Transaction Hash:
Block:
20089075 at Jun-14-2024 09:13:59 AM +UTC
Transaction Fee:
0.001184039143545272 ETH
$2.25
Gas Used:
154,259 Gas / 7.675656808 Gwei
Emitted Events:
| 393 |
PaymentProcessor.NonceInvalidated( nonce=69005277841611552456666767078621072521642912468796321438269508217196416860163, account=0xc2ff83a6bbd0ad8cc5ae824a8463752592aaebd5, wasCancellation=False )
|
| 394 |
FunMint.Transfer( from=0xc2ff83a6bbd0ad8cc5ae824a8463752592aaebd5, to=[Sender] 0xf39a8228a8127e4920d11055c9d20b330272f7dd, tokenId=8773 )
|
| 395 |
PaymentProcessor.BuyListingERC721( buyer=[Sender] 0xf39a8228a8127e4920d11055c9d20b330272f7dd, seller=0xc2ff83a6bbd0ad8cc5ae824a8463752592aaebd5, tokenAddress=FunMint, beneficiary=[Sender] 0xf39a8228a8127e4920d11055c9d20b330272f7dd, paymentCoin=0x00000000...000000000, tokenId=8773, salePrice=10200000000000000000 )
|
Account State Difference:
| Address | Before | After | State Difference | ||
|---|---|---|---|---|---|
| 0x00000000...28bC6628C | |||||
|
0x95222290...5CC4BAfe5
Miner
| (beaverbuild) | 9.643865772942362373 Eth | 9.643865927201362373 Eth | 0.000000154259 | |
| 0x9A1D00bE...22Aac6834 | |||||
| 0xC2Ff83A6...592aAEBd5 | 0.016529389186211938 Eth | 10.216529389186211938 Eth | 10.2 | ||
| 0xf39A8228...30272F7dD |
10.210758445503329149 Eth
Nonce: 2
|
0.009574406359783877 Eth
Nonce: 3
| 10.201184039143545272 |
Execution Trace
ETH 10.2
TrustedForwarder.forwardCall( target=0x9A1D00bEd7CD04BCDA516d721A596eb22Aac6834, message=0xC32DACAE00000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000380366C197F70B07438A884ACC9C6424F7A2B935BA6EC54C8064A2527B1338A5A950000000000000000000000000000000000000000000000000000000000000000000000000000000000000000C2FF83A6BBD0AD8CC5AE824A8463752592AAEBD5000000000000000000000000F39A8228A8127E4920D11055C9D20B330272F7DD000000000000000000000000CA9337244B5F04CB946391BC8B8A980E988F9A6A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005AFFE6623A1753F7C055A28BC6628C000000000000000000000000000000000000000000000000000000000000224500000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000008D8DADF544FC0000988F9A6A0000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000669396300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000001CF34ED8DAB8B0C9ACACACE37CE360F4A14E4EC673ACD6737F65384235847403B63E33262CCD02BE925119E23C99C94789210AFBF0408A3E31C59166B7C4E8B0F000000000000000000000000032DA57E736E05F75AA4FAE2E9BE60FD904492726000000000000000000000000F39A8228A8127E4920D11055C9D20B330272F7DD00000000000000000000000000000000000000000000000000000000666C0A0B000000000000000000000000000000000000000000000000000000000000001B13BD38C9ABCCEEE5D1E8F10135D8B6A1C21539BF54EA9804B0B761F2FF0B423039A33A9EC864601190AE54C2FDA36A314A255544A56666720963F1A05E368C4800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ) => ( returnData=0x )
ETH 10.2
TrustedForwarder.forwardCall( target=0x9A1D00bEd7CD04BCDA516d721A596eb22Aac6834, message=0xC32DACAE00000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000380366C197F70B07438A884ACC9C6424F7A2B935BA6EC54C8064A2527B1338A5A950000000000000000000000000000000000000000000000000000000000000000000000000000000000000000C2FF83A6BBD0AD8CC5AE824A8463752592AAEBD5000000000000000000000000F39A8228A8127E4920D11055C9D20B330272F7DD000000000000000000000000CA9337244B5F04CB946391BC8B8A980E988F9A6A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005AFFE6623A1753F7C055A28BC6628C000000000000000000000000000000000000000000000000000000000000224500000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000008D8DADF544FC0000988F9A6A0000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000669396300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000001CF34ED8DAB8B0C9ACACACE37CE360F4A14E4EC673ACD6737F65384235847403B63E33262CCD02BE925119E23C99C94789210AFBF0408A3E31C59166B7C4E8B0F000000000000000000000000032DA57E736E05F75AA4FAE2E9BE60FD904492726000000000000000000000000F39A8228A8127E4920D11055C9D20B330272F7DD00000000000000000000000000000000000000000000000000000000666C0A0B000000000000000000000000000000000000000000000000000000000000001B13BD38C9ABCCEEE5D1E8F10135D8B6A1C21539BF54EA9804B0B761F2FF0B423039A33A9EC864601190AE54C2FDA36A314A255544A56666720963F1A05E368C4800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ) => ( returnData=0x )ETH 10.2
PaymentProcessor.buyListing( data=0x366C197F70B07438A884ACC9C6424F7A2B935BA6EC54C8064A2527B1338A5A950000000000000000000000000000000000000000000000000000000000000000000000000000000000000000C2FF83A6BBD0AD8CC5AE824A8463752592AAEBD5000000000000000000000000F39A8228A8127E4920D11055C9D20B330272F7DD000000000000000000000000CA9337244B5F04CB946391BC8B8A980E988F9A6A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005AFFE6623A1753F7C055A28BC6628C000000000000000000000000000000000000000000000000000000000000224500000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000008D8DADF544FC0000988F9A6A0000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000669396300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000001CF34ED8DAB8B0C9ACACACE37CE360F4A14E4EC673ACD6737F65384235847403B63E33262CCD02BE925119E23C99C94789210AFBF0408A3E31C59166B7C4E8B0F000000000000000000000000032DA57E736E05F75AA4FAE2E9BE60FD904492726000000000000000000000000F39A8228A8127E4920D11055C9D20B330272F7DD00000000000000000000000000000000000000000000000000000000666C0A0B000000000000000000000000000000000000000000000000000000000000001B13BD38C9ABCCEEE5D1E8F10135D8B6A1C21539BF54EA9804B0B761F2FF0B423039A33A9EC864601190AE54C2FDA36A314A255544A56666720963F1A05E368C4800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 )ETH 10.2
ModuleTrades.buyListing( domainSeparator=366C197F70B07438A884ACC9C6424F7A2B935BA6EC54C8064A2527B1338A5A95, saleDetails=[{name:protocol, type:uint8, order:1, indexed:false, value:0, valueString:0}, {name:maker, type:address, order:2, indexed:false, value:0xC2Ff83A6BBD0AD8CC5Ae824a8463752592aAEBd5, valueString:0xC2Ff83A6BBD0AD8CC5Ae824a8463752592aAEBd5}, {name:beneficiary, type:address, order:3, indexed:false, value:0xf39A8228A8127e4920d11055c9d20B330272F7dD, valueString:0xf39A8228A8127e4920d11055c9d20B330272F7dD}, {name:marketplace, type:address, order:4, indexed:false, value:0xCA9337244B5F04cB946391bC8B8A980e988f9A6A, valueString:0xCA9337244B5F04cB946391bC8B8A980e988f9A6A}, {name:fallbackRoyaltyRecipient, type:address, order:5, indexed:false, value:0x0000000000000000000000000000000000000000, valueString:0x0000000000000000000000000000000000000000}, {name:paymentMethod, type:address, order:6, indexed:false, value:0x0000000000000000000000000000000000000000, valueString:0x0000000000000000000000000000000000000000}, {name:tokenAddress, type:address, order:7, indexed:false, value:0x00000000005AFfE6623a1753f7C055a28bC6628C, valueString:0x00000000005AFfE6623a1753f7C055a28bC6628C}, {name:tokenId, type:uint256, order:8, indexed:false, value:8773, valueString:8773}, {name:amount, type:uint248, order:9, indexed:false, value:1, valueString:1}, {name:itemPrice, type:uint256, order:10, indexed:false, value:10200000000000000000, valueString:10200000000000000000}, {name:nonce, type:uint256, order:11, indexed:false, value:69005277841611552456666767078621072521642912468796321438269508217196416860163, valueString:69005277841611552456666767078621072521642912468796321438269508217196416860163}, {name:expiration, type:uint256, order:12, indexed:false, value:1720948272, valueString:1720948272}, {name:marketplaceFeeNumerator, type:uint256, order:13, indexed:false, value:0, valueString:0}, {name:maxRoyaltyFeeNumerator, type:uint256, order:14, indexed:false, value:0, valueString:0}, {name:requestedFillAmount, type:uint248, order:15, indexed:false, value:1, valueString:1}, {name:minimumFillAmount, type:uint248, order:16, indexed:false, value:1, valueString:1}], sellerSignature=[{name:v, type:uint8, order:1, indexed:false, value:28, valueString:28}, {name:r, type:bytes32, order:2, indexed:false, value:F34ED8DAB8B0C9ACACACE37CE360F4A14E4EC673ACD6737F65384235847403B6, valueString:F34ED8DAB8B0C9ACACACE37CE360F4A14E4EC673ACD6737F65384235847403B6}, {name:s, type:bytes32, order:3, indexed:false, value:3E33262CCD02BE925119E23C99C94789210AFBF0408A3E31C59166B7C4E8B0F0, valueString:3E33262CCD02BE925119E23C99C94789210AFBF0408A3E31C59166B7C4E8B0F0}], cosignature=[{name:signer, type:address, order:1, indexed:false, value:0x32dA57E736E05f75aa4FaE2E9Be60FD904492726, valueString:0x32dA57E736E05f75aa4FaE2E9Be60FD904492726}, {name:taker, type:address, order:2, indexed:false, value:0xf39A8228A8127e4920d11055c9d20B330272F7dD, valueString:0xf39A8228A8127e4920d11055c9d20B330272F7dD}, {name:expiration, type:uint256, order:3, indexed:false, value:1718356491, valueString:1718356491}, {name:v, type:uint8, order:4, indexed:false, value:27, valueString:27}, {name:r, type:bytes32, order:5, indexed:false, value:13BD38C9ABCCEEE5D1E8F10135D8B6A1C21539BF54EA9804B0B761F2FF0B4230, valueString:13BD38C9ABCCEEE5D1E8F10135D8B6A1C21539BF54EA9804B0B761F2FF0B4230}, {name:s, type:bytes32, order:6, indexed:false, value:39A33A9EC864601190AE54C2FDA36A314A255544A56666720963F1A05E368C48, valueString:39A33A9EC864601190AE54C2FDA36A314A255544A56666720963F1A05E368C48}], feeOnTop=[{name:recipient, type:address, order:1, indexed:false, value:0x0000000000000000000000000000000000000000, valueString:0x0000000000000000000000000000000000000000}, {name:amount, type:uint256, order:2, indexed:false, value:0, valueString:0}] )-
TrustedForwarderFactory.isTrustedForwarder( sender=0x5ebc127fae83ed5bdd91fc6a5f5767E259dF5642 ) => ( True ) -
Null: 0x000...001.6d798157( ) -
Null: 0x000...001.c3bd9c3b( ) -
FunMint.transferFrom( from=0xC2Ff83A6BBD0AD8CC5Ae824a8463752592aAEBd5, to=0xf39A8228A8127e4920d11055c9d20B330272F7dD, tokenId=8773 )
-
FunMint.2a55205a( )
- ETH 10.2
0xc2ff83a6bbd0ad8cc5ae824a8463752592aaebd5.CALL( )
-
File 1 of 6: TrustedForwarder
File 2 of 6: PaymentProcessor
File 3 of 6: FunMint
File 4 of 6: TrustedForwarder
File 5 of 6: ModuleTrades
File 6 of 6: TrustedForwarderFactory
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.4;
import "@openzeppelin/contracts/access/Ownable.sol";
import "@openzeppelin/contracts/proxy/utils/Initializable.sol";
import "@openzeppelin/contracts/utils/cryptography/EIP712.sol";
import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
/**
* @title TrustedForwarder
* @author Limit Break, Inc.
* @notice TrustedForwarder is a generic message forwarder, which allows you to relay transactions to any contract and preserve the original sender.
* The processor acts as a trusted proxy, which can be a way to limit interactions with your contract, or enforce certain conditions.
*/
contract TrustedForwarder is EIP712, Initializable, Ownable {
error TrustedForwarder__CannotSetAppSignerToZeroAddress();
error TrustedForwarder__CannotSetOwnerToZeroAddress();
error TrustedForwarder__CannotUseWithoutSignature();
error TrustedForwarder__InvalidSignature();
error TrustedForwarder__SignerNotAuthorized();
struct SignatureECDSA {
uint8 v;
bytes32 r;
bytes32 s;
}
// keccak256("AppSigner(bytes32 messageHash,address target,address sender)")
bytes32 public constant APP_SIGNER_TYPEHASH = 0xc83d02443cc9e12c5d2faae8a9a36bf0112f5b4a8cce23c9277a0c68bf638762;
address public signer;
constructor() EIP712("TrustedForwarder", "1") {}
/**
* @notice Initializes the TrustedForwarder contract.
*
* @dev This should be called atomically with the clone of the contract to prevent bad actors from calling it.
* @dev - Throws if the contract is already initialized
*
* @param owner The address to assign the owner role to.
* @param appSigner The address to assign the app signer role to.
*/
function __TrustedForwarder_init(address owner, address appSigner) external initializer {
if (owner == address(0)) {
revert TrustedForwarder__CannotSetOwnerToZeroAddress();
}
if (appSigner != address(0)) {
signer = appSigner;
}
_transferOwnership(owner);
}
/**
* @notice Forwards a message to a target contract, preserving the original sender.
* @notice In the case the forwarder does not require a signature, this function should be used to save gas.
*
* @dev - Throws if the target contract reverts.
* @dev - Throws if the target address has no code.
* @dev - Throws if `signer` is not address(0).
*
* @param target The address of the contract to forward the message to.
* @param message The calldata to forward.
*
* @return returnData The return data of the call to the target contract.
*/
function forwardCall(address target, bytes calldata message)
external
payable
returns (bytes memory returnData)
{
address signerCache = signer;
if (signerCache != address(0)) {
revert TrustedForwarder__CannotUseWithoutSignature();
}
bytes memory encodedData = _encodeERC2771Context(message, _msgSender());
assembly {
let success := call(gas(), target, callvalue(), add(encodedData, 0x20), mload(encodedData), 0, 0)
let size := returndatasize()
returnData := mload(0x40)
mstore(returnData, size)
mstore(0x40, add(add(returnData, 0x20), size)) // Adjust memory pointer
returndatacopy(add(returnData, 0x20), 0, size) // Copy returndata to memory
if iszero(success) {
revert(add(returnData, 0x20), size) // Revert with return data on failure
}
// If the call was successful, but the return data is empty, check if the target address has code
if iszero(size) {
if iszero(extcodesize(target)) {
mstore(0x00, 0x39bf07c1) // Store function selector `TrustedForwarder__TargetAddressHasNoCode()` and revert
revert(0x1c, 0x04) // Revert with the custom function selector
}
}
}
}
/**
* @notice Forwards a message to a target contract, preserving the original sender.
* @notice This should only be used if the forwarder requires a signature.
* @notice In the case the app signer is not set, use the overloaded `forwardCall` function without a signature variable.
*
* @dev - Throws if the target contract reverts.
* @dev - Throws if the target address has no code.
* @dev - Throws if `signer` is not address(0) and the signature does not match the signer.
*
* @param target The address of the contract to forward the message to.
* @param message The calldata to forward.
* @param signature The signature of the message.
*
* @return returnData The return data of the call to the target contract.
*/
function forwardCall(address target, bytes calldata message, SignatureECDSA calldata signature)
external
payable
returns (bytes memory returnData)
{
address signerCache = signer;
if (signerCache != address(0)) {
if (
signerCache != _ecdsaRecover(
_hashTypedDataV4(
keccak256(abi.encode(APP_SIGNER_TYPEHASH, keccak256(message), target, _msgSender()))
),
signature.v,
signature.r,
signature.s
)
) {
revert TrustedForwarder__SignerNotAuthorized();
}
}
bytes memory encodedData = _encodeERC2771Context(message, _msgSender());
assembly {
let success := call(gas(), target, callvalue(), add(encodedData, 0x20), mload(encodedData), 0, 0)
let size := returndatasize()
returnData := mload(0x40)
mstore(returnData, size)
mstore(0x40, add(add(returnData, 0x20), size)) // Adjust memory pointer
returndatacopy(add(returnData, 0x20), 0, size) // Copy returndata to memory
if iszero(success) {
revert(add(returnData, 0x20), size) // Revert with return data on failure
}
// If the call was successful, but the return data is empty, check if the target address has code
if iszero(size) {
if iszero(extcodesize(target)) {
mstore(0x00, 0x39bf07c1) // Store function selector `TrustedForwarder__TargetAddressHasNoCode()` and revert
revert(0x1c, 0x04) // Revert with the custom function selector
}
}
}
}
/**
* @notice Updates the app signer address. To disable app signing, set signer to address(0).
*
* @dev - Throws if the sender is not the owner.
*
* @param signer_ The address to assign the app signer role to.
*/
function updateSigner(address signer_) external onlyOwner {
if (signer_ == address(0)) {
revert TrustedForwarder__CannotSetAppSignerToZeroAddress();
}
signer = signer_;
}
/**
* @notice Resets the app signer address to address(0).
*
* @dev - Throws if the sender is not the owner.
*/
function deactivateSigner() external onlyOwner {
signer = address(0);
}
/**
* @notice Returns the domain separator used in the permit signature
*
* @return The domain separator
*/
function domainSeparatorV4() external view returns (bytes32) {
return _domainSeparatorV4();
}
/// @dev appends the msg.sender to the end of the calldata
function _encodeERC2771Context(bytes calldata _data, address _msgSender) internal pure returns (bytes memory encodedData) {
assembly {
// Calculate total length: data.length + 20 bytes for the address
let totalLength := add(_data.length, 20)
// Allocate memory for the combined data
encodedData := mload(0x40)
mstore(0x40, add(encodedData, add(totalLength, 0x20)))
// Set the length of the `encodedData`
mstore(encodedData, totalLength)
// Copy the `bytes calldata` data
calldatacopy(add(encodedData, 0x20), _data.offset, _data.length)
// Append the `address`. Addresses are 20 bytes, stored in the last 20 bytes of a 32-byte word
mstore(add(add(encodedData, 0x20), _data.length), shl(96, _msgSender))
}
}
/**
* @notice Recovers an ECDSA signature
*
* @dev This function is copied from OpenZeppelin's ECDSA library
*
* @param digest The digest to recover
* @param v The v component of the signature
* @param r The r component of the signature
* @param s The s component of the signature
*
* @return recoveredSigner The signer of the digest
*/
function _ecdsaRecover(bytes32 digest, uint8 v, bytes32 r, bytes32 s) internal pure returns (address recoveredSigner) {
if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
revert TrustedForwarder__InvalidSignature();
}
recoveredSigner = ecrecover(digest, v, r, s);
if (recoveredSigner == address(0)) {
revert TrustedForwarder__InvalidSignature();
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (access/Ownable.sol)
pragma solidity ^0.8.0;
import "../utils/Context.sol";
/**
* @dev Contract module which provides a basic access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* By default, the owner account will be the one that deploys the contract. This
* can later be changed with {transferOwnership}.
*
* This module is used through inheritance. It will make available the modifier
* `onlyOwner`, which can be applied to your functions to restrict their use to
* the owner.
*/
abstract contract Ownable is Context {
address private _owner;
event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
/**
* @dev Initializes the contract setting the deployer as the initial owner.
*/
constructor() {
_transferOwnership(_msgSender());
}
/**
* @dev Throws if called by any account other than the owner.
*/
modifier onlyOwner() {
_checkOwner();
_;
}
/**
* @dev Returns the address of the current owner.
*/
function owner() public view virtual returns (address) {
return _owner;
}
/**
* @dev Throws if the sender is not the owner.
*/
function _checkOwner() internal view virtual {
require(owner() == _msgSender(), "Ownable: caller is not the owner");
}
/**
* @dev Leaves the contract without owner. It will not be possible to call
* `onlyOwner` functions. Can only be called by the current owner.
*
* NOTE: Renouncing ownership will leave the contract without an owner,
* thereby disabling any functionality that is only available to the owner.
*/
function renounceOwnership() public virtual onlyOwner {
_transferOwnership(address(0));
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Can only be called by the current owner.
*/
function transferOwnership(address newOwner) public virtual onlyOwner {
require(newOwner != address(0), "Ownable: new owner is the zero address");
_transferOwnership(newOwner);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Internal function without access restriction.
*/
function _transferOwnership(address newOwner) internal virtual {
address oldOwner = _owner;
_owner = newOwner;
emit OwnershipTransferred(oldOwner, newOwner);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (proxy/utils/Initializable.sol)
pragma solidity ^0.8.2;
import "../../utils/Address.sol";
/**
* @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
* behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
* external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
* function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
*
* The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
* reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
* case an upgrade adds a module that needs to be initialized.
*
* For example:
*
* [.hljs-theme-light.nopadding]
* ```solidity
* contract MyToken is ERC20Upgradeable {
* function initialize() initializer public {
* __ERC20_init("MyToken", "MTK");
* }
* }
*
* contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
* function initializeV2() reinitializer(2) public {
* __ERC20Permit_init("MyToken");
* }
* }
* ```
*
* TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
* possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
*
* CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
* that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
*
* [CAUTION]
* ====
* Avoid leaving a contract uninitialized.
*
* An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
* contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
* the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
*
* [.hljs-theme-light.nopadding]
* ```
* /// @custom:oz-upgrades-unsafe-allow constructor
* constructor() {
* _disableInitializers();
* }
* ```
* ====
*/
abstract contract Initializable {
/**
* @dev Indicates that the contract has been initialized.
* @custom:oz-retyped-from bool
*/
uint8 private _initialized;
/**
* @dev Indicates that the contract is in the process of being initialized.
*/
bool private _initializing;
/**
* @dev Triggered when the contract has been initialized or reinitialized.
*/
event Initialized(uint8 version);
/**
* @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
* `onlyInitializing` functions can be used to initialize parent contracts.
*
* Similar to `reinitializer(1)`, except that functions marked with `initializer` can be nested in the context of a
* constructor.
*
* Emits an {Initialized} event.
*/
modifier initializer() {
bool isTopLevelCall = !_initializing;
require(
(isTopLevelCall && _initialized < 1) || (!Address.isContract(address(this)) && _initialized == 1),
"Initializable: contract is already initialized"
);
_initialized = 1;
if (isTopLevelCall) {
_initializing = true;
}
_;
if (isTopLevelCall) {
_initializing = false;
emit Initialized(1);
}
}
/**
* @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
* contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
* used to initialize parent contracts.
*
* A reinitializer may be used after the original initialization step. This is essential to configure modules that
* are added through upgrades and that require initialization.
*
* When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`
* cannot be nested. If one is invoked in the context of another, execution will revert.
*
* Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
* a contract, executing them in the right order is up to the developer or operator.
*
* WARNING: setting the version to 255 will prevent any future reinitialization.
*
* Emits an {Initialized} event.
*/
modifier reinitializer(uint8 version) {
require(!_initializing && _initialized < version, "Initializable: contract is already initialized");
_initialized = version;
_initializing = true;
_;
_initializing = false;
emit Initialized(version);
}
/**
* @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
* {initializer} and {reinitializer} modifiers, directly or indirectly.
*/
modifier onlyInitializing() {
require(_initializing, "Initializable: contract is not initializing");
_;
}
/**
* @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
* Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
* to any version. It is recommended to use this to lock implementation contracts that are designed to be called
* through proxies.
*
* Emits an {Initialized} event the first time it is successfully executed.
*/
function _disableInitializers() internal virtual {
require(!_initializing, "Initializable: contract is initializing");
if (_initialized != type(uint8).max) {
_initialized = type(uint8).max;
emit Initialized(type(uint8).max);
}
}
/**
* @dev Returns the highest version that has been initialized. See {reinitializer}.
*/
function _getInitializedVersion() internal view returns (uint8) {
return _initialized;
}
/**
* @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.
*/
function _isInitializing() internal view returns (bool) {
return _initializing;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/EIP712.sol)
pragma solidity ^0.8.8;
import "./ECDSA.sol";
import "../ShortStrings.sol";
import "../../interfaces/IERC5267.sol";
/**
* @dev https://eips.ethereum.org/EIPS/eip-712[EIP 712] is a standard for hashing and signing of typed structured data.
*
* The encoding specified in the EIP is very generic, and such a generic implementation in Solidity is not feasible,
* thus this contract does not implement the encoding itself. Protocols need to implement the type-specific encoding
* they need in their contracts using a combination of `abi.encode` and `keccak256`.
*
* This contract implements the EIP 712 domain separator ({_domainSeparatorV4}) that is used as part of the encoding
* scheme, and the final step of the encoding to obtain the message digest that is then signed via ECDSA
* ({_hashTypedDataV4}).
*
* The implementation of the domain separator was designed to be as efficient as possible while still properly updating
* the chain id to protect against replay attacks on an eventual fork of the chain.
*
* NOTE: This contract implements the version of the encoding known as "v4", as implemented by the JSON RPC method
* https://docs.metamask.io/guide/signing-data.html[`eth_signTypedDataV4` in MetaMask].
*
* NOTE: In the upgradeable version of this contract, the cached values will correspond to the address, and the domain
* separator of the implementation contract. This will cause the `_domainSeparatorV4` function to always rebuild the
* separator from the immutable values, which is cheaper than accessing a cached version in cold storage.
*
* _Available since v3.4._
*
* @custom:oz-upgrades-unsafe-allow state-variable-immutable state-variable-assignment
*/
abstract contract EIP712 is IERC5267 {
using ShortStrings for *;
bytes32 private constant _TYPE_HASH =
keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)");
// Cache the domain separator as an immutable value, but also store the chain id that it corresponds to, in order to
// invalidate the cached domain separator if the chain id changes.
bytes32 private immutable _cachedDomainSeparator;
uint256 private immutable _cachedChainId;
address private immutable _cachedThis;
bytes32 private immutable _hashedName;
bytes32 private immutable _hashedVersion;
ShortString private immutable _name;
ShortString private immutable _version;
string private _nameFallback;
string private _versionFallback;
/**
* @dev Initializes the domain separator and parameter caches.
*
* The meaning of `name` and `version` is specified in
* https://eips.ethereum.org/EIPS/eip-712#definition-of-domainseparator[EIP 712]:
*
* - `name`: the user readable name of the signing domain, i.e. the name of the DApp or the protocol.
* - `version`: the current major version of the signing domain.
*
* NOTE: These parameters cannot be changed except through a xref:learn::upgrading-smart-contracts.adoc[smart
* contract upgrade].
*/
constructor(string memory name, string memory version) {
_name = name.toShortStringWithFallback(_nameFallback);
_version = version.toShortStringWithFallback(_versionFallback);
_hashedName = keccak256(bytes(name));
_hashedVersion = keccak256(bytes(version));
_cachedChainId = block.chainid;
_cachedDomainSeparator = _buildDomainSeparator();
_cachedThis = address(this);
}
/**
* @dev Returns the domain separator for the current chain.
*/
function _domainSeparatorV4() internal view returns (bytes32) {
if (address(this) == _cachedThis && block.chainid == _cachedChainId) {
return _cachedDomainSeparator;
} else {
return _buildDomainSeparator();
}
}
function _buildDomainSeparator() private view returns (bytes32) {
return keccak256(abi.encode(_TYPE_HASH, _hashedName, _hashedVersion, block.chainid, address(this)));
}
/**
* @dev Given an already https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct[hashed struct], this
* function returns the hash of the fully encoded EIP712 message for this domain.
*
* This hash can be used together with {ECDSA-recover} to obtain the signer of a message. For example:
*
* ```solidity
* bytes32 digest = _hashTypedDataV4(keccak256(abi.encode(
* keccak256("Mail(address to,string contents)"),
* mailTo,
* keccak256(bytes(mailContents))
* )));
* address signer = ECDSA.recover(digest, signature);
* ```
*/
function _hashTypedDataV4(bytes32 structHash) internal view virtual returns (bytes32) {
return ECDSA.toTypedDataHash(_domainSeparatorV4(), structHash);
}
/**
* @dev See {EIP-5267}.
*
* _Available since v4.9._
*/
function eip712Domain()
public
view
virtual
override
returns (
bytes1 fields,
string memory name,
string memory version,
uint256 chainId,
address verifyingContract,
bytes32 salt,
uint256[] memory extensions
)
{
return (
hex"0f", // 01111
_name.toStringWithFallback(_nameFallback),
_version.toStringWithFallback(_versionFallback),
block.chainid,
address(this),
bytes32(0),
new uint256[](0)
);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/ECDSA.sol)
pragma solidity ^0.8.0;
import "../Strings.sol";
/**
* @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.
*
* These functions can be used to verify that a message was signed by the holder
* of the private keys of a given address.
*/
library ECDSA {
enum RecoverError {
NoError,
InvalidSignature,
InvalidSignatureLength,
InvalidSignatureS,
InvalidSignatureV // Deprecated in v4.8
}
function _throwError(RecoverError error) private pure {
if (error == RecoverError.NoError) {
return; // no error: do nothing
} else if (error == RecoverError.InvalidSignature) {
revert("ECDSA: invalid signature");
} else if (error == RecoverError.InvalidSignatureLength) {
revert("ECDSA: invalid signature length");
} else if (error == RecoverError.InvalidSignatureS) {
revert("ECDSA: invalid signature 's' value");
}
}
/**
* @dev Returns the address that signed a hashed message (`hash`) with
* `signature` or error string. This address can then be used for verification purposes.
*
* The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:
* this function rejects them by requiring the `s` value to be in the lower
* half order, and the `v` value to be either 27 or 28.
*
* IMPORTANT: `hash` _must_ be the result of a hash operation for the
* verification to be secure: it is possible to craft signatures that
* recover to arbitrary addresses for non-hashed data. A safe way to ensure
* this is by receiving a hash of the original message (which may otherwise
* be too long), and then calling {toEthSignedMessageHash} on it.
*
* Documentation for signature generation:
* - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]
* - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]
*
* _Available since v4.3._
*/
function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError) {
if (signature.length == 65) {
bytes32 r;
bytes32 s;
uint8 v;
// ecrecover takes the signature parameters, and the only way to get them
// currently is to use assembly.
/// @solidity memory-safe-assembly
assembly {
r := mload(add(signature, 0x20))
s := mload(add(signature, 0x40))
v := byte(0, mload(add(signature, 0x60)))
}
return tryRecover(hash, v, r, s);
} else {
return (address(0), RecoverError.InvalidSignatureLength);
}
}
/**
* @dev Returns the address that signed a hashed message (`hash`) with
* `signature`. This address can then be used for verification purposes.
*
* The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:
* this function rejects them by requiring the `s` value to be in the lower
* half order, and the `v` value to be either 27 or 28.
*
* IMPORTANT: `hash` _must_ be the result of a hash operation for the
* verification to be secure: it is possible to craft signatures that
* recover to arbitrary addresses for non-hashed data. A safe way to ensure
* this is by receiving a hash of the original message (which may otherwise
* be too long), and then calling {toEthSignedMessageHash} on it.
*/
function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {
(address recovered, RecoverError error) = tryRecover(hash, signature);
_throwError(error);
return recovered;
}
/**
* @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.
*
* See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures]
*
* _Available since v4.3._
*/
function tryRecover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address, RecoverError) {
bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);
uint8 v = uint8((uint256(vs) >> 255) + 27);
return tryRecover(hash, v, r, s);
}
/**
* @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.
*
* _Available since v4.2._
*/
function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {
(address recovered, RecoverError error) = tryRecover(hash, r, vs);
_throwError(error);
return recovered;
}
/**
* @dev Overload of {ECDSA-tryRecover} that receives the `v`,
* `r` and `s` signature fields separately.
*
* _Available since v4.3._
*/
function tryRecover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address, RecoverError) {
// EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature
// unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
// the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most
// signatures from current libraries generate a unique signature with an s-value in the lower half order.
//
// If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value
// with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or
// vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept
// these malleable signatures as well.
if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
return (address(0), RecoverError.InvalidSignatureS);
}
// If the signature is valid (and not malleable), return the signer address
address signer = ecrecover(hash, v, r, s);
if (signer == address(0)) {
return (address(0), RecoverError.InvalidSignature);
}
return (signer, RecoverError.NoError);
}
/**
* @dev Overload of {ECDSA-recover} that receives the `v`,
* `r` and `s` signature fields separately.
*/
function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {
(address recovered, RecoverError error) = tryRecover(hash, v, r, s);
_throwError(error);
return recovered;
}
/**
* @dev Returns an Ethereum Signed Message, created from a `hash`. This
* produces hash corresponding to the one signed with the
* https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]
* JSON-RPC method as part of EIP-191.
*
* See {recover}.
*/
function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32 message) {
// 32 is the length in bytes of hash,
// enforced by the type signature above
/// @solidity memory-safe-assembly
assembly {
mstore(0x00, "\\x19Ethereum Signed Message:\
32")
mstore(0x1c, hash)
message := keccak256(0x00, 0x3c)
}
}
/**
* @dev Returns an Ethereum Signed Message, created from `s`. This
* produces hash corresponding to the one signed with the
* https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]
* JSON-RPC method as part of EIP-191.
*
* See {recover}.
*/
function toEthSignedMessageHash(bytes memory s) internal pure returns (bytes32) {
return keccak256(abi.encodePacked("\\x19Ethereum Signed Message:\
", Strings.toString(s.length), s));
}
/**
* @dev Returns an Ethereum Signed Typed Data, created from a
* `domainSeparator` and a `structHash`. This produces hash corresponding
* to the one signed with the
* https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`]
* JSON-RPC method as part of EIP-712.
*
* See {recover}.
*/
function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 data) {
/// @solidity memory-safe-assembly
assembly {
let ptr := mload(0x40)
mstore(ptr, "\\x19\\x01")
mstore(add(ptr, 0x02), domainSeparator)
mstore(add(ptr, 0x22), structHash)
data := keccak256(ptr, 0x42)
}
}
/**
* @dev Returns an Ethereum Signed Data with intended validator, created from a
* `validator` and `data` according to the version 0 of EIP-191.
*
* See {recover}.
*/
function toDataWithIntendedValidatorHash(address validator, bytes memory data) internal pure returns (bytes32) {
return keccak256(abi.encodePacked("\\x19\\x00", validator, data));
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)
pragma solidity ^0.8.0;
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract Context {
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)
pragma solidity ^0.8.1;
/**
* @dev Collection of functions related to the address type
*/
library Address {
/**
* @dev Returns true if `account` is a contract.
*
* [IMPORTANT]
* ====
* It is unsafe to assume that an address for which this function returns
* false is an externally-owned account (EOA) and not a contract.
*
* Among others, `isContract` will return false for the following
* types of addresses:
*
* - an externally-owned account
* - a contract in construction
* - an address where a contract will be created
* - an address where a contract lived, but was destroyed
*
* Furthermore, `isContract` will also return true if the target contract within
* the same transaction is already scheduled for destruction by `SELFDESTRUCT`,
* which only has an effect at the end of a transaction.
* ====
*
* [IMPORTANT]
* ====
* You shouldn't rely on `isContract` to protect against flash loan attacks!
*
* Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
* like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
* constructor.
* ====
*/
function isContract(address account) internal view returns (bool) {
// This method relies on extcodesize/address.code.length, which returns 0
// for contracts in construction, since the code is only stored at the end
// of the constructor execution.
return account.code.length > 0;
}
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
require(address(this).balance >= amount, "Address: insufficient balance");
(bool success, ) = recipient.call{value: amount}("");
require(success, "Address: unable to send value, recipient may have reverted");
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason, it is bubbled up by this
* function (like regular Solidity function calls).
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*
* _Available since v3.1._
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, "Address: low-level call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
* `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*
* _Available since v3.1._
*/
function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
}
/**
* @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
* with `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value,
string memory errorMessage
) internal returns (bytes memory) {
require(address(this).balance >= value, "Address: insufficient balance for call");
(bool success, bytes memory returndata) = target.call{value: value}(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
return functionStaticCall(target, data, "Address: low-level static call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(
address target,
bytes memory data,
string memory errorMessage
) internal view returns (bytes memory) {
(bool success, bytes memory returndata) = target.staticcall(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
return functionDelegateCall(target, data, "Address: low-level delegate call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
(bool success, bytes memory returndata) = target.delegatecall(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling
* the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.
*
* _Available since v4.8._
*/
function verifyCallResultFromTarget(
address target,
bool success,
bytes memory returndata,
string memory errorMessage
) internal view returns (bytes memory) {
if (success) {
if (returndata.length == 0) {
// only check isContract if the call was successful and the return data is empty
// otherwise we already know that it was a contract
require(isContract(target), "Address: call to non-contract");
}
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
/**
* @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the
* revert reason or using the provided one.
*
* _Available since v4.3._
*/
function verifyCallResult(
bool success,
bytes memory returndata,
string memory errorMessage
) internal pure returns (bytes memory) {
if (success) {
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
function _revert(bytes memory returndata, string memory errorMessage) private pure {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly
/// @solidity memory-safe-assembly
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert(errorMessage);
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/ShortStrings.sol)
pragma solidity ^0.8.8;
import "./StorageSlot.sol";
// | string | 0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA |
// | length | 0x BB |
type ShortString is bytes32;
/**
* @dev This library provides functions to convert short memory strings
* into a `ShortString` type that can be used as an immutable variable.
*
* Strings of arbitrary length can be optimized using this library if
* they are short enough (up to 31 bytes) by packing them with their
* length (1 byte) in a single EVM word (32 bytes). Additionally, a
* fallback mechanism can be used for every other case.
*
* Usage example:
*
* ```solidity
* contract Named {
* using ShortStrings for *;
*
* ShortString private immutable _name;
* string private _nameFallback;
*
* constructor(string memory contractName) {
* _name = contractName.toShortStringWithFallback(_nameFallback);
* }
*
* function name() external view returns (string memory) {
* return _name.toStringWithFallback(_nameFallback);
* }
* }
* ```
*/
library ShortStrings {
// Used as an identifier for strings longer than 31 bytes.
bytes32 private constant _FALLBACK_SENTINEL = 0x00000000000000000000000000000000000000000000000000000000000000FF;
error StringTooLong(string str);
error InvalidShortString();
/**
* @dev Encode a string of at most 31 chars into a `ShortString`.
*
* This will trigger a `StringTooLong` error is the input string is too long.
*/
function toShortString(string memory str) internal pure returns (ShortString) {
bytes memory bstr = bytes(str);
if (bstr.length > 31) {
revert StringTooLong(str);
}
return ShortString.wrap(bytes32(uint256(bytes32(bstr)) | bstr.length));
}
/**
* @dev Decode a `ShortString` back to a "normal" string.
*/
function toString(ShortString sstr) internal pure returns (string memory) {
uint256 len = byteLength(sstr);
// using `new string(len)` would work locally but is not memory safe.
string memory str = new string(32);
/// @solidity memory-safe-assembly
assembly {
mstore(str, len)
mstore(add(str, 0x20), sstr)
}
return str;
}
/**
* @dev Return the length of a `ShortString`.
*/
function byteLength(ShortString sstr) internal pure returns (uint256) {
uint256 result = uint256(ShortString.unwrap(sstr)) & 0xFF;
if (result > 31) {
revert InvalidShortString();
}
return result;
}
/**
* @dev Encode a string into a `ShortString`, or write it to storage if it is too long.
*/
function toShortStringWithFallback(string memory value, string storage store) internal returns (ShortString) {
if (bytes(value).length < 32) {
return toShortString(value);
} else {
StorageSlot.getStringSlot(store).value = value;
return ShortString.wrap(_FALLBACK_SENTINEL);
}
}
/**
* @dev Decode a string that was encoded to `ShortString` or written to storage using {setWithFallback}.
*/
function toStringWithFallback(ShortString value, string storage store) internal pure returns (string memory) {
if (ShortString.unwrap(value) != _FALLBACK_SENTINEL) {
return toString(value);
} else {
return store;
}
}
/**
* @dev Return the length of a string that was encoded to `ShortString` or written to storage using {setWithFallback}.
*
* WARNING: This will return the "byte length" of the string. This may not reflect the actual length in terms of
* actual characters as the UTF-8 encoding of a single character can span over multiple bytes.
*/
function byteLengthWithFallback(ShortString value, string storage store) internal view returns (uint256) {
if (ShortString.unwrap(value) != _FALLBACK_SENTINEL) {
return byteLength(value);
} else {
return bytes(store).length;
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (interfaces/IERC5267.sol)
pragma solidity ^0.8.0;
interface IERC5267 {
/**
* @dev MAY be emitted to signal that the domain could have changed.
*/
event EIP712DomainChanged();
/**
* @dev returns the fields and values that describe the domain separator used by this contract for EIP-712
* signature.
*/
function eip712Domain()
external
view
returns (
bytes1 fields,
string memory name,
string memory version,
uint256 chainId,
address verifyingContract,
bytes32 salt,
uint256[] memory extensions
);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/Strings.sol)
pragma solidity ^0.8.0;
import "./math/Math.sol";
import "./math/SignedMath.sol";
/**
* @dev String operations.
*/
library Strings {
bytes16 private constant _SYMBOLS = "0123456789abcdef";
uint8 private constant _ADDRESS_LENGTH = 20;
/**
* @dev Converts a `uint256` to its ASCII `string` decimal representation.
*/
function toString(uint256 value) internal pure returns (string memory) {
unchecked {
uint256 length = Math.log10(value) + 1;
string memory buffer = new string(length);
uint256 ptr;
/// @solidity memory-safe-assembly
assembly {
ptr := add(buffer, add(32, length))
}
while (true) {
ptr--;
/// @solidity memory-safe-assembly
assembly {
mstore8(ptr, byte(mod(value, 10), _SYMBOLS))
}
value /= 10;
if (value == 0) break;
}
return buffer;
}
}
/**
* @dev Converts a `int256` to its ASCII `string` decimal representation.
*/
function toString(int256 value) internal pure returns (string memory) {
return string(abi.encodePacked(value < 0 ? "-" : "", toString(SignedMath.abs(value))));
}
/**
* @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.
*/
function toHexString(uint256 value) internal pure returns (string memory) {
unchecked {
return toHexString(value, Math.log256(value) + 1);
}
}
/**
* @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.
*/
function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {
bytes memory buffer = new bytes(2 * length + 2);
buffer[0] = "0";
buffer[1] = "x";
for (uint256 i = 2 * length + 1; i > 1; --i) {
buffer[i] = _SYMBOLS[value & 0xf];
value >>= 4;
}
require(value == 0, "Strings: hex length insufficient");
return string(buffer);
}
/**
* @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation.
*/
function toHexString(address addr) internal pure returns (string memory) {
return toHexString(uint256(uint160(addr)), _ADDRESS_LENGTH);
}
/**
* @dev Returns true if the two strings are equal.
*/
function equal(string memory a, string memory b) internal pure returns (bool) {
return keccak256(bytes(a)) == keccak256(bytes(b));
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/StorageSlot.sol)
// This file was procedurally generated from scripts/generate/templates/StorageSlot.js.
pragma solidity ^0.8.0;
/**
* @dev Library for reading and writing primitive types to specific storage slots.
*
* Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.
* This library helps with reading and writing to such slots without the need for inline assembly.
*
* The functions in this library return Slot structs that contain a `value` member that can be used to read or write.
*
* Example usage to set ERC1967 implementation slot:
* ```solidity
* contract ERC1967 {
* bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
*
* function _getImplementation() internal view returns (address) {
* return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
* }
*
* function _setImplementation(address newImplementation) internal {
* require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract");
* StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
* }
* }
* ```
*
* _Available since v4.1 for `address`, `bool`, `bytes32`, `uint256`._
* _Available since v4.9 for `string`, `bytes`._
*/
library StorageSlot {
struct AddressSlot {
address value;
}
struct BooleanSlot {
bool value;
}
struct Bytes32Slot {
bytes32 value;
}
struct Uint256Slot {
uint256 value;
}
struct StringSlot {
string value;
}
struct BytesSlot {
bytes value;
}
/**
* @dev Returns an `AddressSlot` with member `value` located at `slot`.
*/
function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `BooleanSlot` with member `value` located at `slot`.
*/
function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Bytes32Slot` with member `value` located at `slot`.
*/
function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Uint256Slot` with member `value` located at `slot`.
*/
function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `StringSlot` with member `value` located at `slot`.
*/
function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `StringSlot` representation of the string storage pointer `store`.
*/
function getStringSlot(string storage store) internal pure returns (StringSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := store.slot
}
}
/**
* @dev Returns an `BytesSlot` with member `value` located at `slot`.
*/
function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`.
*/
function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := store.slot
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/math/Math.sol)
pragma solidity ^0.8.0;
/**
* @dev Standard math utilities missing in the Solidity language.
*/
library Math {
enum Rounding {
Down, // Toward negative infinity
Up, // Toward infinity
Zero // Toward zero
}
/**
* @dev Returns the largest of two numbers.
*/
function max(uint256 a, uint256 b) internal pure returns (uint256) {
return a > b ? a : b;
}
/**
* @dev Returns the smallest of two numbers.
*/
function min(uint256 a, uint256 b) internal pure returns (uint256) {
return a < b ? a : b;
}
/**
* @dev Returns the average of two numbers. The result is rounded towards
* zero.
*/
function average(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b) / 2 can overflow.
return (a & b) + (a ^ b) / 2;
}
/**
* @dev Returns the ceiling of the division of two numbers.
*
* This differs from standard division with `/` in that it rounds up instead
* of rounding down.
*/
function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b - 1) / b can overflow on addition, so we distribute.
return a == 0 ? 0 : (a - 1) / b + 1;
}
/**
* @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or denominator == 0
* @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv)
* with further edits by Uniswap Labs also under MIT license.
*/
function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {
unchecked {
// 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use
// use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256
// variables such that product = prod1 * 2^256 + prod0.
uint256 prod0; // Least significant 256 bits of the product
uint256 prod1; // Most significant 256 bits of the product
assembly {
let mm := mulmod(x, y, not(0))
prod0 := mul(x, y)
prod1 := sub(sub(mm, prod0), lt(mm, prod0))
}
// Handle non-overflow cases, 256 by 256 division.
if (prod1 == 0) {
// Solidity will revert if denominator == 0, unlike the div opcode on its own.
// The surrounding unchecked block does not change this fact.
// See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.
return prod0 / denominator;
}
// Make sure the result is less than 2^256. Also prevents denominator == 0.
require(denominator > prod1, "Math: mulDiv overflow");
///////////////////////////////////////////////
// 512 by 256 division.
///////////////////////////////////////////////
// Make division exact by subtracting the remainder from [prod1 prod0].
uint256 remainder;
assembly {
// Compute remainder using mulmod.
remainder := mulmod(x, y, denominator)
// Subtract 256 bit number from 512 bit number.
prod1 := sub(prod1, gt(remainder, prod0))
prod0 := sub(prod0, remainder)
}
// Factor powers of two out of denominator and compute largest power of two divisor of denominator. Always >= 1.
// See https://cs.stackexchange.com/q/138556/92363.
// Does not overflow because the denominator cannot be zero at this stage in the function.
uint256 twos = denominator & (~denominator + 1);
assembly {
// Divide denominator by twos.
denominator := div(denominator, twos)
// Divide [prod1 prod0] by twos.
prod0 := div(prod0, twos)
// Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.
twos := add(div(sub(0, twos), twos), 1)
}
// Shift in bits from prod1 into prod0.
prod0 |= prod1 * twos;
// Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such
// that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for
// four bits. That is, denominator * inv = 1 mod 2^4.
uint256 inverse = (3 * denominator) ^ 2;
// Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also works
// in modular arithmetic, doubling the correct bits in each step.
inverse *= 2 - denominator * inverse; // inverse mod 2^8
inverse *= 2 - denominator * inverse; // inverse mod 2^16
inverse *= 2 - denominator * inverse; // inverse mod 2^32
inverse *= 2 - denominator * inverse; // inverse mod 2^64
inverse *= 2 - denominator * inverse; // inverse mod 2^128
inverse *= 2 - denominator * inverse; // inverse mod 2^256
// Because the division is now exact we can divide by multiplying with the modular inverse of denominator.
// This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is
// less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1
// is no longer required.
result = prod0 * inverse;
return result;
}
}
/**
* @notice Calculates x * y / denominator with full precision, following the selected rounding direction.
*/
function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {
uint256 result = mulDiv(x, y, denominator);
if (rounding == Rounding.Up && mulmod(x, y, denominator) > 0) {
result += 1;
}
return result;
}
/**
* @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded down.
*
* Inspired by Henry S. Warren, Jr.'s "Hacker's Delight" (Chapter 11).
*/
function sqrt(uint256 a) internal pure returns (uint256) {
if (a == 0) {
return 0;
}
// For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.
//
// We know that the "msb" (most significant bit) of our target number `a` is a power of 2 such that we have
// `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.
//
// This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`
// → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`
// → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`
//
// Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.
uint256 result = 1 << (log2(a) >> 1);
// At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,
// since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at
// every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision
// into the expected uint128 result.
unchecked {
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
return min(result, a / result);
}
}
/**
* @notice Calculates sqrt(a), following the selected rounding direction.
*/
function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = sqrt(a);
return result + (rounding == Rounding.Up && result * result < a ? 1 : 0);
}
}
/**
* @dev Return the log in base 2, rounded down, of a positive value.
* Returns 0 if given 0.
*/
function log2(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >> 128 > 0) {
value >>= 128;
result += 128;
}
if (value >> 64 > 0) {
value >>= 64;
result += 64;
}
if (value >> 32 > 0) {
value >>= 32;
result += 32;
}
if (value >> 16 > 0) {
value >>= 16;
result += 16;
}
if (value >> 8 > 0) {
value >>= 8;
result += 8;
}
if (value >> 4 > 0) {
value >>= 4;
result += 4;
}
if (value >> 2 > 0) {
value >>= 2;
result += 2;
}
if (value >> 1 > 0) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 2, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log2(value);
return result + (rounding == Rounding.Up && 1 << result < value ? 1 : 0);
}
}
/**
* @dev Return the log in base 10, rounded down, of a positive value.
* Returns 0 if given 0.
*/
function log10(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >= 10 ** 64) {
value /= 10 ** 64;
result += 64;
}
if (value >= 10 ** 32) {
value /= 10 ** 32;
result += 32;
}
if (value >= 10 ** 16) {
value /= 10 ** 16;
result += 16;
}
if (value >= 10 ** 8) {
value /= 10 ** 8;
result += 8;
}
if (value >= 10 ** 4) {
value /= 10 ** 4;
result += 4;
}
if (value >= 10 ** 2) {
value /= 10 ** 2;
result += 2;
}
if (value >= 10 ** 1) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 10, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log10(value);
return result + (rounding == Rounding.Up && 10 ** result < value ? 1 : 0);
}
}
/**
* @dev Return the log in base 256, rounded down, of a positive value.
* Returns 0 if given 0.
*
* Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.
*/
function log256(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >> 128 > 0) {
value >>= 128;
result += 16;
}
if (value >> 64 > 0) {
value >>= 64;
result += 8;
}
if (value >> 32 > 0) {
value >>= 32;
result += 4;
}
if (value >> 16 > 0) {
value >>= 16;
result += 2;
}
if (value >> 8 > 0) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 256, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log256(value);
return result + (rounding == Rounding.Up && 1 << (result << 3) < value ? 1 : 0);
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (utils/math/SignedMath.sol)
pragma solidity ^0.8.0;
/**
* @dev Standard signed math utilities missing in the Solidity language.
*/
library SignedMath {
/**
* @dev Returns the largest of two signed numbers.
*/
function max(int256 a, int256 b) internal pure returns (int256) {
return a > b ? a : b;
}
/**
* @dev Returns the smallest of two signed numbers.
*/
function min(int256 a, int256 b) internal pure returns (int256) {
return a < b ? a : b;
}
/**
* @dev Returns the average of two signed numbers without overflow.
* The result is rounded towards zero.
*/
function average(int256 a, int256 b) internal pure returns (int256) {
// Formula from the book "Hacker's Delight"
int256 x = (a & b) + ((a ^ b) >> 1);
return x + (int256(uint256(x) >> 255) & (a ^ b));
}
/**
* @dev Returns the absolute unsigned value of a signed value.
*/
function abs(int256 n) internal pure returns (uint256) {
unchecked {
// must be unchecked in order to support `n = type(int256).min`
return uint256(n >= 0 ? n : -n);
}
}
}
File 2 of 6: PaymentProcessor
// SPDX-License-Identifier: BSL-1.1
pragma solidity 0.8.19;
import "./Constants.sol";
import "./Errors.sol";
import "./interfaces/IPaymentProcessorConfiguration.sol";
import "./interfaces/IPaymentProcessorEvents.sol";
import "./interfaces/IModuleDefaultPaymentMethods.sol";
import "./storage/PaymentProcessorStorageAccess.sol";
import "@openzeppelin/contracts/utils/cryptography/draft-EIP712.sol";
/*
@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@(
@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@
#@@@@@@@@@@@@@@
@@@@@@@@@@@@
@@@@@@@@@@@@@@* @@@@@@@@@@@@
@@@@@@@@@@@@@@@ @ @@@@@@@@@@@@
@@@@@@@@@@@@@@@ @ @@@@@@@@@@@
@@@@@@@@@@@@@@@ @@ @@@@@@@@@@@@
@@@@@@@@@@@@@@@ #@@ @@@@@@@@@@@@/
@@@@@@@@@@@@@@. @@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@&%%%%%%%%&&@@@@@@@@@@@@@@
@@@@@@@@@@@@@@ @@@@@ @@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@ @@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@@ @@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@@@ @@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@@@ @@@@@@@@@@@&
@@@@@@@@@@@@@@ *@@@@@@@ (@@@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@@@@ @@@@@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
.@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@% @@@@@@@@@@@@@@@@@@@@@@@@(
@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@&
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
* @title Payment Processor
* @custom:version 2.0.0
* @author Limit Break, Inc.
*/
contract PaymentProcessor is EIP712, PaymentProcessorStorageAccess, IPaymentProcessorEvents {
using EnumerableSet for EnumerableSet.AddressSet;
/// @dev The Payment Settings module implements of all payment configuration-related functionality.
address private immutable _modulePaymentSettings;
/// @dev The On-Chain Cancellation module implements of all on-chain cancellation-related functionality.
address private immutable _moduleOnChainCancellation;
/// @dev The Trades module implements all trade-related functionality.
address private immutable _moduleTrades;
/// @dev The Trades module implements all advanced trade-related functionality.
address private immutable _moduleTradesAdvanced;
constructor(address configurationContract) EIP712("PaymentProcessor", "2") {
(
address defaultContractOwner_,
PaymentProcessorModules memory paymentProcessorModules
) = IPaymentProcessorConfiguration(configurationContract).getPaymentProcessorDeploymentParams();
if (defaultContractOwner_ == address(0) ||
paymentProcessorModules.modulePaymentSettings == address(0) ||
paymentProcessorModules.moduleOnChainCancellation == address(0) ||
paymentProcessorModules.moduleTrades == address(0) ||
paymentProcessorModules.moduleTradesAdvanced == address(0)) {
revert PaymentProcessor__InvalidConstructorArguments();
}
_modulePaymentSettings = paymentProcessorModules.modulePaymentSettings;
_moduleOnChainCancellation = paymentProcessorModules.moduleOnChainCancellation;
_moduleTrades = paymentProcessorModules.moduleTrades;
_moduleTradesAdvanced = paymentProcessorModules.moduleTradesAdvanced;
unchecked {
uint32 paymentMethodWhitelistId = appStorage().lastPaymentMethodWhitelistId++;
appStorage().paymentMethodWhitelistOwners[paymentMethodWhitelistId] = defaultContractOwner_;
emit CreatedPaymentMethodWhitelist(paymentMethodWhitelistId, defaultContractOwner_, "Default Payment Methods");
}
}
/**************************************************************/
/* MODIFIERS */
/**************************************************************/
/**
* @dev Function modifier that generates a delegatecall to `module` with `selector` as the calldata
* @dev This delegatecall is for functions that do not have parameters. The only calldata added is
* @dev the extra calldata from a trusted forwarder, when present.
*
* @param module The contract address being called in the delegatecall.
* @param selector The 4 byte function selector for the function to call in `module`.
*/
modifier delegateCallNoData(address module, bytes4 selector) {
assembly {
// This protocol is designed to work both via direct calls and calls from a trusted forwarder that
// preserves the original msg.sender by appending an extra 20 bytes to the calldata.
// The following code supports both cases. The magic number of 68 is:
// 4 bytes for the selector
let ptr := mload(0x40)
mstore(ptr, selector)
mstore(0x40, add(ptr, calldatasize()))
calldatacopy(add(ptr, 0x04), 0x04, sub(calldatasize(), 0x04))
let result := delegatecall(gas(), module, ptr, add(sub(calldatasize(), 4), 4), 0, 0)
if iszero(result) {
// Call has failed, retrieve the error message and revert
let size := returndatasize()
returndatacopy(0, 0, size)
revert(0, size)
}
}
_;
}
/**
* @dev Function modifier that generates a delegatecall to `module` with `selector` and `data` as the
* @dev calldata. This delegatecall is for functions that have parameters but **DO NOT** take domain
* @dev separator as a parameter. Additional calldata from a trusted forwarder is appended to the end, when present.
*
* @param module The contract address being called in the delegatecall.
* @param selector The 4 byte function selector for the function to call in `module`.
* @param data The calldata to send to the `module`.
*/
modifier delegateCall(address module, bytes4 selector, bytes calldata data) {
assembly {
// This protocol is designed to work both via direct calls and calls from a trusted forwarder that
// preserves the original msg.sender by appending an extra 20 bytes to the calldata.
// The following code supports both cases. The magic number of 68 is:
// 4 bytes for the selector
// 32 bytes calldata offset to the data parameter
// 32 bytes for the length of the data parameter
let lengthWithAppendedCalldata := sub(calldatasize(), 68)
let ptr := mload(0x40)
mstore(ptr, selector)
calldatacopy(add(ptr,0x04), data.offset, lengthWithAppendedCalldata)
mstore(0x40, add(ptr,add(0x04, lengthWithAppendedCalldata)))
let result := delegatecall(gas(), module, ptr, add(lengthWithAppendedCalldata, 4), 0, 0)
if iszero(result) {
// Call has failed, retrieve the error message and revert
let size := returndatasize()
returndatacopy(0, 0, size)
revert(0, size)
}
}
_;
}
/**
* @dev Function modifier that generates a delegatecall to `module` with `selector` and `data` as the
* @dev calldata. This delegatecall is for functions that have parameters **AND** take domain
* @dev separator as the first parameter. Any domain separator that has been included in `data`
* @dev will be replaced with the Payment Processor domain separator. Additional calldata from a
* @dev trusted forwarder is appended to the end, when present.
*
* @param module The contract address being called in the delegatecall.
* @param selector The 4 byte function selector for the function to call in `module`.
* @param data The calldata to send to the `module`.
*/
modifier delegateCallReplaceDomainSeparator(address module, bytes4 selector, bytes calldata data) {
bytes32 domainSeparator = _domainSeparatorV4();
assembly {
// This protocol is designed to work both via direct calls and calls from a trusted forwarder that
// preserves the original msg.sender by appending an extra 20 bytes to the calldata.
// The following code supports both cases. The magic number of 68 is:
// 4 bytes for the selector
// 32 bytes calldata offset to the data parameter
// 32 bytes for the length of the data parameter
let lengthWithAppendedCalldata := sub(calldatasize(), 68)
let ptr := mload(0x40)
mstore(ptr, selector)
calldatacopy(add(ptr,0x04), data.offset, lengthWithAppendedCalldata)
mstore(0x40, add(ptr,add(0x04, lengthWithAppendedCalldata)))
mstore(add(ptr, 0x04), domainSeparator)
let result := delegatecall(gas(), module, ptr, add(lengthWithAppendedCalldata, 4), 0, 0)
if iszero(result) {
// Call has failed, retrieve the error message and revert
let size := returndatasize()
returndatacopy(0, 0, size)
revert(0, size)
}
}
_;
}
/**************************************************************/
/* READ ONLY ACCESSORS */
/**************************************************************/
/**
* @notice Returns the EIP-712 domain separator for this contract.
*/
function getDomainSeparator() public view returns (bytes32) {
return _domainSeparatorV4();
}
/**
* @notice Returns the user-specific master nonce that allows order makers to efficiently cancel all listings or offers
* they made previously. The master nonce for a user only changes when they explicitly request to revoke all
* existing listings and offers.
*
* @dev When prompting makers to sign a listing or offer, marketplaces must query the current master nonce of
* the user and include it in the listing/offer signature data.
*/
function masterNonces(address account) public view returns (uint256) {
return appStorage().masterNonces[account];
}
/**
* @notice Returns true if the nonce for the given account has been used or cancelled. In comparison to a master nonce for
* a user, this nonce value is specific to a single order and may only be used or cancelled a single time.
*
* @dev When prompting makers to sign a listing or offer, marketplaces must generate a unique nonce value that
* has not been previously used for filled, unfilled or cancelled orders. User nonces are unique to each
* user but common to that user across all marketplaces that utilize Payment Processor and do not reset
* when the master nonce is incremented. Nonces are stored in a BitMap for gas efficiency so it is recommended
* to utilize sequential numbers that do not overlap with other marketplaces.
*/
function isNonceUsed(address account, uint256 nonce) public view returns (bool isUsed) {
// The following code is equivalent to, but saves gas:
//
// uint256 slot = nonce / 256;
// uint256 offset = nonce % 256;
// uint256 slotValue = appStorage().invalidatedSignatures[account][slot];
// isUsed = ((slotValue >> offset) & ONE) == ONE;
isUsed = ((appStorage().invalidatedSignatures[account][uint248(nonce >> 8)] >> uint8(nonce)) & ONE) == ONE;
}
/**
* @notice Returns the state and remaining fillable quantity of an order digest given the maker address.
*/
function remainingFillableQuantity(
address account,
bytes32 orderDigest
) external view returns (PartiallyFillableOrderStatus memory) {
return appStorage().partiallyFillableOrderStatuses[account][orderDigest];
}
/**
* @notice Returns the payment settings for a given collection.
*
* @notice paymentSettings: The payment setting type for a given collection
* (DefaultPaymentMethodWhitelist|AllowAnyPaymentMethod|CustomPaymentMethodWhitelist|PricingConstraints)
* @notice paymentMethodWhitelistId: The payment method whitelist id for a given collection.
* Applicable only when paymentSettings is CustomPaymentMethodWhitelist
* @notice constrainedPricingPaymentMethod: The payment method that min/max priced collections are priced in.
* Applicable only when paymentSettings is PricingConstraints.
* @notice royaltyBackfillNumerator: The royalty backfill percentage for a given collection. Used only as a
* fallback when a collection does not implement EIP-2981.
* @notice royaltyBountyNumerator: The royalty bounty percentage for a given collection. When set, this percentage
* is applied to the creator's royalty amount and paid to the maker marketplace as a bounty.
* @notice isRoyaltyBountyExclusive: When true, only the designated marketplace is eligible for royalty bounty.
* @notice blockTradesFromUntrustedChannels: When true, only transactions from channels that the collection
* authorizes will be allowed to execute.
*/
function collectionPaymentSettings(address tokenAddress) external view returns (CollectionPaymentSettings memory) {
return appStorage().collectionPaymentSettings[tokenAddress];
}
/**
* @notice Returns the optional creator-defined royalty bounty settings for a given collection.
*
* @return royaltyBountyNumerator The royalty bounty percentage for a given collection. When set, this percentage
* is applied to the creator's royalty amount and paid to the maker marketplace as a bounty.
* @return exclusiveBountyReceiver When non-zero, only the designated marketplace is eligible for royalty bounty.
*/
function collectionBountySettings(
address tokenAddress
) external view returns (uint16 royaltyBountyNumerator, address exclusiveBountyReceiver) {
CollectionPaymentSettings memory collectionPaymentSettings =
appStorage().collectionPaymentSettings[tokenAddress];
return (
collectionPaymentSettings.royaltyBountyNumerator,
collectionPaymentSettings.isRoyaltyBountyExclusive ?
appStorage().collectionExclusiveBountyReceivers[tokenAddress] :
address(0));
}
/**
* @notice Returns the optional creator-defined royalty backfill settings for a given collection.
* This is useful for legacy collection lacking EIP-2981 support, as the collection owner can instruct
* PaymentProcessor to backfill missing on-chain royalties.
*
* @return royaltyBackfillNumerator The creator royalty percentage for a given collection.
* When set, this percentage is applied to the item sale price and paid to the creator if the attempt
* to query EIP-2981 royalties fails.
* @return royaltyBackfillReceiver When non-zero, this is the destination address for backfilled creator royalties.
*/
function collectionRoyaltyBackfillSettings(
address tokenAddress
) external view returns (uint16 royaltyBackfillNumerator, address royaltyBackfillReceiver) {
CollectionPaymentSettings memory collectionPaymentSettings =
appStorage().collectionPaymentSettings[tokenAddress];
return (
collectionPaymentSettings.royaltyBackfillNumerator,
collectionPaymentSettings.royaltyBackfillNumerator > 0 ?
appStorage().collectionRoyaltyBackfillReceivers[tokenAddress] :
address(0));
}
/**
* @notice Returns the address of the account that owns the specified payment method whitelist id.
*/
function paymentMethodWhitelistOwners(uint32 paymentMethodWhitelistId) external view returns (address) {
return appStorage().paymentMethodWhitelistOwners[paymentMethodWhitelistId];
}
/**
* @notice Returns true if the specified payment method is whitelisted for the specified payment method whitelist.
*/
function isPaymentMethodWhitelisted(uint32 paymentMethodWhitelistId, address paymentMethod) external view returns (bool) {
return appStorage().collectionPaymentMethodWhitelists[paymentMethodWhitelistId].contains(paymentMethod);
}
/**
* @notice Returns the pricing bounds floor price for a given collection and token id, when applicable.
*
* @dev The pricing bounds floor price is only enforced when the collection payment settings are set to
* the PricingContraints type.
*/
function getFloorPrice(address tokenAddress, uint256 tokenId) external view returns (uint256) {
PricingBounds memory tokenLevelPricingBounds = appStorage().tokenPricingBounds[tokenAddress][tokenId];
if (tokenLevelPricingBounds.isSet) {
return tokenLevelPricingBounds.floorPrice;
} else {
PricingBounds memory collectionLevelPricingBounds = appStorage().collectionPricingBounds[tokenAddress];
if (collectionLevelPricingBounds.isSet) {
return collectionLevelPricingBounds.floorPrice;
}
}
return 0;
}
/**
* @notice Returns the pricing bounds ceiling price for a given collection and token id, when applicable.
*
* @dev The pricing bounds ceiling price is only enforced when the collection payment settings are set to
* the PricingConstraints type.
*/
function getCeilingPrice(address tokenAddress, uint256 tokenId) external view returns (uint256) {
PricingBounds memory tokenLevelPricingBounds = appStorage().tokenPricingBounds[tokenAddress][tokenId];
if (tokenLevelPricingBounds.isSet) {
return tokenLevelPricingBounds.ceilingPrice;
} else {
PricingBounds memory collectionLevelPricingBounds = appStorage().collectionPricingBounds[tokenAddress];
if (collectionLevelPricingBounds.isSet) {
return collectionLevelPricingBounds.ceilingPrice;
}
}
return type(uint256).max;
}
/**
* @notice Returns the last created payment method whitelist id.
*/
function lastPaymentMethodWhitelistId() external view returns (uint32) {
return appStorage().lastPaymentMethodWhitelistId;
}
/**
* @notice Returns the set of payment methods for a given payment method whitelist.
*/
function getWhitelistedPaymentMethods(uint32 paymentMethodWhitelistId) external view returns (address[] memory) {
return appStorage().collectionPaymentMethodWhitelists[paymentMethodWhitelistId].values();
}
/**
* @notice Returns the set of trusted channels for a given collection.
*/
function getTrustedChannels(address tokenAddress) external view returns (address[] memory) {
return appStorage().collectionTrustedChannels[tokenAddress].values();
}
/**
* @notice Returns the set of banned accounts for a given collection.
*/
function getBannedAccounts(address tokenAddress) external view returns (address[] memory) {
return appStorage().collectionBannedAccounts[tokenAddress].values();
}
/**************************************************************/
/* PAYMENT SETTINGS MANAGEMENT OPERATIONS */
/**************************************************************/
/**
* @notice Returns true if the specified payment method is on the deploy-time default payment method whitelist
* or post-deploy default payment method whitelist (id 0).
*/
function isDefaultPaymentMethod(address paymentMethod) external view returns (bool) {
address[] memory defaultPaymentMethods =
IModuleDefaultPaymentMethods(_modulePaymentSettings).getDefaultPaymentMethods();
for (uint256 i = 0; i < defaultPaymentMethods.length;) {
if (paymentMethod == defaultPaymentMethods[i]) {
return true;
}
unchecked {
++i;
}
}
return appStorage().collectionPaymentMethodWhitelists[DEFAULT_PAYMENT_METHOD_WHITELIST_ID].contains(paymentMethod);
}
/**
* @notice Returns an array of the immutable default payment methods specified at deploy time.
* However, if any post-deployment default payment methods have been added, they are
* not returned here because using an enumerable payment method whitelist would make trades
* less gas efficient. For post-deployment default payment methods, exchanges should index
* the `PaymentMethodAddedToWhitelist` and `PaymentMethodRemovedFromWhitelist` events.
*/
function getDefaultPaymentMethods() external view returns (address[] memory) {
return IModuleDefaultPaymentMethods(_modulePaymentSettings).getDefaultPaymentMethods();
}
/**
* @notice Allows any user to create a new custom payment method whitelist.
*
* @dev <h4>Postconditions:</h4>
* @dev 1. The payment method whitelist id tracker has been incremented by `1`.
* @dev 2. The caller has been assigned as the owner of the payment method whitelist.
* @dev 3. A `CreatedPaymentMethodWhitelist` event has been emitted.
*
* @param data Calldata encoded with PaymentProcessorEncoder. Matches calldata for:
* `createPaymentMethodWhitelist(string calldata whitelistName)`
* @return paymentMethodWhitelistId The id of the newly created payment method whitelist.
*/
function createPaymentMethodWhitelist(bytes calldata data) external returns (uint32 paymentMethodWhitelistId) {
address module = _modulePaymentSettings;
assembly {
// This protocol is designed to work both via direct calls and calls from a trusted forwarder that
// preserves the original msg.sender by appending an extra 20 bytes to the calldata.
// The following code supports both cases. The magic number of 68 is:
// 4 bytes for the selector
// 32 bytes calldata offset to the data parameter
// 32 bytes for the length of the data parameter
let lengthWithAppendedCalldata := sub(calldatasize(), 68)
let ptr := mload(0x40)
mstore(ptr, hex"f83116c9")
calldatacopy(add(ptr, 0x04), data.offset, lengthWithAppendedCalldata)
mstore(0x40, add(ptr, add(0x04, lengthWithAppendedCalldata)))
let result := delegatecall(gas(), module, ptr, add(lengthWithAppendedCalldata, 4), 0x00, 0x20)
switch result case 0 {
let size := returndatasize()
returndatacopy(0, 0, size)
revert(0, size)
} default {
return (0x00, 0x20)
}
}
}
/**
* @notice Transfer ownership of a payment method whitelist list to a new owner.
*
* @dev Throws when the new owner is the zero address.
* @dev Throws when the caller does not own the specified list.
*
* @dev <h4>Postconditions:</h4>
* 1. The payment method whitelist list ownership is transferred to the new owner.
* 2. A `ReassignedPaymentMethodWhitelistOwnership` event is emitted.
*
* @param data Calldata encoded with PaymentProcessorEncoder. Matches calldata for:
* `reassignOwnershipOfPaymentMethodWhitelist(uint32 id, address newOwner)`
*/
function reassignOwnershipOfPaymentMethodWhitelist(bytes calldata data) external
delegateCall(_modulePaymentSettings, SELECTOR_REASSIGN_OWNERSHIP_OF_PAYMENT_METHOD_WHITELIST, data) {}
/**
* @notice Renounce the ownership of a payment method whitelist, rendering the list immutable.
*
* @dev Throws when the caller does not own the specified list.
*
* @dev <h4>Postconditions:</h4>
* 1. The ownership of the specified payment method whitelist is renounced.
* 2. A `ReassignedPaymentMethodWhitelistOwnership` event is emitted.
*
* @param data Calldata encoded with PaymentProcessorEncoder. Matches calldata for:
* `renounceOwnershipOfPaymentMethodWhitelist(uint32 id)`
*/
function renounceOwnershipOfPaymentMethodWhitelist(bytes calldata data) external
delegateCall(_modulePaymentSettings, SELECTOR_RENOUNCE_OWNERSHIP_OF_PAYMENT_METHOD_WHITELIST, data) {}
/**
* @notice Allows custom payment method whitelist owners to approve a new coin for use as a payment currency.
*
* @dev Throws when caller is not the owner of the specified payment method whitelist.
* @dev Throws when the specified coin is already whitelisted under the specified whitelist id.
*
* @dev <h4>Postconditions:</h4>
* @dev 1. `paymentMethod` has been approved in `paymentMethodWhitelist` mapping.
* @dev 2. A `PaymentMethodAddedToWhitelist` event has been emitted.
*
* @param data Calldata encoded with PaymentProcessorEncoder. Matches calldata for:
* `whitelistPaymentMethod(uint32 paymentMethodWhitelistId, address paymentMethod)`
*/
function whitelistPaymentMethod(bytes calldata data) external
delegateCall(_modulePaymentSettings, SELECTOR_WHITELIST_PAYMENT_METHOD, data) {}
/**
* @notice Allows custom payment method whitelist owners to remove a coin from the list of approved payment currencies.
*
* @dev Throws when caller is not the owner of the specified payment method whitelist.
* @dev Throws when the specified coin is not currently whitelisted under the specified whitelist id.
*
* @dev <h4>Postconditions:</h4>
* @dev 1. `paymentMethod` has been removed from the `paymentMethodWhitelist` mapping.
* @dev 2. A `PaymentMethodRemovedFromWhitelist` event has been emitted.
*
* @param data Calldata encoded with PaymentProcessorEncoder. Matches calldata for:
* `unwhitelistPaymentMethod(uint32 paymentMethodWhitelistId, address paymentMethod)`
*/
function unwhitelistPaymentMethod(bytes calldata data) external
delegateCall(_modulePaymentSettings, SELECTOR_UNWHITELIST_PAYMENT_METHOD, data) {}
/**
* @notice Allows the smart contract, the contract owner, or the contract admin of any NFT collection to
* specify the payment settings for their collections.
*
* @dev Throws when the specified tokenAddress is address(0).
* @dev Throws when the caller is not the contract, the owner or the administrator of the specified tokenAddress.
* @dev Throws when the royalty backfill numerator is greater than 10,000.
* @dev Throws when the royalty bounty numerator is greater than 10,000.
* @dev Throws when the specified payment method whitelist id does not exist.
*
* @dev <h4>Postconditions:</h4>
* @dev 1. The `PaymentSettings` type for the collection has been set.
* @dev 2. The `paymentMethodWhitelistId` for the collection has been set, if applicable.
* @dev 3. The `constrainedPricingPaymentMethod` for the collection has been set, if applicable.
* @dev 4. The `royaltyBackfillNumerator` for the collection has been set.
* @dev 5. The `royaltyBackfillReceiver` for the collection has been set.
* @dev 6. The `royaltyBountyNumerator` for the collection has been set.
* @dev 7. The `exclusiveBountyReceiver` for the collection has been set.
* @dev 8. The `blockTradesFromUntrustedChannels` for the collection has been set.
* @dev 9. An `UpdatedCollectionPaymentSettings` event has been emitted.
*
* @param data Calldata encoded with PaymentProcessorEncoder. Matches calldata for:
* `setCollectionPaymentSettings(
address tokenAddress,
PaymentSettings paymentSettings,
uint32 paymentMethodWhitelistId,
address constrainedPricingPaymentMethod,
uint16 royaltyBackfillNumerator,
address royaltyBackfillReceiver,
uint16 royaltyBountyNumerator,
address exclusiveBountyReceiver,
bool blockTradesFromUntrustedChannels)`
*/
function setCollectionPaymentSettings(bytes calldata data) external
delegateCall(_modulePaymentSettings, SELECTOR_SET_COLLECTION_PAYMENT_SETTINGS, data) {}
/**
* @notice Allows the smart contract, the contract owner, or the contract admin of any NFT collection to
* specify their own bounded price at the collection level.
*
* @dev Throws when the specified tokenAddress is address(0).
* @dev Throws when the caller is not the contract, the owner or the administrator of the specified tokenAddress.
* @dev Throws when the specified floor price is greater than the ceiling price.
*
* @dev <h4>Postconditions:</h4>
* @dev 1. The collection-level pricing bounds for the specified tokenAddress has been set.
* @dev 2. An `UpdatedCollectionLevelPricingBoundaries` event has been emitted.
*
* @param data Calldata encoded with PaymentProcessorEncoder. Matches calldata for:
* `setCollectionPricingBounds(address tokenAddress, PricingBounds calldata pricingBounds)`
*/
function setCollectionPricingBounds(bytes calldata data) external
delegateCall(_modulePaymentSettings, SELECTOR_SET_COLLECTION_PRICING_BOUNDS, data) {}
/**
* @notice Allows the smart contract, the contract owner, or the contract admin of any NFT collection to
* specify their own bounded price at the individual token level.
*
* @dev Throws when the specified tokenAddress is address(0).
* @dev Throws when the caller is not the contract, the owner or the administrator of the specified tokenAddress.
* @dev Throws when the lengths of the tokenIds and pricingBounds array don't match.
* @dev Throws when the tokenIds or pricingBounds array length is zero.
* @dev Throws when the any of the specified floor prices is greater than the ceiling price for that token id.
*
* @dev <h4>Postconditions:</h4>
* @dev 1. The token-level pricing bounds for the specified tokenAddress and token ids has been set.
* @dev 2. An `UpdatedTokenLevelPricingBoundaries` event has been emitted.
*
* @param data Calldata encoded with PaymentProcessorEncoder. Matches calldata for:
* `setTokenPricingBounds(
address tokenAddress,
uint256[] calldata tokenIds,
PricingBounds[] calldata pricingBounds)`
*/
function setTokenPricingBounds(bytes calldata data) external
delegateCall(_modulePaymentSettings, SELECTOR_SET_TOKEN_PRICING_BOUNDS, data) {}
/**
* @notice Allows trusted channels to be added to a collection.
*
* @dev Throws when the specified tokenAddress is address(0).
* @dev Throws when the caller is not the contract, the owner or the administrator of the specified tokenAddress.
* @dev Throws when the specified address is not a trusted forwarder.
*
* @dev <h4>Postconditions:</h4>
* @dev 1. `channel` has been approved for trusted forwarding of trades on a collection.
* @dev 2. A `TrustedChannelAddedForCollection` event has been emitted.
*
* @param data Calldata encoded with PaymentProcessorEncoder. Matches calldata for:
* `addTrustedChannelForCollection(
* address tokenAddress,
* address channel)`
*/
function addTrustedChannelForCollection(bytes calldata data) external
delegateCall(_modulePaymentSettings, SELECTOR_ADD_TRUSTED_CHANNEL_FOR_COLLECTION, data) {}
/**
* @notice Allows trusted channels to be removed from a collection.
*
* @dev Throws when the specified tokenAddress is address(0).
* @dev Throws when the caller is not the contract, the owner or the administrator of the specified tokenAddress.
*
* @dev <h4>Postconditions:</h4>
* @dev 1. `channel` has been dis-approved for trusted forwarding of trades on a collection.
* @dev 2. A `TrustedChannelRemovedForCollection` event has been emitted.
*
* @param data Calldata encoded with PaymentProcessorEncoder. Matches calldata for:
* `removeTrustedChannelForCollection(
* address tokenAddress,
* address channel)`
*/
function removeTrustedChannelForCollection(bytes calldata data) external
delegateCall(_modulePaymentSettings, SELECTOR_REMOVE_TRUSTED_CHANNEL_FOR_COLLECTION, data) {}
/**
* @notice Allows creator to ban accounts from a collection.
*
* @dev Throws when the specified tokenAddress is address(0).
* @dev Throws when the caller is not the contract, the owner or the administrator of the specified tokenAddress.
*
* @dev <h4>Postconditions:</h4>
* @dev 1. `account` has been banned from trading on a collection.
* @dev 2. A `BannedAccountAddedForCollection` event has been emitted.
*
* @param data Calldata encoded with PaymentProcessorEncoder. Matches calldata for:
* `addBannedAccountForCollection(
* address tokenAddress,
* address account)`
*/
function addBannedAccountForCollection(bytes calldata data) external
delegateCall(_modulePaymentSettings, SELECTOR_ADD_BANNED_ACCOUNT_FOR_COLLECTION, data) {}
/**
* @notice Allows creator to un-ban accounts from a collection.
*
* @dev Throws when the specified tokenAddress is address(0).
* @dev Throws when the caller is not the contract, the owner or the administrator of the specified tokenAddress.
*
* @dev <h4>Postconditions:</h4>
* @dev 1. `account` ban has been lifted for trades on a collection.
* @dev 2. A `BannedAccountRemovedForCollection` event has been emitted.
*
* @param data Calldata encoded with PaymentProcessorEncoder. Matches calldata for:
* `removeBannedAccountForCollection(
* address tokenAddress,
* address account)`
*/
function removeBannedAccountForCollection(bytes calldata data) external
delegateCall(_modulePaymentSettings, SELECTOR_REMOVE_BANNED_ACCOUNT_FOR_COLLECTION, data) {}
/**************************************************************/
/* ON-CHAIN CANCELLATION OPERATIONS */
/**************************************************************/
/**
* @notice Allows a cosigner to destroy itself, never to be used again. This is a fail-safe in case of a failure
* to secure the co-signer private key in a Web2 co-signing service. In case of suspected cosigner key
* compromise, or when a co-signer key is rotated, the cosigner MUST destroy itself to prevent past listings
* that were cancelled off-chain from being used by a malicious actor.
*
* @dev Throws when the cosigner did not sign an authorization to self-destruct.
*
* @dev <h4>Postconditions:</h4>
* @dev 1. The cosigner can never be used to co-sign orders again.
* @dev 2. A `DestroyedCosigner` event has been emitted.
*
* @param data Calldata encoded with PaymentProcessorEncoder. Matches calldata for:
* `destroyCosigner(address cosigner, SignatureECDSA signature)`
*/
function destroyCosigner(bytes calldata data) external
delegateCall(_moduleOnChainCancellation, SELECTOR_DESTROY_COSIGNER, data) {}
/**
* @notice Allows a maker to revoke/cancel all prior signatures of their listings and offers.
*
* @dev <h4>Postconditions:</h4>
* @dev 1. The maker's master nonce has been incremented by `1` in contract storage, rendering all signed
* approvals using the prior nonce unusable.
* @dev 2. A `MasterNonceInvalidated` event has been emitted.
*/
function revokeMasterNonce() external
delegateCallNoData(_moduleOnChainCancellation, SELECTOR_REVOKE_MASTER_NONCE) {}
/**
* @notice Allows a maker to revoke/cancel a single, previously signed listing or offer by specifying the
* nonce of the listing or offer.
*
* @dev Throws when the maker has already revoked the nonce.
* @dev Throws when the nonce was already used by the maker to successfully buy or sell an NFT.
*
* @dev <h4>Postconditions:</h4>
* @dev 1. The specified `nonce` for the `_msgSender()` has been revoked and can
* no longer be used to execute a sale or purchase.
* @dev 2. A `NonceInvalidated` event has been emitted.
*
* @param data Calldata encoded with PaymentProcessorEncoder. Matches calldata for:
* `revokeSingleNonce(uint256 nonce)`
*/
function revokeSingleNonce(bytes calldata data) external
delegateCall(_moduleOnChainCancellation, SELECTOR_REVOKE_SINGLE_NONCE, data) {}
/**
* @notice Allows a maker to revoke/cancel a partially fillable order by specifying the order digest hash.
*
* @dev Throws when the maker has already revoked the order digest.
* @dev Throws when the order digest was already used by the maker and has been fully filled.
*
* @dev <h4>Postconditions:</h4>
* @dev 1. The specified `orderDigest` for the `_msgSender()` has been revoked and can
* no longer be used to execute a sale or purchase.
* @dev 2. An `OrderDigestInvalidated` event has been emitted.
*
* @param data Calldata encoded with PaymentProcessorEncoder. Matches calldata for:
* `revokeOrderDigest(bytes32 orderDigest)`
*/
function revokeOrderDigest(bytes calldata data) external
delegateCall(_moduleOnChainCancellation, SELECTOR_REVOKE_ORDER_DIGEST, data) {}
/**************************************************************/
/* TAKER OPERATIONS */
/**************************************************************/
/**
* @notice Executes a buy listing transaction for a single order item.
*
* @dev Throws when the maker's nonce has already been used or has been cancelled.
* @dev Throws when the order has expired.
* @dev Throws when the combined marketplace and royalty fee exceeds 100%.
* @dev Throws when the taker fee on top exceeds 100% of the item sale price.
* @dev Throws when the maker's master nonce does not match the order details.
* @dev Throws when the order does not comply with the collection payment settings.
* @dev Throws when the maker's signature is invalid.
* @dev Throws when the order is a cosigned order and the cosignature is invalid.
* @dev Throws when the transaction originates from an untrusted channel if untrusted channels are blocked.
* @dev Throws when the maker or taker is a banned account for the collection.
* @dev Throws when the taker does not have or did not send sufficient funds to complete the purchase.
* @dev Throws when the token transfer fails for any reason such as lack of approvals or token no longer owned by maker.
* @dev Throws when the maker has revoked the order digest on a ERC1155_PARTIAL_FILL order.
* @dev Throws when the order is an ERC1155_PARTIAL_FILL order and the item price is not evenly divisible by the amount.
* @dev Throws when the order is an ERC1155_PARTIAL_FILL order and the remaining fillable quantity is less than the requested minimum fill amount.
* @dev Any unused native token payment will be returned to the taker as wrapped native token.
*
* @dev <h4>Postconditions:</h4>
* @dev 1. Payment amounts and fees are sent to their respective recipients.
* @dev 2. Purchased tokens are sent to the beneficiary.
* @dev 3. Maker's nonce is marked as used for ERC721_FILL_OR_KILL and ERC1155_FILL_OR_KILL orders.
* @dev 4. Maker's partially fillable order state is updated for ERC1155_PARTIAL_FILL orders.
* @dev 5. An `BuyListingERC721` event has been emitted for a ERC721 purchase.
* @dev 6. An `BuyListingERC1155` event has been emitted for a ERC1155 purchase.
* @dev 7. A `NonceInvalidated` event has been emitted for a ERC721_FILL_OR_KILL or ERC1155_FILL_OR_KILL order.
* @dev 8. A `OrderDigestInvalidated` event has been emitted for a ERC1155_PARTIAL_FILL order, if fully filled.
*
* @param data Calldata encoded with PaymentProcessorEncoder. Matches calldata for:
* `function buyListing(
* bytes32 domainSeparator,
* Order memory saleDetails,
* SignatureECDSA memory sellerSignature,
* Cosignature memory cosignature,
* FeeOnTop memory feeOnTop)`
*/
function buyListing(bytes calldata data) external payable
delegateCallReplaceDomainSeparator(_moduleTrades, SELECTOR_BUY_LISTING, data) {}
/**
* @notice Executes an offer accept transaction for a single order item.
*
* @dev Throws when the maker's nonce has already been used or has been cancelled.
* @dev Throws when the order has expired.
* @dev Throws when the combined marketplace and royalty fee exceeds 100%.
* @dev Throws when the taker fee on top exceeds 100% of the item sale price.
* @dev Throws when the maker's master nonce does not match the order details.
* @dev Throws when the order does not comply with the collection payment settings.
* @dev Throws when the maker's signature is invalid.
* @dev Throws when the order is a cosigned order and the cosignature is invalid.
* @dev Throws when the transaction originates from an untrusted channel if untrusted channels are blocked.
* @dev Throws when the maker or taker is a banned account for the collection.
* @dev Throws when the maker does not have sufficient funds to complete the purchase.
* @dev Throws when the token transfer fails for any reason such as lack of approvals or token not owned by the taker.
* @dev Throws when the token the offer is being accepted for does not match the conditions set by the maker.
* @dev Throws when the maker has revoked the order digest on a ERC1155_PARTIAL_FILL order.
* @dev Throws when the order is an ERC1155_PARTIAL_FILL order and the item price is not evenly divisible by the amount.
* @dev Throws when the order is an ERC1155_PARTIAL_FILL order and the remaining fillable quantity is less than the requested minimum fill amount.
*
* @dev <h4>Postconditions:</h4>
* @dev 1. Payment amounts and fees are sent to their respective recipients.
* @dev 2. Purchased tokens are sent to the beneficiary.
* @dev 3. Maker's nonce is marked as used for ERC721_FILL_OR_KILL and ERC1155_FILL_OR_KILL orders.
* @dev 4. Maker's partially fillable order state is updated for ERC1155_PARTIAL_FILL orders.
* @dev 5. An `AcceptOfferERC721` event has been emitted for a ERC721 sale.
* @dev 6. An `AcceptOfferERC1155` event has been emitted for a ERC1155 sale.
* @dev 7. A `NonceInvalidated` event has been emitted for a ERC721_FILL_OR_KILL or ERC1155_FILL_OR_KILL order.
* @dev 8. A `OrderDigestInvalidated` event has been emitted for a ERC1155_PARTIAL_FILL order, if fully filled.
*
* @param data Calldata encoded with PaymentProcessorEncoder. Matches calldata for:
* `function acceptOffer(
* bytes32 domainSeparator,
* bool isCollectionLevelOffer,
* Order memory saleDetails,
* SignatureECDSA memory buyerSignature,
* TokenSetProof memory tokenSetProof,
* Cosignature memory cosignature,
* FeeOnTop memory feeOnTop)`
*/
function acceptOffer(bytes calldata data) external payable
delegateCallReplaceDomainSeparator(_moduleTrades, SELECTOR_ACCEPT_OFFER, data) {}
/**
* @notice Executes a buy listing transaction for multiple order items.
*
* @dev Throws when a maker's nonce has already been used or has been cancelled.
* @dev Throws when any order has expired.
* @dev Throws when any combined marketplace and royalty fee exceeds 100%.
* @dev Throws when any taker fee on top exceeds 100% of the item sale price.
* @dev Throws when a maker's master nonce does not match the order details.
* @dev Throws when an order does not comply with the collection payment settings.
* @dev Throws when a maker's signature is invalid.
* @dev Throws when an order is a cosigned order and the cosignature is invalid.
* @dev Throws when the transaction originates from an untrusted channel if untrusted channels are blocked.
* @dev Throws when any maker or taker is a banned account for the collection.
* @dev Throws when the taker does not have or did not send sufficient funds to complete the purchase.
* @dev Throws when a maker has revoked the order digest on a ERC1155_PARTIAL_FILL order.
* @dev Throws when an order is an ERC1155_PARTIAL_FILL order and the item price is not evenly divisible by the amount.
* @dev Throws when an order is an ERC1155_PARTIAL_FILL order and the remaining fillable quantity is less than the requested minimum fill amount.
* @dev Will NOT throw when a token fails to transfer but also will not disperse payments for failed items.
* @dev Any unused native token payment will be returned to the taker as wrapped native token.
*
* @dev <h4>Postconditions:</h4>
* @dev 1. Payment amounts and fees are sent to their respective recipients.
* @dev 2. Purchased tokens are sent to the beneficiary.
* @dev 3. Makers nonces are marked as used for ERC721_FILL_OR_KILL and ERC1155_FILL_OR_KILL orders.
* @dev 4. Makers partially fillable order states are updated for ERC1155_PARTIAL_FILL orders.
* @dev 5. `BuyListingERC721` events have been emitted for each ERC721 purchase.
* @dev 6. `BuyListingERC1155` events have been emitted for each ERC1155 purchase.
* @dev 7. A `NonceInvalidated` event has been emitted for each ERC721_FILL_OR_KILL or ERC1155_FILL_OR_KILL order.
* @dev 8. A `OrderDigestInvalidated` event has been emitted for each ERC1155_PARTIAL_FILL order, if fully filled.
*
* @param data Calldata encoded with PaymentProcessorEncoder. Matches calldata for:
* `function bulkBuyListings(
* bytes32 domainSeparator,
* Order[] calldata saleDetailsArray,
* SignatureECDSA[] calldata sellerSignatures,
* Cosignature[] calldata cosignatures,
* FeeOnTop[] calldata feesOnTop)`
*/
function bulkBuyListings(bytes calldata data) external payable
delegateCallReplaceDomainSeparator(_moduleTrades, SELECTOR_BULK_BUY_LISTINGS, data) {}
/**
* @notice Executes an accept offer transaction for multiple order items.
*
* @dev Throws when a maker's nonce has already been used or has been cancelled.
* @dev Throws when any order has expired.
* @dev Throws when any combined marketplace and royalty fee exceeds 100%.
* @dev Throws when any taker fee on top exceeds 100% of the item sale price.
* @dev Throws when a maker's master nonce does not match the order details.
* @dev Throws when an order does not comply with the collection payment settings.
* @dev Throws when a maker's signature is invalid.
* @dev Throws when an order is a cosigned order and the cosignature is invalid.
* @dev Throws when the transaction originates from an untrusted channel if untrusted channels are blocked.
* @dev Throws when any maker or taker is a banned account for the collection.
* @dev Throws when a maker does not have sufficient funds to complete the purchase.
* @dev Throws when the token an offer is being accepted for does not match the conditions set by the maker.
* @dev Throws when a maker has revoked the order digest on a ERC1155_PARTIAL_FILL order.
* @dev Throws when an order is an ERC1155_PARTIAL_FILL order and the item price is not evenly divisible by the amount.
* @dev Throws when an order is an ERC1155_PARTIAL_FILL order and the remaining fillable quantity is less than the requested minimum fill amount.
* @dev Will NOT throw when a token fails to transfer but also will not disperse payments for failed items.
*
* @dev <h4>Postconditions:</h4>
* @dev 1. Payment amounts and fees are sent to their respective recipients.
* @dev 2. Purchased tokens are sent to the beneficiary.
* @dev 3. Makers nonces are marked as used for ERC721_FILL_OR_KILL and ERC1155_FILL_OR_KILL orders.
* @dev 4. Makers partially fillable order states are updated for ERC1155_PARTIAL_FILL orders.
* @dev 5. `AcceptOfferERC721` events have been emitted for each ERC721 sale.
* @dev 6. `AcceptOfferERC1155` events have been emitted for each ERC1155 sale.
* @dev 7. A `NonceInvalidated` event has been emitted for each ERC721_FILL_OR_KILL or ERC1155_FILL_OR_KILL order.
* @dev 8. A `OrderDigestInvalidated` event has been emitted for each ERC1155_PARTIAL_FILL order, if fully filled.
*
* @param data Calldata encoded with PaymentProcessorEncoder. Matches calldata for:
* `function bulkAcceptOffers(
* bytes32 domainSeparator,
* BulkAcceptOffersParams memory params)`
*/
function bulkAcceptOffers(bytes calldata data) external payable
delegateCallReplaceDomainSeparator(_moduleTrades, SELECTOR_BULK_ACCEPT_OFFERS, data) {}
/**
* @notice Executes a sweep transaction for buying multiple items from the same collection.
*
* @dev Throws when the sweep order protocol is ERC1155_PARTIAL_FILL (unsupported).
* @dev Throws when a maker's nonce has already been used or has been cancelled.
* @dev Throws when any order has expired.
* @dev Throws when any combined marketplace and royalty fee exceeds 100%.
* @dev Throws when the taker fee on top exceeds 100% of the combined item sale prices.
* @dev Throws when a maker's master nonce does not match the order details.
* @dev Throws when an order does not comply with the collection payment settings.
* @dev Throws when a maker's signature is invalid.
* @dev Throws when an order is a cosigned order and the cosignature is invalid.
* @dev Throws when the transaction originates from an untrusted channel if untrusted channels are blocked.
* @dev Throws when any maker or taker is a banned account for the collection.
* @dev Throws when the taker does not have or did not send sufficient funds to complete the purchase.
* @dev Will NOT throw when a token fails to transfer but also will not disperse payments for failed items.
* @dev Any unused native token payment will be returned to the taker as wrapped native token.
*
* @dev <h4>Postconditions:</h4>
* @dev 1. Payment amounts and fees are sent to their respective recipients.
* @dev 2. Purchased tokens are sent to the beneficiary.
* @dev 3. Makers nonces are marked as used for ERC721_FILL_OR_KILL and ERC1155_FILL_OR_KILL orders.
* @dev 4. Makers partially fillable order states are updated for ERC1155_PARTIAL_FILL orders.
* @dev 5. `BuyListingERC721` events have been emitted for each ERC721 purchase.
* @dev 6. `BuyListingERC1155` events have been emitted for each ERC1155 purchase.
* @dev 7. A `NonceInvalidated` event has been emitted for each ERC721_FILL_OR_KILL or ERC1155_FILL_OR_KILL order.
*
* @param data Calldata encoded with PaymentProcessorEncoder. Matches calldata for:
* `function sweepCollection(
* bytes32 domainSeparator,
* FeeOnTop memory feeOnTop,
* SweepOrder memory sweepOrder,
* SweepItem[] calldata items,
* SignatureECDSA[] calldata signedSellOrders,
* Cosignature[] memory cosignatures)`
*/
function sweepCollection(bytes calldata data) external payable
delegateCallReplaceDomainSeparator(_moduleTradesAdvanced, SELECTOR_SWEEP_COLLECTION, data) {}
}// SPDX-License-Identifier: BSL-1.1
pragma solidity 0.8.19;
// keccack256("Cosignature(uint8 v,bytes32 r,bytes32 s,uint256 expiration,address taker)")
bytes32 constant COSIGNATURE_HASH = 0x347b7818601b168f6faadc037723496e9130b057c1ffef2ec4128311e19142f2;
// keccack256("CollectionOfferApproval(uint8 protocol,address cosigner,address buyer,address beneficiary,address marketplace,address fallbackRoyaltyRecipient,address paymentMethod,address tokenAddress,uint256 amount,uint256 itemPrice,uint256 expiration,uint256 marketplaceFeeNumerator,uint256 nonce,uint256 masterNonce)")
bytes32 constant COLLECTION_OFFER_APPROVAL_HASH = 0x8fe9498e93fe26b30ebf76fac07bd4705201c8609227362697082288e3b4af9c;
// keccack256("ItemOfferApproval(uint8 protocol,address cosigner,address buyer,address beneficiary,address marketplace,address fallbackRoyaltyRecipient,address paymentMethod,address tokenAddress,uint256 tokenId,uint256 amount,uint256 itemPrice,uint256 expiration,uint256 marketplaceFeeNumerator,uint256 nonce,uint256 masterNonce)")
bytes32 constant ITEM_OFFER_APPROVAL_HASH = 0xce2e9706d63e89ddf7ee16ce0508a1c3c9bd1904c582db2e647e6f4690a0bf6b;
// keccack256("TokenSetOfferApproval(uint8 protocol,address cosigner,address buyer,address beneficiary,address marketplace,address fallbackRoyaltyRecipient,address paymentMethod,address tokenAddress,uint256 amount,uint256 itemPrice,uint256 expiration,uint256 marketplaceFeeNumerator,uint256 nonce,uint256 masterNonce,bytes32 tokenSetMerkleRoot)")
bytes32 constant TOKEN_SET_OFFER_APPROVAL_HASH = 0x244905ade6b0e455d12fb539a4b17d7f675db14797d514168d09814a09c70e70;
// keccack256("SaleApproval(uint8 protocol,address cosigner,address seller,address marketplace,address fallbackRoyaltyRecipient,address paymentMethod,address tokenAddress,uint256 tokenId,uint256 amount,uint256 itemPrice,uint256 expiration,uint256 marketplaceFeeNumerator,uint256 maxRoyaltyFeeNumerator,uint256 nonce,uint256 masterNonce)")
bytes32 constant SALE_APPROVAL_HASH = 0x938786a8256d04dc45d6d5b997005aa07c0c9e3e4925d0d6c33128d240096ebc;
// The denominator used when calculating the marketplace fee.
// 0.5% fee numerator is 50, 1% fee numerator is 100, 10% fee numerator is 1,000 and so on.
uint256 constant FEE_DENOMINATOR = 100_00;
// Default Payment Method Whitelist Id
uint32 constant DEFAULT_PAYMENT_METHOD_WHITELIST_ID = 0;
// Convenience to avoid magic number in bitmask get/set logic.
uint256 constant ZERO = uint256(0);
uint256 constant ONE = uint256(1);
// The default admin role for NFT collections using Access Control.
bytes32 constant DEFAULT_ACCESS_CONTROL_ADMIN_ROLE = 0x00;
/// @dev The plain text message to sign for cosigner self-destruct signature verification
string constant COSIGNER_SELF_DESTRUCT_MESSAGE_TO_SIGN = "COSIGNER_SELF_DESTRUCT";
/**************************************************************/
/* PRECOMPUTED SELECTORS */
/**************************************************************/
bytes4 constant SELECTOR_REASSIGN_OWNERSHIP_OF_PAYMENT_METHOD_WHITELIST= hex"a1e6917e";
bytes4 constant SELECTOR_RENOUNCE_OWNERSHIP_OF_PAYMENT_METHOD_WHITELIST= hex"0886702e";
bytes4 constant SELECTOR_WHITELIST_PAYMENT_METHOD = hex"bb39ce91";
bytes4 constant SELECTOR_UNWHITELIST_PAYMENT_METHOD = hex"e9d4c14e";
bytes4 constant SELECTOR_SET_COLLECTION_PAYMENT_SETTINGS = hex"fc5d8393";
bytes4 constant SELECTOR_SET_COLLECTION_PRICING_BOUNDS = hex"7141ae10";
bytes4 constant SELECTOR_SET_TOKEN_PRICING_BOUNDS = hex"22146d70";
bytes4 constant SELECTOR_ADD_TRUSTED_CHANNEL_FOR_COLLECTION = hex"ab559c14";
bytes4 constant SELECTOR_REMOVE_TRUSTED_CHANNEL_FOR_COLLECTION = hex"282e89f8";
bytes4 constant SELECTOR_ADD_BANNED_ACCOUNT_FOR_COLLECTION = hex"e21dde50";
bytes4 constant SELECTOR_REMOVE_BANNED_ACCOUNT_FOR_COLLECTION = hex"adf14a76";
bytes4 constant SELECTOR_DESTROY_COSIGNER = hex"2aebdefe";
bytes4 constant SELECTOR_REVOKE_MASTER_NONCE = hex"226d4adb";
bytes4 constant SELECTOR_REVOKE_SINGLE_NONCE = hex"b6d7dc33";
bytes4 constant SELECTOR_REVOKE_ORDER_DIGEST = hex"96ae0380";
bytes4 constant SELECTOR_BUY_LISTING = hex"a9272951";
bytes4 constant SELECTOR_ACCEPT_OFFER = hex"e35bb9b7";
bytes4 constant SELECTOR_BULK_BUY_LISTINGS = hex"27add047";
bytes4 constant SELECTOR_BULK_ACCEPT_OFFERS = hex"b3cdebdb";
bytes4 constant SELECTOR_SWEEP_COLLECTION = hex"206576f6";
/**************************************************************/
/* EXPECTED BASE msg.data LENGTHS */
/**************************************************************/
uint256 constant PROOF_ELEMENT_SIZE = 32;
// | 4 | 32 | 512 | 96 | 192 | 64 | = 900 bytes
// | selector | domainSeparator | saleDetails | sellerSignature | cosignature | feeOnTop |
uint256 constant BASE_MSG_LENGTH_BUY_LISTING = 900;
// | 4 | 32 | 32 | 512 | 96 | 32 + (96 + (32 * proof.length)) | 192 | 64 | = 1060 bytes + (32 * proof.length)
// | selector | domainSeparator | isCollectionLevelOffer | saleDetails | buyerSignature | tokenSetProof | cosignature | feeOnTop |
uint256 constant BASE_MSG_LENGTH_ACCEPT_OFFER = 1060;
// | 4 | 32 | 64 | 512 * length | 64 | 96 * length | 64 | 192 * length | 64 | 64 * length | = 292 bytes + (864 * saleDetailsArray.length)
// | selector | domainSeparator | length + offset | saleDetailsArray | length + offset | sellerSignatures | length + offset | cosignatures | length + offset | feesOnTop |
uint256 constant BASE_MSG_LENGTH_BULK_BUY_LISTINGS = 292;
uint256 constant BASE_MSG_LENGTH_BULK_BUY_LISTINGS_PER_ITEM = 864;
// | 4 | 32 | 32 | 64 | 32 * length | 64 | 512 * length | 64 | 96 * length | 64 | 32 + (96 + (32 * proof.length)) | 64 | 192 * length | 64 | 64 * length | = 452 bytes + (1024 * saleDetailsArray.length) + (32 * proof.length [for each element])
// | selector | domainSeparator | struct info? | length + offset | isCollectionLevelOfferArray | length + offset | saleDetailsArray | length + offset | buyerSignaturesArray | length + offset | tokenSetProof | length + offset | cosignatures | length + offset | feesOnTop |
uint256 constant BASE_MSG_LENGTH_BULK_ACCEPT_OFFERS = 452;
uint256 constant BASE_MSG_LENGTH_BULK_ACCEPT_OFFERS_PER_ITEM = 1024;
// | 4 | 32 | 64 | 128 | 64 | 320 * length | 64 | 96 * length | 64 | 192 * length | = 420 bytes + (608 * items.length)
// | selector | domainSeparator | feeOnTop | sweepOrder | length + offset | items | length + offset | signedSellOrders | length + offset | cosignatures |
uint256 constant BASE_MSG_LENGTH_SWEEP_COLLECTION = 420;
uint256 constant BASE_MSG_LENGTH_SWEEP_COLLECTION_PER_ITEM = 608;// SPDX-License-Identifier: BSL-1.1
pragma solidity 0.8.19;
/// @dev Thrown when an order is an ERC721 order and the amount is not one.
error PaymentProcessor__AmountForERC721SalesMustEqualOne();
/// @dev Thrown when an order is an ERC1155 order and the amount is zero.
error PaymentProcessor__AmountForERC1155SalesGreaterThanZero();
/// @dev Thrown when an offer is being accepted and the payment method is the chain native token.
error PaymentProcessor__BadPaymentMethod();
/// @dev Thrown when adding or removing a payment method from a whitelist that the caller does not own.
error PaymentProcessor__CallerDoesNotOwnPaymentMethodWhitelist();
/**
* @dev Thrown when modifying collection payment settings, pricing bounds, or trusted channels on a collection
* @dev that the caller is not the owner of or a member of the default admin role for.
*/
error PaymentProcessor__CallerMustHaveElevatedPermissionsForSpecifiedNFT();
/// @dev Thrown when setting a collection or token pricing constraint with a floor price greater than ceiling price.
error PaymentProcessor__CeilingPriceMustBeGreaterThanFloorPrice();
/// @dev Thrown when adding a trusted channel that is not a trusted forwarder deployed by the trusted forwarder factory.
error PaymentProcessor__ChannelIsNotTrustedForwarder();
/// @dev Thrown when removing a payment method from a whitelist when that payment method is not on the whitelist.
error PaymentProcessor__CoinIsNotApproved();
/// @dev Thrown when the current block time is greater than the expiration time for the cosignature.
error PaymentProcessor__CosignatureHasExpired();
/// @dev Thrown when the cosigner has self destructed.
error PaymentProcessor__CosignerHasSelfDestructed();
/// @dev Thrown when a token failed to transfer to the beneficiary and partial fills are disabled.
error PaymentProcessor__DispensingTokenWasUnsuccessful();
/// @dev Thrown when a maker is a contract and the contract does not return the correct EIP1271 response to validate the signature.
error PaymentProcessor__EIP1271SignatureInvalid();
/// @dev Thrown when a native token transfer call fails to transfer the tokens.
error PaymentProcessor__FailedToTransferProceeds();
/// @dev Thrown when the additional fee on top exceeds the item price.
error PaymentProcessor__FeeOnTopCannotBeGreaterThanItemPrice();
/// @dev Thrown when the supplied root hash, token and proof do not match.
error PaymentProcessor__IncorrectTokenSetMerkleProof();
/// @dev Thrown when an input array has zero items in a location where it must have items.
error PaymentProcessor__InputArrayLengthCannotBeZero();
/// @dev Thrown when multiple input arrays have different lengths but are required to be the same length.
error PaymentProcessor__InputArrayLengthMismatch();
/// @dev Thrown when Payment Processor or a module is being deployed with invalid constructor arguments.
error PaymentProcessor__InvalidConstructorArguments();
/// @dev Thrown when the maker or taker is a banned account on the collection being traded.
error PaymentProcessor__MakerOrTakerIsBannedAccount();
/// @dev Thrown when the combined marketplace and royalty fees will exceed the item price.
error PaymentProcessor__MarketplaceAndRoyaltyFeesWillExceedSalePrice();
/// @dev Thrown when the recovered address from a cosignature does not match the order cosigner.
error PaymentProcessor__NotAuthorizedByCosigner();
/// @dev Thrown when the ERC2981 or backfilled royalties exceed the maximum fee specified by the order maker.
error PaymentProcessor__OnchainRoyaltiesExceedMaximumApprovedRoyaltyFee();
/// @dev Thrown when the current block timestamp is greater than the order expiration time.
error PaymentProcessor__OrderHasExpired();
/// @dev Thrown when attempting to fill a partially fillable order that has already been filled or cancelled.
error PaymentProcessor__OrderIsEitherCancelledOrFilled();
/// @dev Thrown when attempting to execute a sweep order for partially fillable orders.
error PaymentProcessor__OrderProtocolERC1155FillPartialUnsupportedInSweeps();
/// @dev Thrown when attempting to partially fill an order where the item price is not equally divisible by the amount of tokens.
error PaymentProcessor__PartialFillsNotSupportedForNonDivisibleItems();
/// @dev Thrown when attempting to execute an order with a payment method that is not allowed by the collection payment settings.
error PaymentProcessor__PaymentCoinIsNotAnApprovedPaymentMethod();
/// @dev Thrown when adding a payment method to a whitelist when that payment method is already on the list.
error PaymentProcessor__PaymentMethodIsAlreadyApproved();
/// @dev Thrown when setting collection payment settings with a whitelist id that does not exist.
error PaymentProcessor__PaymentMethodWhitelistDoesNotExist();
/// @dev Thrown when attempting to transfer ownership of a payment method whitelist to the zero address.
error PaymentProcessor__PaymentMethodWhitelistOwnershipCannotBeTransferredToZeroAddress();
/// @dev Thrown when distributing payments and fees in native token and the amount remaining is less than the amount to distribute.
error PaymentProcessor__RanOutOfNativeFunds();
/// @dev Thrown when attempting to set a royalty backfill numerator that would result in royalties greater than 100%.
error PaymentProcessor__RoyaltyBackfillNumeratorCannotExceedFeeDenominator();
/// @dev Thrown when attempting to set a royalty bounty numerator that would result in royalty bounties greater than 100%.
error PaymentProcessor__RoyaltyBountyNumeratorCannotExceedFeeDenominator();
/// @dev Thrown when a collection is set to pricing constraints and the item price exceeds the defined maximum price.
error PaymentProcessor__SalePriceAboveMaximumCeiling();
/// @dev Thrown when a collection is set to pricing constraints and the item price is below the defined minimum price.
error PaymentProcessor__SalePriceBelowMinimumFloor();
/// @dev Thrown when a maker's nonce has already been used for an executed order or cancelled by the maker.
error PaymentProcessor__SignatureAlreadyUsedOrRevoked();
/**
* @dev Thrown when a collection is set to block untrusted channels and the order execution originates from a channel
* @dev that is not in the collection's trusted channel list.
*/
error PaymentProcessor__TradeOriginatedFromUntrustedChannel();
/// @dev Thrown when a trading of a specific collection has been paused by the collection owner or admin.
error PaymentProcessor__TradingIsPausedForCollection();
/**
* @dev Thrown when attempting to fill a partially fillable order and the amount available to fill
* @dev is less than the specified minimum to fill.
*/
error PaymentProcessor__UnableToFillMinimumRequestedQuantity();
/// @dev Thrown when the recovered signer for an order does not match the order maker.
error PaymentProcessor__UnauthorizedOrder();
/// @dev Thrown when the taker on a cosigned order does not match the taker on the cosignature.
error PaymentProcessor__UnauthorizedTaker();
/// @dev Thrown when the Payment Processor or a module is being deployed with uninitialized configuration values.
error PaymentProcessor__UninitializedConfiguration();// SPDX-License-Identifier: BSL-1.1
pragma solidity 0.8.19;
import "../DataTypes.sol";
/**
* @title PaymentProcessor
* @custom:version 2.0.0
* @author Limit Break, Inc.
*/
interface IPaymentProcessorConfiguration {
/**
* @notice Returns the ERC2771 context setup params for payment processor modules.
*/
function getPaymentProcessorModuleERC2771ContextParams()
external
view
returns (
address /*trustedForwarderFactory*/
);
/**
* @notice Returns the setup params for payment processor modules.
*/
function getPaymentProcessorModuleDeploymentParams()
external
view
returns (
uint32, /*defaultPushPaymentGasLimit*/
address, /*wrappedNativeCoin*/
DefaultPaymentMethods memory /*defaultPaymentMethods*/
);
/**
* @notice Returns the setup params for payment processor.
*/
function getPaymentProcessorDeploymentParams()
external
view
returns (
address, /*defaultContractOwner*/
PaymentProcessorModules memory /*paymentProcessorModules*/
);
}// SPDX-License-Identifier: BSL-1.1
pragma solidity 0.8.19;
import "../DataTypes.sol";
/**
* @title Payment Processor
* @custom:version 2.0.0
* @author Limit Break, Inc.
*/
interface IPaymentProcessorEvents {
/// @notice Emitted when an account is banned from trading a collection
event BannedAccountAddedForCollection(
address indexed tokenAddress,
address indexed account);
/// @notice Emitted when an account ban has been lifted on a collection
event BannedAccountRemovedForCollection(
address indexed tokenAddress,
address indexed account);
/// @notice Emitted when an ERC721 listing is purchased.
event BuyListingERC721(
address indexed buyer,
address indexed seller,
address indexed tokenAddress,
address beneficiary,
address paymentCoin,
uint256 tokenId,
uint256 salePrice);
/// @notice Emitted when an ERC1155 listing is purchased.
event BuyListingERC1155(
address indexed buyer,
address indexed seller,
address indexed tokenAddress,
address beneficiary,
address paymentCoin,
uint256 tokenId,
uint256 amount,
uint256 salePrice);
/// @notice Emitted when an ERC721 offer is accepted.
event AcceptOfferERC721(
address indexed seller,
address indexed buyer,
address indexed tokenAddress,
address beneficiary,
address paymentCoin,
uint256 tokenId,
uint256 salePrice);
/// @notice Emitted when an ERC1155 offer is accepted.
event AcceptOfferERC1155(
address indexed seller,
address indexed buyer,
address indexed tokenAddress,
address beneficiary,
address paymentCoin,
uint256 tokenId,
uint256 amount,
uint256 salePrice);
/// @notice Emitted when a new payment method whitelist is created.
event CreatedPaymentMethodWhitelist(
uint32 indexed paymentMethodWhitelistId,
address indexed whitelistOwner,
string whitelistName);
/// @notice Emitted when a cosigner destroys itself.
event DestroyedCosigner(address indexed cosigner);
/// @notice Emitted when a user revokes all of their existing listings or offers that share the master nonce.
event MasterNonceInvalidated(address indexed account, uint256 nonce);
/// @notice Emitted when a user revokes a single listing or offer nonce for a specific marketplace.
event NonceInvalidated(
uint256 indexed nonce,
address indexed account,
bool wasCancellation);
/// @notice Emitted when a user revokes a single listing or offer nonce for a specific marketplace.
event OrderDigestInvalidated(
bytes32 indexed orderDigest,
address indexed account,
bool wasCancellation);
/// @notice Emitted when a coin is added to the approved coins mapping for a security policy
event PaymentMethodAddedToWhitelist(
uint32 indexed paymentMethodWhitelistId,
address indexed paymentMethod);
/// @notice Emitted when a coin is removed from the approved coins mapping for a security policy
event PaymentMethodRemovedFromWhitelist(
uint32 indexed paymentMethodWhitelistId,
address indexed paymentMethod);
/// @notice Emitted when a payment method whitelist is reassigned to a new owner
event ReassignedPaymentMethodWhitelistOwnership(uint32 indexed id, address indexed newOwner);
/// @notice Emitted when a trusted channel is added for a collection
event TrustedChannelAddedForCollection(
address indexed tokenAddress,
address indexed channel);
/// @notice Emitted when a trusted channel is removed for a collection
event TrustedChannelRemovedForCollection(
address indexed tokenAddress,
address indexed channel);
/// @notice Emitted whenever pricing bounds change at a collection level for price-constrained collections.
event UpdatedCollectionLevelPricingBoundaries(
address indexed tokenAddress,
uint256 floorPrice,
uint256 ceilingPrice);
/// @notice Emitted whenever the supported ERC-20 payment is set for price-constrained collections.
event UpdatedCollectionPaymentSettings(
address indexed tokenAddress,
PaymentSettings paymentSettings,
uint32 indexed paymentMethodWhitelistId,
address indexed constrainedPricingPaymentMethod,
uint16 royaltyBackfillNumerator,
address royaltyBackfillReceiver,
uint16 royaltyBountyNumerator,
address exclusiveBountyReceiver,
bool blockTradesFromUntrustedChannels,
bool blockBannedAccounts);
/// @notice Emitted whenever pricing bounds change at a token level for price-constrained collections.
event UpdatedTokenLevelPricingBoundaries(
address indexed tokenAddress,
uint256 indexed tokenId,
uint256 floorPrice,
uint256 ceilingPrice);
}// SPDX-License-Identifier: BSL-1.1
pragma solidity 0.8.19;
/**
* @title Payment Processor
* @custom:version 2.0.0
* @author Limit Break, Inc.
*/
interface IModuleDefaultPaymentMethods {
/**
* @notice Returns the list of default payment methods that Payment Processor supports.
*/
function getDefaultPaymentMethods() external view returns (address[] memory);
}// SPDX-License-Identifier: BSL-1.1
pragma solidity 0.8.19;
import "../DataTypes.sol";
/**
* @title Payment Processor
* @custom:version 2.0.0
* @author Limit Break, Inc.
*/
contract PaymentProcessorStorageAccess {
/// @dev The base storage slot for Payment Processor contract storage items.
bytes32 constant DIAMOND_STORAGE_PAYMENT_PROCESSOR =
keccak256("diamond.storage.payment.processor");
/**
* @dev Returns a storage object that follows the Diamond standard storage pattern for
* @dev contract storage across multiple module contracts.
*/
function appStorage() internal pure returns (PaymentProcessorStorage storage diamondStorage) {
bytes32 slot = DIAMOND_STORAGE_PAYMENT_PROCESSOR;
assembly {
diamondStorage.slot := slot
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (utils/cryptography/draft-EIP712.sol)
pragma solidity ^0.8.0;
// EIP-712 is Final as of 2022-08-11. This file is deprecated.
import "./EIP712.sol";
// SPDX-License-Identifier: BSL-1.1
pragma solidity 0.8.19;
import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import "@openzeppelin/contracts/utils/structs/EnumerableSet.sol";
/**
* @dev Used internally to indicate which side of the order the taker is on.
*/
enum Sides {
// 0: Taker is on buy side of order.
Buy,
// 1: Taker is on sell side of order.
Sell
}
/**
* @dev Defines condition to apply to order execution.
*/
enum OrderProtocols {
// 0: ERC721 order that must execute in full or not at all.
ERC721_FILL_OR_KILL,
// 1: ERC1155 order that must execute in full or not at all.
ERC1155_FILL_OR_KILL,
// 2: ERC1155 order that may be partially executed.
ERC1155_FILL_PARTIAL
}
/**
* @dev Defines the rules applied to a collection for payments.
*/
enum PaymentSettings {
// 0: Utilize Payment Processor default whitelist.
DefaultPaymentMethodWhitelist,
// 1: Allow any payment method.
AllowAnyPaymentMethod,
// 2: Use a custom payment method whitelist.
CustomPaymentMethodWhitelist,
// 3: Single payment method with floor and ceiling limits.
PricingConstraints,
// 4: Pauses trading for the collection.
Paused
}
/**
* @dev This struct is used internally for the deployment of the Payment Processor contract and
* @dev module deployments to define the default payment method whitelist.
*/
struct DefaultPaymentMethods {
address defaultPaymentMethod1;
address defaultPaymentMethod2;
address defaultPaymentMethod3;
address defaultPaymentMethod4;
}
/**
* @dev This struct is used internally for the deployment of the Payment Processor contract to define the
* @dev module addresses to be used for the contract.
*/
struct PaymentProcessorModules {
address modulePaymentSettings;
address moduleOnChainCancellation;
address moduleTrades;
address moduleTradesAdvanced;
}
/**
* @dev This struct defines the payment settings parameters for a collection.
*
* @dev **paymentSettings**: The general rule definition for payment methods allowed.
* @dev **paymentMethodWhitelistId**: The list id to be used when paymentSettings is set to CustomPaymentMethodWhitelist.
* @dev **constraintedPricingPaymentMethod**: The payment method to be used when paymentSettings is set to PricingConstraints.
* @dev **royaltyBackfillNumerator**: The royalty fee to apply to the collection when ERC2981 is not supported.
* @dev **royaltyBountyNumerator**: The percentage of royalties the creator will grant to a marketplace for order fulfillment.
* @dev **isRoyaltyBountyExclusive**: If true, royalty bounties will only be paid if the order marketplace is the set exclusive marketplace.
* @dev **blockTradesFromUntrustedChannels**: If true, trades that originate from untrusted channels will not be executed.
* @dev **blockBannedAccounts**: If true, banned accounts can be neither maker or taker for trades on a per-collection basis.
*/
struct CollectionPaymentSettings {
PaymentSettings paymentSettings;
uint32 paymentMethodWhitelistId;
address constrainedPricingPaymentMethod;
uint16 royaltyBackfillNumerator;
uint16 royaltyBountyNumerator;
bool isRoyaltyBountyExclusive;
bool blockTradesFromUntrustedChannels;
bool blockBannedAccounts;
}
/**
* @dev The `v`, `r`, and `s` components of an ECDSA signature. For more information
* [refer to this article](https://medium.com/mycrypto/the-magic-of-digital-signatures-on-ethereum-98fe184dc9c7).
*/
struct SignatureECDSA {
uint8 v;
bytes32 r;
bytes32 s;
}
/**
* @dev This struct defines order execution parameters.
*
* @dev **protocol**: The order protocol to apply to the order.
* @dev **maker**: The user that created and signed the order to be executed by a taker.
* @dev **beneficiary**: The account that will receive the tokens.
* @dev **marketplace**: The fee receiver of the marketplace that the order was created on.
* @dev **fallbackRoyaltyRecipient**: The address that will receive royalties if ERC2981
* @dev is not supported by the collection and the creator has not defined backfilled royalties with Payment Processor.
* @dev **paymentMethod**: The payment method for the order.
* @dev **tokenAddress**: The address of the token collection the order is for.
* @dev **tokenId**: The token id that the order is for.
* @dev **amount**: The quantity of token the order is for.
* @dev **itemPrice**: The price for the order in base units for the payment method.
* @dev **nonce**: The maker's nonce for the order.
* @dev **expiration**: The time, in seconds since the Unix epoch, that the order will expire.
* @dev **marketplaceFeeNumerator**: The percentage fee that will be sent to the marketplace.
* @dev **maxRoyaltyFeeNumerator**: The maximum royalty the maker is willing to accept. This will be used
* @dev as the royalty amount when ERC2981 is not supported by the collection.
* @dev **requestedFillAmount**: The amount of tokens for an ERC1155 partial fill order that the taker wants to fill.
* @dev **minimumFillAmount**: The minimum amount of tokens for an ERC1155 partial fill order that the taker will accept.
*/
struct Order {
OrderProtocols protocol;
address maker;
address beneficiary;
address marketplace;
address fallbackRoyaltyRecipient;
address paymentMethod;
address tokenAddress;
uint256 tokenId;
uint248 amount;
uint256 itemPrice;
uint256 nonce;
uint256 expiration;
uint256 marketplaceFeeNumerator;
uint256 maxRoyaltyFeeNumerator;
uint248 requestedFillAmount;
uint248 minimumFillAmount;
}
/**
* @dev This struct defines the cosignature for verifying an order that is a cosigned order.
*
* @dev **signer**: The address that signed the cosigned order. This must match the cosigner that is part of the order signature.
* @dev **taker**: The address of the order taker.
* @dev **expiration**: The time, in seconds since the Unix epoch, that the cosignature will expire.
* @dev The `v`, `r`, and `s` components of an ECDSA signature. For more information
* [refer to this article](https://medium.com/mycrypto/the-magic-of-digital-signatures-on-ethereum-98fe184dc9c7).
*/
struct Cosignature {
address signer;
address taker;
uint256 expiration;
uint8 v;
bytes32 r;
bytes32 s;
}
/**
* @dev This struct defines an additional fee on top of an order, paid by taker.
*
* @dev **recipient**: The recipient of the additional fee.
* @dev **amount**: The amount of the additional fee, in base units of the payment token.
*/
struct FeeOnTop {
address recipient;
uint256 amount;
}
/**
* @dev This struct defines the root hash and proof data for accepting an offer that is for a subset
* @dev of items in a collection. The root hash must match the root hash specified as part of the
* @dev maker's order signature.
*
* @dev **rootHash**: The merkletree root hash for the items that may be used to fulfill the offer order.
* @dev **proof**: The merkle proofs for the item being supplied to fulfill the offer order.
*/
struct TokenSetProof {
bytes32 rootHash;
bytes32[] proof;
}
/**
* @dev Current state of a partially fillable order.
*/
enum PartiallyFillableOrderState {
// 0: Order is open and may continue to be filled.
Open,
// 1: Order has been completely filled.
Filled,
// 2: Order has been cancelled.
Cancelled
}
/**
* @dev This struct defines the current status of a partially fillable order.
*
* @dev **state**: The current state of the order as defined by the PartiallyFillableOrderState enum.
* @dev **remainingFillableQuantity**: The remaining quantity that may be filled for the order.
*/
struct PartiallyFillableOrderStatus {
PartiallyFillableOrderState state;
uint248 remainingFillableQuantity;
}
/**
* @dev This struct defines the royalty backfill and bounty information. Its data for an
* @dev order execution is constructed internally based on the collection settings and
* @dev order execution details.
*
* @dev **backfillNumerator**: The percentage of the order amount to pay as royalties
* @dev for a collection that does not support ERC2981.
* @dev **backfillReceiver**: The recipient of backfill royalties.
* @dev **bountyNumerator**: The percentage of royalties to share with the marketplace for order fulfillment.
* @dev **exclusiveMarketplace**: If non-zero, the address of the exclusive marketplace for royalty bounties.
*/
struct RoyaltyBackfillAndBounty {
uint16 backfillNumerator;
address backfillReceiver;
uint16 bountyNumerator;
address exclusiveMarketplace;
}
/**
* @dev This struct defines order information that is common to all items in a sweep order.
*
* @dev **protocol**: The order protocol to apply to the order.
* @dev **tokenAddress**: The address of the token collection the order is for.
* @dev **paymentMethod**: The payment method for the order.
* @dev **beneficiary**: The account that will receive the tokens.
*/
struct SweepOrder {
OrderProtocols protocol;
address tokenAddress;
address paymentMethod;
address beneficiary;
}
/**
* @dev This struct defines order information that is unique to each item of a sweep order.
* @dev Combined with the SweepOrder header information to make an Order to execute.
*
* @dev **maker**: The user that created and signed the order to be executed by a taker.
* @dev **marketplace**: The marketplace that the order was created on.
* @dev **fallbackRoyaltyRecipient**: The address that will receive royalties if ERC2981
* @dev is not supported by the collection and the creator has not defined royalties with Payment Processor.
* @dev **tokenId**: The token id that the order is for.
* @dev **amount**: The quantity of token the order is for.
* @dev **itemPrice**: The price for the order in base units for the payment method.
* @dev **nonce**: The maker's nonce for the order.
* @dev **expiration**: The time, in seconds since the Unix epoch, that the order will expire.
* @dev **marketplaceFeeNumerator**: The percentage fee that will be sent to the marketplace.
* @dev **maxRoyaltyFeeNumerator**: The maximum royalty the maker is willing to accept. This will be used
* @dev as the royalty amount when ERC2981 is not supported by the collection.
*/
struct SweepItem {
address maker;
address marketplace;
address fallbackRoyaltyRecipient;
uint256 tokenId;
uint248 amount;
uint256 itemPrice;
uint256 nonce;
uint256 expiration;
uint256 marketplaceFeeNumerator;
uint256 maxRoyaltyFeeNumerator;
}
/**
* @dev This struct is used to define pricing constraints for a collection or individual token.
*
* @dev **isSet**: When true, this indicates that pricing constraints are set for the collection or token.
* @dev **floorPrice**: The minimum price for a token or collection. This is only enforced when
* @dev `enforcePricingConstraints` is `true`.
* @dev **ceilingPrice**: The maximum price for a token or collection. This is only enforced when
* @dev `enforcePricingConstraints` is `true`.
*/
struct PricingBounds {
bool isSet;
uint120 floorPrice;
uint120 ceilingPrice;
}
/**
* @dev This struct defines the parameters for a bulk offer acceptance transaction.
*
*
* @dev **isCollectionLevelOfferArray**: An array of flags to indicate if an offer is for any token in the collection.
* @dev **saleDetailsArray**: An array of order execution details.
* @dev **buyerSignaturesArray**: An array of maker signatures authorizing the order executions.
* @dev **tokenSetProofsArray**: An array of root hashes and merkle proofs for offers that are a subset of tokens in a collection.
* @dev **cosignaturesArray**: An array of additional cosignatures for cosigned orders, as applicable.
* @dev **feesOnTopArray**: An array of additional fees to add on top of the orders, paid by taker.
*/
struct BulkAcceptOffersParams {
bool[] isCollectionLevelOfferArray;
Order[] saleDetailsArray;
SignatureECDSA[] buyerSignaturesArray;
TokenSetProof[] tokenSetProofsArray;
Cosignature[] cosignaturesArray;
FeeOnTop[] feesOnTopArray;
}
/**
* @dev Internal contract use only - this is not a public-facing struct
*/
struct SplitProceeds {
address royaltyRecipient;
uint256 royaltyProceeds;
uint256 marketplaceProceeds;
uint256 sellerProceeds;
}
/**
* @dev Internal contract use only - this is not a public-facing struct
*/
struct PayoutsAccumulator {
address lastSeller;
address lastMarketplace;
address lastRoyaltyRecipient;
uint256 accumulatedSellerProceeds;
uint256 accumulatedMarketplaceProceeds;
uint256 accumulatedRoyaltyProceeds;
}
/**
* @dev Internal contract use only - this is not a public-facing struct
*/
struct SweepCollectionComputeAndDistributeProceedsParams {
IERC20 paymentCoin;
FulfillOrderFunctionPointers fnPointers;
FeeOnTop feeOnTop;
RoyaltyBackfillAndBounty royaltyBackfillAndBounty;
Order[] saleDetailsBatch;
}
/**
* @dev Internal contract use only - this is not a public-facing struct
*/
struct FulfillOrderFunctionPointers {
function(address,address,IERC20,uint256,uint256) funcPayout;
function(address,address,address,uint256,uint256) returns (bool) funcDispenseToken;
function(TradeContext memory, Order memory) funcEmitOrderExecutionEvent;
}
/**
* @dev Internal contract use only - this is not a public-facing struct
*/
struct TradeContext {
bytes32 domainSeparator;
address channel;
address taker;
bool disablePartialFill;
}
/**
* @dev This struct defines contract-level storage to be used across all Payment Processor modules.
* @dev Follows the Diamond storage pattern.
*/
struct PaymentProcessorStorage {
/// @dev Tracks the most recently created payment method whitelist id
uint32 lastPaymentMethodWhitelistId;
/**
* @notice User-specific master nonce that allows buyers and sellers to efficiently cancel all listings or offers
* they made previously. The master nonce for a user only changes when they explicitly request to revoke all
* existing listings and offers.
*
* @dev When prompting sellers to sign a listing or offer, marketplaces must query the current master nonce of
* the user and include it in the listing/offer signature data.
*/
mapping(address => uint256) masterNonces;
/**
* @dev The mapping key is the keccak256 hash of marketplace address and user address.
*
* @dev ```keccak256(abi.encodePacked(marketplace, user))```
*
* @dev The mapping value is another nested mapping of "slot" (key) to a bitmap (value) containing boolean flags
* indicating whether or not a nonce has been used or invalidated.
*
* @dev Marketplaces MUST track their own nonce by user, incrementing it for every signed listing or offer the user
* creates. Listings and purchases may be executed out of order, and they may never be executed if orders
* are not matched prior to expriation.
*
* @dev The slot and the bit offset within the mapped value are computed as:
*
* @dev ```slot = nonce / 256;```
* @dev ```offset = nonce % 256;```
*/
mapping(address => mapping(uint256 => uint256)) invalidatedSignatures;
/// @dev Mapping of token contract addresses to the collection payment settings.
mapping (address => CollectionPaymentSettings) collectionPaymentSettings;
/// @dev Mapping of payment method whitelist id to the owner address for the list.
mapping (uint32 => address) paymentMethodWhitelistOwners;
/// @dev Mapping of payment method whitelist id to a defined list of allowed payment methods.
mapping (uint32 => EnumerableSet.AddressSet) collectionPaymentMethodWhitelists;
/// @dev Mapping of token contract addresses to the collection-level pricing boundaries (floor and ceiling price).
mapping (address => PricingBounds) collectionPricingBounds;
/// @dev Mapping of token contract addresses to the token-level pricing boundaries (floor and ceiling price).
mapping (address => mapping (uint256 => PricingBounds)) tokenPricingBounds;
/// @dev Mapping of token contract addresses to the defined royalty backfill receiver addresses.
mapping (address => address) collectionRoyaltyBackfillReceivers;
/// @dev Mapping of token contract addresses to the defined exclusive bounty receivers.
mapping (address => address) collectionExclusiveBountyReceivers;
/// @dev Mapping of maker addresses to a mapping of order digests to the status of the partially fillable order for that digest.
mapping (address => mapping(bytes32 => PartiallyFillableOrderStatus)) partiallyFillableOrderStatuses;
/// @dev Mapping of token contract addresses to the defined list of trusted channels for the token contract.
mapping (address => EnumerableSet.AddressSet) collectionTrustedChannels;
/// @dev Mapping of token contract addresses to the defined list of banned accounts for the token contract.
mapping (address => EnumerableSet.AddressSet) collectionBannedAccounts;
/// @dev A mapping of all co-signers that have self-destructed and can never be used as cosigners again.
mapping (address => bool) destroyedCosigners;
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/EIP712.sol)
pragma solidity ^0.8.8;
import "./ECDSA.sol";
import "../ShortStrings.sol";
import "../../interfaces/IERC5267.sol";
/**
* @dev https://eips.ethereum.org/EIPS/eip-712[EIP 712] is a standard for hashing and signing of typed structured data.
*
* The encoding specified in the EIP is very generic, and such a generic implementation in Solidity is not feasible,
* thus this contract does not implement the encoding itself. Protocols need to implement the type-specific encoding
* they need in their contracts using a combination of `abi.encode` and `keccak256`.
*
* This contract implements the EIP 712 domain separator ({_domainSeparatorV4}) that is used as part of the encoding
* scheme, and the final step of the encoding to obtain the message digest that is then signed via ECDSA
* ({_hashTypedDataV4}).
*
* The implementation of the domain separator was designed to be as efficient as possible while still properly updating
* the chain id to protect against replay attacks on an eventual fork of the chain.
*
* NOTE: This contract implements the version of the encoding known as "v4", as implemented by the JSON RPC method
* https://docs.metamask.io/guide/signing-data.html[`eth_signTypedDataV4` in MetaMask].
*
* NOTE: In the upgradeable version of this contract, the cached values will correspond to the address, and the domain
* separator of the implementation contract. This will cause the `_domainSeparatorV4` function to always rebuild the
* separator from the immutable values, which is cheaper than accessing a cached version in cold storage.
*
* _Available since v3.4._
*
* @custom:oz-upgrades-unsafe-allow state-variable-immutable state-variable-assignment
*/
abstract contract EIP712 is IERC5267 {
using ShortStrings for *;
bytes32 private constant _TYPE_HASH =
keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)");
// Cache the domain separator as an immutable value, but also store the chain id that it corresponds to, in order to
// invalidate the cached domain separator if the chain id changes.
bytes32 private immutable _cachedDomainSeparator;
uint256 private immutable _cachedChainId;
address private immutable _cachedThis;
bytes32 private immutable _hashedName;
bytes32 private immutable _hashedVersion;
ShortString private immutable _name;
ShortString private immutable _version;
string private _nameFallback;
string private _versionFallback;
/**
* @dev Initializes the domain separator and parameter caches.
*
* The meaning of `name` and `version` is specified in
* https://eips.ethereum.org/EIPS/eip-712#definition-of-domainseparator[EIP 712]:
*
* - `name`: the user readable name of the signing domain, i.e. the name of the DApp or the protocol.
* - `version`: the current major version of the signing domain.
*
* NOTE: These parameters cannot be changed except through a xref:learn::upgrading-smart-contracts.adoc[smart
* contract upgrade].
*/
constructor(string memory name, string memory version) {
_name = name.toShortStringWithFallback(_nameFallback);
_version = version.toShortStringWithFallback(_versionFallback);
_hashedName = keccak256(bytes(name));
_hashedVersion = keccak256(bytes(version));
_cachedChainId = block.chainid;
_cachedDomainSeparator = _buildDomainSeparator();
_cachedThis = address(this);
}
/**
* @dev Returns the domain separator for the current chain.
*/
function _domainSeparatorV4() internal view returns (bytes32) {
if (address(this) == _cachedThis && block.chainid == _cachedChainId) {
return _cachedDomainSeparator;
} else {
return _buildDomainSeparator();
}
}
function _buildDomainSeparator() private view returns (bytes32) {
return keccak256(abi.encode(_TYPE_HASH, _hashedName, _hashedVersion, block.chainid, address(this)));
}
/**
* @dev Given an already https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct[hashed struct], this
* function returns the hash of the fully encoded EIP712 message for this domain.
*
* This hash can be used together with {ECDSA-recover} to obtain the signer of a message. For example:
*
* ```solidity
* bytes32 digest = _hashTypedDataV4(keccak256(abi.encode(
* keccak256("Mail(address to,string contents)"),
* mailTo,
* keccak256(bytes(mailContents))
* )));
* address signer = ECDSA.recover(digest, signature);
* ```
*/
function _hashTypedDataV4(bytes32 structHash) internal view virtual returns (bytes32) {
return ECDSA.toTypedDataHash(_domainSeparatorV4(), structHash);
}
/**
* @dev See {EIP-5267}.
*
* _Available since v4.9._
*/
function eip712Domain()
public
view
virtual
override
returns (
bytes1 fields,
string memory name,
string memory version,
uint256 chainId,
address verifyingContract,
bytes32 salt,
uint256[] memory extensions
)
{
return (
hex"0f", // 01111
_name.toStringWithFallback(_nameFallback),
_version.toStringWithFallback(_versionFallback),
block.chainid,
address(this),
bytes32(0),
new uint256[](0)
);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/IERC20.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/
interface IERC20 {
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
/**
* @dev Returns the amount of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the amount of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves `amount` tokens from the caller's account to `to`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address to, uint256 amount) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 amount) external returns (bool);
/**
* @dev Moves `amount` tokens from `from` to `to` using the
* allowance mechanism. `amount` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(address from, address to, uint256 amount) external returns (bool);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/structs/EnumerableSet.sol)
// This file was procedurally generated from scripts/generate/templates/EnumerableSet.js.
pragma solidity ^0.8.0;
/**
* @dev Library for managing
* https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive
* types.
*
* Sets have the following properties:
*
* - Elements are added, removed, and checked for existence in constant time
* (O(1)).
* - Elements are enumerated in O(n). No guarantees are made on the ordering.
*
* ```solidity
* contract Example {
* // Add the library methods
* using EnumerableSet for EnumerableSet.AddressSet;
*
* // Declare a set state variable
* EnumerableSet.AddressSet private mySet;
* }
* ```
*
* As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`)
* and `uint256` (`UintSet`) are supported.
*
* [WARNING]
* ====
* Trying to delete such a structure from storage will likely result in data corruption, rendering the structure
* unusable.
* See https://github.com/ethereum/solidity/pull/11843[ethereum/solidity#11843] for more info.
*
* In order to clean an EnumerableSet, you can either remove all elements one by one or create a fresh instance using an
* array of EnumerableSet.
* ====
*/
library EnumerableSet {
// To implement this library for multiple types with as little code
// repetition as possible, we write it in terms of a generic Set type with
// bytes32 values.
// The Set implementation uses private functions, and user-facing
// implementations (such as AddressSet) are just wrappers around the
// underlying Set.
// This means that we can only create new EnumerableSets for types that fit
// in bytes32.
struct Set {
// Storage of set values
bytes32[] _values;
// Position of the value in the `values` array, plus 1 because index 0
// means a value is not in the set.
mapping(bytes32 => uint256) _indexes;
}
/**
* @dev Add a value to a set. O(1).
*
* Returns true if the value was added to the set, that is if it was not
* already present.
*/
function _add(Set storage set, bytes32 value) private returns (bool) {
if (!_contains(set, value)) {
set._values.push(value);
// The value is stored at length-1, but we add 1 to all indexes
// and use 0 as a sentinel value
set._indexes[value] = set._values.length;
return true;
} else {
return false;
}
}
/**
* @dev Removes a value from a set. O(1).
*
* Returns true if the value was removed from the set, that is if it was
* present.
*/
function _remove(Set storage set, bytes32 value) private returns (bool) {
// We read and store the value's index to prevent multiple reads from the same storage slot
uint256 valueIndex = set._indexes[value];
if (valueIndex != 0) {
// Equivalent to contains(set, value)
// To delete an element from the _values array in O(1), we swap the element to delete with the last one in
// the array, and then remove the last element (sometimes called as 'swap and pop').
// This modifies the order of the array, as noted in {at}.
uint256 toDeleteIndex = valueIndex - 1;
uint256 lastIndex = set._values.length - 1;
if (lastIndex != toDeleteIndex) {
bytes32 lastValue = set._values[lastIndex];
// Move the last value to the index where the value to delete is
set._values[toDeleteIndex] = lastValue;
// Update the index for the moved value
set._indexes[lastValue] = valueIndex; // Replace lastValue's index to valueIndex
}
// Delete the slot where the moved value was stored
set._values.pop();
// Delete the index for the deleted slot
delete set._indexes[value];
return true;
} else {
return false;
}
}
/**
* @dev Returns true if the value is in the set. O(1).
*/
function _contains(Set storage set, bytes32 value) private view returns (bool) {
return set._indexes[value] != 0;
}
/**
* @dev Returns the number of values on the set. O(1).
*/
function _length(Set storage set) private view returns (uint256) {
return set._values.length;
}
/**
* @dev Returns the value stored at position `index` in the set. O(1).
*
* Note that there are no guarantees on the ordering of values inside the
* array, and it may change when more values are added or removed.
*
* Requirements:
*
* - `index` must be strictly less than {length}.
*/
function _at(Set storage set, uint256 index) private view returns (bytes32) {
return set._values[index];
}
/**
* @dev Return the entire set in an array
*
* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
* this function has an unbounded cost, and using it as part of a state-changing function may render the function
* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
*/
function _values(Set storage set) private view returns (bytes32[] memory) {
return set._values;
}
// Bytes32Set
struct Bytes32Set {
Set _inner;
}
/**
* @dev Add a value to a set. O(1).
*
* Returns true if the value was added to the set, that is if it was not
* already present.
*/
function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {
return _add(set._inner, value);
}
/**
* @dev Removes a value from a set. O(1).
*
* Returns true if the value was removed from the set, that is if it was
* present.
*/
function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) {
return _remove(set._inner, value);
}
/**
* @dev Returns true if the value is in the set. O(1).
*/
function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) {
return _contains(set._inner, value);
}
/**
* @dev Returns the number of values in the set. O(1).
*/
function length(Bytes32Set storage set) internal view returns (uint256) {
return _length(set._inner);
}
/**
* @dev Returns the value stored at position `index` in the set. O(1).
*
* Note that there are no guarantees on the ordering of values inside the
* array, and it may change when more values are added or removed.
*
* Requirements:
*
* - `index` must be strictly less than {length}.
*/
function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) {
return _at(set._inner, index);
}
/**
* @dev Return the entire set in an array
*
* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
* this function has an unbounded cost, and using it as part of a state-changing function may render the function
* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
*/
function values(Bytes32Set storage set) internal view returns (bytes32[] memory) {
bytes32[] memory store = _values(set._inner);
bytes32[] memory result;
/// @solidity memory-safe-assembly
assembly {
result := store
}
return result;
}
// AddressSet
struct AddressSet {
Set _inner;
}
/**
* @dev Add a value to a set. O(1).
*
* Returns true if the value was added to the set, that is if it was not
* already present.
*/
function add(AddressSet storage set, address value) internal returns (bool) {
return _add(set._inner, bytes32(uint256(uint160(value))));
}
/**
* @dev Removes a value from a set. O(1).
*
* Returns true if the value was removed from the set, that is if it was
* present.
*/
function remove(AddressSet storage set, address value) internal returns (bool) {
return _remove(set._inner, bytes32(uint256(uint160(value))));
}
/**
* @dev Returns true if the value is in the set. O(1).
*/
function contains(AddressSet storage set, address value) internal view returns (bool) {
return _contains(set._inner, bytes32(uint256(uint160(value))));
}
/**
* @dev Returns the number of values in the set. O(1).
*/
function length(AddressSet storage set) internal view returns (uint256) {
return _length(set._inner);
}
/**
* @dev Returns the value stored at position `index` in the set. O(1).
*
* Note that there are no guarantees on the ordering of values inside the
* array, and it may change when more values are added or removed.
*
* Requirements:
*
* - `index` must be strictly less than {length}.
*/
function at(AddressSet storage set, uint256 index) internal view returns (address) {
return address(uint160(uint256(_at(set._inner, index))));
}
/**
* @dev Return the entire set in an array
*
* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
* this function has an unbounded cost, and using it as part of a state-changing function may render the function
* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
*/
function values(AddressSet storage set) internal view returns (address[] memory) {
bytes32[] memory store = _values(set._inner);
address[] memory result;
/// @solidity memory-safe-assembly
assembly {
result := store
}
return result;
}
// UintSet
struct UintSet {
Set _inner;
}
/**
* @dev Add a value to a set. O(1).
*
* Returns true if the value was added to the set, that is if it was not
* already present.
*/
function add(UintSet storage set, uint256 value) internal returns (bool) {
return _add(set._inner, bytes32(value));
}
/**
* @dev Removes a value from a set. O(1).
*
* Returns true if the value was removed from the set, that is if it was
* present.
*/
function remove(UintSet storage set, uint256 value) internal returns (bool) {
return _remove(set._inner, bytes32(value));
}
/**
* @dev Returns true if the value is in the set. O(1).
*/
function contains(UintSet storage set, uint256 value) internal view returns (bool) {
return _contains(set._inner, bytes32(value));
}
/**
* @dev Returns the number of values in the set. O(1).
*/
function length(UintSet storage set) internal view returns (uint256) {
return _length(set._inner);
}
/**
* @dev Returns the value stored at position `index` in the set. O(1).
*
* Note that there are no guarantees on the ordering of values inside the
* array, and it may change when more values are added or removed.
*
* Requirements:
*
* - `index` must be strictly less than {length}.
*/
function at(UintSet storage set, uint256 index) internal view returns (uint256) {
return uint256(_at(set._inner, index));
}
/**
* @dev Return the entire set in an array
*
* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
* this function has an unbounded cost, and using it as part of a state-changing function may render the function
* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
*/
function values(UintSet storage set) internal view returns (uint256[] memory) {
bytes32[] memory store = _values(set._inner);
uint256[] memory result;
/// @solidity memory-safe-assembly
assembly {
result := store
}
return result;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/ECDSA.sol)
pragma solidity ^0.8.0;
import "../Strings.sol";
/**
* @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.
*
* These functions can be used to verify that a message was signed by the holder
* of the private keys of a given address.
*/
library ECDSA {
enum RecoverError {
NoError,
InvalidSignature,
InvalidSignatureLength,
InvalidSignatureS,
InvalidSignatureV // Deprecated in v4.8
}
function _throwError(RecoverError error) private pure {
if (error == RecoverError.NoError) {
return; // no error: do nothing
} else if (error == RecoverError.InvalidSignature) {
revert("ECDSA: invalid signature");
} else if (error == RecoverError.InvalidSignatureLength) {
revert("ECDSA: invalid signature length");
} else if (error == RecoverError.InvalidSignatureS) {
revert("ECDSA: invalid signature 's' value");
}
}
/**
* @dev Returns the address that signed a hashed message (`hash`) with
* `signature` or error string. This address can then be used for verification purposes.
*
* The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:
* this function rejects them by requiring the `s` value to be in the lower
* half order, and the `v` value to be either 27 or 28.
*
* IMPORTANT: `hash` _must_ be the result of a hash operation for the
* verification to be secure: it is possible to craft signatures that
* recover to arbitrary addresses for non-hashed data. A safe way to ensure
* this is by receiving a hash of the original message (which may otherwise
* be too long), and then calling {toEthSignedMessageHash} on it.
*
* Documentation for signature generation:
* - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]
* - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]
*
* _Available since v4.3._
*/
function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError) {
if (signature.length == 65) {
bytes32 r;
bytes32 s;
uint8 v;
// ecrecover takes the signature parameters, and the only way to get them
// currently is to use assembly.
/// @solidity memory-safe-assembly
assembly {
r := mload(add(signature, 0x20))
s := mload(add(signature, 0x40))
v := byte(0, mload(add(signature, 0x60)))
}
return tryRecover(hash, v, r, s);
} else {
return (address(0), RecoverError.InvalidSignatureLength);
}
}
/**
* @dev Returns the address that signed a hashed message (`hash`) with
* `signature`. This address can then be used for verification purposes.
*
* The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:
* this function rejects them by requiring the `s` value to be in the lower
* half order, and the `v` value to be either 27 or 28.
*
* IMPORTANT: `hash` _must_ be the result of a hash operation for the
* verification to be secure: it is possible to craft signatures that
* recover to arbitrary addresses for non-hashed data. A safe way to ensure
* this is by receiving a hash of the original message (which may otherwise
* be too long), and then calling {toEthSignedMessageHash} on it.
*/
function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {
(address recovered, RecoverError error) = tryRecover(hash, signature);
_throwError(error);
return recovered;
}
/**
* @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.
*
* See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures]
*
* _Available since v4.3._
*/
function tryRecover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address, RecoverError) {
bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);
uint8 v = uint8((uint256(vs) >> 255) + 27);
return tryRecover(hash, v, r, s);
}
/**
* @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.
*
* _Available since v4.2._
*/
function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {
(address recovered, RecoverError error) = tryRecover(hash, r, vs);
_throwError(error);
return recovered;
}
/**
* @dev Overload of {ECDSA-tryRecover} that receives the `v`,
* `r` and `s` signature fields separately.
*
* _Available since v4.3._
*/
function tryRecover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address, RecoverError) {
// EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature
// unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
// the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most
// signatures from current libraries generate a unique signature with an s-value in the lower half order.
//
// If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value
// with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or
// vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept
// these malleable signatures as well.
if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
return (address(0), RecoverError.InvalidSignatureS);
}
// If the signature is valid (and not malleable), return the signer address
address signer = ecrecover(hash, v, r, s);
if (signer == address(0)) {
return (address(0), RecoverError.InvalidSignature);
}
return (signer, RecoverError.NoError);
}
/**
* @dev Overload of {ECDSA-recover} that receives the `v`,
* `r` and `s` signature fields separately.
*/
function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {
(address recovered, RecoverError error) = tryRecover(hash, v, r, s);
_throwError(error);
return recovered;
}
/**
* @dev Returns an Ethereum Signed Message, created from a `hash`. This
* produces hash corresponding to the one signed with the
* https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]
* JSON-RPC method as part of EIP-191.
*
* See {recover}.
*/
function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32 message) {
// 32 is the length in bytes of hash,
// enforced by the type signature above
/// @solidity memory-safe-assembly
assembly {
mstore(0x00, "\\x19Ethereum Signed Message:\
32")
mstore(0x1c, hash)
message := keccak256(0x00, 0x3c)
}
}
/**
* @dev Returns an Ethereum Signed Message, created from `s`. This
* produces hash corresponding to the one signed with the
* https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]
* JSON-RPC method as part of EIP-191.
*
* See {recover}.
*/
function toEthSignedMessageHash(bytes memory s) internal pure returns (bytes32) {
return keccak256(abi.encodePacked("\\x19Ethereum Signed Message:\
", Strings.toString(s.length), s));
}
/**
* @dev Returns an Ethereum Signed Typed Data, created from a
* `domainSeparator` and a `structHash`. This produces hash corresponding
* to the one signed with the
* https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`]
* JSON-RPC method as part of EIP-712.
*
* See {recover}.
*/
function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 data) {
/// @solidity memory-safe-assembly
assembly {
let ptr := mload(0x40)
mstore(ptr, "\\x19\\x01")
mstore(add(ptr, 0x02), domainSeparator)
mstore(add(ptr, 0x22), structHash)
data := keccak256(ptr, 0x42)
}
}
/**
* @dev Returns an Ethereum Signed Data with intended validator, created from a
* `validator` and `data` according to the version 0 of EIP-191.
*
* See {recover}.
*/
function toDataWithIntendedValidatorHash(address validator, bytes memory data) internal pure returns (bytes32) {
return keccak256(abi.encodePacked("\\x19\\x00", validator, data));
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/ShortStrings.sol)
pragma solidity ^0.8.8;
import "./StorageSlot.sol";
// | string | 0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA |
// | length | 0x BB |
type ShortString is bytes32;
/**
* @dev This library provides functions to convert short memory strings
* into a `ShortString` type that can be used as an immutable variable.
*
* Strings of arbitrary length can be optimized using this library if
* they are short enough (up to 31 bytes) by packing them with their
* length (1 byte) in a single EVM word (32 bytes). Additionally, a
* fallback mechanism can be used for every other case.
*
* Usage example:
*
* ```solidity
* contract Named {
* using ShortStrings for *;
*
* ShortString private immutable _name;
* string private _nameFallback;
*
* constructor(string memory contractName) {
* _name = contractName.toShortStringWithFallback(_nameFallback);
* }
*
* function name() external view returns (string memory) {
* return _name.toStringWithFallback(_nameFallback);
* }
* }
* ```
*/
library ShortStrings {
// Used as an identifier for strings longer than 31 bytes.
bytes32 private constant _FALLBACK_SENTINEL = 0x00000000000000000000000000000000000000000000000000000000000000FF;
error StringTooLong(string str);
error InvalidShortString();
/**
* @dev Encode a string of at most 31 chars into a `ShortString`.
*
* This will trigger a `StringTooLong` error is the input string is too long.
*/
function toShortString(string memory str) internal pure returns (ShortString) {
bytes memory bstr = bytes(str);
if (bstr.length > 31) {
revert StringTooLong(str);
}
return ShortString.wrap(bytes32(uint256(bytes32(bstr)) | bstr.length));
}
/**
* @dev Decode a `ShortString` back to a "normal" string.
*/
function toString(ShortString sstr) internal pure returns (string memory) {
uint256 len = byteLength(sstr);
// using `new string(len)` would work locally but is not memory safe.
string memory str = new string(32);
/// @solidity memory-safe-assembly
assembly {
mstore(str, len)
mstore(add(str, 0x20), sstr)
}
return str;
}
/**
* @dev Return the length of a `ShortString`.
*/
function byteLength(ShortString sstr) internal pure returns (uint256) {
uint256 result = uint256(ShortString.unwrap(sstr)) & 0xFF;
if (result > 31) {
revert InvalidShortString();
}
return result;
}
/**
* @dev Encode a string into a `ShortString`, or write it to storage if it is too long.
*/
function toShortStringWithFallback(string memory value, string storage store) internal returns (ShortString) {
if (bytes(value).length < 32) {
return toShortString(value);
} else {
StorageSlot.getStringSlot(store).value = value;
return ShortString.wrap(_FALLBACK_SENTINEL);
}
}
/**
* @dev Decode a string that was encoded to `ShortString` or written to storage using {setWithFallback}.
*/
function toStringWithFallback(ShortString value, string storage store) internal pure returns (string memory) {
if (ShortString.unwrap(value) != _FALLBACK_SENTINEL) {
return toString(value);
} else {
return store;
}
}
/**
* @dev Return the length of a string that was encoded to `ShortString` or written to storage using {setWithFallback}.
*
* WARNING: This will return the "byte length" of the string. This may not reflect the actual length in terms of
* actual characters as the UTF-8 encoding of a single character can span over multiple bytes.
*/
function byteLengthWithFallback(ShortString value, string storage store) internal view returns (uint256) {
if (ShortString.unwrap(value) != _FALLBACK_SENTINEL) {
return byteLength(value);
} else {
return bytes(store).length;
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (interfaces/IERC5267.sol)
pragma solidity ^0.8.0;
interface IERC5267 {
/**
* @dev MAY be emitted to signal that the domain could have changed.
*/
event EIP712DomainChanged();
/**
* @dev returns the fields and values that describe the domain separator used by this contract for EIP-712
* signature.
*/
function eip712Domain()
external
view
returns (
bytes1 fields,
string memory name,
string memory version,
uint256 chainId,
address verifyingContract,
bytes32 salt,
uint256[] memory extensions
);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/Strings.sol)
pragma solidity ^0.8.0;
import "./math/Math.sol";
import "./math/SignedMath.sol";
/**
* @dev String operations.
*/
library Strings {
bytes16 private constant _SYMBOLS = "0123456789abcdef";
uint8 private constant _ADDRESS_LENGTH = 20;
/**
* @dev Converts a `uint256` to its ASCII `string` decimal representation.
*/
function toString(uint256 value) internal pure returns (string memory) {
unchecked {
uint256 length = Math.log10(value) + 1;
string memory buffer = new string(length);
uint256 ptr;
/// @solidity memory-safe-assembly
assembly {
ptr := add(buffer, add(32, length))
}
while (true) {
ptr--;
/// @solidity memory-safe-assembly
assembly {
mstore8(ptr, byte(mod(value, 10), _SYMBOLS))
}
value /= 10;
if (value == 0) break;
}
return buffer;
}
}
/**
* @dev Converts a `int256` to its ASCII `string` decimal representation.
*/
function toString(int256 value) internal pure returns (string memory) {
return string(abi.encodePacked(value < 0 ? "-" : "", toString(SignedMath.abs(value))));
}
/**
* @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.
*/
function toHexString(uint256 value) internal pure returns (string memory) {
unchecked {
return toHexString(value, Math.log256(value) + 1);
}
}
/**
* @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.
*/
function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {
bytes memory buffer = new bytes(2 * length + 2);
buffer[0] = "0";
buffer[1] = "x";
for (uint256 i = 2 * length + 1; i > 1; --i) {
buffer[i] = _SYMBOLS[value & 0xf];
value >>= 4;
}
require(value == 0, "Strings: hex length insufficient");
return string(buffer);
}
/**
* @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation.
*/
function toHexString(address addr) internal pure returns (string memory) {
return toHexString(uint256(uint160(addr)), _ADDRESS_LENGTH);
}
/**
* @dev Returns true if the two strings are equal.
*/
function equal(string memory a, string memory b) internal pure returns (bool) {
return keccak256(bytes(a)) == keccak256(bytes(b));
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/StorageSlot.sol)
// This file was procedurally generated from scripts/generate/templates/StorageSlot.js.
pragma solidity ^0.8.0;
/**
* @dev Library for reading and writing primitive types to specific storage slots.
*
* Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.
* This library helps with reading and writing to such slots without the need for inline assembly.
*
* The functions in this library return Slot structs that contain a `value` member that can be used to read or write.
*
* Example usage to set ERC1967 implementation slot:
* ```solidity
* contract ERC1967 {
* bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
*
* function _getImplementation() internal view returns (address) {
* return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
* }
*
* function _setImplementation(address newImplementation) internal {
* require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract");
* StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
* }
* }
* ```
*
* _Available since v4.1 for `address`, `bool`, `bytes32`, `uint256`._
* _Available since v4.9 for `string`, `bytes`._
*/
library StorageSlot {
struct AddressSlot {
address value;
}
struct BooleanSlot {
bool value;
}
struct Bytes32Slot {
bytes32 value;
}
struct Uint256Slot {
uint256 value;
}
struct StringSlot {
string value;
}
struct BytesSlot {
bytes value;
}
/**
* @dev Returns an `AddressSlot` with member `value` located at `slot`.
*/
function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `BooleanSlot` with member `value` located at `slot`.
*/
function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Bytes32Slot` with member `value` located at `slot`.
*/
function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Uint256Slot` with member `value` located at `slot`.
*/
function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `StringSlot` with member `value` located at `slot`.
*/
function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `StringSlot` representation of the string storage pointer `store`.
*/
function getStringSlot(string storage store) internal pure returns (StringSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := store.slot
}
}
/**
* @dev Returns an `BytesSlot` with member `value` located at `slot`.
*/
function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`.
*/
function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := store.slot
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/math/Math.sol)
pragma solidity ^0.8.0;
/**
* @dev Standard math utilities missing in the Solidity language.
*/
library Math {
enum Rounding {
Down, // Toward negative infinity
Up, // Toward infinity
Zero // Toward zero
}
/**
* @dev Returns the largest of two numbers.
*/
function max(uint256 a, uint256 b) internal pure returns (uint256) {
return a > b ? a : b;
}
/**
* @dev Returns the smallest of two numbers.
*/
function min(uint256 a, uint256 b) internal pure returns (uint256) {
return a < b ? a : b;
}
/**
* @dev Returns the average of two numbers. The result is rounded towards
* zero.
*/
function average(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b) / 2 can overflow.
return (a & b) + (a ^ b) / 2;
}
/**
* @dev Returns the ceiling of the division of two numbers.
*
* This differs from standard division with `/` in that it rounds up instead
* of rounding down.
*/
function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b - 1) / b can overflow on addition, so we distribute.
return a == 0 ? 0 : (a - 1) / b + 1;
}
/**
* @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or denominator == 0
* @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv)
* with further edits by Uniswap Labs also under MIT license.
*/
function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {
unchecked {
// 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use
// use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256
// variables such that product = prod1 * 2^256 + prod0.
uint256 prod0; // Least significant 256 bits of the product
uint256 prod1; // Most significant 256 bits of the product
assembly {
let mm := mulmod(x, y, not(0))
prod0 := mul(x, y)
prod1 := sub(sub(mm, prod0), lt(mm, prod0))
}
// Handle non-overflow cases, 256 by 256 division.
if (prod1 == 0) {
// Solidity will revert if denominator == 0, unlike the div opcode on its own.
// The surrounding unchecked block does not change this fact.
// See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.
return prod0 / denominator;
}
// Make sure the result is less than 2^256. Also prevents denominator == 0.
require(denominator > prod1, "Math: mulDiv overflow");
///////////////////////////////////////////////
// 512 by 256 division.
///////////////////////////////////////////////
// Make division exact by subtracting the remainder from [prod1 prod0].
uint256 remainder;
assembly {
// Compute remainder using mulmod.
remainder := mulmod(x, y, denominator)
// Subtract 256 bit number from 512 bit number.
prod1 := sub(prod1, gt(remainder, prod0))
prod0 := sub(prod0, remainder)
}
// Factor powers of two out of denominator and compute largest power of two divisor of denominator. Always >= 1.
// See https://cs.stackexchange.com/q/138556/92363.
// Does not overflow because the denominator cannot be zero at this stage in the function.
uint256 twos = denominator & (~denominator + 1);
assembly {
// Divide denominator by twos.
denominator := div(denominator, twos)
// Divide [prod1 prod0] by twos.
prod0 := div(prod0, twos)
// Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.
twos := add(div(sub(0, twos), twos), 1)
}
// Shift in bits from prod1 into prod0.
prod0 |= prod1 * twos;
// Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such
// that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for
// four bits. That is, denominator * inv = 1 mod 2^4.
uint256 inverse = (3 * denominator) ^ 2;
// Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also works
// in modular arithmetic, doubling the correct bits in each step.
inverse *= 2 - denominator * inverse; // inverse mod 2^8
inverse *= 2 - denominator * inverse; // inverse mod 2^16
inverse *= 2 - denominator * inverse; // inverse mod 2^32
inverse *= 2 - denominator * inverse; // inverse mod 2^64
inverse *= 2 - denominator * inverse; // inverse mod 2^128
inverse *= 2 - denominator * inverse; // inverse mod 2^256
// Because the division is now exact we can divide by multiplying with the modular inverse of denominator.
// This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is
// less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1
// is no longer required.
result = prod0 * inverse;
return result;
}
}
/**
* @notice Calculates x * y / denominator with full precision, following the selected rounding direction.
*/
function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {
uint256 result = mulDiv(x, y, denominator);
if (rounding == Rounding.Up && mulmod(x, y, denominator) > 0) {
result += 1;
}
return result;
}
/**
* @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded down.
*
* Inspired by Henry S. Warren, Jr.'s "Hacker's Delight" (Chapter 11).
*/
function sqrt(uint256 a) internal pure returns (uint256) {
if (a == 0) {
return 0;
}
// For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.
//
// We know that the "msb" (most significant bit) of our target number `a` is a power of 2 such that we have
// `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.
//
// This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`
// → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`
// → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`
//
// Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.
uint256 result = 1 << (log2(a) >> 1);
// At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,
// since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at
// every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision
// into the expected uint128 result.
unchecked {
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
return min(result, a / result);
}
}
/**
* @notice Calculates sqrt(a), following the selected rounding direction.
*/
function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = sqrt(a);
return result + (rounding == Rounding.Up && result * result < a ? 1 : 0);
}
}
/**
* @dev Return the log in base 2, rounded down, of a positive value.
* Returns 0 if given 0.
*/
function log2(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >> 128 > 0) {
value >>= 128;
result += 128;
}
if (value >> 64 > 0) {
value >>= 64;
result += 64;
}
if (value >> 32 > 0) {
value >>= 32;
result += 32;
}
if (value >> 16 > 0) {
value >>= 16;
result += 16;
}
if (value >> 8 > 0) {
value >>= 8;
result += 8;
}
if (value >> 4 > 0) {
value >>= 4;
result += 4;
}
if (value >> 2 > 0) {
value >>= 2;
result += 2;
}
if (value >> 1 > 0) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 2, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log2(value);
return result + (rounding == Rounding.Up && 1 << result < value ? 1 : 0);
}
}
/**
* @dev Return the log in base 10, rounded down, of a positive value.
* Returns 0 if given 0.
*/
function log10(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >= 10 ** 64) {
value /= 10 ** 64;
result += 64;
}
if (value >= 10 ** 32) {
value /= 10 ** 32;
result += 32;
}
if (value >= 10 ** 16) {
value /= 10 ** 16;
result += 16;
}
if (value >= 10 ** 8) {
value /= 10 ** 8;
result += 8;
}
if (value >= 10 ** 4) {
value /= 10 ** 4;
result += 4;
}
if (value >= 10 ** 2) {
value /= 10 ** 2;
result += 2;
}
if (value >= 10 ** 1) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 10, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log10(value);
return result + (rounding == Rounding.Up && 10 ** result < value ? 1 : 0);
}
}
/**
* @dev Return the log in base 256, rounded down, of a positive value.
* Returns 0 if given 0.
*
* Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.
*/
function log256(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >> 128 > 0) {
value >>= 128;
result += 16;
}
if (value >> 64 > 0) {
value >>= 64;
result += 8;
}
if (value >> 32 > 0) {
value >>= 32;
result += 4;
}
if (value >> 16 > 0) {
value >>= 16;
result += 2;
}
if (value >> 8 > 0) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 256, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log256(value);
return result + (rounding == Rounding.Up && 1 << (result << 3) < value ? 1 : 0);
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (utils/math/SignedMath.sol)
pragma solidity ^0.8.0;
/**
* @dev Standard signed math utilities missing in the Solidity language.
*/
library SignedMath {
/**
* @dev Returns the largest of two signed numbers.
*/
function max(int256 a, int256 b) internal pure returns (int256) {
return a > b ? a : b;
}
/**
* @dev Returns the smallest of two signed numbers.
*/
function min(int256 a, int256 b) internal pure returns (int256) {
return a < b ? a : b;
}
/**
* @dev Returns the average of two signed numbers without overflow.
* The result is rounded towards zero.
*/
function average(int256 a, int256 b) internal pure returns (int256) {
// Formula from the book "Hacker's Delight"
int256 x = (a & b) + ((a ^ b) >> 1);
return x + (int256(uint256(x) >> 255) & (a ^ b));
}
/**
* @dev Returns the absolute unsigned value of a signed value.
*/
function abs(int256 n) internal pure returns (uint256) {
unchecked {
// must be unchecked in order to support `n = type(int256).min`
return uint256(n >= 0 ? n : -n);
}
}
}
File 3 of 6: FunMint
// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.19;
import {Ownable} from "openzeppelin/access/Ownable.sol";
import {ERC721A} from "ERC721A/ERC721A.sol";
import {IERC721} from "openzeppelin/token/ERC721/IERC721.sol";
import {IERC721Metadata} from "openzeppelin/token/ERC721/extensions/IERC721Metadata.sol";
import {IERC165} from "openzeppelin/utils/introspection/IERC165.sol";
import {MerkleProofLib} from "solmate/utils/MerkleProofLib.sol";
import "./IERC4906.sol";
import "./IMetadataRenderer.sol";
contract FunMint is ERC721A, IERC4906, Ownable {
address public metadataRenderer;
address public metadataUpdater;
mapping(uint256 => bool) public mintedSpecialByTokenId;
uint256 public mintEnd;
bytes32 merkleRoot;
bytes32 merkleRootSpecial;
// Refund constants
uint256 public constant REFUND_BASE_GAS = 30_000;
uint256 public constant MAX_REFUND_GAS_USED = 200_000;
uint256 public constant MAX_REFUND_BASE_FEE = 200 gwei;
uint256 public constant MAX_REFUND_PRIORITY_FEE = 2 gwei;
bool private _initialized;
string private _name;
string private _symbol;
error InvalidTokenId();
error InvalidProof();
error MerkleRootNotSet();
error MintClosed();
error MintedAlready();
error OnlyOwnerOrMetadataUpdater();
constructor() ERC721A("", "") {}
receive() external payable {}
function init(string memory name_, string memory symbol_, address owner) public onlyOwner {
if (_initialized) revert("Already initialized");
_initialized = true;
_name = name_;
_symbol = symbol_;
transferOwnership(owner);
}
function _packAux(bool mintedNormal, bool mintedSpecial) internal pure returns (uint64) {
uint64 result = 0;
result = (result << 1) | (mintedNormal ? 1 : 0);
result = (result << 1) | (mintedSpecial ? 1 : 0);
return result;
}
function _unpackAux(uint64 packedData) internal pure returns (bool mintedNormal, bool mintedSpecial) {
mintedSpecial = (packedData & 1) != 0;
mintedNormal = ((packedData >> 1) & 1) != 0;
}
function mint(bytes32[] calldata _proof) public refundsGas {
if (block.timestamp > mintEnd) revert MintClosed();
(bool mintedNormal, bool mintedSpecial) = _unpackAux(_getAux(msg.sender));
if (mintedNormal) revert MintedAlready();
bool isValid = MerkleProofLib.verify(_proof, merkleRoot, keccak256(abi.encodePacked(msg.sender)));
if (!isValid) revert InvalidProof();
// Perform all state changes before refunding gas to prevent reentrancy
_mint(msg.sender, 1);
_setAux(msg.sender, _packAux(true, mintedSpecial));
}
function mintSpecial(bytes32[] calldata _proof) public refundsGas {
if (block.timestamp > mintEnd) revert MintClosed();
(bool mintedNormal, bool mintedSpecial) = _unpackAux(_getAux(msg.sender));
if (mintedSpecial) revert MintedAlready();
bool isValid = MerkleProofLib.verify(_proof, merkleRootSpecial, keccak256(abi.encodePacked(msg.sender)));
if (!isValid) revert InvalidProof();
// Perform all state changes before refunding gas to prevent reentrancy
mintedSpecialByTokenId[_nextTokenId()] = true;
_mint(msg.sender, 1);
_setAux(msg.sender, _packAux(mintedNormal, true));
}
modifier refundsGas() {
uint256 startGas = gasleft();
_;
_refundGas(startGas);
}
// slightly modified from https://github.com/nounsDAO/nouns-monorepo/blob/10bb478328bdb5f4c5efffed9a8c5186f9fe974a/packages/nouns-contracts/contracts/governance/NounsDAOLogicV2.sol#LL1033C2-L1048C21
function _refundGas(uint256 startGas) internal {
unchecked {
uint256 balance = address(this).balance;
if (balance == 0) {
return;
}
uint256 basefee = _min(block.basefee, MAX_REFUND_BASE_FEE);
uint256 gasPrice = _min(tx.gasprice, basefee + MAX_REFUND_PRIORITY_FEE);
uint256 gasUsed = _min(startGas - gasleft() + REFUND_BASE_GAS, MAX_REFUND_GAS_USED);
uint256 refundAmount = _min(gasPrice * gasUsed, balance);
tx.origin.call{value: refundAmount}("");
}
}
function _startTokenId() internal pure override returns (uint256) {
return 1;
}
function _min(uint256 a, uint256 b) internal pure returns (uint256) {
return a < b ? a : b;
}
function tokenURI(uint256 id) public view override returns (string memory) {
if (ownerOf(id) == address(0)) revert InvalidTokenId();
return IMetadataRenderer(metadataRenderer).tokenURI(id);
}
function name() public view virtual override returns (string memory) {
return _name;
}
function symbol() public view virtual override returns (string memory) {
return _symbol;
}
// Admin functions
function refreshMetadata() public {
if (msg.sender != metadataUpdater && msg.sender != owner()) {
revert OnlyOwnerOrMetadataUpdater();
}
emit BatchMetadataUpdate(_startTokenId(), _nextTokenId() - 1);
}
function setMetadataRenderer(address _metadataRenderer) public onlyOwner {
metadataRenderer = _metadataRenderer;
refreshMetadata();
}
function setMetadataUpdater(address _metadataUpdater) public onlyOwner {
metadataUpdater = _metadataUpdater;
}
function setMerkleRoots(bytes32 regular, bytes32 special) public onlyOwner {
if (regular == bytes32(0) || special == bytes32(0)) {
revert MerkleRootNotSet();
}
merkleRoot = regular;
merkleRootSpecial = special;
}
function setMintEnd(uint256 _mintEnd) public onlyOwner {
if (_mintEnd > 0 && (merkleRoot == bytes32(0) || merkleRootSpecial == bytes32(0))) {
revert MerkleRootNotSet();
}
mintEnd = _mintEnd;
}
function withdraw() public onlyOwner {
payable(owner()).call{value: address(this).balance}("");
}
function supportsInterface(bytes4 interfaceId) public pure virtual override returns (bool) {
return interfaceId == type(IERC165).interfaceId || interfaceId == type(IERC721).interfaceId
|| interfaceId == type(IERC4906).interfaceId || interfaceId == type(IERC721Metadata).interfaceId;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (access/Ownable.sol)
pragma solidity ^0.8.0;
import "../utils/Context.sol";
/**
* @dev Contract module which provides a basic access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* By default, the owner account will be the one that deploys the contract. This
* can later be changed with {transferOwnership}.
*
* This module is used through inheritance. It will make available the modifier
* `onlyOwner`, which can be applied to your functions to restrict their use to
* the owner.
*/
abstract contract Ownable is Context {
address private _owner;
event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
/**
* @dev Initializes the contract setting the deployer as the initial owner.
*/
constructor() {
_transferOwnership(_msgSender());
}
/**
* @dev Throws if called by any account other than the owner.
*/
modifier onlyOwner() {
_checkOwner();
_;
}
/**
* @dev Returns the address of the current owner.
*/
function owner() public view virtual returns (address) {
return _owner;
}
/**
* @dev Throws if the sender is not the owner.
*/
function _checkOwner() internal view virtual {
require(owner() == _msgSender(), "Ownable: caller is not the owner");
}
/**
* @dev Leaves the contract without owner. It will not be possible to call
* `onlyOwner` functions anymore. Can only be called by the current owner.
*
* NOTE: Renouncing ownership will leave the contract without an owner,
* thereby removing any functionality that is only available to the owner.
*/
function renounceOwnership() public virtual onlyOwner {
_transferOwnership(address(0));
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Can only be called by the current owner.
*/
function transferOwnership(address newOwner) public virtual onlyOwner {
require(newOwner != address(0), "Ownable: new owner is the zero address");
_transferOwnership(newOwner);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Internal function without access restriction.
*/
function _transferOwnership(address newOwner) internal virtual {
address oldOwner = _owner;
_owner = newOwner;
emit OwnershipTransferred(oldOwner, newOwner);
}
}
// SPDX-License-Identifier: MIT
// ERC721A Contracts v4.2.3
// Creator: Chiru Labs
pragma solidity ^0.8.4;
import './IERC721A.sol';
/**
* @dev Interface of ERC721 token receiver.
*/
interface ERC721A__IERC721Receiver {
function onERC721Received(
address operator,
address from,
uint256 tokenId,
bytes calldata data
) external returns (bytes4);
}
/**
* @title ERC721A
*
* @dev Implementation of the [ERC721](https://eips.ethereum.org/EIPS/eip-721)
* Non-Fungible Token Standard, including the Metadata extension.
* Optimized for lower gas during batch mints.
*
* Token IDs are minted in sequential order (e.g. 0, 1, 2, 3, ...)
* starting from `_startTokenId()`.
*
* Assumptions:
*
* - An owner cannot have more than 2**64 - 1 (max value of uint64) of supply.
* - The maximum token ID cannot exceed 2**256 - 1 (max value of uint256).
*/
contract ERC721A is IERC721A {
// Bypass for a `--via-ir` bug (https://github.com/chiru-labs/ERC721A/pull/364).
struct TokenApprovalRef {
address value;
}
// =============================================================
// CONSTANTS
// =============================================================
// Mask of an entry in packed address data.
uint256 private constant _BITMASK_ADDRESS_DATA_ENTRY = (1 << 64) - 1;
// The bit position of `numberMinted` in packed address data.
uint256 private constant _BITPOS_NUMBER_MINTED = 64;
// The bit position of `numberBurned` in packed address data.
uint256 private constant _BITPOS_NUMBER_BURNED = 128;
// The bit position of `aux` in packed address data.
uint256 private constant _BITPOS_AUX = 192;
// Mask of all 256 bits in packed address data except the 64 bits for `aux`.
uint256 private constant _BITMASK_AUX_COMPLEMENT = (1 << 192) - 1;
// The bit position of `startTimestamp` in packed ownership.
uint256 private constant _BITPOS_START_TIMESTAMP = 160;
// The bit mask of the `burned` bit in packed ownership.
uint256 private constant _BITMASK_BURNED = 1 << 224;
// The bit position of the `nextInitialized` bit in packed ownership.
uint256 private constant _BITPOS_NEXT_INITIALIZED = 225;
// The bit mask of the `nextInitialized` bit in packed ownership.
uint256 private constant _BITMASK_NEXT_INITIALIZED = 1 << 225;
// The bit position of `extraData` in packed ownership.
uint256 private constant _BITPOS_EXTRA_DATA = 232;
// Mask of all 256 bits in a packed ownership except the 24 bits for `extraData`.
uint256 private constant _BITMASK_EXTRA_DATA_COMPLEMENT = (1 << 232) - 1;
// The mask of the lower 160 bits for addresses.
uint256 private constant _BITMASK_ADDRESS = (1 << 160) - 1;
// The maximum `quantity` that can be minted with {_mintERC2309}.
// This limit is to prevent overflows on the address data entries.
// For a limit of 5000, a total of 3.689e15 calls to {_mintERC2309}
// is required to cause an overflow, which is unrealistic.
uint256 private constant _MAX_MINT_ERC2309_QUANTITY_LIMIT = 5000;
// The `Transfer` event signature is given by:
// `keccak256(bytes("Transfer(address,address,uint256)"))`.
bytes32 private constant _TRANSFER_EVENT_SIGNATURE =
0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef;
// =============================================================
// STORAGE
// =============================================================
// The next token ID to be minted.
uint256 private _currentIndex;
// The number of tokens burned.
uint256 private _burnCounter;
// Token name
string private _name;
// Token symbol
string private _symbol;
// Mapping from token ID to ownership details
// An empty struct value does not necessarily mean the token is unowned.
// See {_packedOwnershipOf} implementation for details.
//
// Bits Layout:
// - [0..159] `addr`
// - [160..223] `startTimestamp`
// - [224] `burned`
// - [225] `nextInitialized`
// - [232..255] `extraData`
mapping(uint256 => uint256) private _packedOwnerships;
// Mapping owner address to address data.
//
// Bits Layout:
// - [0..63] `balance`
// - [64..127] `numberMinted`
// - [128..191] `numberBurned`
// - [192..255] `aux`
mapping(address => uint256) private _packedAddressData;
// Mapping from token ID to approved address.
mapping(uint256 => TokenApprovalRef) private _tokenApprovals;
// Mapping from owner to operator approvals
mapping(address => mapping(address => bool)) private _operatorApprovals;
// =============================================================
// CONSTRUCTOR
// =============================================================
constructor(string memory name_, string memory symbol_) {
_name = name_;
_symbol = symbol_;
_currentIndex = _startTokenId();
}
// =============================================================
// TOKEN COUNTING OPERATIONS
// =============================================================
/**
* @dev Returns the starting token ID.
* To change the starting token ID, please override this function.
*/
function _startTokenId() internal view virtual returns (uint256) {
return 0;
}
/**
* @dev Returns the next token ID to be minted.
*/
function _nextTokenId() internal view virtual returns (uint256) {
return _currentIndex;
}
/**
* @dev Returns the total number of tokens in existence.
* Burned tokens will reduce the count.
* To get the total number of tokens minted, please see {_totalMinted}.
*/
function totalSupply() public view virtual override returns (uint256) {
// Counter underflow is impossible as _burnCounter cannot be incremented
// more than `_currentIndex - _startTokenId()` times.
unchecked {
return _currentIndex - _burnCounter - _startTokenId();
}
}
/**
* @dev Returns the total amount of tokens minted in the contract.
*/
function _totalMinted() internal view virtual returns (uint256) {
// Counter underflow is impossible as `_currentIndex` does not decrement,
// and it is initialized to `_startTokenId()`.
unchecked {
return _currentIndex - _startTokenId();
}
}
/**
* @dev Returns the total number of tokens burned.
*/
function _totalBurned() internal view virtual returns (uint256) {
return _burnCounter;
}
// =============================================================
// ADDRESS DATA OPERATIONS
// =============================================================
/**
* @dev Returns the number of tokens in `owner`'s account.
*/
function balanceOf(address owner) public view virtual override returns (uint256) {
if (owner == address(0)) revert BalanceQueryForZeroAddress();
return _packedAddressData[owner] & _BITMASK_ADDRESS_DATA_ENTRY;
}
/**
* Returns the number of tokens minted by `owner`.
*/
function _numberMinted(address owner) internal view returns (uint256) {
return (_packedAddressData[owner] >> _BITPOS_NUMBER_MINTED) & _BITMASK_ADDRESS_DATA_ENTRY;
}
/**
* Returns the number of tokens burned by or on behalf of `owner`.
*/
function _numberBurned(address owner) internal view returns (uint256) {
return (_packedAddressData[owner] >> _BITPOS_NUMBER_BURNED) & _BITMASK_ADDRESS_DATA_ENTRY;
}
/**
* Returns the auxiliary data for `owner`. (e.g. number of whitelist mint slots used).
*/
function _getAux(address owner) internal view returns (uint64) {
return uint64(_packedAddressData[owner] >> _BITPOS_AUX);
}
/**
* Sets the auxiliary data for `owner`. (e.g. number of whitelist mint slots used).
* If there are multiple variables, please pack them into a uint64.
*/
function _setAux(address owner, uint64 aux) internal virtual {
uint256 packed = _packedAddressData[owner];
uint256 auxCasted;
// Cast `aux` with assembly to avoid redundant masking.
assembly {
auxCasted := aux
}
packed = (packed & _BITMASK_AUX_COMPLEMENT) | (auxCasted << _BITPOS_AUX);
_packedAddressData[owner] = packed;
}
// =============================================================
// IERC165
// =============================================================
/**
* @dev Returns true if this contract implements the interface defined by
* `interfaceId`. See the corresponding
* [EIP section](https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified)
* to learn more about how these ids are created.
*
* This function call must use less than 30000 gas.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
// The interface IDs are constants representing the first 4 bytes
// of the XOR of all function selectors in the interface.
// See: [ERC165](https://eips.ethereum.org/EIPS/eip-165)
// (e.g. `bytes4(i.functionA.selector ^ i.functionB.selector ^ ...)`)
return
interfaceId == 0x01ffc9a7 || // ERC165 interface ID for ERC165.
interfaceId == 0x80ac58cd || // ERC165 interface ID for ERC721.
interfaceId == 0x5b5e139f; // ERC165 interface ID for ERC721Metadata.
}
// =============================================================
// IERC721Metadata
// =============================================================
/**
* @dev Returns the token collection name.
*/
function name() public view virtual override returns (string memory) {
return _name;
}
/**
* @dev Returns the token collection symbol.
*/
function symbol() public view virtual override returns (string memory) {
return _symbol;
}
/**
* @dev Returns the Uniform Resource Identifier (URI) for `tokenId` token.
*/
function tokenURI(uint256 tokenId) public view virtual override returns (string memory) {
if (!_exists(tokenId)) revert URIQueryForNonexistentToken();
string memory baseURI = _baseURI();
return bytes(baseURI).length != 0 ? string(abi.encodePacked(baseURI, _toString(tokenId))) : '';
}
/**
* @dev Base URI for computing {tokenURI}. If set, the resulting URI for each
* token will be the concatenation of the `baseURI` and the `tokenId`. Empty
* by default, it can be overridden in child contracts.
*/
function _baseURI() internal view virtual returns (string memory) {
return '';
}
// =============================================================
// OWNERSHIPS OPERATIONS
// =============================================================
/**
* @dev Returns the owner of the `tokenId` token.
*
* Requirements:
*
* - `tokenId` must exist.
*/
function ownerOf(uint256 tokenId) public view virtual override returns (address) {
return address(uint160(_packedOwnershipOf(tokenId)));
}
/**
* @dev Gas spent here starts off proportional to the maximum mint batch size.
* It gradually moves to O(1) as tokens get transferred around over time.
*/
function _ownershipOf(uint256 tokenId) internal view virtual returns (TokenOwnership memory) {
return _unpackedOwnership(_packedOwnershipOf(tokenId));
}
/**
* @dev Returns the unpacked `TokenOwnership` struct at `index`.
*/
function _ownershipAt(uint256 index) internal view virtual returns (TokenOwnership memory) {
return _unpackedOwnership(_packedOwnerships[index]);
}
/**
* @dev Initializes the ownership slot minted at `index` for efficiency purposes.
*/
function _initializeOwnershipAt(uint256 index) internal virtual {
if (_packedOwnerships[index] == 0) {
_packedOwnerships[index] = _packedOwnershipOf(index);
}
}
/**
* Returns the packed ownership data of `tokenId`.
*/
function _packedOwnershipOf(uint256 tokenId) private view returns (uint256) {
uint256 curr = tokenId;
unchecked {
if (_startTokenId() <= curr)
if (curr < _currentIndex) {
uint256 packed = _packedOwnerships[curr];
// If not burned.
if (packed & _BITMASK_BURNED == 0) {
// Invariant:
// There will always be an initialized ownership slot
// (i.e. `ownership.addr != address(0) && ownership.burned == false`)
// before an unintialized ownership slot
// (i.e. `ownership.addr == address(0) && ownership.burned == false`)
// Hence, `curr` will not underflow.
//
// We can directly compare the packed value.
// If the address is zero, packed will be zero.
while (packed == 0) {
packed = _packedOwnerships[--curr];
}
return packed;
}
}
}
revert OwnerQueryForNonexistentToken();
}
/**
* @dev Returns the unpacked `TokenOwnership` struct from `packed`.
*/
function _unpackedOwnership(uint256 packed) private pure returns (TokenOwnership memory ownership) {
ownership.addr = address(uint160(packed));
ownership.startTimestamp = uint64(packed >> _BITPOS_START_TIMESTAMP);
ownership.burned = packed & _BITMASK_BURNED != 0;
ownership.extraData = uint24(packed >> _BITPOS_EXTRA_DATA);
}
/**
* @dev Packs ownership data into a single uint256.
*/
function _packOwnershipData(address owner, uint256 flags) private view returns (uint256 result) {
assembly {
// Mask `owner` to the lower 160 bits, in case the upper bits somehow aren't clean.
owner := and(owner, _BITMASK_ADDRESS)
// `owner | (block.timestamp << _BITPOS_START_TIMESTAMP) | flags`.
result := or(owner, or(shl(_BITPOS_START_TIMESTAMP, timestamp()), flags))
}
}
/**
* @dev Returns the `nextInitialized` flag set if `quantity` equals 1.
*/
function _nextInitializedFlag(uint256 quantity) private pure returns (uint256 result) {
// For branchless setting of the `nextInitialized` flag.
assembly {
// `(quantity == 1) << _BITPOS_NEXT_INITIALIZED`.
result := shl(_BITPOS_NEXT_INITIALIZED, eq(quantity, 1))
}
}
// =============================================================
// APPROVAL OPERATIONS
// =============================================================
/**
* @dev Gives permission to `to` to transfer `tokenId` token to another account.
* The approval is cleared when the token is transferred.
*
* Only a single account can be approved at a time, so approving the
* zero address clears previous approvals.
*
* Requirements:
*
* - The caller must own the token or be an approved operator.
* - `tokenId` must exist.
*
* Emits an {Approval} event.
*/
function approve(address to, uint256 tokenId) public payable virtual override {
address owner = ownerOf(tokenId);
if (_msgSenderERC721A() != owner)
if (!isApprovedForAll(owner, _msgSenderERC721A())) {
revert ApprovalCallerNotOwnerNorApproved();
}
_tokenApprovals[tokenId].value = to;
emit Approval(owner, to, tokenId);
}
/**
* @dev Returns the account approved for `tokenId` token.
*
* Requirements:
*
* - `tokenId` must exist.
*/
function getApproved(uint256 tokenId) public view virtual override returns (address) {
if (!_exists(tokenId)) revert ApprovalQueryForNonexistentToken();
return _tokenApprovals[tokenId].value;
}
/**
* @dev Approve or remove `operator` as an operator for the caller.
* Operators can call {transferFrom} or {safeTransferFrom}
* for any token owned by the caller.
*
* Requirements:
*
* - The `operator` cannot be the caller.
*
* Emits an {ApprovalForAll} event.
*/
function setApprovalForAll(address operator, bool approved) public virtual override {
_operatorApprovals[_msgSenderERC721A()][operator] = approved;
emit ApprovalForAll(_msgSenderERC721A(), operator, approved);
}
/**
* @dev Returns if the `operator` is allowed to manage all of the assets of `owner`.
*
* See {setApprovalForAll}.
*/
function isApprovedForAll(address owner, address operator) public view virtual override returns (bool) {
return _operatorApprovals[owner][operator];
}
/**
* @dev Returns whether `tokenId` exists.
*
* Tokens can be managed by their owner or approved accounts via {approve} or {setApprovalForAll}.
*
* Tokens start existing when they are minted. See {_mint}.
*/
function _exists(uint256 tokenId) internal view virtual returns (bool) {
return
_startTokenId() <= tokenId &&
tokenId < _currentIndex && // If within bounds,
_packedOwnerships[tokenId] & _BITMASK_BURNED == 0; // and not burned.
}
/**
* @dev Returns whether `msgSender` is equal to `approvedAddress` or `owner`.
*/
function _isSenderApprovedOrOwner(
address approvedAddress,
address owner,
address msgSender
) private pure returns (bool result) {
assembly {
// Mask `owner` to the lower 160 bits, in case the upper bits somehow aren't clean.
owner := and(owner, _BITMASK_ADDRESS)
// Mask `msgSender` to the lower 160 bits, in case the upper bits somehow aren't clean.
msgSender := and(msgSender, _BITMASK_ADDRESS)
// `msgSender == owner || msgSender == approvedAddress`.
result := or(eq(msgSender, owner), eq(msgSender, approvedAddress))
}
}
/**
* @dev Returns the storage slot and value for the approved address of `tokenId`.
*/
function _getApprovedSlotAndAddress(uint256 tokenId)
private
view
returns (uint256 approvedAddressSlot, address approvedAddress)
{
TokenApprovalRef storage tokenApproval = _tokenApprovals[tokenId];
// The following is equivalent to `approvedAddress = _tokenApprovals[tokenId].value`.
assembly {
approvedAddressSlot := tokenApproval.slot
approvedAddress := sload(approvedAddressSlot)
}
}
// =============================================================
// TRANSFER OPERATIONS
// =============================================================
/**
* @dev Transfers `tokenId` from `from` to `to`.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must be owned by `from`.
* - If the caller is not `from`, it must be approved to move this token
* by either {approve} or {setApprovalForAll}.
*
* Emits a {Transfer} event.
*/
function transferFrom(
address from,
address to,
uint256 tokenId
) public payable virtual override {
uint256 prevOwnershipPacked = _packedOwnershipOf(tokenId);
if (address(uint160(prevOwnershipPacked)) != from) revert TransferFromIncorrectOwner();
(uint256 approvedAddressSlot, address approvedAddress) = _getApprovedSlotAndAddress(tokenId);
// The nested ifs save around 20+ gas over a compound boolean condition.
if (!_isSenderApprovedOrOwner(approvedAddress, from, _msgSenderERC721A()))
if (!isApprovedForAll(from, _msgSenderERC721A())) revert TransferCallerNotOwnerNorApproved();
if (to == address(0)) revert TransferToZeroAddress();
_beforeTokenTransfers(from, to, tokenId, 1);
// Clear approvals from the previous owner.
assembly {
if approvedAddress {
// This is equivalent to `delete _tokenApprovals[tokenId]`.
sstore(approvedAddressSlot, 0)
}
}
// Underflow of the sender's balance is impossible because we check for
// ownership above and the recipient's balance can't realistically overflow.
// Counter overflow is incredibly unrealistic as `tokenId` would have to be 2**256.
unchecked {
// We can directly increment and decrement the balances.
--_packedAddressData[from]; // Updates: `balance -= 1`.
++_packedAddressData[to]; // Updates: `balance += 1`.
// Updates:
// - `address` to the next owner.
// - `startTimestamp` to the timestamp of transfering.
// - `burned` to `false`.
// - `nextInitialized` to `true`.
_packedOwnerships[tokenId] = _packOwnershipData(
to,
_BITMASK_NEXT_INITIALIZED | _nextExtraData(from, to, prevOwnershipPacked)
);
// If the next slot may not have been initialized (i.e. `nextInitialized == false`) .
if (prevOwnershipPacked & _BITMASK_NEXT_INITIALIZED == 0) {
uint256 nextTokenId = tokenId + 1;
// If the next slot's address is zero and not burned (i.e. packed value is zero).
if (_packedOwnerships[nextTokenId] == 0) {
// If the next slot is within bounds.
if (nextTokenId != _currentIndex) {
// Initialize the next slot to maintain correctness for `ownerOf(tokenId + 1)`.
_packedOwnerships[nextTokenId] = prevOwnershipPacked;
}
}
}
}
emit Transfer(from, to, tokenId);
_afterTokenTransfers(from, to, tokenId, 1);
}
/**
* @dev Equivalent to `safeTransferFrom(from, to, tokenId, '')`.
*/
function safeTransferFrom(
address from,
address to,
uint256 tokenId
) public payable virtual override {
safeTransferFrom(from, to, tokenId, '');
}
/**
* @dev Safely transfers `tokenId` token from `from` to `to`.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must exist and be owned by `from`.
* - If the caller is not `from`, it must be approved to move this token
* by either {approve} or {setApprovalForAll}.
* - If `to` refers to a smart contract, it must implement
* {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.
*
* Emits a {Transfer} event.
*/
function safeTransferFrom(
address from,
address to,
uint256 tokenId,
bytes memory _data
) public payable virtual override {
transferFrom(from, to, tokenId);
if (to.code.length != 0)
if (!_checkContractOnERC721Received(from, to, tokenId, _data)) {
revert TransferToNonERC721ReceiverImplementer();
}
}
/**
* @dev Hook that is called before a set of serially-ordered token IDs
* are about to be transferred. This includes minting.
* And also called before burning one token.
*
* `startTokenId` - the first token ID to be transferred.
* `quantity` - the amount to be transferred.
*
* Calling conditions:
*
* - When `from` and `to` are both non-zero, `from`'s `tokenId` will be
* transferred to `to`.
* - When `from` is zero, `tokenId` will be minted for `to`.
* - When `to` is zero, `tokenId` will be burned by `from`.
* - `from` and `to` are never both zero.
*/
function _beforeTokenTransfers(
address from,
address to,
uint256 startTokenId,
uint256 quantity
) internal virtual {}
/**
* @dev Hook that is called after a set of serially-ordered token IDs
* have been transferred. This includes minting.
* And also called after one token has been burned.
*
* `startTokenId` - the first token ID to be transferred.
* `quantity` - the amount to be transferred.
*
* Calling conditions:
*
* - When `from` and `to` are both non-zero, `from`'s `tokenId` has been
* transferred to `to`.
* - When `from` is zero, `tokenId` has been minted for `to`.
* - When `to` is zero, `tokenId` has been burned by `from`.
* - `from` and `to` are never both zero.
*/
function _afterTokenTransfers(
address from,
address to,
uint256 startTokenId,
uint256 quantity
) internal virtual {}
/**
* @dev Private function to invoke {IERC721Receiver-onERC721Received} on a target contract.
*
* `from` - Previous owner of the given token ID.
* `to` - Target address that will receive the token.
* `tokenId` - Token ID to be transferred.
* `_data` - Optional data to send along with the call.
*
* Returns whether the call correctly returned the expected magic value.
*/
function _checkContractOnERC721Received(
address from,
address to,
uint256 tokenId,
bytes memory _data
) private returns (bool) {
try ERC721A__IERC721Receiver(to).onERC721Received(_msgSenderERC721A(), from, tokenId, _data) returns (
bytes4 retval
) {
return retval == ERC721A__IERC721Receiver(to).onERC721Received.selector;
} catch (bytes memory reason) {
if (reason.length == 0) {
revert TransferToNonERC721ReceiverImplementer();
} else {
assembly {
revert(add(32, reason), mload(reason))
}
}
}
}
// =============================================================
// MINT OPERATIONS
// =============================================================
/**
* @dev Mints `quantity` tokens and transfers them to `to`.
*
* Requirements:
*
* - `to` cannot be the zero address.
* - `quantity` must be greater than 0.
*
* Emits a {Transfer} event for each mint.
*/
function _mint(address to, uint256 quantity) internal virtual {
uint256 startTokenId = _currentIndex;
if (quantity == 0) revert MintZeroQuantity();
_beforeTokenTransfers(address(0), to, startTokenId, quantity);
// Overflows are incredibly unrealistic.
// `balance` and `numberMinted` have a maximum limit of 2**64.
// `tokenId` has a maximum limit of 2**256.
unchecked {
// Updates:
// - `balance += quantity`.
// - `numberMinted += quantity`.
//
// We can directly add to the `balance` and `numberMinted`.
_packedAddressData[to] += quantity * ((1 << _BITPOS_NUMBER_MINTED) | 1);
// Updates:
// - `address` to the owner.
// - `startTimestamp` to the timestamp of minting.
// - `burned` to `false`.
// - `nextInitialized` to `quantity == 1`.
_packedOwnerships[startTokenId] = _packOwnershipData(
to,
_nextInitializedFlag(quantity) | _nextExtraData(address(0), to, 0)
);
uint256 toMasked;
uint256 end = startTokenId + quantity;
// Use assembly to loop and emit the `Transfer` event for gas savings.
// The duplicated `log4` removes an extra check and reduces stack juggling.
// The assembly, together with the surrounding Solidity code, have been
// delicately arranged to nudge the compiler into producing optimized opcodes.
assembly {
// Mask `to` to the lower 160 bits, in case the upper bits somehow aren't clean.
toMasked := and(to, _BITMASK_ADDRESS)
// Emit the `Transfer` event.
log4(
0, // Start of data (0, since no data).
0, // End of data (0, since no data).
_TRANSFER_EVENT_SIGNATURE, // Signature.
0, // `address(0)`.
toMasked, // `to`.
startTokenId // `tokenId`.
)
// The `iszero(eq(,))` check ensures that large values of `quantity`
// that overflows uint256 will make the loop run out of gas.
// The compiler will optimize the `iszero` away for performance.
for {
let tokenId := add(startTokenId, 1)
} iszero(eq(tokenId, end)) {
tokenId := add(tokenId, 1)
} {
// Emit the `Transfer` event. Similar to above.
log4(0, 0, _TRANSFER_EVENT_SIGNATURE, 0, toMasked, tokenId)
}
}
if (toMasked == 0) revert MintToZeroAddress();
_currentIndex = end;
}
_afterTokenTransfers(address(0), to, startTokenId, quantity);
}
/**
* @dev Mints `quantity` tokens and transfers them to `to`.
*
* This function is intended for efficient minting only during contract creation.
*
* It emits only one {ConsecutiveTransfer} as defined in
* [ERC2309](https://eips.ethereum.org/EIPS/eip-2309),
* instead of a sequence of {Transfer} event(s).
*
* Calling this function outside of contract creation WILL make your contract
* non-compliant with the ERC721 standard.
* For full ERC721 compliance, substituting ERC721 {Transfer} event(s) with the ERC2309
* {ConsecutiveTransfer} event is only permissible during contract creation.
*
* Requirements:
*
* - `to` cannot be the zero address.
* - `quantity` must be greater than 0.
*
* Emits a {ConsecutiveTransfer} event.
*/
function _mintERC2309(address to, uint256 quantity) internal virtual {
uint256 startTokenId = _currentIndex;
if (to == address(0)) revert MintToZeroAddress();
if (quantity == 0) revert MintZeroQuantity();
if (quantity > _MAX_MINT_ERC2309_QUANTITY_LIMIT) revert MintERC2309QuantityExceedsLimit();
_beforeTokenTransfers(address(0), to, startTokenId, quantity);
// Overflows are unrealistic due to the above check for `quantity` to be below the limit.
unchecked {
// Updates:
// - `balance += quantity`.
// - `numberMinted += quantity`.
//
// We can directly add to the `balance` and `numberMinted`.
_packedAddressData[to] += quantity * ((1 << _BITPOS_NUMBER_MINTED) | 1);
// Updates:
// - `address` to the owner.
// - `startTimestamp` to the timestamp of minting.
// - `burned` to `false`.
// - `nextInitialized` to `quantity == 1`.
_packedOwnerships[startTokenId] = _packOwnershipData(
to,
_nextInitializedFlag(quantity) | _nextExtraData(address(0), to, 0)
);
emit ConsecutiveTransfer(startTokenId, startTokenId + quantity - 1, address(0), to);
_currentIndex = startTokenId + quantity;
}
_afterTokenTransfers(address(0), to, startTokenId, quantity);
}
/**
* @dev Safely mints `quantity` tokens and transfers them to `to`.
*
* Requirements:
*
* - If `to` refers to a smart contract, it must implement
* {IERC721Receiver-onERC721Received}, which is called for each safe transfer.
* - `quantity` must be greater than 0.
*
* See {_mint}.
*
* Emits a {Transfer} event for each mint.
*/
function _safeMint(
address to,
uint256 quantity,
bytes memory _data
) internal virtual {
_mint(to, quantity);
unchecked {
if (to.code.length != 0) {
uint256 end = _currentIndex;
uint256 index = end - quantity;
do {
if (!_checkContractOnERC721Received(address(0), to, index++, _data)) {
revert TransferToNonERC721ReceiverImplementer();
}
} while (index < end);
// Reentrancy protection.
if (_currentIndex != end) revert();
}
}
}
/**
* @dev Equivalent to `_safeMint(to, quantity, '')`.
*/
function _safeMint(address to, uint256 quantity) internal virtual {
_safeMint(to, quantity, '');
}
// =============================================================
// BURN OPERATIONS
// =============================================================
/**
* @dev Equivalent to `_burn(tokenId, false)`.
*/
function _burn(uint256 tokenId) internal virtual {
_burn(tokenId, false);
}
/**
* @dev Destroys `tokenId`.
* The approval is cleared when the token is burned.
*
* Requirements:
*
* - `tokenId` must exist.
*
* Emits a {Transfer} event.
*/
function _burn(uint256 tokenId, bool approvalCheck) internal virtual {
uint256 prevOwnershipPacked = _packedOwnershipOf(tokenId);
address from = address(uint160(prevOwnershipPacked));
(uint256 approvedAddressSlot, address approvedAddress) = _getApprovedSlotAndAddress(tokenId);
if (approvalCheck) {
// The nested ifs save around 20+ gas over a compound boolean condition.
if (!_isSenderApprovedOrOwner(approvedAddress, from, _msgSenderERC721A()))
if (!isApprovedForAll(from, _msgSenderERC721A())) revert TransferCallerNotOwnerNorApproved();
}
_beforeTokenTransfers(from, address(0), tokenId, 1);
// Clear approvals from the previous owner.
assembly {
if approvedAddress {
// This is equivalent to `delete _tokenApprovals[tokenId]`.
sstore(approvedAddressSlot, 0)
}
}
// Underflow of the sender's balance is impossible because we check for
// ownership above and the recipient's balance can't realistically overflow.
// Counter overflow is incredibly unrealistic as `tokenId` would have to be 2**256.
unchecked {
// Updates:
// - `balance -= 1`.
// - `numberBurned += 1`.
//
// We can directly decrement the balance, and increment the number burned.
// This is equivalent to `packed -= 1; packed += 1 << _BITPOS_NUMBER_BURNED;`.
_packedAddressData[from] += (1 << _BITPOS_NUMBER_BURNED) - 1;
// Updates:
// - `address` to the last owner.
// - `startTimestamp` to the timestamp of burning.
// - `burned` to `true`.
// - `nextInitialized` to `true`.
_packedOwnerships[tokenId] = _packOwnershipData(
from,
(_BITMASK_BURNED | _BITMASK_NEXT_INITIALIZED) | _nextExtraData(from, address(0), prevOwnershipPacked)
);
// If the next slot may not have been initialized (i.e. `nextInitialized == false`) .
if (prevOwnershipPacked & _BITMASK_NEXT_INITIALIZED == 0) {
uint256 nextTokenId = tokenId + 1;
// If the next slot's address is zero and not burned (i.e. packed value is zero).
if (_packedOwnerships[nextTokenId] == 0) {
// If the next slot is within bounds.
if (nextTokenId != _currentIndex) {
// Initialize the next slot to maintain correctness for `ownerOf(tokenId + 1)`.
_packedOwnerships[nextTokenId] = prevOwnershipPacked;
}
}
}
}
emit Transfer(from, address(0), tokenId);
_afterTokenTransfers(from, address(0), tokenId, 1);
// Overflow not possible, as _burnCounter cannot be exceed _currentIndex times.
unchecked {
_burnCounter++;
}
}
// =============================================================
// EXTRA DATA OPERATIONS
// =============================================================
/**
* @dev Directly sets the extra data for the ownership data `index`.
*/
function _setExtraDataAt(uint256 index, uint24 extraData) internal virtual {
uint256 packed = _packedOwnerships[index];
if (packed == 0) revert OwnershipNotInitializedForExtraData();
uint256 extraDataCasted;
// Cast `extraData` with assembly to avoid redundant masking.
assembly {
extraDataCasted := extraData
}
packed = (packed & _BITMASK_EXTRA_DATA_COMPLEMENT) | (extraDataCasted << _BITPOS_EXTRA_DATA);
_packedOwnerships[index] = packed;
}
/**
* @dev Called during each token transfer to set the 24bit `extraData` field.
* Intended to be overridden by the cosumer contract.
*
* `previousExtraData` - the value of `extraData` before transfer.
*
* Calling conditions:
*
* - When `from` and `to` are both non-zero, `from`'s `tokenId` will be
* transferred to `to`.
* - When `from` is zero, `tokenId` will be minted for `to`.
* - When `to` is zero, `tokenId` will be burned by `from`.
* - `from` and `to` are never both zero.
*/
function _extraData(
address from,
address to,
uint24 previousExtraData
) internal view virtual returns (uint24) {}
/**
* @dev Returns the next extra data for the packed ownership data.
* The returned result is shifted into position.
*/
function _nextExtraData(
address from,
address to,
uint256 prevOwnershipPacked
) private view returns (uint256) {
uint24 extraData = uint24(prevOwnershipPacked >> _BITPOS_EXTRA_DATA);
return uint256(_extraData(from, to, extraData)) << _BITPOS_EXTRA_DATA;
}
// =============================================================
// OTHER OPERATIONS
// =============================================================
/**
* @dev Returns the message sender (defaults to `msg.sender`).
*
* If you are writing GSN compatible contracts, you need to override this function.
*/
function _msgSenderERC721A() internal view virtual returns (address) {
return msg.sender;
}
/**
* @dev Converts a uint256 to its ASCII string decimal representation.
*/
function _toString(uint256 value) internal pure virtual returns (string memory str) {
assembly {
// The maximum value of a uint256 contains 78 digits (1 byte per digit), but
// we allocate 0xa0 bytes to keep the free memory pointer 32-byte word aligned.
// We will need 1 word for the trailing zeros padding, 1 word for the length,
// and 3 words for a maximum of 78 digits. Total: 5 * 0x20 = 0xa0.
let m := add(mload(0x40), 0xa0)
// Update the free memory pointer to allocate.
mstore(0x40, m)
// Assign the `str` to the end.
str := sub(m, 0x20)
// Zeroize the slot after the string.
mstore(str, 0)
// Cache the end of the memory to calculate the length later.
let end := str
// We write the string from rightmost digit to leftmost digit.
// The following is essentially a do-while loop that also handles the zero case.
// prettier-ignore
for { let temp := value } 1 {} {
str := sub(str, 1)
// Write the character to the pointer.
// The ASCII index of the '0' character is 48.
mstore8(str, add(48, mod(temp, 10)))
// Keep dividing `temp` until zero.
temp := div(temp, 10)
// prettier-ignore
if iszero(temp) { break }
}
let length := sub(end, str)
// Move the pointer 32 bytes leftwards to make room for the length.
str := sub(str, 0x20)
// Store the length.
mstore(str, length)
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (token/ERC721/IERC721.sol)
pragma solidity ^0.8.0;
import "../../utils/introspection/IERC165.sol";
/**
* @dev Required interface of an ERC721 compliant contract.
*/
interface IERC721 is IERC165 {
/**
* @dev Emitted when `tokenId` token is transferred from `from` to `to`.
*/
event Transfer(address indexed from, address indexed to, uint256 indexed tokenId);
/**
* @dev Emitted when `owner` enables `approved` to manage the `tokenId` token.
*/
event Approval(address indexed owner, address indexed approved, uint256 indexed tokenId);
/**
* @dev Emitted when `owner` enables or disables (`approved`) `operator` to manage all of its assets.
*/
event ApprovalForAll(address indexed owner, address indexed operator, bool approved);
/**
* @dev Returns the number of tokens in ``owner``'s account.
*/
function balanceOf(address owner) external view returns (uint256 balance);
/**
* @dev Returns the owner of the `tokenId` token.
*
* Requirements:
*
* - `tokenId` must exist.
*/
function ownerOf(uint256 tokenId) external view returns (address owner);
/**
* @dev Safely transfers `tokenId` token from `from` to `to`.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must exist and be owned by `from`.
* - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}.
* - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.
*
* Emits a {Transfer} event.
*/
function safeTransferFrom(
address from,
address to,
uint256 tokenId,
bytes calldata data
) external;
/**
* @dev Safely transfers `tokenId` token from `from` to `to`, checking first that contract recipients
* are aware of the ERC721 protocol to prevent tokens from being forever locked.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must exist and be owned by `from`.
* - If the caller is not `from`, it must have been allowed to move this token by either {approve} or {setApprovalForAll}.
* - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.
*
* Emits a {Transfer} event.
*/
function safeTransferFrom(
address from,
address to,
uint256 tokenId
) external;
/**
* @dev Transfers `tokenId` token from `from` to `to`.
*
* WARNING: Note that the caller is responsible to confirm that the recipient is capable of receiving ERC721
* or else they may be permanently lost. Usage of {safeTransferFrom} prevents loss, though the caller must
* understand this adds an external call which potentially creates a reentrancy vulnerability.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must be owned by `from`.
* - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}.
*
* Emits a {Transfer} event.
*/
function transferFrom(
address from,
address to,
uint256 tokenId
) external;
/**
* @dev Gives permission to `to` to transfer `tokenId` token to another account.
* The approval is cleared when the token is transferred.
*
* Only a single account can be approved at a time, so approving the zero address clears previous approvals.
*
* Requirements:
*
* - The caller must own the token or be an approved operator.
* - `tokenId` must exist.
*
* Emits an {Approval} event.
*/
function approve(address to, uint256 tokenId) external;
/**
* @dev Approve or remove `operator` as an operator for the caller.
* Operators can call {transferFrom} or {safeTransferFrom} for any token owned by the caller.
*
* Requirements:
*
* - The `operator` cannot be the caller.
*
* Emits an {ApprovalForAll} event.
*/
function setApprovalForAll(address operator, bool _approved) external;
/**
* @dev Returns the account approved for `tokenId` token.
*
* Requirements:
*
* - `tokenId` must exist.
*/
function getApproved(uint256 tokenId) external view returns (address operator);
/**
* @dev Returns if the `operator` is allowed to manage all of the assets of `owner`.
*
* See {setApprovalForAll}
*/
function isApprovedForAll(address owner, address operator) external view returns (bool);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (token/ERC721/extensions/IERC721Metadata.sol)
pragma solidity ^0.8.0;
import "../IERC721.sol";
/**
* @title ERC-721 Non-Fungible Token Standard, optional metadata extension
* @dev See https://eips.ethereum.org/EIPS/eip-721
*/
interface IERC721Metadata is IERC721 {
/**
* @dev Returns the token collection name.
*/
function name() external view returns (string memory);
/**
* @dev Returns the token collection symbol.
*/
function symbol() external view returns (string memory);
/**
* @dev Returns the Uniform Resource Identifier (URI) for `tokenId` token.
*/
function tokenURI(uint256 tokenId) external view returns (string memory);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/introspection/IERC165.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC165 standard, as defined in the
* https://eips.ethereum.org/EIPS/eip-165[EIP].
*
* Implementers can declare support of contract interfaces, which can then be
* queried by others ({ERC165Checker}).
*
* For an implementation, see {ERC165}.
*/
interface IERC165 {
/**
* @dev Returns true if this contract implements the interface defined by
* `interfaceId`. See the corresponding
* https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[EIP section]
* to learn more about how these ids are created.
*
* This function call must use less than 30 000 gas.
*/
function supportsInterface(bytes4 interfaceId) external view returns (bool);
}
// SPDX-License-Identifier: MIT
pragma solidity >=0.8.0;
/// @notice Gas optimized merkle proof verification library.
/// @author Solmate (https://github.com/transmissions11/solmate/blob/main/src/utils/MerkleProofLib.sol)
/// @author Modified from Solady (https://github.com/Vectorized/solady/blob/main/src/utils/MerkleProofLib.sol)
library MerkleProofLib {
function verify(
bytes32[] calldata proof,
bytes32 root,
bytes32 leaf
) internal pure returns (bool isValid) {
assembly {
if proof.length {
// Left shifting by 5 is like multiplying by 32.
let end := add(proof.offset, shl(5, proof.length))
// Initialize offset to the offset of the proof in calldata.
let offset := proof.offset
// Iterate over proof elements to compute root hash.
// prettier-ignore
for {} 1 {} {
// Slot where the leaf should be put in scratch space. If
// leaf > calldataload(offset): slot 32, otherwise: slot 0.
let leafSlot := shl(5, gt(leaf, calldataload(offset)))
// Store elements to hash contiguously in scratch space.
// The xor puts calldataload(offset) in whichever slot leaf
// is not occupying, so 0 if leafSlot is 32, and 32 otherwise.
mstore(leafSlot, leaf)
mstore(xor(leafSlot, 32), calldataload(offset))
// Reuse leaf to store the hash to reduce stack operations.
leaf := keccak256(0, 64) // Hash both slots of scratch space.
offset := add(offset, 32) // Shift 1 word per cycle.
// prettier-ignore
if iszero(lt(offset, end)) { break }
}
}
isValid := eq(leaf, root) // The proof is valid if the roots match.
}
}
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.17;
interface IERC4906 {
/// @dev This event emits when the metadata of a token is changed.
/// So that the third-party platforms such as NFT market could
/// timely update the images and related attributes of the NFT.
event MetadataUpdate(uint256 _tokenId);
/// @dev This event emits when the metadata of a range of tokens is changed.
/// So that the third-party platforms such as NFT market could
/// timely update the images and related attributes of the NFTs.
event BatchMetadataUpdate(uint256 _fromTokenId, uint256 _toTokenId);
}
// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.17;
interface IMetadataRenderer {
function tokenURI(uint256 id) external view returns (string memory);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)
pragma solidity ^0.8.0;
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract Context {
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
}
// SPDX-License-Identifier: MIT
// ERC721A Contracts v4.2.3
// Creator: Chiru Labs
pragma solidity ^0.8.4;
/**
* @dev Interface of ERC721A.
*/
interface IERC721A {
/**
* The caller must own the token or be an approved operator.
*/
error ApprovalCallerNotOwnerNorApproved();
/**
* The token does not exist.
*/
error ApprovalQueryForNonexistentToken();
/**
* Cannot query the balance for the zero address.
*/
error BalanceQueryForZeroAddress();
/**
* Cannot mint to the zero address.
*/
error MintToZeroAddress();
/**
* The quantity of tokens minted must be more than zero.
*/
error MintZeroQuantity();
/**
* The token does not exist.
*/
error OwnerQueryForNonexistentToken();
/**
* The caller must own the token or be an approved operator.
*/
error TransferCallerNotOwnerNorApproved();
/**
* The token must be owned by `from`.
*/
error TransferFromIncorrectOwner();
/**
* Cannot safely transfer to a contract that does not implement the
* ERC721Receiver interface.
*/
error TransferToNonERC721ReceiverImplementer();
/**
* Cannot transfer to the zero address.
*/
error TransferToZeroAddress();
/**
* The token does not exist.
*/
error URIQueryForNonexistentToken();
/**
* The `quantity` minted with ERC2309 exceeds the safety limit.
*/
error MintERC2309QuantityExceedsLimit();
/**
* The `extraData` cannot be set on an unintialized ownership slot.
*/
error OwnershipNotInitializedForExtraData();
// =============================================================
// STRUCTS
// =============================================================
struct TokenOwnership {
// The address of the owner.
address addr;
// Stores the start time of ownership with minimal overhead for tokenomics.
uint64 startTimestamp;
// Whether the token has been burned.
bool burned;
// Arbitrary data similar to `startTimestamp` that can be set via {_extraData}.
uint24 extraData;
}
// =============================================================
// TOKEN COUNTERS
// =============================================================
/**
* @dev Returns the total number of tokens in existence.
* Burned tokens will reduce the count.
* To get the total number of tokens minted, please see {_totalMinted}.
*/
function totalSupply() external view returns (uint256);
// =============================================================
// IERC165
// =============================================================
/**
* @dev Returns true if this contract implements the interface defined by
* `interfaceId`. See the corresponding
* [EIP section](https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified)
* to learn more about how these ids are created.
*
* This function call must use less than 30000 gas.
*/
function supportsInterface(bytes4 interfaceId) external view returns (bool);
// =============================================================
// IERC721
// =============================================================
/**
* @dev Emitted when `tokenId` token is transferred from `from` to `to`.
*/
event Transfer(address indexed from, address indexed to, uint256 indexed tokenId);
/**
* @dev Emitted when `owner` enables `approved` to manage the `tokenId` token.
*/
event Approval(address indexed owner, address indexed approved, uint256 indexed tokenId);
/**
* @dev Emitted when `owner` enables or disables
* (`approved`) `operator` to manage all of its assets.
*/
event ApprovalForAll(address indexed owner, address indexed operator, bool approved);
/**
* @dev Returns the number of tokens in `owner`'s account.
*/
function balanceOf(address owner) external view returns (uint256 balance);
/**
* @dev Returns the owner of the `tokenId` token.
*
* Requirements:
*
* - `tokenId` must exist.
*/
function ownerOf(uint256 tokenId) external view returns (address owner);
/**
* @dev Safely transfers `tokenId` token from `from` to `to`,
* checking first that contract recipients are aware of the ERC721 protocol
* to prevent tokens from being forever locked.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must exist and be owned by `from`.
* - If the caller is not `from`, it must be have been allowed to move
* this token by either {approve} or {setApprovalForAll}.
* - If `to` refers to a smart contract, it must implement
* {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.
*
* Emits a {Transfer} event.
*/
function safeTransferFrom(
address from,
address to,
uint256 tokenId,
bytes calldata data
) external payable;
/**
* @dev Equivalent to `safeTransferFrom(from, to, tokenId, '')`.
*/
function safeTransferFrom(
address from,
address to,
uint256 tokenId
) external payable;
/**
* @dev Transfers `tokenId` from `from` to `to`.
*
* WARNING: Usage of this method is discouraged, use {safeTransferFrom}
* whenever possible.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must be owned by `from`.
* - If the caller is not `from`, it must be approved to move this token
* by either {approve} or {setApprovalForAll}.
*
* Emits a {Transfer} event.
*/
function transferFrom(
address from,
address to,
uint256 tokenId
) external payable;
/**
* @dev Gives permission to `to` to transfer `tokenId` token to another account.
* The approval is cleared when the token is transferred.
*
* Only a single account can be approved at a time, so approving the
* zero address clears previous approvals.
*
* Requirements:
*
* - The caller must own the token or be an approved operator.
* - `tokenId` must exist.
*
* Emits an {Approval} event.
*/
function approve(address to, uint256 tokenId) external payable;
/**
* @dev Approve or remove `operator` as an operator for the caller.
* Operators can call {transferFrom} or {safeTransferFrom}
* for any token owned by the caller.
*
* Requirements:
*
* - The `operator` cannot be the caller.
*
* Emits an {ApprovalForAll} event.
*/
function setApprovalForAll(address operator, bool _approved) external;
/**
* @dev Returns the account approved for `tokenId` token.
*
* Requirements:
*
* - `tokenId` must exist.
*/
function getApproved(uint256 tokenId) external view returns (address operator);
/**
* @dev Returns if the `operator` is allowed to manage all of the assets of `owner`.
*
* See {setApprovalForAll}.
*/
function isApprovedForAll(address owner, address operator) external view returns (bool);
// =============================================================
// IERC721Metadata
// =============================================================
/**
* @dev Returns the token collection name.
*/
function name() external view returns (string memory);
/**
* @dev Returns the token collection symbol.
*/
function symbol() external view returns (string memory);
/**
* @dev Returns the Uniform Resource Identifier (URI) for `tokenId` token.
*/
function tokenURI(uint256 tokenId) external view returns (string memory);
// =============================================================
// IERC2309
// =============================================================
/**
* @dev Emitted when tokens in `fromTokenId` to `toTokenId`
* (inclusive) is transferred from `from` to `to`, as defined in the
* [ERC2309](https://eips.ethereum.org/EIPS/eip-2309) standard.
*
* See {_mintERC2309} for more details.
*/
event ConsecutiveTransfer(uint256 indexed fromTokenId, uint256 toTokenId, address indexed from, address indexed to);
}
File 4 of 6: TrustedForwarder
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.4;
import "@openzeppelin/contracts/access/Ownable.sol";
import "@openzeppelin/contracts/proxy/utils/Initializable.sol";
import "@openzeppelin/contracts/utils/cryptography/EIP712.sol";
import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
/**
* @title TrustedForwarder
* @author Limit Break, Inc.
* @notice TrustedForwarder is a generic message forwarder, which allows you to relay transactions to any contract and preserve the original sender.
* The processor acts as a trusted proxy, which can be a way to limit interactions with your contract, or enforce certain conditions.
*/
contract TrustedForwarder is EIP712, Initializable, Ownable {
error TrustedForwarder__CannotSetAppSignerToZeroAddress();
error TrustedForwarder__CannotSetOwnerToZeroAddress();
error TrustedForwarder__CannotUseWithoutSignature();
error TrustedForwarder__InvalidSignature();
error TrustedForwarder__SignerNotAuthorized();
struct SignatureECDSA {
uint8 v;
bytes32 r;
bytes32 s;
}
// keccak256("AppSigner(bytes32 messageHash,address target,address sender)")
bytes32 public constant APP_SIGNER_TYPEHASH = 0xc83d02443cc9e12c5d2faae8a9a36bf0112f5b4a8cce23c9277a0c68bf638762;
address public signer;
constructor() EIP712("TrustedForwarder", "1") {}
/**
* @notice Initializes the TrustedForwarder contract.
*
* @dev This should be called atomically with the clone of the contract to prevent bad actors from calling it.
* @dev - Throws if the contract is already initialized
*
* @param owner The address to assign the owner role to.
* @param appSigner The address to assign the app signer role to.
*/
function __TrustedForwarder_init(address owner, address appSigner) external initializer {
if (owner == address(0)) {
revert TrustedForwarder__CannotSetOwnerToZeroAddress();
}
if (appSigner != address(0)) {
signer = appSigner;
}
_transferOwnership(owner);
}
/**
* @notice Forwards a message to a target contract, preserving the original sender.
* @notice In the case the forwarder does not require a signature, this function should be used to save gas.
*
* @dev - Throws if the target contract reverts.
* @dev - Throws if the target address has no code.
* @dev - Throws if `signer` is not address(0).
*
* @param target The address of the contract to forward the message to.
* @param message The calldata to forward.
*
* @return returnData The return data of the call to the target contract.
*/
function forwardCall(address target, bytes calldata message)
external
payable
returns (bytes memory returnData)
{
address signerCache = signer;
if (signerCache != address(0)) {
revert TrustedForwarder__CannotUseWithoutSignature();
}
bytes memory encodedData = _encodeERC2771Context(message, _msgSender());
assembly {
let success := call(gas(), target, callvalue(), add(encodedData, 0x20), mload(encodedData), 0, 0)
let size := returndatasize()
returnData := mload(0x40)
mstore(returnData, size)
mstore(0x40, add(add(returnData, 0x20), size)) // Adjust memory pointer
returndatacopy(add(returnData, 0x20), 0, size) // Copy returndata to memory
if iszero(success) {
revert(add(returnData, 0x20), size) // Revert with return data on failure
}
// If the call was successful, but the return data is empty, check if the target address has code
if iszero(size) {
if iszero(extcodesize(target)) {
mstore(0x00, 0x39bf07c1) // Store function selector `TrustedForwarder__TargetAddressHasNoCode()` and revert
revert(0x1c, 0x04) // Revert with the custom function selector
}
}
}
}
/**
* @notice Forwards a message to a target contract, preserving the original sender.
* @notice This should only be used if the forwarder requires a signature.
* @notice In the case the app signer is not set, use the overloaded `forwardCall` function without a signature variable.
*
* @dev - Throws if the target contract reverts.
* @dev - Throws if the target address has no code.
* @dev - Throws if `signer` is not address(0) and the signature does not match the signer.
*
* @param target The address of the contract to forward the message to.
* @param message The calldata to forward.
* @param signature The signature of the message.
*
* @return returnData The return data of the call to the target contract.
*/
function forwardCall(address target, bytes calldata message, SignatureECDSA calldata signature)
external
payable
returns (bytes memory returnData)
{
address signerCache = signer;
if (signerCache != address(0)) {
if (
signerCache != _ecdsaRecover(
_hashTypedDataV4(
keccak256(abi.encode(APP_SIGNER_TYPEHASH, keccak256(message), target, _msgSender()))
),
signature.v,
signature.r,
signature.s
)
) {
revert TrustedForwarder__SignerNotAuthorized();
}
}
bytes memory encodedData = _encodeERC2771Context(message, _msgSender());
assembly {
let success := call(gas(), target, callvalue(), add(encodedData, 0x20), mload(encodedData), 0, 0)
let size := returndatasize()
returnData := mload(0x40)
mstore(returnData, size)
mstore(0x40, add(add(returnData, 0x20), size)) // Adjust memory pointer
returndatacopy(add(returnData, 0x20), 0, size) // Copy returndata to memory
if iszero(success) {
revert(add(returnData, 0x20), size) // Revert with return data on failure
}
// If the call was successful, but the return data is empty, check if the target address has code
if iszero(size) {
if iszero(extcodesize(target)) {
mstore(0x00, 0x39bf07c1) // Store function selector `TrustedForwarder__TargetAddressHasNoCode()` and revert
revert(0x1c, 0x04) // Revert with the custom function selector
}
}
}
}
/**
* @notice Updates the app signer address. To disable app signing, set signer to address(0).
*
* @dev - Throws if the sender is not the owner.
*
* @param signer_ The address to assign the app signer role to.
*/
function updateSigner(address signer_) external onlyOwner {
if (signer_ == address(0)) {
revert TrustedForwarder__CannotSetAppSignerToZeroAddress();
}
signer = signer_;
}
/**
* @notice Resets the app signer address to address(0).
*
* @dev - Throws if the sender is not the owner.
*/
function deactivateSigner() external onlyOwner {
signer = address(0);
}
/**
* @notice Returns the domain separator used in the permit signature
*
* @return The domain separator
*/
function domainSeparatorV4() external view returns (bytes32) {
return _domainSeparatorV4();
}
/// @dev appends the msg.sender to the end of the calldata
function _encodeERC2771Context(bytes calldata _data, address _msgSender) internal pure returns (bytes memory encodedData) {
assembly {
// Calculate total length: data.length + 20 bytes for the address
let totalLength := add(_data.length, 20)
// Allocate memory for the combined data
encodedData := mload(0x40)
mstore(0x40, add(encodedData, add(totalLength, 0x20)))
// Set the length of the `encodedData`
mstore(encodedData, totalLength)
// Copy the `bytes calldata` data
calldatacopy(add(encodedData, 0x20), _data.offset, _data.length)
// Append the `address`. Addresses are 20 bytes, stored in the last 20 bytes of a 32-byte word
mstore(add(add(encodedData, 0x20), _data.length), shl(96, _msgSender))
}
}
/**
* @notice Recovers an ECDSA signature
*
* @dev This function is copied from OpenZeppelin's ECDSA library
*
* @param digest The digest to recover
* @param v The v component of the signature
* @param r The r component of the signature
* @param s The s component of the signature
*
* @return recoveredSigner The signer of the digest
*/
function _ecdsaRecover(bytes32 digest, uint8 v, bytes32 r, bytes32 s) internal pure returns (address recoveredSigner) {
if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
revert TrustedForwarder__InvalidSignature();
}
recoveredSigner = ecrecover(digest, v, r, s);
if (recoveredSigner == address(0)) {
revert TrustedForwarder__InvalidSignature();
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (access/Ownable.sol)
pragma solidity ^0.8.0;
import "../utils/Context.sol";
/**
* @dev Contract module which provides a basic access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* By default, the owner account will be the one that deploys the contract. This
* can later be changed with {transferOwnership}.
*
* This module is used through inheritance. It will make available the modifier
* `onlyOwner`, which can be applied to your functions to restrict their use to
* the owner.
*/
abstract contract Ownable is Context {
address private _owner;
event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
/**
* @dev Initializes the contract setting the deployer as the initial owner.
*/
constructor() {
_transferOwnership(_msgSender());
}
/**
* @dev Throws if called by any account other than the owner.
*/
modifier onlyOwner() {
_checkOwner();
_;
}
/**
* @dev Returns the address of the current owner.
*/
function owner() public view virtual returns (address) {
return _owner;
}
/**
* @dev Throws if the sender is not the owner.
*/
function _checkOwner() internal view virtual {
require(owner() == _msgSender(), "Ownable: caller is not the owner");
}
/**
* @dev Leaves the contract without owner. It will not be possible to call
* `onlyOwner` functions. Can only be called by the current owner.
*
* NOTE: Renouncing ownership will leave the contract without an owner,
* thereby disabling any functionality that is only available to the owner.
*/
function renounceOwnership() public virtual onlyOwner {
_transferOwnership(address(0));
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Can only be called by the current owner.
*/
function transferOwnership(address newOwner) public virtual onlyOwner {
require(newOwner != address(0), "Ownable: new owner is the zero address");
_transferOwnership(newOwner);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Internal function without access restriction.
*/
function _transferOwnership(address newOwner) internal virtual {
address oldOwner = _owner;
_owner = newOwner;
emit OwnershipTransferred(oldOwner, newOwner);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (proxy/utils/Initializable.sol)
pragma solidity ^0.8.2;
import "../../utils/Address.sol";
/**
* @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
* behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
* external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
* function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
*
* The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
* reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
* case an upgrade adds a module that needs to be initialized.
*
* For example:
*
* [.hljs-theme-light.nopadding]
* ```solidity
* contract MyToken is ERC20Upgradeable {
* function initialize() initializer public {
* __ERC20_init("MyToken", "MTK");
* }
* }
*
* contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
* function initializeV2() reinitializer(2) public {
* __ERC20Permit_init("MyToken");
* }
* }
* ```
*
* TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
* possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
*
* CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
* that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
*
* [CAUTION]
* ====
* Avoid leaving a contract uninitialized.
*
* An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
* contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
* the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
*
* [.hljs-theme-light.nopadding]
* ```
* /// @custom:oz-upgrades-unsafe-allow constructor
* constructor() {
* _disableInitializers();
* }
* ```
* ====
*/
abstract contract Initializable {
/**
* @dev Indicates that the contract has been initialized.
* @custom:oz-retyped-from bool
*/
uint8 private _initialized;
/**
* @dev Indicates that the contract is in the process of being initialized.
*/
bool private _initializing;
/**
* @dev Triggered when the contract has been initialized or reinitialized.
*/
event Initialized(uint8 version);
/**
* @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
* `onlyInitializing` functions can be used to initialize parent contracts.
*
* Similar to `reinitializer(1)`, except that functions marked with `initializer` can be nested in the context of a
* constructor.
*
* Emits an {Initialized} event.
*/
modifier initializer() {
bool isTopLevelCall = !_initializing;
require(
(isTopLevelCall && _initialized < 1) || (!Address.isContract(address(this)) && _initialized == 1),
"Initializable: contract is already initialized"
);
_initialized = 1;
if (isTopLevelCall) {
_initializing = true;
}
_;
if (isTopLevelCall) {
_initializing = false;
emit Initialized(1);
}
}
/**
* @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
* contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
* used to initialize parent contracts.
*
* A reinitializer may be used after the original initialization step. This is essential to configure modules that
* are added through upgrades and that require initialization.
*
* When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`
* cannot be nested. If one is invoked in the context of another, execution will revert.
*
* Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
* a contract, executing them in the right order is up to the developer or operator.
*
* WARNING: setting the version to 255 will prevent any future reinitialization.
*
* Emits an {Initialized} event.
*/
modifier reinitializer(uint8 version) {
require(!_initializing && _initialized < version, "Initializable: contract is already initialized");
_initialized = version;
_initializing = true;
_;
_initializing = false;
emit Initialized(version);
}
/**
* @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
* {initializer} and {reinitializer} modifiers, directly or indirectly.
*/
modifier onlyInitializing() {
require(_initializing, "Initializable: contract is not initializing");
_;
}
/**
* @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
* Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
* to any version. It is recommended to use this to lock implementation contracts that are designed to be called
* through proxies.
*
* Emits an {Initialized} event the first time it is successfully executed.
*/
function _disableInitializers() internal virtual {
require(!_initializing, "Initializable: contract is initializing");
if (_initialized != type(uint8).max) {
_initialized = type(uint8).max;
emit Initialized(type(uint8).max);
}
}
/**
* @dev Returns the highest version that has been initialized. See {reinitializer}.
*/
function _getInitializedVersion() internal view returns (uint8) {
return _initialized;
}
/**
* @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.
*/
function _isInitializing() internal view returns (bool) {
return _initializing;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/EIP712.sol)
pragma solidity ^0.8.8;
import "./ECDSA.sol";
import "../ShortStrings.sol";
import "../../interfaces/IERC5267.sol";
/**
* @dev https://eips.ethereum.org/EIPS/eip-712[EIP 712] is a standard for hashing and signing of typed structured data.
*
* The encoding specified in the EIP is very generic, and such a generic implementation in Solidity is not feasible,
* thus this contract does not implement the encoding itself. Protocols need to implement the type-specific encoding
* they need in their contracts using a combination of `abi.encode` and `keccak256`.
*
* This contract implements the EIP 712 domain separator ({_domainSeparatorV4}) that is used as part of the encoding
* scheme, and the final step of the encoding to obtain the message digest that is then signed via ECDSA
* ({_hashTypedDataV4}).
*
* The implementation of the domain separator was designed to be as efficient as possible while still properly updating
* the chain id to protect against replay attacks on an eventual fork of the chain.
*
* NOTE: This contract implements the version of the encoding known as "v4", as implemented by the JSON RPC method
* https://docs.metamask.io/guide/signing-data.html[`eth_signTypedDataV4` in MetaMask].
*
* NOTE: In the upgradeable version of this contract, the cached values will correspond to the address, and the domain
* separator of the implementation contract. This will cause the `_domainSeparatorV4` function to always rebuild the
* separator from the immutable values, which is cheaper than accessing a cached version in cold storage.
*
* _Available since v3.4._
*
* @custom:oz-upgrades-unsafe-allow state-variable-immutable state-variable-assignment
*/
abstract contract EIP712 is IERC5267 {
using ShortStrings for *;
bytes32 private constant _TYPE_HASH =
keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)");
// Cache the domain separator as an immutable value, but also store the chain id that it corresponds to, in order to
// invalidate the cached domain separator if the chain id changes.
bytes32 private immutable _cachedDomainSeparator;
uint256 private immutable _cachedChainId;
address private immutable _cachedThis;
bytes32 private immutable _hashedName;
bytes32 private immutable _hashedVersion;
ShortString private immutable _name;
ShortString private immutable _version;
string private _nameFallback;
string private _versionFallback;
/**
* @dev Initializes the domain separator and parameter caches.
*
* The meaning of `name` and `version` is specified in
* https://eips.ethereum.org/EIPS/eip-712#definition-of-domainseparator[EIP 712]:
*
* - `name`: the user readable name of the signing domain, i.e. the name of the DApp or the protocol.
* - `version`: the current major version of the signing domain.
*
* NOTE: These parameters cannot be changed except through a xref:learn::upgrading-smart-contracts.adoc[smart
* contract upgrade].
*/
constructor(string memory name, string memory version) {
_name = name.toShortStringWithFallback(_nameFallback);
_version = version.toShortStringWithFallback(_versionFallback);
_hashedName = keccak256(bytes(name));
_hashedVersion = keccak256(bytes(version));
_cachedChainId = block.chainid;
_cachedDomainSeparator = _buildDomainSeparator();
_cachedThis = address(this);
}
/**
* @dev Returns the domain separator for the current chain.
*/
function _domainSeparatorV4() internal view returns (bytes32) {
if (address(this) == _cachedThis && block.chainid == _cachedChainId) {
return _cachedDomainSeparator;
} else {
return _buildDomainSeparator();
}
}
function _buildDomainSeparator() private view returns (bytes32) {
return keccak256(abi.encode(_TYPE_HASH, _hashedName, _hashedVersion, block.chainid, address(this)));
}
/**
* @dev Given an already https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct[hashed struct], this
* function returns the hash of the fully encoded EIP712 message for this domain.
*
* This hash can be used together with {ECDSA-recover} to obtain the signer of a message. For example:
*
* ```solidity
* bytes32 digest = _hashTypedDataV4(keccak256(abi.encode(
* keccak256("Mail(address to,string contents)"),
* mailTo,
* keccak256(bytes(mailContents))
* )));
* address signer = ECDSA.recover(digest, signature);
* ```
*/
function _hashTypedDataV4(bytes32 structHash) internal view virtual returns (bytes32) {
return ECDSA.toTypedDataHash(_domainSeparatorV4(), structHash);
}
/**
* @dev See {EIP-5267}.
*
* _Available since v4.9._
*/
function eip712Domain()
public
view
virtual
override
returns (
bytes1 fields,
string memory name,
string memory version,
uint256 chainId,
address verifyingContract,
bytes32 salt,
uint256[] memory extensions
)
{
return (
hex"0f", // 01111
_name.toStringWithFallback(_nameFallback),
_version.toStringWithFallback(_versionFallback),
block.chainid,
address(this),
bytes32(0),
new uint256[](0)
);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/ECDSA.sol)
pragma solidity ^0.8.0;
import "../Strings.sol";
/**
* @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.
*
* These functions can be used to verify that a message was signed by the holder
* of the private keys of a given address.
*/
library ECDSA {
enum RecoverError {
NoError,
InvalidSignature,
InvalidSignatureLength,
InvalidSignatureS,
InvalidSignatureV // Deprecated in v4.8
}
function _throwError(RecoverError error) private pure {
if (error == RecoverError.NoError) {
return; // no error: do nothing
} else if (error == RecoverError.InvalidSignature) {
revert("ECDSA: invalid signature");
} else if (error == RecoverError.InvalidSignatureLength) {
revert("ECDSA: invalid signature length");
} else if (error == RecoverError.InvalidSignatureS) {
revert("ECDSA: invalid signature 's' value");
}
}
/**
* @dev Returns the address that signed a hashed message (`hash`) with
* `signature` or error string. This address can then be used for verification purposes.
*
* The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:
* this function rejects them by requiring the `s` value to be in the lower
* half order, and the `v` value to be either 27 or 28.
*
* IMPORTANT: `hash` _must_ be the result of a hash operation for the
* verification to be secure: it is possible to craft signatures that
* recover to arbitrary addresses for non-hashed data. A safe way to ensure
* this is by receiving a hash of the original message (which may otherwise
* be too long), and then calling {toEthSignedMessageHash} on it.
*
* Documentation for signature generation:
* - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]
* - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]
*
* _Available since v4.3._
*/
function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError) {
if (signature.length == 65) {
bytes32 r;
bytes32 s;
uint8 v;
// ecrecover takes the signature parameters, and the only way to get them
// currently is to use assembly.
/// @solidity memory-safe-assembly
assembly {
r := mload(add(signature, 0x20))
s := mload(add(signature, 0x40))
v := byte(0, mload(add(signature, 0x60)))
}
return tryRecover(hash, v, r, s);
} else {
return (address(0), RecoverError.InvalidSignatureLength);
}
}
/**
* @dev Returns the address that signed a hashed message (`hash`) with
* `signature`. This address can then be used for verification purposes.
*
* The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:
* this function rejects them by requiring the `s` value to be in the lower
* half order, and the `v` value to be either 27 or 28.
*
* IMPORTANT: `hash` _must_ be the result of a hash operation for the
* verification to be secure: it is possible to craft signatures that
* recover to arbitrary addresses for non-hashed data. A safe way to ensure
* this is by receiving a hash of the original message (which may otherwise
* be too long), and then calling {toEthSignedMessageHash} on it.
*/
function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {
(address recovered, RecoverError error) = tryRecover(hash, signature);
_throwError(error);
return recovered;
}
/**
* @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.
*
* See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures]
*
* _Available since v4.3._
*/
function tryRecover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address, RecoverError) {
bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);
uint8 v = uint8((uint256(vs) >> 255) + 27);
return tryRecover(hash, v, r, s);
}
/**
* @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.
*
* _Available since v4.2._
*/
function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {
(address recovered, RecoverError error) = tryRecover(hash, r, vs);
_throwError(error);
return recovered;
}
/**
* @dev Overload of {ECDSA-tryRecover} that receives the `v`,
* `r` and `s` signature fields separately.
*
* _Available since v4.3._
*/
function tryRecover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address, RecoverError) {
// EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature
// unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
// the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most
// signatures from current libraries generate a unique signature with an s-value in the lower half order.
//
// If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value
// with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or
// vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept
// these malleable signatures as well.
if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
return (address(0), RecoverError.InvalidSignatureS);
}
// If the signature is valid (and not malleable), return the signer address
address signer = ecrecover(hash, v, r, s);
if (signer == address(0)) {
return (address(0), RecoverError.InvalidSignature);
}
return (signer, RecoverError.NoError);
}
/**
* @dev Overload of {ECDSA-recover} that receives the `v`,
* `r` and `s` signature fields separately.
*/
function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {
(address recovered, RecoverError error) = tryRecover(hash, v, r, s);
_throwError(error);
return recovered;
}
/**
* @dev Returns an Ethereum Signed Message, created from a `hash`. This
* produces hash corresponding to the one signed with the
* https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]
* JSON-RPC method as part of EIP-191.
*
* See {recover}.
*/
function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32 message) {
// 32 is the length in bytes of hash,
// enforced by the type signature above
/// @solidity memory-safe-assembly
assembly {
mstore(0x00, "\\x19Ethereum Signed Message:\
32")
mstore(0x1c, hash)
message := keccak256(0x00, 0x3c)
}
}
/**
* @dev Returns an Ethereum Signed Message, created from `s`. This
* produces hash corresponding to the one signed with the
* https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]
* JSON-RPC method as part of EIP-191.
*
* See {recover}.
*/
function toEthSignedMessageHash(bytes memory s) internal pure returns (bytes32) {
return keccak256(abi.encodePacked("\\x19Ethereum Signed Message:\
", Strings.toString(s.length), s));
}
/**
* @dev Returns an Ethereum Signed Typed Data, created from a
* `domainSeparator` and a `structHash`. This produces hash corresponding
* to the one signed with the
* https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`]
* JSON-RPC method as part of EIP-712.
*
* See {recover}.
*/
function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 data) {
/// @solidity memory-safe-assembly
assembly {
let ptr := mload(0x40)
mstore(ptr, "\\x19\\x01")
mstore(add(ptr, 0x02), domainSeparator)
mstore(add(ptr, 0x22), structHash)
data := keccak256(ptr, 0x42)
}
}
/**
* @dev Returns an Ethereum Signed Data with intended validator, created from a
* `validator` and `data` according to the version 0 of EIP-191.
*
* See {recover}.
*/
function toDataWithIntendedValidatorHash(address validator, bytes memory data) internal pure returns (bytes32) {
return keccak256(abi.encodePacked("\\x19\\x00", validator, data));
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)
pragma solidity ^0.8.0;
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract Context {
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)
pragma solidity ^0.8.1;
/**
* @dev Collection of functions related to the address type
*/
library Address {
/**
* @dev Returns true if `account` is a contract.
*
* [IMPORTANT]
* ====
* It is unsafe to assume that an address for which this function returns
* false is an externally-owned account (EOA) and not a contract.
*
* Among others, `isContract` will return false for the following
* types of addresses:
*
* - an externally-owned account
* - a contract in construction
* - an address where a contract will be created
* - an address where a contract lived, but was destroyed
*
* Furthermore, `isContract` will also return true if the target contract within
* the same transaction is already scheduled for destruction by `SELFDESTRUCT`,
* which only has an effect at the end of a transaction.
* ====
*
* [IMPORTANT]
* ====
* You shouldn't rely on `isContract` to protect against flash loan attacks!
*
* Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
* like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
* constructor.
* ====
*/
function isContract(address account) internal view returns (bool) {
// This method relies on extcodesize/address.code.length, which returns 0
// for contracts in construction, since the code is only stored at the end
// of the constructor execution.
return account.code.length > 0;
}
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
require(address(this).balance >= amount, "Address: insufficient balance");
(bool success, ) = recipient.call{value: amount}("");
require(success, "Address: unable to send value, recipient may have reverted");
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason, it is bubbled up by this
* function (like regular Solidity function calls).
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*
* _Available since v3.1._
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, "Address: low-level call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
* `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*
* _Available since v3.1._
*/
function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
}
/**
* @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
* with `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value,
string memory errorMessage
) internal returns (bytes memory) {
require(address(this).balance >= value, "Address: insufficient balance for call");
(bool success, bytes memory returndata) = target.call{value: value}(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
return functionStaticCall(target, data, "Address: low-level static call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(
address target,
bytes memory data,
string memory errorMessage
) internal view returns (bytes memory) {
(bool success, bytes memory returndata) = target.staticcall(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
return functionDelegateCall(target, data, "Address: low-level delegate call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
(bool success, bytes memory returndata) = target.delegatecall(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling
* the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.
*
* _Available since v4.8._
*/
function verifyCallResultFromTarget(
address target,
bool success,
bytes memory returndata,
string memory errorMessage
) internal view returns (bytes memory) {
if (success) {
if (returndata.length == 0) {
// only check isContract if the call was successful and the return data is empty
// otherwise we already know that it was a contract
require(isContract(target), "Address: call to non-contract");
}
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
/**
* @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the
* revert reason or using the provided one.
*
* _Available since v4.3._
*/
function verifyCallResult(
bool success,
bytes memory returndata,
string memory errorMessage
) internal pure returns (bytes memory) {
if (success) {
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
function _revert(bytes memory returndata, string memory errorMessage) private pure {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly
/// @solidity memory-safe-assembly
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert(errorMessage);
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/ShortStrings.sol)
pragma solidity ^0.8.8;
import "./StorageSlot.sol";
// | string | 0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA |
// | length | 0x BB |
type ShortString is bytes32;
/**
* @dev This library provides functions to convert short memory strings
* into a `ShortString` type that can be used as an immutable variable.
*
* Strings of arbitrary length can be optimized using this library if
* they are short enough (up to 31 bytes) by packing them with their
* length (1 byte) in a single EVM word (32 bytes). Additionally, a
* fallback mechanism can be used for every other case.
*
* Usage example:
*
* ```solidity
* contract Named {
* using ShortStrings for *;
*
* ShortString private immutable _name;
* string private _nameFallback;
*
* constructor(string memory contractName) {
* _name = contractName.toShortStringWithFallback(_nameFallback);
* }
*
* function name() external view returns (string memory) {
* return _name.toStringWithFallback(_nameFallback);
* }
* }
* ```
*/
library ShortStrings {
// Used as an identifier for strings longer than 31 bytes.
bytes32 private constant _FALLBACK_SENTINEL = 0x00000000000000000000000000000000000000000000000000000000000000FF;
error StringTooLong(string str);
error InvalidShortString();
/**
* @dev Encode a string of at most 31 chars into a `ShortString`.
*
* This will trigger a `StringTooLong` error is the input string is too long.
*/
function toShortString(string memory str) internal pure returns (ShortString) {
bytes memory bstr = bytes(str);
if (bstr.length > 31) {
revert StringTooLong(str);
}
return ShortString.wrap(bytes32(uint256(bytes32(bstr)) | bstr.length));
}
/**
* @dev Decode a `ShortString` back to a "normal" string.
*/
function toString(ShortString sstr) internal pure returns (string memory) {
uint256 len = byteLength(sstr);
// using `new string(len)` would work locally but is not memory safe.
string memory str = new string(32);
/// @solidity memory-safe-assembly
assembly {
mstore(str, len)
mstore(add(str, 0x20), sstr)
}
return str;
}
/**
* @dev Return the length of a `ShortString`.
*/
function byteLength(ShortString sstr) internal pure returns (uint256) {
uint256 result = uint256(ShortString.unwrap(sstr)) & 0xFF;
if (result > 31) {
revert InvalidShortString();
}
return result;
}
/**
* @dev Encode a string into a `ShortString`, or write it to storage if it is too long.
*/
function toShortStringWithFallback(string memory value, string storage store) internal returns (ShortString) {
if (bytes(value).length < 32) {
return toShortString(value);
} else {
StorageSlot.getStringSlot(store).value = value;
return ShortString.wrap(_FALLBACK_SENTINEL);
}
}
/**
* @dev Decode a string that was encoded to `ShortString` or written to storage using {setWithFallback}.
*/
function toStringWithFallback(ShortString value, string storage store) internal pure returns (string memory) {
if (ShortString.unwrap(value) != _FALLBACK_SENTINEL) {
return toString(value);
} else {
return store;
}
}
/**
* @dev Return the length of a string that was encoded to `ShortString` or written to storage using {setWithFallback}.
*
* WARNING: This will return the "byte length" of the string. This may not reflect the actual length in terms of
* actual characters as the UTF-8 encoding of a single character can span over multiple bytes.
*/
function byteLengthWithFallback(ShortString value, string storage store) internal view returns (uint256) {
if (ShortString.unwrap(value) != _FALLBACK_SENTINEL) {
return byteLength(value);
} else {
return bytes(store).length;
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (interfaces/IERC5267.sol)
pragma solidity ^0.8.0;
interface IERC5267 {
/**
* @dev MAY be emitted to signal that the domain could have changed.
*/
event EIP712DomainChanged();
/**
* @dev returns the fields and values that describe the domain separator used by this contract for EIP-712
* signature.
*/
function eip712Domain()
external
view
returns (
bytes1 fields,
string memory name,
string memory version,
uint256 chainId,
address verifyingContract,
bytes32 salt,
uint256[] memory extensions
);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/Strings.sol)
pragma solidity ^0.8.0;
import "./math/Math.sol";
import "./math/SignedMath.sol";
/**
* @dev String operations.
*/
library Strings {
bytes16 private constant _SYMBOLS = "0123456789abcdef";
uint8 private constant _ADDRESS_LENGTH = 20;
/**
* @dev Converts a `uint256` to its ASCII `string` decimal representation.
*/
function toString(uint256 value) internal pure returns (string memory) {
unchecked {
uint256 length = Math.log10(value) + 1;
string memory buffer = new string(length);
uint256 ptr;
/// @solidity memory-safe-assembly
assembly {
ptr := add(buffer, add(32, length))
}
while (true) {
ptr--;
/// @solidity memory-safe-assembly
assembly {
mstore8(ptr, byte(mod(value, 10), _SYMBOLS))
}
value /= 10;
if (value == 0) break;
}
return buffer;
}
}
/**
* @dev Converts a `int256` to its ASCII `string` decimal representation.
*/
function toString(int256 value) internal pure returns (string memory) {
return string(abi.encodePacked(value < 0 ? "-" : "", toString(SignedMath.abs(value))));
}
/**
* @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.
*/
function toHexString(uint256 value) internal pure returns (string memory) {
unchecked {
return toHexString(value, Math.log256(value) + 1);
}
}
/**
* @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.
*/
function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {
bytes memory buffer = new bytes(2 * length + 2);
buffer[0] = "0";
buffer[1] = "x";
for (uint256 i = 2 * length + 1; i > 1; --i) {
buffer[i] = _SYMBOLS[value & 0xf];
value >>= 4;
}
require(value == 0, "Strings: hex length insufficient");
return string(buffer);
}
/**
* @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation.
*/
function toHexString(address addr) internal pure returns (string memory) {
return toHexString(uint256(uint160(addr)), _ADDRESS_LENGTH);
}
/**
* @dev Returns true if the two strings are equal.
*/
function equal(string memory a, string memory b) internal pure returns (bool) {
return keccak256(bytes(a)) == keccak256(bytes(b));
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/StorageSlot.sol)
// This file was procedurally generated from scripts/generate/templates/StorageSlot.js.
pragma solidity ^0.8.0;
/**
* @dev Library for reading and writing primitive types to specific storage slots.
*
* Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.
* This library helps with reading and writing to such slots without the need for inline assembly.
*
* The functions in this library return Slot structs that contain a `value` member that can be used to read or write.
*
* Example usage to set ERC1967 implementation slot:
* ```solidity
* contract ERC1967 {
* bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
*
* function _getImplementation() internal view returns (address) {
* return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
* }
*
* function _setImplementation(address newImplementation) internal {
* require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract");
* StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
* }
* }
* ```
*
* _Available since v4.1 for `address`, `bool`, `bytes32`, `uint256`._
* _Available since v4.9 for `string`, `bytes`._
*/
library StorageSlot {
struct AddressSlot {
address value;
}
struct BooleanSlot {
bool value;
}
struct Bytes32Slot {
bytes32 value;
}
struct Uint256Slot {
uint256 value;
}
struct StringSlot {
string value;
}
struct BytesSlot {
bytes value;
}
/**
* @dev Returns an `AddressSlot` with member `value` located at `slot`.
*/
function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `BooleanSlot` with member `value` located at `slot`.
*/
function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Bytes32Slot` with member `value` located at `slot`.
*/
function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Uint256Slot` with member `value` located at `slot`.
*/
function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `StringSlot` with member `value` located at `slot`.
*/
function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `StringSlot` representation of the string storage pointer `store`.
*/
function getStringSlot(string storage store) internal pure returns (StringSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := store.slot
}
}
/**
* @dev Returns an `BytesSlot` with member `value` located at `slot`.
*/
function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`.
*/
function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := store.slot
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/math/Math.sol)
pragma solidity ^0.8.0;
/**
* @dev Standard math utilities missing in the Solidity language.
*/
library Math {
enum Rounding {
Down, // Toward negative infinity
Up, // Toward infinity
Zero // Toward zero
}
/**
* @dev Returns the largest of two numbers.
*/
function max(uint256 a, uint256 b) internal pure returns (uint256) {
return a > b ? a : b;
}
/**
* @dev Returns the smallest of two numbers.
*/
function min(uint256 a, uint256 b) internal pure returns (uint256) {
return a < b ? a : b;
}
/**
* @dev Returns the average of two numbers. The result is rounded towards
* zero.
*/
function average(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b) / 2 can overflow.
return (a & b) + (a ^ b) / 2;
}
/**
* @dev Returns the ceiling of the division of two numbers.
*
* This differs from standard division with `/` in that it rounds up instead
* of rounding down.
*/
function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b - 1) / b can overflow on addition, so we distribute.
return a == 0 ? 0 : (a - 1) / b + 1;
}
/**
* @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or denominator == 0
* @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv)
* with further edits by Uniswap Labs also under MIT license.
*/
function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {
unchecked {
// 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use
// use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256
// variables such that product = prod1 * 2^256 + prod0.
uint256 prod0; // Least significant 256 bits of the product
uint256 prod1; // Most significant 256 bits of the product
assembly {
let mm := mulmod(x, y, not(0))
prod0 := mul(x, y)
prod1 := sub(sub(mm, prod0), lt(mm, prod0))
}
// Handle non-overflow cases, 256 by 256 division.
if (prod1 == 0) {
// Solidity will revert if denominator == 0, unlike the div opcode on its own.
// The surrounding unchecked block does not change this fact.
// See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.
return prod0 / denominator;
}
// Make sure the result is less than 2^256. Also prevents denominator == 0.
require(denominator > prod1, "Math: mulDiv overflow");
///////////////////////////////////////////////
// 512 by 256 division.
///////////////////////////////////////////////
// Make division exact by subtracting the remainder from [prod1 prod0].
uint256 remainder;
assembly {
// Compute remainder using mulmod.
remainder := mulmod(x, y, denominator)
// Subtract 256 bit number from 512 bit number.
prod1 := sub(prod1, gt(remainder, prod0))
prod0 := sub(prod0, remainder)
}
// Factor powers of two out of denominator and compute largest power of two divisor of denominator. Always >= 1.
// See https://cs.stackexchange.com/q/138556/92363.
// Does not overflow because the denominator cannot be zero at this stage in the function.
uint256 twos = denominator & (~denominator + 1);
assembly {
// Divide denominator by twos.
denominator := div(denominator, twos)
// Divide [prod1 prod0] by twos.
prod0 := div(prod0, twos)
// Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.
twos := add(div(sub(0, twos), twos), 1)
}
// Shift in bits from prod1 into prod0.
prod0 |= prod1 * twos;
// Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such
// that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for
// four bits. That is, denominator * inv = 1 mod 2^4.
uint256 inverse = (3 * denominator) ^ 2;
// Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also works
// in modular arithmetic, doubling the correct bits in each step.
inverse *= 2 - denominator * inverse; // inverse mod 2^8
inverse *= 2 - denominator * inverse; // inverse mod 2^16
inverse *= 2 - denominator * inverse; // inverse mod 2^32
inverse *= 2 - denominator * inverse; // inverse mod 2^64
inverse *= 2 - denominator * inverse; // inverse mod 2^128
inverse *= 2 - denominator * inverse; // inverse mod 2^256
// Because the division is now exact we can divide by multiplying with the modular inverse of denominator.
// This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is
// less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1
// is no longer required.
result = prod0 * inverse;
return result;
}
}
/**
* @notice Calculates x * y / denominator with full precision, following the selected rounding direction.
*/
function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {
uint256 result = mulDiv(x, y, denominator);
if (rounding == Rounding.Up && mulmod(x, y, denominator) > 0) {
result += 1;
}
return result;
}
/**
* @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded down.
*
* Inspired by Henry S. Warren, Jr.'s "Hacker's Delight" (Chapter 11).
*/
function sqrt(uint256 a) internal pure returns (uint256) {
if (a == 0) {
return 0;
}
// For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.
//
// We know that the "msb" (most significant bit) of our target number `a` is a power of 2 such that we have
// `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.
//
// This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`
// → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`
// → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`
//
// Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.
uint256 result = 1 << (log2(a) >> 1);
// At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,
// since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at
// every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision
// into the expected uint128 result.
unchecked {
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
return min(result, a / result);
}
}
/**
* @notice Calculates sqrt(a), following the selected rounding direction.
*/
function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = sqrt(a);
return result + (rounding == Rounding.Up && result * result < a ? 1 : 0);
}
}
/**
* @dev Return the log in base 2, rounded down, of a positive value.
* Returns 0 if given 0.
*/
function log2(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >> 128 > 0) {
value >>= 128;
result += 128;
}
if (value >> 64 > 0) {
value >>= 64;
result += 64;
}
if (value >> 32 > 0) {
value >>= 32;
result += 32;
}
if (value >> 16 > 0) {
value >>= 16;
result += 16;
}
if (value >> 8 > 0) {
value >>= 8;
result += 8;
}
if (value >> 4 > 0) {
value >>= 4;
result += 4;
}
if (value >> 2 > 0) {
value >>= 2;
result += 2;
}
if (value >> 1 > 0) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 2, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log2(value);
return result + (rounding == Rounding.Up && 1 << result < value ? 1 : 0);
}
}
/**
* @dev Return the log in base 10, rounded down, of a positive value.
* Returns 0 if given 0.
*/
function log10(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >= 10 ** 64) {
value /= 10 ** 64;
result += 64;
}
if (value >= 10 ** 32) {
value /= 10 ** 32;
result += 32;
}
if (value >= 10 ** 16) {
value /= 10 ** 16;
result += 16;
}
if (value >= 10 ** 8) {
value /= 10 ** 8;
result += 8;
}
if (value >= 10 ** 4) {
value /= 10 ** 4;
result += 4;
}
if (value >= 10 ** 2) {
value /= 10 ** 2;
result += 2;
}
if (value >= 10 ** 1) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 10, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log10(value);
return result + (rounding == Rounding.Up && 10 ** result < value ? 1 : 0);
}
}
/**
* @dev Return the log in base 256, rounded down, of a positive value.
* Returns 0 if given 0.
*
* Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.
*/
function log256(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >> 128 > 0) {
value >>= 128;
result += 16;
}
if (value >> 64 > 0) {
value >>= 64;
result += 8;
}
if (value >> 32 > 0) {
value >>= 32;
result += 4;
}
if (value >> 16 > 0) {
value >>= 16;
result += 2;
}
if (value >> 8 > 0) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 256, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log256(value);
return result + (rounding == Rounding.Up && 1 << (result << 3) < value ? 1 : 0);
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (utils/math/SignedMath.sol)
pragma solidity ^0.8.0;
/**
* @dev Standard signed math utilities missing in the Solidity language.
*/
library SignedMath {
/**
* @dev Returns the largest of two signed numbers.
*/
function max(int256 a, int256 b) internal pure returns (int256) {
return a > b ? a : b;
}
/**
* @dev Returns the smallest of two signed numbers.
*/
function min(int256 a, int256 b) internal pure returns (int256) {
return a < b ? a : b;
}
/**
* @dev Returns the average of two signed numbers without overflow.
* The result is rounded towards zero.
*/
function average(int256 a, int256 b) internal pure returns (int256) {
// Formula from the book "Hacker's Delight"
int256 x = (a & b) + ((a ^ b) >> 1);
return x + (int256(uint256(x) >> 255) & (a ^ b));
}
/**
* @dev Returns the absolute unsigned value of a signed value.
*/
function abs(int256 n) internal pure returns (uint256) {
unchecked {
// must be unchecked in order to support `n = type(int256).min`
return uint256(n >= 0 ? n : -n);
}
}
}
File 5 of 6: ModuleTrades
// SPDX-License-Identifier: BSL-1.1
pragma solidity 0.8.19;
import "./PaymentProcessorModule.sol";
/*
@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@(
@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@
#@@@@@@@@@@@@@@
@@@@@@@@@@@@
@@@@@@@@@@@@@@* @@@@@@@@@@@@
@@@@@@@@@@@@@@@ @ @@@@@@@@@@@@
@@@@@@@@@@@@@@@ @ @@@@@@@@@@@
@@@@@@@@@@@@@@@ @@ @@@@@@@@@@@@
@@@@@@@@@@@@@@@ #@@ @@@@@@@@@@@@/
@@@@@@@@@@@@@@. @@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@&%%%%%%%%&&@@@@@@@@@@@@@@
@@@@@@@@@@@@@@ @@@@@ @@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@ @@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@@ @@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@@@ @@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@@@ @@@@@@@@@@@&
@@@@@@@@@@@@@@ *@@@@@@@ (@@@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@@@@ @@@@@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
.@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@% @@@@@@@@@@@@@@@@@@@@@@@@(
@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@&
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
* @title Payment Processor
* @custom:version 2.0.0
* @author Limit Break, Inc.
*/
contract ModuleTrades is PaymentProcessorModule {
constructor(address configurationContract) PaymentProcessorModule(configurationContract){}
/**
* @notice Executes a buy listing transaction for a single order item.
*
* @dev Throws when the maker's nonce has already been used or has been cancelled.
* @dev Throws when the order has expired.
* @dev Throws when the combined marketplace and royalty fee exceeds 100%.
* @dev Throws when the taker fee on top exceeds 100% of the item sale price.
* @dev Throws when the maker's master nonce does not match the order details.
* @dev Throws when the order does not comply with the collection payment settings.
* @dev Throws when the maker's signature is invalid.
* @dev Throws when the order is a cosigned order and the cosignature is invalid.
* @dev Throws when the transaction originates from an untrusted channel if untrusted channels are blocked.
* @dev Throws when the maker or taker is a banned account for the collection.
* @dev Throws when the taker does not have or did not send sufficient funds to complete the purchase.
* @dev Throws when the token transfer fails for any reason such as lack of approvals or token no longer owned by maker.
* @dev Throws when the maker has revoked the order digest on a ERC1155_PARTIAL_FILL order.
* @dev Throws when the order is an ERC1155_PARTIAL_FILL order and the item price is not evenly divisible by the amount.
* @dev Throws when the order is an ERC1155_PARTIAL_FILL order and the remaining fillable quantity is less than the requested minimum fill amount.
* @dev Any unused native token payment will be returned to the taker as wrapped native token.
*
* @dev <h4>Postconditions:</h4>
* @dev 1. Payment amounts and fees are sent to their respective recipients.
* @dev 2. Purchased tokens are sent to the beneficiary.
* @dev 3. Maker's nonce is marked as used for ERC721_FILL_OR_KILL and ERC1155_FILL_OR_KILL orders.
* @dev 4. Maker's partially fillable order state is updated for ERC1155_PARTIAL_FILL orders.
* @dev 5. An `BuyListingERC721` event has been emitted for a ERC721 purchase.
* @dev 6. An `BuyListingERC1155` event has been emitted for a ERC1155 purchase.
* @dev 7. A `NonceInvalidated` event has been emitted for a ERC721_FILL_OR_KILL or ERC1155_FILL_OR_KILL order.
* @dev 8. A `OrderDigestInvalidated` event has been emitted for a ERC1155_PARTIAL_FILL order, if fully filled.
*
* @param domainSeparator The domain separator to be used when verifying the order signature.
* @param saleDetails The order execution details.
* @param sellerSignature The maker's signature authorizing the order execution.
* @param cosignature The additional cosignature for a cosigned order, if applicable.
* @param feeOnTop The additional fee to add on top of the order, paid by taker.
*/
function buyListing(
bytes32 domainSeparator,
Order memory saleDetails,
SignatureECDSA memory sellerSignature,
Cosignature memory cosignature,
FeeOnTop memory feeOnTop
) public payable {
uint256 appendedDataLength;
unchecked {
appendedDataLength = msg.data.length - BASE_MSG_LENGTH_BUY_LISTING;
}
TradeContext memory context = TradeContext({
domainSeparator: domainSeparator,
channel: msg.sender,
taker: appendedDataLength == 20 ? _msgSender() : msg.sender,
disablePartialFill: true
});
uint256 remainingNativeProceeds =
_executeOrderBuySide(
context,
msg.value,
saleDetails,
sellerSignature,
cosignature,
feeOnTop
);
if (remainingNativeProceeds > 0) {
_pushProceeds(wrappedNativeCoinAddress, remainingNativeProceeds, gasleft());
IERC20(wrappedNativeCoinAddress).
transferFrom(address(this), context.taker, remainingNativeProceeds);
}
}
/**
* @notice Executes an offer accept transaction for a single order item.
*
* @dev Throws when the maker's nonce has already been used or has been cancelled.
* @dev Throws when the order has expired.
* @dev Throws when the combined marketplace and royalty fee exceeds 100%.
* @dev Throws when the taker fee on top exceeds 100% of the item sale price.
* @dev Throws when the maker's master nonce does not match the order details.
* @dev Throws when the order does not comply with the collection payment settings.
* @dev Throws when the maker's signature is invalid.
* @dev Throws when the order is a cosigned order and the cosignature is invalid.
* @dev Throws when the transaction originates from an untrusted channel if untrusted channels are blocked.
* @dev Throws when the maker or taker is a banned account for the collection.
* @dev Throws when the maker does not have sufficient funds to complete the purchase.
* @dev Throws when the token transfer fails for any reason such as lack of approvals or token not owned by the taker.
* @dev Throws when the token the offer is being accepted for does not match the conditions set by the maker.
* @dev Throws when the maker has revoked the order digest on a ERC1155_PARTIAL_FILL order.
* @dev Throws when the order is an ERC1155_PARTIAL_FILL order and the item price is not evenly divisible by the amount.
* @dev Throws when the order is an ERC1155_PARTIAL_FILL order and the remaining fillable quantity is less than the requested minimum fill amount.
*
* @dev <h4>Postconditions:</h4>
* @dev 1. Payment amounts and fees are sent to their respective recipients.
* @dev 2. Purchased tokens are sent to the beneficiary.
* @dev 3. Maker's nonce is marked as used for ERC721_FILL_OR_KILL and ERC1155_FILL_OR_KILL orders.
* @dev 4. Maker's partially fillable order state is updated for ERC1155_PARTIAL_FILL orders.
* @dev 5. An `AcceptOfferERC721` event has been emitted for a ERC721 sale.
* @dev 6. An `AcceptOfferERC1155` event has been emitted for a ERC1155 sale.
* @dev 7. A `NonceInvalidated` event has been emitted for a ERC721_FILL_OR_KILL or ERC1155_FILL_OR_KILL order.
* @dev 8. A `OrderDigestInvalidated` event has been emitted for a ERC1155_PARTIAL_FILL order, if fully filled.
*
* @param domainSeparator The domain separator to be used when verifying the order signature.
* @param isCollectionLevelOffer The flag to indicate if an offer is for any token in the collection.
* @param saleDetails The order execution details.
* @param buyerSignature The maker's signature authorizing the order execution.
* @param tokenSetProof The root hash and merkle proofs for an offer that is a subset of tokens in a collection.
* @param cosignature The additional cosignature for a cosigned order, if applicable.
* @param feeOnTop The additional fee to add on top of the order, paid by taker.
*/
function acceptOffer(
bytes32 domainSeparator,
bool isCollectionLevelOffer,
Order memory saleDetails,
SignatureECDSA memory buyerSignature,
TokenSetProof memory tokenSetProof,
Cosignature memory cosignature,
FeeOnTop memory feeOnTop
) public {
uint256 appendedDataLength;
unchecked {
appendedDataLength =
msg.data.length -
BASE_MSG_LENGTH_ACCEPT_OFFER -
(PROOF_ELEMENT_SIZE * tokenSetProof.proof.length);
}
_executeOrderSellSide(
TradeContext({
domainSeparator: domainSeparator,
channel: msg.sender,
taker: appendedDataLength == 20 ? _msgSender() : msg.sender,
disablePartialFill: true
}),
isCollectionLevelOffer,
saleDetails,
buyerSignature,
tokenSetProof,
cosignature,
feeOnTop);
}
/**
* @notice Executes a buy listing transaction for multiple order items.
*
* @dev Throws when a maker's nonce has already been used or has been cancelled.
* @dev Throws when any order has expired.
* @dev Throws when any combined marketplace and royalty fee exceeds 100%.
* @dev Throws when any taker fee on top exceeds 100% of the item sale price.
* @dev Throws when a maker's master nonce does not match the order details.
* @dev Throws when an order does not comply with the collection payment settings.
* @dev Throws when a maker's signature is invalid.
* @dev Throws when an order is a cosigned order and the cosignature is invalid.
* @dev Throws when the transaction originates from an untrusted channel if untrusted channels are blocked.
* @dev Throws when any maker or taker is a banned account for the collection.
* @dev Throws when the taker does not have or did not send sufficient funds to complete the purchase.
* @dev Throws when a maker has revoked the order digest on a ERC1155_PARTIAL_FILL order.
* @dev Throws when an order is an ERC1155_PARTIAL_FILL order and the item price is not evenly divisible by the amount.
* @dev Throws when an order is an ERC1155_PARTIAL_FILL order and the remaining fillable quantity is less than the requested minimum fill amount.
* @dev Will NOT throw when a token fails to transfer but also will not disperse payments for failed items.
* @dev Any unused native token payment will be returned to the taker as wrapped native token.
*
* @dev <h4>Postconditions:</h4>
* @dev 1. Payment amounts and fees are sent to their respective recipients.
* @dev 2. Purchased tokens are sent to the beneficiary.
* @dev 3. Makers nonces are marked as used for ERC721_FILL_OR_KILL and ERC1155_FILL_OR_KILL orders.
* @dev 4. Makers partially fillable order states are updated for ERC1155_PARTIAL_FILL orders.
* @dev 5. `BuyListingERC721` events have been emitted for each ERC721 purchase.
* @dev 6. `BuyListingERC1155` events have been emitted for each ERC1155 purchase.
* @dev 7. A `NonceInvalidated` event has been emitted for each ERC721_FILL_OR_KILL or ERC1155_FILL_OR_KILL order.
* @dev 8. A `OrderDigestInvalidated` event has been emitted for each ERC1155_PARTIAL_FILL order, if fully filled.
*
* @param domainSeparator The domain separator to be used when verifying the order signature.
* @param saleDetailsArray An array of order execution details.
* @param sellerSignatures An array of maker signatures authorizing the order execution.
* @param cosignatures An array of additional cosignatures for cosigned orders, if applicable.
* @param feesOnTop An array of additional fees to add on top of the orders, paid by taker.
*/
function bulkBuyListings(
bytes32 domainSeparator,
Order[] calldata saleDetailsArray,
SignatureECDSA[] calldata sellerSignatures,
Cosignature[] calldata cosignatures,
FeeOnTop[] calldata feesOnTop
) public payable {
if (saleDetailsArray.length != sellerSignatures.length) {
revert PaymentProcessor__InputArrayLengthMismatch();
}
if (saleDetailsArray.length != cosignatures.length) {
revert PaymentProcessor__InputArrayLengthMismatch();
}
if (saleDetailsArray.length != feesOnTop.length) {
revert PaymentProcessor__InputArrayLengthMismatch();
}
if (saleDetailsArray.length == 0) {
revert PaymentProcessor__InputArrayLengthCannotBeZero();
}
uint256 remainingNativeProceeds = msg.value;
uint256 appendedDataLength;
unchecked {
appendedDataLength =
msg.data.length -
BASE_MSG_LENGTH_BULK_BUY_LISTINGS -
(BASE_MSG_LENGTH_BULK_BUY_LISTINGS_PER_ITEM * saleDetailsArray.length);
}
TradeContext memory context = TradeContext({
domainSeparator: domainSeparator,
channel: msg.sender,
taker: appendedDataLength == 20 ? _msgSender() : msg.sender,
disablePartialFill: false
});
Order memory saleDetails;
SignatureECDSA memory sellerSignature;
Cosignature memory cosignature;
FeeOnTop memory feeOnTop;
for (uint256 i = 0; i < saleDetailsArray.length;) {
saleDetails = saleDetailsArray[i];
sellerSignature = sellerSignatures[i];
cosignature = cosignatures[i];
feeOnTop = feesOnTop[i];
if(saleDetails.paymentMethod == address(0)) {
remainingNativeProceeds =
_executeOrderBuySide(
context,
remainingNativeProceeds,
saleDetails,
sellerSignature,
cosignature,
feeOnTop);
} else {
_executeOrderBuySide(context, 0, saleDetails, sellerSignature, cosignature, feeOnTop);
}
unchecked {
++i;
}
}
if (remainingNativeProceeds > 0) {
_pushProceeds(wrappedNativeCoinAddress, remainingNativeProceeds, gasleft());
IERC20(wrappedNativeCoinAddress).
transferFrom(address(this), context.taker, remainingNativeProceeds);
}
}
/**
* @notice Executes an accept offer transaction for multiple order items.
*
* @dev Throws when a maker's nonce has already been used or has been cancelled.
* @dev Throws when any order has expired.
* @dev Throws when any combined marketplace and royalty fee exceeds 100%.
* @dev Throws when any taker fee on top exceeds 100% of the item sale price.
* @dev Throws when a maker's master nonce does not match the order details.
* @dev Throws when an order does not comply with the collection payment settings.
* @dev Throws when a maker's signature is invalid.
* @dev Throws when an order is a cosigned order and the cosignature is invalid.
* @dev Throws when the transaction originates from an untrusted channel if untrusted channels are blocked.
* @dev Throws when any maker or taker is a banned account for the collection.
* @dev Throws when a maker does not have sufficient funds to complete the purchase.
* @dev Throws when the token an offer is being accepted for does not match the conditions set by the maker.
* @dev Throws when a maker has revoked the order digest on a ERC1155_PARTIAL_FILL order.
* @dev Throws when an order is an ERC1155_PARTIAL_FILL order and the item price is not evenly divisible by the amount.
* @dev Throws when an order is an ERC1155_PARTIAL_FILL order and the remaining fillable quantity is less than the requested minimum fill amount.
* @dev Will NOT throw when a token fails to transfer but also will not disperse payments for failed items.
*
* @dev <h4>Postconditions:</h4>
* @dev 1. Payment amounts and fees are sent to their respective recipients.
* @dev 2. Purchased tokens are sent to the beneficiary.
* @dev 3. Makers nonces are marked as used for ERC721_FILL_OR_KILL and ERC1155_FILL_OR_KILL orders.
* @dev 4. Makers partially fillable order states are updated for ERC1155_PARTIAL_FILL orders.
* @dev 5. `AcceptOfferERC721` events have been emitted for each ERC721 sale.
* @dev 6. `AcceptOfferERC1155` events have been emitted for each ERC1155 sale.
* @dev 7. A `NonceInvalidated` event has been emitted for each ERC721_FILL_OR_KILL or ERC1155_FILL_OR_KILL order.
* @dev 8. A `OrderDigestInvalidated` event has been emitted for each ERC1155_PARTIAL_FILL order, if fully filled.
*
* @param domainSeparator The domain separator to be used when verifying the order signature.
* @param params The parameters for the bulk offers being accepted.
*/
function bulkAcceptOffers(
bytes32 domainSeparator,
BulkAcceptOffersParams memory params
) public {
if (params.saleDetailsArray.length != params.isCollectionLevelOfferArray.length) {
revert PaymentProcessor__InputArrayLengthMismatch();
}
if (params.saleDetailsArray.length != params.buyerSignaturesArray.length) {
revert PaymentProcessor__InputArrayLengthMismatch();
}
if (params.saleDetailsArray.length != params.tokenSetProofsArray.length) {
revert PaymentProcessor__InputArrayLengthMismatch();
}
if (params.saleDetailsArray.length != params.cosignaturesArray.length) {
revert PaymentProcessor__InputArrayLengthMismatch();
}
if (params.saleDetailsArray.length != params.feesOnTopArray.length) {
revert PaymentProcessor__InputArrayLengthMismatch();
}
if (params.saleDetailsArray.length == 0) {
revert PaymentProcessor__InputArrayLengthCannotBeZero();
}
uint256 appendedDataLength;
unchecked {
appendedDataLength =
msg.data.length -
BASE_MSG_LENGTH_BULK_ACCEPT_OFFERS -
(BASE_MSG_LENGTH_BULK_ACCEPT_OFFERS_PER_ITEM * params.saleDetailsArray.length);
for (uint256 i = 0; i < params.tokenSetProofsArray.length;) {
appendedDataLength -= PROOF_ELEMENT_SIZE * params.tokenSetProofsArray[i].proof.length;
++i;
}
}
TradeContext memory context = TradeContext({
domainSeparator: domainSeparator,
channel: msg.sender,
taker: appendedDataLength == 20 ? _msgSender() : msg.sender,
disablePartialFill: false
});
for (uint256 i = 0; i < params.saleDetailsArray.length;) {
_executeOrderSellSide(
context,
params.isCollectionLevelOfferArray[i],
params.saleDetailsArray[i],
params.buyerSignaturesArray[i],
params.tokenSetProofsArray[i],
params.cosignaturesArray[i],
params.feesOnTopArray[i]);
unchecked {
++i;
}
}
}
}
// SPDX-License-Identifier: BSL-1.1
pragma solidity 0.8.19;
import "../IOwnable.sol";
import "../interfaces/IPaymentProcessorConfiguration.sol";
import "../interfaces/IPaymentProcessorEvents.sol";
import "../storage/PaymentProcessorStorageAccess.sol";
import "../Constants.sol";
import "../Errors.sol";
import "@openzeppelin/contracts/access/IAccessControl.sol";
import "@openzeppelin/contracts/interfaces/IERC1271.sol";
import "@openzeppelin/contracts/interfaces/IERC2981.sol";
import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
import "@openzeppelin/contracts/token/ERC721/IERC721.sol";
import "@openzeppelin/contracts/token/ERC1155/IERC1155.sol";
import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
import "@openzeppelin/contracts/utils/cryptography/MerkleProof.sol";
import {TrustedForwarderERC2771Context} from "@limitbreak/trusted-forwarder/TrustedForwarderERC2771Context.sol";
/*
@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@(
@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@
#@@@@@@@@@@@@@@
@@@@@@@@@@@@
@@@@@@@@@@@@@@* @@@@@@@@@@@@
@@@@@@@@@@@@@@@ @ @@@@@@@@@@@@
@@@@@@@@@@@@@@@ @ @@@@@@@@@@@
@@@@@@@@@@@@@@@ @@ @@@@@@@@@@@@
@@@@@@@@@@@@@@@ #@@ @@@@@@@@@@@@/
@@@@@@@@@@@@@@. @@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@&%%%%%%%%&&@@@@@@@@@@@@@@
@@@@@@@@@@@@@@ @@@@@ @@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@ @@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@@ @@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@@@ @@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@@@ @@@@@@@@@@@&
@@@@@@@@@@@@@@ *@@@@@@@ (@@@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@@@@ @@@@@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
.@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@% @@@@@@@@@@@@@@@@@@@@@@@@(
@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@&
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
* @title Payment Processor
* @custom:version 2.0.0
* @author Limit Break, Inc.
*/
abstract contract PaymentProcessorModule is
TrustedForwarderERC2771Context,
PaymentProcessorStorageAccess,
IPaymentProcessorEvents {
using EnumerableSet for EnumerableSet.AddressSet;
// Recommendations For Default Immutable Payment Methods Per Chain
// Default Payment Method 1: Wrapped Native Coin
// Default Payment Method 2: Wrapped ETH
// Default Payment Method 3: USDC (Native)
// Default Payment Method 4: USDC (Bridged)
/// @dev The amount of gas units to be supplied with native token transfers.
uint256 private immutable pushPaymentGasLimit;
/// @dev The address of the ERC20 contract used for wrapped native token.
address public immutable wrappedNativeCoinAddress;
/// @dev The first default payment method defined at contract deployment. Immutable to save SLOAD cost.
address private immutable defaultPaymentMethod1;
/// @dev The second default payment method defined at contract deployment. Immutable to save SLOAD cost.
address private immutable defaultPaymentMethod2;
/// @dev The third default payment method defined at contract deployment. Immutable to save SLOAD cost.
address private immutable defaultPaymentMethod3;
/// @dev The fourth default payment method defined at contract deployment. Immutable to save SLOAD cost.
address private immutable defaultPaymentMethod4;
constructor(address configurationContract)
TrustedForwarderERC2771Context(
IPaymentProcessorConfiguration(configurationContract).getPaymentProcessorModuleERC2771ContextParams()
) {
(
uint32 pushPaymentGasLimit_,
address wrappedNativeCoinAddress_,
DefaultPaymentMethods memory defaultPaymentMethods
) = IPaymentProcessorConfiguration(configurationContract).getPaymentProcessorModuleDeploymentParams();
if (pushPaymentGasLimit_ == 0 || wrappedNativeCoinAddress_ == address(0)) {
revert PaymentProcessor__InvalidConstructorArguments();
}
pushPaymentGasLimit = pushPaymentGasLimit_;
wrappedNativeCoinAddress = wrappedNativeCoinAddress_;
defaultPaymentMethod1 = defaultPaymentMethods.defaultPaymentMethod1;
defaultPaymentMethod2 = defaultPaymentMethods.defaultPaymentMethod2;
defaultPaymentMethod3 = defaultPaymentMethods.defaultPaymentMethod3;
defaultPaymentMethod4 = defaultPaymentMethods.defaultPaymentMethod4;
}
/*************************************************************************/
/* Default Payment Methods */
/*************************************************************************/
/**
* @notice Returns true if `paymentMethod` is a default payment method.
*
* @dev This function will return true if the default payment method was added after contract deployment.
*/
function _isDefaultPaymentMethod(address paymentMethod) internal view returns (bool) {
if (paymentMethod == address(0)) {
return true;
} else if (paymentMethod == defaultPaymentMethod1) {
return true;
} else if (paymentMethod == defaultPaymentMethod2) {
return true;
} else if (paymentMethod == defaultPaymentMethod3) {
return true;
} else if (paymentMethod == defaultPaymentMethod4) {
return true;
} else {
// If it isn't one of the gas efficient immutable default payment methods,
// it may have bee added to the fallback default payment method whitelist,
// but there are SLOAD costs.
return appStorage().collectionPaymentMethodWhitelists[DEFAULT_PAYMENT_METHOD_WHITELIST_ID].contains(paymentMethod);
}
}
/**
* @notice Returns an array of the default payment methods defined at contract deployment.
*
* @dev This array will **NOT** include default payment methods added after contract deployment.
*/
function _getDefaultPaymentMethods() internal view returns (address[] memory) {
address[] memory defaultPaymentMethods = new address[](5);
defaultPaymentMethods[0] = address(0);
defaultPaymentMethods[1] = defaultPaymentMethod1;
defaultPaymentMethods[2] = defaultPaymentMethod2;
defaultPaymentMethods[3] = defaultPaymentMethod3;
defaultPaymentMethods[4] = defaultPaymentMethod4;
return defaultPaymentMethods;
}
/*************************************************************************/
/* Order Execution */
/*************************************************************************/
/**
* @notice Checks order validation and fulfills a buy listing order.
*
* @dev This function may be called multiple times during a bulk execution.
* @dev Throws when a partial fill order is not equally divisible by the number of items in the order.
*
* @param context The current execution context to determine the taker.
* @param startingNativeFunds The amount of native funds available at the beginning of the order execution.
* @param saleDetails The order execution details.
* @param signedSellOrder The maker's signature authorizing the order execution.
* @param cosignature The additional cosignature for a cosigned order, if applicable.
* @param feeOnTop The additional fee to add on top of the order, paid by taker.
*
* @return endingNativeFunds The amount of native funds available at the end of the order execution.
*/
function _executeOrderBuySide(
TradeContext memory context,
uint256 startingNativeFunds,
Order memory saleDetails,
SignatureECDSA memory signedSellOrder,
Cosignature memory cosignature,
FeeOnTop memory feeOnTop
) internal returns (uint256 endingNativeFunds) {
uint248 quantityToFill = _verifySaleApproval(
context,
saleDetails,
signedSellOrder,
cosignature);
if (quantityToFill != saleDetails.amount) {
if (saleDetails.itemPrice % saleDetails.amount != 0) {
revert PaymentProcessor__PartialFillsNotSupportedForNonDivisibleItems();
}
saleDetails.itemPrice = saleDetails.itemPrice / saleDetails.amount * quantityToFill;
saleDetails.amount = quantityToFill;
}
RoyaltyBackfillAndBounty memory royaltyBackfillAndBounty = _validateBasicOrderDetails(context, saleDetails);
endingNativeFunds = _fulfillSingleOrderWithFeeOnTop(
startingNativeFunds,
context,
context.taker,
saleDetails.maker,
IERC20(saleDetails.paymentMethod),
_getOrderFulfillmentFunctionPointers(Sides.Buy, saleDetails.paymentMethod, saleDetails.protocol),
saleDetails,
royaltyBackfillAndBounty,
feeOnTop);
}
/**
* @notice Checks order validation and fulfills an offer acceptance.
*
* @dev This function may be called multiple times during a bulk execution.
* @dev Throws when the payment method is the chain native token.
* @dev Throws when the supplied token for a token set offer cannot be validated with the root hash and proof.
* @dev Throws when a partial fill order is not equally divisible by the number of items in the order.
*
* @param context The current execution context to determine the taker.
* @param isCollectionLevelOrder The flag to indicate if an offer is for any token in the collection.
* @param saleDetails The order execution details.
* @param buyerSignature The maker's signature authorizing the order execution.
* @param tokenSetProof The root hash and merkle proofs for an offer that is a subset of tokens in a collection.
* @param cosignature The additional cosignature for a cosigned order, if applicable.
* @param feeOnTop The additional fee to add on top of the order, paid by taker.
*/
function _executeOrderSellSide(
TradeContext memory context,
bool isCollectionLevelOrder,
Order memory saleDetails,
SignatureECDSA memory buyerSignature,
TokenSetProof memory tokenSetProof,
Cosignature memory cosignature,
FeeOnTop memory feeOnTop
) internal {
if (saleDetails.paymentMethod == address(0)) {
revert PaymentProcessor__BadPaymentMethod();
}
uint248 quantityToFill;
if (isCollectionLevelOrder) {
if (tokenSetProof.rootHash == bytes32(0)) {
quantityToFill = _verifyCollectionOffer(
context,
saleDetails,
buyerSignature,
cosignature);
} else {
if(!MerkleProof.verify(
tokenSetProof.proof,
tokenSetProof.rootHash,
keccak256(abi.encode(saleDetails.tokenAddress, saleDetails.tokenId)))) {
revert PaymentProcessor__IncorrectTokenSetMerkleProof();
}
quantityToFill = _verifyTokenSetOffer(
context,
saleDetails,
buyerSignature,
tokenSetProof,
cosignature);
}
} else {
quantityToFill = _verifyItemOffer(
context,
saleDetails,
buyerSignature,
cosignature);
}
if (quantityToFill != saleDetails.amount) {
if (saleDetails.itemPrice % saleDetails.amount != 0) {
revert PaymentProcessor__PartialFillsNotSupportedForNonDivisibleItems();
}
saleDetails.itemPrice = saleDetails.itemPrice / saleDetails.amount * quantityToFill;
saleDetails.amount = quantityToFill;
}
RoyaltyBackfillAndBounty memory royaltyBackfillAndBounty = _validateBasicOrderDetails(context, saleDetails);
_fulfillSingleOrderWithFeeOnTop(
0,
context,
saleDetails.maker,
context.taker,
IERC20(saleDetails.paymentMethod),
_getOrderFulfillmentFunctionPointers(Sides.Sell, saleDetails.paymentMethod, saleDetails.protocol),
saleDetails,
royaltyBackfillAndBounty,
feeOnTop);
}
/**
* @notice Checks order validation and fulfills a sweep order.
*
* @dev Throws when the order protocol is for ERC1155 partial fills.
* @dev Throws when the `items`, `signedSellOrders` and `cosignatures` arrays have different lengths.
* @dev Throws when the `items` array length is zero.
*
* @param context The current execution context to determine the taker.
* @param startingNativeFunds The amount of native funds available at the beginning of the order execution.
* @param feeOnTop The additional fee to add on top of the orders, paid by taker.
* @param sweepOrder The order information that is common to all items in the sweep.
* @param items An array of items that contains the order information unique to each item.
* @param signedSellOrders An array of maker signatures authorizing the order execution.
* @param cosignatures An array of additional cosignatures for cosigned orders, if applicable.
*
* @return endingNativeFunds The amount of native funds available at the end of the order execution.
*/
function _executeSweepOrder(
TradeContext memory context,
uint256 startingNativeFunds,
FeeOnTop memory feeOnTop,
SweepOrder memory sweepOrder,
SweepItem[] memory items,
SignatureECDSA[] memory signedSellOrders,
Cosignature[] memory cosignatures
) internal returns (uint256 endingNativeFunds) {
if (sweepOrder.protocol == OrderProtocols.ERC1155_FILL_PARTIAL) {
revert PaymentProcessor__OrderProtocolERC1155FillPartialUnsupportedInSweeps();
}
if (items.length != signedSellOrders.length) {
revert PaymentProcessor__InputArrayLengthMismatch();
}
if (items.length != cosignatures.length) {
revert PaymentProcessor__InputArrayLengthMismatch();
}
if (items.length == 0) {
revert PaymentProcessor__InputArrayLengthCannotBeZero();
}
(Order[] memory saleDetailsBatch, RoyaltyBackfillAndBounty memory royaltyBackfillAndBounty) =
_validateSweepOrder(
context,
feeOnTop,
sweepOrder,
items,
signedSellOrders,
cosignatures
);
endingNativeFunds = _fulfillSweepOrderWithFeeOnTop(
context,
startingNativeFunds,
SweepCollectionComputeAndDistributeProceedsParams({
paymentCoin: IERC20(sweepOrder.paymentMethod),
fnPointers: _getOrderFulfillmentFunctionPointers(
Sides.Buy,
sweepOrder.paymentMethod,
sweepOrder.protocol),
feeOnTop: feeOnTop,
royaltyBackfillAndBounty: royaltyBackfillAndBounty,
saleDetailsBatch: saleDetailsBatch
})
);
}
/*************************************************************************/
/* Order Validation */
/*************************************************************************/
/**
* @notice Loads collection payment settings to validate a single item order.
*
* @dev This function may be called multiple times during a bulk execution.
* @dev Throws when a collection is set to block untrusted channels and the transaction originates
* @dev from an untrusted channel.
* @dev Throws when the maker or taker is a banned account for the collection.
* @dev Throws when the payment method is not an allowed payment method.
* @dev Throws when the sweep order is for ERC721 tokens and the amount is set to a value other than one.
* @dev Throws when the sweep order is for ERC1155 tokens and the amount is set to zero.
* @dev Throws when the marketplace fee and maximum royalty fee will exceed the sales price of an item.
* @dev Throws when the current block time is greater than the order expiration.
*
* @param context The current execution context to determine the taker.
* @param saleDetails The order execution details.
*
* @return royaltyBackfillAndBounty The on-chain royalty backfill and bounty information defined by the creator.
*/
function _validateBasicOrderDetails(
TradeContext memory context,
Order memory saleDetails
) private view returns (RoyaltyBackfillAndBounty memory royaltyBackfillAndBounty) {
if (saleDetails.protocol == OrderProtocols.ERC721_FILL_OR_KILL) {
if (saleDetails.amount != ONE) {
revert PaymentProcessor__AmountForERC721SalesMustEqualOne();
}
} else {
if (saleDetails.amount == 0) {
revert PaymentProcessor__AmountForERC1155SalesGreaterThanZero();
}
}
if (block.timestamp > saleDetails.expiration) {
revert PaymentProcessor__OrderHasExpired();
}
if (saleDetails.marketplaceFeeNumerator + saleDetails.maxRoyaltyFeeNumerator > FEE_DENOMINATOR) {
revert PaymentProcessor__MarketplaceAndRoyaltyFeesWillExceedSalePrice();
}
CollectionPaymentSettings storage paymentSettingsForCollection =
appStorage().collectionPaymentSettings[saleDetails.tokenAddress];
PaymentSettings paymentSettings = paymentSettingsForCollection.paymentSettings;
royaltyBackfillAndBounty.backfillNumerator = paymentSettingsForCollection.royaltyBackfillNumerator;
royaltyBackfillAndBounty.bountyNumerator = paymentSettingsForCollection.royaltyBountyNumerator;
if (paymentSettingsForCollection.blockBannedAccounts) {
EnumerableSet.AddressSet storage bannedAccounts =
appStorage().collectionBannedAccounts[saleDetails.tokenAddress];
if (bannedAccounts.contains(saleDetails.maker)) {
revert PaymentProcessor__MakerOrTakerIsBannedAccount();
}
if (bannedAccounts.contains(context.taker)) {
revert PaymentProcessor__MakerOrTakerIsBannedAccount();
}
}
if (paymentSettingsForCollection.blockTradesFromUntrustedChannels) {
EnumerableSet.AddressSet storage trustedChannels =
appStorage().collectionTrustedChannels[saleDetails.tokenAddress];
if (trustedChannels.length() > 0) {
if (!trustedChannels.contains(context.channel)) {
revert PaymentProcessor__TradeOriginatedFromUntrustedChannel();
}
}
}
if (paymentSettingsForCollection.royaltyBackfillNumerator > 0) {
royaltyBackfillAndBounty.backfillReceiver =
appStorage().collectionRoyaltyBackfillReceivers[saleDetails.tokenAddress];
}
if (paymentSettingsForCollection.isRoyaltyBountyExclusive) {
royaltyBackfillAndBounty.exclusiveMarketplace =
appStorage().collectionExclusiveBountyReceivers[saleDetails.tokenAddress];
}
if (paymentSettings == PaymentSettings.DefaultPaymentMethodWhitelist) {
if (!_isDefaultPaymentMethod(saleDetails.paymentMethod)) {
revert PaymentProcessor__PaymentCoinIsNotAnApprovedPaymentMethod();
}
} else if (paymentSettings == PaymentSettings.CustomPaymentMethodWhitelist) {
if (!appStorage().collectionPaymentMethodWhitelists[paymentSettingsForCollection.paymentMethodWhitelistId].contains(saleDetails.paymentMethod)) {
revert PaymentProcessor__PaymentCoinIsNotAnApprovedPaymentMethod();
}
} else if (paymentSettings == PaymentSettings.PricingConstraints) {
if (paymentSettingsForCollection.constrainedPricingPaymentMethod != saleDetails.paymentMethod) {
revert PaymentProcessor__PaymentCoinIsNotAnApprovedPaymentMethod();
}
_validateSalePriceInRange(
saleDetails.tokenAddress,
saleDetails.tokenId,
saleDetails.amount,
saleDetails.itemPrice);
} else if (paymentSettings == PaymentSettings.Paused) {
revert PaymentProcessor__TradingIsPausedForCollection();
}
}
/**
* @notice Loads collection payment settings to validate a sweep order.
*
* @dev Throws when a collection is set to block untrusted channels and the transaction originates
* @dev from an untrusted channel.
* @dev Throws when the payment method is not an allowed payment method.
* @dev Throws when the sweep order is for ERC721 tokens and the amount is set to a value other than one.
* @dev Throws when the sweep order is for ERC1155 tokens and the amount is set to zero.
* @dev Throws when the marketplace fee and maximum royalty fee will exceed the sales price of an item.
* @dev Throws when the current block time is greater than the order expiration.
* @dev Throws when the fee on top amount exceeds the sum of all items.
*
* @param context The current execution context to determine the taker.
* @param feeOnTop The additional fee to add on top of the orders, paid by taker.
* @param sweepOrder The order information that is common to all items in the sweep.
* @param items An array of items that contains the order information unique to each item.
* @param signedSellOrders An array of maker signatures authorizing the order execution.
* @param cosignatures An array of additional cosignatures for cosigned orders, if applicable.
*
* @return saleDetailsBatch An array of order execution details.
* @return royaltyBackfillAndBounty The on-chain royalty backfill and bounty information defined by the creator.
*/
function _validateSweepOrder(
TradeContext memory context,
FeeOnTop memory feeOnTop,
SweepOrder memory sweepOrder,
SweepItem[] memory items,
SignatureECDSA[] memory signedSellOrders,
Cosignature[] memory cosignatures
) private returns (Order[] memory saleDetailsBatch, RoyaltyBackfillAndBounty memory royaltyBackfillAndBounty) {
CollectionPaymentSettings storage paymentSettingsForCollection =
appStorage().collectionPaymentSettings[sweepOrder.tokenAddress];
PaymentSettings paymentSettings = paymentSettingsForCollection.paymentSettings;
royaltyBackfillAndBounty.backfillNumerator = paymentSettingsForCollection.royaltyBackfillNumerator;
royaltyBackfillAndBounty.bountyNumerator = paymentSettingsForCollection.royaltyBountyNumerator;
if (paymentSettingsForCollection.blockTradesFromUntrustedChannels) {
EnumerableSet.AddressSet storage trustedChannels =
appStorage().collectionTrustedChannels[sweepOrder.tokenAddress];
if (trustedChannels.length() > 0) {
if (!trustedChannels.contains(context.channel)) {
revert PaymentProcessor__TradeOriginatedFromUntrustedChannel();
}
}
}
if (paymentSettingsForCollection.royaltyBackfillNumerator > 0) {
royaltyBackfillAndBounty.backfillReceiver =
appStorage().collectionRoyaltyBackfillReceivers[sweepOrder.tokenAddress];
}
if (paymentSettingsForCollection.isRoyaltyBountyExclusive) {
royaltyBackfillAndBounty.exclusiveMarketplace =
appStorage().collectionExclusiveBountyReceivers[sweepOrder.tokenAddress];
}
if (paymentSettings == PaymentSettings.DefaultPaymentMethodWhitelist) {
if (!_isDefaultPaymentMethod(sweepOrder.paymentMethod)) {
revert PaymentProcessor__PaymentCoinIsNotAnApprovedPaymentMethod();
}
} else if (paymentSettings == PaymentSettings.CustomPaymentMethodWhitelist) {
if (!appStorage().collectionPaymentMethodWhitelists[paymentSettingsForCollection.paymentMethodWhitelistId].contains(sweepOrder.paymentMethod)) {
revert PaymentProcessor__PaymentCoinIsNotAnApprovedPaymentMethod();
}
} else if (paymentSettings == PaymentSettings.PricingConstraints) {
if (paymentSettingsForCollection.constrainedPricingPaymentMethod != sweepOrder.paymentMethod) {
revert PaymentProcessor__PaymentCoinIsNotAnApprovedPaymentMethod();
}
} else if (paymentSettings == PaymentSettings.Paused) {
revert PaymentProcessor__TradingIsPausedForCollection();
}
EnumerableSet.AddressSet storage bannedAccounts =
appStorage().collectionBannedAccounts[sweepOrder.tokenAddress];
if (paymentSettingsForCollection.blockBannedAccounts) {
if (bannedAccounts.contains(context.taker)) {
revert PaymentProcessor__MakerOrTakerIsBannedAccount();
}
}
uint256 itemsLength = items.length;
saleDetailsBatch = new Order[](itemsLength);
uint256 sumListingPrices;
for (uint256 i = 0; i < itemsLength;) {
Order memory saleDetails =
Order({
protocol: sweepOrder.protocol,
maker: items[i].maker,
beneficiary: sweepOrder.beneficiary,
marketplace: items[i].marketplace,
fallbackRoyaltyRecipient: items[i].fallbackRoyaltyRecipient,
paymentMethod: sweepOrder.paymentMethod,
tokenAddress: sweepOrder.tokenAddress,
tokenId: items[i].tokenId,
amount: items[i].amount,
itemPrice: items[i].itemPrice,
nonce: items[i].nonce,
expiration: items[i].expiration,
marketplaceFeeNumerator: items[i].marketplaceFeeNumerator,
maxRoyaltyFeeNumerator: items[i].maxRoyaltyFeeNumerator,
requestedFillAmount: items[i].amount,
minimumFillAmount: items[i].amount
});
saleDetailsBatch[i] = saleDetails;
sumListingPrices += saleDetails.itemPrice;
if (paymentSettingsForCollection.blockBannedAccounts) {
if (bannedAccounts.contains(saleDetails.maker)) {
revert PaymentProcessor__MakerOrTakerIsBannedAccount();
}
}
if (saleDetails.protocol == OrderProtocols.ERC721_FILL_OR_KILL) {
if (saleDetails.amount != ONE) {
revert PaymentProcessor__AmountForERC721SalesMustEqualOne();
}
} else {
if (saleDetails.amount == 0) {
revert PaymentProcessor__AmountForERC1155SalesGreaterThanZero();
}
}
if (saleDetails.marketplaceFeeNumerator + saleDetails.maxRoyaltyFeeNumerator > FEE_DENOMINATOR) {
revert PaymentProcessor__MarketplaceAndRoyaltyFeesWillExceedSalePrice();
}
if (paymentSettings == PaymentSettings.PricingConstraints) {
_validateSalePriceInRange(
saleDetails.tokenAddress,
saleDetails.tokenId,
saleDetails.amount,
saleDetails.itemPrice);
}
if (block.timestamp > saleDetails.expiration) {
revert PaymentProcessor__OrderHasExpired();
}
_verifySaleApproval(context, saleDetails, signedSellOrders[i], cosignatures[i]);
unchecked {
++i;
}
}
if (feeOnTop.amount > sumListingPrices) {
revert PaymentProcessor__FeeOnTopCannotBeGreaterThanItemPrice();
}
}
/**
* @notice Validates the sales price for a token is within the bounds set.
*
* @dev Throws when the unit price is above the ceiling bound.
* @dev Throws when the unit price is below the floor bound.
*
* @param tokenAddress The contract address for the token.
* @param tokenId The token id.
* @param amount The quantity of the token being transacted.
* @param salePrice The total price for the token quantity.
*/
function _validateSalePriceInRange(
address tokenAddress,
uint256 tokenId,
uint256 amount,
uint256 salePrice
) private view {
(uint256 floorPrice, uint256 ceilingPrice) = _getFloorAndCeilingPrices(tokenAddress, tokenId);
unchecked {
uint256 unitPrice = salePrice / amount;
if (unitPrice > ceilingPrice) {
revert PaymentProcessor__SalePriceAboveMaximumCeiling();
}
if (unitPrice < floorPrice) {
revert PaymentProcessor__SalePriceBelowMinimumFloor();
}
}
}
/**
* @notice Returns the floor and ceiling price for a token for collections set to use pricing constraints.
*
* @dev Returns token pricing bounds if token bounds are set.
* @dev If token bounds are not set then returns collection pricing bounds if they are set.
* @dev If collection bounds are not set, returns zero floor bound and uint256 max ceiling bound.
*
* @param tokenAddress The contract address for the token.
* @param tokenId The token id.
*/
function _getFloorAndCeilingPrices(
address tokenAddress,
uint256 tokenId
) internal view returns (uint256, uint256) {
PricingBounds memory tokenLevelPricingBounds = appStorage().tokenPricingBounds[tokenAddress][tokenId];
if (tokenLevelPricingBounds.isSet) {
return (tokenLevelPricingBounds.floorPrice, tokenLevelPricingBounds.ceilingPrice);
} else {
PricingBounds memory collectionLevelPricingBounds = appStorage().collectionPricingBounds[tokenAddress];
if (collectionLevelPricingBounds.isSet) {
return (collectionLevelPricingBounds.floorPrice, collectionLevelPricingBounds.ceilingPrice);
}
}
return (0, type(uint256).max);
}
/*************************************************************************/
/* Order Fulfillment */
/*************************************************************************/
/**
* @notice Dispenses tokens and proceeds for a single order.
*
* @dev This function may be called multiple times during a bulk execution.
* @dev Throws when a token false to dispense AND partial fills are disabled.
* @dev Throws when the taker did not supply enough native funds.
* @dev Throws when the fee on top amount is greater than the item price.
*
* @param startingNativeFunds The amount of native funds remaining at the beginning of the function call.
* @param context The current execution context to determine the taker.
* @param purchaser The user that is buying the token.
* @param seller The user that is selling the token.
* @param paymentCoin The ERC20 token used for payment, will be zero values for chain native token.
* @param fnPointers Struct containing the function pointers for dispensing tokens, sending payments
* and emitting events.
* @param saleDetails The order execution details.
* @param royaltyBackfillAndBounty Struct containing the royalty backfill and bounty information.
* @param feeOnTop The additional fee on top of the item sales price to be paid by the taker.
*
* @return endingNativeFunds The amount of native funds remaining at the end of the function call.
*/
function _fulfillSingleOrderWithFeeOnTop(
uint256 startingNativeFunds,
TradeContext memory context,
address purchaser,
address seller,
IERC20 paymentCoin,
FulfillOrderFunctionPointers memory fnPointers,
Order memory saleDetails,
RoyaltyBackfillAndBounty memory royaltyBackfillAndBounty,
FeeOnTop memory feeOnTop
) private returns (uint256 endingNativeFunds) {
endingNativeFunds = startingNativeFunds;
if (!fnPointers.funcDispenseToken(
seller,
saleDetails.beneficiary,
saleDetails.tokenAddress,
saleDetails.tokenId,
saleDetails.amount)) {
if (context.disablePartialFill) {
revert PaymentProcessor__DispensingTokenWasUnsuccessful();
}
} else {
SplitProceeds memory proceeds =
_computePaymentSplits(
saleDetails.itemPrice,
saleDetails.tokenAddress,
saleDetails.tokenId,
saleDetails.marketplace,
saleDetails.marketplaceFeeNumerator,
saleDetails.maxRoyaltyFeeNumerator,
saleDetails.fallbackRoyaltyRecipient,
royaltyBackfillAndBounty
);
uint256 feeOnTopAmount;
if (feeOnTop.recipient != address(0)) {
feeOnTopAmount = feeOnTop.amount;
}
if (saleDetails.paymentMethod == address(0)) {
uint256 nativeProceedsToSpend = saleDetails.itemPrice + feeOnTopAmount;
if (endingNativeFunds < nativeProceedsToSpend) {
revert PaymentProcessor__RanOutOfNativeFunds();
}
unchecked {
endingNativeFunds -= nativeProceedsToSpend;
}
}
if (proceeds.royaltyProceeds > 0) {
fnPointers.funcPayout(proceeds.royaltyRecipient, purchaser, paymentCoin, proceeds.royaltyProceeds, pushPaymentGasLimit);
}
if (proceeds.marketplaceProceeds > 0) {
fnPointers.funcPayout(saleDetails.marketplace, purchaser, paymentCoin, proceeds.marketplaceProceeds, pushPaymentGasLimit);
}
if (proceeds.sellerProceeds > 0) {
fnPointers.funcPayout(seller, purchaser, paymentCoin, proceeds.sellerProceeds, pushPaymentGasLimit);
}
if (feeOnTopAmount > 0) {
if (feeOnTopAmount > saleDetails.itemPrice) {
revert PaymentProcessor__FeeOnTopCannotBeGreaterThanItemPrice();
}
fnPointers.funcPayout(feeOnTop.recipient, context.taker, paymentCoin, feeOnTop.amount, pushPaymentGasLimit);
}
fnPointers.funcEmitOrderExecutionEvent(context, saleDetails);
}
}
/**
* @notice Dispenses tokens and proceeds for a sweep order.
*
* @dev This function will **NOT** throw if a token fails to dispense.
* @dev Throws when the taker did not supply enough native funds.
*
* @param context The current execution context to determine the taker.
* @param startingNativeFunds The amount of native funds remaining at the beginning of the function call.
* @param params Struct containing the order execution details, backfilled royalty information
* and fulfillment function pointers.
*
* @return endingNativeFunds The amount of native funds remaining at the end of the function call.
*/
function _fulfillSweepOrderWithFeeOnTop(
TradeContext memory context,
uint256 startingNativeFunds,
SweepCollectionComputeAndDistributeProceedsParams memory params
) private returns (uint256 endingNativeFunds) {
endingNativeFunds = startingNativeFunds;
PayoutsAccumulator memory accumulator = PayoutsAccumulator({
lastSeller: address(0),
lastMarketplace: address(0),
lastRoyaltyRecipient: address(0),
accumulatedSellerProceeds: 0,
accumulatedMarketplaceProceeds: 0,
accumulatedRoyaltyProceeds: 0
});
for (uint256 i = 0; i < params.saleDetailsBatch.length;) {
Order memory saleDetails = params.saleDetailsBatch[i];
if (!params.fnPointers.funcDispenseToken(
saleDetails.maker,
saleDetails.beneficiary,
saleDetails.tokenAddress,
saleDetails.tokenId,
saleDetails.amount)) {
} else {
SplitProceeds memory proceeds =
_computePaymentSplits(
saleDetails.itemPrice,
saleDetails.tokenAddress,
saleDetails.tokenId,
saleDetails.marketplace,
saleDetails.marketplaceFeeNumerator,
saleDetails.maxRoyaltyFeeNumerator,
saleDetails.fallbackRoyaltyRecipient,
params.royaltyBackfillAndBounty
);
if (saleDetails.paymentMethod == address(0)) {
if (endingNativeFunds < saleDetails.itemPrice) {
revert PaymentProcessor__RanOutOfNativeFunds();
}
unchecked {
endingNativeFunds -= saleDetails.itemPrice;
}
}
if (proceeds.royaltyRecipient != accumulator.lastRoyaltyRecipient) {
if(accumulator.accumulatedRoyaltyProceeds > 0) {
params.fnPointers.funcPayout(accumulator.lastRoyaltyRecipient, context.taker, params.paymentCoin, accumulator.accumulatedRoyaltyProceeds, pushPaymentGasLimit);
}
accumulator.lastRoyaltyRecipient = proceeds.royaltyRecipient;
accumulator.accumulatedRoyaltyProceeds = 0;
}
if (saleDetails.marketplace != accumulator.lastMarketplace) {
if(accumulator.accumulatedMarketplaceProceeds > 0) {
params.fnPointers.funcPayout(accumulator.lastMarketplace, context.taker, params.paymentCoin, accumulator.accumulatedMarketplaceProceeds, pushPaymentGasLimit);
}
accumulator.lastMarketplace = saleDetails.marketplace;
accumulator.accumulatedMarketplaceProceeds = 0;
}
if (saleDetails.maker != accumulator.lastSeller) {
if(accumulator.accumulatedSellerProceeds > 0) {
params.fnPointers.funcPayout(accumulator.lastSeller, context.taker, params.paymentCoin, accumulator.accumulatedSellerProceeds, pushPaymentGasLimit);
}
accumulator.lastSeller = saleDetails.maker;
accumulator.accumulatedSellerProceeds = 0;
}
unchecked {
accumulator.accumulatedRoyaltyProceeds += proceeds.royaltyProceeds;
accumulator.accumulatedMarketplaceProceeds += proceeds.marketplaceProceeds;
accumulator.accumulatedSellerProceeds += proceeds.sellerProceeds;
}
params.fnPointers.funcEmitOrderExecutionEvent(context, saleDetails);
}
unchecked {
++i;
}
}
if(accumulator.accumulatedRoyaltyProceeds > 0) {
params.fnPointers.funcPayout(accumulator.lastRoyaltyRecipient, context.taker, params.paymentCoin, accumulator.accumulatedRoyaltyProceeds, pushPaymentGasLimit);
}
if(accumulator.accumulatedMarketplaceProceeds > 0) {
params.fnPointers.funcPayout(accumulator.lastMarketplace, context.taker, params.paymentCoin, accumulator.accumulatedMarketplaceProceeds, pushPaymentGasLimit);
}
if(accumulator.accumulatedSellerProceeds > 0) {
params.fnPointers.funcPayout(accumulator.lastSeller, context.taker, params.paymentCoin, accumulator.accumulatedSellerProceeds, pushPaymentGasLimit);
}
if (params.feeOnTop.recipient != address(0)) {
if (params.feeOnTop.amount > 0) {
if (address(params.paymentCoin) == address(0)) {
if (endingNativeFunds < params.feeOnTop.amount) {
revert PaymentProcessor__RanOutOfNativeFunds();
}
unchecked {
endingNativeFunds -= params.feeOnTop.amount;
}
}
params.fnPointers.funcPayout(params.feeOnTop.recipient, context.taker, params.paymentCoin, params.feeOnTop.amount, pushPaymentGasLimit);
}
}
}
/**
* @notice Calculates the payment splits between seller, creator and marketplace based
* @notice on on-chain royalty information or backfilled royalty information if on-chain
* @notice data is unavailable.
*
* @dev Throws when ERC2981 on-chain royalties are set to an amount greater than the
* @dev maker signed maximum.
*
* @param salePrice The sale price for the token being sold.
* @param tokenAddress The contract address for the token being sold.
* @param tokenId The token id for the token being sold.
* @param marketplaceFeeRecipient The address that will receive the marketplace fee.
* If zero, no marketplace fee will be applied.
* @param marketplaceFeeNumerator The fee numerator for calculating marketplace fees.
* @param maxRoyaltyFeeNumerator The maximum royalty fee authorized by the order maker.
* @param fallbackRoyaltyRecipient The address that will receive royalties if not defined onchain.
* @param royaltyBackfillAndBounty The royalty backfill and bounty information set onchain by the creator.
*
* @return proceeds A struct containing the split of payment and receiving addresses for the
* seller, creator and marketplace.
*/
function _computePaymentSplits(
uint256 salePrice,
address tokenAddress,
uint256 tokenId,
address marketplaceFeeRecipient,
uint256 marketplaceFeeNumerator,
uint256 maxRoyaltyFeeNumerator,
address fallbackRoyaltyRecipient,
RoyaltyBackfillAndBounty memory royaltyBackfillAndBounty
) private view returns (SplitProceeds memory proceeds) {
proceeds.sellerProceeds = salePrice;
try IERC2981(tokenAddress).royaltyInfo(
tokenId,
salePrice)
returns (address royaltyReceiver, uint256 royaltyAmount) {
if (royaltyReceiver == address(0)) {
royaltyAmount = 0;
}
if (royaltyAmount > 0) {
if (royaltyAmount > (salePrice * maxRoyaltyFeeNumerator) / FEE_DENOMINATOR) {
revert PaymentProcessor__OnchainRoyaltiesExceedMaximumApprovedRoyaltyFee();
}
proceeds.royaltyRecipient = royaltyReceiver;
proceeds.royaltyProceeds = royaltyAmount;
unchecked {
proceeds.sellerProceeds -= royaltyAmount;
}
}
} catch (bytes memory) {
// If the token doesn't implement the royaltyInfo function, then check if there are backfilled royalties.
if (royaltyBackfillAndBounty.backfillReceiver != address(0)) {
if (royaltyBackfillAndBounty.backfillNumerator > maxRoyaltyFeeNumerator) {
revert PaymentProcessor__OnchainRoyaltiesExceedMaximumApprovedRoyaltyFee();
}
proceeds.royaltyRecipient = royaltyBackfillAndBounty.backfillReceiver;
proceeds.royaltyProceeds =
(salePrice * royaltyBackfillAndBounty.backfillNumerator) / FEE_DENOMINATOR;
unchecked {
proceeds.sellerProceeds -= proceeds.royaltyProceeds;
}
} else if (fallbackRoyaltyRecipient != address(0)) {
proceeds.royaltyRecipient = fallbackRoyaltyRecipient;
proceeds.royaltyProceeds = (salePrice * maxRoyaltyFeeNumerator) / FEE_DENOMINATOR;
unchecked {
proceeds.sellerProceeds -= proceeds.royaltyProceeds;
}
}
}
if (marketplaceFeeRecipient != address(0)) {
proceeds.marketplaceProceeds = (salePrice * marketplaceFeeNumerator) / FEE_DENOMINATOR;
unchecked {
proceeds.sellerProceeds -= proceeds.marketplaceProceeds;
}
if (royaltyBackfillAndBounty.exclusiveMarketplace == address(0) ||
royaltyBackfillAndBounty.exclusiveMarketplace == marketplaceFeeRecipient) {
uint256 royaltyBountyProceeds =
proceeds.royaltyProceeds * royaltyBackfillAndBounty.bountyNumerator / FEE_DENOMINATOR;
if (royaltyBountyProceeds > 0) {
unchecked {
proceeds.royaltyProceeds -= royaltyBountyProceeds;
proceeds.marketplaceProceeds += royaltyBountyProceeds;
}
}
}
}
}
/**
* @notice Transfers chain native token to `to`.
*
* @dev Throws when the native token transfer call reverts.
* @dev Throws when the payee uses more gas than `gasLimit_`.
*
* @param to The address that will receive chain native tokens.
* @param proceeds The amount of chain native token value to transfer.
* @param pushPaymentGasLimit_ The amount of gas units to allow the payee to use.
*/
function _pushProceeds(address to, uint256 proceeds, uint256 pushPaymentGasLimit_) internal {
bool success;
assembly {
// Transfer the ETH and store if it succeeded or not.
success := call(pushPaymentGasLimit_, to, proceeds, 0, 0, 0, 0)
}
if (!success) {
revert PaymentProcessor__FailedToTransferProceeds();
}
}
/**
* @notice Transfers chain native token to `payee`.
*
* @dev Throws when the native token transfer call reverts.
* @dev Throws when the payee uses more gas than `gasLimit_`.
*
* @param payee The address that will receive chain native tokens.
* @param proceeds The amount of chain native token value to transfer.
* @param gasLimit_ The amount of gas units to allow the payee to use.
*/
function _payoutNativeCurrency(
address payee,
address /*payer*/,
IERC20 /*paymentCoin*/,
uint256 proceeds,
uint256 gasLimit_) internal {
_pushProceeds(payee, proceeds, gasLimit_);
}
/**
* @notice Transfers ERC20 tokens to from `payer` to `payee`.
*
* @dev Throws when the ERC20 transfer call reverts.
*
* @param payee The address that will receive ERC20 tokens.
* @param payer The address the ERC20 tokens will be sent from.
* @param paymentCoin The ERC20 token being transferred.
* @param proceeds The amount of token value to transfer.
*/
function _payoutCoinCurrency(
address payee,
address payer,
IERC20 paymentCoin,
uint256 proceeds,
uint256 /*gasLimit_*/) internal {
SafeERC20.safeTransferFrom(paymentCoin, payer, payee, proceeds);
}
/**
* @notice Calls the token contract to transfer an ERC721 token from the seller to the buyer.
*
* @dev This will **NOT** throw if the transfer fails. It will instead return false
* @dev so that the calling function can handle the failed transfer.
* @dev Returns true if the transfer does not revert.
*
* @param from The seller of the token.
* @param to The beneficiary of the order execution.
* @param tokenAddress The contract address for the token being transferred.
* @param tokenId The token id for the order.
*/
function _dispenseERC721Token(
address from,
address to,
address tokenAddress,
uint256 tokenId,
uint256 /*amount*/) internal returns (bool) {
try IERC721(tokenAddress).transferFrom(from, to, tokenId) {
return true;
} catch {
return false;
}
}
/**
* @notice Calls the token contract to transfer an ERC1155 token from the seller to the buyer.
*
* @dev This will **NOT** throw if the transfer fails. It will instead return false
* @dev so that the calling function can handle the failed transfer.
* @dev Returns true if the transfer does not revert.
*
* @param from The seller of the token.
* @param to The beneficiary of the order execution.
* @param tokenAddress The contract address for the token being transferred.
* @param tokenId The token id for the order.
* @param amount The quantity of the token to transfer.
*/
function _dispenseERC1155Token(
address from,
address to,
address tokenAddress,
uint256 tokenId,
uint256 amount) internal returns (bool) {
try IERC1155(tokenAddress).safeTransferFrom(from, to, tokenId, amount, "") {
return true;
} catch {
return false;
}
}
/**
* @notice Emits a a BuyListingERC721 event.
*
* @param context The current execution context to determine the taker.
* @param saleDetails The order execution details.
*/
function _emitBuyListingERC721Event(TradeContext memory context, Order memory saleDetails) internal {
emit BuyListingERC721(
context.taker,
saleDetails.maker,
saleDetails.tokenAddress,
saleDetails.beneficiary,
saleDetails.paymentMethod,
saleDetails.tokenId,
saleDetails.itemPrice);
}
/**
* @notice Emits a BuyListingERC1155 event.
*
* @param context The current execution context to determine the taker.
* @param saleDetails The order execution details.
*/
function _emitBuyListingERC1155Event(TradeContext memory context, Order memory saleDetails) internal {
emit BuyListingERC1155(
context.taker,
saleDetails.maker,
saleDetails.tokenAddress,
saleDetails.beneficiary,
saleDetails.paymentMethod,
saleDetails.tokenId,
saleDetails.amount,
saleDetails.itemPrice);
}
/**
* @notice Emits an AcceptOfferERC721 event.
*
* @param context The current execution context to determine the taker.
* @param saleDetails The order execution details.
*/
function _emitAcceptOfferERC721Event(TradeContext memory context, Order memory saleDetails) internal {
emit AcceptOfferERC721(
context.taker,
saleDetails.maker,
saleDetails.tokenAddress,
saleDetails.beneficiary,
saleDetails.paymentMethod,
saleDetails.tokenId,
saleDetails.itemPrice);
}
/**
* @notice Emits an AcceptOfferERC1155 event.
*
* @param context The current execution context to determine the taker.
* @param saleDetails The order execution details.
*/
function _emitAcceptOfferERC1155Event(TradeContext memory context, Order memory saleDetails) internal {
emit AcceptOfferERC1155(
context.taker,
saleDetails.maker,
saleDetails.tokenAddress,
saleDetails.beneficiary,
saleDetails.paymentMethod,
saleDetails.tokenId,
saleDetails.amount,
saleDetails.itemPrice);
}
/**
* @notice Returns the appropriate function pointers for payouts, dispensing tokens and event emissions.
*
* @param side The taker's side of the order.
* @param paymentMethod The payment method for the order. If address zero, the chain native token.
* @param orderProtocol The type of token and fill method for the order.
*/
function _getOrderFulfillmentFunctionPointers(
Sides side,
address paymentMethod,
OrderProtocols orderProtocol
) private view returns (FulfillOrderFunctionPointers memory orderFulfillmentFunctionPointers) {
orderFulfillmentFunctionPointers = FulfillOrderFunctionPointers({
funcPayout: paymentMethod == address(0) ? _payoutNativeCurrency : _payoutCoinCurrency,
funcDispenseToken: orderProtocol == OrderProtocols.ERC721_FILL_OR_KILL ? _dispenseERC721Token : _dispenseERC1155Token,
funcEmitOrderExecutionEvent: orderProtocol == OrderProtocols.ERC721_FILL_OR_KILL ?
(side == Sides.Buy ? _emitBuyListingERC721Event : _emitAcceptOfferERC721Event) :
(side == Sides.Buy ?_emitBuyListingERC1155Event : _emitAcceptOfferERC1155Event)
});
}
/*************************************************************************/
/* Signature Verification */
/*************************************************************************/
/**
* @notice Updates the remaining fillable amount and order status for partially fillable orders.
* @notice Performs checks for minimum fillable amount and order status.
*
* @dev Throws when the remaining fillable amount is less than the minimum fillable amount requested.
* @dev Throws when the order status is not open.
*
* @param account The maker account for the order.
* @param orderDigest The hash digest of the order execution details.
* @param orderStartAmount The original amount for the partially fillable order.
* @param requestedFillAmount The amount the taker is requesting to fill.
* @param minimumFillAmount The minimum amount the taker is willing to fill.
*
* @return quantityToFill Lesser of remainingFillableAmount and requestedFillAmount.
*/
function _checkAndUpdateRemainingFillableItems(
address account,
bytes32 orderDigest,
uint248 orderStartAmount,
uint248 requestedFillAmount,
uint248 minimumFillAmount
) private returns (uint248 quantityToFill) {
quantityToFill = requestedFillAmount;
PartiallyFillableOrderStatus storage partialFillStatus =
appStorage().partiallyFillableOrderStatuses[account][orderDigest];
if (partialFillStatus.state == PartiallyFillableOrderState.Open) {
if (partialFillStatus.remainingFillableQuantity == 0) {
partialFillStatus.remainingFillableQuantity = uint248(orderStartAmount);
}
if (quantityToFill > partialFillStatus.remainingFillableQuantity) {
quantityToFill = partialFillStatus.remainingFillableQuantity;
}
if (quantityToFill < minimumFillAmount) {
revert PaymentProcessor__UnableToFillMinimumRequestedQuantity();
}
unchecked {
partialFillStatus.remainingFillableQuantity -= quantityToFill;
}
if (partialFillStatus.remainingFillableQuantity == 0) {
partialFillStatus.state = PartiallyFillableOrderState.Filled;
emit OrderDigestInvalidated(orderDigest, account, false);
}
} else {
revert PaymentProcessor__OrderIsEitherCancelledOrFilled();
}
}
/**
* @notice Invalidates a maker's nonce and emits a NonceInvalidated event.
*
* @dev Throws when the nonce has already been invalidated.
*
* @param account The maker account to invalidate `nonce` of.
* @param nonce The nonce to invalidate.
* @param wasCancellation If true, the invalidation is the maker cancelling the nonce.
* If false, from the nonce being used to execute an order.
*/
function _checkAndInvalidateNonce(
address account,
uint256 nonce,
bool wasCancellation) internal returns (uint256) {
// The following code is equivalent to, but saves 115 gas units:
//
// mapping(uint256 => uint256) storage ptrInvalidatedSignatureBitmap =
// appStorage().invalidatedSignatures[account];
// unchecked {
// uint256 slot = nonce / 256;
// uint256 offset = nonce % 256;
// uint256 slotValue = ptrInvalidatedSignatureBitmap[slot];
//
// if (((slotValue >> offset) & ONE) == ONE) {
// revert PaymentProcessor__SignatureAlreadyUsedOrRevoked();
// }
//
// ptrInvalidatedSignatureBitmap[slot] = (slotValue | ONE << offset);
// }
unchecked {
if (uint256(appStorage().invalidatedSignatures[account][uint248(nonce >> 8)] ^= (ONE << uint8(nonce))) &
(ONE << uint8(nonce)) == ZERO) {
revert PaymentProcessor__SignatureAlreadyUsedOrRevoked();
}
}
emit NonceInvalidated(nonce, account, wasCancellation);
return appStorage().masterNonces[account];
}
/**
* @notice Updates the state of a maker's order to cancelled and remaining fillable quantity to zero.
*
* @dev Throws when the current order state is not open.
*
* @param account The maker account to invalid the order for.
* @param orderDigest The hash digest of the order to invalidate.
*/
function _revokeOrderDigest(address account, bytes32 orderDigest) internal {
PartiallyFillableOrderStatus storage partialFillStatus =
appStorage().partiallyFillableOrderStatuses[account][orderDigest];
if (partialFillStatus.state == PartiallyFillableOrderState.Open) {
partialFillStatus.state = PartiallyFillableOrderState.Cancelled;
partialFillStatus.remainingFillableQuantity = 0;
emit OrderDigestInvalidated(orderDigest, account, true);
} else {
revert PaymentProcessor__OrderIsEitherCancelledOrFilled();
}
}
/**
* @notice Verifies a token offer is approved by the maker.
*
* @dev Throws when a cosignature is required and the cosignature is invalid.
* @dev Throws when the maker signature is invalid.
* @dev Throws when the maker's order nonce has already been used or was cancelled.
* @dev Throws when a partially fillable order has already been filled, cancelled or
* @dev cannot be filled with the minimum fillable amount.
*
* @param context The current execution context to determine the taker.
* @param saleDetails The order execution details.
* @param signature The order maker's signature.
* @param cosignature The cosignature from the order cosigner, if applicable.
*
* @return quantityToFill The amount of the token that will be filled for this order.
*/
function _verifyItemOffer(
TradeContext memory context,
Order memory saleDetails,
SignatureECDSA memory signature,
Cosignature memory cosignature
) private returns (uint248 quantityToFill) {
if (cosignature.signer != address(0)) {
_verifyCosignature(context, signature, cosignature);
}
bytes32 orderDigest = _hashTypedDataV4(context.domainSeparator, keccak256(
bytes.concat(
abi.encode(
ITEM_OFFER_APPROVAL_HASH,
uint8(saleDetails.protocol),
cosignature.signer,
saleDetails.maker,
saleDetails.beneficiary,
saleDetails.marketplace,
saleDetails.fallbackRoyaltyRecipient,
saleDetails.paymentMethod,
saleDetails.tokenAddress
),
abi.encode(
saleDetails.tokenId,
saleDetails.amount,
saleDetails.itemPrice,
saleDetails.expiration,
saleDetails.marketplaceFeeNumerator,
saleDetails.nonce,
saleDetails.protocol == OrderProtocols.ERC1155_FILL_PARTIAL ?
appStorage().masterNonces[saleDetails.maker] :
_checkAndInvalidateNonce(saleDetails.maker, saleDetails.nonce, false)
)
)
));
_verifyMakerSignature(saleDetails.maker, signature, orderDigest);
quantityToFill = saleDetails.protocol == OrderProtocols.ERC1155_FILL_PARTIAL ?
_checkAndUpdateRemainingFillableItems(
saleDetails.maker,
orderDigest,
saleDetails.amount,
saleDetails.requestedFillAmount,
saleDetails.minimumFillAmount) :
saleDetails.amount;
}
/**
* @notice Verifies a collection offer is approved by the maker.
*
* @dev Throws when a cosignature is required and the cosignature is invalid.
* @dev Throws when the maker signature is invalid.
* @dev Throws when the maker's order nonce has already been used or was cancelled.
* @dev Throws when a partially fillable order has already been filled, cancelled or
* @dev cannot be filled with the minimum fillable amount.
*
* @param context The current execution context to determine the taker.
* @param saleDetails The order execution details.
* @param signature The order maker's signature.
* @param cosignature The cosignature from the order cosigner, if applicable.
*
* @return quantityToFill The amount of the token that will be filled for this order.
*/
function _verifyCollectionOffer(
TradeContext memory context,
Order memory saleDetails,
SignatureECDSA memory signature,
Cosignature memory cosignature
) private returns (uint248 quantityToFill) {
if (cosignature.signer != address(0)) {
_verifyCosignature(context, signature, cosignature);
}
bytes32 orderDigest = _hashTypedDataV4(context.domainSeparator, keccak256(
bytes.concat(
abi.encode(
COLLECTION_OFFER_APPROVAL_HASH,
uint8(saleDetails.protocol),
cosignature.signer,
saleDetails.maker,
saleDetails.beneficiary,
saleDetails.marketplace,
saleDetails.fallbackRoyaltyRecipient,
saleDetails.paymentMethod,
saleDetails.tokenAddress
),
abi.encode(
saleDetails.amount,
saleDetails.itemPrice,
saleDetails.expiration,
saleDetails.marketplaceFeeNumerator,
saleDetails.nonce,
saleDetails.protocol == OrderProtocols.ERC1155_FILL_PARTIAL ?
appStorage().masterNonces[saleDetails.maker] :
_checkAndInvalidateNonce(saleDetails.maker, saleDetails.nonce, false)
)
)
));
_verifyMakerSignature(saleDetails.maker, signature, orderDigest);
quantityToFill = saleDetails.protocol == OrderProtocols.ERC1155_FILL_PARTIAL ?
_checkAndUpdateRemainingFillableItems(
saleDetails.maker,
orderDigest,
saleDetails.amount,
saleDetails.requestedFillAmount,
saleDetails.minimumFillAmount) :
saleDetails.amount;
}
/**
* @notice Verifies a token set offer is approved by the maker.
*
* @dev Throws when a cosignature is required and the cosignature is invalid.
* @dev Throws when the maker signature is invalid.
* @dev Throws when the maker's order nonce has already been used or was cancelled.
* @dev Throws when a partially fillable order has already been filled, cancelled or
* @dev cannot be filled with the minimum fillable amount.
*
* @param context The current execution context to determine the taker.
* @param saleDetails The order execution details.
* @param signature The order maker's signature.
* @param tokenSetProof The token set proof that contains the root hash for the merkle
* tree of allowed tokens for accepting the maker's offer.
* @param cosignature The cosignature from the order cosigner, if applicable.
*
* @return quantityToFill The amount of the token that will be filled for this order.
*/
function _verifyTokenSetOffer(
TradeContext memory context,
Order memory saleDetails,
SignatureECDSA memory signature,
TokenSetProof memory tokenSetProof,
Cosignature memory cosignature
) private returns (uint248 quantityToFill) {
if (cosignature.signer != address(0)) {
_verifyCosignature(context, signature, cosignature);
}
bytes32 orderDigest = _hashTypedDataV4(context.domainSeparator, keccak256(
bytes.concat(
abi.encode(
TOKEN_SET_OFFER_APPROVAL_HASH,
uint8(saleDetails.protocol),
cosignature.signer,
saleDetails.maker,
saleDetails.beneficiary,
saleDetails.marketplace,
saleDetails.fallbackRoyaltyRecipient,
saleDetails.paymentMethod,
saleDetails.tokenAddress
),
abi.encode(
saleDetails.amount,
saleDetails.itemPrice,
saleDetails.expiration,
saleDetails.marketplaceFeeNumerator,
saleDetails.nonce,
saleDetails.protocol == OrderProtocols.ERC1155_FILL_PARTIAL ?
appStorage().masterNonces[saleDetails.maker] :
_checkAndInvalidateNonce(saleDetails.maker, saleDetails.nonce, false),
tokenSetProof.rootHash
)
)
));
_verifyMakerSignature(saleDetails.maker, signature, orderDigest);
quantityToFill = saleDetails.protocol == OrderProtocols.ERC1155_FILL_PARTIAL ?
_checkAndUpdateRemainingFillableItems(
saleDetails.maker,
orderDigest,
saleDetails.amount,
saleDetails.requestedFillAmount,
saleDetails.minimumFillAmount) :
saleDetails.amount;
}
/**
* @notice Verifies a listing is approved by the maker.
*
* @dev Throws when a cosignature is required and the cosignature is invalid.
* @dev Throws when the maker signature is invalid.
* @dev Throws when the maker's order nonce has already been used or was cancelled.
* @dev Throws when a partially fillable order has already been filled, cancelled or
* @dev cannot be filled with the minimum fillable amount.
*
* @param context The current execution context to determine the taker.
* @param saleDetails The order execution details.
* @param signature The order maker's signature.
* @param cosignature The cosignature from the order cosigner, if applicable.
*
* @return quantityToFill The amount of the token that will be filled for this order.
*/
function _verifySaleApproval(
TradeContext memory context,
Order memory saleDetails,
SignatureECDSA memory signature,
Cosignature memory cosignature
) private returns (uint248 quantityToFill) {
if (cosignature.signer != address(0)) {
_verifyCosignature(context, signature, cosignature);
}
bytes32 orderDigest = _hashTypedDataV4(context.domainSeparator, keccak256(
bytes.concat(
abi.encode(
SALE_APPROVAL_HASH,
uint8(saleDetails.protocol),
cosignature.signer,
saleDetails.maker,
saleDetails.marketplace,
saleDetails.fallbackRoyaltyRecipient,
saleDetails.paymentMethod,
saleDetails.tokenAddress,
saleDetails.tokenId
),
abi.encode(
saleDetails.amount,
saleDetails.itemPrice,
saleDetails.expiration,
saleDetails.marketplaceFeeNumerator,
saleDetails.maxRoyaltyFeeNumerator,
saleDetails.nonce,
saleDetails.protocol == OrderProtocols.ERC1155_FILL_PARTIAL ?
appStorage().masterNonces[saleDetails.maker] :
_checkAndInvalidateNonce(saleDetails.maker, saleDetails.nonce, false)
)
)
));
_verifyMakerSignature(saleDetails.maker, signature, orderDigest);
quantityToFill = saleDetails.protocol == OrderProtocols.ERC1155_FILL_PARTIAL ?
_checkAndUpdateRemainingFillableItems(
saleDetails.maker,
orderDigest,
saleDetails.amount,
saleDetails.requestedFillAmount,
saleDetails.minimumFillAmount) :
saleDetails.amount;
}
/**
* @notice Reverts a transaction when the recovered signer is not the order maker.
*
* @dev Throws when the recovered signer for the `signature` and `digest` does not match the order maker AND
* @dev - The maker address does not have deployed code, OR
* @dev - The maker contract does not return the correct ERC1271 value to validate the signature.
*
* @param maker The adress for the order maker.
* @param signature The order maker's signature.
* @param digest The hash digest of the order.
*/
function _verifyMakerSignature(address maker, SignatureECDSA memory signature, bytes32 digest ) private view {
if (maker != _ecdsaRecover(digest, signature.v, signature.r, signature.s)) {
if (maker.code.length > 0) {
_verifyEIP1271Signature(maker, digest, signature);
} else {
revert PaymentProcessor__UnauthorizedOrder();
}
}
}
/**
* @notice Reverts the transaction when a supplied cosignature is not valid.
*
* @dev Throws when the current block timestamp is greater than the cosignature expiration.
* @dev Throws when the order taker does not match the cosignature taker.
* @dev Throws when the cosigner has self-destructed their account.
* @dev Throws when the recovered address for the cosignature does not match the cosigner address.
*
* @param context The current execution context to determine the order taker.
* @param signature The order maker's signature.
* @param cosignature The cosignature from the order cosigner.
*/
function _verifyCosignature(
TradeContext memory context,
SignatureECDSA memory signature,
Cosignature memory cosignature
) private view {
if (block.timestamp > cosignature.expiration) {
revert PaymentProcessor__CosignatureHasExpired();
}
if (context.taker != cosignature.taker) {
revert PaymentProcessor__UnauthorizedTaker();
}
if (appStorage().destroyedCosigners[cosignature.signer]) {
revert PaymentProcessor__CosignerHasSelfDestructed();
}
if (cosignature.signer != _ecdsaRecover(
_hashTypedDataV4(context.domainSeparator, keccak256(
abi.encode(
COSIGNATURE_HASH,
signature.v,
signature.r,
signature.s,
cosignature.expiration,
cosignature.taker
)
)),
cosignature.v,
cosignature.r,
cosignature.s)) {
revert PaymentProcessor__NotAuthorizedByCosigner();
}
}
/**
* @notice Reverts the transaction if the contract at `signer` does not return the ERC1271
* @notice isValidSignature selector when called with `hash`.
*
* @dev Throws when attempting to verify a signature from an address that has deployed
* @dev contract code using ERC1271 and the contract does not return the isValidSignature
* @dev function selector as its return value.
*
* @param signer The signer address for a maker order that has deployed contract code.
* @param hash The ERC712 hash value of the order.
* @param signature The signature for the order hash.
*/
function _verifyEIP1271Signature(
address signer,
bytes32 hash,
SignatureECDSA memory signature) private view {
bool isValidSignatureNow;
try IERC1271(signer).isValidSignature(
hash,
abi.encodePacked(signature.r, signature.s, signature.v))
returns (bytes4 magicValue) {
isValidSignatureNow = magicValue == IERC1271.isValidSignature.selector;
} catch {}
if (!isValidSignatureNow) {
revert PaymentProcessor__EIP1271SignatureInvalid();
}
}
/**
* @notice Recovers the signer address from a hash and signature.
*
* @dev Throws when `s` is greater than 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0 to
* @dev prevent malleable signatures from being utilized.
* @dev Throws when the recovered address is zero.
*
* @param digest The hash digest that was signed.
* @param v The v-value of the signature.
* @param r The r-value of the signature.
* @param s The s-value of the signature.
*
* @return signer The recovered signer address from the signature.
*/
function _ecdsaRecover(
bytes32 digest,
uint8 v,
bytes32 r,
bytes32 s
) private pure returns (address signer) {
if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
revert PaymentProcessor__UnauthorizedOrder();
}
signer = ecrecover(digest, v, r, s);
if (signer == address(0)) {
revert PaymentProcessor__UnauthorizedOrder();
}
}
/**
* @notice Returns the EIP-712 hash digest for `domainSeparator` and `structHash`.
*
* @param domainSeparator The domain separator for the EIP-712 hash.
* @param structHash The hash of the EIP-712 struct.
*/
function _hashTypedDataV4(bytes32 domainSeparator, bytes32 structHash) private pure returns (bytes32) {
return ECDSA.toTypedDataHash(domainSeparator, structHash);
}
/*************************************************************************/
/* Miscellaneous */
/*************************************************************************/
/**
* @notice Transfers ownership of a payment method whitelist.
*
* @dev Throws when the caller is not the owner of the payment method whitelist.
*
* @param id The payment method whitelist id to transfer ownership of.
* @param newOwner The address to transfer ownership to.
*/
function _reassignOwnershipOfPaymentMethodWhitelist(uint32 id, address newOwner) internal {
_requireCallerOwnsPaymentMethodWhitelist(id);
appStorage().paymentMethodWhitelistOwners[id] = newOwner;
emit ReassignedPaymentMethodWhitelistOwnership(id, newOwner);
}
/**
* @notice Reverts the transaction if the caller is not the owner of the payment method whitelist.
*
* @dev Throws when the caller is not the owner of the payment method whitelist.
*
* @param paymentMethodWhitelistId The payment method whitelist id to check ownership for.
*/
function _requireCallerOwnsPaymentMethodWhitelist(uint32 paymentMethodWhitelistId) internal view {
if(_msgSender() != appStorage().paymentMethodWhitelistOwners[paymentMethodWhitelistId]) {
revert PaymentProcessor__CallerDoesNotOwnPaymentMethodWhitelist();
}
}
/**
* @notice Reverts the transaction if the caller is not the owner or assigned the default
* @notice admin role of the contract at `tokenAddress`.
*
* @dev Throws when the caller is neither owner nor assigned the default admin role.
*
* @param tokenAddress The contract address of the token to check permissions for.
*/
function _requireCallerIsNFTOrContractOwnerOrAdmin(address tokenAddress) internal view {
bool callerHasPermissions = false;
address caller = _msgSender();
callerHasPermissions = caller == tokenAddress;
if(!callerHasPermissions) {
try IOwnable(tokenAddress).owner() returns (address contractOwner) {
callerHasPermissions = caller == contractOwner;
} catch {}
if(!callerHasPermissions) {
try IAccessControl(tokenAddress).hasRole(DEFAULT_ACCESS_CONTROL_ADMIN_ROLE, caller)
returns (bool callerIsContractAdmin) {
callerHasPermissions = callerIsContractAdmin;
} catch {}
}
}
if(!callerHasPermissions) {
revert PaymentProcessor__CallerMustHaveElevatedPermissionsForSpecifiedNFT();
}
}
}// SPDX-License-Identifier: BSL-1.1
pragma solidity 0.8.19;
/**
* @dev ERC-173 Ownable Interface
*/
interface IOwnable {
function owner() external view returns (address);
}// SPDX-License-Identifier: BSL-1.1
pragma solidity 0.8.19;
import "../DataTypes.sol";
/**
* @title PaymentProcessor
* @custom:version 2.0.0
* @author Limit Break, Inc.
*/
interface IPaymentProcessorConfiguration {
/**
* @notice Returns the ERC2771 context setup params for payment processor modules.
*/
function getPaymentProcessorModuleERC2771ContextParams()
external
view
returns (
address /*trustedForwarderFactory*/
);
/**
* @notice Returns the setup params for payment processor modules.
*/
function getPaymentProcessorModuleDeploymentParams()
external
view
returns (
uint32, /*defaultPushPaymentGasLimit*/
address, /*wrappedNativeCoin*/
DefaultPaymentMethods memory /*defaultPaymentMethods*/
);
/**
* @notice Returns the setup params for payment processor.
*/
function getPaymentProcessorDeploymentParams()
external
view
returns (
address, /*defaultContractOwner*/
PaymentProcessorModules memory /*paymentProcessorModules*/
);
}// SPDX-License-Identifier: BSL-1.1
pragma solidity 0.8.19;
import "../DataTypes.sol";
/**
* @title Payment Processor
* @custom:version 2.0.0
* @author Limit Break, Inc.
*/
interface IPaymentProcessorEvents {
/// @notice Emitted when an account is banned from trading a collection
event BannedAccountAddedForCollection(
address indexed tokenAddress,
address indexed account);
/// @notice Emitted when an account ban has been lifted on a collection
event BannedAccountRemovedForCollection(
address indexed tokenAddress,
address indexed account);
/// @notice Emitted when an ERC721 listing is purchased.
event BuyListingERC721(
address indexed buyer,
address indexed seller,
address indexed tokenAddress,
address beneficiary,
address paymentCoin,
uint256 tokenId,
uint256 salePrice);
/// @notice Emitted when an ERC1155 listing is purchased.
event BuyListingERC1155(
address indexed buyer,
address indexed seller,
address indexed tokenAddress,
address beneficiary,
address paymentCoin,
uint256 tokenId,
uint256 amount,
uint256 salePrice);
/// @notice Emitted when an ERC721 offer is accepted.
event AcceptOfferERC721(
address indexed seller,
address indexed buyer,
address indexed tokenAddress,
address beneficiary,
address paymentCoin,
uint256 tokenId,
uint256 salePrice);
/// @notice Emitted when an ERC1155 offer is accepted.
event AcceptOfferERC1155(
address indexed seller,
address indexed buyer,
address indexed tokenAddress,
address beneficiary,
address paymentCoin,
uint256 tokenId,
uint256 amount,
uint256 salePrice);
/// @notice Emitted when a new payment method whitelist is created.
event CreatedPaymentMethodWhitelist(
uint32 indexed paymentMethodWhitelistId,
address indexed whitelistOwner,
string whitelistName);
/// @notice Emitted when a cosigner destroys itself.
event DestroyedCosigner(address indexed cosigner);
/// @notice Emitted when a user revokes all of their existing listings or offers that share the master nonce.
event MasterNonceInvalidated(address indexed account, uint256 nonce);
/// @notice Emitted when a user revokes a single listing or offer nonce for a specific marketplace.
event NonceInvalidated(
uint256 indexed nonce,
address indexed account,
bool wasCancellation);
/// @notice Emitted when a user revokes a single listing or offer nonce for a specific marketplace.
event OrderDigestInvalidated(
bytes32 indexed orderDigest,
address indexed account,
bool wasCancellation);
/// @notice Emitted when a coin is added to the approved coins mapping for a security policy
event PaymentMethodAddedToWhitelist(
uint32 indexed paymentMethodWhitelistId,
address indexed paymentMethod);
/// @notice Emitted when a coin is removed from the approved coins mapping for a security policy
event PaymentMethodRemovedFromWhitelist(
uint32 indexed paymentMethodWhitelistId,
address indexed paymentMethod);
/// @notice Emitted when a payment method whitelist is reassigned to a new owner
event ReassignedPaymentMethodWhitelistOwnership(uint32 indexed id, address indexed newOwner);
/// @notice Emitted when a trusted channel is added for a collection
event TrustedChannelAddedForCollection(
address indexed tokenAddress,
address indexed channel);
/// @notice Emitted when a trusted channel is removed for a collection
event TrustedChannelRemovedForCollection(
address indexed tokenAddress,
address indexed channel);
/// @notice Emitted whenever pricing bounds change at a collection level for price-constrained collections.
event UpdatedCollectionLevelPricingBoundaries(
address indexed tokenAddress,
uint256 floorPrice,
uint256 ceilingPrice);
/// @notice Emitted whenever the supported ERC-20 payment is set for price-constrained collections.
event UpdatedCollectionPaymentSettings(
address indexed tokenAddress,
PaymentSettings paymentSettings,
uint32 indexed paymentMethodWhitelistId,
address indexed constrainedPricingPaymentMethod,
uint16 royaltyBackfillNumerator,
address royaltyBackfillReceiver,
uint16 royaltyBountyNumerator,
address exclusiveBountyReceiver,
bool blockTradesFromUntrustedChannels,
bool blockBannedAccounts);
/// @notice Emitted whenever pricing bounds change at a token level for price-constrained collections.
event UpdatedTokenLevelPricingBoundaries(
address indexed tokenAddress,
uint256 indexed tokenId,
uint256 floorPrice,
uint256 ceilingPrice);
}// SPDX-License-Identifier: BSL-1.1
pragma solidity 0.8.19;
import "../DataTypes.sol";
/**
* @title Payment Processor
* @custom:version 2.0.0
* @author Limit Break, Inc.
*/
contract PaymentProcessorStorageAccess {
/// @dev The base storage slot for Payment Processor contract storage items.
bytes32 constant DIAMOND_STORAGE_PAYMENT_PROCESSOR =
keccak256("diamond.storage.payment.processor");
/**
* @dev Returns a storage object that follows the Diamond standard storage pattern for
* @dev contract storage across multiple module contracts.
*/
function appStorage() internal pure returns (PaymentProcessorStorage storage diamondStorage) {
bytes32 slot = DIAMOND_STORAGE_PAYMENT_PROCESSOR;
assembly {
diamondStorage.slot := slot
}
}
}// SPDX-License-Identifier: BSL-1.1
pragma solidity 0.8.19;
// keccack256("Cosignature(uint8 v,bytes32 r,bytes32 s,uint256 expiration,address taker)")
bytes32 constant COSIGNATURE_HASH = 0x347b7818601b168f6faadc037723496e9130b057c1ffef2ec4128311e19142f2;
// keccack256("CollectionOfferApproval(uint8 protocol,address cosigner,address buyer,address beneficiary,address marketplace,address fallbackRoyaltyRecipient,address paymentMethod,address tokenAddress,uint256 amount,uint256 itemPrice,uint256 expiration,uint256 marketplaceFeeNumerator,uint256 nonce,uint256 masterNonce)")
bytes32 constant COLLECTION_OFFER_APPROVAL_HASH = 0x8fe9498e93fe26b30ebf76fac07bd4705201c8609227362697082288e3b4af9c;
// keccack256("ItemOfferApproval(uint8 protocol,address cosigner,address buyer,address beneficiary,address marketplace,address fallbackRoyaltyRecipient,address paymentMethod,address tokenAddress,uint256 tokenId,uint256 amount,uint256 itemPrice,uint256 expiration,uint256 marketplaceFeeNumerator,uint256 nonce,uint256 masterNonce)")
bytes32 constant ITEM_OFFER_APPROVAL_HASH = 0xce2e9706d63e89ddf7ee16ce0508a1c3c9bd1904c582db2e647e6f4690a0bf6b;
// keccack256("TokenSetOfferApproval(uint8 protocol,address cosigner,address buyer,address beneficiary,address marketplace,address fallbackRoyaltyRecipient,address paymentMethod,address tokenAddress,uint256 amount,uint256 itemPrice,uint256 expiration,uint256 marketplaceFeeNumerator,uint256 nonce,uint256 masterNonce,bytes32 tokenSetMerkleRoot)")
bytes32 constant TOKEN_SET_OFFER_APPROVAL_HASH = 0x244905ade6b0e455d12fb539a4b17d7f675db14797d514168d09814a09c70e70;
// keccack256("SaleApproval(uint8 protocol,address cosigner,address seller,address marketplace,address fallbackRoyaltyRecipient,address paymentMethod,address tokenAddress,uint256 tokenId,uint256 amount,uint256 itemPrice,uint256 expiration,uint256 marketplaceFeeNumerator,uint256 maxRoyaltyFeeNumerator,uint256 nonce,uint256 masterNonce)")
bytes32 constant SALE_APPROVAL_HASH = 0x938786a8256d04dc45d6d5b997005aa07c0c9e3e4925d0d6c33128d240096ebc;
// The denominator used when calculating the marketplace fee.
// 0.5% fee numerator is 50, 1% fee numerator is 100, 10% fee numerator is 1,000 and so on.
uint256 constant FEE_DENOMINATOR = 100_00;
// Default Payment Method Whitelist Id
uint32 constant DEFAULT_PAYMENT_METHOD_WHITELIST_ID = 0;
// Convenience to avoid magic number in bitmask get/set logic.
uint256 constant ZERO = uint256(0);
uint256 constant ONE = uint256(1);
// The default admin role for NFT collections using Access Control.
bytes32 constant DEFAULT_ACCESS_CONTROL_ADMIN_ROLE = 0x00;
/// @dev The plain text message to sign for cosigner self-destruct signature verification
string constant COSIGNER_SELF_DESTRUCT_MESSAGE_TO_SIGN = "COSIGNER_SELF_DESTRUCT";
/**************************************************************/
/* PRECOMPUTED SELECTORS */
/**************************************************************/
bytes4 constant SELECTOR_REASSIGN_OWNERSHIP_OF_PAYMENT_METHOD_WHITELIST= hex"a1e6917e";
bytes4 constant SELECTOR_RENOUNCE_OWNERSHIP_OF_PAYMENT_METHOD_WHITELIST= hex"0886702e";
bytes4 constant SELECTOR_WHITELIST_PAYMENT_METHOD = hex"bb39ce91";
bytes4 constant SELECTOR_UNWHITELIST_PAYMENT_METHOD = hex"e9d4c14e";
bytes4 constant SELECTOR_SET_COLLECTION_PAYMENT_SETTINGS = hex"fc5d8393";
bytes4 constant SELECTOR_SET_COLLECTION_PRICING_BOUNDS = hex"7141ae10";
bytes4 constant SELECTOR_SET_TOKEN_PRICING_BOUNDS = hex"22146d70";
bytes4 constant SELECTOR_ADD_TRUSTED_CHANNEL_FOR_COLLECTION = hex"ab559c14";
bytes4 constant SELECTOR_REMOVE_TRUSTED_CHANNEL_FOR_COLLECTION = hex"282e89f8";
bytes4 constant SELECTOR_ADD_BANNED_ACCOUNT_FOR_COLLECTION = hex"e21dde50";
bytes4 constant SELECTOR_REMOVE_BANNED_ACCOUNT_FOR_COLLECTION = hex"adf14a76";
bytes4 constant SELECTOR_DESTROY_COSIGNER = hex"2aebdefe";
bytes4 constant SELECTOR_REVOKE_MASTER_NONCE = hex"226d4adb";
bytes4 constant SELECTOR_REVOKE_SINGLE_NONCE = hex"b6d7dc33";
bytes4 constant SELECTOR_REVOKE_ORDER_DIGEST = hex"96ae0380";
bytes4 constant SELECTOR_BUY_LISTING = hex"a9272951";
bytes4 constant SELECTOR_ACCEPT_OFFER = hex"e35bb9b7";
bytes4 constant SELECTOR_BULK_BUY_LISTINGS = hex"27add047";
bytes4 constant SELECTOR_BULK_ACCEPT_OFFERS = hex"b3cdebdb";
bytes4 constant SELECTOR_SWEEP_COLLECTION = hex"206576f6";
/**************************************************************/
/* EXPECTED BASE msg.data LENGTHS */
/**************************************************************/
uint256 constant PROOF_ELEMENT_SIZE = 32;
// | 4 | 32 | 512 | 96 | 192 | 64 | = 900 bytes
// | selector | domainSeparator | saleDetails | sellerSignature | cosignature | feeOnTop |
uint256 constant BASE_MSG_LENGTH_BUY_LISTING = 900;
// | 4 | 32 | 32 | 512 | 96 | 32 + (96 + (32 * proof.length)) | 192 | 64 | = 1060 bytes + (32 * proof.length)
// | selector | domainSeparator | isCollectionLevelOffer | saleDetails | buyerSignature | tokenSetProof | cosignature | feeOnTop |
uint256 constant BASE_MSG_LENGTH_ACCEPT_OFFER = 1060;
// | 4 | 32 | 64 | 512 * length | 64 | 96 * length | 64 | 192 * length | 64 | 64 * length | = 292 bytes + (864 * saleDetailsArray.length)
// | selector | domainSeparator | length + offset | saleDetailsArray | length + offset | sellerSignatures | length + offset | cosignatures | length + offset | feesOnTop |
uint256 constant BASE_MSG_LENGTH_BULK_BUY_LISTINGS = 292;
uint256 constant BASE_MSG_LENGTH_BULK_BUY_LISTINGS_PER_ITEM = 864;
// | 4 | 32 | 32 | 64 | 32 * length | 64 | 512 * length | 64 | 96 * length | 64 | 32 + (96 + (32 * proof.length)) | 64 | 192 * length | 64 | 64 * length | = 452 bytes + (1024 * saleDetailsArray.length) + (32 * proof.length [for each element])
// | selector | domainSeparator | struct info? | length + offset | isCollectionLevelOfferArray | length + offset | saleDetailsArray | length + offset | buyerSignaturesArray | length + offset | tokenSetProof | length + offset | cosignatures | length + offset | feesOnTop |
uint256 constant BASE_MSG_LENGTH_BULK_ACCEPT_OFFERS = 452;
uint256 constant BASE_MSG_LENGTH_BULK_ACCEPT_OFFERS_PER_ITEM = 1024;
// | 4 | 32 | 64 | 128 | 64 | 320 * length | 64 | 96 * length | 64 | 192 * length | = 420 bytes + (608 * items.length)
// | selector | domainSeparator | feeOnTop | sweepOrder | length + offset | items | length + offset | signedSellOrders | length + offset | cosignatures |
uint256 constant BASE_MSG_LENGTH_SWEEP_COLLECTION = 420;
uint256 constant BASE_MSG_LENGTH_SWEEP_COLLECTION_PER_ITEM = 608;// SPDX-License-Identifier: BSL-1.1
pragma solidity 0.8.19;
/// @dev Thrown when an order is an ERC721 order and the amount is not one.
error PaymentProcessor__AmountForERC721SalesMustEqualOne();
/// @dev Thrown when an order is an ERC1155 order and the amount is zero.
error PaymentProcessor__AmountForERC1155SalesGreaterThanZero();
/// @dev Thrown when an offer is being accepted and the payment method is the chain native token.
error PaymentProcessor__BadPaymentMethod();
/// @dev Thrown when adding or removing a payment method from a whitelist that the caller does not own.
error PaymentProcessor__CallerDoesNotOwnPaymentMethodWhitelist();
/**
* @dev Thrown when modifying collection payment settings, pricing bounds, or trusted channels on a collection
* @dev that the caller is not the owner of or a member of the default admin role for.
*/
error PaymentProcessor__CallerMustHaveElevatedPermissionsForSpecifiedNFT();
/// @dev Thrown when setting a collection or token pricing constraint with a floor price greater than ceiling price.
error PaymentProcessor__CeilingPriceMustBeGreaterThanFloorPrice();
/// @dev Thrown when adding a trusted channel that is not a trusted forwarder deployed by the trusted forwarder factory.
error PaymentProcessor__ChannelIsNotTrustedForwarder();
/// @dev Thrown when removing a payment method from a whitelist when that payment method is not on the whitelist.
error PaymentProcessor__CoinIsNotApproved();
/// @dev Thrown when the current block time is greater than the expiration time for the cosignature.
error PaymentProcessor__CosignatureHasExpired();
/// @dev Thrown when the cosigner has self destructed.
error PaymentProcessor__CosignerHasSelfDestructed();
/// @dev Thrown when a token failed to transfer to the beneficiary and partial fills are disabled.
error PaymentProcessor__DispensingTokenWasUnsuccessful();
/// @dev Thrown when a maker is a contract and the contract does not return the correct EIP1271 response to validate the signature.
error PaymentProcessor__EIP1271SignatureInvalid();
/// @dev Thrown when a native token transfer call fails to transfer the tokens.
error PaymentProcessor__FailedToTransferProceeds();
/// @dev Thrown when the additional fee on top exceeds the item price.
error PaymentProcessor__FeeOnTopCannotBeGreaterThanItemPrice();
/// @dev Thrown when the supplied root hash, token and proof do not match.
error PaymentProcessor__IncorrectTokenSetMerkleProof();
/// @dev Thrown when an input array has zero items in a location where it must have items.
error PaymentProcessor__InputArrayLengthCannotBeZero();
/// @dev Thrown when multiple input arrays have different lengths but are required to be the same length.
error PaymentProcessor__InputArrayLengthMismatch();
/// @dev Thrown when Payment Processor or a module is being deployed with invalid constructor arguments.
error PaymentProcessor__InvalidConstructorArguments();
/// @dev Thrown when the maker or taker is a banned account on the collection being traded.
error PaymentProcessor__MakerOrTakerIsBannedAccount();
/// @dev Thrown when the combined marketplace and royalty fees will exceed the item price.
error PaymentProcessor__MarketplaceAndRoyaltyFeesWillExceedSalePrice();
/// @dev Thrown when the recovered address from a cosignature does not match the order cosigner.
error PaymentProcessor__NotAuthorizedByCosigner();
/// @dev Thrown when the ERC2981 or backfilled royalties exceed the maximum fee specified by the order maker.
error PaymentProcessor__OnchainRoyaltiesExceedMaximumApprovedRoyaltyFee();
/// @dev Thrown when the current block timestamp is greater than the order expiration time.
error PaymentProcessor__OrderHasExpired();
/// @dev Thrown when attempting to fill a partially fillable order that has already been filled or cancelled.
error PaymentProcessor__OrderIsEitherCancelledOrFilled();
/// @dev Thrown when attempting to execute a sweep order for partially fillable orders.
error PaymentProcessor__OrderProtocolERC1155FillPartialUnsupportedInSweeps();
/// @dev Thrown when attempting to partially fill an order where the item price is not equally divisible by the amount of tokens.
error PaymentProcessor__PartialFillsNotSupportedForNonDivisibleItems();
/// @dev Thrown when attempting to execute an order with a payment method that is not allowed by the collection payment settings.
error PaymentProcessor__PaymentCoinIsNotAnApprovedPaymentMethod();
/// @dev Thrown when adding a payment method to a whitelist when that payment method is already on the list.
error PaymentProcessor__PaymentMethodIsAlreadyApproved();
/// @dev Thrown when setting collection payment settings with a whitelist id that does not exist.
error PaymentProcessor__PaymentMethodWhitelistDoesNotExist();
/// @dev Thrown when attempting to transfer ownership of a payment method whitelist to the zero address.
error PaymentProcessor__PaymentMethodWhitelistOwnershipCannotBeTransferredToZeroAddress();
/// @dev Thrown when distributing payments and fees in native token and the amount remaining is less than the amount to distribute.
error PaymentProcessor__RanOutOfNativeFunds();
/// @dev Thrown when attempting to set a royalty backfill numerator that would result in royalties greater than 100%.
error PaymentProcessor__RoyaltyBackfillNumeratorCannotExceedFeeDenominator();
/// @dev Thrown when attempting to set a royalty bounty numerator that would result in royalty bounties greater than 100%.
error PaymentProcessor__RoyaltyBountyNumeratorCannotExceedFeeDenominator();
/// @dev Thrown when a collection is set to pricing constraints and the item price exceeds the defined maximum price.
error PaymentProcessor__SalePriceAboveMaximumCeiling();
/// @dev Thrown when a collection is set to pricing constraints and the item price is below the defined minimum price.
error PaymentProcessor__SalePriceBelowMinimumFloor();
/// @dev Thrown when a maker's nonce has already been used for an executed order or cancelled by the maker.
error PaymentProcessor__SignatureAlreadyUsedOrRevoked();
/**
* @dev Thrown when a collection is set to block untrusted channels and the order execution originates from a channel
* @dev that is not in the collection's trusted channel list.
*/
error PaymentProcessor__TradeOriginatedFromUntrustedChannel();
/// @dev Thrown when a trading of a specific collection has been paused by the collection owner or admin.
error PaymentProcessor__TradingIsPausedForCollection();
/**
* @dev Thrown when attempting to fill a partially fillable order and the amount available to fill
* @dev is less than the specified minimum to fill.
*/
error PaymentProcessor__UnableToFillMinimumRequestedQuantity();
/// @dev Thrown when the recovered signer for an order does not match the order maker.
error PaymentProcessor__UnauthorizedOrder();
/// @dev Thrown when the taker on a cosigned order does not match the taker on the cosignature.
error PaymentProcessor__UnauthorizedTaker();
/// @dev Thrown when the Payment Processor or a module is being deployed with uninitialized configuration values.
error PaymentProcessor__UninitializedConfiguration();// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (access/IAccessControl.sol)
pragma solidity ^0.8.0;
/**
* @dev External interface of AccessControl declared to support ERC165 detection.
*/
interface IAccessControl {
/**
* @dev Emitted when `newAdminRole` is set as ``role``'s admin role, replacing `previousAdminRole`
*
* `DEFAULT_ADMIN_ROLE` is the starting admin for all roles, despite
* {RoleAdminChanged} not being emitted signaling this.
*
* _Available since v3.1._
*/
event RoleAdminChanged(bytes32 indexed role, bytes32 indexed previousAdminRole, bytes32 indexed newAdminRole);
/**
* @dev Emitted when `account` is granted `role`.
*
* `sender` is the account that originated the contract call, an admin role
* bearer except when using {AccessControl-_setupRole}.
*/
event RoleGranted(bytes32 indexed role, address indexed account, address indexed sender);
/**
* @dev Emitted when `account` is revoked `role`.
*
* `sender` is the account that originated the contract call:
* - if using `revokeRole`, it is the admin role bearer
* - if using `renounceRole`, it is the role bearer (i.e. `account`)
*/
event RoleRevoked(bytes32 indexed role, address indexed account, address indexed sender);
/**
* @dev Returns `true` if `account` has been granted `role`.
*/
function hasRole(bytes32 role, address account) external view returns (bool);
/**
* @dev Returns the admin role that controls `role`. See {grantRole} and
* {revokeRole}.
*
* To change a role's admin, use {AccessControl-_setRoleAdmin}.
*/
function getRoleAdmin(bytes32 role) external view returns (bytes32);
/**
* @dev Grants `role` to `account`.
*
* If `account` had not been already granted `role`, emits a {RoleGranted}
* event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*/
function grantRole(bytes32 role, address account) external;
/**
* @dev Revokes `role` from `account`.
*
* If `account` had been granted `role`, emits a {RoleRevoked} event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*/
function revokeRole(bytes32 role, address account) external;
/**
* @dev Revokes `role` from the calling account.
*
* Roles are often managed via {grantRole} and {revokeRole}: this function's
* purpose is to provide a mechanism for accounts to lose their privileges
* if they are compromised (such as when a trusted device is misplaced).
*
* If the calling account had been granted `role`, emits a {RoleRevoked}
* event.
*
* Requirements:
*
* - the caller must be `account`.
*/
function renounceRole(bytes32 role, address account) external;
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (interfaces/IERC1271.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC1271 standard signature validation method for
* contracts as defined in https://eips.ethereum.org/EIPS/eip-1271[ERC-1271].
*
* _Available since v4.1._
*/
interface IERC1271 {
/**
* @dev Should return whether the signature provided is valid for the provided data
* @param hash Hash of the data to be signed
* @param signature Signature byte array associated with _data
*/
function isValidSignature(bytes32 hash, bytes memory signature) external view returns (bytes4 magicValue);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (interfaces/IERC2981.sol)
pragma solidity ^0.8.0;
import "../utils/introspection/IERC165.sol";
/**
* @dev Interface for the NFT Royalty Standard.
*
* A standardized way to retrieve royalty payment information for non-fungible tokens (NFTs) to enable universal
* support for royalty payments across all NFT marketplaces and ecosystem participants.
*
* _Available since v4.5._
*/
interface IERC2981 is IERC165 {
/**
* @dev Returns how much royalty is owed and to whom, based on a sale price that may be denominated in any unit of
* exchange. The royalty amount is denominated and should be paid in that same unit of exchange.
*/
function royaltyInfo(
uint256 tokenId,
uint256 salePrice
) external view returns (address receiver, uint256 royaltyAmount);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.3) (token/ERC20/utils/SafeERC20.sol)
pragma solidity ^0.8.0;
import "../IERC20.sol";
import "../extensions/IERC20Permit.sol";
import "../../../utils/Address.sol";
/**
* @title SafeERC20
* @dev Wrappers around ERC20 operations that throw on failure (when the token
* contract returns false). Tokens that return no value (and instead revert or
* throw on failure) are also supported, non-reverting calls are assumed to be
* successful.
* To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
* which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
*/
library SafeERC20 {
using Address for address;
/**
* @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeTransfer(IERC20 token, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));
}
/**
* @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the
* calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.
*/
function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));
}
/**
* @dev Deprecated. This function has issues similar to the ones found in
* {IERC20-approve}, and its usage is discouraged.
*
* Whenever possible, use {safeIncreaseAllowance} and
* {safeDecreaseAllowance} instead.
*/
function safeApprove(IERC20 token, address spender, uint256 value) internal {
// safeApprove should only be called when setting an initial allowance,
// or when resetting it to zero. To increase and decrease it, use
// 'safeIncreaseAllowance' and 'safeDecreaseAllowance'
require(
(value == 0) || (token.allowance(address(this), spender) == 0),
"SafeERC20: approve from non-zero to non-zero allowance"
);
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));
}
/**
* @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {
uint256 oldAllowance = token.allowance(address(this), spender);
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance + value));
}
/**
* @dev Decrease the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {
unchecked {
uint256 oldAllowance = token.allowance(address(this), spender);
require(oldAllowance >= value, "SafeERC20: decreased allowance below zero");
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance - value));
}
}
/**
* @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval
* to be set to zero before setting it to a non-zero value, such as USDT.
*/
function forceApprove(IERC20 token, address spender, uint256 value) internal {
bytes memory approvalCall = abi.encodeWithSelector(token.approve.selector, spender, value);
if (!_callOptionalReturnBool(token, approvalCall)) {
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, 0));
_callOptionalReturn(token, approvalCall);
}
}
/**
* @dev Use a ERC-2612 signature to set the `owner` approval toward `spender` on `token`.
* Revert on invalid signature.
*/
function safePermit(
IERC20Permit token,
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) internal {
uint256 nonceBefore = token.nonces(owner);
token.permit(owner, spender, value, deadline, v, r, s);
uint256 nonceAfter = token.nonces(owner);
require(nonceAfter == nonceBefore + 1, "SafeERC20: permit did not succeed");
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*/
function _callOptionalReturn(IERC20 token, bytes memory data) private {
// We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
// we're implementing it ourselves. We use {Address-functionCall} to perform this call, which verifies that
// the target address contains contract code and also asserts for success in the low-level call.
bytes memory returndata = address(token).functionCall(data, "SafeERC20: low-level call failed");
require(returndata.length == 0 || abi.decode(returndata, (bool)), "SafeERC20: ERC20 operation did not succeed");
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*
* This is a variant of {_callOptionalReturn} that silents catches all reverts and returns a bool instead.
*/
function _callOptionalReturnBool(IERC20 token, bytes memory data) private returns (bool) {
// We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
// we're implementing it ourselves. We cannot use {Address-functionCall} here since this should return false
// and not revert is the subcall reverts.
(bool success, bytes memory returndata) = address(token).call(data);
return
success && (returndata.length == 0 || abi.decode(returndata, (bool))) && Address.isContract(address(token));
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC721/IERC721.sol)
pragma solidity ^0.8.0;
import "../../utils/introspection/IERC165.sol";
/**
* @dev Required interface of an ERC721 compliant contract.
*/
interface IERC721 is IERC165 {
/**
* @dev Emitted when `tokenId` token is transferred from `from` to `to`.
*/
event Transfer(address indexed from, address indexed to, uint256 indexed tokenId);
/**
* @dev Emitted when `owner` enables `approved` to manage the `tokenId` token.
*/
event Approval(address indexed owner, address indexed approved, uint256 indexed tokenId);
/**
* @dev Emitted when `owner` enables or disables (`approved`) `operator` to manage all of its assets.
*/
event ApprovalForAll(address indexed owner, address indexed operator, bool approved);
/**
* @dev Returns the number of tokens in ``owner``'s account.
*/
function balanceOf(address owner) external view returns (uint256 balance);
/**
* @dev Returns the owner of the `tokenId` token.
*
* Requirements:
*
* - `tokenId` must exist.
*/
function ownerOf(uint256 tokenId) external view returns (address owner);
/**
* @dev Safely transfers `tokenId` token from `from` to `to`.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must exist and be owned by `from`.
* - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}.
* - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.
*
* Emits a {Transfer} event.
*/
function safeTransferFrom(address from, address to, uint256 tokenId, bytes calldata data) external;
/**
* @dev Safely transfers `tokenId` token from `from` to `to`, checking first that contract recipients
* are aware of the ERC721 protocol to prevent tokens from being forever locked.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must exist and be owned by `from`.
* - If the caller is not `from`, it must have been allowed to move this token by either {approve} or {setApprovalForAll}.
* - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.
*
* Emits a {Transfer} event.
*/
function safeTransferFrom(address from, address to, uint256 tokenId) external;
/**
* @dev Transfers `tokenId` token from `from` to `to`.
*
* WARNING: Note that the caller is responsible to confirm that the recipient is capable of receiving ERC721
* or else they may be permanently lost. Usage of {safeTransferFrom} prevents loss, though the caller must
* understand this adds an external call which potentially creates a reentrancy vulnerability.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must be owned by `from`.
* - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}.
*
* Emits a {Transfer} event.
*/
function transferFrom(address from, address to, uint256 tokenId) external;
/**
* @dev Gives permission to `to` to transfer `tokenId` token to another account.
* The approval is cleared when the token is transferred.
*
* Only a single account can be approved at a time, so approving the zero address clears previous approvals.
*
* Requirements:
*
* - The caller must own the token or be an approved operator.
* - `tokenId` must exist.
*
* Emits an {Approval} event.
*/
function approve(address to, uint256 tokenId) external;
/**
* @dev Approve or remove `operator` as an operator for the caller.
* Operators can call {transferFrom} or {safeTransferFrom} for any token owned by the caller.
*
* Requirements:
*
* - The `operator` cannot be the caller.
*
* Emits an {ApprovalForAll} event.
*/
function setApprovalForAll(address operator, bool approved) external;
/**
* @dev Returns the account approved for `tokenId` token.
*
* Requirements:
*
* - `tokenId` must exist.
*/
function getApproved(uint256 tokenId) external view returns (address operator);
/**
* @dev Returns if the `operator` is allowed to manage all of the assets of `owner`.
*
* See {setApprovalForAll}
*/
function isApprovedForAll(address owner, address operator) external view returns (bool);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC1155/IERC1155.sol)
pragma solidity ^0.8.0;
import "../../utils/introspection/IERC165.sol";
/**
* @dev Required interface of an ERC1155 compliant contract, as defined in the
* https://eips.ethereum.org/EIPS/eip-1155[EIP].
*
* _Available since v3.1._
*/
interface IERC1155 is IERC165 {
/**
* @dev Emitted when `value` tokens of token type `id` are transferred from `from` to `to` by `operator`.
*/
event TransferSingle(address indexed operator, address indexed from, address indexed to, uint256 id, uint256 value);
/**
* @dev Equivalent to multiple {TransferSingle} events, where `operator`, `from` and `to` are the same for all
* transfers.
*/
event TransferBatch(
address indexed operator,
address indexed from,
address indexed to,
uint256[] ids,
uint256[] values
);
/**
* @dev Emitted when `account` grants or revokes permission to `operator` to transfer their tokens, according to
* `approved`.
*/
event ApprovalForAll(address indexed account, address indexed operator, bool approved);
/**
* @dev Emitted when the URI for token type `id` changes to `value`, if it is a non-programmatic URI.
*
* If an {URI} event was emitted for `id`, the standard
* https://eips.ethereum.org/EIPS/eip-1155#metadata-extensions[guarantees] that `value` will equal the value
* returned by {IERC1155MetadataURI-uri}.
*/
event URI(string value, uint256 indexed id);
/**
* @dev Returns the amount of tokens of token type `id` owned by `account`.
*
* Requirements:
*
* - `account` cannot be the zero address.
*/
function balanceOf(address account, uint256 id) external view returns (uint256);
/**
* @dev xref:ROOT:erc1155.adoc#batch-operations[Batched] version of {balanceOf}.
*
* Requirements:
*
* - `accounts` and `ids` must have the same length.
*/
function balanceOfBatch(
address[] calldata accounts,
uint256[] calldata ids
) external view returns (uint256[] memory);
/**
* @dev Grants or revokes permission to `operator` to transfer the caller's tokens, according to `approved`,
*
* Emits an {ApprovalForAll} event.
*
* Requirements:
*
* - `operator` cannot be the caller.
*/
function setApprovalForAll(address operator, bool approved) external;
/**
* @dev Returns true if `operator` is approved to transfer ``account``'s tokens.
*
* See {setApprovalForAll}.
*/
function isApprovedForAll(address account, address operator) external view returns (bool);
/**
* @dev Transfers `amount` tokens of token type `id` from `from` to `to`.
*
* Emits a {TransferSingle} event.
*
* Requirements:
*
* - `to` cannot be the zero address.
* - If the caller is not `from`, it must have been approved to spend ``from``'s tokens via {setApprovalForAll}.
* - `from` must have a balance of tokens of type `id` of at least `amount`.
* - If `to` refers to a smart contract, it must implement {IERC1155Receiver-onERC1155Received} and return the
* acceptance magic value.
*/
function safeTransferFrom(address from, address to, uint256 id, uint256 amount, bytes calldata data) external;
/**
* @dev xref:ROOT:erc1155.adoc#batch-operations[Batched] version of {safeTransferFrom}.
*
* Emits a {TransferBatch} event.
*
* Requirements:
*
* - `ids` and `amounts` must have the same length.
* - If `to` refers to a smart contract, it must implement {IERC1155Receiver-onERC1155BatchReceived} and return the
* acceptance magic value.
*/
function safeBatchTransferFrom(
address from,
address to,
uint256[] calldata ids,
uint256[] calldata amounts,
bytes calldata data
) external;
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/ECDSA.sol)
pragma solidity ^0.8.0;
import "../Strings.sol";
/**
* @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.
*
* These functions can be used to verify that a message was signed by the holder
* of the private keys of a given address.
*/
library ECDSA {
enum RecoverError {
NoError,
InvalidSignature,
InvalidSignatureLength,
InvalidSignatureS,
InvalidSignatureV // Deprecated in v4.8
}
function _throwError(RecoverError error) private pure {
if (error == RecoverError.NoError) {
return; // no error: do nothing
} else if (error == RecoverError.InvalidSignature) {
revert("ECDSA: invalid signature");
} else if (error == RecoverError.InvalidSignatureLength) {
revert("ECDSA: invalid signature length");
} else if (error == RecoverError.InvalidSignatureS) {
revert("ECDSA: invalid signature 's' value");
}
}
/**
* @dev Returns the address that signed a hashed message (`hash`) with
* `signature` or error string. This address can then be used for verification purposes.
*
* The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:
* this function rejects them by requiring the `s` value to be in the lower
* half order, and the `v` value to be either 27 or 28.
*
* IMPORTANT: `hash` _must_ be the result of a hash operation for the
* verification to be secure: it is possible to craft signatures that
* recover to arbitrary addresses for non-hashed data. A safe way to ensure
* this is by receiving a hash of the original message (which may otherwise
* be too long), and then calling {toEthSignedMessageHash} on it.
*
* Documentation for signature generation:
* - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]
* - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]
*
* _Available since v4.3._
*/
function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError) {
if (signature.length == 65) {
bytes32 r;
bytes32 s;
uint8 v;
// ecrecover takes the signature parameters, and the only way to get them
// currently is to use assembly.
/// @solidity memory-safe-assembly
assembly {
r := mload(add(signature, 0x20))
s := mload(add(signature, 0x40))
v := byte(0, mload(add(signature, 0x60)))
}
return tryRecover(hash, v, r, s);
} else {
return (address(0), RecoverError.InvalidSignatureLength);
}
}
/**
* @dev Returns the address that signed a hashed message (`hash`) with
* `signature`. This address can then be used for verification purposes.
*
* The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:
* this function rejects them by requiring the `s` value to be in the lower
* half order, and the `v` value to be either 27 or 28.
*
* IMPORTANT: `hash` _must_ be the result of a hash operation for the
* verification to be secure: it is possible to craft signatures that
* recover to arbitrary addresses for non-hashed data. A safe way to ensure
* this is by receiving a hash of the original message (which may otherwise
* be too long), and then calling {toEthSignedMessageHash} on it.
*/
function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {
(address recovered, RecoverError error) = tryRecover(hash, signature);
_throwError(error);
return recovered;
}
/**
* @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.
*
* See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures]
*
* _Available since v4.3._
*/
function tryRecover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address, RecoverError) {
bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);
uint8 v = uint8((uint256(vs) >> 255) + 27);
return tryRecover(hash, v, r, s);
}
/**
* @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.
*
* _Available since v4.2._
*/
function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {
(address recovered, RecoverError error) = tryRecover(hash, r, vs);
_throwError(error);
return recovered;
}
/**
* @dev Overload of {ECDSA-tryRecover} that receives the `v`,
* `r` and `s` signature fields separately.
*
* _Available since v4.3._
*/
function tryRecover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address, RecoverError) {
// EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature
// unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
// the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most
// signatures from current libraries generate a unique signature with an s-value in the lower half order.
//
// If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value
// with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or
// vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept
// these malleable signatures as well.
if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
return (address(0), RecoverError.InvalidSignatureS);
}
// If the signature is valid (and not malleable), return the signer address
address signer = ecrecover(hash, v, r, s);
if (signer == address(0)) {
return (address(0), RecoverError.InvalidSignature);
}
return (signer, RecoverError.NoError);
}
/**
* @dev Overload of {ECDSA-recover} that receives the `v`,
* `r` and `s` signature fields separately.
*/
function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {
(address recovered, RecoverError error) = tryRecover(hash, v, r, s);
_throwError(error);
return recovered;
}
/**
* @dev Returns an Ethereum Signed Message, created from a `hash`. This
* produces hash corresponding to the one signed with the
* https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]
* JSON-RPC method as part of EIP-191.
*
* See {recover}.
*/
function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32 message) {
// 32 is the length in bytes of hash,
// enforced by the type signature above
/// @solidity memory-safe-assembly
assembly {
mstore(0x00, "\\x19Ethereum Signed Message:\
32")
mstore(0x1c, hash)
message := keccak256(0x00, 0x3c)
}
}
/**
* @dev Returns an Ethereum Signed Message, created from `s`. This
* produces hash corresponding to the one signed with the
* https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]
* JSON-RPC method as part of EIP-191.
*
* See {recover}.
*/
function toEthSignedMessageHash(bytes memory s) internal pure returns (bytes32) {
return keccak256(abi.encodePacked("\\x19Ethereum Signed Message:\
", Strings.toString(s.length), s));
}
/**
* @dev Returns an Ethereum Signed Typed Data, created from a
* `domainSeparator` and a `structHash`. This produces hash corresponding
* to the one signed with the
* https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`]
* JSON-RPC method as part of EIP-712.
*
* See {recover}.
*/
function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 data) {
/// @solidity memory-safe-assembly
assembly {
let ptr := mload(0x40)
mstore(ptr, "\\x19\\x01")
mstore(add(ptr, 0x02), domainSeparator)
mstore(add(ptr, 0x22), structHash)
data := keccak256(ptr, 0x42)
}
}
/**
* @dev Returns an Ethereum Signed Data with intended validator, created from a
* `validator` and `data` according to the version 0 of EIP-191.
*
* See {recover}.
*/
function toDataWithIntendedValidatorHash(address validator, bytes memory data) internal pure returns (bytes32) {
return keccak256(abi.encodePacked("\\x19\\x00", validator, data));
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.2) (utils/cryptography/MerkleProof.sol)
pragma solidity ^0.8.0;
/**
* @dev These functions deal with verification of Merkle Tree proofs.
*
* The tree and the proofs can be generated using our
* https://github.com/OpenZeppelin/merkle-tree[JavaScript library].
* You will find a quickstart guide in the readme.
*
* WARNING: You should avoid using leaf values that are 64 bytes long prior to
* hashing, or use a hash function other than keccak256 for hashing leaves.
* This is because the concatenation of a sorted pair of internal nodes in
* the merkle tree could be reinterpreted as a leaf value.
* OpenZeppelin's JavaScript library generates merkle trees that are safe
* against this attack out of the box.
*/
library MerkleProof {
/**
* @dev Returns true if a `leaf` can be proved to be a part of a Merkle tree
* defined by `root`. For this, a `proof` must be provided, containing
* sibling hashes on the branch from the leaf to the root of the tree. Each
* pair of leaves and each pair of pre-images are assumed to be sorted.
*/
function verify(bytes32[] memory proof, bytes32 root, bytes32 leaf) internal pure returns (bool) {
return processProof(proof, leaf) == root;
}
/**
* @dev Calldata version of {verify}
*
* _Available since v4.7._
*/
function verifyCalldata(bytes32[] calldata proof, bytes32 root, bytes32 leaf) internal pure returns (bool) {
return processProofCalldata(proof, leaf) == root;
}
/**
* @dev Returns the rebuilt hash obtained by traversing a Merkle tree up
* from `leaf` using `proof`. A `proof` is valid if and only if the rebuilt
* hash matches the root of the tree. When processing the proof, the pairs
* of leafs & pre-images are assumed to be sorted.
*
* _Available since v4.4._
*/
function processProof(bytes32[] memory proof, bytes32 leaf) internal pure returns (bytes32) {
bytes32 computedHash = leaf;
for (uint256 i = 0; i < proof.length; i++) {
computedHash = _hashPair(computedHash, proof[i]);
}
return computedHash;
}
/**
* @dev Calldata version of {processProof}
*
* _Available since v4.7._
*/
function processProofCalldata(bytes32[] calldata proof, bytes32 leaf) internal pure returns (bytes32) {
bytes32 computedHash = leaf;
for (uint256 i = 0; i < proof.length; i++) {
computedHash = _hashPair(computedHash, proof[i]);
}
return computedHash;
}
/**
* @dev Returns true if the `leaves` can be simultaneously proven to be a part of a merkle tree defined by
* `root`, according to `proof` and `proofFlags` as described in {processMultiProof}.
*
* CAUTION: Not all merkle trees admit multiproofs. See {processMultiProof} for details.
*
* _Available since v4.7._
*/
function multiProofVerify(
bytes32[] memory proof,
bool[] memory proofFlags,
bytes32 root,
bytes32[] memory leaves
) internal pure returns (bool) {
return processMultiProof(proof, proofFlags, leaves) == root;
}
/**
* @dev Calldata version of {multiProofVerify}
*
* CAUTION: Not all merkle trees admit multiproofs. See {processMultiProof} for details.
*
* _Available since v4.7._
*/
function multiProofVerifyCalldata(
bytes32[] calldata proof,
bool[] calldata proofFlags,
bytes32 root,
bytes32[] memory leaves
) internal pure returns (bool) {
return processMultiProofCalldata(proof, proofFlags, leaves) == root;
}
/**
* @dev Returns the root of a tree reconstructed from `leaves` and sibling nodes in `proof`. The reconstruction
* proceeds by incrementally reconstructing all inner nodes by combining a leaf/inner node with either another
* leaf/inner node or a proof sibling node, depending on whether each `proofFlags` item is true or false
* respectively.
*
* CAUTION: Not all merkle trees admit multiproofs. To use multiproofs, it is sufficient to ensure that: 1) the tree
* is complete (but not necessarily perfect), 2) the leaves to be proven are in the opposite order they are in the
* tree (i.e., as seen from right to left starting at the deepest layer and continuing at the next layer).
*
* _Available since v4.7._
*/
function processMultiProof(
bytes32[] memory proof,
bool[] memory proofFlags,
bytes32[] memory leaves
) internal pure returns (bytes32 merkleRoot) {
// This function rebuilds the root hash by traversing the tree up from the leaves. The root is rebuilt by
// consuming and producing values on a queue. The queue starts with the `leaves` array, then goes onto the
// `hashes` array. At the end of the process, the last hash in the `hashes` array should contain the root of
// the merkle tree.
uint256 leavesLen = leaves.length;
uint256 proofLen = proof.length;
uint256 totalHashes = proofFlags.length;
// Check proof validity.
require(leavesLen + proofLen - 1 == totalHashes, "MerkleProof: invalid multiproof");
// The xxxPos values are "pointers" to the next value to consume in each array. All accesses are done using
// `xxx[xxxPos++]`, which return the current value and increment the pointer, thus mimicking a queue's "pop".
bytes32[] memory hashes = new bytes32[](totalHashes);
uint256 leafPos = 0;
uint256 hashPos = 0;
uint256 proofPos = 0;
// At each step, we compute the next hash using two values:
// - a value from the "main queue". If not all leaves have been consumed, we get the next leaf, otherwise we
// get the next hash.
// - depending on the flag, either another value from the "main queue" (merging branches) or an element from the
// `proof` array.
for (uint256 i = 0; i < totalHashes; i++) {
bytes32 a = leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++];
bytes32 b = proofFlags[i]
? (leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++])
: proof[proofPos++];
hashes[i] = _hashPair(a, b);
}
if (totalHashes > 0) {
require(proofPos == proofLen, "MerkleProof: invalid multiproof");
unchecked {
return hashes[totalHashes - 1];
}
} else if (leavesLen > 0) {
return leaves[0];
} else {
return proof[0];
}
}
/**
* @dev Calldata version of {processMultiProof}.
*
* CAUTION: Not all merkle trees admit multiproofs. See {processMultiProof} for details.
*
* _Available since v4.7._
*/
function processMultiProofCalldata(
bytes32[] calldata proof,
bool[] calldata proofFlags,
bytes32[] memory leaves
) internal pure returns (bytes32 merkleRoot) {
// This function rebuilds the root hash by traversing the tree up from the leaves. The root is rebuilt by
// consuming and producing values on a queue. The queue starts with the `leaves` array, then goes onto the
// `hashes` array. At the end of the process, the last hash in the `hashes` array should contain the root of
// the merkle tree.
uint256 leavesLen = leaves.length;
uint256 proofLen = proof.length;
uint256 totalHashes = proofFlags.length;
// Check proof validity.
require(leavesLen + proofLen - 1 == totalHashes, "MerkleProof: invalid multiproof");
// The xxxPos values are "pointers" to the next value to consume in each array. All accesses are done using
// `xxx[xxxPos++]`, which return the current value and increment the pointer, thus mimicking a queue's "pop".
bytes32[] memory hashes = new bytes32[](totalHashes);
uint256 leafPos = 0;
uint256 hashPos = 0;
uint256 proofPos = 0;
// At each step, we compute the next hash using two values:
// - a value from the "main queue". If not all leaves have been consumed, we get the next leaf, otherwise we
// get the next hash.
// - depending on the flag, either another value from the "main queue" (merging branches) or an element from the
// `proof` array.
for (uint256 i = 0; i < totalHashes; i++) {
bytes32 a = leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++];
bytes32 b = proofFlags[i]
? (leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++])
: proof[proofPos++];
hashes[i] = _hashPair(a, b);
}
if (totalHashes > 0) {
require(proofPos == proofLen, "MerkleProof: invalid multiproof");
unchecked {
return hashes[totalHashes - 1];
}
} else if (leavesLen > 0) {
return leaves[0];
} else {
return proof[0];
}
}
function _hashPair(bytes32 a, bytes32 b) private pure returns (bytes32) {
return a < b ? _efficientHash(a, b) : _efficientHash(b, a);
}
function _efficientHash(bytes32 a, bytes32 b) private pure returns (bytes32 value) {
/// @solidity memory-safe-assembly
assembly {
mstore(0x00, a)
mstore(0x20, b)
value := keccak256(0x00, 0x40)
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.3) (metatx/ERC2771Context.sol)
pragma solidity ^0.8.4;
import "@openzeppelin/contracts/utils/Context.sol";
import "./interfaces/ITrustedForwarderFactory.sol";
/**
* @title TrustedForwarderERC2771Context
* @author Limit Break, Inc.
* @notice Context variant that utilizes the TrustedForwarderFactory contract to determine if the sender is a trusted forwarder.
*/
abstract contract TrustedForwarderERC2771Context is Context {
ITrustedForwarderFactory private immutable _factory;
constructor(address factory) {
_factory = ITrustedForwarderFactory(factory);
}
/**
* @notice Returns true if the sender is a trusted forwarder, false otherwise.
*
* @dev This function is required by ERC2771Context.
*
* @param forwarder The address to check.
* @return True if the provided address is a trusted forwarder, false otherwise.
*/
function isTrustedForwarder(address forwarder) public view virtual returns (bool) {
return _factory.isTrustedForwarder(forwarder);
}
function _msgSender() internal view virtual override returns (address sender) {
if (_factory.isTrustedForwarder(msg.sender)) {
if (msg.data.length >= 20) {
// The assembly code is more direct than the Solidity version using `abi.decode`.
/// @solidity memory-safe-assembly
assembly {
sender := shr(96, calldataload(sub(calldatasize(), 20)))
}
} else {
return super._msgSender();
}
} else {
return super._msgSender();
}
}
function _msgData() internal view virtual override returns (bytes calldata data) {
if (_factory.isTrustedForwarder(msg.sender)) {
assembly {
let len := calldatasize()
// Create a slice that defaults to the entire calldata
data.offset := 0
data.length := len
// If the calldata is > 20 bytes, it contains the sender address at the end
// and needs to be truncated
if gt(len, 0x14) {
data.length := sub(len, 0x14)
}
}
} else {
return super._msgData();
}
}
}
// SPDX-License-Identifier: BSL-1.1
pragma solidity 0.8.19;
import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import "@openzeppelin/contracts/utils/structs/EnumerableSet.sol";
/**
* @dev Used internally to indicate which side of the order the taker is on.
*/
enum Sides {
// 0: Taker is on buy side of order.
Buy,
// 1: Taker is on sell side of order.
Sell
}
/**
* @dev Defines condition to apply to order execution.
*/
enum OrderProtocols {
// 0: ERC721 order that must execute in full or not at all.
ERC721_FILL_OR_KILL,
// 1: ERC1155 order that must execute in full or not at all.
ERC1155_FILL_OR_KILL,
// 2: ERC1155 order that may be partially executed.
ERC1155_FILL_PARTIAL
}
/**
* @dev Defines the rules applied to a collection for payments.
*/
enum PaymentSettings {
// 0: Utilize Payment Processor default whitelist.
DefaultPaymentMethodWhitelist,
// 1: Allow any payment method.
AllowAnyPaymentMethod,
// 2: Use a custom payment method whitelist.
CustomPaymentMethodWhitelist,
// 3: Single payment method with floor and ceiling limits.
PricingConstraints,
// 4: Pauses trading for the collection.
Paused
}
/**
* @dev This struct is used internally for the deployment of the Payment Processor contract and
* @dev module deployments to define the default payment method whitelist.
*/
struct DefaultPaymentMethods {
address defaultPaymentMethod1;
address defaultPaymentMethod2;
address defaultPaymentMethod3;
address defaultPaymentMethod4;
}
/**
* @dev This struct is used internally for the deployment of the Payment Processor contract to define the
* @dev module addresses to be used for the contract.
*/
struct PaymentProcessorModules {
address modulePaymentSettings;
address moduleOnChainCancellation;
address moduleTrades;
address moduleTradesAdvanced;
}
/**
* @dev This struct defines the payment settings parameters for a collection.
*
* @dev **paymentSettings**: The general rule definition for payment methods allowed.
* @dev **paymentMethodWhitelistId**: The list id to be used when paymentSettings is set to CustomPaymentMethodWhitelist.
* @dev **constraintedPricingPaymentMethod**: The payment method to be used when paymentSettings is set to PricingConstraints.
* @dev **royaltyBackfillNumerator**: The royalty fee to apply to the collection when ERC2981 is not supported.
* @dev **royaltyBountyNumerator**: The percentage of royalties the creator will grant to a marketplace for order fulfillment.
* @dev **isRoyaltyBountyExclusive**: If true, royalty bounties will only be paid if the order marketplace is the set exclusive marketplace.
* @dev **blockTradesFromUntrustedChannels**: If true, trades that originate from untrusted channels will not be executed.
* @dev **blockBannedAccounts**: If true, banned accounts can be neither maker or taker for trades on a per-collection basis.
*/
struct CollectionPaymentSettings {
PaymentSettings paymentSettings;
uint32 paymentMethodWhitelistId;
address constrainedPricingPaymentMethod;
uint16 royaltyBackfillNumerator;
uint16 royaltyBountyNumerator;
bool isRoyaltyBountyExclusive;
bool blockTradesFromUntrustedChannels;
bool blockBannedAccounts;
}
/**
* @dev The `v`, `r`, and `s` components of an ECDSA signature. For more information
* [refer to this article](https://medium.com/mycrypto/the-magic-of-digital-signatures-on-ethereum-98fe184dc9c7).
*/
struct SignatureECDSA {
uint8 v;
bytes32 r;
bytes32 s;
}
/**
* @dev This struct defines order execution parameters.
*
* @dev **protocol**: The order protocol to apply to the order.
* @dev **maker**: The user that created and signed the order to be executed by a taker.
* @dev **beneficiary**: The account that will receive the tokens.
* @dev **marketplace**: The fee receiver of the marketplace that the order was created on.
* @dev **fallbackRoyaltyRecipient**: The address that will receive royalties if ERC2981
* @dev is not supported by the collection and the creator has not defined backfilled royalties with Payment Processor.
* @dev **paymentMethod**: The payment method for the order.
* @dev **tokenAddress**: The address of the token collection the order is for.
* @dev **tokenId**: The token id that the order is for.
* @dev **amount**: The quantity of token the order is for.
* @dev **itemPrice**: The price for the order in base units for the payment method.
* @dev **nonce**: The maker's nonce for the order.
* @dev **expiration**: The time, in seconds since the Unix epoch, that the order will expire.
* @dev **marketplaceFeeNumerator**: The percentage fee that will be sent to the marketplace.
* @dev **maxRoyaltyFeeNumerator**: The maximum royalty the maker is willing to accept. This will be used
* @dev as the royalty amount when ERC2981 is not supported by the collection.
* @dev **requestedFillAmount**: The amount of tokens for an ERC1155 partial fill order that the taker wants to fill.
* @dev **minimumFillAmount**: The minimum amount of tokens for an ERC1155 partial fill order that the taker will accept.
*/
struct Order {
OrderProtocols protocol;
address maker;
address beneficiary;
address marketplace;
address fallbackRoyaltyRecipient;
address paymentMethod;
address tokenAddress;
uint256 tokenId;
uint248 amount;
uint256 itemPrice;
uint256 nonce;
uint256 expiration;
uint256 marketplaceFeeNumerator;
uint256 maxRoyaltyFeeNumerator;
uint248 requestedFillAmount;
uint248 minimumFillAmount;
}
/**
* @dev This struct defines the cosignature for verifying an order that is a cosigned order.
*
* @dev **signer**: The address that signed the cosigned order. This must match the cosigner that is part of the order signature.
* @dev **taker**: The address of the order taker.
* @dev **expiration**: The time, in seconds since the Unix epoch, that the cosignature will expire.
* @dev The `v`, `r`, and `s` components of an ECDSA signature. For more information
* [refer to this article](https://medium.com/mycrypto/the-magic-of-digital-signatures-on-ethereum-98fe184dc9c7).
*/
struct Cosignature {
address signer;
address taker;
uint256 expiration;
uint8 v;
bytes32 r;
bytes32 s;
}
/**
* @dev This struct defines an additional fee on top of an order, paid by taker.
*
* @dev **recipient**: The recipient of the additional fee.
* @dev **amount**: The amount of the additional fee, in base units of the payment token.
*/
struct FeeOnTop {
address recipient;
uint256 amount;
}
/**
* @dev This struct defines the root hash and proof data for accepting an offer that is for a subset
* @dev of items in a collection. The root hash must match the root hash specified as part of the
* @dev maker's order signature.
*
* @dev **rootHash**: The merkletree root hash for the items that may be used to fulfill the offer order.
* @dev **proof**: The merkle proofs for the item being supplied to fulfill the offer order.
*/
struct TokenSetProof {
bytes32 rootHash;
bytes32[] proof;
}
/**
* @dev Current state of a partially fillable order.
*/
enum PartiallyFillableOrderState {
// 0: Order is open and may continue to be filled.
Open,
// 1: Order has been completely filled.
Filled,
// 2: Order has been cancelled.
Cancelled
}
/**
* @dev This struct defines the current status of a partially fillable order.
*
* @dev **state**: The current state of the order as defined by the PartiallyFillableOrderState enum.
* @dev **remainingFillableQuantity**: The remaining quantity that may be filled for the order.
*/
struct PartiallyFillableOrderStatus {
PartiallyFillableOrderState state;
uint248 remainingFillableQuantity;
}
/**
* @dev This struct defines the royalty backfill and bounty information. Its data for an
* @dev order execution is constructed internally based on the collection settings and
* @dev order execution details.
*
* @dev **backfillNumerator**: The percentage of the order amount to pay as royalties
* @dev for a collection that does not support ERC2981.
* @dev **backfillReceiver**: The recipient of backfill royalties.
* @dev **bountyNumerator**: The percentage of royalties to share with the marketplace for order fulfillment.
* @dev **exclusiveMarketplace**: If non-zero, the address of the exclusive marketplace for royalty bounties.
*/
struct RoyaltyBackfillAndBounty {
uint16 backfillNumerator;
address backfillReceiver;
uint16 bountyNumerator;
address exclusiveMarketplace;
}
/**
* @dev This struct defines order information that is common to all items in a sweep order.
*
* @dev **protocol**: The order protocol to apply to the order.
* @dev **tokenAddress**: The address of the token collection the order is for.
* @dev **paymentMethod**: The payment method for the order.
* @dev **beneficiary**: The account that will receive the tokens.
*/
struct SweepOrder {
OrderProtocols protocol;
address tokenAddress;
address paymentMethod;
address beneficiary;
}
/**
* @dev This struct defines order information that is unique to each item of a sweep order.
* @dev Combined with the SweepOrder header information to make an Order to execute.
*
* @dev **maker**: The user that created and signed the order to be executed by a taker.
* @dev **marketplace**: The marketplace that the order was created on.
* @dev **fallbackRoyaltyRecipient**: The address that will receive royalties if ERC2981
* @dev is not supported by the collection and the creator has not defined royalties with Payment Processor.
* @dev **tokenId**: The token id that the order is for.
* @dev **amount**: The quantity of token the order is for.
* @dev **itemPrice**: The price for the order in base units for the payment method.
* @dev **nonce**: The maker's nonce for the order.
* @dev **expiration**: The time, in seconds since the Unix epoch, that the order will expire.
* @dev **marketplaceFeeNumerator**: The percentage fee that will be sent to the marketplace.
* @dev **maxRoyaltyFeeNumerator**: The maximum royalty the maker is willing to accept. This will be used
* @dev as the royalty amount when ERC2981 is not supported by the collection.
*/
struct SweepItem {
address maker;
address marketplace;
address fallbackRoyaltyRecipient;
uint256 tokenId;
uint248 amount;
uint256 itemPrice;
uint256 nonce;
uint256 expiration;
uint256 marketplaceFeeNumerator;
uint256 maxRoyaltyFeeNumerator;
}
/**
* @dev This struct is used to define pricing constraints for a collection or individual token.
*
* @dev **isSet**: When true, this indicates that pricing constraints are set for the collection or token.
* @dev **floorPrice**: The minimum price for a token or collection. This is only enforced when
* @dev `enforcePricingConstraints` is `true`.
* @dev **ceilingPrice**: The maximum price for a token or collection. This is only enforced when
* @dev `enforcePricingConstraints` is `true`.
*/
struct PricingBounds {
bool isSet;
uint120 floorPrice;
uint120 ceilingPrice;
}
/**
* @dev This struct defines the parameters for a bulk offer acceptance transaction.
*
*
* @dev **isCollectionLevelOfferArray**: An array of flags to indicate if an offer is for any token in the collection.
* @dev **saleDetailsArray**: An array of order execution details.
* @dev **buyerSignaturesArray**: An array of maker signatures authorizing the order executions.
* @dev **tokenSetProofsArray**: An array of root hashes and merkle proofs for offers that are a subset of tokens in a collection.
* @dev **cosignaturesArray**: An array of additional cosignatures for cosigned orders, as applicable.
* @dev **feesOnTopArray**: An array of additional fees to add on top of the orders, paid by taker.
*/
struct BulkAcceptOffersParams {
bool[] isCollectionLevelOfferArray;
Order[] saleDetailsArray;
SignatureECDSA[] buyerSignaturesArray;
TokenSetProof[] tokenSetProofsArray;
Cosignature[] cosignaturesArray;
FeeOnTop[] feesOnTopArray;
}
/**
* @dev Internal contract use only - this is not a public-facing struct
*/
struct SplitProceeds {
address royaltyRecipient;
uint256 royaltyProceeds;
uint256 marketplaceProceeds;
uint256 sellerProceeds;
}
/**
* @dev Internal contract use only - this is not a public-facing struct
*/
struct PayoutsAccumulator {
address lastSeller;
address lastMarketplace;
address lastRoyaltyRecipient;
uint256 accumulatedSellerProceeds;
uint256 accumulatedMarketplaceProceeds;
uint256 accumulatedRoyaltyProceeds;
}
/**
* @dev Internal contract use only - this is not a public-facing struct
*/
struct SweepCollectionComputeAndDistributeProceedsParams {
IERC20 paymentCoin;
FulfillOrderFunctionPointers fnPointers;
FeeOnTop feeOnTop;
RoyaltyBackfillAndBounty royaltyBackfillAndBounty;
Order[] saleDetailsBatch;
}
/**
* @dev Internal contract use only - this is not a public-facing struct
*/
struct FulfillOrderFunctionPointers {
function(address,address,IERC20,uint256,uint256) funcPayout;
function(address,address,address,uint256,uint256) returns (bool) funcDispenseToken;
function(TradeContext memory, Order memory) funcEmitOrderExecutionEvent;
}
/**
* @dev Internal contract use only - this is not a public-facing struct
*/
struct TradeContext {
bytes32 domainSeparator;
address channel;
address taker;
bool disablePartialFill;
}
/**
* @dev This struct defines contract-level storage to be used across all Payment Processor modules.
* @dev Follows the Diamond storage pattern.
*/
struct PaymentProcessorStorage {
/// @dev Tracks the most recently created payment method whitelist id
uint32 lastPaymentMethodWhitelistId;
/**
* @notice User-specific master nonce that allows buyers and sellers to efficiently cancel all listings or offers
* they made previously. The master nonce for a user only changes when they explicitly request to revoke all
* existing listings and offers.
*
* @dev When prompting sellers to sign a listing or offer, marketplaces must query the current master nonce of
* the user and include it in the listing/offer signature data.
*/
mapping(address => uint256) masterNonces;
/**
* @dev The mapping key is the keccak256 hash of marketplace address and user address.
*
* @dev ```keccak256(abi.encodePacked(marketplace, user))```
*
* @dev The mapping value is another nested mapping of "slot" (key) to a bitmap (value) containing boolean flags
* indicating whether or not a nonce has been used or invalidated.
*
* @dev Marketplaces MUST track their own nonce by user, incrementing it for every signed listing or offer the user
* creates. Listings and purchases may be executed out of order, and they may never be executed if orders
* are not matched prior to expriation.
*
* @dev The slot and the bit offset within the mapped value are computed as:
*
* @dev ```slot = nonce / 256;```
* @dev ```offset = nonce % 256;```
*/
mapping(address => mapping(uint256 => uint256)) invalidatedSignatures;
/// @dev Mapping of token contract addresses to the collection payment settings.
mapping (address => CollectionPaymentSettings) collectionPaymentSettings;
/// @dev Mapping of payment method whitelist id to the owner address for the list.
mapping (uint32 => address) paymentMethodWhitelistOwners;
/// @dev Mapping of payment method whitelist id to a defined list of allowed payment methods.
mapping (uint32 => EnumerableSet.AddressSet) collectionPaymentMethodWhitelists;
/// @dev Mapping of token contract addresses to the collection-level pricing boundaries (floor and ceiling price).
mapping (address => PricingBounds) collectionPricingBounds;
/// @dev Mapping of token contract addresses to the token-level pricing boundaries (floor and ceiling price).
mapping (address => mapping (uint256 => PricingBounds)) tokenPricingBounds;
/// @dev Mapping of token contract addresses to the defined royalty backfill receiver addresses.
mapping (address => address) collectionRoyaltyBackfillReceivers;
/// @dev Mapping of token contract addresses to the defined exclusive bounty receivers.
mapping (address => address) collectionExclusiveBountyReceivers;
/// @dev Mapping of maker addresses to a mapping of order digests to the status of the partially fillable order for that digest.
mapping (address => mapping(bytes32 => PartiallyFillableOrderStatus)) partiallyFillableOrderStatuses;
/// @dev Mapping of token contract addresses to the defined list of trusted channels for the token contract.
mapping (address => EnumerableSet.AddressSet) collectionTrustedChannels;
/// @dev Mapping of token contract addresses to the defined list of banned accounts for the token contract.
mapping (address => EnumerableSet.AddressSet) collectionBannedAccounts;
/// @dev A mapping of all co-signers that have self-destructed and can never be used as cosigners again.
mapping (address => bool) destroyedCosigners;
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/introspection/IERC165.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC165 standard, as defined in the
* https://eips.ethereum.org/EIPS/eip-165[EIP].
*
* Implementers can declare support of contract interfaces, which can then be
* queried by others ({ERC165Checker}).
*
* For an implementation, see {ERC165}.
*/
interface IERC165 {
/**
* @dev Returns true if this contract implements the interface defined by
* `interfaceId`. See the corresponding
* https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[EIP section]
* to learn more about how these ids are created.
*
* This function call must use less than 30 000 gas.
*/
function supportsInterface(bytes4 interfaceId) external view returns (bool);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/IERC20.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/
interface IERC20 {
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
/**
* @dev Returns the amount of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the amount of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves `amount` tokens from the caller's account to `to`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address to, uint256 amount) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 amount) external returns (bool);
/**
* @dev Moves `amount` tokens from `from` to `to` using the
* allowance mechanism. `amount` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(address from, address to, uint256 amount) external returns (bool);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/extensions/IERC20Permit.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
* https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
*
* Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
* presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't
* need to send a transaction, and thus is not required to hold Ether at all.
*/
interface IERC20Permit {
/**
* @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,
* given ``owner``'s signed approval.
*
* IMPORTANT: The same issues {IERC20-approve} has related to transaction
* ordering also apply here.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `spender` cannot be the zero address.
* - `deadline` must be a timestamp in the future.
* - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`
* over the EIP712-formatted function arguments.
* - the signature must use ``owner``'s current nonce (see {nonces}).
*
* For more information on the signature format, see the
* https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP
* section].
*/
function permit(
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) external;
/**
* @dev Returns the current nonce for `owner`. This value must be
* included whenever a signature is generated for {permit}.
*
* Every successful call to {permit} increases ``owner``'s nonce by one. This
* prevents a signature from being used multiple times.
*/
function nonces(address owner) external view returns (uint256);
/**
* @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.
*/
// solhint-disable-next-line func-name-mixedcase
function DOMAIN_SEPARATOR() external view returns (bytes32);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)
pragma solidity ^0.8.1;
/**
* @dev Collection of functions related to the address type
*/
library Address {
/**
* @dev Returns true if `account` is a contract.
*
* [IMPORTANT]
* ====
* It is unsafe to assume that an address for which this function returns
* false is an externally-owned account (EOA) and not a contract.
*
* Among others, `isContract` will return false for the following
* types of addresses:
*
* - an externally-owned account
* - a contract in construction
* - an address where a contract will be created
* - an address where a contract lived, but was destroyed
*
* Furthermore, `isContract` will also return true if the target contract within
* the same transaction is already scheduled for destruction by `SELFDESTRUCT`,
* which only has an effect at the end of a transaction.
* ====
*
* [IMPORTANT]
* ====
* You shouldn't rely on `isContract` to protect against flash loan attacks!
*
* Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
* like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
* constructor.
* ====
*/
function isContract(address account) internal view returns (bool) {
// This method relies on extcodesize/address.code.length, which returns 0
// for contracts in construction, since the code is only stored at the end
// of the constructor execution.
return account.code.length > 0;
}
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
require(address(this).balance >= amount, "Address: insufficient balance");
(bool success, ) = recipient.call{value: amount}("");
require(success, "Address: unable to send value, recipient may have reverted");
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason, it is bubbled up by this
* function (like regular Solidity function calls).
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*
* _Available since v3.1._
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, "Address: low-level call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
* `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*
* _Available since v3.1._
*/
function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
}
/**
* @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
* with `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value,
string memory errorMessage
) internal returns (bytes memory) {
require(address(this).balance >= value, "Address: insufficient balance for call");
(bool success, bytes memory returndata) = target.call{value: value}(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
return functionStaticCall(target, data, "Address: low-level static call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(
address target,
bytes memory data,
string memory errorMessage
) internal view returns (bytes memory) {
(bool success, bytes memory returndata) = target.staticcall(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
return functionDelegateCall(target, data, "Address: low-level delegate call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
(bool success, bytes memory returndata) = target.delegatecall(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling
* the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.
*
* _Available since v4.8._
*/
function verifyCallResultFromTarget(
address target,
bool success,
bytes memory returndata,
string memory errorMessage
) internal view returns (bytes memory) {
if (success) {
if (returndata.length == 0) {
// only check isContract if the call was successful and the return data is empty
// otherwise we already know that it was a contract
require(isContract(target), "Address: call to non-contract");
}
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
/**
* @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the
* revert reason or using the provided one.
*
* _Available since v4.3._
*/
function verifyCallResult(
bool success,
bytes memory returndata,
string memory errorMessage
) internal pure returns (bytes memory) {
if (success) {
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
function _revert(bytes memory returndata, string memory errorMessage) private pure {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly
/// @solidity memory-safe-assembly
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert(errorMessage);
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/Strings.sol)
pragma solidity ^0.8.0;
import "./math/Math.sol";
import "./math/SignedMath.sol";
/**
* @dev String operations.
*/
library Strings {
bytes16 private constant _SYMBOLS = "0123456789abcdef";
uint8 private constant _ADDRESS_LENGTH = 20;
/**
* @dev Converts a `uint256` to its ASCII `string` decimal representation.
*/
function toString(uint256 value) internal pure returns (string memory) {
unchecked {
uint256 length = Math.log10(value) + 1;
string memory buffer = new string(length);
uint256 ptr;
/// @solidity memory-safe-assembly
assembly {
ptr := add(buffer, add(32, length))
}
while (true) {
ptr--;
/// @solidity memory-safe-assembly
assembly {
mstore8(ptr, byte(mod(value, 10), _SYMBOLS))
}
value /= 10;
if (value == 0) break;
}
return buffer;
}
}
/**
* @dev Converts a `int256` to its ASCII `string` decimal representation.
*/
function toString(int256 value) internal pure returns (string memory) {
return string(abi.encodePacked(value < 0 ? "-" : "", toString(SignedMath.abs(value))));
}
/**
* @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.
*/
function toHexString(uint256 value) internal pure returns (string memory) {
unchecked {
return toHexString(value, Math.log256(value) + 1);
}
}
/**
* @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.
*/
function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {
bytes memory buffer = new bytes(2 * length + 2);
buffer[0] = "0";
buffer[1] = "x";
for (uint256 i = 2 * length + 1; i > 1; --i) {
buffer[i] = _SYMBOLS[value & 0xf];
value >>= 4;
}
require(value == 0, "Strings: hex length insufficient");
return string(buffer);
}
/**
* @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation.
*/
function toHexString(address addr) internal pure returns (string memory) {
return toHexString(uint256(uint160(addr)), _ADDRESS_LENGTH);
}
/**
* @dev Returns true if the two strings are equal.
*/
function equal(string memory a, string memory b) internal pure returns (bool) {
return keccak256(bytes(a)) == keccak256(bytes(b));
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)
pragma solidity ^0.8.0;
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract Context {
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.4;
interface ITrustedForwarderFactory {
error TrustedForwarderFactory__TrustedForwarderInitFailed(address admin, address appSigner);
event TrustedForwarderCreated(address indexed trustedForwarder);
function cloneTrustedForwarder(address admin, address appSigner, bytes32 salt)
external
returns (address trustedForwarder);
function forwarders(address) external view returns (bool);
function isTrustedForwarder(address sender) external view returns (bool);
function trustedForwarderImplementation() external view returns (address);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/structs/EnumerableSet.sol)
// This file was procedurally generated from scripts/generate/templates/EnumerableSet.js.
pragma solidity ^0.8.0;
/**
* @dev Library for managing
* https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive
* types.
*
* Sets have the following properties:
*
* - Elements are added, removed, and checked for existence in constant time
* (O(1)).
* - Elements are enumerated in O(n). No guarantees are made on the ordering.
*
* ```solidity
* contract Example {
* // Add the library methods
* using EnumerableSet for EnumerableSet.AddressSet;
*
* // Declare a set state variable
* EnumerableSet.AddressSet private mySet;
* }
* ```
*
* As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`)
* and `uint256` (`UintSet`) are supported.
*
* [WARNING]
* ====
* Trying to delete such a structure from storage will likely result in data corruption, rendering the structure
* unusable.
* See https://github.com/ethereum/solidity/pull/11843[ethereum/solidity#11843] for more info.
*
* In order to clean an EnumerableSet, you can either remove all elements one by one or create a fresh instance using an
* array of EnumerableSet.
* ====
*/
library EnumerableSet {
// To implement this library for multiple types with as little code
// repetition as possible, we write it in terms of a generic Set type with
// bytes32 values.
// The Set implementation uses private functions, and user-facing
// implementations (such as AddressSet) are just wrappers around the
// underlying Set.
// This means that we can only create new EnumerableSets for types that fit
// in bytes32.
struct Set {
// Storage of set values
bytes32[] _values;
// Position of the value in the `values` array, plus 1 because index 0
// means a value is not in the set.
mapping(bytes32 => uint256) _indexes;
}
/**
* @dev Add a value to a set. O(1).
*
* Returns true if the value was added to the set, that is if it was not
* already present.
*/
function _add(Set storage set, bytes32 value) private returns (bool) {
if (!_contains(set, value)) {
set._values.push(value);
// The value is stored at length-1, but we add 1 to all indexes
// and use 0 as a sentinel value
set._indexes[value] = set._values.length;
return true;
} else {
return false;
}
}
/**
* @dev Removes a value from a set. O(1).
*
* Returns true if the value was removed from the set, that is if it was
* present.
*/
function _remove(Set storage set, bytes32 value) private returns (bool) {
// We read and store the value's index to prevent multiple reads from the same storage slot
uint256 valueIndex = set._indexes[value];
if (valueIndex != 0) {
// Equivalent to contains(set, value)
// To delete an element from the _values array in O(1), we swap the element to delete with the last one in
// the array, and then remove the last element (sometimes called as 'swap and pop').
// This modifies the order of the array, as noted in {at}.
uint256 toDeleteIndex = valueIndex - 1;
uint256 lastIndex = set._values.length - 1;
if (lastIndex != toDeleteIndex) {
bytes32 lastValue = set._values[lastIndex];
// Move the last value to the index where the value to delete is
set._values[toDeleteIndex] = lastValue;
// Update the index for the moved value
set._indexes[lastValue] = valueIndex; // Replace lastValue's index to valueIndex
}
// Delete the slot where the moved value was stored
set._values.pop();
// Delete the index for the deleted slot
delete set._indexes[value];
return true;
} else {
return false;
}
}
/**
* @dev Returns true if the value is in the set. O(1).
*/
function _contains(Set storage set, bytes32 value) private view returns (bool) {
return set._indexes[value] != 0;
}
/**
* @dev Returns the number of values on the set. O(1).
*/
function _length(Set storage set) private view returns (uint256) {
return set._values.length;
}
/**
* @dev Returns the value stored at position `index` in the set. O(1).
*
* Note that there are no guarantees on the ordering of values inside the
* array, and it may change when more values are added or removed.
*
* Requirements:
*
* - `index` must be strictly less than {length}.
*/
function _at(Set storage set, uint256 index) private view returns (bytes32) {
return set._values[index];
}
/**
* @dev Return the entire set in an array
*
* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
* this function has an unbounded cost, and using it as part of a state-changing function may render the function
* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
*/
function _values(Set storage set) private view returns (bytes32[] memory) {
return set._values;
}
// Bytes32Set
struct Bytes32Set {
Set _inner;
}
/**
* @dev Add a value to a set. O(1).
*
* Returns true if the value was added to the set, that is if it was not
* already present.
*/
function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {
return _add(set._inner, value);
}
/**
* @dev Removes a value from a set. O(1).
*
* Returns true if the value was removed from the set, that is if it was
* present.
*/
function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) {
return _remove(set._inner, value);
}
/**
* @dev Returns true if the value is in the set. O(1).
*/
function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) {
return _contains(set._inner, value);
}
/**
* @dev Returns the number of values in the set. O(1).
*/
function length(Bytes32Set storage set) internal view returns (uint256) {
return _length(set._inner);
}
/**
* @dev Returns the value stored at position `index` in the set. O(1).
*
* Note that there are no guarantees on the ordering of values inside the
* array, and it may change when more values are added or removed.
*
* Requirements:
*
* - `index` must be strictly less than {length}.
*/
function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) {
return _at(set._inner, index);
}
/**
* @dev Return the entire set in an array
*
* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
* this function has an unbounded cost, and using it as part of a state-changing function may render the function
* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
*/
function values(Bytes32Set storage set) internal view returns (bytes32[] memory) {
bytes32[] memory store = _values(set._inner);
bytes32[] memory result;
/// @solidity memory-safe-assembly
assembly {
result := store
}
return result;
}
// AddressSet
struct AddressSet {
Set _inner;
}
/**
* @dev Add a value to a set. O(1).
*
* Returns true if the value was added to the set, that is if it was not
* already present.
*/
function add(AddressSet storage set, address value) internal returns (bool) {
return _add(set._inner, bytes32(uint256(uint160(value))));
}
/**
* @dev Removes a value from a set. O(1).
*
* Returns true if the value was removed from the set, that is if it was
* present.
*/
function remove(AddressSet storage set, address value) internal returns (bool) {
return _remove(set._inner, bytes32(uint256(uint160(value))));
}
/**
* @dev Returns true if the value is in the set. O(1).
*/
function contains(AddressSet storage set, address value) internal view returns (bool) {
return _contains(set._inner, bytes32(uint256(uint160(value))));
}
/**
* @dev Returns the number of values in the set. O(1).
*/
function length(AddressSet storage set) internal view returns (uint256) {
return _length(set._inner);
}
/**
* @dev Returns the value stored at position `index` in the set. O(1).
*
* Note that there are no guarantees on the ordering of values inside the
* array, and it may change when more values are added or removed.
*
* Requirements:
*
* - `index` must be strictly less than {length}.
*/
function at(AddressSet storage set, uint256 index) internal view returns (address) {
return address(uint160(uint256(_at(set._inner, index))));
}
/**
* @dev Return the entire set in an array
*
* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
* this function has an unbounded cost, and using it as part of a state-changing function may render the function
* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
*/
function values(AddressSet storage set) internal view returns (address[] memory) {
bytes32[] memory store = _values(set._inner);
address[] memory result;
/// @solidity memory-safe-assembly
assembly {
result := store
}
return result;
}
// UintSet
struct UintSet {
Set _inner;
}
/**
* @dev Add a value to a set. O(1).
*
* Returns true if the value was added to the set, that is if it was not
* already present.
*/
function add(UintSet storage set, uint256 value) internal returns (bool) {
return _add(set._inner, bytes32(value));
}
/**
* @dev Removes a value from a set. O(1).
*
* Returns true if the value was removed from the set, that is if it was
* present.
*/
function remove(UintSet storage set, uint256 value) internal returns (bool) {
return _remove(set._inner, bytes32(value));
}
/**
* @dev Returns true if the value is in the set. O(1).
*/
function contains(UintSet storage set, uint256 value) internal view returns (bool) {
return _contains(set._inner, bytes32(value));
}
/**
* @dev Returns the number of values in the set. O(1).
*/
function length(UintSet storage set) internal view returns (uint256) {
return _length(set._inner);
}
/**
* @dev Returns the value stored at position `index` in the set. O(1).
*
* Note that there are no guarantees on the ordering of values inside the
* array, and it may change when more values are added or removed.
*
* Requirements:
*
* - `index` must be strictly less than {length}.
*/
function at(UintSet storage set, uint256 index) internal view returns (uint256) {
return uint256(_at(set._inner, index));
}
/**
* @dev Return the entire set in an array
*
* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
* this function has an unbounded cost, and using it as part of a state-changing function may render the function
* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
*/
function values(UintSet storage set) internal view returns (uint256[] memory) {
bytes32[] memory store = _values(set._inner);
uint256[] memory result;
/// @solidity memory-safe-assembly
assembly {
result := store
}
return result;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/math/Math.sol)
pragma solidity ^0.8.0;
/**
* @dev Standard math utilities missing in the Solidity language.
*/
library Math {
enum Rounding {
Down, // Toward negative infinity
Up, // Toward infinity
Zero // Toward zero
}
/**
* @dev Returns the largest of two numbers.
*/
function max(uint256 a, uint256 b) internal pure returns (uint256) {
return a > b ? a : b;
}
/**
* @dev Returns the smallest of two numbers.
*/
function min(uint256 a, uint256 b) internal pure returns (uint256) {
return a < b ? a : b;
}
/**
* @dev Returns the average of two numbers. The result is rounded towards
* zero.
*/
function average(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b) / 2 can overflow.
return (a & b) + (a ^ b) / 2;
}
/**
* @dev Returns the ceiling of the division of two numbers.
*
* This differs from standard division with `/` in that it rounds up instead
* of rounding down.
*/
function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b - 1) / b can overflow on addition, so we distribute.
return a == 0 ? 0 : (a - 1) / b + 1;
}
/**
* @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or denominator == 0
* @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv)
* with further edits by Uniswap Labs also under MIT license.
*/
function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {
unchecked {
// 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use
// use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256
// variables such that product = prod1 * 2^256 + prod0.
uint256 prod0; // Least significant 256 bits of the product
uint256 prod1; // Most significant 256 bits of the product
assembly {
let mm := mulmod(x, y, not(0))
prod0 := mul(x, y)
prod1 := sub(sub(mm, prod0), lt(mm, prod0))
}
// Handle non-overflow cases, 256 by 256 division.
if (prod1 == 0) {
// Solidity will revert if denominator == 0, unlike the div opcode on its own.
// The surrounding unchecked block does not change this fact.
// See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.
return prod0 / denominator;
}
// Make sure the result is less than 2^256. Also prevents denominator == 0.
require(denominator > prod1, "Math: mulDiv overflow");
///////////////////////////////////////////////
// 512 by 256 division.
///////////////////////////////////////////////
// Make division exact by subtracting the remainder from [prod1 prod0].
uint256 remainder;
assembly {
// Compute remainder using mulmod.
remainder := mulmod(x, y, denominator)
// Subtract 256 bit number from 512 bit number.
prod1 := sub(prod1, gt(remainder, prod0))
prod0 := sub(prod0, remainder)
}
// Factor powers of two out of denominator and compute largest power of two divisor of denominator. Always >= 1.
// See https://cs.stackexchange.com/q/138556/92363.
// Does not overflow because the denominator cannot be zero at this stage in the function.
uint256 twos = denominator & (~denominator + 1);
assembly {
// Divide denominator by twos.
denominator := div(denominator, twos)
// Divide [prod1 prod0] by twos.
prod0 := div(prod0, twos)
// Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.
twos := add(div(sub(0, twos), twos), 1)
}
// Shift in bits from prod1 into prod0.
prod0 |= prod1 * twos;
// Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such
// that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for
// four bits. That is, denominator * inv = 1 mod 2^4.
uint256 inverse = (3 * denominator) ^ 2;
// Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also works
// in modular arithmetic, doubling the correct bits in each step.
inverse *= 2 - denominator * inverse; // inverse mod 2^8
inverse *= 2 - denominator * inverse; // inverse mod 2^16
inverse *= 2 - denominator * inverse; // inverse mod 2^32
inverse *= 2 - denominator * inverse; // inverse mod 2^64
inverse *= 2 - denominator * inverse; // inverse mod 2^128
inverse *= 2 - denominator * inverse; // inverse mod 2^256
// Because the division is now exact we can divide by multiplying with the modular inverse of denominator.
// This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is
// less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1
// is no longer required.
result = prod0 * inverse;
return result;
}
}
/**
* @notice Calculates x * y / denominator with full precision, following the selected rounding direction.
*/
function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {
uint256 result = mulDiv(x, y, denominator);
if (rounding == Rounding.Up && mulmod(x, y, denominator) > 0) {
result += 1;
}
return result;
}
/**
* @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded down.
*
* Inspired by Henry S. Warren, Jr.'s "Hacker's Delight" (Chapter 11).
*/
function sqrt(uint256 a) internal pure returns (uint256) {
if (a == 0) {
return 0;
}
// For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.
//
// We know that the "msb" (most significant bit) of our target number `a` is a power of 2 such that we have
// `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.
//
// This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`
// → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`
// → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`
//
// Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.
uint256 result = 1 << (log2(a) >> 1);
// At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,
// since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at
// every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision
// into the expected uint128 result.
unchecked {
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
return min(result, a / result);
}
}
/**
* @notice Calculates sqrt(a), following the selected rounding direction.
*/
function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = sqrt(a);
return result + (rounding == Rounding.Up && result * result < a ? 1 : 0);
}
}
/**
* @dev Return the log in base 2, rounded down, of a positive value.
* Returns 0 if given 0.
*/
function log2(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >> 128 > 0) {
value >>= 128;
result += 128;
}
if (value >> 64 > 0) {
value >>= 64;
result += 64;
}
if (value >> 32 > 0) {
value >>= 32;
result += 32;
}
if (value >> 16 > 0) {
value >>= 16;
result += 16;
}
if (value >> 8 > 0) {
value >>= 8;
result += 8;
}
if (value >> 4 > 0) {
value >>= 4;
result += 4;
}
if (value >> 2 > 0) {
value >>= 2;
result += 2;
}
if (value >> 1 > 0) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 2, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log2(value);
return result + (rounding == Rounding.Up && 1 << result < value ? 1 : 0);
}
}
/**
* @dev Return the log in base 10, rounded down, of a positive value.
* Returns 0 if given 0.
*/
function log10(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >= 10 ** 64) {
value /= 10 ** 64;
result += 64;
}
if (value >= 10 ** 32) {
value /= 10 ** 32;
result += 32;
}
if (value >= 10 ** 16) {
value /= 10 ** 16;
result += 16;
}
if (value >= 10 ** 8) {
value /= 10 ** 8;
result += 8;
}
if (value >= 10 ** 4) {
value /= 10 ** 4;
result += 4;
}
if (value >= 10 ** 2) {
value /= 10 ** 2;
result += 2;
}
if (value >= 10 ** 1) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 10, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log10(value);
return result + (rounding == Rounding.Up && 10 ** result < value ? 1 : 0);
}
}
/**
* @dev Return the log in base 256, rounded down, of a positive value.
* Returns 0 if given 0.
*
* Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.
*/
function log256(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >> 128 > 0) {
value >>= 128;
result += 16;
}
if (value >> 64 > 0) {
value >>= 64;
result += 8;
}
if (value >> 32 > 0) {
value >>= 32;
result += 4;
}
if (value >> 16 > 0) {
value >>= 16;
result += 2;
}
if (value >> 8 > 0) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 256, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log256(value);
return result + (rounding == Rounding.Up && 1 << (result << 3) < value ? 1 : 0);
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (utils/math/SignedMath.sol)
pragma solidity ^0.8.0;
/**
* @dev Standard signed math utilities missing in the Solidity language.
*/
library SignedMath {
/**
* @dev Returns the largest of two signed numbers.
*/
function max(int256 a, int256 b) internal pure returns (int256) {
return a > b ? a : b;
}
/**
* @dev Returns the smallest of two signed numbers.
*/
function min(int256 a, int256 b) internal pure returns (int256) {
return a < b ? a : b;
}
/**
* @dev Returns the average of two signed numbers without overflow.
* The result is rounded towards zero.
*/
function average(int256 a, int256 b) internal pure returns (int256) {
// Formula from the book "Hacker's Delight"
int256 x = (a & b) + ((a ^ b) >> 1);
return x + (int256(uint256(x) >> 255) & (a ^ b));
}
/**
* @dev Returns the absolute unsigned value of a signed value.
*/
function abs(int256 n) internal pure returns (uint256) {
unchecked {
// must be unchecked in order to support `n = type(int256).min`
return uint256(n >= 0 ? n : -n);
}
}
}
File 6 of 6: TrustedForwarderFactory
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.4;
import "@openzeppelin/contracts/proxy/Clones.sol";
contract TrustedForwarderFactory {
error TrustedForwarderFactory__TrustedForwarderInitFailed(address admin, address appSigner);
event TrustedForwarderCreated(address indexed creator, address indexed trustedForwarder);
// keccak256("__TrustedForwarder_init(address,address)")
bytes4 constant private INIT_SELECTOR = 0x81ab13d7;
address immutable public trustedForwarderImplementation;
mapping(address => bool) public forwarders;
constructor(address trustedForwarderImplementation_) {
trustedForwarderImplementation = trustedForwarderImplementation_;
}
/**
* @notice Returns true if the sender is a trusted forwarder, false otherwise.
* @notice Addresses are added to the `forwarders` mapping when they are cloned via the `cloneTrustedForwarder` function.
*
* @dev This function allows for the TrustedForwarder contracts to be used as trusted forwarders within the TrustedForwarderERC2771Context mixin.
*
* @param sender The address to check.
* @return True if the sender is a trusted forwarder, false otherwise.
*/
function isTrustedForwarder(address sender) external view returns (bool) {
return forwarders[sender];
}
/**
* @notice Clones the TrustedForwarder implementation and initializes it.
*
* @dev To prevent hostile deployments, we hash the sender's address with the salt to create the final salt.
* @dev This prevents the mining of specific contract addresses for deterministic deployments, but still allows for
* @dev a canonical address to be created for each sender.
*
* @param admin The address to assign the admin role to.
* @param appSigner The address to assign the app signer role to. This will be ignored if `enableAppSigner` is false.
* @param salt The salt to use for the deterministic deployment. This is hashed with the sender's address to create the final salt.
*
* @return trustedForwarder The address of the newly created TrustedForwarder contract.
*/
function cloneTrustedForwarder(address admin, address appSigner, bytes32 salt) external returns (address trustedForwarder) {
trustedForwarder = Clones.cloneDeterministic(trustedForwarderImplementation, keccak256(abi.encode(msg.sender, salt)));
(bool success, ) = trustedForwarder.call(abi.encodeWithSelector(INIT_SELECTOR, admin, appSigner));
if (!success) {
revert TrustedForwarderFactory__TrustedForwarderInitFailed(admin, appSigner);
}
forwarders[trustedForwarder] = true;
emit TrustedForwarderCreated(msg.sender, trustedForwarder);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (proxy/Clones.sol)
pragma solidity ^0.8.0;
/**
* @dev https://eips.ethereum.org/EIPS/eip-1167[EIP 1167] is a standard for
* deploying minimal proxy contracts, also known as "clones".
*
* > To simply and cheaply clone contract functionality in an immutable way, this standard specifies
* > a minimal bytecode implementation that delegates all calls to a known, fixed address.
*
* The library includes functions to deploy a proxy using either `create` (traditional deployment) or `create2`
* (salted deterministic deployment). It also includes functions to predict the addresses of clones deployed using the
* deterministic method.
*
* _Available since v3.4._
*/
library Clones {
/**
* @dev Deploys and returns the address of a clone that mimics the behaviour of `implementation`.
*
* This function uses the create opcode, which should never revert.
*/
function clone(address implementation) internal returns (address instance) {
/// @solidity memory-safe-assembly
assembly {
// Cleans the upper 96 bits of the `implementation` word, then packs the first 3 bytes
// of the `implementation` address with the bytecode before the address.
mstore(0x00, or(shr(0xe8, shl(0x60, implementation)), 0x3d602d80600a3d3981f3363d3d373d3d3d363d73000000))
// Packs the remaining 17 bytes of `implementation` with the bytecode after the address.
mstore(0x20, or(shl(0x78, implementation), 0x5af43d82803e903d91602b57fd5bf3))
instance := create(0, 0x09, 0x37)
}
require(instance != address(0), "ERC1167: create failed");
}
/**
* @dev Deploys and returns the address of a clone that mimics the behaviour of `implementation`.
*
* This function uses the create2 opcode and a `salt` to deterministically deploy
* the clone. Using the same `implementation` and `salt` multiple time will revert, since
* the clones cannot be deployed twice at the same address.
*/
function cloneDeterministic(address implementation, bytes32 salt) internal returns (address instance) {
/// @solidity memory-safe-assembly
assembly {
// Cleans the upper 96 bits of the `implementation` word, then packs the first 3 bytes
// of the `implementation` address with the bytecode before the address.
mstore(0x00, or(shr(0xe8, shl(0x60, implementation)), 0x3d602d80600a3d3981f3363d3d373d3d3d363d73000000))
// Packs the remaining 17 bytes of `implementation` with the bytecode after the address.
mstore(0x20, or(shl(0x78, implementation), 0x5af43d82803e903d91602b57fd5bf3))
instance := create2(0, 0x09, 0x37, salt)
}
require(instance != address(0), "ERC1167: create2 failed");
}
/**
* @dev Computes the address of a clone deployed using {Clones-cloneDeterministic}.
*/
function predictDeterministicAddress(
address implementation,
bytes32 salt,
address deployer
) internal pure returns (address predicted) {
/// @solidity memory-safe-assembly
assembly {
let ptr := mload(0x40)
mstore(add(ptr, 0x38), deployer)
mstore(add(ptr, 0x24), 0x5af43d82803e903d91602b57fd5bf3ff)
mstore(add(ptr, 0x14), implementation)
mstore(ptr, 0x3d602d80600a3d3981f3363d3d373d3d3d363d73)
mstore(add(ptr, 0x58), salt)
mstore(add(ptr, 0x78), keccak256(add(ptr, 0x0c), 0x37))
predicted := keccak256(add(ptr, 0x43), 0x55)
}
}
/**
* @dev Computes the address of a clone deployed using {Clones-cloneDeterministic}.
*/
function predictDeterministicAddress(
address implementation,
bytes32 salt
) internal view returns (address predicted) {
return predictDeterministicAddress(implementation, salt, address(this));
}
}