{"Common.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\n/*\n  Common Utility librarries.\n  I. Addresses (extending address).\n*/\nlibrary Addresses {\n    function isContract(address account) internal view returns (bool) {\n        uint256 size;\n        assembly {\n            size := extcodesize(account)\n        }\n        return size \u003e 0;\n    }\n\n    function performEthTransfer(address recipient, uint256 amount) internal {\n        (bool success, ) = recipient.call{value: amount}(\"\"); // NOLINT: low-level-calls.\n        require(success, \"ETH_TRANSFER_FAILED\");\n    }\n\n    /*\n      Safe wrapper around ERC20/ERC721 calls.\n      This is required because many deployed ERC20 contracts don\u0027t return a value.\n      See https://github.com/ethereum/solidity/issues/4116.\n    */\n    function safeTokenContractCall(address tokenAddress, bytes memory callData) internal {\n        require(isContract(tokenAddress), \"BAD_TOKEN_ADDRESS\");\n        // NOLINTNEXTLINE: low-level-calls.\n        (bool success, bytes memory returndata) = tokenAddress.call(callData);\n        require(success, string(returndata));\n\n        if (returndata.length \u003e 0) {\n            require(abi.decode(returndata, (bool)), \"TOKEN_OPERATION_FAILED\");\n        }\n    }\n\n    /*\n      Validates that the passed contract address is of a real contract,\n      and that its id hash (as infered fromn identify()) matched the expected one.\n    */\n    function validateContractId(address contractAddress, bytes32 expectedIdHash)\n        internal\n    {\n        require(isContract(contractAddress), \"ADDRESS_NOT_CONTRACT\");\n        (bool success, bytes memory returndata) = contractAddress.call( // NOLINT: low-level-calls.\n            abi.encodeWithSignature(\"identify()\"));\n        require(success, \"FAILED_TO_IDENTIFY_CONTRACT\");\n        string memory realContractId = abi.decode(returndata, (string));\n        require(\n            keccak256(abi.encodePacked(realContractId)) == expectedIdHash,\n            \"UNEXPECTED_CONTRACT_IDENTIFIER\");\n    }\n\n    /*\n      Similar to safeTokenContractCall, but always ignores the return value.\n\n      Assumes some other method is used to detect the failures\n      (e.g. balance is checked before and after the call).\n    */\n    function uncheckedTokenContractCall(address tokenAddress, bytes memory callData) internal {\n        // NOLINTNEXTLINE: low-level-calls.\n        (bool success, bytes memory returndata) = tokenAddress.call(callData);\n        require(success, string(returndata));\n    }\n\n}\n\nlibrary UintArray {\n    function hashSubArray(uint256[] memory array, uint256 subArrayStart, uint256 subArraySize)\n        internal pure\n        returns(bytes32 subArrayHash)\n    {\n        require(array.length \u003e= subArrayStart + subArraySize, \"ILLEGAL_SUBARRAY_DIMENSIONS\");\n        uint256 startOffsetBytes = 0x20 * (1 + subArrayStart);\n        uint256 dataSizeBytes = 0x20 * subArraySize;\n        assembly {\n            subArrayHash := keccak256(add(array, startOffsetBytes), dataSizeBytes)\n        }\n    }\n\n    /*\n      Returns the address of a cell in offset within a uint256[] array.\n      This allows assigning new variable of dynamic unit256[] pointing to a sub_array\n      with a layout of serialied uint256[] (i.e. length+content).\n    */\n    function extractSerializedUintArray(uint256[] memory programOutput, uint256 offset)\n        internal pure\n        returns (uint256[] memory addr)\n    {\n        uint256 memOffset = 0x20 * (offset + 1);\n        assembly {\n            addr := add(programOutput, memOffset)\n        }\n    }\n\n}\n\n/*\n  II. StarkExTypes - Common data types.\n*/\nlibrary StarkExTypes {\n\n    // Structure representing a list of verifiers (validity/availability).\n    // A statement is valid only if all the verifiers in the list agree on it.\n    // Adding a verifier to the list is immediate - this is used for fast resolution of\n    // any soundness issues.\n    // Removing from the list is time-locked, to ensure that any user of the system\n    // not content with the announced removal has ample time to leave the system before it is\n    // removed.\n    struct ApprovalChainData {\n        address[] list;\n        // Represents the time after which the verifier with the given address can be removed.\n        // Removal of the verifier with address A is allowed only in the case the value\n        // of unlockedForRemovalTime[A] != 0 and unlockedForRemovalTime[A] \u003c (current time).\n        mapping (address =\u003e uint256) unlockedForRemovalTime;\n    }\n}\n"},"Governance.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nimport \"GovernanceStorage.sol\";\nimport \"MGovernance.sol\";\n\n/*\n  Implements Generic Governance, applicable for both proxy and main contract, and possibly others.\n  Notes:\n  1. This class is virtual (getGovernanceTag is not implemented).\n  2. The use of the same function names by both the Proxy and a delegated implementation\n     is not possible since calling the implementation functions is done via the default function\n     of the Proxy. For this reason, for example, the implementation of MainContract (MainGovernance)\n     exposes mainIsGovernor, which calls the internal isGovernor method.\n*/\nabstract contract Governance is GovernanceStorage, MGovernance {\n    event LogNominatedGovernor(address nominatedGovernor);\n    event LogNewGovernorAccepted(address acceptedGovernor);\n    event LogRemovedGovernor(address removedGovernor);\n    event LogNominationCancelled();\n\n    /*\n      Returns a string which uniquely identifies the type of the governance mechanism.\n    */\n    function getGovernanceTag()\n        virtual\n        internal\n        pure\n        returns (string memory);\n\n    /*\n      Returns the GovernanceInfoStruct associated with the governance tag.\n    */\n    function contractGovernanceInfo()\n        internal\n        view\n        returns (GovernanceInfoStruct storage) {\n        string memory tag = getGovernanceTag();\n        GovernanceInfoStruct storage gub = governanceInfo[tag];\n        require(gub.initialized, \"NOT_INITIALIZED\");\n        return gub;\n    }\n\n    /*\n      Current code intentionally prevents governance re-initialization.\n      This may be a problem in an upgrade situation, in a case that the upgrade-to implementation\n      performs an initialization (for real) and within that calls initGovernance().\n\n      Possible workarounds:\n      1. Clearing the governance info altogether by changing the MAIN_GOVERNANCE_INFO_TAG.\n         This will remove existing main governance information.\n      2. Modify the require part in this function, so that it will exit quietly\n         when trying to re-initialize (uncomment the lines below).\n    */\n    function initGovernance()\n        internal\n    {\n        string memory tag = getGovernanceTag();\n        GovernanceInfoStruct storage gub = governanceInfo[tag];\n        // TODO(Remo,01/09/2021): Consider un-commenting lines below.\n        // if (gub.initialized) {\n        //     return;\n        // }\n        require(!gub.initialized, \"ALREADY_INITIALIZED\");\n        gub.initialized = true;  // to ensure addGovernor() won\u0027t fail.\n        // Add the initial governer.\n        addGovernor(msg.sender);\n    }\n\n    function isGovernor(address testGovernor)\n        internal view override\n        returns (bool){\n        GovernanceInfoStruct storage gub = contractGovernanceInfo();\n        return gub.effectiveGovernors[testGovernor];\n    }\n\n    /*\n      Cancels the nomination of a governor candidate.\n    */\n    function cancelNomination() internal onlyGovernance() {\n        GovernanceInfoStruct storage gub = contractGovernanceInfo();\n        gub.candidateGovernor = address(0x0);\n        emit LogNominationCancelled();\n    }\n\n    function nominateNewGovernor(address newGovernor) internal onlyGovernance() {\n        GovernanceInfoStruct storage gub = contractGovernanceInfo();\n        require(!isGovernor(newGovernor), \"ALREADY_GOVERNOR\");\n        gub.candidateGovernor = newGovernor;\n        emit LogNominatedGovernor(newGovernor);\n    }\n\n    /*\n      The addGovernor is called in two cases:\n      1. by acceptGovernance when a new governor accepts its role.\n      2. by initGovernance to add the initial governor.\n      The difference is that the init path skips the nominate step\n      that would fail because of the onlyGovernance modifier.\n    */\n    function addGovernor(address newGovernor) private {\n        require(!isGovernor(newGovernor), \"ALREADY_GOVERNOR\");\n        GovernanceInfoStruct storage gub = contractGovernanceInfo();\n        gub.effectiveGovernors[newGovernor] = true;\n    }\n\n    function acceptGovernance()\n        internal\n    {\n        // The new governor was proposed as a candidate by the current governor.\n        GovernanceInfoStruct storage gub = contractGovernanceInfo();\n        require(msg.sender == gub.candidateGovernor, \"ONLY_CANDIDATE_GOVERNOR\");\n\n        // Update state.\n        addGovernor(gub.candidateGovernor);\n        gub.candidateGovernor = address(0x0);\n\n        // Send a notification about the change of governor.\n        emit LogNewGovernorAccepted(msg.sender);\n    }\n\n    /*\n      Remove a governor from office.\n    */\n    function removeGovernor(address governorForRemoval) internal onlyGovernance() {\n        require(msg.sender != governorForRemoval, \"GOVERNOR_SELF_REMOVE\");\n        GovernanceInfoStruct storage gub = contractGovernanceInfo();\n        require (isGovernor(governorForRemoval), \"NOT_GOVERNOR\");\n        gub.effectiveGovernors[governorForRemoval] = false;\n        emit LogRemovedGovernor(governorForRemoval);\n    }\n}\n"},"GovernanceStorage.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\n/*\n  Holds the governance slots for ALL entities, including proxy and the main contract.\n*/\ncontract GovernanceStorage {\n\n    struct GovernanceInfoStruct {\n        mapping (address =\u003e bool) effectiveGovernors;\n        address candidateGovernor;\n        bool initialized;\n    }\n\n    // A map from a Governor tag to its own GovernanceInfoStruct.\n    mapping (string =\u003e GovernanceInfoStruct) internal governanceInfo;\n}\n"},"MGovernance.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nabstract contract MGovernance {\n\n    function isGovernor(address testGovernor)\n        internal\n        view\n        virtual\n        returns (bool);\n\n    /*\n      Allows calling the function only by a Governor.\n    */\n    modifier onlyGovernance ()\n    {\n        require(isGovernor(msg.sender), \"ONLY_GOVERNANCE\");\n        _;\n    }\n}\n"},"Proxy.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nimport \"ProxyGovernance.sol\";\nimport \"ProxyStorage.sol\";\nimport \"StorageSlots.sol\";\nimport \"Common.sol\";\n\n/**\n  The Proxy contract implements delegation of calls to other contracts (`implementations`), with\n  proper forwarding of return values and revert reasons. This pattern allows retaining the contract\n  storage while replacing implementation code.\n\n  The following operations are supported by the proxy contract:\n\n  - :sol:func:`addImplementation`: Defines a new implementation, the data with which it should be initialized and whether this will be the last version of implementation.\n  - :sol:func:`upgradeTo`: Once an implementation is added, the governor may upgrade to that implementation only after a safety time period has passed (time lock), the current implementation is not the last version and the implementation is not frozen (see :sol:mod:`FullWithdrawals`).\n  - :sol:func:`removeImplementation`: Any announced implementation may be removed. Removing an implementation is especially important once it has been used for an upgrade in order to avoid an additional unwanted revert to an older version.\n\n  The only entity allowed to perform the above operations is the proxy governor\n  (see :sol:mod:`ProxyGovernance`).\n\n  Every implementation is required to have an `initialize` function that replaces the constructor\n  of a normal contract. Furthermore, the only parameter of this function is an array of bytes\n  (`data`) which may be decoded arbitrarily by the `initialize` function. It is up to the\n  implementation to ensure that this function cannot be run more than once if so desired.\n\n  When an implementation is added (:sol:func:`addImplementation`) the initialization `data` is also\n  announced, allowing users of the contract to analyze the full effect of an upgrade to the new\n  implementation. During an :sol:func:`upgradeTo`, the `data` is provided again and only if it is\n  identical to the announced `data` is the upgrade performed by pointing the proxy to the new\n  implementation and calling its `initialize` function with this `data`.\n\n  It is the responsibility of the implementation not to overwrite any storage belonging to the\n  proxy (`ProxyStorage`). In addition, upon upgrade, the new implementation is assumed to be\n  backward compatible with previous implementations with respect to the storage used until that\n  point.\n*/\ncontract Proxy is ProxyStorage, ProxyGovernance, StorageSlots {\n\n    // Emitted when the active implementation is replaced.\n    event ImplementationUpgraded(address indexed implementation, bytes initializer);\n\n    // Emitted when an implementation is submitted as an upgrade candidate and a time lock\n    // is activated.\n    event ImplementationAdded(address indexed implementation, bytes initializer, bool finalize);\n\n    // Emitted when an implementation is removed from the list of upgrade candidates.\n    event ImplementationRemoved(address indexed implementation, bytes initializer, bool finalize);\n\n    // Emitted when the implementation is finalized.\n    event FinalizedImplementation(address indexed implementation);\n\n    using Addresses for address;\n\n    string public constant PROXY_VERSION = \"3.0.0\";\n\n    constructor (uint256 upgradeActivationDelay)\n        public\n    {\n        initGovernance();\n        setUpgradeActivationDelay(upgradeActivationDelay);\n    }\n\n    function setUpgradeActivationDelay(uint256 delayInSeconds) private {\n        bytes32 slot = UPGRADE_DELAY_SLOT;\n        assembly {\n            sstore(slot, delayInSeconds)\n        }\n    }\n\n    function getUpgradeActivationDelay() public view returns (uint256 delay) {\n        bytes32 slot = UPGRADE_DELAY_SLOT;\n        assembly {\n            delay := sload(slot)\n        }\n        return delay;\n    }\n\n    /*\n      Returns the address of the current implementation.\n    */\n    // NOLINTNEXTLINE external-function.\n    function implementation() public view returns(address _implementation) {\n        bytes32 slot = IMPLEMENTATION_SLOT;\n        assembly {\n            _implementation := sload(slot)\n        }\n    }\n\n    /*\n      Returns true if the implementation is frozen.\n      If the implementation was not assigned yet, returns false.\n    */\n    function implementationIsFrozen() private returns (bool) {\n        address _implementation = implementation();\n\n        // We can\u0027t call low level implementation before it\u0027s assigned. (i.e. ZERO).\n        if (_implementation == address(0x0)) {\n            return false;\n        }\n\n        // NOLINTNEXTLINE: low-level-calls.\n        (bool success, bytes memory returndata) = _implementation.delegatecall(\n            abi.encodeWithSignature(\"isFrozen()\"));\n        require(success, string(returndata));\n        return abi.decode(returndata, (bool));\n    }\n\n    /*\n      This method blocks delegation to initialize().\n      Only upgradeTo should be able to delegate call to initialize().\n    */\n    function initialize(bytes calldata /*data*/)\n        external pure\n    {\n        revert(\"CANNOT_CALL_INITIALIZE\");\n    }\n\n    modifier notFinalized()\n    {\n        require(isNotFinalized(), \"IMPLEMENTATION_FINALIZED\");\n        _;\n    }\n\n    /*\n      Forbids calling the function if the implementation is frozen.\n      This modifier relies on the lower level (logical contract) implementation of isFrozen().\n    */\n    modifier notFrozen()\n    {\n        require(!implementationIsFrozen(), \"STATE_IS_FROZEN\");\n        _;\n    }\n\n    /*\n      This entry point serves only transactions with empty calldata. (i.e. pure value transfer tx).\n      We don\u0027t expect to receive such, thus block them.\n    */\n    receive() external payable {\n        revert(\"CONTRACT_NOT_EXPECTED_TO_RECEIVE\");\n    }\n\n    /*\n      Contract\u0027s default function. Delegates execution to the implementation contract.\n      It returns back to the external caller whatever the implementation delegated code returns.\n    */\n    fallback() external payable {\n        address _implementation = implementation();\n        require (_implementation != address(0x0), \"MISSING_IMPLEMENTATION\");\n\n        assembly {\n            // Copy msg.data. We take full control of memory in this inline assembly\n            // block because it will not return to Solidity code. We overwrite the\n            // Solidity scratch pad at memory position 0.\n            calldatacopy(0, 0, calldatasize())\n\n            // Call the implementation.\n            // out and outsize are 0 for now, as we don\u0027t know the out size yet.\n            let result := delegatecall(gas(), _implementation, 0, calldatasize(), 0, 0)\n\n            // Copy the returned data.\n            returndatacopy(0, 0, returndatasize())\n\n            // TODO(Remo): Find a way to properly propagae inner OOG error.\n            switch result\n            // delegatecall returns 0 on error.\n            case 0 { revert(0, returndatasize()) }\n            default { return(0, returndatasize()) }\n        }\n    }\n\n    /*\n      Sets the implementation address of the proxy.\n    */\n    function setImplementation(address newImplementation) private {\n        bytes32 slot = IMPLEMENTATION_SLOT;\n        assembly {\n            sstore(slot, newImplementation)\n        }\n    }\n\n    /*\n      Returns true if the contract is not in the finalized state.\n    */\n    function isNotFinalized() public view returns (bool notFinal) {\n        bytes32 slot = FINALIZED_STATE_SLOT;\n        uint256 slotValue;\n        assembly {\n            slotValue := sload(slot)\n        }\n        notFinal = (slotValue == 0);\n    }\n\n    /*\n      Marks the current implementation as finalized.\n    */\n    function setFinalizedFlag() private {\n        bytes32 slot = FINALIZED_STATE_SLOT;\n        assembly {\n            sstore(slot, 0x1)\n        }\n    }\n\n    /*\n      Introduce an implementation and its initialization vector,\n      and start the time-lock before it can be upgraded to.\n      addImplementation is not blocked when frozen or finalized.\n      (upgradeTo API is blocked when finalized or frozen).\n    */\n    function addImplementation(address newImplementation, bytes calldata data, bool finalize)\n        external onlyGovernance {\n        require(newImplementation.isContract(), \"ADDRESS_NOT_CONTRACT\");\n\n        bytes32 implVectorHash = keccak256(abi.encode(newImplementation, data, finalize));\n\n        uint256 activationTime = block.timestamp + getUpgradeActivationDelay();\n\n        // First implementation should not have time-lock.\n        if (implementation() == address(0x0)) {\n            activationTime = block.timestamp;\n        }\n\n        enabledTime[implVectorHash] = activationTime;\n        emit ImplementationAdded(newImplementation, data, finalize);\n    }\n\n    /*\n      Removes a candidate implementation.\n      Note that it is possible to remove the current implementation. Doing so doesn\u0027t affect the\n      current implementation, but rather revokes it as a future candidate.\n    */\n    function removeImplementation(address removedImplementation, bytes calldata data, bool finalize)\n        external onlyGovernance {\n        bytes32 implVectorHash = keccak256(abi.encode(removedImplementation, data, finalize));\n\n        // If we have initializer, we set the hash of it.\n        uint256 activationTime = enabledTime[implVectorHash];\n        require(activationTime \u003e 0, \"UNKNOWN_UPGRADE_INFORMATION\");\n        delete enabledTime[implVectorHash];\n        emit ImplementationRemoved(removedImplementation, data, finalize);\n    }\n\n    /*\n      Upgrades the proxy to a new implementation, with its initialization.\n      to upgrade successfully, implementation must have been added time-lock agreeably\n      before, and the init vector must be identical ot the one submitted before.\n\n      Upon assignment of new implementation address,\n      its initialize will be called with the initializing vector (even if empty).\n      Therefore, the implementation MUST must have such a method.\n\n      Note - Initialization data is committed to in advance, therefore it must remain valid\n      until the actual contract upgrade takes place.\n\n      Care should be taken regarding initialization data and flow when planning the contract upgrade.\n\n      When planning contract upgrade, special care is also needed with regard to governance\n      (See comments in Governance.sol).\n    */\n    // NOLINTNEXTLINE: reentrancy-events timestamp.\n    function upgradeTo(address newImplementation, bytes calldata data, bool finalize)\n        external payable onlyGovernance notFinalized notFrozen {\n        bytes32 implVectorHash = keccak256(abi.encode(newImplementation, data, finalize));\n        uint256 activationTime = enabledTime[implVectorHash];\n        require(activationTime \u003e 0, \"UNKNOWN_UPGRADE_INFORMATION\");\n        require(newImplementation.isContract(), \"ADDRESS_NOT_CONTRACT\");\n        // NOLINTNEXTLINE: timestamp.\n        require(activationTime \u003c= block.timestamp, \"UPGRADE_NOT_ENABLED_YET\");\n\n        setImplementation(newImplementation);\n\n        // NOLINTNEXTLINE: low-level-calls controlled-delegatecall.\n        (bool success, bytes memory returndata) = newImplementation.delegatecall(\n            abi.encodeWithSelector(this.initialize.selector, data));\n        require(success, string(returndata));\n\n        // Verify that the new implementation is not frozen post initialization.\n        // NOLINTNEXTLINE: low-level-calls controlled-delegatecall.\n        (success, returndata) = newImplementation.delegatecall(\n            abi.encodeWithSignature(\"isFrozen()\"));\n        require(success, \"CALL_TO_ISFROZEN_REVERTED\");\n        require(!abi.decode(returndata, (bool)), \"NEW_IMPLEMENTATION_FROZEN\");\n\n        if (finalize) {\n            setFinalizedFlag();\n            emit FinalizedImplementation(newImplementation);\n        }\n\n        emit ImplementationUpgraded(newImplementation, data);\n    }\n}\n"},"ProxyGovernance.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nimport \"Governance.sol\";\n\n/**\n  The Proxy contract is governed by one or more Governors of which the initial one is the\n  deployer of the contract.\n\n  A governor has the sole authority to perform the following operations:\n\n  1. Nominate additional governors (:sol:func:`proxyNominateNewGovernor`)\n  2. Remove other governors (:sol:func:`proxyRemoveGovernor`)\n  3. Add new `implementations` (proxied contracts)\n  4. Remove (new or old) `implementations`\n  5. Update `implementations` after a timelock allows it\n\n  Adding governors is performed in a two step procedure:\n\n  1. First, an existing governor nominates a new governor (:sol:func:`proxyNominateNewGovernor`)\n  2. Then, the new governor must accept governance to become a governor (:sol:func:`proxyAcceptGovernance`)\n\n  This two step procedure ensures that a governor public key cannot be nominated unless there is an\n  entity that has the corresponding private key. This is intended to prevent errors in the addition\n  process.\n\n  The governor private key should typically be held in a secure cold wallet or managed via a\n  multi-sig contract.\n*/\n/*\n  Implements Governance for the proxy contract.\n  It is a thin wrapper to the Governance contract,\n  which is needed so that it can have non-colliding function names,\n  and a specific tag (key) to allow unique state storage.\n*/\ncontract ProxyGovernance is Governance {\n\n    // The tag is the string key that is used in the Governance storage mapping.\n    string public constant PROXY_GOVERNANCE_TAG = \"StarkEx.Proxy.2019.GovernorsInformation\";\n\n    function getGovernanceTag()\n        internal\n        pure\n        override\n        returns (string memory tag) {\n        tag = PROXY_GOVERNANCE_TAG;\n    }\n\n    function proxyIsGovernor(address testGovernor) external view returns (bool) {\n        return isGovernor(testGovernor);\n    }\n\n    function proxyNominateNewGovernor(address newGovernor) external {\n        nominateNewGovernor(newGovernor);\n    }\n\n    function proxyRemoveGovernor(address governorForRemoval) external {\n        removeGovernor(governorForRemoval);\n    }\n\n    function proxyAcceptGovernance()\n        external\n    {\n        acceptGovernance();\n    }\n\n    function proxyCancelNomination() external {\n        cancelNomination();\n    }\n}\n"},"ProxyStorage.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nimport \"GovernanceStorage.sol\";\n\n/*\n  Holds the Proxy-specific state variables.\n  This contract is inherited by the GovernanceStorage (and indirectly by MainStorage)\n  to prevent collision hazard.\n*/\ncontract ProxyStorage is GovernanceStorage {\n\n    // NOLINTNEXTLINE: naming-convention uninitialized-state.\n    mapping (address =\u003e bytes32) internal initializationHash_DEPRECATED;\n\n    // The time after which we can switch to the implementation.\n    // Hash(implementation, data, finalize) =\u003e time.\n    mapping (bytes32 =\u003e uint256) internal enabledTime;\n\n    // A central storage of the flags whether implementation has been initialized.\n    // Note - it can be used flexibly enough to accommodate multiple levels of initialization\n    // (i.e. using different key salting schemes for different initialization levels).\n    mapping (bytes32 =\u003e bool) internal initialized;\n}\n"},"StorageSlots.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\n/**\n  StorageSlots holds the arbitrary storage slots used throughout the Proxy pattern.\n  Storage address slots are a mechanism to define an arbitrary location, that will not be\n  overlapped by the logical contracts.\n*/\ncontract StorageSlots {\n    // Storage slot with the address of the current implementation.\n    // The address of the slot is keccak256(\"StarkWare2019.implemntation-slot\").\n    // We need to keep this variable stored outside of the commonly used space,\n    // so that it\u0027s not overrun by the logical implementation (the proxied contract).\n    bytes32 internal constant IMPLEMENTATION_SLOT =\n    0x177667240aeeea7e35eabe3a35e18306f336219e1386f7710a6bf8783f761b24;\n\n    // Storage slot with the address of the call-proxy current implementation.\n    // The address of the slot is keccak256(\"\u0027StarkWare2020.CallProxy.Implemntation.Slot\u0027\").\n    // We need to keep this variable stored outside of the commonly used space.\n    // so that it\u0027s not overrun by the logical implementation (the proxied contract).\n    bytes32 internal constant CALL_PROXY_IMPL_SLOT =\n    0x7184681641399eb4ad2fdb92114857ee6ff239f94ad635a1779978947b8843be;\n\n    // This storage slot stores the finalization flag.\n    // Once the value stored in this slot is set to non-zero\n    // the proxy blocks implementation upgrades.\n    // The current implementation is then referred to as Finalized.\n    // Web3.solidityKeccak([\u0027string\u0027], [\"StarkWare2019.finalization-flag-slot\"]).\n    bytes32 internal constant FINALIZED_STATE_SLOT =\n    0x7d433c6f837e8f93009937c466c82efbb5ba621fae36886d0cac433c5d0aa7d2;\n\n    // Storage slot to hold the upgrade delay (time-lock).\n    // The intention of this slot is to allow modification using an EIC.\n    // Web3.solidityKeccak([\u0027string\u0027], [\u0027StarkWare.Upgradibility.Delay.Slot\u0027]).\n    bytes32 public constant UPGRADE_DELAY_SLOT =\n    0xc21dbb3089fcb2c4f4c6a67854ab4db2b0f233ea4b21b21f912d52d18fc5db1f;\n}\n"}}

{"BlockDirectCall.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\n/*\n  This contract provides means to block direct call of an external function.\n  A derived contract (e.g. MainDispatcherBase) should decorate sensitive functions with the\n  notCalledDirectly modifier, thereby preventing it from being called directly, and allowing only calling\n  using delegate_call.\n\n  This Guard contract uses pseudo-random slot, So each deployed contract would have its own guard.\n*/\nabstract contract BlockDirectCall {\n    bytes32 immutable UNIQUE_SAFEGUARD_SLOT; // NOLINT naming-convention.\n\n    constructor() internal {\n        // The slot is pseudo-random to allow hierarchy of contracts with guarded functions.\n        bytes32 slot = keccak256(abi.encode(this, block.timestamp, gasleft()));\n        UNIQUE_SAFEGUARD_SLOT = slot;\n        assembly {\n            sstore(slot, 42)\n        }\n    }\n\n    modifier notCalledDirectly() {\n        {\n            // Prevent too many local variables in stack.\n            uint256 safeGuardValue;\n            bytes32 slot = UNIQUE_SAFEGUARD_SLOT;\n            assembly {\n                safeGuardValue := sload(slot)\n            }\n            require(safeGuardValue == 0, \"DIRECT_CALL_DISALLOWED\");\n        }\n        _;\n    }\n}\n"},"Common.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\n/*\n  Common Utility librarries.\n  I. Addresses (extending address).\n*/\nlibrary Addresses {\n    function isContract(address account) internal view returns (bool) {\n        uint256 size;\n        assembly {\n            size := extcodesize(account)\n        }\n        return size \u003e 0;\n    }\n\n    function performEthTransfer(address recipient, uint256 amount) internal {\n        (bool success, ) = recipient.call{value: amount}(\"\"); // NOLINT: low-level-calls.\n        require(success, \"ETH_TRANSFER_FAILED\");\n    }\n\n    /*\n      Safe wrapper around ERC20/ERC721 calls.\n      This is required because many deployed ERC20 contracts don\u0027t return a value.\n      See https://github.com/ethereum/solidity/issues/4116.\n    */\n    function safeTokenContractCall(address tokenAddress, bytes memory callData) internal {\n        require(isContract(tokenAddress), \"BAD_TOKEN_ADDRESS\");\n        // NOLINTNEXTLINE: low-level-calls.\n        (bool success, bytes memory returndata) = tokenAddress.call(callData);\n        require(success, string(returndata));\n\n        if (returndata.length \u003e 0) {\n            require(abi.decode(returndata, (bool)), \"TOKEN_OPERATION_FAILED\");\n        }\n    }\n\n    /*\n      Validates that the passed contract address is of a real contract,\n      and that its id hash (as infered fromn identify()) matched the expected one.\n    */\n    function validateContractId(address contractAddress, bytes32 expectedIdHash) internal {\n        require(isContract(contractAddress), \"ADDRESS_NOT_CONTRACT\");\n        (bool success, bytes memory returndata) = contractAddress.call( // NOLINT: low-level-calls.\n            abi.encodeWithSignature(\"identify()\")\n        );\n        require(success, \"FAILED_TO_IDENTIFY_CONTRACT\");\n        string memory realContractId = abi.decode(returndata, (string));\n        require(\n            keccak256(abi.encodePacked(realContractId)) == expectedIdHash,\n            \"UNEXPECTED_CONTRACT_IDENTIFIER\"\n        );\n    }\n}\n\n/*\n  II. StarkExTypes - Common data types.\n*/\nlibrary StarkExTypes {\n    // Structure representing a list of verifiers (validity/availability).\n    // A statement is valid only if all the verifiers in the list agree on it.\n    // Adding a verifier to the list is immediate - this is used for fast resolution of\n    // any soundness issues.\n    // Removing from the list is time-locked, to ensure that any user of the system\n    // not content with the announced removal has ample time to leave the system before it is\n    // removed.\n    struct ApprovalChainData {\n        address[] list;\n        // Represents the time after which the verifier with the given address can be removed.\n        // Removal of the verifier with address A is allowed only in the case the value\n        // of unlockedForRemovalTime[A] != 0 and unlockedForRemovalTime[A] \u003c (current time).\n        mapping(address =\u003e uint256) unlockedForRemovalTime;\n    }\n}\n"},"GovernanceStorage.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\n/*\n  Holds the governance slots for ALL entities, including proxy and the main contract.\n*/\ncontract GovernanceStorage {\n    struct GovernanceInfoStruct {\n        mapping(address =\u003e bool) effectiveGovernors;\n        address candidateGovernor;\n        bool initialized;\n    }\n\n    // A map from a Governor tag to its own GovernanceInfoStruct.\n    mapping(string =\u003e GovernanceInfoStruct) internal governanceInfo;\n}\n"},"Identity.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\ninterface Identity {\n    /*\n      Allows a caller, typically another contract,\n      to ensure that the provided address is of the expected type and version.\n    */\n    function identify() external pure returns (string memory);\n}\n"},"IDispatcherBase.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\n/*\n  Interface for generic dispatcher to use,\n  which the concrete dispatcher must implement.\n\n  I contains the functions that are specific to the concrete dispatcher instance.\n\n  The interface is implemented as contract, because interface implies all methods external.\n*/\nabstract contract IDispatcherBase {\n    function getSubContract(bytes4 selector) internal view virtual returns (address);\n\n    function setSubContractAddress(uint256 index, address subContract) internal virtual;\n\n    function getNumSubcontracts() internal pure virtual returns (uint256);\n\n    function validateSubContractIndex(uint256 index, address subContract) internal pure virtual;\n\n    /*\n      Ensures initializer can be called. Reverts otherwise.\n    */\n    function initializationSentinel() internal view virtual;\n}\n"},"MainDispatcher.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nimport \"MainStorage.sol\";\nimport \"MainDispatcherBase.sol\";\n\nabstract contract MainDispatcher is MainStorage, MainDispatcherBase {\n    uint256 constant SUBCONTRACT_BITS = 4;\n\n    function magicSalt() internal pure virtual returns (uint256);\n\n    function handlerMapSection(uint256 section) internal view virtual returns (uint256);\n\n    function expectedIdByIndex(uint256 index) internal pure virtual returns (string memory id);\n\n    function validateSubContractIndex(uint256 index, address subContract) internal pure override {\n        string memory id = SubContractor(subContract).identify();\n        bytes32 hashed_expected_id = keccak256(abi.encodePacked(expectedIdByIndex(index)));\n        require(\n            hashed_expected_id == keccak256(abi.encodePacked(id)),\n            \"MISPLACED_INDEX_OR_BAD_CONTRACT_ID\"\n        );\n    }\n\n    function getSubContract(bytes4 selector) internal view override returns (address) {\n        uint256 location = 0xFF \u0026 uint256(keccak256(abi.encodePacked(selector, magicSalt())));\n        uint256 subContractIdx;\n        uint256 offset = (SUBCONTRACT_BITS * location) % 256;\n\n        // We have 64 locations in each register, hence the \u003e\u003e6 (i.e. location // 64).\n        subContractIdx = (handlerMapSection(location \u003e\u003e 6) \u003e\u003e offset) \u0026 0xF;\n        return subContracts[subContractIdx];\n    }\n\n    function setSubContractAddress(uint256 index, address subContractAddress) internal override {\n        subContracts[index] = subContractAddress;\n    }\n}\n"},"MainDispatcherBase.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nimport \"SubContractor.sol\";\nimport \"IDispatcherBase.sol\";\nimport \"BlockDirectCall.sol\";\nimport \"Common.sol\";\n\nabstract contract MainDispatcherBase is IDispatcherBase, BlockDirectCall {\n    using Addresses for address;\n\n    /*\n      This entry point serves only transactions with empty calldata. (i.e. pure value transfer tx).\n      We don\u0027t expect to receive such, thus block them.\n    */\n    receive() external payable {\n        revert(\"CONTRACT_NOT_EXPECTED_TO_RECEIVE\");\n    }\n\n    fallback() external payable {\n        address subContractAddress = getSubContract(msg.sig);\n        require(subContractAddress != address(0x0), \"NO_CONTRACT_FOR_FUNCTION\");\n\n        assembly {\n            // Copy msg.data. We take full control of memory in this inline assembly\n            // block because it will not return to Solidity code. We overwrite the\n            // Solidity scratch pad at memory position 0.\n            calldatacopy(0, 0, calldatasize())\n\n            // Call the implementation.\n            // out and outsize are 0 for now, as we don\"t know the out size yet.\n            let result := delegatecall(gas(), subContractAddress, 0, calldatasize(), 0, 0)\n\n            // Copy the returned data.\n            returndatacopy(0, 0, returndatasize())\n\n            switch result\n            // delegatecall returns 0 on error.\n            case 0 {\n                revert(0, returndatasize())\n            }\n            default {\n                return(0, returndatasize())\n            }\n        }\n    }\n\n    /*\n      1. Extract subcontracts.\n      2. Verify correct sub-contract initializer size.\n      3. Extract sub-contract initializer data.\n      4. Call sub-contract initializer.\n\n      The init data bytes passed to initialize are structed as following:\n      I. N slots (uin256 size) addresses of the deployed sub-contracts.\n      II. An address of an external initialization contract (optional, or ZERO_ADDRESS).\n      III. (Up to) N bytes sections of the sub-contracts initializers.\n\n      If already initialized (i.e. upgrade) we expect the init data to be consistent with this.\n      and if a different size of init data is expected when upgrading, the initializerSize should\n      reflect this.\n\n      If an external initializer contract is not used, ZERO_ADDRESS is passed in its slot.\n      If the external initializer contract is used, all the remaining init data is passed to it,\n      and internal initialization will not occur.\n\n      External Initialization Contract\n      --------------------------------\n      External Initialization Contract (EIC) is a hook for custom initialization.\n      Typically in an upgrade flow, the expected initialization contains only the addresses of\n      the sub-contracts. Normal initialization of the sub-contracts is such that is not needed\n      in an upgrade, and actually may be very dangerous, as changing of state on a working system\n      may corrupt it.\n\n      In the event that some state initialization is required, the EIC is a hook that allows this.\n      It may be deployed and called specifically for this purpose.\n\n      The address of the EIC must be provided (if at all) when a new implementation is added to\n      a Proxy contract (as part of the initialization vector).\n      Hence, it is considered part of the code open to reviewers prior to a time-locked upgrade.\n\n      When a custom initialization is performed using an EIC,\n      the main dispatcher initialize extracts and stores the sub-contracts addresses, and then\n      yields to the EIC, skipping the rest of its initialization code.\n\n\n      Flow of MainDispatcher initialize\n      ---------------------------------\n      1. Extraction and assignment of subcontracts addresses\n         Main dispatcher expects a valid and consistent set of addresses in the passed data.\n         It validates that, extracts the addresses from the data, and validates that the addresses\n         are of the expected type and order. Then those addresses are stored.\n\n      2. Extraction of EIC address\n         The address of the EIC is extracted from the data.\n         External Initializer Contract is optional. ZERO_ADDRESS indicates it is not used.\n\n      3a. EIC is used\n          Dispatcher calls the EIC initialize function with the remaining data.\n          Note - In this option 3b is not performed.\n\n      3b. EIC is not used\n          If there is additional initialization data then:\n          I. Sentitenl function is called to permit subcontracts initialization.\n          II. Dispatcher loops through the subcontracts and for each one it extracts the\n              initializing data and passes it to the subcontract\u0027s initialize function.\n\n    */\n    function initialize(bytes calldata data) external virtual notCalledDirectly {\n        // Number of sub-contracts.\n        uint256 nSubContracts = getNumSubcontracts();\n\n        // We support currently 4 bits per contract, i.e. 16, reserving 00 leads to 15.\n        require(nSubContracts \u003c= 15, \"TOO_MANY_SUB_CONTRACTS\");\n\n        // Sum of subcontract initializers. Aggregated for verification near the end.\n        uint256 totalInitSizes = 0;\n\n        // Offset (within data) of sub-contract initializer vector.\n        // Just past the sub-contract+eic addresses.\n        uint256 initDataContractsOffset = 32 * (nSubContracts + 1);\n\n        // Init data MUST include addresses for all sub-contracts + EIC.\n        require(data.length \u003e= initDataContractsOffset, \"SUB_CONTRACTS_NOT_PROVIDED\");\n\n        // Size of passed data, excluding sub-contract addresses.\n        uint256 additionalDataSize = data.length - initDataContractsOffset;\n\n        // Extract \u0026 update contract addresses.\n        for (uint256 nContract = 1; nContract \u003c= nSubContracts; nContract++) {\n            // Extract sub-contract address.\n            address contractAddress = abi.decode(\n                data[32 * (nContract - 1):32 * nContract],\n                (address)\n            );\n\n            validateSubContractIndex(nContract, contractAddress);\n\n            // Contracts are indexed from 1 and 0 is not in use here.\n            setSubContractAddress(nContract, contractAddress);\n        }\n\n        // Check if we have an external initializer contract.\n        address externalInitializerAddr = abi.decode(\n            data[initDataContractsOffset - 32:initDataContractsOffset],\n            (address)\n        );\n\n        // 3(a). Yield to EIC initialization.\n        if (externalInitializerAddr != address(0x0)) {\n            callExternalInitializer(externalInitializerAddr, data[initDataContractsOffset:]);\n            return;\n        }\n\n        // 3(b). Subcontracts initialization.\n        // I. If no init data passed besides sub-contracts, return.\n        if (additionalDataSize == 0) {\n            return;\n        }\n\n        // Just to be on the safe side.\n        assert(externalInitializerAddr == address(0x0));\n\n        // II. Gate further initialization.\n        initializationSentinel();\n\n        // III. Loops through the subcontracts, extracts their data and calls their initializer.\n        for (uint256 nContract = 1; nContract \u003c= nSubContracts; nContract++) {\n            // Extract sub-contract address.\n            address contractAddress = abi.decode(\n                data[32 * (nContract - 1):32 * nContract],\n                (address)\n            );\n\n            // The initializerSize is called via delegatecall, so that it can relate to the state,\n            // and not only to the new contract code. (e.g. return 0 if state-intialized else 192).\n            // NOLINTNEXTLINE: controlled-delegatecall low-level-calls calls-loop.\n            (bool success, bytes memory returndata) = contractAddress.delegatecall(\n                abi.encodeWithSelector(SubContractor(contractAddress).initializerSize.selector)\n            );\n            require(success, string(returndata));\n            uint256 initSize = abi.decode(returndata, (uint256));\n            require(initSize \u003c= additionalDataSize, \"INVALID_INITIALIZER_SIZE\");\n            require(totalInitSizes + initSize \u003c= additionalDataSize, \"INVALID_INITIALIZER_SIZE\");\n\n            if (initSize == 0) {\n                continue;\n            }\n\n            // Call sub-contract initializer.\n            // NOLINTNEXTLINE: controlled-delegatecall calls-loop.\n            (success, returndata) = contractAddress.delegatecall(\n                abi.encodeWithSelector(\n                    this.initialize.selector,\n                    data[initDataContractsOffset:initDataContractsOffset + initSize]\n                )\n            );\n            require(success, string(returndata));\n            totalInitSizes += initSize;\n            initDataContractsOffset += initSize;\n        }\n        require(additionalDataSize == totalInitSizes, \"MISMATCHING_INIT_DATA_SIZE\");\n    }\n\n    function callExternalInitializer(address externalInitializerAddr, bytes calldata extInitData)\n        private\n    {\n        require(externalInitializerAddr.isContract(), \"NOT_A_CONTRACT\");\n\n        // NOLINTNEXTLINE: low-level-calls, controlled-delegatecall.\n        (bool success, bytes memory returndata) = externalInitializerAddr.delegatecall(\n            abi.encodeWithSelector(this.initialize.selector, extInitData)\n        );\n        require(success, string(returndata));\n        require(returndata.length == 0, string(returndata));\n    }\n}\n"},"MainStorage.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nimport \"ProxyStorage.sol\";\nimport \"Common.sol\";\n\n/*\n  Holds ALL the main contract state (storage) variables.\n*/\ncontract MainStorage is ProxyStorage {\n    uint256 internal constant LAYOUT_LENGTH = 2**64;\n\n    address escapeVerifierAddress; // NOLINT: constable-states.\n\n    // Global dex-frozen flag.\n    bool stateFrozen; // NOLINT: constable-states.\n\n    // Time when unFreeze can be successfully called (UNFREEZE_DELAY after freeze).\n    uint256 unFreezeTime; // NOLINT: constable-states.\n\n    // Pending deposits.\n    // A map STARK key =\u003e asset id =\u003e vault id =\u003e quantized amount.\n    mapping(uint256 =\u003e mapping(uint256 =\u003e mapping(uint256 =\u003e uint256))) pendingDeposits;\n\n    // Cancellation requests.\n    // A map STARK key =\u003e asset id =\u003e vault id =\u003e request timestamp.\n    mapping(uint256 =\u003e mapping(uint256 =\u003e mapping(uint256 =\u003e uint256))) cancellationRequests;\n\n    // Pending withdrawals.\n    // A map STARK key =\u003e asset id =\u003e quantized amount.\n    mapping(uint256 =\u003e mapping(uint256 =\u003e uint256)) pendingWithdrawals;\n\n    // vault_id =\u003e escape used boolean.\n    mapping(uint256 =\u003e bool) escapesUsed;\n\n    // Number of escapes that were performed when frozen.\n    uint256 escapesUsedCount; // NOLINT: constable-states.\n\n    // NOTE: fullWithdrawalRequests is deprecated, and replaced by forcedActionRequests.\n    // NOLINTNEXTLINE naming-convention.\n    mapping(uint256 =\u003e mapping(uint256 =\u003e uint256)) fullWithdrawalRequests_DEPRECATED;\n\n    // State sequence number.\n    uint256 sequenceNumber; // NOLINT: constable-states uninitialized-state.\n\n    // Vaults Tree Root \u0026 Height.\n    uint256 vaultRoot; // NOLINT: constable-states uninitialized-state.\n    uint256 vaultTreeHeight; // NOLINT: constable-states uninitialized-state.\n\n    // Order Tree Root \u0026 Height.\n    uint256 orderRoot; // NOLINT: constable-states uninitialized-state.\n    uint256 orderTreeHeight; // NOLINT: constable-states uninitialized-state.\n\n    // True if and only if the address is allowed to add tokens.\n    mapping(address =\u003e bool) tokenAdmins;\n\n    // This mapping is no longer in use, remains for backwards compatibility.\n    mapping(address =\u003e bool) userAdmins_DEPRECATED; // NOLINT: naming-convention.\n\n    // True if and only if the address is an operator (allowed to update state).\n    mapping(address =\u003e bool) operators;\n\n    // Mapping of contract ID to asset data.\n    mapping(uint256 =\u003e bytes) assetTypeToAssetInfo; // NOLINT: uninitialized-state.\n\n    // Mapping of registered contract IDs.\n    mapping(uint256 =\u003e bool) registeredAssetType; // NOLINT: uninitialized-state.\n\n    // Mapping from contract ID to quantum.\n    mapping(uint256 =\u003e uint256) assetTypeToQuantum; // NOLINT: uninitialized-state.\n\n    // This mapping is no longer in use, remains for backwards compatibility.\n    mapping(address =\u003e uint256) starkKeys_DEPRECATED; // NOLINT: naming-convention.\n\n    // Mapping from STARK public key to the Ethereum public key of its owner.\n    mapping(uint256 =\u003e address) ethKeys; // NOLINT: uninitialized-state.\n\n    // Timelocked state transition and availability verification chain.\n    StarkExTypes.ApprovalChainData verifiersChain;\n    StarkExTypes.ApprovalChainData availabilityVerifiersChain;\n\n    // Batch id of last accepted proof.\n    uint256 lastBatchId; // NOLINT: constable-states uninitialized-state.\n\n    // Mapping between sub-contract index to sub-contract address.\n    mapping(uint256 =\u003e address) subContracts; // NOLINT: uninitialized-state.\n\n    mapping(uint256 =\u003e bool) permissiveAssetType_DEPRECATED; // NOLINT: naming-convention.\n    // ---- END OF MAIN STORAGE AS DEPLOYED IN STARKEX2.0 ----\n\n    // Onchain-data version configured for the system.\n    uint256 onchainDataVersion; // NOLINT: constable-states uninitialized-state.\n\n    // Counter of forced action request in block. The key is the block number.\n    mapping(uint256 =\u003e uint256) forcedRequestsInBlock;\n\n    // ForcedAction requests: actionHash =\u003e requestTime.\n    mapping(bytes32 =\u003e uint256) forcedActionRequests;\n\n    // Mapping for timelocked actions.\n    // A actionKey =\u003e activation time.\n    mapping(bytes32 =\u003e uint256) actionsTimeLock;\n\n    // Append only list of requested forced action hashes.\n    bytes32[] actionHashList;\n\n    // Reserved storage space for Extensibility.\n    // Every added MUST be added above the end gap, and the __endGap size must be reduced\n    // accordingly.\n    // NOLINTNEXTLINE: naming-convention.\n    uint256[LAYOUT_LENGTH - 37] private __endGap; // __endGap complements layout to LAYOUT_LENGTH.\n}\n"},"ProxyStorage.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nimport \"GovernanceStorage.sol\";\n\n/*\n  Holds the Proxy-specific state variables.\n  This contract is inherited by the GovernanceStorage (and indirectly by MainStorage)\n  to prevent collision hazard.\n*/\ncontract ProxyStorage is GovernanceStorage {\n    // NOLINTNEXTLINE: naming-convention uninitialized-state.\n    mapping(address =\u003e bytes32) internal initializationHash_DEPRECATED;\n\n    // The time after which we can switch to the implementation.\n    // Hash(implementation, data, finalize) =\u003e time.\n    mapping(bytes32 =\u003e uint256) internal enabledTime;\n\n    // A central storage of the flags whether implementation has been initialized.\n    // Note - it can be used flexibly enough to accommodate multiple levels of initialization\n    // (i.e. using different key salting schemes for different initialization levels).\n    mapping(bytes32 =\u003e bool) internal initialized;\n}\n"},"StarkExchange.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nimport \"MainDispatcher.sol\";\n\ncontract StarkExchange is MainDispatcher {\n    string public constant VERSION = \"4.0.1\";\n\n    // Salt for a 8 bit unique spread of all relevant selectors. Pre-caclulated.\n    // ---------- The following code was auto-generated. PLEASE DO NOT EDIT. ----------\n    uint256 constant MAGIC_SALT = 46110;\n    uint256 constant IDX_MAP_0 = 0x30006100050005012000102002000001200000010001100500200000000020;\n    uint256 constant IDX_MAP_1 = 0x120000105000000501200000120502000000200452005000202002030500003;\n    uint256 constant IDX_MAP_2 = 0x1020000000003020000502203000300000200000000001000100330010220001;\n    uint256 constant IDX_MAP_3 = 0x200230200020300001401200000000100020011200000002020000010000301;\n\n    // ---------- End of auto-generated code. ----------\n\n    function getNumSubcontracts() internal pure override returns (uint256) {\n        return 6;\n    }\n\n    function magicSalt() internal pure override returns (uint256) {\n        return MAGIC_SALT;\n    }\n\n    function handlerMapSection(uint256 section) internal view override returns (uint256) {\n        if (section == 0) {\n            return IDX_MAP_0;\n        } else if (section == 1) {\n            return IDX_MAP_1;\n        } else if (section == 2) {\n            return IDX_MAP_2;\n        } else if (section == 3) {\n            return IDX_MAP_3;\n        }\n        revert(\"BAD_IDX_MAP_SECTION\");\n    }\n\n    function expectedIdByIndex(uint256 index) internal pure override returns (string memory id) {\n        if (index == 1) {\n            id = \"StarkWare_AllVerifiers_2020_1\";\n        } else if (index == 2) {\n            id = \"StarkWare_TokensAndRamping_2020_1\";\n        } else if (index == 3) {\n            id = \"StarkWare_StarkExState_2021_1\";\n        } else if (index == 4) {\n            id = \"StarkWare_ForcedActions_2020_1\";\n        } else if (index == 5) {\n            id = \"StarkWare_OnchainVaults_2021_1\";\n        } else if (index == 6) {\n            id = \"StarkWare_ProxyUtils_2021_1\";\n        } else {\n            revert(\"UNEXPECTED_INDEX\");\n        }\n    }\n\n    function initializationSentinel() internal view override {\n        string memory REVERT_MSG = \"INITIALIZATION_BLOCKED\";\n        // This initializer sets roots etc. It must not be applied twice.\n        // I.e. it can run only when the state is still empty.\n        require(vaultRoot == 0, REVERT_MSG);\n        require(vaultTreeHeight == 0, REVERT_MSG);\n        require(orderRoot == 0, REVERT_MSG);\n        require(orderTreeHeight == 0, REVERT_MSG);\n    }\n}\n"},"SubContractor.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nimport \"Identity.sol\";\n\ninterface SubContractor is Identity {\n    function initialize(bytes calldata data) external;\n\n    function initializerSize() external view returns (uint256);\n}\n"}}

{"AcceptModifications.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nimport \"LibConstants.sol\";\nimport \"MAcceptModifications.sol\";\nimport \"MTokenQuantization.sol\";\nimport \"MainStorage.sol\";\n\n/*\n  Interface containing actions a verifier can invoke on the state.\n  The contract containing the state should implement these and verify correctness.\n*/\nabstract contract AcceptModifications is\n    MainStorage,\n    LibConstants,\n    MAcceptModifications,\n    MTokenQuantization\n{\n    event LogWithdrawalAllowed(\n        uint256 ownerKey,\n        uint256 assetType,\n        uint256 nonQuantizedAmount,\n        uint256 quantizedAmount\n    );\n\n    event LogNftWithdrawalAllowed(uint256 ownerKey, uint256 assetId);\n\n    event LogMintableWithdrawalAllowed(uint256 ownerKey, uint256 assetId, uint256 quantizedAmount);\n\n    /*\n      Transfers funds from the on-chain deposit area to the off-chain area.\n      Implemented in the Deposits contracts.\n    */\n    function acceptDeposit(\n        uint256 ownerKey,\n        uint256 vaultId,\n        uint256 assetId,\n        uint256 quantizedAmount\n    ) internal virtual override {\n        // Fetch deposit.\n        require(\n            pendingDeposits[ownerKey][assetId][vaultId] \u003e= quantizedAmount,\n            \"DEPOSIT_INSUFFICIENT\"\n        );\n\n        // Subtract accepted quantized amount.\n        pendingDeposits[ownerKey][assetId][vaultId] -= quantizedAmount;\n    }\n\n    /*\n      Transfers funds from the off-chain area to the on-chain withdrawal area.\n    */\n    function allowWithdrawal(\n        uint256 ownerKey,\n        uint256 assetId,\n        uint256 quantizedAmount\n    ) internal override {\n        // Fetch withdrawal.\n        uint256 withdrawal = pendingWithdrawals[ownerKey][assetId];\n\n        // Add accepted quantized amount.\n        withdrawal += quantizedAmount;\n        require(withdrawal \u003e= quantizedAmount, \"WITHDRAWAL_OVERFLOW\");\n\n        // Store withdrawal.\n        pendingWithdrawals[ownerKey][assetId] = withdrawal;\n\n        // Log event.\n        uint256 presumedAssetType = assetId;\n        if (registeredAssetType[presumedAssetType]) {\n            emit LogWithdrawalAllowed(\n                ownerKey,\n                presumedAssetType,\n                fromQuantized(presumedAssetType, quantizedAmount),\n                quantizedAmount\n            );\n        } else if (assetId == ((assetId \u0026 MASK_240) | MINTABLE_ASSET_ID_FLAG)) {\n            emit LogMintableWithdrawalAllowed(ownerKey, assetId, quantizedAmount);\n        } else {\n            // Default case is Non-Mintable ERC721 asset id.\n            require(assetId == assetId \u0026 MASK_250, \"INVALID_NFT_ASSET_ID\");\n            // In ERC721 case, assetId is not the assetType.\n            require(withdrawal \u003c= 1, \"INVALID_NFT_AMOUNT\");\n            emit LogNftWithdrawalAllowed(ownerKey, assetId);\n        }\n    }\n\n    // Verifier authorizes withdrawal.\n    function acceptWithdrawal(\n        uint256 ownerKey,\n        uint256 assetId,\n        uint256 quantizedAmount\n    ) internal virtual override {\n        allowWithdrawal(ownerKey, assetId, quantizedAmount);\n    }\n}\n"},"ActionHash.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nimport \"MainStorage.sol\";\nimport \"LibConstants.sol\";\n\n/*\n  Calculation action hash for the various forced actions in a generic manner.\n*/\ncontract ActionHash is MainStorage, LibConstants {\n    function getActionHash(string memory actionName, bytes memory packedActionParameters)\n        internal\n        pure\n        returns (bytes32 actionHash)\n    {\n        actionHash = keccak256(abi.encodePacked(actionName, packedActionParameters));\n    }\n\n    function setActionHash(bytes32 actionHash, bool premiumCost) internal {\n        // The rate of forced trade requests is restricted.\n        // First restriction is by capping the number of requests in a block.\n        // User can override this cap by requesting with a permium flag set,\n        // in this case, the gas cost is high (~1M) but no \"technical\" limit is set.\n        // However, the high gas cost creates an obvious limitation due to the block gas limit.\n        if (premiumCost) {\n            for (uint256 i = 0; i \u003c 21129; i++) {}\n        } else {\n            require(\n                forcedRequestsInBlock[block.number] \u003c MAX_FORCED_ACTIONS_REQS_PER_BLOCK,\n                \"MAX_REQUESTS_PER_BLOCK_REACHED\"\n            );\n            forcedRequestsInBlock[block.number] += 1;\n        }\n        forcedActionRequests[actionHash] = block.timestamp;\n        actionHashList.push(actionHash);\n    }\n\n    function getActionCount() external view returns (uint256) {\n        return actionHashList.length;\n    }\n\n    function getActionHashByIndex(uint256 actionIndex) external view returns (bytes32) {\n        require(actionIndex \u003c actionHashList.length, \"ACTION_INDEX_TOO_HIGH\");\n        return actionHashList[actionIndex];\n    }\n}\n"},"Common.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\n/*\n  Common Utility librarries.\n  I. Addresses (extending address).\n*/\nlibrary Addresses {\n    function isContract(address account) internal view returns (bool) {\n        uint256 size;\n        assembly {\n            size := extcodesize(account)\n        }\n        return size \u003e 0;\n    }\n\n    function performEthTransfer(address recipient, uint256 amount) internal {\n        (bool success, ) = recipient.call{value: amount}(\"\"); // NOLINT: low-level-calls.\n        require(success, \"ETH_TRANSFER_FAILED\");\n    }\n\n    /*\n      Safe wrapper around ERC20/ERC721 calls.\n      This is required because many deployed ERC20 contracts don\u0027t return a value.\n      See https://github.com/ethereum/solidity/issues/4116.\n    */\n    function safeTokenContractCall(address tokenAddress, bytes memory callData) internal {\n        require(isContract(tokenAddress), \"BAD_TOKEN_ADDRESS\");\n        // NOLINTNEXTLINE: low-level-calls.\n        (bool success, bytes memory returndata) = tokenAddress.call(callData);\n        require(success, string(returndata));\n\n        if (returndata.length \u003e 0) {\n            require(abi.decode(returndata, (bool)), \"TOKEN_OPERATION_FAILED\");\n        }\n    }\n\n    /*\n      Validates that the passed contract address is of a real contract,\n      and that its id hash (as infered fromn identify()) matched the expected one.\n    */\n    function validateContractId(address contractAddress, bytes32 expectedIdHash) internal {\n        require(isContract(contractAddress), \"ADDRESS_NOT_CONTRACT\");\n        (bool success, bytes memory returndata) = contractAddress.call( // NOLINT: low-level-calls.\n            abi.encodeWithSignature(\"identify()\")\n        );\n        require(success, \"FAILED_TO_IDENTIFY_CONTRACT\");\n        string memory realContractId = abi.decode(returndata, (string));\n        require(\n            keccak256(abi.encodePacked(realContractId)) == expectedIdHash,\n            \"UNEXPECTED_CONTRACT_IDENTIFIER\"\n        );\n    }\n}\n\n/*\n  II. StarkExTypes - Common data types.\n*/\nlibrary StarkExTypes {\n    // Structure representing a list of verifiers (validity/availability).\n    // A statement is valid only if all the verifiers in the list agree on it.\n    // Adding a verifier to the list is immediate - this is used for fast resolution of\n    // any soundness issues.\n    // Removing from the list is time-locked, to ensure that any user of the system\n    // not content with the announced removal has ample time to leave the system before it is\n    // removed.\n    struct ApprovalChainData {\n        address[] list;\n        // Represents the time after which the verifier with the given address can be removed.\n        // Removal of the verifier with address A is allowed only in the case the value\n        // of unlockedForRemovalTime[A] != 0 and unlockedForRemovalTime[A] \u003c (current time).\n        mapping(address =\u003e uint256) unlockedForRemovalTime;\n    }\n}\n"},"CompositeActions.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nimport \"MDeposits.sol\";\n\nabstract contract CompositeActions is MDeposits {\n    function registerAndDepositERC20(\n        address ethKey,\n        uint256 starkKey,\n        bytes calldata signature,\n        uint256 assetType,\n        uint256 vaultId,\n        uint256 quantizedAmount\n    ) external {\n        depositERC20(starkKey, assetType, vaultId, quantizedAmount);\n    }\n\n    // NOLINTNEXTLINE: locked-ether.\n    function registerAndDepositEth(\n        address ethKey,\n        uint256 starkKey,\n        bytes calldata signature,\n        uint256 assetType,\n        uint256 vaultId\n    ) external payable {\n        depositEth(starkKey, assetType, vaultId);\n    }\n}\n"},"Deposits.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nimport \"LibConstants.sol\";\nimport \"MAcceptModifications.sol\";\nimport \"MDeposits.sol\";\nimport \"MTokenQuantization.sol\";\nimport \"MTokenAssetData.sol\";\nimport \"MFreezable.sol\";\nimport \"MKeyGetters.sol\";\nimport \"MTokenTransfers.sol\";\nimport \"MainStorage.sol\";\n\n/**\n  For a user to perform a deposit to the contract two calls need to take place:\n\n  1. A call to an ERC20 contract, authorizing this contract to transfer funds on behalf of the user.\n  2. A call to :sol:func:`deposit` indicating the starkKey, amount, asset type and target vault ID to which to send the deposit.\n\n  The amount should be quantized, according to the specific quantization defined for the asset type.\n\n  The result of the operation, assuming all requirements are met, is that an amount of ERC20 tokens\n  equaling the amount specified in the :sol:func:`deposit` call times the quantization factor is\n  transferred on behalf of the user to the contract. In addition, the contract adds the funds to an\n  accumulator of pending deposits for the provided user, asset ID and vault ID.\n\n  Once a deposit is made, the exchange may include it in a proof which will result in addition\n  of the amount(s) deposited to the off-chain vault with the specified ID. When the contract\n  receives such valid proof, it deducts the transfered funds from the pending deposits for the\n  specified Stark key, asset ID and vault ID.\n\n  The exchange will not be able to move the deposited funds to the off-chain vault if the Stark key\n  is not registered in the system.\n\n  Until that point, the user may cancel the deposit by performing a time-locked cancel-deposit\n  operation consisting of two calls:\n\n  1. A call to :sol:func:`depositCancel`, setting a timer to enable reclaiming the deposit. Until this timer expires the user cannot reclaim funds as the exchange may still be processing the deposit for inclusion in the off chain vault.\n  2. A call to :sol:func:`depositReclaim`, to perform the actual transfer of funds from the contract back to the ERC20 contract. This will only succeed if the timer set in the previous call has expired. The result should be the transfer of all funds not accounted for in proofs for off-chain inclusion, back to the user account on the ERC20 contract.\n\n  Calling depositCancel and depositReclaim can only be done via an ethKey that is associated with\n  that vault\u0027s starkKey. This is enforced by the contract.\n\n*/\nabstract contract Deposits is\n    MainStorage,\n    LibConstants,\n    MAcceptModifications,\n    MDeposits,\n    MTokenQuantization,\n    MTokenAssetData,\n    MFreezable,\n    MKeyGetters,\n    MTokenTransfers\n{\n    event LogDeposit(\n        address depositorEthKey,\n        uint256 starkKey,\n        uint256 vaultId,\n        uint256 assetType,\n        uint256 nonQuantizedAmount,\n        uint256 quantizedAmount\n    );\n\n    event LogNftDeposit(\n        address depositorEthKey,\n        uint256 starkKey,\n        uint256 vaultId,\n        uint256 assetType,\n        uint256 tokenId,\n        uint256 assetId\n    );\n\n    event LogDepositCancel(uint256 starkKey, uint256 vaultId, uint256 assetId);\n\n    event LogDepositCancelReclaimed(\n        uint256 starkKey,\n        uint256 vaultId,\n        uint256 assetType,\n        uint256 nonQuantizedAmount,\n        uint256 quantizedAmount\n    );\n\n    event LogDepositNftCancelReclaimed(\n        uint256 starkKey,\n        uint256 vaultId,\n        uint256 assetType,\n        uint256 tokenId,\n        uint256 assetId\n    );\n\n    function getDepositBalance(\n        uint256 starkKey,\n        uint256 assetId,\n        uint256 vaultId\n    ) external view returns (uint256 balance) {\n        uint256 presumedAssetType = assetId;\n        balance = fromQuantized(presumedAssetType, pendingDeposits[starkKey][assetId][vaultId]);\n    }\n\n    function getQuantizedDepositBalance(\n        uint256 starkKey,\n        uint256 assetId,\n        uint256 vaultId\n    ) external view returns (uint256 balance) {\n        balance = pendingDeposits[starkKey][assetId][vaultId];\n    }\n\n    function depositNft(\n        uint256 starkKey,\n        uint256 assetType,\n        uint256 vaultId,\n        uint256 tokenId\n    ) external notFrozen {\n        // The vaultId is not validated but should be in the allowed range supported by the\n        // exchange. If not, it will be ignored by the exchange and the starkKey owner may reclaim\n        // the funds by using depositCancel + depositReclaim.\n\n        require(!isMintableAssetType(assetType), \"MINTABLE_ASSET_TYPE\");\n        require(!isFungibleAssetType(assetType), \"FUNGIBLE_ASSET_TYPE\");\n        uint256 assetId = calculateNftAssetId(assetType, tokenId);\n\n        // Update the balance.\n        pendingDeposits[starkKey][assetId][vaultId] = 1;\n\n        // Disable the cancellationRequest timeout when users deposit into their own account.\n        if (\n            isMsgSenderKeyOwner(starkKey) \u0026\u0026 cancellationRequests[starkKey][assetId][vaultId] != 0\n        ) {\n            delete cancellationRequests[starkKey][assetId][vaultId];\n        }\n\n        // Transfer the tokens to the Deposit contract.\n        transferInNft(assetType, tokenId);\n\n        // Log event.\n        emit LogNftDeposit(msg.sender, starkKey, vaultId, assetType, tokenId, assetId);\n    }\n\n    function getCancellationRequest(\n        uint256 starkKey,\n        uint256 assetId,\n        uint256 vaultId\n    ) external view returns (uint256 request) {\n        request = cancellationRequests[starkKey][assetId][vaultId];\n    }\n\n    function depositERC20(\n        uint256 starkKey,\n        uint256 assetType,\n        uint256 vaultId,\n        uint256 quantizedAmount\n    ) public override {\n        deposit(starkKey, assetType, vaultId, quantizedAmount);\n    }\n\n    // NOLINTNEXTLINE: locked-ether.\n    function depositEth(\n        uint256 starkKey,\n        uint256 assetType,\n        uint256 vaultId\n    ) public payable override {\n        require(isEther(assetType), \"INVALID_ASSET_TYPE\");\n        deposit(starkKey, assetType, vaultId, toQuantized(assetType, msg.value));\n    }\n\n    function deposit(\n        uint256 starkKey,\n        uint256 assetType,\n        uint256 vaultId,\n        uint256 quantizedAmount\n    ) public notFrozen {\n        // The vaultId is not validated but should be in the allowed range supported by the\n        // exchange. If not, it will be ignored by the exchange and the starkKey owner may reclaim\n        // the funds by using depositCancel + depositReclaim.\n\n        // No need to verify amount \u003e 0, a deposit with amount = 0 can be used to undo cancellation.\n        require(!isMintableAssetType(assetType), \"MINTABLE_ASSET_TYPE\");\n        require(isFungibleAssetType(assetType), \"NON_FUNGIBLE_ASSET_TYPE\");\n        uint256 assetId = assetType;\n\n        // Update the balance.\n        pendingDeposits[starkKey][assetId][vaultId] += quantizedAmount;\n        require(pendingDeposits[starkKey][assetId][vaultId] \u003e= quantizedAmount, \"DEPOSIT_OVERFLOW\");\n\n        // Disable the cancellationRequest timeout when users deposit into their own account.\n        if (\n            isMsgSenderKeyOwner(starkKey) \u0026\u0026 cancellationRequests[starkKey][assetId][vaultId] != 0\n        ) {\n            delete cancellationRequests[starkKey][assetId][vaultId];\n        }\n\n        // Transfer the tokens to the Deposit contract.\n        transferIn(assetType, quantizedAmount);\n\n        // Log event.\n        emit LogDeposit(\n            msg.sender,\n            starkKey,\n            vaultId,\n            assetType,\n            fromQuantized(assetType, quantizedAmount),\n            quantizedAmount\n        );\n    }\n\n    function deposit(\n        // NOLINT: locked-ether.\n        uint256 starkKey,\n        uint256 assetType,\n        uint256 vaultId\n    ) external payable {\n        require(isEther(assetType), \"INVALID_ASSET_TYPE\");\n        deposit(starkKey, assetType, vaultId, toQuantized(assetType, msg.value));\n    }\n\n    function depositCancel(\n        uint256 starkKey,\n        uint256 assetId,\n        uint256 vaultId\n    )\n        external\n        onlyKeyOwner(starkKey)\n    // No notFrozen modifier: This function can always be used, even when frozen.\n    {\n        // Start the timeout.\n        cancellationRequests[starkKey][assetId][vaultId] = block.timestamp;\n\n        // Log event.\n        emit LogDepositCancel(starkKey, vaultId, assetId);\n    }\n\n    function depositReclaim(\n        uint256 starkKey,\n        uint256 assetId,\n        uint256 vaultId\n    )\n        external\n        onlyKeyOwner(starkKey)\n    // No notFrozen modifier: This function can always be used, even when frozen.\n    {\n        uint256 assetType = assetId;\n\n        // Make sure enough time has passed.\n        uint256 requestTime = cancellationRequests[starkKey][assetId][vaultId];\n        require(requestTime != 0, \"DEPOSIT_NOT_CANCELED\");\n        uint256 freeTime = requestTime + DEPOSIT_CANCEL_DELAY;\n        assert(freeTime \u003e= DEPOSIT_CANCEL_DELAY);\n        require(block.timestamp \u003e= freeTime, \"DEPOSIT_LOCKED\"); // NOLINT: timestamp.\n\n        // Clear deposit.\n        uint256 quantizedAmount = pendingDeposits[starkKey][assetId][vaultId];\n        delete pendingDeposits[starkKey][assetId][vaultId];\n        delete cancellationRequests[starkKey][assetId][vaultId];\n\n        // Refund deposit.\n        transferOut(msg.sender, assetType, quantizedAmount);\n\n        // Log event.\n        emit LogDepositCancelReclaimed(\n            starkKey,\n            vaultId,\n            assetType,\n            fromQuantized(assetType, quantizedAmount),\n            quantizedAmount\n        );\n    }\n\n    function depositNftReclaim(\n        uint256 starkKey,\n        uint256 assetType,\n        uint256 vaultId,\n        uint256 tokenId\n    )\n        external\n        onlyKeyOwner(starkKey)\n    // No notFrozen modifier: This function can always be used, even when frozen.\n    {\n        // assetId is the id for the deposits/withdrawals.\n        // equivalent for the usage of assetType for ERC20.\n        uint256 assetId = calculateNftAssetId(assetType, tokenId);\n\n        // Make sure enough time has passed.\n        uint256 requestTime = cancellationRequests[starkKey][assetId][vaultId];\n        require(requestTime != 0, \"DEPOSIT_NOT_CANCELED\");\n        uint256 freeTime = requestTime + DEPOSIT_CANCEL_DELAY;\n        assert(freeTime \u003e= DEPOSIT_CANCEL_DELAY);\n        require(block.timestamp \u003e= freeTime, \"DEPOSIT_LOCKED\");\n\n        // Clear deposit.\n        uint256 amount = pendingDeposits[starkKey][assetId][vaultId];\n        delete pendingDeposits[starkKey][assetId][vaultId];\n        delete cancellationRequests[starkKey][assetId][vaultId];\n\n        if (amount \u003e 0) {\n            // Refund deposit.\n            transferOutNft(msg.sender, assetType, tokenId);\n\n            // Log event.\n            emit LogDepositNftCancelReclaimed(starkKey, vaultId, assetType, tokenId, assetId);\n        }\n    }\n}\n"},"ECDSA.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nimport \"EllipticCurve.sol\";\n\nlibrary ECDSA {\n    using EllipticCurve for uint256;\n    uint256 constant FIELD_PRIME =\n        0x800000000000011000000000000000000000000000000000000000000000001;\n    uint256 constant ALPHA = 1;\n    uint256 constant BETA =\n        3141592653589793238462643383279502884197169399375105820974944592307816406665;\n    uint256 constant EC_ORDER =\n        3618502788666131213697322783095070105526743751716087489154079457884512865583;\n    uint256 constant N_ELEMENT_BITS_ECDSA = 251;\n    uint256 constant EC_GEN_X = 0x1ef15c18599971b7beced415a40f0c7deacfd9b0d1819e03d723d8bc943cfca;\n    uint256 constant EC_GEN_Y = 0x5668060aa49730b7be4801df46ec62de53ecd11abe43a32873000c36e8dc1f;\n\n    function verify(\n        uint256 msgHash,\n        uint256 r,\n        uint256 s,\n        uint256 pubX,\n        uint256 pubY\n    ) internal pure {\n        require(msgHash % EC_ORDER == msgHash, \"msgHash out of range\");\n        require((1 \u003c= s) \u0026\u0026 (s \u003c EC_ORDER), \"s out of range\");\n        uint256 w = s.invMod(EC_ORDER);\n        require((1 \u003c= r) \u0026\u0026 (r \u003c (1 \u003c\u003c N_ELEMENT_BITS_ECDSA)), \"r out of range\");\n        require((1 \u003c= w) \u0026\u0026 (w \u003c (1 \u003c\u003c N_ELEMENT_BITS_ECDSA)), \"w out of range\");\n\n        // Verify that pub is a valid point (y^2 = x^3 + x + BETA).\n        {\n            uint256 x3 = mulmod(mulmod(pubX, pubX, FIELD_PRIME), pubX, FIELD_PRIME);\n            uint256 y2 = mulmod(pubY, pubY, FIELD_PRIME);\n            require(\n                y2 == addmod(addmod(x3, pubX, FIELD_PRIME), BETA, FIELD_PRIME),\n                \"INVALID_STARK_KEY\"\n            );\n        }\n\n        // Verify signature.\n        uint256 b_x;\n        uint256 b_y;\n        {\n            (uint256 zG_x, uint256 zG_y) = msgHash.ecMul(EC_GEN_X, EC_GEN_Y, ALPHA, FIELD_PRIME);\n\n            (uint256 rQ_x, uint256 rQ_y) = r.ecMul(pubX, pubY, ALPHA, FIELD_PRIME);\n\n            (b_x, b_y) = zG_x.ecAdd(zG_y, rQ_x, rQ_y, ALPHA, FIELD_PRIME);\n        }\n        (uint256 res_x, ) = w.ecMul(b_x, b_y, ALPHA, FIELD_PRIME);\n\n        require(res_x == r, \"INVALID_STARK_SIGNATURE\");\n    }\n}\n"},"EllipticCurve.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: MIT.\n/*\n  MIT License\n\n  Copyright (c) 2019 Witnet Project\n\n  Permission is hereby granted, free of charge, to any person obtaining a copy\n  of this software and associated documentation files (the \"Software\"), to deal\n  in the Software without restriction, including without limitation the rights\n  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell\n  copies of the Software, and to permit persons to whom the Software is\n  furnished to do so, subject to the following conditions:\n\n  The above copyright notice and this permission notice shall be included in all\n  copies or substantial portions of the Software.\n\n  THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\n  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\n  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\n  SOFTWARE.\n*/\n// https://github.com/witnet/elliptic-curve-solidity/blob/master/contracts/EllipticCurve.sol\npragma solidity \u003e=0.5.3 \u003c0.7.0; // NOLINT pragma.\n\n/**\n * @title Elliptic Curve Library\n * @dev Library providing arithmetic operations over elliptic curves.\n * This library does not check whether the inserted points belong to the curve\n * `isOnCurve` function should be used by the library user to check the aforementioned statement.\n * @author Witnet Foundation\n */\nlibrary EllipticCurve {\n\n  // Pre-computed constant for 2 ** 255\n  uint256 constant private U255_MAX_PLUS_1 = 57896044618658097711785492504343953926634992332820282019728792003956564819968;\n\n  /// @dev Modular euclidean inverse of a number (mod p).\n  /// @param _x The number\n  /// @param _pp The modulus\n  /// @return q such that x*q = 1 (mod _pp)\n  function invMod(uint256 _x, uint256 _pp) internal pure returns (uint256) {\n    require(_x != 0 \u0026\u0026 _x != _pp \u0026\u0026 _pp != 0, \"Invalid number\");\n    uint256 q = 0;\n    uint256 newT = 1;\n    uint256 r = _pp;\n    uint256 t;\n    while (_x != 0) {\n      t = r / _x;\n      (q, newT) = (newT, addmod(q, (_pp - mulmod(t, newT, _pp)), _pp));\n      (r, _x) = (_x, r - t * _x);\n    }\n\n    return q;\n  }\n\n  /// @dev Modular exponentiation, b^e % _pp.\n  /// Source: https://github.com/androlo/standard-contracts/blob/master/contracts/src/crypto/ECCMath.sol\n  /// @param _base base\n  /// @param _exp exponent\n  /// @param _pp modulus\n  /// @return r such that r = b**e (mod _pp)\n  function expMod(uint256 _base, uint256 _exp, uint256 _pp) internal pure returns (uint256) {\n    require(_pp!=0, \"Modulus is zero\");\n\n    if (_base == 0)\n      return 0;\n    if (_exp == 0)\n      return 1;\n\n    uint256 r = 1;\n    uint256 bit = U255_MAX_PLUS_1;\n    assembly {\n      for { } gt(bit, 0) { }{\n        r := mulmod(mulmod(r, r, _pp), exp(_base, iszero(iszero(and(_exp, bit)))), _pp)\n        r := mulmod(mulmod(r, r, _pp), exp(_base, iszero(iszero(and(_exp, div(bit, 2))))), _pp)\n        r := mulmod(mulmod(r, r, _pp), exp(_base, iszero(iszero(and(_exp, div(bit, 4))))), _pp)\n        r := mulmod(mulmod(r, r, _pp), exp(_base, iszero(iszero(and(_exp, div(bit, 8))))), _pp)\n        bit := div(bit, 16)\n      }\n    }\n\n    return r;\n  }\n\n  /// @dev Converts a point (x, y, z) expressed in Jacobian coordinates to affine coordinates (x\u0027, y\u0027, 1).\n  /// @param _x coordinate x\n  /// @param _y coordinate y\n  /// @param _z coordinate z\n  /// @param _pp the modulus\n  /// @return (x\u0027, y\u0027) affine coordinates\n  function toAffine(\n    uint256 _x,\n    uint256 _y,\n    uint256 _z,\n    uint256 _pp)\n  internal pure returns (uint256, uint256)\n  {\n    uint256 zInv = invMod(_z, _pp);\n    uint256 zInv2 = mulmod(zInv, zInv, _pp);\n    uint256 x2 = mulmod(_x, zInv2, _pp);\n    uint256 y2 = mulmod(_y, mulmod(zInv, zInv2, _pp), _pp);\n\n    return (x2, y2);\n  }\n\n  /// @dev Derives the y coordinate from a compressed-format point x [[SEC-1]](https://www.secg.org/SEC1-Ver-1.0.pdf).\n  /// @param _prefix parity byte (0x02 even, 0x03 odd)\n  /// @param _x coordinate x\n  /// @param _aa constant of curve\n  /// @param _bb constant of curve\n  /// @param _pp the modulus\n  /// @return y coordinate y\n  function deriveY(\n    uint8 _prefix,\n    uint256 _x,\n    uint256 _aa,\n    uint256 _bb,\n    uint256 _pp)\n  internal pure returns (uint256)\n  {\n    require(_prefix == 0x02 || _prefix == 0x03, \"Invalid compressed EC point prefix\");\n\n    // x^3 + ax + b\n    uint256 y2 = addmod(mulmod(_x, mulmod(_x, _x, _pp), _pp), addmod(mulmod(_x, _aa, _pp), _bb, _pp), _pp);\n    y2 = expMod(y2, (_pp + 1) / 4, _pp);\n    // uint256 cmp = yBit ^ y_ \u0026 1;\n    uint256 y = (y2 + _prefix) % 2 == 0 ? y2 : _pp - y2;\n\n    return y;\n  }\n\n  /// @dev Check whether point (x,y) is on curve defined by a, b, and _pp.\n  /// @param _x coordinate x of P1\n  /// @param _y coordinate y of P1\n  /// @param _aa constant of curve\n  /// @param _bb constant of curve\n  /// @param _pp the modulus\n  /// @return true if x,y in the curve, false else\n  function isOnCurve(\n    uint _x,\n    uint _y,\n    uint _aa,\n    uint _bb,\n    uint _pp)\n  internal pure returns (bool)\n  {\n    if (0 == _x || _x \u003e= _pp || 0 == _y || _y \u003e= _pp) {\n      return false;\n    }\n    // y^2\n    uint lhs = mulmod(_y, _y, _pp);\n    // x^3\n    uint rhs = mulmod(mulmod(_x, _x, _pp), _x, _pp);\n    if (_aa != 0) {\n      // x^3 + a*x\n      rhs = addmod(rhs, mulmod(_x, _aa, _pp), _pp);\n    }\n    if (_bb != 0) {\n      // x^3 + a*x + b\n      rhs = addmod(rhs, _bb, _pp);\n    }\n\n    return lhs == rhs;\n  }\n\n  /// @dev Calculate inverse (x, -y) of point (x, y).\n  /// @param _x coordinate x of P1\n  /// @param _y coordinate y of P1\n  /// @param _pp the modulus\n  /// @return (x, -y)\n  function ecInv(\n    uint256 _x,\n    uint256 _y,\n    uint256 _pp)\n  internal pure returns (uint256, uint256)\n  {\n    return (_x, (_pp - _y) % _pp);\n  }\n\n  /// @dev Add two points (x1, y1) and (x2, y2) in affine coordinates.\n  /// @param _x1 coordinate x of P1\n  /// @param _y1 coordinate y of P1\n  /// @param _x2 coordinate x of P2\n  /// @param _y2 coordinate y of P2\n  /// @param _aa constant of the curve\n  /// @param _pp the modulus\n  /// @return (qx, qy) = P1+P2 in affine coordinates\n  function ecAdd(\n    uint256 _x1,\n    uint256 _y1,\n    uint256 _x2,\n    uint256 _y2,\n    uint256 _aa,\n    uint256 _pp)\n    internal pure returns(uint256, uint256)\n  {\n    uint x = 0;\n    uint y = 0;\n    uint z = 0;\n\n    // Double if x1==x2 else add\n    if (_x1==_x2) {\n      // y1 = -y2 mod p\n      if (addmod(_y1, _y2, _pp) == 0) {\n        return(0, 0);\n      } else {\n        // P1 = P2\n        (x, y, z) = jacDouble(\n          _x1,\n          _y1,\n          1,\n          _aa,\n          _pp);\n      }\n    } else {\n      (x, y, z) = jacAdd(\n        _x1,\n        _y1,\n        1,\n        _x2,\n        _y2,\n        1,\n        _pp);\n    }\n    // Get back to affine\n    return toAffine(\n      x,\n      y,\n      z,\n      _pp);\n  }\n\n  /// @dev Substract two points (x1, y1) and (x2, y2) in affine coordinates.\n  /// @param _x1 coordinate x of P1\n  /// @param _y1 coordinate y of P1\n  /// @param _x2 coordinate x of P2\n  /// @param _y2 coordinate y of P2\n  /// @param _aa constant of the curve\n  /// @param _pp the modulus\n  /// @return (qx, qy) = P1-P2 in affine coordinates\n  function ecSub(\n    uint256 _x1,\n    uint256 _y1,\n    uint256 _x2,\n    uint256 _y2,\n    uint256 _aa,\n    uint256 _pp)\n  internal pure returns(uint256, uint256)\n  {\n    // invert square\n    (uint256 x, uint256 y) = ecInv(_x2, _y2, _pp);\n    // P1-square\n    return ecAdd(\n      _x1,\n      _y1,\n      x,\n      y,\n      _aa,\n      _pp);\n  }\n\n  /// @dev Multiply point (x1, y1, z1) times d in affine coordinates.\n  /// @param _k scalar to multiply\n  /// @param _x coordinate x of P1\n  /// @param _y coordinate y of P1\n  /// @param _aa constant of the curve\n  /// @param _pp the modulus\n  /// @return (qx, qy) = d*P in affine coordinates\n  function ecMul(\n    uint256 _k,\n    uint256 _x,\n    uint256 _y,\n    uint256 _aa,\n    uint256 _pp)\n  internal pure returns(uint256, uint256)\n  {\n    // Jacobian multiplication\n    (uint256 x1, uint256 y1, uint256 z1) = jacMul(\n      _k,\n      _x,\n      _y,\n      1,\n      _aa,\n      _pp);\n    // Get back to affine\n    return toAffine(\n      x1,\n      y1,\n      z1,\n      _pp);\n  }\n\n  /// @dev Adds two points (x1, y1, z1) and (x2 y2, z2).\n  /// @param _x1 coordinate x of P1\n  /// @param _y1 coordinate y of P1\n  /// @param _z1 coordinate z of P1\n  /// @param _x2 coordinate x of square\n  /// @param _y2 coordinate y of square\n  /// @param _z2 coordinate z of square\n  /// @param _pp the modulus\n  /// @return (qx, qy, qz) P1+square in Jacobian\n  function jacAdd(\n    uint256 _x1,\n    uint256 _y1,\n    uint256 _z1,\n    uint256 _x2,\n    uint256 _y2,\n    uint256 _z2,\n    uint256 _pp)\n  internal pure returns (uint256, uint256, uint256)\n  {\n    if (_x1==0 \u0026\u0026 _y1==0)\n      return (_x2, _y2, _z2);\n    if (_x2==0 \u0026\u0026 _y2==0)\n      return (_x1, _y1, _z1);\n\n    // We follow the equations described in https://pdfs.semanticscholar.org/5c64/29952e08025a9649c2b0ba32518e9a7fb5c2.pdf Section 5\n    uint[4] memory zs; // z1^2, z1^3, z2^2, z2^3\n    zs[0] = mulmod(_z1, _z1, _pp);\n    zs[1] = mulmod(_z1, zs[0], _pp);\n    zs[2] = mulmod(_z2, _z2, _pp);\n    zs[3] = mulmod(_z2, zs[2], _pp);\n\n    // u1, s1, u2, s2\n    zs = [\n      mulmod(_x1, zs[2], _pp),\n      mulmod(_y1, zs[3], _pp),\n      mulmod(_x2, zs[0], _pp),\n      mulmod(_y2, zs[1], _pp)\n    ];\n\n    // In case of zs[0] == zs[2] \u0026\u0026 zs[1] == zs[3], double function should be used\n    require(zs[0] != zs[2] || zs[1] != zs[3], \"Use jacDouble function instead\");\n\n    uint[4] memory hr;\n    //h\n    hr[0] = addmod(zs[2], _pp - zs[0], _pp);\n    //r\n    hr[1] = addmod(zs[3], _pp - zs[1], _pp);\n    //h^2\n    hr[2] = mulmod(hr[0], hr[0], _pp);\n    // h^3\n    hr[3] = mulmod(hr[2], hr[0], _pp);\n    // qx = -h^3  -2u1h^2+r^2\n    uint256 qx = addmod(mulmod(hr[1], hr[1], _pp), _pp - hr[3], _pp);\n    qx = addmod(qx, _pp - mulmod(2, mulmod(zs[0], hr[2], _pp), _pp), _pp);\n    // qy = -s1*z1*h^3+r(u1*h^2 -x^3)\n    uint256 qy = mulmod(hr[1], addmod(mulmod(zs[0], hr[2], _pp), _pp - qx, _pp), _pp);\n    qy = addmod(qy, _pp - mulmod(zs[1], hr[3], _pp), _pp);\n    // qz = h*z1*z2\n    uint256 qz = mulmod(hr[0], mulmod(_z1, _z2, _pp), _pp);\n    return(qx, qy, qz);\n  }\n\n  /// @dev Doubles a points (x, y, z).\n  /// @param _x coordinate x of P1\n  /// @param _y coordinate y of P1\n  /// @param _z coordinate z of P1\n  /// @param _aa the a scalar in the curve equation\n  /// @param _pp the modulus\n  /// @return (qx, qy, qz) 2P in Jacobian\n  function jacDouble(\n    uint256 _x,\n    uint256 _y,\n    uint256 _z,\n    uint256 _aa,\n    uint256 _pp)\n  internal pure returns (uint256, uint256, uint256)\n  {\n    if (_z == 0)\n      return (_x, _y, _z);\n\n    // We follow the equations described in https://pdfs.semanticscholar.org/5c64/29952e08025a9649c2b0ba32518e9a7fb5c2.pdf Section 5\n    // Note: there is a bug in the paper regarding the m parameter, M=3*(x1^2)+a*(z1^4)\n    // x, y, z at this point represent the squares of _x, _y, _z\n    uint256 x = mulmod(_x, _x, _pp); //x1^2\n    uint256 y = mulmod(_y, _y, _pp); //y1^2\n    uint256 z = mulmod(_z, _z, _pp); //z1^2\n\n    // s\n    uint s = mulmod(4, mulmod(_x, y, _pp), _pp);\n    // m\n    uint m = addmod(mulmod(3, x, _pp), mulmod(_aa, mulmod(z, z, _pp), _pp), _pp);\n\n    // x, y, z at this point will be reassigned and rather represent qx, qy, qz from the paper\n    // This allows to reduce the gas cost and stack footprint of the algorithm\n    // qx\n    x = addmod(mulmod(m, m, _pp), _pp - addmod(s, s, _pp), _pp);\n    // qy = -8*y1^4 + M(S-T)\n    y = addmod(mulmod(m, addmod(s, _pp - x, _pp), _pp), _pp - mulmod(8, mulmod(y, y, _pp), _pp), _pp);\n    // qz = 2*y1*z1\n    z = mulmod(2, mulmod(_y, _z, _pp), _pp);\n\n    return (x, y, z);\n  }\n\n  /// @dev Multiply point (x, y, z) times d.\n  /// @param _d scalar to multiply\n  /// @param _x coordinate x of P1\n  /// @param _y coordinate y of P1\n  /// @param _z coordinate z of P1\n  /// @param _aa constant of curve\n  /// @param _pp the modulus\n  /// @return (qx, qy, qz) d*P1 in Jacobian\n  function jacMul(\n    uint256 _d,\n    uint256 _x,\n    uint256 _y,\n    uint256 _z,\n    uint256 _aa,\n    uint256 _pp)\n  internal pure returns (uint256, uint256, uint256)\n  {\n    // Early return in case that `_d == 0`\n    if (_d == 0) {\n      return (_x, _y, _z);\n    }\n\n    uint256 remaining = _d;\n    uint256 qx = 0;\n    uint256 qy = 0;\n    uint256 qz = 1;\n\n    // Double and add algorithm\n    while (remaining != 0) {\n      if ((remaining \u0026 1) != 0) {\n        (qx, qy, qz) = jacAdd(\n          qx,\n          qy,\n          qz,\n          _x,\n          _y,\n          _z,\n          _pp);\n      }\n      remaining = remaining / 2;\n      (_x, _y, _z) = jacDouble(\n        _x,\n        _y,\n        _z,\n        _aa,\n        _pp);\n    }\n    return (qx, qy, qz);\n  }\n}\n"},"ERC721Receiver.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nimport \"IERC721Receiver.sol\";\n\n/*\n  ERC721 token receiver interface\n  EIP-721 requires any contract receiving ERC721 tokens to implement IERC721Receiver interface.\n  By EIP, safeTransferFrom API of ERC721 shall call onERC721Received on the receiving contract.\n\n  Have the receiving contract failed to respond as expected, the safeTransferFrom shall be reverted.\n\n  Params:\n  `operator` The address which called `safeTransferFrom` function\n  `from` The address which previously owned the token\n  `tokenId` The NFT identifier which is being transferred\n  `data` Additional data with no specified format\n\n  Returns: fixed value:`bytes4(keccak256(\"onERC721Received(address,address,uint256,bytes)\"))`.\n*/\ncontract ERC721Receiver is IERC721Receiver {\n    function onERC721Received(\n        address, // operator - The address which called `safeTransferFrom` function.\n        address, // from - The address which previously owned the token.\n        uint256, // tokenId -  The NFT identifier which is being transferred.\n        bytes memory // data - Additional data with no specified format.\n    ) external override returns (bytes4) {\n        return this.onERC721Received.selector;\n    }\n}\n"},"Freezable.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nimport \"LibConstants.sol\";\nimport \"MFreezable.sol\";\nimport \"MGovernance.sol\";\nimport \"MainStorage.sol\";\n\n/*\n  Implements MFreezable.\n*/\nabstract contract Freezable is MainStorage, LibConstants, MGovernance, MFreezable {\n    event LogFrozen();\n    event LogUnFrozen();\n\n    function isFrozen() public view override returns (bool) {\n        return stateFrozen;\n    }\n\n    function validateFreezeRequest(uint256 requestTime) internal override {\n        require(requestTime != 0, \"FORCED_ACTION_UNREQUESTED\");\n        // Verify timer on escape request.\n        uint256 freezeTime = requestTime + FREEZE_GRACE_PERIOD;\n\n        // Prevent wraparound.\n        assert(freezeTime \u003e= FREEZE_GRACE_PERIOD);\n        require(block.timestamp \u003e= freezeTime, \"FORCED_ACTION_PENDING\"); // NOLINT: timestamp.\n\n        // Forced action requests placed before freeze, are no longer valid after the un-freeze.\n        require(freezeTime \u003e unFreezeTime, \"REFREEZE_ATTEMPT\");\n    }\n\n    function freeze() internal override notFrozen {\n        unFreezeTime = block.timestamp + UNFREEZE_DELAY;\n\n        // Update state.\n        stateFrozen = true;\n\n        // Log event.\n        emit LogFrozen();\n    }\n\n    function unFreeze() external onlyFrozen onlyGovernance {\n        require(block.timestamp \u003e= unFreezeTime, \"UNFREEZE_NOT_ALLOWED_YET\");\n\n        // Update state.\n        stateFrozen = false;\n\n        // Increment roots to invalidate them, w/o losing information.\n        vaultRoot += 1;\n        orderRoot += 1;\n\n        // Log event.\n        emit LogUnFrozen();\n    }\n}\n"},"Governance.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nimport \"GovernanceStorage.sol\";\nimport \"MGovernance.sol\";\n\n/*\n  Implements Generic Governance, applicable for both proxy and main contract, and possibly others.\n  Notes:\n  1. This class is virtual (getGovernanceTag is not implemented).\n  2. The use of the same function names by both the Proxy and a delegated implementation\n     is not possible since calling the implementation functions is done via the default function\n     of the Proxy. For this reason, for example, the implementation of MainContract (MainGovernance)\n     exposes mainIsGovernor, which calls the internal isGovernor method.\n*/\nabstract contract Governance is GovernanceStorage, MGovernance {\n    event LogNominatedGovernor(address nominatedGovernor);\n    event LogNewGovernorAccepted(address acceptedGovernor);\n    event LogRemovedGovernor(address removedGovernor);\n    event LogNominationCancelled();\n\n    /*\n      Returns a string which uniquely identifies the type of the governance mechanism.\n    */\n    function getGovernanceTag() internal pure virtual returns (string memory);\n\n    /*\n      Returns the GovernanceInfoStruct associated with the governance tag.\n    */\n    function contractGovernanceInfo() internal view returns (GovernanceInfoStruct storage) {\n        string memory tag = getGovernanceTag();\n        GovernanceInfoStruct storage gub = governanceInfo[tag];\n        require(gub.initialized, \"NOT_INITIALIZED\");\n        return gub;\n    }\n\n    /*\n      Current code intentionally prevents governance re-initialization.\n      This may be a problem in an upgrade situation, in a case that the upgrade-to implementation\n      performs an initialization (for real) and within that calls initGovernance().\n\n      Possible workarounds:\n      1. Clearing the governance info altogether by changing the MAIN_GOVERNANCE_INFO_TAG.\n         This will remove existing main governance information.\n      2. Modify the require part in this function, so that it will exit quietly\n         when trying to re-initialize (uncomment the lines below).\n    */\n    function initGovernance() internal {\n        string memory tag = getGovernanceTag();\n        GovernanceInfoStruct storage gub = governanceInfo[tag];\n        require(!gub.initialized, \"ALREADY_INITIALIZED\");\n        gub.initialized = true; // to ensure addGovernor() won\u0027t fail.\n        // Add the initial governer.\n        addGovernor(msg.sender);\n    }\n\n    function isGovernor(address testGovernor) internal view override returns (bool) {\n        GovernanceInfoStruct storage gub = contractGovernanceInfo();\n        return gub.effectiveGovernors[testGovernor];\n    }\n\n    /*\n      Cancels the nomination of a governor candidate.\n    */\n    function cancelNomination() internal onlyGovernance {\n        GovernanceInfoStruct storage gub = contractGovernanceInfo();\n        gub.candidateGovernor = address(0x0);\n        emit LogNominationCancelled();\n    }\n\n    function nominateNewGovernor(address newGovernor) internal onlyGovernance {\n        GovernanceInfoStruct storage gub = contractGovernanceInfo();\n        require(!isGovernor(newGovernor), \"ALREADY_GOVERNOR\");\n        gub.candidateGovernor = newGovernor;\n        emit LogNominatedGovernor(newGovernor);\n    }\n\n    /*\n      The addGovernor is called in two cases:\n      1. by acceptGovernance when a new governor accepts its role.\n      2. by initGovernance to add the initial governor.\n      The difference is that the init path skips the nominate step\n      that would fail because of the onlyGovernance modifier.\n    */\n    function addGovernor(address newGovernor) private {\n        require(!isGovernor(newGovernor), \"ALREADY_GOVERNOR\");\n        GovernanceInfoStruct storage gub = contractGovernanceInfo();\n        gub.effectiveGovernors[newGovernor] = true;\n    }\n\n    function acceptGovernance() internal {\n        // The new governor was proposed as a candidate by the current governor.\n        GovernanceInfoStruct storage gub = contractGovernanceInfo();\n        require(msg.sender == gub.candidateGovernor, \"ONLY_CANDIDATE_GOVERNOR\");\n\n        // Update state.\n        addGovernor(gub.candidateGovernor);\n        gub.candidateGovernor = address(0x0);\n\n        // Send a notification about the change of governor.\n        emit LogNewGovernorAccepted(msg.sender);\n    }\n\n    /*\n      Remove a governor from office.\n    */\n    function removeGovernor(address governorForRemoval) internal onlyGovernance {\n        require(msg.sender != governorForRemoval, \"GOVERNOR_SELF_REMOVE\");\n        GovernanceInfoStruct storage gub = contractGovernanceInfo();\n        require(isGovernor(governorForRemoval), \"NOT_GOVERNOR\");\n        gub.effectiveGovernors[governorForRemoval] = false;\n        emit LogRemovedGovernor(governorForRemoval);\n    }\n}\n"},"GovernanceStorage.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\n/*\n  Holds the governance slots for ALL entities, including proxy and the main contract.\n*/\ncontract GovernanceStorage {\n    struct GovernanceInfoStruct {\n        mapping(address =\u003e bool) effectiveGovernors;\n        address candidateGovernor;\n        bool initialized;\n    }\n\n    // A map from a Governor tag to its own GovernanceInfoStruct.\n    mapping(string =\u003e GovernanceInfoStruct) internal governanceInfo;\n}\n"},"Identity.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\ninterface Identity {\n    /*\n      Allows a caller, typically another contract,\n      to ensure that the provided address is of the expected type and version.\n    */\n    function identify() external pure returns (string memory);\n}\n"},"IERC20.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\n/*\n  Interface of the ERC20 standard as defined in the EIP. Does not include\n  the optional functions; to access them see {ERC20Detailed}.\n*/\ninterface IERC20 {\n    function totalSupply() external view returns (uint256);\n\n    function balanceOf(address account) external view returns (uint256);\n\n    function transfer(address recipient, uint256 amount) external returns (bool);\n\n    function allowance(address owner, address spender) external view returns (uint256);\n\n    function approve(address spender, uint256 amount) external returns (bool);\n\n    function transferFrom(\n        address sender,\n        address recipient,\n        uint256 amount\n    ) external returns (bool);\n\n    event Transfer(address indexed from, address indexed to, uint256 value);\n\n    event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n"},"IERC721Receiver.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\ninterface IERC721Receiver {\n    function onERC721Received(\n        address operator,\n        address from,\n        uint256 tokenId,\n        bytes memory data\n    ) external returns (bytes4);\n}\n"},"KeyGetters.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nimport \"MainStorage.sol\";\nimport \"MKeyGetters.sol\";\n\n/*\n  Implements MKeyGetters.\n*/\ncontract KeyGetters is MainStorage, MKeyGetters {\n    uint256 internal constant MASK_ADDRESS = (1 \u003c\u003c 160) - 1;\n\n    /*\n      Returns the Ethereum public key (address) that owns the given ownerKey.\n      If the ownerKey size is within the range of an Ethereum address (i.e. \u003c 2**160)\n      it returns the owner key itself.\n\n      If the ownerKey is larger than a potential eth address, the eth address for which the starkKey\n      was registered is returned, and 0 if the starkKey is not registered.\n\n      Note - prior to version 4.0 this function reverted on an unregistered starkKey.\n      For a variant of this function that reverts on an unregistered starkKey, use strictGetEthKey.\n    */\n    function getEthKey(uint256 ownerKey) public view override returns (address) {\n        address registeredEth = ethKeys[ownerKey];\n\n        if (registeredEth != address(0x0)) {\n            return registeredEth;\n        }\n\n        return ownerKey == (ownerKey \u0026 MASK_ADDRESS) ? address(ownerKey) : address(0x0);\n    }\n\n    /*\n      Same as getEthKey, but fails when a stark key is not registered.\n    */\n    function strictGetEthKey(uint256 ownerKey) internal view override returns (address ethKey) {\n        ethKey = getEthKey(ownerKey);\n        require(ethKey != address(0x0), \"USER_UNREGISTERED\");\n    }\n\n    function isMsgSenderKeyOwner(uint256 ownerKey) internal view override returns (bool) {\n        return msg.sender == getEthKey(ownerKey);\n    }\n}\n"},"LibConstants.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\ncontract LibConstants {\n    // Durations for time locked mechanisms (in seconds).\n    // Note that it is known that miners can manipulate block timestamps\n    // up to a deviation of a few seconds.\n    // This mechanism should not be used for fine grained timing.\n\n    // The time required to cancel a deposit, in the case the operator does not move the funds\n    // to the off-chain storage.\n    uint256 public constant DEPOSIT_CANCEL_DELAY = 2 days;\n\n    // The time required to freeze the exchange, in the case the operator does not execute a\n    // requested full withdrawal.\n    uint256 public constant FREEZE_GRACE_PERIOD = 7 days;\n\n    // The time after which the exchange may be unfrozen after it froze. This should be enough time\n    // for users to perform escape hatches to get back their funds.\n    uint256 public constant UNFREEZE_DELAY = 365 days;\n\n    // Maximal number of verifiers which may co-exist.\n    uint256 public constant MAX_VERIFIER_COUNT = uint256(64);\n\n    // The time required to remove a verifier in case of a verifier upgrade.\n    uint256 public constant VERIFIER_REMOVAL_DELAY = FREEZE_GRACE_PERIOD + (21 days);\n\n    address constant ZERO_ADDRESS = address(0x0);\n\n    uint256 constant K_MODULUS = 0x800000000000011000000000000000000000000000000000000000000000001;\n\n    uint256 constant K_BETA = 0x6f21413efbe40de150e596d72f7a8c5609ad26c15c915c1f4cdfcb99cee9e89;\n\n    uint256 internal constant MASK_250 =\n        0x03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF;\n    uint256 internal constant MASK_240 =\n        0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF;\n\n    uint256 public constant MAX_FORCED_ACTIONS_REQS_PER_BLOCK = 10;\n\n    uint256 constant QUANTUM_UPPER_BOUND = 2**128;\n    uint256 internal constant MINTABLE_ASSET_ID_FLAG = 1 \u003c\u003c 250;\n}\n"},"MAcceptModifications.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\n/*\n  Interface containing actions a verifier can invoke on the state.\n  The contract containing the state should implement these and verify correctness.\n*/\nabstract contract MAcceptModifications {\n    function acceptDeposit(\n        uint256 ownerKey,\n        uint256 vaultId,\n        uint256 assetId,\n        uint256 quantizedAmount\n    ) internal virtual;\n\n    function allowWithdrawal(\n        uint256 ownerKey,\n        uint256 assetId,\n        uint256 quantizedAmount\n    ) internal virtual;\n\n    function acceptWithdrawal(\n        uint256 ownerKey,\n        uint256 assetId,\n        uint256 quantizedAmount\n    ) internal virtual;\n}\n"},"MainGovernance.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nimport \"Governance.sol\";\n\n/**\n  The StarkEx contract is governed by one or more Governors of which the initial one is the\n  deployer of the contract.\n\n  A governor has the sole authority to perform the following operations:\n\n  1. Nominate additional governors (:sol:func:`mainNominateNewGovernor`)\n  2. Remove other governors (:sol:func:`mainRemoveGovernor`)\n  3. Add new :sol:mod:`Verifiers` and :sol:mod:`AvailabilityVerifiers`\n  4. Remove :sol:mod:`Verifiers` and :sol:mod:`AvailabilityVerifiers` after a timelock allows it\n  5. Nominate Operators (see :sol:mod:`Operator`) and Token Administrators (see :sol:mod:`TokenRegister`)\n\n  Adding governors is performed in a two step procedure:\n\n  1. First, an existing governor nominates a new governor (:sol:func:`mainNominateNewGovernor`)\n  2. Then, the new governor must accept governance to become a governor (:sol:func:`mainAcceptGovernance`)\n\n  This two step procedure ensures that a governor public key cannot be nominated unless there is an\n  entity that has the corresponding private key. This is intended to prevent errors in the addition\n  process.\n\n  The governor private key should typically be held in a secure cold wallet.\n*/\n/*\n  Implements Governance for the StarkDex main contract.\n  The wrapper methods (e.g. mainIsGovernor wrapping isGovernor) are needed to give\n  the method unique names.\n  Both Proxy and StarkExchange inherit from Governance. Thus, the logical contract method names\n  must have unique names in order for the proxy to successfully delegate to them.\n*/\ncontract MainGovernance is Governance {\n    // The tag is the sting key that is used in the Governance storage mapping.\n    string public constant MAIN_GOVERNANCE_INFO_TAG = \"StarkEx.Main.2019.GovernorsInformation\";\n\n    function getGovernanceTag() internal pure override returns (string memory tag) {\n        tag = MAIN_GOVERNANCE_INFO_TAG;\n    }\n\n    function mainIsGovernor(address testGovernor) external view returns (bool) {\n        return isGovernor(testGovernor);\n    }\n\n    function mainNominateNewGovernor(address newGovernor) external {\n        nominateNewGovernor(newGovernor);\n    }\n\n    function mainRemoveGovernor(address governorForRemoval) external {\n        removeGovernor(governorForRemoval);\n    }\n\n    function mainAcceptGovernance() external {\n        acceptGovernance();\n    }\n\n    function mainCancelNomination() external {\n        cancelNomination();\n    }\n}\n"},"MainStorage.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nimport \"ProxyStorage.sol\";\nimport \"Common.sol\";\n\n/*\n  Holds ALL the main contract state (storage) variables.\n*/\ncontract MainStorage is ProxyStorage {\n    uint256 internal constant LAYOUT_LENGTH = 2**64;\n\n    address escapeVerifierAddress; // NOLINT: constable-states.\n\n    // Global dex-frozen flag.\n    bool stateFrozen; // NOLINT: constable-states.\n\n    // Time when unFreeze can be successfully called (UNFREEZE_DELAY after freeze).\n    uint256 unFreezeTime; // NOLINT: constable-states.\n\n    // Pending deposits.\n    // A map STARK key =\u003e asset id =\u003e vault id =\u003e quantized amount.\n    mapping(uint256 =\u003e mapping(uint256 =\u003e mapping(uint256 =\u003e uint256))) pendingDeposits;\n\n    // Cancellation requests.\n    // A map STARK key =\u003e asset id =\u003e vault id =\u003e request timestamp.\n    mapping(uint256 =\u003e mapping(uint256 =\u003e mapping(uint256 =\u003e uint256))) cancellationRequests;\n\n    // Pending withdrawals.\n    // A map STARK key =\u003e asset id =\u003e quantized amount.\n    mapping(uint256 =\u003e mapping(uint256 =\u003e uint256)) pendingWithdrawals;\n\n    // vault_id =\u003e escape used boolean.\n    mapping(uint256 =\u003e bool) escapesUsed;\n\n    // Number of escapes that were performed when frozen.\n    uint256 escapesUsedCount; // NOLINT: constable-states.\n\n    // NOTE: fullWithdrawalRequests is deprecated, and replaced by forcedActionRequests.\n    // NOLINTNEXTLINE naming-convention.\n    mapping(uint256 =\u003e mapping(uint256 =\u003e uint256)) fullWithdrawalRequests_DEPRECATED;\n\n    // State sequence number.\n    uint256 sequenceNumber; // NOLINT: constable-states uninitialized-state.\n\n    // Vaults Tree Root \u0026 Height.\n    uint256 vaultRoot; // NOLINT: constable-states uninitialized-state.\n    uint256 vaultTreeHeight; // NOLINT: constable-states uninitialized-state.\n\n    // Order Tree Root \u0026 Height.\n    uint256 orderRoot; // NOLINT: constable-states uninitialized-state.\n    uint256 orderTreeHeight; // NOLINT: constable-states uninitialized-state.\n\n    // True if and only if the address is allowed to add tokens.\n    mapping(address =\u003e bool) tokenAdmins;\n\n    // This mapping is no longer in use, remains for backwards compatibility.\n    mapping(address =\u003e bool) userAdmins_DEPRECATED; // NOLINT: naming-convention.\n\n    // True if and only if the address is an operator (allowed to update state).\n    mapping(address =\u003e bool) operators;\n\n    // Mapping of contract ID to asset data.\n    mapping(uint256 =\u003e bytes) assetTypeToAssetInfo; // NOLINT: uninitialized-state.\n\n    // Mapping of registered contract IDs.\n    mapping(uint256 =\u003e bool) registeredAssetType; // NOLINT: uninitialized-state.\n\n    // Mapping from contract ID to quantum.\n    mapping(uint256 =\u003e uint256) assetTypeToQuantum; // NOLINT: uninitialized-state.\n\n    // This mapping is no longer in use, remains for backwards compatibility.\n    mapping(address =\u003e uint256) starkKeys_DEPRECATED; // NOLINT: naming-convention.\n\n    // Mapping from STARK public key to the Ethereum public key of its owner.\n    mapping(uint256 =\u003e address) ethKeys; // NOLINT: uninitialized-state.\n\n    // Timelocked state transition and availability verification chain.\n    StarkExTypes.ApprovalChainData verifiersChain;\n    StarkExTypes.ApprovalChainData availabilityVerifiersChain;\n\n    // Batch id of last accepted proof.\n    uint256 lastBatchId; // NOLINT: constable-states uninitialized-state.\n\n    // Mapping between sub-contract index to sub-contract address.\n    mapping(uint256 =\u003e address) subContracts; // NOLINT: uninitialized-state.\n\n    mapping(uint256 =\u003e bool) permissiveAssetType_DEPRECATED; // NOLINT: naming-convention.\n    // ---- END OF MAIN STORAGE AS DEPLOYED IN STARKEX2.0 ----\n\n    // Onchain-data version configured for the system.\n    uint256 onchainDataVersion; // NOLINT: constable-states uninitialized-state.\n\n    // Counter of forced action request in block. The key is the block number.\n    mapping(uint256 =\u003e uint256) forcedRequestsInBlock;\n\n    // ForcedAction requests: actionHash =\u003e requestTime.\n    mapping(bytes32 =\u003e uint256) forcedActionRequests;\n\n    // Mapping for timelocked actions.\n    // A actionKey =\u003e activation time.\n    mapping(bytes32 =\u003e uint256) actionsTimeLock;\n\n    // Append only list of requested forced action hashes.\n    bytes32[] actionHashList;\n\n    // Reserved storage space for Extensibility.\n    // Every added MUST be added above the end gap, and the __endGap size must be reduced\n    // accordingly.\n    // NOLINTNEXTLINE: naming-convention.\n    uint256[LAYOUT_LENGTH - 37] private __endGap; // __endGap complements layout to LAYOUT_LENGTH.\n}\n"},"MDeposits.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nabstract contract MDeposits {\n    function depositERC20( // NOLINT external-function.\n        uint256 starkKey,\n        uint256 assetType,\n        uint256 vaultId,\n        uint256 quantizedAmount\n    ) public virtual;\n\n    function depositEth( // NOLINT external-function.\n        uint256 starkKey,\n        uint256 assetType,\n        uint256 vaultId\n    ) public payable virtual;\n}\n"},"MFreezable.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nabstract contract MFreezable {\n    /*\n      Returns true if the exchange is frozen.\n    */\n    function isFrozen() public view virtual returns (bool); // NOLINT: external-function.\n\n    /*\n      Forbids calling the function if the exchange is frozen.\n    */\n    modifier notFrozen() {\n        require(!isFrozen(), \"STATE_IS_FROZEN\");\n        _;\n    }\n\n    function validateFreezeRequest(uint256 requestTime) internal virtual;\n\n    /*\n      Allows calling the function only if the exchange is frozen.\n    */\n    modifier onlyFrozen() {\n        require(isFrozen(), \"STATE_NOT_FROZEN\");\n        _;\n    }\n\n    /*\n      Freezes the exchange.\n    */\n    function freeze() internal virtual;\n}\n"},"MGovernance.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nabstract contract MGovernance {\n    function isGovernor(address testGovernor) internal view virtual returns (bool);\n\n    /*\n      Allows calling the function only by a Governor.\n    */\n    modifier onlyGovernance() {\n        require(isGovernor(msg.sender), \"ONLY_GOVERNANCE\");\n        _;\n    }\n}\n"},"MKeyGetters.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nabstract contract MKeyGetters {\n    // NOLINTNEXTLINE: external-function.\n    function getEthKey(uint256 ownerKey) public view virtual returns (address);\n\n    function strictGetEthKey(uint256 ownerKey) internal view virtual returns (address);\n\n    function isMsgSenderKeyOwner(uint256 ownerKey) internal view virtual returns (bool);\n\n    /*\n      Allows calling the function only if ownerKey is registered to msg.sender.\n    */\n    modifier onlyKeyOwner(uint256 ownerKey) {\n        // Require the calling user to own the stark key.\n        require(msg.sender == strictGetEthKey(ownerKey), \"MISMATCHING_STARK_ETH_KEYS\");\n        _;\n    }\n}\n"},"MStarkExForcedActionState.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nabstract contract MStarkExForcedActionState {\n    function fullWithdrawActionHash(uint256 starkKey, uint256 vaultId)\n        internal\n        pure\n        virtual\n        returns (bytes32);\n\n    function clearFullWithdrawalRequest(uint256 starkKey, uint256 vaultId) internal virtual;\n\n    // NOLINTNEXTLINE: external-function.\n    function getFullWithdrawalRequest(uint256 starkKey, uint256 vaultId)\n        public\n        view\n        virtual\n        returns (uint256 res);\n\n    function setFullWithdrawalRequest(uint256 starkKey, uint256 vaultId) internal virtual;\n}\n"},"MTokenAssetData.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nabstract contract MTokenAssetData {\n    // NOLINTNEXTLINE: external-function.\n    function getAssetInfo(uint256 assetType) public view virtual returns (bytes memory assetInfo);\n\n    function extractTokenSelector(bytes memory assetInfo)\n        internal\n        pure\n        virtual\n        returns (bytes4 selector);\n\n    function isEther(uint256 assetType) internal view virtual returns (bool);\n\n    function isERC20(uint256 assetType) internal view virtual returns (bool);\n\n    function isERC721(uint256 assetType) internal view virtual returns (bool);\n\n    function isFungibleAssetType(uint256 assetType) internal view virtual returns (bool);\n\n    function isMintableAssetType(uint256 assetType) internal view virtual returns (bool);\n\n    function extractContractAddress(uint256 assetType) internal view virtual returns (address);\n\n    function verifyAssetInfo(bytes memory assetInfo) internal view virtual;\n\n    function isNonFungibleAssetInfo(bytes memory assetInfo) internal pure virtual returns (bool);\n\n    function calculateNftAssetId(uint256 assetType, uint256 tokenId)\n        internal\n        pure\n        virtual\n        returns (uint256 assetId);\n\n    function calculateMintableAssetId(uint256 assetType, bytes memory mintingBlob)\n        internal\n        pure\n        virtual\n        returns (uint256 assetId);\n}\n"},"MTokenQuantization.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nabstract contract MTokenQuantization {\n    function fromQuantized(uint256 presumedAssetType, uint256 quantizedAmount)\n        internal\n        view\n        virtual\n        returns (uint256 amount);\n\n    // NOLINTNEXTLINE: external-function.\n    function getQuantum(uint256 presumedAssetType) public view virtual returns (uint256 quantum);\n\n    function toQuantized(uint256 presumedAssetType, uint256 amount)\n        internal\n        view\n        virtual\n        returns (uint256 quantizedAmount);\n}\n"},"MTokenTransfers.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nabstract contract MTokenTransfers {\n    function transferIn(uint256 assetType, uint256 quantizedAmount) internal virtual;\n\n    function transferInNft(uint256 assetType, uint256 tokenId) internal virtual;\n\n    function transferOut(\n        address payable recipient,\n        uint256 assetType,\n        uint256 quantizedAmount\n    ) internal virtual;\n\n    function transferOutNft(\n        address recipient,\n        uint256 assetType,\n        uint256 tokenId\n    ) internal virtual;\n\n    function transferOutMint(\n        uint256 assetType,\n        uint256 quantizedAmount,\n        address recipient,\n        bytes memory mintingBlob\n    ) internal virtual;\n}\n"},"ProxyStorage.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nimport \"GovernanceStorage.sol\";\n\n/*\n  Holds the Proxy-specific state variables.\n  This contract is inherited by the GovernanceStorage (and indirectly by MainStorage)\n  to prevent collision hazard.\n*/\ncontract ProxyStorage is GovernanceStorage {\n    // NOLINTNEXTLINE: naming-convention uninitialized-state.\n    mapping(address =\u003e bytes32) internal initializationHash_DEPRECATED;\n\n    // The time after which we can switch to the implementation.\n    // Hash(implementation, data, finalize) =\u003e time.\n    mapping(bytes32 =\u003e uint256) internal enabledTime;\n\n    // A central storage of the flags whether implementation has been initialized.\n    // Note - it can be used flexibly enough to accommodate multiple levels of initialization\n    // (i.e. using different key salting schemes for different initialization levels).\n    mapping(bytes32 =\u003e bool) internal initialized;\n}\n"},"StarkExForcedActionState.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nimport \"StarkExStorage.sol\";\nimport \"MStarkExForcedActionState.sol\";\nimport \"ActionHash.sol\";\n\n/*\n  StarkExchange specific action hashses.\n*/\ncontract StarkExForcedActionState is StarkExStorage, ActionHash, MStarkExForcedActionState {\n    function fullWithdrawActionHash(uint256 starkKey, uint256 vaultId)\n        internal\n        pure\n        override\n        returns (bytes32)\n    {\n        return getActionHash(\"FULL_WITHDRAWAL\", abi.encode(starkKey, vaultId));\n    }\n\n    /*\n      Implemented in the FullWithdrawal contracts.\n    */\n    function clearFullWithdrawalRequest(uint256 starkKey, uint256 vaultId)\n        internal\n        virtual\n        override\n    {\n        // Reset escape request.\n        delete forcedActionRequests[fullWithdrawActionHash(starkKey, vaultId)];\n    }\n\n    function getFullWithdrawalRequest(uint256 starkKey, uint256 vaultId)\n        public\n        view\n        override\n        returns (uint256 res)\n    {\n        // Return request value. Expect zero if the request doesn\u0027t exist or has been serviced, and\n        // a non-zero value otherwise.\n        res = forcedActionRequests[fullWithdrawActionHash(starkKey, vaultId)];\n    }\n\n    function setFullWithdrawalRequest(uint256 starkKey, uint256 vaultId) internal override {\n        // FullWithdrawal is always at premium cost, hence the `true`.\n        setActionHash(fullWithdrawActionHash(starkKey, vaultId), true);\n    }\n}\n"},"StarkExStorage.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nimport \"MainStorage.sol\";\n\n/*\n  Extends MainStorage, holds StarkEx App specific state (storage) variables.\n\n  ALL State variables that are common to all applications, reside in MainStorage,\n  whereas ALL the StarkEx app specific ones reside here.\n*/\ncontract StarkExStorage is MainStorage {\n    // Onchain vaults balances.\n    // A map eth_address =\u003e asset_id =\u003e vault_id =\u003e quantized amount.\n    mapping(address =\u003e mapping(uint256 =\u003e mapping(uint256 =\u003e uint256))) vaultsBalances;\n\n    // Onchain vaults withdrawal lock time.\n    // A map eth_address =\u003e asset_id =\u003e vault_id =\u003e lock expiration timestamp.\n    mapping(address =\u003e mapping(uint256 =\u003e mapping(uint256 =\u003e uint256))) vaultsWithdrawalLocks;\n\n    // Enforces the minimal balance requirement (as output by Cairo) on onchain vault updates.\n    // When disabled, flash loans are enabled.\n    bool strictVaultBalancePolicy; // NOLINT: constable-states, uninitialized-state.\n\n    // The default time, in seconds, that an onchain vault is locked for withdrawal after a deposit.\n    uint256 public defaultVaultWithdrawalLock; // NOLINT: constable-states.\n\n    // Address of the message registry contract that is used to sign and verify L1 orders.\n    address public orderRegistryAddress; // NOLINT: constable-states.\n\n    // Reserved storage space for Extensibility.\n    // Every added MUST be added above the end gap, and the __endGap size must be reduced\n    // accordingly.\n    // NOLINTNEXTLINE: naming-convention shadowing-abstract.\n    uint256[LAYOUT_LENGTH - 5] private __endGap; // __endGap complements layout to LAYOUT_LENGTH.\n}\n"},"SubContractor.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nimport \"Identity.sol\";\n\ninterface SubContractor is Identity {\n    function initialize(bytes calldata data) external;\n\n    function initializerSize() external view returns (uint256);\n}\n"},"TokenAssetData.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nimport \"MainStorage.sol\";\nimport \"MTokenAssetData.sol\";\nimport \"Common.sol\";\nimport \"LibConstants.sol\";\n\ncontract TokenAssetData is MainStorage, LibConstants, MTokenAssetData {\n    bytes4 internal constant ERC20_SELECTOR = bytes4(keccak256(\"ERC20Token(address)\"));\n    bytes4 internal constant ETH_SELECTOR = bytes4(keccak256(\"ETH()\"));\n    bytes4 internal constant ERC721_SELECTOR = bytes4(keccak256(\"ERC721Token(address,uint256)\"));\n    bytes4 internal constant MINTABLE_ERC20_SELECTOR =\n        bytes4(keccak256(\"MintableERC20Token(address)\"));\n    bytes4 internal constant MINTABLE_ERC721_SELECTOR =\n        bytes4(keccak256(\"MintableERC721Token(address,uint256)\"));\n\n    // The selector follows the 0x20 bytes assetInfo.length field.\n    uint256 internal constant SELECTOR_OFFSET = 0x20;\n    uint256 internal constant SELECTOR_SIZE = 4;\n    uint256 internal constant TOKEN_CONTRACT_ADDRESS_OFFSET = SELECTOR_OFFSET + SELECTOR_SIZE;\n    string internal constant NFT_ASSET_ID_PREFIX = \"NFT:\";\n    string internal constant MINTABLE_PREFIX = \"MINTABLE:\";\n\n    using Addresses for address;\n\n    /*\n      Extract the tokenSelector from assetInfo.\n\n      Works like bytes4 tokenSelector = abi.decode(assetInfo, (bytes4))\n      but does not revert when assetInfo.length \u003c SELECTOR_OFFSET.\n    */\n    function extractTokenSelector(bytes memory assetInfo)\n        internal\n        pure\n        override\n        returns (bytes4 selector)\n    {\n        assembly {\n            selector := and(\n                0xffffffff00000000000000000000000000000000000000000000000000000000,\n                mload(add(assetInfo, SELECTOR_OFFSET))\n            )\n        }\n    }\n\n    function getAssetInfo(uint256 assetType) public view override returns (bytes memory assetInfo) {\n        // Verify that the registration is set and valid.\n        require(registeredAssetType[assetType], \"ASSET_TYPE_NOT_REGISTERED\");\n\n        // Retrieve registration.\n        assetInfo = assetTypeToAssetInfo[assetType];\n    }\n\n    function isEther(uint256 assetType) internal view override returns (bool) {\n        return extractTokenSelector(getAssetInfo(assetType)) == ETH_SELECTOR;\n    }\n\n    function isERC20(uint256 assetType) internal view override returns (bool) {\n        return extractTokenSelector(getAssetInfo(assetType)) == ERC20_SELECTOR;\n    }\n\n    function isERC721(uint256 assetType) internal view override returns (bool) {\n        return extractTokenSelector(getAssetInfo(assetType)) == ERC721_SELECTOR;\n    }\n\n    function isFungibleAssetType(uint256 assetType) internal view override returns (bool) {\n        bytes4 tokenSelector = extractTokenSelector(getAssetInfo(assetType));\n        return\n            tokenSelector == ETH_SELECTOR ||\n            tokenSelector == ERC20_SELECTOR ||\n            tokenSelector == MINTABLE_ERC20_SELECTOR;\n    }\n\n    function isMintableAssetType(uint256 assetType) internal view override returns (bool) {\n        bytes4 tokenSelector = extractTokenSelector(getAssetInfo(assetType));\n        return\n            tokenSelector == MINTABLE_ERC20_SELECTOR || tokenSelector == MINTABLE_ERC721_SELECTOR;\n    }\n\n    function isTokenSupported(bytes4 tokenSelector) private pure returns (bool) {\n        return\n            tokenSelector == ETH_SELECTOR ||\n            tokenSelector == ERC20_SELECTOR ||\n            tokenSelector == ERC721_SELECTOR ||\n            tokenSelector == MINTABLE_ERC20_SELECTOR ||\n            tokenSelector == MINTABLE_ERC721_SELECTOR;\n    }\n\n    function extractContractAddressFromAssetInfo(bytes memory assetInfo)\n        private\n        pure\n        returns (address)\n    {\n        uint256 offset = TOKEN_CONTRACT_ADDRESS_OFFSET;\n        uint256 res;\n        assembly {\n            res := mload(add(assetInfo, offset))\n        }\n        return address(res);\n    }\n\n    function extractContractAddress(uint256 assetType) internal view override returns (address) {\n        return extractContractAddressFromAssetInfo(getAssetInfo(assetType));\n    }\n\n    function verifyAssetInfo(bytes memory assetInfo) internal view override {\n        bytes4 tokenSelector = extractTokenSelector(assetInfo);\n\n        // Ensure the selector is of an asset type we know.\n        require(isTokenSupported(tokenSelector), \"UNSUPPORTED_TOKEN_TYPE\");\n\n        if (tokenSelector == ETH_SELECTOR) {\n            // Assset info for ETH assetType is only a selector, i.e. 4 bytes length.\n            require(assetInfo.length == 4, \"INVALID_ASSET_STRING\");\n        } else {\n            // Assset info for other asset types are a selector + uint256 concatanation.\n            // We pass the address as a uint256 (zero padded),\n            // thus its length is 0x04 + 0x20 = 0x24.\n            require(assetInfo.length == 0x24, \"INVALID_ASSET_STRING\");\n            address tokenAddress = extractContractAddressFromAssetInfo(assetInfo);\n            require(tokenAddress.isContract(), \"BAD_TOKEN_ADDRESS\");\n        }\n    }\n\n    function isNonFungibleAssetInfo(bytes memory assetInfo) internal pure override returns (bool) {\n        bytes4 tokenSelector = extractTokenSelector(assetInfo);\n        return tokenSelector == ERC721_SELECTOR || tokenSelector == MINTABLE_ERC721_SELECTOR;\n    }\n\n    function calculateNftAssetId(uint256 assetType, uint256 tokenId)\n        internal\n        pure\n        override\n        returns (uint256 assetId)\n    {\n        assetId =\n            uint256(keccak256(abi.encodePacked(NFT_ASSET_ID_PREFIX, assetType, tokenId))) \u0026\n            MASK_250;\n    }\n\n    function calculateMintableAssetId(uint256 assetType, bytes memory mintingBlob)\n        internal\n        pure\n        override\n        returns (uint256 assetId)\n    {\n        uint256 blobHash = uint256(keccak256(mintingBlob));\n        assetId =\n            (uint256(keccak256(abi.encodePacked(MINTABLE_PREFIX, assetType, blobHash))) \u0026\n                MASK_240) |\n            MINTABLE_ASSET_ID_FLAG;\n    }\n}\n"},"TokenQuantization.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nimport \"MainStorage.sol\";\nimport \"MTokenQuantization.sol\";\n\ncontract TokenQuantization is MainStorage, MTokenQuantization {\n    function fromQuantized(uint256 presumedAssetType, uint256 quantizedAmount)\n        internal\n        view\n        override\n        returns (uint256 amount)\n    {\n        uint256 quantum = getQuantum(presumedAssetType);\n        amount = quantizedAmount * quantum;\n        require(amount / quantum == quantizedAmount, \"DEQUANTIZATION_OVERFLOW\");\n    }\n\n    function getQuantum(uint256 presumedAssetType) public view override returns (uint256 quantum) {\n        if (!registeredAssetType[presumedAssetType]) {\n            // Default quantization, for NFTs etc.\n            quantum = 1;\n        } else {\n            // Retrieve registration.\n            quantum = assetTypeToQuantum[presumedAssetType];\n        }\n    }\n\n    function toQuantized(uint256 presumedAssetType, uint256 amount)\n        internal\n        view\n        override\n        returns (uint256 quantizedAmount)\n    {\n        uint256 quantum = getQuantum(presumedAssetType);\n        require(amount % quantum == 0, \"INVALID_AMOUNT\");\n        quantizedAmount = amount / quantum;\n    }\n}\n"},"TokenRegister.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nimport \"LibConstants.sol\";\nimport \"MGovernance.sol\";\nimport \"MTokenAssetData.sol\";\nimport \"IERC20.sol\";\nimport \"MainStorage.sol\";\n\n/**\n  Registration of a new token (:sol:func:`registerToken`) entails defining a new asset type within\n  the system, and associating it with an `assetInfo` array of\n  bytes and a quantization factor (`quantum`).\n\n  The `assetInfo` is a byte array, with a size depending on the token.\n  For ETH, assetInfo is 4 bytes long. For ERC20 tokens, it is 36 bytes long.\n\n  For each token type, the following constant 4-byte hash is defined, called the `selector`:\n\n   | `ETH_SELECTOR = bytes4(keccak256(\"ETH()\"));`\n   | `ERC20_SELECTOR = bytes4(keccak256(\"ERC20Token(address)\"));`\n   | `ERC721_SELECTOR = bytes4(keccak256(\"ERC721Token(address,uint256)\"));`\n   | `MINTABLE_ERC20_SELECTOR = bytes4(keccak256(\"MintableERC20Token(address)\"));`\n   | `MINTABLE_ERC721_SELECTOR = bytes4(keccak256(\"MintableERC721Token(address,uint256)\"));`\n\n  For each token type, `assetInfo` is defined as follows:\n\n\n  The `quantum` quantization factor defines the multiplicative transformation from the native token\n  denomination as a 256b unsigned integer to a 63b unsigned integer representation as used by the\n  Stark exchange. Only amounts in the native representation that represent an integer number of\n  quanta are allowed in the system.\n\n  The asset type is restricted to be the result of a hash of the `assetInfo` and the\n  `quantum` masked to 250 bits (to be less than the prime used) according to the following formula:\n\n  | ``uint256 assetType = uint256(keccak256(abi.encodePacked(assetInfo, quantum))) \u0026``\n  | ``0x03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF;``\n\n  Once registered, tokens cannot be removed from the system, as their IDs may be used by off-chain\n  accounts.\n\n  New tokens may only be registered by a Token Administrator. A Token Administrator may be instantly\n  appointed or removed by the contract Governor (see :sol:mod:`MainGovernance`). Typically, the\n  Token Administrator\u0027s private key should be kept in a cold wallet.\n*/\nabstract contract TokenRegister is MainStorage, LibConstants, MGovernance, MTokenAssetData {\n    event LogTokenRegistered(uint256 assetType, bytes assetInfo, uint256 quantum);\n    event LogTokenAdminAdded(address tokenAdmin);\n    event LogTokenAdminRemoved(address tokenAdmin);\n\n    modifier onlyTokensAdmin() {\n        require(isTokenAdmin(msg.sender), \"ONLY_TOKENS_ADMIN\");\n        _;\n    }\n\n    function isTokenAdmin(address testedAdmin) public view returns (bool) {\n        return tokenAdmins[testedAdmin];\n    }\n\n    function registerTokenAdmin(address newAdmin) external onlyGovernance {\n        tokenAdmins[newAdmin] = true;\n        emit LogTokenAdminAdded(newAdmin);\n    }\n\n    function unregisterTokenAdmin(address oldAdmin) external onlyGovernance {\n        tokenAdmins[oldAdmin] = false;\n        emit LogTokenAdminRemoved(oldAdmin);\n    }\n\n    function isAssetRegistered(uint256 assetType) public view returns (bool) {\n        return registeredAssetType[assetType];\n    }\n\n    /*\n      Registers a new asset to the system.\n      Once added, it can not be removed and there is a limited number\n      of slots available.\n    */\n    function registerToken(\n        uint256 assetType,\n        bytes memory assetInfo,\n        uint256 quantum\n    ) public virtual onlyTokensAdmin {\n        // Make sure it is not invalid or already registered.\n        require(!isAssetRegistered(assetType), \"ASSET_ALREADY_REGISTERED\");\n        require(assetType \u003c K_MODULUS, \"INVALID_ASSET_TYPE\");\n        require(quantum \u003e 0, \"INVALID_QUANTUM\");\n        require(quantum \u003c QUANTUM_UPPER_BOUND, \"INVALID_QUANTUM\");\n\n        // Require that the assetType is the hash of the assetInfo and quantum truncated to 250 bits.\n        uint256 enforcedId = uint256(keccak256(abi.encodePacked(assetInfo, quantum))) \u0026 MASK_250;\n        require(assetType == enforcedId, \"INVALID_ASSET_TYPE\");\n\n        verifyAssetInfo(assetInfo);\n        // NFTs quantum must equal one.\n        if (isNonFungibleAssetInfo(assetInfo)) {\n            require(quantum == 1, \"INVALID_NFT_QUANTUM\");\n        }\n\n        // Add token to the in-storage structures.\n        registeredAssetType[assetType] = true;\n        assetTypeToAssetInfo[assetType] = assetInfo;\n        assetTypeToQuantum[assetType] = quantum;\n\n        // Log the registration of a new token.\n        emit LogTokenRegistered(assetType, assetInfo, quantum);\n    }\n\n    function registerToken(uint256 assetType, bytes calldata assetInfo) external virtual {\n        registerToken(assetType, assetInfo, 1);\n    }\n}\n"},"TokensAndRamping.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nimport \"StarkExForcedActionState.sol\";\nimport \"ERC721Receiver.sol\";\nimport \"Freezable.sol\";\nimport \"KeyGetters.sol\";\nimport \"TokenRegister.sol\";\nimport \"TokenTransfers.sol\";\nimport \"Users.sol\";\nimport \"MainGovernance.sol\";\nimport \"AcceptModifications.sol\";\nimport \"CompositeActions.sol\";\nimport \"Deposits.sol\";\nimport \"TokenAssetData.sol\";\nimport \"TokenQuantization.sol\";\nimport \"Withdrawals.sol\";\nimport \"SubContractor.sol\";\n\ncontract TokensAndRamping is\n    ERC721Receiver,\n    SubContractor,\n    Freezable,\n    MainGovernance,\n    AcceptModifications,\n    StarkExForcedActionState,\n    TokenAssetData,\n    TokenQuantization,\n    TokenRegister,\n    TokenTransfers,\n    KeyGetters,\n    Users,\n    Deposits,\n    CompositeActions,\n    Withdrawals\n{\n    function initialize(\n        bytes calldata /* data */\n    ) external override {\n        revert(\"NOT_IMPLEMENTED\");\n    }\n\n    function initializerSize() external view override returns (uint256) {\n        return 0;\n    }\n\n    function identify() external pure override returns (string memory) {\n        return \"StarkWare_TokensAndRamping_2020_1\";\n    }\n}\n"},"TokenTransfers.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nimport \"Common.sol\";\nimport \"MTokenTransfers.sol\";\nimport \"MTokenAssetData.sol\";\nimport \"MTokenQuantization.sol\";\nimport \"IERC20.sol\";\n\n/*\n  Implements various transferIn and transferOut functionalities.\n*/\nabstract contract TokenTransfers is MTokenQuantization, MTokenAssetData, MTokenTransfers {\n    using Addresses for address;\n    using Addresses for address payable;\n\n    /*\n      Transfers funds from msg.sender to the exchange.\n    */\n    function transferIn(uint256 assetType, uint256 quantizedAmount) internal override {\n        uint256 amount = fromQuantized(assetType, quantizedAmount);\n        if (isERC20(assetType)) {\n            address tokenAddress = extractContractAddress(assetType);\n            IERC20 token = IERC20(tokenAddress);\n            uint256 exchangeBalanceBefore = token.balanceOf(address(this));\n            bytes memory callData = abi.encodeWithSelector(\n                token.transferFrom.selector,\n                msg.sender,\n                address(this),\n                amount\n            );\n            tokenAddress.safeTokenContractCall(callData);\n            uint256 exchangeBalanceAfter = token.balanceOf(address(this));\n            require(exchangeBalanceAfter \u003e= exchangeBalanceBefore, \"OVERFLOW\");\n            // NOLINTNEXTLINE(incorrect-equality): strict equality needed.\n            require(\n                exchangeBalanceAfter == exchangeBalanceBefore + amount,\n                \"INCORRECT_AMOUNT_TRANSFERRED\"\n            );\n        } else if (isEther(assetType)) {\n            require(msg.value == amount, \"INCORRECT_DEPOSIT_AMOUNT\");\n        } else {\n            revert(\"UNSUPPORTED_TOKEN_TYPE\");\n        }\n    }\n\n    function transferInNft(uint256 assetType, uint256 tokenId) internal override {\n        require(isERC721(assetType), \"NOT_ERC721_TOKEN\");\n        address tokenAddress = extractContractAddress(assetType);\n        tokenAddress.safeTokenContractCall(\n            abi.encodeWithSignature(\n                \"safeTransferFrom(address,address,uint256)\",\n                msg.sender,\n                address(this),\n                tokenId\n            )\n        );\n    }\n\n    /*\n      Transfers funds from the exchange to recipient.\n    */\n    function transferOut(\n        address payable recipient,\n        uint256 assetType,\n        uint256 quantizedAmount\n    ) internal override {\n        // Make sure we don\u0027t accidentally burn funds.\n        require(recipient != address(0x0), \"INVALID_RECIPIENT\");\n        uint256 amount = fromQuantized(assetType, quantizedAmount);\n        if (isERC20(assetType)) {\n            address tokenAddress = extractContractAddress(assetType);\n            IERC20 token = IERC20(tokenAddress);\n            uint256 exchangeBalanceBefore = token.balanceOf(address(this));\n            bytes memory callData = abi.encodeWithSelector(\n                token.transfer.selector,\n                recipient,\n                amount\n            );\n            tokenAddress.safeTokenContractCall(callData);\n            uint256 exchangeBalanceAfter = token.balanceOf(address(this));\n            require(exchangeBalanceAfter \u003c= exchangeBalanceBefore, \"UNDERFLOW\");\n            // NOLINTNEXTLINE(incorrect-equality): strict equality needed.\n            require(\n                exchangeBalanceAfter == exchangeBalanceBefore - amount,\n                \"INCORRECT_AMOUNT_TRANSFERRED\"\n            );\n        } else if (isEther(assetType)) {\n            recipient.performEthTransfer(amount);\n        } else {\n            revert(\"UNSUPPORTED_TOKEN_TYPE\");\n        }\n    }\n\n    /*\n      Transfers NFT from the exchange to recipient.\n    */\n    function transferOutNft(\n        address recipient,\n        uint256 assetType,\n        uint256 tokenId\n    ) internal override {\n        // Make sure we don\u0027t accidentally burn funds.\n        require(recipient != address(0x0), \"INVALID_RECIPIENT\");\n        require(isERC721(assetType), \"NOT_ERC721_TOKEN\");\n        address tokenAddress = extractContractAddress(assetType);\n        tokenAddress.safeTokenContractCall(\n            abi.encodeWithSignature(\n                \"safeTransferFrom(address,address,uint256)\",\n                address(this),\n                recipient,\n                tokenId\n            )\n        );\n    }\n\n    function transferOutMint(\n        uint256 assetType,\n        uint256 quantizedAmount,\n        address recipient,\n        bytes memory mintingBlob\n    ) internal override {\n        // Make sure we don\u0027t accidentally burn funds.\n        require(recipient != address(0x0), \"INVALID_RECIPIENT\");\n        require(isMintableAssetType(assetType), \"NON_MINTABLE_ASSET_TYPE\");\n        uint256 amount = fromQuantized(assetType, quantizedAmount);\n        address tokenAddress = extractContractAddress(assetType);\n        tokenAddress.safeTokenContractCall(\n            abi.encodeWithSignature(\n                \"mintFor(address,uint256,bytes)\",\n                recipient,\n                amount,\n                mintingBlob\n            )\n        );\n    }\n}\n"},"Users.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nimport \"ECDSA.sol\";\nimport \"MainStorage.sol\";\nimport \"LibConstants.sol\";\n\n/**\n  Users of the Stark Exchange are identified within the exchange by their Stark Key which is a\n  public key defined over a Stark-friendly elliptic curve that is different from the standard\n  Ethereum elliptic curve.\n\n  The Stark-friendly elliptic curve used is defined as follows:\n\n  .. math:: y^2 = (x^3 + \\alpha \\cdot x + \\beta) \\% p\n\n  where:\n\n  .. math:: \\alpha = 1\n  .. math:: \\beta = 3141592653589793238462643383279502884197169399375105820974944592307816406665\n  .. math:: p = 3618502788666131213697322783095070105623107215331596699973092056135872020481\n\n  User registration is the mechanism that associates an Ethereum address with a StarkKey\n  within the main contract context.\n\n  User registrations that were done on previous versions (up to v3.0) are still supported.\n  However, in most cases, there is no need to register a user.\n  The only flows that require user registration are the anti-concorship flows:\n  forced actions and deposit cancellation.\n\n  User registration is performed by calling :sol:func:`registerEthAddress` with the selected\n  Stark Key, representing an `x` coordinate on the Stark-friendly elliptic curve,\n  and the `y` coordinate of the key on the curve (due to the nature of the curve,\n  only two such possible `y` coordinates exist).\n\n  The registration is accepted if the following holds:\n\n  1. The key registered is not zero and has not been registered in the past by the user or anyone else.\n  2. The key provided represents a valid point on the Stark-friendly elliptic curve.\n  3. The linkage between the provided Ethereum address and the selected Stark Key is signed using\n     the privte key of the selected Stark Key.\n\n  If the above holds, the Ethereum address is registered by the contract, mapping it to the Stark Key.\n*/\nabstract contract Users is MainStorage, LibConstants {\n    event LogUserRegistered(address ethKey, uint256 starkKey, address sender);\n\n    function isOnCurve(uint256 starkKey) private view returns (bool) {\n        uint256 xCubed = mulmod(mulmod(starkKey, starkKey, K_MODULUS), starkKey, K_MODULUS);\n        return isQuadraticResidue(addmod(addmod(xCubed, starkKey, K_MODULUS), K_BETA, K_MODULUS));\n    }\n\n    function registerSender(uint256 starkKey, bytes calldata starkSignature) external {\n        registerEthAddress(msg.sender, starkKey, starkSignature);\n    }\n\n    function registerEthAddress(\n        address ethKey,\n        uint256 starkKey,\n        bytes calldata starkSignature\n    ) public {\n        // Validate keys and availability.\n        require(starkKey != 0, \"INVALID_STARK_KEY\");\n        require(starkKey \u003c K_MODULUS, \"INVALID_STARK_KEY\");\n        require(ethKey != ZERO_ADDRESS, \"INVALID_ETH_ADDRESS\");\n        require(ethKeys[starkKey] == ZERO_ADDRESS, \"STARK_KEY_UNAVAILABLE\");\n        require(isOnCurve(starkKey), \"INVALID_STARK_KEY\");\n        require(starkSignature.length == 32 * 3, \"INVALID_STARK_SIGNATURE_LENGTH\");\n\n        bytes memory sig = starkSignature;\n        (uint256 r, uint256 s, uint256 StarkKeyY) = abi.decode(sig, (uint256, uint256, uint256));\n\n        uint256 msgHash = uint256(\n            keccak256(abi.encodePacked(\"UserRegistration:\", ethKey, starkKey))\n        ) % ECDSA.EC_ORDER;\n\n        ECDSA.verify(msgHash, r, s, starkKey, StarkKeyY);\n\n        // Update state.\n        ethKeys[starkKey] = ethKey;\n\n        // Log new user.\n        emit LogUserRegistered(ethKey, starkKey, msg.sender);\n    }\n\n    function fieldPow(uint256 base, uint256 exponent) internal view returns (uint256) {\n        // NOLINTNEXTLINE: low-level-calls reentrancy-events reentrancy-no-eth.\n        (bool success, bytes memory returndata) = address(5).staticcall(\n            abi.encode(0x20, 0x20, 0x20, base, exponent, K_MODULUS)\n        );\n        require(success, string(returndata));\n        return abi.decode(returndata, (uint256));\n    }\n\n    function isQuadraticResidue(uint256 fieldElement) private view returns (bool) {\n        return 1 == fieldPow(fieldElement, ((K_MODULUS - 1) / 2));\n    }\n}\n"},"Withdrawals.sol":{"content":"/*\n  Copyright 2019-2021 StarkWare Industries Ltd.\n\n  Licensed under the Apache License, Version 2.0 (the \"License\").\n  You may not use this file except in compliance with the License.\n  You may obtain a copy of the License at\n\n  https://www.starkware.co/open-source-license/\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an \"AS IS\" BASIS,\n  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n  See the License for the specific language governing permissions\n  and limitations under the License.\n*/\n// SPDX-License-Identifier: Apache-2.0.\npragma solidity ^0.6.11;\n\nimport \"MAcceptModifications.sol\";\nimport \"MTokenQuantization.sol\";\nimport \"MTokenAssetData.sol\";\nimport \"MFreezable.sol\";\nimport \"MKeyGetters.sol\";\nimport \"MTokenTransfers.sol\";\nimport \"MainStorage.sol\";\n\n/**\n  For a user to perform a withdrawal operation from the Stark Exchange during normal operation\n  two calls are required:\n\n  1. A call to an offchain exchange API, requesting a withdrawal from a user account (vault).\n  2. A call to the on-chain :sol:func:`withdraw` function to perform the actual withdrawal of funds transferring them to the users Eth or ERC20 account (depending on the token type).\n\n  For simplicity, hereafter it is assumed that all tokens are ERC20 tokens but the text below\n  applies to Eth in the same manner.\n\n  In the first call mentioned above, anyone can call the API to request the withdrawal of an\n  amount from a given vault. Following the request, the exchange may include the withdrawal in a\n  STARK proof. The submission of a proof then results in the addition of the amount(s) withdrawn to\n  an on-chain pending withdrawals account under the stark key of the vault owner and the appropriate\n  asset ID. At the same time, this also implies that this amount is deducted from the off-chain\n  vault.\n\n  Once the amount to be withdrawn has been transfered to the on-chain pending withdrawals account,\n  the user may perform the second call mentioned above to complete the transfer of funds from the\n  Stark Exchange contract to the appropriate ERC20 account. Only a user holding the Eth key\n  corresponding to the Stark Key of a pending withdrawals account may perform this operation.\n\n  It is possible that for multiple withdrawal calls to the API, a single withdrawal call to the\n  contract may retrieve all funds, as long as they are all for the same asset ID.\n\n  The result of the operation, assuming all requirements are met, is that an amount of ERC20 tokens\n  in the pending withdrawal account times the quantization factor is transferred to the ERC20\n  account of the user.\n\n  A withdrawal request cannot be cancelled. Once funds reach the pending withdrawals account\n  on-chain, they cannot be moved back into an off-chain vault before completion of the withdrawal\n  to the ERC20 account of the user.\n\n  In the event that the exchange reaches a frozen state the user may perform a withdrawal operation\n  via an alternative flow, known as the \"Escape\" flow. In this flow, the API call above is replaced\n  with an :sol:func:`escape` call to the on-chain contract (see :sol:mod:`Escapes`) proving the\n  ownership of off-chain funds. If such proof is accepted, the user may proceed as above with\n  the :sol:func:`withdraw` call to the contract to complete the operation.\n*/\nabstract contract Withdrawals is\n    MainStorage,\n    MAcceptModifications,\n    MTokenQuantization,\n    MTokenAssetData,\n    MFreezable,\n    MKeyGetters,\n    MTokenTransfers\n{\n    event LogWithdrawalPerformed(\n        uint256 ownerKey,\n        uint256 assetType,\n        uint256 nonQuantizedAmount,\n        uint256 quantizedAmount,\n        address recipient\n    );\n\n    event LogNftWithdrawalPerformed(\n        uint256 ownerKey,\n        uint256 assetType,\n        uint256 tokenId,\n        uint256 assetId,\n        address recipient\n    );\n\n    event LogMintWithdrawalPerformed(\n        uint256 ownerKey,\n        uint256 assetType,\n        uint256 nonQuantizedAmount,\n        uint256 quantizedAmount,\n        uint256 assetId\n    );\n\n    function getWithdrawalBalance(uint256 ownerKey, uint256 assetId)\n        external\n        view\n        returns (uint256 balance)\n    {\n        uint256 presumedAssetType = assetId;\n        balance = fromQuantized(presumedAssetType, pendingWithdrawals[ownerKey][assetId]);\n    }\n\n    /*\n      Moves funds from the pending withdrawal account to the owner address.\n      Note: this function can be called by anyone.\n      Can be called normally while frozen.\n    */\n    function withdraw(uint256 ownerKey, uint256 assetType) external {\n        address payable recipient = payable(strictGetEthKey(ownerKey));\n        require(!isMintableAssetType(assetType), \"MINTABLE_ASSET_TYPE\");\n        require(isFungibleAssetType(assetType), \"NON_FUNGIBLE_ASSET_TYPE\");\n        uint256 assetId = assetType;\n        // Fetch and clear quantized amount.\n        uint256 quantizedAmount = pendingWithdrawals[ownerKey][assetId];\n        pendingWithdrawals[ownerKey][assetId] = 0;\n\n        // Transfer funds.\n        transferOut(recipient, assetType, quantizedAmount);\n        emit LogWithdrawalPerformed(\n            ownerKey,\n            assetType,\n            fromQuantized(assetType, quantizedAmount),\n            quantizedAmount,\n            recipient\n        );\n    }\n\n    /*\n      Allows withdrawal of an NFT to its owner account.\n      Note: this function can be called by anyone.\n      This function can be called normally while frozen.\n    */\n    function withdrawNft(\n        uint256 ownerKey,\n        uint256 assetType,\n        uint256 tokenId // No notFrozen modifier: This function can always be used, even when frozen.\n    ) external {\n        address recipient = strictGetEthKey(ownerKey);\n        // Calculate assetId.\n        uint256 assetId = calculateNftAssetId(assetType, tokenId);\n        require(!isMintableAssetType(assetType), \"MINTABLE_ASSET_TYPE\");\n        require(!isFungibleAssetType(assetType), \"FUNGIBLE_ASSET_TYPE\");\n        require(pendingWithdrawals[ownerKey][assetId] == 1, \"ILLEGAL_NFT_BALANCE\");\n        pendingWithdrawals[ownerKey][assetId] = 0;\n\n        // Transfer funds.\n        transferOutNft(recipient, assetType, tokenId);\n        emit LogNftWithdrawalPerformed(ownerKey, assetType, tokenId, assetId, recipient);\n    }\n\n    function withdrawAndMint(\n        uint256 ownerKey,\n        uint256 assetType,\n        bytes calldata mintingBlob\n    ) external {\n        address recipient = strictGetEthKey(ownerKey);\n        require(registeredAssetType[assetType], \"INVALID_ASSET_TYPE\");\n        require(isMintableAssetType(assetType), \"NON_MINTABLE_ASSET_TYPE\");\n        uint256 assetId = calculateMintableAssetId(assetType, mintingBlob);\n        require(pendingWithdrawals[ownerKey][assetId] \u003e 0, \"NO_PENDING_WITHDRAWAL_BALANCE\");\n        uint256 quantizedAmount = pendingWithdrawals[ownerKey][assetId];\n        pendingWithdrawals[ownerKey][assetId] = 0;\n        // Transfer funds.\n        transferOutMint(assetType, quantizedAmount, recipient, mintingBlob);\n        emit LogMintWithdrawalPerformed(\n            ownerKey,\n            assetType,\n            fromQuantized(assetType, quantizedAmount),\n            quantizedAmount,\n            assetId\n        );\n    }\n}\n"}}