returns aggregator.
function receiveReturns() external payable;
/// @notice Accepts funds sent by the unstake requests manager.
function receiveFromUnstakeRequestsManager() external payable;
}
interface IStaking is IStakingInitiationRead, IStakingReturnsWrite {}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;
import {OracleRecord} from "./IOracle.sol";
interface IReturnsAggregatorWrite {
/// @notice Takes the record from the oracle, aggregates net returns accordingly and forwards them to
/// the staking contract.
function processReturns(uint256 rewardAmount, uint256 principalAmount, bool shouldIncludeELRewards) external;
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (utils/Address.sol)
pragma solidity ^0.8.1;
/**
* @dev Collection of functions related to the address type
*/
library Address {
/**
* @dev Returns true if `account` is a contract.
*
* [IMPORTANT]
* ====
* It is unsafe to assume that an address for which this function returns
* false is an externally-owned account (EOA) and not a contract.
*
* Among others, `isContract` will return false for the following
* types of addresses:
*
* - an externally-owned account
* - a contract in construction
* - an address where a contract will be created
* - an address where a contract lived, but was destroyed
*
* Furthermore, `isContract` will also return true if the target contract within
* the same transaction is already scheduled for destruction by `SELFDESTRUCT`,
* which only has an effect at the end of a transaction.
* ====
*
* [IMPORTANT]
* ====
* You shouldn't rely on `isContract` to protect against flash loan attacks!
*
* Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
* like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
* constructor.
* ====
*/
function isContract(address account) internal view returns (bool) {
// This method relies on extcodesize/address.code.length, which returns 0
// for contracts in construction, since the code is only stored at the end
// of the constructor execution.
return account.code.length > 0;
}
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
require(address(this).balance >= amount, "Address: insufficient balance");
(bool success, ) = recipient.call{value: amount}("");
require(success, "Address: unable to send value, recipient may have reverted");
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason, it is bubbled up by this
* function (like regular Solidity function calls).
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*
* _Available since v3.1._
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, "Address: low-level call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
* `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*
* _Available since v3.1._
*/
function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
}
/**
* @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
* with `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value,
string memory errorMessage
) internal returns (bytes memory) {
require(address(this).balance >= value, "Address: insufficient balance for call");
(bool success, bytes memory returndata) = target.call{value: value}(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
return functionStaticCall(target, data, "Address: low-level static call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(
address target,
bytes memory data,
string memory errorMessage
) internal view returns (bytes memory) {
(bool success, bytes memory returndata) = target.staticcall(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
return functionDelegateCall(target, data, "Address: low-level delegate call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
(bool success, bytes memory returndata) = target.delegatecall(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling
* the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.
*
* _Available since v4.8._
*/
function verifyCallResultFromTarget(
address target,
bool success,
bytes memory returndata,
string memory errorMessage
) internal view returns (bytes memory) {
if (success) {
if (returndata.length == 0) {
// only check isContract if the call was successful and the return data is empty
// otherwise we already know that it was a contract
require(isContract(target), "Address: call to non-contract");
}
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
/**
* @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the
* revert reason or using the provided one.
*
* _Available since v4.3._
*/
function verifyCallResult(
bool success,
bytes memory returndata,
string memory errorMessage
) internal pure returns (bytes memory) {
if (success) {
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
function _revert(bytes memory returndata, string memory errorMessage) private pure {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly
/// @solidity memory-safe-assembly
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert(errorMessage);
}
}
}// SPDX-License-Identifier: MIT // OpenZeppelin Contracts v4.4.1 (interfaces/IERC20.sol) pragma solidity ^0.8.0; import "../token/ERC20/IERC20.sol";
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (token/ERC20/utils/SafeERC20.sol)
pragma solidity ^0.8.0;
import "../IERC20.sol";
import "../extensions/IERC20Permit.sol";
import "../../../utils/Address.sol";
/**
* @title SafeERC20
* @dev Wrappers around ERC20 operations that throw on failure (when the token
* contract returns false). Tokens that return no value (and instead revert or
* throw on failure) are also supported, non-reverting calls are assumed to be
* successful.
* To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
* which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
*/
library SafeERC20 {
using Address for address;
/**
* @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeTransfer(IERC20 token, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));
}
/**
* @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the
* calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.
*/
function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));
}
/**
* @dev Deprecated. This function has issues similar to the ones found in
* {IERC20-approve}, and its usage is discouraged.
*
* Whenever possible, use {safeIncreaseAllowance} and
* {safeDecreaseAllowance} instead.
*/
function safeApprove(IERC20 token, address spender, uint256 value) internal {
// safeApprove should only be called when setting an initial allowance,
// or when resetting it to zero. To increase and decrease it, use
// 'safeIncreaseAllowance' and 'safeDecreaseAllowance'
require(
(value == 0) || (token.allowance(address(this), spender) == 0),
"SafeERC20: approve from non-zero to non-zero allowance"
);
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));
}
/**
* @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {
uint256 oldAllowance = token.allowance(address(this), spender);
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance + value));
}
/**
* @dev Decrease the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {
unchecked {
uint256 oldAllowance = token.allowance(address(this), spender);
require(oldAllowance >= value, "SafeERC20: decreased allowance below zero");
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance - value));
}
}
/**
* @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful. Compatible with tokens that require the approval to be set to
* 0 before setting it to a non-zero value.
*/
function forceApprove(IERC20 token, address spender, uint256 value) internal {
bytes memory approvalCall = abi.encodeWithSelector(token.approve.selector, spender, value);
if (!_callOptionalReturnBool(token, approvalCall)) {
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, 0));
_callOptionalReturn(token, approvalCall);
}
}
/**
* @dev Use a ERC-2612 signature to set the `owner` approval toward `spender` on `token`.
* Revert on invalid signature.
*/
function safePermit(
IERC20Permit token,
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) internal {
uint256 nonceBefore = token.nonces(owner);
token.permit(owner, spender, value, deadline, v, r, s);
uint256 nonceAfter = token.nonces(owner);
require(nonceAfter == nonceBefore + 1, "SafeERC20: permit did not succeed");
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*/
function _callOptionalReturn(IERC20 token, bytes memory data) private {
// We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
// we're implementing it ourselves. We use {Address-functionCall} to perform this call, which verifies that
// the target address contains contract code and also asserts for success in the low-level call.
bytes memory returndata = address(token).functionCall(data, "SafeERC20: low-level call failed");
require(returndata.length == 0 || abi.decode(returndata, (bool)), "SafeERC20: ERC20 operation did not succeed");
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*
* This is a variant of {_callOptionalReturn} that silents catches all reverts and returns a bool instead.
*/
function _callOptionalReturnBool(IERC20 token, bytes memory data) private returns (bool) {
// We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
// we're implementing it ourselves. We cannot use {Address-functionCall} here since this should return false
// and not revert is the subcall reverts.
(bool success, bytes memory returndata) = address(token).call(data);
return
success && (returndata.length == 0 || abi.decode(returndata, (bool))) && Address.isContract(address(token));
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.6.0) (token/ERC20/IERC20.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/
interface IERC20 {
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
/**
* @dev Returns the amount of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the amount of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves `amount` tokens from the caller's account to `to`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address to, uint256 amount) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 amount) external returns (bool);
/**
* @dev Moves `amount` tokens from `from` to `to` using the
* allowance mechanism. `amount` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(address from, address to, uint256 amount) external returns (bool);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/utils/SafeERC20.sol)
pragma solidity ^0.8.0;
import "../IERC20Upgradeable.sol";
import "../extensions/IERC20PermitUpgradeable.sol";
import "../../../utils/AddressUpgradeable.sol";
/**
* @title SafeERC20
* @dev Wrappers around ERC20 operations that throw on failure (when the token
* contract returns false). Tokens that return no value (and instead revert or
* throw on failure) are also supported, non-reverting calls are assumed to be
* successful.
* To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
* which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
*/
library SafeERC20Upgradeable {
using AddressUpgradeable for address;
/**
* @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeTransfer(IERC20Upgradeable token, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));
}
/**
* @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the
* calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.
*/
function safeTransferFrom(IERC20Upgradeable token, address from, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));
}
/**
* @dev Deprecated. This function has issues similar to the ones found in
* {IERC20-approve}, and its usage is discouraged.
*
* Whenever possible, use {safeIncreaseAllowance} and
* {safeDecreaseAllowance} instead.
*/
function safeApprove(IERC20Upgradeable token, address spender, uint256 value) internal {
// safeApprove should only be called when setting an initial allowance,
// or when resetting it to zero. To increase and decrease it, use
// 'safeIncreaseAllowance' and 'safeDecreaseAllowance'
require(
(value == 0) || (token.allowance(address(this), spender) == 0),
"SafeERC20: approve from non-zero to non-zero allowance"
);
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));
}
/**
* @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeIncreaseAllowance(IERC20Upgradeable token, address spender, uint256 value) internal {
uint256 oldAllowance = token.allowance(address(this), spender);
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance + value));
}
/**
* @dev Decrease the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeDecreaseAllowance(IERC20Upgradeable token, address spender, uint256 value) internal {
unchecked {
uint256 oldAllowance = token.allowance(address(this), spender);
require(oldAllowance >= value, "SafeERC20: decreased allowance below zero");
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance - value));
}
}
/**
* @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful. Compatible with tokens that require the approval to be set to
* 0 before setting it to a non-zero value.
*/
function forceApprove(IERC20Upgradeable token, address spender, uint256 value) internal {
bytes memory approvalCall = abi.encodeWithSelector(token.approve.selector, spender, value);
if (!_callOptionalReturnBool(token, approvalCall)) {
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, 0));
_callOptionalReturn(token, approvalCall);
}
}
/**
* @dev Use a ERC-2612 signature to set the `owner` approval toward `spender` on `token`.
* Revert on invalid signature.
*/
function safePermit(
IERC20PermitUpgradeable token,
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) internal {
uint256 nonceBefore = token.nonces(owner);
token.permit(owner, spender, value, deadline, v, r, s);
uint256 nonceAfter = token.nonces(owner);
require(nonceAfter == nonceBefore + 1, "SafeERC20: permit did not succeed");
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*/
function _callOptionalReturn(IERC20Upgradeable token, bytes memory data) private {
// We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
// we're implementing it ourselves. We use {Address-functionCall} to perform this call, which verifies that
// the target address contains contract code and also asserts for success in the low-level call.
bytes memory returndata = address(token).functionCall(data, "SafeERC20: low-level call failed");
require(returndata.length == 0 || abi.decode(returndata, (bool)), "SafeERC20: ERC20 operation did not succeed");
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*
* This is a variant of {_callOptionalReturn} that silents catches all reverts and returns a bool instead.
*/
function _callOptionalReturnBool(IERC20Upgradeable token, bytes memory data) private returns (bool) {
// We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
// we're implementing it ourselves. We cannot use {Address-functionCall} here since this should return false
// and not revert is the subcall reverts.
(bool success, bytes memory returndata) = address(token).call(data);
return
success && (returndata.length == 0 || abi.decode(returndata, (bool))) && AddressUpgradeable.isContract(address(token));
}
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;
import {IERC20Upgradeable} from "openzeppelin-upgradeable/token/ERC20/ERC20Upgradeable.sol";
import {IERC20PermitUpgradeable} from "openzeppelin-upgradeable/token/ERC20/extensions/IERC20PermitUpgradeable.sol";
interface IMETH is IERC20Upgradeable, IERC20PermitUpgradeable {
/// @notice Mint mETH to the staker.
/// @param staker The address of the staker.
/// @param amount The amount of tokens to mint.
function mint(address staker, uint256 amount) external;
/// @notice Burn mETH from the msg.sender.
/// @param amount The amount of tokens to burn.
function burn(uint256 amount) external;
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;
import {Staking} from "../Staking.sol";
/// @notice An unstake request is stored in the UnstakeRequestsManager and records the information required to
/// fulfill an unstake request claim.
/// @param id The unique ID of the unstake request.
/// @param requester The address of the user that requested the unstake.
/// @param mETHLocked The amount of mETH that was locked when the unstake request was created. The amount of mETH
/// will be burned once the request has been claimed.
/// @param ethRequested The amount of ETH that was requested when the unstake request was created.
/// @param cumulativeETHRequested The cumulative amount of ETH that had been requested in this request and all unstake
/// requests before this one.
/// @param blockNumber The block number at which the unstake request was created.
struct UnstakeRequest {
uint64 blockNumber;
address requester;
uint128 id;
uint128 mETHLocked;
uint128 ethRequested;
uint128 cumulativeETHRequested;
}
interface IUnstakeRequestsManagerWrite {
/// @notice Creates a new unstake request and adds it to the unstake requests array.
/// @param requester The address of the entity making the unstake request.
/// @param mETHLocked The amount of mETH tokens currently locked in the contract.
/// @param ethRequested The amount of ETH being requested for unstake.
/// @return The ID of the new unstake request.
function create(address requester, uint128 mETHLocked, uint128 ethRequested) external returns (uint256);
/// @notice Allows the requester to claim their unstake request after it has been finalized.
/// @param requestID The ID of the unstake request to claim.
/// @param requester The address of the entity claiming the unstake request.
function claim(uint256 requestID, address requester) external;
/// @notice Cancels a batch of the latest unfinalized unstake requests.
/// @param maxCancel The maximum number of requests to cancel.
/// @return A boolean indicating if there are more unstake requests to cancel.
function cancelUnfinalizedRequests(uint256 maxCancel) external returns (bool);
/// @notice Allocate ether into the contract.
function allocateETH() external payable;
/// @notice Withdraws surplus ETH from the allocatedETHForClaims.
function withdrawAllocatedETHSurplus() external;
}
interface IUnstakeRequestsManagerRead {
/// @notice Retrieves a specific unstake request based on its ID.
/// @param requestID The ID of the unstake request to fetch.
/// @return The UnstakeRequest struct corresponding to the given ID.
function requestByID(uint256 requestID) external view returns (UnstakeRequest memory);
/// @notice Returns the status of the request whether it is finalized and how much ETH that has been filled.
/// @param requestID The ID of the unstake request.
/// @return bool indicating if the request is finalized, and the amount of ETH that has been filled.
function requestInfo(uint256 requestID) external view returns (bool, uint256);
/// @notice Calculates the amount of ether allocated in the contract exceeding the total required to pay unclaimed.
/// @return The amount of surplus allocatedETH.
function allocatedETHSurplus() external view returns (uint256);
/// @notice Calculates the amount of ether that is needed to fulfill the unstake requests.
/// @return The amount of allocatedETH deficit.
function allocatedETHDeficit() external view returns (uint256);
/// @notice Calculates the amount of ether that has been allocated but not yet claimed.
/// @return The total amount of ether that is waiting to be claimed.
function balance() external view returns (uint256);
}
interface IUnstakeRequestsManager is IUnstakeRequestsManagerRead, IUnstakeRequestsManagerWrite {}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/extensions/ERC20Permit.sol)
pragma solidity ^0.8.0;
import "./IERC20PermitUpgradeable.sol";
import "../ERC20Upgradeable.sol";
import "../../../utils/cryptography/ECDSAUpgradeable.sol";
import "../../../utils/cryptography/EIP712Upgradeable.sol";
import "../../../utils/CountersUpgradeable.sol";
import "../../../proxy/utils/Initializable.sol";
/**
* @dev Implementation of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
* https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
*
* Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
* presenting a message signed by the account. By not relying on `{IERC20-approve}`, the token holder account doesn't
* need to send a transaction, and thus is not required to hold Ether at all.
*
* _Available since v3.4._
*
* @custom:storage-size 51
*/
abstract contract ERC20PermitUpgradeable is Initializable, ERC20Upgradeable, IERC20PermitUpgradeable, EIP712Upgradeable {
using CountersUpgradeable for CountersUpgradeable.Counter;
mapping(address => CountersUpgradeable.Counter) private _nonces;
// solhint-disable-next-line var-name-mixedcase
bytes32 private constant _PERMIT_TYPEHASH =
keccak256("Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)");
/**
* @dev In previous versions `_PERMIT_TYPEHASH` was declared as `immutable`.
* However, to ensure consistency with the upgradeable transpiler, we will continue
* to reserve a slot.
* @custom:oz-renamed-from _PERMIT_TYPEHASH
*/
// solhint-disable-next-line var-name-mixedcase
bytes32 private _PERMIT_TYPEHASH_DEPRECATED_SLOT;
/**
* @dev Initializes the {EIP712} domain separator using the `name` parameter, and setting `version` to `"1"`.
*
* It's a good idea to use the same `name` that is defined as the ERC20 token name.
*/
function __ERC20Permit_init(string memory name) internal onlyInitializing {
__EIP712_init_unchained(name, "1");
}
function __ERC20Permit_init_unchained(string memory) internal onlyInitializing {}
/**
* @dev See {IERC20Permit-permit}.
*/
function permit(
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) public virtual override {
require(block.timestamp <= deadline, "ERC20Permit: expired deadline");
bytes32 structHash = keccak256(abi.encode(_PERMIT_TYPEHASH, owner, spender, value, _useNonce(owner), deadline));
bytes32 hash = _hashTypedDataV4(structHash);
address signer = ECDSAUpgradeable.recover(hash, v, r, s);
require(signer == owner, "ERC20Permit: invalid signature");
_approve(owner, spender, value);
}
/**
* @dev See {IERC20Permit-nonces}.
*/
function nonces(address owner) public view virtual override returns (uint256) {
return _nonces[owner].current();
}
/**
* @dev See {IERC20Permit-DOMAIN_SEPARATOR}.
*/
// solhint-disable-next-line func-name-mixedcase
function DOMAIN_SEPARATOR() external view override returns (bytes32) {
return _domainSeparatorV4();
}
/**
* @dev "Consume a nonce": return the current value and increment.
*
* _Available since v4.1._
*/
function _useNonce(address owner) internal virtual returns (uint256 current) {
CountersUpgradeable.Counter storage nonce = _nonces[owner];
current = nonce.current();
nonce.increment();
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[49] private __gap;
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.6.0) (proxy/Proxy.sol)
pragma solidity ^0.8.0;
/**
* @dev This abstract contract provides a fallback function that delegates all calls to another contract using the EVM
* instruction `delegatecall`. We refer to the second contract as the _implementation_ behind the proxy, and it has to
* be specified by overriding the virtual {_implementation} function.
*
* Additionally, delegation to the implementation can be triggered manually through the {_fallback} function, or to a
* different contract through the {_delegate} function.
*
* The success and return data of the delegated call will be returned back to the caller of the proxy.
*/
abstract contract Proxy {
/**
* @dev Delegates the current call to `implementation`.
*
* This function does not return to its internal call site, it will return directly to the external caller.
*/
function _delegate(address implementation) internal virtual {
assembly {
// Copy msg.data. We take full control of memory in this inline assembly
// block because it will not return to Solidity code. We overwrite the
// Solidity scratch pad at memory position 0.
calldatacopy(0, 0, calldatasize())
// Call the implementation.
// out and outsize are 0 because we don't know the size yet.
let result := delegatecall(gas(), implementation, 0, calldatasize(), 0, 0)
// Copy the returned data.
returndatacopy(0, 0, returndatasize())
switch result
// delegatecall returns 0 on error.
case 0 {
revert(0, returndatasize())
}
default {
return(0, returndatasize())
}
}
}
/**
* @dev This is a virtual function that should be overridden so it returns the address to which the fallback function
* and {_fallback} should delegate.
*/
function _implementation() internal view virtual returns (address);
/**
* @dev Delegates the current call to the address returned by `_implementation()`.
*
* This function does not return to its internal call site, it will return directly to the external caller.
*/
function _fallback() internal virtual {
_beforeFallback();
_delegate(_implementation());
}
/**
* @dev Fallback function that delegates calls to the address returned by `_implementation()`. Will run if no other
* function in the contract matches the call data.
*/
fallback() external payable virtual {
_fallback();
}
/**
* @dev Fallback function that delegates calls to the address returned by `_implementation()`. Will run if call data
* is empty.
*/
receive() external payable virtual {
_fallback();
}
/**
* @dev Hook that is called before falling back to the implementation. Can happen as part of a manual `_fallback`
* call, or as part of the Solidity `fallback` or `receive` functions.
*
* If overridden should call `super._beforeFallback()`.
*/
function _beforeFallback() internal virtual {}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.3) (proxy/ERC1967/ERC1967Upgrade.sol)
pragma solidity ^0.8.2;
import "../beacon/IBeacon.sol";
import "../../interfaces/IERC1967.sol";
import "../../interfaces/draft-IERC1822.sol";
import "../../utils/Address.sol";
import "../../utils/StorageSlot.sol";
/**
* @dev This abstract contract provides getters and event emitting update functions for
* https://eips.ethereum.org/EIPS/eip-1967[EIP1967] slots.
*
* _Available since v4.1._
*/
abstract contract ERC1967Upgrade is IERC1967 {
// This is the keccak-256 hash of "eip1967.proxy.rollback" subtracted by 1
bytes32 private constant _ROLLBACK_SLOT = 0x4910fdfa16fed3260ed0e7147f7cc6da11a60208b5b9406d12a635614ffd9143;
/**
* @dev Storage slot with the address of the current implementation.
* This is the keccak-256 hash of "eip1967.proxy.implementation" subtracted by 1, and is
* validated in the constructor.
*/
bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
/**
* @dev Returns the current implementation address.
*/
function _getImplementation() internal view returns (address) {
return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
}
/**
* @dev Stores a new address in the EIP1967 implementation slot.
*/
function _setImplementation(address newImplementation) private {
require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract");
StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
}
/**
* @dev Perform implementation upgrade
*
* Emits an {Upgraded} event.
*/
function _upgradeTo(address newImplementation) internal {
_setImplementation(newImplementation);
emit Upgraded(newImplementation);
}
/**
* @dev Perform implementation upgrade with additional setup call.
*
* Emits an {Upgraded} event.
*/
function _upgradeToAndCall(address newImplementation, bytes memory data, bool forceCall) internal {
_upgradeTo(newImplementation);
if (data.length > 0 || forceCall) {
Address.functionDelegateCall(newImplementation, data);
}
}
/**
* @dev Perform implementation upgrade with security checks for UUPS proxies, and additional setup call.
*
* Emits an {Upgraded} event.
*/
function _upgradeToAndCallUUPS(address newImplementation, bytes memory data, bool forceCall) internal {
// Upgrades from old implementations will perform a rollback test. This test requires the new
// implementation to upgrade back to the old, non-ERC1822 compliant, implementation. Removing
// this special case will break upgrade paths from old UUPS implementation to new ones.
if (StorageSlot.getBooleanSlot(_ROLLBACK_SLOT).value) {
_setImplementation(newImplementation);
} else {
try IERC1822Proxiable(newImplementation).proxiableUUID() returns (bytes32 slot) {
require(slot == _IMPLEMENTATION_SLOT, "ERC1967Upgrade: unsupported proxiableUUID");
} catch {
revert("ERC1967Upgrade: new implementation is not UUPS");
}
_upgradeToAndCall(newImplementation, data, forceCall);
}
}
/**
* @dev Storage slot with the admin of the contract.
* This is the keccak-256 hash of "eip1967.proxy.admin" subtracted by 1, and is
* validated in the constructor.
*/
bytes32 internal constant _ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;
/**
* @dev Returns the current admin.
*/
function _getAdmin() internal view returns (address) {
return StorageSlot.getAddressSlot(_ADMIN_SLOT).value;
}
/**
* @dev Stores a new address in the EIP1967 admin slot.
*/
function _setAdmin(address newAdmin) private {
require(newAdmin != address(0), "ERC1967: new admin is the zero address");
StorageSlot.getAddressSlot(_ADMIN_SLOT).value = newAdmin;
}
/**
* @dev Changes the admin of the proxy.
*
* Emits an {AdminChanged} event.
*/
function _changeAdmin(address newAdmin) internal {
emit AdminChanged(_getAdmin(), newAdmin);
_setAdmin(newAdmin);
}
/**
* @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy.
* This is bytes32(uint256(keccak256('eip1967.proxy.beacon')) - 1)) and is validated in the constructor.
*/
bytes32 internal constant _BEACON_SLOT = 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50;
/**
* @dev Returns the current beacon.
*/
function _getBeacon() internal view returns (address) {
return StorageSlot.getAddressSlot(_BEACON_SLOT).value;
}
/**
* @dev Stores a new beacon in the EIP1967 beacon slot.
*/
function _setBeacon(address newBeacon) private {
require(Address.isContract(newBeacon), "ERC1967: new beacon is not a contract");
require(
Address.isContract(IBeacon(newBeacon).implementation()),
"ERC1967: beacon implementation is not a contract"
);
StorageSlot.getAddressSlot(_BEACON_SLOT).value = newBeacon;
}
/**
* @dev Perform beacon upgrade with additional setup call. Note: This upgrades the address of the beacon, it does
* not upgrade the implementation contained in the beacon (see {UpgradeableBeacon-_setImplementation} for that).
*
* Emits a {BeaconUpgraded} event.
*/
function _upgradeBeaconToAndCall(address newBeacon, bytes memory data, bool forceCall) internal {
_setBeacon(newBeacon);
emit BeaconUpgraded(newBeacon);
if (data.length > 0 || forceCall) {
Address.functionDelegateCall(IBeacon(newBeacon).implementation(), data);
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/introspection/IERC165.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC165 standard, as defined in the
* https://eips.ethereum.org/EIPS/eip-165[EIP].
*
* Implementers can declare support of contract interfaces, which can then be
* queried by others ({ERC165Checker}).
*
* For an implementation, see {ERC165}.
*/
interface IERC165 {
/**
* @dev Returns true if this contract implements the interface defined by
* `interfaceId`. See the corresponding
* https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[EIP section]
* to learn more about how these ids are created.
*
* This function call must use less than 30 000 gas.
*/
function supportsInterface(bytes4 interfaceId) external view returns (bool);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/math/Math.sol)
pragma solidity ^0.8.0;
/**
* @dev Standard math utilities missing in the Solidity language.
*/
library MathUpgradeable {
enum Rounding {
Down, // Toward negative infinity
Up, // Toward infinity
Zero // Toward zero
}
/**
* @dev Returns the largest of two numbers.
*/
function max(uint256 a, uint256 b) internal pure returns (uint256) {
return a > b ? a : b;
}
/**
* @dev Returns the smallest of two numbers.
*/
function min(uint256 a, uint256 b) internal pure returns (uint256) {
return a < b ? a : b;
}
/**
* @dev Returns the average of two numbers. The result is rounded towards
* zero.
*/
function average(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b) / 2 can overflow.
return (a & b) + (a ^ b) / 2;
}
/**
* @dev Returns the ceiling of the division of two numbers.
*
* This differs from standard division with `/` in that it rounds up instead
* of rounding down.
*/
function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b - 1) / b can overflow on addition, so we distribute.
return a == 0 ? 0 : (a - 1) / b + 1;
}
/**
* @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or denominator == 0
* @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv)
* with further edits by Uniswap Labs also under MIT license.
*/
function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {
unchecked {
// 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use
// use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256
// variables such that product = prod1 * 2^256 + prod0.
uint256 prod0; // Least significant 256 bits of the product
uint256 prod1; // Most significant 256 bits of the product
assembly {
let mm := mulmod(x, y, not(0))
prod0 := mul(x, y)
prod1 := sub(sub(mm, prod0), lt(mm, prod0))
}
// Handle non-overflow cases, 256 by 256 division.
if (prod1 == 0) {
// Solidity will revert if denominator == 0, unlike the div opcode on its own.
// The surrounding unchecked block does not change this fact.
// See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.
return prod0 / denominator;
}
// Make sure the result is less than 2^256. Also prevents denominator == 0.
require(denominator > prod1, "Math: mulDiv overflow");
///////////////////////////////////////////////
// 512 by 256 division.
///////////////////////////////////////////////
// Make division exact by subtracting the remainder from [prod1 prod0].
uint256 remainder;
assembly {
// Compute remainder using mulmod.
remainder := mulmod(x, y, denominator)
// Subtract 256 bit number from 512 bit number.
prod1 := sub(prod1, gt(remainder, prod0))
prod0 := sub(prod0, remainder)
}
// Factor powers of two out of denominator and compute largest power of two divisor of denominator. Always >= 1.
// See https://cs.stackexchange.com/q/138556/92363.
// Does not overflow because the denominator cannot be zero at this stage in the function.
uint256 twos = denominator & (~denominator + 1);
assembly {
// Divide denominator by twos.
denominator := div(denominator, twos)
// Divide [prod1 prod0] by twos.
prod0 := div(prod0, twos)
// Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.
twos := add(div(sub(0, twos), twos), 1)
}
// Shift in bits from prod1 into prod0.
prod0 |= prod1 * twos;
// Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such
// that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for
// four bits. That is, denominator * inv = 1 mod 2^4.
uint256 inverse = (3 * denominator) ^ 2;
// Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also works
// in modular arithmetic, doubling the correct bits in each step.
inverse *= 2 - denominator * inverse; // inverse mod 2^8
inverse *= 2 - denominator * inverse; // inverse mod 2^16
inverse *= 2 - denominator * inverse; // inverse mod 2^32
inverse *= 2 - denominator * inverse; // inverse mod 2^64
inverse *= 2 - denominator * inverse; // inverse mod 2^128
inverse *= 2 - denominator * inverse; // inverse mod 2^256
// Because the division is now exact we can divide by multiplying with the modular inverse of denominator.
// This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is
// less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1
// is no longer required.
result = prod0 * inverse;
return result;
}
}
/**
* @notice Calculates x * y / denominator with full precision, following the selected rounding direction.
*/
function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {
uint256 result = mulDiv(x, y, denominator);
if (rounding == Rounding.Up && mulmod(x, y, denominator) > 0) {
result += 1;
}
return result;
}
/**
* @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded down.
*
* Inspired by Henry S. Warren, Jr.'s "Hacker's Delight" (Chapter 11).
*/
function sqrt(uint256 a) internal pure returns (uint256) {
if (a == 0) {
return 0;
}
// For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.
//
// We know that the "msb" (most significant bit) of our target number `a` is a power of 2 such that we have
// `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.
//
// This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`
// → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`
// → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`
//
// Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.
uint256 result = 1 << (log2(a) >> 1);
// At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,
// since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at
// every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision
// into the expected uint128 result.
unchecked {
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
return min(result, a / result);
}
}
/**
* @notice Calculates sqrt(a), following the selected rounding direction.
*/
function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = sqrt(a);
return result + (rounding == Rounding.Up && result * result < a ? 1 : 0);
}
}
/**
* @dev Return the log in base 2, rounded down, of a positive value.
* Returns 0 if given 0.
*/
function log2(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >> 128 > 0) {
value >>= 128;
result += 128;
}
if (value >> 64 > 0) {
value >>= 64;
result += 64;
}
if (value >> 32 > 0) {
value >>= 32;
result += 32;
}
if (value >> 16 > 0) {
value >>= 16;
result += 16;
}
if (value >> 8 > 0) {
value >>= 8;
result += 8;
}
if (value >> 4 > 0) {
value >>= 4;
result += 4;
}
if (value >> 2 > 0) {
value >>= 2;
result += 2;
}
if (value >> 1 > 0) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 2, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log2(value);
return result + (rounding == Rounding.Up && 1 << result < value ? 1 : 0);
}
}
/**
* @dev Return the log in base 10, rounded down, of a positive value.
* Returns 0 if given 0.
*/
function log10(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >= 10 ** 64) {
value /= 10 ** 64;
result += 64;
}
if (value >= 10 ** 32) {
value /= 10 ** 32;
result += 32;
}
if (value >= 10 ** 16) {
value /= 10 ** 16;
result += 16;
}
if (value >= 10 ** 8) {
value /= 10 ** 8;
result += 8;
}
if (value >= 10 ** 4) {
value /= 10 ** 4;
result += 4;
}
if (value >= 10 ** 2) {
value /= 10 ** 2;
result += 2;
}
if (value >= 10 ** 1) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 10, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log10(value);
return result + (rounding == Rounding.Up && 10 ** result < value ? 1 : 0);
}
}
/**
* @dev Return the log in base 256, rounded down, of a positive value.
* Returns 0 if given 0.
*
* Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.
*/
function log256(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >> 128 > 0) {
value >>= 128;
result += 16;
}
if (value >> 64 > 0) {
value >>= 64;
result += 8;
}
if (value >> 32 > 0) {
value >>= 32;
result += 4;
}
if (value >> 16 > 0) {
value >>= 16;
result += 2;
}
if (value >> 8 > 0) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 256, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log256(value);
return result + (rounding == Rounding.Up && 1 << (result << 3) < value ? 1 : 0);
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (utils/math/SignedMath.sol)
pragma solidity ^0.8.0;
/**
* @dev Standard signed math utilities missing in the Solidity language.
*/
library SignedMathUpgradeable {
/**
* @dev Returns the largest of two signed numbers.
*/
function max(int256 a, int256 b) internal pure returns (int256) {
return a > b ? a : b;
}
/**
* @dev Returns the smallest of two signed numbers.
*/
function min(int256 a, int256 b) internal pure returns (int256) {
return a < b ? a : b;
}
/**
* @dev Returns the average of two signed numbers without overflow.
* The result is rounded towards zero.
*/
function average(int256 a, int256 b) internal pure returns (int256) {
// Formula from the book "Hacker's Delight"
int256 x = (a & b) + ((a ^ b) >> 1);
return x + (int256(uint256(x) >> 255) & (a ^ b));
}
/**
* @dev Returns the absolute unsigned value of a signed value.
*/
function abs(int256 n) internal pure returns (uint256) {
unchecked {
// must be unchecked in order to support `n = type(int256).min`
return uint256(n >= 0 ? n : -n);
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/introspection/IERC165.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC165 standard, as defined in the
* https://eips.ethereum.org/EIPS/eip-165[EIP].
*
* Implementers can declare support of contract interfaces, which can then be
* queried by others ({ERC165Checker}).
*
* For an implementation, see {ERC165}.
*/
interface IERC165Upgradeable {
/**
* @dev Returns true if this contract implements the interface defined by
* `interfaceId`. See the corresponding
* https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[EIP section]
* to learn more about how these ids are created.
*
* This function call must use less than 30 000 gas.
*/
function supportsInterface(bytes4 interfaceId) external view returns (bool);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)
pragma solidity ^0.8.1;
/**
* @dev Collection of functions related to the address type
*/
library AddressUpgradeable {
/**
* @dev Returns true if `account` is a contract.
*
* [IMPORTANT]
* ====
* It is unsafe to assume that an address for which this function returns
* false is an externally-owned account (EOA) and not a contract.
*
* Among others, `isContract` will return false for the following
* types of addresses:
*
* - an externally-owned account
* - a contract in construction
* - an address where a contract will be created
* - an address where a contract lived, but was destroyed
*
* Furthermore, `isContract` will also return true if the target contract within
* the same transaction is already scheduled for destruction by `SELFDESTRUCT`,
* which only has an effect at the end of a transaction.
* ====
*
* [IMPORTANT]
* ====
* You shouldn't rely on `isContract` to protect against flash loan attacks!
*
* Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
* like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
* constructor.
* ====
*/
function isContract(address account) internal view returns (bool) {
// This method relies on extcodesize/address.code.length, which returns 0
// for contracts in construction, since the code is only stored at the end
// of the constructor execution.
return account.code.length > 0;
}
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
require(address(this).balance >= amount, "Address: insufficient balance");
(bool success, ) = recipient.call{value: amount}("");
require(success, "Address: unable to send value, recipient may have reverted");
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason, it is bubbled up by this
* function (like regular Solidity function calls).
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*
* _Available since v3.1._
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, "Address: low-level call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
* `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*
* _Available since v3.1._
*/
function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
}
/**
* @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
* with `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value,
string memory errorMessage
) internal returns (bytes memory) {
require(address(this).balance >= value, "Address: insufficient balance for call");
(bool success, bytes memory returndata) = target.call{value: value}(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
return functionStaticCall(target, data, "Address: low-level static call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(
address target,
bytes memory data,
string memory errorMessage
) internal view returns (bytes memory) {
(bool success, bytes memory returndata) = target.staticcall(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
return functionDelegateCall(target, data, "Address: low-level delegate call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
(bool success, bytes memory returndata) = target.delegatecall(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling
* the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.
*
* _Available since v4.8._
*/
function verifyCallResultFromTarget(
address target,
bool success,
bytes memory returndata,
string memory errorMessage
) internal view returns (bytes memory) {
if (success) {
if (returndata.length == 0) {
// only check isContract if the call was successful and the return data is empty
// otherwise we already know that it was a contract
require(isContract(target), "Address: call to non-contract");
}
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
/**
* @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the
* revert reason or using the provided one.
*
* _Available since v4.3._
*/
function verifyCallResult(
bool success,
bytes memory returndata,
string memory errorMessage
) internal pure returns (bytes memory) {
if (success) {
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
function _revert(bytes memory returndata, string memory errorMessage) private pure {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly
/// @solidity memory-safe-assembly
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert(errorMessage);
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (utils/math/SignedMath.sol)
pragma solidity ^0.8.0;
/**
* @dev Standard signed math utilities missing in the Solidity language.
*/
library SignedMath {
/**
* @dev Returns the largest of two signed numbers.
*/
function max(int256 a, int256 b) internal pure returns (int256) {
return a > b ? a : b;
}
/**
* @dev Returns the smallest of two signed numbers.
*/
function min(int256 a, int256 b) internal pure returns (int256) {
return a < b ? a : b;
}
/**
* @dev Returns the average of two signed numbers without overflow.
* The result is rounded towards zero.
*/
function average(int256 a, int256 b) internal pure returns (int256) {
// Formula from the book "Hacker's Delight"
int256 x = (a & b) + ((a ^ b) >> 1);
return x + (int256(uint256(x) >> 255) & (a ^ b));
}
/**
* @dev Returns the absolute unsigned value of a signed value.
*/
function abs(int256 n) internal pure returns (uint256) {
unchecked {
// must be unchecked in order to support `n = type(int256).min`
return uint256(n >= 0 ? n : -n);
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (access/IAccessControlEnumerable.sol)
pragma solidity ^0.8.0;
import "./IAccessControlUpgradeable.sol";
/**
* @dev External interface of AccessControlEnumerable declared to support ERC165 detection.
*/
interface IAccessControlEnumerableUpgradeable is IAccessControlUpgradeable {
/**
* @dev Returns one of the accounts that have `role`. `index` must be a
* value between 0 and {getRoleMemberCount}, non-inclusive.
*
* Role bearers are not sorted in any particular way, and their ordering may
* change at any point.
*
* WARNING: When using {getRoleMember} and {getRoleMemberCount}, make sure
* you perform all queries on the same block. See the following
* https://forum.openzeppelin.com/t/iterating-over-elements-on-enumerableset-in-openzeppelin-contracts/2296[forum post]
* for more information.
*/
function getRoleMember(bytes32 role, uint256 index) external view returns (address);
/**
* @dev Returns the number of accounts that have `role`. Can be used
* together with {getRoleMember} to enumerate all bearers of a role.
*/
function getRoleMemberCount(bytes32 role) external view returns (uint256);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/structs/EnumerableSet.sol)
// This file was procedurally generated from scripts/generate/templates/EnumerableSet.js.
pragma solidity ^0.8.0;
/**
* @dev Library for managing
* https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive
* types.
*
* Sets have the following properties:
*
* - Elements are added, removed, and checked for existence in constant time
* (O(1)).
* - Elements are enumerated in O(n). No guarantees are made on the ordering.
*
* ```solidity
* contract Example {
* // Add the library methods
* using EnumerableSet for EnumerableSet.AddressSet;
*
* // Declare a set state variable
* EnumerableSet.AddressSet private mySet;
* }
* ```
*
* As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`)
* and `uint256` (`UintSet`) are supported.
*
* [WARNING]
* ====
* Trying to delete such a structure from storage will likely result in data corruption, rendering the structure
* unusable.
* See https://github.com/ethereum/solidity/pull/11843[ethereum/solidity#11843] for more info.
*
* In order to clean an EnumerableSet, you can either remove all elements one by one or create a fresh instance using an
* array of EnumerableSet.
* ====
*/
library EnumerableSetUpgradeable {
// To implement this library for multiple types with as little code
// repetition as possible, we write it in terms of a generic Set type with
// bytes32 values.
// The Set implementation uses private functions, and user-facing
// implementations (such as AddressSet) are just wrappers around the
// underlying Set.
// This means that we can only create new EnumerableSets for types that fit
// in bytes32.
struct Set {
// Storage of set values
bytes32[] _values;
// Position of the value in the `values` array, plus 1 because index 0
// means a value is not in the set.
mapping(bytes32 => uint256) _indexes;
}
/**
* @dev Add a value to a set. O(1).
*
* Returns true if the value was added to the set, that is if it was not
* already present.
*/
function _add(Set storage set, bytes32 value) private returns (bool) {
if (!_contains(set, value)) {
set._values.push(value);
// The value is stored at length-1, but we add 1 to all indexes
// and use 0 as a sentinel value
set._indexes[value] = set._values.length;
return true;
} else {
return false;
}
}
/**
* @dev Removes a value from a set. O(1).
*
* Returns true if the value was removed from the set, that is if it was
* present.
*/
function _remove(Set storage set, bytes32 value) private returns (bool) {
// We read and store the value's index to prevent multiple reads from the same storage slot
uint256 valueIndex = set._indexes[value];
if (valueIndex != 0) {
// Equivalent to contains(set, value)
// To delete an element from the _values array in O(1), we swap the element to delete with the last one in
// the array, and then remove the last element (sometimes called as 'swap and pop').
// This modifies the order of the array, as noted in {at}.
uint256 toDeleteIndex = valueIndex - 1;
uint256 lastIndex = set._values.length - 1;
if (lastIndex != toDeleteIndex) {
bytes32 lastValue = set._values[lastIndex];
// Move the last value to the index where the value to delete is
set._values[toDeleteIndex] = lastValue;
// Update the index for the moved value
set._indexes[lastValue] = valueIndex; // Replace lastValue's index to valueIndex
}
// Delete the slot where the moved value was stored
set._values.pop();
// Delete the index for the deleted slot
delete set._indexes[value];
return true;
} else {
return false;
}
}
/**
* @dev Returns true if the value is in the set. O(1).
*/
function _contains(Set storage set, bytes32 value) private view returns (bool) {
return set._indexes[value] != 0;
}
/**
* @dev Returns the number of values on the set. O(1).
*/
function _length(Set storage set) private view returns (uint256) {
return set._values.length;
}
/**
* @dev Returns the value stored at position `index` in the set. O(1).
*
* Note that there are no guarantees on the ordering of values inside the
* array, and it may change when more values are added or removed.
*
* Requirements:
*
* - `index` must be strictly less than {length}.
*/
function _at(Set storage set, uint256 index) private view returns (bytes32) {
return set._values[index];
}
/**
* @dev Return the entire set in an array
*
* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
* this function has an unbounded cost, and using it as part of a state-changing function may render the function
* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
*/
function _values(Set storage set) private view returns (bytes32[] memory) {
return set._values;
}
// Bytes32Set
struct Bytes32Set {
Set _inner;
}
/**
* @dev Add a value to a set. O(1).
*
* Returns true if the value was added to the set, that is if it was not
* already present.
*/
function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {
return _add(set._inner, value);
}
/**
* @dev Removes a value from a set. O(1).
*
* Returns true if the value was removed from the set, that is if it was
* present.
*/
function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) {
return _remove(set._inner, value);
}
/**
* @dev Returns true if the value is in the set. O(1).
*/
function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) {
return _contains(set._inner, value);
}
/**
* @dev Returns the number of values in the set. O(1).
*/
function length(Bytes32Set storage set) internal view returns (uint256) {
return _length(set._inner);
}
/**
* @dev Returns the value stored at position `index` in the set. O(1).
*
* Note that there are no guarantees on the ordering of values inside the
* array, and it may change when more values are added or removed.
*
* Requirements:
*
* - `index` must be strictly less than {length}.
*/
function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) {
return _at(set._inner, index);
}
/**
* @dev Return the entire set in an array
*
* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
* this function has an unbounded cost, and using it as part of a state-changing function may render the function
* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
*/
function values(Bytes32Set storage set) internal view returns (bytes32[] memory) {
bytes32[] memory store = _values(set._inner);
bytes32[] memory result;
/// @solidity memory-safe-assembly
assembly {
result := store
}
return result;
}
// AddressSet
struct AddressSet {
Set _inner;
}
/**
* @dev Add a value to a set. O(1).
*
* Returns true if the value was added to the set, that is if it was not
* already present.
*/
function add(AddressSet storage set, address value) internal returns (bool) {
return _add(set._inner, bytes32(uint256(uint160(value))));
}
/**
* @dev Removes a value from a set. O(1).
*
* Returns true if the value was removed from the set, that is if it was
* present.
*/
function remove(AddressSet storage set, address value) internal returns (bool) {
return _remove(set._inner, bytes32(uint256(uint160(value))));
}
/**
* @dev Returns true if the value is in the set. O(1).
*/
function contains(AddressSet storage set, address value) internal view returns (bool) {
return _contains(set._inner, bytes32(uint256(uint160(value))));
}
/**
* @dev Returns the number of values in the set. O(1).
*/
function length(AddressSet storage set) internal view returns (uint256) {
return _length(set._inner);
}
/**
* @dev Returns the value stored at position `index` in the set. O(1).
*
* Note that there are no guarantees on the ordering of values inside the
* array, and it may change when more values are added or removed.
*
* Requirements:
*
* - `index` must be strictly less than {length}.
*/
function at(AddressSet storage set, uint256 index) internal view returns (address) {
return address(uint160(uint256(_at(set._inner, index))));
}
/**
* @dev Return the entire set in an array
*
* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
* this function has an unbounded cost, and using it as part of a state-changing function may render the function
* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
*/
function values(AddressSet storage set) internal view returns (address[] memory) {
bytes32[] memory store = _values(set._inner);
address[] memory result;
/// @solidity memory-safe-assembly
assembly {
result := store
}
return result;
}
// UintSet
struct UintSet {
Set _inner;
}
/**
* @dev Add a value to a set. O(1).
*
* Returns true if the value was added to the set, that is if it was not
* already present.
*/
function add(UintSet storage set, uint256 value) internal returns (bool) {
return _add(set._inner, bytes32(value));
}
/**
* @dev Removes a value from a set. O(1).
*
* Returns true if the value was removed from the set, that is if it was
* present.
*/
function remove(UintSet storage set, uint256 value) internal returns (bool) {
return _remove(set._inner, bytes32(value));
}
/**
* @dev Returns true if the value is in the set. O(1).
*/
function contains(UintSet storage set, uint256 value) internal view returns (bool) {
return _contains(set._inner, bytes32(value));
}
/**
* @dev Returns the number of values in the set. O(1).
*/
function length(UintSet storage set) internal view returns (uint256) {
return _length(set._inner);
}
/**
* @dev Returns the value stored at position `index` in the set. O(1).
*
* Note that there are no guarantees on the ordering of values inside the
* array, and it may change when more values are added or removed.
*
* Requirements:
*
* - `index` must be strictly less than {length}.
*/
function at(UintSet storage set, uint256 index) internal view returns (uint256) {
return uint256(_at(set._inner, index));
}
/**
* @dev Return the entire set in an array
*
* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
* this function has an unbounded cost, and using it as part of a state-changing function may render the function
* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
*/
function values(UintSet storage set) internal view returns (uint256[] memory) {
bytes32[] memory store = _values(set._inner);
uint256[] memory result;
/// @solidity memory-safe-assembly
assembly {
result := store
}
return result;
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (access/IAccessControlEnumerable.sol)
pragma solidity ^0.8.0;
import "./IAccessControl.sol";
/**
* @dev External interface of AccessControlEnumerable declared to support ERC165 detection.
*/
interface IAccessControlEnumerable is IAccessControl {
/**
* @dev Returns one of the accounts that have `role`. `index` must be a
* value between 0 and {getRoleMemberCount}, non-inclusive.
*
* Role bearers are not sorted in any particular way, and their ordering may
* change at any point.
*
* WARNING: When using {getRoleMember} and {getRoleMemberCount}, make sure
* you perform all queries on the same block. See the following
* https://forum.openzeppelin.com/t/iterating-over-elements-on-enumerableset-in-openzeppelin-contracts/2296[forum post]
* for more information.
*/
function getRoleMember(bytes32 role, uint256 index) external view returns (address);
/**
* @dev Returns the number of accounts that have `role`. Can be used
* together with {getRoleMember} to enumerate all bearers of a role.
*/
function getRoleMemberCount(bytes32 role) external view returns (uint256);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (utils/structs/EnumerableSet.sol)
// This file was procedurally generated from scripts/generate/templates/EnumerableSet.js.
pragma solidity ^0.8.0;
/**
* @dev Library for managing
* https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive
* types.
*
* Sets have the following properties:
*
* - Elements are added, removed, and checked for existence in constant time
* (O(1)).
* - Elements are enumerated in O(n). No guarantees are made on the ordering.
*
* ```solidity
* contract Example {
* // Add the library methods
* using EnumerableSet for EnumerableSet.AddressSet;
*
* // Declare a set state variable
* EnumerableSet.AddressSet private mySet;
* }
* ```
*
* As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`)
* and `uint256` (`UintSet`) are supported.
*
* [WARNING]
* ====
* Trying to delete such a structure from storage will likely result in data corruption, rendering the structure
* unusable.
* See https://github.com/ethereum/solidity/pull/11843[ethereum/solidity#11843] for more info.
*
* In order to clean an EnumerableSet, you can either remove all elements one by one or create a fresh instance using an
* array of EnumerableSet.
* ====
*/
library EnumerableSet {
// To implement this library for multiple types with as little code
// repetition as possible, we write it in terms of a generic Set type with
// bytes32 values.
// The Set implementation uses private functions, and user-facing
// implementations (such as AddressSet) are just wrappers around the
// underlying Set.
// This means that we can only create new EnumerableSets for types that fit
// in bytes32.
struct Set {
// Storage of set values
bytes32[] _values;
// Position of the value in the `values` array, plus 1 because index 0
// means a value is not in the set.
mapping(bytes32 => uint256) _indexes;
}
/**
* @dev Add a value to a set. O(1).
*
* Returns true if the value was added to the set, that is if it was not
* already present.
*/
function _add(Set storage set, bytes32 value) private returns (bool) {
if (!_contains(set, value)) {
set._values.push(value);
// The value is stored at length-1, but we add 1 to all indexes
// and use 0 as a sentinel value
set._indexes[value] = set._values.length;
return true;
} else {
return false;
}
}
/**
* @dev Removes a value from a set. O(1).
*
* Returns true if the value was removed from the set, that is if it was
* present.
*/
function _remove(Set storage set, bytes32 value) private returns (bool) {
// We read and store the value's index to prevent multiple reads from the same storage slot
uint256 valueIndex = set._indexes[value];
if (valueIndex != 0) {
// Equivalent to contains(set, value)
// To delete an element from the _values array in O(1), we swap the element to delete with the last one in
// the array, and then remove the last element (sometimes called as 'swap and pop').
// This modifies the order of the array, as noted in {at}.
uint256 toDeleteIndex = valueIndex - 1;
uint256 lastIndex = set._values.length - 1;
if (lastIndex != toDeleteIndex) {
bytes32 lastValue = set._values[lastIndex];
// Move the last value to the index where the value to delete is
set._values[toDeleteIndex] = lastValue;
// Update the index for the moved value
set._indexes[lastValue] = valueIndex; // Replace lastValue's index to valueIndex
}
// Delete the slot where the moved value was stored
set._values.pop();
// Delete the index for the deleted slot
delete set._indexes[value];
return true;
} else {
return false;
}
}
/**
* @dev Returns true if the value is in the set. O(1).
*/
function _contains(Set storage set, bytes32 value) private view returns (bool) {
return set._indexes[value] != 0;
}
/**
* @dev Returns the number of values on the set. O(1).
*/
function _length(Set storage set) private view returns (uint256) {
return set._values.length;
}
/**
* @dev Returns the value stored at position `index` in the set. O(1).
*
* Note that there are no guarantees on the ordering of values inside the
* array, and it may change when more values are added or removed.
*
* Requirements:
*
* - `index` must be strictly less than {length}.
*/
function _at(Set storage set, uint256 index) private view returns (bytes32) {
return set._values[index];
}
/**
* @dev Return the entire set in an array
*
* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
* this function has an unbounded cost, and using it as part of a state-changing function may render the function
* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
*/
function _values(Set storage set) private view returns (bytes32[] memory) {
return set._values;
}
// Bytes32Set
struct Bytes32Set {
Set _inner;
}
/**
* @dev Add a value to a set. O(1).
*
* Returns true if the value was added to the set, that is if it was not
* already present.
*/
function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {
return _add(set._inner, value);
}
/**
* @dev Removes a value from a set. O(1).
*
* Returns true if the value was removed from the set, that is if it was
* present.
*/
function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) {
return _remove(set._inner, value);
}
/**
* @dev Returns true if the value is in the set. O(1).
*/
function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) {
return _contains(set._inner, value);
}
/**
* @dev Returns the number of values in the set. O(1).
*/
function length(Bytes32Set storage set) internal view returns (uint256) {
return _length(set._inner);
}
/**
* @dev Returns the value stored at position `index` in the set. O(1).
*
* Note that there are no guarantees on the ordering of values inside the
* array, and it may change when more values are added or removed.
*
* Requirements:
*
* - `index` must be strictly less than {length}.
*/
function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) {
return _at(set._inner, index);
}
/**
* @dev Return the entire set in an array
*
* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
* this function has an unbounded cost, and using it as part of a state-changing function may render the function
* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
*/
function values(Bytes32Set storage set) internal view returns (bytes32[] memory) {
bytes32[] memory store = _values(set._inner);
bytes32[] memory result;
/// @solidity memory-safe-assembly
assembly {
result := store
}
return result;
}
// AddressSet
struct AddressSet {
Set _inner;
}
/**
* @dev Add a value to a set. O(1).
*
* Returns true if the value was added to the set, that is if it was not
* already present.
*/
function add(AddressSet storage set, address value) internal returns (bool) {
return _add(set._inner, bytes32(uint256(uint160(value))));
}
/**
* @dev Removes a value from a set. O(1).
*
* Returns true if the value was removed from the set, that is if it was
* present.
*/
function remove(AddressSet storage set, address value) internal returns (bool) {
return _remove(set._inner, bytes32(uint256(uint160(value))));
}
/**
* @dev Returns true if the value is in the set. O(1).
*/
function contains(AddressSet storage set, address value) internal view returns (bool) {
return _contains(set._inner, bytes32(uint256(uint160(value))));
}
/**
* @dev Returns the number of values in the set. O(1).
*/
function length(AddressSet storage set) internal view returns (uint256) {
return _length(set._inner);
}
/**
* @dev Returns the value stored at position `index` in the set. O(1).
*
* Note that there are no guarantees on the ordering of values inside the
* array, and it may change when more values are added or removed.
*
* Requirements:
*
* - `index` must be strictly less than {length}.
*/
function at(AddressSet storage set, uint256 index) internal view returns (address) {
return address(uint160(uint256(_at(set._inner, index))));
}
/**
* @dev Return the entire set in an array
*
* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
* this function has an unbounded cost, and using it as part of a state-changing function may render the function
* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
*/
function values(AddressSet storage set) internal view returns (address[] memory) {
bytes32[] memory store = _values(set._inner);
address[] memory result;
/// @solidity memory-safe-assembly
assembly {
result := store
}
return result;
}
// UintSet
struct UintSet {
Set _inner;
}
/**
* @dev Add a value to a set. O(1).
*
* Returns true if the value was added to the set, that is if it was not
* already present.
*/
function add(UintSet storage set, uint256 value) internal returns (bool) {
return _add(set._inner, bytes32(value));
}
/**
* @dev Removes a value from a set. O(1).
*
* Returns true if the value was removed from the set, that is if it was
* present.
*/
function remove(UintSet storage set, uint256 value) internal returns (bool) {
return _remove(set._inner, bytes32(value));
}
/**
* @dev Returns true if the value is in the set. O(1).
*/
function contains(UintSet storage set, uint256 value) internal view returns (bool) {
return _contains(set._inner, bytes32(value));
}
/**
* @dev Returns the number of values in the set. O(1).
*/
function length(UintSet storage set) internal view returns (uint256) {
return _length(set._inner);
}
/**
* @dev Returns the value stored at position `index` in the set. O(1).
*
* Note that there are no guarantees on the ordering of values inside the
* array, and it may change when more values are added or removed.
*
* Requirements:
*
* - `index` must be strictly less than {length}.
*/
function at(UintSet storage set, uint256 index) internal view returns (uint256) {
return uint256(_at(set._inner, index));
}
/**
* @dev Return the entire set in an array
*
* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
* this function has an unbounded cost, and using it as part of a state-changing function may render the function
* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
*/
function values(UintSet storage set) internal view returns (uint256[] memory) {
bytes32[] memory store = _values(set._inner);
uint256[] memory result;
/// @solidity memory-safe-assembly
assembly {
result := store
}
return result;
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (token/ERC20/extensions/IERC20Permit.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
* https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
*
* Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
* presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't
* need to send a transaction, and thus is not required to hold Ether at all.
*/
interface IERC20Permit {
/**
* @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,
* given ``owner``'s signed approval.
*
* IMPORTANT: The same issues {IERC20-approve} has related to transaction
* ordering also apply here.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `spender` cannot be the zero address.
* - `deadline` must be a timestamp in the future.
* - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`
* over the EIP712-formatted function arguments.
* - the signature must use ``owner``'s current nonce (see {nonces}).
*
* For more information on the signature format, see the
* https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP
* section].
*/
function permit(
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) external;
/**
* @dev Returns the current nonce for `owner`. This value must be
* included whenever a signature is generated for {permit}.
*
* Every successful call to {permit} increases ``owner``'s nonce by one. This
* prevents a signature from being used multiple times.
*/
function nonces(address owner) external view returns (uint256);
/**
* @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.
*/
// solhint-disable-next-line func-name-mixedcase
function DOMAIN_SEPARATOR() external view returns (bytes32);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/IERC20.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/
interface IERC20Upgradeable {
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
/**
* @dev Returns the amount of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the amount of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves `amount` tokens from the caller's account to `to`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address to, uint256 amount) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 amount) external returns (bool);
/**
* @dev Moves `amount` tokens from `from` to `to` using the
* allowance mechanism. `amount` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(address from, address to, uint256 amount) external returns (bool);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/extensions/IERC20Permit.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
* https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
*
* Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
* presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't
* need to send a transaction, and thus is not required to hold Ether at all.
*/
interface IERC20PermitUpgradeable {
/**
* @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,
* given ``owner``'s signed approval.
*
* IMPORTANT: The same issues {IERC20-approve} has related to transaction
* ordering also apply here.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `spender` cannot be the zero address.
* - `deadline` must be a timestamp in the future.
* - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`
* over the EIP712-formatted function arguments.
* - the signature must use ``owner``'s current nonce (see {nonces}).
*
* For more information on the signature format, see the
* https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP
* section].
*/
function permit(
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) external;
/**
* @dev Returns the current nonce for `owner`. This value must be
* included whenever a signature is generated for {permit}.
*
* Every successful call to {permit} increases ``owner``'s nonce by one. This
* prevents a signature from being used multiple times.
*/
function nonces(address owner) external view returns (uint256);
/**
* @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.
*/
// solhint-disable-next-line func-name-mixedcase
function DOMAIN_SEPARATOR() external view returns (bytes32);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/ERC20.sol)
pragma solidity ^0.8.0;
import "./IERC20Upgradeable.sol";
import "./extensions/IERC20MetadataUpgradeable.sol";
import "../../utils/ContextUpgradeable.sol";
import "../../proxy/utils/Initializable.sol";
/**
* @dev Implementation of the {IERC20} interface.
*
* This implementation is agnostic to the way tokens are created. This means
* that a supply mechanism has to be added in a derived contract using {_mint}.
* For a generic mechanism see {ERC20PresetMinterPauser}.
*
* TIP: For a detailed writeup see our guide
* https://forum.openzeppelin.com/t/how-to-implement-erc20-supply-mechanisms/226[How
* to implement supply mechanisms].
*
* The default value of {decimals} is 18. To change this, you should override
* this function so it returns a different value.
*
* We have followed general OpenZeppelin Contracts guidelines: functions revert
* instead returning `false` on failure. This behavior is nonetheless
* conventional and does not conflict with the expectations of ERC20
* applications.
*
* Additionally, an {Approval} event is emitted on calls to {transferFrom}.
* This allows applications to reconstruct the allowance for all accounts just
* by listening to said events. Other implementations of the EIP may not emit
* these events, as it isn't required by the specification.
*
* Finally, the non-standard {decreaseAllowance} and {increaseAllowance}
* functions have been added to mitigate the well-known issues around setting
* allowances. See {IERC20-approve}.
*/
contract ERC20Upgradeable is Initializable, ContextUpgradeable, IERC20Upgradeable, IERC20MetadataUpgradeable {
mapping(address => uint256) private _balances;
mapping(address => mapping(address => uint256)) private _allowances;
uint256 private _totalSupply;
string private _name;
string private _symbol;
/**
* @dev Sets the values for {name} and {symbol}.
*
* All two of these values are immutable: they can only be set once during
* construction.
*/
function __ERC20_init(string memory name_, string memory symbol_) internal onlyInitializing {
__ERC20_init_unchained(name_, symbol_);
}
function __ERC20_init_unchained(string memory name_, string memory symbol_) internal onlyInitializing {
_name = name_;
_symbol = symbol_;
}
/**
* @dev Returns the name of the token.
*/
function name() public view virtual override returns (string memory) {
return _name;
}
/**
* @dev Returns the symbol of the token, usually a shorter version of the
* name.
*/
function symbol() public view virtual override returns (string memory) {
return _symbol;
}
/**
* @dev Returns the number of decimals used to get its user representation.
* For example, if `decimals` equals `2`, a balance of `505` tokens should
* be displayed to a user as `5.05` (`505 / 10 ** 2`).
*
* Tokens usually opt for a value of 18, imitating the relationship between
* Ether and Wei. This is the default value returned by this function, unless
* it's overridden.
*
* NOTE: This information is only used for _display_ purposes: it in
* no way affects any of the arithmetic of the contract, including
* {IERC20-balanceOf} and {IERC20-transfer}.
*/
function decimals() public view virtual override returns (uint8) {
return 18;
}
/**
* @dev See {IERC20-totalSupply}.
*/
function totalSupply() public view virtual override returns (uint256) {
return _totalSupply;
}
/**
* @dev See {IERC20-balanceOf}.
*/
function balanceOf(address account) public view virtual override returns (uint256) {
return _balances[account];
}
/**
* @dev See {IERC20-transfer}.
*
* Requirements:
*
* - `to` cannot be the zero address.
* - the caller must have a balance of at least `amount`.
*/
function transfer(address to, uint256 amount) public virtual override returns (bool) {
address owner = _msgSender();
_transfer(owner, to, amount);
return true;
}
/**
* @dev See {IERC20-allowance}.
*/
function allowance(address owner, address spender) public view virtual override returns (uint256) {
return _allowances[owner][spender];
}
/**
* @dev See {IERC20-approve}.
*
* NOTE: If `amount` is the maximum `uint256`, the allowance is not updated on
* `transferFrom`. This is semantically equivalent to an infinite approval.
*
* Requirements:
*
* - `spender` cannot be the zero address.
*/
function approve(address spender, uint256 amount) public virtual override returns (bool) {
address owner = _msgSender();
_approve(owner, spender, amount);
return true;
}
/**
* @dev See {IERC20-transferFrom}.
*
* Emits an {Approval} event indicating the updated allowance. This is not
* required by the EIP. See the note at the beginning of {ERC20}.
*
* NOTE: Does not update the allowance if the current allowance
* is the maximum `uint256`.
*
* Requirements:
*
* - `from` and `to` cannot be the zero address.
* - `from` must have a balance of at least `amount`.
* - the caller must have allowance for ``from``'s tokens of at least
* `amount`.
*/
function transferFrom(address from, address to, uint256 amount) public virtual override returns (bool) {
address spender = _msgSender();
_spendAllowance(from, spender, amount);
_transfer(from, to, amount);
return true;
}
/**
* @dev Atomically increases the allowance granted to `spender` by the caller.
*
* This is an alternative to {approve} that can be used as a mitigation for
* problems described in {IERC20-approve}.
*
* Emits an {Approval} event indicating the updated allowance.
*
* Requirements:
*
* - `spender` cannot be the zero address.
*/
function increaseAllowance(address spender, uint256 addedValue) public virtual returns (bool) {
address owner = _msgSender();
_approve(owner, spender, allowance(owner, spender) + addedValue);
return true;
}
/**
* @dev Atomically decreases the allowance granted to `spender` by the caller.
*
* This is an alternative to {approve} that can be used as a mitigation for
* problems described in {IERC20-approve}.
*
* Emits an {Approval} event indicating the updated allowance.
*
* Requirements:
*
* - `spender` cannot be the zero address.
* - `spender` must have allowance for the caller of at least
* `subtractedValue`.
*/
function decreaseAllowance(address spender, uint256 subtractedValue) public virtual returns (bool) {
address owner = _msgSender();
uint256 currentAllowance = allowance(owner, spender);
require(currentAllowance >= subtractedValue, "ERC20: decreased allowance below zero");
unchecked {
_approve(owner, spender, currentAllowance - subtractedValue);
}
return true;
}
/**
* @dev Moves `amount` of tokens from `from` to `to`.
*
* This internal function is equivalent to {transfer}, and can be used to
* e.g. implement automatic token fees, slashing mechanisms, etc.
*
* Emits a {Transfer} event.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `from` must have a balance of at least `amount`.
*/
function _transfer(address from, address to, uint256 amount) internal virtual {
require(from != address(0), "ERC20: transfer from the zero address");
require(to != address(0), "ERC20: transfer to the zero address");
_beforeTokenTransfer(from, to, amount);
uint256 fromBalance = _balances[from];
require(fromBalance >= amount, "ERC20: transfer amount exceeds balance");
unchecked {
_balances[from] = fromBalance - amount;
// Overflow not possible: the sum of all balances is capped by totalSupply, and the sum is preserved by
// decrementing then incrementing.
_balances[to] += amount;
}
emit Transfer(from, to, amount);
_afterTokenTransfer(from, to, amount);
}
/** @dev Creates `amount` tokens and assigns them to `account`, increasing
* the total supply.
*
* Emits a {Transfer} event with `from` set to the zero address.
*
* Requirements:
*
* - `account` cannot be the zero address.
*/
function _mint(address account, uint256 amount) internal virtual {
require(account != address(0), "ERC20: mint to the zero address");
_beforeTokenTransfer(address(0), account, amount);
_totalSupply += amount;
unchecked {
// Overflow not possible: balance + amount is at most totalSupply + amount, which is checked above.
_balances[account] += amount;
}
emit Transfer(address(0), account, amount);
_afterTokenTransfer(address(0), account, amount);
}
/**
* @dev Destroys `amount` tokens from `account`, reducing the
* total supply.
*
* Emits a {Transfer} event with `to` set to the zero address.
*
* Requirements:
*
* - `account` cannot be the zero address.
* - `account` must have at least `amount` tokens.
*/
function _burn(address account, uint256 amount) internal virtual {
require(account != address(0), "ERC20: burn from the zero address");
_beforeTokenTransfer(account, address(0), amount);
uint256 accountBalance = _balances[account];
require(accountBalance >= amount, "ERC20: burn amount exceeds balance");
unchecked {
_balances[account] = accountBalance - amount;
// Overflow not possible: amount <= accountBalance <= totalSupply.
_totalSupply -= amount;
}
emit Transfer(account, address(0), amount);
_afterTokenTransfer(account, address(0), amount);
}
/**
* @dev Sets `amount` as the allowance of `spender` over the `owner` s tokens.
*
* This internal function is equivalent to `approve`, and can be used to
* e.g. set automatic allowances for certain subsystems, etc.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `owner` cannot be the zero address.
* - `spender` cannot be the zero address.
*/
function _approve(address owner, address spender, uint256 amount) internal virtual {
require(owner != address(0), "ERC20: approve from the zero address");
require(spender != address(0), "ERC20: approve to the zero address");
_allowances[owner][spender] = amount;
emit Approval(owner, spender, amount);
}
/**
* @dev Updates `owner` s allowance for `spender` based on spent `amount`.
*
* Does not update the allowance amount in case of infinite allowance.
* Revert if not enough allowance is available.
*
* Might emit an {Approval} event.
*/
function _spendAllowance(address owner, address spender, uint256 amount) internal virtual {
uint256 currentAllowance = allowance(owner, spender);
if (currentAllowance != type(uint256).max) {
require(currentAllowance >= amount, "ERC20: insufficient allowance");
unchecked {
_approve(owner, spender, currentAllowance - amount);
}
}
}
/**
* @dev Hook that is called before any transfer of tokens. This includes
* minting and burning.
*
* Calling conditions:
*
* - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens
* will be transferred to `to`.
* - when `from` is zero, `amount` tokens will be minted for `to`.
* - when `to` is zero, `amount` of ``from``'s tokens will be burned.
* - `from` and `to` are never both zero.
*
* To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks].
*/
function _beforeTokenTransfer(address from, address to, uint256 amount) internal virtual {}
/**
* @dev Hook that is called after any transfer of tokens. This includes
* minting and burning.
*
* Calling conditions:
*
* - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens
* has been transferred to `to`.
* - when `from` is zero, `amount` tokens have been minted for `to`.
* - when `to` is zero, `amount` of ``from``'s tokens have been burned.
* - `from` and `to` are never both zero.
*
* To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks].
*/
function _afterTokenTransfer(address from, address to, uint256 amount) internal virtual {}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[45] private __gap;
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/ECDSA.sol)
pragma solidity ^0.8.0;
import "../StringsUpgradeable.sol";
/**
* @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.
*
* These functions can be used to verify that a message was signed by the holder
* of the private keys of a given address.
*/
library ECDSAUpgradeable {
enum RecoverError {
NoError,
InvalidSignature,
InvalidSignatureLength,
InvalidSignatureS,
InvalidSignatureV // Deprecated in v4.8
}
function _throwError(RecoverError error) private pure {
if (error == RecoverError.NoError) {
return; // no error: do nothing
} else if (error == RecoverError.InvalidSignature) {
revert("ECDSA: invalid signature");
} else if (error == RecoverError.InvalidSignatureLength) {
revert("ECDSA: invalid signature length");
} else if (error == RecoverError.InvalidSignatureS) {
revert("ECDSA: invalid signature 's' value");
}
}
/**
* @dev Returns the address that signed a hashed message (`hash`) with
* `signature` or error string. This address can then be used for verification purposes.
*
* The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:
* this function rejects them by requiring the `s` value to be in the lower
* half order, and the `v` value to be either 27 or 28.
*
* IMPORTANT: `hash` _must_ be the result of a hash operation for the
* verification to be secure: it is possible to craft signatures that
* recover to arbitrary addresses for non-hashed data. A safe way to ensure
* this is by receiving a hash of the original message (which may otherwise
* be too long), and then calling {toEthSignedMessageHash} on it.
*
* Documentation for signature generation:
* - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]
* - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]
*
* _Available since v4.3._
*/
function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError) {
if (signature.length == 65) {
bytes32 r;
bytes32 s;
uint8 v;
// ecrecover takes the signature parameters, and the only way to get them
// currently is to use assembly.
/// @solidity memory-safe-assembly
assembly {
r := mload(add(signature, 0x20))
s := mload(add(signature, 0x40))
v := byte(0, mload(add(signature, 0x60)))
}
return tryRecover(hash, v, r, s);
} else {
return (address(0), RecoverError.InvalidSignatureLength);
}
}
/**
* @dev Returns the address that signed a hashed message (`hash`) with
* `signature`. This address can then be used for verification purposes.
*
* The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:
* this function rejects them by requiring the `s` value to be in the lower
* half order, and the `v` value to be either 27 or 28.
*
* IMPORTANT: `hash` _must_ be the result of a hash operation for the
* verification to be secure: it is possible to craft signatures that
* recover to arbitrary addresses for non-hashed data. A safe way to ensure
* this is by receiving a hash of the original message (which may otherwise
* be too long), and then calling {toEthSignedMessageHash} on it.
*/
function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {
(address recovered, RecoverError error) = tryRecover(hash, signature);
_throwError(error);
return recovered;
}
/**
* @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.
*
* See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures]
*
* _Available since v4.3._
*/
function tryRecover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address, RecoverError) {
bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);
uint8 v = uint8((uint256(vs) >> 255) + 27);
return tryRecover(hash, v, r, s);
}
/**
* @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.
*
* _Available since v4.2._
*/
function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {
(address recovered, RecoverError error) = tryRecover(hash, r, vs);
_throwError(error);
return recovered;
}
/**
* @dev Overload of {ECDSA-tryRecover} that receives the `v`,
* `r` and `s` signature fields separately.
*
* _Available since v4.3._
*/
function tryRecover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address, RecoverError) {
// EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature
// unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
// the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most
// signatures from current libraries generate a unique signature with an s-value in the lower half order.
//
// If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value
// with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or
// vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept
// these malleable signatures as well.
if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
return (address(0), RecoverError.InvalidSignatureS);
}
// If the signature is valid (and not malleable), return the signer address
address signer = ecrecover(hash, v, r, s);
if (signer == address(0)) {
return (address(0), RecoverError.InvalidSignature);
}
return (signer, RecoverError.NoError);
}
/**
* @dev Overload of {ECDSA-recover} that receives the `v`,
* `r` and `s` signature fields separately.
*/
function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {
(address recovered, RecoverError error) = tryRecover(hash, v, r, s);
_throwError(error);
return recovered;
}
/**
* @dev Returns an Ethereum Signed Message, created from a `hash`. This
* produces hash corresponding to the one signed with the
* https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]
* JSON-RPC method as part of EIP-191.
*
* See {recover}.
*/
function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32 message) {
// 32 is the length in bytes of hash,
// enforced by the type signature above
/// @solidity memory-safe-assembly
assembly {
mstore(0x00, "\x19Ethereum Signed Message:\n32")
mstore(0x1c, hash)
message := keccak256(0x00, 0x3c)
}
}
/**
* @dev Returns an Ethereum Signed Message, created from `s`. This
* produces hash corresponding to the one signed with the
* https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]
* JSON-RPC method as part of EIP-191.
*
* See {recover}.
*/
function toEthSignedMessageHash(bytes memory s) internal pure returns (bytes32) {
return keccak256(abi.encodePacked("\x19Ethereum Signed Message:\n", StringsUpgradeable.toString(s.length), s));
}
/**
* @dev Returns an Ethereum Signed Typed Data, created from a
* `domainSeparator` and a `structHash`. This produces hash corresponding
* to the one signed with the
* https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`]
* JSON-RPC method as part of EIP-712.
*
* See {recover}.
*/
function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 data) {
/// @solidity memory-safe-assembly
assembly {
let ptr := mload(0x40)
mstore(ptr, "\x19\x01")
mstore(add(ptr, 0x02), domainSeparator)
mstore(add(ptr, 0x22), structHash)
data := keccak256(ptr, 0x42)
}
}
/**
* @dev Returns an Ethereum Signed Data with intended validator, created from a
* `validator` and `data` according to the version 0 of EIP-191.
*
* See {recover}.
*/
function toDataWithIntendedValidatorHash(address validator, bytes memory data) internal pure returns (bytes32) {
return keccak256(abi.encodePacked("\x19\x00", validator, data));
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/EIP712.sol)
pragma solidity ^0.8.8;
import "./ECDSAUpgradeable.sol";
import "../../interfaces/IERC5267Upgradeable.sol";
import "../../proxy/utils/Initializable.sol";
/**
* @dev https://eips.ethereum.org/EIPS/eip-712[EIP 712] is a standard for hashing and signing of typed structured data.
*
* The encoding specified in the EIP is very generic, and such a generic implementation in Solidity is not feasible,
* thus this contract does not implement the encoding itself. Protocols need to implement the type-specific encoding
* they need in their contracts using a combination of `abi.encode` and `keccak256`.
*
* This contract implements the EIP 712 domain separator ({_domainSeparatorV4}) that is used as part of the encoding
* scheme, and the final step of the encoding to obtain the message digest that is then signed via ECDSA
* ({_hashTypedDataV4}).
*
* The implementation of the domain separator was designed to be as efficient as possible while still properly updating
* the chain id to protect against replay attacks on an eventual fork of the chain.
*
* NOTE: This contract implements the version of the encoding known as "v4", as implemented by the JSON RPC method
* https://docs.metamask.io/guide/signing-data.html[`eth_signTypedDataV4` in MetaMask].
*
* NOTE: In the upgradeable version of this contract, the cached values will correspond to the address, and the domain
* separator of the implementation contract. This will cause the `_domainSeparatorV4` function to always rebuild the
* separator from the immutable values, which is cheaper than accessing a cached version in cold storage.
*
* _Available since v3.4._
*
* @custom:storage-size 52
*/
abstract contract EIP712Upgradeable is Initializable, IERC5267Upgradeable {
bytes32 private constant _TYPE_HASH =
keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)");
/// @custom:oz-renamed-from _HASHED_NAME
bytes32 private _hashedName;
/// @custom:oz-renamed-from _HASHED_VERSION
bytes32 private _hashedVersion;
string private _name;
string private _version;
/**
* @dev Initializes the domain separator and parameter caches.
*
* The meaning of `name` and `version` is specified in
* https://eips.ethereum.org/EIPS/eip-712#definition-of-domainseparator[EIP 712]:
*
* - `name`: the user readable name of the signing domain, i.e. the name of the DApp or the protocol.
* - `version`: the current major version of the signing domain.
*
* NOTE: These parameters cannot be changed except through a xref:learn::upgrading-smart-contracts.adoc[smart
* contract upgrade].
*/
function __EIP712_init(string memory name, string memory version) internal onlyInitializing {
__EIP712_init_unchained(name, version);
}
function __EIP712_init_unchained(string memory name, string memory version) internal onlyInitializing {
_name = name;
_version = version;
// Reset prior values in storage if upgrading
_hashedName = 0;
_hashedVersion = 0;
}
/**
* @dev Returns the domain separator for the current chain.
*/
function _domainSeparatorV4() internal view returns (bytes32) {
return _buildDomainSeparator();
}
function _buildDomainSeparator() private view returns (bytes32) {
return keccak256(abi.encode(_TYPE_HASH, _EIP712NameHash(), _EIP712VersionHash(), block.chainid, address(this)));
}
/**
* @dev Given an already https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct[hashed struct], this
* function returns the hash of the fully encoded EIP712 message for this domain.
*
* This hash can be used together with {ECDSA-recover} to obtain the signer of a message. For example:
*
* ```solidity
* bytes32 digest = _hashTypedDataV4(keccak256(abi.encode(
* keccak256("Mail(address to,string contents)"),
* mailTo,
* keccak256(bytes(mailContents))
* )));
* address signer = ECDSA.recover(digest, signature);
* ```
*/
function _hashTypedDataV4(bytes32 structHash) internal view virtual returns (bytes32) {
return ECDSAUpgradeable.toTypedDataHash(_domainSeparatorV4(), structHash);
}
/**
* @dev See {EIP-5267}.
*
* _Available since v4.9._
*/
function eip712Domain()
public
view
virtual
override
returns (
bytes1 fields,
string memory name,
string memory version,
uint256 chainId,
address verifyingContract,
bytes32 salt,
uint256[] memory extensions
)
{
// If the hashed name and version in storage are non-zero, the contract hasn't been properly initialized
// and the EIP712 domain is not reliable, as it will be missing name and version.
require(_hashedName == 0 && _hashedVersion == 0, "EIP712: Uninitialized");
return (
hex"0f", // 01111
_EIP712Name(),
_EIP712Version(),
block.chainid,
address(this),
bytes32(0),
new uint256[](0)
);
}
/**
* @dev The name parameter for the EIP712 domain.
*
* NOTE: This function reads from storage by default, but can be redefined to return a constant value if gas costs
* are a concern.
*/
function _EIP712Name() internal virtual view returns (string memory) {
return _name;
}
/**
* @dev The version parameter for the EIP712 domain.
*
* NOTE: This function reads from storage by default, but can be redefined to return a constant value if gas costs
* are a concern.
*/
function _EIP712Version() internal virtual view returns (string memory) {
return _version;
}
/**
* @dev The hash of the name parameter for the EIP712 domain.
*
* NOTE: In previous versions this function was virtual. In this version you should override `_EIP712Name` instead.
*/
function _EIP712NameHash() internal view returns (bytes32) {
string memory name = _EIP712Name();
if (bytes(name).length > 0) {
return keccak256(bytes(name));
} else {
// If the name is empty, the contract may have been upgraded without initializing the new storage.
// We return the name hash in storage if non-zero, otherwise we assume the name is empty by design.
bytes32 hashedName = _hashedName;
if (hashedName != 0) {
return hashedName;
} else {
return keccak256("");
}
}
}
/**
* @dev The hash of the version parameter for the EIP712 domain.
*
* NOTE: In previous versions this function was virtual. In this version you should override `_EIP712Version` instead.
*/
function _EIP712VersionHash() internal view returns (bytes32) {
string memory version = _EIP712Version();
if (bytes(version).length > 0) {
return keccak256(bytes(version));
} else {
// If the version is empty, the contract may have been upgraded without initializing the new storage.
// We return the version hash in storage if non-zero, otherwise we assume the version is empty by design.
bytes32 hashedVersion = _hashedVersion;
if (hashedVersion != 0) {
return hashedVersion;
} else {
return keccak256("");
}
}
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[48] private __gap;
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/Counters.sol)
pragma solidity ^0.8.0;
/**
* @title Counters
* @author Matt Condon (@shrugs)
* @dev Provides counters that can only be incremented, decremented or reset. This can be used e.g. to track the number
* of elements in a mapping, issuing ERC721 ids, or counting request ids.
*
* Include with `using Counters for Counters.Counter;`
*/
library CountersUpgradeable {
struct Counter {
// This variable should never be directly accessed by users of the library: interactions must be restricted to
// the library's function. As of Solidity v0.5.2, this cannot be enforced, though there is a proposal to add
// this feature: see https://github.com/ethereum/solidity/issues/4637
uint256 _value; // default: 0
}
function current(Counter storage counter) internal view returns (uint256) {
return counter._value;
}
function increment(Counter storage counter) internal {
unchecked {
counter._value += 1;
}
}
function decrement(Counter storage counter) internal {
uint256 value = counter._value;
require(value > 0, "Counter: decrement overflow");
unchecked {
counter._value = value - 1;
}
}
function reset(Counter storage counter) internal {
counter._value = 0;
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (proxy/beacon/IBeacon.sol)
pragma solidity ^0.8.0;
/**
* @dev This is the interface that {BeaconProxy} expects of its beacon.
*/
interface IBeacon {
/**
* @dev Must return an address that can be used as a delegate call target.
*
* {BeaconProxy} will check that this address is a contract.
*/
function implementation() external view returns (address);
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
/**
* @dev ERC-1967: Proxy Storage Slots. This interface contains the events defined in the ERC.
*
* _Available since v4.8.3._
*/
interface IERC1967 {
/**
* @dev Emitted when the implementation is upgraded.
*/
event Upgraded(address indexed implementation);
/**
* @dev Emitted when the admin account has changed.
*/
event AdminChanged(address previousAdmin, address newAdmin);
/**
* @dev Emitted when the beacon is changed.
*/
event BeaconUpgraded(address indexed beacon);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (interfaces/draft-IERC1822.sol)
pragma solidity ^0.8.0;
/**
* @dev ERC1822: Universal Upgradeable Proxy Standard (UUPS) documents a method for upgradeability through a simplified
* proxy whose upgrades are fully controlled by the current implementation.
*/
interface IERC1822Proxiable {
/**
* @dev Returns the storage slot that the proxiable contract assumes is being used to store the implementation
* address.
*
* IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks
* bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this
* function revert if invoked through a proxy.
*/
function proxiableUUID() external view returns (bytes32);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (utils/StorageSlot.sol)
// This file was procedurally generated from scripts/generate/templates/StorageSlot.js.
pragma solidity ^0.8.0;
/**
* @dev Library for reading and writing primitive types to specific storage slots.
*
* Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.
* This library helps with reading and writing to such slots without the need for inline assembly.
*
* The functions in this library return Slot structs that contain a `value` member that can be used to read or write.
*
* Example usage to set ERC1967 implementation slot:
* ```solidity
* contract ERC1967 {
* bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
*
* function _getImplementation() internal view returns (address) {
* return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
* }
*
* function _setImplementation(address newImplementation) internal {
* require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract");
* StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
* }
* }
* ```
*
* _Available since v4.1 for `address`, `bool`, `bytes32`, `uint256`._
* _Available since v4.9 for `string`, `bytes`._
*/
library StorageSlot {
struct AddressSlot {
address value;
}
struct BooleanSlot {
bool value;
}
struct Bytes32Slot {
bytes32 value;
}
struct Uint256Slot {
uint256 value;
}
struct StringSlot {
string value;
}
struct BytesSlot {
bytes value;
}
/**
* @dev Returns an `AddressSlot` with member `value` located at `slot`.
*/
function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `BooleanSlot` with member `value` located at `slot`.
*/
function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Bytes32Slot` with member `value` located at `slot`.
*/
function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Uint256Slot` with member `value` located at `slot`.
*/
function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `StringSlot` with member `value` located at `slot`.
*/
function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `StringSlot` representation of the string storage pointer `store`.
*/
function getStringSlot(string storage store) internal pure returns (StringSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := store.slot
}
}
/**
* @dev Returns an `BytesSlot` with member `value` located at `slot`.
*/
function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`.
*/
function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := store.slot
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (token/ERC20/extensions/IERC20Metadata.sol)
pragma solidity ^0.8.0;
import "../IERC20Upgradeable.sol";
/**
* @dev Interface for the optional metadata functions from the ERC20 standard.
*
* _Available since v4.1._
*/
interface IERC20MetadataUpgradeable is IERC20Upgradeable {
/**
* @dev Returns the name of the token.
*/
function name() external view returns (string memory);
/**
* @dev Returns the symbol of the token.
*/
function symbol() external view returns (string memory);
/**
* @dev Returns the decimals places of the token.
*/
function decimals() external view returns (uint8);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (interfaces/IERC5267.sol)
pragma solidity ^0.8.0;
interface IERC5267Upgradeable {
/**
* @dev MAY be emitted to signal that the domain could have changed.
*/
event EIP712DomainChanged();
/**
* @dev returns the fields and values that describe the domain separator used by this contract for EIP-712
* signature.
*/
function eip712Domain()
external
view
returns (
bytes1 fields,
string memory name,
string memory version,
uint256 chainId,
address verifyingContract,
bytes32 salt,
uint256[] memory extensions
);
}{
"remappings": [
"ds-test/=lib/forge-std/lib/ds-test/src/",
"erc4626-tests/=lib/openzeppelin-contracts-upgradeable/lib/erc4626-tests/",
"forge-std/=lib/forge-std/src/",
"openzeppelin-contracts-upgradeable/=lib/openzeppelin-contracts-upgradeable/",
"openzeppelin-contracts/=lib/openzeppelin-contracts/",
"openzeppelin-upgradeable/=lib/openzeppelin-contracts-upgradeable/contracts/",
"openzeppelin/=lib/openzeppelin-contracts/contracts/",
"lib/forge-std:ds-test/=lib/forge-std/lib/ds-test/src/",
"lib/openzeppelin-contracts:ds-test/=lib/openzeppelin-contracts/lib/forge-std/lib/ds-test/src/",
"lib/openzeppelin-contracts:erc4626-tests/=lib/openzeppelin-contracts/lib/erc4626-tests/",
"lib/openzeppelin-contracts:forge-std/=lib/openzeppelin-contracts/lib/forge-std/src/",
"lib/openzeppelin-contracts:openzeppelin/=lib/openzeppelin-contracts/contracts/",
"lib/openzeppelin-contracts-upgradeable:ds-test/=lib/openzeppelin-contracts-upgradeable/lib/forge-std/lib/ds-test/src/",
"lib/openzeppelin-contracts-upgradeable:erc4626-tests/=lib/openzeppelin-contracts-upgradeable/lib/erc4626-tests/",
"lib/openzeppelin-contracts-upgradeable:forge-std/=lib/openzeppelin-contracts-upgradeable/lib/forge-std/src/",
"lib/openzeppelin-contracts-upgradeable:openzeppelin/=lib/openzeppelin-contracts-upgradeable/contracts/"
],
"optimizer": {
"enabled": true,
"runs": 1000000
},
"metadata": {
"useLiteralContent": false,
"bytecodeHash": "ipfs",
"appendCBOR": true
},
"outputSelection": {
"*": {
"*": [
"evm.bytecode",
"evm.deployedBytecode",
"devdoc",
"userdoc",
"metadata",
"abi"
]
}
},
"evmVersion": "paris",
"libraries": {}
}Contract Security Audit
- No Contract Security Audit Submitted- Submit Audit Here
Contract Creation Code
6080604052348015600f57600080fd5b50603f80601d6000396000f3fe6080604052600080fdfea26469706673582212203a3ff5a80da02b3b98fdb1b7879618a39bd855fd1719b9640cddb5dbbdb8ef3f64736f6c63430008140033
Deployed Bytecode
0x6080604052600080fdfea26469706673582212203a3ff5a80da02b3b98fdb1b7879618a39bd855fd1719b9640cddb5dbbdb8ef3f64736f6c63430008140033
Loading...
Loading
Loading...
Loading
Multichain Portfolio | 30 Chains
| Chain | Token | Portfolio % | Price | Amount | Value |
|---|
Loading...
Loading
[ Download: CSV Export ]
A contract address hosts a smart contract, which is a set of code stored on the blockchain that runs when predetermined conditions are met. Learn more about addresses in our Knowledge Base.