Contract Name:
OperationalStaking
Contract Source Code:
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (access/Ownable.sol)
pragma solidity ^0.8.0;
import "../utils/ContextUpgradeable.sol";
import {Initializable} from "../proxy/utils/Initializable.sol";
/**
* @dev Contract module which provides a basic access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* By default, the owner account will be the one that deploys the contract. This
* can later be changed with {transferOwnership}.
*
* This module is used through inheritance. It will make available the modifier
* `onlyOwner`, which can be applied to your functions to restrict their use to
* the owner.
*/
abstract contract OwnableUpgradeable is Initializable, ContextUpgradeable {
address private _owner;
event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
/**
* @dev Initializes the contract setting the deployer as the initial owner.
*/
function __Ownable_init() internal onlyInitializing {
__Ownable_init_unchained();
}
function __Ownable_init_unchained() internal onlyInitializing {
_transferOwnership(_msgSender());
}
/**
* @dev Throws if called by any account other than the owner.
*/
modifier onlyOwner() {
_checkOwner();
_;
}
/**
* @dev Returns the address of the current owner.
*/
function owner() public view virtual returns (address) {
return _owner;
}
/**
* @dev Throws if the sender is not the owner.
*/
function _checkOwner() internal view virtual {
require(owner() == _msgSender(), "Ownable: caller is not the owner");
}
/**
* @dev Leaves the contract without owner. It will not be possible to call
* `onlyOwner` functions. Can only be called by the current owner.
*
* NOTE: Renouncing ownership will leave the contract without an owner,
* thereby disabling any functionality that is only available to the owner.
*/
function renounceOwnership() public virtual onlyOwner {
_transferOwnership(address(0));
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Can only be called by the current owner.
*/
function transferOwnership(address newOwner) public virtual onlyOwner {
require(newOwner != address(0), "Ownable: new owner is the zero address");
_transferOwnership(newOwner);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Internal function without access restriction.
*/
function _transferOwnership(address newOwner) internal virtual {
address oldOwner = _owner;
_owner = newOwner;
emit OwnershipTransferred(oldOwner, newOwner);
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[49] private __gap;
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (proxy/utils/Initializable.sol)
pragma solidity ^0.8.2;
import "../../utils/AddressUpgradeable.sol";
/**
* @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
* behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
* external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
* function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
*
* The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
* reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
* case an upgrade adds a module that needs to be initialized.
*
* For example:
*
* [.hljs-theme-light.nopadding]
* ```solidity
* contract MyToken is ERC20Upgradeable {
* function initialize() initializer public {
* __ERC20_init("MyToken", "MTK");
* }
* }
*
* contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
* function initializeV2() reinitializer(2) public {
* __ERC20Permit_init("MyToken");
* }
* }
* ```
*
* TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
* possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
*
* CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
* that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
*
* [CAUTION]
* ====
* Avoid leaving a contract uninitialized.
*
* An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
* contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
* the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
*
* [.hljs-theme-light.nopadding]
* ```
* /// @custom:oz-upgrades-unsafe-allow constructor
* constructor() {
* _disableInitializers();
* }
* ```
* ====
*/
abstract contract Initializable {
/**
* @dev Indicates that the contract has been initialized.
* @custom:oz-retyped-from bool
*/
uint8 private _initialized;
/**
* @dev Indicates that the contract is in the process of being initialized.
*/
bool private _initializing;
/**
* @dev Triggered when the contract has been initialized or reinitialized.
*/
event Initialized(uint8 version);
/**
* @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
* `onlyInitializing` functions can be used to initialize parent contracts.
*
* Similar to `reinitializer(1)`, except that functions marked with `initializer` can be nested in the context of a
* constructor.
*
* Emits an {Initialized} event.
*/
modifier initializer() {
bool isTopLevelCall = !_initializing;
require(
(isTopLevelCall && _initialized < 1) || (!AddressUpgradeable.isContract(address(this)) && _initialized == 1),
"Initializable: contract is already initialized"
);
_initialized = 1;
if (isTopLevelCall) {
_initializing = true;
}
_;
if (isTopLevelCall) {
_initializing = false;
emit Initialized(1);
}
}
/**
* @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
* contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
* used to initialize parent contracts.
*
* A reinitializer may be used after the original initialization step. This is essential to configure modules that
* are added through upgrades and that require initialization.
*
* When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`
* cannot be nested. If one is invoked in the context of another, execution will revert.
*
* Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
* a contract, executing them in the right order is up to the developer or operator.
*
* WARNING: setting the version to 255 will prevent any future reinitialization.
*
* Emits an {Initialized} event.
*/
modifier reinitializer(uint8 version) {
require(!_initializing && _initialized < version, "Initializable: contract is already initialized");
_initialized = version;
_initializing = true;
_;
_initializing = false;
emit Initialized(version);
}
/**
* @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
* {initializer} and {reinitializer} modifiers, directly or indirectly.
*/
modifier onlyInitializing() {
require(_initializing, "Initializable: contract is not initializing");
_;
}
/**
* @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
* Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
* to any version. It is recommended to use this to lock implementation contracts that are designed to be called
* through proxies.
*
* Emits an {Initialized} event the first time it is successfully executed.
*/
function _disableInitializers() internal virtual {
require(!_initializing, "Initializable: contract is initializing");
if (_initialized != type(uint8).max) {
_initialized = type(uint8).max;
emit Initialized(type(uint8).max);
}
}
/**
* @dev Returns the highest version that has been initialized. See {reinitializer}.
*/
function _getInitializedVersion() internal view returns (uint8) {
return _initialized;
}
/**
* @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.
*/
function _isInitializing() internal view returns (bool) {
return _initializing;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.4) (token/ERC20/extensions/IERC20Permit.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
* https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
*
* Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
* presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't
* need to send a transaction, and thus is not required to hold Ether at all.
*
* ==== Security Considerations
*
* There are two important considerations concerning the use of `permit`. The first is that a valid permit signature
* expresses an allowance, and it should not be assumed to convey additional meaning. In particular, it should not be
* considered as an intention to spend the allowance in any specific way. The second is that because permits have
* built-in replay protection and can be submitted by anyone, they can be frontrun. A protocol that uses permits should
* take this into consideration and allow a `permit` call to fail. Combining these two aspects, a pattern that may be
* generally recommended is:
*
* ```solidity
* function doThingWithPermit(..., uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s) public {
* try token.permit(msg.sender, address(this), value, deadline, v, r, s) {} catch {}
* doThing(..., value);
* }
*
* function doThing(..., uint256 value) public {
* token.safeTransferFrom(msg.sender, address(this), value);
* ...
* }
* ```
*
* Observe that: 1) `msg.sender` is used as the owner, leaving no ambiguity as to the signer intent, and 2) the use of
* `try/catch` allows the permit to fail and makes the code tolerant to frontrunning. (See also
* {SafeERC20-safeTransferFrom}).
*
* Additionally, note that smart contract wallets (such as Argent or Safe) are not able to produce permit signatures, so
* contracts should have entry points that don't rely on permit.
*/
interface IERC20PermitUpgradeable {
/**
* @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,
* given ``owner``'s signed approval.
*
* IMPORTANT: The same issues {IERC20-approve} has related to transaction
* ordering also apply here.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `spender` cannot be the zero address.
* - `deadline` must be a timestamp in the future.
* - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`
* over the EIP712-formatted function arguments.
* - the signature must use ``owner``'s current nonce (see {nonces}).
*
* For more information on the signature format, see the
* https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP
* section].
*
* CAUTION: See Security Considerations above.
*/
function permit(
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) external;
/**
* @dev Returns the current nonce for `owner`. This value must be
* included whenever a signature is generated for {permit}.
*
* Every successful call to {permit} increases ``owner``'s nonce by one. This
* prevents a signature from being used multiple times.
*/
function nonces(address owner) external view returns (uint256);
/**
* @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.
*/
// solhint-disable-next-line func-name-mixedcase
function DOMAIN_SEPARATOR() external view returns (bytes32);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/IERC20.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/
interface IERC20Upgradeable {
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
/**
* @dev Returns the amount of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the amount of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves `amount` tokens from the caller's account to `to`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address to, uint256 amount) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 amount) external returns (bool);
/**
* @dev Moves `amount` tokens from `from` to `to` using the
* allowance mechanism. `amount` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(address from, address to, uint256 amount) external returns (bool);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.3) (token/ERC20/utils/SafeERC20.sol)
pragma solidity ^0.8.0;
import "../IERC20Upgradeable.sol";
import "../extensions/IERC20PermitUpgradeable.sol";
import "../../../utils/AddressUpgradeable.sol";
/**
* @title SafeERC20
* @dev Wrappers around ERC20 operations that throw on failure (when the token
* contract returns false). Tokens that return no value (and instead revert or
* throw on failure) are also supported, non-reverting calls are assumed to be
* successful.
* To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
* which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
*/
library SafeERC20Upgradeable {
using AddressUpgradeable for address;
/**
* @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeTransfer(IERC20Upgradeable token, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));
}
/**
* @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the
* calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.
*/
function safeTransferFrom(IERC20Upgradeable token, address from, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));
}
/**
* @dev Deprecated. This function has issues similar to the ones found in
* {IERC20-approve}, and its usage is discouraged.
*
* Whenever possible, use {safeIncreaseAllowance} and
* {safeDecreaseAllowance} instead.
*/
function safeApprove(IERC20Upgradeable token, address spender, uint256 value) internal {
// safeApprove should only be called when setting an initial allowance,
// or when resetting it to zero. To increase and decrease it, use
// 'safeIncreaseAllowance' and 'safeDecreaseAllowance'
require(
(value == 0) || (token.allowance(address(this), spender) == 0),
"SafeERC20: approve from non-zero to non-zero allowance"
);
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));
}
/**
* @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeIncreaseAllowance(IERC20Upgradeable token, address spender, uint256 value) internal {
uint256 oldAllowance = token.allowance(address(this), spender);
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance + value));
}
/**
* @dev Decrease the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeDecreaseAllowance(IERC20Upgradeable token, address spender, uint256 value) internal {
unchecked {
uint256 oldAllowance = token.allowance(address(this), spender);
require(oldAllowance >= value, "SafeERC20: decreased allowance below zero");
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance - value));
}
}
/**
* @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval
* to be set to zero before setting it to a non-zero value, such as USDT.
*/
function forceApprove(IERC20Upgradeable token, address spender, uint256 value) internal {
bytes memory approvalCall = abi.encodeWithSelector(token.approve.selector, spender, value);
if (!_callOptionalReturnBool(token, approvalCall)) {
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, 0));
_callOptionalReturn(token, approvalCall);
}
}
/**
* @dev Use a ERC-2612 signature to set the `owner` approval toward `spender` on `token`.
* Revert on invalid signature.
*/
function safePermit(
IERC20PermitUpgradeable token,
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) internal {
uint256 nonceBefore = token.nonces(owner);
token.permit(owner, spender, value, deadline, v, r, s);
uint256 nonceAfter = token.nonces(owner);
require(nonceAfter == nonceBefore + 1, "SafeERC20: permit did not succeed");
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*/
function _callOptionalReturn(IERC20Upgradeable token, bytes memory data) private {
// We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
// we're implementing it ourselves. We use {Address-functionCall} to perform this call, which verifies that
// the target address contains contract code and also asserts for success in the low-level call.
bytes memory returndata = address(token).functionCall(data, "SafeERC20: low-level call failed");
require(returndata.length == 0 || abi.decode(returndata, (bool)), "SafeERC20: ERC20 operation did not succeed");
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*
* This is a variant of {_callOptionalReturn} that silents catches all reverts and returns a bool instead.
*/
function _callOptionalReturnBool(IERC20Upgradeable token, bytes memory data) private returns (bool) {
// We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
// we're implementing it ourselves. We cannot use {Address-functionCall} here since this should return false
// and not revert is the subcall reverts.
(bool success, bytes memory returndata) = address(token).call(data);
return
success && (returndata.length == 0 || abi.decode(returndata, (bool))) && AddressUpgradeable.isContract(address(token));
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)
pragma solidity ^0.8.1;
/**
* @dev Collection of functions related to the address type
*/
library AddressUpgradeable {
/**
* @dev Returns true if `account` is a contract.
*
* [IMPORTANT]
* ====
* It is unsafe to assume that an address for which this function returns
* false is an externally-owned account (EOA) and not a contract.
*
* Among others, `isContract` will return false for the following
* types of addresses:
*
* - an externally-owned account
* - a contract in construction
* - an address where a contract will be created
* - an address where a contract lived, but was destroyed
*
* Furthermore, `isContract` will also return true if the target contract within
* the same transaction is already scheduled for destruction by `SELFDESTRUCT`,
* which only has an effect at the end of a transaction.
* ====
*
* [IMPORTANT]
* ====
* You shouldn't rely on `isContract` to protect against flash loan attacks!
*
* Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
* like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
* constructor.
* ====
*/
function isContract(address account) internal view returns (bool) {
// This method relies on extcodesize/address.code.length, which returns 0
// for contracts in construction, since the code is only stored at the end
// of the constructor execution.
return account.code.length > 0;
}
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
require(address(this).balance >= amount, "Address: insufficient balance");
(bool success, ) = recipient.call{value: amount}("");
require(success, "Address: unable to send value, recipient may have reverted");
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason, it is bubbled up by this
* function (like regular Solidity function calls).
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*
* _Available since v3.1._
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, "Address: low-level call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
* `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*
* _Available since v3.1._
*/
function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
}
/**
* @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
* with `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value,
string memory errorMessage
) internal returns (bytes memory) {
require(address(this).balance >= value, "Address: insufficient balance for call");
(bool success, bytes memory returndata) = target.call{value: value}(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
return functionStaticCall(target, data, "Address: low-level static call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(
address target,
bytes memory data,
string memory errorMessage
) internal view returns (bytes memory) {
(bool success, bytes memory returndata) = target.staticcall(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
return functionDelegateCall(target, data, "Address: low-level delegate call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
(bool success, bytes memory returndata) = target.delegatecall(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling
* the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.
*
* _Available since v4.8._
*/
function verifyCallResultFromTarget(
address target,
bool success,
bytes memory returndata,
string memory errorMessage
) internal view returns (bytes memory) {
if (success) {
if (returndata.length == 0) {
// only check isContract if the call was successful and the return data is empty
// otherwise we already know that it was a contract
require(isContract(target), "Address: call to non-contract");
}
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
/**
* @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the
* revert reason or using the provided one.
*
* _Available since v4.3._
*/
function verifyCallResult(
bool success,
bytes memory returndata,
string memory errorMessage
) internal pure returns (bytes memory) {
if (success) {
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
function _revert(bytes memory returndata, string memory errorMessage) private pure {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly
/// @solidity memory-safe-assembly
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert(errorMessage);
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.4) (utils/Context.sol)
pragma solidity ^0.8.0;
import {Initializable} from "../proxy/utils/Initializable.sol";
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract ContextUpgradeable is Initializable {
function __Context_init() internal onlyInitializing {
}
function __Context_init_unchained() internal onlyInitializing {
}
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
function _contextSuffixLength() internal view virtual returns (uint256) {
return 0;
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[50] private __gap;
}
//SPDX-License-Identifier: MIT
pragma solidity 0.8.13;
import "@openzeppelin/contracts-upgradeable/token/ERC20/IERC20Upgradeable.sol";
import "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
import "@openzeppelin/contracts-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol";
contract OperationalStaking is OwnableUpgradeable {
using SafeERC20Upgradeable for IERC20Upgradeable;
uint256 public constant DIVIDER = 10 ** 18; // 18 decimals used for scaling rates
uint128 public constant REWARD_REDEEM_THRESHOLD = 10 ** 8; // minimum number of tokens that can be redeemed
uint128 public constant DEFAULT_VALIDATOR_ENABLE_MIN_STAKE = 35000 * 10 ** 18; // minimum number of self-staked tokens for a validator to become / stay enabled
uint128 public constant DEFAULT_DELEGATOR_MIN_STAKE = 10 ** 18; // stake/unstake operations are invalid if they put you below this threshold (except unstaking to 0)
IERC20Upgradeable public CQT;
uint128 public rewardPool; // how many tokens are allocated for rewards
uint128 public validatorCoolDown; // how many blocks until validator unstaking is unlocked
uint128 public delegatorCoolDown; // how many blocks until delegator unstaking is unlocked
uint128 public recoverUnstakingCoolDown; //how many blocks until delegator recoverUnstaking or redelegateUnstaked is unlocked
uint128 public maxCapMultiplier; // *see readme
uint128 public validatorMaxStake; // how many tokens validators can stake at most
address public stakingManager;
uint128 public validatorsN; // number of validators, used to get validator ids
mapping(uint128 => Validator) internal _validators; // id -> validator instance
uint128 public validatorEnableMinStake; // minimum number of self-staked tokens for a validator to become / stay enabled
uint128 public delegatorMinStake; // stake/unstake operations are invalid if they put you below this threshold (except unstaking to 0)
bool private _unpaused;
struct Staking {
uint128 shares; // # of validator shares that the delegator owns
uint128 staked; // # of CQT that a delegator delegated originally through stake() transaction
}
struct Unstaking {
uint128 outCoolDownEnd; // epoch when unstaking can be redeemed (taken out)
uint128 recoverCoolDownEnd; // epoch when unstaking can be recovered (to the same validator) or redelegated
uint128 amount; // # of unstaked CQT
}
struct Validator {
uint128 commissionAvailableToRedeem;
uint128 exchangeRate; // validator exchange rate
address _address; // wallet address of the operator which is mapped to the validator instance
uint128 delegated; // track amount of tokens delegated
uint128 totalShares; // total number of validator shares
uint128 commissionRate;
uint256 disabledAtBlock;
mapping(address => Staking) stakings;
mapping(address => Unstaking[]) unstakings;
bool frozen;
}
event InitializedSemantics(
address cqt,
uint128 validatorCoolDown,
uint128 delegatorCoolDown,
uint128 recoverUnstakingCoolDown,
uint128 maxCapMultiplier,
uint128 validatorMaxStake,
uint128 validatorEnableMinStake,
uint128 delegatorMinStake
);
event RewardTokensDeposited(uint128 amount);
event ValidatorAdded(uint128 indexed id, uint128 commissionRate, address indexed validator);
event Staked(uint128 indexed validatorId, address delegator, uint128 amount);
event Unstaked(uint128 indexed validatorId, address indexed delegator, uint128 amount, uint128 unstakeId);
event RecoveredUnstake(uint128 indexed validatorId, address indexed delegator, uint128 amount, uint128 unstakingId);
event UnstakeRedeemed(uint128 indexed validatorId, address indexed delegator, uint128 indexed unstakeId, uint128 amount);
event AllocatedTokensTaken(uint128 amount);
event RewardFailedDueZeroStake(uint128 indexed validatorId, uint128 amount);
event RewardFailedDueValidatorDisabled(uint128 indexed validatorId, uint128 amount);
event RewardFailedDueValidatorFrozen(uint128 indexed validatorId, uint128 amount);
event RewardRedeemed(uint128 indexed validatorId, address indexed beneficiary, uint128 amount);
event CommissionRewardRedeemed(uint128 indexed validatorId, address indexed beneficiary, uint128 amount);
event StakingManagerChanged(address indexed operationalManager);
event ValidatorCommissionRateChanged(uint128 indexed validatorId, uint128 amount);
event ValidatorMaxCapChanged(uint128 amount);
event ValidatorEnableMinStakeChanged(uint128 amount);
event DelegatorMinStakeChanged(uint128 amount);
event ValidatorUnstakeCooldownChanged(uint128 amount);
event DelegatorUnstakeCooldownChanged(uint128 amount);
event RecoverUnstakeCooldownChanged(uint128 amount);
event ValidatorDisabled(uint128 indexed validatorId, uint256 blockNumber);
event Redelegated(uint128 indexed oldValidatorId, uint128 indexed newValidatorId, address indexed delegator, uint128 amount, uint128 unstakingId);
event MaxCapMultiplierChanged(uint128 newMaxCapMultiplier);
event ValidatorEnabled(uint128 indexed validatorId);
event ValidatorAddressChanged(uint128 indexed validatorId, address indexed newAddress);
event Paused(address account);
event Unpaused(address account);
event ValidatorFrozen(uint128 indexed validatorId, string reason);
event ValidatorUnfrozen(uint128 indexed validatorId);
event RewardsDisbursed(uint128 indexed rewardId);
modifier onlyStakingManager() {
require(stakingManager == msg.sender, "Caller is not stakingManager");
_;
}
modifier onlyStakingManagerOrOwner() {
require(msg.sender == stakingManager || msg.sender == owner(), "Caller is not stakingManager or owner");
_;
}
modifier whenNotPaused() {
require(_unpaused, "paused");
_;
}
function initialize(address cqt, uint128 dCoolDown, uint128 vCoolDown, uint128 rCoolDown, uint128 maxCapM, uint128 vMaxStake) external initializer {
require(cqt != address(0), "Invalid cqt address");
__Ownable_init();
validatorCoolDown = vCoolDown; // 180*6857 = ~ 6 months
delegatorCoolDown = dCoolDown; // 28*6857 = ~ 28 days
recoverUnstakingCoolDown = rCoolDown; // 3*6857 = ~ 3 days
maxCapMultiplier = maxCapM;
validatorMaxStake = vMaxStake;
require(validatorMaxStake >= DEFAULT_VALIDATOR_ENABLE_MIN_STAKE);
validatorEnableMinStake = DEFAULT_VALIDATOR_ENABLE_MIN_STAKE;
delegatorMinStake = DEFAULT_DELEGATOR_MIN_STAKE;
_unpaused = true;
CQT = IERC20Upgradeable(cqt);
emit InitializedSemantics(cqt, vCoolDown, dCoolDown, rCoolDown, maxCapM, vMaxStake, validatorEnableMinStake, delegatorMinStake);
}
function setStakingManagerAddress(address newAddress) external onlyOwner {
require(newAddress != address(0), "Invalid address");
stakingManager = newAddress;
emit StakingManagerChanged(newAddress);
}
/*
* Transfer CQT from the owner to the contract for reward allocation
*/
function depositRewardTokens(uint128 amount) external onlyOwner {
require(amount > 0, "Amount is 0");
rewardPool += amount;
_transferToContract(msg.sender, amount);
emit RewardTokensDeposited(amount);
}
/*
* Transfer reward CQT from the contract to the owner
*/
function takeOutRewardTokens(uint128 amount) external onlyOwner {
require(amount > 0, "Amount is 0");
require(amount <= rewardPool, "Reward pool is too small");
rewardPool -= amount;
emit AllocatedTokensTaken(amount);
_transferFromContract(msg.sender, amount);
}
/*
* Updates validator max cap multiplier that determines how many tokens can be delegated
*/
function setMaxCapMultiplier(uint128 newMaxCapMultiplier) external onlyOwner {
require(newMaxCapMultiplier > 0, "Must be greater than 0");
maxCapMultiplier = newMaxCapMultiplier;
emit MaxCapMultiplierChanged(newMaxCapMultiplier);
}
/*
* Updates maximum number of tokens that a validator can stake
*/
function setValidatorMaxStake(uint128 maxStake) external onlyOwner {
require(maxStake > 0, "Provided max stake is 0");
require(maxStake >= validatorEnableMinStake, "maxStake should be greater than validatorEnableMinStake");
validatorMaxStake = maxStake;
emit ValidatorMaxCapChanged(maxStake);
}
/*
* Updates minimum number of tokens that a validator must self-stake before enabling
*/
function setValidatorEnableMinStake(uint128 minStake) public onlyOwner {
require(minStake <= validatorMaxStake, "minStake cannot be greater than validatorMaxStake");
validatorEnableMinStake = minStake;
emit ValidatorEnableMinStakeChanged(minStake);
}
/*
* Updates minimum valid position threshold for per-delegator stake
*/
function setDelegatorMinStake(uint128 minStake) public onlyOwner {
require(minStake <= validatorMaxStake, "minStake cannot be greater than validatorMaxStake");
delegatorMinStake = minStake;
emit DelegatorMinStakeChanged(minStake);
}
/*
* Updates the validator cool down period (in blocks)
* Note: this doesn't effect the existing unstakes
*/
function setValidatorCoolDown(uint128 coolDown) external onlyOwner {
validatorCoolDown = coolDown;
emit ValidatorUnstakeCooldownChanged(coolDown);
}
/*
* Updates the delegator cool down period (in blocks)
* Note: this doesn't effect the existing unstakes
*/
function setDelegatorCoolDown(uint128 coolDown) external onlyOwner {
delegatorCoolDown = coolDown;
emit DelegatorUnstakeCooldownChanged(coolDown);
}
/*
* Updates the delegator recover Unstaking cool down period (in blocks)
* Note: this doesn't effect the existing unstakes
*/
function setRecoverUnstakingCoolDown(uint128 coolDown) external onlyOwner {
recoverUnstakingCoolDown = coolDown;
emit RecoverUnstakeCooldownChanged(coolDown);
}
/*
* Adds new validator instance
*/
function addValidator(address validator, uint128 commissionRate) external onlyOwner whenNotPaused returns (uint256 id) {
require(commissionRate < DIVIDER, "Rate must be less than 100%");
require(validator != address(0), "Validator address is 0");
require(validatorsN < 256, "Too many validators");
Validator storage v = _validators[validatorsN]; // use current number of validators for the id of a new validator instance
v._address = validator;
v.exchangeRate = uint128(DIVIDER); // make it 1:1 initially
v.commissionRate = commissionRate;
v.disabledAtBlock = 1; // set it to 1 to indicate that the validator is disabled
emit ValidatorAdded(validatorsN, commissionRate, validator);
validatorsN += 1;
return validatorsN - 1;
}
/*
* Reward emission
*/
function rewardValidators(uint128 rewardId, uint128[] calldata ids, uint128[] calldata amounts) external onlyStakingManager whenNotPaused {
require(ids.length == amounts.length, "Given ids and amounts arrays must be of the same length");
uint128 newRewardPool = rewardPool;
uint128 amount;
uint128 validatorId;
uint128 commissionPaid;
for (uint256 j = 0; j < ids.length; j++) {
amount = amounts[j];
validatorId = ids[j];
// ensure each validator exists
require(validatorId < validatorsN, "Invalid validatorId");
// make sure there are enough tokens in the reward pool
require(newRewardPool >= amount, "Reward pool is too small");
Validator storage v = _validators[validatorId];
if (v.frozen) {
emit RewardFailedDueValidatorFrozen(validatorId, amount);
continue;
}
if (v.disabledAtBlock != 0) {
// validator became disabled (due to e.g. unstaking past base stake)
// between proof submission and finalization
emit RewardFailedDueValidatorDisabled(validatorId, amount);
continue;
}
if (v.totalShares == 0) {
// mathematically undefined -- no exchangeRate can turn zero into nonzero
// (this condition is only possible in testing with minValidatorEnableStake == 0;
// in prod, validators with zero stake will always be disabled and so will trigger
// the above check, not this one)
emit RewardFailedDueZeroStake(validatorId, amount);
continue;
}
commissionPaid = uint128((uint256(amount) * uint256(v.commissionRate)) / DIVIDER);
// distribute the tokens by increasing the exchange rate
// div by zero impossible due to check above
// (and in fact, presuming minValidatorEnableStake >= DIVIDER, v.totalShares will
// always be >= DIVIDER while validator is enabled)
v.exchangeRate += uint128((uint256(amount - commissionPaid) * uint256(DIVIDER)) / v.totalShares);
// commission is not compounded
// commisison is distributed under the validator instance
v.commissionAvailableToRedeem += commissionPaid;
newRewardPool -= amount;
}
rewardPool = newRewardPool; // can never access these tokens anymore, reserved for validator rewards
emit RewardsDisbursed(rewardId);
}
/*
* Disables validator instance starting from the given block
*/
function disableValidator(uint128 validatorId) external onlyStakingManagerOrOwner {
require(validatorId < validatorsN, "Invalid validator");
Validator storage v = _validators[validatorId];
if (v.disabledAtBlock != 0) {
// silently succeed
return;
}
v.disabledAtBlock = block.number;
emit ValidatorDisabled(validatorId, block.number);
}
/*
* Enables validator instance by setting the disabledAtBlock to 0
*/
function enableValidator(uint128 validatorId) external onlyStakingManagerOrOwner {
require(validatorId < validatorsN, "Invalid validator");
Validator storage v = _validators[validatorId];
if (v.disabledAtBlock == 0) {
// silently succeed
return;
}
uint128 staked = _sharesToTokens(v.stakings[v._address].shares, v.exchangeRate);
require(staked >= validatorEnableMinStake, "Validator is insufficiently staked");
v.disabledAtBlock = 0;
emit ValidatorEnabled(validatorId);
}
/*
* Determines whether a validator is currently able to be used by operators
*/
function isValidatorEnabled(uint128 validatorId) external view returns (bool) {
require(validatorId < validatorsN, "Invalid validator");
return _validators[validatorId].disabledAtBlock == 0;
}
/*
* Updates validator comission rate
* Commission rate is a number between 0 and 10^18 (0%-100%)
*/
function setValidatorCommissionRate(uint128 validatorId, uint128 amount) external onlyOwner {
require(validatorId < validatorsN, "Invalid validator");
require(amount < DIVIDER, "Rate must be less than 100%");
_validators[validatorId].commissionRate = amount;
emit ValidatorCommissionRateChanged(validatorId, amount);
}
/*
* Used to transfer CQT from delegators, validators, and the owner to the contract
*/
function _transferToContract(address from, uint128 amount) internal {
CQT.safeTransferFrom(from, address(this), amount);
}
/*
* Used to transfer CQT from contract, for reward redemption or transferring out unstaked tokens
*/
function _transferFromContract(address to, uint128 amount) internal {
CQT.safeTransfer(to, amount);
}
/*
* Used to convert validator shares to CQT
*/
function _sharesToTokens(uint128 sharesN, uint128 rate) internal pure returns (uint128) {
return uint128((uint256(sharesN) * uint256(rate)) / DIVIDER);
}
/*
* Used to convert CQT to validator shares
*/
function _tokensToShares(uint128 amount, uint128 rate) internal pure returns (uint128) {
return uint128((uint256(amount) * DIVIDER) / uint256(rate)); // Rounding down from uint256 to uint128 leading to loss of precision for which checks are implemented in _redeemRewards and _unstake
}
/*
* Delegates tokens under the provided validator
*/
function stake(uint128 validatorId, uint128 amount) external whenNotPaused {
_stake(validatorId, amount, true);
}
/*
* withTransfer is set to false when delegators recover unstaked or redelegated tokens.
* These tokens are already in the contract.
*/
function _stake(uint128 validatorId, uint128 amount, bool withTransfer) internal {
require(validatorId < validatorsN, "Invalid validator");
require(amount >= DEFAULT_DELEGATOR_MIN_STAKE, "Stake amount is too small");
Validator storage v = _validators[validatorId];
bool isValidator = msg.sender == v._address;
require(!v.frozen, "Validator is frozen");
// validators should be able to stake if they are disabled.
if (!isValidator) require(v.disabledAtBlock == 0, "Validator is disabled");
Staking storage s = v.stakings[msg.sender];
uint128 newStaked = s.staked + amount;
require(newStaked >= delegatorMinStake, "Cannot stake to a position less than delegatorMinStake");
uint128 sharesAdd = _tokensToShares(amount, v.exchangeRate);
if (isValidator) {
// compares with newStaked to ignore compounded rewards
require(newStaked <= validatorMaxStake, "Validator max stake exceeded");
} else {
// cannot stake more than validator delegation max cap
uint128 delegationMaxCap = v.stakings[v._address].staked * maxCapMultiplier;
uint128 newDelegated = v.delegated + amount;
require(newDelegated <= delegationMaxCap, "Validator max delegation exceeded");
v.delegated = newDelegated;
}
// "buy/mint" shares
v.totalShares += sharesAdd;
s.shares += sharesAdd;
// keep track of staked tokens
s.staked = newStaked;
if (withTransfer) _transferToContract(msg.sender, amount);
emit Staked(validatorId, msg.sender, amount);
}
/*
* Undelegates all staked tokens from the provided validator
*/
function unstakeAll(uint128 validatorId) external whenNotPaused {
_unstake(validatorId, 0); // pass 0 to request full amount
}
/*
* Undelegates some number of tokens from the provided validator
*/
function unstake(uint128 validatorId, uint128 amount) external whenNotPaused {
require(amount > 0, "Amount is 0");
_unstake(validatorId, amount);
}
/*
* Undelegates tokens from the provided validator
*/
function _unstake(uint128 validatorId, uint128 amount) internal {
require(validatorId < validatorsN, "Invalid validator");
Validator storage v = _validators[validatorId];
Staking storage s = v.stakings[msg.sender];
if (msg.sender == v._address) {
require(!v.frozen, "Validator is frozen");
}
require(amount <= s.staked, "Cannot unstake amount greater than current stake");
bool isUnstakingAll = amount == 0 || amount == s.staked;
uint128 effectiveAmount = isUnstakingAll ? s.staked : amount;
uint128 newStaked = s.staked - effectiveAmount;
if (isUnstakingAll) {
// enforce precondition for later math that effectiveAmount is always nonzero
require(effectiveAmount > 0, "Already fully unstaked");
} else {
// to prevent buildup of Unstaking[] elements, do not allow user to repeatedly unstake trivial amounts
// (but do allow removal of a trivial amount if it is the entire remaining stake)
require(effectiveAmount >= REWARD_REDEEM_THRESHOLD, "Unstake amount is too small");
// to prevent "spam" delegations, and runaway exchangeRate inflation from all-but-dust self-stake unstaking,
// disallow unstaking that would result in a new stake below delegatorMinStake
// (with the exception of an unstaking that takes the stake exactly to zero)
require(newStaked >= delegatorMinStake, "Cannot unstake to a position below delegatorMinStake (except to zero)");
}
bool isValidator = msg.sender == v._address;
// disable validator if they unstaked to below their required self-stake
if (isValidator && validatorEnableMinStake > 0 && v.disabledAtBlock == 0 && newStaked < validatorEnableMinStake) {
uint256 disabledAtBlock = block.number;
v.disabledAtBlock = disabledAtBlock;
emit ValidatorDisabled(validatorId, disabledAtBlock);
}
if (isValidator && v.disabledAtBlock == 0) {
// validators will have to disable themselves if they want to unstake tokens below delegation max cap
uint128 newValidatorMaxCap = newStaked * maxCapMultiplier;
require(v.delegated <= newValidatorMaxCap, "Cannot decrease delegation max-cap below current delegation while validator is enabled");
}
if (!isValidator) {
v.delegated -= effectiveAmount;
}
uint128 sharesToRemove = _tokensToShares(effectiveAmount, v.exchangeRate);
// sometimes, due to conversion inconsistencies, sharesToRemove might end up larger than s.shares;
// so we clamp sharesToRemove to s.shares (the redeemer unstakes trivially more tokens in this case)
if (sharesToRemove > s.shares) sharesToRemove = s.shares;
// sanity check: sharesToRemove should never be zero while amount is nonzero, as this would enable
// infinite draining of funds
require(sharesToRemove > 0, "Underflow error");
if (uint256(sharesToRemove) * uint256(v.exchangeRate) < uint256(effectiveAmount) * uint256(DIVIDER)) {
effectiveAmount = uint128((uint256(sharesToRemove) * uint256(v.exchangeRate)) / uint256(DIVIDER));
}
s.shares -= sharesToRemove;
v.totalShares -= sharesToRemove;
// remove staked tokens
s.staked = newStaked;
// create unstaking instance
uint128 outCoolDownEnd = uint128(v.disabledAtBlock != 0 ? v.disabledAtBlock : block.number);
uint128 recoverCoolDownEnd = outCoolDownEnd + recoverUnstakingCoolDown;
outCoolDownEnd += (isValidator ? validatorCoolDown : delegatorCoolDown);
uint128 unstakeId = uint128(v.unstakings[msg.sender].length);
v.unstakings[msg.sender].push(Unstaking(outCoolDownEnd, recoverCoolDownEnd, effectiveAmount));
emit Unstaked(validatorId, msg.sender, effectiveAmount, unstakeId);
}
/*
* Restakes unstaked tokens (with the same validator)
*/
function recoverUnstaking(uint128 amount, uint128 validatorId, uint128 unstakingId) external whenNotPaused {
Validator storage v = _validators[validatorId];
require(amount > 0, "Amount is 0");
require(validatorId < validatorsN, "Invalid validator");
require(!v.frozen, "Validator is frozen");
require(_validators[validatorId].unstakings[msg.sender].length > unstakingId, "Unstaking does not exist");
Unstaking storage us = _validators[validatorId].unstakings[msg.sender][unstakingId];
require(us.amount >= amount, "Unstaking has less tokens");
require(block.number > us.recoverCoolDownEnd, "recover cooldown not over");
us.amount -= amount;
// set cool down end to 0 to release gas if new unstaking amount is 0
if (us.amount == 0) {
us.recoverCoolDownEnd = 0;
us.outCoolDownEnd = 0;
}
emit RecoveredUnstake(validatorId, msg.sender, amount, unstakingId);
_stake(validatorId, amount, false);
}
/*
* Transfers out unlocked unstaked tokens back to the delegator
*/
function transferUnstakedOut(uint128 amount, uint128 validatorId, uint128 unstakingId) external whenNotPaused {
Validator storage v = _validators[validatorId];
require(amount > 0, "Amount is 0");
require(validatorId < validatorsN, "Invalid validator");
require(!v.frozen, "Validator is frozen");
require(_validators[validatorId].unstakings[msg.sender].length > unstakingId, "Unstaking does not exist");
Unstaking storage us = _validators[validatorId].unstakings[msg.sender][unstakingId];
require(block.number > us.outCoolDownEnd, "Cooldown period has not ended");
require(us.amount >= amount, "Amount is too high");
us.amount -= amount;
// set cool down end to 0 to release gas if new unstaking amount is 0
if (us.amount == 0) {
us.recoverCoolDownEnd = 0;
us.outCoolDownEnd = 0;
}
emit UnstakeRedeemed(validatorId, msg.sender, unstakingId, amount);
_transferFromContract(msg.sender, amount);
}
/*
* Redeems all available rewards
*/
function redeemAllRewards(uint128 validatorId, address beneficiary) external whenNotPaused {
_redeemRewards(validatorId, beneficiary, 0); // pass 0 to request full amount
}
/*
* Redeems partial rewards
*/
function redeemRewards(uint128 validatorId, address beneficiary, uint128 amount) external whenNotPaused {
require(amount > 0, "Amount is 0");
_redeemRewards(validatorId, beneficiary, amount);
}
function _redeemRewards(uint128 validatorId, address beneficiary, uint128 amount) internal {
require(validatorId < validatorsN, "Invalid validator");
require(beneficiary != address(0x0), "Invalid beneficiary");
Validator storage v = _validators[validatorId];
Staking storage s = v.stakings[msg.sender];
require(!v.frozen, "Validator is frozen");
// how many tokens a delegator/validator has in total on the contract
// include earned commission if the delegator is the validator
uint128 totalValue = _sharesToTokens(s.shares, v.exchangeRate);
// how many tokens a delegator/validator has "unlocked", free to be redeemed
// (i.e. not staked or in unstaking cooldown)
uint128 totalUnlockedValue = (totalValue < s.staked) ? 0 : (totalValue - s.staked);
bool isRedeemingAll = (amount == 0 || amount == totalUnlockedValue); // amount is 0 when it's requested to redeem all rewards
// make sure rewards exist
// (note that this still works in the case where we're redeeming all! always doing this check saves a branch op)
require(amount <= totalUnlockedValue, "Cannot redeem amount greater than held, unstaked rewards");
uint128 effectiveAmount = isRedeemingAll ? totalUnlockedValue : amount;
// can only redeem above redeem threshold
require(effectiveAmount >= REWARD_REDEEM_THRESHOLD, "Requested amount must be higher than redeem threshold");
// make sure rewardPool has funds to cover effective amount before transfer
require(rewardPool >= effectiveAmount, "Requested amount is not available in the staking contract reward pool");
uint128 sharesToBurn = _tokensToShares(effectiveAmount, v.exchangeRate);
// sometimes, due to conversion inconsistencies, sharesToBurn might end up larger than s.shares;
// so we clamp sharesToBurn to s.shares (the redeemer gets trivially more value out in this case)
if (sharesToBurn > s.shares) sharesToBurn = s.shares;
// sanity check: sharesToBurn should never be zero while effectiveAmount is nonzero, as this
// would enable infinite draining of funds
require(sharesToBurn > 0, "Underflow error");
if (uint256(sharesToBurn) * uint256(v.exchangeRate) < uint256(effectiveAmount) * uint256(DIVIDER)) {
effectiveAmount = uint128((uint256(sharesToBurn) * uint256(v.exchangeRate)) / uint256(DIVIDER));
}
v.totalShares -= sharesToBurn;
s.shares -= sharesToBurn;
emit RewardRedeemed(validatorId, beneficiary, effectiveAmount);
_transferFromContract(beneficiary, effectiveAmount);
}
function redeemCommission(uint128 validatorId, address beneficiary, uint128 amount) public whenNotPaused {
require(validatorId < validatorsN, "Invalid validator");
require(beneficiary != address(0x0), "Invalid beneficiary");
Validator storage v = _validators[validatorId];
require(v._address == msg.sender, "The sender is not the validator");
require(!v.frozen, "Validator is frozen");
require(v.commissionAvailableToRedeem > 0, "No commission available to redeem");
require(amount > 0, "The requested amount is 0");
require(amount <= v.commissionAvailableToRedeem, "Requested amount is higher than commission available to redeem");
// make sure rewardPool has funds to cover effective amount before transfer
require(rewardPool >= amount, "Requested amount is not available in the staking contract reward pool");
v.commissionAvailableToRedeem -= amount;
_transferFromContract(beneficiary, amount);
emit CommissionRewardRedeemed(validatorId, beneficiary, amount);
}
function redeemAllCommission(uint128 validatorId, address beneficiary) external whenNotPaused {
redeemCommission(validatorId, beneficiary, _validators[validatorId].commissionAvailableToRedeem);
}
/*
* Redelegates tokens to another validator if a validator got disabled.
* First the tokens need to be unstaked
*/
function redelegateUnstaked(uint128 amount, uint128 oldValidatorId, uint128 newValidatorId, uint128 unstakingId) external whenNotPaused {
require(oldValidatorId < validatorsN, "Invalid validator");
require(oldValidatorId != newValidatorId, "Old and new validators are the same");
require(amount > 0, "Amount is 0");
Validator storage vOld = _validators[oldValidatorId];
Validator storage vNew = _validators[newValidatorId];
// new staking should not be from same an address to same (new) validator to bypass cooldown
require(vNew._address != msg.sender, "New Validator cannot be same as sender");
// assets of delegators cannot be moved to a frozen validator
require(!vNew.frozen, "Target validator is frozen");
// assets of delegators cannot be moved to a disabled validator
require(vNew.disabledAtBlock == 0, "Target validator is disabled");
// assets of delegators cannot be moved while validator is frozen
require(!vOld.frozen, "Validator is frozen");
require(vOld.disabledAtBlock != 0, "Validator is not disabled");
require(vOld._address != msg.sender, "Validator cannot redelegate");
require(vOld.unstakings[msg.sender].length > unstakingId, "Unstaking does not exist");
Unstaking storage us = vOld.unstakings[msg.sender][unstakingId];
require(us.amount >= amount, "Unstaking has less tokens");
require(block.number > us.recoverCoolDownEnd, "recover cooldown not over");
// stake tokens back to the contract using new validator, set withTransfer to false since the tokens are already in the contract
us.amount -= amount;
// set cool down end to 0 to release gas if new unstaking amount is 0
if (us.amount == 0) {
us.recoverCoolDownEnd = 0;
us.outCoolDownEnd = 0;
}
emit Redelegated(oldValidatorId, newValidatorId, msg.sender, amount, unstakingId);
_stake(newValidatorId, amount, false);
}
/*
* Changes the validator staking address, this will transfer validator staking data and optionally unstakings
*/
function setValidatorAddress(uint128 validatorId, address newAddress) external whenNotPaused {
Validator storage v = _validators[validatorId];
// Check if the sender is the validator
require(msg.sender == v._address, "Sender is not the validator");
// Check if the new address is different from the current address
require(newAddress != v._address, "The new address cannot be equal to the current validator address");
require(newAddress != address(0), "Invalid validator address");
// Check if the validatorId exists and is not frozen
require(!v.frozen, "Validator is already frozen");
// Check if the newAddress is already present as validator or delegator in the system
require(!checkDelegatorExists(newAddress), "newAddress must not already exist in the system");
// Transfer shares and staked amount from sender to the new address
v.stakings[newAddress].shares += v.stakings[msg.sender].shares;
v.stakings[newAddress].staked += v.stakings[msg.sender].staked;
// New addresses total stake shold not exceed validatorMaxStake
require(v.stakings[newAddress].staked <= validatorMaxStake, "Validator max stake exceeded");
// Remove stakings of the sender
delete v.stakings[msg.sender];
// Transfer unstakings from sender to new address
Unstaking[] storage oldUnstakings = v.unstakings[msg.sender];
uint256 length = oldUnstakings.length;
require(length <= 300, "Cannot transfer more than 300 unstakings");
Unstaking[] storage newUnstakings = v.unstakings[newAddress];
for (uint128 i = 0; i < length; ++i) {
newUnstakings.push(oldUnstakings[i]);
}
// Remove unstakings of the sender
delete v.unstakings[msg.sender];
// Update validator address
v._address = newAddress;
emit ValidatorAddressChanged(validatorId, newAddress);
}
/*
* Gets metadata
*/
function getMetadata()
external
view
returns (
address CQTaddress,
address _stakingManager,
uint128 _validatorsN,
uint128 _rewardPool,
uint128 _validatorCoolDown,
uint128 _delegatorCoolDown,
uint128 _recoverUnstakingCoolDown,
uint128 _maxCapMultiplier,
uint128 _validatorMaxStake,
uint128 _validatorEnableMinStake,
uint128 _delegatorMinStake
)
{
return (
address(CQT),
stakingManager,
validatorsN,
rewardPool,
validatorCoolDown,
delegatorCoolDown,
recoverUnstakingCoolDown,
maxCapMultiplier,
validatorMaxStake,
validatorEnableMinStake,
delegatorMinStake
);
}
/*
* Returns validator metadata with how many tokens were staked and delegated excluding compounded rewards
*/
function getValidatorMetadata(uint128 validatorId) public view returns (address _address, uint128 staked, uint128 delegated, uint128 commissionRate, uint256 disabledAtBlock) {
require(validatorId < validatorsN, "Invalid validator");
Validator storage v = _validators[validatorId];
return (v._address, v.stakings[v._address].staked, v.delegated, v.commissionRate, v.disabledAtBlock);
}
/*
* Returns metadata for each validator
*/
function getAllValidatorsMetadata()
external
view
returns (address[] memory addresses, uint128[] memory staked, uint128[] memory delegated, uint128[] memory commissionRates, uint256[] memory disabledAtBlocks)
{
return getValidatorsMetadata(0, validatorsN);
}
/*
* Returns metadata for validators whose ids are between startId and endId exclusively
*/
function getValidatorsMetadata(
uint128 startId,
uint128 endId
) public view returns (address[] memory addresses, uint128[] memory staked, uint128[] memory delegated, uint128[] memory commissionRates, uint256[] memory disabledAtBlocks) {
require(endId <= validatorsN, "Invalid end id");
require(startId < endId, "Start id must be less than end id");
uint128 n = endId - startId;
addresses = new address[](n);
staked = new uint128[](n);
delegated = new uint128[](n);
commissionRates = new uint128[](n);
disabledAtBlocks = new uint256[](n);
uint128 i;
for (uint128 id = startId; id < endId; ++id) {
i = id - startId;
(addresses[i], staked[i], delegated[i], commissionRates[i], disabledAtBlocks[i]) = getValidatorMetadata(id);
}
return (addresses, staked, delegated, commissionRates, disabledAtBlocks);
}
/*
* Returns validator staked and delegated token amounts, excluding compounded rewards
*/
function getValidatorStakingData(uint128 validatorId) external view returns (uint128 staked, uint128 delegated) {
require(validatorId < validatorsN, "Invalid validator");
Validator storage v = _validators[validatorId];
return (v.stakings[v._address].staked, v.delegated);
}
/*
* Returns validator staked and delegated token amounts, including compounded rewards
*/
function getValidatorsCompoundedStakes() external view returns (uint128[] memory validatorIds, bool[] memory isEnableds, uint128[] memory cstaked) {
validatorIds = new uint128[](validatorsN);
isEnableds = new bool[](validatorsN);
cstaked = new uint128[](validatorsN);
for (uint128 i = 0; i < validatorsN; i++) {
Validator storage v = _validators[i];
validatorIds[i] = i;
isEnableds[i] = v.disabledAtBlock == 0;
cstaked[i] = _sharesToTokens(v.stakings[v._address].shares, v.exchangeRate);
}
return (validatorIds, isEnableds, cstaked);
}
/*
* Returns validator staked and delegated token amounts, including compounded rewards
*/
function getValidatorCompoundedStakingData(uint128 validatorId) external view returns (uint128 staked, uint128 delegated) {
require(validatorId < validatorsN, "Invalid validator");
Validator storage v = _validators[validatorId];
// this includes staked + compounded rewards
staked = _sharesToTokens(v.stakings[v._address].shares, v.exchangeRate);
// this includes delegated + compounded rewards
delegated = _sharesToTokens(v.totalShares, v.exchangeRate) - staked;
return (staked, delegated);
}
/*
* Returns the amount that's staked, earned by delegator plus unstaking information.
* CommissionEarned is for validators
*/
function getDelegatorMetadata(
address delegator,
uint128 validatorId
) external view returns (uint128 staked, uint128 rewards, uint128 commissionEarned, uint128[] memory unstakingAmounts, uint128[] memory unstakingsEndEpochs) {
require(validatorId < validatorsN, "Invalid validator");
Validator storage v = _validators[validatorId];
Staking storage s = v.stakings[delegator];
staked = s.staked;
uint128 sharesValue = _sharesToTokens(s.shares, v.exchangeRate);
if (sharesValue <= s.staked) rewards = 0;
else rewards = sharesValue - s.staked;
// if requested delegator is the requested validator
if (v._address == delegator) commissionEarned = v.commissionAvailableToRedeem;
Unstaking[] memory unstakings = v.unstakings[delegator];
uint256 unstakingsN = unstakings.length;
unstakingAmounts = new uint128[](unstakingsN);
unstakingsEndEpochs = new uint128[](unstakingsN);
for (uint256 i = 0; i < unstakingsN; i++) {
unstakingAmounts[i] = unstakings[i].amount;
unstakingsEndEpochs[i] = unstakings[i].outCoolDownEnd;
}
return (staked, rewards, commissionEarned, unstakingAmounts, unstakingsEndEpochs);
}
// function getDelegatorMetadataPaginated(
// address delegator,
// uint128 validatorId,
// uint128 start,
// uint128 end
// )
// external
// view
// returns (uint128[] memory staked, uint128[] memory rewards, uint128[] memory commissionEarned, uint128[] memory unstakingAmounts, uint128[] memory unstakingsEndEpochs)
// {
// require(validatorId < validatorsN, "Invalid validator");
// Validator storage v = _validators[validatorId];
// Staking storage s = v.stakings[delegator];
// staked = new uint128[](end - start + 1);
// rewards = new uint128[](end - start + 1);
// commissionEarned = new uint128[](end - start + 1);
// unstakingAmounts = new uint128[](end - start + 1);
// unstakingsEndEpochs = new uint128[](end - start + 1);
// for (uint256 i = start; i <= end; i++) {
// Unstaking memory u = v.unstakings[delegator][i];
// staked[i - start] = s.shares[u.shareIndex];
// if (s.shares[u.shareIndex] <= _sharesToTokens(s.shares[u.shareIndex], v.exchangeRate)) {
// rewards[i - start] = 0;
// } else {
// rewards[i - start] = _sharesToTokens(s.shares[u.shareIndex], v.exchangeRate) - s.shares[u.shareIndex];
// }
// if (v._address == delegator) {
// commissionEarned[i - start] = v.commissionAvailableToRedeem;
// } else {
// commissionEarned[i - start] = 0;
// }
// unstakingAmounts[i - start] = u.amount;
// unstakingsEndEpochs[i - start] = u.coolDownEnd;
// }
// return (staked, rewards, commissionEarned, unstakingAmounts, unstakingsEndEpochs);
// }
/*
* Returns the total amount including compounded stake and unstaked tokens
* CommissionEarned is also included (if delegator is a validator)
*/
function getDelegatorTotalLocked(address delegator) external view returns (uint128 totalValueLocked) {
for (uint128 i = 0; i < validatorsN; i++) {
Validator storage v = _validators[i];
Staking storage s = v.stakings[delegator];
totalValueLocked += _sharesToTokens(s.shares, v.exchangeRate);
if (v._address == delegator) totalValueLocked += v.commissionAvailableToRedeem;
Unstaking[] memory unstakings = v.unstakings[delegator];
uint256 unstakingsN = unstakings.length;
for (uint256 j = 0; j < unstakingsN; j++) {
totalValueLocked += unstakings[j].amount;
}
}
return totalValueLocked;
}
function checkDelegatorExists(address newAddress) public view returns (bool) {
for (uint128 i = 0; i < validatorsN; i++) {
Validator storage v = _validators[i];
if (v._address == newAddress) {
return true;
}
Staking storage s = v.stakings[newAddress];
if (s.staked > 0 || s.shares > 0) {
return true;
}
if (v.unstakings[newAddress].length > 0) {
return true;
}
}
return false;
}
function pause() external onlyOwner whenNotPaused {
_unpaused = false;
emit Paused(_msgSender());
}
function unpause() external onlyOwner {
require(!_unpaused, "must be paused");
_unpaused = true;
emit Unpaused(_msgSender());
}
function paused() external view returns (bool) {
return !_unpaused;
}
function freezeValidator(uint128 validatorId, string memory reason) public onlyOwner {
require(validatorId < validatorsN, "Invalid validator");
Validator storage v = _validators[validatorId];
require(!v.frozen, "Validator is already frozen");
v.frozen = true;
emit ValidatorFrozen(validatorId, reason);
}
function unfreezeValidator(uint128 validatorId) external onlyOwner {
require(validatorId < validatorsN, "Invalid validator");
Validator storage v = _validators[validatorId];
require(v.frozen, "Validator not frozen");
v.frozen = false;
emit ValidatorUnfrozen(validatorId);
}
}