Transaction Hash:
Block:
23518062 at Oct-06-2025 10:14:11 AM +UTC
Transaction Fee:
0.000090963348273798 ETH
$0.31
Gas Used:
55,693 Gas / 1.633299486 Gwei
Emitted Events:
| 80 |
TransparentUpgradeableProxy.0x8c5be1e5ebec7d5bd14f71427d1e84f3dd0314c0f7b2291e5b200ac8c7c3b925( 0x8c5be1e5ebec7d5bd14f71427d1e84f3dd0314c0f7b2291e5b200ac8c7c3b925, 0x000000000000000000000000455ff983f6fbc1e280cfccf8ec7376ae3b6c5dba, 0x000000000000000000000000881d40237659c251811cec9c364ef91dc08d300c, 000000000000000000000000000000000000000000000000000000000215e7b0 )
|
Account State Difference:
| Address | Before | After | State Difference | ||
|---|---|---|---|---|---|
|
0x39634336...6fb82Aa49
Miner
| (quasarbuilder) | 9.432936475423581817 Eth | 9.433020014923581817 Eth | 0.0000835395 | |
| 0x455fF983...E3B6C5DBA |
0.002213209005946103 Eth
Nonce: 99
|
0.002122245657672305 Eth
Nonce: 100
| 0.000090963348273798 | ||
| 0xacA92E43...87a2435DA |
Execution Trace
TransparentUpgradeableProxy.095ea7b3( )
TransparentUpgradeableProxy.095ea7b3( )
-
MUSD.approve( spender_=0x881D40237659C251811CEC9c364ef91dC08D300C, amount_=34990000 ) => ( True )
File 1 of 2: TransparentUpgradeableProxy
File 2 of 2: MUSD
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.2.0) (proxy/transparent/TransparentUpgradeableProxy.sol)
pragma solidity ^0.8.22;
import {ERC1967Utils} from "../ERC1967/ERC1967Utils.sol";
import {ERC1967Proxy} from "../ERC1967/ERC1967Proxy.sol";
import {IERC1967} from "../../interfaces/IERC1967.sol";
import {ProxyAdmin} from "./ProxyAdmin.sol";
/**
* @dev Interface for {TransparentUpgradeableProxy}. In order to implement transparency, {TransparentUpgradeableProxy}
* does not implement this interface directly, and its upgradeability mechanism is implemented by an internal dispatch
* mechanism. The compiler is unaware that these functions are implemented by {TransparentUpgradeableProxy} and will not
* include them in the ABI so this interface must be used to interact with it.
*/
interface ITransparentUpgradeableProxy is IERC1967 {
/// @dev See {UUPSUpgradeable-upgradeToAndCall}
function upgradeToAndCall(address newImplementation, bytes calldata data) external payable;
}
/**
* @dev This contract implements a proxy that is upgradeable through an associated {ProxyAdmin} instance.
*
* To avoid https://medium.com/nomic-labs-blog/malicious-backdoors-in-ethereum-proxies-62629adf3357[proxy selector
* clashing], which can potentially be used in an attack, this contract uses the
* https://blog.openzeppelin.com/the-transparent-proxy-pattern/[transparent proxy pattern]. This pattern implies two
* things that go hand in hand:
*
* 1. If any account other than the admin calls the proxy, the call will be forwarded to the implementation, even if
* that call matches the {ITransparentUpgradeableProxy-upgradeToAndCall} function exposed by the proxy itself.
* 2. If the admin calls the proxy, it can call the `upgradeToAndCall` function but any other call won't be forwarded to
* the implementation. If the admin tries to call a function on the implementation it will fail with an error indicating
* the proxy admin cannot fallback to the target implementation.
*
* These properties mean that the admin account can only be used for upgrading the proxy, so it's best if it's a
* dedicated account that is not used for anything else. This will avoid headaches due to sudden errors when trying to
* call a function from the proxy implementation. For this reason, the proxy deploys an instance of {ProxyAdmin} and
* allows upgrades only if they come through it. You should think of the `ProxyAdmin` instance as the administrative
* interface of the proxy, including the ability to change who can trigger upgrades by transferring ownership.
*
* NOTE: The real interface of this proxy is that defined in `ITransparentUpgradeableProxy`. This contract does not
* inherit from that interface, and instead `upgradeToAndCall` is implicitly implemented using a custom dispatch
* mechanism in `_fallback`. Consequently, the compiler will not produce an ABI for this contract. This is necessary to
* fully implement transparency without decoding reverts caused by selector clashes between the proxy and the
* implementation.
*
* NOTE: This proxy does not inherit from {Context} deliberately. The {ProxyAdmin} of this contract won't send a
* meta-transaction in any way, and any other meta-transaction setup should be made in the implementation contract.
*
* IMPORTANT: This contract avoids unnecessary storage reads by setting the admin only during construction as an
* immutable variable, preventing any changes thereafter. However, the admin slot defined in ERC-1967 can still be
* overwritten by the implementation logic pointed to by this proxy. In such cases, the contract may end up in an
* undesirable state where the admin slot is different from the actual admin. Relying on the value of the admin slot
* is generally fine if the implementation is trusted.
*
* WARNING: It is not recommended to extend this contract to add additional external functions. If you do so, the
* compiler will not check that there are no selector conflicts, due to the note above. A selector clash between any new
* function and the functions declared in {ITransparentUpgradeableProxy} will be resolved in favor of the new one. This
* could render the `upgradeToAndCall` function inaccessible, preventing upgradeability and compromising transparency.
*/
contract TransparentUpgradeableProxy is ERC1967Proxy {
// An immutable address for the admin to avoid unnecessary SLOADs before each call
// at the expense of removing the ability to change the admin once it's set.
// This is acceptable if the admin is always a ProxyAdmin instance or similar contract
// with its own ability to transfer the permissions to another account.
address private immutable _admin;
/**
* @dev The proxy caller is the current admin, and can't fallback to the proxy target.
*/
error ProxyDeniedAdminAccess();
/**
* @dev Initializes an upgradeable proxy managed by an instance of a {ProxyAdmin} with an `initialOwner`,
* backed by the implementation at `_logic`, and optionally initialized with `_data` as explained in
* {ERC1967Proxy-constructor}.
*/
constructor(address _logic, address initialOwner, bytes memory _data) payable ERC1967Proxy(_logic, _data) {
_admin = address(new ProxyAdmin(initialOwner));
// Set the storage value and emit an event for ERC-1967 compatibility
ERC1967Utils.changeAdmin(_proxyAdmin());
}
/**
* @dev Returns the admin of this proxy.
*/
function _proxyAdmin() internal view virtual returns (address) {
return _admin;
}
/**
* @dev If caller is the admin process the call internally, otherwise transparently fallback to the proxy behavior.
*/
function _fallback() internal virtual override {
if (msg.sender == _proxyAdmin()) {
if (msg.sig != ITransparentUpgradeableProxy.upgradeToAndCall.selector) {
revert ProxyDeniedAdminAccess();
} else {
_dispatchUpgradeToAndCall();
}
} else {
super._fallback();
}
}
/**
* @dev Upgrade the implementation of the proxy. See {ERC1967Utils-upgradeToAndCall}.
*
* Requirements:
*
* - If `data` is empty, `msg.value` must be zero.
*/
function _dispatchUpgradeToAndCall() private {
(address newImplementation, bytes memory data) = abi.decode(msg.data[4:], (address, bytes));
ERC1967Utils.upgradeToAndCall(newImplementation, data);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.2.0) (proxy/ERC1967/ERC1967Utils.sol)
pragma solidity ^0.8.22;
import {IBeacon} from "../beacon/IBeacon.sol";
import {IERC1967} from "../../interfaces/IERC1967.sol";
import {Address} from "../../utils/Address.sol";
import {StorageSlot} from "../../utils/StorageSlot.sol";
/**
* @dev This library provides getters and event emitting update functions for
* https://eips.ethereum.org/EIPS/eip-1967[ERC-1967] slots.
*/
library ERC1967Utils {
/**
* @dev Storage slot with the address of the current implementation.
* This is the keccak-256 hash of "eip1967.proxy.implementation" subtracted by 1.
*/
// solhint-disable-next-line private-vars-leading-underscore
bytes32 internal constant IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
/**
* @dev The `implementation` of the proxy is invalid.
*/
error ERC1967InvalidImplementation(address implementation);
/**
* @dev The `admin` of the proxy is invalid.
*/
error ERC1967InvalidAdmin(address admin);
/**
* @dev The `beacon` of the proxy is invalid.
*/
error ERC1967InvalidBeacon(address beacon);
/**
* @dev An upgrade function sees `msg.value > 0` that may be lost.
*/
error ERC1967NonPayable();
/**
* @dev Returns the current implementation address.
*/
function getImplementation() internal view returns (address) {
return StorageSlot.getAddressSlot(IMPLEMENTATION_SLOT).value;
}
/**
* @dev Stores a new address in the ERC-1967 implementation slot.
*/
function _setImplementation(address newImplementation) private {
if (newImplementation.code.length == 0) {
revert ERC1967InvalidImplementation(newImplementation);
}
StorageSlot.getAddressSlot(IMPLEMENTATION_SLOT).value = newImplementation;
}
/**
* @dev Performs implementation upgrade with additional setup call if data is nonempty.
* This function is payable only if the setup call is performed, otherwise `msg.value` is rejected
* to avoid stuck value in the contract.
*
* Emits an {IERC1967-Upgraded} event.
*/
function upgradeToAndCall(address newImplementation, bytes memory data) internal {
_setImplementation(newImplementation);
emit IERC1967.Upgraded(newImplementation);
if (data.length > 0) {
Address.functionDelegateCall(newImplementation, data);
} else {
_checkNonPayable();
}
}
/**
* @dev Storage slot with the admin of the contract.
* This is the keccak-256 hash of "eip1967.proxy.admin" subtracted by 1.
*/
// solhint-disable-next-line private-vars-leading-underscore
bytes32 internal constant ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;
/**
* @dev Returns the current admin.
*
* TIP: To get this value clients can read directly from the storage slot shown below (specified by ERC-1967) using
* the https://eth.wiki/json-rpc/API#eth_getstorageat[`eth_getStorageAt`] RPC call.
* `0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103`
*/
function getAdmin() internal view returns (address) {
return StorageSlot.getAddressSlot(ADMIN_SLOT).value;
}
/**
* @dev Stores a new address in the ERC-1967 admin slot.
*/
function _setAdmin(address newAdmin) private {
if (newAdmin == address(0)) {
revert ERC1967InvalidAdmin(address(0));
}
StorageSlot.getAddressSlot(ADMIN_SLOT).value = newAdmin;
}
/**
* @dev Changes the admin of the proxy.
*
* Emits an {IERC1967-AdminChanged} event.
*/
function changeAdmin(address newAdmin) internal {
emit IERC1967.AdminChanged(getAdmin(), newAdmin);
_setAdmin(newAdmin);
}
/**
* @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy.
* This is the keccak-256 hash of "eip1967.proxy.beacon" subtracted by 1.
*/
// solhint-disable-next-line private-vars-leading-underscore
bytes32 internal constant BEACON_SLOT = 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50;
/**
* @dev Returns the current beacon.
*/
function getBeacon() internal view returns (address) {
return StorageSlot.getAddressSlot(BEACON_SLOT).value;
}
/**
* @dev Stores a new beacon in the ERC-1967 beacon slot.
*/
function _setBeacon(address newBeacon) private {
if (newBeacon.code.length == 0) {
revert ERC1967InvalidBeacon(newBeacon);
}
StorageSlot.getAddressSlot(BEACON_SLOT).value = newBeacon;
address beaconImplementation = IBeacon(newBeacon).implementation();
if (beaconImplementation.code.length == 0) {
revert ERC1967InvalidImplementation(beaconImplementation);
}
}
/**
* @dev Change the beacon and trigger a setup call if data is nonempty.
* This function is payable only if the setup call is performed, otherwise `msg.value` is rejected
* to avoid stuck value in the contract.
*
* Emits an {IERC1967-BeaconUpgraded} event.
*
* CAUTION: Invoking this function has no effect on an instance of {BeaconProxy} since v5, since
* it uses an immutable beacon without looking at the value of the ERC-1967 beacon slot for
* efficiency.
*/
function upgradeBeaconToAndCall(address newBeacon, bytes memory data) internal {
_setBeacon(newBeacon);
emit IERC1967.BeaconUpgraded(newBeacon);
if (data.length > 0) {
Address.functionDelegateCall(IBeacon(newBeacon).implementation(), data);
} else {
_checkNonPayable();
}
}
/**
* @dev Reverts if `msg.value` is not zero. It can be used to avoid `msg.value` stuck in the contract
* if an upgrade doesn't perform an initialization call.
*/
function _checkNonPayable() private {
if (msg.value > 0) {
revert ERC1967NonPayable();
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.2.0) (proxy/ERC1967/ERC1967Proxy.sol)
pragma solidity ^0.8.22;
import {Proxy} from "../Proxy.sol";
import {ERC1967Utils} from "./ERC1967Utils.sol";
/**
* @dev This contract implements an upgradeable proxy. It is upgradeable because calls are delegated to an
* implementation address that can be changed. This address is stored in storage in the location specified by
* https://eips.ethereum.org/EIPS/eip-1967[ERC-1967], so that it doesn't conflict with the storage layout of the
* implementation behind the proxy.
*/
contract ERC1967Proxy is Proxy {
/**
* @dev Initializes the upgradeable proxy with an initial implementation specified by `implementation`.
*
* If `_data` is nonempty, it's used as data in a delegate call to `implementation`. This will typically be an
* encoded function call, and allows initializing the storage of the proxy like a Solidity constructor.
*
* Requirements:
*
* - If `data` is empty, `msg.value` must be zero.
*/
constructor(address implementation, bytes memory _data) payable {
ERC1967Utils.upgradeToAndCall(implementation, _data);
}
/**
* @dev Returns the current implementation address.
*
* TIP: To get this value clients can read directly from the storage slot shown below (specified by ERC-1967) using
* the https://eth.wiki/json-rpc/API#eth_getstorageat[`eth_getStorageAt`] RPC call.
* `0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc`
*/
function _implementation() internal view virtual override returns (address) {
return ERC1967Utils.getImplementation();
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC1967.sol)
pragma solidity ^0.8.20;
/**
* @dev ERC-1967: Proxy Storage Slots. This interface contains the events defined in the ERC.
*/
interface IERC1967 {
/**
* @dev Emitted when the implementation is upgraded.
*/
event Upgraded(address indexed implementation);
/**
* @dev Emitted when the admin account has changed.
*/
event AdminChanged(address previousAdmin, address newAdmin);
/**
* @dev Emitted when the beacon is changed.
*/
event BeaconUpgraded(address indexed beacon);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.2.0) (proxy/transparent/ProxyAdmin.sol)
pragma solidity ^0.8.22;
import {ITransparentUpgradeableProxy} from "./TransparentUpgradeableProxy.sol";
import {Ownable} from "../../access/Ownable.sol";
/**
* @dev This is an auxiliary contract meant to be assigned as the admin of a {TransparentUpgradeableProxy}. For an
* explanation of why you would want to use this see the documentation for {TransparentUpgradeableProxy}.
*/
contract ProxyAdmin is Ownable {
/**
* @dev The version of the upgrade interface of the contract. If this getter is missing, both `upgrade(address,address)`
* and `upgradeAndCall(address,address,bytes)` are present, and `upgrade` must be used if no function should be called,
* while `upgradeAndCall` will invoke the `receive` function if the third argument is the empty byte string.
* If the getter returns `"5.0.0"`, only `upgradeAndCall(address,address,bytes)` is present, and the third argument must
* be the empty byte string if no function should be called, making it impossible to invoke the `receive` function
* during an upgrade.
*/
string public constant UPGRADE_INTERFACE_VERSION = "5.0.0";
/**
* @dev Sets the initial owner who can perform upgrades.
*/
constructor(address initialOwner) Ownable(initialOwner) {}
/**
* @dev Upgrades `proxy` to `implementation` and calls a function on the new implementation.
* See {TransparentUpgradeableProxy-_dispatchUpgradeToAndCall}.
*
* Requirements:
*
* - This contract must be the admin of `proxy`.
* - If `data` is empty, `msg.value` must be zero.
*/
function upgradeAndCall(
ITransparentUpgradeableProxy proxy,
address implementation,
bytes memory data
) public payable virtual onlyOwner {
proxy.upgradeToAndCall{value: msg.value}(implementation, data);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (proxy/beacon/IBeacon.sol)
pragma solidity ^0.8.20;
/**
* @dev This is the interface that {BeaconProxy} expects of its beacon.
*/
interface IBeacon {
/**
* @dev Must return an address that can be used as a delegate call target.
*
* {UpgradeableBeacon} will check that this address is a contract.
*/
function implementation() external view returns (address);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.2.0) (utils/Address.sol)
pragma solidity ^0.8.20;
import {Errors} from "./Errors.sol";
/**
* @dev Collection of functions related to the address type
*/
library Address {
/**
* @dev There's no code at `target` (it is not a contract).
*/
error AddressEmptyCode(address target);
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.8.20/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
if (address(this).balance < amount) {
revert Errors.InsufficientBalance(address(this).balance, amount);
}
(bool success, bytes memory returndata) = recipient.call{value: amount}("");
if (!success) {
_revert(returndata);
}
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason or custom error, it is bubbled
* up by this function (like regular Solidity function calls). However, if
* the call reverted with no returned reason, this function reverts with a
* {Errors.FailedCall} error.
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*/
function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
if (address(this).balance < value) {
revert Errors.InsufficientBalance(address(this).balance, value);
}
(bool success, bytes memory returndata) = target.call{value: value}(data);
return verifyCallResultFromTarget(target, success, returndata);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*/
function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
(bool success, bytes memory returndata) = target.staticcall(data);
return verifyCallResultFromTarget(target, success, returndata);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a delegate call.
*/
function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
(bool success, bytes memory returndata) = target.delegatecall(data);
return verifyCallResultFromTarget(target, success, returndata);
}
/**
* @dev Tool to verify that a low level call to smart-contract was successful, and reverts if the target
* was not a contract or bubbling up the revert reason (falling back to {Errors.FailedCall}) in case
* of an unsuccessful call.
*/
function verifyCallResultFromTarget(
address target,
bool success,
bytes memory returndata
) internal view returns (bytes memory) {
if (!success) {
_revert(returndata);
} else {
// only check if target is a contract if the call was successful and the return data is empty
// otherwise we already know that it was a contract
if (returndata.length == 0 && target.code.length == 0) {
revert AddressEmptyCode(target);
}
return returndata;
}
}
/**
* @dev Tool to verify that a low level call was successful, and reverts if it wasn't, either by bubbling the
* revert reason or with a default {Errors.FailedCall} error.
*/
function verifyCallResult(bool success, bytes memory returndata) internal pure returns (bytes memory) {
if (!success) {
_revert(returndata);
} else {
return returndata;
}
}
/**
* @dev Reverts with returndata if present. Otherwise reverts with {Errors.FailedCall}.
*/
function _revert(bytes memory returndata) private pure {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly
assembly ("memory-safe") {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert Errors.FailedCall();
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/StorageSlot.sol)
// This file was procedurally generated from scripts/generate/templates/StorageSlot.js.
pragma solidity ^0.8.20;
/**
* @dev Library for reading and writing primitive types to specific storage slots.
*
* Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.
* This library helps with reading and writing to such slots without the need for inline assembly.
*
* The functions in this library return Slot structs that contain a `value` member that can be used to read or write.
*
* Example usage to set ERC-1967 implementation slot:
* ```solidity
* contract ERC1967 {
* // Define the slot. Alternatively, use the SlotDerivation library to derive the slot.
* bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
*
* function _getImplementation() internal view returns (address) {
* return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
* }
*
* function _setImplementation(address newImplementation) internal {
* require(newImplementation.code.length > 0);
* StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
* }
* }
* ```
*
* TIP: Consider using this library along with {SlotDerivation}.
*/
library StorageSlot {
struct AddressSlot {
address value;
}
struct BooleanSlot {
bool value;
}
struct Bytes32Slot {
bytes32 value;
}
struct Uint256Slot {
uint256 value;
}
struct Int256Slot {
int256 value;
}
struct StringSlot {
string value;
}
struct BytesSlot {
bytes value;
}
/**
* @dev Returns an `AddressSlot` with member `value` located at `slot`.
*/
function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {
assembly ("memory-safe") {
r.slot := slot
}
}
/**
* @dev Returns a `BooleanSlot` with member `value` located at `slot`.
*/
function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {
assembly ("memory-safe") {
r.slot := slot
}
}
/**
* @dev Returns a `Bytes32Slot` with member `value` located at `slot`.
*/
function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {
assembly ("memory-safe") {
r.slot := slot
}
}
/**
* @dev Returns a `Uint256Slot` with member `value` located at `slot`.
*/
function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {
assembly ("memory-safe") {
r.slot := slot
}
}
/**
* @dev Returns a `Int256Slot` with member `value` located at `slot`.
*/
function getInt256Slot(bytes32 slot) internal pure returns (Int256Slot storage r) {
assembly ("memory-safe") {
r.slot := slot
}
}
/**
* @dev Returns a `StringSlot` with member `value` located at `slot`.
*/
function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) {
assembly ("memory-safe") {
r.slot := slot
}
}
/**
* @dev Returns an `StringSlot` representation of the string storage pointer `store`.
*/
function getStringSlot(string storage store) internal pure returns (StringSlot storage r) {
assembly ("memory-safe") {
r.slot := store.slot
}
}
/**
* @dev Returns a `BytesSlot` with member `value` located at `slot`.
*/
function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) {
assembly ("memory-safe") {
r.slot := slot
}
}
/**
* @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`.
*/
function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) {
assembly ("memory-safe") {
r.slot := store.slot
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (proxy/Proxy.sol)
pragma solidity ^0.8.20;
/**
* @dev This abstract contract provides a fallback function that delegates all calls to another contract using the EVM
* instruction `delegatecall`. We refer to the second contract as the _implementation_ behind the proxy, and it has to
* be specified by overriding the virtual {_implementation} function.
*
* Additionally, delegation to the implementation can be triggered manually through the {_fallback} function, or to a
* different contract through the {_delegate} function.
*
* The success and return data of the delegated call will be returned back to the caller of the proxy.
*/
abstract contract Proxy {
/**
* @dev Delegates the current call to `implementation`.
*
* This function does not return to its internal call site, it will return directly to the external caller.
*/
function _delegate(address implementation) internal virtual {
assembly {
// Copy msg.data. We take full control of memory in this inline assembly
// block because it will not return to Solidity code. We overwrite the
// Solidity scratch pad at memory position 0.
calldatacopy(0, 0, calldatasize())
// Call the implementation.
// out and outsize are 0 because we don't know the size yet.
let result := delegatecall(gas(), implementation, 0, calldatasize(), 0, 0)
// Copy the returned data.
returndatacopy(0, 0, returndatasize())
switch result
// delegatecall returns 0 on error.
case 0 {
revert(0, returndatasize())
}
default {
return(0, returndatasize())
}
}
}
/**
* @dev This is a virtual function that should be overridden so it returns the address to which the fallback
* function and {_fallback} should delegate.
*/
function _implementation() internal view virtual returns (address);
/**
* @dev Delegates the current call to the address returned by `_implementation()`.
*
* This function does not return to its internal call site, it will return directly to the external caller.
*/
function _fallback() internal virtual {
_delegate(_implementation());
}
/**
* @dev Fallback function that delegates calls to the address returned by `_implementation()`. Will run if no other
* function in the contract matches the call data.
*/
fallback() external payable virtual {
_fallback();
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable.sol)
pragma solidity ^0.8.20;
import {Context} from "../utils/Context.sol";
/**
* @dev Contract module which provides a basic access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* The initial owner is set to the address provided by the deployer. This can
* later be changed with {transferOwnership}.
*
* This module is used through inheritance. It will make available the modifier
* `onlyOwner`, which can be applied to your functions to restrict their use to
* the owner.
*/
abstract contract Ownable is Context {
address private _owner;
/**
* @dev The caller account is not authorized to perform an operation.
*/
error OwnableUnauthorizedAccount(address account);
/**
* @dev The owner is not a valid owner account. (eg. `address(0)`)
*/
error OwnableInvalidOwner(address owner);
event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
/**
* @dev Initializes the contract setting the address provided by the deployer as the initial owner.
*/
constructor(address initialOwner) {
if (initialOwner == address(0)) {
revert OwnableInvalidOwner(address(0));
}
_transferOwnership(initialOwner);
}
/**
* @dev Throws if called by any account other than the owner.
*/
modifier onlyOwner() {
_checkOwner();
_;
}
/**
* @dev Returns the address of the current owner.
*/
function owner() public view virtual returns (address) {
return _owner;
}
/**
* @dev Throws if the sender is not the owner.
*/
function _checkOwner() internal view virtual {
if (owner() != _msgSender()) {
revert OwnableUnauthorizedAccount(_msgSender());
}
}
/**
* @dev Leaves the contract without owner. It will not be possible to call
* `onlyOwner` functions. Can only be called by the current owner.
*
* NOTE: Renouncing ownership will leave the contract without an owner,
* thereby disabling any functionality that is only available to the owner.
*/
function renounceOwnership() public virtual onlyOwner {
_transferOwnership(address(0));
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Can only be called by the current owner.
*/
function transferOwnership(address newOwner) public virtual onlyOwner {
if (newOwner == address(0)) {
revert OwnableInvalidOwner(address(0));
}
_transferOwnership(newOwner);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Internal function without access restriction.
*/
function _transferOwnership(address newOwner) internal virtual {
address oldOwner = _owner;
_owner = newOwner;
emit OwnershipTransferred(oldOwner, newOwner);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/Errors.sol)
pragma solidity ^0.8.20;
/**
* @dev Collection of common custom errors used in multiple contracts
*
* IMPORTANT: Backwards compatibility is not guaranteed in future versions of the library.
* It is recommended to avoid relying on the error API for critical functionality.
*
* _Available since v5.1._
*/
library Errors {
/**
* @dev The ETH balance of the account is not enough to perform the operation.
*/
error InsufficientBalance(uint256 balance, uint256 needed);
/**
* @dev A call to an address target failed. The target may have reverted.
*/
error FailedCall();
/**
* @dev The deployment failed.
*/
error FailedDeployment();
/**
* @dev A necessary precompile is missing.
*/
error MissingPrecompile(address);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)
pragma solidity ^0.8.20;
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract Context {
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
function _contextSuffixLength() internal view virtual returns (uint256) {
return 0;
}
}
File 2 of 2: MUSD
// SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.26;
import { PausableUpgradeable } from "../lib/evm-m-extensions/lib/common/lib/openzeppelin-contracts-upgradeable/contracts/utils/PausableUpgradeable.sol";
import { MYieldToOne } from "../lib/evm-m-extensions/src/projects/yieldToOne/MYieldToOne.sol";
import { IMUSD } from "./IMUSD.sol";
/**
███╗ ███╗███████╗████████╗ █████╗ ███╗ ███╗ █████╗ ███████╗██╗ ██╗ ██╗ ██╗███████╗██████╗
████╗ ████║██╔════╝╚══██╔══╝██╔══██╗████╗ ████║██╔══██╗██╔════╝██║ ██╔╝ ██║ ██║██╔════╝██╔══██╗
██╔████╔██║█████╗ ██║ ███████║██╔████╔██║███████║███████╗█████╔╝ ██║ ██║███████╗██║ ██║
██║╚██╔╝██║██╔══╝ ██║ ██╔══██║██║╚██╔╝██║██╔══██║╚════██║██╔═██╗ ██║ ██║╚════██║██║ ██║
██║ ╚═╝ ██║███████╗ ██║ ██║ ██║██║ ╚═╝ ██║██║ ██║███████║██║ ██╗ ╚██████╔╝███████║██████╔╝
╚═╝ ╚═╝╚══════╝ ╚═╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝ ╚═════╝ ╚══════╝╚═════╝
*/
/**
* @title MUSD
* @notice M extension for the MUSD token.
* @author M0 Labs
*/
contract MUSD is IMUSD, MYieldToOne, PausableUpgradeable {
/* ============ Variables ============ */
/// @inheritdoc IMUSD
bytes32 public constant PAUSER_ROLE = keccak256("PAUSER_ROLE");
/// @inheritdoc IMUSD
bytes32 public constant FORCED_TRANSFER_MANAGER_ROLE = keccak256("FORCED_TRANSFER_MANAGER_ROLE");
/* ============ Constructor ============ */
/**
* @custom:oz-upgrades-unsafe-allow constructor
* @notice Constructs MUSD Implementation contract
* @dev `_disableInitializers()` is called in the inherited MExtension's constructor.
* @param mToken The address of the MToken
* @param swapFacility The address of the SwapFacility
*/
constructor(address mToken, address swapFacility) MYieldToOne(mToken, swapFacility) {}
/* ============ Initializer ============ */
/**
* @dev Initializes the MUSD token.
* @param yieldRecipient The address of a yield destination.
* @param admin The address of an admin.
* @param freezeManager The address of a freeze manager.
* @param yieldRecipientManager The address of a yield recipient setter.
* @param pauser The address of a pauser.
*/
function initialize(
address yieldRecipient,
address admin,
address freezeManager,
address yieldRecipientManager,
address pauser,
address forcedTransferManager
) external initializer {
if (pauser == address(0)) revert ZeroPauser();
if (forcedTransferManager == address(0)) revert ZeroForcedTransferManager();
__MYieldToOne_init("MetaMask USD", "mUSD", yieldRecipient, admin, freezeManager, yieldRecipientManager);
__Pausable_init();
_grantRole(PAUSER_ROLE, pauser);
_grantRole(FORCED_TRANSFER_MANAGER_ROLE, forcedTransferManager);
}
/* ============ Interactive Functions ============ */
/// @inheritdoc IMUSD
function pause() external onlyRole(PAUSER_ROLE) {
_pause();
}
/// @inheritdoc IMUSD
function unpause() external onlyRole(PAUSER_ROLE) {
_unpause();
}
/// @inheritdoc IMUSD
function forceTransfer(
address frozenAccount,
address recipient,
uint256 amount
) external onlyRole(FORCED_TRANSFER_MANAGER_ROLE) {
_forceTransfer(frozenAccount, recipient, amount);
}
/// @inheritdoc IMUSD
function forceTransfers(
address[] calldata frozenAccounts,
address[] calldata recipients,
uint256[] calldata amounts
) external onlyRole(FORCED_TRANSFER_MANAGER_ROLE) {
if (frozenAccounts.length != recipients.length || frozenAccounts.length != amounts.length) {
revert ArrayLengthMismatch();
}
for (uint256 i; i < frozenAccounts.length; ++i) {
_forceTransfer(frozenAccounts[i], recipients[i], amounts[i]);
}
}
/* ============ Hooks For Internal Interactive Functions ============ */
/**
* @dev Hook called before wrapping M into mUSD.
* @param account The account from which M is deposited.
* @param recipient The account receiving the minted mUSD.
* @param amount The amount of tokens to wrap.
*/
function _beforeWrap(address account, address recipient, uint256 amount) internal view override {
_requireNotPaused();
super._beforeWrap(account, recipient, amount);
}
/**
* @dev Hook called before unwrapping mUSD.
* @param account The account from which mUSD is burned.
* @param amount The amount of tokens to unwrap.
*/
function _beforeUnwrap(address account, uint256 amount) internal view override {
_requireNotPaused();
super._beforeUnwrap(account, amount);
}
/**
* @dev Hook called before transferring mUSD.
* @param sender The address from which the tokens are being transferred.
* @param recipient The address to which the tokens are being transferred.
* @param amount The amount of tokens to transfer.
*/
function _beforeTransfer(address sender, address recipient, uint256 amount) internal view override {
_requireNotPaused();
super._beforeTransfer(sender, recipient, amount);
}
/**
* @dev Hook called before claiming yield.
* @dev MUST only be callable by the `YIELD_RECIPIENT_MANAGER_ROLE`.
* @dev Addresses with the `YIELD_RECIPIENT_MANAGER_ROLE`
* are still able to claim yield when the contract is paused.
*/
function _beforeClaimYield() internal view override onlyRole(YIELD_RECIPIENT_MANAGER_ROLE) {}
/* ============ Internal Interactive Functions ============ */
/**
* @dev Internal ERC20 force transfer function to seize funds from a frozen account.
* @param frozenAccount The frozen account from which tokens are seized.
* @param recipient The recipient's address.
* @param amount The amount to be transferred.
* @dev Force transfer is only allowed for frozen accounts.
* @dev No `_beforeTransfer` checks apply to forced transfers; ignore checks for paused and frozen states.
* @dev Since this function can only be called by the `FORCED_TRANSFER_MANAGER_ROLE`,
* we do not check if the recipient is frozen.
*/
function _forceTransfer(address frozenAccount, address recipient, uint256 amount) internal {
_revertIfInvalidRecipient(recipient);
_revertIfNotFrozen(frozenAccount);
emit Transfer(frozenAccount, recipient, amount);
emit ForcedTransfer(frozenAccount, recipient, msg.sender, amount);
if (amount == 0) return;
_revertIfInsufficientBalance(frozenAccount, amount);
_update(frozenAccount, recipient, amount);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.3.0) (utils/Pausable.sol)
pragma solidity ^0.8.20;
import {ContextUpgradeable} from "../utils/ContextUpgradeable.sol";
import {Initializable} from "../proxy/utils/Initializable.sol";
/**
* @dev Contract module which allows children to implement an emergency stop
* mechanism that can be triggered by an authorized account.
*
* This module is used through inheritance. It will make available the
* modifiers `whenNotPaused` and `whenPaused`, which can be applied to
* the functions of your contract. Note that they will not be pausable by
* simply including this module, only once the modifiers are put in place.
*/
abstract contract PausableUpgradeable is Initializable, ContextUpgradeable {
/// @custom:storage-location erc7201:openzeppelin.storage.Pausable
struct PausableStorage {
bool _paused;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Pausable")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant PausableStorageLocation = 0xcd5ed15c6e187e77e9aee88184c21f4f2182ab5827cb3b7e07fbedcd63f03300;
function _getPausableStorage() private pure returns (PausableStorage storage $) {
assembly {
$.slot := PausableStorageLocation
}
}
/**
* @dev Emitted when the pause is triggered by `account`.
*/
event Paused(address account);
/**
* @dev Emitted when the pause is lifted by `account`.
*/
event Unpaused(address account);
/**
* @dev The operation failed because the contract is paused.
*/
error EnforcedPause();
/**
* @dev The operation failed because the contract is not paused.
*/
error ExpectedPause();
/**
* @dev Modifier to make a function callable only when the contract is not paused.
*
* Requirements:
*
* - The contract must not be paused.
*/
modifier whenNotPaused() {
_requireNotPaused();
_;
}
/**
* @dev Modifier to make a function callable only when the contract is paused.
*
* Requirements:
*
* - The contract must be paused.
*/
modifier whenPaused() {
_requirePaused();
_;
}
function __Pausable_init() internal onlyInitializing {
}
function __Pausable_init_unchained() internal onlyInitializing {
}
/**
* @dev Returns true if the contract is paused, and false otherwise.
*/
function paused() public view virtual returns (bool) {
PausableStorage storage $ = _getPausableStorage();
return $._paused;
}
/**
* @dev Throws if the contract is paused.
*/
function _requireNotPaused() internal view virtual {
if (paused()) {
revert EnforcedPause();
}
}
/**
* @dev Throws if the contract is not paused.
*/
function _requirePaused() internal view virtual {
if (!paused()) {
revert ExpectedPause();
}
}
/**
* @dev Triggers stopped state.
*
* Requirements:
*
* - The contract must not be paused.
*/
function _pause() internal virtual whenNotPaused {
PausableStorage storage $ = _getPausableStorage();
$._paused = true;
emit Paused(_msgSender());
}
/**
* @dev Returns to normal state.
*
* Requirements:
*
* - The contract must be paused.
*/
function _unpause() internal virtual whenPaused {
PausableStorage storage $ = _getPausableStorage();
$._paused = false;
emit Unpaused(_msgSender());
}
}
// SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.26;
import { IERC20 } from "../../../lib/common/src/interfaces/IERC20.sol";
import { IMYieldToOne } from "./IMYieldToOne.sol";
import { Freezable } from "../../components/Freezable.sol";
import { MExtension } from "../../MExtension.sol";
abstract contract MYieldToOneStorageLayout {
/// @custom:storage-location erc7201:M0.storage.MYieldToOne
struct MYieldToOneStorageStruct {
uint256 totalSupply;
address yieldRecipient;
mapping(address account => uint256 balance) balanceOf;
}
// keccak256(abi.encode(uint256(keccak256("M0.storage.MYieldToOne")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant _M_YIELD_TO_ONE_STORAGE_LOCATION =
0xee2f6fc7e2e5879b17985791e0d12536cba689bda43c77b8911497248f4af100;
function _getMYieldToOneStorageLocation() internal pure returns (MYieldToOneStorageStruct storage $) {
assembly {
$.slot := _M_YIELD_TO_ONE_STORAGE_LOCATION
}
}
}
/**
* @title MYieldToOne
* @notice Upgradeable ERC20 Token contract for wrapping M into a non-rebasing token
* with yield claimable by a single recipient.
* @author M0 Labs
*/
contract MYieldToOne is IMYieldToOne, MYieldToOneStorageLayout, MExtension, Freezable {
/* ============ Variables ============ */
/// @inheritdoc IMYieldToOne
bytes32 public constant YIELD_RECIPIENT_MANAGER_ROLE = keccak256("YIELD_RECIPIENT_MANAGER_ROLE");
/* ============ Constructor ============ */
/**
* @custom:oz-upgrades-unsafe-allow constructor
* @notice Constructs MYieldToOne Implementation contract
* @dev Sets immutable storage.
* @param mToken The address of $M token.
* @param swapFacility The address of Swap Facility.
*/
constructor(address mToken, address swapFacility) MExtension(mToken, swapFacility) {}
/* ============ Initializer ============ */
/**
* @dev Initializes the M extension token with yield claimable by a single recipient.
* @param name The name of the token (e.g. "M Yield to One").
* @param symbol The symbol of the token (e.g. "MYO").
* @param yieldRecipient_ The address of a yield destination.
* @param admin The address of an admin.
* @param freezeManager The address of a freeze manager.
* @param yieldRecipientManager The address of a yield recipient setter.
*/
function initialize(
string memory name,
string memory symbol,
address yieldRecipient_,
address admin,
address freezeManager,
address yieldRecipientManager
) public virtual initializer {
__MYieldToOne_init(name, symbol, yieldRecipient_, admin, freezeManager, yieldRecipientManager);
}
/**
* @notice Initializes the MYieldToOne token.
* @param name The name of the token (e.g. "M Yield to One").
* @param symbol The symbol of the token (e.g. "MYO").
* @param yieldRecipient_ The address of a yield destination.
* @param admin The address of an admin.
* @param freezeManager The address of a freeze manager.
* @param yieldRecipientManager The address of a yield recipient setter.
*/
function __MYieldToOne_init(
string memory name,
string memory symbol,
address yieldRecipient_,
address admin,
address freezeManager,
address yieldRecipientManager
) internal onlyInitializing {
if (yieldRecipientManager == address(0)) revert ZeroYieldRecipientManager();
if (admin == address(0)) revert ZeroAdmin();
__MExtension_init(name, symbol);
__Freezable_init(freezeManager);
_setYieldRecipient(yieldRecipient_);
_grantRole(DEFAULT_ADMIN_ROLE, admin);
_grantRole(YIELD_RECIPIENT_MANAGER_ROLE, yieldRecipientManager);
}
/* ============ Interactive Functions ============ */
/// @inheritdoc IMYieldToOne
function claimYield() public returns (uint256) {
_beforeClaimYield();
uint256 yield_ = yield();
if (yield_ == 0) return 0;
emit YieldClaimed(yield_);
_mint(yieldRecipient(), yield_);
return yield_;
}
/// @inheritdoc IMYieldToOne
function setYieldRecipient(address account) external onlyRole(YIELD_RECIPIENT_MANAGER_ROLE) {
// Claim yield for the previous yield recipient.
claimYield();
_setYieldRecipient(account);
}
/* ============ View/Pure Functions ============ */
/// @inheritdoc IERC20
function balanceOf(address account) public view override returns (uint256) {
return _getMYieldToOneStorageLocation().balanceOf[account];
}
/// @inheritdoc IERC20
function totalSupply() public view returns (uint256) {
return _getMYieldToOneStorageLocation().totalSupply;
}
/// @inheritdoc IMYieldToOne
function yield() public view returns (uint256) {
unchecked {
uint256 balance_ = _mBalanceOf(address(this));
uint256 totalSupply_ = totalSupply();
return balance_ > totalSupply_ ? balance_ - totalSupply_ : 0;
}
}
/// @inheritdoc IMYieldToOne
function yieldRecipient() public view returns (address) {
return _getMYieldToOneStorageLocation().yieldRecipient;
}
/* ============ Hooks For Internal Interactive Functions ============ */
/**
* @dev Hooks called before approval of M extension spend.
* @param account The account from which M is deposited.
* @param spender The account spending M Extension token.
*/
function _beforeApprove(address account, address spender, uint256 /* amount */) internal view virtual override {
FreezableStorageStruct storage $ = _getFreezableStorageLocation();
_revertIfFrozen($, account);
_revertIfFrozen($, spender);
}
/**
* @dev Hooks called before wrapping M into M Extension token.
* @param account The account from which M is deposited.
* @param recipient The account receiving the minted M Extension token.
*/
function _beforeWrap(address account, address recipient, uint256 /* amount */) internal view virtual override {
FreezableStorageStruct storage $ = _getFreezableStorageLocation();
_revertIfFrozen($, account);
_revertIfFrozen($, recipient);
}
/**
* @dev Hook called before unwrapping M Extension token.
* @param account The account from which M Extension token is burned.
*/
function _beforeUnwrap(address account, uint256 /* amount */) internal view virtual override {
_revertIfFrozen(_getFreezableStorageLocation(), account);
}
/**
* @dev Hook called before transferring M Extension token.
* @param sender The address from which the tokens are being transferred.
* @param recipient The address to which the tokens are being transferred.
*/
function _beforeTransfer(address sender, address recipient, uint256 /* amount */) internal view virtual override {
FreezableStorageStruct storage $ = _getFreezableStorageLocation();
_revertIfFrozen($, msg.sender);
_revertIfFrozen($, sender);
_revertIfFrozen($, recipient);
}
/**
* @dev Hook called before claiming yield from the M Extension token. To be overridden in derived extensions.
*/
function _beforeClaimYield() internal view virtual {}
/* ============ Internal Interactive Functions ============ */
/**
* @dev Mints `amount` tokens to `recipient`.
* @param recipient The address whose account balance will be incremented.
* @param amount The present amount of tokens to mint.`
*/
function _mint(address recipient, uint256 amount) internal override {
MYieldToOneStorageStruct storage $ = _getMYieldToOneStorageLocation();
// NOTE: Can be `unchecked` because the max amount of $M is never greater than `type(uint240).max`.
unchecked {
$.balanceOf[recipient] += amount;
$.totalSupply += amount;
}
emit Transfer(address(0), recipient, amount);
}
/**
* @dev Burns `amount` tokens from `account`.
* @param account The address whose account balance will be decremented.
* @param amount The present amount of tokens to burn.
*/
function _burn(address account, uint256 amount) internal override {
MYieldToOneStorageStruct storage $ = _getMYieldToOneStorageLocation();
// NOTE: Can be `unchecked` because `_revertIfInsufficientBalance` is used in MExtension.
unchecked {
$.balanceOf[account] -= amount;
$.totalSupply -= amount;
}
emit Transfer(account, address(0), amount);
}
/**
* @dev Internal balance update function called on transfer.
* @param sender The sender's address.
* @param recipient The recipient's address.
* @param amount The amount to be transferred.
*/
function _update(address sender, address recipient, uint256 amount) internal override {
MYieldToOneStorageStruct storage $ = _getMYieldToOneStorageLocation();
// NOTE: Can be `unchecked` because `_revertIfInsufficientBalance` for `sender` is used in MExtension.
unchecked {
$.balanceOf[sender] -= amount;
$.balanceOf[recipient] += amount;
}
}
/**
* @dev Sets the yield recipient.
* @param yieldRecipient_ The address of the new yield recipient.
*/
function _setYieldRecipient(address yieldRecipient_) internal {
if (yieldRecipient_ == address(0)) revert ZeroYieldRecipient();
MYieldToOneStorageStruct storage $ = _getMYieldToOneStorageLocation();
if (yieldRecipient_ == $.yieldRecipient) return;
$.yieldRecipient = yieldRecipient_;
emit YieldRecipientSet(yieldRecipient_);
}
}
// SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.26;
/**
* @title MUSD Interface
* @author M0 Labs
*
*/
interface IMUSD {
/* ============ Events ============ */
/**
* @notice Emitted when tokens are forcefully transferred from a frozen account.
* @param frozenAccount The address of the frozen account.
* @param recipient The address of the recipient.
* @param forcedTransferManager The address of the force transfer manager that triggered the event.
* @param amount The amount of tokens transferred.
*/
event ForcedTransfer(
address indexed frozenAccount,
address indexed recipient,
address indexed forcedTransferManager,
uint256 amount
);
/* ============ Custom Errors ============ */
/// @notice Emitted in constructor if Pauser is 0x0.
error ZeroPauser();
/// @notice Emitted in constructor if Force Transfer Manager is 0x0.
error ZeroForcedTransferManager();
/// @notice Emitted when the length of the input arrays do not match in `forceTransfer` method.
error ArrayLengthMismatch();
/* ============ Interactive Functions ============ */
/**
* @notice Pauses the contract.
* @dev Can only be called by an account with the PAUSER_ROLE.
* @dev When paused, wrap/unwrap and transfer of tokens are disabled.
* Approval is still enabled to allow users to change their allowances.
* Addresses with the FORCED_TRANSFER_MANAGER_ROLE can still transfer tokens from frozen accounts.
* Addresses with the FREEZE_MANAGER_ROLE can still freeze and unfreeze accounts.
* Addresses with the YIELD_RECIPIENT_MANAGER_ROLE can still claim yield.
*/
function pause() external;
/**
* @notice Unpauses the contract.
* @dev Can only be called by an account with the PAUSER_ROLE.
*/
function unpause() external;
/**
* @notice Forcefully transfers tokens from a frozen account to a recipient.
* @dev Can only be called by an account with the FORCED_TRANSFER_MANAGER_ROLE.
* @param frozenAccount The address of the frozen account.
* @param recipient The address of the recipient.
* @param amount The amount of tokens to transfer.
*/
function forceTransfer(address frozenAccount, address recipient, uint256 amount) external;
/**
* @notice Forcefully transfers tokens from frozen accounts to recipients.
* @dev Can only be called by an account with the FORCED_TRANSFER_MANAGER_ROLE.
* @param frozenAccounts The addresses of the frozen accounts.
* @param recipients The addresses of the recipients.
* @param amounts The amounts of tokens to transfer.
*/
function forceTransfers(
address[] calldata frozenAccounts,
address[] calldata recipients,
uint256[] calldata amounts
) external;
/* ============ View/Pure Functions ============ */
/// @notice The role that can pause and unpause the contract.
function PAUSER_ROLE() external view returns (bytes32);
/// @notice The role that can force transfer tokens from frozen accounts.
function FORCED_TRANSFER_MANAGER_ROLE() external view returns (bytes32);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)
pragma solidity ^0.8.20;
import {Initializable} from "../proxy/utils/Initializable.sol";
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract ContextUpgradeable is Initializable {
function __Context_init() internal onlyInitializing {
}
function __Context_init_unchained() internal onlyInitializing {
}
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
function _contextSuffixLength() internal view virtual returns (uint256) {
return 0;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.3.0) (proxy/utils/Initializable.sol)
pragma solidity ^0.8.20;
/**
* @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
* behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
* external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
* function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
*
* The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
* reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
* case an upgrade adds a module that needs to be initialized.
*
* For example:
*
* [.hljs-theme-light.nopadding]
* ```solidity
* contract MyToken is ERC20Upgradeable {
* function initialize() initializer public {
* __ERC20_init("MyToken", "MTK");
* }
* }
*
* contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
* function initializeV2() reinitializer(2) public {
* __ERC20Permit_init("MyToken");
* }
* }
* ```
*
* TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
* possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
*
* CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
* that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
*
* [CAUTION]
* ====
* Avoid leaving a contract uninitialized.
*
* An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
* contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
* the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
*
* [.hljs-theme-light.nopadding]
* ```
* /// @custom:oz-upgrades-unsafe-allow constructor
* constructor() {
* _disableInitializers();
* }
* ```
* ====
*/
abstract contract Initializable {
/**
* @dev Storage of the initializable contract.
*
* It's implemented on a custom ERC-7201 namespace to reduce the risk of storage collisions
* when using with upgradeable contracts.
*
* @custom:storage-location erc7201:openzeppelin.storage.Initializable
*/
struct InitializableStorage {
/**
* @dev Indicates that the contract has been initialized.
*/
uint64 _initialized;
/**
* @dev Indicates that the contract is in the process of being initialized.
*/
bool _initializing;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Initializable")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant INITIALIZABLE_STORAGE = 0xf0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a00;
/**
* @dev The contract is already initialized.
*/
error InvalidInitialization();
/**
* @dev The contract is not initializing.
*/
error NotInitializing();
/**
* @dev Triggered when the contract has been initialized or reinitialized.
*/
event Initialized(uint64 version);
/**
* @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
* `onlyInitializing` functions can be used to initialize parent contracts.
*
* Similar to `reinitializer(1)`, except that in the context of a constructor an `initializer` may be invoked any
* number of times. This behavior in the constructor can be useful during testing and is not expected to be used in
* production.
*
* Emits an {Initialized} event.
*/
modifier initializer() {
// solhint-disable-next-line var-name-mixedcase
InitializableStorage storage $ = _getInitializableStorage();
// Cache values to avoid duplicated sloads
bool isTopLevelCall = !$._initializing;
uint64 initialized = $._initialized;
// Allowed calls:
// - initialSetup: the contract is not in the initializing state and no previous version was
// initialized
// - construction: the contract is initialized at version 1 (no reinitialization) and the
// current contract is just being deployed
bool initialSetup = initialized == 0 && isTopLevelCall;
bool construction = initialized == 1 && address(this).code.length == 0;
if (!initialSetup && !construction) {
revert InvalidInitialization();
}
$._initialized = 1;
if (isTopLevelCall) {
$._initializing = true;
}
_;
if (isTopLevelCall) {
$._initializing = false;
emit Initialized(1);
}
}
/**
* @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
* contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
* used to initialize parent contracts.
*
* A reinitializer may be used after the original initialization step. This is essential to configure modules that
* are added through upgrades and that require initialization.
*
* When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`
* cannot be nested. If one is invoked in the context of another, execution will revert.
*
* Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
* a contract, executing them in the right order is up to the developer or operator.
*
* WARNING: Setting the version to 2**64 - 1 will prevent any future reinitialization.
*
* Emits an {Initialized} event.
*/
modifier reinitializer(uint64 version) {
// solhint-disable-next-line var-name-mixedcase
InitializableStorage storage $ = _getInitializableStorage();
if ($._initializing || $._initialized >= version) {
revert InvalidInitialization();
}
$._initialized = version;
$._initializing = true;
_;
$._initializing = false;
emit Initialized(version);
}
/**
* @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
* {initializer} and {reinitializer} modifiers, directly or indirectly.
*/
modifier onlyInitializing() {
_checkInitializing();
_;
}
/**
* @dev Reverts if the contract is not in an initializing state. See {onlyInitializing}.
*/
function _checkInitializing() internal view virtual {
if (!_isInitializing()) {
revert NotInitializing();
}
}
/**
* @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
* Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
* to any version. It is recommended to use this to lock implementation contracts that are designed to be called
* through proxies.
*
* Emits an {Initialized} event the first time it is successfully executed.
*/
function _disableInitializers() internal virtual {
// solhint-disable-next-line var-name-mixedcase
InitializableStorage storage $ = _getInitializableStorage();
if ($._initializing) {
revert InvalidInitialization();
}
if ($._initialized != type(uint64).max) {
$._initialized = type(uint64).max;
emit Initialized(type(uint64).max);
}
}
/**
* @dev Returns the highest version that has been initialized. See {reinitializer}.
*/
function _getInitializedVersion() internal view returns (uint64) {
return _getInitializableStorage()._initialized;
}
/**
* @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.
*/
function _isInitializing() internal view returns (bool) {
return _getInitializableStorage()._initializing;
}
/**
* @dev Pointer to storage slot. Allows integrators to override it with a custom storage location.
*
* NOTE: Consider following the ERC-7201 formula to derive storage locations.
*/
function _initializableStorageSlot() internal pure virtual returns (bytes32) {
return INITIALIZABLE_STORAGE;
}
/**
* @dev Returns a pointer to the storage namespace.
*/
// solhint-disable-next-line var-name-mixedcase
function _getInitializableStorage() private pure returns (InitializableStorage storage $) {
bytes32 slot = _initializableStorageSlot();
assembly {
$.slot := slot
}
}
}
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.8.20 <0.9.0;
/**
* @title ERC20 Token Standard.
* @author M^0 Labs
* @dev The interface as defined by EIP-20: https://eips.ethereum.org/EIPS/eip-20
*/
interface IERC20 {
/* ============ Events ============ */
/**
* @notice Emitted when `spender` has been approved for `amount` of the token balance of `account`.
* @param account The address of the account.
* @param spender The address of the spender being approved for the allowance.
* @param amount The amount of the allowance being approved.
*/
event Approval(address indexed account, address indexed spender, uint256 amount);
/**
* @notice Emitted when `amount` tokens is transferred from `sender` to `recipient`.
* @param sender The address of the sender who's token balance is decremented.
* @param recipient The address of the recipient who's token balance is incremented.
* @param amount The amount of tokens being transferred.
*/
event Transfer(address indexed sender, address indexed recipient, uint256 amount);
/* ============ Interactive Functions ============ */
/**
* @notice Allows a calling account to approve `spender` to spend up to `amount` of its token balance.
* @dev MUST emit an `Approval` event.
* @param spender The address of the account being allowed to spend up to the allowed amount.
* @param amount The amount of the allowance being approved.
* @return Whether or not the approval was successful.
*/
function approve(address spender, uint256 amount) external returns (bool);
/**
* @notice Allows a calling account to transfer `amount` tokens to `recipient`.
* @param recipient The address of the recipient who's token balance will be incremented.
* @param amount The amount of tokens being transferred.
* @return Whether or not the transfer was successful.
*/
function transfer(address recipient, uint256 amount) external returns (bool);
/**
* @notice Allows a calling account to transfer `amount` tokens from `sender`, with allowance, to a `recipient`.
* @param sender The address of the sender who's token balance will be decremented.
* @param recipient The address of the recipient who's token balance will be incremented.
* @param amount The amount of tokens being transferred.
* @return Whether or not the transfer was successful.
*/
function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);
/* ============ View/Pure Functions ============ */
/**
* @notice Returns the allowance `spender` is allowed to spend on behalf of `account`.
* @param account The address of the account who's token balance `spender` is allowed to spend.
* @param spender The address of an account allowed to spend on behalf of `account`.
* @return The amount `spender` can spend on behalf of `account`.
*/
function allowance(address account, address spender) external view returns (uint256);
/**
* @notice Returns the token balance of `account`.
* @param account The address of some account.
* @return The token balance of `account`.
*/
function balanceOf(address account) external view returns (uint256);
/// @notice Returns the number of decimals UIs should assume all amounts have.
function decimals() external view returns (uint8);
/// @notice Returns the name of the contract/token.
function name() external view returns (string memory);
/// @notice Returns the symbol of the token.
function symbol() external view returns (string memory);
/// @notice Returns the current total supply of the token.
function totalSupply() external view returns (uint256);
}
// SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.26;
/**
* @title M Extension where all yield is claimable by a single recipient.
* @author M0 Labs
*/
interface IMYieldToOne {
/* ============ Events ============ */
/**
* @notice Emitted when this contract's excess M is claimed.
* @param yield The amount of M yield claimed.
*/
event YieldClaimed(uint256 yield);
/**
* @notice Emitted when the yield recipient is set.
* @param yieldRecipient The address of the new yield recipient.
*/
event YieldRecipientSet(address indexed yieldRecipient);
/* ============ Custom Errors ============ */
/// @notice Emitted in constructor if Yield Recipient is 0x0.
error ZeroYieldRecipient();
/// @notice Emitted in constructor if Yield Recipient Manager is 0x0.
error ZeroYieldRecipientManager();
/// @notice Emitted in constructor if Admin is 0x0.
error ZeroAdmin();
/* ============ Interactive Functions ============ */
/// @notice Claims accrued yield to yield recipient.
function claimYield() external returns (uint256);
/**
* @notice Sets the yield recipient.
* @dev MUST only be callable by the YIELD_RECIPIENT_MANAGER_ROLE.
* @dev SHOULD revert if `yieldRecipient` is 0x0.
* @dev SHOULD return early if the `yieldRecipient` is already the actual yield recipient.
* @param yieldRecipient The address of the new yield recipient.
*/
function setYieldRecipient(address yieldRecipient) external;
/* ============ View/Pure Functions ============ */
/// @notice The role that can manage the yield recipient.
function YIELD_RECIPIENT_MANAGER_ROLE() external view returns (bytes32);
/// @notice The amount of accrued yield.
function yield() external view returns (uint256);
/// @notice The address of the yield recipient.
function yieldRecipient() external view returns (address);
}
// SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.26;
import {
AccessControlUpgradeable
} from "../../lib/common/lib/openzeppelin-contracts-upgradeable/contracts/access/AccessControlUpgradeable.sol";
import { IFreezable } from "./IFreezable.sol";
abstract contract FreezableStorageLayout {
/// @custom:storage-location erc7201:M0.storage.Freezable
struct FreezableStorageStruct {
mapping(address account => bool isFrozen) isFrozen;
}
// keccak256(abi.encode(uint256(keccak256("M0.storage.Freezable")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant _FREEZABLE_STORAGE_LOCATION =
0x2fd5767309dce890c526ace85d7fe164825199d7dcd99c33588befc51b32ce00;
function _getFreezableStorageLocation() internal pure returns (FreezableStorageStruct storage $) {
assembly {
$.slot := _FREEZABLE_STORAGE_LOCATION
}
}
}
/**
* @title Freezable
* @notice Upgradeable contract that allows for the freezing of accounts.
* @dev This contract is used to prevent certain accounts from interacting with the contract.
* @author M0 Labs
*/
abstract contract Freezable is IFreezable, FreezableStorageLayout, AccessControlUpgradeable {
/* ============ Variables ============ */
/// @inheritdoc IFreezable
bytes32 public constant FREEZE_MANAGER_ROLE = keccak256("FREEZE_MANAGER_ROLE");
/* ============ Initializer ============ */
/**
* @notice Initializes the contract with the given freeze manager.
* @param freezeManager The address of a freeze manager.
*/
function __Freezable_init(address freezeManager) internal onlyInitializing {
if (freezeManager == address(0)) revert ZeroFreezeManager();
_grantRole(FREEZE_MANAGER_ROLE, freezeManager);
}
/* ============ Interactive Functions ============ */
/// @inheritdoc IFreezable
function freeze(address account) external onlyRole(FREEZE_MANAGER_ROLE) {
_freeze(_getFreezableStorageLocation(), account);
}
/// @inheritdoc IFreezable
function freezeAccounts(address[] calldata accounts) external onlyRole(FREEZE_MANAGER_ROLE) {
FreezableStorageStruct storage $ = _getFreezableStorageLocation();
for (uint256 i; i < accounts.length; ++i) {
_freeze($, accounts[i]);
}
}
/// @inheritdoc IFreezable
function unfreeze(address account) external onlyRole(FREEZE_MANAGER_ROLE) {
_unfreeze(_getFreezableStorageLocation(), account);
}
/// @inheritdoc IFreezable
function unfreezeAccounts(address[] calldata accounts) external onlyRole(FREEZE_MANAGER_ROLE) {
FreezableStorageStruct storage $ = _getFreezableStorageLocation();
for (uint256 i; i < accounts.length; ++i) {
_unfreeze($, accounts[i]);
}
}
/* ============ View/Pure Functions ============ */
/// @inheritdoc IFreezable
function isFrozen(address account) public view returns (bool) {
return _getFreezableStorageLocation().isFrozen[account];
}
/* ============ Internal Interactive Functions ============ */
/**
* @notice Internal function that freezes an account.
* @param $ The storage location of the freezable contract.
* @param account The account to freeze.
*/
function _freeze(FreezableStorageStruct storage $, address account) internal {
_revertIfFrozen($, account);
$.isFrozen[account] = true;
emit Frozen(account, block.timestamp);
}
/**
* @notice Internal function that unfreezes an account.
* @param $ The storage location of the freezable contract.
* @param account The account to unfreeze.
*/
function _unfreeze(FreezableStorageStruct storage $, address account) internal {
_revertIfNotFrozen($, account);
$.isFrozen[account] = false;
emit Unfrozen(account, block.timestamp);
}
/* ============ Internal View/Pure Functions ============ */
/**
* @notice Internal function that reverts if an account is frozen.
* @param $ The storage location of the freezable contract.
* @param account The account to check.
*/
function _revertIfFrozen(FreezableStorageStruct storage $, address account) internal view {
if ($.isFrozen[account]) revert AccountFrozen(account);
}
/**
* @notice Internal function that reverts if an account is frozen.
* @param account The account to check.
*/
function _revertIfFrozen(address account) internal view {
if (_getFreezableStorageLocation().isFrozen[account]) revert AccountFrozen(account);
}
/**
* @notice Internal function that reverts if an account is not frozen.
* @param $ The storage location of the freezable contract.
* @param account The account to check.
*/
function _revertIfNotFrozen(FreezableStorageStruct storage $, address account) internal view {
if (!$.isFrozen[account]) revert AccountNotFrozen(account);
}
/**
* @notice Internal function that reverts if an account is not frozen.
* @param account The account to check.
*/
function _revertIfNotFrozen(address account) internal view {
if (!_getFreezableStorageLocation().isFrozen[account]) revert AccountNotFrozen(account);
}
}
// SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.26;
import { ERC20ExtendedUpgradeable } from "../lib/common/src/ERC20ExtendedUpgradeable.sol";
import { IERC20 } from "../lib/common/src/interfaces/IERC20.sol";
import { IMTokenLike } from "./interfaces/IMTokenLike.sol";
import { IMExtension } from "./interfaces/IMExtension.sol";
import { ISwapFacility } from "./swap/interfaces/ISwapFacility.sol";
/**
* @title MExtension
* @notice Upgradeable ERC20 Token contract for wrapping M into a non-rebasing token.
* @author M0 Labs
*/
abstract contract MExtension is IMExtension, ERC20ExtendedUpgradeable {
/* ============ Variables ============ */
/// @custom:oz-upgrades-unsafe-allow state-variable-immutable
/// @inheritdoc IMExtension
address public immutable mToken;
/// @custom:oz-upgrades-unsafe-allow state-variable-immutable
/// @inheritdoc IMExtension
address public immutable swapFacility;
/* ============ Modifiers ============ */
/// @dev Modifier to check if caller is SwapFacility.
modifier onlySwapFacility() {
if (msg.sender != swapFacility) revert NotSwapFacility();
_;
}
/* ============ Constructor ============ */
/**
* @custom:oz-upgrades-unsafe-allow constructor
* @notice Constructs MExtension Implementation contract
* @dev Sets immutable storage.
* @param mToken_ The address of $M token.
* @param swapFacility_ The address of Swap Facility.
*/
constructor(address mToken_, address swapFacility_) {
_disableInitializers();
if ((mToken = mToken_) == address(0)) revert ZeroMToken();
if ((swapFacility = swapFacility_) == address(0)) revert ZeroSwapFacility();
}
/* ============ Initializer ============ */
/**
* @notice Initializes the generic M extension token.
* @param name The name of the token (e.g. "HALO USD").
* @param symbol The symbol of the token (e.g. "HUSD").
*/
function __MExtension_init(string memory name, string memory symbol) internal onlyInitializing {
__ERC20ExtendedUpgradeable_init(name, symbol, 6);
}
/* ============ Interactive Functions ============ */
/// @inheritdoc IMExtension
function wrap(address recipient, uint256 amount) external onlySwapFacility {
// NOTE: `msg.sender` is always SwapFacility contract.
// `ISwapFacility.msgSender()` is used to ensure that the original caller is passed to `_beforeWrap`.
_wrap(ISwapFacility(msg.sender).msgSender(), recipient, amount);
}
/// @inheritdoc IMExtension
function unwrap(address /* recipient */, uint256 amount) external onlySwapFacility {
// NOTE: `msg.sender` is always SwapFacility contract.
// `ISwapFacility.msgSender()` is used to ensure that the original caller is passed to `_beforeUnwrap`.
// NOTE: `recipient` is not used in this function as the $M is always sent to SwapFacility contract.
_unwrap(ISwapFacility(msg.sender).msgSender(), amount);
}
/// @inheritdoc IMExtension
function enableEarning() external virtual {
if (isEarningEnabled()) revert EarningIsEnabled();
emit EarningEnabled(currentIndex());
IMTokenLike(mToken).startEarning();
}
/// @inheritdoc IMExtension
function disableEarning() external virtual {
if (!isEarningEnabled()) revert EarningIsDisabled();
emit EarningDisabled(currentIndex());
IMTokenLike(mToken).stopEarning(address(this));
}
/* ============ View/Pure Functions ============ */
/// @inheritdoc IMExtension
function currentIndex() public view virtual returns (uint128) {
return IMTokenLike(mToken).currentIndex();
}
/// @inheritdoc IMExtension
function isEarningEnabled() public view virtual returns (bool) {
return IMTokenLike(mToken).isEarning(address(this));
}
/// @inheritdoc IERC20
function balanceOf(address account) public view virtual returns (uint256);
/* ============ Hooks For Internal Interactive Functions ============ */
/**
* @dev Hook called before approval of M Extension token.
* @param account The sender's address.
* @param spender The spender address.
* @param amount The amount to be approved.
*/
function _beforeApprove(address account, address spender, uint256 amount) internal virtual {}
/**
* @dev Hook called before wrapping M into M Extension token.
* @param account The account from which M is deposited.
* @param recipient The account receiving the minted M Extension token.
* @param amount The amount of M deposited.
*/
function _beforeWrap(address account, address recipient, uint256 amount) internal virtual {}
/**
* @dev Hook called before unwrapping M Extension token.
* @param account The account from which M Extension token is burned.
* @param amount The amount of M Extension token burned.
*/
function _beforeUnwrap(address account, uint256 amount) internal virtual {}
/**
* @dev Hook called before transferring M Extension token.
* @param sender The sender's address.
* @param recipient The recipient's address.
* @param amount The amount to be transferred.
*/
function _beforeTransfer(address sender, address recipient, uint256 amount) internal virtual {}
/* ============ Internal Interactive Functions ============ */
/**
* @dev Approve `spender` to spend `amount` of tokens from `account`.
* @param account The address approving the allowance.
* @param spender The address approved to spend the tokens.
* @param amount The amount of tokens being approved for spending.
*/
function _approve(address account, address spender, uint256 amount) internal override {
// NOTE: Add extension-specific checks before approval.
_beforeApprove(account, spender, amount);
super._approve(account, spender, amount);
}
/**
* @dev Wraps `amount` M from `account` into M Extension for `recipient`.
* @param account The original caller of SwapFacility functions.
* @param recipient The account receiving the minted M Extension token.
* @param amount The amount of M deposited.
*/
function _wrap(address account, address recipient, uint256 amount) internal {
_revertIfInvalidRecipient(recipient);
_revertIfInsufficientAmount(amount);
// NOTE: Add extension-specific checks before wrapping.
_beforeWrap(account, recipient, amount);
// NOTE: `msg.sender` is always SwapFacility contract.
// NOTE: The behavior of `IMTokenLike.transferFrom` is known, so its return can be ignored.
IMTokenLike(mToken).transferFrom(msg.sender, address(this), amount);
// NOTE: This method is overridden by the inheriting M Extension contract.
// NOTE: Mints precise amount of $M Extension token to `recipient`.
// Option 1: $M transfer from an $M earner to another $M earner ($M Extension in earning state): rounds up → rounds up,
// 0, 1, or XX extra wei may be locked in M Extension compared to the minted amount of $M Extension token.
// Option 2: $M transfer from an $M non-earner to an $M earner ($M Extension in earning state): precise $M transfer → rounds down,
// 0, -1, or -XX wei may be locked in $M Extension compared to the minted amount of $M Extension token.
//
_mint(recipient, amount);
}
/**
* @dev Unwraps `amount` M Extension token from `account` into $M and transfers to SwapFacility.
* @param account The original caller of SwapFacility functions.
* @param amount The amount of M Extension token burned.
*/
function _unwrap(address account, uint256 amount) internal {
_revertIfInsufficientAmount(amount);
// NOTE: Add extension-specific checks before unwrapping.
_beforeUnwrap(account, amount);
_revertIfInsufficientBalance(msg.sender, amount);
// NOTE: This method will be overridden by the inheriting M Extension contract.
// NOTE: Computes the actual decrease in the $M balance of the $M Extension contract.
// Option 1: $M transfer from an $M earner ($M Extension in earning state) to another $M earner: round up → rounds up.
// Option 2: $M transfer from an $M earner ($M Extension in earning state) to an $M non-earner: round up → precise $M transfer.
// In both cases, 0, 1, or XX extra wei may be deducted from the $M Extension contract's $M balance compared to the burned amount of $M Extension token.
// NOTE: Always burn from SwapFacility as it is the only contract that can call this function.
_burn(msg.sender, amount);
// NOTE: The behavior of `IMTokenLike.transfer` is known, so its return can be ignored.
// NOTE: `msg.sender` is always SwapFacility contract.
IMTokenLike(mToken).transfer(msg.sender, amount);
}
/**
* @dev Mints `amount` tokens to `recipient`.
* @param recipient The address to which the tokens will be minted.
* @param amount The amount of tokens to mint.
*/
function _mint(address recipient, uint256 amount) internal virtual;
/**
* @dev Burns `amount` tokens from `account`.
* @param account The address from which the tokens will be burned.
* @param amount The amount of tokens to burn.
*/
function _burn(address account, uint256 amount) internal virtual;
/**
* @dev Internal balance update function that needs to be implemented by the inheriting contract.
* @param sender The sender's address.
* @param recipient The recipient's address.
* @param amount The amount to be transferred.
*/
function _update(address sender, address recipient, uint256 amount) internal virtual;
/**
* @dev Internal ERC20 transfer function.
* @param sender The sender's address.
* @param recipient The recipient's address.
* @param amount The amount to be transferred.
*/
function _transfer(address sender, address recipient, uint256 amount) internal override {
_revertIfInvalidRecipient(recipient);
// NOTE: Add extension-specific checks before transfers.
_beforeTransfer(sender, recipient, amount);
emit Transfer(sender, recipient, amount);
if (amount == 0) return;
_revertIfInsufficientBalance(sender, amount);
// NOTE: This method will be overridden by the inheriting M Extension contract.
_update(sender, recipient, amount);
}
/* ============ Internal View/Pure Functions ============ */
/**
* @dev Returns the M Token balance of `account`.
* @param account The account being queried.
* @return balance The M Token balance of the account.
*/
function _mBalanceOf(address account) internal view returns (uint256) {
return IMTokenLike(mToken).balanceOf(account);
}
/**
* @dev Reverts if `recipient` is address(0).
* @param recipient Address of a recipient.
*/
function _revertIfInvalidRecipient(address recipient) internal pure {
if (recipient == address(0)) revert InvalidRecipient(recipient);
}
/**
* @dev Reverts if `amount` is equal to 0.
* @param amount Amount of token.
*/
function _revertIfInsufficientAmount(uint256 amount) internal pure {
if (amount == 0) revert InsufficientAmount(amount);
}
/**
* @dev Reverts if `account` balance is below `amount`.
* @param account Address of an account.
* @param amount Amount to transfer or burn.
*/
function _revertIfInsufficientBalance(address account, uint256 amount) internal view {
uint256 balance = balanceOf(account);
if (balance < amount) revert InsufficientBalance(account, balance, amount);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.3.0) (access/AccessControl.sol)
pragma solidity ^0.8.20;
import {IAccessControl} from "@openzeppelin/contracts/access/IAccessControl.sol";
import {ContextUpgradeable} from "../utils/ContextUpgradeable.sol";
import {ERC165Upgradeable} from "../utils/introspection/ERC165Upgradeable.sol";
import {Initializable} from "../proxy/utils/Initializable.sol";
/**
* @dev Contract module that allows children to implement role-based access
* control mechanisms. This is a lightweight version that doesn't allow enumerating role
* members except through off-chain means by accessing the contract event logs. Some
* applications may benefit from on-chain enumerability, for those cases see
* {AccessControlEnumerable}.
*
* Roles are referred to by their `bytes32` identifier. These should be exposed
* in the external API and be unique. The best way to achieve this is by
* using `public constant` hash digests:
*
* ```solidity
* bytes32 public constant MY_ROLE = keccak256("MY_ROLE");
* ```
*
* Roles can be used to represent a set of permissions. To restrict access to a
* function call, use {hasRole}:
*
* ```solidity
* function foo() public {
* require(hasRole(MY_ROLE, msg.sender));
* ...
* }
* ```
*
* Roles can be granted and revoked dynamically via the {grantRole} and
* {revokeRole} functions. Each role has an associated admin role, and only
* accounts that have a role's admin role can call {grantRole} and {revokeRole}.
*
* By default, the admin role for all roles is `DEFAULT_ADMIN_ROLE`, which means
* that only accounts with this role will be able to grant or revoke other
* roles. More complex role relationships can be created by using
* {_setRoleAdmin}.
*
* WARNING: The `DEFAULT_ADMIN_ROLE` is also its own admin: it has permission to
* grant and revoke this role. Extra precautions should be taken to secure
* accounts that have been granted it. We recommend using {AccessControlDefaultAdminRules}
* to enforce additional security measures for this role.
*/
abstract contract AccessControlUpgradeable is Initializable, ContextUpgradeable, IAccessControl, ERC165Upgradeable {
struct RoleData {
mapping(address account => bool) hasRole;
bytes32 adminRole;
}
bytes32 public constant DEFAULT_ADMIN_ROLE = 0x00;
/// @custom:storage-location erc7201:openzeppelin.storage.AccessControl
struct AccessControlStorage {
mapping(bytes32 role => RoleData) _roles;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.AccessControl")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant AccessControlStorageLocation = 0x02dd7bc7dec4dceedda775e58dd541e08a116c6c53815c0bd028192f7b626800;
function _getAccessControlStorage() private pure returns (AccessControlStorage storage $) {
assembly {
$.slot := AccessControlStorageLocation
}
}
/**
* @dev Modifier that checks that an account has a specific role. Reverts
* with an {AccessControlUnauthorizedAccount} error including the required role.
*/
modifier onlyRole(bytes32 role) {
_checkRole(role);
_;
}
function __AccessControl_init() internal onlyInitializing {
}
function __AccessControl_init_unchained() internal onlyInitializing {
}
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return interfaceId == type(IAccessControl).interfaceId || super.supportsInterface(interfaceId);
}
/**
* @dev Returns `true` if `account` has been granted `role`.
*/
function hasRole(bytes32 role, address account) public view virtual returns (bool) {
AccessControlStorage storage $ = _getAccessControlStorage();
return $._roles[role].hasRole[account];
}
/**
* @dev Reverts with an {AccessControlUnauthorizedAccount} error if `_msgSender()`
* is missing `role`. Overriding this function changes the behavior of the {onlyRole} modifier.
*/
function _checkRole(bytes32 role) internal view virtual {
_checkRole(role, _msgSender());
}
/**
* @dev Reverts with an {AccessControlUnauthorizedAccount} error if `account`
* is missing `role`.
*/
function _checkRole(bytes32 role, address account) internal view virtual {
if (!hasRole(role, account)) {
revert AccessControlUnauthorizedAccount(account, role);
}
}
/**
* @dev Returns the admin role that controls `role`. See {grantRole} and
* {revokeRole}.
*
* To change a role's admin, use {_setRoleAdmin}.
*/
function getRoleAdmin(bytes32 role) public view virtual returns (bytes32) {
AccessControlStorage storage $ = _getAccessControlStorage();
return $._roles[role].adminRole;
}
/**
* @dev Grants `role` to `account`.
*
* If `account` had not been already granted `role`, emits a {RoleGranted}
* event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*
* May emit a {RoleGranted} event.
*/
function grantRole(bytes32 role, address account) public virtual onlyRole(getRoleAdmin(role)) {
_grantRole(role, account);
}
/**
* @dev Revokes `role` from `account`.
*
* If `account` had been granted `role`, emits a {RoleRevoked} event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*
* May emit a {RoleRevoked} event.
*/
function revokeRole(bytes32 role, address account) public virtual onlyRole(getRoleAdmin(role)) {
_revokeRole(role, account);
}
/**
* @dev Revokes `role` from the calling account.
*
* Roles are often managed via {grantRole} and {revokeRole}: this function's
* purpose is to provide a mechanism for accounts to lose their privileges
* if they are compromised (such as when a trusted device is misplaced).
*
* If the calling account had been revoked `role`, emits a {RoleRevoked}
* event.
*
* Requirements:
*
* - the caller must be `callerConfirmation`.
*
* May emit a {RoleRevoked} event.
*/
function renounceRole(bytes32 role, address callerConfirmation) public virtual {
if (callerConfirmation != _msgSender()) {
revert AccessControlBadConfirmation();
}
_revokeRole(role, callerConfirmation);
}
/**
* @dev Sets `adminRole` as ``role``'s admin role.
*
* Emits a {RoleAdminChanged} event.
*/
function _setRoleAdmin(bytes32 role, bytes32 adminRole) internal virtual {
AccessControlStorage storage $ = _getAccessControlStorage();
bytes32 previousAdminRole = getRoleAdmin(role);
$._roles[role].adminRole = adminRole;
emit RoleAdminChanged(role, previousAdminRole, adminRole);
}
/**
* @dev Attempts to grant `role` to `account` and returns a boolean indicating if `role` was granted.
*
* Internal function without access restriction.
*
* May emit a {RoleGranted} event.
*/
function _grantRole(bytes32 role, address account) internal virtual returns (bool) {
AccessControlStorage storage $ = _getAccessControlStorage();
if (!hasRole(role, account)) {
$._roles[role].hasRole[account] = true;
emit RoleGranted(role, account, _msgSender());
return true;
} else {
return false;
}
}
/**
* @dev Attempts to revoke `role` from `account` and returns a boolean indicating if `role` was revoked.
*
* Internal function without access restriction.
*
* May emit a {RoleRevoked} event.
*/
function _revokeRole(bytes32 role, address account) internal virtual returns (bool) {
AccessControlStorage storage $ = _getAccessControlStorage();
if (hasRole(role, account)) {
$._roles[role].hasRole[account] = false;
emit RoleRevoked(role, account, _msgSender());
return true;
} else {
return false;
}
}
}
// SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.26;
/**
* @title Freezable interface.
* @author M0 Labs
*/
interface IFreezable {
/* ============ Events ============ */
/**
* @notice Emitted when an account is frozen.
* @param account The address of the frozen account.
* @param timestamp The timestamp at which the account was frozen.
*/
event Frozen(address indexed account, uint256 timestamp);
/**
* @notice Emitted when an account is unfrozen.
* @param account The address of the unfrozen account.
* @param timestamp The timestamp at which the account was unfrozen.
*/
event Unfrozen(address indexed account, uint256 timestamp);
/* ============ Errors ============ */
/**
* @notice Emitted when a frozen account attempts to interact with the contract.
* @param account The address of the frozen account.
*/
error AccountFrozen(address account);
/**
* @notice Emitted when trying to unfreeze a non-frozen account.
* @param account The address of the account that is not frozen.
*/
error AccountNotFrozen(address account);
/// @notice Emitted if no freeze manager is set.
error ZeroFreezeManager();
/* ============ Interactive Functions ============ */
/**
* @notice Freezes an account.
* @dev MUST only be callable by the FREEZE_MANAGER_ROLE.
* @dev SHOULD revert if the account is already frozen.
* @param account The address of the account to freeze.
*/
function freeze(address account) external;
/**
* @notice Freezes multiple accounts.
* @dev MUST only be callable by the FREEZE_MANAGER_ROLE.
* @dev SHOULD revert if any of the accounts are already frozen.
* @param accounts The list of addresses to freeze.
*/
function freezeAccounts(address[] calldata accounts) external;
/**
* @notice Unfreezes an account.
* @dev MUST only be callable by the FREEZE_MANAGER_ROLE.
* @dev SHOULD revert if the account is not frozen.
* @param account The address of the account to unfreeze.
*/
function unfreeze(address account) external;
/**
* @notice Unfreezes multiple accounts.
* @dev MUST only be callable by the FREEZE_MANAGER_ROLE.
* @dev SHOULD revert if any of the accounts are not frozen.
* @param accounts The list of addresses to unfreeze.
*/
function unfreezeAccounts(address[] calldata accounts) external;
/* ============ View/Pure Functions ============ */
/// @notice The role that can manage the freezelist.
function FREEZE_MANAGER_ROLE() external view returns (bytes32);
/**
* @notice Returns whether an account is frozen or not.
* @param account The address of the account to check.
* @return True if the account is frozen, false otherwise.
*/
function isFrozen(address account) external view returns (bool);
}
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.8.20 <0.9.0;
import { ERC3009Upgradeable } from "./ERC3009Upgradeable.sol";
import { IERC20 } from "./interfaces/IERC20.sol";
import { IERC20Extended } from "./interfaces/IERC20Extended.sol";
abstract contract ERC20ExtendedUpgradeableStorageLayout {
/// @custom:storage-location erc7201:M0.storage.ERC20Extended
struct ERC20ExtendedStorageStruct {
mapping(address account => mapping(address spender => uint256 allowance)) allowance;
uint8 decimals;
string symbol;
}
// keccak256(abi.encode(uint256(keccak256("M0.storage.ERC20Extended")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant _ERC20_EXTENDED_STORAGE_LOCATION =
0xcbbe23efb65c1eaba394256c463812c20abdb5376e247eba1d0e1e92054da100;
function _getERC20ExtendedStorageLocation() internal pure returns (ERC20ExtendedStorageStruct storage $) {
assembly {
$.slot := _ERC20_EXTENDED_STORAGE_LOCATION
}
}
}
/**
* @title An upgradeable ERC20 token extended with EIP-2612 permits for signed approvals
* (via EIP-712 and with EIP-1271 and EIP-5267 compatibility).
* @author M0 Labs
*/
abstract contract ERC20ExtendedUpgradeable is
ERC20ExtendedUpgradeableStorageLayout,
ERC3009Upgradeable,
IERC20Extended
{
/* ============ Variables ============ */
/**
* @inheritdoc IERC20Extended
* @dev Keeping this constant, despite `permit` parameter name differences, to ensure max EIP-2612 compatibility.
* keccak256("Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)")
*/
bytes32 public constant PERMIT_TYPEHASH = 0x6e71edae12b1b97f4d1f60370fef10105fa2faae0126114a169c64845d6126c9;
/* ============ Initializer ============ */
function __ERC20ExtendedUpgradeable_init(
string memory name_,
string memory symbol_,
uint8 decimals_
) internal onlyInitializing {
__ERC3009Upgradeable_init(name_);
ERC20ExtendedStorageStruct storage $ = _getERC20ExtendedStorageLocation();
$.decimals = decimals_;
$.symbol = symbol_;
}
/* ============ Interactive Functions ============ */
/// @inheritdoc IERC20
function approve(address spender_, uint256 amount_) external returns (bool) {
_approve(msg.sender, spender_, amount_);
return true;
}
/// @inheritdoc IERC20Extended
function permit(
address owner_,
address spender_,
uint256 value_,
uint256 deadline_,
uint8 v_,
bytes32 r_,
bytes32 s_
) external {
_revertIfInvalidSignature(owner_, _permitAndGetDigest(owner_, spender_, value_, deadline_), v_, r_, s_);
}
/// @inheritdoc IERC20Extended
function permit(
address owner_,
address spender_,
uint256 value_,
uint256 deadline_,
bytes memory signature_
) external {
_revertIfInvalidSignature(owner_, _permitAndGetDigest(owner_, spender_, value_, deadline_), signature_);
}
/// @inheritdoc IERC20
function transfer(address recipient_, uint256 amount_) external returns (bool) {
_transfer(msg.sender, recipient_, amount_);
return true;
}
/// @inheritdoc IERC20
function transferFrom(address sender_, address recipient_, uint256 amount_) external returns (bool) {
ERC20ExtendedStorageStruct storage $ = _getERC20ExtendedStorageLocation();
uint256 spenderAllowance_ = $.allowance[sender_][msg.sender]; // Cache `spenderAllowance_` to stack.
if (spenderAllowance_ != type(uint256).max) {
if (spenderAllowance_ < amount_) revert InsufficientAllowance(msg.sender, spenderAllowance_, amount_);
unchecked {
_setAllowance($, sender_, msg.sender, spenderAllowance_ - amount_);
}
}
_transfer(sender_, recipient_, amount_);
return true;
}
/* ============ View/Pure Functions ============ */
/// @inheritdoc IERC20
function allowance(address account, address spender) public view returns (uint256) {
return _getERC20ExtendedStorageLocation().allowance[account][spender];
}
/// @inheritdoc IERC20
function decimals() external view virtual returns (uint8) {
return _getERC20ExtendedStorageLocation().decimals;
}
/// @inheritdoc IERC20
function name() external view virtual returns (string memory) {
return _getERC712ExtendedStorageLocation().name;
}
/// @inheritdoc IERC20
function symbol() external view virtual returns (string memory) {
return _getERC20ExtendedStorageLocation().symbol;
}
/* ============ Internal Interactive Functions ============ */
/**
* @dev Approve `spender_` to spend `amount_` of tokens from `account_`.
* @param account_ The address approving the allowance.
* @param spender_ The address approved to spend the tokens.
* @param amount_ The amount of tokens being approved for spending.
*/
function _approve(address account_, address spender_, uint256 amount_) internal virtual {
_setAllowance(_getERC20ExtendedStorageLocation(), account_, spender_, amount_);
emit Approval(account_, spender_, amount_);
}
/**
* @dev Set the `amount_` of tokens `spender_` is allowed to spend from `account_`.
* @param $ ERC20Extended storage location.
* @param account_ The address for which the allowance is set.
* @param spender_ The address allowed to spend the tokens.
* @param amount_ The amount of tokens being allowed for spending.
*/
function _setAllowance(
ERC20ExtendedStorageStruct storage $,
address account_,
address spender_,
uint256 amount_
) internal virtual {
$.allowance[account_][spender_] = amount_;
}
/**
* @dev Performs the approval based on the permit info, validates the deadline, and returns the digest.
* @param owner_ The address of the account approving the allowance.
* @param spender_ The address of the account being allowed to spend the tokens.
* @param amount_ The amount of tokens being approved for spending.
* @param deadline_ The deadline by which the signature must be used.
* @return digest_ The EIP-712 digest of the permit.
*/
function _permitAndGetDigest(
address owner_,
address spender_,
uint256 amount_,
uint256 deadline_
) internal virtual returns (bytes32) {
_revertIfExpired(deadline_);
_approve(owner_, spender_, amount_);
unchecked {
// Nonce realistically cannot overflow.
return
_getDigest(
keccak256(
abi.encode(
PERMIT_TYPEHASH,
owner_,
spender_,
amount_,
_getStatefulERC712ExtendedStorageLocation().nonces[owner_]++,
deadline_
)
)
);
}
}
}
// SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.26;
/**
* @title Subset of M Token interface required for source contracts.
* @author M0 Labs
*/
interface IMTokenLike {
/* ============ Custom Errors ============ */
/// @notice Emitted when calling `stopEarning` for an account approved as earner by TTG.
error IsApprovedEarner();
/// @notice Emitted when calling `startEarning` for an account not approved as earner by TTG.
error NotApprovedEarner();
/* ============ Interactive Functions ============ */
/**
* @notice Allows a calling account to approve `spender` to spend up to `amount` of its token balance.
* @dev MUST emit an `Approval` event.
* @param spender The address of the account being allowed to spend up to the allowed amount.
* @param amount The amount of the allowance being approved.
* @return Whether or not the approval was successful.
*/
function approve(address spender, uint256 amount) external returns (bool);
/**
* @notice Approves `spender` to spend up to `amount` of the token balance of `owner`, via a signature.
* @param owner The address of the account who's token balance is being approved to be spent by `spender`.
* @param spender The address of an account allowed to spend on behalf of `owner`.
* @param value The amount of the allowance being approved.
* @param deadline The last timestamp where the signature is still valid.
* @param v An ECDSA secp256k1 signature parameter (EIP-2612 via EIP-712).
* @param r An ECDSA secp256k1 signature parameter (EIP-2612 via EIP-712).
* @param s An ECDSA secp256k1 signature parameter (EIP-2612 via EIP-712).
*/
function permit(
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) external;
/**
* @notice Approves `spender` to spend up to `amount` of the token balance of `owner`, via a signature.
* @param owner The address of the account who's token balance is being approved to be spent by `spender`.
* @param spender The address of an account allowed to spend on behalf of `owner`.
* @param value The amount of the allowance being approved.
* @param deadline The last timestamp where the signature is still valid.
* @param signature An arbitrary signature (EIP-712).
*/
function permit(address owner, address spender, uint256 value, uint256 deadline, bytes memory signature) external;
/**
* @notice Allows a calling account to transfer `amount` tokens to `recipient`.
* @param recipient The address of the recipient who's token balance will be incremented.
* @param amount The amount of tokens being transferred.
* @return success Whether or not the transfer was successful.
*/
function transfer(address recipient, uint256 amount) external returns (bool);
/**
* @notice Allows a calling account to transfer `amount` tokens from `sender`, with allowance, to a `recipient`.
* @param sender The address of the sender who's token balance will be decremented.
* @param recipient The address of the recipient who's token balance will be incremented.
* @param amount The amount of tokens being transferred.
* @return success Whether or not the transfer was successful.
*/
function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);
/// @notice Starts earning for caller if allowed by the Registrar.
function startEarning() external;
/**
* @notice Stops earning for `account`.
* @dev MUST revert if `account` is an approved earner in TTG Registrar.
* @param account The account to stop earning for.
*/
function stopEarning(address account) external;
/* ============ View/Pure Functions ============ */
/**
* @notice Checks if account is an earner.
* @param account The account to check.
* @return earning True if account is an earner, false otherwise.
*/
function isEarning(address account) external view returns (bool);
/**
* @notice Returns the token balance of `account`.
* @param account The address of some account.
* @return balance The token balance of `account`.
*/
function balanceOf(address account) external view returns (uint256);
/// @notice The current index that would be written to storage if `updateIndex` is called.
function currentIndex() external view returns (uint128);
/// @notice The current value of earner rate in basis points.
function earnerRate() external view returns (uint32);
/// @notice Returns the EIP712 domain separator used in the encoding of a signed digest.
function DOMAIN_SEPARATOR() external view returns (bytes32);
/// @notice Returns the EIP712 typehash used in the encoding of the digest for the permit function.
function PERMIT_TYPEHASH() external view returns (bytes32);
}
// SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.26;
import { IERC20Extended } from "../../lib/common/src/interfaces/IERC20Extended.sol";
/**
* @title M Extension interface extending Extended ERC20,
* includes additional enable/disable earnings and index logic.
* @author M0 Labs
*/
interface IMExtension is IERC20Extended {
/* ============ Events ============ */
/**
* @notice Emitted when M extension earning is enabled.
* @param index The index at the moment earning is enabled.
*/
event EarningEnabled(uint128 index);
/**
* @notice Emitted when M extension earning is disabled.
* @param index The index at the moment earning is disabled.
*/
event EarningDisabled(uint128 index);
/* ============ Custom Errors ============ */
/// @notice Emitted when performing an operation that is not allowed when earning is disabled.
error EarningIsDisabled();
/// @notice Emitted when performing an operation that is not allowed when earning is enabled.
error EarningIsEnabled();
/**
* @notice Emitted when there is insufficient balance to decrement from `account`.
* @param account The account with insufficient balance.
* @param balance The balance of the account.
* @param amount The amount to decrement.
*/
error InsufficientBalance(address account, uint256 balance, uint256 amount);
/// @notice Emitted in constructor if M Token is 0x0.
error ZeroMToken();
/// @notice Emitted in constructor if Swap Facility is 0x0.
error ZeroSwapFacility();
/// @notice Emitted in `wrap` and `unwrap` functions if the caller is not the Swap Facility.
error NotSwapFacility();
/* ============ Interactive Functions ============ */
/**
* @notice Enables earning of extension token if allowed by the TTG Registrar and if it has never been done.
* @dev SHOULD be virtual to allow extensions to override it.
*/
function enableEarning() external;
/**
* @notice Disables earning of extension token if disallowed by the TTG Registrar and if it has never been done.
* @dev SHOULD be virtual to allow extensions to override it.
*/
function disableEarning() external;
/**
* @notice Wraps `amount` M from the caller into extension token for `recipient`.
* @dev Can only be called by the SwapFacility.
* @param recipient The account receiving the minted M extension token.
* @param amount The amount of M extension token minted.
*/
function wrap(address recipient, uint256 amount) external;
/**
* @notice Unwraps `amount` extension token from the caller into M for `recipient`.
* @dev Can only be called by the SwapFacility.
* @param recipient The account receiving the withdrawn M,
* it will always be the SwapFacility (keep `recipient` for backward compatibility).
* @param amount The amount of M extension token burned.
*/
function unwrap(address recipient, uint256 amount) external;
/* ============ View/Pure Functions ============ */
/// @notice The address of the M Token contract.
function mToken() external view returns (address);
/// @notice The address of the SwapFacility contract.
function swapFacility() external view returns (address);
/**
* @notice Whether M extension earning is enabled.
* @dev SHOULD be virtual to allow extensions to override it.
*/
function isEarningEnabled() external view returns (bool);
/**
* @notice Returns the current index for M extension earnings.
* @dev SHOULD be virtual to allow extensions to override it.
*/
function currentIndex() external view returns (uint128);
}
// SPDX-License-Identifier: BUSL-1.1
pragma solidity 0.8.26;
/**
* @title Swap Facility interface.
* @author M0 Labs
*/
interface ISwapFacility {
/* ============ Events ============ */
/**
* @notice Emitted when $M Extension is swapped for another $M Extension.
* @param extensionIn The address of the input $M Extension.
* @param extensionOut The address of the output $M Extension.
* @param amount The amount swapped.
* @param recipient The address to receive the output $M Extension token.
*/
event Swapped(address indexed extensionIn, address indexed extensionOut, uint256 amount, address indexed recipient);
/**
* @notice Emitted when $M token is swapped for $M Extension.
* @param extensionOut The address of the output $M Extension.
* @param amount The amount swapped.
* @param recipient The address to receive the output $M Extension token.
*/
event SwappedInM(address indexed extensionOut, uint256 amount, address indexed recipient);
/**
* @notice Emitted when $M Extension is swapped for $M token.
* @param extensionIn The address of the input $M Extension.
* @param amount The amount swapped.
* @param recipient The address to receive the $M token.
*/
event SwappedOutM(address indexed extensionIn, uint256 amount, address indexed recipient);
/**
* @notice Emitted when an $M Extension is set as permissioned or not.
* @param extension The address of an $M Extension.
* @param allowed True if the extension is allowed, false otherwise.
*/
event PermissionedExtensionSet(address indexed extension, bool allowed);
/**
* @notice Emitted when a `swapper` is allowed or not to swap the permissioned `extension` from/to M.
* @param extension The address of an $M extension.
* @param swapper The address of the swapper.
* @param allowed True if the swapper is allowed, false otherwise.
*/
event PermissionedMSwapperSet(address indexed extension, address indexed swapper, bool allowed);
/* ============ Custom Errors ============ */
/// @notice Thrown in the constructor if $M Token is 0x0.
error ZeroMToken();
/// @notice Thrown in the constructor if Registrar is 0x0.
error ZeroRegistrar();
/// @notice Thrown in `setPermissionedMSwapper()` if the $M extension is 0x0.
error ZeroExtension();
/// @notice Thrown in `setPermissionedMSwapper()` if the swapper is 0x0.
error ZeroSwapper();
/// @notice Thrown in `swap` and `swapM` functions if the extension is not TTG approved earner.
error NotApprovedExtension(address extension);
/// @notice Thrown in `swapInM` and `swapOutM` functions if `swapper` is not approved to swap a permissioned `extension`.
error NotApprovedPermissionedSwapper(address extension, address swapper);
/// @notice Thrown in `swapInM` and `swapOutM` functions if `swapper` is not approved to swap the `extension`.
error NotApprovedSwapper(address extension, address swapper);
/// @notice Thrown in `swap` function if the extension is permissioned.
error PermissionedExtension(address extension);
/* ============ Interactive Functions ============ */
/**
* @notice Swaps one $M Extension to another.
* @param extensionIn The address of the $M Extension to swap from.
* @param extensionOut The address of the $M Extension to swap to.
* @param amount The amount to swap.
* @param recipient The address to receive the swapped $M Extension tokens.
*/
function swap(address extensionIn, address extensionOut, uint256 amount, address recipient) external;
/**
* @notice Swaps one $M Extension to another using permit.
* @param extensionIn The address of the $M Extension to swap from.
* @param extensionOut The address of the $M Extension to swap to.
* @param amount The amount to swap.
* @param recipient The address to receive the swapped $M Extension tokens.
* @param deadline The last timestamp where the signature is still valid.
* @param v An ECDSA secp256k1 signature parameter (EIP-2612 via EIP-712).
* @param r An ECDSA secp256k1 signature parameter (EIP-2612 via EIP-712).
* @param s An ECDSA secp256k1 signature parameter (EIP-2612 via EIP-712).
*/
function swapWithPermit(
address extensionIn,
address extensionOut,
uint256 amount,
address recipient,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) external;
/**
* @notice Swaps one $M Extension to another using permit.
* @param extensionIn The address of the $M Extension to swap from.
* @param extensionOut The address of the $M Extension to swap to.
* @param amount The amount to swap.
* @param recipient The address to receive the swapped $M Extension tokens.
* @param deadline The last timestamp where the signature is still valid.
* @param signature An arbitrary signature (EIP-712).
*/
function swapWithPermit(
address extensionIn,
address extensionOut,
uint256 amount,
address recipient,
uint256 deadline,
bytes calldata signature
) external;
/**
* @notice Swaps $M token to $M Extension.
* @param extensionOut The address of the M Extension to swap to.
* @param amount The amount of $M token to swap.
* @param recipient The address to receive the swapped $M Extension tokens.
*/
function swapInM(address extensionOut, uint256 amount, address recipient) external;
/**
* @notice Swaps $M token to $M Extension using permit.
* @param extensionOut The address of the M Extension to swap to.
* @param amount The amount of $M token to swap.
* @param recipient The address to receive the swapped $M Extension tokens.
* @param deadline The last timestamp where the signature is still valid.
* @param v An ECDSA secp256k1 signature parameter (EIP-2612 via EIP-712).
* @param r An ECDSA secp256k1 signature parameter (EIP-2612 via EIP-712).
* @param s An ECDSA secp256k1 signature parameter (EIP-2612 via EIP-712).
*/
function swapInMWithPermit(
address extensionOut,
uint256 amount,
address recipient,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) external;
/**
* @notice Swaps $M token to $M Extension using permit.
* @param extensionOut The address of the M Extension to swap to.
* @param amount The amount of $M token to swap.
* @param recipient The address to receive the swapped $M Extension tokens.
* @param deadline The last timestamp where the signature is still valid.
* @param signature An arbitrary signature (EIP-712).
*/
function swapInMWithPermit(
address extensionOut,
uint256 amount,
address recipient,
uint256 deadline,
bytes calldata signature
) external;
/**
* @notice Swaps $M Extension to $M token.
* @param extensionIn The address of the $M Extension to swap from.
* @param amount The amount of $M Extension tokens to swap.
* @param recipient The address to receive $M tokens.
*/
function swapOutM(address extensionIn, uint256 amount, address recipient) external;
/**
* @notice Swaps $M Extension to $M token using permit.
* @param extensionIn The address of the $M Extension to swap from.
* @param amount The amount of $M Extension tokens to swap.
* @param recipient The address to receive $M tokens.
* @param deadline The last timestamp where the signature is still valid.
* @param v An ECDSA secp256k1 signature parameter (EIP-2612 via EIP-712).
* @param r An ECDSA secp256k1 signature parameter (EIP-2612 via EIP-712).
* @param s An ECDSA secp256k1 signature parameter (EIP-2612 via EIP-712).
*/
function swapOutMWithPermit(
address extensionIn,
uint256 amount,
address recipient,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) external;
/**
* @notice Swaps $M Extension to $M token using permit.
* @param extensionIn The address of the $M Extension to swap from.
* @param amount The amount of $M Extension tokens to swap.
* @param recipient The address to receive $M tokens.
* @param deadline The last timestamp where the signature is still valid.
* @param signature An arbitrary signature (EIP-712).
*/
function swapOutMWithPermit(
address extensionIn,
uint256 amount,
address recipient,
uint256 deadline,
bytes calldata signature
) external;
/**
* @notice Sets whether the `extension` is permissioned.
* @dev MUST only be callable by an address with the `DEFAULT_ADMIN_ROLE` role.
* @param extension The address of an $M Extension.
* @param permissioned True if the extension is permissioned, false otherwise.
*/
function setPermissionedExtension(address extension, bool permissioned) external;
/**
* @notice Sets whether `swapper` is allowed to swap the permissioned `extension` from/to M.
* @dev MUST only be callable by an address with the `DEFAULT_ADMIN_ROLE` role.
* @param extension The address of an extension to set permission for.
* @param swapper The address of the swapper to set permission for.
* @param allowed True if the swapper is allowed, false otherwise.
*/
function setPermissionedMSwapper(address extension, address swapper, bool allowed) external;
/* ============ View/Pure Functions ============ */
/// @notice The address of the $M Token contract.
function mToken() external view returns (address mToken);
/// @notice The address of the Registrar.
function registrar() external view returns (address registrar);
/**
* @notice Returns the address that called `swap` or `swapM`
* @dev Must be used instead of `msg.sender` in $M Extensions contracts to get the original sender.
*/
function msgSender() external view returns (address msgSender);
/**
* @notice Checks if the extension is permissioned.
* @param extension The extension address to check.
* @return true if allowed, false otherwise.
*/
function isPermissionedExtension(address extension) external view returns (bool);
/**
* @notice Checks if `swapper` is allowed to swap the permissioned extension from/to M.
* @param extension The $M extension address.
* @param swapper The swapper address to check.
* @return true if allowed, false otherwise.
*/
function isPermissionedMSwapper(address extension, address swapper) external view returns (bool);
/**
* @notice Checks if `swapper` is allowed to swap the permissionless (common) extension from/to M.
* @param swapper The swapper address to check.
* @return true if allowed, false otherwise.
*/
function isMSwapper(address swapper) external view returns (bool);
/// @notice The parameter name in the Registrar that defines the earners list.
function EARNERS_LIST_NAME() external pure returns (bytes32);
/// @notice The parameter name in the Registrar that defines whether to ignore the earners list.
function EARNERS_LIST_IGNORED_KEY() external pure returns (bytes32);
/// @notice Swapper role for permissioned extensions.
function M_SWAPPER_ROLE() external pure returns (bytes32);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.3.0) (access/IAccessControl.sol)
pragma solidity ^0.8.20;
/**
* @dev External interface of AccessControl declared to support ERC-165 detection.
*/
interface IAccessControl {
/**
* @dev The `account` is missing a role.
*/
error AccessControlUnauthorizedAccount(address account, bytes32 neededRole);
/**
* @dev The caller of a function is not the expected one.
*
* NOTE: Don't confuse with {AccessControlUnauthorizedAccount}.
*/
error AccessControlBadConfirmation();
/**
* @dev Emitted when `newAdminRole` is set as ``role``'s admin role, replacing `previousAdminRole`
*
* `DEFAULT_ADMIN_ROLE` is the starting admin for all roles, despite
* {RoleAdminChanged} not being emitted to signal this.
*/
event RoleAdminChanged(bytes32 indexed role, bytes32 indexed previousAdminRole, bytes32 indexed newAdminRole);
/**
* @dev Emitted when `account` is granted `role`.
*
* `sender` is the account that originated the contract call. This account bears the admin role (for the granted role).
* Expected in cases where the role was granted using the internal {AccessControl-_grantRole}.
*/
event RoleGranted(bytes32 indexed role, address indexed account, address indexed sender);
/**
* @dev Emitted when `account` is revoked `role`.
*
* `sender` is the account that originated the contract call:
* - if using `revokeRole`, it is the admin role bearer
* - if using `renounceRole`, it is the role bearer (i.e. `account`)
*/
event RoleRevoked(bytes32 indexed role, address indexed account, address indexed sender);
/**
* @dev Returns `true` if `account` has been granted `role`.
*/
function hasRole(bytes32 role, address account) external view returns (bool);
/**
* @dev Returns the admin role that controls `role`. See {grantRole} and
* {revokeRole}.
*
* To change a role's admin, use {AccessControl-_setRoleAdmin}.
*/
function getRoleAdmin(bytes32 role) external view returns (bytes32);
/**
* @dev Grants `role` to `account`.
*
* If `account` had not been already granted `role`, emits a {RoleGranted}
* event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*/
function grantRole(bytes32 role, address account) external;
/**
* @dev Revokes `role` from `account`.
*
* If `account` had been granted `role`, emits a {RoleRevoked} event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*/
function revokeRole(bytes32 role, address account) external;
/**
* @dev Revokes `role` from the calling account.
*
* Roles are often managed via {grantRole} and {revokeRole}: this function's
* purpose is to provide a mechanism for accounts to lose their privileges
* if they are compromised (such as when a trusted device is misplaced).
*
* If the calling account had been granted `role`, emits a {RoleRevoked}
* event.
*
* Requirements:
*
* - the caller must be `callerConfirmation`.
*/
function renounceRole(bytes32 role, address callerConfirmation) external;
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/introspection/ERC165.sol)
pragma solidity ^0.8.20;
import {IERC165} from "@openzeppelin/contracts/utils/introspection/IERC165.sol";
import {Initializable} from "../../proxy/utils/Initializable.sol";
/**
* @dev Implementation of the {IERC165} interface.
*
* Contracts that want to implement ERC-165 should inherit from this contract and override {supportsInterface} to check
* for the additional interface id that will be supported. For example:
*
* ```solidity
* function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
* return interfaceId == type(MyInterface).interfaceId || super.supportsInterface(interfaceId);
* }
* ```
*/
abstract contract ERC165Upgradeable is Initializable, IERC165 {
function __ERC165_init() internal onlyInitializing {
}
function __ERC165_init_unchained() internal onlyInitializing {
}
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual returns (bool) {
return interfaceId == type(IERC165).interfaceId;
}
}
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.8.20 <0.9.0;
import { Initializable } from "../lib/openzeppelin-contracts-upgradeable/contracts/proxy/utils/Initializable.sol";
import { IERC3009 } from "./interfaces/IERC3009.sol";
import { StatefulERC712Upgradeable } from "./StatefulERC712Upgradeable.sol";
abstract contract ERC3009UpgradeableStorageLayout {
/// @custom:storage-location erc7201:M0.storage.ERC3009
struct ERC3009StorageStruct {
mapping(address authorizer => mapping(bytes32 nonce => bool isNonceUsed)) authorizationState;
}
// keccak256(abi.encode(uint256(keccak256("M0.storage.ERC3009")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant _ERC3009_STORAGE_LOCATION =
0x1116a1d33aa5fb91b2652b3b0fdb63704173742d6dbecaf4256ebe33a4888600;
function _getERC3009StorageLocation() internal pure returns (ERC3009StorageStruct storage $) {
assembly {
$.slot := _ERC3009_STORAGE_LOCATION
}
}
}
/**
* @title ERC3009 implementation allowing the transfer of fungible assets via a signed authorization.
* @author M0 Labs
* @dev Inherits from ERC712ExtendedUpgradeable and StatefulERC712Upgradeable.
*/
abstract contract ERC3009Upgradeable is IERC3009, ERC3009UpgradeableStorageLayout, StatefulERC712Upgradeable {
/* ============ Variables ============ */
// solhint-disable-next-line max-line-length
/// @dev keccak256("TransferWithAuthorization(address from,address to,uint256 value,uint256 validAfter,uint256 validBefore,bytes32 nonce)")
/// @inheritdoc IERC3009
bytes32 public constant TRANSFER_WITH_AUTHORIZATION_TYPEHASH =
0x7c7c6cdb67a18743f49ec6fa9b35f50d52ed05cbed4cc592e13b44501c1a2267;
// solhint-disable-next-line max-line-length
/// @dev keccak256("ReceiveWithAuthorization(address from,address to,uint256 value,uint256 validAfter,uint256 validBefore,bytes32 nonce)")
/// @inheritdoc IERC3009
bytes32 public constant RECEIVE_WITH_AUTHORIZATION_TYPEHASH =
0xd099cc98ef71107a616c4f0f941f04c322d8e254fe26b3c6668db87aae413de8;
/**
* @inheritdoc IERC3009
* @dev keccak256("CancelAuthorization(address authorizer,bytes32 nonce)")
*/
bytes32 public constant CANCEL_AUTHORIZATION_TYPEHASH =
0x158b0a9edf7a828aad02f63cd515c68ef2f50ba807396f6d12842833a1597429;
/* ============ Initializer ============ */
/**
* @notice Initializes the ERC3009Upgradeable contract.
* @param name_ The name of the contract.
*/
function __ERC3009Upgradeable_init(string memory name_) internal onlyInitializing {
__StatefulERC712ExtendedUpgradeable_init(name_);
}
/* ============ Interactive Functions ============ */
/// @inheritdoc IERC3009
function transferWithAuthorization(
address from_,
address to_,
uint256 value_,
uint256 validAfter_,
uint256 validBefore_,
bytes32 nonce_,
bytes memory signature_
) external {
_revertIfInvalidSignature(
from_,
_getTransferWithAuthorizationDigest(from_, to_, value_, validAfter_, validBefore_, nonce_),
signature_
);
_transferWithAuthorization(from_, to_, value_, validAfter_, validBefore_, nonce_);
}
/// @inheritdoc IERC3009
function transferWithAuthorization(
address from_,
address to_,
uint256 value_,
uint256 validAfter_,
uint256 validBefore_,
bytes32 nonce_,
bytes32 r_,
bytes32 vs_
) external {
_revertIfInvalidSignature(
from_,
_getTransferWithAuthorizationDigest(from_, to_, value_, validAfter_, validBefore_, nonce_),
r_,
vs_
);
_transferWithAuthorization(from_, to_, value_, validAfter_, validBefore_, nonce_);
}
/// @inheritdoc IERC3009
function transferWithAuthorization(
address from_,
address to_,
uint256 value_,
uint256 validAfter_,
uint256 validBefore_,
bytes32 nonce_,
uint8 v_,
bytes32 r_,
bytes32 s_
) external {
_revertIfInvalidSignature(
from_,
_getTransferWithAuthorizationDigest(from_, to_, value_, validAfter_, validBefore_, nonce_),
v_,
r_,
s_
);
_transferWithAuthorization(from_, to_, value_, validAfter_, validBefore_, nonce_);
}
/// @inheritdoc IERC3009
function receiveWithAuthorization(
address from_,
address to_,
uint256 value_,
uint256 validAfter_,
uint256 validBefore_,
bytes32 nonce_,
bytes memory signature_
) external {
_revertIfInvalidSignature(
from_,
_getReceiveWithAuthorizationDigest(from_, to_, value_, validAfter_, validBefore_, nonce_),
signature_
);
_receiveWithAuthorization(from_, to_, value_, validAfter_, validBefore_, nonce_);
}
/// @inheritdoc IERC3009
function receiveWithAuthorization(
address from_,
address to_,
uint256 value_,
uint256 validAfter_,
uint256 validBefore_,
bytes32 nonce_,
bytes32 r_,
bytes32 vs_
) external {
_revertIfInvalidSignature(
from_,
_getReceiveWithAuthorizationDigest(from_, to_, value_, validAfter_, validBefore_, nonce_),
r_,
vs_
);
_receiveWithAuthorization(from_, to_, value_, validAfter_, validBefore_, nonce_);
}
/// @inheritdoc IERC3009
function receiveWithAuthorization(
address from_,
address to_,
uint256 value_,
uint256 validAfter_,
uint256 validBefore_,
bytes32 nonce_,
uint8 v_,
bytes32 r_,
bytes32 s_
) external {
_revertIfInvalidSignature(
from_,
_getReceiveWithAuthorizationDigest(from_, to_, value_, validAfter_, validBefore_, nonce_),
v_,
r_,
s_
);
_receiveWithAuthorization(from_, to_, value_, validAfter_, validBefore_, nonce_);
}
/// @inheritdoc IERC3009
function cancelAuthorization(address authorizer_, bytes32 nonce_, bytes memory signature_) external {
_revertIfInvalidSignature(authorizer_, _getCancelAuthorizationDigest(authorizer_, nonce_), signature_);
_cancelAuthorization(authorizer_, nonce_);
}
/// @inheritdoc IERC3009
function cancelAuthorization(address authorizer_, bytes32 nonce_, bytes32 r_, bytes32 vs_) external {
_revertIfInvalidSignature(authorizer_, _getCancelAuthorizationDigest(authorizer_, nonce_), r_, vs_);
_cancelAuthorization(authorizer_, nonce_);
}
/// @inheritdoc IERC3009
function cancelAuthorization(address authorizer_, bytes32 nonce_, uint8 v_, bytes32 r_, bytes32 s_) external {
_revertIfInvalidSignature(authorizer_, _getCancelAuthorizationDigest(authorizer_, nonce_), v_, r_, s_);
_cancelAuthorization(authorizer_, nonce_);
}
/* ============ View/Pure Functions ============ */
/// @inheritdoc IERC3009
function authorizationState(address authorizer, bytes32 nonce) public view returns (bool) {
return _getERC3009StorageLocation().authorizationState[authorizer][nonce];
}
/* ============ Internal Interactive Functions ============ */
/**
* @dev Common transfer function used by `transferWithAuthorization` and `_receiveWithAuthorization`.
* @param from_ Payer's address (Authorizer).
* @param to_ Payee's address.
* @param value_ Amount to be transferred.
* @param validAfter_ The time after which this is valid (unix time).
* @param validBefore_ The time before which this is valid (unix time).
* @param nonce_ Unique nonce.
*/
function _transferWithAuthorization(
address from_,
address to_,
uint256 value_,
uint256 validAfter_,
uint256 validBefore_,
bytes32 nonce_
) internal {
if (block.timestamp <= validAfter_) revert AuthorizationNotYetValid(block.timestamp, validAfter_);
if (block.timestamp >= validBefore_) revert AuthorizationExpired(block.timestamp, validBefore_);
_revertIfAuthorizationAlreadyUsed(from_, nonce_);
_getERC3009StorageLocation().authorizationState[from_][nonce_] = true;
emit AuthorizationUsed(from_, nonce_);
_transfer(from_, to_, value_);
}
/**
* @dev Common receive function used by `receiveWithAuthorization`.
* @param from_ Payer's address (Authorizer).
* @param to_ Payee's address.
* @param value_ Amount to be transferred.
* @param validAfter_ The time after which this is valid (unix time).
* @param validBefore_ The time before which this is valid (unix time).
* @param nonce_ Unique nonce.
*/
function _receiveWithAuthorization(
address from_,
address to_,
uint256 value_,
uint256 validAfter_,
uint256 validBefore_,
bytes32 nonce_
) internal {
if (msg.sender != to_) revert CallerMustBePayee(msg.sender, to_);
_transferWithAuthorization(from_, to_, value_, validAfter_, validBefore_, nonce_);
}
/**
* @dev Common cancel function used by `cancelAuthorization`.
* @param authorizer_ Authorizer's address.
* @param nonce_ Nonce of the authorization.
*/
function _cancelAuthorization(address authorizer_, bytes32 nonce_) internal {
_revertIfAuthorizationAlreadyUsed(authorizer_, nonce_);
_getERC3009StorageLocation().authorizationState[authorizer_][nonce_] = true;
emit AuthorizationCanceled(authorizer_, nonce_);
}
/**
* @dev Internal ERC20 transfer function that needs to be implemented by the inheriting contract.
* @param sender_ The sender's address.
* @param recipient_ The recipient's address.
* @param amount_ The amount to be transferred.
*/
function _transfer(address sender_, address recipient_, uint256 amount_) internal virtual;
/* ============ Internal View/Pure Functions ============ */
/**
* @dev Returns the internal EIP-712 digest of a transferWithAuthorization call.
* @param from_ Payer's address (Authorizer).
* @param to_ Payee's address.
* @param value_ Amount to be transferred.
* @param validAfter_ The time after which this is valid (unix time).
* @param validBefore_ The time before which this is valid (unix time).
* @param nonce_ Unique nonce.
* @return The internal EIP-712 digest.
*/
function _getTransferWithAuthorizationDigest(
address from_,
address to_,
uint256 value_,
uint256 validAfter_,
uint256 validBefore_,
bytes32 nonce_
) internal view returns (bytes32) {
return
_getDigest(
keccak256(
abi.encode(
TRANSFER_WITH_AUTHORIZATION_TYPEHASH,
from_,
to_,
value_,
validAfter_,
validBefore_,
nonce_
)
)
);
}
/**
* @dev Returns the internal EIP-712 digest of a receiveWithAuthorization call.
* @param from_ Payer's address (Authorizer).
* @param to_ Payee's address.
* @param value_ Amount to be transferred.
* @param validAfter_ The time after which this is valid (unix time).
* @param validBefore_ The time before which this is valid (unix time).
* @param nonce_ Unique nonce.
* @return The internal EIP-712 digest.
*/
function _getReceiveWithAuthorizationDigest(
address from_,
address to_,
uint256 value_,
uint256 validAfter_,
uint256 validBefore_,
bytes32 nonce_
) internal view returns (bytes32) {
return
_getDigest(
keccak256(
abi.encode(
RECEIVE_WITH_AUTHORIZATION_TYPEHASH,
from_,
to_,
value_,
validAfter_,
validBefore_,
nonce_
)
)
);
}
/**
* @dev Returns the internal EIP-712 digest of a cancelAuthorization call.
* @param authorizer_ Authorizer's address.
* @param nonce_ Nonce of the authorization.
* @return The internal EIP-712 digest.
*/
function _getCancelAuthorizationDigest(address authorizer_, bytes32 nonce_) internal view returns (bytes32) {
return _getDigest(keccak256(abi.encode(CANCEL_AUTHORIZATION_TYPEHASH, authorizer_, nonce_)));
}
/**
* @dev Reverts if the authorization is already used.
* @param authorizer_ The authorizer's address.
* @param nonce_ The nonce of the authorization.
*/
function _revertIfAuthorizationAlreadyUsed(address authorizer_, bytes32 nonce_) internal view {
if (authorizationState(authorizer_, nonce_)) revert AuthorizationAlreadyUsed(authorizer_, nonce_);
}
}
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.8.20 <0.9.0;
import { IERC20 } from "./IERC20.sol";
import { IERC3009 } from "./IERC3009.sol";
/**
* @title An ERC20 token extended with EIP-2612 permits for signed approvals (via EIP-712
* and with EIP-1271 compatibility), and extended with EIP-3009 transfer with authorization (via EIP-712).
* @author M^0 Labs
* @dev The additional interface as defined by EIP-2612: https://eips.ethereum.org/EIPS/eip-2612
*/
interface IERC20Extended is IERC20, IERC3009 {
/* ============ Custom Errors ============ */
/**
* @notice Revert message when spender's allowance is not sufficient.
* @param spender Address that may be allowed to operate on tokens without being their owner.
* @param allowance Amount of tokens a `spender` is allowed to operate with.
* @param needed Minimum amount required to perform a transfer.
*/
error InsufficientAllowance(address spender, uint256 allowance, uint256 needed);
/**
* @notice Revert message emitted when the transferred amount is insufficient.
* @param amount Amount transferred.
*/
error InsufficientAmount(uint256 amount);
/**
* @notice Revert message emitted when the recipient of a token is invalid.
* @param recipient Address of the invalid recipient.
*/
error InvalidRecipient(address recipient);
/* ============ Interactive Functions ============ */
/**
* @notice Approves `spender` to spend up to `amount` of the token balance of `owner`, via a signature.
* @param owner The address of the account who's token balance is being approved to be spent by `spender`.
* @param spender The address of an account allowed to spend on behalf of `owner`.
* @param value The amount of the allowance being approved.
* @param deadline The last timestamp where the signature is still valid.
* @param v An ECDSA secp256k1 signature parameter (EIP-2612 via EIP-712).
* @param r An ECDSA secp256k1 signature parameter (EIP-2612 via EIP-712).
* @param s An ECDSA secp256k1 signature parameter (EIP-2612 via EIP-712).
*/
function permit(
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) external;
/**
* @notice Approves `spender` to spend up to `amount` of the token balance of `owner`, via a signature.
* @param owner The address of the account who's token balance is being approved to be spent by `spender`.
* @param spender The address of an account allowed to spend on behalf of `owner`.
* @param value The amount of the allowance being approved.
* @param deadline The last timestamp where the signature is still valid.
* @param signature An arbitrary signature (EIP-712).
*/
function permit(address owner, address spender, uint256 value, uint256 deadline, bytes memory signature) external;
/* ============ View/Pure Functions ============ */
/// @notice Returns the EIP712 typehash used in the encoding of the digest for the permit function.
function PERMIT_TYPEHASH() external view returns (bytes32);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/introspection/IERC165.sol)
pragma solidity ^0.8.20;
/**
* @dev Interface of the ERC-165 standard, as defined in the
* https://eips.ethereum.org/EIPS/eip-165[ERC].
*
* Implementers can declare support of contract interfaces, which can then be
* queried by others ({ERC165Checker}).
*
* For an implementation, see {ERC165}.
*/
interface IERC165 {
/**
* @dev Returns true if this contract implements the interface defined by
* `interfaceId`. See the corresponding
* https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[ERC section]
* to learn more about how these ids are created.
*
* This function call must use less than 30 000 gas.
*/
function supportsInterface(bytes4 interfaceId) external view returns (bool);
}
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.8.20 <0.9.0;
import { IStatefulERC712 } from "./IStatefulERC712.sol";
/**
* @title Transfer via signed authorization following EIP-3009 standard.
* @author M^0 Labs
* @dev The interface as defined by EIP-3009: https://eips.ethereum.org/EIPS/eip-3009
*/
interface IERC3009 is IStatefulERC712 {
/* ============ Events ============ */
/**
* @notice Emitted when an authorization has been canceled.
* @param authorizer Authorizer's address.
* @param nonce Nonce of the canceled authorization.
*/
event AuthorizationCanceled(address indexed authorizer, bytes32 indexed nonce);
/**
* @notice Emitted when an authorization has been used.
* @param authorizer Authorizer's address.
* @param nonce Nonce of the used authorization.
*/
event AuthorizationUsed(address indexed authorizer, bytes32 indexed nonce);
/* ============ Custom Errors ============ */
/**
* @notice Emitted when an authorization has already been used.
* @param authorizer Authorizer's address.
* @param nonce Nonce of the used authorization.
*/
error AuthorizationAlreadyUsed(address authorizer, bytes32 nonce);
/**
* @notice Emitted when an authorization is expired.
* @param timestamp Timestamp at which the transaction was submitted.
* @param validBefore Timestamp before which the authorization would have been valid.
*/
error AuthorizationExpired(uint256 timestamp, uint256 validBefore);
/**
* @notice Emitted when an authorization is not yet valid.
* @param timestamp Timestamp at which the transaction was submitted.
* @param validAfter Timestamp after which the authorization will be valid.
*/
error AuthorizationNotYetValid(uint256 timestamp, uint256 validAfter);
/**
* @notice Emitted when the caller of `receiveWithAuthorization` is not the payee.
* @param caller Caller's address.
* @param payee Payee's address.
*/
error CallerMustBePayee(address caller, address payee);
/* ============ Interactive Functions ============ */
/**
* @notice Execute a transfer with a signed authorization.
* @param from Payer's address (Authorizer).
* @param to Payee's address.
* @param value Amount to be transferred.
* @param validAfter The time after which this is valid (unix time).
* @param validBefore The time before which this is valid (unix time).
* @param nonce Unique nonce.
* @param signature A byte array ECDSA/secp256k1 signature (encoded r, s, v).
*/
function transferWithAuthorization(
address from,
address to,
uint256 value,
uint256 validAfter,
uint256 validBefore,
bytes32 nonce,
bytes memory signature
) external;
/**
* @notice Execute a transfer with a signed authorization.
* @param from Payer's address (Authorizer).
* @param to Payee's address.
* @param value Amount to be transferred.
* @param validAfter The time after which this is valid (unix time).
* @param validBefore The time before which this is valid (unix time).
* @param nonce Unique nonce.
* @param r An ECDSA/secp256k1 signature parameter.
* @param vs An ECDSA/secp256k1 short signature parameter.
*/
function transferWithAuthorization(
address from,
address to,
uint256 value,
uint256 validAfter,
uint256 validBefore,
bytes32 nonce,
bytes32 r,
bytes32 vs
) external;
/**
* @notice Execute a transfer with a signed authorization.
* @param from Payer's address (Authorizer).
* @param to Payee's address.
* @param value Amount to be transferred.
* @param validAfter The time after which this is valid (unix time).
* @param validBefore The time before which this is valid (unix time).
* @param nonce Unique nonce.
* @param v v of the signature.
* @param r r of the signature.
* @param s s of the signature.
*/
function transferWithAuthorization(
address from,
address to,
uint256 value,
uint256 validAfter,
uint256 validBefore,
bytes32 nonce,
uint8 v,
bytes32 r,
bytes32 s
) external;
/**
* @notice Receive a transfer with a signed authorization from the payer.
* @dev This has an additional check to ensure that the payee's address matches
* the caller of this function to prevent front-running attacks.
* (See security considerations)
* @param from Payer's address (Authorizer).
* @param to Payee's address.
* @param value Amount to be transferred.
* @param validAfter The time after which this is valid (unix time).
* @param validBefore The time before which this is valid (unix time).
* @param nonce Unique nonce.
* @param signature A byte array ECDSA/secp256k1 signature (encoded r, s, v).
*/
function receiveWithAuthorization(
address from,
address to,
uint256 value,
uint256 validAfter,
uint256 validBefore,
bytes32 nonce,
bytes memory signature
) external;
/**
* @notice Receive a transfer with a signed authorization from the payer.
* @dev This has an additional check to ensure that the payee's address matches
* the caller of this function to prevent front-running attacks.
* (See security considerations)
* @param from Payer's address (Authorizer).
* @param to Payee's address.
* @param value Amount to be transferred.
* @param validAfter The time after which this is valid (unix time).
* @param validBefore The time before which this is valid (unix time).
* @param nonce Unique nonce.
* @param r An ECDSA/secp256k1 signature parameter.
* @param vs An ECDSA/secp256k1 short signature parameter.
*/
function receiveWithAuthorization(
address from,
address to,
uint256 value,
uint256 validAfter,
uint256 validBefore,
bytes32 nonce,
bytes32 r,
bytes32 vs
) external;
/**
* @notice Receive a transfer with a signed authorization from the payer.
* @dev This has an additional check to ensure that the payee's address matches
* the caller of this function to prevent front-running attacks.
* (See security considerations)
* @param from Payer's address (Authorizer).
* @param to Payee's address.
* @param value Amount to be transferred.
* @param validAfter The time after which this is valid (unix time).
* @param validBefore The time before which this is valid (unix time).
* @param nonce Unique nonce.
* @param v v of the signature.
* @param r r of the signature.
* @param s s of the signature.
*/
function receiveWithAuthorization(
address from,
address to,
uint256 value,
uint256 validAfter,
uint256 validBefore,
bytes32 nonce,
uint8 v,
bytes32 r,
bytes32 s
) external;
/**
* @notice Attempt to cancel an authorization.
* @param authorizer Authorizer's address.
* @param nonce Nonce of the authorization.
* @param signature A byte array ECDSA/secp256k1 signature (encoded r, s, v).
*/
function cancelAuthorization(address authorizer, bytes32 nonce, bytes memory signature) external;
/**
* @notice Attempt to cancel an authorization.
* @param authorizer Authorizer's address.
* @param nonce Nonce of the authorization.
* @param r An ECDSA/secp256k1 signature parameter.
* @param vs An ECDSA/secp256k1 short signature parameter.
*/
function cancelAuthorization(address authorizer, bytes32 nonce, bytes32 r, bytes32 vs) external;
/**
* @notice Attempt to cancel an authorization.
* @param authorizer Authorizer's address.
* @param nonce Nonce of the authorization.
* @param v v of the signature.
* @param r r of the signature.
* @param s s of the signature.
*/
function cancelAuthorization(address authorizer, bytes32 nonce, uint8 v, bytes32 r, bytes32 s) external;
/* ============ View/Pure Functions ============ */
/**
* @notice Returns the state of an authorization.
* @dev Nonces are randomly generated 32-byte data unique to the authorizer's address
* @param authorizer Authorizer's address.
* @param nonce Nonce of the authorization.
* @return True if the nonce is used.
*/
function authorizationState(address authorizer, bytes32 nonce) external view returns (bool);
/// @notice Returns `transferWithAuthorization` typehash.
function TRANSFER_WITH_AUTHORIZATION_TYPEHASH() external view returns (bytes32);
/// @notice Returns `receiveWithAuthorization` typehash.
function RECEIVE_WITH_AUTHORIZATION_TYPEHASH() external view returns (bytes32);
/// @notice Returns `cancelAuthorization` typehash.
function CANCEL_AUTHORIZATION_TYPEHASH() external view returns (bytes32);
}
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.8.20 <0.9.0;
import { IStatefulERC712 } from "./interfaces/IStatefulERC712.sol";
import { ERC712ExtendedUpgradeable } from "./ERC712ExtendedUpgradeable.sol";
abstract contract StatefulERC712ExtendedUpgradeableStorageLayout {
/// @custom:storage-location erc7201:M0.storage.StatefulERC712Extended
struct StatefulERC712ExtendedStorageStruct {
mapping(address account => uint256 nonce) nonces; // Nonces for all signatures.
}
// keccak256(abi.encode(uint256(keccak256("M0.storage.StatefulERC712Extended")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant _STATEFUL_ERC712_EXTENDED_STORAGE_LOCATION =
0x1b21ba3f0a2135d61c468900b54084f04af8111bce0f8bbb6ab8c46d11afbd00;
function _getStatefulERC712ExtendedStorageLocation()
internal
pure
returns (StatefulERC712ExtendedStorageStruct storage $)
{
assembly {
$.slot := _STATEFUL_ERC712_EXTENDED_STORAGE_LOCATION
}
}
}
/**
* @title Stateful and upgradeable extension for EIP-712 typed structured data hashing and signing with nonces.
* @author M0 Labs
* @dev An abstract implementation to satisfy stateful EIP-712 with nonces.
*/
abstract contract StatefulERC712Upgradeable is
StatefulERC712ExtendedUpgradeableStorageLayout,
IStatefulERC712,
ERC712ExtendedUpgradeable
{
/* ============ Initializer ============ */
/**
* @notice Initializes the StatefulERC712Upgradeable contract.
* @param name The name of the contract.
*/
function __StatefulERC712ExtendedUpgradeable_init(string memory name) internal onlyInitializing {
__ERC712ExtendedUpgradeable_init(name);
}
/* ============ View/Pure Functions ============ */
/// @inheritdoc IStatefulERC712
function nonces(address account) external view returns (uint256) {
return _getStatefulERC712ExtendedStorageLocation().nonces[account];
}
}
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.8.20 <0.9.0;
import { IERC712Extended } from "./IERC712Extended.sol";
/**
* @title Stateful Extension for EIP-712 typed structured data hashing and signing with nonces.
* @author M^0 Labs
*/
interface IStatefulERC712 is IERC712Extended {
/* ============ Custom Errors ============ */
/**
* @notice Revert message when a signing account's nonce is not the expected current nonce.
* @param nonce The nonce used in the signature.
* @param expectedNonce The expected nonce to be used in a signature by the signing account.
*/
error InvalidAccountNonce(uint256 nonce, uint256 expectedNonce);
/* ============ View/Pure Functions ============ */
/**
* @notice Returns the next nonce to be used in a signature by `account`.
* @param account The address of some account.
* @return nonce The next nonce to be used in a signature by `account`.
*/
function nonces(address account) external view returns (uint256 nonce);
}
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.8.20 <0.9.0;
import { Initializable } from "../lib/openzeppelin-contracts-upgradeable/contracts/proxy/utils/Initializable.sol";
import { IERC712 } from "./interfaces/IERC712.sol";
import { IERC712Extended } from "./interfaces/IERC712Extended.sol";
import { SignatureChecker } from "./libs/SignatureChecker.sol";
abstract contract ERC712ExtendedUpgradeableStorageLayout {
/// @custom:storage-location erc7201:M0.storage.ERC712Extended
struct ERC712ExtendedStorageStruct {
uint256 initialChainId;
bytes32 initialDomainSeparator;
string name;
}
// keccak256(abi.encode(uint256(keccak256("M0.storage.ERC712Extended")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant _ERC712_EXTENDED_STORAGE_LOCATION =
0x103ce0bed7138196cdb0d79ef04042681b16e7a2c58d74b78443c813042ea100;
function _getERC712ExtendedStorageLocation() internal pure returns (ERC712ExtendedStorageStruct storage $) {
assembly {
$.slot := _ERC712_EXTENDED_STORAGE_LOCATION
}
}
}
/**
* @title Typed structured data hashing and signing via EIP-712, extended by EIP-5267.
* @author M0 Labs
* @dev An abstract implementation to satisfy EIP-712: https://eips.ethereum.org/EIPS/eip-712
*/
abstract contract ERC712ExtendedUpgradeable is ERC712ExtendedUpgradeableStorageLayout, IERC712Extended, Initializable {
/* ============ Variables ============ */
/// @dev keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)")
bytes32 internal constant _EIP712_DOMAIN_HASH = 0x8b73c3c69bb8fe3d512ecc4cf759cc79239f7b179b0ffacaa9a75d522b39400f;
/// @dev keccak256("1")
bytes32 internal constant _EIP712_VERSION_HASH = 0xc89efdaa54c0f20c7adf612882df0950f5a951637e0307cdcb4c672f298b8bc6;
/* ============ Initializer ============ */
/**
* @notice Initializes the ERC712ExtendedUpgradeable contract.
* @param name_ The name of the contract.
*/
function __ERC712ExtendedUpgradeable_init(string memory name_) internal onlyInitializing {
ERC712ExtendedStorageStruct storage $ = _getERC712ExtendedStorageLocation();
$.name = name_;
$.initialChainId = block.chainid;
$.initialDomainSeparator = _getDomainSeparator();
}
/* ============ View/Pure Functions ============ */
/// @inheritdoc IERC712Extended
function eip712Domain()
external
view
virtual
returns (
bytes1 fields_,
string memory name_,
string memory version_,
uint256 chainId_,
address verifyingContract_,
bytes32 salt_,
uint256[] memory extensions_
)
{
return (
hex"0f", // 01111
_getERC712ExtendedStorageLocation().name,
"1",
block.chainid,
address(this),
bytes32(0),
new uint256[](0)
);
}
/// @inheritdoc IERC712
function DOMAIN_SEPARATOR() public view virtual returns (bytes32) {
ERC712ExtendedStorageStruct storage $ = _getERC712ExtendedStorageLocation();
return block.chainid == $.initialChainId ? $.initialDomainSeparator : _getDomainSeparator();
}
/* ============ Internal View/Pure Functions ============ */
/**
* @dev Computes the EIP-712 domain separator.
* @return The EIP-712 domain separator.
*/
function _getDomainSeparator() internal view returns (bytes32) {
return
keccak256(
abi.encode(
_EIP712_DOMAIN_HASH,
keccak256(bytes(_getERC712ExtendedStorageLocation().name)),
_EIP712_VERSION_HASH,
block.chainid,
address(this)
)
);
}
/**
* @dev Returns the digest to be signed, via EIP-712, given an internal digest (i.e. hash struct).
* @param internalDigest_ The internal digest.
* @return The digest to be signed.
*/
function _getDigest(bytes32 internalDigest_) internal view returns (bytes32) {
return keccak256(abi.encodePacked("\\x19\\x01", DOMAIN_SEPARATOR(), internalDigest_));
}
/**
* @dev Revert if the signature is expired.
* @param expiry_ Timestamp at which the signature expires or max uint256 for no expiry.
*/
function _revertIfExpired(uint256 expiry_) internal view {
if (block.timestamp > expiry_) revert SignatureExpired(expiry_, block.timestamp);
}
/**
* @dev Revert if the signature is invalid.
* @dev We first validate if the signature is a valid ECDSA signature and return early if it is the case.
* Then, we validate if it is a valid ERC-1271 signature, and return early if it is the case.
* If not, we revert with the error from the ECDSA signature validation.
* @param signer_ The signer of the signature.
* @param digest_ The digest that was signed.
* @param signature_ The signature.
*/
function _revertIfInvalidSignature(address signer_, bytes32 digest_, bytes memory signature_) internal view {
SignatureChecker.Error error_ = SignatureChecker.validateECDSASignature(signer_, digest_, signature_);
if (error_ == SignatureChecker.Error.NoError) return;
if (SignatureChecker.isValidERC1271Signature(signer_, digest_, signature_)) return;
_revertIfError(error_);
}
/**
* @dev Returns the signer of a signed digest, via EIP-712, and reverts if the signature is invalid.
* @param digest_ The digest that was signed.
* @param v_ v of the signature.
* @param r_ r of the signature.
* @param s_ s of the signature.
* @return signer_ The signer of the digest.
*/
function _getSignerAndRevertIfInvalidSignature(
bytes32 digest_,
uint8 v_,
bytes32 r_,
bytes32 s_
) internal pure returns (address signer_) {
SignatureChecker.Error error_;
(error_, signer_) = SignatureChecker.recoverECDSASigner(digest_, v_, r_, s_);
_revertIfError(error_);
}
/**
* @dev Revert if the signature is invalid.
* @param signer_ The signer of the signature.
* @param digest_ The digest that was signed.
* @param r_ An ECDSA/secp256k1 signature parameter.
* @param vs_ An ECDSA/secp256k1 short signature parameter.
*/
function _revertIfInvalidSignature(address signer_, bytes32 digest_, bytes32 r_, bytes32 vs_) internal pure {
_revertIfError(SignatureChecker.validateECDSASignature(signer_, digest_, r_, vs_));
}
/**
* @dev Revert if the signature is invalid.
* @param signer_ The signer of the signature.
* @param digest_ The digest that was signed.
* @param v_ v of the signature.
* @param r_ r of the signature.
* @param s_ s of the signature.
*/
function _revertIfInvalidSignature(
address signer_,
bytes32 digest_,
uint8 v_,
bytes32 r_,
bytes32 s_
) internal pure {
_revertIfError(SignatureChecker.validateECDSASignature(signer_, digest_, v_, r_, s_));
}
/**
* @dev Revert if error.
* @param error_ The SignatureChecker Error enum.
*/
function _revertIfError(SignatureChecker.Error error_) private pure {
if (error_ == SignatureChecker.Error.NoError) return;
if (error_ == SignatureChecker.Error.InvalidSignature) revert InvalidSignature();
if (error_ == SignatureChecker.Error.InvalidSignatureLength) revert InvalidSignatureLength();
if (error_ == SignatureChecker.Error.InvalidSignatureS) revert InvalidSignatureS();
if (error_ == SignatureChecker.Error.InvalidSignatureV) revert InvalidSignatureV();
if (error_ == SignatureChecker.Error.SignerMismatch) revert SignerMismatch();
revert InvalidSignature();
}
}
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.8.20 <0.9.0;
import { IERC712 } from "./IERC712.sol";
/**
* @title EIP-712 extended by EIP-5267.
* @author M^0 Labs
* @dev The additional interface as defined by EIP-5267: https://eips.ethereum.org/EIPS/eip-5267
*/
interface IERC712Extended is IERC712 {
/* ============ Events ============ */
/// @notice MAY be emitted to signal that the domain could have changed.
event EIP712DomainChanged();
/* ============ View/Pure Functions ============ */
/// @notice Returns the fields and values that describe the domain separator used by this contract for EIP-712.
function eip712Domain()
external
view
returns (
bytes1 fields,
string memory name,
string memory version,
uint256 chainId,
address verifyingContract,
bytes32 salt,
uint256[] memory extensions
);
}
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.8.20 <0.9.0;
/**
* @title Typed structured data hashing and signing via EIP-712.
* @author M^0 Labs
* @dev The interface as defined by EIP-712: https://eips.ethereum.org/EIPS/eip-712
*/
interface IERC712 {
/* ============ Custom Errors ============ */
/// @notice Revert message when an invalid signature is detected.
error InvalidSignature();
/// @notice Revert message when a signature with invalid length is detected.
error InvalidSignatureLength();
/// @notice Revert message when the S portion of a signature is invalid.
error InvalidSignatureS();
/// @notice Revert message when the V portion of a signature is invalid.
error InvalidSignatureV();
/**
* @notice Revert message when a signature is being used beyond its deadline (i.e. expiry).
* @param deadline The last timestamp where the signature is still valid.
* @param timestamp The current timestamp.
*/
error SignatureExpired(uint256 deadline, uint256 timestamp);
/// @notice Revert message when a recovered signer does not match the account being purported to have signed.
error SignerMismatch();
/* ============ View/Pure Functions ============ */
/// @notice Returns the EIP712 domain separator used in the encoding of a signed digest.
function DOMAIN_SEPARATOR() external view returns (bytes32);
}
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.8.20 <0.9.0;
import { IERC1271 } from "../interfaces/IERC1271.sol";
/**
* @title A library to handle ECDSA/secp256k1 and ERC1271 signatures, individually or in arbitrarily in combination.
* @author M^0 Labs
*/
library SignatureChecker {
/* ============ Enums ============ */
/**
* @notice An enum representing the possible errors that can be emitted during signature validation.
* @param NoError No error occurred during signature validation.
* @param InvalidSignature The signature is invalid.
* @param InvalidSignatureLength The signature length is invalid.
* @param InvalidSignatureS The signature parameter S is invalid.
* @param InvalidSignatureV The signature parameter V is invalid.
* @param SignerMismatch The signer does not match the recovered signer.
*/
enum Error {
NoError,
InvalidSignature,
InvalidSignatureLength,
InvalidSignatureS,
InvalidSignatureV,
SignerMismatch
}
/* ============ Internal View/Pure Functions ============ */
/**
* @dev Returns whether a signature is valid (ECDSA/secp256k1 or ERC1271) for a signer and digest.
* @dev Signatures must not be used as unique identifiers since the `ecrecover` EVM opcode
* allows for malleable (non-unique) signatures.
* See https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-4h98-2769-gh6h
* @param signer The address of the account purported to have signed.
* @param digest The hash of the data that was signed.
* @param signature A byte array signature.
* @return Whether the signature is valid or not.
*/
function isValidSignature(address signer, bytes32 digest, bytes memory signature) internal view returns (bool) {
return isValidECDSASignature(signer, digest, signature) || isValidERC1271Signature(signer, digest, signature);
}
/**
* @dev Returns whether an ERC1271 signature is valid for a signer and digest.
* @param signer The address of the account purported to have signed.
* @param digest The hash of the data that was signed.
* @param signature A byte array ERC1271 signature.
* @return Whether the signature is valid or not.
*/
function isValidERC1271Signature(
address signer,
bytes32 digest,
bytes memory signature
) internal view returns (bool) {
(bool success_, bytes memory result_) = signer.staticcall(
abi.encodeCall(IERC1271.isValidSignature, (digest, signature))
);
return
success_ &&
result_.length >= 32 &&
abi.decode(result_, (bytes32)) == bytes32(IERC1271.isValidSignature.selector);
}
/**
* @dev Decodes an ECDSA/secp256k1 signature from a byte array to standard v, r, and s parameters.
* @param signature A byte array ECDSA/secp256k1 signature.
* @return v An ECDSA/secp256k1 signature parameter.
* @return r An ECDSA/secp256k1 signature parameter.
* @return s An ECDSA/secp256k1 signature parameter.
*/
function decodeECDSASignature(bytes memory signature) internal pure returns (uint8 v, bytes32 r, bytes32 s) {
// ecrecover takes the signature parameters, and they can be decoded using assembly.
/// @solidity memory-safe-assembly
assembly {
r := mload(add(signature, 0x20))
s := mload(add(signature, 0x40))
v := byte(0, mload(add(signature, 0x60)))
}
}
/**
* @dev Decodes an ECDSA/secp256k1 short signature as defined by EIP2098
* from a byte array to standard v, r, and s parameters.
* @param signature A byte array ECDSA/secp256k1 short signature.
* @return r An ECDSA/secp256k1 signature parameter.
* @return vs An ECDSA/secp256k1 short signature parameter.
*/
function decodeShortECDSASignature(bytes memory signature) internal pure returns (bytes32 r, bytes32 vs) {
// ecrecover takes the signature parameters, and they can be decoded using assembly.
/// @solidity memory-safe-assembly
assembly {
r := mload(add(signature, 0x20))
vs := mload(add(signature, 0x40))
}
}
/**
* @dev Returns whether an ECDSA/secp256k1 signature is valid for a signer and digest.
* @param signer The address of the account purported to have signed.
* @param digest The hash of the data that was signed.
* @param signature A byte array ECDSA/secp256k1 signature (encoded r, s, v).
* @return Whether the signature is valid or not.
*/
function isValidECDSASignature(
address signer,
bytes32 digest,
bytes memory signature
) internal pure returns (bool) {
if (signature.length == 64) {
(bytes32 r, bytes32 vs) = decodeShortECDSASignature(signature);
return isValidECDSASignature(signer, digest, r, vs);
}
return validateECDSASignature(signer, digest, signature) == Error.NoError;
}
/**
* @dev Returns whether an ECDSA/secp256k1 short signature is valid for a signer and digest.
* @param signer The address of the account purported to have signed.
* @param digest The hash of the data that was signed.
* @param r An ECDSA/secp256k1 signature parameter.
* @param vs An ECDSA/secp256k1 short signature parameter.
* @return Whether the signature is valid or not.
*/
function isValidECDSASignature(address signer, bytes32 digest, bytes32 r, bytes32 vs) internal pure returns (bool) {
return validateECDSASignature(signer, digest, r, vs) == Error.NoError;
}
/**
* @dev Returns the signer of an ECDSA/secp256k1 signature for some digest.
* @param digest The hash of the data that was signed.
* @param signature A byte array ECDSA/secp256k1 signature.
* @return An error, if any, that occurred during the signer recovery.
* @return The address of the account recovered form the signature (0 if error).
*/
function recoverECDSASigner(bytes32 digest, bytes memory signature) internal pure returns (Error, address) {
if (signature.length != 65) return (Error.InvalidSignatureLength, address(0));
(uint8 v, bytes32 r, bytes32 s) = decodeECDSASignature(signature);
return recoverECDSASigner(digest, v, r, s);
}
/**
* @dev Returns the signer of an ECDSA/secp256k1 short signature for some digest.
* @dev See https://eips.ethereum.org/EIPS/eip-2098
* @param digest The hash of the data that was signed.
* @param r An ECDSA/secp256k1 signature parameter.
* @param vs An ECDSA/secp256k1 short signature parameter.
* @return An error, if any, that occurred during the signer recovery.
* @return The address of the account recovered form the signature (0 if error).
*/
function recoverECDSASigner(bytes32 digest, bytes32 r, bytes32 vs) internal pure returns (Error, address) {
unchecked {
// We do not check for an overflow here since the shift operation results in 0 or 1.
uint8 v = uint8((uint256(vs) >> 255) + 27);
bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);
return recoverECDSASigner(digest, v, r, s);
}
}
/**
* @dev Returns the signer of an ECDSA/secp256k1 signature for some digest.
* @param digest The hash of the data that was signed.
* @param v An ECDSA/secp256k1 signature parameter.
* @param r An ECDSA/secp256k1 signature parameter.
* @param s An ECDSA/secp256k1 signature parameter.
* @return An error, if any, that occurred during the signer recovery.
* @return signer The address of the account recovered form the signature (0 if error).
*/
function recoverECDSASigner(
bytes32 digest,
uint8 v,
bytes32 r,
bytes32 s
) internal pure returns (Error, address signer) {
// Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
// the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}.
if (uint256(s) > uint256(0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0))
return (Error.InvalidSignatureS, address(0));
if (v != 27 && v != 28) return (Error.InvalidSignatureV, address(0));
signer = ecrecover(digest, v, r, s);
return (signer == address(0)) ? (Error.InvalidSignature, address(0)) : (Error.NoError, signer);
}
/**
* @dev Returns an error, if any, in validating an ECDSA/secp256k1 signature for a signer and digest.
* @param signer The address of the account purported to have signed.
* @param digest The hash of the data that was signed.
* @param signature A byte array ERC1271 signature.
* @return An error, if any, that occurred during the signer recovery.
*/
function validateECDSASignature(
address signer,
bytes32 digest,
bytes memory signature
) internal pure returns (Error) {
(Error recoverError, address recoveredSigner) = recoverECDSASigner(digest, signature);
return (recoverError == Error.NoError) ? validateRecoveredSigner(signer, recoveredSigner) : recoverError;
}
/**
* @dev Returns an error, if any, in validating an ECDSA/secp256k1 short signature for a signer and digest.
* @param signer The address of the account purported to have signed.
* @param digest The hash of the data that was signed.
* @param r An ECDSA/secp256k1 signature parameter.
* @param vs An ECDSA/secp256k1 short signature parameter.
* @return An error, if any, that occurred during the signer recovery.
*/
function validateECDSASignature(
address signer,
bytes32 digest,
bytes32 r,
bytes32 vs
) internal pure returns (Error) {
(Error recoverError, address recoveredSigner) = recoverECDSASigner(digest, r, vs);
return (recoverError == Error.NoError) ? validateRecoveredSigner(signer, recoveredSigner) : recoverError;
}
/**
* @dev Returns an error, if any, in validating an ECDSA/secp256k1 signature for a signer and digest.
* @param signer The address of the account purported to have signed.
* @param digest The hash of the data that was signed.
* @param v An ECDSA/secp256k1 signature parameter.
* @param r An ECDSA/secp256k1 signature parameter.
* @param s An ECDSA/secp256k1 signature parameter.
* @return An error, if any, that occurred during the signer recovery.
*/
function validateECDSASignature(
address signer,
bytes32 digest,
uint8 v,
bytes32 r,
bytes32 s
) internal pure returns (Error) {
(Error recoverError, address recoveredSigner) = recoverECDSASigner(digest, v, r, s);
return (recoverError == Error.NoError) ? validateRecoveredSigner(signer, recoveredSigner) : recoverError;
}
/**
* @dev Returns an error if `signer` is not `recoveredSigner`.
* @param signer The address of the some signer.
* @param recoveredSigner The address of the some recoveredSigner.
* @return An error if `signer` is not `recoveredSigner`.
*/
function validateRecoveredSigner(address signer, address recoveredSigner) internal pure returns (Error) {
return (signer == recoveredSigner) ? Error.NoError : Error.SignerMismatch;
}
}
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.8.20 <0.9.0;
/**
* @title Standard Signature Validation Method for Contracts via EIP-1271.
* @author M^0 Labs
* @dev The interface as defined by EIP-1271: https://eips.ethereum.org/EIPS/eip-1271
*/
interface IERC1271 {
/**
* @dev Returns a specific magic value if the provided signature is valid for the provided digest.
* @param digest Hash of the data purported to have been signed.
* @param signature Signature byte array associated with the digest.
* @return magicValue Magic value 0x1626ba7e if the signature is valid.
*/
function isValidSignature(bytes32 digest, bytes memory signature) external view returns (bytes4 magicValue);
}