Transaction Hash:
Block:
12931774 at Jul-31-2021 06:34:34 AM +UTC
Transaction Fee:
0.0016837524 ETH
$3.20
Gas Used:
85,038 Gas / 19.8 Gwei
Emitted Events:
| 362 |
Token.Transfer( from=[Receiver] 0x5df0b006e9dae28f0ff86594428b59dc240837e7, to=0x0000000000000000000000000000000000000000, value=30000000000000000000 )
|
| 363 |
Token.Approval( owner=[Receiver] 0x5df0b006e9dae28f0ff86594428b59dc240837e7, spender=Curve, value=115792089237316195423570985008687907853269984665640564038791584007913129639935 )
|
| 364 |
Dai.Transfer( src=Curve, dst=[Receiver] 0x5df0b006e9dae28f0ff86594428b59dc240837e7, wad=26492549627192204819240 )
|
| 365 |
Curve.burnTokens( seller=[Receiver] 0x5df0b006e9dae28f0ff86594428b59dc240837e7, amount=30000000000000000000, rewardReceived=26492549627192204819240, minReward=26100000000000000000000 )
|
Account State Difference:
| Address | Before | After | State Difference | ||
|---|---|---|---|---|---|
| 0x19062190...2976EF8Cb | |||||
|
0x5A0b54D5...D3E029c4c
Miner
| (Spark Pool) | 5.182138939229369092 Eth | 5.183822691629369092 Eth | 0.0016837524 | |
| 0x6B175474...495271d0F | |||||
| 0x9d477d97...13b897001 |
0.863479814921741653 Eth
Nonce: 238
|
0.861796062521741653 Eth
Nonce: 239
| 0.0016837524 |
Execution Trace
0x5df0b006e9dae28f0ff86594428b59dc240837e7.d79875eb( )
Curve.redeem( _amount=30000000000000000000, _minCollateralReward=26100000000000000000000 ) => ( success=True )
File 1 of 3: Token
File 2 of 3: Curve
File 3 of 3: Dai
pragma solidity 0.5.0;
// FLAT - OpenZeppelin Smart Contracts
/**
* @notice Below is all the required smart contracts from the OpenZeppelin
* library needed for the Token contract. This is the inheritance
* tree of the token:
*
* Token
* |--ERC20Detailed
* | |--IERC20
* |--ERC20Capped
* | |--ERC20Mintable
* | |--MinterRoll
* | | |--Context
* | | |--Roles
* | |--ERC20
* | |--IERC20
* | |--Context
* | |--SafeMath
* |--ERC20Burnable
* | |--Context
* | |--ERC20
* | |--IERC20
* | |--Context
* | |--SafeMath
*/
/*
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with GSN meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
contract Context {
// Empty internal constructor, to prevent people from mistakenly deploying
// an instance of this contract, which should be used via inheritance.
constructor () internal { }
// solhint-disable-previous-line no-empty-blocks
function _msgSender() internal view returns (address payable) {
return msg.sender;
}
function _msgData() internal view returns (bytes memory) {
this; // silence state mutability warning without generating bytecode - see https://github.com/ethereum/solidity/issues/2691
return msg.data;
}
}
/**
* @dev Interface of the ERC20 standard as defined in the EIP. Does not include
* the optional functions; to access them see {ERC20Detailed}.
*/
interface IERC20 {
/**
* @dev Returns the amount of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the amount of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves `amount` tokens from the caller's account to `recipient`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address recipient, uint256 amount) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 amount) external returns (bool);
/**
* @dev Moves `amount` tokens from `sender` to `recipient` using the
* allowance mechanism. `amount` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
}
/**
* @dev Wrappers over Solidity's arithmetic operations with added overflow
* checks.
*
* Arithmetic operations in Solidity wrap on overflow. This can easily result
* in bugs, because programmers usually assume that an overflow raises an
* error, which is the standard behavior in high level programming languages.
* `SafeMath` restores this intuition by reverting the transaction when an
* operation overflows.
*
* Using this library instead of the unchecked operations eliminates an entire
* class of bugs, so it's recommended to use it always.
*/
library SafeMath {
/**
* @dev Returns the addition of two unsigned integers, reverting on
* overflow.
*
* Counterpart to Solidity's `+` operator.
*
* Requirements:
* - Addition cannot overflow.
*/
function add(uint256 a, uint256 b) internal pure returns (uint256) {
uint256 c = a + b;
require(c >= a, "SafeMath: addition overflow");
return c;
}
/**
* @dev Returns the subtraction of two unsigned integers, reverting on
* overflow (when the result is negative).
*
* Counterpart to Solidity's `-` operator.
*
* Requirements:
* - Subtraction cannot overflow.
*/
function sub(uint256 a, uint256 b) internal pure returns (uint256) {
return sub(a, b, "SafeMath: subtraction overflow");
}
/**
* @dev Returns the subtraction of two unsigned integers, reverting with custom message on
* overflow (when the result is negative).
*
* Counterpart to Solidity's `-` operator.
*
* Requirements:
* - Subtraction cannot overflow.
*
* _Available since v2.4.0._
*/
function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {
require(b <= a, errorMessage);
uint256 c = a - b;
return c;
}
/**
* @dev Returns the multiplication of two unsigned integers, reverting on
* overflow.
*
* Counterpart to Solidity's `*` operator.
*
* Requirements:
* - Multiplication cannot overflow.
*/
function mul(uint256 a, uint256 b) internal pure returns (uint256) {
// Gas optimization: this is cheaper than requiring 'a' not being zero, but the
// benefit is lost if 'b' is also tested.
// See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522
if (a == 0) {
return 0;
}
uint256 c = a * b;
require(c / a == b, "SafeMath: multiplication overflow");
return c;
}
/**
* @dev Returns the integer division of two unsigned integers. Reverts on
* division by zero. The result is rounded towards zero.
*
* Counterpart to Solidity's `/` operator. Note: this function uses a
* `revert` opcode (which leaves remaining gas untouched) while Solidity
* uses an invalid opcode to revert (consuming all remaining gas).
*
* Requirements:
* - The divisor cannot be zero.
*/
function div(uint256 a, uint256 b) internal pure returns (uint256) {
return div(a, b, "SafeMath: division by zero");
}
/**
* @dev Returns the integer division of two unsigned integers. Reverts with custom message on
* division by zero. The result is rounded towards zero.
*
* Counterpart to Solidity's `/` operator. Note: this function uses a
* `revert` opcode (which leaves remaining gas untouched) while Solidity
* uses an invalid opcode to revert (consuming all remaining gas).
*
* Requirements:
* - The divisor cannot be zero.
*
* _Available since v2.4.0._
*/
function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {
// Solidity only automatically asserts when dividing by 0
require(b > 0, errorMessage);
uint256 c = a / b;
// assert(a == b * c + a % b); // There is no case in which this doesn't hold
return c;
}
/**
* @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),
* Reverts when dividing by zero.
*
* Counterpart to Solidity's `%` operator. This function uses a `revert`
* opcode (which leaves remaining gas untouched) while Solidity uses an
* invalid opcode to revert (consuming all remaining gas).
*
* Requirements:
* - The divisor cannot be zero.
*/
function mod(uint256 a, uint256 b) internal pure returns (uint256) {
return mod(a, b, "SafeMath: modulo by zero");
}
/**
* @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),
* Reverts with custom message when dividing by zero.
*
* Counterpart to Solidity's `%` operator. This function uses a `revert`
* opcode (which leaves remaining gas untouched) while Solidity uses an
* invalid opcode to revert (consuming all remaining gas).
*
* Requirements:
* - The divisor cannot be zero.
*
* _Available since v2.4.0._
*/
function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {
require(b != 0, errorMessage);
return a % b;
}
}
/**
* @dev Implementation of the {IERC20} interface.
*
* This implementation is agnostic to the way tokens are created. This means
* that a supply mechanism has to be added in a derived contract using {_mint}.
* For a generic mechanism see {ERC20Mintable}.
*
* TIP: For a detailed writeup see our guide
* https://forum.zeppelin.solutions/t/how-to-implement-erc20-supply-mechanisms/226[How
* to implement supply mechanisms].
*
* We have followed general OpenZeppelin guidelines: functions revert instead
* of returning `false` on failure. This behavior is nonetheless conventional
* and does not conflict with the expectations of ERC20 applications.
*
* Additionally, an {Approval} event is emitted on calls to {transferFrom}.
* This allows applications to reconstruct the allowance for all accounts just
* by listening to said events. Other implementations of the EIP may not emit
* these events, as it isn't required by the specification.
*
* Finally, the non-standard {decreaseAllowance} and {increaseAllowance}
* functions have been added to mitigate the well-known issues around setting
* allowances. See {IERC20-approve}.
*/
contract ERC20 is Context, IERC20 {
using SafeMath for uint256;
mapping (address => uint256) private _balances;
mapping (address => mapping (address => uint256)) private _allowances;
uint256 private _totalSupply;
/**
* @dev See {IERC20-totalSupply}.
*/
function totalSupply() public view returns (uint256) {
return _totalSupply;
}
/**
* @dev See {IERC20-balanceOf}.
*/
function balanceOf(address account) public view returns (uint256) {
return _balances[account];
}
/**
* @dev See {IERC20-transfer}.
*
* Requirements:
*
* - `recipient` cannot be the zero address.
* - the caller must have a balance of at least `amount`.
*/
function transfer(address recipient, uint256 amount) public returns (bool) {
_transfer(_msgSender(), recipient, amount);
return true;
}
/**
* @dev See {IERC20-allowance}.
*/
function allowance(address owner, address spender) public view returns (uint256) {
return _allowances[owner][spender];
}
/**
* @dev See {IERC20-approve}.
*
* Requirements:
*
* - `spender` cannot be the zero address.
*/
function approve(address spender, uint256 amount) public returns (bool) {
_approve(_msgSender(), spender, amount);
return true;
}
/**
* @dev See {IERC20-transferFrom}.
*
* Emits an {Approval} event indicating the updated allowance. This is not
* required by the EIP. See the note at the beginning of {ERC20};
*
* Requirements:
* - `sender` and `recipient` cannot be the zero address.
* - `sender` must have a balance of at least `amount`.
* - the caller must have allowance for `sender`'s tokens of at least
* `amount`.
*/
function transferFrom(address sender, address recipient, uint256 amount) public returns (bool) {
_transfer(sender, recipient, amount);
_approve(sender, _msgSender(), _allowances[sender][_msgSender()].sub(amount, "ERC20: transfer amount exceeds allowance"));
return true;
}
/**
* @dev Atomically increases the allowance granted to `spender` by the caller.
*
* This is an alternative to {approve} that can be used as a mitigation for
* problems described in {IERC20-approve}.
*
* Emits an {Approval} event indicating the updated allowance.
*
* Requirements:
*
* - `spender` cannot be the zero address.
*/
function increaseAllowance(address spender, uint256 addedValue) public returns (bool) {
_approve(_msgSender(), spender, _allowances[_msgSender()][spender].add(addedValue));
return true;
}
/**
* @dev Atomically decreases the allowance granted to `spender` by the caller.
*
* This is an alternative to {approve} that can be used as a mitigation for
* problems described in {IERC20-approve}.
*
* Emits an {Approval} event indicating the updated allowance.
*
* Requirements:
*
* - `spender` cannot be the zero address.
* - `spender` must have allowance for the caller of at least
* `subtractedValue`.
*/
function decreaseAllowance(address spender, uint256 subtractedValue) public returns (bool) {
_approve(_msgSender(), spender, _allowances[_msgSender()][spender].sub(subtractedValue, "ERC20: decreased allowance below zero"));
return true;
}
/**
* @dev Moves tokens `amount` from `sender` to `recipient`.
*
* This is internal function is equivalent to {transfer}, and can be used to
* e.g. implement automatic token fees, slashing mechanisms, etc.
*
* Emits a {Transfer} event.
*
* Requirements:
*
* - `sender` cannot be the zero address.
* - `recipient` cannot be the zero address.
* - `sender` must have a balance of at least `amount`.
*/
function _transfer(address sender, address recipient, uint256 amount) internal {
require(sender != address(0), "ERC20: transfer from the zero address");
require(recipient != address(0), "ERC20: transfer to the zero address");
_balances[sender] = _balances[sender].sub(amount, "ERC20: transfer amount exceeds balance");
_balances[recipient] = _balances[recipient].add(amount);
emit Transfer(sender, recipient, amount);
}
/** @dev Creates `amount` tokens and assigns them to `account`, increasing
* the total supply.
*
* Emits a {Transfer} event with `from` set to the zero address.
*
* Requirements
*
* - `to` cannot be the zero address.
*/
function _mint(address account, uint256 amount) internal {
require(account != address(0), "ERC20: mint to the zero address");
_totalSupply = _totalSupply.add(amount);
_balances[account] = _balances[account].add(amount);
emit Transfer(address(0), account, amount);
}
/**
* @dev Destroys `amount` tokens from `account`, reducing the
* total supply.
*
* Emits a {Transfer} event with `to` set to the zero address.
*
* Requirements
*
* - `account` cannot be the zero address.
* - `account` must have at least `amount` tokens.
*/
function _burn(address account, uint256 amount) internal {
require(account != address(0), "ERC20: burn from the zero address");
_balances[account] = _balances[account].sub(amount, "ERC20: burn amount exceeds balance");
_totalSupply = _totalSupply.sub(amount);
emit Transfer(account, address(0), amount);
}
/**
* @dev Sets `amount` as the allowance of `spender` over the `owner`s tokens.
*
* This is internal function is equivalent to `approve`, and can be used to
* e.g. set automatic allowances for certain subsystems, etc.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `owner` cannot be the zero address.
* - `spender` cannot be the zero address.
*/
function _approve(address owner, address spender, uint256 amount) internal {
require(owner != address(0), "ERC20: approve from the zero address");
require(spender != address(0), "ERC20: approve to the zero address");
_allowances[owner][spender] = amount;
emit Approval(owner, spender, amount);
}
/**
* @dev Destroys `amount` tokens from `account`.`amount` is then deducted
* from the caller's allowance.
*
* See {_burn} and {_approve}.
*/
function _burnFrom(address account, uint256 amount) internal {
_burn(account, amount);
_approve(account, _msgSender(), _allowances[account][_msgSender()].sub(amount, "ERC20: burn amount exceeds allowance"));
}
}
/**
* @title Roles
* @dev Library for managing addresses assigned to a Role.
*/
library Roles {
struct Role {
mapping (address => bool) bearer;
}
/**
* @dev Give an account access to this role.
*/
function add(Role storage role, address account) internal {
require(!has(role, account), "Roles: account already has role");
role.bearer[account] = true;
}
/**
* @dev Remove an account's access to this role.
*/
function remove(Role storage role, address account) internal {
require(has(role, account), "Roles: account does not have role");
role.bearer[account] = false;
}
/**
* @dev Check if an account has this role.
* @return bool
*/
function has(Role storage role, address account) internal view returns (bool) {
require(account != address(0), "Roles: account is the zero address");
return role.bearer[account];
}
}
contract MinterRole is Context {
using Roles for Roles.Role;
event MinterAdded(address indexed account);
event MinterRemoved(address indexed account);
Roles.Role private _minters;
constructor () internal {
_addMinter(_msgSender());
}
modifier onlyMinter() {
require(isMinter(_msgSender()), "MinterRole: caller does not have the Minter role");
_;
}
function isMinter(address account) public view returns (bool) {
return _minters.has(account);
}
function addMinter(address account) public onlyMinter {
_addMinter(account);
}
function renounceMinter() public {
_removeMinter(_msgSender());
}
function _addMinter(address account) internal {
_minters.add(account);
emit MinterAdded(account);
}
function _removeMinter(address account) internal {
_minters.remove(account);
emit MinterRemoved(account);
}
}
/**
* @dev Extension of {ERC20} that adds a set of accounts with the {MinterRole},
* which have permission to mint (create) new tokens as they see fit.
*
* At construction, the deployer of the contract is the only minter.
*/
contract ERC20Mintable is ERC20, MinterRole {
/**
* @dev See {ERC20-_mint}.
*
* Requirements:
*
* - the caller must have the {MinterRole}.
*/
function mint(address account, uint256 amount) public onlyMinter returns (bool) {
_mint(account, amount);
return true;
}
}
/**
* @dev Extension of {ERC20} that allows token holders to destroy both their own
* tokens and those that they have an allowance for, in a way that can be
* recognized off-chain (via event analysis).
*/
contract ERC20Burnable is Context, ERC20, MinterRole {
/**
* @dev Destroys `amount` tokens from the caller.
*
* See {ERC20-_burn}.
*/
function burn(uint256 amount) public onlyMinter {
_burn(_msgSender(), amount);
}
/**
* @dev See {ERC20-_burnFrom}.
*/
function burnFrom(address account, uint256 amount) public onlyMinter {
_burnFrom(account, amount);
}
}
/**
* @dev Extension of {ERC20Mintable} that adds a cap to the supply of tokens.
*/
contract ERC20Capped is ERC20Mintable {
uint256 private _cap;
/**
* @dev Sets the value of the `cap`. This value is immutable, it can only be
* set once during construction.
*/
constructor (uint256 cap) public {
require(cap > 0, "ERC20Capped: cap is 0");
_cap = cap;
}
/**
* @dev Returns the cap on the token's total supply.
*/
function cap() public view returns (uint256) {
return _cap;
}
/**
* @dev See {ERC20Mintable-mint}.
*
* Requirements:
*
* - `value` must not cause the total supply to go over the cap.
*/
function _mint(address account, uint256 value) internal {
require(totalSupply().add(value) <= _cap, "ERC20Capped: cap exceeded");
super._mint(account, value);
}
}
/**
* @dev Optional functions from the ERC20 standard.
*/
contract ERC20Detailed is IERC20 {
string private _name;
string private _symbol;
uint8 private _decimals;
/**
* @dev Sets the values for `name`, `symbol`, and `decimals`. All three of
* these values are immutable: they can only be set once during
* construction.
*/
constructor (string memory name, string memory symbol, uint8 decimals) public {
_name = name;
_symbol = symbol;
_decimals = decimals;
}
/**
* @dev Returns the name of the token.
*/
function name() public view returns (string memory) {
return _name;
}
/**
* @dev Returns the symbol of the token, usually a shorter version of the
* name.
*/
function symbol() public view returns (string memory) {
return _symbol;
}
/**
* @dev Returns the number of decimals used to get its user representation.
* For example, if `decimals` equals `2`, a balance of `505` tokens should
* be displayed to a user as `5,05` (`505 / 10 ** 2`).
*
* Tokens usually opt for a value of 18, imitating the relationship between
* Ether and Wei.
*
* NOTE: This information is only used for _display_ purposes: it in
* no way affects any of the arithmetic of the contract, including
* {IERC20-balanceOf} and {IERC20-transfer}.
*/
function decimals() public view returns (uint8) {
return _decimals;
}
}
/**
* @notice This contract is for the Swarm BZZ token. This contract inherits
* from all the above imported contracts indirectly through the
* implemented contracts. ERC20Capped is Mintable, Burnable is an ERC20
*/
contract Token is ERC20Detailed, ERC20Capped, ERC20Burnable {
/**
* @dev Initialises all the inherited smart contracts
*/
constructor(
string memory _name,
string memory _symbol,
uint8 _decimals,
uint256 _cap
)
ERC20()
ERC20Detailed(
_name,
_symbol,
_decimals
)
ERC20Capped(
_cap
)
ERC20Mintable()
ERC20Burnable()
public
{
}
}File 2 of 3: Curve
// File: @openzeppelin/contracts/GSN/Context.sol
pragma solidity ^0.5.0;
/*
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with GSN meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
contract Context {
// Empty internal constructor, to prevent people from mistakenly deploying
// an instance of this contract, which should be used via inheritance.
constructor () internal { }
// solhint-disable-previous-line no-empty-blocks
function _msgSender() internal view returns (address payable) {
return msg.sender;
}
function _msgData() internal view returns (bytes memory) {
this; // silence state mutability warning without generating bytecode - see https://github.com/ethereum/solidity/issues/2691
return msg.data;
}
}
// File: @openzeppelin/contracts/ownership/Ownable.sol
pragma solidity ^0.5.0;
/**
* @dev Contract module which provides a basic access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* This module is used through inheritance. It will make available the modifier
* `onlyOwner`, which can be applied to your functions to restrict their use to
* the owner.
*/
contract Ownable is Context {
address private _owner;
event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
/**
* @dev Initializes the contract setting the deployer as the initial owner.
*/
constructor () internal {
address msgSender = _msgSender();
_owner = msgSender;
emit OwnershipTransferred(address(0), msgSender);
}
/**
* @dev Returns the address of the current owner.
*/
function owner() public view returns (address) {
return _owner;
}
/**
* @dev Throws if called by any account other than the owner.
*/
modifier onlyOwner() {
require(isOwner(), "Ownable: caller is not the owner");
_;
}
/**
* @dev Returns true if the caller is the current owner.
*/
function isOwner() public view returns (bool) {
return _msgSender() == _owner;
}
/**
* @dev Leaves the contract without owner. It will not be possible to call
* `onlyOwner` functions anymore. Can only be called by the current owner.
*
* NOTE: Renouncing ownership will leave the contract without an owner,
* thereby removing any functionality that is only available to the owner.
*/
function renounceOwnership() public onlyOwner {
emit OwnershipTransferred(_owner, address(0));
_owner = address(0);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Can only be called by the current owner.
*/
function transferOwnership(address newOwner) public onlyOwner {
_transferOwnership(newOwner);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
*/
function _transferOwnership(address newOwner) internal {
require(newOwner != address(0), "Ownable: new owner is the zero address");
emit OwnershipTransferred(_owner, newOwner);
_owner = newOwner;
}
}
// File: @openzeppelin/contracts/token/ERC20/IERC20.sol
pragma solidity ^0.5.0;
/**
* @dev Interface of the ERC20 standard as defined in the EIP. Does not include
* the optional functions; to access them see {ERC20Detailed}.
*/
interface IERC20 {
/**
* @dev Returns the amount of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the amount of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves `amount` tokens from the caller's account to `recipient`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address recipient, uint256 amount) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 amount) external returns (bool);
/**
* @dev Moves `amount` tokens from `sender` to `recipient` using the
* allowance mechanism. `amount` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
}
// File: @openzeppelin/contracts/math/SafeMath.sol
pragma solidity ^0.5.0;
/**
* @dev Wrappers over Solidity's arithmetic operations with added overflow
* checks.
*
* Arithmetic operations in Solidity wrap on overflow. This can easily result
* in bugs, because programmers usually assume that an overflow raises an
* error, which is the standard behavior in high level programming languages.
* `SafeMath` restores this intuition by reverting the transaction when an
* operation overflows.
*
* Using this library instead of the unchecked operations eliminates an entire
* class of bugs, so it's recommended to use it always.
*/
library SafeMath {
/**
* @dev Returns the addition of two unsigned integers, reverting on
* overflow.
*
* Counterpart to Solidity's `+` operator.
*
* Requirements:
* - Addition cannot overflow.
*/
function add(uint256 a, uint256 b) internal pure returns (uint256) {
uint256 c = a + b;
require(c >= a, "SafeMath: addition overflow");
return c;
}
/**
* @dev Returns the subtraction of two unsigned integers, reverting on
* overflow (when the result is negative).
*
* Counterpart to Solidity's `-` operator.
*
* Requirements:
* - Subtraction cannot overflow.
*/
function sub(uint256 a, uint256 b) internal pure returns (uint256) {
return sub(a, b, "SafeMath: subtraction overflow");
}
/**
* @dev Returns the subtraction of two unsigned integers, reverting with custom message on
* overflow (when the result is negative).
*
* Counterpart to Solidity's `-` operator.
*
* Requirements:
* - Subtraction cannot overflow.
*
* _Available since v2.4.0._
*/
function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {
require(b <= a, errorMessage);
uint256 c = a - b;
return c;
}
/**
* @dev Returns the multiplication of two unsigned integers, reverting on
* overflow.
*
* Counterpart to Solidity's `*` operator.
*
* Requirements:
* - Multiplication cannot overflow.
*/
function mul(uint256 a, uint256 b) internal pure returns (uint256) {
// Gas optimization: this is cheaper than requiring 'a' not being zero, but the
// benefit is lost if 'b' is also tested.
// See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522
if (a == 0) {
return 0;
}
uint256 c = a * b;
require(c / a == b, "SafeMath: multiplication overflow");
return c;
}
/**
* @dev Returns the integer division of two unsigned integers. Reverts on
* division by zero. The result is rounded towards zero.
*
* Counterpart to Solidity's `/` operator. Note: this function uses a
* `revert` opcode (which leaves remaining gas untouched) while Solidity
* uses an invalid opcode to revert (consuming all remaining gas).
*
* Requirements:
* - The divisor cannot be zero.
*/
function div(uint256 a, uint256 b) internal pure returns (uint256) {
return div(a, b, "SafeMath: division by zero");
}
/**
* @dev Returns the integer division of two unsigned integers. Reverts with custom message on
* division by zero. The result is rounded towards zero.
*
* Counterpart to Solidity's `/` operator. Note: this function uses a
* `revert` opcode (which leaves remaining gas untouched) while Solidity
* uses an invalid opcode to revert (consuming all remaining gas).
*
* Requirements:
* - The divisor cannot be zero.
*
* _Available since v2.4.0._
*/
function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {
// Solidity only automatically asserts when dividing by 0
require(b > 0, errorMessage);
uint256 c = a / b;
// assert(a == b * c + a % b); // There is no case in which this doesn't hold
return c;
}
/**
* @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),
* Reverts when dividing by zero.
*
* Counterpart to Solidity's `%` operator. This function uses a `revert`
* opcode (which leaves remaining gas untouched) while Solidity uses an
* invalid opcode to revert (consuming all remaining gas).
*
* Requirements:
* - The divisor cannot be zero.
*/
function mod(uint256 a, uint256 b) internal pure returns (uint256) {
return mod(a, b, "SafeMath: modulo by zero");
}
/**
* @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),
* Reverts with custom message when dividing by zero.
*
* Counterpart to Solidity's `%` operator. This function uses a `revert`
* opcode (which leaves remaining gas untouched) while Solidity uses an
* invalid opcode to revert (consuming all remaining gas).
*
* Requirements:
* - The divisor cannot be zero.
*
* _Available since v2.4.0._
*/
function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {
require(b != 0, errorMessage);
return a % b;
}
}
// File: contracts/I_Token.sol
pragma solidity 0.5.0;
/**
* @title Interface Token
* @notice Allows the Curve contract to interact with the token contract
* without importing the entire smart contract. For documentation
* please see the token contract:
* https://gitlab.com/linumlabs/swarm-token
* @dev This is not a full interface of the token, but instead a partial
* interface covering only the functions that are needed by the curve.
*/
interface I_Token {
// -------------------------------------------------------------------------
// IERC20 functions
// -------------------------------------------------------------------------
function totalSupply() external view returns (uint256);
function balanceOf(address account) external view returns (uint256);
function transfer(address recipient, uint256 amount)
external
returns (bool);
function allowance(address owner, address spender)
external
view
returns (uint256);
function approve(address spender, uint256 amount) external returns (bool);
function transferFrom(
address sender,
address recipient,
uint256 amount
) external returns (bool);
// -------------------------------------------------------------------------
// ERC20 functions
// -------------------------------------------------------------------------
function increaseAllowance(address spender, uint256 addedValue)
external
returns (bool);
function decreaseAllowance(address spender, uint256 subtractedValue)
external
returns (bool);
// -------------------------------------------------------------------------
// ERC20 Detailed
// -------------------------------------------------------------------------
function name() external view returns (string memory);
function symbol() external view returns (string memory);
function decimals() external view returns (uint8);
// -------------------------------------------------------------------------
// Burnable functions
// -------------------------------------------------------------------------
function burn(uint256 amount) external;
function burnFrom(address account, uint256 amount) external;
// -------------------------------------------------------------------------
// Mintable functions
// -------------------------------------------------------------------------
function isMinter(address account) external view returns (bool);
function addMinter(address account) external;
function renounceMinter() external;
function mint(address account, uint256 amount) external returns (bool);
// -------------------------------------------------------------------------
// Capped functions
// -------------------------------------------------------------------------
function cap() external view returns (uint256);
}
// File: contracts/I_Curve.sol
pragma solidity 0.5.0;
/**
* @title Interface Curve
* @notice This contract acts as an interface to the curve contract. For
* documentation please see the curve smart contract.
*/
interface I_Curve {
// -------------------------------------------------------------------------
// View functions
// -------------------------------------------------------------------------
/**
* @notice This function is only callable after the curve contract has been
* initialized.
* @param _amount The amount of tokens a user wants to buy
* @return uint256 The cost to buy the _amount of tokens in the collateral
* currency (see collateral token).
*/
function buyPrice(uint256 _amount)
external
view
returns (uint256 collateralRequired);
/**
* @notice This function is only callable after the curve contract has been
* initialized.
* @param _amount The amount of tokens a user wants to sell
* @return collateralReward The reward for selling the _amount of tokens in the
* collateral currency (see collateral token).
*/
function sellReward(uint256 _amount)
external
view
returns (uint256 collateralReward);
/**
* @return If the curve is both active and initialised.
*/
function isCurveActive() external view returns (bool);
/**
* @return The address of the collateral token (DAI)
*/
function collateralToken() external view returns (address);
/**
* @return The address of the bonded token (BZZ).
*/
function bondedToken() external view returns (address);
/**
* @return The required collateral amount (DAI) to initialise the curve.
*/
function requiredCollateral(uint256 _initialSupply)
external
view
returns (uint256);
// -------------------------------------------------------------------------
// State modifying functions
// -------------------------------------------------------------------------
/**
* @notice This function initializes the curve contract, and ensure the
* curve has the required permissions on the token contract needed
* to function.
*/
function init() external;
/**
* @param _amount The amount of tokens (BZZ) the user wants to buy.
* @param _maxCollateralSpend The max amount of collateral (DAI) the user is
* willing to spend in order to buy the _amount of tokens.
* @return The status of the mint. Note that should the total cost of the
* purchase exceed the _maxCollateralSpend the transaction will revert.
*/
function mint(uint256 _amount, uint256 _maxCollateralSpend)
external
returns (bool success);
/**
* @param _amount The amount of tokens (BZZ) the user wants to buy.
* @param _maxCollateralSpend The max amount of collateral (DAI) the user is
* willing to spend in order to buy the _amount of tokens.
* @param _to The address to send the tokens to.
* @return The status of the mint. Note that should the total cost of the
* purchase exceed the _maxCollateralSpend the transaction will revert.
*/
function mintTo(
uint256 _amount,
uint256 _maxCollateralSpend,
address _to
)
external
returns (bool success);
/**
* @param _amount The amount of tokens (BZZ) the user wants to sell.
* @param _minCollateralReward The min amount of collateral (DAI) the user is
* willing to receive for their tokens.
* @return The status of the burn. Note that should the total reward of the
* burn be below the _minCollateralReward the transaction will revert.
*/
function redeem(uint256 _amount, uint256 _minCollateralReward)
external
returns (bool success);
/**
* @notice Shuts down the curve, disabling buying, selling and both price
* functions. Can only be called by the owner. Will renounce the
* minter role on the bonded token.
*/
function shutDown() external;
}
// File: contracts/Curve.sol
pragma solidity 0.5.0;
contract Curve is Ownable, I_Curve {
using SafeMath for uint256;
// The instance of the token this curve controls (has mint rights to)
I_Token internal bzz_;
// The instance of the collateral token that is used to buy and sell tokens
IERC20 internal dai_;
// Stores if the curve has been initialised
bool internal init_;
// The active state of the curve (false after emergency shutdown)
bool internal active_;
// Mutex guard for state modifying functions
uint256 private status_;
// States for the guard
uint256 private constant _NOT_ENTERED = 1;
uint256 private constant _ENTERED = 2;
// -------------------------------------------------------------------------
// Events
// -------------------------------------------------------------------------
// Emitted when tokens are minted
event mintTokens(
address indexed buyer, // The address of the buyer
uint256 amount, // The amount of bonded tokens to mint
uint256 pricePaid, // The price in collateral tokens
uint256 maxSpend // The max amount of collateral to spend
);
// Emitted when tokens are minted
event mintTokensTo(
address indexed buyer, // The address of the buyer
address indexed receiver, // The address of the receiver of the tokens
uint256 amount, // The amount of bonded tokens to mint
uint256 pricePaid, // The price in collateral tokens
uint256 maxSpend // The max amount of collateral to spend
);
// Emitted when tokens are burnt
event burnTokens(
address indexed seller, // The address of the seller
uint256 amount, // The amount of bonded tokens to sell
uint256 rewardReceived, // The collateral tokens received
uint256 minReward // The min collateral reward for tokens
);
// Emitted when the curve is permanently shut down
event shutDownOccurred(address indexed owner);
// -------------------------------------------------------------------------
// Modifiers
// -------------------------------------------------------------------------
/**
* @notice Requires the curve to be initialised and active.
*/
modifier isActive() {
require(active_ && init_, "Curve inactive");
_;
}
/**
* @notice Protects against re-entrancy attacks
*/
modifier mutex() {
require(status_ != _ENTERED, "ReentrancyGuard: reentrant call");
// Any calls to nonReentrant after this point will fail
status_ = _ENTERED;
// Function executes
_;
// Status set to not entered
status_ = _NOT_ENTERED;
}
// -------------------------------------------------------------------------
// Constructor
// -------------------------------------------------------------------------
constructor(address _bondedToken, address _collateralToken) public Ownable() {
bzz_ = I_Token(_bondedToken);
dai_ = IERC20(_collateralToken);
status_ = _NOT_ENTERED;
}
// -------------------------------------------------------------------------
// View functions
// -------------------------------------------------------------------------
/**
* @notice This function is only callable after the curve contract has been
* initialized.
* @param _amount The amount of tokens a user wants to buy
* @return uint256 The cost to buy the _amount of tokens in the collateral
* currency (see collateral token).
*/
function buyPrice(uint256 _amount)
public
view
isActive()
returns (uint256 collateralRequired)
{
collateralRequired = _mint(_amount, bzz_.totalSupply());
return collateralRequired;
}
/**
* @notice This function is only callable after the curve contract has been
* initialized.
* @param _amount The amount of tokens a user wants to sell
* @return collateralReward The reward for selling the _amount of tokens in the
* collateral currency (see collateral token).
*/
function sellReward(uint256 _amount)
public
view
isActive()
returns (uint256 collateralReward)
{
(collateralReward, ) = _withdraw(_amount, bzz_.totalSupply());
return collateralReward;
}
/**
* @return If the curve is both active and initialised.
*/
function isCurveActive() public view returns (bool) {
if (active_ && init_) {
return true;
}
return false;
}
/**
* @param _initialSupply The expected initial supply the bonded token
* will have.
* @return The required collateral amount (DAI) to initialise the curve.
*/
function requiredCollateral(uint256 _initialSupply)
public
view
returns (uint256)
{
return _initializeCurve(_initialSupply);
}
/**
* @return The address of the bonded token (BZZ).
*/
function bondedToken() external view returns (address) {
return address(bzz_);
}
/**
* @return The address of the collateral token (DAI)
*/
function collateralToken() external view returns (address) {
return address(dai_);
}
// -------------------------------------------------------------------------
// State modifying functions
// -------------------------------------------------------------------------
/**
* @notice This function initializes the curve contract, and ensure the
* curve has the required permissions on the token contract needed
* to function.
*/
function init() external {
// Checks the curve has not already been initialized
require(!init_, "Curve is init");
// Checks the curve has the correct permissions on the given token
require(bzz_.isMinter(address(this)), "Curve is not minter");
// Gets the total supply of the token
uint256 initialSupply = bzz_.totalSupply();
// The curve requires that the initial supply is at least the expected
// open market supply
require(
initialSupply >= _MARKET_OPENING_SUPPLY,
"Curve equation requires pre-mint"
);
// Gets the price for the current supply
uint256 price = _initializeCurve(initialSupply);
// Requires the transfer for the collateral needed to back fill for the
// minted supply
require(
dai_.transferFrom(msg.sender, address(this), price),
"Failed to collateralized the curve"
);
// Sets the Curve to being active and initialised
active_ = true;
init_ = true;
}
/**
* @param _amount The amount of tokens (BZZ) the user wants to buy.
* @param _maxCollateralSpend The max amount of collateral (DAI) the user is
* willing to spend in order to buy the _amount of tokens.
* @return The status of the mint. Note that should the total cost of the
* purchase exceed the _maxCollateralSpend the transaction will revert.
*/
function mint(
uint256 _amount,
uint256 _maxCollateralSpend
)
external
isActive()
mutex()
returns (bool success)
{
// Gets the price for the amount of tokens
uint256 price = _commonMint(_amount, _maxCollateralSpend, msg.sender);
// Emitting event with all important info
emit mintTokens(
msg.sender,
_amount,
price,
_maxCollateralSpend
);
// Returning that the mint executed successfully
return true;
}
/**
* @param _amount The amount of tokens (BZZ) the user wants to buy.
* @param _maxCollateralSpend The max amount of collateral (DAI) the user is
* willing to spend in order to buy the _amount of tokens.
* @param _to The address to send the tokens to.
* @return The status of the mint. Note that should the total cost of the
* purchase exceed the _maxCollateralSpend the transaction will revert.
*/
function mintTo(
uint256 _amount,
uint256 _maxCollateralSpend,
address _to
)
external
isActive()
mutex()
returns (bool success)
{
// Gets the price for the amount of tokens
uint256 price = _commonMint(_amount, _maxCollateralSpend, _to);
// Emitting event with all important info
emit mintTokensTo(
msg.sender,
_to,
_amount,
price,
_maxCollateralSpend
);
// Returning that the mint executed successfully
return true;
}
/**
* @param _amount The amount of tokens (BZZ) the user wants to sell.
* @param _minCollateralReward The min amount of collateral (DAI) the user is
* willing to receive for their tokens.
* @return The status of the burn. Note that should the total reward of the
* burn be below the _minCollateralReward the transaction will revert.
*/
function redeem(uint256 _amount, uint256 _minCollateralReward)
external
isActive()
mutex()
returns (bool success)
{
// Gets the reward for the amount of tokens
uint256 reward = sellReward(_amount);
// Checks the reward has not slipped below the min amount the user
// wishes to receive.
require(reward >= _minCollateralReward, "Reward under min sell");
// Burns the number of tokens (fails - no bool return)
bzz_.burnFrom(msg.sender, _amount);
// Transfers the reward from the curve to the collateral token
require(
dai_.transfer(msg.sender, reward),
"Transferring collateral failed"
);
// Emitting event with all important info
emit burnTokens(
msg.sender,
_amount,
reward,
_minCollateralReward
);
// Returning that the burn executed successfully
return true;
}
/**
* @notice Shuts down the curve, disabling buying, selling and both price
* functions. Can only be called by the owner. Will renounce the
* minter role on the bonded token.
*/
function shutDown() external onlyOwner() {
// Removes the curve as a minter on the token
bzz_.renounceMinter();
// Irreversibly shuts down the curve
active_ = false;
// Emitting address of owner who shut down curve permanently
emit shutDownOccurred(msg.sender);
}
// -------------------------------------------------------------------------
// Internal functions
// -------------------------------------------------------------------------
/**
* @param _amount The amount of tokens (BZZ) the user wants to buy.
* @param _maxCollateralSpend The max amount of collateral (DAI) the user is
* willing to spend in order to buy the _amount of tokens.
* @param _to The address to send the tokens to.
* @return uint256 The price the user has paid for buying the _amount of
* BUZZ tokens.
*/
function _commonMint(
uint256 _amount,
uint256 _maxCollateralSpend,
address _to
)
internal
returns(uint256)
{
// Gets the price for the amount of tokens
uint256 price = buyPrice(_amount);
// Checks the price has not risen above the max amount the user wishes
// to spend.
require(price <= _maxCollateralSpend, "Price exceeds max spend");
// Transfers the price of tokens in the collateral token to the curve
require(
dai_.transferFrom(msg.sender, address(this), price),
"Transferring collateral failed"
);
// Mints the user their tokens
require(bzz_.mint(_to, _amount), "Minting tokens failed");
// Returns the price the user will pay for buy
return price;
}
// -------------------------------------------------------------------------
// Curve mathematical functions
uint256 internal constant _BZZ_SCALE = 1e16;
uint256 internal constant _N = 5;
uint256 internal constant _MARKET_OPENING_SUPPLY = 62500000 * _BZZ_SCALE;
// Equation for curve:
/**
* @param x The supply to calculate at.
* @return x^32/_MARKET_OPENING_SUPPLY^5
* @dev Calculates the 32 power of `x` (`x` squared 5 times) times a
* constant. Each time it squares the function it divides by the
* `_MARKET_OPENING_SUPPLY` so when `x` = `_MARKET_OPENING_SUPPLY`
* it doesn't change `x`.
*
* `c*x^32` | `c` is chosen in such a way that
* `_MARKET_OPENING_SUPPLY` is the fixed point of the helper
* function.
*
* The division by `_MARKET_OPENING_SUPPLY` also helps avoid an
* overflow.
*
* The `_helper` function is separate to the `_primitiveFunction`
* as we modify `x`.
*/
function _helper(uint256 x) internal view returns (uint256) {
for (uint256 index = 1; index <= _N; index++) {
x = (x.mul(x)).div(_MARKET_OPENING_SUPPLY);
}
return x;
}
/**
* @param s The supply point being calculated for.
* @return The amount of DAI required for the requested amount of BZZ (s).
* @dev `s` is being added because it is the linear term in the
* polynomial (this ensures no free BUZZ tokens).
*
* primitive function equation: s + c*s^32.
*
* See the helper function for the definition of `c`.
*
* Converts from something measured in BZZ (1e16) to dai atomic
* units 1e18.
*/
function _primitiveFunction(uint256 s) internal view returns (uint256) {
return s.add(_helper(s));
}
/**
* @param _supply The number of tokens that exist.
* @return uint256 The price for the next token up the curve.
*/
function _spotPrice(uint256 _supply) internal view returns (uint256) {
return (_primitiveFunction(_supply.add(1)).sub(_primitiveFunction(_supply)));
}
/**
* @param _amount The amount of tokens to be minted
* @param _currentSupply The current supply of tokens
* @return uint256 The cost for the tokens
* @return uint256 The price being paid per token
*/
function _mint(uint256 _amount, uint256 _currentSupply)
internal
view
returns (uint256)
{
uint256 deltaR = _primitiveFunction(_currentSupply.add(_amount)).sub(
_primitiveFunction(_currentSupply));
return deltaR;
}
/**
* @param _amount The amount of tokens to be sold
* @param _currentSupply The current supply of tokens
* @return uint256 The reward for the tokens
* @return uint256 The price being received per token
*/
function _withdraw(uint256 _amount, uint256 _currentSupply)
internal
view
returns (uint256, uint256)
{
assert(_currentSupply - _amount > 0);
uint256 deltaR = _primitiveFunction(_currentSupply).sub(
_primitiveFunction(_currentSupply.sub(_amount)));
uint256 realized_price = deltaR.div(_amount);
return (deltaR, realized_price);
}
/**
* @param _initial_supply The supply the curve is going to start with.
* @return initial_reserve How much collateral is needed to collateralized
* the bonding curve.
* @return price The price being paid per token (averaged).
*/
function _initializeCurve(uint256 _initial_supply)
internal
view
returns (uint256 price)
{
price = _mint(_initial_supply, 0);
return price;
}
}File 3 of 3: Dai
// hevm: flattened sources of /nix/store/8xb41r4qd0cjb63wcrxf1qmfg88p0961-dss-6fd7de0/src/dai.sol
pragma solidity =0.5.12;
////// /nix/store/8xb41r4qd0cjb63wcrxf1qmfg88p0961-dss-6fd7de0/src/lib.sol
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
/* pragma solidity 0.5.12; */
contract LibNote {
event LogNote(
bytes4 indexed sig,
address indexed usr,
bytes32 indexed arg1,
bytes32 indexed arg2,
bytes data
) anonymous;
modifier note {
_;
assembly {
// log an 'anonymous' event with a constant 6 words of calldata
// and four indexed topics: selector, caller, arg1 and arg2
let mark := msize // end of memory ensures zero
mstore(0x40, add(mark, 288)) // update free memory pointer
mstore(mark, 0x20) // bytes type data offset
mstore(add(mark, 0x20), 224) // bytes size (padded)
calldatacopy(add(mark, 0x40), 0, 224) // bytes payload
log4(mark, 288, // calldata
shl(224, shr(224, calldataload(0))), // msg.sig
caller, // msg.sender
calldataload(4), // arg1
calldataload(36) // arg2
)
}
}
}
////// /nix/store/8xb41r4qd0cjb63wcrxf1qmfg88p0961-dss-6fd7de0/src/dai.sol
// Copyright (C) 2017, 2018, 2019 dbrock, rain, mrchico
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
/* pragma solidity 0.5.12; */
/* import "./lib.sol"; */
contract Dai is LibNote {
// --- Auth ---
mapping (address => uint) public wards;
function rely(address guy) external note auth { wards[guy] = 1; }
function deny(address guy) external note auth { wards[guy] = 0; }
modifier auth {
require(wards[msg.sender] == 1, "Dai/not-authorized");
_;
}
// --- ERC20 Data ---
string public constant name = "Dai Stablecoin";
string public constant symbol = "DAI";
string public constant version = "1";
uint8 public constant decimals = 18;
uint256 public totalSupply;
mapping (address => uint) public balanceOf;
mapping (address => mapping (address => uint)) public allowance;
mapping (address => uint) public nonces;
event Approval(address indexed src, address indexed guy, uint wad);
event Transfer(address indexed src, address indexed dst, uint wad);
// --- Math ---
function add(uint x, uint y) internal pure returns (uint z) {
require((z = x + y) >= x);
}
function sub(uint x, uint y) internal pure returns (uint z) {
require((z = x - y) <= x);
}
// --- EIP712 niceties ---
bytes32 public DOMAIN_SEPARATOR;
// bytes32 public constant PERMIT_TYPEHASH = keccak256("Permit(address holder,address spender,uint256 nonce,uint256 expiry,bool allowed)");
bytes32 public constant PERMIT_TYPEHASH = 0xea2aa0a1be11a07ed86d755c93467f4f82362b452371d1ba94d1715123511acb;
constructor(uint256 chainId_) public {
wards[msg.sender] = 1;
DOMAIN_SEPARATOR = keccak256(abi.encode(
keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"),
keccak256(bytes(name)),
keccak256(bytes(version)),
chainId_,
address(this)
));
}
// --- Token ---
function transfer(address dst, uint wad) external returns (bool) {
return transferFrom(msg.sender, dst, wad);
}
function transferFrom(address src, address dst, uint wad)
public returns (bool)
{
require(balanceOf[src] >= wad, "Dai/insufficient-balance");
if (src != msg.sender && allowance[src][msg.sender] != uint(-1)) {
require(allowance[src][msg.sender] >= wad, "Dai/insufficient-allowance");
allowance[src][msg.sender] = sub(allowance[src][msg.sender], wad);
}
balanceOf[src] = sub(balanceOf[src], wad);
balanceOf[dst] = add(balanceOf[dst], wad);
emit Transfer(src, dst, wad);
return true;
}
function mint(address usr, uint wad) external auth {
balanceOf[usr] = add(balanceOf[usr], wad);
totalSupply = add(totalSupply, wad);
emit Transfer(address(0), usr, wad);
}
function burn(address usr, uint wad) external {
require(balanceOf[usr] >= wad, "Dai/insufficient-balance");
if (usr != msg.sender && allowance[usr][msg.sender] != uint(-1)) {
require(allowance[usr][msg.sender] >= wad, "Dai/insufficient-allowance");
allowance[usr][msg.sender] = sub(allowance[usr][msg.sender], wad);
}
balanceOf[usr] = sub(balanceOf[usr], wad);
totalSupply = sub(totalSupply, wad);
emit Transfer(usr, address(0), wad);
}
function approve(address usr, uint wad) external returns (bool) {
allowance[msg.sender][usr] = wad;
emit Approval(msg.sender, usr, wad);
return true;
}
// --- Alias ---
function push(address usr, uint wad) external {
transferFrom(msg.sender, usr, wad);
}
function pull(address usr, uint wad) external {
transferFrom(usr, msg.sender, wad);
}
function move(address src, address dst, uint wad) external {
transferFrom(src, dst, wad);
}
// --- Approve by signature ---
function permit(address holder, address spender, uint256 nonce, uint256 expiry,
bool allowed, uint8 v, bytes32 r, bytes32 s) external
{
bytes32 digest =
keccak256(abi.encodePacked(
"\x19\x01",
DOMAIN_SEPARATOR,
keccak256(abi.encode(PERMIT_TYPEHASH,
holder,
spender,
nonce,
expiry,
allowed))
));
require(holder != address(0), "Dai/invalid-address-0");
require(holder == ecrecover(digest, v, r, s), "Dai/invalid-permit");
require(expiry == 0 || now <= expiry, "Dai/permit-expired");
require(nonce == nonces[holder]++, "Dai/invalid-nonce");
uint wad = allowed ? uint(-1) : 0;
allowance[holder][spender] = wad;
emit Approval(holder, spender, wad);
}
}