Contract Source Code:
/**
* SPDX-License-Identifier: MIT
*
* Copyright (c) 2016-2019 zOS Global Limited
*
*/
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC20 standard as defined in the EIP. Does not include
* the optional functions; to access them see `ERC20Detailed`.
*/
interface IERC20 {
function name() external view returns (string memory);
function symbol() external view returns (string memory);
function decimals() external view returns (uint8);
/**
* @dev Returns the amount of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the amount of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves `amount` tokens from the caller's account to `recipient`.
*
* Returns always true. Throws error on failure.
*
* Emits a `Transfer` event.
*/
function transfer(address recipient, uint256 amount) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through `transferFrom`. This is
* zero by default.
*
* This value can change when `approve` or `transferFrom` are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* > Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an `Approval` event.
*/
function approve(address spender, uint256 amount) external returns (bool);
/**
* @dev Moves `amount` tokens from `sender` to `recipient` using the
* allowance mechanism. `amount` is then deducted from the caller's
* allowance.
*
* Returns always true. Throws error on failure.
*
* Emits a `Transfer` event.
*/
function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to `approve`. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "./IERC20.sol";
import "./IReserve.sol";
interface IFrankencoin is IERC20 {
function suggestMinter(address _minter, uint256 _applicationPeriod, uint256 _applicationFee, string calldata _message) external;
function registerPosition(address position) external;
function denyMinter(address minter, address[] calldata helpers, string calldata message) external;
function reserve() external view returns (IReserve);
function minterReserve() external view returns (uint256);
function calculateAssignedReserve(uint256 mintedAmount, uint32 _reservePPM) external view returns (uint256);
function equity() external view returns (uint256);
function isMinter(address minter) external view returns (bool);
function getPositionParent(address position) external view returns (address);
function mint(address target, uint256 amount) external;
function mintWithReserve(address target, uint256 amount, uint32 reservePPM, uint32 feePPM) external;
function burnFrom(address target, uint256 amount) external;
function burnWithoutReserve(uint256 amountIncludingReserve, uint32 reservePPM) external;
function burnFromWithReserve(address payer, uint256 targetTotalBurnAmount, uint32 _reservePPM) external returns (uint256);
function burnWithReserve(uint256 amountExcludingReserve, uint32 reservePPM) external returns (uint256);
function coverLoss(address source, uint256 amount) external;
function collectProfits(address source, uint256 _amount) external;
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "./IERC20.sol";
import "./IReserve.sol";
import "./IFrankencoin.sol";
interface IPosition {
function original() external returns (address);
function collateral() external returns (IERC20);
function minimumCollateral() external returns (uint256);
function challengePeriod() external returns (uint64);
function expiration() external returns (uint256);
function price() external returns (uint256);
function reduceLimitForClone(uint256 amount) external;
function initializeClone(address owner, uint256 _price, uint256 _coll, uint256 _mint, uint256 expiration) external;
function deny(address[] calldata helpers, string calldata message) external;
function mint(address target, uint256 amount) external;
function minted() external returns (uint256);
function reserveContribution() external returns (uint32);
function getUsableMint(uint256 totalMint, bool beforeFees) external view returns (uint256);
function challengeData(uint256 challengeStart) external view returns (uint256 liqPrice, uint64 phase1, uint64 phase2);
function notifyChallengeStarted(uint256 size) external;
function notifyChallengeAverted(uint256 size) external;
function notifyChallengeSucceeded(address _bidder, uint256 _size) external returns (address, uint256, uint256, uint32);
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "./IERC20.sol";
interface IReserve is IERC20 {
function invest(uint256 amount, uint256 expected) external returns (uint256);
function checkQualified(address sender, address[] calldata helpers) external view;
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "./utils/Ownable.sol";
import "./utils/MathUtil.sol";
import "./interface/IERC20.sol";
import "./interface/IPosition.sol";
import "./interface/IReserve.sol";
import "./interface/IFrankencoin.sol";
/**
* @title Position
* @notice A collateralized minting position.
*/
contract Position is Ownable, IPosition, MathUtil {
/**
* @notice Note that this contract is intended to be cloned. All clones will share the same values for
* the constant and immutable fields, but have their own values for the other fields.
*/
/**
* @notice The zchf price per unit of the collateral below which challenges succeed, (36 - collateral.decimals) decimals
*/
uint256 public price;
/**
* @notice Net minted amount, including reserve.
*/
uint256 public minted;
/**
* @notice Amount of the collateral that is currently under a challenge.
* Used to figure out whether there are pending challenges.
*/
uint256 public challengedAmount;
/**
* @notice Challenge period in seconds.
*/
uint64 public immutable challengePeriod;
/**
* @notice End of the latest cooldown. If this is in the future, minting is suspended.
*/
uint256 public cooldown;
/**
* @notice How much can be minted at most.
*/
uint256 public limit;
/**
* @notice Timestamp when minting can start and the position no longer denied.
*/
uint256 public immutable start;
/**
* @notice Timestamp of the expiration of the position. After expiration, challenges cannot be averted
* any more. This is also the basis for fee calculations.
*/
uint256 public expiration;
/**
* @notice The original position to help identifying clones.
*/
address public immutable original;
/**
* @notice Pointer to the minting hub.
*/
address public immutable hub;
/**
* @notice The Frankencoin contract.
*/
IFrankencoin public immutable zchf;
/**
* @notice The collateral token.
*/
IERC20 public immutable override collateral;
/**
* @notice Minimum acceptable collateral amount to prevent dust.
*/
uint256 public immutable override minimumCollateral;
/**
* @notice Always pay interest for at least four weeks.
*/
uint256 private constant MIN_INTEREST_DURATION = 4 weeks;
/**
* @notice The interest in parts per million per year that is deducted when minting Frankencoins.
* To be paid upfront.
*/
uint32 public immutable annualInterestPPM;
/**
* @notice The reserve contribution in parts per million of the minted amount.
*/
uint32 public immutable reserveContribution;
event MintingUpdate(uint256 collateral, uint256 price, uint256 minted, uint256 limit);
event PositionDenied(address indexed sender, string message); // emitted if closed by governance
error InsufficientCollateral();
error TooLate();
error RepaidTooMuch(uint256 excess);
error LimitExceeded();
error ChallengeTooSmall();
error Expired();
error Hot();
error Challenged();
error NotHub();
modifier alive() {
if (block.timestamp >= expiration) revert Expired();
_;
}
modifier noCooldown() {
if (block.timestamp <= cooldown) revert Hot();
_;
}
modifier noChallenge() {
if (challengedAmount > 0) revert Challenged();
_;
}
modifier onlyHub() {
if (msg.sender != address(hub)) revert NotHub();
_;
}
/**
* @dev See MintingHub.openPosition
*/
constructor(
address _owner,
address _hub,
address _zchf,
address _collateral,
uint256 _minCollateral,
uint256 _initialLimit,
uint256 _initPeriod,
uint256 _duration,
uint64 _challengePeriod,
uint32 _annualInterestPPM,
uint256 _liqPrice,
uint32 _reservePPM
) {
require(_initPeriod >= 3 days); // must be at least three days, recommended to use higher values
_setOwner(_owner);
original = address(this);
hub = _hub;
zchf = IFrankencoin(_zchf);
collateral = IERC20(_collateral);
annualInterestPPM = _annualInterestPPM;
reserveContribution = _reservePPM;
minimumCollateral = _minCollateral;
challengePeriod = _challengePeriod;
start = block.timestamp + _initPeriod; // at least three days time to deny the position
cooldown = start;
expiration = start + _duration;
limit = _initialLimit;
_setPrice(_liqPrice);
}
/**
* @notice Method to initialize a freshly created clone. It is the responsibility of the creator to make sure this is only
* called once and to call reduceLimitForClone on the original position before initializing the clone.
*/
function initializeClone(
address owner,
uint256 _price,
uint256 _coll,
uint256 _initialMint,
uint256 expirationTime
) external onlyHub {
if (_coll < minimumCollateral) revert InsufficientCollateral();
uint256 impliedPrice = (_initialMint * ONE_DEC18) / _coll;
_initialMint = (impliedPrice * _coll) / ONE_DEC18; // to cancel potential rounding errors
if (impliedPrice > _price) revert InsufficientCollateral();
_setOwner(owner);
limit = _initialMint;
expiration = expirationTime;
_setPrice(impliedPrice);
_mint(owner, _initialMint, _coll);
}
function limitForClones() public view returns (uint256) {
uint256 backedLimit = (_collateralBalance() * price) / ONE_DEC18;
if (backedLimit >= limit) {
return 0;
} else {
// due to invariants, this is always below (limit - minted)
return limit - backedLimit;
}
}
/**
* @notice Adjust this position's limit to allow a clone to mint its own Frankencoins.
* Invariant: global limit stays the same.
*
* Cloning a position is only allowed if the position is not challenged, not expired and not in cooldown.
*/
function reduceLimitForClone(uint256 mint_) external noChallenge noCooldown alive onlyHub {
if (mint_ > limitForClones()) revert LimitExceeded();
limit -= mint_;
}
/**
* @notice Qualified pool share holders can call this method to immediately expire a freshly proposed position.
*/
function deny(address[] calldata helpers, string calldata message) external {
if (block.timestamp >= start) revert TooLate();
IReserve(zchf.reserve()).checkQualified(msg.sender, helpers);
_close(); // since expiration is immutable, we put it under eternal cooldown
emit PositionDenied(msg.sender, message);
}
function _close() internal {
cooldown = type(uint256).max;
}
function isClosed() public view returns (bool) {
return cooldown == type(uint256).max;
}
/**
* @notice This is how much the minter can actually use when minting ZCHF, with the rest being used
* assigned to the minter reserve or (if applicable) fees.
*/
function getUsableMint(uint256 totalMint, bool afterFees) external view returns (uint256) {
if (afterFees) {
return (totalMint * (1000_000 - reserveContribution - calculateCurrentFee())) / 1000_000;
} else {
return (totalMint * (1000_000 - reserveContribution)) / 1000_000;
}
}
/**
* @notice "All in one" function to adjust the outstanding amount of ZCHF, the collateral amount,
* and the price in one transaction.
*/
function adjust(uint256 newMinted, uint256 newCollateral, uint256 newPrice) external onlyOwner {
uint256 colbal = _collateralBalance();
if (newCollateral > colbal) {
collateral.transferFrom(msg.sender, address(this), newCollateral - colbal);
}
// Must be called after collateral deposit, but before withdrawal
if (newMinted < minted) {
zchf.burnFromWithReserve(msg.sender, minted - newMinted, reserveContribution);
minted = newMinted;
}
if (newCollateral < colbal) {
withdrawCollateral(msg.sender, colbal - newCollateral);
}
// Must be called after collateral withdrawal
if (newMinted > minted) {
mint(msg.sender, newMinted - minted);
}
if (newPrice != price) {
adjustPrice(newPrice);
}
}
/**
* @notice Allows the position owner to adjust the liquidation price as long as there is no pending challenge.
* Lowering the liquidation price can be done with immediate effect, given that there is enough collateral.
* Increasing the liquidation price triggers a cooldown period of 3 days, during which minting is suspended.
*/
function adjustPrice(uint256 newPrice) public onlyOwner noChallenge {
if (newPrice > price) {
_restrictMinting(3 days);
} else {
_checkCollateral(_collateralBalance(), newPrice);
}
_setPrice(newPrice);
emit MintingUpdate(_collateralBalance(), price, minted, limit);
}
function _setPrice(uint256 newPrice) internal {
require(newPrice * minimumCollateral <= limit * ONE_DEC18); // sanity check
price = newPrice;
}
function _collateralBalance() internal view returns (uint256) {
return IERC20(collateral).balanceOf(address(this));
}
/**
* @notice Mint ZCHF as long as there is no open challenge, the position is not subject to a cooldown,
* and there is sufficient collateral.
*/
function mint(address target, uint256 amount) public onlyOwner noChallenge noCooldown alive {
_mint(target, amount, _collateralBalance());
}
function calculateCurrentFee() public view returns (uint32) {
uint256 exp = expiration;
uint256 time = block.timestamp < start ? start : block.timestamp;
uint256 timePassed = time >= exp - MIN_INTEREST_DURATION ? MIN_INTEREST_DURATION : exp - time;
// Time resolution is in the range of minutes for typical interest rates.
return uint32((timePassed * annualInterestPPM) / 365 days);
}
function _mint(address target, uint256 amount, uint256 collateral_) internal {
if (minted + amount > limit) revert LimitExceeded();
zchf.mintWithReserve(target, amount, reserveContribution, calculateCurrentFee());
minted += amount;
_checkCollateral(collateral_, price);
emit MintingUpdate(_collateralBalance(), price, minted, limit);
}
function _restrictMinting(uint256 period) internal {
uint256 horizon = block.timestamp + period;
if (horizon > cooldown) {
cooldown = horizon;
}
}
/**
* @notice Repay some ZCHF. If too much is repaid, the call fails.
* It is possible to repay while there are challenges, but the collateral is locked until all is clear again.
*
* The repaid amount should fulfill the following equation in order to close the position,
* i.e. bring the minted amount to 0:
* minted = amount + zchf.calculateAssignedReserve(amount, reservePPM)
*
* Under normal circumstances, this implies:
* amount = minted * (1000000 - reservePPM)
*
* E.g. if minted is 50 and reservePPM is 200000, it is necessary to repay 40 to be able to close the position.
*/
function repay(uint256 amount) public {
IERC20(zchf).transferFrom(msg.sender, address(this), amount);
uint256 actuallyRepaid = IFrankencoin(zchf).burnWithReserve(amount, reserveContribution);
_notifyRepaid(actuallyRepaid);
emit MintingUpdate(_collateralBalance(), price, minted, limit);
}
function _notifyRepaid(uint256 amount) internal {
if (amount > minted) revert RepaidTooMuch(amount - minted);
minted -= amount;
}
/**
* @notice Withdraw any ERC20 token that might have ended up on this address.
* Withdrawing collateral is subject to the same restrictions as withdrawCollateral(...).
*/
function withdraw(address token, address target, uint256 amount) external onlyOwner {
if (token == address(collateral)) {
withdrawCollateral(target, amount);
} else {
uint256 balance = _collateralBalance();
IERC20(token).transfer(target, amount);
require(balance == _collateralBalance()); // guard against double-entry-point tokens
}
}
/**
* @notice Withdraw collateral from the position up to the extent that it is still well collateralized afterwards.
* Not possible as long as there is an open challenge or the contract is subject to a cooldown.
*
* Withdrawing collateral below the minimum collateral amount formally closes the position.
*/
function withdrawCollateral(address target, uint256 amount) public onlyOwner noChallenge {
if (block.timestamp <= cooldown && !isClosed()) revert Hot();
uint256 balance = _withdrawCollateral(target, amount);
_checkCollateral(balance, price);
if (balance < minimumCollateral && balance > 0) revert InsufficientCollateral(); // Prevent dust amounts
}
function _withdrawCollateral(address target, uint256 amount) internal returns (uint256) {
if (amount > 0) {
// Some weird tokens fail when trying to transfer 0 amounts
IERC20(collateral).transfer(target, amount);
}
uint256 balance = _collateralBalance();
_considerClose(balance);
emit MintingUpdate(balance, price, minted, limit);
return balance;
}
function _considerClose(uint256 collateralBalance) internal {
if (collateralBalance < minimumCollateral && challengedAmount == 0) {
// This leaves a slightly unsatisfying possibility open: if the withdrawal happens due to a successful
// challenge, there might be a small amount of collateral left that is not withheld in case there are no
// other pending challenges. The only way to cleanly solve this would be to have two distinct cooldowns,
// one for minting and one for withdrawals.
_close();
}
}
/**
* @notice This invariant must always hold and must always be checked when any of the three
* variables change in an adverse way.
*/
function _checkCollateral(uint256 collateralReserve, uint256 atPrice) internal view {
if (collateralReserve * atPrice < minted * ONE_DEC18) revert InsufficientCollateral();
}
/**
* @notice Returns the liquidation price and the durations for phase1 and phase2 of the challenge.
* Both phases are usually of equal duration, but near expiration, phase one is adjusted such that
* it cannot last beyond the expiration date of the position.
*/
function challengeData(uint256 challengeStart) external view returns (uint256 liqPrice, uint64 phase1, uint64 phase2) {
uint256 timeToExpiration = challengeStart >= expiration ? 0 : expiration - challengeStart;
return (price, uint64(_min(timeToExpiration, challengePeriod)), challengePeriod);
}
function notifyChallengeStarted(uint256 size) external onlyHub {
// Require minimum size. Collateral balance can be below minimum if it was partially challenged before.
if (size < minimumCollateral && size < _collateralBalance()) revert ChallengeTooSmall();
if (size == 0) revert ChallengeTooSmall();
challengedAmount += size;
}
/**
* @param size amount of collateral challenged (dec18)
*/
function notifyChallengeAverted(uint256 size) external onlyHub {
challengedAmount -= size;
// Don't allow minter to close the position immediately so challenge can be repeated before
// the owner has a chance to mint more on an undercollateralized position
_restrictMinting(1 days);
// If this was the last open challenge and there is only a dust amount of collateral left, the position should be closed
_considerClose(_collateralBalance());
}
/**
* @notice Notifies the position that a challenge was successful.
* Triggers the payout of the challenged part of the collateral.
* Everything else is assumed to be handled by the hub.
*
* @param _bidder address of the bidder that receives the collateral
* @param _size amount of the collateral bid for
* @return (position owner, effective challenge size in ZCHF, amount to be repaid, reserve ppm)
*/
function notifyChallengeSucceeded(
address _bidder,
uint256 _size
) external onlyHub returns (address, uint256, uint256, uint32) {
challengedAmount -= _size;
uint256 colBal = _collateralBalance();
if (colBal < _size) {
_size = colBal;
}
uint256 repayment = colBal == 0 ? 0 : minted * _size / colBal; // for enormous colBal, this could be rounded to 0, which is ok
_notifyRepaid(repayment); // we assume the caller takes care of the actual repayment
// Give time for additional challenges before the owner can mint again. In particular,
// the owner might have added collateral only seconds before the challenge ended, preventing a close.
_restrictMinting(3 days);
_withdrawCollateral(_bidder, _size); // transfer collateral to the bidder and emit update
return (owner, _size, repayment, reserveContribution);
}
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
/**
* @title Functions for share valuation
*/
contract MathUtil {
uint256 internal constant ONE_DEC18 = 10 ** 18;
// Let's go for 12 digits of precision (18-6)
uint256 internal constant THRESH_DEC18 = 10 ** 6;
/**
* @notice Cubic root with Halley approximation
* Number 1e18 decimal
* @param _v number for which we calculate x**(1/3)
* @return returns _v**(1/3)
*/
function _cubicRoot(uint256 _v) internal pure returns (uint256) {
// Good first guess for _v slightly above 1.0, which is often the case in the Frankencoin system
uint256 x = _v > ONE_DEC18 && _v < 10 ** 19 ? (_v - ONE_DEC18) / 3 + ONE_DEC18 : ONE_DEC18;
uint256 diff;
do {
uint256 powX3 = _mulD18(_mulD18(x, x), x);
uint256 xnew = x * (powX3 + 2 * _v) / (2 * powX3 + _v);
diff = xnew > x ? xnew - x : x - xnew;
x = xnew;
} while (diff > THRESH_DEC18);
return x;
}
function _mulD18(uint256 _a, uint256 _b) internal pure returns (uint256) {
return (_a * _b) / ONE_DEC18;
}
function _divD18(uint256 _a, uint256 _b) internal pure returns (uint256) {
return (_a * ONE_DEC18) / _b;
}
function _power3(uint256 _x) internal pure returns (uint256) {
return _mulD18(_mulD18(_x, _x), _x);
}
function _min(uint256 a, uint256 b) internal pure returns (uint256) {
return a < b ? a : b;
}
}
// SPDX-License-Identifier: MIT
//
// From https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/access/Ownable.sol
//
// Modifications:
// - Replaced Context._msgSender() with msg.sender
// - Made leaner
pragma solidity ^0.8.0;
/**
* @dev Contract module which provides a basic access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* By default, the owner account will be the one that deploys the contract. This
* can later be changed with {transferOwnership}.
*/
contract Ownable {
address public owner;
event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
error NotOwner();
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Can only be called by the current owner.
*/
function transferOwnership(address newOwner) public onlyOwner {
_setOwner(newOwner);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Internal function without access restriction.
*/
function _setOwner(address newOwner) internal {
require(newOwner != address(0x0));
address oldOwner = owner;
owner = newOwner;
emit OwnershipTransferred(oldOwner, newOwner);
}
function _requireOwner(address sender) internal view {
if (owner != sender) revert NotOwner();
}
modifier onlyOwner() {
_requireOwner(msg.sender);
_;
}
}