Transaction Hash:
Block:
19720051 at Apr-23-2024 07:02:23 PM +UTC
Transaction Fee:
0.002765906574793588 ETH
$6.92
Gas Used:
160,276 Gas / 17.257147513 Gwei
Emitted Events:
| 152 |
ERC1967Proxy.0x06a333c2d6fe967ca967f7a35be2eb45e8caeb6cf05e16f55d42b91b5fe31255( 0x06a333c2d6fe967ca967f7a35be2eb45e8caeb6cf05e16f55d42b91b5fe31255, 04dc7088b6c242144b268365d3a286c785cf8ae350f49db6d4bb1f028be49fdf, 0000000000000000000000000000000000000000000000000000000000044bfa, 00000000000000000000000023581767a106ae21c074b2276d25e5c3e136a68b, 000000000000000000000000a69833b9fda816f1bfc79517e7932e64708df0dd, 00000000000000000000000084e84e2dcd0d0f171f0202c69626c0a1945ef083, 000000000000000000000000000000000000000000000000058d15e176280000, 0000000000000000000000000000000000000000000000000000000000001a22, 000000000000000000000000000000000000000000000000000000000000062e, 0000000000000000000000000000000000000000000000000000000000002328 )
|
| 153 |
Moonbirds.Approval( owner=[Sender] 0x84e84e2dcd0d0f171f0202c69626c0a1945ef083, approved=0x00000000...000000000, tokenId=1582 )
|
| 154 |
Moonbirds.Transfer( from=[Sender] 0x84e84e2dcd0d0f171f0202c69626c0a1945ef083, to=[Receiver] ERC1967Proxy, tokenId=1582 )
|
| 155 |
ERC1967Proxy.0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef( 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef, 0x000000000000000000000000a69833b9fda816f1bfc79517e7932e64708df0dd, 0x00000000000000000000000084e84e2dcd0d0f171f0202c69626c0a1945ef083, 000000000000000000000000000000000000000000000000058d15e176280000 )
|
Account State Difference:
| Address | Before | After | State Difference | ||
|---|---|---|---|---|---|
| 0x00000000...d351887Ac | |||||
| 0x23581767...3e136a68b | |||||
| 0x29469395...28D98a20B | (Blur: Blend) | ||||
|
0x388C818C...7ccB19297
Miner
| (Lido: Execution Layer Rewards Vault) | 50.959575666340990012 Eth | 50.959576443679590012 Eth | 0.0000007773386 | |
| 0x84e84E2D...1945eF083 |
0.016972261440508923 Eth
Nonce: 2619
|
0.014206354865715335 Eth
Nonce: 2620
| 0.002765906574793588 |
Execution Trace
ERC1967Proxy.e263967e( )
Blend.borrow( offer=[{name:lender, type:address, order:1, indexed:false, value:0xa69833B9fDa816f1bFC79517E7932E64708Df0dd, valueString:0xa69833B9fDa816f1bFC79517E7932E64708Df0dd}, {name:collection, type:address, order:2, indexed:false, value:0x23581767a106ae21c074b2276D25e5C3e136a68b, valueString:0x23581767a106ae21c074b2276D25e5C3e136a68b}, {name:totalAmount, type:uint256, order:3, indexed:false, value:3000000000000000000000, valueString:3000000000000000000000}, {name:minAmount, type:uint256, order:4, indexed:false, value:0, valueString:0}, {name:maxAmount, type:uint256, order:5, indexed:false, value:400000000000000000, valueString:400000000000000000}, {name:auctionDuration, type:uint256, order:6, indexed:false, value:9000, valueString:9000}, {name:salt, type:uint256, order:7, indexed:false, value:313522547176177795261625143721268058257, valueString:313522547176177795261625143721268058257}, {name:expirationTime, type:uint256, order:8, indexed:false, value:1713902498, valueString:1713902498}, {name:rate, type:uint256, order:9, indexed:false, value:6690, valueString:6690}, {name:oracle, type:address, order:10, indexed:false, value:0x473ca1d29A136b935A96380Ea342f296B4eeA82C, valueString:0x473ca1d29A136b935A96380Ea342f296B4eeA82C}], signature=0xDE27EE1C09BEC6D50C44FDF0CEEE892848FB47073F428589986D4B9C40F8216B62D8C58E11FE5887EDD2681C510DEC2486629EDF7109EACA283682ACA95D354C1BB0903EA9DB63C0CF48631967670A9452A7CC67E0DA2BCCE87433C6E422AB26170D202BB90D58729A1B4C4D5ED4FBAF2B5944B4F3B5CDA1ABB7796C433A5B618E1C00000000000000000000000000000000000000000000000000000000012CE76E, loanAmount=400000000000000000, collateralTokenId=1582 ) => ( lienId=281594 )-
Null: 0x000...001.891aa77b( ) -
Null: 0x000...001.c4b077aa( ) 
Moonbirds.safeTransferFrom( from=0x84e84E2DcD0d0f171F0202C69626C0A1945eF083, to=0x29469395eAf6f95920E59F858042f0e28D98a20B, tokenId=1582 )
ERC1967Proxy.150b7a02( )-
Blend.onERC721Received( operator=0x29469395eAf6f95920E59F858042f0e28D98a20B, from=0x84e84E2DcD0d0f171F0202C69626C0A1945eF083, tokenId=1582, data=0x )
-
ERC1967Proxy.23b872dd( )
-
BlurPool.transferFrom( from=0xa69833B9fDa816f1bFC79517E7932E64708Df0dd, to=0x84e84E2DcD0d0f171F0202C69626C0A1945eF083, amount=400000000000000000 ) => ( True )
-
-
borrow[Blend (ln:58)]
_borrow[Blend (ln:64)]InvalidAuctionDuration[Blend (ln:100)]Lien[Blend (ln:102)]encode[Blend (ln:115)]_takeLoanOffer[Blend (ln:118)]_hashOffer[Blend (ln:146)]_validateOffer[Blend (ln:147)]RateTooHigh[Blend (ln:156)]InvalidLoan[Blend (ln:159)]InsufficientOffer[Blend (ln:163)]LoanOfferTaken[Blend (ln:168)]
safeTransferFrom[Blend (ln:66)]transferFrom[Blend (ln:68)]
File 1 of 5: ERC1967Proxy
File 2 of 5: Moonbirds
File 3 of 5: ERC1967Proxy
File 4 of 5: Blend
File 5 of 5: BlurPool
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (proxy/ERC1967/ERC1967Proxy.sol)
pragma solidity 0.8.17;
import "lib/openzeppelin-contracts/contracts/proxy/Proxy.sol";
import "lib/openzeppelin-contracts/contracts/proxy/ERC1967/ERC1967Upgrade.sol";
/**
* @dev This contract implements an upgradeable proxy. It is upgradeable because calls are delegated to an
* implementation address that can be changed. This address is stored in storage in the location specified by
* https://eips.ethereum.org/EIPS/eip-1967[EIP1967], so that it doesn't conflict with the storage layout of the
* implementation behind the proxy.
*/
contract ERC1967Proxy is Proxy, ERC1967Upgrade {
/**
* @dev Initializes the upgradeable proxy with an initial implementation specified by `_logic`.
*
* If `_data` is nonempty, it's used as data in a delegate call to `_logic`. This will typically be an encoded
* function call, and allows initializating the storage of the proxy like a Solidity constructor.
*/
constructor(address _logic, bytes memory _data) payable {
assert(_IMPLEMENTATION_SLOT == bytes32(uint256(keccak256("eip1967.proxy.implementation")) - 1));
_upgradeToAndCall(_logic, _data, false);
}
/**
* @dev Returns the current implementation address.
*/
function _implementation() internal view virtual override returns (address impl) {
return ERC1967Upgrade._getImplementation();
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.6.0) (proxy/Proxy.sol)
pragma solidity ^0.8.0;
/**
* @dev This abstract contract provides a fallback function that delegates all calls to another contract using the EVM
* instruction `delegatecall`. We refer to the second contract as the _implementation_ behind the proxy, and it has to
* be specified by overriding the virtual {_implementation} function.
*
* Additionally, delegation to the implementation can be triggered manually through the {_fallback} function, or to a
* different contract through the {_delegate} function.
*
* The success and return data of the delegated call will be returned back to the caller of the proxy.
*/
abstract contract Proxy {
/**
* @dev Delegates the current call to `implementation`.
*
* This function does not return to its internal call site, it will return directly to the external caller.
*/
function _delegate(address implementation) internal virtual {
assembly {
// Copy msg.data. We take full control of memory in this inline assembly
// block because it will not return to Solidity code. We overwrite the
// Solidity scratch pad at memory position 0.
calldatacopy(0, 0, calldatasize())
// Call the implementation.
// out and outsize are 0 because we don't know the size yet.
let result := delegatecall(gas(), implementation, 0, calldatasize(), 0, 0)
// Copy the returned data.
returndatacopy(0, 0, returndatasize())
switch result
// delegatecall returns 0 on error.
case 0 {
revert(0, returndatasize())
}
default {
return(0, returndatasize())
}
}
}
/**
* @dev This is a virtual function that should be overridden so it returns the address to which the fallback function
* and {_fallback} should delegate.
*/
function _implementation() internal view virtual returns (address);
/**
* @dev Delegates the current call to the address returned by `_implementation()`.
*
* This function does not return to its internal call site, it will return directly to the external caller.
*/
function _fallback() internal virtual {
_beforeFallback();
_delegate(_implementation());
}
/**
* @dev Fallback function that delegates calls to the address returned by `_implementation()`. Will run if no other
* function in the contract matches the call data.
*/
fallback() external payable virtual {
_fallback();
}
/**
* @dev Fallback function that delegates calls to the address returned by `_implementation()`. Will run if call data
* is empty.
*/
receive() external payable virtual {
_fallback();
}
/**
* @dev Hook that is called before falling back to the implementation. Can happen as part of a manual `_fallback`
* call, or as part of the Solidity `fallback` or `receive` functions.
*
* If overridden should call `super._beforeFallback()`.
*/
function _beforeFallback() internal virtual {}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (proxy/ERC1967/ERC1967Upgrade.sol)
pragma solidity ^0.8.2;
import "../beacon/IBeacon.sol";
import "../../interfaces/draft-IERC1822.sol";
import "../../utils/Address.sol";
import "../../utils/StorageSlot.sol";
/**
* @dev This abstract contract provides getters and event emitting update functions for
* https://eips.ethereum.org/EIPS/eip-1967[EIP1967] slots.
*
* _Available since v4.1._
*/
abstract contract ERC1967Upgrade {
// This is the keccak-256 hash of "eip1967.proxy.rollback" subtracted by 1
bytes32 private constant _ROLLBACK_SLOT = 0x4910fdfa16fed3260ed0e7147f7cc6da11a60208b5b9406d12a635614ffd9143;
/**
* @dev Storage slot with the address of the current implementation.
* This is the keccak-256 hash of "eip1967.proxy.implementation" subtracted by 1, and is
* validated in the constructor.
*/
bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
/**
* @dev Emitted when the implementation is upgraded.
*/
event Upgraded(address indexed implementation);
/**
* @dev Returns the current implementation address.
*/
function _getImplementation() internal view returns (address) {
return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
}
/**
* @dev Stores a new address in the EIP1967 implementation slot.
*/
function _setImplementation(address newImplementation) private {
require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract");
StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
}
/**
* @dev Perform implementation upgrade
*
* Emits an {Upgraded} event.
*/
function _upgradeTo(address newImplementation) internal {
_setImplementation(newImplementation);
emit Upgraded(newImplementation);
}
/**
* @dev Perform implementation upgrade with additional setup call.
*
* Emits an {Upgraded} event.
*/
function _upgradeToAndCall(address newImplementation, bytes memory data, bool forceCall) internal {
_upgradeTo(newImplementation);
if (data.length > 0 || forceCall) {
Address.functionDelegateCall(newImplementation, data);
}
}
/**
* @dev Perform implementation upgrade with security checks for UUPS proxies, and additional setup call.
*
* Emits an {Upgraded} event.
*/
function _upgradeToAndCallUUPS(address newImplementation, bytes memory data, bool forceCall) internal {
// Upgrades from old implementations will perform a rollback test. This test requires the new
// implementation to upgrade back to the old, non-ERC1822 compliant, implementation. Removing
// this special case will break upgrade paths from old UUPS implementation to new ones.
if (StorageSlot.getBooleanSlot(_ROLLBACK_SLOT).value) {
_setImplementation(newImplementation);
} else {
try IERC1822Proxiable(newImplementation).proxiableUUID() returns (bytes32 slot) {
require(slot == _IMPLEMENTATION_SLOT, "ERC1967Upgrade: unsupported proxiableUUID");
} catch {
revert("ERC1967Upgrade: new implementation is not UUPS");
}
_upgradeToAndCall(newImplementation, data, forceCall);
}
}
/**
* @dev Storage slot with the admin of the contract.
* This is the keccak-256 hash of "eip1967.proxy.admin" subtracted by 1, and is
* validated in the constructor.
*/
bytes32 internal constant _ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;
/**
* @dev Emitted when the admin account has changed.
*/
event AdminChanged(address previousAdmin, address newAdmin);
/**
* @dev Returns the current admin.
*/
function _getAdmin() internal view returns (address) {
return StorageSlot.getAddressSlot(_ADMIN_SLOT).value;
}
/**
* @dev Stores a new address in the EIP1967 admin slot.
*/
function _setAdmin(address newAdmin) private {
require(newAdmin != address(0), "ERC1967: new admin is the zero address");
StorageSlot.getAddressSlot(_ADMIN_SLOT).value = newAdmin;
}
/**
* @dev Changes the admin of the proxy.
*
* Emits an {AdminChanged} event.
*/
function _changeAdmin(address newAdmin) internal {
emit AdminChanged(_getAdmin(), newAdmin);
_setAdmin(newAdmin);
}
/**
* @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy.
* This is bytes32(uint256(keccak256('eip1967.proxy.beacon')) - 1)) and is validated in the constructor.
*/
bytes32 internal constant _BEACON_SLOT = 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50;
/**
* @dev Emitted when the beacon is upgraded.
*/
event BeaconUpgraded(address indexed beacon);
/**
* @dev Returns the current beacon.
*/
function _getBeacon() internal view returns (address) {
return StorageSlot.getAddressSlot(_BEACON_SLOT).value;
}
/**
* @dev Stores a new beacon in the EIP1967 beacon slot.
*/
function _setBeacon(address newBeacon) private {
require(Address.isContract(newBeacon), "ERC1967: new beacon is not a contract");
require(
Address.isContract(IBeacon(newBeacon).implementation()),
"ERC1967: beacon implementation is not a contract"
);
StorageSlot.getAddressSlot(_BEACON_SLOT).value = newBeacon;
}
/**
* @dev Perform beacon upgrade with additional setup call. Note: This upgrades the address of the beacon, it does
* not upgrade the implementation contained in the beacon (see {UpgradeableBeacon-_setImplementation} for that).
*
* Emits a {BeaconUpgraded} event.
*/
function _upgradeBeaconToAndCall(address newBeacon, bytes memory data, bool forceCall) internal {
_setBeacon(newBeacon);
emit BeaconUpgraded(newBeacon);
if (data.length > 0 || forceCall) {
Address.functionDelegateCall(IBeacon(newBeacon).implementation(), data);
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (proxy/beacon/IBeacon.sol)
pragma solidity ^0.8.0;
/**
* @dev This is the interface that {BeaconProxy} expects of its beacon.
*/
interface IBeacon {
/**
* @dev Must return an address that can be used as a delegate call target.
*
* {BeaconProxy} will check that this address is a contract.
*/
function implementation() external view returns (address);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (interfaces/draft-IERC1822.sol)
pragma solidity ^0.8.0;
/**
* @dev ERC1822: Universal Upgradeable Proxy Standard (UUPS) documents a method for upgradeability through a simplified
* proxy whose upgrades are fully controlled by the current implementation.
*/
interface IERC1822Proxiable {
/**
* @dev Returns the storage slot that the proxiable contract assumes is being used to store the implementation
* address.
*
* IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks
* bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this
* function revert if invoked through a proxy.
*/
function proxiableUUID() external view returns (bytes32);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (utils/Address.sol)
pragma solidity ^0.8.1;
/**
* @dev Collection of functions related to the address type
*/
library Address {
/**
* @dev Returns true if `account` is a contract.
*
* [IMPORTANT]
* ====
* It is unsafe to assume that an address for which this function returns
* false is an externally-owned account (EOA) and not a contract.
*
* Among others, `isContract` will return false for the following
* types of addresses:
*
* - an externally-owned account
* - a contract in construction
* - an address where a contract will be created
* - an address where a contract lived, but was destroyed
*
* Furthermore, `isContract` will also return true if the target contract within
* the same transaction is already scheduled for destruction by `SELFDESTRUCT`,
* which only has an effect at the end of a transaction.
* ====
*
* [IMPORTANT]
* ====
* You shouldn't rely on `isContract` to protect against flash loan attacks!
*
* Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
* like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
* constructor.
* ====
*/
function isContract(address account) internal view returns (bool) {
// This method relies on extcodesize/address.code.length, which returns 0
// for contracts in construction, since the code is only stored at the end
// of the constructor execution.
return account.code.length > 0;
}
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
require(address(this).balance >= amount, "Address: insufficient balance");
(bool success, ) = recipient.call{value: amount}("");
require(success, "Address: unable to send value, recipient may have reverted");
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason, it is bubbled up by this
* function (like regular Solidity function calls).
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*
* _Available since v3.1._
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, "Address: low-level call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
* `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*
* _Available since v3.1._
*/
function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
}
/**
* @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
* with `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value,
string memory errorMessage
) internal returns (bytes memory) {
require(address(this).balance >= value, "Address: insufficient balance for call");
(bool success, bytes memory returndata) = target.call{value: value}(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
return functionStaticCall(target, data, "Address: low-level static call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(
address target,
bytes memory data,
string memory errorMessage
) internal view returns (bytes memory) {
(bool success, bytes memory returndata) = target.staticcall(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
return functionDelegateCall(target, data, "Address: low-level delegate call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
(bool success, bytes memory returndata) = target.delegatecall(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling
* the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.
*
* _Available since v4.8._
*/
function verifyCallResultFromTarget(
address target,
bool success,
bytes memory returndata,
string memory errorMessage
) internal view returns (bytes memory) {
if (success) {
if (returndata.length == 0) {
// only check isContract if the call was successful and the return data is empty
// otherwise we already know that it was a contract
require(isContract(target), "Address: call to non-contract");
}
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
/**
* @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the
* revert reason or using the provided one.
*
* _Available since v4.3._
*/
function verifyCallResult(
bool success,
bytes memory returndata,
string memory errorMessage
) internal pure returns (bytes memory) {
if (success) {
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
function _revert(bytes memory returndata, string memory errorMessage) private pure {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly
/// @solidity memory-safe-assembly
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert(errorMessage);
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (utils/StorageSlot.sol)
// This file was procedurally generated from scripts/generate/templates/StorageSlot.js.
pragma solidity ^0.8.0;
/**
* @dev Library for reading and writing primitive types to specific storage slots.
*
* Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.
* This library helps with reading and writing to such slots without the need for inline assembly.
*
* The functions in this library return Slot structs that contain a `value` member that can be used to read or write.
*
* Example usage to set ERC1967 implementation slot:
* ```solidity
* contract ERC1967 {
* bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
*
* function _getImplementation() internal view returns (address) {
* return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
* }
*
* function _setImplementation(address newImplementation) internal {
* require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract");
* StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
* }
* }
* ```
*
* _Available since v4.1 for `address`, `bool`, `bytes32`, `uint256`._
* _Available since v4.9 for `string`, `bytes`._
*/
library StorageSlot {
struct AddressSlot {
address value;
}
struct BooleanSlot {
bool value;
}
struct Bytes32Slot {
bytes32 value;
}
struct Uint256Slot {
uint256 value;
}
struct StringSlot {
string value;
}
struct BytesSlot {
bytes value;
}
/**
* @dev Returns an `AddressSlot` with member `value` located at `slot`.
*/
function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `BooleanSlot` with member `value` located at `slot`.
*/
function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Bytes32Slot` with member `value` located at `slot`.
*/
function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Uint256Slot` with member `value` located at `slot`.
*/
function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `StringSlot` with member `value` located at `slot`.
*/
function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `StringSlot` representation of the string storage pointer `store`.
*/
function getStringSlot(string storage store) internal pure returns (StringSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := store.slot
}
}
/**
* @dev Returns an `BytesSlot` with member `value` located at `slot`.
*/
function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`.
*/
function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := store.slot
}
}
}
File 2 of 5: Moonbirds
// SPDX-License-Identifier: UNLICENSED
pragma solidity >=0.8.10 <0.9.0;
import "@divergencetech/ethier/contracts/crypto/SignatureChecker.sol";
import "@divergencetech/ethier/contracts/crypto/SignerManager.sol";
import "@divergencetech/ethier/contracts/erc721/BaseTokenURI.sol";
import "@divergencetech/ethier/contracts/erc721/ERC721ACommon.sol";
import "@divergencetech/ethier/contracts/erc721/ERC721Redeemer.sol";
import "@divergencetech/ethier/contracts/sales/FixedPriceSeller.sol";
import "@divergencetech/ethier/contracts/utils/Monotonic.sol";
import "@openzeppelin/contracts/token/common/ERC2981.sol";
import "@openzeppelin/contracts/access/AccessControlEnumerable.sol";
import "@openzeppelin/contracts/utils/structs/EnumerableSet.sol";
interface ITokenURIGenerator {
function tokenURI(uint256 tokenId) external view returns (string memory);
}
// @author divergence.xyz
contract Moonbirds is
ERC721ACommon,
BaseTokenURI,
FixedPriceSeller,
SignerManager,
ERC2981,
AccessControlEnumerable
{
using EnumerableSet for EnumerableSet.AddressSet;
using ERC721Redeemer for ERC721Redeemer.Claims;
using Monotonic for Monotonic.Increaser;
using SignatureChecker for EnumerableSet.AddressSet;
IERC721 public immutable proof;
/**
@notice Role of administrative users allowed to expel a Moonbird from the
nest.
@dev See expelFromNest().
*/
bytes32 public constant EXPULSION_ROLE = keccak256("EXPULSION_ROLE");
constructor(
string memory name,
string memory symbol,
IERC721 _proof,
address payable beneficiary,
address payable royaltyReceiver
)
ERC721ACommon(name, symbol)
BaseTokenURI("")
FixedPriceSeller(
2.5 ether,
// Not including a separate pool for PROOF holders, taking the total
// to 10k. We don't enforce buyer limits here because it's already
// done by only issuing a single signature per address, and double
// enforcement would waste gas.
Seller.SellerConfig({
totalInventory: 8_000,
lockTotalInventory: true,
maxPerAddress: 0,
maxPerTx: 0,
freeQuota: 125,
lockFreeQuota: false,
reserveFreeQuota: true
}),
beneficiary
)
{
proof = _proof;
_setDefaultRoyalty(royaltyReceiver, 500);
_grantRole(DEFAULT_ADMIN_ROLE, msg.sender);
}
/**
@dev Mint tokens purchased via the Seller.
*/
function _handlePurchase(
address to,
uint256 n,
bool
) internal override {
_safeMint(to, n);
// We're using two separate pools (one from Seller, and one for PROOF
// minting), so add an extra layer of checks for this invariant. This
// should never fail as each pool has its own restriction, and is in
// place purely for tests (hence assert).
assert(totalSupply() <= 10_000);
}
/**
@dev Record of already-used signatures.
*/
mapping(bytes32 => bool) public usedMessages;
/**
@notice Mint as a non-holder of PROOF tokens.
*/
function mintPublic(
address to,
bytes32 nonce,
bytes calldata sig
) external payable {
signers.requireValidSignature(
signaturePayload(to, nonce),
sig,
usedMessages
);
_purchase(to, 1);
}
/**
@notice Returns whether the address has minted with the particular nonce. If
true, future calls to mint() with the same parameters will fail.
@dev In production we will never issue more than a single nonce per address,
but this allows for testing with a single address.
*/
function alreadyMinted(address to, bytes32 nonce)
external
view
returns (bool)
{
return
usedMessages[
SignatureChecker.generateMessage(signaturePayload(to, nonce))
];
}
/**
@dev Constructs the buffer that is hashed for validation with a minting
signature.
*/
function signaturePayload(address to, bytes32 nonce)
internal
pure
returns (bytes memory)
{
return abi.encodePacked(to, nonce);
}
/**
@notice Two guaranteed mints per PROOF holder.
@dev This is specifically tracked because unclaimed tokens will be minted to
the PROOF wallet, so the pool guarantees an upper bound.
*/
uint256 public proofPoolRemaining = 2000;
ERC721Redeemer.Claims private redeemedPROOF;
/**
@dev Used by both PROOF-holder and PROOF-admin minting from the pool.
*/
modifier reducePROOFPool(uint256 n) {
require(n <= proofPoolRemaining, "Moonbirds: PROOF pool exhausted");
proofPoolRemaining -= n;
_;
}
/**
@notice Flag indicating whether holders of PROOF passes can mint.
*/
bool public proofMintingOpen = false;
/**
@notice Sets whether holders of PROOF passes can mint.
*/
function setPROOFMintingOpen(bool open) external onlyOwner {
proofMintingOpen = open;
}
/**
@notice Mint as a holder of a PROOF token.
@dev Repeat a PROOF token ID twice to redeem both of its claims; recurring
values SHOULD be adjacent for improved gas (eg [1,1,2,2] not [1,2,1,2]).
*/
function mintPROOF(uint256[] calldata proofTokenIds)
external
reducePROOFPool(proofTokenIds.length)
{
require(proofMintingOpen, "Moonbirds: PROOF minting closed");
uint256 n = redeemedPROOF.redeem(2, msg.sender, proof, proofTokenIds);
_handlePurchase(msg.sender, n, true);
}
/**
@notice Returns how many additional Moonbirds can be claimed with the PROOF
token.
*/
function proofClaimsRemaining(uint256 tokenId)
external
view
returns (uint256)
{
require(tokenId < 1000, "Token doesn't exist");
return 2 - redeemedPROOF.claimed(tokenId);
}
/**
@notice Mint unclaimed tokens from the PROOF-holder pool.
*/
function mintUnclaimed(address to, uint256 n)
external
onlyOwner
reducePROOFPool(n)
{
_handlePurchase(to, n, true);
}
/**
@dev tokenId to nesting start time (0 = not nesting).
*/
mapping(uint256 => uint256) private nestingStarted;
/**
@dev Cumulative per-token nesting, excluding the current period.
*/
mapping(uint256 => uint256) private nestingTotal;
/**
@notice Returns the length of time, in seconds, that the Moonbird has
nested.
@dev Nesting is tied to a specific Moonbird, not to the owner, so it doesn't
reset upon sale.
@return nesting Whether the Moonbird is currently nesting. MAY be true with
zero current nesting if in the same block as nesting began.
@return current Zero if not currently nesting, otherwise the length of time
since the most recent nesting began.
@return total Total period of time for which the Moonbird has nested across
its life, including the current period.
*/
function nestingPeriod(uint256 tokenId)
external
view
returns (
bool nesting,
uint256 current,
uint256 total
)
{
uint256 start = nestingStarted[tokenId];
if (start != 0) {
nesting = true;
current = block.timestamp - start;
}
total = current + nestingTotal[tokenId];
}
/**
@dev MUST only be modified by safeTransferWhileNesting(); if set to 2 then
the _beforeTokenTransfer() block while nesting is disabled.
*/
uint256 private nestingTransfer = 1;
/**
@notice Transfer a token between addresses while the Moonbird is minting,
thus not resetting the nesting period.
*/
function safeTransferWhileNesting(
address from,
address to,
uint256 tokenId
) external {
require(ownerOf(tokenId) == _msgSender(), "Moonbirds: Only owner");
nestingTransfer = 2;
safeTransferFrom(from, to, tokenId);
nestingTransfer = 1;
}
/**
@dev Block transfers while nesting.
*/
function _beforeTokenTransfers(
address,
address,
uint256 startTokenId,
uint256 quantity
) internal view override {
uint256 tokenId = startTokenId;
for (uint256 end = tokenId + quantity; tokenId < end; ++tokenId) {
require(
nestingStarted[tokenId] == 0 || nestingTransfer == 2,
"Moonbirds: nesting"
);
}
}
/**
@dev Emitted when a Moonbird begins nesting.
*/
event Nested(uint256 indexed tokenId);
/**
@dev Emitted when a Moonbird stops nesting; either through standard means or
by expulsion.
*/
event Unnested(uint256 indexed tokenId);
/**
@dev Emitted when a Moonbird is expelled from the nest.
*/
event Expelled(uint256 indexed tokenId);
/**
@notice Whether nesting is currently allowed.
@dev If false then nesting is blocked, but unnesting is always allowed.
*/
bool public nestingOpen = false;
/**
@notice Toggles the `nestingOpen` flag.
*/
function setNestingOpen(bool open) external onlyOwner {
nestingOpen = open;
}
/**
@notice Changes the Moonbird's nesting status.
*/
function toggleNesting(uint256 tokenId)
internal
onlyApprovedOrOwner(tokenId)
{
uint256 start = nestingStarted[tokenId];
if (start == 0) {
require(nestingOpen, "Moonbirds: nesting closed");
nestingStarted[tokenId] = block.timestamp;
emit Nested(tokenId);
} else {
nestingTotal[tokenId] += block.timestamp - start;
nestingStarted[tokenId] = 0;
emit Unnested(tokenId);
}
}
/**
@notice Changes the Moonbirds' nesting statuss (what's the plural of status?
statii? statuses? status? The plural of sheep is sheep; maybe it's also the
plural of status).
@dev Changes the Moonbirds' nesting sheep (see @notice).
*/
function toggleNesting(uint256[] calldata tokenIds) external {
uint256 n = tokenIds.length;
for (uint256 i = 0; i < n; ++i) {
toggleNesting(tokenIds[i]);
}
}
/**
@notice Admin-only ability to expel a Moonbird from the nest.
@dev As most sales listings use off-chain signatures it's impossible to
detect someone who has nested and then deliberately undercuts the floor
price in the knowledge that the sale can't proceed. This function allows for
monitoring of such practices and expulsion if abuse is detected, allowing
the undercutting bird to be sold on the open market. Since OpenSea uses
isApprovedForAll() in its pre-listing checks, we can't block by that means
because nesting would then be all-or-nothing for all of a particular owner's
Moonbirds.
*/
function expelFromNest(uint256 tokenId) external onlyRole(EXPULSION_ROLE) {
require(nestingStarted[tokenId] != 0, "Moonbirds: not nested");
nestingTotal[tokenId] += block.timestamp - nestingStarted[tokenId];
nestingStarted[tokenId] = 0;
emit Unnested(tokenId);
emit Expelled(tokenId);
}
/**
@dev Required override to select the correct baseTokenURI.
*/
function _baseURI()
internal
view
override(BaseTokenURI, ERC721A)
returns (string memory)
{
return BaseTokenURI._baseURI();
}
/**
@notice If set, contract to which tokenURI() calls are proxied.
*/
ITokenURIGenerator public renderingContract;
/**
@notice Sets the optional tokenURI override contract.
*/
function setRenderingContract(ITokenURIGenerator _contract)
external
onlyOwner
{
renderingContract = _contract;
}
/**
@notice If renderingContract is set then returns its tokenURI(tokenId)
return value, otherwise returns the standard baseTokenURI + tokenId.
*/
function tokenURI(uint256 tokenId)
public
view
override
returns (string memory)
{
if (address(renderingContract) != address(0)) {
return renderingContract.tokenURI(tokenId);
}
return super.tokenURI(tokenId);
}
/**
@notice Sets the contract-wide royalty info.
*/
function setRoyaltyInfo(address receiver, uint96 feeBasisPoints)
external
onlyOwner
{
_setDefaultRoyalty(receiver, feeBasisPoints);
}
function supportsInterface(bytes4 interfaceId)
public
view
override(ERC721ACommon, ERC2981, AccessControlEnumerable)
returns (bool)
{
return super.supportsInterface(interfaceId);
}
}
// SPDX-License-Identifier: MIT
// Creator: Chiru Labs
pragma solidity ^0.8.4;
import '@openzeppelin/contracts/token/ERC721/IERC721.sol';
import '@openzeppelin/contracts/token/ERC721/IERC721Receiver.sol';
import '@openzeppelin/contracts/token/ERC721/extensions/IERC721Metadata.sol';
import '@openzeppelin/contracts/utils/Address.sol';
import '@openzeppelin/contracts/utils/Context.sol';
import '@openzeppelin/contracts/utils/Strings.sol';
import '@openzeppelin/contracts/utils/introspection/ERC165.sol';
error ApprovalCallerNotOwnerNorApproved();
error ApprovalQueryForNonexistentToken();
error ApproveToCaller();
error ApprovalToCurrentOwner();
error BalanceQueryForZeroAddress();
error MintToZeroAddress();
error MintZeroQuantity();
error OwnerQueryForNonexistentToken();
error TransferCallerNotOwnerNorApproved();
error TransferFromIncorrectOwner();
error TransferToNonERC721ReceiverImplementer();
error TransferToZeroAddress();
error URIQueryForNonexistentToken();
/**
* @dev Implementation of https://eips.ethereum.org/EIPS/eip-721[ERC721] Non-Fungible Token Standard, including
* the Metadata extension. Built to optimize for lower gas during batch mints.
*
* Assumes serials are sequentially minted starting at _startTokenId() (defaults to 0, e.g. 0, 1, 2, 3..).
*
* Assumes that an owner cannot have more than 2**64 - 1 (max value of uint64) of supply.
*
* Assumes that the maximum token id cannot exceed 2**256 - 1 (max value of uint256).
*/
contract ERC721A is Context, ERC165, IERC721, IERC721Metadata {
using Address for address;
using Strings for uint256;
// Compiler will pack this into a single 256bit word.
struct TokenOwnership {
// The address of the owner.
address addr;
// Keeps track of the start time of ownership with minimal overhead for tokenomics.
uint64 startTimestamp;
// Whether the token has been burned.
bool burned;
}
// Compiler will pack this into a single 256bit word.
struct AddressData {
// Realistically, 2**64-1 is more than enough.
uint64 balance;
// Keeps track of mint count with minimal overhead for tokenomics.
uint64 numberMinted;
// Keeps track of burn count with minimal overhead for tokenomics.
uint64 numberBurned;
// For miscellaneous variable(s) pertaining to the address
// (e.g. number of whitelist mint slots used).
// If there are multiple variables, please pack them into a uint64.
uint64 aux;
}
// The tokenId of the next token to be minted.
uint256 internal _currentIndex;
// The number of tokens burned.
uint256 internal _burnCounter;
// Token name
string private _name;
// Token symbol
string private _symbol;
// Mapping from token ID to ownership details
// An empty struct value does not necessarily mean the token is unowned. See _ownershipOf implementation for details.
mapping(uint256 => TokenOwnership) internal _ownerships;
// Mapping owner address to address data
mapping(address => AddressData) private _addressData;
// Mapping from token ID to approved address
mapping(uint256 => address) private _tokenApprovals;
// Mapping from owner to operator approvals
mapping(address => mapping(address => bool)) private _operatorApprovals;
constructor(string memory name_, string memory symbol_) {
_name = name_;
_symbol = symbol_;
_currentIndex = _startTokenId();
}
/**
* To change the starting tokenId, please override this function.
*/
function _startTokenId() internal view virtual returns (uint256) {
return 0;
}
/**
* @dev Burned tokens are calculated here, use _totalMinted() if you want to count just minted tokens.
*/
function totalSupply() public view returns (uint256) {
// Counter underflow is impossible as _burnCounter cannot be incremented
// more than _currentIndex - _startTokenId() times
unchecked {
return _currentIndex - _burnCounter - _startTokenId();
}
}
/**
* Returns the total amount of tokens minted in the contract.
*/
function _totalMinted() internal view returns (uint256) {
// Counter underflow is impossible as _currentIndex does not decrement,
// and it is initialized to _startTokenId()
unchecked {
return _currentIndex - _startTokenId();
}
}
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override(ERC165, IERC165) returns (bool) {
return
interfaceId == type(IERC721).interfaceId ||
interfaceId == type(IERC721Metadata).interfaceId ||
super.supportsInterface(interfaceId);
}
/**
* @dev See {IERC721-balanceOf}.
*/
function balanceOf(address owner) public view override returns (uint256) {
if (owner == address(0)) revert BalanceQueryForZeroAddress();
return uint256(_addressData[owner].balance);
}
/**
* Returns the number of tokens minted by `owner`.
*/
function _numberMinted(address owner) internal view returns (uint256) {
return uint256(_addressData[owner].numberMinted);
}
/**
* Returns the number of tokens burned by or on behalf of `owner`.
*/
function _numberBurned(address owner) internal view returns (uint256) {
return uint256(_addressData[owner].numberBurned);
}
/**
* Returns the auxillary data for `owner`. (e.g. number of whitelist mint slots used).
*/
function _getAux(address owner) internal view returns (uint64) {
return _addressData[owner].aux;
}
/**
* Sets the auxillary data for `owner`. (e.g. number of whitelist mint slots used).
* If there are multiple variables, please pack them into a uint64.
*/
function _setAux(address owner, uint64 aux) internal {
_addressData[owner].aux = aux;
}
/**
* Gas spent here starts off proportional to the maximum mint batch size.
* It gradually moves to O(1) as tokens get transferred around in the collection over time.
*/
function _ownershipOf(uint256 tokenId) internal view returns (TokenOwnership memory) {
uint256 curr = tokenId;
unchecked {
if (_startTokenId() <= curr && curr < _currentIndex) {
TokenOwnership memory ownership = _ownerships[curr];
if (!ownership.burned) {
if (ownership.addr != address(0)) {
return ownership;
}
// Invariant:
// There will always be an ownership that has an address and is not burned
// before an ownership that does not have an address and is not burned.
// Hence, curr will not underflow.
while (true) {
curr--;
ownership = _ownerships[curr];
if (ownership.addr != address(0)) {
return ownership;
}
}
}
}
}
revert OwnerQueryForNonexistentToken();
}
/**
* @dev See {IERC721-ownerOf}.
*/
function ownerOf(uint256 tokenId) public view override returns (address) {
return _ownershipOf(tokenId).addr;
}
/**
* @dev See {IERC721Metadata-name}.
*/
function name() public view virtual override returns (string memory) {
return _name;
}
/**
* @dev See {IERC721Metadata-symbol}.
*/
function symbol() public view virtual override returns (string memory) {
return _symbol;
}
/**
* @dev See {IERC721Metadata-tokenURI}.
*/
function tokenURI(uint256 tokenId) public view virtual override returns (string memory) {
if (!_exists(tokenId)) revert URIQueryForNonexistentToken();
string memory baseURI = _baseURI();
return bytes(baseURI).length != 0 ? string(abi.encodePacked(baseURI, tokenId.toString())) : '';
}
/**
* @dev Base URI for computing {tokenURI}. If set, the resulting URI for each
* token will be the concatenation of the `baseURI` and the `tokenId`. Empty
* by default, can be overriden in child contracts.
*/
function _baseURI() internal view virtual returns (string memory) {
return '';
}
/**
* @dev See {IERC721-approve}.
*/
function approve(address to, uint256 tokenId) public override {
address owner = ERC721A.ownerOf(tokenId);
if (to == owner) revert ApprovalToCurrentOwner();
if (_msgSender() != owner && !isApprovedForAll(owner, _msgSender())) {
revert ApprovalCallerNotOwnerNorApproved();
}
_approve(to, tokenId, owner);
}
/**
* @dev See {IERC721-getApproved}.
*/
function getApproved(uint256 tokenId) public view override returns (address) {
if (!_exists(tokenId)) revert ApprovalQueryForNonexistentToken();
return _tokenApprovals[tokenId];
}
/**
* @dev See {IERC721-setApprovalForAll}.
*/
function setApprovalForAll(address operator, bool approved) public virtual override {
if (operator == _msgSender()) revert ApproveToCaller();
_operatorApprovals[_msgSender()][operator] = approved;
emit ApprovalForAll(_msgSender(), operator, approved);
}
/**
* @dev See {IERC721-isApprovedForAll}.
*/
function isApprovedForAll(address owner, address operator) public view virtual override returns (bool) {
return _operatorApprovals[owner][operator];
}
/**
* @dev See {IERC721-transferFrom}.
*/
function transferFrom(
address from,
address to,
uint256 tokenId
) public virtual override {
_transfer(from, to, tokenId);
}
/**
* @dev See {IERC721-safeTransferFrom}.
*/
function safeTransferFrom(
address from,
address to,
uint256 tokenId
) public virtual override {
safeTransferFrom(from, to, tokenId, '');
}
/**
* @dev See {IERC721-safeTransferFrom}.
*/
function safeTransferFrom(
address from,
address to,
uint256 tokenId,
bytes memory _data
) public virtual override {
_transfer(from, to, tokenId);
if (to.isContract() && !_checkContractOnERC721Received(from, to, tokenId, _data)) {
revert TransferToNonERC721ReceiverImplementer();
}
}
/**
* @dev Returns whether `tokenId` exists.
*
* Tokens can be managed by their owner or approved accounts via {approve} or {setApprovalForAll}.
*
* Tokens start existing when they are minted (`_mint`),
*/
function _exists(uint256 tokenId) internal view returns (bool) {
return _startTokenId() <= tokenId && tokenId < _currentIndex &&
!_ownerships[tokenId].burned;
}
function _safeMint(address to, uint256 quantity) internal {
_safeMint(to, quantity, '');
}
/**
* @dev Safely mints `quantity` tokens and transfers them to `to`.
*
* Requirements:
*
* - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called for each safe transfer.
* - `quantity` must be greater than 0.
*
* Emits a {Transfer} event.
*/
function _safeMint(
address to,
uint256 quantity,
bytes memory _data
) internal {
_mint(to, quantity, _data, true);
}
/**
* @dev Mints `quantity` tokens and transfers them to `to`.
*
* Requirements:
*
* - `to` cannot be the zero address.
* - `quantity` must be greater than 0.
*
* Emits a {Transfer} event.
*/
function _mint(
address to,
uint256 quantity,
bytes memory _data,
bool safe
) internal {
uint256 startTokenId = _currentIndex;
if (to == address(0)) revert MintToZeroAddress();
if (quantity == 0) revert MintZeroQuantity();
_beforeTokenTransfers(address(0), to, startTokenId, quantity);
// Overflows are incredibly unrealistic.
// balance or numberMinted overflow if current value of either + quantity > 1.8e19 (2**64) - 1
// updatedIndex overflows if _currentIndex + quantity > 1.2e77 (2**256) - 1
unchecked {
_addressData[to].balance += uint64(quantity);
_addressData[to].numberMinted += uint64(quantity);
_ownerships[startTokenId].addr = to;
_ownerships[startTokenId].startTimestamp = uint64(block.timestamp);
uint256 updatedIndex = startTokenId;
uint256 end = updatedIndex + quantity;
if (safe && to.isContract()) {
do {
emit Transfer(address(0), to, updatedIndex);
if (!_checkContractOnERC721Received(address(0), to, updatedIndex++, _data)) {
revert TransferToNonERC721ReceiverImplementer();
}
} while (updatedIndex != end);
// Reentrancy protection
if (_currentIndex != startTokenId) revert();
} else {
do {
emit Transfer(address(0), to, updatedIndex++);
} while (updatedIndex != end);
}
_currentIndex = updatedIndex;
}
_afterTokenTransfers(address(0), to, startTokenId, quantity);
}
/**
* @dev Transfers `tokenId` from `from` to `to`.
*
* Requirements:
*
* - `to` cannot be the zero address.
* - `tokenId` token must be owned by `from`.
*
* Emits a {Transfer} event.
*/
function _transfer(
address from,
address to,
uint256 tokenId
) private {
TokenOwnership memory prevOwnership = _ownershipOf(tokenId);
if (prevOwnership.addr != from) revert TransferFromIncorrectOwner();
bool isApprovedOrOwner = (_msgSender() == from ||
isApprovedForAll(from, _msgSender()) ||
getApproved(tokenId) == _msgSender());
if (!isApprovedOrOwner) revert TransferCallerNotOwnerNorApproved();
if (to == address(0)) revert TransferToZeroAddress();
_beforeTokenTransfers(from, to, tokenId, 1);
// Clear approvals from the previous owner
_approve(address(0), tokenId, from);
// Underflow of the sender's balance is impossible because we check for
// ownership above and the recipient's balance can't realistically overflow.
// Counter overflow is incredibly unrealistic as tokenId would have to be 2**256.
unchecked {
_addressData[from].balance -= 1;
_addressData[to].balance += 1;
TokenOwnership storage currSlot = _ownerships[tokenId];
currSlot.addr = to;
currSlot.startTimestamp = uint64(block.timestamp);
// If the ownership slot of tokenId+1 is not explicitly set, that means the transfer initiator owns it.
// Set the slot of tokenId+1 explicitly in storage to maintain correctness for ownerOf(tokenId+1) calls.
uint256 nextTokenId = tokenId + 1;
TokenOwnership storage nextSlot = _ownerships[nextTokenId];
if (nextSlot.addr == address(0)) {
// This will suffice for checking _exists(nextTokenId),
// as a burned slot cannot contain the zero address.
if (nextTokenId != _currentIndex) {
nextSlot.addr = from;
nextSlot.startTimestamp = prevOwnership.startTimestamp;
}
}
}
emit Transfer(from, to, tokenId);
_afterTokenTransfers(from, to, tokenId, 1);
}
/**
* @dev This is equivalent to _burn(tokenId, false)
*/
function _burn(uint256 tokenId) internal virtual {
_burn(tokenId, false);
}
/**
* @dev Destroys `tokenId`.
* The approval is cleared when the token is burned.
*
* Requirements:
*
* - `tokenId` must exist.
*
* Emits a {Transfer} event.
*/
function _burn(uint256 tokenId, bool approvalCheck) internal virtual {
TokenOwnership memory prevOwnership = _ownershipOf(tokenId);
address from = prevOwnership.addr;
if (approvalCheck) {
bool isApprovedOrOwner = (_msgSender() == from ||
isApprovedForAll(from, _msgSender()) ||
getApproved(tokenId) == _msgSender());
if (!isApprovedOrOwner) revert TransferCallerNotOwnerNorApproved();
}
_beforeTokenTransfers(from, address(0), tokenId, 1);
// Clear approvals from the previous owner
_approve(address(0), tokenId, from);
// Underflow of the sender's balance is impossible because we check for
// ownership above and the recipient's balance can't realistically overflow.
// Counter overflow is incredibly unrealistic as tokenId would have to be 2**256.
unchecked {
AddressData storage addressData = _addressData[from];
addressData.balance -= 1;
addressData.numberBurned += 1;
// Keep track of who burned the token, and the timestamp of burning.
TokenOwnership storage currSlot = _ownerships[tokenId];
currSlot.addr = from;
currSlot.startTimestamp = uint64(block.timestamp);
currSlot.burned = true;
// If the ownership slot of tokenId+1 is not explicitly set, that means the burn initiator owns it.
// Set the slot of tokenId+1 explicitly in storage to maintain correctness for ownerOf(tokenId+1) calls.
uint256 nextTokenId = tokenId + 1;
TokenOwnership storage nextSlot = _ownerships[nextTokenId];
if (nextSlot.addr == address(0)) {
// This will suffice for checking _exists(nextTokenId),
// as a burned slot cannot contain the zero address.
if (nextTokenId != _currentIndex) {
nextSlot.addr = from;
nextSlot.startTimestamp = prevOwnership.startTimestamp;
}
}
}
emit Transfer(from, address(0), tokenId);
_afterTokenTransfers(from, address(0), tokenId, 1);
// Overflow not possible, as _burnCounter cannot be exceed _currentIndex times.
unchecked {
_burnCounter++;
}
}
/**
* @dev Approve `to` to operate on `tokenId`
*
* Emits a {Approval} event.
*/
function _approve(
address to,
uint256 tokenId,
address owner
) private {
_tokenApprovals[tokenId] = to;
emit Approval(owner, to, tokenId);
}
/**
* @dev Internal function to invoke {IERC721Receiver-onERC721Received} on a target contract.
*
* @param from address representing the previous owner of the given token ID
* @param to target address that will receive the tokens
* @param tokenId uint256 ID of the token to be transferred
* @param _data bytes optional data to send along with the call
* @return bool whether the call correctly returned the expected magic value
*/
function _checkContractOnERC721Received(
address from,
address to,
uint256 tokenId,
bytes memory _data
) private returns (bool) {
try IERC721Receiver(to).onERC721Received(_msgSender(), from, tokenId, _data) returns (bytes4 retval) {
return retval == IERC721Receiver(to).onERC721Received.selector;
} catch (bytes memory reason) {
if (reason.length == 0) {
revert TransferToNonERC721ReceiverImplementer();
} else {
assembly {
revert(add(32, reason), mload(reason))
}
}
}
}
/**
* @dev Hook that is called before a set of serially-ordered token ids are about to be transferred. This includes minting.
* And also called before burning one token.
*
* startTokenId - the first token id to be transferred
* quantity - the amount to be transferred
*
* Calling conditions:
*
* - When `from` and `to` are both non-zero, `from`'s `tokenId` will be
* transferred to `to`.
* - When `from` is zero, `tokenId` will be minted for `to`.
* - When `to` is zero, `tokenId` will be burned by `from`.
* - `from` and `to` are never both zero.
*/
function _beforeTokenTransfers(
address from,
address to,
uint256 startTokenId,
uint256 quantity
) internal virtual {}
/**
* @dev Hook that is called after a set of serially-ordered token ids have been transferred. This includes
* minting.
* And also called after one token has been burned.
*
* startTokenId - the first token id to be transferred
* quantity - the amount to be transferred
*
* Calling conditions:
*
* - When `from` and `to` are both non-zero, `from`'s `tokenId` has been
* transferred to `to`.
* - When `from` is zero, `tokenId` has been minted for `to`.
* - When `to` is zero, `tokenId` has been burned by `from`.
* - `from` and `to` are never both zero.
*/
function _afterTokenTransfers(
address from,
address to,
uint256 startTokenId,
uint256 quantity
) internal virtual {}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/structs/EnumerableSet.sol)
pragma solidity ^0.8.0;
/**
* @dev Library for managing
* https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive
* types.
*
* Sets have the following properties:
*
* - Elements are added, removed, and checked for existence in constant time
* (O(1)).
* - Elements are enumerated in O(n). No guarantees are made on the ordering.
*
* ```
* contract Example {
* // Add the library methods
* using EnumerableSet for EnumerableSet.AddressSet;
*
* // Declare a set state variable
* EnumerableSet.AddressSet private mySet;
* }
* ```
*
* As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`)
* and `uint256` (`UintSet`) are supported.
*/
library EnumerableSet {
// To implement this library for multiple types with as little code
// repetition as possible, we write it in terms of a generic Set type with
// bytes32 values.
// The Set implementation uses private functions, and user-facing
// implementations (such as AddressSet) are just wrappers around the
// underlying Set.
// This means that we can only create new EnumerableSets for types that fit
// in bytes32.
struct Set {
// Storage of set values
bytes32[] _values;
// Position of the value in the `values` array, plus 1 because index 0
// means a value is not in the set.
mapping(bytes32 => uint256) _indexes;
}
/**
* @dev Add a value to a set. O(1).
*
* Returns true if the value was added to the set, that is if it was not
* already present.
*/
function _add(Set storage set, bytes32 value) private returns (bool) {
if (!_contains(set, value)) {
set._values.push(value);
// The value is stored at length-1, but we add 1 to all indexes
// and use 0 as a sentinel value
set._indexes[value] = set._values.length;
return true;
} else {
return false;
}
}
/**
* @dev Removes a value from a set. O(1).
*
* Returns true if the value was removed from the set, that is if it was
* present.
*/
function _remove(Set storage set, bytes32 value) private returns (bool) {
// We read and store the value's index to prevent multiple reads from the same storage slot
uint256 valueIndex = set._indexes[value];
if (valueIndex != 0) {
// Equivalent to contains(set, value)
// To delete an element from the _values array in O(1), we swap the element to delete with the last one in
// the array, and then remove the last element (sometimes called as 'swap and pop').
// This modifies the order of the array, as noted in {at}.
uint256 toDeleteIndex = valueIndex - 1;
uint256 lastIndex = set._values.length - 1;
if (lastIndex != toDeleteIndex) {
bytes32 lastvalue = set._values[lastIndex];
// Move the last value to the index where the value to delete is
set._values[toDeleteIndex] = lastvalue;
// Update the index for the moved value
set._indexes[lastvalue] = valueIndex; // Replace lastvalue's index to valueIndex
}
// Delete the slot where the moved value was stored
set._values.pop();
// Delete the index for the deleted slot
delete set._indexes[value];
return true;
} else {
return false;
}
}
/**
* @dev Returns true if the value is in the set. O(1).
*/
function _contains(Set storage set, bytes32 value) private view returns (bool) {
return set._indexes[value] != 0;
}
/**
* @dev Returns the number of values on the set. O(1).
*/
function _length(Set storage set) private view returns (uint256) {
return set._values.length;
}
/**
* @dev Returns the value stored at position `index` in the set. O(1).
*
* Note that there are no guarantees on the ordering of values inside the
* array, and it may change when more values are added or removed.
*
* Requirements:
*
* - `index` must be strictly less than {length}.
*/
function _at(Set storage set, uint256 index) private view returns (bytes32) {
return set._values[index];
}
/**
* @dev Return the entire set in an array
*
* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
* this function has an unbounded cost, and using it as part of a state-changing function may render the function
* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
*/
function _values(Set storage set) private view returns (bytes32[] memory) {
return set._values;
}
// Bytes32Set
struct Bytes32Set {
Set _inner;
}
/**
* @dev Add a value to a set. O(1).
*
* Returns true if the value was added to the set, that is if it was not
* already present.
*/
function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {
return _add(set._inner, value);
}
/**
* @dev Removes a value from a set. O(1).
*
* Returns true if the value was removed from the set, that is if it was
* present.
*/
function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) {
return _remove(set._inner, value);
}
/**
* @dev Returns true if the value is in the set. O(1).
*/
function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) {
return _contains(set._inner, value);
}
/**
* @dev Returns the number of values in the set. O(1).
*/
function length(Bytes32Set storage set) internal view returns (uint256) {
return _length(set._inner);
}
/**
* @dev Returns the value stored at position `index` in the set. O(1).
*
* Note that there are no guarantees on the ordering of values inside the
* array, and it may change when more values are added or removed.
*
* Requirements:
*
* - `index` must be strictly less than {length}.
*/
function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) {
return _at(set._inner, index);
}
/**
* @dev Return the entire set in an array
*
* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
* this function has an unbounded cost, and using it as part of a state-changing function may render the function
* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
*/
function values(Bytes32Set storage set) internal view returns (bytes32[] memory) {
return _values(set._inner);
}
// AddressSet
struct AddressSet {
Set _inner;
}
/**
* @dev Add a value to a set. O(1).
*
* Returns true if the value was added to the set, that is if it was not
* already present.
*/
function add(AddressSet storage set, address value) internal returns (bool) {
return _add(set._inner, bytes32(uint256(uint160(value))));
}
/**
* @dev Removes a value from a set. O(1).
*
* Returns true if the value was removed from the set, that is if it was
* present.
*/
function remove(AddressSet storage set, address value) internal returns (bool) {
return _remove(set._inner, bytes32(uint256(uint160(value))));
}
/**
* @dev Returns true if the value is in the set. O(1).
*/
function contains(AddressSet storage set, address value) internal view returns (bool) {
return _contains(set._inner, bytes32(uint256(uint160(value))));
}
/**
* @dev Returns the number of values in the set. O(1).
*/
function length(AddressSet storage set) internal view returns (uint256) {
return _length(set._inner);
}
/**
* @dev Returns the value stored at position `index` in the set. O(1).
*
* Note that there are no guarantees on the ordering of values inside the
* array, and it may change when more values are added or removed.
*
* Requirements:
*
* - `index` must be strictly less than {length}.
*/
function at(AddressSet storage set, uint256 index) internal view returns (address) {
return address(uint160(uint256(_at(set._inner, index))));
}
/**
* @dev Return the entire set in an array
*
* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
* this function has an unbounded cost, and using it as part of a state-changing function may render the function
* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
*/
function values(AddressSet storage set) internal view returns (address[] memory) {
bytes32[] memory store = _values(set._inner);
address[] memory result;
assembly {
result := store
}
return result;
}
// UintSet
struct UintSet {
Set _inner;
}
/**
* @dev Add a value to a set. O(1).
*
* Returns true if the value was added to the set, that is if it was not
* already present.
*/
function add(UintSet storage set, uint256 value) internal returns (bool) {
return _add(set._inner, bytes32(value));
}
/**
* @dev Removes a value from a set. O(1).
*
* Returns true if the value was removed from the set, that is if it was
* present.
*/
function remove(UintSet storage set, uint256 value) internal returns (bool) {
return _remove(set._inner, bytes32(value));
}
/**
* @dev Returns true if the value is in the set. O(1).
*/
function contains(UintSet storage set, uint256 value) internal view returns (bool) {
return _contains(set._inner, bytes32(value));
}
/**
* @dev Returns the number of values on the set. O(1).
*/
function length(UintSet storage set) internal view returns (uint256) {
return _length(set._inner);
}
/**
* @dev Returns the value stored at position `index` in the set. O(1).
*
* Note that there are no guarantees on the ordering of values inside the
* array, and it may change when more values are added or removed.
*
* Requirements:
*
* - `index` must be strictly less than {length}.
*/
function at(UintSet storage set, uint256 index) internal view returns (uint256) {
return uint256(_at(set._inner, index));
}
/**
* @dev Return the entire set in an array
*
* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
* this function has an unbounded cost, and using it as part of a state-changing function may render the function
* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
*/
function values(UintSet storage set) internal view returns (uint256[] memory) {
bytes32[] memory store = _values(set._inner);
uint256[] memory result;
assembly {
result := store
}
return result;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/structs/BitMaps.sol)
pragma solidity ^0.8.0;
/**
* @dev Library for managing uint256 to bool mapping in a compact and efficient way, providing the keys are sequential.
* Largelly inspired by Uniswap's https://github.com/Uniswap/merkle-distributor/blob/master/contracts/MerkleDistributor.sol[merkle-distributor].
*/
library BitMaps {
struct BitMap {
mapping(uint256 => uint256) _data;
}
/**
* @dev Returns whether the bit at `index` is set.
*/
function get(BitMap storage bitmap, uint256 index) internal view returns (bool) {
uint256 bucket = index >> 8;
uint256 mask = 1 << (index & 0xff);
return bitmap._data[bucket] & mask != 0;
}
/**
* @dev Sets the bit at `index` to the boolean `value`.
*/
function setTo(
BitMap storage bitmap,
uint256 index,
bool value
) internal {
if (value) {
set(bitmap, index);
} else {
unset(bitmap, index);
}
}
/**
* @dev Sets the bit at `index`.
*/
function set(BitMap storage bitmap, uint256 index) internal {
uint256 bucket = index >> 8;
uint256 mask = 1 << (index & 0xff);
bitmap._data[bucket] |= mask;
}
/**
* @dev Unsets the bit at `index`.
*/
function unset(BitMap storage bitmap, uint256 index) internal {
uint256 bucket = index >> 8;
uint256 mask = 1 << (index & 0xff);
bitmap._data[bucket] &= ~mask;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (utils/math/Math.sol)
pragma solidity ^0.8.0;
/**
* @dev Standard math utilities missing in the Solidity language.
*/
library Math {
/**
* @dev Returns the largest of two numbers.
*/
function max(uint256 a, uint256 b) internal pure returns (uint256) {
return a >= b ? a : b;
}
/**
* @dev Returns the smallest of two numbers.
*/
function min(uint256 a, uint256 b) internal pure returns (uint256) {
return a < b ? a : b;
}
/**
* @dev Returns the average of two numbers. The result is rounded towards
* zero.
*/
function average(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b) / 2 can overflow.
return (a & b) + (a ^ b) / 2;
}
/**
* @dev Returns the ceiling of the division of two numbers.
*
* This differs from standard division with `/` in that it rounds up instead
* of rounding down.
*/
function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b - 1) / b can overflow on addition, so we distribute.
return a / b + (a % b == 0 ? 0 : 1);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/introspection/IERC165.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC165 standard, as defined in the
* https://eips.ethereum.org/EIPS/eip-165[EIP].
*
* Implementers can declare support of contract interfaces, which can then be
* queried by others ({ERC165Checker}).
*
* For an implementation, see {ERC165}.
*/
interface IERC165 {
/**
* @dev Returns true if this contract implements the interface defined by
* `interfaceId`. See the corresponding
* https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[EIP section]
* to learn more about how these ids are created.
*
* This function call must use less than 30 000 gas.
*/
function supportsInterface(bytes4 interfaceId) external view returns (bool);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/introspection/ERC165.sol)
pragma solidity ^0.8.0;
import "./IERC165.sol";
/**
* @dev Implementation of the {IERC165} interface.
*
* Contracts that want to implement ERC165 should inherit from this contract and override {supportsInterface} to check
* for the additional interface id that will be supported. For example:
*
* ```solidity
* function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
* return interfaceId == type(MyInterface).interfaceId || super.supportsInterface(interfaceId);
* }
* ```
*
* Alternatively, {ERC165Storage} provides an easier to use but more expensive implementation.
*/
abstract contract ERC165 is IERC165 {
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return interfaceId == type(IERC165).interfaceId;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (utils/cryptography/ECDSA.sol)
pragma solidity ^0.8.0;
import "../Strings.sol";
/**
* @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.
*
* These functions can be used to verify that a message was signed by the holder
* of the private keys of a given address.
*/
library ECDSA {
enum RecoverError {
NoError,
InvalidSignature,
InvalidSignatureLength,
InvalidSignatureS,
InvalidSignatureV
}
function _throwError(RecoverError error) private pure {
if (error == RecoverError.NoError) {
return; // no error: do nothing
} else if (error == RecoverError.InvalidSignature) {
revert("ECDSA: invalid signature");
} else if (error == RecoverError.InvalidSignatureLength) {
revert("ECDSA: invalid signature length");
} else if (error == RecoverError.InvalidSignatureS) {
revert("ECDSA: invalid signature 's' value");
} else if (error == RecoverError.InvalidSignatureV) {
revert("ECDSA: invalid signature 'v' value");
}
}
/**
* @dev Returns the address that signed a hashed message (`hash`) with
* `signature` or error string. This address can then be used for verification purposes.
*
* The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:
* this function rejects them by requiring the `s` value to be in the lower
* half order, and the `v` value to be either 27 or 28.
*
* IMPORTANT: `hash` _must_ be the result of a hash operation for the
* verification to be secure: it is possible to craft signatures that
* recover to arbitrary addresses for non-hashed data. A safe way to ensure
* this is by receiving a hash of the original message (which may otherwise
* be too long), and then calling {toEthSignedMessageHash} on it.
*
* Documentation for signature generation:
* - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]
* - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]
*
* _Available since v4.3._
*/
function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError) {
// Check the signature length
// - case 65: r,s,v signature (standard)
// - case 64: r,vs signature (cf https://eips.ethereum.org/EIPS/eip-2098) _Available since v4.1._
if (signature.length == 65) {
bytes32 r;
bytes32 s;
uint8 v;
// ecrecover takes the signature parameters, and the only way to get them
// currently is to use assembly.
assembly {
r := mload(add(signature, 0x20))
s := mload(add(signature, 0x40))
v := byte(0, mload(add(signature, 0x60)))
}
return tryRecover(hash, v, r, s);
} else if (signature.length == 64) {
bytes32 r;
bytes32 vs;
// ecrecover takes the signature parameters, and the only way to get them
// currently is to use assembly.
assembly {
r := mload(add(signature, 0x20))
vs := mload(add(signature, 0x40))
}
return tryRecover(hash, r, vs);
} else {
return (address(0), RecoverError.InvalidSignatureLength);
}
}
/**
* @dev Returns the address that signed a hashed message (`hash`) with
* `signature`. This address can then be used for verification purposes.
*
* The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:
* this function rejects them by requiring the `s` value to be in the lower
* half order, and the `v` value to be either 27 or 28.
*
* IMPORTANT: `hash` _must_ be the result of a hash operation for the
* verification to be secure: it is possible to craft signatures that
* recover to arbitrary addresses for non-hashed data. A safe way to ensure
* this is by receiving a hash of the original message (which may otherwise
* be too long), and then calling {toEthSignedMessageHash} on it.
*/
function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {
(address recovered, RecoverError error) = tryRecover(hash, signature);
_throwError(error);
return recovered;
}
/**
* @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.
*
* See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures]
*
* _Available since v4.3._
*/
function tryRecover(
bytes32 hash,
bytes32 r,
bytes32 vs
) internal pure returns (address, RecoverError) {
bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);
uint8 v = uint8((uint256(vs) >> 255) + 27);
return tryRecover(hash, v, r, s);
}
/**
* @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.
*
* _Available since v4.2._
*/
function recover(
bytes32 hash,
bytes32 r,
bytes32 vs
) internal pure returns (address) {
(address recovered, RecoverError error) = tryRecover(hash, r, vs);
_throwError(error);
return recovered;
}
/**
* @dev Overload of {ECDSA-tryRecover} that receives the `v`,
* `r` and `s` signature fields separately.
*
* _Available since v4.3._
*/
function tryRecover(
bytes32 hash,
uint8 v,
bytes32 r,
bytes32 s
) internal pure returns (address, RecoverError) {
// EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature
// unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
// the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most
// signatures from current libraries generate a unique signature with an s-value in the lower half order.
//
// If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value
// with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or
// vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept
// these malleable signatures as well.
if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
return (address(0), RecoverError.InvalidSignatureS);
}
if (v != 27 && v != 28) {
return (address(0), RecoverError.InvalidSignatureV);
}
// If the signature is valid (and not malleable), return the signer address
address signer = ecrecover(hash, v, r, s);
if (signer == address(0)) {
return (address(0), RecoverError.InvalidSignature);
}
return (signer, RecoverError.NoError);
}
/**
* @dev Overload of {ECDSA-recover} that receives the `v`,
* `r` and `s` signature fields separately.
*/
function recover(
bytes32 hash,
uint8 v,
bytes32 r,
bytes32 s
) internal pure returns (address) {
(address recovered, RecoverError error) = tryRecover(hash, v, r, s);
_throwError(error);
return recovered;
}
/**
* @dev Returns an Ethereum Signed Message, created from a `hash`. This
* produces hash corresponding to the one signed with the
* https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]
* JSON-RPC method as part of EIP-191.
*
* See {recover}.
*/
function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32) {
// 32 is the length in bytes of hash,
// enforced by the type signature above
return keccak256(abi.encodePacked("\\x19Ethereum Signed Message:\
32", hash));
}
/**
* @dev Returns an Ethereum Signed Message, created from `s`. This
* produces hash corresponding to the one signed with the
* https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]
* JSON-RPC method as part of EIP-191.
*
* See {recover}.
*/
function toEthSignedMessageHash(bytes memory s) internal pure returns (bytes32) {
return keccak256(abi.encodePacked("\\x19Ethereum Signed Message:\
", Strings.toString(s.length), s));
}
/**
* @dev Returns an Ethereum Signed Typed Data, created from a
* `domainSeparator` and a `structHash`. This produces hash corresponding
* to the one signed with the
* https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`]
* JSON-RPC method as part of EIP-712.
*
* See {recover}.
*/
function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32) {
return keccak256(abi.encodePacked("\\x19\\x01", domainSeparator, structHash));
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/Strings.sol)
pragma solidity ^0.8.0;
/**
* @dev String operations.
*/
library Strings {
bytes16 private constant _HEX_SYMBOLS = "0123456789abcdef";
/**
* @dev Converts a `uint256` to its ASCII `string` decimal representation.
*/
function toString(uint256 value) internal pure returns (string memory) {
// Inspired by OraclizeAPI's implementation - MIT licence
// https://github.com/oraclize/ethereum-api/blob/b42146b063c7d6ee1358846c198246239e9360e8/oraclizeAPI_0.4.25.sol
if (value == 0) {
return "0";
}
uint256 temp = value;
uint256 digits;
while (temp != 0) {
digits++;
temp /= 10;
}
bytes memory buffer = new bytes(digits);
while (value != 0) {
digits -= 1;
buffer[digits] = bytes1(uint8(48 + uint256(value % 10)));
value /= 10;
}
return string(buffer);
}
/**
* @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.
*/
function toHexString(uint256 value) internal pure returns (string memory) {
if (value == 0) {
return "0x00";
}
uint256 temp = value;
uint256 length = 0;
while (temp != 0) {
length++;
temp >>= 8;
}
return toHexString(value, length);
}
/**
* @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.
*/
function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {
bytes memory buffer = new bytes(2 * length + 2);
buffer[0] = "0";
buffer[1] = "x";
for (uint256 i = 2 * length + 1; i > 1; --i) {
buffer[i] = _HEX_SYMBOLS[value & 0xf];
value >>= 4;
}
require(value == 0, "Strings: hex length insufficient");
return string(buffer);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)
pragma solidity ^0.8.0;
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract Context {
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (utils/Address.sol)
pragma solidity ^0.8.1;
/**
* @dev Collection of functions related to the address type
*/
library Address {
/**
* @dev Returns true if `account` is a contract.
*
* [IMPORTANT]
* ====
* It is unsafe to assume that an address for which this function returns
* false is an externally-owned account (EOA) and not a contract.
*
* Among others, `isContract` will return false for the following
* types of addresses:
*
* - an externally-owned account
* - a contract in construction
* - an address where a contract will be created
* - an address where a contract lived, but was destroyed
* ====
*
* [IMPORTANT]
* ====
* You shouldn't rely on `isContract` to protect against flash loan attacks!
*
* Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
* like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
* constructor.
* ====
*/
function isContract(address account) internal view returns (bool) {
// This method relies on extcodesize/address.code.length, which returns 0
// for contracts in construction, since the code is only stored at the end
// of the constructor execution.
return account.code.length > 0;
}
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
require(address(this).balance >= amount, "Address: insufficient balance");
(bool success, ) = recipient.call{value: amount}("");
require(success, "Address: unable to send value, recipient may have reverted");
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason, it is bubbled up by this
* function (like regular Solidity function calls).
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*
* _Available since v3.1._
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCall(target, data, "Address: low-level call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
* `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value
) internal returns (bytes memory) {
return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
}
/**
* @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
* with `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value,
string memory errorMessage
) internal returns (bytes memory) {
require(address(this).balance >= value, "Address: insufficient balance for call");
require(isContract(target), "Address: call to non-contract");
(bool success, bytes memory returndata) = target.call{value: value}(data);
return verifyCallResult(success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
return functionStaticCall(target, data, "Address: low-level static call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(
address target,
bytes memory data,
string memory errorMessage
) internal view returns (bytes memory) {
require(isContract(target), "Address: static call to non-contract");
(bool success, bytes memory returndata) = target.staticcall(data);
return verifyCallResult(success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
return functionDelegateCall(target, data, "Address: low-level delegate call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
require(isContract(target), "Address: delegate call to non-contract");
(bool success, bytes memory returndata) = target.delegatecall(data);
return verifyCallResult(success, returndata, errorMessage);
}
/**
* @dev Tool to verifies that a low level call was successful, and revert if it wasn't, either by bubbling the
* revert reason using the provided one.
*
* _Available since v4.3._
*/
function verifyCallResult(
bool success,
bytes memory returndata,
string memory errorMessage
) internal pure returns (bytes memory) {
if (success) {
return returndata;
} else {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert(errorMessage);
}
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (token/common/ERC2981.sol)
pragma solidity ^0.8.0;
import "../../interfaces/IERC2981.sol";
import "../../utils/introspection/ERC165.sol";
/**
* @dev Implementation of the NFT Royalty Standard, a standardized way to retrieve royalty payment information.
*
* Royalty information can be specified globally for all token ids via {_setDefaultRoyalty}, and/or individually for
* specific token ids via {_setTokenRoyalty}. The latter takes precedence over the first.
*
* Royalty is specified as a fraction of sale price. {_feeDenominator} is overridable but defaults to 10000, meaning the
* fee is specified in basis points by default.
*
* IMPORTANT: ERC-2981 only specifies a way to signal royalty information and does not enforce its payment. See
* https://eips.ethereum.org/EIPS/eip-2981#optional-royalty-payments[Rationale] in the EIP. Marketplaces are expected to
* voluntarily pay royalties together with sales, but note that this standard is not yet widely supported.
*
* _Available since v4.5._
*/
abstract contract ERC2981 is IERC2981, ERC165 {
struct RoyaltyInfo {
address receiver;
uint96 royaltyFraction;
}
RoyaltyInfo private _defaultRoyaltyInfo;
mapping(uint256 => RoyaltyInfo) private _tokenRoyaltyInfo;
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override(IERC165, ERC165) returns (bool) {
return interfaceId == type(IERC2981).interfaceId || super.supportsInterface(interfaceId);
}
/**
* @inheritdoc IERC2981
*/
function royaltyInfo(uint256 _tokenId, uint256 _salePrice)
external
view
virtual
override
returns (address, uint256)
{
RoyaltyInfo memory royalty = _tokenRoyaltyInfo[_tokenId];
if (royalty.receiver == address(0)) {
royalty = _defaultRoyaltyInfo;
}
uint256 royaltyAmount = (_salePrice * royalty.royaltyFraction) / _feeDenominator();
return (royalty.receiver, royaltyAmount);
}
/**
* @dev The denominator with which to interpret the fee set in {_setTokenRoyalty} and {_setDefaultRoyalty} as a
* fraction of the sale price. Defaults to 10000 so fees are expressed in basis points, but may be customized by an
* override.
*/
function _feeDenominator() internal pure virtual returns (uint96) {
return 10000;
}
/**
* @dev Sets the royalty information that all ids in this contract will default to.
*
* Requirements:
*
* - `receiver` cannot be the zero address.
* - `feeNumerator` cannot be greater than the fee denominator.
*/
function _setDefaultRoyalty(address receiver, uint96 feeNumerator) internal virtual {
require(feeNumerator <= _feeDenominator(), "ERC2981: royalty fee will exceed salePrice");
require(receiver != address(0), "ERC2981: invalid receiver");
_defaultRoyaltyInfo = RoyaltyInfo(receiver, feeNumerator);
}
/**
* @dev Removes default royalty information.
*/
function _deleteDefaultRoyalty() internal virtual {
delete _defaultRoyaltyInfo;
}
/**
* @dev Sets the royalty information for a specific token id, overriding the global default.
*
* Requirements:
*
* - `tokenId` must be already minted.
* - `receiver` cannot be the zero address.
* - `feeNumerator` cannot be greater than the fee denominator.
*/
function _setTokenRoyalty(
uint256 tokenId,
address receiver,
uint96 feeNumerator
) internal virtual {
require(feeNumerator <= _feeDenominator(), "ERC2981: royalty fee will exceed salePrice");
require(receiver != address(0), "ERC2981: Invalid parameters");
_tokenRoyaltyInfo[tokenId] = RoyaltyInfo(receiver, feeNumerator);
}
/**
* @dev Resets royalty information for the token id back to the global default.
*/
function _resetTokenRoyalty(uint256 tokenId) internal virtual {
delete _tokenRoyaltyInfo[tokenId];
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (token/ERC721/extensions/IERC721Metadata.sol)
pragma solidity ^0.8.0;
import "../IERC721.sol";
/**
* @title ERC-721 Non-Fungible Token Standard, optional metadata extension
* @dev See https://eips.ethereum.org/EIPS/eip-721
*/
interface IERC721Metadata is IERC721 {
/**
* @dev Returns the token collection name.
*/
function name() external view returns (string memory);
/**
* @dev Returns the token collection symbol.
*/
function symbol() external view returns (string memory);
/**
* @dev Returns the Uniform Resource Identifier (URI) for `tokenId` token.
*/
function tokenURI(uint256 tokenId) external view returns (string memory);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (token/ERC721/IERC721Receiver.sol)
pragma solidity ^0.8.0;
/**
* @title ERC721 token receiver interface
* @dev Interface for any contract that wants to support safeTransfers
* from ERC721 asset contracts.
*/
interface IERC721Receiver {
/**
* @dev Whenever an {IERC721} `tokenId` token is transferred to this contract via {IERC721-safeTransferFrom}
* by `operator` from `from`, this function is called.
*
* It must return its Solidity selector to confirm the token transfer.
* If any other value is returned or the interface is not implemented by the recipient, the transfer will be reverted.
*
* The selector can be obtained in Solidity with `IERC721.onERC721Received.selector`.
*/
function onERC721Received(
address operator,
address from,
uint256 tokenId,
bytes calldata data
) external returns (bytes4);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (token/ERC721/IERC721.sol)
pragma solidity ^0.8.0;
import "../../utils/introspection/IERC165.sol";
/**
* @dev Required interface of an ERC721 compliant contract.
*/
interface IERC721 is IERC165 {
/**
* @dev Emitted when `tokenId` token is transferred from `from` to `to`.
*/
event Transfer(address indexed from, address indexed to, uint256 indexed tokenId);
/**
* @dev Emitted when `owner` enables `approved` to manage the `tokenId` token.
*/
event Approval(address indexed owner, address indexed approved, uint256 indexed tokenId);
/**
* @dev Emitted when `owner` enables or disables (`approved`) `operator` to manage all of its assets.
*/
event ApprovalForAll(address indexed owner, address indexed operator, bool approved);
/**
* @dev Returns the number of tokens in ``owner``'s account.
*/
function balanceOf(address owner) external view returns (uint256 balance);
/**
* @dev Returns the owner of the `tokenId` token.
*
* Requirements:
*
* - `tokenId` must exist.
*/
function ownerOf(uint256 tokenId) external view returns (address owner);
/**
* @dev Safely transfers `tokenId` token from `from` to `to`, checking first that contract recipients
* are aware of the ERC721 protocol to prevent tokens from being forever locked.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must exist and be owned by `from`.
* - If the caller is not `from`, it must be have been allowed to move this token by either {approve} or {setApprovalForAll}.
* - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.
*
* Emits a {Transfer} event.
*/
function safeTransferFrom(
address from,
address to,
uint256 tokenId
) external;
/**
* @dev Transfers `tokenId` token from `from` to `to`.
*
* WARNING: Usage of this method is discouraged, use {safeTransferFrom} whenever possible.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must be owned by `from`.
* - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}.
*
* Emits a {Transfer} event.
*/
function transferFrom(
address from,
address to,
uint256 tokenId
) external;
/**
* @dev Gives permission to `to` to transfer `tokenId` token to another account.
* The approval is cleared when the token is transferred.
*
* Only a single account can be approved at a time, so approving the zero address clears previous approvals.
*
* Requirements:
*
* - The caller must own the token or be an approved operator.
* - `tokenId` must exist.
*
* Emits an {Approval} event.
*/
function approve(address to, uint256 tokenId) external;
/**
* @dev Returns the account approved for `tokenId` token.
*
* Requirements:
*
* - `tokenId` must exist.
*/
function getApproved(uint256 tokenId) external view returns (address operator);
/**
* @dev Approve or remove `operator` as an operator for the caller.
* Operators can call {transferFrom} or {safeTransferFrom} for any token owned by the caller.
*
* Requirements:
*
* - The `operator` cannot be the caller.
*
* Emits an {ApprovalForAll} event.
*/
function setApprovalForAll(address operator, bool _approved) external;
/**
* @dev Returns if the `operator` is allowed to manage all of the assets of `owner`.
*
* See {setApprovalForAll}
*/
function isApprovedForAll(address owner, address operator) external view returns (bool);
/**
* @dev Safely transfers `tokenId` token from `from` to `to`.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must exist and be owned by `from`.
* - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}.
* - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.
*
* Emits a {Transfer} event.
*/
function safeTransferFrom(
address from,
address to,
uint256 tokenId,
bytes calldata data
) external;
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (security/ReentrancyGuard.sol)
pragma solidity ^0.8.0;
/**
* @dev Contract module that helps prevent reentrant calls to a function.
*
* Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier
* available, which can be applied to functions to make sure there are no nested
* (reentrant) calls to them.
*
* Note that because there is a single `nonReentrant` guard, functions marked as
* `nonReentrant` may not call one another. This can be worked around by making
* those functions `private`, and then adding `external` `nonReentrant` entry
* points to them.
*
* TIP: If you would like to learn more about reentrancy and alternative ways
* to protect against it, check out our blog post
* https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul].
*/
abstract contract ReentrancyGuard {
// Booleans are more expensive than uint256 or any type that takes up a full
// word because each write operation emits an extra SLOAD to first read the
// slot's contents, replace the bits taken up by the boolean, and then write
// back. This is the compiler's defense against contract upgrades and
// pointer aliasing, and it cannot be disabled.
// The values being non-zero value makes deployment a bit more expensive,
// but in exchange the refund on every call to nonReentrant will be lower in
// amount. Since refunds are capped to a percentage of the total
// transaction's gas, it is best to keep them low in cases like this one, to
// increase the likelihood of the full refund coming into effect.
uint256 private constant _NOT_ENTERED = 1;
uint256 private constant _ENTERED = 2;
uint256 private _status;
constructor() {
_status = _NOT_ENTERED;
}
/**
* @dev Prevents a contract from calling itself, directly or indirectly.
* Calling a `nonReentrant` function from another `nonReentrant`
* function is not supported. It is possible to prevent this from happening
* by making the `nonReentrant` function external, and making it call a
* `private` function that does the actual work.
*/
modifier nonReentrant() {
// On the first call to nonReentrant, _notEntered will be true
require(_status != _ENTERED, "ReentrancyGuard: reentrant call");
// Any calls to nonReentrant after this point will fail
_status = _ENTERED;
_;
// By storing the original value once again, a refund is triggered (see
// https://eips.ethereum.org/EIPS/eip-2200)
_status = _NOT_ENTERED;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (security/Pausable.sol)
pragma solidity ^0.8.0;
import "../utils/Context.sol";
/**
* @dev Contract module which allows children to implement an emergency stop
* mechanism that can be triggered by an authorized account.
*
* This module is used through inheritance. It will make available the
* modifiers `whenNotPaused` and `whenPaused`, which can be applied to
* the functions of your contract. Note that they will not be pausable by
* simply including this module, only once the modifiers are put in place.
*/
abstract contract Pausable is Context {
/**
* @dev Emitted when the pause is triggered by `account`.
*/
event Paused(address account);
/**
* @dev Emitted when the pause is lifted by `account`.
*/
event Unpaused(address account);
bool private _paused;
/**
* @dev Initializes the contract in unpaused state.
*/
constructor() {
_paused = false;
}
/**
* @dev Returns true if the contract is paused, and false otherwise.
*/
function paused() public view virtual returns (bool) {
return _paused;
}
/**
* @dev Modifier to make a function callable only when the contract is not paused.
*
* Requirements:
*
* - The contract must not be paused.
*/
modifier whenNotPaused() {
require(!paused(), "Pausable: paused");
_;
}
/**
* @dev Modifier to make a function callable only when the contract is paused.
*
* Requirements:
*
* - The contract must be paused.
*/
modifier whenPaused() {
require(paused(), "Pausable: not paused");
_;
}
/**
* @dev Triggers stopped state.
*
* Requirements:
*
* - The contract must not be paused.
*/
function _pause() internal virtual whenNotPaused {
_paused = true;
emit Paused(_msgSender());
}
/**
* @dev Returns to normal state.
*
* Requirements:
*
* - The contract must be paused.
*/
function _unpause() internal virtual whenPaused {
_paused = false;
emit Unpaused(_msgSender());
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (interfaces/IERC721.sol)
pragma solidity ^0.8.0;
import "../token/ERC721/IERC721.sol";
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (interfaces/IERC2981.sol)
pragma solidity ^0.8.0;
import "./IERC165.sol";
/**
* @dev Interface for the NFT Royalty Standard.
*
* A standardized way to retrieve royalty payment information for non-fungible tokens (NFTs) to enable universal
* support for royalty payments across all NFT marketplaces and ecosystem participants.
*
* _Available since v4.5._
*/
interface IERC2981 is IERC165 {
/**
* @dev Returns how much royalty is owed and to whom, based on a sale price that may be denominated in any unit of
* exchange. The royalty amount is denominated and should be payed in that same unit of exchange.
*/
function royaltyInfo(uint256 tokenId, uint256 salePrice)
external
view
returns (address receiver, uint256 royaltyAmount);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (interfaces/IERC165.sol)
pragma solidity ^0.8.0;
import "../utils/introspection/IERC165.sol";
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (access/Ownable.sol)
pragma solidity ^0.8.0;
import "../utils/Context.sol";
/**
* @dev Contract module which provides a basic access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* By default, the owner account will be the one that deploys the contract. This
* can later be changed with {transferOwnership}.
*
* This module is used through inheritance. It will make available the modifier
* `onlyOwner`, which can be applied to your functions to restrict their use to
* the owner.
*/
abstract contract Ownable is Context {
address private _owner;
event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
/**
* @dev Initializes the contract setting the deployer as the initial owner.
*/
constructor() {
_transferOwnership(_msgSender());
}
/**
* @dev Returns the address of the current owner.
*/
function owner() public view virtual returns (address) {
return _owner;
}
/**
* @dev Throws if called by any account other than the owner.
*/
modifier onlyOwner() {
require(owner() == _msgSender(), "Ownable: caller is not the owner");
_;
}
/**
* @dev Leaves the contract without owner. It will not be possible to call
* `onlyOwner` functions anymore. Can only be called by the current owner.
*
* NOTE: Renouncing ownership will leave the contract without an owner,
* thereby removing any functionality that is only available to the owner.
*/
function renounceOwnership() public virtual onlyOwner {
_transferOwnership(address(0));
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Can only be called by the current owner.
*/
function transferOwnership(address newOwner) public virtual onlyOwner {
require(newOwner != address(0), "Ownable: new owner is the zero address");
_transferOwnership(newOwner);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Internal function without access restriction.
*/
function _transferOwnership(address newOwner) internal virtual {
address oldOwner = _owner;
_owner = newOwner;
emit OwnershipTransferred(oldOwner, newOwner);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (access/IAccessControlEnumerable.sol)
pragma solidity ^0.8.0;
import "./IAccessControl.sol";
/**
* @dev External interface of AccessControlEnumerable declared to support ERC165 detection.
*/
interface IAccessControlEnumerable is IAccessControl {
/**
* @dev Returns one of the accounts that have `role`. `index` must be a
* value between 0 and {getRoleMemberCount}, non-inclusive.
*
* Role bearers are not sorted in any particular way, and their ordering may
* change at any point.
*
* WARNING: When using {getRoleMember} and {getRoleMemberCount}, make sure
* you perform all queries on the same block. See the following
* https://forum.openzeppelin.com/t/iterating-over-elements-on-enumerableset-in-openzeppelin-contracts/2296[forum post]
* for more information.
*/
function getRoleMember(bytes32 role, uint256 index) external view returns (address);
/**
* @dev Returns the number of accounts that have `role`. Can be used
* together with {getRoleMember} to enumerate all bearers of a role.
*/
function getRoleMemberCount(bytes32 role) external view returns (uint256);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (access/IAccessControl.sol)
pragma solidity ^0.8.0;
/**
* @dev External interface of AccessControl declared to support ERC165 detection.
*/
interface IAccessControl {
/**
* @dev Emitted when `newAdminRole` is set as ``role``'s admin role, replacing `previousAdminRole`
*
* `DEFAULT_ADMIN_ROLE` is the starting admin for all roles, despite
* {RoleAdminChanged} not being emitted signaling this.
*
* _Available since v3.1._
*/
event RoleAdminChanged(bytes32 indexed role, bytes32 indexed previousAdminRole, bytes32 indexed newAdminRole);
/**
* @dev Emitted when `account` is granted `role`.
*
* `sender` is the account that originated the contract call, an admin role
* bearer except when using {AccessControl-_setupRole}.
*/
event RoleGranted(bytes32 indexed role, address indexed account, address indexed sender);
/**
* @dev Emitted when `account` is revoked `role`.
*
* `sender` is the account that originated the contract call:
* - if using `revokeRole`, it is the admin role bearer
* - if using `renounceRole`, it is the role bearer (i.e. `account`)
*/
event RoleRevoked(bytes32 indexed role, address indexed account, address indexed sender);
/**
* @dev Returns `true` if `account` has been granted `role`.
*/
function hasRole(bytes32 role, address account) external view returns (bool);
/**
* @dev Returns the admin role that controls `role`. See {grantRole} and
* {revokeRole}.
*
* To change a role's admin, use {AccessControl-_setRoleAdmin}.
*/
function getRoleAdmin(bytes32 role) external view returns (bytes32);
/**
* @dev Grants `role` to `account`.
*
* If `account` had not been already granted `role`, emits a {RoleGranted}
* event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*/
function grantRole(bytes32 role, address account) external;
/**
* @dev Revokes `role` from `account`.
*
* If `account` had been granted `role`, emits a {RoleRevoked} event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*/
function revokeRole(bytes32 role, address account) external;
/**
* @dev Revokes `role` from the calling account.
*
* Roles are often managed via {grantRole} and {revokeRole}: this function's
* purpose is to provide a mechanism for accounts to lose their privileges
* if they are compromised (such as when a trusted device is misplaced).
*
* If the calling account had been granted `role`, emits a {RoleRevoked}
* event.
*
* Requirements:
*
* - the caller must be `account`.
*/
function renounceRole(bytes32 role, address account) external;
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (access/AccessControlEnumerable.sol)
pragma solidity ^0.8.0;
import "./IAccessControlEnumerable.sol";
import "./AccessControl.sol";
import "../utils/structs/EnumerableSet.sol";
/**
* @dev Extension of {AccessControl} that allows enumerating the members of each role.
*/
abstract contract AccessControlEnumerable is IAccessControlEnumerable, AccessControl {
using EnumerableSet for EnumerableSet.AddressSet;
mapping(bytes32 => EnumerableSet.AddressSet) private _roleMembers;
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return interfaceId == type(IAccessControlEnumerable).interfaceId || super.supportsInterface(interfaceId);
}
/**
* @dev Returns one of the accounts that have `role`. `index` must be a
* value between 0 and {getRoleMemberCount}, non-inclusive.
*
* Role bearers are not sorted in any particular way, and their ordering may
* change at any point.
*
* WARNING: When using {getRoleMember} and {getRoleMemberCount}, make sure
* you perform all queries on the same block. See the following
* https://forum.openzeppelin.com/t/iterating-over-elements-on-enumerableset-in-openzeppelin-contracts/2296[forum post]
* for more information.
*/
function getRoleMember(bytes32 role, uint256 index) public view virtual override returns (address) {
return _roleMembers[role].at(index);
}
/**
* @dev Returns the number of accounts that have `role`. Can be used
* together with {getRoleMember} to enumerate all bearers of a role.
*/
function getRoleMemberCount(bytes32 role) public view virtual override returns (uint256) {
return _roleMembers[role].length();
}
/**
* @dev Overload {_grantRole} to track enumerable memberships
*/
function _grantRole(bytes32 role, address account) internal virtual override {
super._grantRole(role, account);
_roleMembers[role].add(account);
}
/**
* @dev Overload {_revokeRole} to track enumerable memberships
*/
function _revokeRole(bytes32 role, address account) internal virtual override {
super._revokeRole(role, account);
_roleMembers[role].remove(account);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (access/AccessControl.sol)
pragma solidity ^0.8.0;
import "./IAccessControl.sol";
import "../utils/Context.sol";
import "../utils/Strings.sol";
import "../utils/introspection/ERC165.sol";
/**
* @dev Contract module that allows children to implement role-based access
* control mechanisms. This is a lightweight version that doesn't allow enumerating role
* members except through off-chain means by accessing the contract event logs. Some
* applications may benefit from on-chain enumerability, for those cases see
* {AccessControlEnumerable}.
*
* Roles are referred to by their `bytes32` identifier. These should be exposed
* in the external API and be unique. The best way to achieve this is by
* using `public constant` hash digests:
*
* ```
* bytes32 public constant MY_ROLE = keccak256("MY_ROLE");
* ```
*
* Roles can be used to represent a set of permissions. To restrict access to a
* function call, use {hasRole}:
*
* ```
* function foo() public {
* require(hasRole(MY_ROLE, msg.sender));
* ...
* }
* ```
*
* Roles can be granted and revoked dynamically via the {grantRole} and
* {revokeRole} functions. Each role has an associated admin role, and only
* accounts that have a role's admin role can call {grantRole} and {revokeRole}.
*
* By default, the admin role for all roles is `DEFAULT_ADMIN_ROLE`, which means
* that only accounts with this role will be able to grant or revoke other
* roles. More complex role relationships can be created by using
* {_setRoleAdmin}.
*
* WARNING: The `DEFAULT_ADMIN_ROLE` is also its own admin: it has permission to
* grant and revoke this role. Extra precautions should be taken to secure
* accounts that have been granted it.
*/
abstract contract AccessControl is Context, IAccessControl, ERC165 {
struct RoleData {
mapping(address => bool) members;
bytes32 adminRole;
}
mapping(bytes32 => RoleData) private _roles;
bytes32 public constant DEFAULT_ADMIN_ROLE = 0x00;
/**
* @dev Modifier that checks that an account has a specific role. Reverts
* with a standardized message including the required role.
*
* The format of the revert reason is given by the following regular expression:
*
* /^AccessControl: account (0x[0-9a-f]{40}) is missing role (0x[0-9a-f]{64})$/
*
* _Available since v4.1._
*/
modifier onlyRole(bytes32 role) {
_checkRole(role, _msgSender());
_;
}
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return interfaceId == type(IAccessControl).interfaceId || super.supportsInterface(interfaceId);
}
/**
* @dev Returns `true` if `account` has been granted `role`.
*/
function hasRole(bytes32 role, address account) public view virtual override returns (bool) {
return _roles[role].members[account];
}
/**
* @dev Revert with a standard message if `account` is missing `role`.
*
* The format of the revert reason is given by the following regular expression:
*
* /^AccessControl: account (0x[0-9a-f]{40}) is missing role (0x[0-9a-f]{64})$/
*/
function _checkRole(bytes32 role, address account) internal view virtual {
if (!hasRole(role, account)) {
revert(
string(
abi.encodePacked(
"AccessControl: account ",
Strings.toHexString(uint160(account), 20),
" is missing role ",
Strings.toHexString(uint256(role), 32)
)
)
);
}
}
/**
* @dev Returns the admin role that controls `role`. See {grantRole} and
* {revokeRole}.
*
* To change a role's admin, use {_setRoleAdmin}.
*/
function getRoleAdmin(bytes32 role) public view virtual override returns (bytes32) {
return _roles[role].adminRole;
}
/**
* @dev Grants `role` to `account`.
*
* If `account` had not been already granted `role`, emits a {RoleGranted}
* event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*/
function grantRole(bytes32 role, address account) public virtual override onlyRole(getRoleAdmin(role)) {
_grantRole(role, account);
}
/**
* @dev Revokes `role` from `account`.
*
* If `account` had been granted `role`, emits a {RoleRevoked} event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*/
function revokeRole(bytes32 role, address account) public virtual override onlyRole(getRoleAdmin(role)) {
_revokeRole(role, account);
}
/**
* @dev Revokes `role` from the calling account.
*
* Roles are often managed via {grantRole} and {revokeRole}: this function's
* purpose is to provide a mechanism for accounts to lose their privileges
* if they are compromised (such as when a trusted device is misplaced).
*
* If the calling account had been revoked `role`, emits a {RoleRevoked}
* event.
*
* Requirements:
*
* - the caller must be `account`.
*/
function renounceRole(bytes32 role, address account) public virtual override {
require(account == _msgSender(), "AccessControl: can only renounce roles for self");
_revokeRole(role, account);
}
/**
* @dev Grants `role` to `account`.
*
* If `account` had not been already granted `role`, emits a {RoleGranted}
* event. Note that unlike {grantRole}, this function doesn't perform any
* checks on the calling account.
*
* [WARNING]
* ====
* This function should only be called from the constructor when setting
* up the initial roles for the system.
*
* Using this function in any other way is effectively circumventing the admin
* system imposed by {AccessControl}.
* ====
*
* NOTE: This function is deprecated in favor of {_grantRole}.
*/
function _setupRole(bytes32 role, address account) internal virtual {
_grantRole(role, account);
}
/**
* @dev Sets `adminRole` as ``role``'s admin role.
*
* Emits a {RoleAdminChanged} event.
*/
function _setRoleAdmin(bytes32 role, bytes32 adminRole) internal virtual {
bytes32 previousAdminRole = getRoleAdmin(role);
_roles[role].adminRole = adminRole;
emit RoleAdminChanged(role, previousAdminRole, adminRole);
}
/**
* @dev Grants `role` to `account`.
*
* Internal function without access restriction.
*/
function _grantRole(bytes32 role, address account) internal virtual {
if (!hasRole(role, account)) {
_roles[role].members[account] = true;
emit RoleGranted(role, account, _msgSender());
}
}
/**
* @dev Revokes `role` from `account`.
*
* Internal function without access restriction.
*/
function _revokeRole(bytes32 role, address account) internal virtual {
if (hasRole(role, account)) {
_roles[role].members[account] = false;
emit RoleRevoked(role, account, _msgSender());
}
}
}
// SPDX-License-Identifier: MIT
// Copyright (c) 2021 the ethier authors (github.com/divergencetech/ethier)
pragma solidity >=0.8.0 <0.9.0;
import "@openzeppelin/contracts/access/Ownable.sol";
import "@openzeppelin/contracts/security/Pausable.sol";
/// @notice A Pausable contract that can only be toggled by the Owner.
contract OwnerPausable is Ownable, Pausable {
/// @notice Pauses the contract.
function pause() public onlyOwner {
Pausable._pause();
}
/// @notice Unpauses the contract.
function unpause() public onlyOwner {
Pausable._unpause();
}
}
// SPDX-License-Identifier: MIT
// Copyright (c) 2021 the ethier authors (github.com/divergencetech/ethier)
pragma solidity >=0.8.0 <0.9.0;
/**
@notice Provides monotonic increasing and decreasing values, similar to
OpenZeppelin's Counter but (a) limited in direction, and (b) allowing for steps
> 1.
*/
library Monotonic {
/**
@notice Holds a value that can only increase.
@dev The internal value MUST NOT be accessed directly. Instead use current()
and add().
*/
struct Increaser {
uint256 value;
}
/// @notice Returns the current value of the Increaser.
function current(Increaser storage incr) internal view returns (uint256) {
return incr.value;
}
/// @notice Adds x to the Increaser's value.
function add(Increaser storage incr, uint256 x) internal {
incr.value += x;
}
/**
@notice Holds a value that can only decrease.
@dev The internal value MUST NOT be accessed directly. Instead use current()
and subtract().
*/
struct Decreaser {
uint256 value;
}
/// @notice Returns the current value of the Decreaser.
function current(Decreaser storage decr) internal view returns (uint256) {
return decr.value;
}
/// @notice Subtracts x from the Decreaser's value.
function subtract(Decreaser storage decr, uint256 x) internal {
decr.value -= x;
}
}
// SPDX-License-Identifier: MIT
// Copyright (c) 2021 the ethier authors (github.com/divergencetech/ethier)
pragma solidity >=0.8.0 <0.9.0;
/// @notice A minimal interface describing OpenSea's Wyvern proxy registry.
contract ProxyRegistry {
mapping(address => OwnableDelegateProxy) public proxies;
}
/**
@dev This pattern of using an empty contract is cargo-culted directly from
OpenSea's example code. TODO: it's likely that the above mapping can be changed
to address => address without affecting anything, but further investigation is
needed (i.e. is there a subtle reason that OpenSea released it like this?).
*/
// solhint-disable-next-line no-empty-blocks
contract OwnableDelegateProxy {
}
// SPDX-License-Identifier: MIT
// Copyright (c) 2021 the ethier authors (github.com/divergencetech/ethier)
pragma solidity >=0.8.0 <0.9.0;
// Inspired by BaseOpenSea by Simon Fremaux (@dievardump) but without the need
// to pass specific addresses depending on deployment network.
// https://gist.github.com/dievardump/483eb43bc6ed30b14f01e01842e3339b/
import "./ProxyRegistry.sol";
/// @notice Library to achieve gas-free listings on OpenSea.
library OpenSeaGasFreeListing {
/**
@notice Returns whether the operator is an OpenSea proxy for the owner, thus
allowing it to list without the token owner paying gas.
@dev ERC{721,1155}.isApprovedForAll should be overriden to also check if
this function returns true.
*/
function isApprovedForAll(address owner, address operator)
internal
view
returns (bool)
{
address proxy = proxyFor(owner);
return proxy != address(0) && proxy == operator;
}
/**
@notice Returns the OpenSea proxy address for the owner.
*/
function proxyFor(address owner) internal view returns (address) {
address registry;
uint256 chainId;
assembly {
chainId := chainid()
switch chainId
// Production networks are placed higher to minimise the number of
// checks performed and therefore reduce gas. By the same rationale,
// mainnet comes before Polygon as it's more expensive.
case 1 {
// mainnet
registry := 0xa5409ec958c83c3f309868babaca7c86dcb077c1
}
case 137 {
// polygon
registry := 0x58807baD0B376efc12F5AD86aAc70E78ed67deaE
}
case 4 {
// rinkeby
registry := 0xf57b2c51ded3a29e6891aba85459d600256cf317
}
case 80001 {
// mumbai
registry := 0xff7Ca10aF37178BdD056628eF42fD7F799fAc77c
}
case 1337 {
// The geth SimulatedBackend iff used with the ethier
// openseatest package. This is mocked as a Wyvern proxy as it's
// more complex than the 0x ones.
registry := 0xE1a2bbc877b29ADBC56D2659DBcb0ae14ee62071
}
}
// Unlike Wyvern, the registry itself is the proxy for all owners on 0x
// chains.
if (registry == address(0) || chainId == 137 || chainId == 80001) {
return registry;
}
return address(ProxyRegistry(registry).proxies(owner));
}
}
// SPDX-License-Identifier: MIT
// Copyright (c) 2021 the ethier authors (github.com/divergencetech/ethier)
pragma solidity >=0.8.0 <0.9.0;
import "../utils/Monotonic.sol";
import "../utils/OwnerPausable.sol";
import "@openzeppelin/contracts/security/ReentrancyGuard.sol";
import "@openzeppelin/contracts/utils/Address.sol";
import "@openzeppelin/contracts/utils/Context.sol";
import "@openzeppelin/contracts/utils/math/Math.sol";
import "@openzeppelin/contracts/utils/Strings.sol";
/**
@notice An abstract contract providing the _purchase() function to:
- Enforce per-wallet / per-transaction limits
- Calculate required cost, forwarding to a beneficiary, and refunding extra
*/
abstract contract Seller is OwnerPausable, ReentrancyGuard {
using Address for address payable;
using Monotonic for Monotonic.Increaser;
using Strings for uint256;
/**
@dev Note that the address limits are vulnerable to wallet farming.
@param maxPerAddress Unlimited if zero.
@param maxPerTex Unlimited if zero.
@param freeQuota Maximum number that can be purchased free of charge by
the contract owner.
@param reserveFreeQuota Whether to excplitly reserve the freeQuota amount
and not let it be eroded by regular purchases.
@param lockFreeQuota If true, calls to setSellerConfig() will ignore changes
to freeQuota. Can be locked after initial setting, but not unlocked. This
allows a contract owner to commit to a maximum number of reserved items.
@param lockTotalInventory Similar to lockFreeQuota but applied to
totalInventory.
*/
struct SellerConfig {
uint256 totalInventory;
uint256 maxPerAddress;
uint256 maxPerTx;
uint248 freeQuota;
bool reserveFreeQuota;
bool lockFreeQuota;
bool lockTotalInventory;
}
constructor(SellerConfig memory config, address payable _beneficiary) {
setSellerConfig(config);
setBeneficiary(_beneficiary);
}
/// @notice Configuration of purchase limits.
SellerConfig public sellerConfig;
/// @notice Sets the seller config.
function setSellerConfig(SellerConfig memory config) public onlyOwner {
require(
config.totalInventory >= config.freeQuota,
"Seller: excessive free quota"
);
require(
config.totalInventory >= _totalSold.current(),
"Seller: inventory < already sold"
);
require(
config.freeQuota >= purchasedFreeOfCharge.current(),
"Seller: free quota < already used"
);
// Overriding the in-memory fields before copying the whole struct, as
// against writing individual fields, gives a greater guarantee of
// correctness as the code is simpler to read.
if (sellerConfig.lockTotalInventory) {
config.lockTotalInventory = true;
config.totalInventory = sellerConfig.totalInventory;
}
if (sellerConfig.lockFreeQuota) {
config.lockFreeQuota = true;
config.freeQuota = sellerConfig.freeQuota;
}
sellerConfig = config;
}
/// @notice Recipient of revenues.
address payable public beneficiary;
/// @notice Sets the recipient of revenues.
function setBeneficiary(address payable _beneficiary) public onlyOwner {
beneficiary = _beneficiary;
}
/**
@dev Must return the current cost of a batch of items. This may be constant
or, for example, decreasing for a Dutch auction or increasing for a bonding
curve.
@param n The number of items being purchased.
@param metadata Arbitrary data, propagated by the call to _purchase() that
can be used to charge different prices. This value is a uint256 instead of
bytes as this allows simple passing of a set cost (see
ArbitraryPriceSeller).
*/
function cost(uint256 n, uint256 metadata)
public
view
virtual
returns (uint256);
/**
@dev Called by both _purchase() and purchaseFreeOfCharge() after all limits
have been put in place; must perform all contract-specific sale logic, e.g.
ERC721 minting. When _handlePurchase() is called, the value returned by
Seller.totalSold() will be the pre-purchase amount.
@param to The recipient of the item(s).
@param n The number of items allowed to be purchased, which MAY be less than
to the number passed to _purchase() but SHALL be greater than zero.
@param freeOfCharge Indicates that the call originated from
purchaseFreeOfCharge() and not _purchase().
*/
function _handlePurchase(
address to,
uint256 n,
bool freeOfCharge
) internal virtual;
/**
@notice Tracks total number of items sold by this contract, including those
purchased free of charge by the contract owner.
*/
Monotonic.Increaser private _totalSold;
/// @notice Returns the total number of items sold by this contract.
function totalSold() public view returns (uint256) {
return _totalSold.current();
}
/**
@notice Tracks the number of items already bought by an address, regardless
of transferring out (in the case of ERC721).
@dev This isn't public as it may be skewed due to differences in msg.sender
and tx.origin, which it treats in the same way such that
sum(_bought)>=totalSold().
*/
mapping(address => uint256) private _bought;
/**
@notice Returns min(n, max(extra items addr can purchase)) and reverts if 0.
@param zeroMsg The message with which to revert on 0 extra.
*/
function _capExtra(
uint256 n,
address addr,
string memory zeroMsg
) internal view returns (uint256) {
uint256 extra = sellerConfig.maxPerAddress - _bought[addr];
if (extra == 0) {
revert(string(abi.encodePacked("Seller: ", zeroMsg)));
}
return Math.min(n, extra);
}
/// @notice Emitted when a buyer is refunded.
event Refund(address indexed buyer, uint256 amount);
/// @notice Emitted on all purchases of non-zero amount.
event Revenue(
address indexed beneficiary,
uint256 numPurchased,
uint256 amount
);
/// @notice Tracks number of items purchased free of charge.
Monotonic.Increaser private purchasedFreeOfCharge;
/**
@notice Allows the contract owner to purchase without payment, within the
quota enforced by the SellerConfig.
*/
function purchaseFreeOfCharge(address to, uint256 n)
public
onlyOwner
whenNotPaused
{
uint256 freeQuota = sellerConfig.freeQuota;
n = Math.min(n, freeQuota - purchasedFreeOfCharge.current());
require(n > 0, "Seller: Free quota exceeded");
uint256 totalInventory = sellerConfig.totalInventory;
n = Math.min(n, totalInventory - _totalSold.current());
require(n > 0, "Seller: Sold out");
_handlePurchase(to, n, true);
_totalSold.add(n);
purchasedFreeOfCharge.add(n);
assert(_totalSold.current() <= totalInventory);
assert(purchasedFreeOfCharge.current() <= freeQuota);
}
/**
@notice Convenience function for calling _purchase() with empty costMetadata
when unneeded.
*/
function _purchase(address to, uint256 requested) internal virtual {
_purchase(to, requested, 0);
}
/**
@notice Enforces all purchase limits (counts and costs) before calling
_handlePurchase(), after which the received funds are disbursed to the
beneficiary, less any required refunds.
@param to The final recipient of the item(s).
@param requested The number of items requested for purchase, which MAY be
reduced when passed to _handlePurchase().
@param costMetadata Arbitrary data, propagated in the call to cost(), to be
optionally used in determining the price.
*/
function _purchase(
address to,
uint256 requested,
uint256 costMetadata
) internal nonReentrant whenNotPaused {
/**
* ##### CHECKS
*/
SellerConfig memory config = sellerConfig;
uint256 n = config.maxPerTx == 0
? requested
: Math.min(requested, config.maxPerTx);
uint256 maxAvailable;
uint256 sold;
if (config.reserveFreeQuota) {
maxAvailable = config.totalInventory - config.freeQuota;
sold = _totalSold.current() - purchasedFreeOfCharge.current();
} else {
maxAvailable = config.totalInventory;
sold = _totalSold.current();
}
n = Math.min(n, maxAvailable - sold);
require(n > 0, "Seller: Sold out");
if (config.maxPerAddress > 0) {
bool alsoLimitSender = _msgSender() != to;
// solhint-disable-next-line avoid-tx-origin
bool alsoLimitOrigin = tx.origin != _msgSender() && tx.origin != to;
n = _capExtra(n, to, "Buyer limit");
if (alsoLimitSender) {
n = _capExtra(n, _msgSender(), "Sender limit");
}
if (alsoLimitOrigin) {
// solhint-disable-next-line avoid-tx-origin
n = _capExtra(n, tx.origin, "Origin limit");
}
_bought[to] += n;
if (alsoLimitSender) {
_bought[_msgSender()] += n;
}
if (alsoLimitOrigin) {
// solhint-disable-next-line avoid-tx-origin
_bought[tx.origin] += n;
}
}
uint256 _cost = cost(n, costMetadata);
if (msg.value < _cost) {
revert(
string(
abi.encodePacked(
"Seller: Costs ",
(_cost / 1e9).toString(),
" GWei"
)
)
);
}
/**
* ##### EFFECTS
*/
_handlePurchase(to, n, false);
_totalSold.add(n);
assert(_totalSold.current() <= config.totalInventory);
/**
* ##### INTERACTIONS
*/
// Ideally we'd be using a PullPayment here, but the user experience is
// poor when there's a variable cost or the number of items purchased
// has been capped. We've addressed reentrancy with both a nonReentrant
// modifier and the checks, effects, interactions pattern.
if (_cost > 0) {
beneficiary.sendValue(_cost);
emit Revenue(beneficiary, n, _cost);
}
if (msg.value > _cost) {
address payable reimburse = payable(_msgSender());
uint256 refund = msg.value - _cost;
// Using Address.sendValue() here would mask the revertMsg upon
// reentrancy, but we want to expose it to allow for more precise
// testing. This otherwise uses the exact same pattern as
// Address.sendValue().
// solhint-disable-next-line avoid-low-level-calls
(bool success, bytes memory returnData) = reimburse.call{
value: refund
}("");
// Although `returnData` will have a spurious prefix, all we really
// care about is that it contains the ReentrancyGuard reversion
// message so we can check in the tests.
require(success, string(returnData));
emit Refund(reimburse, refund);
}
}
}
// SPDX-License-Identifier: MIT
// Copyright (c) 2021 the ethier authors (github.com/divergencetech/ethier)
pragma solidity >=0.8.0 <0.9.0;
import "./Seller.sol";
/// @notice A Seller with fixed per-item price.
abstract contract FixedPriceSeller is Seller {
constructor(
uint256 _price,
Seller.SellerConfig memory sellerConfig,
address payable _beneficiary
) Seller(sellerConfig, _beneficiary) {
setPrice(_price);
}
/**
@notice The fixed per-item price.
@dev Fixed as in not changing with time nor number of items, but not a
constant.
*/
uint256 public price;
/// @notice Sets the per-item price.
function setPrice(uint256 _price) public onlyOwner {
price = _price;
}
/**
@notice Override of Seller.cost() with fixed price.
@dev The second parameter, metadata propagated from the call to _purchase(),
is ignored.
*/
function cost(uint256 n, uint256) public view override returns (uint256) {
return n * price;
}
}
// SPDX-License-Identifier: MIT
// Copyright (c) 2022 the ethier authors (github.com/divergencetech/ethier)
pragma solidity >=0.8.0 <0.9.0;
import "@openzeppelin/contracts/interfaces/IERC721.sol";
import "@openzeppelin/contracts/utils/Strings.sol";
import "@openzeppelin/contracts/utils/structs/BitMaps.sol";
/**
@notice Allows holders of ERC721 tokens to redeem rights to some claim; for
example, the right to mint a token of some other collection.
*/
library ERC721Redeemer {
using BitMaps for BitMaps.BitMap;
using Strings for uint256;
/**
@notice Storage value to track already-claimed redemptions for a specific
token collection.
*/
struct Claims {
/**
@dev This field MUST NOT be considered part of the public API. Instead,
prefer `using ERC721Redeemer for ERC721Redeemer.Claims` and utilise the
provided functions.
*/
mapping(uint256 => uint256) _total;
}
/**
@notice Storage value to track already-claimed redemptions for a specific
token collection, given that there is only a single claim allowed per
tokenId.
*/
struct SingleClaims {
/**
@dev This field MUST NOT be considered part of the public API. Instead,
prefer `using ERC721Redeemer for ERC721Redeemer.SingleClaims` and
utilise the provided functions.
*/
BitMaps.BitMap _claimed;
}
/**
@notice Emitted when a token's claim is redeemed.
*/
event Redemption(
IERC721 indexed token,
address indexed redeemer,
uint256 tokenId,
uint256 n
);
/**
@notice Checks that the redeemer is allowed to redeem the claims for the
tokenIds by being either the owner or approved address for all tokenIds, and
updates the Claims to reflect this.
@dev For more efficient gas usage, recurring values in tokenIds SHOULD be
adjacent to one another as this will batch expensive operations. The
simplest way to achieve this is by sorting tokenIds.
@param tokenIds The token IDs for which the claims are being redeemed. If
maxAllowance > 1 then identical tokenIds can be passed more than once; see
dev comments.
@return The number of redeemed claims; either 0 or tokenIds.length;
*/
function redeem(
Claims storage claims,
uint256 maxAllowance,
address redeemer,
IERC721 token,
uint256[] calldata tokenIds
) internal returns (uint256) {
if (maxAllowance == 0 || tokenIds.length == 0) {
return 0;
}
// See comment for `endSameId`.
bool multi = maxAllowance > 1;
for (
uint256 i = 0;
i < tokenIds.length; /* note increment at end */
) {
uint256 tokenId = tokenIds[i];
requireOwnerOrApproved(token, tokenId, redeemer);
uint256 n = 1;
if (multi) {
// If allowed > 1 we can save on expensive operations like
// checking ownership / remaining allowance by batching equal
// tokenIds. The algorithm assumes that equal IDs are adjacent
// in the array.
uint256 endSameId;
for (
endSameId = i + 1;
endSameId < tokenIds.length &&
tokenIds[endSameId] == tokenId;
endSameId++
) {} // solhint-disable-line no-empty-blocks
n = endSameId - i;
}
claims._total[tokenId] += n;
if (claims._total[tokenId] > maxAllowance) {
revertWithTokenId(
"ERC721Redeemer: over allowance for",
tokenId
);
}
i += n;
emit Redemption(token, redeemer, tokenId, n);
}
return tokenIds.length;
}
/**
@notice Checks that the redeemer is allowed to redeem the single claim for
each of the tokenIds by being either the owner or approved address for all
tokenIds, and updates the SingleClaims to reflect this.
@param tokenIds The token IDs for which the claims are being redeemed. Only
a single claim can be made against a tokenId.
@return The number of redeemed claims; either 0 or tokenIds.length;
*/
function redeem(
SingleClaims storage claims,
address redeemer,
IERC721 token,
uint256[] calldata tokenIds
) internal returns (uint256) {
if (tokenIds.length == 0) {
return 0;
}
for (uint256 i = 0; i < tokenIds.length; i++) {
uint256 tokenId = tokenIds[i];
requireOwnerOrApproved(token, tokenId, redeemer);
if (claims._claimed.get(tokenId)) {
revertWithTokenId(
"ERC721Redeemer: over allowance for",
tokenId
);
}
claims._claimed.set(tokenId);
emit Redemption(token, redeemer, tokenId, 1);
}
return tokenIds.length;
}
/**
@dev Reverts if neither the owner nor approved for the tokenId.
*/
function requireOwnerOrApproved(
IERC721 token,
uint256 tokenId,
address redeemer
) private view {
if (
token.ownerOf(tokenId) != redeemer &&
token.getApproved(tokenId) != redeemer
) {
revertWithTokenId(
"ERC721Redeemer: not approved nor owner of",
tokenId
);
}
}
/**
@notice Reverts with the concatenation of revertMsg and tokenId.toString().
@dev Used to save gas by constructing the revert message only as required,
instead of passing it to require().
*/
function revertWithTokenId(string memory revertMsg, uint256 tokenId)
private
pure
{
revert(string(abi.encodePacked(revertMsg, " ", tokenId.toString())));
}
/**
@notice Returns the number of claimed redemptions for the token.
*/
function claimed(Claims storage claims, uint256 tokenId)
internal
view
returns (uint256)
{
return claims._total[tokenId];
}
/**
@notice Returns whether the token has had a claim made against it.
*/
function claimed(SingleClaims storage claims, uint256 tokenId)
internal
view
returns (bool)
{
return claims._claimed.get(tokenId);
}
}
// SPDX-License-Identifier: MIT
// Copyright (c) 2021 the ethier authors (github.com/divergencetech/ethier)
pragma solidity >=0.8.0 <0.9.0;
import "../thirdparty/opensea/OpenSeaGasFreeListing.sol";
import "erc721a/contracts/ERC721A.sol";
/// @notice Pre-approval of OpenSea proxies for gas-less listing
/// @dev This wrapper allows users to revoke the pre-approval of their
/// associated proxy and emits the corresponding events. This is necessary for
/// external tools to index approvals correctly and inform the user.
/// @dev The pre-approval is triggered on a per-wallet basis during the first
/// transfer transactions. It will only be enabled for wallets with an existing
/// proxy. Not having a proxy incurs a gas overhead.
/// @dev This wrapper optimizes for the following scenario:
/// - The majority of users already have a wyvern proxy
/// - Most of them want to transfer tokens via wyvern exchanges
abstract contract ERC721APreApproval is ERC721A {
/// @dev It is important that Active remains at first position, since this
/// is the scenario that we are trying to optimize for.
enum State {
Active,
Inactive
}
/// @notice The state of the pre-approval for a given owner
mapping(address => State) private state;
/// @dev Returns true if either standard `isApprovedForAll()` or if the
/// `operator` is the OpenSea proxy for the `owner` provided the
/// pre-approval is active.
function isApprovedForAll(address owner, address operator)
public
view
virtual
override
returns (bool)
{
if (super.isApprovedForAll(owner, operator)) {
return true;
}
return
state[owner] == State.Active &&
OpenSeaGasFreeListing.isApprovedForAll(owner, operator);
}
/// @dev Uses the standard `setApprovalForAll` or toggles the pre-approval
/// state if `operator` is the OpenSea proxy for the sender.
function setApprovalForAll(address operator, bool approved)
public
virtual
override
{
address owner = _msgSender();
if (operator == OpenSeaGasFreeListing.proxyFor(owner)) {
state[owner] = approved ? State.Active : State.Inactive;
emit ApprovalForAll(owner, operator, approved);
} else {
super.setApprovalForAll(operator, approved);
}
}
/// @dev Checks if the receiver has an existing proxy. If not, the
/// pre-approval is disabled.
function _beforeTokenTransfers(
address from,
address to,
uint256 startTokenId,
uint256 quantity
) internal virtual override {
super._beforeTokenTransfers(from, to, startTokenId, quantity);
// Exclude burns and inactive pre-approvals
if (to == address(0) || state[to] == State.Inactive) {
return;
}
address operator = OpenSeaGasFreeListing.proxyFor(to);
// Disable if `to` has no proxy
if (operator == address(0)) {
state[to] = State.Inactive;
return;
}
// Avoid emitting unnecessary events.
if (balanceOf(to) == 0) {
emit ApprovalForAll(to, operator, true);
}
}
}
// SPDX-License-Identifier: MIT
// Copyright (c) 2022 the ethier authors (github.com/divergencetech/ethier)
pragma solidity >=0.8.0 <0.9.0;
import "./ERC721APreApproval.sol";
import "../utils/OwnerPausable.sol";
/**
@notice An ERC721A contract with common functionality:
- OpenSea gas-free listings
- Pausable with toggling functions exposed to Owner only
*/
contract ERC721ACommon is ERC721APreApproval, OwnerPausable {
constructor(string memory name, string memory symbol)
ERC721A(name, symbol)
{} // solhint-disable-line no-empty-blocks
/// @notice Requires that the token exists.
modifier tokenExists(uint256 tokenId) {
require(ERC721A._exists(tokenId), "ERC721ACommon: Token doesn't exist");
_;
}
/// @notice Requires that msg.sender owns or is approved for the token.
modifier onlyApprovedOrOwner(uint256 tokenId) {
require(
_ownershipOf(tokenId).addr == _msgSender() ||
getApproved(tokenId) == _msgSender(),
"ERC721ACommon: Not approved nor owner"
);
_;
}
function _beforeTokenTransfers(
address from,
address to,
uint256 startTokenId,
uint256 quantity
) internal virtual override {
require(!paused(), "ERC721ACommon: paused");
super._beforeTokenTransfers(from, to, startTokenId, quantity);
}
/// @notice Overrides supportsInterface as required by inheritance.
function supportsInterface(bytes4 interfaceId)
public
view
virtual
override(ERC721A)
returns (bool)
{
return super.supportsInterface(interfaceId);
}
}
// SPDX-License-Identifier: MIT
// Copyright (c) 2021 the ethier authors (github.com/divergencetech/ethier)
pragma solidity >=0.8.0 <0.9.0;
import "@openzeppelin/contracts/access/Ownable.sol";
/**
@notice ERC721 extension that overrides the OpenZeppelin _baseURI() function to
return a prefix that can be set by the contract owner.
*/
contract BaseTokenURI is Ownable {
/// @notice Base token URI used as a prefix by tokenURI().
string public baseTokenURI;
constructor(string memory _baseTokenURI) {
setBaseTokenURI(_baseTokenURI);
}
/// @notice Sets the base token URI prefix.
function setBaseTokenURI(string memory _baseTokenURI) public onlyOwner {
baseTokenURI = _baseTokenURI;
}
/**
@notice Concatenates and returns the base token URI and the token ID without
any additional characters (e.g. a slash).
@dev This requires that an inheriting contract that also inherits from OZ's
ERC721 will have to override both contracts; although we could simply
require that users implement their own _baseURI() as here, this can easily
be forgotten and the current approach guides them with compiler errors. This
favours the latter half of "APIs should be easy to use and hard to misuse"
from https://www.infoq.com/articles/API-Design-Joshua-Bloch/.
*/
function _baseURI() internal view virtual returns (string memory) {
return baseTokenURI;
}
}
// SPDX-License-Identifier: MIT
// Copyright (c) 2022 the ethier authors (github.com/divergencetech/ethier)
pragma solidity >=0.8.0 <0.9.0;
import "@openzeppelin/contracts/access/Ownable.sol";
import "@openzeppelin/contracts/utils/structs/EnumerableSet.sol";
/**
@title SignerManager
@notice Manges addition and removal of a core set of addresses from which
valid ECDSA signatures can be accepted; see SignatureChecker.
*/
contract SignerManager is Ownable {
using EnumerableSet for EnumerableSet.AddressSet;
/**
@dev Addresses from which signatures can be accepted.
*/
EnumerableSet.AddressSet internal signers;
/**
@notice Add an address to the set of accepted signers.
*/
function addSigner(address signer) external onlyOwner {
signers.add(signer);
}
/**
@notice Remove an address previously added with addSigner().
*/
function removeSigner(address signer) external onlyOwner {
signers.remove(signer);
}
}
// SPDX-License-Identifier: MIT
// Copyright (c) 2021 the ethier authors (github.com/divergencetech/ethier)
pragma solidity >=0.8.0 <0.9.0;
import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
import "@openzeppelin/contracts/utils/structs/EnumerableSet.sol";
/**
@title SignatureChecker
@notice Additional functions for EnumerableSet.Addresset that require a valid
ECDSA signature of a standardized message, signed by any member of the set.
*/
library SignatureChecker {
using EnumerableSet for EnumerableSet.AddressSet;
/**
@notice Requires that the message has not been used previously and that the
recovered signer is contained in the signers AddressSet.
@dev Convenience wrapper for message generation + signature verification
+ marking message as used
@param signers Set of addresses from which signatures are accepted.
@param usedMessages Set of already-used messages.
@param signature ECDSA signature of message.
*/
function requireValidSignature(
EnumerableSet.AddressSet storage signers,
bytes memory data,
bytes calldata signature,
mapping(bytes32 => bool) storage usedMessages
) internal {
bytes32 message = generateMessage(data);
require(
!usedMessages[message],
"SignatureChecker: Message already used"
);
usedMessages[message] = true;
requireValidSignature(signers, message, signature);
}
/**
@notice Requires that the message has not been used previously and that the
recovered signer is contained in the signers AddressSet.
@dev Convenience wrapper for message generation + signature verification.
*/
function requireValidSignature(
EnumerableSet.AddressSet storage signers,
bytes memory data,
bytes calldata signature
) internal view {
bytes32 message = generateMessage(data);
requireValidSignature(signers, message, signature);
}
/**
@notice Requires that the message has not been used previously and that the
recovered signer is contained in the signers AddressSet.
@dev Convenience wrapper for message generation from address +
signature verification.
*/
function requireValidSignature(
EnumerableSet.AddressSet storage signers,
address a,
bytes calldata signature
) internal view {
bytes32 message = generateMessage(abi.encodePacked(a));
requireValidSignature(signers, message, signature);
}
/**
@notice Common validator logic, checking if the recovered signer is
contained in the signers AddressSet.
*/
function validSignature(
EnumerableSet.AddressSet storage signers,
bytes32 message,
bytes calldata signature
) internal view returns (bool) {
return signers.contains(ECDSA.recover(message, signature));
}
/**
@notice Requires that the recovered signer is contained in the signers
AddressSet.
@dev Convenience wrapper that reverts if the signature validation fails.
*/
function requireValidSignature(
EnumerableSet.AddressSet storage signers,
bytes32 message,
bytes calldata signature
) internal view {
require(
validSignature(signers, message, signature),
"SignatureChecker: Invalid signature"
);
}
/**
@notice Generates a message for a given data input that will be signed
off-chain using ECDSA.
@dev For multiple data fields, a standard concatenation using
`abi.encodePacked` is commonly used to build data.
*/
function generateMessage(bytes memory data)
internal
pure
returns (bytes32)
{
return ECDSA.toEthSignedMessageHash(data);
}
}
File 3 of 5: ERC1967Proxy
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (proxy/ERC1967/ERC1967Proxy.sol)
pragma solidity 0.8.17;
// OpenZeppelin Contracts v4.4.1 (proxy/Proxy.sol)
/**
* @dev This abstract contract provides a fallback function that delegates all calls to another contract using the EVM
* instruction `delegatecall`. We refer to the second contract as the _implementation_ behind the proxy, and it has to
* be specified by overriding the virtual {_implementation} function.
*
* Additionally, delegation to the implementation can be triggered manually through the {_fallback} function, or to a
* different contract through the {_delegate} function.
*
* The success and return data of the delegated call will be returned back to the caller of the proxy.
*/
abstract contract Proxy {
/**
* @dev Delegates the current call to `implementation`.
*
* This function does not return to its internall call site, it will return directly to the external caller.
*/
function _delegate(address implementation) internal virtual {
assembly {
// Copy msg.data. We take full control of memory in this inline assembly
// block because it will not return to Solidity code. We overwrite the
// Solidity scratch pad at memory position 0.
calldatacopy(0, 0, calldatasize())
// Call the implementation.
// out and outsize are 0 because we don't know the size yet.
let result := delegatecall(gas(), implementation, 0, calldatasize(), 0, 0)
// Copy the returned data.
returndatacopy(0, 0, returndatasize())
switch result
// delegatecall returns 0 on error.
case 0 {
revert(0, returndatasize())
}
default {
return(0, returndatasize())
}
}
}
/**
* @dev This is a virtual function that should be overriden so it returns the address to which the fallback function
* and {_fallback} should delegate.
*/
function _implementation() internal view virtual returns (address);
/**
* @dev Delegates the current call to the address returned by `_implementation()`.
*
* This function does not return to its internall call site, it will return directly to the external caller.
*/
function _fallback() internal virtual {
_beforeFallback();
_delegate(_implementation());
}
/**
* @dev Fallback function that delegates calls to the address returned by `_implementation()`. Will run if no other
* function in the contract matches the call data.
*/
fallback() external payable virtual {
_fallback();
}
/**
* @dev Fallback function that delegates calls to the address returned by `_implementation()`. Will run if call data
* is empty.
*/
receive() external payable virtual {
_fallback();
}
/**
* @dev Hook that is called before falling back to the implementation. Can happen as part of a manual `_fallback`
* call, or as part of the Solidity `fallback` or `receive` functions.
*
* If overriden should call `super._beforeFallback()`.
*/
function _beforeFallback() internal virtual {}
}
// OpenZeppelin Contracts v4.4.1 (proxy/ERC1967/ERC1967Upgrade.sol)
/**
* @dev This abstract contract provides getters and event emitting update functions for
* https://eips.ethereum.org/EIPS/eip-1967[EIP1967] slots.
*
* _Available since v4.1._
*
* @custom:oz-upgrades-unsafe-allow delegatecall
*/
abstract contract ERC1967Upgrade {
// This is the keccak-256 hash of "eip1967.proxy.rollback" subtracted by 1
bytes32 private constant _ROLLBACK_SLOT = 0x4910fdfa16fed3260ed0e7147f7cc6da11a60208b5b9406d12a635614ffd9143;
/**
* @dev Storage slot with the address of the current implementation.
* This is the keccak-256 hash of "eip1967.proxy.implementation" subtracted by 1, and is
* validated in the constructor.
*/
bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
/**
* @dev Emitted when the implementation is upgraded.
*/
event Upgraded(address indexed implementation);
/**
* @dev Returns the current implementation address.
*/
function _getImplementation() internal view returns (address) {
return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
}
/**
* @dev Stores a new address in the EIP1967 implementation slot.
*/
function _setImplementation(address newImplementation) private {
require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract");
StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
}
/**
* @dev Perform implementation upgrade
*
* Emits an {Upgraded} event.
*/
function _upgradeTo(address newImplementation) internal {
_setImplementation(newImplementation);
emit Upgraded(newImplementation);
}
/**
* @dev Perform implementation upgrade with additional setup call.
*
* Emits an {Upgraded} event.
*/
function _upgradeToAndCall(
address newImplementation,
bytes memory data,
bool forceCall
) internal {
_upgradeTo(newImplementation);
if (data.length > 0 || forceCall) {
Address.functionDelegateCall(newImplementation, data);
}
}
/**
* @dev Perform implementation upgrade with security checks for UUPS proxies, and additional setup call.
*
* Emits an {Upgraded} event.
*/
function _upgradeToAndCallSecure(
address newImplementation,
bytes memory data,
bool forceCall
) internal {
address oldImplementation = _getImplementation();
// Initial upgrade and setup call
_setImplementation(newImplementation);
if (data.length > 0 || forceCall) {
Address.functionDelegateCall(newImplementation, data);
}
// Perform rollback test if not already in progress
StorageSlot.BooleanSlot storage rollbackTesting = StorageSlot.getBooleanSlot(_ROLLBACK_SLOT);
if (!rollbackTesting.value) {
// Trigger rollback using upgradeTo from the new implementation
rollbackTesting.value = true;
Address.functionDelegateCall(
newImplementation,
abi.encodeWithSignature("upgradeTo(address)", oldImplementation)
);
rollbackTesting.value = false;
// Check rollback was effective
require(oldImplementation == _getImplementation(), "ERC1967Upgrade: upgrade breaks further upgrades");
// Finally reset to the new implementation and log the upgrade
_upgradeTo(newImplementation);
}
}
/**
* @dev Storage slot with the admin of the contract.
* This is the keccak-256 hash of "eip1967.proxy.admin" subtracted by 1, and is
* validated in the constructor.
*/
bytes32 internal constant _ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;
/**
* @dev Emitted when the admin account has changed.
*/
event AdminChanged(address previousAdmin, address newAdmin);
/**
* @dev Returns the current admin.
*/
function _getAdmin() internal view returns (address) {
return StorageSlot.getAddressSlot(_ADMIN_SLOT).value;
}
/**
* @dev Stores a new address in the EIP1967 admin slot.
*/
function _setAdmin(address newAdmin) private {
require(newAdmin != address(0), "ERC1967: new admin is the zero address");
StorageSlot.getAddressSlot(_ADMIN_SLOT).value = newAdmin;
}
/**
* @dev Changes the admin of the proxy.
*
* Emits an {AdminChanged} event.
*/
function _changeAdmin(address newAdmin) internal {
emit AdminChanged(_getAdmin(), newAdmin);
_setAdmin(newAdmin);
}
/**
* @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy.
* This is bytes32(uint256(keccak256('eip1967.proxy.beacon')) - 1)) and is validated in the constructor.
*/
bytes32 internal constant _BEACON_SLOT = 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50;
/**
* @dev Emitted when the beacon is upgraded.
*/
event BeaconUpgraded(address indexed beacon);
/**
* @dev Returns the current beacon.
*/
function _getBeacon() internal view returns (address) {
return StorageSlot.getAddressSlot(_BEACON_SLOT).value;
}
/**
* @dev Stores a new beacon in the EIP1967 beacon slot.
*/
function _setBeacon(address newBeacon) private {
require(Address.isContract(newBeacon), "ERC1967: new beacon is not a contract");
require(
Address.isContract(IBeacon(newBeacon).implementation()),
"ERC1967: beacon implementation is not a contract"
);
StorageSlot.getAddressSlot(_BEACON_SLOT).value = newBeacon;
}
/**
* @dev Perform beacon upgrade with additional setup call. Note: This upgrades the address of the beacon, it does
* not upgrade the implementation contained in the beacon (see {UpgradeableBeacon-_setImplementation} for that).
*
* Emits a {BeaconUpgraded} event.
*/
function _upgradeBeaconToAndCall(
address newBeacon,
bytes memory data,
bool forceCall
) internal {
_setBeacon(newBeacon);
emit BeaconUpgraded(newBeacon);
if (data.length > 0 || forceCall) {
Address.functionDelegateCall(IBeacon(newBeacon).implementation(), data);
}
}
}
/**
* @dev This contract implements an upgradeable proxy. It is upgradeable because calls are delegated to an
* implementation address that can be changed. This address is stored in storage in the location specified by
* https://eips.ethereum.org/EIPS/eip-1967[EIP1967], so that it doesn't conflict with the storage layout of the
* implementation behind the proxy.
*/
contract ERC1967Proxy is Proxy, ERC1967Upgrade {
/**
* @dev Initializes the upgradeable proxy with an initial implementation specified by `_logic`.
*
* If `_data` is nonempty, it's used as data in a delegate call to `_logic`. This will typically be an encoded
* function call, and allows initializating the storage of the proxy like a Solidity constructor.
*/
constructor(address _logic, bytes memory _data) payable {
assert(_IMPLEMENTATION_SLOT == bytes32(uint256(keccak256("eip1967.proxy.implementation")) - 1));
_upgradeToAndCall(_logic, _data, false);
}
/**
* @dev Returns the current implementation address.
*/
function _implementation() internal view virtual override returns (address impl) {
return ERC1967Upgrade._getImplementation();
}
}
// OpenZeppelin Contracts v4.4.1 (proxy/beacon/IBeacon.sol)
/**
* @dev This is the interface that {BeaconProxy} expects of its beacon.
*/
interface IBeacon {
/**
* @dev Must return an address that can be used as a delegate call target.
*
* {BeaconProxy} will check that this address is a contract.
*/
function implementation() external view returns (address);
}
// OpenZeppelin Contracts v4.4.1 (utils/Address.sol)
pragma solidity ^0.8.0;
/**
* @dev Collection of functions related to the address type
*/
library Address {
/**
* @dev Returns true if `account` is a contract.
*
* [IMPORTANT]
* ====
* It is unsafe to assume that an address for which this function returns
* false is an externally-owned account (EOA) and not a contract.
*
* Among others, `isContract` will return false for the following
* types of addresses:
*
* - an externally-owned account
* - a contract in construction
* - an address where a contract will be created
* - an address where a contract lived, but was destroyed
* ====
*/
function isContract(address account) internal view returns (bool) {
// This method relies on extcodesize, which returns 0 for contracts in
// construction, since the code is only stored at the end of the
// constructor execution.
uint256 size;
assembly {
size := extcodesize(account)
}
return size > 0;
}
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
require(address(this).balance >= amount, "Address: insufficient balance");
(bool success, ) = recipient.call{value: amount}("");
require(success, "Address: unable to send value, recipient may have reverted");
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason, it is bubbled up by this
* function (like regular Solidity function calls).
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*
* _Available since v3.1._
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCall(target, data, "Address: low-level call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
* `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value
) internal returns (bytes memory) {
return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
}
/**
* @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
* with `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value,
string memory errorMessage
) internal returns (bytes memory) {
require(address(this).balance >= value, "Address: insufficient balance for call");
require(isContract(target), "Address: call to non-contract");
(bool success, bytes memory returndata) = target.call{value: value}(data);
return verifyCallResult(success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
return functionStaticCall(target, data, "Address: low-level static call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(
address target,
bytes memory data,
string memory errorMessage
) internal view returns (bytes memory) {
require(isContract(target), "Address: static call to non-contract");
(bool success, bytes memory returndata) = target.staticcall(data);
return verifyCallResult(success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
return functionDelegateCall(target, data, "Address: low-level delegate call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
require(isContract(target), "Address: delegate call to non-contract");
(bool success, bytes memory returndata) = target.delegatecall(data);
return verifyCallResult(success, returndata, errorMessage);
}
/**
* @dev Tool to verifies that a low level call was successful, and revert if it wasn't, either by bubbling the
* revert reason using the provided one.
*
* _Available since v4.3._
*/
function verifyCallResult(
bool success,
bytes memory returndata,
string memory errorMessage
) internal pure returns (bytes memory) {
if (success) {
return returndata;
} else {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert(errorMessage);
}
}
}
}
// OpenZeppelin Contracts v4.4.1 (utils/StorageSlot.sol)
/**
* @dev Library for reading and writing primitive types to specific storage slots.
*
* Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.
* This library helps with reading and writing to such slots without the need for inline assembly.
*
* The functions in this library return Slot structs that contain a `value` member that can be used to read or write.
*
* Example usage to set ERC1967 implementation slot:
* ```
* contract ERC1967 {
* bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
*
* function _getImplementation() internal view returns (address) {
* return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
* }
*
* function _setImplementation(address newImplementation) internal {
* require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract");
* StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
* }
* }
* ```
*
* _Available since v4.1 for `address`, `bool`, `bytes32`, and `uint256`._
*/
library StorageSlot {
struct AddressSlot {
address value;
}
struct BooleanSlot {
bool value;
}
struct Bytes32Slot {
bytes32 value;
}
struct Uint256Slot {
uint256 value;
}
/**
* @dev Returns an `AddressSlot` with member `value` located at `slot`.
*/
function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `BooleanSlot` with member `value` located at `slot`.
*/
function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Bytes32Slot` with member `value` located at `slot`.
*/
function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Uint256Slot` with member `value` located at `slot`.
*/
function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {
assembly {
r.slot := slot
}
}
}File 4 of 5: Blend
// SPDX-License-Identifier: BSL 1.1 - Blend (c) Non Fungible Trading Ltd.
pragma solidity 0.8.17;
import "lib/openzeppelin-contracts-upgradeable/contracts/proxy/utils/UUPSUpgradeable.sol";
import "./Helpers.sol";
import "./lib/Structs.sol";
import "./OfferController.sol";
import "./interfaces/IBlend.sol";
import "../pool/interfaces/IBlurPool.sol";
contract Blend is IBlend, OfferController, UUPSUpgradeable {
IExchange private immutable _EXCHANGE;
IExchangeV2 private immutable _EXCHANGE_V2;
IBlurPool private immutable _POOL;
address private immutable _SELL_MATCHING_POLICY;
address private immutable _BID_MATCHING_POLICY;
address private immutable _DELEGATE;
address private immutable _DELEGATE_V2;
uint256 private constant _BASIS_POINTS = 10_000;
uint256 private constant _MAX_AUCTION_DURATION = 432_000;
uint256 private constant _LIQUIDATION_THRESHOLD = 100_000;
uint256 private _nextLienId;
mapping(uint256 => bytes32) public liens;
mapping(bytes32 => uint256) public amountTaken;
// required by the OZ UUPS module
function _authorizeUpgrade(address) internal override onlyOwner {}
constructor(
address pool,
address exchange,
address exchangeV2,
address sellMatchingPolicy,
address bidMatchingPolicy,
address delegate,
address delegateV2
) {
_POOL = IBlurPool(pool);
_EXCHANGE = IExchange(exchange);
_EXCHANGE_V2 = IExchangeV2(exchangeV2);
_SELL_MATCHING_POLICY = sellMatchingPolicy;
_BID_MATCHING_POLICY = bidMatchingPolicy;
_DELEGATE = delegate;
_DELEGATE_V2 = delegateV2;
_disableInitializers();
}
function initialize() external initializer {
__UUPSUpgradeable_init();
__Ownable_init();
}
/*//////////////////////////////////////////////////
BORROW FLOWS
//////////////////////////////////////////////////*/
/**
* @notice Verifies and takes loan offer; then transfers loan and collateral assets
* @param offer Loan offer
* @param signature Lender offer signature
* @param loanAmount Loan amount in ETH
* @param collateralTokenId Token id to provide as collateral
* @return lienId New lien id
*/
function borrow(
LoanOffer calldata offer,
bytes calldata signature,
uint256 loanAmount,
uint256 collateralTokenId
) external returns (uint256 lienId) {
lienId = _borrow(offer, signature, loanAmount, collateralTokenId);
/* Lock collateral token. */
offer.collection.safeTransferFrom(msg.sender, address(this), collateralTokenId);
/* Transfer loan to borrower. */
_POOL.transferFrom(offer.lender, msg.sender, loanAmount);
}
/**
* @notice Repays loan and retrieves collateral
* @param lien Lien preimage
* @param lienId Lien id
*/
function repay(
Lien calldata lien,
uint256 lienId
) external validateLien(lien, lienId) lienIsActive(lien) {
uint256 debt = _repay(lien, lienId);
/* Return NFT to borrower. */
lien.collection.safeTransferFrom(address(this), lien.borrower, lien.tokenId);
/* Repay loan to lender. */
_POOL.transferFrom(msg.sender, lien.lender, debt);
}
/**
* @notice Verifies and takes loan offer; creates new lien
* @param offer Loan offer
* @param signature Lender offer signature
* @param loanAmount Loan amount in ETH
* @param collateralTokenId Token id to provide as collateral
* @return lienId New lien id
*/
function _borrow(
LoanOffer calldata offer,
bytes calldata signature,
uint256 loanAmount,
uint256 collateralTokenId
) internal returns (uint256 lienId) {
if (offer.auctionDuration > _MAX_AUCTION_DURATION) {
revert InvalidAuctionDuration();
}
Lien memory lien = Lien({
lender: offer.lender,
borrower: msg.sender,
collection: offer.collection,
tokenId: collateralTokenId,
amount: loanAmount,
startTime: block.timestamp,
rate: offer.rate,
auctionStartBlock: 0,
auctionDuration: offer.auctionDuration
});
/* Create lien. */
unchecked {
liens[lienId = _nextLienId++] = keccak256(abi.encode(lien));
}
/* Take the loan offer. */
_takeLoanOffer(offer, signature, lien, lienId);
}
/**
* @notice Computes the current debt repayment and burns the lien
* @dev Does not transfer assets
* @param lien Lien preimage
* @param lienId Lien id
* @return debt Current amount of debt owed on the lien
*/
function _repay(Lien calldata lien, uint256 lienId) internal returns (uint256 debt) {
debt = Helpers.computeCurrentDebt(lien.amount, lien.rate, lien.startTime);
delete liens[lienId];
emit Repay(lienId, address(lien.collection));
}
/**
* @notice Verifies and takes loan offer
* @dev Does not transfer loan and collateral assets; does not update lien hash
* @param offer Loan offer
* @param signature Lender offer signature
* @param lien Lien preimage
* @param lienId Lien id
*/
function _takeLoanOffer(
LoanOffer calldata offer,
bytes calldata signature,
Lien memory lien,
uint256 lienId
) internal {
bytes32 hash = _hashOffer(offer);
_validateOffer(
hash,
offer.lender,
offer.oracle,
signature,
offer.expirationTime,
offer.salt
);
if (offer.rate > _LIQUIDATION_THRESHOLD) {
revert RateTooHigh();
}
if (lien.amount > offer.maxAmount || lien.amount < offer.minAmount) {
revert InvalidLoan();
}
uint256 _amountTaken = amountTaken[hash];
if (offer.totalAmount - _amountTaken < lien.amount) {
revert InsufficientOffer();
}
unchecked {
amountTaken[hash] = _amountTaken + lien.amount;
}
emit LoanOfferTaken(
hash,
lienId,
address(offer.collection),
lien.lender,
lien.borrower,
lien.amount,
lien.rate,
lien.tokenId,
lien.auctionDuration
);
}
/*//////////////////////////////////////////////////
REFINANCING FLOWS
//////////////////////////////////////////////////*/
/**
* @notice Starts Dutch Auction on lien ownership
* @dev Must be called by lien owner
* @param lienId Lien token id
*/
function startAuction(Lien calldata lien, uint256 lienId) external validateLien(lien, lienId) {
if (msg.sender != lien.lender) {
revert Unauthorized();
}
/* Cannot start if auction has already started. */
if (lien.auctionStartBlock != 0) {
revert AuctionIsActive();
}
/* Add auction start block to lien. */
liens[lienId] = keccak256(
abi.encode(
Lien({
lender: lien.lender,
borrower: lien.borrower,
collection: lien.collection,
tokenId: lien.tokenId,
amount: lien.amount,
startTime: lien.startTime,
rate: lien.rate,
auctionStartBlock: block.number,
auctionDuration: lien.auctionDuration
})
)
);
emit StartAuction(lienId, address(lien.collection));
}
/**
* @notice Seizes collateral from defaulted lien, skipping liens that are not defaulted
* @param lienPointers List of lien, lienId pairs
*/
function seize(LienPointer[] calldata lienPointers) external {
uint256 length = lienPointers.length;
for (uint256 i; i < length; ) {
Lien calldata lien = lienPointers[i].lien;
uint256 lienId = lienPointers[i].lienId;
if (msg.sender != lien.lender) {
revert Unauthorized();
}
if (!_validateLien(lien, lienId)) {
revert InvalidLien();
}
/* Check that the auction has ended and lien is defaulted. */
if (_lienIsDefaulted(lien)) {
delete liens[lienId];
/* Seize collateral to lender. */
lien.collection.safeTransferFrom(address(this), lien.lender, lien.tokenId);
emit Seize(lienId, address(lien.collection));
}
unchecked {
++i;
}
}
}
/**
* @notice Refinances to different loan amount and repays previous loan
* @dev Must be called by lender; previous loan must be repaid with interest
* @param lien Lien struct
* @param lienId Lien id
* @param offer Loan offer
* @param signature Offer signatures
*/
function refinance(
Lien calldata lien,
uint256 lienId,
LoanOffer calldata offer,
bytes calldata signature
) external validateLien(lien, lienId) lienIsActive(lien) {
if (msg.sender != lien.lender) {
revert Unauthorized();
}
/* Interest rate must be at least as good as current. */
if (offer.rate > lien.rate || offer.auctionDuration != lien.auctionDuration) {
revert InvalidRefinance();
}
uint256 debt = Helpers.computeCurrentDebt(lien.amount, lien.rate, lien.startTime);
_refinance(lien, lienId, debt, offer, signature);
/* Repay initial loan. */
_POOL.transferFrom(offer.lender, lien.lender, debt);
}
/**
* @notice Refinance lien in auction at the current debt amount where the interest rate ceiling increases over time
* @dev Interest rate must be lower than the interest rate ceiling
* @param lien Lien struct
* @param lienId Lien token id
* @param rate Interest rate (in bips)
* @dev Formula: https://www.desmos.com/calculator/urasr71dhb
*/
function refinanceAuction(
Lien calldata lien,
uint256 lienId,
uint256 rate
) external validateLien(lien, lienId) auctionIsActive(lien) {
/* Rate must be below current rate limit. */
uint256 rateLimit = Helpers.calcRefinancingAuctionRate(
lien.auctionStartBlock,
lien.auctionDuration,
lien.rate
);
if (rate > rateLimit) {
revert RateTooHigh();
}
uint256 debt = Helpers.computeCurrentDebt(lien.amount, lien.rate, lien.startTime);
/* Reset the lien with the new lender and interest rate. */
liens[lienId] = keccak256(
abi.encode(
Lien({
lender: msg.sender, // set new lender
borrower: lien.borrower,
collection: lien.collection,
tokenId: lien.tokenId,
amount: debt, // new loan begins with previous debt
startTime: block.timestamp,
rate: rate,
auctionStartBlock: 0, // close the auction
auctionDuration: lien.auctionDuration
})
)
);
emit Refinance(
lienId,
address(lien.collection),
msg.sender,
debt,
rate,
lien.auctionDuration
);
/* Repay the initial loan. */
_POOL.transferFrom(msg.sender, lien.lender, debt);
}
/**
* @notice Refinances to different loan amount and repays previous loan
* @param lien Lien struct
* @param lienId Lien id
* @param offer Loan offer
* @param signature Offer signatures
*/
function refinanceAuctionByOther(
Lien calldata lien,
uint256 lienId,
LoanOffer calldata offer,
bytes calldata signature
) external validateLien(lien, lienId) auctionIsActive(lien) {
/* Rate must be below current rate limit and auction duration must be the same. */
uint256 rateLimit = Helpers.calcRefinancingAuctionRate(
lien.auctionStartBlock,
lien.auctionDuration,
lien.rate
);
if (offer.rate > rateLimit || offer.auctionDuration != lien.auctionDuration) {
revert InvalidRefinance();
}
uint256 debt = Helpers.computeCurrentDebt(lien.amount, lien.rate, lien.startTime);
_refinance(lien, lienId, debt, offer, signature);
/* Repay initial loan. */
_POOL.transferFrom(offer.lender, lien.lender, debt);
}
/**
* @notice Refinances to different loan amount and repays previous loan
* @dev Must be called by borrower; previous loan must be repaid with interest
* @param lien Lien struct
* @param lienId Lien id
* @param loanAmount New loan amount
* @param offer Loan offer
* @param signature Offer signatures
*/
function borrowerRefinance(
Lien calldata lien,
uint256 lienId,
uint256 loanAmount,
LoanOffer calldata offer,
bytes calldata signature
) external validateLien(lien, lienId) lienIsActive(lien) {
if (msg.sender != lien.borrower) {
revert Unauthorized();
}
if (offer.auctionDuration > _MAX_AUCTION_DURATION) {
revert InvalidAuctionDuration();
}
_refinance(lien, lienId, loanAmount, offer, signature);
uint256 debt = Helpers.computeCurrentDebt(lien.amount, lien.rate, lien.startTime);
if (loanAmount >= debt) {
/* If new loan is more than the previous, repay the initial loan and send the remaining to the borrower. */
_POOL.transferFrom(offer.lender, lien.lender, debt);
unchecked {
_POOL.transferFrom(offer.lender, lien.borrower, loanAmount - debt);
}
} else {
/* If new loan is less than the previous, borrower must supply the difference to repay the initial loan. */
_POOL.transferFrom(offer.lender, lien.lender, loanAmount);
unchecked {
_POOL.transferFrom(lien.borrower, lien.lender, debt - loanAmount);
}
}
}
function _refinance(
Lien calldata lien,
uint256 lienId,
uint256 loanAmount,
LoanOffer calldata offer,
bytes calldata signature
) internal {
if (lien.collection != offer.collection) {
revert CollectionsDoNotMatch();
}
/* Update lien with new loan details. */
Lien memory newLien = Lien({
lender: offer.lender, // set new lender
borrower: lien.borrower,
collection: lien.collection,
tokenId: lien.tokenId,
amount: loanAmount,
startTime: block.timestamp,
rate: offer.rate,
auctionStartBlock: 0, // close the auction
auctionDuration: offer.auctionDuration
});
liens[lienId] = keccak256(abi.encode(newLien));
/* Take the loan offer. */
_takeLoanOffer(offer, signature, newLien, lienId);
emit Refinance(
lienId,
address(offer.collection),
offer.lender,
loanAmount,
offer.rate,
offer.auctionDuration
);
}
/*/////////////////////////////////////////////////////////////
MARKETPLACE FLOWS
/////////////////////////////////////////////////////////////*/
/**
* @notice Purchase an NFT and use as collateral for a loan
* @param offer Loan offer to take
* @param signature Lender offer signature
* @param loanAmount Loan amount in ETH
* @param execution Marketplace execution data
* @return lienId Lien id
*/
function buyToBorrow(
LoanOffer calldata offer,
bytes calldata signature,
uint256 loanAmount,
ExecutionV1 calldata execution
) public returns (uint256 lienId) {
if (execution.makerOrder.order.trader == address(this)) {
revert Unauthorized();
}
if (offer.auctionDuration > _MAX_AUCTION_DURATION) {
revert InvalidAuctionDuration();
}
uint256 collateralTokenId = execution.makerOrder.order.tokenId;
uint256 price = execution.makerOrder.order.price;
/* Create lien. */
Lien memory lien = Lien({
lender: offer.lender,
borrower: msg.sender,
collection: offer.collection,
tokenId: collateralTokenId,
amount: loanAmount,
startTime: block.timestamp,
rate: offer.rate,
auctionStartBlock: 0,
auctionDuration: offer.auctionDuration
});
unchecked {
liens[lienId = _nextLienId++] = keccak256(abi.encode(lien));
}
/* Take the loan offer. */
_takeLoanOffer(offer, signature, lien, lienId);
/* Create the buy side order coming from Blend. */
Helpers.executeTakeAsk(
offer,
execution,
loanAmount,
collateralTokenId,
price,
_POOL,
_EXCHANGE,
_SELL_MATCHING_POLICY
);
}
function buyToBorrowV2(
LoanOffer calldata offer,
bytes calldata signature,
uint256 loanAmount,
AskExecutionV2 calldata execution
) public returns (uint256 lienId) {
if (offer.auctionDuration > _MAX_AUCTION_DURATION) {
revert InvalidAuctionDuration();
}
uint256 collateralTokenId = execution.listing.tokenId;
uint256 price = execution.listing.price;
/* Create lien. */
Lien memory lien = Lien({
lender: offer.lender,
borrower: msg.sender,
collection: offer.collection,
tokenId: collateralTokenId,
amount: loanAmount,
startTime: block.timestamp,
rate: offer.rate,
auctionStartBlock: 0,
auctionDuration: offer.auctionDuration
});
unchecked {
liens[lienId = _nextLienId++] = keccak256(abi.encode(lien));
}
/* Take the loan offer. */
_takeLoanOffer(offer, signature, lien, lienId);
/* Execute order using ETH currently in contract. */
Helpers.executeTakeAskV2(
offer,
execution,
loanAmount,
collateralTokenId,
price,
_POOL,
_EXCHANGE_V2
);
}
/**
* @notice Purchase a locked NFT; repay the initial loan; lock the token as collateral for a new loan
* @param lien Lien preimage struct
* @param sellInput Sell offer and signature
* @param loanInput Loan offer and signature
* @return lienId Lien id
*/
function buyToBorrowLocked(
Lien calldata lien,
SellInput calldata sellInput,
LoanInput calldata loanInput,
uint256 loanAmount
)
public
validateLien(lien, sellInput.offer.lienId)
lienIsActive(lien)
returns (uint256 lienId)
{
if (lien.collection != loanInput.offer.collection) {
revert CollectionsDoNotMatch();
}
(uint256 priceAfterFees, uint256 debt) = _buyLocked(
lien,
sellInput.offer,
sellInput.signature
);
lienId = _borrow(loanInput.offer, loanInput.signature, loanAmount, lien.tokenId);
/* Transfer funds. */
/* Need to repay the original loan and payout any surplus from the sell or loan funds. */
if (loanAmount < debt) {
/* loanAmount < debt < priceAfterFees */
/* Repay loan with funds from new lender to old lender. */
_POOL.transferFrom(loanInput.offer.lender, lien.lender, loanAmount); // doesn't cover debt
unchecked {
/* Supplement difference from new borrower. */
_POOL.transferFrom(msg.sender, lien.lender, debt - loanAmount); // cover rest of debt
/* Send rest of sell funds to borrower. */
_POOL.transferFrom(msg.sender, sellInput.offer.borrower, priceAfterFees - debt);
}
} else if (loanAmount < priceAfterFees) {
/* debt < loanAmount < priceAfterFees */
/* Repay loan with funds from new lender to old lender. */
_POOL.transferFrom(loanInput.offer.lender, lien.lender, debt);
unchecked {
/* Send rest of loan from new lender to old borrower. */
_POOL.transferFrom(
loanInput.offer.lender,
sellInput.offer.borrower,
loanAmount - debt
);
/* Send rest of sell funds from new borrower to old borrower. */
_POOL.transferFrom(
msg.sender,
sellInput.offer.borrower,
priceAfterFees - loanAmount
);
}
} else {
/* debt < priceAfterFees < loanAmount */
/* Repay loan with funds from new lender to old lender. */
_POOL.transferFrom(loanInput.offer.lender, lien.lender, debt);
unchecked {
/* Send rest of sell funds from new lender to old borrower. */
_POOL.transferFrom(
loanInput.offer.lender,
sellInput.offer.borrower,
priceAfterFees - debt
);
/* Send rest of loan from new lender to new borrower. */
_POOL.transferFrom(loanInput.offer.lender, msg.sender, loanAmount - priceAfterFees);
}
}
}
/**
* @notice Purchases a locked NFT and uses the funds to repay the loan
* @param lien Lien preimage
* @param offer Sell offer
* @param signature Lender offer signature
*/
function buyLocked(
Lien calldata lien,
SellOffer calldata offer,
bytes calldata signature
) public validateLien(lien, offer.lienId) lienIsActive(lien) {
(uint256 priceAfterFees, uint256 debt) = _buyLocked(lien, offer, signature);
/* Send token to buyer. */
lien.collection.safeTransferFrom(address(this), msg.sender, lien.tokenId);
/* Repay lender. */
_POOL.transferFrom(msg.sender, lien.lender, debt);
/* Send surplus to borrower. */
unchecked {
_POOL.transferFrom(msg.sender, lien.borrower, priceAfterFees - debt);
}
}
/**
* @notice Takes a bid on a locked NFT and use the funds to repay the lien
* @dev Must be called by the borrower
* @param lien Lien preimage
* @param lienId Lien id
* @param execution Marketplace execution data
*/
function takeBid(
Lien calldata lien,
uint256 lienId,
ExecutionV1 calldata execution
) external validateLien(lien, lienId) lienIsActive(lien) {
if (execution.makerOrder.order.trader == address(this) || msg.sender != lien.borrower) {
revert Unauthorized();
}
/* Repay loan with funds received from the sale. */
uint256 debt = _repay(lien, lienId);
Helpers.executeTakeBid(
lien,
lienId,
execution,
debt,
_POOL,
_EXCHANGE,
_DELEGATE,
_BID_MATCHING_POLICY
);
}
function takeBidV2(
Lien calldata lien,
uint256 lienId,
BidExecutionV2 calldata execution
) external validateLien(lien, lienId) lienIsActive(lien) {
if (msg.sender != lien.borrower) {
revert Unauthorized();
}
/* Repay loan with funds received from the sale. */
uint256 debt = _repay(lien, lienId);
Helpers.executeTakeBidV2(lien, execution, debt, _POOL, _EXCHANGE_V2, _DELEGATE_V2);
}
/**
* @notice Verify and take sell offer for token locked in lien; use the funds to repay the debt on the lien
* @dev Does not transfer assets
* @param lien Lien preimage
* @param offer Loan offer
* @param signature Loan offer signature
* @return priceAfterFees Price of the token (after fees), debt Current debt amount
*/
function _buyLocked(
Lien calldata lien,
SellOffer calldata offer,
bytes calldata signature
) internal returns (uint256 priceAfterFees, uint256 debt) {
if (lien.borrower != offer.borrower) {
revert Unauthorized();
}
priceAfterFees = _takeSellOffer(offer, signature);
/* Repay loan with funds received from the sale. */
debt = _repay(lien, offer.lienId);
if (priceAfterFees < debt) {
revert InvalidRepayment();
}
emit BuyLocked(
offer.lienId,
address(lien.collection),
msg.sender,
lien.borrower,
lien.tokenId
);
}
/**
* @notice Validates, fulfills, and transfers fees on sell offer
* @param sellOffer Sell offer
* @param sellSignature Sell offer signature
*/
function _takeSellOffer(
SellOffer calldata sellOffer,
bytes calldata sellSignature
) internal returns (uint256 priceAfterFees) {
_validateOffer(
_hashSellOffer(sellOffer),
sellOffer.borrower,
sellOffer.oracle,
sellSignature,
sellOffer.expirationTime,
sellOffer.salt
);
/* Mark the sell offer as fulfilled. */
cancelledOrFulfilled[sellOffer.borrower][sellOffer.salt] = 1;
/* Transfer fees. */
uint256 totalFees = _transferFees(sellOffer.fees, msg.sender, sellOffer.price);
unchecked {
priceAfterFees = sellOffer.price - totalFees;
}
}
function _transferFees(
Fee[] calldata fees,
address from,
uint256 price
) internal returns (uint256 totalFee) {
uint256 feesLength = fees.length;
for (uint256 i = 0; i < feesLength; ) {
uint256 fee = (price * fees[i].rate) / _BASIS_POINTS;
_POOL.transferFrom(from, fees[i].recipient, fee);
totalFee += fee;
unchecked {
++i;
}
}
if (totalFee > price) {
revert FeesTooHigh();
}
}
receive() external payable {
if (msg.sender != address(_POOL) && msg.sender != address(_EXCHANGE_V2)) {
revert Unauthorized();
}
}
function onERC721Received(
address operator,
address from,
uint256 tokenId,
bytes calldata data
) external pure returns (bytes4) {
return this.onERC721Received.selector;
}
/*/////////////////////////////////////////////////////////////
PAYABLE WRAPPERS
/////////////////////////////////////////////////////////////*/
/**
* @notice buyToBorrow wrapper that deposits ETH to pool
*/
function buyToBorrowETH(
LoanOffer calldata offer,
bytes calldata signature,
uint256 loanAmount,
ExecutionV1 calldata execution
) external payable returns (uint256 lienId) {
_POOL.deposit{ value: msg.value }(msg.sender);
return buyToBorrow(offer, signature, loanAmount, execution);
}
/**
* @notice buyToBorrow wrapper that deposits ETH to pool
*/
function buyToBorrowV2ETH(
LoanOffer calldata offer,
bytes calldata signature,
uint256 loanAmount,
AskExecutionV2 calldata execution
) external payable returns (uint256 lienId) {
_POOL.deposit{ value: msg.value }(msg.sender);
return buyToBorrowV2(offer, signature, loanAmount, execution);
}
/**
* @notice buyToBorrowLocked wrapper that deposits ETH to pool
*/
function buyToBorrowLockedETH(
Lien calldata lien,
SellInput calldata sellInput,
LoanInput calldata loanInput,
uint256 loanAmount
) external payable returns (uint256 lienId) {
_POOL.deposit{ value: msg.value }(msg.sender);
return buyToBorrowLocked(lien, sellInput, loanInput, loanAmount);
}
/**
* @notice buyLocked wrapper that deposits ETH to pool
*/
function buyLockedETH(
Lien calldata lien,
SellOffer calldata offer,
bytes calldata signature
) external payable {
_POOL.deposit{ value: msg.value }(msg.sender);
return buyLocked(lien, offer, signature);
}
/*/////////////////////////////////////////////////////////////
VALIDATION MODIFIERS
/////////////////////////////////////////////////////////////*/
modifier validateLien(Lien calldata lien, uint256 lienId) {
if (!_validateLien(lien, lienId)) {
revert InvalidLien();
}
_;
}
modifier lienIsActive(Lien calldata lien) {
if (_lienIsDefaulted(lien)) {
revert LienIsDefaulted();
}
_;
}
modifier auctionIsActive(Lien calldata lien) {
if (!_auctionIsActive(lien)) {
revert AuctionIsNotActive();
}
_;
}
function _validateLien(Lien calldata lien, uint256 lienId) internal view returns (bool) {
return liens[lienId] == keccak256(abi.encode(lien));
}
function _lienIsDefaulted(Lien calldata lien) internal view returns (bool) {
return
lien.auctionStartBlock != 0 &&
lien.auctionStartBlock + lien.auctionDuration < block.number;
}
function _auctionIsActive(Lien calldata lien) internal view returns (bool) {
return
lien.auctionStartBlock != 0 &&
lien.auctionStartBlock + lien.auctionDuration >= block.number;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (proxy/utils/UUPSUpgradeable.sol)
pragma solidity ^0.8.0;
import "../../interfaces/draft-IERC1822Upgradeable.sol";
import "../ERC1967/ERC1967UpgradeUpgradeable.sol";
import "./Initializable.sol";
/**
* @dev An upgradeability mechanism designed for UUPS proxies. The functions included here can perform an upgrade of an
* {ERC1967Proxy}, when this contract is set as the implementation behind such a proxy.
*
* A security mechanism ensures that an upgrade does not turn off upgradeability accidentally, although this risk is
* reinstated if the upgrade retains upgradeability but removes the security mechanism, e.g. by replacing
* `UUPSUpgradeable` with a custom implementation of upgrades.
*
* The {_authorizeUpgrade} function must be overridden to include access restriction to the upgrade mechanism.
*
* _Available since v4.1._
*/
abstract contract UUPSUpgradeable is Initializable, IERC1822ProxiableUpgradeable, ERC1967UpgradeUpgradeable {
function __UUPSUpgradeable_init() internal onlyInitializing {
}
function __UUPSUpgradeable_init_unchained() internal onlyInitializing {
}
/// @custom:oz-upgrades-unsafe-allow state-variable-immutable state-variable-assignment
address private immutable __self = address(this);
/**
* @dev Check that the execution is being performed through a delegatecall call and that the execution context is
* a proxy contract with an implementation (as defined in ERC1967) pointing to self. This should only be the case
* for UUPS and transparent proxies that are using the current contract as their implementation. Execution of a
* function through ERC1167 minimal proxies (clones) would not normally pass this test, but is not guaranteed to
* fail.
*/
modifier onlyProxy() {
require(address(this) != __self, "Function must be called through delegatecall");
require(_getImplementation() == __self, "Function must be called through active proxy");
_;
}
/**
* @dev Check that the execution is not being performed through a delegate call. This allows a function to be
* callable on the implementing contract but not through proxies.
*/
modifier notDelegated() {
require(address(this) == __self, "UUPSUpgradeable: must not be called through delegatecall");
_;
}
/**
* @dev Implementation of the ERC1822 {proxiableUUID} function. This returns the storage slot used by the
* implementation. It is used to validate the implementation's compatibility when performing an upgrade.
*
* IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks
* bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this
* function revert if invoked through a proxy. This is guaranteed by the `notDelegated` modifier.
*/
function proxiableUUID() external view virtual override notDelegated returns (bytes32) {
return _IMPLEMENTATION_SLOT;
}
/**
* @dev Upgrade the implementation of the proxy to `newImplementation`.
*
* Calls {_authorizeUpgrade}.
*
* Emits an {Upgraded} event.
*/
function upgradeTo(address newImplementation) external virtual onlyProxy {
_authorizeUpgrade(newImplementation);
_upgradeToAndCallUUPS(newImplementation, new bytes(0), false);
}
/**
* @dev Upgrade the implementation of the proxy to `newImplementation`, and subsequently execute the function call
* encoded in `data`.
*
* Calls {_authorizeUpgrade}.
*
* Emits an {Upgraded} event.
*/
function upgradeToAndCall(address newImplementation, bytes memory data) external payable virtual onlyProxy {
_authorizeUpgrade(newImplementation);
_upgradeToAndCallUUPS(newImplementation, data, true);
}
/**
* @dev Function that should revert when `msg.sender` is not authorized to upgrade the contract. Called by
* {upgradeTo} and {upgradeToAndCall}.
*
* Normally, this function will use an xref:access.adoc[access control] modifier such as {Ownable-onlyOwner}.
*
* ```solidity
* function _authorizeUpgrade(address) internal override onlyOwner {}
* ```
*/
function _authorizeUpgrade(address newImplementation) internal virtual;
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[50] private __gap;
}
// SPDX-License-Identifier: BSL 1.1 - Blend (c) Non Fungible Trading Ltd.
pragma solidity 0.8.17;
import "lib/solmate/src/utils/SignedWadMath.sol";
import { InvalidRepayment } from "./lib/Errors.sol";
import "./lib/Structs.sol";
import "../pool/interfaces/IBlurPool.sol";
import { IBlurExchangeV2 as IExchangeV2 } from "../exchangeV2/interfaces/IBlurExchangeV2.sol";
import { Order as OrderV1, SignatureVersion, Side } from "../exchangeV1/lib/OrderStructs.sol";
import {
TakeAskSingle,
TakeBidSingle,
FeeRate,
Taker,
Exchange,
Order as OrderV2,
AssetType
} from "../exchangeV2/lib/Structs.sol";
interface IExchange {
function execute(Input calldata sell, Input calldata buy) external payable;
}
library Helpers {
int256 private constant _YEAR_WAD = 365 days * 1e18;
uint256 private constant _LIQUIDATION_THRESHOLD = 100_000;
uint256 private constant _BASIS_POINTS = 10_000;
error InvalidExecution();
/**
* @dev Computes the current debt of a borrow given the last time it was touched and the last computed debt.
* @param amount Principal in ETH
* @param startTime Start time of the loan
* @param rate Interest rate (in bips)
* @dev Formula: https://www.desmos.com/calculator/l6omp0rwnh
*/
function computeCurrentDebt(
uint256 amount,
uint256 rate,
uint256 startTime
) public view returns (uint256) {
uint256 loanTime = block.timestamp - startTime;
int256 yearsWad = wadDiv(int256(loanTime) * 1e18, _YEAR_WAD);
return uint256(wadMul(int256(amount), wadExp(wadMul(yearsWad, bipsToSignedWads(rate)))));
}
/**
* @dev Calculates the current maximum interest rate a specific refinancing
* auction could settle at currently given the auction's start block and duration.
* @param startBlock The block the auction started at
* @param oldRate Previous interest rate (in bips)
* @dev Formula: https://www.desmos.com/calculator/urasr71dhb
*/
function calcRefinancingAuctionRate(
uint256 startBlock,
uint256 auctionDuration,
uint256 oldRate
) public view returns (uint256) {
uint256 currentAuctionBlock = block.number - startBlock;
int256 oldRateWads = bipsToSignedWads(oldRate);
uint256 auctionT1 = auctionDuration / 5;
uint256 auctionT2 = (4 * auctionDuration) / 5;
int256 maxRateWads;
{
int256 aInverse = -bipsToSignedWads(15000);
int256 b = 2;
int256 maxMinRateWads = bipsToSignedWads(500);
if (oldRateWads < -((b * aInverse) / 2)) {
maxRateWads = maxMinRateWads + (oldRateWads ** 2) / aInverse + b * oldRateWads;
} else {
maxRateWads = maxMinRateWads - ((b ** 2) * aInverse) / 4;
}
}
int256 startSlope = maxRateWads / int256(auctionT1); // wad-bips per block
int256 middleSlope = bipsToSignedWads(9000) / int256((3 * auctionDuration) / 5) + 1; // wad-bips per block (add one to account for rounding)
int256 middleB = maxRateWads - int256(auctionT1) * middleSlope;
if (currentAuctionBlock < auctionT1) {
return signedWadsToBips(startSlope * int256(currentAuctionBlock));
} else if (currentAuctionBlock < auctionT2) {
return signedWadsToBips(middleSlope * int256(currentAuctionBlock) + middleB);
} else if (currentAuctionBlock < auctionDuration) {
int256 endSlope;
int256 endB;
{
endSlope =
(bipsToSignedWads(_LIQUIDATION_THRESHOLD) -
((int256(auctionT2) * middleSlope) + middleB)) /
int256(auctionDuration - auctionT2); // wad-bips per block
endB =
bipsToSignedWads(_LIQUIDATION_THRESHOLD) -
int256(auctionDuration) *
endSlope;
}
return signedWadsToBips(endSlope * int256(currentAuctionBlock) + endB);
} else {
return _LIQUIDATION_THRESHOLD;
}
}
/**
* @dev Converts an integer bips value to a signed wad value.
*/
function bipsToSignedWads(uint256 bips) public pure returns (int256) {
return int256((bips * 1e18) / _BASIS_POINTS);
}
/**
* @dev Converts a signed wad value to an integer bips value.
*/
function signedWadsToBips(int256 wads) public pure returns (uint256) {
return uint256((wads * int256(_BASIS_POINTS)) / 1e18);
}
function executeTakeBid(
Lien calldata lien,
uint256 lienId,
ExecutionV1 calldata execution,
uint256 debt,
IBlurPool pool,
IExchange exchange,
address delegate,
address matchingPolicy
) external {
/* Create sell side order from Blend. */
OrderV1 memory sellOrder = OrderV1({
trader: address(this),
side: Side.Sell,
matchingPolicy: matchingPolicy,
collection: address(lien.collection),
tokenId: lien.tokenId,
amount: 1,
paymentToken: address(pool),
price: execution.makerOrder.order.price,
listingTime: execution.makerOrder.order.listingTime + 1, // listingTime determines maker/taker
expirationTime: type(uint256).max,
fees: new Fee[](0),
salt: lienId, // prevent reused order hash
extraParams: "\\x01" // require oracle signature
});
Input memory sell = Input({
order: sellOrder,
v: 0,
r: bytes32(0),
s: bytes32(0),
extraSignature: execution.extraSignature,
signatureVersion: SignatureVersion.Single,
blockNumber: execution.blockNumber
});
/* Execute marketplace order. */
uint256 balanceBefore = pool.balanceOf(address(this));
lien.collection.approve(delegate, lien.tokenId);
exchange.execute(sell, execution.makerOrder);
/* Determine the funds received from the sale (after fees). */
uint256 amountReceivedFromSale = pool.balanceOf(address(this)) - balanceBefore;
if (amountReceivedFromSale < debt) {
revert InvalidRepayment();
}
/* Repay lender. */
pool.transferFrom(address(this), lien.lender, debt);
/* Send surplus to borrower. */
unchecked {
pool.transferFrom(address(this), lien.borrower, amountReceivedFromSale - debt);
}
}
function executeTakeAskV2(
LoanOffer calldata offer,
AskExecutionV2 calldata execution,
uint256 loanAmount,
uint256 collateralTokenId,
uint256 price,
IBlurPool pool,
IExchangeV2 exchangeV2
) external {
OrderV2 calldata order = execution.order;
if (address(offer.collection) != order.collection || order.assetType != AssetType.ERC721) {
revert InvalidExecution();
}
/* Transfer funds. */
/* Need to retrieve the ETH to fund the marketplace execution. */
if (loanAmount < price) {
/* Take funds from lender. */
pool.withdrawFrom(offer.lender, address(this), loanAmount);
/* Supplement difference from borrower. */
unchecked {
pool.withdrawFrom(msg.sender, address(this), price - loanAmount);
}
} else {
/* Take funds from lender. */
pool.withdrawFrom(offer.lender, address(this), price);
/* Send surplus to borrower. */
unchecked {
pool.transferFrom(offer.lender, msg.sender, loanAmount - price);
}
}
TakeAskSingle memory execute = TakeAskSingle({
order: execution.order,
exchange: Exchange({
index: 0,
proof: execution.proof,
listing: Listing({
index: execution.listing.index,
tokenId: collateralTokenId,
amount: 1,
price: price
}),
taker: Taker({ tokenId: collateralTokenId, amount: 1 })
}),
takerFee: FeeRate(address(0), 0),
signature: execution.signature,
tokenRecipient: address(this)
});
exchangeV2.takeAskSingle{ value: price }(execute, execution.oracleSignature);
}
function executeTakeAsk(
LoanOffer calldata offer,
ExecutionV1 calldata execution,
uint256 loanAmount,
uint256 collateralTokenId,
uint256 price,
IBlurPool pool,
IExchange exchange,
address matchingPolicy
) external {
/* Transfer funds. */
/* Need to retrieve the ETH to fund the marketplace execution. */
if (loanAmount < price) {
/* Take funds from lender. */
pool.withdrawFrom(offer.lender, address(this), loanAmount);
/* Supplement difference from borrower. */
unchecked {
pool.withdrawFrom(msg.sender, address(this), price - loanAmount);
}
} else {
/* Take funds from lender. */
pool.withdrawFrom(offer.lender, address(this), price);
/* Send surplus to borrower. */
unchecked {
pool.transferFrom(offer.lender, msg.sender, loanAmount - price);
}
}
OrderV1 memory buyOrder = OrderV1({
trader: address(this),
side: Side.Buy,
matchingPolicy: matchingPolicy,
collection: address(offer.collection),
tokenId: collateralTokenId,
amount: 1,
paymentToken: address(0),
price: price,
listingTime: execution.makerOrder.order.listingTime + 1, // listingTime determines maker/taker
expirationTime: type(uint256).max,
fees: new Fee[](0),
salt: uint160(execution.makerOrder.order.trader), // prevent reused order hash
extraParams: "\\x01" // require oracle signature
});
Input memory buy = Input({
order: buyOrder,
v: 0,
r: bytes32(0),
s: bytes32(0),
extraSignature: execution.extraSignature,
signatureVersion: SignatureVersion.Single,
blockNumber: execution.blockNumber
});
/* Execute order using ETH currently in contract. */
exchange.execute{ value: price }(execution.makerOrder, buy);
}
function executeTakeBidV2(
Lien calldata lien,
BidExecutionV2 calldata execution,
uint256 debt,
IBlurPool pool,
IExchangeV2 exchangeV2,
address delegateV2
) external {
OrderV2 calldata order = execution.order;
if (address(lien.collection) != order.collection || order.assetType != AssetType.ERC721) {
revert InvalidExecution();
}
uint256 balanceBefore = pool.balanceOf(address(this));
TakeBidSingle memory execute = TakeBidSingle({
order: execution.order,
exchange: Exchange({
index: 0,
proof: execution.proof,
listing: execution.listing,
taker: Taker({ tokenId: lien.tokenId, amount: 1 })
}),
takerFee: FeeRate(address(0), 0),
signature: execution.signature
});
/* Execute marketplace order. */
lien.collection.approve(delegateV2, lien.tokenId);
exchangeV2.takeBidSingle(execute, execution.oracleSignature);
/* Determine the funds received from the sale (after fees). */
uint256 amountReceivedFromSale = pool.balanceOf(address(this)) - balanceBefore;
if (amountReceivedFromSale < debt) {
revert InvalidRepayment();
}
/* Repay lender. */
pool.transferFrom(address(this), lien.lender, debt);
/* Send surplus to borrower. */
unchecked {
pool.transferFrom(address(this), lien.borrower, amountReceivedFromSale - debt);
}
}
}
// SPDX-License-Identifier: MIT
pragma solidity 0.8.17;
import "lib/solmate/src/tokens/ERC721.sol";
import { Input, Fee } from "../../exchangeV1/lib/OrderStructs.sol";
import { Order as OrderV2, Listing } from "../../exchangeV2/lib/Structs.sol";
struct LienPointer {
Lien lien;
uint256 lienId;
}
struct SellOffer {
address borrower;
uint256 lienId;
uint256 price;
uint256 expirationTime;
uint256 salt;
address oracle;
Fee[] fees;
}
struct Lien {
address lender;
address borrower;
ERC721 collection;
uint256 tokenId;
uint256 amount;
uint256 startTime;
uint256 rate;
uint256 auctionStartBlock;
uint256 auctionDuration;
}
struct LoanOffer {
address lender;
ERC721 collection;
uint256 totalAmount;
uint256 minAmount;
uint256 maxAmount;
uint256 auctionDuration;
uint256 salt;
uint256 expirationTime;
uint256 rate;
address oracle;
}
struct LoanInput {
LoanOffer offer;
bytes signature;
}
struct SellInput {
SellOffer offer;
bytes signature;
}
struct ExecutionV1 {
Input makerOrder;
bytes extraSignature;
uint256 blockNumber;
}
struct BidExecutionV2 {
OrderV2 order;
Listing listing;
bytes32[] proof;
bytes signature;
bytes oracleSignature;
}
struct AskExecutionV2 {
OrderV2 order;
Listing listing;
bytes32[] proof;
bytes signature;
bytes oracleSignature;
}
// SPDX-License-Identifier: BSL 1.1 - Blend (c) Non Fungible Trading Ltd.
pragma solidity 0.8.17;
import "lib/openzeppelin-contracts-upgradeable/contracts/access/Ownable2StepUpgradeable.sol";
import "./lib/Signatures.sol";
import "./interfaces/IOfferController.sol";
abstract contract OfferController is IOfferController, Signatures, Ownable2StepUpgradeable {
mapping(address => mapping(uint256 => uint256)) public cancelledOrFulfilled;
uint256[50] private _gap;
/**
* @notice Assert offer validity
* @param offerHash Offer hash
* @param signer Address of offer signer
* @param oracle Address of oracle
* @param signature Packed signature array
* @param expirationTime Offer expiration time
* @param salt Offer salt
*/
function _validateOffer(
bytes32 offerHash,
address signer,
address oracle,
bytes calldata signature,
uint256 expirationTime,
uint256 salt
) internal view {
_verifyOfferAuthorization(offerHash, signer, oracle, signature);
if (expirationTime < block.timestamp) {
revert OfferExpired();
}
if (cancelledOrFulfilled[signer][salt] == 1) {
revert OfferUnavailable();
}
}
/*/////////////////////////////////////////
CANCEL FUNCTIONS
/////////////////////////////////////////*/
/**
* @notice Cancels offer salt for caller
* @param salt Unique offer salt
*/
function cancelOffer(uint256 salt) external {
_cancelOffer(msg.sender, salt);
}
/**
* @notice Cancels offers in bulk for caller
* @param salts List of offer salts
*/
function cancelOffers(uint256[] calldata salts) external {
uint256 saltsLength = salts.length;
for (uint256 i; i < saltsLength; ) {
_cancelOffer(msg.sender, salts[i]);
unchecked {
++i;
}
}
}
/**
* @notice Cancels all offers by incrementing caller nonce
*/
function incrementNonce() external {
_incrementNonce(msg.sender);
}
/**
* @notice Cancel offer by user and salt
* @param user Address of user
* @param salt Unique offer salt
*/
function _cancelOffer(address user, uint256 salt) private {
cancelledOrFulfilled[user][salt] = 1;
emit OfferCancelled(user, salt);
}
/**
* @notice Cancel all orders by incrementing the user nonce
* @param user Address of user
*/
function _incrementNonce(address user) internal {
emit NonceIncremented(user, ++nonces[user]);
}
/*/////////////////////////////////////////
ADMIN FUNCTIONS
/////////////////////////////////////////*/
/**
* @notice Set approval for an oracle address
* @param oracle Address of oracle
* @param approved Whether the oracle is approved
*/
function setOracle(address oracle, bool approved) external onlyOwner {
if (approved) {
oracles[oracle] = 1;
} else {
oracles[oracle] = 0;
}
}
/**
* @notice Set the block range expiry of oracle signatures
* @param _blockRange Block range
*/
function setBlockRange(uint256 _blockRange) external onlyOwner {
blockRange = _blockRange;
}
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "../lib/Structs.sol";
import "./IOfferController.sol";
interface IBlend is IOfferController {
event LoanOfferTaken(
bytes32 offerHash,
uint256 lienId,
address collection,
address lender,
address borrower,
uint256 loanAmount,
uint256 rate,
uint256 tokenId,
uint256 auctionDuration
);
event Repay(uint256 lienId, address collection);
event StartAuction(uint256 lienId, address collection);
event Refinance(
uint256 lienId,
address collection,
address newLender,
uint256 newAmount,
uint256 newRate,
uint256 newAuctionDuration
);
event Seize(uint256 lienId, address collection);
event BuyLocked(
uint256 lienId,
address collection,
address buyer,
address seller,
uint256 tokenId
);
function amountTaken(bytes32 offerHash) external view returns (uint256);
function liens(uint256 lienId) external view returns (bytes32);
/*//////////////////////////////////////////////////
BORROW FLOWS
//////////////////////////////////////////////////*/
function borrow(
LoanOffer calldata offer,
bytes calldata signature,
uint256 loanAmount,
uint256 collateralId
) external returns (uint256 lienId);
function repay(Lien calldata lien, uint256 lienId) external;
/*//////////////////////////////////////////////////
REFINANCING FLOWS
//////////////////////////////////////////////////*/
function startAuction(Lien calldata lien, uint256 lienId) external;
function seize(LienPointer[] calldata lienPointers) external;
function refinance(
Lien calldata lien,
uint256 lienId,
LoanOffer calldata offer,
bytes calldata signature
) external;
function refinanceAuction(Lien calldata lien, uint256 lienId, uint256 rate) external;
function refinanceAuctionByOther(
Lien calldata lien,
uint256 lienId,
LoanOffer calldata offer,
bytes calldata signature
) external;
function borrowerRefinance(
Lien calldata lien,
uint256 lienId,
uint256 loanAmount,
LoanOffer calldata offer,
bytes calldata signature
) external;
/*//////////////////////////////////////////////////
MARKETPLACE FLOWS
//////////////////////////////////////////////////*/
function buyToBorrow(
LoanOffer calldata offer,
bytes calldata signature,
uint256 loanAmount,
ExecutionV1 calldata execution
) external returns (uint256 lienId);
function buyToBorrowETH(
LoanOffer calldata offer,
bytes calldata signature,
uint256 loanAmount,
ExecutionV1 calldata execution
) external payable returns (uint256 lienId);
function buyToBorrowLocked(
Lien calldata lien,
SellInput calldata sellInput,
LoanInput calldata loanInput,
uint256 loanAmount
) external returns (uint256 lienId);
function buyToBorrowLockedETH(
Lien calldata lien,
SellInput calldata sellInput,
LoanInput calldata loanInput,
uint256 loanAmount
) external payable returns (uint256 lienId);
function buyLocked(
Lien calldata lien,
SellOffer calldata offer,
bytes calldata signature
) external;
function buyLockedETH(
Lien calldata lien,
SellOffer calldata offer,
bytes calldata signature
) external payable;
function takeBid(Lien calldata lien, uint256 lienId, ExecutionV1 calldata execution) external;
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
interface IBlurPool {
event Transfer(address indexed from, address indexed to, uint256 amount);
function initialize() external;
function decimals() external pure returns (uint8);
function totalSupply() external view returns (uint256);
function balanceOf(address user) external view returns (uint256);
function deposit() external payable;
function deposit(address user) external payable;
function withdraw(uint256 amount) external;
function withdrawFrom(address from, address to, uint256 amount) external;
function transferFrom(address from, address to, uint256 amount) external returns (bool);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (interfaces/draft-IERC1822.sol)
pragma solidity ^0.8.0;
/**
* @dev ERC1822: Universal Upgradeable Proxy Standard (UUPS) documents a method for upgradeability through a simplified
* proxy whose upgrades are fully controlled by the current implementation.
*/
interface IERC1822ProxiableUpgradeable {
/**
* @dev Returns the storage slot that the proxiable contract assumes is being used to store the implementation
* address.
*
* IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks
* bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this
* function revert if invoked through a proxy.
*/
function proxiableUUID() external view returns (bytes32);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.3) (proxy/ERC1967/ERC1967Upgrade.sol)
pragma solidity ^0.8.2;
import "../beacon/IBeaconUpgradeable.sol";
import "../../interfaces/IERC1967Upgradeable.sol";
import "../../interfaces/draft-IERC1822Upgradeable.sol";
import "../../utils/AddressUpgradeable.sol";
import "../../utils/StorageSlotUpgradeable.sol";
import "../utils/Initializable.sol";
/**
* @dev This abstract contract provides getters and event emitting update functions for
* https://eips.ethereum.org/EIPS/eip-1967[EIP1967] slots.
*
* _Available since v4.1._
*
* @custom:oz-upgrades-unsafe-allow delegatecall
*/
abstract contract ERC1967UpgradeUpgradeable is Initializable, IERC1967Upgradeable {
function __ERC1967Upgrade_init() internal onlyInitializing {
}
function __ERC1967Upgrade_init_unchained() internal onlyInitializing {
}
// This is the keccak-256 hash of "eip1967.proxy.rollback" subtracted by 1
bytes32 private constant _ROLLBACK_SLOT = 0x4910fdfa16fed3260ed0e7147f7cc6da11a60208b5b9406d12a635614ffd9143;
/**
* @dev Storage slot with the address of the current implementation.
* This is the keccak-256 hash of "eip1967.proxy.implementation" subtracted by 1, and is
* validated in the constructor.
*/
bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
/**
* @dev Returns the current implementation address.
*/
function _getImplementation() internal view returns (address) {
return StorageSlotUpgradeable.getAddressSlot(_IMPLEMENTATION_SLOT).value;
}
/**
* @dev Stores a new address in the EIP1967 implementation slot.
*/
function _setImplementation(address newImplementation) private {
require(AddressUpgradeable.isContract(newImplementation), "ERC1967: new implementation is not a contract");
StorageSlotUpgradeable.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
}
/**
* @dev Perform implementation upgrade
*
* Emits an {Upgraded} event.
*/
function _upgradeTo(address newImplementation) internal {
_setImplementation(newImplementation);
emit Upgraded(newImplementation);
}
/**
* @dev Perform implementation upgrade with additional setup call.
*
* Emits an {Upgraded} event.
*/
function _upgradeToAndCall(
address newImplementation,
bytes memory data,
bool forceCall
) internal {
_upgradeTo(newImplementation);
if (data.length > 0 || forceCall) {
_functionDelegateCall(newImplementation, data);
}
}
/**
* @dev Perform implementation upgrade with security checks for UUPS proxies, and additional setup call.
*
* Emits an {Upgraded} event.
*/
function _upgradeToAndCallUUPS(
address newImplementation,
bytes memory data,
bool forceCall
) internal {
// Upgrades from old implementations will perform a rollback test. This test requires the new
// implementation to upgrade back to the old, non-ERC1822 compliant, implementation. Removing
// this special case will break upgrade paths from old UUPS implementation to new ones.
if (StorageSlotUpgradeable.getBooleanSlot(_ROLLBACK_SLOT).value) {
_setImplementation(newImplementation);
} else {
try IERC1822ProxiableUpgradeable(newImplementation).proxiableUUID() returns (bytes32 slot) {
require(slot == _IMPLEMENTATION_SLOT, "ERC1967Upgrade: unsupported proxiableUUID");
} catch {
revert("ERC1967Upgrade: new implementation is not UUPS");
}
_upgradeToAndCall(newImplementation, data, forceCall);
}
}
/**
* @dev Storage slot with the admin of the contract.
* This is the keccak-256 hash of "eip1967.proxy.admin" subtracted by 1, and is
* validated in the constructor.
*/
bytes32 internal constant _ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;
/**
* @dev Returns the current admin.
*/
function _getAdmin() internal view returns (address) {
return StorageSlotUpgradeable.getAddressSlot(_ADMIN_SLOT).value;
}
/**
* @dev Stores a new address in the EIP1967 admin slot.
*/
function _setAdmin(address newAdmin) private {
require(newAdmin != address(0), "ERC1967: new admin is the zero address");
StorageSlotUpgradeable.getAddressSlot(_ADMIN_SLOT).value = newAdmin;
}
/**
* @dev Changes the admin of the proxy.
*
* Emits an {AdminChanged} event.
*/
function _changeAdmin(address newAdmin) internal {
emit AdminChanged(_getAdmin(), newAdmin);
_setAdmin(newAdmin);
}
/**
* @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy.
* This is bytes32(uint256(keccak256('eip1967.proxy.beacon')) - 1)) and is validated in the constructor.
*/
bytes32 internal constant _BEACON_SLOT = 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50;
/**
* @dev Returns the current beacon.
*/
function _getBeacon() internal view returns (address) {
return StorageSlotUpgradeable.getAddressSlot(_BEACON_SLOT).value;
}
/**
* @dev Stores a new beacon in the EIP1967 beacon slot.
*/
function _setBeacon(address newBeacon) private {
require(AddressUpgradeable.isContract(newBeacon), "ERC1967: new beacon is not a contract");
require(
AddressUpgradeable.isContract(IBeaconUpgradeable(newBeacon).implementation()),
"ERC1967: beacon implementation is not a contract"
);
StorageSlotUpgradeable.getAddressSlot(_BEACON_SLOT).value = newBeacon;
}
/**
* @dev Perform beacon upgrade with additional setup call. Note: This upgrades the address of the beacon, it does
* not upgrade the implementation contained in the beacon (see {UpgradeableBeacon-_setImplementation} for that).
*
* Emits a {BeaconUpgraded} event.
*/
function _upgradeBeaconToAndCall(
address newBeacon,
bytes memory data,
bool forceCall
) internal {
_setBeacon(newBeacon);
emit BeaconUpgraded(newBeacon);
if (data.length > 0 || forceCall) {
_functionDelegateCall(IBeaconUpgradeable(newBeacon).implementation(), data);
}
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function _functionDelegateCall(address target, bytes memory data) private returns (bytes memory) {
require(AddressUpgradeable.isContract(target), "Address: delegate call to non-contract");
// solhint-disable-next-line avoid-low-level-calls
(bool success, bytes memory returndata) = target.delegatecall(data);
return AddressUpgradeable.verifyCallResult(success, returndata, "Address: low-level delegate call failed");
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[50] private __gap;
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.1) (proxy/utils/Initializable.sol)
pragma solidity ^0.8.2;
import "../../utils/AddressUpgradeable.sol";
/**
* @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
* behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
* external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
* function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
*
* The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
* reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
* case an upgrade adds a module that needs to be initialized.
*
* For example:
*
* [.hljs-theme-light.nopadding]
* ```
* contract MyToken is ERC20Upgradeable {
* function initialize() initializer public {
* __ERC20_init("MyToken", "MTK");
* }
* }
* contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
* function initializeV2() reinitializer(2) public {
* __ERC20Permit_init("MyToken");
* }
* }
* ```
*
* TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
* possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
*
* CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
* that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
*
* [CAUTION]
* ====
* Avoid leaving a contract uninitialized.
*
* An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
* contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
* the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
*
* [.hljs-theme-light.nopadding]
* ```
* /// @custom:oz-upgrades-unsafe-allow constructor
* constructor() {
* _disableInitializers();
* }
* ```
* ====
*/
abstract contract Initializable {
/**
* @dev Indicates that the contract has been initialized.
* @custom:oz-retyped-from bool
*/
uint8 private _initialized;
/**
* @dev Indicates that the contract is in the process of being initialized.
*/
bool private _initializing;
/**
* @dev Triggered when the contract has been initialized or reinitialized.
*/
event Initialized(uint8 version);
/**
* @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
* `onlyInitializing` functions can be used to initialize parent contracts.
*
* Similar to `reinitializer(1)`, except that functions marked with `initializer` can be nested in the context of a
* constructor.
*
* Emits an {Initialized} event.
*/
modifier initializer() {
bool isTopLevelCall = !_initializing;
require(
(isTopLevelCall && _initialized < 1) || (!AddressUpgradeable.isContract(address(this)) && _initialized == 1),
"Initializable: contract is already initialized"
);
_initialized = 1;
if (isTopLevelCall) {
_initializing = true;
}
_;
if (isTopLevelCall) {
_initializing = false;
emit Initialized(1);
}
}
/**
* @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
* contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
* used to initialize parent contracts.
*
* A reinitializer may be used after the original initialization step. This is essential to configure modules that
* are added through upgrades and that require initialization.
*
* When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`
* cannot be nested. If one is invoked in the context of another, execution will revert.
*
* Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
* a contract, executing them in the right order is up to the developer or operator.
*
* WARNING: setting the version to 255 will prevent any future reinitialization.
*
* Emits an {Initialized} event.
*/
modifier reinitializer(uint8 version) {
require(!_initializing && _initialized < version, "Initializable: contract is already initialized");
_initialized = version;
_initializing = true;
_;
_initializing = false;
emit Initialized(version);
}
/**
* @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
* {initializer} and {reinitializer} modifiers, directly or indirectly.
*/
modifier onlyInitializing() {
require(_initializing, "Initializable: contract is not initializing");
_;
}
/**
* @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
* Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
* to any version. It is recommended to use this to lock implementation contracts that are designed to be called
* through proxies.
*
* Emits an {Initialized} event the first time it is successfully executed.
*/
function _disableInitializers() internal virtual {
require(!_initializing, "Initializable: contract is initializing");
if (_initialized < type(uint8).max) {
_initialized = type(uint8).max;
emit Initialized(type(uint8).max);
}
}
/**
* @dev Returns the highest version that has been initialized. See {reinitializer}.
*/
function _getInitializedVersion() internal view returns (uint8) {
return _initialized;
}
/**
* @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.
*/
function _isInitializing() internal view returns (bool) {
return _initializing;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (proxy/beacon/IBeacon.sol)
pragma solidity ^0.8.0;
/**
* @dev This is the interface that {BeaconProxy} expects of its beacon.
*/
interface IBeaconUpgradeable {
/**
* @dev Must return an address that can be used as a delegate call target.
*
* {BeaconProxy} will check that this address is a contract.
*/
function implementation() external view returns (address);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.3) (interfaces/IERC1967.sol)
pragma solidity ^0.8.0;
/**
* @dev ERC-1967: Proxy Storage Slots. This interface contains the events defined in the ERC.
*
* _Available since v4.9._
*/
interface IERC1967Upgradeable {
/**
* @dev Emitted when the implementation is upgraded.
*/
event Upgraded(address indexed implementation);
/**
* @dev Emitted when the admin account has changed.
*/
event AdminChanged(address previousAdmin, address newAdmin);
/**
* @dev Emitted when the beacon is changed.
*/
event BeaconUpgraded(address indexed beacon);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (utils/Address.sol)
pragma solidity ^0.8.1;
/**
* @dev Collection of functions related to the address type
*/
library AddressUpgradeable {
/**
* @dev Returns true if `account` is a contract.
*
* [IMPORTANT]
* ====
* It is unsafe to assume that an address for which this function returns
* false is an externally-owned account (EOA) and not a contract.
*
* Among others, `isContract` will return false for the following
* types of addresses:
*
* - an externally-owned account
* - a contract in construction
* - an address where a contract will be created
* - an address where a contract lived, but was destroyed
* ====
*
* [IMPORTANT]
* ====
* You shouldn't rely on `isContract` to protect against flash loan attacks!
*
* Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
* like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
* constructor.
* ====
*/
function isContract(address account) internal view returns (bool) {
// This method relies on extcodesize/address.code.length, which returns 0
// for contracts in construction, since the code is only stored at the end
// of the constructor execution.
return account.code.length > 0;
}
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
require(address(this).balance >= amount, "Address: insufficient balance");
(bool success, ) = recipient.call{value: amount}("");
require(success, "Address: unable to send value, recipient may have reverted");
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason, it is bubbled up by this
* function (like regular Solidity function calls).
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*
* _Available since v3.1._
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, "Address: low-level call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
* `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value
) internal returns (bytes memory) {
return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
}
/**
* @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
* with `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value,
string memory errorMessage
) internal returns (bytes memory) {
require(address(this).balance >= value, "Address: insufficient balance for call");
(bool success, bytes memory returndata) = target.call{value: value}(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
return functionStaticCall(target, data, "Address: low-level static call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(
address target,
bytes memory data,
string memory errorMessage
) internal view returns (bytes memory) {
(bool success, bytes memory returndata) = target.staticcall(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling
* the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.
*
* _Available since v4.8._
*/
function verifyCallResultFromTarget(
address target,
bool success,
bytes memory returndata,
string memory errorMessage
) internal view returns (bytes memory) {
if (success) {
if (returndata.length == 0) {
// only check isContract if the call was successful and the return data is empty
// otherwise we already know that it was a contract
require(isContract(target), "Address: call to non-contract");
}
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
/**
* @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the
* revert reason or using the provided one.
*
* _Available since v4.3._
*/
function verifyCallResult(
bool success,
bytes memory returndata,
string memory errorMessage
) internal pure returns (bytes memory) {
if (success) {
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
function _revert(bytes memory returndata, string memory errorMessage) private pure {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly
/// @solidity memory-safe-assembly
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert(errorMessage);
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (utils/StorageSlot.sol)
pragma solidity ^0.8.0;
/**
* @dev Library for reading and writing primitive types to specific storage slots.
*
* Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.
* This library helps with reading and writing to such slots without the need for inline assembly.
*
* The functions in this library return Slot structs that contain a `value` member that can be used to read or write.
*
* Example usage to set ERC1967 implementation slot:
* ```
* contract ERC1967 {
* bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
*
* function _getImplementation() internal view returns (address) {
* return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
* }
*
* function _setImplementation(address newImplementation) internal {
* require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract");
* StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
* }
* }
* ```
*
* _Available since v4.1 for `address`, `bool`, `bytes32`, and `uint256`._
*/
library StorageSlotUpgradeable {
struct AddressSlot {
address value;
}
struct BooleanSlot {
bool value;
}
struct Bytes32Slot {
bytes32 value;
}
struct Uint256Slot {
uint256 value;
}
/**
* @dev Returns an `AddressSlot` with member `value` located at `slot`.
*/
function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `BooleanSlot` with member `value` located at `slot`.
*/
function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Bytes32Slot` with member `value` located at `slot`.
*/
function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Uint256Slot` with member `value` located at `slot`.
*/
function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
}
// SPDX-License-Identifier: MIT
pragma solidity >=0.8.0;
/// @notice Signed 18 decimal fixed point (wad) arithmetic library.
/// @author Solmate (https://github.com/transmissions11/solmate/blob/main/src/utils/SignedWadMath.sol)
/// @author Modified from Remco Bloemen (https://xn--2-umb.com/22/exp-ln/index.html)
/// @dev Will not revert on overflow, only use where overflow is not possible.
function toWadUnsafe(uint256 x) pure returns (int256 r) {
/// @solidity memory-safe-assembly
assembly {
// Multiply x by 1e18.
r := mul(x, 1000000000000000000)
}
}
/// @dev Takes an integer amount of seconds and converts it to a wad amount of days.
/// @dev Will not revert on overflow, only use where overflow is not possible.
/// @dev Not meant for negative second amounts, it assumes x is positive.
function toDaysWadUnsafe(uint256 x) pure returns (int256 r) {
/// @solidity memory-safe-assembly
assembly {
// Multiply x by 1e18 and then divide it by 86400.
r := div(mul(x, 1000000000000000000), 86400)
}
}
/// @dev Takes a wad amount of days and converts it to an integer amount of seconds.
/// @dev Will not revert on overflow, only use where overflow is not possible.
/// @dev Not meant for negative day amounts, it assumes x is positive.
function fromDaysWadUnsafe(int256 x) pure returns (uint256 r) {
/// @solidity memory-safe-assembly
assembly {
// Multiply x by 86400 and then divide it by 1e18.
r := div(mul(x, 86400), 1000000000000000000)
}
}
/// @dev Will not revert on overflow, only use where overflow is not possible.
function unsafeWadMul(int256 x, int256 y) pure returns (int256 r) {
/// @solidity memory-safe-assembly
assembly {
// Multiply x by y and divide by 1e18.
r := sdiv(mul(x, y), 1000000000000000000)
}
}
/// @dev Will return 0 instead of reverting if y is zero and will
/// not revert on overflow, only use where overflow is not possible.
function unsafeWadDiv(int256 x, int256 y) pure returns (int256 r) {
/// @solidity memory-safe-assembly
assembly {
// Multiply x by 1e18 and divide it by y.
r := sdiv(mul(x, 1000000000000000000), y)
}
}
function wadMul(int256 x, int256 y) pure returns (int256 r) {
/// @solidity memory-safe-assembly
assembly {
// Store x * y in r for now.
r := mul(x, y)
// Equivalent to require(x == 0 || (x * y) / x == y)
if iszero(or(iszero(x), eq(sdiv(r, x), y))) {
revert(0, 0)
}
// Scale the result down by 1e18.
r := sdiv(r, 1000000000000000000)
}
}
function wadDiv(int256 x, int256 y) pure returns (int256 r) {
/// @solidity memory-safe-assembly
assembly {
// Store x * 1e18 in r for now.
r := mul(x, 1000000000000000000)
// Equivalent to require(y != 0 && ((x * 1e18) / 1e18 == x))
if iszero(and(iszero(iszero(y)), eq(sdiv(r, 1000000000000000000), x))) {
revert(0, 0)
}
// Divide r by y.
r := sdiv(r, y)
}
}
/// @dev Will not work with negative bases, only use when x is positive.
function wadPow(int256 x, int256 y) pure returns (int256) {
// Equivalent to x to the power of y because x ** y = (e ** ln(x)) ** y = e ** (ln(x) * y)
return wadExp((wadLn(x) * y) / 1e18); // Using ln(x) means x must be greater than 0.
}
function wadExp(int256 x) pure returns (int256 r) {
unchecked {
// When the result is < 0.5 we return zero. This happens when
// x <= floor(log(0.5e18) * 1e18) ~ -42e18
if (x <= -42139678854452767551) return 0;
// When the result is > (2**255 - 1) / 1e18 we can not represent it as an
// int. This happens when x >= floor(log((2**255 - 1) / 1e18) * 1e18) ~ 135.
if (x >= 135305999368893231589) revert("EXP_OVERFLOW");
// x is now in the range (-42, 136) * 1e18. Convert to (-42, 136) * 2**96
// for more intermediate precision and a binary basis. This base conversion
// is a multiplication by 1e18 / 2**96 = 5**18 / 2**78.
x = (x << 78) / 5**18;
// Reduce range of x to (-½ ln 2, ½ ln 2) * 2**96 by factoring out powers
// of two such that exp(x) = exp(x') * 2**k, where k is an integer.
// Solving this gives k = round(x / log(2)) and x' = x - k * log(2).
int256 k = ((x << 96) / 54916777467707473351141471128 + 2**95) >> 96;
x = x - k * 54916777467707473351141471128;
// k is in the range [-61, 195].
// Evaluate using a (6, 7)-term rational approximation.
// p is made monic, we'll multiply by a scale factor later.
int256 y = x + 1346386616545796478920950773328;
y = ((y * x) >> 96) + 57155421227552351082224309758442;
int256 p = y + x - 94201549194550492254356042504812;
p = ((p * y) >> 96) + 28719021644029726153956944680412240;
p = p * x + (4385272521454847904659076985693276 << 96);
// We leave p in 2**192 basis so we don't need to scale it back up for the division.
int256 q = x - 2855989394907223263936484059900;
q = ((q * x) >> 96) + 50020603652535783019961831881945;
q = ((q * x) >> 96) - 533845033583426703283633433725380;
q = ((q * x) >> 96) + 3604857256930695427073651918091429;
q = ((q * x) >> 96) - 14423608567350463180887372962807573;
q = ((q * x) >> 96) + 26449188498355588339934803723976023;
/// @solidity memory-safe-assembly
assembly {
// Div in assembly because solidity adds a zero check despite the unchecked.
// The q polynomial won't have zeros in the domain as all its roots are complex.
// No scaling is necessary because p is already 2**96 too large.
r := sdiv(p, q)
}
// r should be in the range (0.09, 0.25) * 2**96.
// We now need to multiply r by:
// * the scale factor s = ~6.031367120.
// * the 2**k factor from the range reduction.
// * the 1e18 / 2**96 factor for base conversion.
// We do this all at once, with an intermediate result in 2**213
// basis, so the final right shift is always by a positive amount.
r = int256((uint256(r) * 3822833074963236453042738258902158003155416615667) >> uint256(195 - k));
}
}
function wadLn(int256 x) pure returns (int256 r) {
unchecked {
require(x > 0, "UNDEFINED");
// We want to convert x from 10**18 fixed point to 2**96 fixed point.
// We do this by multiplying by 2**96 / 10**18. But since
// ln(x * C) = ln(x) + ln(C), we can simply do nothing here
// and add ln(2**96 / 10**18) at the end.
/// @solidity memory-safe-assembly
assembly {
r := shl(7, lt(0xffffffffffffffffffffffffffffffff, x))
r := or(r, shl(6, lt(0xffffffffffffffff, shr(r, x))))
r := or(r, shl(5, lt(0xffffffff, shr(r, x))))
r := or(r, shl(4, lt(0xffff, shr(r, x))))
r := or(r, shl(3, lt(0xff, shr(r, x))))
r := or(r, shl(2, lt(0xf, shr(r, x))))
r := or(r, shl(1, lt(0x3, shr(r, x))))
r := or(r, lt(0x1, shr(r, x)))
}
// Reduce range of x to (1, 2) * 2**96
// ln(2^k * x) = k * ln(2) + ln(x)
int256 k = r - 96;
x <<= uint256(159 - k);
x = int256(uint256(x) >> 159);
// Evaluate using a (8, 8)-term rational approximation.
// p is made monic, we will multiply by a scale factor later.
int256 p = x + 3273285459638523848632254066296;
p = ((p * x) >> 96) + 24828157081833163892658089445524;
p = ((p * x) >> 96) + 43456485725739037958740375743393;
p = ((p * x) >> 96) - 11111509109440967052023855526967;
p = ((p * x) >> 96) - 45023709667254063763336534515857;
p = ((p * x) >> 96) - 14706773417378608786704636184526;
p = p * x - (795164235651350426258249787498 << 96);
// We leave p in 2**192 basis so we don't need to scale it back up for the division.
// q is monic by convention.
int256 q = x + 5573035233440673466300451813936;
q = ((q * x) >> 96) + 71694874799317883764090561454958;
q = ((q * x) >> 96) + 283447036172924575727196451306956;
q = ((q * x) >> 96) + 401686690394027663651624208769553;
q = ((q * x) >> 96) + 204048457590392012362485061816622;
q = ((q * x) >> 96) + 31853899698501571402653359427138;
q = ((q * x) >> 96) + 909429971244387300277376558375;
/// @solidity memory-safe-assembly
assembly {
// Div in assembly because solidity adds a zero check despite the unchecked.
// The q polynomial is known not to have zeros in the domain.
// No scaling required because p is already 2**96 too large.
r := sdiv(p, q)
}
// r is in the range (0, 0.125) * 2**96
// Finalization, we need to:
// * multiply by the scale factor s = 5.549…
// * add ln(2**96 / 10**18)
// * add k * ln(2)
// * multiply by 10**18 / 2**96 = 5**18 >> 78
// mul s * 5e18 * 2**96, base is now 5**18 * 2**192
r *= 1677202110996718588342820967067443963516166;
// add ln(2) * k * 5e18 * 2**192
r += 16597577552685614221487285958193947469193820559219878177908093499208371 * k;
// add ln(2**96 / 10**18) * 5e18 * 2**192
r += 600920179829731861736702779321621459595472258049074101567377883020018308;
// base conversion: mul 2**18 / 2**192
r >>= 174;
}
}
/// @dev Will return 0 instead of reverting if y is zero.
function unsafeDiv(int256 x, int256 y) pure returns (int256 r) {
/// @solidity memory-safe-assembly
assembly {
// Divide x by y.
r := sdiv(x, y)
}
}
// SPDX-License-Identifier: BSL 1.1 - Blend (c) Non Fungible Trading Ltd.
pragma solidity 0.8.17;
// Blend
error Unauthorized();
error InvalidLoan();
error InvalidLien();
error InsufficientOffer();
error InvalidRepayment();
error LienIsDefaulted();
error LienNotDefaulted();
error AuctionIsActive();
error AuctionIsNotActive();
error InvalidRefinance();
error RateTooHigh();
error FeesTooHigh();
error CollectionsDoNotMatch();
error InvalidAuctionDuration();
// OfferController
error OfferExpired();
error OfferUnavailable();
// Signatures
error UnauthorizedOracle();
error SignatureExpired();
error InvalidSignature();
error InvalidVParameter();
// SPDX-License-Identifier: MIT
pragma solidity 0.8.17;
import {
TakeAsk,
TakeBid,
TakeAskSingle,
TakeBidSingle,
Order,
Exchange,
Fees,
FeeRate,
AssetType,
OrderType,
Transfer,
FungibleTransfers,
StateUpdate,
Cancel,
Listing
} from "../lib/Structs.sol";
interface IBlurExchangeV2 {
error InsufficientFunds();
error TokenTransferFailed();
error InvalidOrder();
error ProtocolFeeTooHigh();
event NewProtocolFee(address indexed recipient, uint16 indexed rate);
event NewGovernor(address indexed governor);
event NewBlockRange(uint256 blockRange);
event CancelTrade(address indexed user, bytes32 hash, uint256 index, uint256 amount);
event NonceIncremented(address indexed user, uint256 newNonce);
event SetOracle(address indexed user, bool approved);
function initialize() external;
function setProtocolFee(address recipient, uint16 rate) external;
function setGovernor(address _governor) external;
function setOracle(address oracle, bool approved) external;
function setBlockRange(uint256 _blockRange) external;
function cancelTrades(Cancel[] memory cancels) external;
function incrementNonce() external;
/*//////////////////////////////////////////////////////////////
EXECUTION WRAPPERS
//////////////////////////////////////////////////////////////*/
function takeAsk(TakeAsk memory inputs, bytes calldata oracleSignature) external payable;
function takeBid(TakeBid memory inputs, bytes calldata oracleSignature) external;
function takeAskSingle(TakeAskSingle memory inputs, bytes calldata oracleSignature) external payable;
function takeBidSingle(TakeBidSingle memory inputs, bytes calldata oracleSignature) external;
/*//////////////////////////////////////////////////////////////
EXECUTION POOL WRAPPERS
//////////////////////////////////////////////////////////////*/
function takeAskSinglePool(
TakeAskSingle memory inputs,
bytes calldata oracleSignature,
uint256 amountToWithdraw
) external payable;
function takeAskPool(
TakeAsk memory inputs,
bytes calldata oracleSignature,
uint256 amountToWithdraw
) external payable;
}
// SPDX-License-Identifier: MIT
pragma solidity 0.8.17;
enum Side { Buy, Sell }
enum SignatureVersion { Single, Bulk }
enum AssetType { ERC721, ERC1155 }
struct Fee {
uint16 rate;
address payable recipient;
}
struct Order {
address trader;
Side side;
address matchingPolicy;
address collection;
uint256 tokenId;
uint256 amount;
address paymentToken;
uint256 price;
uint256 listingTime;
/* Order expiration timestamp - 0 for oracle cancellations. */
uint256 expirationTime;
Fee[] fees;
uint256 salt;
bytes extraParams;
}
struct Input {
Order order;
uint8 v;
bytes32 r;
bytes32 s;
bytes extraSignature;
SignatureVersion signatureVersion;
uint256 blockNumber;
}
struct Execution {
Input sell;
Input buy;
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.17;
struct TakeAsk {
Order[] orders;
Exchange[] exchanges;
FeeRate takerFee;
bytes signatures;
address tokenRecipient;
}
struct TakeAskSingle {
Order order;
Exchange exchange;
FeeRate takerFee;
bytes signature;
address tokenRecipient;
}
struct TakeBid {
Order[] orders;
Exchange[] exchanges;
FeeRate takerFee;
bytes signatures;
}
struct TakeBidSingle {
Order order;
Exchange exchange;
FeeRate takerFee;
bytes signature;
}
enum AssetType {
ERC721,
ERC1155
}
enum OrderType {
ASK,
BID
}
struct Exchange { // Size: 0x80
uint256 index; // 0x00
bytes32[] proof; // 0x20
Listing listing; // 0x40
Taker taker; // 0x60
}
struct Listing { // Size: 0x80
uint256 index; // 0x00
uint256 tokenId; // 0x20
uint256 amount; // 0x40
uint256 price; // 0x60
}
struct Taker { // Size: 0x40
uint256 tokenId; // 0x00
uint256 amount; // 0x20
}
struct Order { // Size: 0x100
address trader; // 0x00
address collection; // 0x20
bytes32 listingsRoot; // 0x40
uint256 numberOfListings; // 0x60
uint256 expirationTime; // 0x80
AssetType assetType; // 0xa0
FeeRate makerFee; // 0xc0
uint256 salt; // 0xe0
}
/*
Reference only; struct is composed manually using calldata formatting in execution
struct ExecutionBatch { // Size: 0x80
address taker; // 0x00
OrderType orderType; // 0x20
Transfer[] transfers; // 0x40
uint256 length; // 0x60
}
*/
struct Transfer { // Size: 0xa0
address trader; // 0x00
uint256 id; // 0x20
uint256 amount; // 0x40
address collection; // 0x60
AssetType assetType; // 0x80
}
struct FungibleTransfers {
uint256 totalProtocolFee;
uint256 totalSellerTransfer;
uint256 totalTakerFee;
uint256 feeRecipientId;
uint256 makerId;
address[] feeRecipients;
address[] makers;
uint256[] makerTransfers;
uint256[] feeTransfers;
AtomicExecution[] executions;
}
struct AtomicExecution { // Size: 0xe0
uint256 makerId; // 0x00
uint256 sellerAmount; // 0x20
uint256 makerFeeRecipientId; // 0x40
uint256 makerFeeAmount; // 0x60
uint256 takerFeeAmount; // 0x80
uint256 protocolFeeAmount; // 0xa0
StateUpdate stateUpdate; // 0xc0
}
struct StateUpdate { // Size: 0xa0
address trader; // 0x00
bytes32 hash; // 0x20
uint256 index; // 0x40
uint256 value; // 0x60
uint256 maxAmount; // 0x80
}
struct Fees { // Size: 0x40
FeeRate protocolFee; // 0x00
FeeRate takerFee; // 0x20
}
struct FeeRate { // Size: 0x40
address recipient; // 0x00
uint16 rate; // 0x20
}
struct Cancel {
bytes32 hash;
uint256 index;
uint256 amount;
}
// SPDX-License-Identifier: AGPL-3.0-only
pragma solidity >=0.8.0;
/// @notice Modern, minimalist, and gas efficient ERC-721 implementation.
/// @author Solmate (https://github.com/transmissions11/solmate/blob/main/src/tokens/ERC721.sol)
abstract contract ERC721 {
/*//////////////////////////////////////////////////////////////
EVENTS
//////////////////////////////////////////////////////////////*/
event Transfer(address indexed from, address indexed to, uint256 indexed id);
event Approval(address indexed owner, address indexed spender, uint256 indexed id);
event ApprovalForAll(address indexed owner, address indexed operator, bool approved);
/*//////////////////////////////////////////////////////////////
METADATA STORAGE/LOGIC
//////////////////////////////////////////////////////////////*/
string public name;
string public symbol;
function tokenURI(uint256 id) public view virtual returns (string memory);
/*//////////////////////////////////////////////////////////////
ERC721 BALANCE/OWNER STORAGE
//////////////////////////////////////////////////////////////*/
mapping(uint256 => address) internal _ownerOf;
mapping(address => uint256) internal _balanceOf;
function ownerOf(uint256 id) public view virtual returns (address owner) {
require((owner = _ownerOf[id]) != address(0), "NOT_MINTED");
}
function balanceOf(address owner) public view virtual returns (uint256) {
require(owner != address(0), "ZERO_ADDRESS");
return _balanceOf[owner];
}
/*//////////////////////////////////////////////////////////////
ERC721 APPROVAL STORAGE
//////////////////////////////////////////////////////////////*/
mapping(uint256 => address) public getApproved;
mapping(address => mapping(address => bool)) public isApprovedForAll;
/*//////////////////////////////////////////////////////////////
CONSTRUCTOR
//////////////////////////////////////////////////////////////*/
constructor(string memory _name, string memory _symbol) {
name = _name;
symbol = _symbol;
}
/*//////////////////////////////////////////////////////////////
ERC721 LOGIC
//////////////////////////////////////////////////////////////*/
function approve(address spender, uint256 id) public virtual {
address owner = _ownerOf[id];
require(msg.sender == owner || isApprovedForAll[owner][msg.sender], "NOT_AUTHORIZED");
getApproved[id] = spender;
emit Approval(owner, spender, id);
}
function setApprovalForAll(address operator, bool approved) public virtual {
isApprovedForAll[msg.sender][operator] = approved;
emit ApprovalForAll(msg.sender, operator, approved);
}
function transferFrom(
address from,
address to,
uint256 id
) public virtual {
require(from == _ownerOf[id], "WRONG_FROM");
require(to != address(0), "INVALID_RECIPIENT");
require(
msg.sender == from || isApprovedForAll[from][msg.sender] || msg.sender == getApproved[id],
"NOT_AUTHORIZED"
);
// Underflow of the sender's balance is impossible because we check for
// ownership above and the recipient's balance can't realistically overflow.
unchecked {
_balanceOf[from]--;
_balanceOf[to]++;
}
_ownerOf[id] = to;
delete getApproved[id];
emit Transfer(from, to, id);
}
function safeTransferFrom(
address from,
address to,
uint256 id
) public virtual {
transferFrom(from, to, id);
require(
to.code.length == 0 ||
ERC721TokenReceiver(to).onERC721Received(msg.sender, from, id, "") ==
ERC721TokenReceiver.onERC721Received.selector,
"UNSAFE_RECIPIENT"
);
}
function safeTransferFrom(
address from,
address to,
uint256 id,
bytes calldata data
) public virtual {
transferFrom(from, to, id);
require(
to.code.length == 0 ||
ERC721TokenReceiver(to).onERC721Received(msg.sender, from, id, data) ==
ERC721TokenReceiver.onERC721Received.selector,
"UNSAFE_RECIPIENT"
);
}
/*//////////////////////////////////////////////////////////////
ERC165 LOGIC
//////////////////////////////////////////////////////////////*/
function supportsInterface(bytes4 interfaceId) public view virtual returns (bool) {
return
interfaceId == 0x01ffc9a7 || // ERC165 Interface ID for ERC165
interfaceId == 0x80ac58cd || // ERC165 Interface ID for ERC721
interfaceId == 0x5b5e139f; // ERC165 Interface ID for ERC721Metadata
}
/*//////////////////////////////////////////////////////////////
INTERNAL MINT/BURN LOGIC
//////////////////////////////////////////////////////////////*/
function _mint(address to, uint256 id) internal virtual {
require(to != address(0), "INVALID_RECIPIENT");
require(_ownerOf[id] == address(0), "ALREADY_MINTED");
// Counter overflow is incredibly unrealistic.
unchecked {
_balanceOf[to]++;
}
_ownerOf[id] = to;
emit Transfer(address(0), to, id);
}
function _burn(uint256 id) internal virtual {
address owner = _ownerOf[id];
require(owner != address(0), "NOT_MINTED");
// Ownership check above ensures no underflow.
unchecked {
_balanceOf[owner]--;
}
delete _ownerOf[id];
delete getApproved[id];
emit Transfer(owner, address(0), id);
}
/*//////////////////////////////////////////////////////////////
INTERNAL SAFE MINT LOGIC
//////////////////////////////////////////////////////////////*/
function _safeMint(address to, uint256 id) internal virtual {
_mint(to, id);
require(
to.code.length == 0 ||
ERC721TokenReceiver(to).onERC721Received(msg.sender, address(0), id, "") ==
ERC721TokenReceiver.onERC721Received.selector,
"UNSAFE_RECIPIENT"
);
}
function _safeMint(
address to,
uint256 id,
bytes memory data
) internal virtual {
_mint(to, id);
require(
to.code.length == 0 ||
ERC721TokenReceiver(to).onERC721Received(msg.sender, address(0), id, data) ==
ERC721TokenReceiver.onERC721Received.selector,
"UNSAFE_RECIPIENT"
);
}
}
/// @notice A generic interface for a contract which properly accepts ERC721 tokens.
/// @author Solmate (https://github.com/transmissions11/solmate/blob/main/src/tokens/ERC721.sol)
abstract contract ERC721TokenReceiver {
function onERC721Received(
address,
address,
uint256,
bytes calldata
) external virtual returns (bytes4) {
return ERC721TokenReceiver.onERC721Received.selector;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (access/Ownable2Step.sol)
pragma solidity ^0.8.0;
import "./OwnableUpgradeable.sol";
import "../proxy/utils/Initializable.sol";
/**
* @dev Contract module which provides access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* By default, the owner account will be the one that deploys the contract. This
* can later be changed with {transferOwnership} and {acceptOwnership}.
*
* This module is used through inheritance. It will make available all functions
* from parent (Ownable).
*/
abstract contract Ownable2StepUpgradeable is Initializable, OwnableUpgradeable {
function __Ownable2Step_init() internal onlyInitializing {
__Ownable_init_unchained();
}
function __Ownable2Step_init_unchained() internal onlyInitializing {
}
address private _pendingOwner;
event OwnershipTransferStarted(address indexed previousOwner, address indexed newOwner);
/**
* @dev Returns the address of the pending owner.
*/
function pendingOwner() public view virtual returns (address) {
return _pendingOwner;
}
/**
* @dev Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one.
* Can only be called by the current owner.
*/
function transferOwnership(address newOwner) public virtual override onlyOwner {
_pendingOwner = newOwner;
emit OwnershipTransferStarted(owner(), newOwner);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`) and deletes any pending owner.
* Internal function without access restriction.
*/
function _transferOwnership(address newOwner) internal virtual override {
delete _pendingOwner;
super._transferOwnership(newOwner);
}
/**
* @dev The new owner accepts the ownership transfer.
*/
function acceptOwnership() external {
address sender = _msgSender();
require(pendingOwner() == sender, "Ownable2Step: caller is not the new owner");
_transferOwnership(sender);
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[49] private __gap;
}
// SPDX-License-Identifier: BSL 1.1 - Blend (c) Non Fungible Trading Ltd.
pragma solidity 0.8.17;
import "./Structs.sol";
import "./Errors.sol";
import "../interfaces/ISignatures.sol";
abstract contract Signatures is ISignatures {
bytes32 private immutable _LOAN_OFFER_TYPEHASH;
bytes32 private immutable _FEE_TYPEHASH;
bytes32 private immutable _SELL_OFFER_TYPEHASH;
bytes32 private immutable _ORACLE_OFFER_TYPEHASH;
bytes32 private immutable _EIP_712_DOMAIN_TYPEHASH;
string private constant _NAME = "Blend";
string private constant _VERSION = "1.0";
mapping(address => uint256) public nonces;
mapping(address => uint256) public oracles;
uint256 public blockRange;
uint256[50] private _gap;
constructor() {
(
_LOAN_OFFER_TYPEHASH,
_SELL_OFFER_TYPEHASH,
_FEE_TYPEHASH,
_ORACLE_OFFER_TYPEHASH,
_EIP_712_DOMAIN_TYPEHASH
) = _createTypehashes();
}
function information() external view returns (string memory version, bytes32 domainSeparator) {
version = _VERSION;
domainSeparator = _hashDomain(
_EIP_712_DOMAIN_TYPEHASH,
keccak256(bytes(_NAME)),
keccak256(bytes(_VERSION))
);
}
function getSellOfferHash(SellOffer calldata offer) external view returns (bytes32) {
return _hashSellOffer(offer);
}
function getOfferHash(LoanOffer calldata offer) external view returns (bytes32) {
return _hashOffer(offer);
}
function getOracleOfferHash(bytes32 hash, uint256 blockNumber) external view returns (bytes32) {
return _hashOracleOffer(hash, blockNumber);
}
/**
* @notice Generate all EIP712 Typehashes
*/
function _createTypehashes()
internal
view
returns (
bytes32 loanOfferTypehash,
bytes32 sellOfferTypehash,
bytes32 feeTypehash,
bytes32 oracleOfferTypehash,
bytes32 eip712DomainTypehash
)
{
eip712DomainTypehash = keccak256(
bytes.concat(
"EIP712Domain(",
"string name,",
"string version,",
"uint256 chainId,",
"address verifyingContract",
")"
)
);
oracleOfferTypehash = keccak256(
bytes.concat("OracleOffer(", "bytes32 hash,", "uint256 blockNumber", ")")
);
loanOfferTypehash = keccak256(
bytes.concat(
"LoanOffer(",
"address lender,",
"address collection,",
"uint256 totalAmount,",
"uint256 minAmount,",
"uint256 maxAmount,",
"uint256 auctionDuration,",
"uint256 salt,",
"uint256 expirationTime,",
"uint256 rate,",
"address oracle,",
"uint256 nonce",
")"
)
);
bytes memory feeTypestring = bytes.concat("Fee(", "uint16 rate,", "address recipient", ")");
feeTypehash = keccak256(feeTypestring);
sellOfferTypehash = keccak256(
bytes.concat(
"SellOffer(",
"address borrower,",
"uint256 lienId,",
"uint256 price,",
"uint256 expirationTime,",
"uint256 salt,",
"address oracle,",
"Fee[] fees,",
"uint256 nonce",
")",
feeTypestring
)
);
}
function _hashDomain(
bytes32 eip712DomainTypehash,
bytes32 nameHash,
bytes32 versionHash
) internal view returns (bytes32) {
return
keccak256(
abi.encode(
eip712DomainTypehash,
nameHash,
versionHash,
block.chainid,
address(this)
)
);
}
function _hashFee(Fee calldata fee) internal view returns (bytes32) {
return keccak256(abi.encode(_FEE_TYPEHASH, fee.rate, fee.recipient));
}
function _packFees(Fee[] calldata fees) internal view returns (bytes32) {
bytes32[] memory feeHashes = new bytes32[](fees.length);
uint256 feesLength = fees.length;
for (uint256 i; i < feesLength; ) {
feeHashes[i] = _hashFee(fees[i]);
unchecked {
++i;
}
}
return keccak256(abi.encodePacked(feeHashes));
}
function _hashSellOffer(SellOffer calldata offer) internal view returns (bytes32) {
return
keccak256(
abi.encode(
_SELL_OFFER_TYPEHASH,
offer.borrower,
offer.lienId,
offer.price,
offer.expirationTime,
offer.salt,
offer.oracle,
_packFees(offer.fees),
nonces[offer.borrower]
)
);
}
function _hashOffer(LoanOffer calldata offer) internal view returns (bytes32) {
return
keccak256(
abi.encode(
_LOAN_OFFER_TYPEHASH,
offer.lender,
offer.collection,
offer.totalAmount,
offer.minAmount,
offer.maxAmount,
offer.auctionDuration,
offer.salt,
offer.expirationTime,
offer.rate,
offer.oracle,
nonces[offer.lender]
)
);
}
function _hashOracleOffer(bytes32 hash, uint256 blockNumber) internal view returns (bytes32) {
return keccak256(abi.encode(_ORACLE_OFFER_TYPEHASH, hash, blockNumber));
}
function _hashToSign(bytes32 hash) internal view returns (bytes32) {
return keccak256(
bytes.concat(
bytes2(0x1901),
_hashDomain(
_EIP_712_DOMAIN_TYPEHASH,
keccak256(bytes(_NAME)),
keccak256(bytes(_VERSION))
),
hash
)
);
}
function _hashToSignOracle(bytes32 hash, uint256 blockNumber) internal view returns (bytes32) {
return
keccak256(
bytes.concat(
bytes2(0x1901),
_hashDomain(
_EIP_712_DOMAIN_TYPEHASH,
keccak256(bytes(_NAME)),
keccak256(bytes(_VERSION))
),
_hashOracleOffer(hash, blockNumber)
)
);
}
/**
* @notice Verify authorization of offer
* @param offerHash Hash of offer struct
* @param lender Lender address
* @param oracle Oracle address
* @param signature Packed offer signature (with oracle signature if necessary)
*/
function _verifyOfferAuthorization(
bytes32 offerHash,
address lender,
address oracle,
bytes calldata signature
) internal view {
bytes32 hashToSign = _hashToSign(offerHash);
bytes32 r;
bytes32 s;
uint8 v;
assembly {
r := calldataload(signature.offset)
s := calldataload(add(signature.offset, 0x20))
v := shr(248, calldataload(add(signature.offset, 0x40)))
}
_verify(lender, hashToSign, v, r, s);
/* Verify oracle signature if required. */
if (oracle != address(0)) {
uint256 blockNumber;
assembly {
r := calldataload(add(signature.offset, 0x41))
s := calldataload(add(signature.offset, 0x61))
v := shr(248, calldataload(add(signature.offset, 0x81)))
blockNumber := calldataload(add(signature.offset, 0x82))
}
if (oracles[oracle] == 0) {
revert UnauthorizedOracle();
}
if (blockNumber + blockRange < block.number) {
revert SignatureExpired();
}
hashToSign = _hashToSignOracle(offerHash, blockNumber);
_verify(oracle, hashToSign, v, r, s);
}
}
/**
* @notice Verify signature of digest
* @param signer Address of expected signer
* @param digest Signature digest
* @param v v parameter
* @param r r parameter
* @param s s parameter
*/
function _verify(address signer, bytes32 digest, uint8 v, bytes32 r, bytes32 s) internal pure {
if (v != 27 && v != 28) {
revert InvalidVParameter();
}
address recoveredSigner = ecrecover(digest, v, r, s);
if (recoveredSigner == address(0) || signer != recoveredSigner) {
revert InvalidSignature();
}
}
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "./ISignatures.sol";
interface IOfferController is ISignatures {
event OfferCancelled(address indexed user, uint256 salt);
event NonceIncremented(address indexed user, uint256 newNonce);
function cancelOffer(uint256 salt) external;
function cancelOffers(uint256[] calldata salts) external;
function incrementNonce() external;
/* Admin */
function setOracle(address oracle, bool approved) external;
function setBlockRange(uint256 blockRange) external;
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (access/Ownable.sol)
pragma solidity ^0.8.0;
import "../utils/ContextUpgradeable.sol";
import "../proxy/utils/Initializable.sol";
/**
* @dev Contract module which provides a basic access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* By default, the owner account will be the one that deploys the contract. This
* can later be changed with {transferOwnership}.
*
* This module is used through inheritance. It will make available the modifier
* `onlyOwner`, which can be applied to your functions to restrict their use to
* the owner.
*/
abstract contract OwnableUpgradeable is Initializable, ContextUpgradeable {
address private _owner;
event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
/**
* @dev Initializes the contract setting the deployer as the initial owner.
*/
function __Ownable_init() internal onlyInitializing {
__Ownable_init_unchained();
}
function __Ownable_init_unchained() internal onlyInitializing {
_transferOwnership(_msgSender());
}
/**
* @dev Throws if called by any account other than the owner.
*/
modifier onlyOwner() {
_checkOwner();
_;
}
/**
* @dev Returns the address of the current owner.
*/
function owner() public view virtual returns (address) {
return _owner;
}
/**
* @dev Throws if the sender is not the owner.
*/
function _checkOwner() internal view virtual {
require(owner() == _msgSender(), "Ownable: caller is not the owner");
}
/**
* @dev Leaves the contract without owner. It will not be possible to call
* `onlyOwner` functions anymore. Can only be called by the current owner.
*
* NOTE: Renouncing ownership will leave the contract without an owner,
* thereby removing any functionality that is only available to the owner.
*/
function renounceOwnership() public virtual onlyOwner {
_transferOwnership(address(0));
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Can only be called by the current owner.
*/
function transferOwnership(address newOwner) public virtual onlyOwner {
require(newOwner != address(0), "Ownable: new owner is the zero address");
_transferOwnership(newOwner);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Internal function without access restriction.
*/
function _transferOwnership(address newOwner) internal virtual {
address oldOwner = _owner;
_owner = newOwner;
emit OwnershipTransferred(oldOwner, newOwner);
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[49] private __gap;
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)
pragma solidity ^0.8.0;
import "../proxy/utils/Initializable.sol";
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract ContextUpgradeable is Initializable {
function __Context_init() internal onlyInitializing {
}
function __Context_init_unchained() internal onlyInitializing {
}
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[50] private __gap;
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "../lib/Structs.sol";
interface ISignatures {
function information()
external
view
returns (
string memory version,
bytes32 domainSeparator
);
function getOracleOfferHash(bytes32 hash, uint256 blockNumber) external view returns (bytes32);
function getSellOfferHash(SellOffer calldata offer) external view returns (bytes32);
function getOfferHash(LoanOffer calldata offer) external view returns (bytes32);
function cancelledOrFulfilled(address user, uint256 salt) external view returns (uint256);
function nonces(address user) external view returns (uint256);
}
File 5 of 5: BlurPool
// SPDX-License-Identifier: MIT
pragma solidity 0.8.17;
import "lib/openzeppelin-contracts-upgradeable/contracts/proxy/utils/UUPSUpgradeable.sol";
import "lib/openzeppelin-contracts-upgradeable/contracts/access/OwnableUpgradeable.sol";
import "./interfaces/IBlurPool.sol";
/**
* @title BlurPool
* @dev ETH pool; funds can only be transferred by Exchange, ExchangeV2, Swap or Blend
*/
contract BlurPool is IBlurPool, OwnableUpgradeable, UUPSUpgradeable {
address private immutable EXCHANGE;
address private immutable EXCHANGE_V2;
address private immutable SWAP;
address private immutable BLEND;
mapping(address => uint256) private _balances;
string public constant name = 'Blur Pool';
string constant symbol = '';
// required by the OZ UUPS module
function _authorizeUpgrade(address) internal override onlyOwner {}
constructor(address exchange, address exchangeV2, address swap, address blend) {
_disableInitializers();
EXCHANGE = exchange;
EXCHANGE_V2 = exchangeV2;
SWAP = swap;
BLEND = blend;
}
/* Constructor (for ERC1967) */
function initialize() external initializer {
__Ownable_init();
}
function decimals() external pure returns (uint8) {
return 18;
}
function totalSupply() external view returns (uint256) {
return address(this).balance;
}
function balanceOf(address user) external view returns (uint256) {
return _balances[user];
}
/**
* @dev receive deposit function
*/
receive() external payable {
deposit();
}
/**
* @dev deposit ETH into pool
*/
function deposit() public payable {
_balances[msg.sender] += msg.value;
emit Transfer(address(0), msg.sender, msg.value);
}
/**
* @dev deposit ETH into pool on behalf of user
* @param user Address to deposit to
*/
function deposit(address user) public payable {
if (msg.sender != BLEND && msg.sender != EXCHANGE_V2) {
revert('Unauthorized deposit');
}
_balances[user] += msg.value;
emit Transfer(address(0), user, msg.value);
}
/**
* @dev withdraw ETH from pool
* @param amount Amount to withdraw
*/
function withdraw(uint256 amount) external {
uint256 balance = _balances[msg.sender];
require(balance >= amount, "Insufficient funds");
unchecked {
_balances[msg.sender] = balance - amount;
}
(bool success,) = payable(msg.sender).call{value: amount}("");
require(success, "Transfer failed");
emit Transfer(msg.sender, address(0), amount);
}
/**
* @dev withdraw ETH from pool on behalf of user; only callable by Blend
* @param from Address to withdraw from
* @param to Address to withdraw to
* @param amount Amount to withdraw
*/
function withdrawFrom(address from, address to, uint256 amount) external {
if (msg.sender != BLEND && msg.sender != EXCHANGE_V2) {
revert('Unauthorized transfer');
}
uint256 balance = _balances[from];
require(balance >= amount, "Insufficient balance");
unchecked {
_balances[from] = balance - amount;
}
(bool success,) = payable(to).call{value: amount}("");
require(success, "Transfer failed");
emit Transfer(from, address(0), amount);
}
/**
* @dev transferFrom Transfer balances within pool; only callable by Swap, Exchange, and Blend
* @param from Pool fund sender
* @param to Pool fund recipient
* @param amount Amount to transfer
*/
function transferFrom(address from, address to, uint256 amount)
external
returns (bool)
{
if (
msg.sender != EXCHANGE &&
msg.sender != EXCHANGE_V2 &&
msg.sender != SWAP &&
msg.sender != BLEND
) {
revert('Unauthorized transfer');
}
_transfer(from, to, amount);
return true;
}
function _transfer(address from, address to, uint256 amount) private {
require(to != address(0), "Cannot transfer to 0 address");
uint256 balance = _balances[from];
require(balance >= amount, "Insufficient balance");
unchecked {
_balances[from] = balance - amount;
}
_balances[to] += amount;
emit Transfer(from, to, amount);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (proxy/utils/UUPSUpgradeable.sol)
pragma solidity ^0.8.0;
import "../../interfaces/draft-IERC1822Upgradeable.sol";
import "../ERC1967/ERC1967UpgradeUpgradeable.sol";
import "./Initializable.sol";
/**
* @dev An upgradeability mechanism designed for UUPS proxies. The functions included here can perform an upgrade of an
* {ERC1967Proxy}, when this contract is set as the implementation behind such a proxy.
*
* A security mechanism ensures that an upgrade does not turn off upgradeability accidentally, although this risk is
* reinstated if the upgrade retains upgradeability but removes the security mechanism, e.g. by replacing
* `UUPSUpgradeable` with a custom implementation of upgrades.
*
* The {_authorizeUpgrade} function must be overridden to include access restriction to the upgrade mechanism.
*
* _Available since v4.1._
*/
abstract contract UUPSUpgradeable is Initializable, IERC1822ProxiableUpgradeable, ERC1967UpgradeUpgradeable {
function __UUPSUpgradeable_init() internal onlyInitializing {
}
function __UUPSUpgradeable_init_unchained() internal onlyInitializing {
}
/// @custom:oz-upgrades-unsafe-allow state-variable-immutable state-variable-assignment
address private immutable __self = address(this);
/**
* @dev Check that the execution is being performed through a delegatecall call and that the execution context is
* a proxy contract with an implementation (as defined in ERC1967) pointing to self. This should only be the case
* for UUPS and transparent proxies that are using the current contract as their implementation. Execution of a
* function through ERC1167 minimal proxies (clones) would not normally pass this test, but is not guaranteed to
* fail.
*/
modifier onlyProxy() {
require(address(this) != __self, "Function must be called through delegatecall");
require(_getImplementation() == __self, "Function must be called through active proxy");
_;
}
/**
* @dev Check that the execution is not being performed through a delegate call. This allows a function to be
* callable on the implementing contract but not through proxies.
*/
modifier notDelegated() {
require(address(this) == __self, "UUPSUpgradeable: must not be called through delegatecall");
_;
}
/**
* @dev Implementation of the ERC1822 {proxiableUUID} function. This returns the storage slot used by the
* implementation. It is used to validate the implementation's compatibility when performing an upgrade.
*
* IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks
* bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this
* function revert if invoked through a proxy. This is guaranteed by the `notDelegated` modifier.
*/
function proxiableUUID() external view virtual override notDelegated returns (bytes32) {
return _IMPLEMENTATION_SLOT;
}
/**
* @dev Upgrade the implementation of the proxy to `newImplementation`.
*
* Calls {_authorizeUpgrade}.
*
* Emits an {Upgraded} event.
*/
function upgradeTo(address newImplementation) external virtual onlyProxy {
_authorizeUpgrade(newImplementation);
_upgradeToAndCallUUPS(newImplementation, new bytes(0), false);
}
/**
* @dev Upgrade the implementation of the proxy to `newImplementation`, and subsequently execute the function call
* encoded in `data`.
*
* Calls {_authorizeUpgrade}.
*
* Emits an {Upgraded} event.
*/
function upgradeToAndCall(address newImplementation, bytes memory data) external payable virtual onlyProxy {
_authorizeUpgrade(newImplementation);
_upgradeToAndCallUUPS(newImplementation, data, true);
}
/**
* @dev Function that should revert when `msg.sender` is not authorized to upgrade the contract. Called by
* {upgradeTo} and {upgradeToAndCall}.
*
* Normally, this function will use an xref:access.adoc[access control] modifier such as {Ownable-onlyOwner}.
*
* ```solidity
* function _authorizeUpgrade(address) internal override onlyOwner {}
* ```
*/
function _authorizeUpgrade(address newImplementation) internal virtual;
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[50] private __gap;
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (access/Ownable.sol)
pragma solidity ^0.8.0;
import "../utils/ContextUpgradeable.sol";
import "../proxy/utils/Initializable.sol";
/**
* @dev Contract module which provides a basic access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* By default, the owner account will be the one that deploys the contract. This
* can later be changed with {transferOwnership}.
*
* This module is used through inheritance. It will make available the modifier
* `onlyOwner`, which can be applied to your functions to restrict their use to
* the owner.
*/
abstract contract OwnableUpgradeable is Initializable, ContextUpgradeable {
address private _owner;
event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
/**
* @dev Initializes the contract setting the deployer as the initial owner.
*/
function __Ownable_init() internal onlyInitializing {
__Ownable_init_unchained();
}
function __Ownable_init_unchained() internal onlyInitializing {
_transferOwnership(_msgSender());
}
/**
* @dev Throws if called by any account other than the owner.
*/
modifier onlyOwner() {
_checkOwner();
_;
}
/**
* @dev Returns the address of the current owner.
*/
function owner() public view virtual returns (address) {
return _owner;
}
/**
* @dev Throws if the sender is not the owner.
*/
function _checkOwner() internal view virtual {
require(owner() == _msgSender(), "Ownable: caller is not the owner");
}
/**
* @dev Leaves the contract without owner. It will not be possible to call
* `onlyOwner` functions anymore. Can only be called by the current owner.
*
* NOTE: Renouncing ownership will leave the contract without an owner,
* thereby removing any functionality that is only available to the owner.
*/
function renounceOwnership() public virtual onlyOwner {
_transferOwnership(address(0));
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Can only be called by the current owner.
*/
function transferOwnership(address newOwner) public virtual onlyOwner {
require(newOwner != address(0), "Ownable: new owner is the zero address");
_transferOwnership(newOwner);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Internal function without access restriction.
*/
function _transferOwnership(address newOwner) internal virtual {
address oldOwner = _owner;
_owner = newOwner;
emit OwnershipTransferred(oldOwner, newOwner);
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[49] private __gap;
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
interface IBlurPool {
event Transfer(address indexed from, address indexed to, uint256 amount);
function initialize() external;
function decimals() external pure returns (uint8);
function totalSupply() external view returns (uint256);
function balanceOf(address user) external view returns (uint256);
function deposit() external payable;
function deposit(address user) external payable;
function withdraw(uint256 amount) external;
function withdrawFrom(address from, address to, uint256 amount) external;
function transferFrom(address from, address to, uint256 amount) external returns (bool);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (interfaces/draft-IERC1822.sol)
pragma solidity ^0.8.0;
/**
* @dev ERC1822: Universal Upgradeable Proxy Standard (UUPS) documents a method for upgradeability through a simplified
* proxy whose upgrades are fully controlled by the current implementation.
*/
interface IERC1822ProxiableUpgradeable {
/**
* @dev Returns the storage slot that the proxiable contract assumes is being used to store the implementation
* address.
*
* IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks
* bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this
* function revert if invoked through a proxy.
*/
function proxiableUUID() external view returns (bytes32);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.3) (proxy/ERC1967/ERC1967Upgrade.sol)
pragma solidity ^0.8.2;
import "../beacon/IBeaconUpgradeable.sol";
import "../../interfaces/IERC1967Upgradeable.sol";
import "../../interfaces/draft-IERC1822Upgradeable.sol";
import "../../utils/AddressUpgradeable.sol";
import "../../utils/StorageSlotUpgradeable.sol";
import "../utils/Initializable.sol";
/**
* @dev This abstract contract provides getters and event emitting update functions for
* https://eips.ethereum.org/EIPS/eip-1967[EIP1967] slots.
*
* _Available since v4.1._
*
* @custom:oz-upgrades-unsafe-allow delegatecall
*/
abstract contract ERC1967UpgradeUpgradeable is Initializable, IERC1967Upgradeable {
function __ERC1967Upgrade_init() internal onlyInitializing {
}
function __ERC1967Upgrade_init_unchained() internal onlyInitializing {
}
// This is the keccak-256 hash of "eip1967.proxy.rollback" subtracted by 1
bytes32 private constant _ROLLBACK_SLOT = 0x4910fdfa16fed3260ed0e7147f7cc6da11a60208b5b9406d12a635614ffd9143;
/**
* @dev Storage slot with the address of the current implementation.
* This is the keccak-256 hash of "eip1967.proxy.implementation" subtracted by 1, and is
* validated in the constructor.
*/
bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
/**
* @dev Returns the current implementation address.
*/
function _getImplementation() internal view returns (address) {
return StorageSlotUpgradeable.getAddressSlot(_IMPLEMENTATION_SLOT).value;
}
/**
* @dev Stores a new address in the EIP1967 implementation slot.
*/
function _setImplementation(address newImplementation) private {
require(AddressUpgradeable.isContract(newImplementation), "ERC1967: new implementation is not a contract");
StorageSlotUpgradeable.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
}
/**
* @dev Perform implementation upgrade
*
* Emits an {Upgraded} event.
*/
function _upgradeTo(address newImplementation) internal {
_setImplementation(newImplementation);
emit Upgraded(newImplementation);
}
/**
* @dev Perform implementation upgrade with additional setup call.
*
* Emits an {Upgraded} event.
*/
function _upgradeToAndCall(
address newImplementation,
bytes memory data,
bool forceCall
) internal {
_upgradeTo(newImplementation);
if (data.length > 0 || forceCall) {
_functionDelegateCall(newImplementation, data);
}
}
/**
* @dev Perform implementation upgrade with security checks for UUPS proxies, and additional setup call.
*
* Emits an {Upgraded} event.
*/
function _upgradeToAndCallUUPS(
address newImplementation,
bytes memory data,
bool forceCall
) internal {
// Upgrades from old implementations will perform a rollback test. This test requires the new
// implementation to upgrade back to the old, non-ERC1822 compliant, implementation. Removing
// this special case will break upgrade paths from old UUPS implementation to new ones.
if (StorageSlotUpgradeable.getBooleanSlot(_ROLLBACK_SLOT).value) {
_setImplementation(newImplementation);
} else {
try IERC1822ProxiableUpgradeable(newImplementation).proxiableUUID() returns (bytes32 slot) {
require(slot == _IMPLEMENTATION_SLOT, "ERC1967Upgrade: unsupported proxiableUUID");
} catch {
revert("ERC1967Upgrade: new implementation is not UUPS");
}
_upgradeToAndCall(newImplementation, data, forceCall);
}
}
/**
* @dev Storage slot with the admin of the contract.
* This is the keccak-256 hash of "eip1967.proxy.admin" subtracted by 1, and is
* validated in the constructor.
*/
bytes32 internal constant _ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;
/**
* @dev Returns the current admin.
*/
function _getAdmin() internal view returns (address) {
return StorageSlotUpgradeable.getAddressSlot(_ADMIN_SLOT).value;
}
/**
* @dev Stores a new address in the EIP1967 admin slot.
*/
function _setAdmin(address newAdmin) private {
require(newAdmin != address(0), "ERC1967: new admin is the zero address");
StorageSlotUpgradeable.getAddressSlot(_ADMIN_SLOT).value = newAdmin;
}
/**
* @dev Changes the admin of the proxy.
*
* Emits an {AdminChanged} event.
*/
function _changeAdmin(address newAdmin) internal {
emit AdminChanged(_getAdmin(), newAdmin);
_setAdmin(newAdmin);
}
/**
* @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy.
* This is bytes32(uint256(keccak256('eip1967.proxy.beacon')) - 1)) and is validated in the constructor.
*/
bytes32 internal constant _BEACON_SLOT = 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50;
/**
* @dev Returns the current beacon.
*/
function _getBeacon() internal view returns (address) {
return StorageSlotUpgradeable.getAddressSlot(_BEACON_SLOT).value;
}
/**
* @dev Stores a new beacon in the EIP1967 beacon slot.
*/
function _setBeacon(address newBeacon) private {
require(AddressUpgradeable.isContract(newBeacon), "ERC1967: new beacon is not a contract");
require(
AddressUpgradeable.isContract(IBeaconUpgradeable(newBeacon).implementation()),
"ERC1967: beacon implementation is not a contract"
);
StorageSlotUpgradeable.getAddressSlot(_BEACON_SLOT).value = newBeacon;
}
/**
* @dev Perform beacon upgrade with additional setup call. Note: This upgrades the address of the beacon, it does
* not upgrade the implementation contained in the beacon (see {UpgradeableBeacon-_setImplementation} for that).
*
* Emits a {BeaconUpgraded} event.
*/
function _upgradeBeaconToAndCall(
address newBeacon,
bytes memory data,
bool forceCall
) internal {
_setBeacon(newBeacon);
emit BeaconUpgraded(newBeacon);
if (data.length > 0 || forceCall) {
_functionDelegateCall(IBeaconUpgradeable(newBeacon).implementation(), data);
}
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function _functionDelegateCall(address target, bytes memory data) private returns (bytes memory) {
require(AddressUpgradeable.isContract(target), "Address: delegate call to non-contract");
// solhint-disable-next-line avoid-low-level-calls
(bool success, bytes memory returndata) = target.delegatecall(data);
return AddressUpgradeable.verifyCallResult(success, returndata, "Address: low-level delegate call failed");
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[50] private __gap;
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.1) (proxy/utils/Initializable.sol)
pragma solidity ^0.8.2;
import "../../utils/AddressUpgradeable.sol";
/**
* @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
* behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
* external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
* function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
*
* The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
* reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
* case an upgrade adds a module that needs to be initialized.
*
* For example:
*
* [.hljs-theme-light.nopadding]
* ```
* contract MyToken is ERC20Upgradeable {
* function initialize() initializer public {
* __ERC20_init("MyToken", "MTK");
* }
* }
* contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
* function initializeV2() reinitializer(2) public {
* __ERC20Permit_init("MyToken");
* }
* }
* ```
*
* TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
* possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
*
* CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
* that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
*
* [CAUTION]
* ====
* Avoid leaving a contract uninitialized.
*
* An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
* contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
* the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
*
* [.hljs-theme-light.nopadding]
* ```
* /// @custom:oz-upgrades-unsafe-allow constructor
* constructor() {
* _disableInitializers();
* }
* ```
* ====
*/
abstract contract Initializable {
/**
* @dev Indicates that the contract has been initialized.
* @custom:oz-retyped-from bool
*/
uint8 private _initialized;
/**
* @dev Indicates that the contract is in the process of being initialized.
*/
bool private _initializing;
/**
* @dev Triggered when the contract has been initialized or reinitialized.
*/
event Initialized(uint8 version);
/**
* @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
* `onlyInitializing` functions can be used to initialize parent contracts.
*
* Similar to `reinitializer(1)`, except that functions marked with `initializer` can be nested in the context of a
* constructor.
*
* Emits an {Initialized} event.
*/
modifier initializer() {
bool isTopLevelCall = !_initializing;
require(
(isTopLevelCall && _initialized < 1) || (!AddressUpgradeable.isContract(address(this)) && _initialized == 1),
"Initializable: contract is already initialized"
);
_initialized = 1;
if (isTopLevelCall) {
_initializing = true;
}
_;
if (isTopLevelCall) {
_initializing = false;
emit Initialized(1);
}
}
/**
* @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
* contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
* used to initialize parent contracts.
*
* A reinitializer may be used after the original initialization step. This is essential to configure modules that
* are added through upgrades and that require initialization.
*
* When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`
* cannot be nested. If one is invoked in the context of another, execution will revert.
*
* Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
* a contract, executing them in the right order is up to the developer or operator.
*
* WARNING: setting the version to 255 will prevent any future reinitialization.
*
* Emits an {Initialized} event.
*/
modifier reinitializer(uint8 version) {
require(!_initializing && _initialized < version, "Initializable: contract is already initialized");
_initialized = version;
_initializing = true;
_;
_initializing = false;
emit Initialized(version);
}
/**
* @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
* {initializer} and {reinitializer} modifiers, directly or indirectly.
*/
modifier onlyInitializing() {
require(_initializing, "Initializable: contract is not initializing");
_;
}
/**
* @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
* Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
* to any version. It is recommended to use this to lock implementation contracts that are designed to be called
* through proxies.
*
* Emits an {Initialized} event the first time it is successfully executed.
*/
function _disableInitializers() internal virtual {
require(!_initializing, "Initializable: contract is initializing");
if (_initialized < type(uint8).max) {
_initialized = type(uint8).max;
emit Initialized(type(uint8).max);
}
}
/**
* @dev Returns the highest version that has been initialized. See {reinitializer}.
*/
function _getInitializedVersion() internal view returns (uint8) {
return _initialized;
}
/**
* @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.
*/
function _isInitializing() internal view returns (bool) {
return _initializing;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (proxy/beacon/IBeacon.sol)
pragma solidity ^0.8.0;
/**
* @dev This is the interface that {BeaconProxy} expects of its beacon.
*/
interface IBeaconUpgradeable {
/**
* @dev Must return an address that can be used as a delegate call target.
*
* {BeaconProxy} will check that this address is a contract.
*/
function implementation() external view returns (address);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.3) (interfaces/IERC1967.sol)
pragma solidity ^0.8.0;
/**
* @dev ERC-1967: Proxy Storage Slots. This interface contains the events defined in the ERC.
*
* _Available since v4.9._
*/
interface IERC1967Upgradeable {
/**
* @dev Emitted when the implementation is upgraded.
*/
event Upgraded(address indexed implementation);
/**
* @dev Emitted when the admin account has changed.
*/
event AdminChanged(address previousAdmin, address newAdmin);
/**
* @dev Emitted when the beacon is changed.
*/
event BeaconUpgraded(address indexed beacon);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (utils/Address.sol)
pragma solidity ^0.8.1;
/**
* @dev Collection of functions related to the address type
*/
library AddressUpgradeable {
/**
* @dev Returns true if `account` is a contract.
*
* [IMPORTANT]
* ====
* It is unsafe to assume that an address for which this function returns
* false is an externally-owned account (EOA) and not a contract.
*
* Among others, `isContract` will return false for the following
* types of addresses:
*
* - an externally-owned account
* - a contract in construction
* - an address where a contract will be created
* - an address where a contract lived, but was destroyed
* ====
*
* [IMPORTANT]
* ====
* You shouldn't rely on `isContract` to protect against flash loan attacks!
*
* Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
* like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
* constructor.
* ====
*/
function isContract(address account) internal view returns (bool) {
// This method relies on extcodesize/address.code.length, which returns 0
// for contracts in construction, since the code is only stored at the end
// of the constructor execution.
return account.code.length > 0;
}
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
require(address(this).balance >= amount, "Address: insufficient balance");
(bool success, ) = recipient.call{value: amount}("");
require(success, "Address: unable to send value, recipient may have reverted");
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason, it is bubbled up by this
* function (like regular Solidity function calls).
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*
* _Available since v3.1._
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, "Address: low-level call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
* `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value
) internal returns (bytes memory) {
return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
}
/**
* @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
* with `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value,
string memory errorMessage
) internal returns (bytes memory) {
require(address(this).balance >= value, "Address: insufficient balance for call");
(bool success, bytes memory returndata) = target.call{value: value}(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
return functionStaticCall(target, data, "Address: low-level static call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(
address target,
bytes memory data,
string memory errorMessage
) internal view returns (bytes memory) {
(bool success, bytes memory returndata) = target.staticcall(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling
* the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.
*
* _Available since v4.8._
*/
function verifyCallResultFromTarget(
address target,
bool success,
bytes memory returndata,
string memory errorMessage
) internal view returns (bytes memory) {
if (success) {
if (returndata.length == 0) {
// only check isContract if the call was successful and the return data is empty
// otherwise we already know that it was a contract
require(isContract(target), "Address: call to non-contract");
}
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
/**
* @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the
* revert reason or using the provided one.
*
* _Available since v4.3._
*/
function verifyCallResult(
bool success,
bytes memory returndata,
string memory errorMessage
) internal pure returns (bytes memory) {
if (success) {
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
function _revert(bytes memory returndata, string memory errorMessage) private pure {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly
/// @solidity memory-safe-assembly
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert(errorMessage);
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (utils/StorageSlot.sol)
pragma solidity ^0.8.0;
/**
* @dev Library for reading and writing primitive types to specific storage slots.
*
* Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.
* This library helps with reading and writing to such slots without the need for inline assembly.
*
* The functions in this library return Slot structs that contain a `value` member that can be used to read or write.
*
* Example usage to set ERC1967 implementation slot:
* ```
* contract ERC1967 {
* bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
*
* function _getImplementation() internal view returns (address) {
* return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
* }
*
* function _setImplementation(address newImplementation) internal {
* require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract");
* StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
* }
* }
* ```
*
* _Available since v4.1 for `address`, `bool`, `bytes32`, and `uint256`._
*/
library StorageSlotUpgradeable {
struct AddressSlot {
address value;
}
struct BooleanSlot {
bool value;
}
struct Bytes32Slot {
bytes32 value;
}
struct Uint256Slot {
uint256 value;
}
/**
* @dev Returns an `AddressSlot` with member `value` located at `slot`.
*/
function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `BooleanSlot` with member `value` located at `slot`.
*/
function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Bytes32Slot` with member `value` located at `slot`.
*/
function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Uint256Slot` with member `value` located at `slot`.
*/
function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)
pragma solidity ^0.8.0;
import "../proxy/utils/Initializable.sol";
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract ContextUpgradeable is Initializable {
function __Context_init() internal onlyInitializing {
}
function __Context_init_unchained() internal onlyInitializing {
}
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[50] private __gap;
}