Contract Source Code:
// SPDX-License-Identifier: MIT
pragma solidity 0.8.18;
import "@openzeppelin/contracts-upgradeable/token/ERC721/IERC721Upgradeable.sol";
import "@openzeppelin/contracts-upgradeable/token/ERC1155/IERC1155Upgradeable.sol";
import "@openzeppelin/contracts-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol";
import "@openzeppelin/contracts-upgradeable/token/ERC721/utils/ERC721HolderUpgradeable.sol";
import "@openzeppelin/contracts-upgradeable/token/ERC1155/utils/ERC1155HolderUpgradeable.sol";
import "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
import "@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol";
import "@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol";
import "../interfaces/IAssetVault.sol";
import "../interfaces/ICallDelegator.sol";
import "../external/interfaces/IPunks.sol";
import "../external/interfaces/ISuperRareV1.sol";
import "./CallWhitelistDelegation.sol";
import "./CallWhitelistApprovals.sol";
import "./OwnableERC721.sol";
import {
AV_WithdrawsDisabled,
AV_WithdrawsEnabled,
AV_AlreadyInitialized,
AV_MissingAuthorization,
AV_NonWhitelistedCall,
AV_NonWhitelistedApproval,
AV_TooManyItems,
AV_LengthMismatch,
AV_ZeroAddress,
AV_NonWhitelistedDelegation
} from "../errors/Vault.sol";
/**
* @title AssetVault
* @author Non-Fungible Technologies, Inc.
*
* The Asset Vault is a vault for the storage of collateralized assets.
* Designed for one-time use, like a piggy bank. Once withdrawals are enabled,
* and the bank is broken, the vault can no longer be used or transferred.
*
* It starts in a deposit-only state. Funds cannot be withdrawn at this point. When
* the owner calls "enableWithdraw()", the state is set to a withdrawEnabled state.
* Withdraws cannot be disabled once enabled. This restriction protects integrations
* and purchasers of AssetVaults from unexpected withdrawal and frontrunning attacks.
* For example: someone buys an AV assuming it contains token X, but I withdraw token X
* immediately before the sale concludes.
*
* @dev Asset Vaults support arbitrary external calls by either:
* - the current owner of the vault
* - someone who the current owner "delegates" through the ICallDelegator interface
*
* This is to enable airdrop claims by borrowers during loans and other forms of NFT utility.
* In practice, LoanCore delegates to the borrower during the period of an open loan.
* Arcade.xyz maintains an allowed and restricted list of calls to balance between utility and security.
*
* Implementation warning: AssetVault is an OwnableERC721, which means that ownership of this contract
* is tracked by a separate ERC721 contract defined by calling `_setNFT()`. In the current implementation,
* the deployer is the VaultFactory, an ERC721 contract whose token ownership corresponds to vault ownership.
* If this contract is modified or extended, or the deployer of a given AssetVault is not an ERC721 contract,
* ownership will not work as intended.
*/
contract AssetVault is
IAssetVault,
OwnableERC721,
Initializable,
ERC1155HolderUpgradeable,
ERC721HolderUpgradeable,
ReentrancyGuardUpgradeable
{
using AddressUpgradeable for address;
using AddressUpgradeable for address payable;
using SafeERC20Upgradeable for IERC20Upgradeable;
// ============================================ STATE ==============================================
/// @notice True if withdrawals are allowed out of this vault.
/// @dev Note once set to true, it cannot be reverted back to false.
bool public override withdrawEnabled;
/// @notice Whitelist contract to determine if a given external call is allowed.
address public override whitelist;
/// @notice The maximum number of items that can be withdrawn from a vault at once.
uint256 public constant MAX_WITHDRAW_ITEMS = 25;
// ========================================== CONSTRUCTOR ===========================================
/**
* @dev Initializes values so initialize cannot be called on template.
*/
constructor() {
withdrawEnabled = true;
OwnableERC721._setNFT(msg.sender);
}
// ========================================== INITIALIZER ===========================================
/**
* @notice Initializes the contract, used on clone deployments. In practice,
* always called by the VaultFactory contract.
*
* @param _whitelist The contract maintaining the whitelist of allowed
* arbitrary calls.
*/
function initialize(address _whitelist) external override initializer {
if (withdrawEnabled || ownershipToken != address(0)) revert AV_AlreadyInitialized(ownershipToken);
// set ownership to inherit from the factory who deployed us
// The factory should have a tokenId == uint256(address(this))
// whose owner has ownership control over this contract
OwnableERC721._setNFT(msg.sender);
whitelist = _whitelist;
__ReentrancyGuard_init();
}
// ========================================= VIEW FUNCTIONS =========================================
/**
* @inheritdoc OwnableERC721
*/
function owner() public view override returns (address ownerAddress) {
return OwnableERC721.owner();
}
// ===================================== WITHDRAWAL OPERATIONS ======================================
/**
* @notice Enables withdrawals on the vault. Irreversible. Caller must be the
* owner of the underlying ownership NFT.
*
* @dev Any integration should be aware that a withdraw-enabled vault cannot
* be transferred (will revert).
*
*/
function enableWithdraw() external override onlyOwner onlyWithdrawDisabled {
withdrawEnabled = true;
emit WithdrawEnabled(msg.sender);
}
/**
* @notice Withdraw entire balance of a given ERC20 token from the vault.
* The vault must be in a "withdrawEnabled" state (non-transferrable),
* and the caller must be the owner.
*
* @param token The ERC20 token to withdraw.
* @param to The recipient of the withdrawn funds.
*/
function withdrawERC20(address token, address to) external override onlyOwner onlyWithdrawEnabled {
if (to == address(0)) revert AV_ZeroAddress("to");
uint256 balance = IERC20(token).balanceOf(address(this));
IERC20Upgradeable(token).safeTransfer(to, balance);
emit WithdrawERC20(msg.sender, token, to, balance);
}
/**
* @notice Withdraw a specific ERC721 token from the vault. The vault must
* be in a "withdrawEnabled" state (non-transferrable), and the caller
* must be the owner. The specified token must exist and be owned by
* this contract.
*
* @param token The token to withdraw.
* @param tokenId The ID of the NFT to withdraw.
* @param to The recipient of the withdrawn token.
*/
function withdrawERC721(
address token,
uint256 tokenId,
address to
) external override onlyOwner onlyWithdrawEnabled {
_withdrawERC721(token, tokenId, to);
}
/**
* @notice Withdraw entire balance of a given ERC1155 token from the vault.
* The vault must be in a "withdrawEnabled" state (non-transferrable),
* and the caller must be the owner.
*
* @param token The ERC1155 token to withdraw.
* @param tokenId The ID of the token to withdraw.
* @param to The recipient of the withdrawn funds.
*/
function withdrawERC1155(
address token,
uint256 tokenId,
address to
) external override onlyOwner onlyWithdrawEnabled {
_withdrawERC1155(token, tokenId, to);
}
/**
* @notice Batch withdraw assets from the vault. The vault must be in a
* "withdrawEnabled" state (non-transferrable), and the caller must
* be the owner.
*
* @dev This function is used to withdraw multiple ERC721 and ERC1155 tokens
* from the vault. The caller must specify the token type (ERC721 or
* ERC1155) and the token ID for each token to withdraw. The caller
* must also specify the recipient of the withdrawal. Refer to the
* MAX_WITHDRAW_ITEMS state constant for the maximum number of vault
* items that can be withdrawn per function call.
*
* @param tokens An array of tokens address to withdraw.
* @param tokenIds An array of tokenIds to withdraw.
* @param tokenTypes An arrary of token types to withdraw.
* @param to The recipient of the withdrawn tokens.
*/
// solhint-disable-next-line code-complexity
function withdrawBatch(
address[] calldata tokens,
uint256[] calldata tokenIds,
TokenType[] calldata tokenTypes,
address to
) external override onlyOwner onlyWithdrawEnabled {
uint256 tokensLength = tokens.length;
if (tokensLength > MAX_WITHDRAW_ITEMS) revert AV_TooManyItems(tokensLength);
if (tokensLength != tokenIds.length) revert AV_LengthMismatch("tokenId");
if (tokensLength != tokenTypes.length) revert AV_LengthMismatch("tokenType");
for (uint256 i = 0; i < tokensLength;) {
if (tokens[i] == address(0)) revert AV_ZeroAddress("token");
if (tokenTypes[i] == TokenType.ERC721) {
_withdrawERC721(tokens[i], tokenIds[i], to);
} else {
_withdrawERC1155(tokens[i], tokenIds[i], to);
}
// Can never overflow because length is bounded by MAX_WITHDRAW_ITEMS
unchecked {
i++;
}
}
}
/**
* @notice Withdraw entire balance of ETH from the vault.
* The vault must be in a "withdrawEnabled" state (non-transferrable),
* and the caller must be the owner.
*
* @param to The recipient of the withdrawn funds.
*/
function withdrawETH(address to) external override onlyOwner onlyWithdrawEnabled nonReentrant {
if (to == address(0)) revert AV_ZeroAddress("to");
// perform transfer
uint256 balance = address(this).balance;
// sendValue() internally uses call() which passes along all of
// the remaining gas, potentially introducing an attack vector
payable(to).sendValue(balance);
emit WithdrawETH(msg.sender, to, balance);
}
/**
* @notice Withdraw cryptoPunk from the vault.
* The vault must be in a "withdrawEnabled" state (non-transferrable),
* and the caller must be the owner.
*
* @param punks The CryptoPunk contract address.
* @param punkIndex The index of the CryptoPunk to withdraw (i.e. token ID).
* @param to The recipient of the withdrawn punk.
*/
function withdrawPunk(
address punks,
uint256 punkIndex,
address to
) external override onlyOwner onlyWithdrawEnabled {
if (to == address(0)) revert AV_ZeroAddress("to");
IPunks(punks).transferPunk(to, punkIndex);
emit WithdrawPunk(msg.sender, punks, to, punkIndex);
}
/**
* @notice Withdraw SuperRare V1 from the vault.
* Vault must have withdraw enabled.
* Caller must be owner.
*
* @param superRareV1 SuperRare V1 contract address
* @param tokenId tokenId to withdraw
* @param to recipient of the token
*/
function withdrawSuperRareV1(
address superRareV1,
uint256 tokenId,
address to
) external override onlyOwner onlyWithdrawEnabled {
if (to == address(0)) revert AV_ZeroAddress("to");
ISuperRareV1(superRareV1).transfer(to, tokenId);
emit WithdrawSuperRareV1(msg.sender, superRareV1, to, tokenId);
}
// ====================================== UTILITY OPERATIONS ========================================
/**
* @notice Call a function on an external contract. Intended for claiming airdrops
* and other forms of NFT utility. All allowed calls are whitelist by the
* "whitelist" contract. The vault must have withdrawals disabled, and the caller
* must either be the owner, or the owner must have explicitly
* delegated this ability to the caller through ICallDelegator interface.
*
* @param to The contract address to call.
* @param data The data to call the contract with.
*/
function call(
address to,
bytes calldata data
) external override onlyAllowedCallers onlyWithdrawDisabled nonReentrant {
if (!ICallWhitelist(whitelist).isWhitelisted(to, bytes4(data[:4]))) {
revert AV_NonWhitelistedCall(to, bytes4(data[:4]));
}
to.functionCall(data);
emit Call(msg.sender, to, data);
}
/**
* @notice Approve a token for spending by an external contract. Note that any token
* approved in the whitelist does not make good collateral, because the allowed
* spender may be able to withdraw it from the vault.
*
* @param token The token to approve.
* @param spender The approved spender.
* @param amount The amount to approve.
*/
function callApprove(
address token,
address spender,
uint256 amount
) external override onlyAllowedCallers onlyWithdrawDisabled nonReentrant {
if (!CallWhitelistApprovals(whitelist).isApproved(token, spender)) {
revert AV_NonWhitelistedApproval(token, spender);
}
// Do approval
IERC20Upgradeable(token).safeApprove(spender, amount);
emit Approve(msg.sender, token, spender, amount);
}
/**
* @notice Increase token allowance for spending by an external contract. Note that any
* token approved in the whitelist does not make good collateral, because the
* allowed spender may be able to withdraw it from the vault.
*
* @param token The token to approve.
* @param spender The approved spender.
* @param amount The amount to increase allowance by.
*/
function callIncreaseAllowance(
address token,
address spender,
uint256 amount
) external override onlyAllowedCallers onlyWithdrawDisabled nonReentrant {
if (!CallWhitelistApprovals(whitelist).isApproved(token, spender)) {
revert AV_NonWhitelistedApproval(token, spender);
}
// increase spender allowance
IERC20Upgradeable(token).safeIncreaseAllowance(spender, amount);
emit IncreaseAllowance(msg.sender, token, spender, amount);
}
/**
* @notice Decrease token allowance for spending by an external contract. Note that any
* token approved in the whitelist does not make good collateral, because the
* allowed spender may be able to withdraw it from the vault.
*
* @param token The token to approve.
* @param spender The approved spender.
* @param amount The amount to decrease allowance by.
*/
function callDecreaseAllowance(
address token,
address spender,
uint256 amount
) external override onlyAllowedCallers onlyWithdrawDisabled nonReentrant {
if (!CallWhitelistApprovals(whitelist).isApproved(token, spender)) {
revert AV_NonWhitelistedApproval(token, spender);
}
// decrease spender allowance
IERC20Upgradeable(token).safeDecreaseAllowance(spender, amount);
emit DecreaseAllowance(msg.sender, token, spender, amount);
}
/**
* @notice Delegate a token held by the vault to an external contract. This token must
* be whitelisted for delegation by the CallWhitelistDelegation contract. This
* will grant delegation powers for all tokens within this contract held by the vault.
*
* @param token The token to delegate.
* @param target The address to delegate to (the hot wallet).
* @param enable Whether to enable or disable delegation.
*/
function callDelegateForContract(
address token,
address target,
bool enable
) external override onlyAllowedCallers onlyWithdrawDisabled nonReentrant {
if (!CallWhitelistDelegation(whitelist).isDelegationApproved(token)) {
revert AV_NonWhitelistedDelegation(token);
}
// Do delegation
CallWhitelistDelegation(whitelist).registry().delegateForContract(target, token, enable);
emit DelegateContract(msg.sender, token, target, enable);
}
/**
* @notice Delegate a specific tokenId held by the vault to an external contract. This token must
* be whitelisted for delegation by the CallWhitelistDelegation contract. This
* will grant delegation powers for only the specified tokenId within the token.
*
* @param token The token to delegate.
* @param target The address to delegate to (the hot wallet).
* @param tokenId The token ID to delegate.
* @param enable Whether to enable or disable delegation.
*/
function callDelegateForToken(
address token,
address target,
uint256 tokenId,
bool enable
) external override onlyAllowedCallers onlyWithdrawDisabled nonReentrant {
if (!CallWhitelistDelegation(whitelist).isDelegationApproved(token)) {
revert AV_NonWhitelistedDelegation(token);
}
// Do delegation
CallWhitelistDelegation(whitelist).registry().delegateForToken(target, token, tokenId, enable);
emit DelegateToken(msg.sender, token, target, tokenId, enable);
}
/**
* @notice Revoke all delegations the vault has granted to an external contract. For individual
* revocations per-contract and perToken, use callDelegateForContract and callDelegateForToken
* with enabled set to false.
*/
function callRevokeAllDelegates() external override onlyAllowedCallers onlyWithdrawDisabled nonReentrant {
CallWhitelistDelegation(whitelist).registry().revokeAllDelegates();
emit DelegateRevoke(msg.sender);
}
// ============================================ HELPERS =============================================
/**
* @dev Private function to withdraw a ERC721 token from the vault.
*
* @param token The token to withdraw.
* @param tokenId The ID of the NFT to withdraw.
* @param to The recipient of the withdrawn token.
*/
function _withdrawERC721(
address token,
uint256 tokenId,
address to
) private {
if (to == address(0)) revert AV_ZeroAddress("to");
IERC721Upgradeable(token).safeTransferFrom(address(this), to, tokenId);
emit WithdrawERC721(msg.sender, token, to, tokenId);
}
/**
* @dev Private function to withdraw ERC1155 tokens from the vault.
*
* @param token The token to withdraw.
* @param tokenId The ID of the token to withdraw.
* @param to The recipient of the withdrawn funds.
*/
function _withdrawERC1155(
address token,
uint256 tokenId,
address to
) private {
if (to == address(0)) revert AV_ZeroAddress("to");
uint256 balance = IERC1155(token).balanceOf(address(this), tokenId);
IERC1155Upgradeable(token).safeTransferFrom(address(this), to, tokenId, balance, "");
emit WithdrawERC1155(msg.sender, token, to, tokenId, balance);
}
/**
* @dev For any utility function, check whether the caller is the owner or has been
* approved via the ICallDelegator interface by the owner.
*/
modifier onlyAllowedCallers() {
if (msg.sender != owner() && !ICallDelegator(owner()).canCallOn(msg.sender, address(this))) {
revert AV_MissingAuthorization(msg.sender);
}
_;
}
/**
* @dev For methods only callable with withdraws enabled (all withdrawal operations).
*/
modifier onlyWithdrawEnabled() {
if (!withdrawEnabled) revert AV_WithdrawsDisabled();
_;
}
/**
* @dev For methods only callable with withdraws disabled (call operations and enabling withdraws).
*/
modifier onlyWithdrawDisabled() {
if (withdrawEnabled) revert AV_WithdrawsEnabled();
_;
}
/**
* @dev Fallback "receive Ether" function. Contract can hold Ether
* which can be accessed using withdrawETH.
*/
receive() external payable {}
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "../../utils/introspection/IERC165Upgradeable.sol";
/**
* @dev Required interface of an ERC721 compliant contract.
*/
interface IERC721Upgradeable is IERC165Upgradeable {
/**
* @dev Emitted when `tokenId` token is transferred from `from` to `to`.
*/
event Transfer(address indexed from, address indexed to, uint256 indexed tokenId);
/**
* @dev Emitted when `owner` enables `approved` to manage the `tokenId` token.
*/
event Approval(address indexed owner, address indexed approved, uint256 indexed tokenId);
/**
* @dev Emitted when `owner` enables or disables (`approved`) `operator` to manage all of its assets.
*/
event ApprovalForAll(address indexed owner, address indexed operator, bool approved);
/**
* @dev Returns the number of tokens in ``owner``'s account.
*/
function balanceOf(address owner) external view returns (uint256 balance);
/**
* @dev Returns the owner of the `tokenId` token.
*
* Requirements:
*
* - `tokenId` must exist.
*/
function ownerOf(uint256 tokenId) external view returns (address owner);
/**
* @dev Safely transfers `tokenId` token from `from` to `to`, checking first that contract recipients
* are aware of the ERC721 protocol to prevent tokens from being forever locked.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must exist and be owned by `from`.
* - If the caller is not `from`, it must be have been allowed to move this token by either {approve} or {setApprovalForAll}.
* - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.
*
* Emits a {Transfer} event.
*/
function safeTransferFrom(
address from,
address to,
uint256 tokenId
) external;
/**
* @dev Transfers `tokenId` token from `from` to `to`.
*
* WARNING: Usage of this method is discouraged, use {safeTransferFrom} whenever possible.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must be owned by `from`.
* - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}.
*
* Emits a {Transfer} event.
*/
function transferFrom(
address from,
address to,
uint256 tokenId
) external;
/**
* @dev Gives permission to `to` to transfer `tokenId` token to another account.
* The approval is cleared when the token is transferred.
*
* Only a single account can be approved at a time, so approving the zero address clears previous approvals.
*
* Requirements:
*
* - The caller must own the token or be an approved operator.
* - `tokenId` must exist.
*
* Emits an {Approval} event.
*/
function approve(address to, uint256 tokenId) external;
/**
* @dev Returns the account approved for `tokenId` token.
*
* Requirements:
*
* - `tokenId` must exist.
*/
function getApproved(uint256 tokenId) external view returns (address operator);
/**
* @dev Approve or remove `operator` as an operator for the caller.
* Operators can call {transferFrom} or {safeTransferFrom} for any token owned by the caller.
*
* Requirements:
*
* - The `operator` cannot be the caller.
*
* Emits an {ApprovalForAll} event.
*/
function setApprovalForAll(address operator, bool _approved) external;
/**
* @dev Returns if the `operator` is allowed to manage all of the assets of `owner`.
*
* See {setApprovalForAll}
*/
function isApprovedForAll(address owner, address operator) external view returns (bool);
/**
* @dev Safely transfers `tokenId` token from `from` to `to`.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must exist and be owned by `from`.
* - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}.
* - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.
*
* Emits a {Transfer} event.
*/
function safeTransferFrom(
address from,
address to,
uint256 tokenId,
bytes calldata data
) external;
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "../../utils/introspection/IERC165Upgradeable.sol";
/**
* @dev Required interface of an ERC1155 compliant contract, as defined in the
* https://eips.ethereum.org/EIPS/eip-1155[EIP].
*
* _Available since v3.1._
*/
interface IERC1155Upgradeable is IERC165Upgradeable {
/**
* @dev Emitted when `value` tokens of token type `id` are transferred from `from` to `to` by `operator`.
*/
event TransferSingle(address indexed operator, address indexed from, address indexed to, uint256 id, uint256 value);
/**
* @dev Equivalent to multiple {TransferSingle} events, where `operator`, `from` and `to` are the same for all
* transfers.
*/
event TransferBatch(
address indexed operator,
address indexed from,
address indexed to,
uint256[] ids,
uint256[] values
);
/**
* @dev Emitted when `account` grants or revokes permission to `operator` to transfer their tokens, according to
* `approved`.
*/
event ApprovalForAll(address indexed account, address indexed operator, bool approved);
/**
* @dev Emitted when the URI for token type `id` changes to `value`, if it is a non-programmatic URI.
*
* If an {URI} event was emitted for `id`, the standard
* https://eips.ethereum.org/EIPS/eip-1155#metadata-extensions[guarantees] that `value` will equal the value
* returned by {IERC1155MetadataURI-uri}.
*/
event URI(string value, uint256 indexed id);
/**
* @dev Returns the amount of tokens of token type `id` owned by `account`.
*
* Requirements:
*
* - `account` cannot be the zero address.
*/
function balanceOf(address account, uint256 id) external view returns (uint256);
/**
* @dev xref:ROOT:erc1155.adoc#batch-operations[Batched] version of {balanceOf}.
*
* Requirements:
*
* - `accounts` and `ids` must have the same length.
*/
function balanceOfBatch(address[] calldata accounts, uint256[] calldata ids)
external
view
returns (uint256[] memory);
/**
* @dev Grants or revokes permission to `operator` to transfer the caller's tokens, according to `approved`,
*
* Emits an {ApprovalForAll} event.
*
* Requirements:
*
* - `operator` cannot be the caller.
*/
function setApprovalForAll(address operator, bool approved) external;
/**
* @dev Returns true if `operator` is approved to transfer ``account``'s tokens.
*
* See {setApprovalForAll}.
*/
function isApprovedForAll(address account, address operator) external view returns (bool);
/**
* @dev Transfers `amount` tokens of token type `id` from `from` to `to`.
*
* Emits a {TransferSingle} event.
*
* Requirements:
*
* - `to` cannot be the zero address.
* - If the caller is not `from`, it must be have been approved to spend ``from``'s tokens via {setApprovalForAll}.
* - `from` must have a balance of tokens of type `id` of at least `amount`.
* - If `to` refers to a smart contract, it must implement {IERC1155Receiver-onERC1155Received} and return the
* acceptance magic value.
*/
function safeTransferFrom(
address from,
address to,
uint256 id,
uint256 amount,
bytes calldata data
) external;
/**
* @dev xref:ROOT:erc1155.adoc#batch-operations[Batched] version of {safeTransferFrom}.
*
* Emits a {TransferBatch} event.
*
* Requirements:
*
* - `ids` and `amounts` must have the same length.
* - If `to` refers to a smart contract, it must implement {IERC1155Receiver-onERC1155BatchReceived} and return the
* acceptance magic value.
*/
function safeBatchTransferFrom(
address from,
address to,
uint256[] calldata ids,
uint256[] calldata amounts,
bytes calldata data
) external;
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "../IERC20Upgradeable.sol";
import "../../../utils/AddressUpgradeable.sol";
/**
* @title SafeERC20
* @dev Wrappers around ERC20 operations that throw on failure (when the token
* contract returns false). Tokens that return no value (and instead revert or
* throw on failure) are also supported, non-reverting calls are assumed to be
* successful.
* To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
* which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
*/
library SafeERC20Upgradeable {
using AddressUpgradeable for address;
function safeTransfer(
IERC20Upgradeable token,
address to,
uint256 value
) internal {
_callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));
}
function safeTransferFrom(
IERC20Upgradeable token,
address from,
address to,
uint256 value
) internal {
_callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));
}
/**
* @dev Deprecated. This function has issues similar to the ones found in
* {IERC20-approve}, and its usage is discouraged.
*
* Whenever possible, use {safeIncreaseAllowance} and
* {safeDecreaseAllowance} instead.
*/
function safeApprove(
IERC20Upgradeable token,
address spender,
uint256 value
) internal {
// safeApprove should only be called when setting an initial allowance,
// or when resetting it to zero. To increase and decrease it, use
// 'safeIncreaseAllowance' and 'safeDecreaseAllowance'
require(
(value == 0) || (token.allowance(address(this), spender) == 0),
"SafeERC20: approve from non-zero to non-zero allowance"
);
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));
}
function safeIncreaseAllowance(
IERC20Upgradeable token,
address spender,
uint256 value
) internal {
uint256 newAllowance = token.allowance(address(this), spender) + value;
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));
}
function safeDecreaseAllowance(
IERC20Upgradeable token,
address spender,
uint256 value
) internal {
unchecked {
uint256 oldAllowance = token.allowance(address(this), spender);
require(oldAllowance >= value, "SafeERC20: decreased allowance below zero");
uint256 newAllowance = oldAllowance - value;
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));
}
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*/
function _callOptionalReturn(IERC20Upgradeable token, bytes memory data) private {
// We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
// we're implementing it ourselves. We use {Address.functionCall} to perform this call, which verifies that
// the target address contains contract code and also asserts for success in the low-level call.
bytes memory returndata = address(token).functionCall(data, "SafeERC20: low-level call failed");
if (returndata.length > 0) {
// Return data is optional
require(abi.decode(returndata, (bool)), "SafeERC20: ERC20 operation did not succeed");
}
}
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "../IERC721ReceiverUpgradeable.sol";
import "../../../proxy/utils/Initializable.sol";
/**
* @dev Implementation of the {IERC721Receiver} interface.
*
* Accepts all token transfers.
* Make sure the contract is able to use its token with {IERC721-safeTransferFrom}, {IERC721-approve} or {IERC721-setApprovalForAll}.
*/
contract ERC721HolderUpgradeable is Initializable, IERC721ReceiverUpgradeable {
function __ERC721Holder_init() internal initializer {
__ERC721Holder_init_unchained();
}
function __ERC721Holder_init_unchained() internal initializer {
}
/**
* @dev See {IERC721Receiver-onERC721Received}.
*
* Always returns `IERC721Receiver.onERC721Received.selector`.
*/
function onERC721Received(
address,
address,
uint256,
bytes memory
) public virtual override returns (bytes4) {
return this.onERC721Received.selector;
}
uint256[50] private __gap;
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "./ERC1155ReceiverUpgradeable.sol";
import "../../../proxy/utils/Initializable.sol";
/**
* @dev _Available since v3.1._
*/
contract ERC1155HolderUpgradeable is Initializable, ERC1155ReceiverUpgradeable {
function __ERC1155Holder_init() internal initializer {
__ERC165_init_unchained();
__ERC1155Receiver_init_unchained();
__ERC1155Holder_init_unchained();
}
function __ERC1155Holder_init_unchained() internal initializer {
}
function onERC1155Received(
address,
address,
uint256,
uint256,
bytes memory
) public virtual override returns (bytes4) {
return this.onERC1155Received.selector;
}
function onERC1155BatchReceived(
address,
address,
uint256[] memory,
uint256[] memory,
bytes memory
) public virtual override returns (bytes4) {
return this.onERC1155BatchReceived.selector;
}
uint256[50] private __gap;
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
/**
* @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
* behind a proxy. Since a proxied contract can't have a constructor, it's common to move constructor logic to an
* external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
* function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
*
* TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
* possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
*
* CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
* that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
*/
abstract contract Initializable {
/**
* @dev Indicates that the contract has been initialized.
*/
bool private _initialized;
/**
* @dev Indicates that the contract is in the process of being initialized.
*/
bool private _initializing;
/**
* @dev Modifier to protect an initializer function from being invoked twice.
*/
modifier initializer() {
require(_initializing || !_initialized, "Initializable: contract is already initialized");
bool isTopLevelCall = !_initializing;
if (isTopLevelCall) {
_initializing = true;
_initialized = true;
}
_;
if (isTopLevelCall) {
_initializing = false;
}
}
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "../proxy/utils/Initializable.sol";
/**
* @dev Contract module that helps prevent reentrant calls to a function.
*
* Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier
* available, which can be applied to functions to make sure there are no nested
* (reentrant) calls to them.
*
* Note that because there is a single `nonReentrant` guard, functions marked as
* `nonReentrant` may not call one another. This can be worked around by making
* those functions `private`, and then adding `external` `nonReentrant` entry
* points to them.
*
* TIP: If you would like to learn more about reentrancy and alternative ways
* to protect against it, check out our blog post
* https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul].
*/
abstract contract ReentrancyGuardUpgradeable is Initializable {
// Booleans are more expensive than uint256 or any type that takes up a full
// word because each write operation emits an extra SLOAD to first read the
// slot's contents, replace the bits taken up by the boolean, and then write
// back. This is the compiler's defense against contract upgrades and
// pointer aliasing, and it cannot be disabled.
// The values being non-zero value makes deployment a bit more expensive,
// but in exchange the refund on every call to nonReentrant will be lower in
// amount. Since refunds are capped to a percentage of the total
// transaction's gas, it is best to keep them low in cases like this one, to
// increase the likelihood of the full refund coming into effect.
uint256 private constant _NOT_ENTERED = 1;
uint256 private constant _ENTERED = 2;
uint256 private _status;
function __ReentrancyGuard_init() internal initializer {
__ReentrancyGuard_init_unchained();
}
function __ReentrancyGuard_init_unchained() internal initializer {
_status = _NOT_ENTERED;
}
/**
* @dev Prevents a contract from calling itself, directly or indirectly.
* Calling a `nonReentrant` function from another `nonReentrant`
* function is not supported. It is possible to prevent this from happening
* by making the `nonReentrant` function external, and make it call a
* `private` function that does the actual work.
*/
modifier nonReentrant() {
// On the first call to nonReentrant, _notEntered will be true
require(_status != _ENTERED, "ReentrancyGuard: reentrant call");
// Any calls to nonReentrant after this point will fail
_status = _ENTERED;
_;
// By storing the original value once again, a refund is triggered (see
// https://eips.ethereum.org/EIPS/eip-2200)
_status = _NOT_ENTERED;
}
uint256[49] private __gap;
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
/**
* @dev Collection of functions related to the address type
*/
library AddressUpgradeable {
/**
* @dev Returns true if `account` is a contract.
*
* [IMPORTANT]
* ====
* It is unsafe to assume that an address for which this function returns
* false is an externally-owned account (EOA) and not a contract.
*
* Among others, `isContract` will return false for the following
* types of addresses:
*
* - an externally-owned account
* - a contract in construction
* - an address where a contract will be created
* - an address where a contract lived, but was destroyed
* ====
*/
function isContract(address account) internal view returns (bool) {
// This method relies on extcodesize, which returns 0 for contracts in
// construction, since the code is only stored at the end of the
// constructor execution.
uint256 size;
assembly {
size := extcodesize(account)
}
return size > 0;
}
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
require(address(this).balance >= amount, "Address: insufficient balance");
(bool success, ) = recipient.call{value: amount}("");
require(success, "Address: unable to send value, recipient may have reverted");
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason, it is bubbled up by this
* function (like regular Solidity function calls).
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*
* _Available since v3.1._
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCall(target, data, "Address: low-level call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
* `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value
) internal returns (bytes memory) {
return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
}
/**
* @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
* with `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value,
string memory errorMessage
) internal returns (bytes memory) {
require(address(this).balance >= value, "Address: insufficient balance for call");
require(isContract(target), "Address: call to non-contract");
(bool success, bytes memory returndata) = target.call{value: value}(data);
return verifyCallResult(success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
return functionStaticCall(target, data, "Address: low-level static call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(
address target,
bytes memory data,
string memory errorMessage
) internal view returns (bytes memory) {
require(isContract(target), "Address: static call to non-contract");
(bool success, bytes memory returndata) = target.staticcall(data);
return verifyCallResult(success, returndata, errorMessage);
}
/**
* @dev Tool to verifies that a low level call was successful, and revert if it wasn't, either by bubbling the
* revert reason using the provided one.
*
* _Available since v4.3._
*/
function verifyCallResult(
bool success,
bytes memory returndata,
string memory errorMessage
) internal pure returns (bytes memory) {
if (success) {
return returndata;
} else {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert(errorMessage);
}
}
}
}
// SPDX-License-Identifier: MIT
pragma solidity 0.8.18;
interface IAssetVault {
// ============= Enums ==============
enum TokenType { ERC721, ERC1155 }
// ============= Events ==============
event WithdrawEnabled(address operator);
event WithdrawERC20(address indexed operator, address indexed token, address recipient, uint256 amount);
event WithdrawERC721(address indexed operator, address indexed token, address recipient, uint256 tokenId);
event WithdrawPunk(address indexed operator, address indexed token, address recipient, uint256 tokenId);
event WithdrawSuperRareV1(address indexed operator, address indexed token, address recipient, uint256 tokenId);
event WithdrawERC1155(
address indexed operator,
address indexed token,
address recipient,
uint256 tokenId,
uint256 amount
);
event WithdrawETH(address indexed operator, address indexed recipient, uint256 amount);
event Call(address indexed operator, address indexed to, bytes data);
event Approve(address indexed operator, address indexed token, address indexed spender, uint256 amount);
event IncreaseAllowance(address indexed operator, address indexed token, address indexed spender, uint256 amount);
event DecreaseAllowance(address indexed operator, address indexed token, address indexed spender, uint256 amount);
event DelegateContract(address indexed operator, address indexed token, address indexed target, bool enabled);
event DelegateToken(address indexed operator, address indexed token, address indexed target, uint256 tokenId, bool enabled);
event DelegateRevoke(address indexed operator);
// ================= Initializer ==================
function initialize(address _whitelist) external;
// ================ View Functions ================
function withdrawEnabled() external view returns (bool);
function whitelist() external view returns (address);
// ================ Withdrawal Operations ================
function enableWithdraw() external;
function withdrawERC20(address token, address to) external;
function withdrawERC721(
address token,
uint256 tokenId,
address to
) external;
function withdrawERC1155(
address token,
uint256 tokenId,
address to
) external;
function withdrawBatch(
address[] calldata tokens,
uint256[] calldata tokenIds,
TokenType[] calldata tokenTypes,
address to
) external;
function withdrawETH(address to) external;
function withdrawPunk(
address punks,
uint256 punkIndex,
address to
) external;
function withdrawSuperRareV1(
address superRareV1,
uint256 tokenId,
address to
) external;
// ================ Utility Operations ================
function call(address to, bytes memory data) external;
function callApprove(address token, address spender, uint256 amount) external;
function callIncreaseAllowance(address token, address spender, uint256 amount) external;
function callDecreaseAllowance(address token, address spender, uint256 amount) external;
function callDelegateForContract(address token, address target, bool enable) external;
function callDelegateForToken(address token, address target, uint256 tokenId, bool enable) external;
function callRevokeAllDelegates() external;
}
// SPDX-License-Identifier: MIT
pragma solidity 0.8.18;
interface ICallDelegator {
// ============== View Functions ==============
function canCallOn(address caller, address vault) external view returns (bool);
}
// SPDX-License-Identifier: MIT
pragma solidity 0.8.18;
interface IPunks {
function balanceOf(address owner) external view returns (uint256);
function punkIndexToAddress(uint256 punkIndex) external view returns (address owner);
function buyPunk(uint256 punkIndex) external;
function transferPunk(address to, uint256 punkIndex) external;
}
// SPDX-License-Identifier: MIT
pragma solidity 0.8.18;
interface ISuperRareV1 {
function balanceOf(address _owner) external view returns (uint256 _balance);
function ownerOf(uint256 _tokenId) external view returns (address _owner);
function transfer(address _to, uint256 _tokenId) external;
function approve(address _to, uint256 _tokenId) external;
function takeOwnership(uint256 _tokenId) external;
}
// SPDX-License-Identifier: GPL-3.0-only
pragma solidity 0.8.18;
import "../external/interfaces/IDelegationRegistry.sol";
import "./CallWhitelist.sol";
import { CWD_RegistryAlreadySet, CWD_ZeroAddress } from "../errors/Vault.sol";
/**
* @title CallWhitelistDelegation
* @author Non-Fungible Technologies, Inc.
*
* Adds delegation functionality to CallWhitelist, allowing the
* whitelist manager to decide which collections can be used with
* the DelegateCash registry. Each token should be considered for
* possible implications of delegation before adding to the whitelist.
*
* If a token is on the whitelist, delegateForContract and delegateForToken
* will be enabled for that token.
*
* WARNING: adding these functions to the core CallWhitelist whitelist will bypass
* the delegation functions that check the whitelist for which tokens can
* be delegated. The whitelist manager should take care not to use both the core
* whitelist for delegation as well as the delegation whitelist.
*/
contract CallWhitelistDelegation is CallWhitelist {
event DelegationSet(address indexed caller, address indexed token, bool isApproved);
event RegistryChanged(address indexed caller, address indexed registry);
// ============================================ STATE ==============================================
// ================= Whitelist State ==================
/// @notice Tokens approved for delegation.
/// @dev token -> isApproved
mapping(address => bool) private delegationApproved;
/// @notice The delegation registry for the whitelist.
IDelegationRegistry public registry;
// ========================================== CONSTRUCTOR ===========================================
/**
* @dev Initializes values so initialize cannot be called on template.
*/
constructor(address _registry) {
if (_registry == address(0)) revert CWD_ZeroAddress();
registry = IDelegationRegistry(_registry);
}
// ========================================= VIEW FUNCTIONS =========================================
/**
* @notice Returns true if the given spender is approved to spend the given token.
*
* @param token The token approval to check.
*
* @return isDelegationApproved True if the token can be delegated, else false.
*/
function isDelegationApproved(address token) public view returns (bool) {
return delegationApproved[token];
}
// ======================================== UPDATE OPERATIONS =======================================
/**
* @notice Sets approval status of a given token for a spender. Note that this is
* NOT a token approval - it is permission to register a delegation from
* the vault.
*
* @param token The token approval to set.
* @param _isApproved Whether the token should be approved.
*/
function setDelegationApproval(address token, bool _isApproved) external onlyRole(WHITELIST_MANAGER_ROLE) {
delegationApproved[token] = _isApproved;
emit DelegationSet(msg.sender, token, _isApproved);
}
/**
* @notice Sets the registry for the whitelist. Should only be used in case
* of delegate cash migration to new registry.
*
* @param _registry The new registry.
*/
function setRegistry(address _registry) external onlyRole(ADMIN_ROLE) {
if (address(registry) == _registry) revert CWD_RegistryAlreadySet();
registry = IDelegationRegistry(_registry);
emit RegistryChanged(msg.sender, _registry);
}
}
// SPDX-License-Identifier: GPL-3.0-only
pragma solidity 0.8.18;
import "./CallWhitelist.sol";
/**
* @title CallWhitelistApprovals
* @author Non-Fungible Technologies, Inc.
*
* Adds approvals functionality to CallWhitelist. Certain spenders
* can be approved for tokens on vaults, with the requisite ability
* to withdraw. Should not be used for tokens acting as collateral.
*
* The contract owner can add or remove approved token/spender pairs.
*/
contract CallWhitelistApprovals is CallWhitelist {
event ApprovalSet(address indexed caller, address indexed token, address indexed spender, bool isApproved);
// ============================================ STATE ==============================================
// ================= Whitelist State ==================
/// @notice Approved spenders of vault tokens.
/// @dev token -> spender -> isApproved
mapping(address => mapping(address => bool)) private approvals;
/**
* @notice Returns true if the given spender is approved to spend the given token.
*
* @param token The token approval to check.
* @param spender The token spender.
*
* @return isApproved True if approved, else false.
*/
function isApproved(address token, address spender) public view returns (bool) {
return approvals[token][spender];
}
// ======================================== UPDATE OPERATIONS =======================================
/**
* @notice Sets approval status of a given token for a spender. Note that this is
* NOT a token approval - it is permission to create a token approval from
* the asset vault.
*
* @param token The token approval to set.
* @param spender The token spender.
* @param _isApproved Whether the spender should be approved.
*/
function setApproval(address token, address spender, bool _isApproved) external onlyRole(WHITELIST_MANAGER_ROLE) {
approvals[token][spender] = _isApproved;
emit ApprovalSet(msg.sender, token, spender, _isApproved);
}
}
// SPDX-License-Identifier: GPL-3.0-only
pragma solidity 0.8.18;
import "@openzeppelin/contracts/token/ERC721/IERC721.sol";
import { OERC721_CallerNotOwner } from "../errors/Vault.sol";
/**
* @title OwnableERC721
* @author Non-Fungible Technologies, Inc.
*
* Uses ERC721 ownership for access control to a set of contracts.
* Ownership of underlying contract determined by ownership of a token ID,
* where the token ID converts to an on-chain address.
*/
abstract contract OwnableERC721 {
event SetOwnershipToken(address indexed caller, address indexed ownershipToken);
// ============================================ STATE ==============================================
/// @dev The ERC721 token that contract owners should have ownership of.
address public ownershipToken;
// ========================================= VIEW FUNCTIONS =========================================
/**
* @notice Specifies the owner of the underlying token ID, derived
* from the contract address of the contract implementing.
*
* @return ownerAddress The owner of the underlying token derived from
* the calling address.
*/
function owner() public view virtual returns (address ownerAddress) {
return IERC721(ownershipToken).ownerOf(uint256(uint160(address(this))));
}
// ============================================ HELPERS =============================================
/**
* @dev Set the ownership token - the ERC721 that specified who controls
* defined addresses.
*
* @param _ownershipToken The address of the ERC721 token that defines ownership.
*/
function _setNFT(address _ownershipToken) internal {
ownershipToken = _ownershipToken;
emit SetOwnershipToken(msg.sender, _ownershipToken);
}
/**
* @dev Similar to Ownable - checks the method is being called by the owner,
* where the owner is defined by the token ID in the ownership token which
* maps to the calling contract address.
*/
modifier onlyOwner() {
if (owner() != msg.sender) revert OERC721_CallerNotOwner(msg.sender);
_;
}
}
// SPDX-License-Identifier: MIT
pragma solidity 0.8.18;
/**
* @title VaultErrors
* @author Non-Fungible Technologies, Inc.
*
* This file contains all custom errors for vault contracts used by the protocol.
* All errors prefixed by the contract that throws them (e.g., "AV_" for Asset Vault).
* Errors located in one place to make it possible to holistically look at all
* asset vault failure cases.
*/
// ==================================== Asset Vault ======================================
/// @notice All errors prefixed with AV_, to separate from other contracts in the protocol.
/**
* @notice Vault withdraws must be enabled.
*/
error AV_WithdrawsDisabled();
/**
* @notice Vault withdraws enabled.
*/
error AV_WithdrawsEnabled();
/**
* @notice Asset vault already initialized.
*
* @param ownershipToken Caller of initialize function in asset vault contract.
*/
error AV_AlreadyInitialized(address ownershipToken);
/**
* @notice CanCallOn authorization returned false.
*
* @param caller Msg.sender of the function call.
*/
error AV_MissingAuthorization(address caller);
/**
* @notice Call disallowed.
*
* @param to The contract address to call.
* @param data The data to call the contract with.
*/
error AV_NonWhitelistedCall(address to, bytes4 data);
/**
* @notice Approval disallowed.
*
* @param token The token to approve.
* @param spender The spender to approve.
*/
error AV_NonWhitelistedApproval(address token, address spender);
/**
* @notice Cannot withdraw more than 25 items from a vault at a time.
*
* @param arrayLength Total elements provided.
*/
error AV_TooManyItems(uint256 arrayLength);
/**
* @notice The length of either the tokenIds or tokenTypes array does not match
* the length of the tokenAddress array.
*
* @param arrayType Array type that does not match tokenAddress array length.
*/
error AV_LengthMismatch(string arrayType);
/**
* @notice Zero address passed in where not allowed.
*
* @param addressType The name of the parameter for which a zero address was provided.
*/
error AV_ZeroAddress(string addressType);
/**
* @notice Delegation disallowed.
*
* @param token The token to delegate.
*/
error AV_NonWhitelistedDelegation(address token);
// ==================================== Ownable ERC721 ======================================
/// @notice All errors prefixed with OERC721_, to separate from other contracts in the protocol.
/**
* @notice Function caller is not the owner.
*
* @param caller Msg.sender of the function call.
*/
error OERC721_CallerNotOwner(address caller);
// ==================================== Vault Factory ======================================
/// @notice All errors prefixed with VF_, to separate from other contracts in the protocol.
/**
* @notice Zero address passed in where not allowed.
*
* @param addressType The name of the parameter for which a zero address was provided.
*/
error VF_ZeroAddress(string addressType);
/**
* @notice Global index out of bounds.
*
* @param tokenId AW-V2 tokenId of the asset vault.
*/
error VF_TokenIdOutOfBounds(uint256 tokenId);
/**
* @notice Cannot transfer with withdraw enabled.
*
* @param tokenId AW-V2 tokenId of the asset vault.
*/
error VF_NoTransferWithdrawEnabled(uint256 tokenId);
/**
* @notice Not enough msg.value sent for the required mint fee.
*
* @param value The msg.value.
* @param requiredMintFee The required mint fee.
*/
error VF_InsufficientMintFee(uint256 value, uint256 requiredMintFee);
/**
* @notice Non-existant token id provided as argument.
*
* @param tokenId The ID of the token to lookup the URI for.
*/
error VF_DoesNotExist(uint256 tokenId);
// ================================== Call Whitelist ======================================
/// @notice All errors prefixed with CW_, to separate from other contracts in the protocol.
/**
* @notice Cannot whitelist a call which has already been whitelisted.
*
* @param callee The contract to be added to CallWhitelist mapping.
* @param selector The function selector to be added to CallWhitelist mapping.
*/
error CW_AlreadyWhitelisted(address callee, bytes4 selector);
/**
* @notice Cannot remove a call from the CallWhitelist that has not yet been added.
*
* @param callee The contract to be removed from CallWhitelist mapping.
* @param selector The function selector to be removed from CallWhitelist mapping.
*/
error CW_NotWhitelisted(address callee, bytes4 selector);
// ================================== Call Whitelist Delegation ======================================
/**
* @notice Zero address passed in the constructor.
*/
error CWD_ZeroAddress();
/**
* @notice The registry address provided is currently set as the registry.
*/
error CWD_RegistryAlreadySet();
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC165 standard, as defined in the
* https://eips.ethereum.org/EIPS/eip-165[EIP].
*
* Implementers can declare support of contract interfaces, which can then be
* queried by others ({ERC165Checker}).
*
* For an implementation, see {ERC165}.
*/
interface IERC165Upgradeable {
/**
* @dev Returns true if this contract implements the interface defined by
* `interfaceId`. See the corresponding
* https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[EIP section]
* to learn more about how these ids are created.
*
* This function call must use less than 30 000 gas.
*/
function supportsInterface(bytes4 interfaceId) external view returns (bool);
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/
interface IERC20Upgradeable {
/**
* @dev Returns the amount of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the amount of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves `amount` tokens from the caller's account to `recipient`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address recipient, uint256 amount) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 amount) external returns (bool);
/**
* @dev Moves `amount` tokens from `sender` to `recipient` using the
* allowance mechanism. `amount` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(
address sender,
address recipient,
uint256 amount
) external returns (bool);
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
/**
* @title ERC721 token receiver interface
* @dev Interface for any contract that wants to support safeTransfers
* from ERC721 asset contracts.
*/
interface IERC721ReceiverUpgradeable {
/**
* @dev Whenever an {IERC721} `tokenId` token is transferred to this contract via {IERC721-safeTransferFrom}
* by `operator` from `from`, this function is called.
*
* It must return its Solidity selector to confirm the token transfer.
* If any other value is returned or the interface is not implemented by the recipient, the transfer will be reverted.
*
* The selector can be obtained in Solidity with `IERC721.onERC721Received.selector`.
*/
function onERC721Received(
address operator,
address from,
uint256 tokenId,
bytes calldata data
) external returns (bytes4);
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "../IERC1155ReceiverUpgradeable.sol";
import "../../../utils/introspection/ERC165Upgradeable.sol";
import "../../../proxy/utils/Initializable.sol";
/**
* @dev _Available since v3.1._
*/
abstract contract ERC1155ReceiverUpgradeable is Initializable, ERC165Upgradeable, IERC1155ReceiverUpgradeable {
function __ERC1155Receiver_init() internal initializer {
__ERC165_init_unchained();
__ERC1155Receiver_init_unchained();
}
function __ERC1155Receiver_init_unchained() internal initializer {
}
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override(ERC165Upgradeable, IERC165Upgradeable) returns (bool) {
return interfaceId == type(IERC1155ReceiverUpgradeable).interfaceId || super.supportsInterface(interfaceId);
}
uint256[50] private __gap;
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "../../utils/introspection/IERC165Upgradeable.sol";
/**
* @dev _Available since v3.1._
*/
interface IERC1155ReceiverUpgradeable is IERC165Upgradeable {
/**
@dev Handles the receipt of a single ERC1155 token type. This function is
called at the end of a `safeTransferFrom` after the balance has been updated.
To accept the transfer, this must return
`bytes4(keccak256("onERC1155Received(address,address,uint256,uint256,bytes)"))`
(i.e. 0xf23a6e61, or its own function selector).
@param operator The address which initiated the transfer (i.e. msg.sender)
@param from The address which previously owned the token
@param id The ID of the token being transferred
@param value The amount of tokens being transferred
@param data Additional data with no specified format
@return `bytes4(keccak256("onERC1155Received(address,address,uint256,uint256,bytes)"))` if transfer is allowed
*/
function onERC1155Received(
address operator,
address from,
uint256 id,
uint256 value,
bytes calldata data
) external returns (bytes4);
/**
@dev Handles the receipt of a multiple ERC1155 token types. This function
is called at the end of a `safeBatchTransferFrom` after the balances have
been updated. To accept the transfer(s), this must return
`bytes4(keccak256("onERC1155BatchReceived(address,address,uint256[],uint256[],bytes)"))`
(i.e. 0xbc197c81, or its own function selector).
@param operator The address which initiated the batch transfer (i.e. msg.sender)
@param from The address which previously owned the token
@param ids An array containing ids of each token being transferred (order and length must match values array)
@param values An array containing amounts of each token being transferred (order and length must match ids array)
@param data Additional data with no specified format
@return `bytes4(keccak256("onERC1155BatchReceived(address,address,uint256[],uint256[],bytes)"))` if transfer is allowed
*/
function onERC1155BatchReceived(
address operator,
address from,
uint256[] calldata ids,
uint256[] calldata values,
bytes calldata data
) external returns (bytes4);
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "./IERC165Upgradeable.sol";
import "../../proxy/utils/Initializable.sol";
/**
* @dev Implementation of the {IERC165} interface.
*
* Contracts that want to implement ERC165 should inherit from this contract and override {supportsInterface} to check
* for the additional interface id that will be supported. For example:
*
* ```solidity
* function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
* return interfaceId == type(MyInterface).interfaceId || super.supportsInterface(interfaceId);
* }
* ```
*
* Alternatively, {ERC165Storage} provides an easier to use but more expensive implementation.
*/
abstract contract ERC165Upgradeable is Initializable, IERC165Upgradeable {
function __ERC165_init() internal initializer {
__ERC165_init_unchained();
}
function __ERC165_init_unchained() internal initializer {
}
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return interfaceId == type(IERC165Upgradeable).interfaceId;
}
uint256[50] private __gap;
}
// SPDX-License-Identifier: CC0-1.0
pragma solidity 0.8.18;
/**
* @notice Sourced from:
* https://docs.delegate.cash/delegatecash/technical-documentation/delegation-registry/idelegationregistry.sol
*/
/**
* @title An immutable registry contract to be deployed as a standalone primitive
* @dev See EIP-5639, new project launches can read previous cold wallet -> hot wallet delegations
* from here and integrate those permissions into their flow
*/
interface IDelegationRegistry {
/// @notice Delegation type
enum DelegationType {
NONE,
ALL,
CONTRACT,
TOKEN
}
/// @notice Info about a single delegation, used for onchain enumeration
struct DelegationInfo {
DelegationType type_;
address vault;
address delegate;
address contract_;
uint256 tokenId;
}
/// @notice Info about a single contract-level delegation
struct ContractDelegation {
address contract_;
address delegate;
}
/// @notice Info about a single token-level delegation
struct TokenDelegation {
address contract_;
uint256 tokenId;
address delegate;
}
/// @notice Emitted when a user delegates their entire wallet
event DelegateForAll(address vault, address delegate, bool value);
/// @notice Emitted when a user delegates a specific contract
event DelegateForContract(address vault, address delegate, address contract_, bool value);
/// @notice Emitted when a user delegates a specific token
event DelegateForToken(address vault, address delegate, address contract_, uint256 tokenId, bool value);
/// @notice Emitted when a user revokes all delegations
event RevokeAllDelegates(address vault);
/// @notice Emitted when a user revoes all delegations for a given delegate
event RevokeDelegate(address vault, address delegate);
/**
* ----------- WRITE -----------
*/
/**
* @notice Allow the delegate to act on your behalf for all contracts
* @param delegate The hotwallet to act on your behalf
* @param value Whether to enable or disable delegation for this address, true for setting and false for revoking
*/
function delegateForAll(address delegate, bool value) external;
/**
* @notice Allow the delegate to act on your behalf for a specific contract
* @param delegate The hotwallet to act on your behalf
* @param contract_ The address for the contract you're delegating
* @param value Whether to enable or disable delegation for this address, true for setting and false for revoking
*/
function delegateForContract(address delegate, address contract_, bool value) external;
/**
* @notice Allow the delegate to act on your behalf for a specific token
* @param delegate The hotwallet to act on your behalf
* @param contract_ The address for the contract you're delegating
* @param tokenId The token id for the token you're delegating
* @param value Whether to enable or disable delegation for this address, true for setting and false for revoking
*/
function delegateForToken(address delegate, address contract_, uint256 tokenId, bool value) external;
/**
* @notice Revoke all delegates
*/
function revokeAllDelegates() external;
/**
* @notice Revoke a specific delegate for all their permissions
* @param delegate The hotwallet to revoke
*/
function revokeDelegate(address delegate) external;
/**
* @notice Remove yourself as a delegate for a specific vault
* @param vault The vault which delegated to the msg.sender, and should be removed
*/
function revokeSelf(address vault) external;
/**
* ----------- READ -----------
*/
/**
* @notice Returns all active delegations a given delegate is able to claim on behalf of
* @param delegate The delegate that you would like to retrieve delegations for
* @return info Array of DelegationInfo structs
*/
function getDelegationsByDelegate(address delegate) external view returns (DelegationInfo[] memory);
/**
* @notice Returns an array of wallet-level delegates for a given vault
* @param vault The cold wallet who issued the delegation
* @return addresses Array of wallet-level delegates for a given vault
*/
function getDelegatesForAll(address vault) external view returns (address[] memory);
/**
* @notice Returns an array of contract-level delegates for a given vault and contract
* @param vault The cold wallet who issued the delegation
* @param contract_ The address for the contract you're delegating
* @return addresses Array of contract-level delegates for a given vault and contract
*/
function getDelegatesForContract(address vault, address contract_) external view returns (address[] memory);
/**
* @notice Returns an array of contract-level delegates for a given vault's token
* @param vault The cold wallet who issued the delegation
* @param contract_ The address for the contract holding the token
* @param tokenId The token id for the token you're delegating
* @return addresses Array of contract-level delegates for a given vault's token
*/
function getDelegatesForToken(address vault, address contract_, uint256 tokenId)
external
view
returns (address[] memory);
/**
* @notice Returns all contract-level delegations for a given vault
* @param vault The cold wallet who issued the delegations
* @return delegations Array of ContractDelegation structs
*/
function getContractLevelDelegations(address vault)
external
view
returns (ContractDelegation[] memory delegations);
/**
* @notice Returns all token-level delegations for a given vault
* @param vault The cold wallet who issued the delegations
* @return delegations Array of TokenDelegation structs
*/
function getTokenLevelDelegations(address vault) external view returns (TokenDelegation[] memory delegations);
/**
* @notice Returns true if the address is delegated to act on the entire vault
* @param delegate The hotwallet to act on your behalf
* @param vault The cold wallet who issued the delegation
*/
function checkDelegateForAll(address delegate, address vault) external view returns (bool);
/**
* @notice Returns true if the address is delegated to act on your behalf for a token contract or an entire vault
* @param delegate The hotwallet to act on your behalf
* @param contract_ The address for the contract you're delegating
* @param vault The cold wallet who issued the delegation
*/
function checkDelegateForContract(address delegate, address vault, address contract_)
external
view
returns (bool);
/**
* @notice Returns true if the address is delegated to act on your behalf for a specific token, the token's contract or an entire vault
* @param delegate The hotwallet to act on your behalf
* @param contract_ The address for the contract you're delegating
* @param tokenId The token id for the token you're delegating
* @param vault The cold wallet who issued the delegation
*/
function checkDelegateForToken(address delegate, address vault, address contract_, uint256 tokenId)
external
view
returns (bool);
}
// SPDX-License-Identifier: GPL-3.0-only
pragma solidity 0.8.18;
import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
import "@openzeppelin/contracts/access/AccessControlEnumerable.sol";
import "../interfaces/ICallWhitelist.sol";
import "./CallBlacklist.sol";
import {
CW_AlreadyWhitelisted,
CW_NotWhitelisted
} from "../errors/Vault.sol";
/**
* @title CallWhitelist
* @author Non-Fungible Technologies, Inc.
*
* Maintains a whitelist for calls that can be made from an AssetVault.
* Intended to be used to allow for "claim" and other-utility based
* functions while an asset is being held in escrow. Some functions
* are blacklisted, e.g. transfer functions, to prevent callers from
* being able to circumvent withdrawal rules for escrowed assets.
* Whitelists are specified in terms of "target contract" (callee)
* and function selector.
*
* The contract owner can add or remove items from the whitelist.
*/
contract CallWhitelist is AccessControlEnumerable, CallBlacklist, ICallWhitelist {
using SafeERC20 for IERC20;
// ============================================ STATE ==============================================
// =================== Constants =====================
bytes32 public constant ADMIN_ROLE = keccak256("ADMIN");
bytes32 public constant WHITELIST_MANAGER_ROLE = keccak256("WHITELIST_MANAGER");
// ================= Whitelist State ==================
/**
* @notice Whitelist of callable functions on contracts. Maps addresses that
* can be called to function selectors which can be called on it.
* For example, if we want to allow function call 0x0000 on a contract
* at 0x1111, the mapping will contain whitelist[0x1111][0x0000] = true.
*/
mapping(address => mapping(bytes4 => bool)) private whitelist;
// ========================================= CONSTRUCTOR ===========================================
/**
* @notice Creates a new call whitelist contract, setting up required roles.
*/
constructor() {
_setupRole(ADMIN_ROLE, msg.sender);
_setRoleAdmin(ADMIN_ROLE, ADMIN_ROLE);
_setRoleAdmin(WHITELIST_MANAGER_ROLE, ADMIN_ROLE);
}
// ========================================= VIEW FUNCTIONS =========================================
/**
* @notice Returns true if the given function on the given callee is whitelisted.
*
* @param callee The contract that is intended to be called.
* @param selector The function selector that is intended to be called.
*
* @return isWhitelisted True if whitelisted, else false.
*/
function isWhitelisted(address callee, bytes4 selector) external view override returns (bool) {
return !isBlacklisted(selector) && whitelist[callee][selector];
}
// ======================================== UPDATE OPERATIONS =======================================
/**
* @notice Add the given callee and selector to the whitelist. Can only be called by owner.
*
* @dev A blacklist supersedes a whitelist, so should not add blacklisted selectors.
* Calls which are already whitelisted will revert.
*
* @param callee The contract to whitelist.
* @param selector The function selector to whitelist.
*/
function add(address callee, bytes4 selector) external override onlyRole(WHITELIST_MANAGER_ROLE) {
mapping(bytes4 => bool) storage calleeWhitelist = whitelist[callee];
if (calleeWhitelist[selector]) revert CW_AlreadyWhitelisted(callee, selector);
calleeWhitelist[selector] = true;
emit CallAdded(msg.sender, callee, selector);
}
/**
* @notice Remove the given callee and selector from the whitelist. Can only be called by owner.
*
* @dev Calls which are not already whitelisted will revert.
*
* @param callee The contract to whitelist.
* @param selector The function selector to whitelist.
*/
function remove(address callee, bytes4 selector) external override onlyRole(WHITELIST_MANAGER_ROLE) {
mapping(bytes4 => bool) storage calleeWhitelist = whitelist[callee];
if (!calleeWhitelist[selector]) revert CW_NotWhitelisted(callee, selector);
calleeWhitelist[selector] = false;
emit CallRemoved(msg.sender, callee, selector);
}
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "../IERC20.sol";
import "../../../utils/Address.sol";
/**
* @title SafeERC20
* @dev Wrappers around ERC20 operations that throw on failure (when the token
* contract returns false). Tokens that return no value (and instead revert or
* throw on failure) are also supported, non-reverting calls are assumed to be
* successful.
* To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
* which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
*/
library SafeERC20 {
using Address for address;
function safeTransfer(
IERC20 token,
address to,
uint256 value
) internal {
_callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));
}
function safeTransferFrom(
IERC20 token,
address from,
address to,
uint256 value
) internal {
_callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));
}
/**
* @dev Deprecated. This function has issues similar to the ones found in
* {IERC20-approve}, and its usage is discouraged.
*
* Whenever possible, use {safeIncreaseAllowance} and
* {safeDecreaseAllowance} instead.
*/
function safeApprove(
IERC20 token,
address spender,
uint256 value
) internal {
// safeApprove should only be called when setting an initial allowance,
// or when resetting it to zero. To increase and decrease it, use
// 'safeIncreaseAllowance' and 'safeDecreaseAllowance'
require(
(value == 0) || (token.allowance(address(this), spender) == 0),
"SafeERC20: approve from non-zero to non-zero allowance"
);
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));
}
function safeIncreaseAllowance(
IERC20 token,
address spender,
uint256 value
) internal {
uint256 newAllowance = token.allowance(address(this), spender) + value;
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));
}
function safeDecreaseAllowance(
IERC20 token,
address spender,
uint256 value
) internal {
unchecked {
uint256 oldAllowance = token.allowance(address(this), spender);
require(oldAllowance >= value, "SafeERC20: decreased allowance below zero");
uint256 newAllowance = oldAllowance - value;
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));
}
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*/
function _callOptionalReturn(IERC20 token, bytes memory data) private {
// We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
// we're implementing it ourselves. We use {Address.functionCall} to perform this call, which verifies that
// the target address contains contract code and also asserts for success in the low-level call.
bytes memory returndata = address(token).functionCall(data, "SafeERC20: low-level call failed");
if (returndata.length > 0) {
// Return data is optional
require(abi.decode(returndata, (bool)), "SafeERC20: ERC20 operation did not succeed");
}
}
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "./IAccessControlEnumerable.sol";
import "./AccessControl.sol";
import "../utils/structs/EnumerableSet.sol";
/**
* @dev Extension of {AccessControl} that allows enumerating the members of each role.
*/
abstract contract AccessControlEnumerable is IAccessControlEnumerable, AccessControl {
using EnumerableSet for EnumerableSet.AddressSet;
mapping(bytes32 => EnumerableSet.AddressSet) private _roleMembers;
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return interfaceId == type(IAccessControlEnumerable).interfaceId || super.supportsInterface(interfaceId);
}
/**
* @dev Returns one of the accounts that have `role`. `index` must be a
* value between 0 and {getRoleMemberCount}, non-inclusive.
*
* Role bearers are not sorted in any particular way, and their ordering may
* change at any point.
*
* WARNING: When using {getRoleMember} and {getRoleMemberCount}, make sure
* you perform all queries on the same block. See the following
* https://forum.openzeppelin.com/t/iterating-over-elements-on-enumerableset-in-openzeppelin-contracts/2296[forum post]
* for more information.
*/
function getRoleMember(bytes32 role, uint256 index) public view override returns (address) {
return _roleMembers[role].at(index);
}
/**
* @dev Returns the number of accounts that have `role`. Can be used
* together with {getRoleMember} to enumerate all bearers of a role.
*/
function getRoleMemberCount(bytes32 role) public view override returns (uint256) {
return _roleMembers[role].length();
}
/**
* @dev Overload {grantRole} to track enumerable memberships
*/
function grantRole(bytes32 role, address account) public virtual override(AccessControl, IAccessControl) {
super.grantRole(role, account);
_roleMembers[role].add(account);
}
/**
* @dev Overload {revokeRole} to track enumerable memberships
*/
function revokeRole(bytes32 role, address account) public virtual override(AccessControl, IAccessControl) {
super.revokeRole(role, account);
_roleMembers[role].remove(account);
}
/**
* @dev Overload {renounceRole} to track enumerable memberships
*/
function renounceRole(bytes32 role, address account) public virtual override(AccessControl, IAccessControl) {
super.renounceRole(role, account);
_roleMembers[role].remove(account);
}
/**
* @dev Overload {_setupRole} to track enumerable memberships
*/
function _setupRole(bytes32 role, address account) internal virtual override {
super._setupRole(role, account);
_roleMembers[role].add(account);
}
}
// SPDX-License-Identifier: MIT
pragma solidity 0.8.18;
interface ICallWhitelist {
// ============= Events ==============
event CallAdded(address operator, address callee, bytes4 selector);
event CallRemoved(address operator, address callee, bytes4 selector);
// ================ View Functions ================
function isWhitelisted(address callee, bytes4 selector) external view returns (bool);
// ================ Update Operations ================
function add(address callee, bytes4 selector) external;
function remove(address callee, bytes4 selector) external;
}
// SPDX-License-Identifier: GPL-3.0-only
pragma solidity 0.8.18;
import "@openzeppelin/contracts/token/ERC1155/IERC1155.sol";
import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import "@openzeppelin/contracts/token/ERC721/IERC721.sol";
//solhint-disable max-line-length
/**
* @title CallBlacklist
* @author Non-Fungible Technologies, Inc.
*
* Library contract maintaining an immutable blacklist for any CallWhitelist contract
* (or CallWhitelistApprovals). These functions can never be called through the vault's
* `call` functionality. Note that CallWhitelistApprovals still allows approvals to take
* place based on certain spenders set in `setApproval`.
*/
abstract contract CallBlacklist {
// ============================================ STATE ==============================================
// ============= Global Immutable State ==============
/**
* @dev Global blacklist for transfer functions.
*/
bytes4 private constant ERC20_TRANSFER = IERC20.transfer.selector;
bytes4 private constant ERC20_ERC721_APPROVE = IERC20.approve.selector;
bytes4 private constant ERC20_ERC721_TRANSFER_FROM = IERC20.transferFrom.selector;
bytes4 private constant ERC20_INCREASE_ALLOWANCE = bytes4(keccak256("increaseAllowance(address,uint256)"));
bytes4 private constant ERC20_BURN = bytes4(keccak256("burn(address,uint256)"));
bytes4 private constant ERC20_BURN_FROM = bytes4(keccak256("burnFrom(address,uint256)"));
bytes4 private constant ERC721_SAFE_TRANSFER_FROM = bytes4(keccak256("safeTransferFrom(address,address,uint256)"));
bytes4 private constant ERC721_SAFE_TRANSFER_FROM_DATA = bytes4(keccak256("safeTransferFrom(address,address,uint256,bytes)"));
bytes4 private constant ERC721_ERC1155_SET_APPROVAL = IERC721.setApprovalForAll.selector;
bytes4 private constant ERC721_BURN = bytes4(keccak256("burn(uint256)"));
bytes4 private constant ERC1155_SAFE_TRANSFER_FROM = IERC1155.safeTransferFrom.selector;
bytes4 private constant ERC1155_SAFE_BATCH_TRANSFER_FROM = IERC1155.safeBatchTransferFrom.selector;
bytes4 private constant ERC1155_BURN = bytes4(keccak256("burn(address,uint256,uint256)"));
bytes4 private constant ERC1155_BURN_BATCH = bytes4(keccak256("burn(address,uint256[],uint256[])"));
bytes4 private constant PUNKS_TRANSFER = bytes4(keccak256("transferPunk(address,uint256)"));
bytes4 private constant PUNKS_OFFER = bytes4(keccak256("offerPunkForSale(uint256,uint256)"));
bytes4 private constant PUNKS_OFFER_TO_ADDRESS = bytes4(keccak256("offerPunkForSaleToAddress(uint256,uint256,address)"));
bytes4 private constant PUNKS_BUY = bytes4(keccak256("buyPunk(uint256)"));
bytes4 private constant SUPERRARE_SET_SALE_PRICE = bytes4(keccak256("setSalePrice(uint256,uint256)"));
bytes4 private constant SUPERRARE_ACCEPT_BID = bytes4(keccak256("acceptBid(uint256)"));
// SuperRare transfer already blacklisted - same elector as IERC20.transfer
// SuperRare approve already blacklisted - same elector as IERC20.approve
// ================= Blacklist State ==================
/**
* @notice Returns true if the given function selector is on the global blacklist.
* Blacklisted function selectors cannot be called on any contract.
*
* @param selector The function selector to check.
*
* @return isBlacklisted True if blacklisted, else false.
*/
function isBlacklisted(bytes4 selector) public pure returns (bool) {
return
selector == ERC20_TRANSFER ||
selector == ERC20_ERC721_APPROVE ||
selector == ERC20_ERC721_TRANSFER_FROM ||
selector == ERC20_INCREASE_ALLOWANCE ||
selector == ERC20_BURN ||
selector == ERC20_BURN_FROM ||
selector == ERC721_SAFE_TRANSFER_FROM ||
selector == ERC721_SAFE_TRANSFER_FROM_DATA ||
selector == ERC721_ERC1155_SET_APPROVAL ||
selector == ERC721_BURN ||
selector == ERC1155_SAFE_TRANSFER_FROM ||
selector == ERC1155_SAFE_BATCH_TRANSFER_FROM ||
selector == ERC1155_BURN ||
selector == ERC1155_BURN_BATCH ||
selector == PUNKS_TRANSFER ||
selector == PUNKS_OFFER ||
selector == PUNKS_OFFER_TO_ADDRESS ||
selector == PUNKS_BUY ||
selector == SUPERRARE_SET_SALE_PRICE ||
selector == SUPERRARE_ACCEPT_BID;
}
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/
interface IERC20 {
/**
* @dev Returns the amount of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the amount of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves `amount` tokens from the caller's account to `recipient`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address recipient, uint256 amount) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 amount) external returns (bool);
/**
* @dev Moves `amount` tokens from `sender` to `recipient` using the
* allowance mechanism. `amount` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(
address sender,
address recipient,
uint256 amount
) external returns (bool);
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
/**
* @dev Collection of functions related to the address type
*/
library Address {
/**
* @dev Returns true if `account` is a contract.
*
* [IMPORTANT]
* ====
* It is unsafe to assume that an address for which this function returns
* false is an externally-owned account (EOA) and not a contract.
*
* Among others, `isContract` will return false for the following
* types of addresses:
*
* - an externally-owned account
* - a contract in construction
* - an address where a contract will be created
* - an address where a contract lived, but was destroyed
* ====
*/
function isContract(address account) internal view returns (bool) {
// This method relies on extcodesize, which returns 0 for contracts in
// construction, since the code is only stored at the end of the
// constructor execution.
uint256 size;
assembly {
size := extcodesize(account)
}
return size > 0;
}
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
require(address(this).balance >= amount, "Address: insufficient balance");
(bool success, ) = recipient.call{value: amount}("");
require(success, "Address: unable to send value, recipient may have reverted");
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason, it is bubbled up by this
* function (like regular Solidity function calls).
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*
* _Available since v3.1._
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCall(target, data, "Address: low-level call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
* `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value
) internal returns (bytes memory) {
return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
}
/**
* @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
* with `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value,
string memory errorMessage
) internal returns (bytes memory) {
require(address(this).balance >= value, "Address: insufficient balance for call");
require(isContract(target), "Address: call to non-contract");
(bool success, bytes memory returndata) = target.call{value: value}(data);
return verifyCallResult(success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
return functionStaticCall(target, data, "Address: low-level static call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(
address target,
bytes memory data,
string memory errorMessage
) internal view returns (bytes memory) {
require(isContract(target), "Address: static call to non-contract");
(bool success, bytes memory returndata) = target.staticcall(data);
return verifyCallResult(success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
return functionDelegateCall(target, data, "Address: low-level delegate call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
require(isContract(target), "Address: delegate call to non-contract");
(bool success, bytes memory returndata) = target.delegatecall(data);
return verifyCallResult(success, returndata, errorMessage);
}
/**
* @dev Tool to verifies that a low level call was successful, and revert if it wasn't, either by bubbling the
* revert reason using the provided one.
*
* _Available since v4.3._
*/
function verifyCallResult(
bool success,
bytes memory returndata,
string memory errorMessage
) internal pure returns (bytes memory) {
if (success) {
return returndata;
} else {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert(errorMessage);
}
}
}
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "./IAccessControl.sol";
/**
* @dev External interface of AccessControlEnumerable declared to support ERC165 detection.
*/
interface IAccessControlEnumerable is IAccessControl {
/**
* @dev Returns one of the accounts that have `role`. `index` must be a
* value between 0 and {getRoleMemberCount}, non-inclusive.
*
* Role bearers are not sorted in any particular way, and their ordering may
* change at any point.
*
* WARNING: When using {getRoleMember} and {getRoleMemberCount}, make sure
* you perform all queries on the same block. See the following
* https://forum.openzeppelin.com/t/iterating-over-elements-on-enumerableset-in-openzeppelin-contracts/2296[forum post]
* for more information.
*/
function getRoleMember(bytes32 role, uint256 index) external view returns (address);
/**
* @dev Returns the number of accounts that have `role`. Can be used
* together with {getRoleMember} to enumerate all bearers of a role.
*/
function getRoleMemberCount(bytes32 role) external view returns (uint256);
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "./IAccessControl.sol";
import "../utils/Context.sol";
import "../utils/Strings.sol";
import "../utils/introspection/ERC165.sol";
/**
* @dev Contract module that allows children to implement role-based access
* control mechanisms. This is a lightweight version that doesn't allow enumerating role
* members except through off-chain means by accessing the contract event logs. Some
* applications may benefit from on-chain enumerability, for those cases see
* {AccessControlEnumerable}.
*
* Roles are referred to by their `bytes32` identifier. These should be exposed
* in the external API and be unique. The best way to achieve this is by
* using `public constant` hash digests:
*
* ```
* bytes32 public constant MY_ROLE = keccak256("MY_ROLE");
* ```
*
* Roles can be used to represent a set of permissions. To restrict access to a
* function call, use {hasRole}:
*
* ```
* function foo() public {
* require(hasRole(MY_ROLE, msg.sender));
* ...
* }
* ```
*
* Roles can be granted and revoked dynamically via the {grantRole} and
* {revokeRole} functions. Each role has an associated admin role, and only
* accounts that have a role's admin role can call {grantRole} and {revokeRole}.
*
* By default, the admin role for all roles is `DEFAULT_ADMIN_ROLE`, which means
* that only accounts with this role will be able to grant or revoke other
* roles. More complex role relationships can be created by using
* {_setRoleAdmin}.
*
* WARNING: The `DEFAULT_ADMIN_ROLE` is also its own admin: it has permission to
* grant and revoke this role. Extra precautions should be taken to secure
* accounts that have been granted it.
*/
abstract contract AccessControl is Context, IAccessControl, ERC165 {
struct RoleData {
mapping(address => bool) members;
bytes32 adminRole;
}
mapping(bytes32 => RoleData) private _roles;
bytes32 public constant DEFAULT_ADMIN_ROLE = 0x00;
/**
* @dev Modifier that checks that an account has a specific role. Reverts
* with a standardized message including the required role.
*
* The format of the revert reason is given by the following regular expression:
*
* /^AccessControl: account (0x[0-9a-f]{40}) is missing role (0x[0-9a-f]{64})$/
*
* _Available since v4.1._
*/
modifier onlyRole(bytes32 role) {
_checkRole(role, _msgSender());
_;
}
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return interfaceId == type(IAccessControl).interfaceId || super.supportsInterface(interfaceId);
}
/**
* @dev Returns `true` if `account` has been granted `role`.
*/
function hasRole(bytes32 role, address account) public view override returns (bool) {
return _roles[role].members[account];
}
/**
* @dev Revert with a standard message if `account` is missing `role`.
*
* The format of the revert reason is given by the following regular expression:
*
* /^AccessControl: account (0x[0-9a-f]{40}) is missing role (0x[0-9a-f]{64})$/
*/
function _checkRole(bytes32 role, address account) internal view {
if (!hasRole(role, account)) {
revert(
string(
abi.encodePacked(
"AccessControl: account ",
Strings.toHexString(uint160(account), 20),
" is missing role ",
Strings.toHexString(uint256(role), 32)
)
)
);
}
}
/**
* @dev Returns the admin role that controls `role`. See {grantRole} and
* {revokeRole}.
*
* To change a role's admin, use {_setRoleAdmin}.
*/
function getRoleAdmin(bytes32 role) public view override returns (bytes32) {
return _roles[role].adminRole;
}
/**
* @dev Grants `role` to `account`.
*
* If `account` had not been already granted `role`, emits a {RoleGranted}
* event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*/
function grantRole(bytes32 role, address account) public virtual override onlyRole(getRoleAdmin(role)) {
_grantRole(role, account);
}
/**
* @dev Revokes `role` from `account`.
*
* If `account` had been granted `role`, emits a {RoleRevoked} event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*/
function revokeRole(bytes32 role, address account) public virtual override onlyRole(getRoleAdmin(role)) {
_revokeRole(role, account);
}
/**
* @dev Revokes `role` from the calling account.
*
* Roles are often managed via {grantRole} and {revokeRole}: this function's
* purpose is to provide a mechanism for accounts to lose their privileges
* if they are compromised (such as when a trusted device is misplaced).
*
* If the calling account had been granted `role`, emits a {RoleRevoked}
* event.
*
* Requirements:
*
* - the caller must be `account`.
*/
function renounceRole(bytes32 role, address account) public virtual override {
require(account == _msgSender(), "AccessControl: can only renounce roles for self");
_revokeRole(role, account);
}
/**
* @dev Grants `role` to `account`.
*
* If `account` had not been already granted `role`, emits a {RoleGranted}
* event. Note that unlike {grantRole}, this function doesn't perform any
* checks on the calling account.
*
* [WARNING]
* ====
* This function should only be called from the constructor when setting
* up the initial roles for the system.
*
* Using this function in any other way is effectively circumventing the admin
* system imposed by {AccessControl}.
* ====
*/
function _setupRole(bytes32 role, address account) internal virtual {
_grantRole(role, account);
}
/**
* @dev Sets `adminRole` as ``role``'s admin role.
*
* Emits a {RoleAdminChanged} event.
*/
function _setRoleAdmin(bytes32 role, bytes32 adminRole) internal virtual {
bytes32 previousAdminRole = getRoleAdmin(role);
_roles[role].adminRole = adminRole;
emit RoleAdminChanged(role, previousAdminRole, adminRole);
}
function _grantRole(bytes32 role, address account) private {
if (!hasRole(role, account)) {
_roles[role].members[account] = true;
emit RoleGranted(role, account, _msgSender());
}
}
function _revokeRole(bytes32 role, address account) private {
if (hasRole(role, account)) {
_roles[role].members[account] = false;
emit RoleRevoked(role, account, _msgSender());
}
}
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
/**
* @dev Library for managing
* https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive
* types.
*
* Sets have the following properties:
*
* - Elements are added, removed, and checked for existence in constant time
* (O(1)).
* - Elements are enumerated in O(n). No guarantees are made on the ordering.
*
* ```
* contract Example {
* // Add the library methods
* using EnumerableSet for EnumerableSet.AddressSet;
*
* // Declare a set state variable
* EnumerableSet.AddressSet private mySet;
* }
* ```
*
* As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`)
* and `uint256` (`UintSet`) are supported.
*/
library EnumerableSet {
// To implement this library for multiple types with as little code
// repetition as possible, we write it in terms of a generic Set type with
// bytes32 values.
// The Set implementation uses private functions, and user-facing
// implementations (such as AddressSet) are just wrappers around the
// underlying Set.
// This means that we can only create new EnumerableSets for types that fit
// in bytes32.
struct Set {
// Storage of set values
bytes32[] _values;
// Position of the value in the `values` array, plus 1 because index 0
// means a value is not in the set.
mapping(bytes32 => uint256) _indexes;
}
/**
* @dev Add a value to a set. O(1).
*
* Returns true if the value was added to the set, that is if it was not
* already present.
*/
function _add(Set storage set, bytes32 value) private returns (bool) {
if (!_contains(set, value)) {
set._values.push(value);
// The value is stored at length-1, but we add 1 to all indexes
// and use 0 as a sentinel value
set._indexes[value] = set._values.length;
return true;
} else {
return false;
}
}
/**
* @dev Removes a value from a set. O(1).
*
* Returns true if the value was removed from the set, that is if it was
* present.
*/
function _remove(Set storage set, bytes32 value) private returns (bool) {
// We read and store the value's index to prevent multiple reads from the same storage slot
uint256 valueIndex = set._indexes[value];
if (valueIndex != 0) {
// Equivalent to contains(set, value)
// To delete an element from the _values array in O(1), we swap the element to delete with the last one in
// the array, and then remove the last element (sometimes called as 'swap and pop').
// This modifies the order of the array, as noted in {at}.
uint256 toDeleteIndex = valueIndex - 1;
uint256 lastIndex = set._values.length - 1;
if (lastIndex != toDeleteIndex) {
bytes32 lastvalue = set._values[lastIndex];
// Move the last value to the index where the value to delete is
set._values[toDeleteIndex] = lastvalue;
// Update the index for the moved value
set._indexes[lastvalue] = valueIndex; // Replace lastvalue's index to valueIndex
}
// Delete the slot where the moved value was stored
set._values.pop();
// Delete the index for the deleted slot
delete set._indexes[value];
return true;
} else {
return false;
}
}
/**
* @dev Returns true if the value is in the set. O(1).
*/
function _contains(Set storage set, bytes32 value) private view returns (bool) {
return set._indexes[value] != 0;
}
/**
* @dev Returns the number of values on the set. O(1).
*/
function _length(Set storage set) private view returns (uint256) {
return set._values.length;
}
/**
* @dev Returns the value stored at position `index` in the set. O(1).
*
* Note that there are no guarantees on the ordering of values inside the
* array, and it may change when more values are added or removed.
*
* Requirements:
*
* - `index` must be strictly less than {length}.
*/
function _at(Set storage set, uint256 index) private view returns (bytes32) {
return set._values[index];
}
/**
* @dev Return the entire set in an array
*
* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
* this function has an unbounded cost, and using it as part of a state-changing function may render the function
* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
*/
function _values(Set storage set) private view returns (bytes32[] memory) {
return set._values;
}
// Bytes32Set
struct Bytes32Set {
Set _inner;
}
/**
* @dev Add a value to a set. O(1).
*
* Returns true if the value was added to the set, that is if it was not
* already present.
*/
function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {
return _add(set._inner, value);
}
/**
* @dev Removes a value from a set. O(1).
*
* Returns true if the value was removed from the set, that is if it was
* present.
*/
function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) {
return _remove(set._inner, value);
}
/**
* @dev Returns true if the value is in the set. O(1).
*/
function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) {
return _contains(set._inner, value);
}
/**
* @dev Returns the number of values in the set. O(1).
*/
function length(Bytes32Set storage set) internal view returns (uint256) {
return _length(set._inner);
}
/**
* @dev Returns the value stored at position `index` in the set. O(1).
*
* Note that there are no guarantees on the ordering of values inside the
* array, and it may change when more values are added or removed.
*
* Requirements:
*
* - `index` must be strictly less than {length}.
*/
function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) {
return _at(set._inner, index);
}
/**
* @dev Return the entire set in an array
*
* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
* this function has an unbounded cost, and using it as part of a state-changing function may render the function
* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
*/
function values(Bytes32Set storage set) internal view returns (bytes32[] memory) {
return _values(set._inner);
}
// AddressSet
struct AddressSet {
Set _inner;
}
/**
* @dev Add a value to a set. O(1).
*
* Returns true if the value was added to the set, that is if it was not
* already present.
*/
function add(AddressSet storage set, address value) internal returns (bool) {
return _add(set._inner, bytes32(uint256(uint160(value))));
}
/**
* @dev Removes a value from a set. O(1).
*
* Returns true if the value was removed from the set, that is if it was
* present.
*/
function remove(AddressSet storage set, address value) internal returns (bool) {
return _remove(set._inner, bytes32(uint256(uint160(value))));
}
/**
* @dev Returns true if the value is in the set. O(1).
*/
function contains(AddressSet storage set, address value) internal view returns (bool) {
return _contains(set._inner, bytes32(uint256(uint160(value))));
}
/**
* @dev Returns the number of values in the set. O(1).
*/
function length(AddressSet storage set) internal view returns (uint256) {
return _length(set._inner);
}
/**
* @dev Returns the value stored at position `index` in the set. O(1).
*
* Note that there are no guarantees on the ordering of values inside the
* array, and it may change when more values are added or removed.
*
* Requirements:
*
* - `index` must be strictly less than {length}.
*/
function at(AddressSet storage set, uint256 index) internal view returns (address) {
return address(uint160(uint256(_at(set._inner, index))));
}
/**
* @dev Return the entire set in an array
*
* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
* this function has an unbounded cost, and using it as part of a state-changing function may render the function
* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
*/
function values(AddressSet storage set) internal view returns (address[] memory) {
bytes32[] memory store = _values(set._inner);
address[] memory result;
assembly {
result := store
}
return result;
}
// UintSet
struct UintSet {
Set _inner;
}
/**
* @dev Add a value to a set. O(1).
*
* Returns true if the value was added to the set, that is if it was not
* already present.
*/
function add(UintSet storage set, uint256 value) internal returns (bool) {
return _add(set._inner, bytes32(value));
}
/**
* @dev Removes a value from a set. O(1).
*
* Returns true if the value was removed from the set, that is if it was
* present.
*/
function remove(UintSet storage set, uint256 value) internal returns (bool) {
return _remove(set._inner, bytes32(value));
}
/**
* @dev Returns true if the value is in the set. O(1).
*/
function contains(UintSet storage set, uint256 value) internal view returns (bool) {
return _contains(set._inner, bytes32(value));
}
/**
* @dev Returns the number of values on the set. O(1).
*/
function length(UintSet storage set) internal view returns (uint256) {
return _length(set._inner);
}
/**
* @dev Returns the value stored at position `index` in the set. O(1).
*
* Note that there are no guarantees on the ordering of values inside the
* array, and it may change when more values are added or removed.
*
* Requirements:
*
* - `index` must be strictly less than {length}.
*/
function at(UintSet storage set, uint256 index) internal view returns (uint256) {
return uint256(_at(set._inner, index));
}
/**
* @dev Return the entire set in an array
*
* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
* this function has an unbounded cost, and using it as part of a state-changing function may render the function
* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
*/
function values(UintSet storage set) internal view returns (uint256[] memory) {
bytes32[] memory store = _values(set._inner);
uint256[] memory result;
assembly {
result := store
}
return result;
}
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
/**
* @dev External interface of AccessControl declared to support ERC165 detection.
*/
interface IAccessControl {
/**
* @dev Emitted when `newAdminRole` is set as ``role``'s admin role, replacing `previousAdminRole`
*
* `DEFAULT_ADMIN_ROLE` is the starting admin for all roles, despite
* {RoleAdminChanged} not being emitted signaling this.
*
* _Available since v3.1._
*/
event RoleAdminChanged(bytes32 indexed role, bytes32 indexed previousAdminRole, bytes32 indexed newAdminRole);
/**
* @dev Emitted when `account` is granted `role`.
*
* `sender` is the account that originated the contract call, an admin role
* bearer except when using {AccessControl-_setupRole}.
*/
event RoleGranted(bytes32 indexed role, address indexed account, address indexed sender);
/**
* @dev Emitted when `account` is revoked `role`.
*
* `sender` is the account that originated the contract call:
* - if using `revokeRole`, it is the admin role bearer
* - if using `renounceRole`, it is the role bearer (i.e. `account`)
*/
event RoleRevoked(bytes32 indexed role, address indexed account, address indexed sender);
/**
* @dev Returns `true` if `account` has been granted `role`.
*/
function hasRole(bytes32 role, address account) external view returns (bool);
/**
* @dev Returns the admin role that controls `role`. See {grantRole} and
* {revokeRole}.
*
* To change a role's admin, use {AccessControl-_setRoleAdmin}.
*/
function getRoleAdmin(bytes32 role) external view returns (bytes32);
/**
* @dev Grants `role` to `account`.
*
* If `account` had not been already granted `role`, emits a {RoleGranted}
* event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*/
function grantRole(bytes32 role, address account) external;
/**
* @dev Revokes `role` from `account`.
*
* If `account` had been granted `role`, emits a {RoleRevoked} event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*/
function revokeRole(bytes32 role, address account) external;
/**
* @dev Revokes `role` from the calling account.
*
* Roles are often managed via {grantRole} and {revokeRole}: this function's
* purpose is to provide a mechanism for accounts to lose their privileges
* if they are compromised (such as when a trusted device is misplaced).
*
* If the calling account had been granted `role`, emits a {RoleRevoked}
* event.
*
* Requirements:
*
* - the caller must be `account`.
*/
function renounceRole(bytes32 role, address account) external;
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract Context {
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
/**
* @dev String operations.
*/
library Strings {
bytes16 private constant _HEX_SYMBOLS = "0123456789abcdef";
/**
* @dev Converts a `uint256` to its ASCII `string` decimal representation.
*/
function toString(uint256 value) internal pure returns (string memory) {
// Inspired by OraclizeAPI's implementation - MIT licence
// https://github.com/oraclize/ethereum-api/blob/b42146b063c7d6ee1358846c198246239e9360e8/oraclizeAPI_0.4.25.sol
if (value == 0) {
return "0";
}
uint256 temp = value;
uint256 digits;
while (temp != 0) {
digits++;
temp /= 10;
}
bytes memory buffer = new bytes(digits);
while (value != 0) {
digits -= 1;
buffer[digits] = bytes1(uint8(48 + uint256(value % 10)));
value /= 10;
}
return string(buffer);
}
/**
* @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.
*/
function toHexString(uint256 value) internal pure returns (string memory) {
if (value == 0) {
return "0x00";
}
uint256 temp = value;
uint256 length = 0;
while (temp != 0) {
length++;
temp >>= 8;
}
return toHexString(value, length);
}
/**
* @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.
*/
function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {
bytes memory buffer = new bytes(2 * length + 2);
buffer[0] = "0";
buffer[1] = "x";
for (uint256 i = 2 * length + 1; i > 1; --i) {
buffer[i] = _HEX_SYMBOLS[value & 0xf];
value >>= 4;
}
require(value == 0, "Strings: hex length insufficient");
return string(buffer);
}
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "./IERC165.sol";
/**
* @dev Implementation of the {IERC165} interface.
*
* Contracts that want to implement ERC165 should inherit from this contract and override {supportsInterface} to check
* for the additional interface id that will be supported. For example:
*
* ```solidity
* function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
* return interfaceId == type(MyInterface).interfaceId || super.supportsInterface(interfaceId);
* }
* ```
*
* Alternatively, {ERC165Storage} provides an easier to use but more expensive implementation.
*/
abstract contract ERC165 is IERC165 {
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return interfaceId == type(IERC165).interfaceId;
}
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC165 standard, as defined in the
* https://eips.ethereum.org/EIPS/eip-165[EIP].
*
* Implementers can declare support of contract interfaces, which can then be
* queried by others ({ERC165Checker}).
*
* For an implementation, see {ERC165}.
*/
interface IERC165 {
/**
* @dev Returns true if this contract implements the interface defined by
* `interfaceId`. See the corresponding
* https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[EIP section]
* to learn more about how these ids are created.
*
* This function call must use less than 30 000 gas.
*/
function supportsInterface(bytes4 interfaceId) external view returns (bool);
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "../../utils/introspection/IERC165.sol";
/**
* @dev Required interface of an ERC1155 compliant contract, as defined in the
* https://eips.ethereum.org/EIPS/eip-1155[EIP].
*
* _Available since v3.1._
*/
interface IERC1155 is IERC165 {
/**
* @dev Emitted when `value` tokens of token type `id` are transferred from `from` to `to` by `operator`.
*/
event TransferSingle(address indexed operator, address indexed from, address indexed to, uint256 id, uint256 value);
/**
* @dev Equivalent to multiple {TransferSingle} events, where `operator`, `from` and `to` are the same for all
* transfers.
*/
event TransferBatch(
address indexed operator,
address indexed from,
address indexed to,
uint256[] ids,
uint256[] values
);
/**
* @dev Emitted when `account` grants or revokes permission to `operator` to transfer their tokens, according to
* `approved`.
*/
event ApprovalForAll(address indexed account, address indexed operator, bool approved);
/**
* @dev Emitted when the URI for token type `id` changes to `value`, if it is a non-programmatic URI.
*
* If an {URI} event was emitted for `id`, the standard
* https://eips.ethereum.org/EIPS/eip-1155#metadata-extensions[guarantees] that `value` will equal the value
* returned by {IERC1155MetadataURI-uri}.
*/
event URI(string value, uint256 indexed id);
/**
* @dev Returns the amount of tokens of token type `id` owned by `account`.
*
* Requirements:
*
* - `account` cannot be the zero address.
*/
function balanceOf(address account, uint256 id) external view returns (uint256);
/**
* @dev xref:ROOT:erc1155.adoc#batch-operations[Batched] version of {balanceOf}.
*
* Requirements:
*
* - `accounts` and `ids` must have the same length.
*/
function balanceOfBatch(address[] calldata accounts, uint256[] calldata ids)
external
view
returns (uint256[] memory);
/**
* @dev Grants or revokes permission to `operator` to transfer the caller's tokens, according to `approved`,
*
* Emits an {ApprovalForAll} event.
*
* Requirements:
*
* - `operator` cannot be the caller.
*/
function setApprovalForAll(address operator, bool approved) external;
/**
* @dev Returns true if `operator` is approved to transfer ``account``'s tokens.
*
* See {setApprovalForAll}.
*/
function isApprovedForAll(address account, address operator) external view returns (bool);
/**
* @dev Transfers `amount` tokens of token type `id` from `from` to `to`.
*
* Emits a {TransferSingle} event.
*
* Requirements:
*
* - `to` cannot be the zero address.
* - If the caller is not `from`, it must be have been approved to spend ``from``'s tokens via {setApprovalForAll}.
* - `from` must have a balance of tokens of type `id` of at least `amount`.
* - If `to` refers to a smart contract, it must implement {IERC1155Receiver-onERC1155Received} and return the
* acceptance magic value.
*/
function safeTransferFrom(
address from,
address to,
uint256 id,
uint256 amount,
bytes calldata data
) external;
/**
* @dev xref:ROOT:erc1155.adoc#batch-operations[Batched] version of {safeTransferFrom}.
*
* Emits a {TransferBatch} event.
*
* Requirements:
*
* - `ids` and `amounts` must have the same length.
* - If `to` refers to a smart contract, it must implement {IERC1155Receiver-onERC1155BatchReceived} and return the
* acceptance magic value.
*/
function safeBatchTransferFrom(
address from,
address to,
uint256[] calldata ids,
uint256[] calldata amounts,
bytes calldata data
) external;
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "../../utils/introspection/IERC165.sol";
/**
* @dev Required interface of an ERC721 compliant contract.
*/
interface IERC721 is IERC165 {
/**
* @dev Emitted when `tokenId` token is transferred from `from` to `to`.
*/
event Transfer(address indexed from, address indexed to, uint256 indexed tokenId);
/**
* @dev Emitted when `owner` enables `approved` to manage the `tokenId` token.
*/
event Approval(address indexed owner, address indexed approved, uint256 indexed tokenId);
/**
* @dev Emitted when `owner` enables or disables (`approved`) `operator` to manage all of its assets.
*/
event ApprovalForAll(address indexed owner, address indexed operator, bool approved);
/**
* @dev Returns the number of tokens in ``owner``'s account.
*/
function balanceOf(address owner) external view returns (uint256 balance);
/**
* @dev Returns the owner of the `tokenId` token.
*
* Requirements:
*
* - `tokenId` must exist.
*/
function ownerOf(uint256 tokenId) external view returns (address owner);
/**
* @dev Safely transfers `tokenId` token from `from` to `to`, checking first that contract recipients
* are aware of the ERC721 protocol to prevent tokens from being forever locked.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must exist and be owned by `from`.
* - If the caller is not `from`, it must be have been allowed to move this token by either {approve} or {setApprovalForAll}.
* - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.
*
* Emits a {Transfer} event.
*/
function safeTransferFrom(
address from,
address to,
uint256 tokenId
) external;
/**
* @dev Transfers `tokenId` token from `from` to `to`.
*
* WARNING: Usage of this method is discouraged, use {safeTransferFrom} whenever possible.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must be owned by `from`.
* - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}.
*
* Emits a {Transfer} event.
*/
function transferFrom(
address from,
address to,
uint256 tokenId
) external;
/**
* @dev Gives permission to `to` to transfer `tokenId` token to another account.
* The approval is cleared when the token is transferred.
*
* Only a single account can be approved at a time, so approving the zero address clears previous approvals.
*
* Requirements:
*
* - The caller must own the token or be an approved operator.
* - `tokenId` must exist.
*
* Emits an {Approval} event.
*/
function approve(address to, uint256 tokenId) external;
/**
* @dev Returns the account approved for `tokenId` token.
*
* Requirements:
*
* - `tokenId` must exist.
*/
function getApproved(uint256 tokenId) external view returns (address operator);
/**
* @dev Approve or remove `operator` as an operator for the caller.
* Operators can call {transferFrom} or {safeTransferFrom} for any token owned by the caller.
*
* Requirements:
*
* - The `operator` cannot be the caller.
*
* Emits an {ApprovalForAll} event.
*/
function setApprovalForAll(address operator, bool _approved) external;
/**
* @dev Returns if the `operator` is allowed to manage all of the assets of `owner`.
*
* See {setApprovalForAll}
*/
function isApprovedForAll(address owner, address operator) external view returns (bool);
/**
* @dev Safely transfers `tokenId` token from `from` to `to`.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must exist and be owned by `from`.
* - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}.
* - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.
*
* Emits a {Transfer} event.
*/
function safeTransferFrom(
address from,
address to,
uint256 tokenId,
bytes calldata data
) external;
}