Transaction Hash:
Block:
21541559 at Jan-03-2025 04:26:47 AM +UTC
Transaction Fee:
0.00062653923101055 ETH
$1.56
Gas Used:
81,950 Gas / 7.645384149 Gwei
Emitted Events:
| 124 |
Proxy.0x7a06c571aa77f34d9706c51e5d8122b5595aebeaa34233bfe866f22befb973b1( 0x7a06c571aa77f34d9706c51e5d8122b5595aebeaa34233bfe866f22befb973b1, 0x07c76a71952ce3acd1f953fd2a3fda8564408b821ff367041c89f44526076633, 0x000000000000000000000000023a2aac5d0fa69e3243994672822ba43e34e5c9, 0000000000000000000000000000000000000000000000000000000000000020, 0000000000000000000000000000000000000000000000000000000000000004, 0000000000000000000000000000000000000000000000000000000000000001, 000000000000000000000000b0c99173d29480c68831eb0d18c709a898649163, 0000000000000000000000000000000000000000000000056bc75e2d63100000, 0000000000000000000000000000000000000000000000000000000000000000 )
|
| 125 |
TheLordsToken.Transfer( from=[Receiver] LordsL1Bridge, to=[Sender] 0xb0c99173d29480c68831eb0d18c709a898649163, value=100000000000000000000 )
|
| 126 |
LordsL1Bridge.LogWithdrawal( l1Recipient=[Sender] 0xb0c99173d29480c68831eb0d18c709a898649163, amount=100000000000000000000 )
|
Account State Difference:
| Address | Before | After | State Difference | ||
|---|---|---|---|---|---|
|
0x4838B106...B0BAD5f97
Miner
| (Titan Builder) | 8.908393764639809877 Eth | 8.908470852521970727 Eth | 0.00007708788216085 | |
| 0x686f2404...CDD2318b0 | |||||
| 0xb0C99173...898649163 |
0.020233503573128847 Eth
Nonce: 154
|
0.019606964342118297 Eth
Nonce: 155
| 0.00062653923101055 | ||
| 0xc662c410...BeBD9C8c4 | (Starknet: Core Contract) |
Execution Trace
LordsL1Bridge.withdraw( amount=100000000000000000000, l1Recipient=0xb0C99173d29480C68831eb0d18C709a898649163 )
Proxy.2c9dd5c0( )-
Starknet.consumeMessageFromL2( fromAddress=3518527153270494256475755541726550738597926965391766941271488561627919771187, payload=[1, 1009277496143741663587820302354310323348944752995, 100000000000000000000, 0] ) => ( 006DCF9B24076F937B7E94BFE12322679BB0C096148C7F48B1479A4271248B86 )
-
-
TheLordsToken.transfer( recipient=0xb0C99173d29480C68831eb0d18C709a898649163, amount=100000000000000000000 ) => ( True )
withdraw[LordsL1Bridge (ln:93)]
splitUint256[LordsL1Bridge (ln:97)]consumeMessageFromL2[LordsL1Bridge (ln:100)]transfer[LordsL1Bridge (ln:101)]LogWithdrawal[LordsL1Bridge (ln:102)]
File 1 of 4: LordsL1Bridge
File 2 of 4: Proxy
File 3 of 4: TheLordsToken
File 4 of 4: Starknet
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
interface IERC20Like {
function transfer(address to, uint256 amount) external returns (bool);
function transferFrom(address from, address to, uint256 value) external returns (bool success);
}
interface IStarknetCore {
/**
Sends a message to an L2 contract.
Returns the hash of the message.
*/
function sendMessageToL2(
uint256 toAddress,
uint256 selector,
uint256[] calldata payload
) external payable returns (bytes32);
/**
Consumes a message that was sent from an L2 contract.
Returns the hash of the message.
*/
function consumeMessageFromL2(
uint256 fromAddress,
uint256[] calldata payload
) external returns (bytes32);
}
contract LordsL1Bridge {
/// @notice The Starknet Core contract address on L1
address public immutable starknet;
/// @notice The $LORDS ERC20 contract address on L1
address public immutable l1Token;
/// @notice The L2 address of the $LORDS bridge, the counterpart to this contract
uint256 public immutable l2Bridge;
event LogDeposit(
address indexed l1Sender,
uint256 amount,
uint256 l2Recipient
);
event LogWithdrawal(address indexed l1Recipient, uint256 amount);
// 2 ** 251 + 17 * 2 ** 192 + 1;
uint256 private constant CAIRO_PRIME =
3618502788666131213697322783095070105623107215331596699973092056135872020481;
// from starkware.starknet.compiler.compile import get_selector_from_name
// print(get_selector_from_name('handle_deposit'))
uint256 private constant DEPOSIT_SELECTOR =
1285101517810983806491589552491143496277809242732141897358598292095611420389;
// operation ID sent in the L2 -> L1 message
uint256 private constant PROCESS_WITHDRAWAL = 1;
function splitUint256(uint256 value)
internal
pure
returns (uint256, uint256)
{
uint256 low = value & ((1 << 128) - 1);
uint256 high = value >> 128;
return (low, high);
}
constructor(
address _starknet,
address _l1Token,
uint256 _l2Bridge
) {
require(_l2Bridge < CAIRO_PRIME, "Invalid L2 bridge address");
starknet = _starknet;
l1Token = _l1Token;
l2Bridge = _l2Bridge;
}
/// @notice Function used to bridge $LORDS from L1 to L2
/// @param amount How many $LORDS to send from msg.sender
/// @param l2Recipient To which L2 address should we deposit the $LORDS to
/// @param fee Compulsory fee paid to the sequencer for passing on the message
function deposit(uint256 amount, uint256 l2Recipient, uint256 fee) external payable {
require(amount > 0, "Amount is 0");
require(
l2Recipient != 0 &&
l2Recipient != l2Bridge &&
l2Recipient < CAIRO_PRIME,
"Invalid L2 recipient"
);
uint256[] memory payload = new uint256[](3);
payload[0] = l2Recipient;
(payload[1], payload[2]) = splitUint256(amount);
IERC20Like(l1Token).transferFrom(msg.sender, address(this), amount);
IStarknetCore(starknet).sendMessageToL2{value: fee}(
l2Bridge,
DEPOSIT_SELECTOR,
payload
);
emit LogDeposit(msg.sender, amount, l2Recipient);
}
/// @notice Function to process the L2 withdrawal
/// @param amount How many $LORDS were sent from L2
/// @param l1Recipient Recipient of the (de)bridged $LORDS
function withdraw(uint256 amount, address l1Recipient) external {
uint256[] memory payload = new uint256[](4);
payload[0] = PROCESS_WITHDRAWAL;
payload[1] = uint256(uint160(l1Recipient));
(payload[2], payload[3]) = splitUint256(amount);
// The call to consumeMessageFromL2 will succeed only if a
// matching L2->L1 message exists and is ready for consumption.
IStarknetCore(starknet).consumeMessageFromL2(l2Bridge, payload);
IERC20Like(l1Token).transfer(l1Recipient, amount);
emit LogWithdrawal(l1Recipient, amount);
}
}
File 2 of 4: Proxy
{"Common.sol":{"content":"/*\n Copyright 2019-2021 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.12;\n\n/*\n Common Utility librarries.\n I. Addresses (extending address).\n*/\nlibrary Addresses {\n function isContract(address account) internal view returns (bool) {\n uint256 size;\n assembly {\n size := extcodesize(account)\n }\n return size \u003e 0;\n }\n\n function performEthTransfer(address recipient, uint256 amount) internal {\n (bool success, ) = recipient.call{value: amount}(\"\"); // NOLINT: low-level-calls.\n require(success, \"ETH_TRANSFER_FAILED\");\n }\n\n /*\n Safe wrapper around ERC20/ERC721 calls.\n This is required because many deployed ERC20 contracts don\u0027t return a value.\n See https://github.com/ethereum/solidity/issues/4116.\n */\n function safeTokenContractCall(address tokenAddress, bytes memory callData) internal {\n require(isContract(tokenAddress), \"BAD_TOKEN_ADDRESS\");\n // NOLINTNEXTLINE: low-level-calls.\n (bool success, bytes memory returndata) = tokenAddress.call(callData);\n require(success, string(returndata));\n\n if (returndata.length \u003e 0) {\n require(abi.decode(returndata, (bool)), \"TOKEN_OPERATION_FAILED\");\n }\n }\n\n /*\n Validates that the passed contract address is of a real contract,\n and that its id hash (as infered fromn identify()) matched the expected one.\n */\n function validateContractId(address contractAddress, bytes32 expectedIdHash) internal {\n require(isContract(contractAddress), \"ADDRESS_NOT_CONTRACT\");\n (bool success, bytes memory returndata) = contractAddress.call( // NOLINT: low-level-calls.\n abi.encodeWithSignature(\"identify()\")\n );\n require(success, \"FAILED_TO_IDENTIFY_CONTRACT\");\n string memory realContractId = abi.decode(returndata, (string));\n require(\n keccak256(abi.encodePacked(realContractId)) == expectedIdHash,\n \"UNEXPECTED_CONTRACT_IDENTIFIER\"\n );\n }\n}\n\n/*\n II. StarkExTypes - Common data types.\n*/\nlibrary StarkExTypes {\n // Structure representing a list of verifiers (validity/availability).\n // A statement is valid only if all the verifiers in the list agree on it.\n // Adding a verifier to the list is immediate - this is used for fast resolution of\n // any soundness issues.\n // Removing from the list is time-locked, to ensure that any user of the system\n // not content with the announced removal has ample time to leave the system before it is\n // removed.\n struct ApprovalChainData {\n address[] list;\n // Represents the time after which the verifier with the given address can be removed.\n // Removal of the verifier with address A is allowed only in the case the value\n // of unlockedForRemovalTime[A] != 0 and unlockedForRemovalTime[A] \u003c (current time).\n mapping(address =\u003e uint256) unlockedForRemovalTime;\n }\n}\n"},"Governance.sol":{"content":"/*\n Copyright 2019-2021 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.12;\n\nimport \"MGovernance.sol\";\n\n/*\n Implements Generic Governance, applicable for both proxy and main contract, and possibly others.\n Notes:\n The use of the same function names by both the Proxy and a delegated implementation\n is not possible since calling the implementation functions is done via the default function\n of the Proxy. For this reason, for example, the implementation of MainContract (MainGovernance)\n exposes mainIsGovernor, which calls the internal isGovernor method.\n*/\nabstract contract Governance is MGovernance {\n event LogNominatedGovernor(address nominatedGovernor);\n event LogNewGovernorAccepted(address acceptedGovernor);\n event LogRemovedGovernor(address removedGovernor);\n event LogNominationCancelled();\n\n function getGovernanceInfo() internal view virtual returns (GovernanceInfoStruct storage);\n\n /*\n Current code intentionally prevents governance re-initialization.\n This may be a problem in an upgrade situation, in a case that the upgrade-to implementation\n performs an initialization (for real) and within that calls initGovernance().\n\n Possible workarounds:\n 1. Clearing the governance info altogether by changing the MAIN_GOVERNANCE_INFO_TAG.\n This will remove existing main governance information.\n 2. Modify the require part in this function, so that it will exit quietly\n when trying to re-initialize (uncomment the lines below).\n */\n function initGovernance() internal {\n GovernanceInfoStruct storage gub = getGovernanceInfo();\n require(!gub.initialized, \"ALREADY_INITIALIZED\");\n gub.initialized = true; // to ensure addGovernor() won\u0027t fail.\n // Add the initial governer.\n addGovernor(msg.sender);\n }\n\n function isGovernor(address testGovernor) internal view override returns (bool) {\n GovernanceInfoStruct storage gub = getGovernanceInfo();\n return gub.effectiveGovernors[testGovernor];\n }\n\n /*\n Cancels the nomination of a governor candidate.\n */\n function cancelNomination() internal onlyGovernance {\n GovernanceInfoStruct storage gub = getGovernanceInfo();\n gub.candidateGovernor = address(0x0);\n emit LogNominationCancelled();\n }\n\n function nominateNewGovernor(address newGovernor) internal onlyGovernance {\n GovernanceInfoStruct storage gub = getGovernanceInfo();\n require(!isGovernor(newGovernor), \"ALREADY_GOVERNOR\");\n gub.candidateGovernor = newGovernor;\n emit LogNominatedGovernor(newGovernor);\n }\n\n /*\n The addGovernor is called in two cases:\n 1. by acceptGovernance when a new governor accepts its role.\n 2. by initGovernance to add the initial governor.\n The difference is that the init path skips the nominate step\n that would fail because of the onlyGovernance modifier.\n */\n function addGovernor(address newGovernor) private {\n require(!isGovernor(newGovernor), \"ALREADY_GOVERNOR\");\n GovernanceInfoStruct storage gub = getGovernanceInfo();\n gub.effectiveGovernors[newGovernor] = true;\n }\n\n function acceptGovernance() internal {\n // The new governor was proposed as a candidate by the current governor.\n GovernanceInfoStruct storage gub = getGovernanceInfo();\n require(msg.sender == gub.candidateGovernor, \"ONLY_CANDIDATE_GOVERNOR\");\n\n // Update state.\n addGovernor(gub.candidateGovernor);\n gub.candidateGovernor = address(0x0);\n\n // Send a notification about the change of governor.\n emit LogNewGovernorAccepted(msg.sender);\n }\n\n /*\n Remove a governor from office.\n */\n function removeGovernor(address governorForRemoval) internal onlyGovernance {\n require(msg.sender != governorForRemoval, \"GOVERNOR_SELF_REMOVE\");\n GovernanceInfoStruct storage gub = getGovernanceInfo();\n require(isGovernor(governorForRemoval), \"NOT_GOVERNOR\");\n gub.effectiveGovernors[governorForRemoval] = false;\n emit LogRemovedGovernor(governorForRemoval);\n }\n}\n"},"GovernanceStorage.sol":{"content":"/*\n Copyright 2019-2021 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.12;\nimport \"MGovernance.sol\";\n\n/*\n Holds the governance slots for ALL entities, including proxy and the main contract.\n*/\ncontract GovernanceStorage {\n // A map from a Governor tag to its own GovernanceInfoStruct.\n mapping(string =\u003e GovernanceInfoStruct) internal governanceInfo; //NOLINT uninitialized-state.\n}\n"},"MGovernance.sol":{"content":"/*\n Copyright 2019-2021 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.12;\n\nstruct GovernanceInfoStruct {\n mapping(address =\u003e bool) effectiveGovernors;\n address candidateGovernor;\n bool initialized;\n}\n\nabstract contract MGovernance {\n function isGovernor(address testGovernor) internal view virtual returns (bool);\n\n /*\n Allows calling the function only by a Governor.\n */\n modifier onlyGovernance() {\n require(isGovernor(msg.sender), \"ONLY_GOVERNANCE\");\n _;\n }\n}\n"},"Proxy.sol":{"content":"/*\n Copyright 2019-2021 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.12;\n\nimport \"ProxyGovernance.sol\";\nimport \"ProxyStorage.sol\";\nimport \"StorageSlots.sol\";\nimport \"Common.sol\";\n\n/**\n The Proxy contract implements delegation of calls to other contracts (`implementations`), with\n proper forwarding of return values and revert reasons. This pattern allows retaining the contract\n storage while replacing implementation code.\n\n The following operations are supported by the proxy contract:\n\n - :sol:func:`addImplementation`: Defines a new implementation, the data with which it should be initialized and whether this will be the last version of implementation.\n - :sol:func:`upgradeTo`: Once an implementation is added, the governor may upgrade to that implementation only after a safety time period has passed (time lock), the current implementation is not the last version and the implementation is not frozen (see :sol:mod:`FullWithdrawals`).\n - :sol:func:`removeImplementation`: Any announced implementation may be removed. Removing an implementation is especially important once it has been used for an upgrade in order to avoid an additional unwanted revert to an older version.\n\n The only entity allowed to perform the above operations is the proxy governor\n (see :sol:mod:`ProxyGovernance`).\n\n Every implementation is required to have an `initialize` function that replaces the constructor\n of a normal contract. Furthermore, the only parameter of this function is an array of bytes\n (`data`) which may be decoded arbitrarily by the `initialize` function. It is up to the\n implementation to ensure that this function cannot be run more than once if so desired.\n\n When an implementation is added (:sol:func:`addImplementation`) the initialization `data` is also\n announced, allowing users of the contract to analyze the full effect of an upgrade to the new\n implementation. During an :sol:func:`upgradeTo`, the `data` is provided again and only if it is\n identical to the announced `data` is the upgrade performed by pointing the proxy to the new\n implementation and calling its `initialize` function with this `data`.\n\n It is the responsibility of the implementation not to overwrite any storage belonging to the\n proxy (`ProxyStorage`). In addition, upon upgrade, the new implementation is assumed to be\n backward compatible with previous implementations with respect to the storage used until that\n point.\n*/\ncontract Proxy is ProxyStorage, ProxyGovernance, StorageSlots {\n // Emitted when the active implementation is replaced.\n event ImplementationUpgraded(address indexed implementation, bytes initializer);\n\n // Emitted when an implementation is submitted as an upgrade candidate and a time lock\n // is activated.\n event ImplementationAdded(address indexed implementation, bytes initializer, bool finalize);\n\n // Emitted when an implementation is removed from the list of upgrade candidates.\n event ImplementationRemoved(address indexed implementation, bytes initializer, bool finalize);\n\n // Emitted when the implementation is finalized.\n event FinalizedImplementation(address indexed implementation);\n\n using Addresses for address;\n\n string public constant PROXY_VERSION = \"3.0.0\";\n\n constructor(uint256 upgradeActivationDelay) public {\n initGovernance();\n setUpgradeActivationDelay(upgradeActivationDelay);\n }\n\n function setUpgradeActivationDelay(uint256 delayInSeconds) private {\n bytes32 slot = UPGRADE_DELAY_SLOT;\n assembly {\n sstore(slot, delayInSeconds)\n }\n }\n\n function getUpgradeActivationDelay() public view returns (uint256 delay) {\n bytes32 slot = UPGRADE_DELAY_SLOT;\n assembly {\n delay := sload(slot)\n }\n return delay;\n }\n\n /*\n Returns the address of the current implementation.\n */\n // NOLINTNEXTLINE external-function.\n function implementation() public view returns (address _implementation) {\n bytes32 slot = IMPLEMENTATION_SLOT;\n assembly {\n _implementation := sload(slot)\n }\n }\n\n /*\n Returns true if the implementation is frozen.\n If the implementation was not assigned yet, returns false.\n */\n function implementationIsFrozen() private returns (bool) {\n address _implementation = implementation();\n\n // We can\u0027t call low level implementation before it\u0027s assigned. (i.e. ZERO).\n if (_implementation == address(0x0)) {\n return false;\n }\n\n // NOLINTNEXTLINE: low-level-calls.\n (bool success, bytes memory returndata) = _implementation.delegatecall(\n abi.encodeWithSignature(\"isFrozen()\")\n );\n require(success, string(returndata));\n return abi.decode(returndata, (bool));\n }\n\n /*\n This method blocks delegation to initialize().\n Only upgradeTo should be able to delegate call to initialize().\n */\n function initialize(\n bytes calldata /*data*/\n ) external pure {\n revert(\"CANNOT_CALL_INITIALIZE\");\n }\n\n modifier notFinalized() {\n require(isNotFinalized(), \"IMPLEMENTATION_FINALIZED\");\n _;\n }\n\n /*\n Forbids calling the function if the implementation is frozen.\n This modifier relies on the lower level (logical contract) implementation of isFrozen().\n */\n modifier notFrozen() {\n require(!implementationIsFrozen(), \"STATE_IS_FROZEN\");\n _;\n }\n\n /*\n This entry point serves only transactions with empty calldata. (i.e. pure value transfer tx).\n We don\u0027t expect to receive such, thus block them.\n */\n receive() external payable {\n revert(\"CONTRACT_NOT_EXPECTED_TO_RECEIVE\");\n }\n\n /*\n Contract\u0027s default function. Delegates execution to the implementation contract.\n It returns back to the external caller whatever the implementation delegated code returns.\n */\n fallback() external payable {\n address _implementation = implementation();\n require(_implementation != address(0x0), \"MISSING_IMPLEMENTATION\");\n\n assembly {\n // Copy msg.data. We take full control of memory in this inline assembly\n // block because it will not return to Solidity code. We overwrite the\n // Solidity scratch pad at memory position 0.\n calldatacopy(0, 0, calldatasize())\n\n // Call the implementation.\n // out and outsize are 0 for now, as we don\u0027t know the out size yet.\n let result := delegatecall(gas(), _implementation, 0, calldatasize(), 0, 0)\n\n // Copy the returned data.\n returndatacopy(0, 0, returndatasize())\n\n switch result\n // delegatecall returns 0 on error.\n case 0 {\n revert(0, returndatasize())\n }\n default {\n return(0, returndatasize())\n }\n }\n }\n\n /*\n Sets the implementation address of the proxy.\n */\n function setImplementation(address newImplementation) private {\n bytes32 slot = IMPLEMENTATION_SLOT;\n assembly {\n sstore(slot, newImplementation)\n }\n }\n\n /*\n Returns true if the contract is not in the finalized state.\n */\n function isNotFinalized() public view returns (bool notFinal) {\n bytes32 slot = FINALIZED_STATE_SLOT;\n uint256 slotValue;\n assembly {\n slotValue := sload(slot)\n }\n notFinal = (slotValue == 0);\n }\n\n /*\n Marks the current implementation as finalized.\n */\n function setFinalizedFlag() private {\n bytes32 slot = FINALIZED_STATE_SLOT;\n assembly {\n sstore(slot, 0x1)\n }\n }\n\n /*\n Introduce an implementation and its initialization vector,\n and start the time-lock before it can be upgraded to.\n addImplementation is not blocked when frozen or finalized.\n (upgradeTo API is blocked when finalized or frozen).\n */\n function addImplementation(\n address newImplementation,\n bytes calldata data,\n bool finalize\n ) external onlyGovernance {\n require(newImplementation.isContract(), \"ADDRESS_NOT_CONTRACT\");\n\n bytes32 implVectorHash = keccak256(abi.encode(newImplementation, data, finalize));\n\n uint256 activationTime = block.timestamp + getUpgradeActivationDelay();\n\n // First implementation should not have time-lock.\n if (implementation() == address(0x0)) {\n activationTime = block.timestamp;\n }\n\n enabledTime[implVectorHash] = activationTime;\n emit ImplementationAdded(newImplementation, data, finalize);\n }\n\n /*\n Removes a candidate implementation.\n Note that it is possible to remove the current implementation. Doing so doesn\u0027t affect the\n current implementation, but rather revokes it as a future candidate.\n */\n function removeImplementation(\n address removedImplementation,\n bytes calldata data,\n bool finalize\n ) external onlyGovernance {\n bytes32 implVectorHash = keccak256(abi.encode(removedImplementation, data, finalize));\n\n // If we have initializer, we set the hash of it.\n uint256 activationTime = enabledTime[implVectorHash];\n require(activationTime \u003e 0, \"UNKNOWN_UPGRADE_INFORMATION\");\n delete enabledTime[implVectorHash];\n emit ImplementationRemoved(removedImplementation, data, finalize);\n }\n\n /*\n Upgrades the proxy to a new implementation, with its initialization.\n to upgrade successfully, implementation must have been added time-lock agreeably\n before, and the init vector must be identical ot the one submitted before.\n\n Upon assignment of new implementation address,\n its initialize will be called with the initializing vector (even if empty).\n Therefore, the implementation MUST must have such a method.\n\n Note - Initialization data is committed to in advance, therefore it must remain valid\n until the actual contract upgrade takes place.\n\n Care should be taken regarding initialization data and flow when planning the contract upgrade.\n\n When planning contract upgrade, special care is also needed with regard to governance\n (See comments in Governance.sol).\n */\n // NOLINTNEXTLINE: reentrancy-events timestamp.\n function upgradeTo(\n address newImplementation,\n bytes calldata data,\n bool finalize\n ) external payable onlyGovernance notFinalized notFrozen {\n bytes32 implVectorHash = keccak256(abi.encode(newImplementation, data, finalize));\n uint256 activationTime = enabledTime[implVectorHash];\n require(activationTime \u003e 0, \"UNKNOWN_UPGRADE_INFORMATION\");\n require(newImplementation.isContract(), \"ADDRESS_NOT_CONTRACT\");\n // NOLINTNEXTLINE: timestamp.\n require(activationTime \u003c= block.timestamp, \"UPGRADE_NOT_ENABLED_YET\");\n\n setImplementation(newImplementation);\n\n // NOLINTNEXTLINE: low-level-calls controlled-delegatecall.\n (bool success, bytes memory returndata) = newImplementation.delegatecall(\n abi.encodeWithSelector(this.initialize.selector, data)\n );\n require(success, string(returndata));\n\n // Verify that the new implementation is not frozen post initialization.\n // NOLINTNEXTLINE: low-level-calls controlled-delegatecall.\n (success, returndata) = newImplementation.delegatecall(\n abi.encodeWithSignature(\"isFrozen()\")\n );\n require(success, \"CALL_TO_ISFROZEN_REVERTED\");\n require(!abi.decode(returndata, (bool)), \"NEW_IMPLEMENTATION_FROZEN\");\n\n if (finalize) {\n setFinalizedFlag();\n emit FinalizedImplementation(newImplementation);\n }\n\n emit ImplementationUpgraded(newImplementation, data);\n }\n}\n"},"ProxyGovernance.sol":{"content":"/*\n Copyright 2019-2021 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.12;\n\nimport \"Governance.sol\";\nimport \"GovernanceStorage.sol\";\n\n/**\n The Proxy contract is governed by one or more Governors of which the initial one is the\n deployer of the contract.\n\n A governor has the sole authority to perform the following operations:\n\n 1. Nominate additional governors (:sol:func:`proxyNominateNewGovernor`)\n 2. Remove other governors (:sol:func:`proxyRemoveGovernor`)\n 3. Add new `implementations` (proxied contracts)\n 4. Remove (new or old) `implementations`\n 5. Update `implementations` after a timelock allows it\n\n Adding governors is performed in a two step procedure:\n\n 1. First, an existing governor nominates a new governor (:sol:func:`proxyNominateNewGovernor`)\n 2. Then, the new governor must accept governance to become a governor (:sol:func:`proxyAcceptGovernance`)\n\n This two step procedure ensures that a governor public key cannot be nominated unless there is an\n entity that has the corresponding private key. This is intended to prevent errors in the addition\n process.\n\n The governor private key should typically be held in a secure cold wallet or managed via a\n multi-sig contract.\n*/\n/*\n Implements Governance for the proxy contract.\n It is a thin wrapper to the Governance contract,\n which is needed so that it can have non-colliding function names,\n and a specific tag (key) to allow unique state storage.\n*/\ncontract ProxyGovernance is GovernanceStorage, Governance {\n // The tag is the string key that is used in the Governance storage mapping.\n string public constant PROXY_GOVERNANCE_TAG = \"StarkEx.Proxy.2019.GovernorsInformation\";\n\n /*\n Returns the GovernanceInfoStruct associated with the governance tag.\n */\n function getGovernanceInfo() internal view override returns (GovernanceInfoStruct storage) {\n return governanceInfo[PROXY_GOVERNANCE_TAG];\n }\n\n function proxyIsGovernor(address testGovernor) external view returns (bool) {\n return isGovernor(testGovernor);\n }\n\n function proxyNominateNewGovernor(address newGovernor) external {\n nominateNewGovernor(newGovernor);\n }\n\n function proxyRemoveGovernor(address governorForRemoval) external {\n removeGovernor(governorForRemoval);\n }\n\n function proxyAcceptGovernance() external {\n acceptGovernance();\n }\n\n function proxyCancelNomination() external {\n cancelNomination();\n }\n}\n"},"ProxyStorage.sol":{"content":"/*\n Copyright 2019-2021 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.12;\n\nimport \"GovernanceStorage.sol\";\n\n/*\n Holds the Proxy-specific state variables.\n This contract is inherited by the GovernanceStorage (and indirectly by MainStorage)\n to prevent collision hazard.\n*/\ncontract ProxyStorage is GovernanceStorage {\n // NOLINTNEXTLINE: naming-convention uninitialized-state.\n mapping(address =\u003e bytes32) internal initializationHash_DEPRECATED;\n\n // The time after which we can switch to the implementation.\n // Hash(implementation, data, finalize) =\u003e time.\n mapping(bytes32 =\u003e uint256) internal enabledTime;\n\n // A central storage of the flags whether implementation has been initialized.\n // Note - it can be used flexibly enough to accommodate multiple levels of initialization\n // (i.e. using different key salting schemes for different initialization levels).\n mapping(bytes32 =\u003e bool) internal initialized;\n}\n"},"StorageSlots.sol":{"content":"/*\n Copyright 2019-2021 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.12;\n\n/**\n StorageSlots holds the arbitrary storage slots used throughout the Proxy pattern.\n Storage address slots are a mechanism to define an arbitrary location, that will not be\n overlapped by the logical contracts.\n*/\ncontract StorageSlots {\n // Storage slot with the address of the current implementation.\n // The address of the slot is keccak256(\"StarkWare2019.implemntation-slot\").\n // We need to keep this variable stored outside of the commonly used space,\n // so that it\u0027s not overrun by the logical implementation (the proxied contract).\n bytes32 internal constant IMPLEMENTATION_SLOT =\n 0x177667240aeeea7e35eabe3a35e18306f336219e1386f7710a6bf8783f761b24;\n\n // Storage slot with the address of the call-proxy current implementation.\n // The address of the slot is keccak256(\"\u0027StarkWare2020.CallProxy.Implemntation.Slot\u0027\").\n // We need to keep this variable stored outside of the commonly used space.\n // so that it\u0027s not overrun by the logical implementation (the proxied contract).\n bytes32 internal constant CALL_PROXY_IMPL_SLOT =\n 0x7184681641399eb4ad2fdb92114857ee6ff239f94ad635a1779978947b8843be;\n\n // This storage slot stores the finalization flag.\n // Once the value stored in this slot is set to non-zero\n // the proxy blocks implementation upgrades.\n // The current implementation is then referred to as Finalized.\n // Web3.solidityKeccak([\u0027string\u0027], [\"StarkWare2019.finalization-flag-slot\"]).\n bytes32 internal constant FINALIZED_STATE_SLOT =\n 0x7d433c6f837e8f93009937c466c82efbb5ba621fae36886d0cac433c5d0aa7d2;\n\n // Storage slot to hold the upgrade delay (time-lock).\n // The intention of this slot is to allow modification using an EIC.\n // Web3.solidityKeccak([\u0027string\u0027], [\u0027StarkWare.Upgradibility.Delay.Slot\u0027]).\n bytes32 public constant UPGRADE_DELAY_SLOT =\n 0xc21dbb3089fcb2c4f4c6a67854ab4db2b0f233ea4b21b21f912d52d18fc5db1f;\n}\n"}}File 3 of 4: TheLordsToken
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.10;
import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
import "@openzeppelin/contracts/token/ERC20/extensions/ERC20Burnable.sol";
import "@openzeppelin/contracts/token/ERC20/extensions/ERC20Snapshot.sol";
import "@openzeppelin/contracts/token/ERC20/extensions/ERC20Capped.sol";
import "@openzeppelin/contracts/access/Ownable.sol";
import "@openzeppelin/contracts/security/Pausable.sol";
contract TheLordsToken is
ERC20,
ERC20Burnable,
ERC20Snapshot,
ERC20Capped,
Ownable,
Pausable
{
constructor(uint256 _cap) ERC20("Lords", "LORDS") ERC20Capped(_cap) {}
function snapshot() public onlyOwner {
_snapshot();
}
function pause() public onlyOwner {
_pause();
}
function unpause() public onlyOwner {
_unpause();
}
function mint(address to, uint256 amount) public onlyOwner {
_mint(to, amount);
}
function _mint(address account, uint256 amount)
internal
override(ERC20, ERC20Capped)
whenNotPaused
{
super._mint(account, amount);
}
function _beforeTokenTransfer(
address from,
address to,
uint256 amount
) internal override(ERC20, ERC20Snapshot) whenNotPaused {
super._beforeTokenTransfer(from, to, amount);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.0 (token/ERC20/ERC20.sol)
pragma solidity ^0.8.0;
import "./IERC20.sol";
import "./extensions/IERC20Metadata.sol";
import "../../utils/Context.sol";
/**
* @dev Implementation of the {IERC20} interface.
*
* This implementation is agnostic to the way tokens are created. This means
* that a supply mechanism has to be added in a derived contract using {_mint}.
* For a generic mechanism see {ERC20PresetMinterPauser}.
*
* TIP: For a detailed writeup see our guide
* https://forum.zeppelin.solutions/t/how-to-implement-erc20-supply-mechanisms/226[How
* to implement supply mechanisms].
*
* We have followed general OpenZeppelin Contracts guidelines: functions revert
* instead returning `false` on failure. This behavior is nonetheless
* conventional and does not conflict with the expectations of ERC20
* applications.
*
* Additionally, an {Approval} event is emitted on calls to {transferFrom}.
* This allows applications to reconstruct the allowance for all accounts just
* by listening to said events. Other implementations of the EIP may not emit
* these events, as it isn't required by the specification.
*
* Finally, the non-standard {decreaseAllowance} and {increaseAllowance}
* functions have been added to mitigate the well-known issues around setting
* allowances. See {IERC20-approve}.
*/
contract ERC20 is Context, IERC20, IERC20Metadata {
mapping(address => uint256) private _balances;
mapping(address => mapping(address => uint256)) private _allowances;
uint256 private _totalSupply;
string private _name;
string private _symbol;
/**
* @dev Sets the values for {name} and {symbol}.
*
* The default value of {decimals} is 18. To select a different value for
* {decimals} you should overload it.
*
* All two of these values are immutable: they can only be set once during
* construction.
*/
constructor(string memory name_, string memory symbol_) {
_name = name_;
_symbol = symbol_;
}
/**
* @dev Returns the name of the token.
*/
function name() public view virtual override returns (string memory) {
return _name;
}
/**
* @dev Returns the symbol of the token, usually a shorter version of the
* name.
*/
function symbol() public view virtual override returns (string memory) {
return _symbol;
}
/**
* @dev Returns the number of decimals used to get its user representation.
* For example, if `decimals` equals `2`, a balance of `505` tokens should
* be displayed to a user as `5.05` (`505 / 10 ** 2`).
*
* Tokens usually opt for a value of 18, imitating the relationship between
* Ether and Wei. This is the value {ERC20} uses, unless this function is
* overridden;
*
* NOTE: This information is only used for _display_ purposes: it in
* no way affects any of the arithmetic of the contract, including
* {IERC20-balanceOf} and {IERC20-transfer}.
*/
function decimals() public view virtual override returns (uint8) {
return 18;
}
/**
* @dev See {IERC20-totalSupply}.
*/
function totalSupply() public view virtual override returns (uint256) {
return _totalSupply;
}
/**
* @dev See {IERC20-balanceOf}.
*/
function balanceOf(address account) public view virtual override returns (uint256) {
return _balances[account];
}
/**
* @dev See {IERC20-transfer}.
*
* Requirements:
*
* - `recipient` cannot be the zero address.
* - the caller must have a balance of at least `amount`.
*/
function transfer(address recipient, uint256 amount) public virtual override returns (bool) {
_transfer(_msgSender(), recipient, amount);
return true;
}
/**
* @dev See {IERC20-allowance}.
*/
function allowance(address owner, address spender) public view virtual override returns (uint256) {
return _allowances[owner][spender];
}
/**
* @dev See {IERC20-approve}.
*
* Requirements:
*
* - `spender` cannot be the zero address.
*/
function approve(address spender, uint256 amount) public virtual override returns (bool) {
_approve(_msgSender(), spender, amount);
return true;
}
/**
* @dev See {IERC20-transferFrom}.
*
* Emits an {Approval} event indicating the updated allowance. This is not
* required by the EIP. See the note at the beginning of {ERC20}.
*
* Requirements:
*
* - `sender` and `recipient` cannot be the zero address.
* - `sender` must have a balance of at least `amount`.
* - the caller must have allowance for ``sender``'s tokens of at least
* `amount`.
*/
function transferFrom(
address sender,
address recipient,
uint256 amount
) public virtual override returns (bool) {
_transfer(sender, recipient, amount);
uint256 currentAllowance = _allowances[sender][_msgSender()];
require(currentAllowance >= amount, "ERC20: transfer amount exceeds allowance");
unchecked {
_approve(sender, _msgSender(), currentAllowance - amount);
}
return true;
}
/**
* @dev Atomically increases the allowance granted to `spender` by the caller.
*
* This is an alternative to {approve} that can be used as a mitigation for
* problems described in {IERC20-approve}.
*
* Emits an {Approval} event indicating the updated allowance.
*
* Requirements:
*
* - `spender` cannot be the zero address.
*/
function increaseAllowance(address spender, uint256 addedValue) public virtual returns (bool) {
_approve(_msgSender(), spender, _allowances[_msgSender()][spender] + addedValue);
return true;
}
/**
* @dev Atomically decreases the allowance granted to `spender` by the caller.
*
* This is an alternative to {approve} that can be used as a mitigation for
* problems described in {IERC20-approve}.
*
* Emits an {Approval} event indicating the updated allowance.
*
* Requirements:
*
* - `spender` cannot be the zero address.
* - `spender` must have allowance for the caller of at least
* `subtractedValue`.
*/
function decreaseAllowance(address spender, uint256 subtractedValue) public virtual returns (bool) {
uint256 currentAllowance = _allowances[_msgSender()][spender];
require(currentAllowance >= subtractedValue, "ERC20: decreased allowance below zero");
unchecked {
_approve(_msgSender(), spender, currentAllowance - subtractedValue);
}
return true;
}
/**
* @dev Moves `amount` of tokens from `sender` to `recipient`.
*
* This internal function is equivalent to {transfer}, and can be used to
* e.g. implement automatic token fees, slashing mechanisms, etc.
*
* Emits a {Transfer} event.
*
* Requirements:
*
* - `sender` cannot be the zero address.
* - `recipient` cannot be the zero address.
* - `sender` must have a balance of at least `amount`.
*/
function _transfer(
address sender,
address recipient,
uint256 amount
) internal virtual {
require(sender != address(0), "ERC20: transfer from the zero address");
require(recipient != address(0), "ERC20: transfer to the zero address");
_beforeTokenTransfer(sender, recipient, amount);
uint256 senderBalance = _balances[sender];
require(senderBalance >= amount, "ERC20: transfer amount exceeds balance");
unchecked {
_balances[sender] = senderBalance - amount;
}
_balances[recipient] += amount;
emit Transfer(sender, recipient, amount);
_afterTokenTransfer(sender, recipient, amount);
}
/** @dev Creates `amount` tokens and assigns them to `account`, increasing
* the total supply.
*
* Emits a {Transfer} event with `from` set to the zero address.
*
* Requirements:
*
* - `account` cannot be the zero address.
*/
function _mint(address account, uint256 amount) internal virtual {
require(account != address(0), "ERC20: mint to the zero address");
_beforeTokenTransfer(address(0), account, amount);
_totalSupply += amount;
_balances[account] += amount;
emit Transfer(address(0), account, amount);
_afterTokenTransfer(address(0), account, amount);
}
/**
* @dev Destroys `amount` tokens from `account`, reducing the
* total supply.
*
* Emits a {Transfer} event with `to` set to the zero address.
*
* Requirements:
*
* - `account` cannot be the zero address.
* - `account` must have at least `amount` tokens.
*/
function _burn(address account, uint256 amount) internal virtual {
require(account != address(0), "ERC20: burn from the zero address");
_beforeTokenTransfer(account, address(0), amount);
uint256 accountBalance = _balances[account];
require(accountBalance >= amount, "ERC20: burn amount exceeds balance");
unchecked {
_balances[account] = accountBalance - amount;
}
_totalSupply -= amount;
emit Transfer(account, address(0), amount);
_afterTokenTransfer(account, address(0), amount);
}
/**
* @dev Sets `amount` as the allowance of `spender` over the `owner` s tokens.
*
* This internal function is equivalent to `approve`, and can be used to
* e.g. set automatic allowances for certain subsystems, etc.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `owner` cannot be the zero address.
* - `spender` cannot be the zero address.
*/
function _approve(
address owner,
address spender,
uint256 amount
) internal virtual {
require(owner != address(0), "ERC20: approve from the zero address");
require(spender != address(0), "ERC20: approve to the zero address");
_allowances[owner][spender] = amount;
emit Approval(owner, spender, amount);
}
/**
* @dev Hook that is called before any transfer of tokens. This includes
* minting and burning.
*
* Calling conditions:
*
* - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens
* will be transferred to `to`.
* - when `from` is zero, `amount` tokens will be minted for `to`.
* - when `to` is zero, `amount` of ``from``'s tokens will be burned.
* - `from` and `to` are never both zero.
*
* To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks].
*/
function _beforeTokenTransfer(
address from,
address to,
uint256 amount
) internal virtual {}
/**
* @dev Hook that is called after any transfer of tokens. This includes
* minting and burning.
*
* Calling conditions:
*
* - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens
* has been transferred to `to`.
* - when `from` is zero, `amount` tokens have been minted for `to`.
* - when `to` is zero, `amount` of ``from``'s tokens have been burned.
* - `from` and `to` are never both zero.
*
* To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks].
*/
function _afterTokenTransfer(
address from,
address to,
uint256 amount
) internal virtual {}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.0 (token/ERC20/extensions/ERC20Burnable.sol)
pragma solidity ^0.8.0;
import "../ERC20.sol";
import "../../../utils/Context.sol";
/**
* @dev Extension of {ERC20} that allows token holders to destroy both their own
* tokens and those that they have an allowance for, in a way that can be
* recognized off-chain (via event analysis).
*/
abstract contract ERC20Burnable is Context, ERC20 {
/**
* @dev Destroys `amount` tokens from the caller.
*
* See {ERC20-_burn}.
*/
function burn(uint256 amount) public virtual {
_burn(_msgSender(), amount);
}
/**
* @dev Destroys `amount` tokens from `account`, deducting from the caller's
* allowance.
*
* See {ERC20-_burn} and {ERC20-allowance}.
*
* Requirements:
*
* - the caller must have allowance for ``accounts``'s tokens of at least
* `amount`.
*/
function burnFrom(address account, uint256 amount) public virtual {
uint256 currentAllowance = allowance(account, _msgSender());
require(currentAllowance >= amount, "ERC20: burn amount exceeds allowance");
unchecked {
_approve(account, _msgSender(), currentAllowance - amount);
}
_burn(account, amount);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.0 (token/ERC20/extensions/ERC20Snapshot.sol)
pragma solidity ^0.8.0;
import "../ERC20.sol";
import "../../../utils/Arrays.sol";
import "../../../utils/Counters.sol";
/**
* @dev This contract extends an ERC20 token with a snapshot mechanism. When a snapshot is created, the balances and
* total supply at the time are recorded for later access.
*
* This can be used to safely create mechanisms based on token balances such as trustless dividends or weighted voting.
* In naive implementations it's possible to perform a "double spend" attack by reusing the same balance from different
* accounts. By using snapshots to calculate dividends or voting power, those attacks no longer apply. It can also be
* used to create an efficient ERC20 forking mechanism.
*
* Snapshots are created by the internal {_snapshot} function, which will emit the {Snapshot} event and return a
* snapshot id. To get the total supply at the time of a snapshot, call the function {totalSupplyAt} with the snapshot
* id. To get the balance of an account at the time of a snapshot, call the {balanceOfAt} function with the snapshot id
* and the account address.
*
* NOTE: Snapshot policy can be customized by overriding the {_getCurrentSnapshotId} method. For example, having it
* return `block.number` will trigger the creation of snapshot at the begining of each new block. When overridding this
* function, be careful about the monotonicity of its result. Non-monotonic snapshot ids will break the contract.
*
* Implementing snapshots for every block using this method will incur significant gas costs. For a gas-efficient
* alternative consider {ERC20Votes}.
*
* ==== Gas Costs
*
* Snapshots are efficient. Snapshot creation is _O(1)_. Retrieval of balances or total supply from a snapshot is _O(log
* n)_ in the number of snapshots that have been created, although _n_ for a specific account will generally be much
* smaller since identical balances in subsequent snapshots are stored as a single entry.
*
* There is a constant overhead for normal ERC20 transfers due to the additional snapshot bookkeeping. This overhead is
* only significant for the first transfer that immediately follows a snapshot for a particular account. Subsequent
* transfers will have normal cost until the next snapshot, and so on.
*/
abstract contract ERC20Snapshot is ERC20 {
// Inspired by Jordi Baylina's MiniMeToken to record historical balances:
// https://github.com/Giveth/minimd/blob/ea04d950eea153a04c51fa510b068b9dded390cb/contracts/MiniMeToken.sol
using Arrays for uint256[];
using Counters for Counters.Counter;
// Snapshotted values have arrays of ids and the value corresponding to that id. These could be an array of a
// Snapshot struct, but that would impede usage of functions that work on an array.
struct Snapshots {
uint256[] ids;
uint256[] values;
}
mapping(address => Snapshots) private _accountBalanceSnapshots;
Snapshots private _totalSupplySnapshots;
// Snapshot ids increase monotonically, with the first value being 1. An id of 0 is invalid.
Counters.Counter private _currentSnapshotId;
/**
* @dev Emitted by {_snapshot} when a snapshot identified by `id` is created.
*/
event Snapshot(uint256 id);
/**
* @dev Creates a new snapshot and returns its snapshot id.
*
* Emits a {Snapshot} event that contains the same id.
*
* {_snapshot} is `internal` and you have to decide how to expose it externally. Its usage may be restricted to a
* set of accounts, for example using {AccessControl}, or it may be open to the public.
*
* [WARNING]
* ====
* While an open way of calling {_snapshot} is required for certain trust minimization mechanisms such as forking,
* you must consider that it can potentially be used by attackers in two ways.
*
* First, it can be used to increase the cost of retrieval of values from snapshots, although it will grow
* logarithmically thus rendering this attack ineffective in the long term. Second, it can be used to target
* specific accounts and increase the cost of ERC20 transfers for them, in the ways specified in the Gas Costs
* section above.
*
* We haven't measured the actual numbers; if this is something you're interested in please reach out to us.
* ====
*/
function _snapshot() internal virtual returns (uint256) {
_currentSnapshotId.increment();
uint256 currentId = _getCurrentSnapshotId();
emit Snapshot(currentId);
return currentId;
}
/**
* @dev Get the current snapshotId
*/
function _getCurrentSnapshotId() internal view virtual returns (uint256) {
return _currentSnapshotId.current();
}
/**
* @dev Retrieves the balance of `account` at the time `snapshotId` was created.
*/
function balanceOfAt(address account, uint256 snapshotId) public view virtual returns (uint256) {
(bool snapshotted, uint256 value) = _valueAt(snapshotId, _accountBalanceSnapshots[account]);
return snapshotted ? value : balanceOf(account);
}
/**
* @dev Retrieves the total supply at the time `snapshotId` was created.
*/
function totalSupplyAt(uint256 snapshotId) public view virtual returns (uint256) {
(bool snapshotted, uint256 value) = _valueAt(snapshotId, _totalSupplySnapshots);
return snapshotted ? value : totalSupply();
}
// Update balance and/or total supply snapshots before the values are modified. This is implemented
// in the _beforeTokenTransfer hook, which is executed for _mint, _burn, and _transfer operations.
function _beforeTokenTransfer(
address from,
address to,
uint256 amount
) internal virtual override {
super._beforeTokenTransfer(from, to, amount);
if (from == address(0)) {
// mint
_updateAccountSnapshot(to);
_updateTotalSupplySnapshot();
} else if (to == address(0)) {
// burn
_updateAccountSnapshot(from);
_updateTotalSupplySnapshot();
} else {
// transfer
_updateAccountSnapshot(from);
_updateAccountSnapshot(to);
}
}
function _valueAt(uint256 snapshotId, Snapshots storage snapshots) private view returns (bool, uint256) {
require(snapshotId > 0, "ERC20Snapshot: id is 0");
require(snapshotId <= _getCurrentSnapshotId(), "ERC20Snapshot: nonexistent id");
// When a valid snapshot is queried, there are three possibilities:
// a) The queried value was not modified after the snapshot was taken. Therefore, a snapshot entry was never
// created for this id, and all stored snapshot ids are smaller than the requested one. The value that corresponds
// to this id is the current one.
// b) The queried value was modified after the snapshot was taken. Therefore, there will be an entry with the
// requested id, and its value is the one to return.
// c) More snapshots were created after the requested one, and the queried value was later modified. There will be
// no entry for the requested id: the value that corresponds to it is that of the smallest snapshot id that is
// larger than the requested one.
//
// In summary, we need to find an element in an array, returning the index of the smallest value that is larger if
// it is not found, unless said value doesn't exist (e.g. when all values are smaller). Arrays.findUpperBound does
// exactly this.
uint256 index = snapshots.ids.findUpperBound(snapshotId);
if (index == snapshots.ids.length) {
return (false, 0);
} else {
return (true, snapshots.values[index]);
}
}
function _updateAccountSnapshot(address account) private {
_updateSnapshot(_accountBalanceSnapshots[account], balanceOf(account));
}
function _updateTotalSupplySnapshot() private {
_updateSnapshot(_totalSupplySnapshots, totalSupply());
}
function _updateSnapshot(Snapshots storage snapshots, uint256 currentValue) private {
uint256 currentId = _getCurrentSnapshotId();
if (_lastSnapshotId(snapshots.ids) < currentId) {
snapshots.ids.push(currentId);
snapshots.values.push(currentValue);
}
}
function _lastSnapshotId(uint256[] storage ids) private view returns (uint256) {
if (ids.length == 0) {
return 0;
} else {
return ids[ids.length - 1];
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.0 (token/ERC20/extensions/ERC20Capped.sol)
pragma solidity ^0.8.0;
import "../ERC20.sol";
/**
* @dev Extension of {ERC20} that adds a cap to the supply of tokens.
*/
abstract contract ERC20Capped is ERC20 {
uint256 private immutable _cap;
/**
* @dev Sets the value of the `cap`. This value is immutable, it can only be
* set once during construction.
*/
constructor(uint256 cap_) {
require(cap_ > 0, "ERC20Capped: cap is 0");
_cap = cap_;
}
/**
* @dev Returns the cap on the token's total supply.
*/
function cap() public view virtual returns (uint256) {
return _cap;
}
/**
* @dev See {ERC20-_mint}.
*/
function _mint(address account, uint256 amount) internal virtual override {
require(ERC20.totalSupply() + amount <= cap(), "ERC20Capped: cap exceeded");
super._mint(account, amount);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.0 (access/Ownable.sol)
pragma solidity ^0.8.0;
import "../utils/Context.sol";
/**
* @dev Contract module which provides a basic access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* By default, the owner account will be the one that deploys the contract. This
* can later be changed with {transferOwnership}.
*
* This module is used through inheritance. It will make available the modifier
* `onlyOwner`, which can be applied to your functions to restrict their use to
* the owner.
*/
abstract contract Ownable is Context {
address private _owner;
event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
/**
* @dev Initializes the contract setting the deployer as the initial owner.
*/
constructor() {
_transferOwnership(_msgSender());
}
/**
* @dev Returns the address of the current owner.
*/
function owner() public view virtual returns (address) {
return _owner;
}
/**
* @dev Throws if called by any account other than the owner.
*/
modifier onlyOwner() {
require(owner() == _msgSender(), "Ownable: caller is not the owner");
_;
}
/**
* @dev Leaves the contract without owner. It will not be possible to call
* `onlyOwner` functions anymore. Can only be called by the current owner.
*
* NOTE: Renouncing ownership will leave the contract without an owner,
* thereby removing any functionality that is only available to the owner.
*/
function renounceOwnership() public virtual onlyOwner {
_transferOwnership(address(0));
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Can only be called by the current owner.
*/
function transferOwnership(address newOwner) public virtual onlyOwner {
require(newOwner != address(0), "Ownable: new owner is the zero address");
_transferOwnership(newOwner);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Internal function without access restriction.
*/
function _transferOwnership(address newOwner) internal virtual {
address oldOwner = _owner;
_owner = newOwner;
emit OwnershipTransferred(oldOwner, newOwner);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.0 (security/Pausable.sol)
pragma solidity ^0.8.0;
import "../utils/Context.sol";
/**
* @dev Contract module which allows children to implement an emergency stop
* mechanism that can be triggered by an authorized account.
*
* This module is used through inheritance. It will make available the
* modifiers `whenNotPaused` and `whenPaused`, which can be applied to
* the functions of your contract. Note that they will not be pausable by
* simply including this module, only once the modifiers are put in place.
*/
abstract contract Pausable is Context {
/**
* @dev Emitted when the pause is triggered by `account`.
*/
event Paused(address account);
/**
* @dev Emitted when the pause is lifted by `account`.
*/
event Unpaused(address account);
bool private _paused;
/**
* @dev Initializes the contract in unpaused state.
*/
constructor() {
_paused = false;
}
/**
* @dev Returns true if the contract is paused, and false otherwise.
*/
function paused() public view virtual returns (bool) {
return _paused;
}
/**
* @dev Modifier to make a function callable only when the contract is not paused.
*
* Requirements:
*
* - The contract must not be paused.
*/
modifier whenNotPaused() {
require(!paused(), "Pausable: paused");
_;
}
/**
* @dev Modifier to make a function callable only when the contract is paused.
*
* Requirements:
*
* - The contract must be paused.
*/
modifier whenPaused() {
require(paused(), "Pausable: not paused");
_;
}
/**
* @dev Triggers stopped state.
*
* Requirements:
*
* - The contract must not be paused.
*/
function _pause() internal virtual whenNotPaused {
_paused = true;
emit Paused(_msgSender());
}
/**
* @dev Returns to normal state.
*
* Requirements:
*
* - The contract must be paused.
*/
function _unpause() internal virtual whenPaused {
_paused = false;
emit Unpaused(_msgSender());
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.0 (token/ERC20/IERC20.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/
interface IERC20 {
/**
* @dev Returns the amount of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the amount of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves `amount` tokens from the caller's account to `recipient`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address recipient, uint256 amount) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 amount) external returns (bool);
/**
* @dev Moves `amount` tokens from `sender` to `recipient` using the
* allowance mechanism. `amount` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(
address sender,
address recipient,
uint256 amount
) external returns (bool);
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.0 (token/ERC20/extensions/IERC20Metadata.sol)
pragma solidity ^0.8.0;
import "../IERC20.sol";
/**
* @dev Interface for the optional metadata functions from the ERC20 standard.
*
* _Available since v4.1._
*/
interface IERC20Metadata is IERC20 {
/**
* @dev Returns the name of the token.
*/
function name() external view returns (string memory);
/**
* @dev Returns the symbol of the token.
*/
function symbol() external view returns (string memory);
/**
* @dev Returns the decimals places of the token.
*/
function decimals() external view returns (uint8);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.0 (utils/Context.sol)
pragma solidity ^0.8.0;
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract Context {
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.0 (utils/Arrays.sol)
pragma solidity ^0.8.0;
import "./math/Math.sol";
/**
* @dev Collection of functions related to array types.
*/
library Arrays {
/**
* @dev Searches a sorted `array` and returns the first index that contains
* a value greater or equal to `element`. If no such index exists (i.e. all
* values in the array are strictly less than `element`), the array length is
* returned. Time complexity O(log n).
*
* `array` is expected to be sorted in ascending order, and to contain no
* repeated elements.
*/
function findUpperBound(uint256[] storage array, uint256 element) internal view returns (uint256) {
if (array.length == 0) {
return 0;
}
uint256 low = 0;
uint256 high = array.length;
while (low < high) {
uint256 mid = Math.average(low, high);
// Note that mid will always be strictly less than high (i.e. it will be a valid array index)
// because Math.average rounds down (it does integer division with truncation).
if (array[mid] > element) {
high = mid;
} else {
low = mid + 1;
}
}
// At this point `low` is the exclusive upper bound. We will return the inclusive upper bound.
if (low > 0 && array[low - 1] == element) {
return low - 1;
} else {
return low;
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.0 (utils/Counters.sol)
pragma solidity ^0.8.0;
/**
* @title Counters
* @author Matt Condon (@shrugs)
* @dev Provides counters that can only be incremented, decremented or reset. This can be used e.g. to track the number
* of elements in a mapping, issuing ERC721 ids, or counting request ids.
*
* Include with `using Counters for Counters.Counter;`
*/
library Counters {
struct Counter {
// This variable should never be directly accessed by users of the library: interactions must be restricted to
// the library's function. As of Solidity v0.5.2, this cannot be enforced, though there is a proposal to add
// this feature: see https://github.com/ethereum/solidity/issues/4637
uint256 _value; // default: 0
}
function current(Counter storage counter) internal view returns (uint256) {
return counter._value;
}
function increment(Counter storage counter) internal {
unchecked {
counter._value += 1;
}
}
function decrement(Counter storage counter) internal {
uint256 value = counter._value;
require(value > 0, "Counter: decrement overflow");
unchecked {
counter._value = value - 1;
}
}
function reset(Counter storage counter) internal {
counter._value = 0;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.0 (utils/math/Math.sol)
pragma solidity ^0.8.0;
/**
* @dev Standard math utilities missing in the Solidity language.
*/
library Math {
/**
* @dev Returns the largest of two numbers.
*/
function max(uint256 a, uint256 b) internal pure returns (uint256) {
return a >= b ? a : b;
}
/**
* @dev Returns the smallest of two numbers.
*/
function min(uint256 a, uint256 b) internal pure returns (uint256) {
return a < b ? a : b;
}
/**
* @dev Returns the average of two numbers. The result is rounded towards
* zero.
*/
function average(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b) / 2 can overflow.
return (a & b) + (a ^ b) / 2;
}
/**
* @dev Returns the ceiling of the division of two numbers.
*
* This differs from standard division with `/` in that it rounds up instead
* of rounding down.
*/
function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b - 1) / b can overflow on addition, so we distribute.
return a / b + (a % b == 0 ? 0 : 1);
}
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.10;
import "@openzeppelin/contracts/access/Ownable.sol";
import "@openzeppelin/contracts/token/ERC721/utils/ERC721Holder.sol";
import "@openzeppelin/contracts/security/ReentrancyGuard.sol";
import "../shared/interfaces/RealmsToken.sol";
import "../shared/interfaces/LordsToken.sol";
contract Journey is ERC721Holder, Ownable, ReentrancyGuard {
event StakeRealms(uint256[] tokenIds, address player);
event UnStakeRealms(uint256[] tokenIds, address player);
mapping(address => uint256) epochClaimed;
mapping(uint256 => address) ownership;
mapping(address => mapping(uint256 => uint256)) public realmsStaked;
LordsToken lordsToken;
RealmsToken realmsToken;
// contracts
address bridge;
// consts
uint256 lordsPerRealm;
uint256 genesis;
uint256 epoch;
bool paused;
constructor(
uint256 _lordsPerRealm,
uint256 _epoch,
address _realmsAddress,
address _lordsToken
) {
genesis = block.timestamp;
lordsPerRealm = _lordsPerRealm;
epoch = _epoch;
lordsToken = LordsToken(_lordsToken);
realmsToken = RealmsToken(_realmsAddress);
paused = false;
}
/**
* @notice Set's Lords issurance in gwei per staked realm
*/
function lordsIssurance(uint256 _new) external onlyOwner {
lordsPerRealm = _new * 10**18; // converted into decimals
}
function updateRealmsAddress(address _newRealms) external onlyOwner {
realmsToken = RealmsToken(_newRealms);
}
function updateLordsAddress(address _newLords) external onlyOwner {
lordsToken = LordsToken(_newLords);
}
function updateEpochLength(uint256 _newEpoch) external onlyOwner {
epoch = _newEpoch;
}
function setBridge(address _newBridge) external onlyOwner {
bridge = _newBridge;
}
function pauseContract(bool _state) external onlyOwner {
paused = _state;
}
/**
* @notice Set's epoch to epoch * 1 hour.
*/
function _epochNum() internal view returns (uint256) {
return (block.timestamp - genesis) / (epoch * 3600); // hours
// return 5;
}
/**
* @notice Boards the Ship (Stakes). Sets ownership of Token to Staker. Transfers NFT to Contract. Set's epoch date, Set's number of Realms staked in the Epoch.
* @param _tokenIds Ids of Realms
*/
function boardShip(uint256[] memory _tokenIds)
external
notPaused
nonReentrant
{
for (uint256 i = 0; i < _tokenIds.length; i++) {
require(
realmsToken.ownerOf(_tokenIds[i]) == msg.sender,
"NOT_OWNER"
);
ownership[_tokenIds[i]] = msg.sender;
realmsToken.safeTransferFrom(
msg.sender,
address(this),
_tokenIds[i]
);
}
if (lordsAvailable(msg.sender) == 0) {
epochClaimed[msg.sender] = _epochNum();
}
realmsStaked[msg.sender][_epochNum()] =
realmsStaked[msg.sender][_epochNum()] +
uint256(_tokenIds.length);
emit StakeRealms(_tokenIds, msg.sender);
}
/**
* @notice Exits Ship, and transfers all Realms back to owner.
* @param _tokenIds Ids of Realms
*/
function exitShip(uint256[] memory _tokenIds)
external
notPaused
nonReentrant
{
for (uint256 i = 0; i < _tokenIds.length; i++) {
require(ownership[_tokenIds[i]] == msg.sender, "NOT_OWNER");
ownership[_tokenIds[i]] = address(0);
realmsToken.safeTransferFrom(
address(this),
msg.sender,
_tokenIds[i]
);
}
realmsStaked[msg.sender][_epochNum()] =
realmsStaked[msg.sender][_epochNum()] -
uint256(_tokenIds.length);
emit UnStakeRealms(_tokenIds, msg.sender);
}
/**
* @notice Claims all available Lords for Owner.
*/
function claimLords() external notPaused nonReentrant {
uint256 totalClaimable;
uint256 totalRealms;
require(_epochNum() > 1, "GENESIS_epochNum");
// loop over epochs, sum up total claimable staked lords per epoch
for (uint256 i = epochClaimed[msg.sender]; i < _epochNum(); i++) {
totalRealms += realmsStaked[msg.sender][i];
totalClaimable =
totalClaimable +
realmsStaked[msg.sender][i] *
(_epochNum() - i);
}
// set totalRealms staked in latest epoch so loop doesn't have to iterate again
realmsStaked[msg.sender][_epochNum()] = totalRealms;
// set epoch claimed to current
epochClaimed[msg.sender] = _epochNum();
require(totalClaimable > 0, "NOTHING_TO_CLAIM");
// available lords * total realms staked per period
uint256 lords = lordsPerRealm * totalClaimable;
lordsToken.approve(address(this), lords);
lordsToken.transferFrom(address(this), msg.sender, lords);
}
/**
* @notice Lords available for the player.
*/
function lordsAvailable(address _player)
public
view
returns (uint256 lords)
{
uint256 totalClaimable;
for (uint256 i = epochClaimed[_player]; i < _epochNum(); i++) {
totalClaimable =
totalClaimable +
realmsStaked[_player][i] *
(_epochNum() - i);
}
lords = lordsPerRealm * totalClaimable;
}
/**
* @notice Called only by future Bridge contract to withdraw the Realms
* @param _tokenIds Ids of Realms
*/
function bridgeWithdraw(address _player, uint256[] memory _tokenIds)
public
onlyBridge
nonReentrant
{
for (uint256 i = 0; i < _tokenIds.length; i++) {
ownership[_tokenIds[i]] = address(0);
realmsToken.safeTransferFrom(address(this), _player, _tokenIds[i]);
}
realmsStaked[_player][_epochNum()] =
realmsStaked[_player][_epochNum()] -
uint256(_tokenIds.length);
emit UnStakeRealms(_tokenIds, _player);
}
function withdrawAllLords(address _destination) public onlyOwner {
uint256 balance = lordsToken.balanceOf(address(this));
lordsToken.approve(address(this), balance);
lordsToken.transferFrom(address(this), _destination, balance);
}
modifier onlyBridge() {
require(msg.sender == bridge, "NOT_THE_BRIDGE");
_;
}
modifier notPaused() {
require(!paused, "PAUSED");
_;
}
function checkOwner(uint256 _tokenId) public view returns (address) {
return ownership[_tokenId];
}
function getEpoch() public view returns (uint256) {
return _epochNum();
}
function getLordsAddress() public view returns (address) {
return address(lordsToken);
}
function getRealmsAddress() public view returns (address) {
return address(realmsToken);
}
function getEpochLength() public view returns (uint256) {
return epoch;
}
function getLordsIssurance() public view returns (uint256) {
return lordsPerRealm;
}
function getNumberRealms(address _player) public view returns (uint256) {
uint256 totalRealms;
for (uint256 i = epochClaimed[_player]; i <= _epochNum(); i++) {
totalRealms += realmsStaked[_player][i];
}
return totalRealms;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.0 (token/ERC721/utils/ERC721Holder.sol)
pragma solidity ^0.8.0;
import "../IERC721Receiver.sol";
/**
* @dev Implementation of the {IERC721Receiver} interface.
*
* Accepts all token transfers.
* Make sure the contract is able to use its token with {IERC721-safeTransferFrom}, {IERC721-approve} or {IERC721-setApprovalForAll}.
*/
contract ERC721Holder is IERC721Receiver {
/**
* @dev See {IERC721Receiver-onERC721Received}.
*
* Always returns `IERC721Receiver.onERC721Received.selector`.
*/
function onERC721Received(
address,
address,
uint256,
bytes memory
) public virtual override returns (bytes4) {
return this.onERC721Received.selector;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.0 (security/ReentrancyGuard.sol)
pragma solidity ^0.8.0;
/**
* @dev Contract module that helps prevent reentrant calls to a function.
*
* Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier
* available, which can be applied to functions to make sure there are no nested
* (reentrant) calls to them.
*
* Note that because there is a single `nonReentrant` guard, functions marked as
* `nonReentrant` may not call one another. This can be worked around by making
* those functions `private`, and then adding `external` `nonReentrant` entry
* points to them.
*
* TIP: If you would like to learn more about reentrancy and alternative ways
* to protect against it, check out our blog post
* https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul].
*/
abstract contract ReentrancyGuard {
// Booleans are more expensive than uint256 or any type that takes up a full
// word because each write operation emits an extra SLOAD to first read the
// slot's contents, replace the bits taken up by the boolean, and then write
// back. This is the compiler's defense against contract upgrades and
// pointer aliasing, and it cannot be disabled.
// The values being non-zero value makes deployment a bit more expensive,
// but in exchange the refund on every call to nonReentrant will be lower in
// amount. Since refunds are capped to a percentage of the total
// transaction's gas, it is best to keep them low in cases like this one, to
// increase the likelihood of the full refund coming into effect.
uint256 private constant _NOT_ENTERED = 1;
uint256 private constant _ENTERED = 2;
uint256 private _status;
constructor() {
_status = _NOT_ENTERED;
}
/**
* @dev Prevents a contract from calling itself, directly or indirectly.
* Calling a `nonReentrant` function from another `nonReentrant`
* function is not supported. It is possible to prevent this from happening
* by making the `nonReentrant` function external, and making it call a
* `private` function that does the actual work.
*/
modifier nonReentrant() {
// On the first call to nonReentrant, _notEntered will be true
require(_status != _ENTERED, "ReentrancyGuard: reentrant call");
// Any calls to nonReentrant after this point will fail
_status = _ENTERED;
_;
// By storing the original value once again, a refund is triggered (see
// https://eips.ethereum.org/EIPS/eip-2200)
_status = _NOT_ENTERED;
}
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.2;
import "@openzeppelin/contracts/token/ERC721/extensions/IERC721Enumerable.sol";
/**
* @dev Required interface of an ERC721 compliant contract.
*/
interface RealmsToken is IERC721Enumerable {
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.2;
import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
interface LordsToken is IERC20 {
function mint(address to, uint256 amount) external;
function getAgeDistribution(uint256 _age) external view returns (uint256);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.0 (token/ERC721/IERC721Receiver.sol)
pragma solidity ^0.8.0;
/**
* @title ERC721 token receiver interface
* @dev Interface for any contract that wants to support safeTransfers
* from ERC721 asset contracts.
*/
interface IERC721Receiver {
/**
* @dev Whenever an {IERC721} `tokenId` token is transferred to this contract via {IERC721-safeTransferFrom}
* by `operator` from `from`, this function is called.
*
* It must return its Solidity selector to confirm the token transfer.
* If any other value is returned or the interface is not implemented by the recipient, the transfer will be reverted.
*
* The selector can be obtained in Solidity with `IERC721.onERC721Received.selector`.
*/
function onERC721Received(
address operator,
address from,
uint256 tokenId,
bytes calldata data
) external returns (bytes4);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.0 (token/ERC721/extensions/IERC721Enumerable.sol)
pragma solidity ^0.8.0;
import "../IERC721.sol";
/**
* @title ERC-721 Non-Fungible Token Standard, optional enumeration extension
* @dev See https://eips.ethereum.org/EIPS/eip-721
*/
interface IERC721Enumerable is IERC721 {
/**
* @dev Returns the total amount of tokens stored by the contract.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns a token ID owned by `owner` at a given `index` of its token list.
* Use along with {balanceOf} to enumerate all of ``owner``'s tokens.
*/
function tokenOfOwnerByIndex(address owner, uint256 index) external view returns (uint256 tokenId);
/**
* @dev Returns a token ID at a given `index` of all the tokens stored by the contract.
* Use along with {totalSupply} to enumerate all tokens.
*/
function tokenByIndex(uint256 index) external view returns (uint256);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.0 (token/ERC721/IERC721.sol)
pragma solidity ^0.8.0;
import "../../utils/introspection/IERC165.sol";
/**
* @dev Required interface of an ERC721 compliant contract.
*/
interface IERC721 is IERC165 {
/**
* @dev Emitted when `tokenId` token is transferred from `from` to `to`.
*/
event Transfer(address indexed from, address indexed to, uint256 indexed tokenId);
/**
* @dev Emitted when `owner` enables `approved` to manage the `tokenId` token.
*/
event Approval(address indexed owner, address indexed approved, uint256 indexed tokenId);
/**
* @dev Emitted when `owner` enables or disables (`approved`) `operator` to manage all of its assets.
*/
event ApprovalForAll(address indexed owner, address indexed operator, bool approved);
/**
* @dev Returns the number of tokens in ``owner``'s account.
*/
function balanceOf(address owner) external view returns (uint256 balance);
/**
* @dev Returns the owner of the `tokenId` token.
*
* Requirements:
*
* - `tokenId` must exist.
*/
function ownerOf(uint256 tokenId) external view returns (address owner);
/**
* @dev Safely transfers `tokenId` token from `from` to `to`, checking first that contract recipients
* are aware of the ERC721 protocol to prevent tokens from being forever locked.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must exist and be owned by `from`.
* - If the caller is not `from`, it must be have been allowed to move this token by either {approve} or {setApprovalForAll}.
* - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.
*
* Emits a {Transfer} event.
*/
function safeTransferFrom(
address from,
address to,
uint256 tokenId
) external;
/**
* @dev Transfers `tokenId` token from `from` to `to`.
*
* WARNING: Usage of this method is discouraged, use {safeTransferFrom} whenever possible.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must be owned by `from`.
* - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}.
*
* Emits a {Transfer} event.
*/
function transferFrom(
address from,
address to,
uint256 tokenId
) external;
/**
* @dev Gives permission to `to` to transfer `tokenId` token to another account.
* The approval is cleared when the token is transferred.
*
* Only a single account can be approved at a time, so approving the zero address clears previous approvals.
*
* Requirements:
*
* - The caller must own the token or be an approved operator.
* - `tokenId` must exist.
*
* Emits an {Approval} event.
*/
function approve(address to, uint256 tokenId) external;
/**
* @dev Returns the account approved for `tokenId` token.
*
* Requirements:
*
* - `tokenId` must exist.
*/
function getApproved(uint256 tokenId) external view returns (address operator);
/**
* @dev Approve or remove `operator` as an operator for the caller.
* Operators can call {transferFrom} or {safeTransferFrom} for any token owned by the caller.
*
* Requirements:
*
* - The `operator` cannot be the caller.
*
* Emits an {ApprovalForAll} event.
*/
function setApprovalForAll(address operator, bool _approved) external;
/**
* @dev Returns if the `operator` is allowed to manage all of the assets of `owner`.
*
* See {setApprovalForAll}
*/
function isApprovedForAll(address owner, address operator) external view returns (bool);
/**
* @dev Safely transfers `tokenId` token from `from` to `to`.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must exist and be owned by `from`.
* - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}.
* - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.
*
* Emits a {Transfer} event.
*/
function safeTransferFrom(
address from,
address to,
uint256 tokenId,
bytes calldata data
) external;
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.0 (utils/introspection/IERC165.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC165 standard, as defined in the
* https://eips.ethereum.org/EIPS/eip-165[EIP].
*
* Implementers can declare support of contract interfaces, which can then be
* queried by others ({ERC165Checker}).
*
* For an implementation, see {ERC165}.
*/
interface IERC165 {
/**
* @dev Returns true if this contract implements the interface defined by
* `interfaceId`. See the corresponding
* https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[EIP section]
* to learn more about how these ids are created.
*
* This function call must use less than 30 000 gas.
*/
function supportsInterface(bytes4 interfaceId) external view returns (bool);
}
File 4 of 4: Starknet
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity >=0.6.12;
/*
Common Utility Libraries.
I. Addresses (extending address).
*/
library Addresses {
/*
Note: isContract function has some known limitation.
See https://github.com/OpenZeppelin/
openzeppelin-contracts/blob/master/contracts/utils/Address.sol.
*/
function isContract(address account) internal view returns (bool) {
uint256 size;
assembly {
size := extcodesize(account)
}
return size > 0;
}
function performEthTransfer(address recipient, uint256 amount) internal {
if (amount == 0) return;
(bool success, ) = recipient.call{value: amount}(""); // NOLINT: low-level-calls.
require(success, "ETH_TRANSFER_FAILED");
}
/*
Safe wrapper around ERC20/ERC721 calls.
This is required because many deployed ERC20 contracts don't return a value.
See https://github.com/ethereum/solidity/issues/4116.
*/
function safeTokenContractCall(address tokenAddress, bytes memory callData) internal {
require(isContract(tokenAddress), "BAD_TOKEN_ADDRESS");
// NOLINTNEXTLINE: low-level-calls.
(bool success, bytes memory returndata) = tokenAddress.call(callData);
require(success, string(returndata));
if (returndata.length > 0) {
require(abi.decode(returndata, (bool)), "TOKEN_OPERATION_FAILED");
}
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity >=0.6.12;
/*
This contract provides means to block direct call of an external function.
A derived contract (e.g. MainDispatcherBase) should decorate sensitive functions with the
notCalledDirectly modifier, thereby preventing it from being called directly, and allowing only
calling using delegate_call.
*/
abstract contract BlockDirectCall {
address immutable this_;
constructor() internal {
this_ = address(this);
}
modifier notCalledDirectly() {
require(this_ != address(this), "DIRECT_CALL_DISALLOWED");
_;
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity >=0.6.12;
/**
Interface for contract initialization.
The functions it exposes are the app specific parts of the contract initialization,
and are called by the ProxySupport contract that implement the generic part of behind-proxy
initialization.
*/
abstract contract ContractInitializer {
/*
The number of sub-contracts that the proxied contract consists of.
*/
function numOfSubContracts() internal pure virtual returns (uint256);
/*
Indicates if the proxied contract has already been initialized.
Used to prevent re-init.
*/
function isInitialized() internal view virtual returns (bool);
/*
Validates the init data that is passed into the proxied contract.
*/
function validateInitData(bytes calldata data) internal view virtual;
/*
For a proxied contract that consists of sub-contracts, this function processes
the sub-contract addresses, e.g. validates them, stores them etc.
*/
function processSubContractAddresses(bytes calldata subContractAddresses) internal virtual;
/*
This function applies the logic of initializing the proxied contract state,
e.g. setting root values etc.
*/
function initializeContractState(bytes calldata data) internal virtual;
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity >=0.6.12;
import "../interfaces/MGovernance.sol";
/*
Implements Generic Governance, applicable for both proxy and main contract, and possibly others.
Notes:
The use of the same function names by both the Proxy and a delegated implementation
is not possible since calling the implementation functions is done via the default function
of the Proxy. For this reason, for example, the implementation of MainContract (MainGovernance)
exposes mainIsGovernor, which calls the internal _isGovernor method.
*/
struct GovernanceInfoStruct {
mapping(address => bool) effectiveGovernors;
address candidateGovernor;
bool initialized;
}
abstract contract Governance is MGovernance {
event LogNominatedGovernor(address nominatedGovernor);
event LogNewGovernorAccepted(address acceptedGovernor);
event LogRemovedGovernor(address removedGovernor);
event LogNominationCancelled();
function getGovernanceInfo() internal view virtual returns (GovernanceInfoStruct storage);
/*
Current code intentionally prevents governance re-initialization.
This may be a problem in an upgrade situation, in a case that the upgrade-to implementation
performs an initialization (for real) and within that calls initGovernance().
Possible workarounds:
1. Clearing the governance info altogether by changing the MAIN_GOVERNANCE_INFO_TAG.
This will remove existing main governance information.
2. Modify the require part in this function, so that it will exit quietly
when trying to re-initialize (uncomment the lines below).
*/
function initGovernance() internal {
GovernanceInfoStruct storage gub = getGovernanceInfo();
require(!gub.initialized, "ALREADY_INITIALIZED");
gub.initialized = true; // to ensure acceptNewGovernor() won't fail.
// Add the initial governer.
acceptNewGovernor(msg.sender);
}
function _isGovernor(address user) internal view override returns (bool) {
GovernanceInfoStruct storage gub = getGovernanceInfo();
return gub.effectiveGovernors[user];
}
/*
Cancels the nomination of a governor candidate.
*/
function _cancelNomination() internal onlyGovernance {
GovernanceInfoStruct storage gub = getGovernanceInfo();
if (gub.candidateGovernor != address(0x0)) {
gub.candidateGovernor = address(0x0);
emit LogNominationCancelled();
}
}
function _nominateNewGovernor(address newGovernor) internal onlyGovernance {
GovernanceInfoStruct storage gub = getGovernanceInfo();
require(newGovernor != address(0x0), "BAD_ADDRESS");
require(!_isGovernor(newGovernor), "ALREADY_GOVERNOR");
require(gub.candidateGovernor == address(0x0), "OTHER_CANDIDATE_PENDING");
gub.candidateGovernor = newGovernor;
emit LogNominatedGovernor(newGovernor);
}
/*
The acceptNewGovernor is called in two cases:
1. by _acceptGovernance when a new governor accepts its role.
2. by initGovernance to add the initial governor.
The difference is that the init path skips the nominate step
that would fail because of the onlyGovernance modifier.
*/
function acceptNewGovernor(address newGovernor) private {
require(!_isGovernor(newGovernor), "ALREADY_GOVERNOR");
GovernanceInfoStruct storage gub = getGovernanceInfo();
gub.effectiveGovernors[newGovernor] = true;
// Emit governance information.
emit LogNewGovernorAccepted(newGovernor);
}
function _acceptGovernance() internal {
// The new governor was proposed as a candidate by the current governor.
GovernanceInfoStruct storage gub = getGovernanceInfo();
require(msg.sender == gub.candidateGovernor, "ONLY_CANDIDATE_GOVERNOR");
// Update state.
acceptNewGovernor(msg.sender);
gub.candidateGovernor = address(0x0);
}
/*
Remove a governor from office.
*/
function _removeGovernor(address governorForRemoval) internal onlyGovernance {
require(msg.sender != governorForRemoval, "GOVERNOR_SELF_REMOVE");
GovernanceInfoStruct storage gub = getGovernanceInfo();
require(_isGovernor(governorForRemoval), "NOT_GOVERNOR");
gub.effectiveGovernors[governorForRemoval] = false;
emit LogRemovedGovernor(governorForRemoval);
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.8.0;
import "starkware/solidity/interfaces/MGovernance.sol";
import "starkware/solidity/libraries/NamedStorage8.sol";
/**
A Governor controlled finalizable contract.
The inherited contract (the one that is GovernedFinalizable) implements the Governance.
*/
abstract contract GovernedFinalizable is MGovernance {
event Finalized();
string constant STORAGE_TAG = "STARKWARE_CONTRACTS_GOVERENED_FINALIZABLE_1.0_TAG";
function isFinalized() public view returns (bool) {
return NamedStorage.getBoolValue(STORAGE_TAG);
}
modifier notFinalized() {
require(!isFinalized(), "FINALIZED");
_;
}
function finalize() external onlyGovernance notFinalized {
NamedStorage.setBoolValue(STORAGE_TAG, true);
emit Finalized();
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity >=0.6.12;
/*
The Fact Registry design pattern is a way to separate cryptographic verification from the
business logic of the contract flow.
A fact registry holds a hash table of verified "facts" which are represented by a hash of claims
that the registry hash check and found valid. This table may be queried by accessing the
isValid() function of the registry with a given hash.
In addition, each fact registry exposes a registry specific function for submitting new claims
together with their proofs. The information submitted varies from one registry to the other
depending of the type of fact requiring verification.
For further reading on the Fact Registry design pattern see this
`StarkWare blog post <https://medium.com/starkware/the-fact-registry-a64aafb598b6>`_.
*/
interface IFactRegistry {
/*
Returns true if the given fact was previously registered in the contract.
*/
function isValid(bytes32 fact) external view returns (bool);
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity >=0.6.12;
import "./IStarknetMessagingEvents.sol";
interface IStarknetMessaging is IStarknetMessagingEvents {
/**
Returns the max fee (in Wei) that StarkNet will accept per single message.
*/
function getMaxL1MsgFee() external pure returns (uint256);
/**
Returns `msg_fee + 1` if there is a pending message associated with the given 'msgHash',
otherwise, returns 0.
*/
function l1ToL2Messages(bytes32 msgHash) external view returns (uint256);
/**
Sends a message to an L2 contract.
This function is payable, the payed amount is the message fee.
Returns the hash of the message and the nonce of the message.
*/
function sendMessageToL2(
uint256 toAddress,
uint256 selector,
uint256[] calldata payload
) external payable returns (bytes32, uint256);
/**
Consumes a message that was sent from an L2 contract.
Returns the hash of the message.
*/
function consumeMessageFromL2(uint256 fromAddress, uint256[] calldata payload)
external
returns (bytes32);
/**
Starts the cancellation of an L1 to L2 message.
A message can be canceled messageCancellationDelay() seconds after this function is called.
Note: This function may only be called for a message that is currently pending and the caller
must be the sender of the that message.
*/
function startL1ToL2MessageCancellation(
uint256 toAddress,
uint256 selector,
uint256[] calldata payload,
uint256 nonce
) external returns (bytes32);
/**
Cancels an L1 to L2 message, this function should be called at least
messageCancellationDelay() seconds after the call to startL1ToL2MessageCancellation().
A message may only be cancelled by its sender.
If the message is missing, the call will revert.
Note that the message fee is not refunded.
*/
function cancelL1ToL2Message(
uint256 toAddress,
uint256 selector,
uint256[] calldata payload,
uint256 nonce
) external returns (bytes32);
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity >=0.6.12;
interface IStarknetMessagingEvents {
// This event needs to be compatible with the one defined in Output.sol.
event LogMessageToL1(uint256 indexed fromAddress, address indexed toAddress, uint256[] payload);
// An event that is raised when a message is sent from L1 to L2.
event LogMessageToL2(
address indexed fromAddress,
uint256 indexed toAddress,
uint256 indexed selector,
uint256[] payload,
uint256 nonce,
uint256 fee
);
// An event that is raised when a message from L2 to L1 is consumed.
event ConsumedMessageToL1(
uint256 indexed fromAddress,
address indexed toAddress,
uint256[] payload
);
// An event that is raised when a message from L1 to L2 is consumed.
event ConsumedMessageToL2(
address indexed fromAddress,
uint256 indexed toAddress,
uint256 indexed selector,
uint256[] payload,
uint256 nonce
);
// An event that is raised when a message from L1 to L2 Cancellation is started.
event MessageToL2CancellationStarted(
address indexed fromAddress,
uint256 indexed toAddress,
uint256 indexed selector,
uint256[] payload,
uint256 nonce
);
// An event that is raised when a message from L1 to L2 is canceled.
event MessageToL2Canceled(
address indexed fromAddress,
uint256 indexed toAddress,
uint256 indexed selector,
uint256[] payload,
uint256 nonce
);
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity >=0.6.12;
interface Identity {
/*
Allows a caller to ensure that the provided address is of the expected type and version.
*/
function identify() external pure returns (string memory);
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity >=0.6.12;
abstract contract MGovernance {
function _isGovernor(address user) internal view virtual returns (bool);
/*
Allows calling the function only by a Governor.
*/
modifier onlyGovernance() {
require(_isGovernor(msg.sender), "ONLY_GOVERNANCE");
_;
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity >=0.6.12;
import "./MGovernance.sol";
abstract contract MOperator {
event LogOperatorAdded(address operator);
event LogOperatorRemoved(address operator);
function isOperator(address user) public view virtual returns (bool);
modifier onlyOperator() {
require(isOperator(msg.sender), "ONLY_OPERATOR");
_;
}
function registerOperator(address newOperator) external virtual;
function unregisterOperator(address removedOperator) external virtual;
function getOperators() internal view virtual returns (mapping(address => bool) storage);
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.8.0;
/*
Library to provide basic storage, in storage location out of the low linear address space.
New types of storage variables should be added here upon need.
*/
library NamedStorage {
function bytes32ToUint256Mapping(string memory tag_)
internal
pure
returns (mapping(bytes32 => uint256) storage randomVariable)
{
bytes32 location = keccak256(abi.encodePacked(tag_));
assembly {
randomVariable.slot := location
}
}
function bytes32ToAddressMapping(string memory tag_)
internal
pure
returns (mapping(bytes32 => address) storage randomVariable)
{
bytes32 location = keccak256(abi.encodePacked(tag_));
assembly {
randomVariable.slot := location
}
}
function uintToAddressMapping(string memory tag_)
internal
pure
returns (mapping(uint256 => address) storage randomVariable)
{
bytes32 location = keccak256(abi.encodePacked(tag_));
assembly {
randomVariable.slot := location
}
}
function addressToAddressMapping(string memory tag_)
internal
pure
returns (mapping(address => address) storage randomVariable)
{
bytes32 location = keccak256(abi.encodePacked(tag_));
assembly {
randomVariable.slot := location
}
}
function addressToBoolMapping(string memory tag_)
internal
pure
returns (mapping(address => bool) storage randomVariable)
{
bytes32 location = keccak256(abi.encodePacked(tag_));
assembly {
randomVariable.slot := location
}
}
function getUintValue(string memory tag_) internal view returns (uint256 retVal) {
bytes32 slot = keccak256(abi.encodePacked(tag_));
assembly {
retVal := sload(slot)
}
}
function setUintValue(string memory tag_, uint256 value) internal {
bytes32 slot = keccak256(abi.encodePacked(tag_));
assembly {
sstore(slot, value)
}
}
function setUintValueOnce(string memory tag_, uint256 value) internal {
require(getUintValue(tag_) == 0, "ALREADY_SET");
setUintValue(tag_, value);
}
function getAddressValue(string memory tag_) internal view returns (address retVal) {
bytes32 slot = keccak256(abi.encodePacked(tag_));
assembly {
retVal := sload(slot)
}
}
function setAddressValue(string memory tag_, address value) internal {
bytes32 slot = keccak256(abi.encodePacked(tag_));
assembly {
sstore(slot, value)
}
}
function setAddressValueOnce(string memory tag_, address value) internal {
require(getAddressValue(tag_) == address(0x0), "ALREADY_SET");
setAddressValue(tag_, value);
}
function getBoolValue(string memory tag_) internal view returns (bool retVal) {
bytes32 slot = keccak256(abi.encodePacked(tag_));
assembly {
retVal := sload(slot)
}
}
function setBoolValue(string memory tag_, bool value) internal {
bytes32 slot = keccak256(abi.encodePacked(tag_));
assembly {
sstore(slot, value)
}
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity >=0.6.12;
library OnchainDataFactTreeEncoder {
struct DataAvailabilityFact {
uint256 onchainDataHash;
uint256 onchainDataSize;
}
// The number of additional words appended to the public input when using the
// OnchainDataFactTreeEncoder format.
uint256 internal constant ONCHAIN_DATA_FACT_ADDITIONAL_WORDS = 2;
/*
Encodes a GPS fact Merkle tree where the root has two children.
The left child contains the data we care about and the right child contains
on-chain data for the fact.
*/
function encodeFactWithOnchainData(
uint256[] calldata programOutput,
DataAvailabilityFact memory factData
) internal pure returns (bytes32) {
// The state transition fact is computed as a Merkle tree, as defined in
// GpsOutputParser.
//
// In our case the fact tree looks as follows:
// The root has two children.
// The left child is a leaf that includes the main part - the information regarding
// the state transition required by this contract.
// The right child contains the onchain-data which shouldn't be accessed by this
// contract, so we are only given its hash and length
// (it may be a leaf or an inner node, this has no effect on this contract).
// Compute the hash without the two additional fields.
uint256 mainPublicInputLen = programOutput.length;
bytes32 mainPublicInputHash = hashMainPublicInput(programOutput);
// Compute the hash of the fact Merkle tree.
bytes32 hashResult = keccak256(
abi.encodePacked(
mainPublicInputHash,
mainPublicInputLen,
factData.onchainDataHash,
mainPublicInputLen + factData.onchainDataSize
)
);
// Add one to the hash to indicate it represents an inner node, rather than a leaf.
return bytes32(uint256(hashResult) + 1);
}
/*
Hashes the main public input.
*/
function hashMainPublicInput(uint256[] calldata programOutput) internal pure returns (bytes32) {
return keccak256(abi.encodePacked(programOutput));
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity >=0.6.12;
import "../interfaces/MOperator.sol";
import "../interfaces/MGovernance.sol";
/**
The Operator of the contract is the entity entitled to submit state update requests
by calling :sol:func:`updateState`.
An Operator may be instantly appointed or removed by the contract Governor
(see :sol:mod:`Governance`). Typically, the Operator is the hot wallet of the service
submitting proofs for state updates.
*/
abstract contract Operator is MGovernance, MOperator {
function registerOperator(address newOperator) external override onlyGovernance {
if (!isOperator(newOperator)) {
getOperators()[newOperator] = true;
emit LogOperatorAdded(newOperator);
}
}
function unregisterOperator(address removedOperator) external override onlyGovernance {
if (isOperator(removedOperator)) {
getOperators()[removedOperator] = false;
emit LogOperatorRemoved(removedOperator);
}
}
function isOperator(address user) public view override returns (bool) {
return getOperators()[user];
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.8.0;
import "./IStarknetMessagingEvents.sol";
library CommitmentTreeUpdateOutput {
/**
Returns the previous commitment tree root.
*/
function getPrevRoot(uint256[] calldata commitmentTreeUpdateData)
internal
pure
returns (uint256)
{
return commitmentTreeUpdateData[0];
}
/**
Returns the new commitment tree root.
*/
function getNewRoot(uint256[] calldata commitmentTreeUpdateData)
internal
pure
returns (uint256)
{
return commitmentTreeUpdateData[1];
}
}
library StarknetOutput {
uint256 internal constant MERKLE_UPDATE_OFFSET = 0;
uint256 internal constant PREV_BLOCK_NUMBER_OFFSET = 2;
uint256 internal constant NEW_BLOCK_NUMBER_OFFSET = 3;
uint256 internal constant PREV_BLOCK_HASH_OFFSET = 4;
uint256 internal constant NEW_BLOCK_HASH_OFFSET = 5;
uint256 internal constant OS_PROGRAM_HASH_OFFSET = 6;
uint256 internal constant CONFIG_HASH_OFFSET = 7;
uint256 internal constant USE_KZG_DA_OFFSET = 8;
uint256 internal constant FULL_OUTPUT_OFFSET = 9;
uint256 internal constant HEADER_SIZE = 10;
uint256 internal constant KZG_Z_OFFSET = 0;
uint256 internal constant KZG_N_BLOBS_OFFSET = 1;
uint256 internal constant KZG_COMMITMENTS_OFFSET = 2;
uint256 constant MESSAGE_TO_L1_FROM_ADDRESS_OFFSET = 0;
uint256 constant MESSAGE_TO_L1_TO_ADDRESS_OFFSET = 1;
uint256 constant MESSAGE_TO_L1_PAYLOAD_SIZE_OFFSET = 2;
uint256 constant MESSAGE_TO_L1_PREFIX_SIZE = 3;
uint256 constant MESSAGE_TO_L2_FROM_ADDRESS_OFFSET = 0;
uint256 constant MESSAGE_TO_L2_TO_ADDRESS_OFFSET = 1;
uint256 constant MESSAGE_TO_L2_NONCE_OFFSET = 2;
uint256 constant MESSAGE_TO_L2_SELECTOR_OFFSET = 3;
uint256 constant MESSAGE_TO_L2_PAYLOAD_SIZE_OFFSET = 4;
uint256 constant MESSAGE_TO_L2_PREFIX_SIZE = 5;
/**
Returns the offset of the messages segment in the output_data.
*/
function messageSegmentOffset(uint256[] calldata programOutput)
internal
pure
returns (uint256)
{
if (programOutput[USE_KZG_DA_OFFSET] == 0) {
// No KZG info; messages are right after the header.
return HEADER_SIZE;
}
uint256 nBlobs = programOutput[HEADER_SIZE + KZG_N_BLOBS_OFFSET];
return
HEADER_SIZE +
// Point z.
1 +
// Number of blobs.
1 +
// KZG commitments.
(2 * nBlobs) +
// Point evaluations.
(2 * nBlobs);
}
/**
Returns a slice of the 'output_data' with the commitment tree update information.
*/
function getMerkleUpdate(uint256[] calldata output_data)
internal
pure
returns (uint256[] calldata)
{
return output_data[MERKLE_UPDATE_OFFSET:MERKLE_UPDATE_OFFSET + 2];
}
/**
Processes a message segment from the program output.
The format of a message segment is the length of the messages in words followed
by the concatenation of all the messages.
The 'messages' mapping is updated according to the messages and the direction ('isL2ToL1').
*/
function processMessages(
bool isL2ToL1,
uint256[] calldata programOutputSlice,
mapping(bytes32 => uint256) storage messages
) internal returns (uint256) {
uint256 messageSegmentSize = programOutputSlice[0];
require(messageSegmentSize < 2**30, "INVALID_MESSAGE_SEGMENT_SIZE");
uint256 offset = 1;
uint256 messageSegmentEnd = offset + messageSegmentSize;
uint256 payloadSizeOffset = (
isL2ToL1 ? MESSAGE_TO_L1_PAYLOAD_SIZE_OFFSET : MESSAGE_TO_L2_PAYLOAD_SIZE_OFFSET
);
uint256 totalMsgFees = 0;
while (offset < messageSegmentEnd) {
uint256 payloadLengthOffset = offset + payloadSizeOffset;
require(payloadLengthOffset < programOutputSlice.length, "MESSAGE_TOO_SHORT");
uint256 payloadLength = programOutputSlice[payloadLengthOffset];
require(payloadLength < 2**30, "INVALID_PAYLOAD_LENGTH");
uint256 endOffset = payloadLengthOffset + 1 + payloadLength;
require(endOffset <= programOutputSlice.length, "TRUNCATED_MESSAGE_PAYLOAD");
if (isL2ToL1) {
bytes32 messageHash = keccak256(
abi.encodePacked(programOutputSlice[offset:endOffset])
);
emit IStarknetMessagingEvents.LogMessageToL1(
// from=
programOutputSlice[offset + MESSAGE_TO_L1_FROM_ADDRESS_OFFSET],
// to=
address(uint160(programOutputSlice[offset + MESSAGE_TO_L1_TO_ADDRESS_OFFSET])),
// payload=
(uint256[])(programOutputSlice[offset + MESSAGE_TO_L1_PREFIX_SIZE:endOffset])
);
messages[messageHash] += 1;
} else {
{
bytes32 messageHash = keccak256(
abi.encodePacked(programOutputSlice[offset:endOffset])
);
uint256 msgFeePlusOne = messages[messageHash];
require(msgFeePlusOne > 0, "INVALID_MESSAGE_TO_CONSUME");
totalMsgFees += msgFeePlusOne - 1;
messages[messageHash] = 0;
}
uint256 nonce = programOutputSlice[offset + MESSAGE_TO_L2_NONCE_OFFSET];
uint256[] memory messageSlice = (uint256[])(
programOutputSlice[offset + MESSAGE_TO_L2_PREFIX_SIZE:endOffset]
);
emit IStarknetMessagingEvents.ConsumedMessageToL2(
// from=
address(
uint160(programOutputSlice[offset + MESSAGE_TO_L2_FROM_ADDRESS_OFFSET])
),
// to=
programOutputSlice[offset + MESSAGE_TO_L2_TO_ADDRESS_OFFSET],
// selector=
programOutputSlice[offset + MESSAGE_TO_L2_SELECTOR_OFFSET],
// payload=
messageSlice,
// nonce =
nonce
);
}
offset = endOffset;
}
require(offset == messageSegmentEnd, "INVALID_MESSAGE_SEGMENT_SIZE");
if (totalMsgFees > 0) {
// NOLINTNEXTLINE: low-level-calls.
(bool success, ) = msg.sender.call{value: totalMsgFees}("");
require(success, "ETH_TRANSFER_FAILED");
}
return offset;
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity >=0.6.12;
import "../components/Governance.sol";
import "../libraries/Addresses.sol";
import "./BlockDirectCall.sol";
import "./ContractInitializer.sol";
/**
This contract contains the code commonly needed for a contract to be deployed behind
an upgradability proxy.
It perform the required semantics of the proxy pattern,
but in a generic manner.
Instantiation of the Governance and of the ContractInitializer, that are the app specific
part of initialization, has to be done by the using contract.
*/
abstract contract ProxySupport is Governance, BlockDirectCall, ContractInitializer {
using Addresses for address;
// The two function below (isFrozen & initialize) needed to bind to the Proxy.
function isFrozen() external view virtual returns (bool) {
return false;
}
/*
The initialize() function serves as an alternative constructor for a proxied deployment.
Flow and notes:
1. This function cannot be called directly on the deployed contract, but only via
delegate call.
2. If an EIC is provided - init is passed onto EIC and the standard init flow is skipped.
This true for both first intialization or a later one.
3. The data passed to this function is as follows:
[sub_contracts addresses, eic address, initData].
When calling on an initialized contract (no EIC scenario), initData.length must be 0.
*/
function initialize(bytes calldata data) external notCalledDirectly {
uint256 eicOffset = 32 * numOfSubContracts();
uint256 expectedBaseSize = eicOffset + 32;
require(data.length >= expectedBaseSize, "INIT_DATA_TOO_SMALL");
address eicAddress = abi.decode(data[eicOffset:expectedBaseSize], (address));
bytes calldata subContractAddresses = data[:eicOffset];
processSubContractAddresses(subContractAddresses);
bytes calldata initData = data[expectedBaseSize:];
// EIC Provided - Pass initData to EIC and the skip standard init flow.
if (eicAddress != address(0x0)) {
callExternalInitializer(eicAddress, initData);
return;
}
if (isInitialized()) {
require(initData.length == 0, "UNEXPECTED_INIT_DATA");
} else {
// Contract was not initialized yet.
validateInitData(initData);
initializeContractState(initData);
initGovernance();
}
}
function callExternalInitializer(address externalInitializerAddr, bytes calldata eicData)
private
{
require(externalInitializerAddr.isContract(), "EIC_NOT_A_CONTRACT");
// NOLINTNEXTLINE: low-level-calls, controlled-delegatecall.
(bool success, bytes memory returndata) = externalInitializerAddr.delegatecall(
abi.encodeWithSelector(this.initialize.selector, eicData)
);
require(success, string(returndata));
require(returndata.length == 0, string(returndata));
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.8.24;
import "starkware/starknet/solidity/Output.sol";
import "starkware/starknet/solidity/StarknetGovernance.sol";
import "starkware/starknet/solidity/StarknetMessaging.sol";
import "starkware/starknet/solidity/StarknetOperator.sol";
import "starkware/starknet/solidity/StarknetState.sol";
import "starkware/solidity/components/GovernedFinalizable.sol";
import "starkware/solidity/components/OnchainDataFactTreeEncoder.sol";
import "starkware/solidity/interfaces/ContractInitializer.sol";
import "starkware/solidity/interfaces/Identity.sol";
import "starkware/solidity/interfaces/IFactRegistry.sol";
import "starkware/solidity/interfaces/ProxySupport.sol";
import "starkware/solidity/libraries/NamedStorage8.sol";
contract Starknet is
Identity,
StarknetMessaging,
StarknetGovernance,
GovernedFinalizable,
StarknetOperator,
ContractInitializer,
ProxySupport
{
using StarknetState for StarknetState.State;
// Indicates a change of the Starknet config hash.
event ConfigHashChanged(
address indexed changedBy,
uint256 oldConfigHash,
uint256 newConfigHash
);
// Logs the new state following a state update.
event LogStateUpdate(uint256 globalRoot, int256 blockNumber, uint256 blockHash);
// Logs a stateTransitionFact that was used to update the state.
event LogStateTransitionFact(bytes32 stateTransitionFact);
// Indicates a change of the Starknet OS program hash.
event ProgramHashChanged(
address indexed changedBy,
uint256 oldProgramHash,
uint256 newProgramHash
);
// Indicates a change of the Starknet aggregator program hash.
event AggregatorProgramHashChanged(
address indexed changedBy,
uint256 oldAggregatorProgramHash,
uint256 newAggregatorProgramHash
);
// Random storage slot tags.
string internal constant PROGRAM_HASH_TAG = "STARKNET_1.0_INIT_PROGRAM_HASH_UINT";
string internal constant AGGREGATOR_PROGRAM_HASH_TAG =
"STARKNET_1.0_INIT_AGGREGATOR_PROGRAM_HASH_UINT";
string internal constant VERIFIER_ADDRESS_TAG = "STARKNET_1.0_INIT_VERIFIER_ADDRESS";
string internal constant STATE_STRUCT_TAG = "STARKNET_1.0_INIT_STARKNET_STATE_STRUCT";
// The hash of the StarkNet config.
string internal constant CONFIG_HASH_TAG = "STARKNET_1.0_STARKNET_CONFIG_HASH";
// EIP-4844 constants.
address internal constant POINT_EVALUATION_PRECOMPILE_ADDRESS = address(0x0A);
// The precompile expected output:
// Web3.keccak(FIELD_ELEMENTS_PER_BLOB.to_bytes(32, "big") + BLS_PRIME.to_bytes(32, "big")).
bytes32 internal constant POINT_EVALUATION_PRECOMPILE_OUTPUT =
0xb2157d3a40131b14c4c675335465dffde802f0ce5218ad012284d7f275d1b37c;
uint256 internal constant PROOF_BYTES_LENGTH = 48;
bytes1 internal constant VERSIONED_HASH_VERSION_KZG = bytes1(0x01);
function setProgramHash(uint256 newProgramHash) external notFinalized onlyGovernance {
emit ProgramHashChanged(msg.sender, programHash(), newProgramHash);
programHash(newProgramHash);
}
function setAggregatorProgramHash(uint256 newAggregatorProgramHash)
external
notFinalized
onlyGovernance
{
emit AggregatorProgramHashChanged(
msg.sender,
aggregatorProgramHash(),
newAggregatorProgramHash
);
aggregatorProgramHash(newAggregatorProgramHash);
}
function setConfigHash(uint256 newConfigHash) external notFinalized onlyGovernance {
emit ConfigHashChanged(msg.sender, configHash(), newConfigHash);
configHash(newConfigHash);
}
function setMessageCancellationDelay(uint256 delayInSeconds)
external
notFinalized
onlyGovernance
{
messageCancellationDelay(delayInSeconds);
}
// State variable "programHash" read-access function.
function programHash() public view returns (uint256) {
return NamedStorage.getUintValue(PROGRAM_HASH_TAG);
}
// State variable "programHash" write-access function.
function programHash(uint256 value) internal {
NamedStorage.setUintValue(PROGRAM_HASH_TAG, value);
}
// State variable "aggregatorProgramHash" read-access function.
function aggregatorProgramHash() public view returns (uint256) {
return NamedStorage.getUintValue(AGGREGATOR_PROGRAM_HASH_TAG);
}
// State variable "aggregatorProgramHash" write-access function.
function aggregatorProgramHash(uint256 value) internal {
NamedStorage.setUintValue(AGGREGATOR_PROGRAM_HASH_TAG, value);
}
// State variable "verifier" access function.
function verifier() internal view returns (address) {
return NamedStorage.getAddressValue(VERIFIER_ADDRESS_TAG);
}
// State variable "configHash" write-access function.
function configHash(uint256 value) internal {
NamedStorage.setUintValue(CONFIG_HASH_TAG, value);
}
// State variable "configHash" read-access function.
function configHash() public view returns (uint256) {
return NamedStorage.getUintValue(CONFIG_HASH_TAG);
}
function setVerifierAddress(address value) internal {
NamedStorage.setAddressValueOnce(VERIFIER_ADDRESS_TAG, value);
}
// State variable "state" access function.
function state() internal pure returns (StarknetState.State storage stateStruct) {
bytes32 location = keccak256(abi.encodePacked(STATE_STRUCT_TAG));
assembly {
stateStruct.slot := location
}
}
function isInitialized() internal view override returns (bool) {
return programHash() != 0;
}
function numOfSubContracts() internal pure override returns (uint256) {
return 0;
}
function validateInitData(bytes calldata data) internal view override {
require(data.length == 7 * 32, "ILLEGAL_INIT_DATA_SIZE");
uint256 programHash_ = abi.decode(data[:32], (uint256));
require(programHash_ != 0, "BAD_INITIALIZATION");
}
function processSubContractAddresses(bytes calldata subContractAddresses) internal override {}
function initializeContractState(bytes calldata data) internal override {
(
uint256 programHash_,
uint256 aggregatorProgramHash_,
address verifier_,
uint256 configHash_,
StarknetState.State memory initialState
) = abi.decode(data, (uint256, uint256, address, uint256, StarknetState.State));
programHash(programHash_);
aggregatorProgramHash(aggregatorProgramHash_);
setVerifierAddress(verifier_);
state().copy(initialState);
configHash(configHash_);
messageCancellationDelay(5 days);
}
/**
Verifies p(z) = y given z, y, a commitment to p in the KZG segment,
and a KZG proof for every blob.
The verification is done by calling Ethereum's point evaluation precompile.
*/
function verifyKzgProofs(uint256[] calldata programOutputSlice, bytes[] calldata kzgProofs)
internal
{
require(programOutputSlice.length >= 2, "KZG_SEGMENT_TOO_SHORT");
bytes32 z = bytes32(programOutputSlice[StarknetOutput.KZG_Z_OFFSET]);
uint256 nBlobs = programOutputSlice[StarknetOutput.KZG_N_BLOBS_OFFSET];
uint256 evaluationsOffset = StarknetOutput.KZG_COMMITMENTS_OFFSET + 2 * nBlobs;
require(kzgProofs.length == nBlobs, "INVALID_NUMBER_OF_KZG_PROOFS");
require(
programOutputSlice.length >= evaluationsOffset + 2 * nBlobs,
"KZG_SEGMENT_TOO_SHORT"
);
for (uint256 blobIndex = 0; blobIndex < nBlobs; blobIndex++) {
bytes32 blobHash = blobhash(blobIndex);
require(blobHash != 0, "INVALID_BLOB_INDEX");
require(blobHash[0] == VERSIONED_HASH_VERSION_KZG, "UNEXPECTED_BLOB_HASH_VERSION");
bytes memory kzgCommitment;
{
uint256 kzgCommitmentLow = programOutputSlice[
StarknetOutput.KZG_COMMITMENTS_OFFSET + (2 * blobIndex)
];
uint256 kzgCommitmentHigh = programOutputSlice[
StarknetOutput.KZG_COMMITMENTS_OFFSET + (2 * blobIndex) + 1
];
require(kzgCommitmentLow <= type(uint192).max, "INVALID_KZG_COMMITMENT");
require(kzgCommitmentHigh <= type(uint192).max, "INVALID_KZG_COMMITMENT");
kzgCommitment = abi.encodePacked(
uint192(kzgCommitmentHigh),
uint192(kzgCommitmentLow)
);
}
bytes32 y;
{
uint256 yLow = programOutputSlice[evaluationsOffset + (2 * blobIndex)];
uint256 yHigh = programOutputSlice[evaluationsOffset + (2 * blobIndex) + 1];
require(yLow <= type(uint128).max, "INVALID_Y_VALUE");
require(yHigh <= type(uint128).max, "INVALID_Y_VALUE");
y = bytes32((yHigh << 128) + yLow);
}
require(kzgProofs[blobIndex].length == PROOF_BYTES_LENGTH, "INVALID_KZG_PROOF_SIZE");
(bool ok, bytes memory precompile_output) = POINT_EVALUATION_PRECOMPILE_ADDRESS
.staticcall(abi.encodePacked(blobHash, z, y, kzgCommitment, kzgProofs[blobIndex]));
require(ok, "POINT_EVALUATION_PRECOMPILE_CALL_FAILED");
require(
keccak256(precompile_output) == POINT_EVALUATION_PRECOMPILE_OUTPUT,
"UNEXPECTED_POINT_EVALUATION_PRECOMPILE_OUTPUT"
);
}
}
/**
Performs the actual state update of Starknet, based on a proof of the Starknet OS that the
state transition is valid.
Arguments:
programOutput - The main part of the StarkNet OS program output.
stateTransitionFact - An encoding of the 'programOutput' (including on-chain data, if
available).
*/
function updateStateInternal(uint256[] calldata programOutput, bytes32 stateTransitionFact)
internal
{
// Validate that all the values are in the range [0, FIELD_PRIME).
validateProgramOutput(programOutput);
// Validate config hash.
require(
programOutput[StarknetOutput.CONFIG_HASH_OFFSET] == configHash(),
"INVALID_CONFIG_HASH"
);
require(programOutput[StarknetOutput.FULL_OUTPUT_OFFSET] == 0, "FULL_OUTPUT_NOT_SUPPORTED");
uint256 factProgramHash;
if (programOutput[StarknetOutput.OS_PROGRAM_HASH_OFFSET] != 0) {
// Aggregator run.
require(
programOutput[StarknetOutput.OS_PROGRAM_HASH_OFFSET] == programHash(),
"AGGREGATOR_MODE_INVALID_OS_PROGRAM_HASH"
);
factProgramHash = aggregatorProgramHash();
} else {
factProgramHash = programHash();
}
bytes32 sharpFact = keccak256(abi.encode(factProgramHash, stateTransitionFact));
require(IFactRegistry(verifier()).isValid(sharpFact), "NO_STATE_TRANSITION_PROOF");
emit LogStateTransitionFact(stateTransitionFact);
// Perform state update.
state().update(programOutput);
// Process the messages after updating the state.
// This is safer, as there is a call to transfer the fees during
// the processing of the L1 -> L2 messages.
// Process L2 -> L1 messages.
uint256 outputOffset = StarknetOutput.messageSegmentOffset(programOutput);
outputOffset += StarknetOutput.processMessages(
// isL2ToL1=
true,
programOutput[outputOffset:],
l2ToL1Messages()
);
// Process L1 -> L2 messages.
outputOffset += StarknetOutput.processMessages(
// isL2ToL1=
false,
programOutput[outputOffset:],
l1ToL2Messages()
);
require(outputOffset == programOutput.length, "STARKNET_OUTPUT_TOO_LONG");
// Note that processing L1 -> L2 messages does an external call, and it shouldn't be
// followed by storage changes.
StarknetState.State storage state_ = state();
emit LogStateUpdate(state_.globalRoot, state_.blockNumber, state_.blockHash);
}
/**
Returns a string that identifies the contract.
*/
function identify() external pure override returns (string memory) {
return "StarkWare_Starknet_2024_9";
}
/**
Returns the current state root.
*/
function stateRoot() external view returns (uint256) {
return state().globalRoot;
}
/**
Returns the current block number.
*/
function stateBlockNumber() external view returns (int256) {
return state().blockNumber;
}
/**
Returns the current block hash.
*/
function stateBlockHash() external view returns (uint256) {
return state().blockHash;
}
/**
Validates that all the values are in the range [0, FIELD_PRIME).
*/
function validateProgramOutput(uint256[] calldata programOutput) internal pure {
bool success = true;
assembly {
let FIELD_PRIME := 0x800000000000011000000000000000000000000000000000000000000000001
let programOutputEnd := add(programOutput.offset, mul(programOutput.length, 0x20))
for {
let ptr := programOutput.offset
} lt(ptr, programOutputEnd) {
ptr := add(ptr, 0x20)
} {
if iszero(lt(calldataload(ptr), FIELD_PRIME)) {
success := 0
break
}
}
}
if (!success) {
revert("PROGRAM_OUTPUT_VALUE_OUT_OF_RANGE");
}
}
/**
Updates the state of the Starknet, based on a proof of the Starknet OS that the state
transition is valid. Data availability is provided on-chain.
Arguments:
programOutput - The main part of the StarkNet OS program output.
data_availability_fact - An encoding of the on-chain data associated
with the 'programOutput'.
*/
function updateState(
uint256[] calldata programOutput,
uint256 onchainDataHash,
uint256 onchainDataSize
) external onlyOperator {
// Validate program output.
require(programOutput.length > StarknetOutput.HEADER_SIZE, "STARKNET_OUTPUT_TOO_SHORT");
// We protect against re-entrancy attacks by reading the block number at the beginning
// and validating that we have the expected block number at the end.
state().checkPrevBlockNumber(programOutput);
// Validate KZG DA flag.
require(programOutput[StarknetOutput.USE_KZG_DA_OFFSET] == 0, "UNEXPECTED_KZG_DA_FLAG");
bytes32 stateTransitionFact = OnchainDataFactTreeEncoder.encodeFactWithOnchainData(
programOutput,
OnchainDataFactTreeEncoder.DataAvailabilityFact(onchainDataHash, onchainDataSize)
);
updateStateInternal(programOutput, stateTransitionFact);
// Note that updateStateInternal does an external call, and it shouldn't be followed by
// storage changes.
// Re-entrancy protection (see above).
state().checkNewBlockNumber(programOutput);
}
/**
Updates the state of the StarkNet, based on a proof of the StarkNet OS that the state
transition is valid. Data availability is committed with KZG and provided in a blob.
Arguments:
programOutput - The main part of the StarkNet OS program output.
kzgProofs - array of KZG proofs - one per attached blob - which are validated together
with the StarkNet OS data commitments given in 'programOutput'.
*/
function updateStateKzgDA(uint256[] calldata programOutput, bytes[] calldata kzgProofs)
external
onlyOperator
{
// Validate program output.
require(programOutput.length > StarknetOutput.HEADER_SIZE, "STARKNET_OUTPUT_TOO_SHORT");
// We protect against re-entrancy attacks by reading the block number at the beginning
// and validating that we have the expected block number at the end.
state().checkPrevBlockNumber(programOutput);
// Verify the KZG Proof.
require(programOutput[StarknetOutput.USE_KZG_DA_OFFSET] == 1, "UNEXPECTED_KZG_DA_FLAG");
verifyKzgProofs(programOutput[StarknetOutput.HEADER_SIZE:], kzgProofs);
bytes32 stateTransitionFact = OnchainDataFactTreeEncoder.hashMainPublicInput(programOutput);
updateStateInternal(programOutput, stateTransitionFact);
// Note that updateStateInternal does an external call, and it shouldn't be followed by
// storage changes.
// Re-entrancy protection (see above).
state().checkNewBlockNumber(programOutput);
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.8.0;
import "starkware/solidity/components/Governance.sol";
contract StarknetGovernance is Governance {
string constant STARKNET_GOVERNANCE_INFO_TAG = "STARKNET_1.0_GOVERNANCE_INFO";
/*
Returns the GovernanceInfoStruct associated with the governance tag.
*/
function getGovernanceInfo() internal view override returns (GovernanceInfoStruct storage gub) {
bytes32 location = keccak256(abi.encodePacked(STARKNET_GOVERNANCE_INFO_TAG));
assembly {
gub.slot := location
}
}
function starknetIsGovernor(address user) external view returns (bool) {
return _isGovernor(user);
}
function starknetNominateNewGovernor(address newGovernor) external {
_nominateNewGovernor(newGovernor);
}
function starknetRemoveGovernor(address governorForRemoval) external {
_removeGovernor(governorForRemoval);
}
function starknetAcceptGovernance() external {
_acceptGovernance();
}
function starknetCancelNomination() external {
_cancelNomination();
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.8.0;
import "./IStarknetMessaging.sol";
import "starkware/solidity/libraries/NamedStorage8.sol";
/**
Implements sending messages to L2 by adding them to a pipe and consuming messages from L2 by
removing them from a different pipe. A deriving contract can handle the former pipe and add items
to the latter pipe while interacting with L2.
*/
contract StarknetMessaging is IStarknetMessaging {
/*
Random slot storage elements and accessors.
*/
string constant L1L2_MESSAGE_MAP_TAG = "STARKNET_1.0_MSGING_L1TOL2_MAPPPING_V2";
string constant L2L1_MESSAGE_MAP_TAG = "STARKNET_1.0_MSGING_L2TOL1_MAPPPING";
string constant L1L2_MESSAGE_NONCE_TAG = "STARKNET_1.0_MSGING_L1TOL2_NONCE";
string constant L1L2_MESSAGE_CANCELLATION_MAP_TAG = (
"STARKNET_1.0_MSGING_L1TOL2_CANCELLATION_MAPPPING"
);
string constant L1L2_MESSAGE_CANCELLATION_DELAY_TAG = (
"STARKNET_1.0_MSGING_L1TOL2_CANCELLATION_DELAY"
);
uint256 constant MAX_L1_MSG_FEE = 1 ether;
function getMaxL1MsgFee() public pure override returns (uint256) {
return MAX_L1_MSG_FEE;
}
/**
Returns the msg_fee + 1 for the message with the given 'msgHash',
or 0 if no message with such a hash is pending.
*/
function l1ToL2Messages(bytes32 msgHash) external view override returns (uint256) {
return l1ToL2Messages()[msgHash];
}
function l2ToL1Messages(bytes32 msgHash) external view returns (uint256) {
return l2ToL1Messages()[msgHash];
}
function l1ToL2Messages() internal pure returns (mapping(bytes32 => uint256) storage) {
return NamedStorage.bytes32ToUint256Mapping(L1L2_MESSAGE_MAP_TAG);
}
function l2ToL1Messages() internal pure returns (mapping(bytes32 => uint256) storage) {
return NamedStorage.bytes32ToUint256Mapping(L2L1_MESSAGE_MAP_TAG);
}
function l1ToL2MessageNonce() public view returns (uint256) {
return NamedStorage.getUintValue(L1L2_MESSAGE_NONCE_TAG);
}
function messageCancellationDelay() public view returns (uint256) {
return NamedStorage.getUintValue(L1L2_MESSAGE_CANCELLATION_DELAY_TAG);
}
function messageCancellationDelay(uint256 delayInSeconds) internal {
NamedStorage.setUintValue(L1L2_MESSAGE_CANCELLATION_DELAY_TAG, delayInSeconds);
}
/**
Returns the timestamp at the time cancelL1ToL2Message was called with a message
matching 'msgHash'.
The function returns 0 if cancelL1ToL2Message was never called.
*/
function l1ToL2MessageCancellations(bytes32 msgHash) external view returns (uint256) {
return l1ToL2MessageCancellations()[msgHash];
}
function l1ToL2MessageCancellations()
internal
pure
returns (mapping(bytes32 => uint256) storage)
{
return NamedStorage.bytes32ToUint256Mapping(L1L2_MESSAGE_CANCELLATION_MAP_TAG);
}
/**
Returns the hash of an L1 -> L2 message from msg.sender.
*/
function getL1ToL2MsgHash(
uint256 toAddress,
uint256 selector,
uint256[] calldata payload,
uint256 nonce
) internal view returns (bytes32) {
return
keccak256(
abi.encodePacked(
uint256(uint160(msg.sender)),
toAddress,
nonce,
selector,
payload.length,
payload
)
);
}
/**
Sends a message to an L2 contract.
*/
function sendMessageToL2(
uint256 toAddress,
uint256 selector,
uint256[] calldata payload
) external payable override returns (bytes32, uint256) {
require(msg.value > 0, "L1_MSG_FEE_MUST_BE_GREATER_THAN_0");
require(msg.value <= getMaxL1MsgFee(), "MAX_L1_MSG_FEE_EXCEEDED");
uint256 nonce = l1ToL2MessageNonce();
NamedStorage.setUintValue(L1L2_MESSAGE_NONCE_TAG, nonce + 1);
emit LogMessageToL2(msg.sender, toAddress, selector, payload, nonce, msg.value);
bytes32 msgHash = getL1ToL2MsgHash(toAddress, selector, payload, nonce);
// Note that the inclusion of the unique nonce in the message hash implies that
// l1ToL2Messages()[msgHash] was not accessed before.
l1ToL2Messages()[msgHash] = msg.value + 1;
return (msgHash, nonce);
}
/**
Consumes a message that was sent from an L2 contract.
Returns the hash of the message.
*/
function consumeMessageFromL2(uint256 fromAddress, uint256[] calldata payload)
external
override
returns (bytes32)
{
bytes32 msgHash = keccak256(
abi.encodePacked(fromAddress, uint256(uint160(msg.sender)), payload.length, payload)
);
require(l2ToL1Messages()[msgHash] > 0, "INVALID_MESSAGE_TO_CONSUME");
emit ConsumedMessageToL1(fromAddress, msg.sender, payload);
l2ToL1Messages()[msgHash] -= 1;
return msgHash;
}
function startL1ToL2MessageCancellation(
uint256 toAddress,
uint256 selector,
uint256[] calldata payload,
uint256 nonce
) external override returns (bytes32) {
emit MessageToL2CancellationStarted(msg.sender, toAddress, selector, payload, nonce);
bytes32 msgHash = getL1ToL2MsgHash(toAddress, selector, payload, nonce);
uint256 msgFeePlusOne = l1ToL2Messages()[msgHash];
require(msgFeePlusOne > 0, "NO_MESSAGE_TO_CANCEL");
l1ToL2MessageCancellations()[msgHash] = block.timestamp;
return msgHash;
}
function cancelL1ToL2Message(
uint256 toAddress,
uint256 selector,
uint256[] calldata payload,
uint256 nonce
) external override returns (bytes32) {
emit MessageToL2Canceled(msg.sender, toAddress, selector, payload, nonce);
// Note that the message hash depends on msg.sender, which prevents one contract from
// cancelling another contract's message.
// Trying to do so will result in NO_MESSAGE_TO_CANCEL.
bytes32 msgHash = getL1ToL2MsgHash(toAddress, selector, payload, nonce);
uint256 msgFeePlusOne = l1ToL2Messages()[msgHash];
require(msgFeePlusOne != 0, "NO_MESSAGE_TO_CANCEL");
uint256 requestTime = l1ToL2MessageCancellations()[msgHash];
require(requestTime != 0, "MESSAGE_CANCELLATION_NOT_REQUESTED");
uint256 cancelAllowedTime = requestTime + messageCancellationDelay();
require(cancelAllowedTime >= requestTime, "CANCEL_ALLOWED_TIME_OVERFLOW");
require(block.timestamp >= cancelAllowedTime, "MESSAGE_CANCELLATION_NOT_ALLOWED_YET");
l1ToL2Messages()[msgHash] = 0;
return (msgHash);
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.8.0;
import "starkware/solidity/components/Operator.sol";
import "starkware/solidity/libraries/NamedStorage8.sol";
abstract contract StarknetOperator is Operator {
string constant OPERATORS_MAPPING_TAG = "STARKNET_1.0_ROLES_OPERATORS_MAPPING_TAG";
function getOperators() internal view override returns (mapping(address => bool) storage) {
return NamedStorage.addressToBoolMapping(OPERATORS_MAPPING_TAG);
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.8.0;
import "./Output.sol";
library StarknetState {
struct State {
uint256 globalRoot;
int256 blockNumber;
uint256 blockHash;
}
function copy(State storage state, State memory stateFrom) internal {
state.globalRoot = stateFrom.globalRoot;
state.blockNumber = stateFrom.blockNumber;
state.blockHash = stateFrom.blockHash;
}
/**
Validates that the previous block number that appears in the proof is the current block
number.
To protect against re-entrancy attacks, we read the block number at the beginning
and validate that we have the expected block number at the end.
This function must be called at the beginning of the updateState transaction.
*/
function checkPrevBlockNumber(State storage state, uint256[] calldata starknetOutput) internal {
uint256 expectedPrevBlockNumber;
if (state.blockNumber == -1) {
expectedPrevBlockNumber = 0x800000000000011000000000000000000000000000000000000000000000000;
} else {
expectedPrevBlockNumber = uint256(state.blockNumber);
}
require(
starknetOutput[StarknetOutput.PREV_BLOCK_NUMBER_OFFSET] == expectedPrevBlockNumber,
"INVALID_PREV_BLOCK_NUMBER"
);
}
/**
Validates that the current block number is the new block number.
This is used to protect against re-entrancy attacks.
*/
function checkNewBlockNumber(State storage state, uint256[] calldata starknetOutput) internal {
require(
uint256(state.blockNumber) == starknetOutput[StarknetOutput.NEW_BLOCK_NUMBER_OFFSET],
"REENTRANCY_FAILURE"
);
}
/**
Validates that the 'blockNumber' and the previous root are consistent with the
current state and updates the state.
*/
function update(State storage state, uint256[] calldata starknetOutput) internal {
checkPrevBlockNumber(state, starknetOutput);
// Check the blockNumber first as the error is less ambiguous then INVALID_PREVIOUS_ROOT.
int256 newBlockNumber = int256(starknetOutput[StarknetOutput.NEW_BLOCK_NUMBER_OFFSET]);
require(newBlockNumber > state.blockNumber, "INVALID_NEW_BLOCK_NUMBER");
state.blockNumber = newBlockNumber;
require(
starknetOutput[StarknetOutput.PREV_BLOCK_HASH_OFFSET] == state.blockHash,
"INVALID_PREV_BLOCK_HASH"
);
state.blockHash = starknetOutput[StarknetOutput.NEW_BLOCK_HASH_OFFSET];
uint256[] calldata commitment_tree_update = StarknetOutput.getMerkleUpdate(starknetOutput);
require(
state.globalRoot == CommitmentTreeUpdateOutput.getPrevRoot(commitment_tree_update),
"INVALID_PREVIOUS_ROOT"
);
state.globalRoot = CommitmentTreeUpdateOutput.getNewRoot(commitment_tree_update);
}
}