Transaction Hash:
Block:
19508976 at Mar-25-2024 03:56:11 AM +UTC
Transaction Fee:
0.0018522581153508 ETH
$4.50
Gas Used:
136,200 Gas / 13.599545634 Gwei
Emitted Events:
| 493 |
UniswapV2Pair.Transfer( from=[Receiver] Staking, to=[Sender] 0x4f76b969fd570c5a5196f5ed5bcebd36bb5163ce, value=38000000000000000000 )
|
| 494 |
Staking.Withdraw( user=[Sender] 0x4f76b969fd570c5a5196f5ed5bcebd36bb5163ce, tokenAddress=UniswapV2Pair, amount=38000000000000000000 )
|
Account State Difference:
| Address | Before | After | State Difference | ||
|---|---|---|---|---|---|
| 0x4F76B969...6bB5163cE |
0.084604350609752653 Eth
Nonce: 215
|
0.082752092494401853 Eth
Nonce: 216
| 0.0018522581153508 | ||
|
0x95222290...5CC4BAfe5
Miner
| (beaverbuild) | 17.73485280988833225 Eth | 17.73486255548361285 Eth | 0.0000097455952806 | |
| 0x9D2513F5...bD00105C2 | |||||
| 0xAf31Fd9C...4d8466205 |
Execution Trace
Staking.withdraw( tokenAddress=0xAf31Fd9C3B0350424BF96e551d2D1264d8466205, amount=38000000000000000000 )
-
UniswapV2Pair.transfer( to=0x4F76B969Fd570c5a5196f5eD5bcebD36bB5163cE, value=38000000000000000000 ) => ( True )
-
UniswapV2Pair.balanceOf( 0x9D2513F5b539DC774C66b28ACEc94e4bD00105C2 ) => ( 7691000000000000000000 )
withdraw[Staking (ln:116)]
sub[Staking (ln:118)]transfer[Staking (ln:120)]getCurrentEpoch[Staking (ln:122)]epochIsInitialized[Staking (ln:124)]manualEpochInit[Staking (ln:127)]getCurrentEpoch[Staking (ln:185)]epochIsInitialized[Staking (ln:192)]epochIsInitialized[Staking (ln:193)]ManualEpochInit[Staking (ln:198)]
balanceOf[Staking (ln:131)]push[Staking (ln:138)]Checkpoint[Staking (ln:138)]sub[Staking (ln:139)]sub[Staking (ln:146)]getCheckpointEffectiveBalance[Staking (ln:151)]div[Staking (ln:297)]mul[Staking (ln:297)]getCheckpointBalance[Staking (ln:297)]
div[Staking (ln:157)]mul[Staking (ln:157)]sub[Staking (ln:157)]sub[Staking (ln:159)]computeNewMultiplier[Staking (ln:160)]sub[Staking (ln:167)]sub[Staking (ln:168)]getCheckpointEffectiveBalance[Staking (ln:173)]div[Staking (ln:297)]mul[Staking (ln:297)]getCheckpointBalance[Staking (ln:297)]
sub[Staking (ln:174)]sub[Staking (ln:174)]Withdraw[Staking (ln:177)]
File 1 of 2: Staking
File 2 of 2: UniswapV2Pair
// SPDX-License-Identifier: Apache-2.0
pragma solidity ^0.6.11;
import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import "@openzeppelin/contracts/math/SafeMath.sol";
import "@openzeppelin/contracts/utils/ReentrancyGuard.sol";
contract Staking is ReentrancyGuard {
using SafeMath for uint256;
uint128 constant private BASE_MULTIPLIER = uint128(1 * 10 ** 18);
// timestamp for the epoch 1
// everything before that is considered epoch 0 which won't have a reward but allows for the initial stake
uint256 public immutable epoch1Start;
// duration of each epoch
uint256 public immutable epochDuration;
// holds the current balance of the user for each token
mapping(address => mapping(address => uint256)) private balances;
struct Pool {
uint256 size;
bool set;
}
// for each token, we store the total pool size
mapping(address => mapping(uint256 => Pool)) private poolSize;
// a checkpoint of the valid balance of a user for an epoch
struct Checkpoint {
uint128 epochId;
uint128 multiplier;
uint256 startBalance;
uint256 newDeposits;
}
// balanceCheckpoints[user][token][]
mapping(address => mapping(address => Checkpoint[])) private balanceCheckpoints;
mapping(address => uint128) private lastWithdrawEpochId;
event Deposit(address indexed user, address indexed tokenAddress, uint256 amount);
event Withdraw(address indexed user, address indexed tokenAddress, uint256 amount);
event ManualEpochInit(address indexed caller, uint128 indexed epochId, address[] tokens);
event EmergencyWithdraw(address indexed user, address indexed tokenAddress, uint256 amount);
constructor (uint256 _epoch1Start, uint256 _epochDuration) public {
epoch1Start = _epoch1Start;
epochDuration = _epochDuration;
}
/*
* Stores `amount` of `tokenAddress` tokens for the `user` into the vault
*/
function deposit(address tokenAddress, uint256 amount) public nonReentrant {
require(amount > 0, "Staking: Amount must be > 0");
IERC20 token = IERC20(tokenAddress);
balances[msg.sender][tokenAddress] = balances[msg.sender][tokenAddress].add(amount);
token.transferFrom(msg.sender, address(this), amount);
// epoch logic
uint128 currentEpoch = getCurrentEpoch();
uint128 currentMultiplier = currentEpochMultiplier();
uint256 balance = balances[msg.sender][tokenAddress];
if (!epochIsInitialized(tokenAddress, currentEpoch)) {
address[] memory tokens = new address[](1);
tokens[0] = tokenAddress;
manualEpochInit(tokens, currentEpoch);
}
// update the next epoch pool size
Pool storage pNextEpoch = poolSize[tokenAddress][currentEpoch + 1];
pNextEpoch.size = token.balanceOf(address(this));
pNextEpoch.set = true;
Checkpoint[] storage checkpoints = balanceCheckpoints[msg.sender][tokenAddress];
uint256 balanceBefore = getEpochUserBalance(msg.sender, tokenAddress, currentEpoch);
// if there's no checkpoint yet, it means the user didn't have any activity
// we want to store checkpoints both for the current epoch and next epoch because
// if a user does a withdraw, the current epoch can also be modified and
// we don't want to insert another checkpoint in the middle of the array as that could be expensive
if (checkpoints.length == 0) {
checkpoints.push(Checkpoint(currentEpoch, currentMultiplier, 0, amount));
// next epoch => multiplier is 1, epoch deposits is 0
checkpoints.push(Checkpoint(currentEpoch + 1, BASE_MULTIPLIER, amount, 0));
} else {
uint256 last = checkpoints.length - 1;
// the last action happened in an older epoch (e.g. a deposit in epoch 3, current epoch is >=5)
if (checkpoints[last].epochId < currentEpoch) {
uint128 multiplier = computeNewMultiplier(
getCheckpointBalance(checkpoints[last]),
BASE_MULTIPLIER,
amount,
currentMultiplier
);
checkpoints.push(Checkpoint(currentEpoch, multiplier, getCheckpointBalance(checkpoints[last]), amount));
checkpoints.push(Checkpoint(currentEpoch + 1, BASE_MULTIPLIER, balance, 0));
}
// the last action happened in the previous epoch
else if (checkpoints[last].epochId == currentEpoch) {
checkpoints[last].multiplier = computeNewMultiplier(
getCheckpointBalance(checkpoints[last]),
checkpoints[last].multiplier,
amount,
currentMultiplier
);
checkpoints[last].newDeposits = checkpoints[last].newDeposits.add(amount);
checkpoints.push(Checkpoint(currentEpoch + 1, BASE_MULTIPLIER, balance, 0));
}
// the last action happened in the current epoch
else {
if (last >= 1 && checkpoints[last - 1].epochId == currentEpoch) {
checkpoints[last - 1].multiplier = computeNewMultiplier(
getCheckpointBalance(checkpoints[last - 1]),
checkpoints[last - 1].multiplier,
amount,
currentMultiplier
);
checkpoints[last - 1].newDeposits = checkpoints[last - 1].newDeposits.add(amount);
}
checkpoints[last].startBalance = balance;
}
}
uint256 balanceAfter = getEpochUserBalance(msg.sender, tokenAddress, currentEpoch);
poolSize[tokenAddress][currentEpoch].size = poolSize[tokenAddress][currentEpoch].size.add(balanceAfter.sub(balanceBefore));
emit Deposit(msg.sender, tokenAddress, amount);
}
/*
* Removes the deposit of the user and sends the amount of `tokenAddress` back to the `user`
*/
function withdraw(address tokenAddress, uint256 amount) public nonReentrant {
require(balances[msg.sender][tokenAddress] >= amount, "Staking: balance too small");
balances[msg.sender][tokenAddress] = balances[msg.sender][tokenAddress].sub(amount);
IERC20 token = IERC20(tokenAddress);
token.transfer(msg.sender, amount);
// epoch logic
uint128 currentEpoch = getCurrentEpoch();
lastWithdrawEpochId[tokenAddress] = currentEpoch;
if (!epochIsInitialized(tokenAddress, currentEpoch)) {
address[] memory tokens = new address[](1);
tokens[0] = tokenAddress;
manualEpochInit(tokens, currentEpoch);
}
// update the pool size of the next epoch to its current balance
Pool storage pNextEpoch = poolSize[tokenAddress][currentEpoch + 1];
pNextEpoch.size = token.balanceOf(address(this));
pNextEpoch.set = true;
Checkpoint[] storage checkpoints = balanceCheckpoints[msg.sender][tokenAddress];
uint256 last = checkpoints.length - 1;
// note: it's impossible to have a withdraw and no checkpoints because the checkpoints[last] will be out of bound and revert
// there was a deposit in an older epoch (more than 1 behind [eg: previous 0, now 5]) but no other action since then
if (checkpoints[last].epochId < currentEpoch) {
checkpoints.push(Checkpoint(currentEpoch, BASE_MULTIPLIER, balances[msg.sender][tokenAddress], 0));
poolSize[tokenAddress][currentEpoch].size = poolSize[tokenAddress][currentEpoch].size.sub(amount);
}
// there was a deposit in the `epochId - 1` epoch => we have a checkpoint for the current epoch
else if (checkpoints[last].epochId == currentEpoch) {
checkpoints[last].startBalance = balances[msg.sender][tokenAddress];
checkpoints[last].newDeposits = 0;
checkpoints[last].multiplier = BASE_MULTIPLIER;
poolSize[tokenAddress][currentEpoch].size = poolSize[tokenAddress][currentEpoch].size.sub(amount);
}
// there was a deposit in the current epoch
else {
Checkpoint storage currentEpochCheckpoint = checkpoints[last - 1];
uint256 balanceBefore = getCheckpointEffectiveBalance(currentEpochCheckpoint);
// in case of withdraw, we have 2 branches:
// 1. the user withdraws less than he added in the current epoch
// 2. the user withdraws more than he added in the current epoch (including 0)
if (amount < currentEpochCheckpoint.newDeposits) {
uint128 avgDepositMultiplier = uint128(
balanceBefore.sub(currentEpochCheckpoint.startBalance).mul(BASE_MULTIPLIER).div(currentEpochCheckpoint.newDeposits)
);
currentEpochCheckpoint.newDeposits = currentEpochCheckpoint.newDeposits.sub(amount);
currentEpochCheckpoint.multiplier = computeNewMultiplier(
currentEpochCheckpoint.startBalance,
BASE_MULTIPLIER,
currentEpochCheckpoint.newDeposits,
avgDepositMultiplier
);
} else {
currentEpochCheckpoint.startBalance = currentEpochCheckpoint.startBalance.sub(
amount.sub(currentEpochCheckpoint.newDeposits)
);
currentEpochCheckpoint.newDeposits = 0;
currentEpochCheckpoint.multiplier = BASE_MULTIPLIER;
}
uint256 balanceAfter = getCheckpointEffectiveBalance(currentEpochCheckpoint);
poolSize[tokenAddress][currentEpoch].size = poolSize[tokenAddress][currentEpoch].size.sub(balanceBefore.sub(balanceAfter));
checkpoints[last].startBalance = balances[msg.sender][tokenAddress];
}
emit Withdraw(msg.sender, tokenAddress, amount);
}
/*
* manualEpochInit can be used by anyone to initialize an epoch based on the previous one
* This is only applicable if there was no action (deposit/withdraw) in the current epoch.
* Any deposit and withdraw will automatically initialize the current and next epoch.
*/
function manualEpochInit(address[] memory tokens, uint128 epochId) public {
require(epochId <= getCurrentEpoch(), "can't init a future epoch");
for (uint i = 0; i < tokens.length; i++) {
Pool storage p = poolSize[tokens[i]][epochId];
if (epochId == 0) {
p.size = uint256(0);
p.set = true;
} else {
require(!epochIsInitialized(tokens[i], epochId), "Staking: epoch already initialized");
require(epochIsInitialized(tokens[i], epochId - 1), "Staking: previous epoch not initialized");
p.size = poolSize[tokens[i]][epochId - 1].size;
p.set = true;
}
}
emit ManualEpochInit(msg.sender, epochId, tokens);
}
function emergencyWithdraw(address tokenAddress) public {
require((getCurrentEpoch() - lastWithdrawEpochId[tokenAddress]) >= 10, "At least 10 epochs must pass without success");
uint256 totalUserBalance = balances[msg.sender][tokenAddress];
require(totalUserBalance > 0, "Amount must be > 0");
balances[msg.sender][tokenAddress] = 0;
IERC20 token = IERC20(tokenAddress);
token.transfer(msg.sender, totalUserBalance);
emit EmergencyWithdraw(msg.sender, tokenAddress, totalUserBalance);
}
/*
* Returns the valid balance of a user that was taken into consideration in the total pool size for the epoch
* A deposit will only change the next epoch balance.
* A withdraw will decrease the current epoch (and subsequent) balance.
*/
function getEpochUserBalance(address user, address token, uint128 epochId) public view returns (uint256) {
Checkpoint[] storage checkpoints = balanceCheckpoints[user][token];
// if there are no checkpoints, it means the user never deposited any tokens, so the balance is 0
if (checkpoints.length == 0 || epochId < checkpoints[0].epochId) {
return 0;
}
uint min = 0;
uint max = checkpoints.length - 1;
// shortcut for blocks newer than the latest checkpoint == current balance
if (epochId >= checkpoints[max].epochId) {
return getCheckpointEffectiveBalance(checkpoints[max]);
}
// binary search of the value in the array
while (max > min) {
uint mid = (max + min + 1) / 2;
if (checkpoints[mid].epochId <= epochId) {
min = mid;
} else {
max = mid - 1;
}
}
return getCheckpointEffectiveBalance(checkpoints[min]);
}
/*
* Returns the amount of `token` that the `user` has currently staked
*/
function balanceOf(address user, address token) public view returns (uint256) {
return balances[user][token];
}
/*
* Returns the id of the current epoch derived from block.timestamp
*/
function getCurrentEpoch() public view returns (uint128) {
if (block.timestamp < epoch1Start) {
return 0;
}
return uint128((block.timestamp - epoch1Start) / epochDuration + 1);
}
/*
* Returns the total amount of `tokenAddress` that was locked from beginning to end of epoch identified by `epochId`
*/
function getEpochPoolSize(address tokenAddress, uint128 epochId) public view returns (uint256) {
// Premises:
// 1. it's impossible to have gaps of uninitialized epochs
// - any deposit or withdraw initialize the current epoch which requires the previous one to be initialized
if (epochIsInitialized(tokenAddress, epochId)) {
return poolSize[tokenAddress][epochId].size;
}
// epochId not initialized and epoch 0 not initialized => there was never any action on this pool
if (!epochIsInitialized(tokenAddress, 0)) {
return 0;
}
// epoch 0 is initialized => there was an action at some point but none that initialized the epochId
// which means the current pool size is equal to the current balance of token held by the staking contract
IERC20 token = IERC20(tokenAddress);
return token.balanceOf(address(this));
}
/*
* Returns the percentage of time left in the current epoch
*/
function currentEpochMultiplier() public view returns (uint128) {
uint128 currentEpoch = getCurrentEpoch();
uint256 currentEpochEnd = epoch1Start + currentEpoch * epochDuration;
uint256 timeLeft = currentEpochEnd - block.timestamp;
uint128 multiplier = uint128(timeLeft * BASE_MULTIPLIER / epochDuration);
return multiplier;
}
function computeNewMultiplier(uint256 prevBalance, uint128 prevMultiplier, uint256 amount, uint128 currentMultiplier) public pure returns (uint128) {
uint256 prevAmount = prevBalance.mul(prevMultiplier).div(BASE_MULTIPLIER);
uint256 addAmount = amount.mul(currentMultiplier).div(BASE_MULTIPLIER);
uint128 newMultiplier = uint128(prevAmount.add(addAmount).mul(BASE_MULTIPLIER).div(prevBalance.add(amount)));
return newMultiplier;
}
/*
* Checks if an epoch is initialized, meaning we have a pool size set for it
*/
function epochIsInitialized(address token, uint128 epochId) public view returns (bool) {
return poolSize[token][epochId].set;
}
function getCheckpointBalance(Checkpoint memory c) internal pure returns (uint256) {
return c.startBalance.add(c.newDeposits);
}
function getCheckpointEffectiveBalance(Checkpoint memory c) internal pure returns (uint256) {
return getCheckpointBalance(c).mul(c.multiplier).div(BASE_MULTIPLIER);
}
}
// SPDX-License-Identifier: MIT
pragma solidity >=0.6.0 <0.8.0;
/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/
interface IERC20 {
/**
* @dev Returns the amount of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the amount of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves `amount` tokens from the caller's account to `recipient`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address recipient, uint256 amount) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 amount) external returns (bool);
/**
* @dev Moves `amount` tokens from `sender` to `recipient` using the
* allowance mechanism. `amount` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
}
// SPDX-License-Identifier: MIT
pragma solidity >=0.6.0 <0.8.0;
/**
* @dev Wrappers over Solidity's arithmetic operations with added overflow
* checks.
*
* Arithmetic operations in Solidity wrap on overflow. This can easily result
* in bugs, because programmers usually assume that an overflow raises an
* error, which is the standard behavior in high level programming languages.
* `SafeMath` restores this intuition by reverting the transaction when an
* operation overflows.
*
* Using this library instead of the unchecked operations eliminates an entire
* class of bugs, so it's recommended to use it always.
*/
library SafeMath {
/**
* @dev Returns the addition of two unsigned integers, with an overflow flag.
*
* _Available since v3.4._
*/
function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) {
uint256 c = a + b;
if (c < a) return (false, 0);
return (true, c);
}
/**
* @dev Returns the substraction of two unsigned integers, with an overflow flag.
*
* _Available since v3.4._
*/
function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) {
if (b > a) return (false, 0);
return (true, a - b);
}
/**
* @dev Returns the multiplication of two unsigned integers, with an overflow flag.
*
* _Available since v3.4._
*/
function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) {
// Gas optimization: this is cheaper than requiring 'a' not being zero, but the
// benefit is lost if 'b' is also tested.
// See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522
if (a == 0) return (true, 0);
uint256 c = a * b;
if (c / a != b) return (false, 0);
return (true, c);
}
/**
* @dev Returns the division of two unsigned integers, with a division by zero flag.
*
* _Available since v3.4._
*/
function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) {
if (b == 0) return (false, 0);
return (true, a / b);
}
/**
* @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag.
*
* _Available since v3.4._
*/
function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) {
if (b == 0) return (false, 0);
return (true, a % b);
}
/**
* @dev Returns the addition of two unsigned integers, reverting on
* overflow.
*
* Counterpart to Solidity's `+` operator.
*
* Requirements:
*
* - Addition cannot overflow.
*/
function add(uint256 a, uint256 b) internal pure returns (uint256) {
uint256 c = a + b;
require(c >= a, "SafeMath: addition overflow");
return c;
}
/**
* @dev Returns the subtraction of two unsigned integers, reverting on
* overflow (when the result is negative).
*
* Counterpart to Solidity's `-` operator.
*
* Requirements:
*
* - Subtraction cannot overflow.
*/
function sub(uint256 a, uint256 b) internal pure returns (uint256) {
require(b <= a, "SafeMath: subtraction overflow");
return a - b;
}
/**
* @dev Returns the multiplication of two unsigned integers, reverting on
* overflow.
*
* Counterpart to Solidity's `*` operator.
*
* Requirements:
*
* - Multiplication cannot overflow.
*/
function mul(uint256 a, uint256 b) internal pure returns (uint256) {
if (a == 0) return 0;
uint256 c = a * b;
require(c / a == b, "SafeMath: multiplication overflow");
return c;
}
/**
* @dev Returns the integer division of two unsigned integers, reverting on
* division by zero. The result is rounded towards zero.
*
* Counterpart to Solidity's `/` operator. Note: this function uses a
* `revert` opcode (which leaves remaining gas untouched) while Solidity
* uses an invalid opcode to revert (consuming all remaining gas).
*
* Requirements:
*
* - The divisor cannot be zero.
*/
function div(uint256 a, uint256 b) internal pure returns (uint256) {
require(b > 0, "SafeMath: division by zero");
return a / b;
}
/**
* @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),
* reverting when dividing by zero.
*
* Counterpart to Solidity's `%` operator. This function uses a `revert`
* opcode (which leaves remaining gas untouched) while Solidity uses an
* invalid opcode to revert (consuming all remaining gas).
*
* Requirements:
*
* - The divisor cannot be zero.
*/
function mod(uint256 a, uint256 b) internal pure returns (uint256) {
require(b > 0, "SafeMath: modulo by zero");
return a % b;
}
/**
* @dev Returns the subtraction of two unsigned integers, reverting with custom message on
* overflow (when the result is negative).
*
* CAUTION: This function is deprecated because it requires allocating memory for the error
* message unnecessarily. For custom revert reasons use {trySub}.
*
* Counterpart to Solidity's `-` operator.
*
* Requirements:
*
* - Subtraction cannot overflow.
*/
function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {
require(b <= a, errorMessage);
return a - b;
}
/**
* @dev Returns the integer division of two unsigned integers, reverting with custom message on
* division by zero. The result is rounded towards zero.
*
* CAUTION: This function is deprecated because it requires allocating memory for the error
* message unnecessarily. For custom revert reasons use {tryDiv}.
*
* Counterpart to Solidity's `/` operator. Note: this function uses a
* `revert` opcode (which leaves remaining gas untouched) while Solidity
* uses an invalid opcode to revert (consuming all remaining gas).
*
* Requirements:
*
* - The divisor cannot be zero.
*/
function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {
require(b > 0, errorMessage);
return a / b;
}
/**
* @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),
* reverting with custom message when dividing by zero.
*
* CAUTION: This function is deprecated because it requires allocating memory for the error
* message unnecessarily. For custom revert reasons use {tryMod}.
*
* Counterpart to Solidity's `%` operator. This function uses a `revert`
* opcode (which leaves remaining gas untouched) while Solidity uses an
* invalid opcode to revert (consuming all remaining gas).
*
* Requirements:
*
* - The divisor cannot be zero.
*/
function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {
require(b > 0, errorMessage);
return a % b;
}
}
// SPDX-License-Identifier: MIT
pragma solidity >=0.6.0 <0.8.0;
/**
* @dev Contract module that helps prevent reentrant calls to a function.
*
* Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier
* available, which can be applied to functions to make sure there are no nested
* (reentrant) calls to them.
*
* Note that because there is a single `nonReentrant` guard, functions marked as
* `nonReentrant` may not call one another. This can be worked around by making
* those functions `private`, and then adding `external` `nonReentrant` entry
* points to them.
*
* TIP: If you would like to learn more about reentrancy and alternative ways
* to protect against it, check out our blog post
* https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul].
*/
abstract contract ReentrancyGuard {
// Booleans are more expensive than uint256 or any type that takes up a full
// word because each write operation emits an extra SLOAD to first read the
// slot's contents, replace the bits taken up by the boolean, and then write
// back. This is the compiler's defense against contract upgrades and
// pointer aliasing, and it cannot be disabled.
// The values being non-zero value makes deployment a bit more expensive,
// but in exchange the refund on every call to nonReentrant will be lower in
// amount. Since refunds are capped to a percentage of the total
// transaction's gas, it is best to keep them low in cases like this one, to
// increase the likelihood of the full refund coming into effect.
uint256 private constant _NOT_ENTERED = 1;
uint256 private constant _ENTERED = 2;
uint256 private _status;
constructor () internal {
_status = _NOT_ENTERED;
}
/**
* @dev Prevents a contract from calling itself, directly or indirectly.
* Calling a `nonReentrant` function from another `nonReentrant`
* function is not supported. It is possible to prevent this from happening
* by making the `nonReentrant` function external, and make it call a
* `private` function that does the actual work.
*/
modifier nonReentrant() {
// On the first call to nonReentrant, _notEntered will be true
require(_status != _ENTERED, "ReentrancyGuard: reentrant call");
// Any calls to nonReentrant after this point will fail
_status = _ENTERED;
_;
// By storing the original value once again, a refund is triggered (see
// https://eips.ethereum.org/EIPS/eip-2200)
_status = _NOT_ENTERED;
}
}
File 2 of 2: UniswapV2Pair
// File: contracts/interfaces/IUniswapV2Pair.sol
pragma solidity >=0.5.0;
interface IUniswapV2Pair {
event Approval(address indexed owner, address indexed spender, uint value);
event Transfer(address indexed from, address indexed to, uint value);
function name() external pure returns (string memory);
function symbol() external pure returns (string memory);
function decimals() external pure returns (uint8);
function totalSupply() external view returns (uint);
function balanceOf(address owner) external view returns (uint);
function allowance(address owner, address spender) external view returns (uint);
function approve(address spender, uint value) external returns (bool);
function transfer(address to, uint value) external returns (bool);
function transferFrom(address from, address to, uint value) external returns (bool);
function DOMAIN_SEPARATOR() external view returns (bytes32);
function PERMIT_TYPEHASH() external pure returns (bytes32);
function nonces(address owner) external view returns (uint);
function permit(address owner, address spender, uint value, uint deadline, uint8 v, bytes32 r, bytes32 s) external;
event Mint(address indexed sender, uint amount0, uint amount1);
event Burn(address indexed sender, uint amount0, uint amount1, address indexed to);
event Swap(
address indexed sender,
uint amount0In,
uint amount1In,
uint amount0Out,
uint amount1Out,
address indexed to
);
event Sync(uint112 reserve0, uint112 reserve1);
function MINIMUM_LIQUIDITY() external pure returns (uint);
function factory() external view returns (address);
function token0() external view returns (address);
function token1() external view returns (address);
function getReserves() external view returns (uint112 reserve0, uint112 reserve1, uint32 blockTimestampLast);
function price0CumulativeLast() external view returns (uint);
function price1CumulativeLast() external view returns (uint);
function kLast() external view returns (uint);
function mint(address to) external returns (uint liquidity);
function burn(address to) external returns (uint amount0, uint amount1);
function swap(uint amount0Out, uint amount1Out, address to, bytes calldata data) external;
function skim(address to) external;
function sync() external;
function initialize(address, address) external;
}
// File: contracts/interfaces/IUniswapV2ERC20.sol
pragma solidity >=0.5.0;
interface IUniswapV2ERC20 {
event Approval(address indexed owner, address indexed spender, uint value);
event Transfer(address indexed from, address indexed to, uint value);
function name() external pure returns (string memory);
function symbol() external pure returns (string memory);
function decimals() external pure returns (uint8);
function totalSupply() external view returns (uint);
function balanceOf(address owner) external view returns (uint);
function allowance(address owner, address spender) external view returns (uint);
function approve(address spender, uint value) external returns (bool);
function transfer(address to, uint value) external returns (bool);
function transferFrom(address from, address to, uint value) external returns (bool);
function DOMAIN_SEPARATOR() external view returns (bytes32);
function PERMIT_TYPEHASH() external pure returns (bytes32);
function nonces(address owner) external view returns (uint);
function permit(address owner, address spender, uint value, uint deadline, uint8 v, bytes32 r, bytes32 s) external;
}
// File: contracts/libraries/SafeMath.sol
pragma solidity =0.5.16;
// a library for performing overflow-safe math, courtesy of DappHub (https://github.com/dapphub/ds-math)
library SafeMath {
function add(uint x, uint y) internal pure returns (uint z) {
require((z = x + y) >= x, 'ds-math-add-overflow');
}
function sub(uint x, uint y) internal pure returns (uint z) {
require((z = x - y) <= x, 'ds-math-sub-underflow');
}
function mul(uint x, uint y) internal pure returns (uint z) {
require(y == 0 || (z = x * y) / y == x, 'ds-math-mul-overflow');
}
}
// File: contracts/UniswapV2ERC20.sol
pragma solidity =0.5.16;
contract UniswapV2ERC20 is IUniswapV2ERC20 {
using SafeMath for uint;
string public constant name = 'Uniswap V2';
string public constant symbol = 'UNI-V2';
uint8 public constant decimals = 18;
uint public totalSupply;
mapping(address => uint) public balanceOf;
mapping(address => mapping(address => uint)) public allowance;
bytes32 public DOMAIN_SEPARATOR;
// keccak256("Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)");
bytes32 public constant PERMIT_TYPEHASH = 0x6e71edae12b1b97f4d1f60370fef10105fa2faae0126114a169c64845d6126c9;
mapping(address => uint) public nonces;
event Approval(address indexed owner, address indexed spender, uint value);
event Transfer(address indexed from, address indexed to, uint value);
constructor() public {
uint chainId;
assembly {
chainId := chainid
}
DOMAIN_SEPARATOR = keccak256(
abi.encode(
keccak256('EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)'),
keccak256(bytes(name)),
keccak256(bytes('1')),
chainId,
address(this)
)
);
}
function _mint(address to, uint value) internal {
totalSupply = totalSupply.add(value);
balanceOf[to] = balanceOf[to].add(value);
emit Transfer(address(0), to, value);
}
function _burn(address from, uint value) internal {
balanceOf[from] = balanceOf[from].sub(value);
totalSupply = totalSupply.sub(value);
emit Transfer(from, address(0), value);
}
function _approve(address owner, address spender, uint value) private {
allowance[owner][spender] = value;
emit Approval(owner, spender, value);
}
function _transfer(address from, address to, uint value) private {
balanceOf[from] = balanceOf[from].sub(value);
balanceOf[to] = balanceOf[to].add(value);
emit Transfer(from, to, value);
}
function approve(address spender, uint value) external returns (bool) {
_approve(msg.sender, spender, value);
return true;
}
function transfer(address to, uint value) external returns (bool) {
_transfer(msg.sender, to, value);
return true;
}
function transferFrom(address from, address to, uint value) external returns (bool) {
if (allowance[from][msg.sender] != uint(-1)) {
allowance[from][msg.sender] = allowance[from][msg.sender].sub(value);
}
_transfer(from, to, value);
return true;
}
function permit(address owner, address spender, uint value, uint deadline, uint8 v, bytes32 r, bytes32 s) external {
require(deadline >= block.timestamp, 'UniswapV2: EXPIRED');
bytes32 digest = keccak256(
abi.encodePacked(
'\x19\x01',
DOMAIN_SEPARATOR,
keccak256(abi.encode(PERMIT_TYPEHASH, owner, spender, value, nonces[owner]++, deadline))
)
);
address recoveredAddress = ecrecover(digest, v, r, s);
require(recoveredAddress != address(0) && recoveredAddress == owner, 'UniswapV2: INVALID_SIGNATURE');
_approve(owner, spender, value);
}
}
// File: contracts/libraries/Math.sol
pragma solidity =0.5.16;
// a library for performing various math operations
library Math {
function min(uint x, uint y) internal pure returns (uint z) {
z = x < y ? x : y;
}
// babylonian method (https://en.wikipedia.org/wiki/Methods_of_computing_square_roots#Babylonian_method)
function sqrt(uint y) internal pure returns (uint z) {
if (y > 3) {
z = y;
uint x = y / 2 + 1;
while (x < z) {
z = x;
x = (y / x + x) / 2;
}
} else if (y != 0) {
z = 1;
}
}
}
// File: contracts/libraries/UQ112x112.sol
pragma solidity =0.5.16;
// a library for handling binary fixed point numbers (https://en.wikipedia.org/wiki/Q_(number_format))
// range: [0, 2**112 - 1]
// resolution: 1 / 2**112
library UQ112x112 {
uint224 constant Q112 = 2**112;
// encode a uint112 as a UQ112x112
function encode(uint112 y) internal pure returns (uint224 z) {
z = uint224(y) * Q112; // never overflows
}
// divide a UQ112x112 by a uint112, returning a UQ112x112
function uqdiv(uint224 x, uint112 y) internal pure returns (uint224 z) {
z = x / uint224(y);
}
}
// File: contracts/interfaces/IERC20.sol
pragma solidity >=0.5.0;
interface IERC20 {
event Approval(address indexed owner, address indexed spender, uint value);
event Transfer(address indexed from, address indexed to, uint value);
function name() external view returns (string memory);
function symbol() external view returns (string memory);
function decimals() external view returns (uint8);
function totalSupply() external view returns (uint);
function balanceOf(address owner) external view returns (uint);
function allowance(address owner, address spender) external view returns (uint);
function approve(address spender, uint value) external returns (bool);
function transfer(address to, uint value) external returns (bool);
function transferFrom(address from, address to, uint value) external returns (bool);
}
// File: contracts/interfaces/IUniswapV2Factory.sol
pragma solidity >=0.5.0;
interface IUniswapV2Factory {
event PairCreated(address indexed token0, address indexed token1, address pair, uint);
function feeTo() external view returns (address);
function feeToSetter() external view returns (address);
function getPair(address tokenA, address tokenB) external view returns (address pair);
function allPairs(uint) external view returns (address pair);
function allPairsLength() external view returns (uint);
function createPair(address tokenA, address tokenB) external returns (address pair);
function setFeeTo(address) external;
function setFeeToSetter(address) external;
}
// File: contracts/interfaces/IUniswapV2Callee.sol
pragma solidity >=0.5.0;
interface IUniswapV2Callee {
function uniswapV2Call(address sender, uint amount0, uint amount1, bytes calldata data) external;
}
// File: contracts/UniswapV2Pair.sol
pragma solidity =0.5.16;
contract UniswapV2Pair is IUniswapV2Pair, UniswapV2ERC20 {
using SafeMath for uint;
using UQ112x112 for uint224;
uint public constant MINIMUM_LIQUIDITY = 10**3;
bytes4 private constant SELECTOR = bytes4(keccak256(bytes('transfer(address,uint256)')));
address public factory;
address public token0;
address public token1;
uint112 private reserve0; // uses single storage slot, accessible via getReserves
uint112 private reserve1; // uses single storage slot, accessible via getReserves
uint32 private blockTimestampLast; // uses single storage slot, accessible via getReserves
uint public price0CumulativeLast;
uint public price1CumulativeLast;
uint public kLast; // reserve0 * reserve1, as of immediately after the most recent liquidity event
uint private unlocked = 1;
modifier lock() {
require(unlocked == 1, 'UniswapV2: LOCKED');
unlocked = 0;
_;
unlocked = 1;
}
function getReserves() public view returns (uint112 _reserve0, uint112 _reserve1, uint32 _blockTimestampLast) {
_reserve0 = reserve0;
_reserve1 = reserve1;
_blockTimestampLast = blockTimestampLast;
}
function _safeTransfer(address token, address to, uint value) private {
(bool success, bytes memory data) = token.call(abi.encodeWithSelector(SELECTOR, to, value));
require(success && (data.length == 0 || abi.decode(data, (bool))), 'UniswapV2: TRANSFER_FAILED');
}
event Mint(address indexed sender, uint amount0, uint amount1);
event Burn(address indexed sender, uint amount0, uint amount1, address indexed to);
event Swap(
address indexed sender,
uint amount0In,
uint amount1In,
uint amount0Out,
uint amount1Out,
address indexed to
);
event Sync(uint112 reserve0, uint112 reserve1);
constructor() public {
factory = msg.sender;
}
// called once by the factory at time of deployment
function initialize(address _token0, address _token1) external {
require(msg.sender == factory, 'UniswapV2: FORBIDDEN'); // sufficient check
token0 = _token0;
token1 = _token1;
}
// update reserves and, on the first call per block, price accumulators
function _update(uint balance0, uint balance1, uint112 _reserve0, uint112 _reserve1) private {
require(balance0 <= uint112(-1) && balance1 <= uint112(-1), 'UniswapV2: OVERFLOW');
uint32 blockTimestamp = uint32(block.timestamp % 2**32);
uint32 timeElapsed = blockTimestamp - blockTimestampLast; // overflow is desired
if (timeElapsed > 0 && _reserve0 != 0 && _reserve1 != 0) {
// * never overflows, and + overflow is desired
price0CumulativeLast += uint(UQ112x112.encode(_reserve1).uqdiv(_reserve0)) * timeElapsed;
price1CumulativeLast += uint(UQ112x112.encode(_reserve0).uqdiv(_reserve1)) * timeElapsed;
}
reserve0 = uint112(balance0);
reserve1 = uint112(balance1);
blockTimestampLast = blockTimestamp;
emit Sync(reserve0, reserve1);
}
// if fee is on, mint liquidity equivalent to 1/6th of the growth in sqrt(k)
function _mintFee(uint112 _reserve0, uint112 _reserve1) private returns (bool feeOn) {
address feeTo = IUniswapV2Factory(factory).feeTo();
feeOn = feeTo != address(0);
uint _kLast = kLast; // gas savings
if (feeOn) {
if (_kLast != 0) {
uint rootK = Math.sqrt(uint(_reserve0).mul(_reserve1));
uint rootKLast = Math.sqrt(_kLast);
if (rootK > rootKLast) {
uint numerator = totalSupply.mul(rootK.sub(rootKLast));
uint denominator = rootK.mul(5).add(rootKLast);
uint liquidity = numerator / denominator;
if (liquidity > 0) _mint(feeTo, liquidity);
}
}
} else if (_kLast != 0) {
kLast = 0;
}
}
// this low-level function should be called from a contract which performs important safety checks
function mint(address to) external lock returns (uint liquidity) {
(uint112 _reserve0, uint112 _reserve1,) = getReserves(); // gas savings
uint balance0 = IERC20(token0).balanceOf(address(this));
uint balance1 = IERC20(token1).balanceOf(address(this));
uint amount0 = balance0.sub(_reserve0);
uint amount1 = balance1.sub(_reserve1);
bool feeOn = _mintFee(_reserve0, _reserve1);
uint _totalSupply = totalSupply; // gas savings, must be defined here since totalSupply can update in _mintFee
if (_totalSupply == 0) {
liquidity = Math.sqrt(amount0.mul(amount1)).sub(MINIMUM_LIQUIDITY);
_mint(address(0), MINIMUM_LIQUIDITY); // permanently lock the first MINIMUM_LIQUIDITY tokens
} else {
liquidity = Math.min(amount0.mul(_totalSupply) / _reserve0, amount1.mul(_totalSupply) / _reserve1);
}
require(liquidity > 0, 'UniswapV2: INSUFFICIENT_LIQUIDITY_MINTED');
_mint(to, liquidity);
_update(balance0, balance1, _reserve0, _reserve1);
if (feeOn) kLast = uint(reserve0).mul(reserve1); // reserve0 and reserve1 are up-to-date
emit Mint(msg.sender, amount0, amount1);
}
// this low-level function should be called from a contract which performs important safety checks
function burn(address to) external lock returns (uint amount0, uint amount1) {
(uint112 _reserve0, uint112 _reserve1,) = getReserves(); // gas savings
address _token0 = token0; // gas savings
address _token1 = token1; // gas savings
uint balance0 = IERC20(_token0).balanceOf(address(this));
uint balance1 = IERC20(_token1).balanceOf(address(this));
uint liquidity = balanceOf[address(this)];
bool feeOn = _mintFee(_reserve0, _reserve1);
uint _totalSupply = totalSupply; // gas savings, must be defined here since totalSupply can update in _mintFee
amount0 = liquidity.mul(balance0) / _totalSupply; // using balances ensures pro-rata distribution
amount1 = liquidity.mul(balance1) / _totalSupply; // using balances ensures pro-rata distribution
require(amount0 > 0 && amount1 > 0, 'UniswapV2: INSUFFICIENT_LIQUIDITY_BURNED');
_burn(address(this), liquidity);
_safeTransfer(_token0, to, amount0);
_safeTransfer(_token1, to, amount1);
balance0 = IERC20(_token0).balanceOf(address(this));
balance1 = IERC20(_token1).balanceOf(address(this));
_update(balance0, balance1, _reserve0, _reserve1);
if (feeOn) kLast = uint(reserve0).mul(reserve1); // reserve0 and reserve1 are up-to-date
emit Burn(msg.sender, amount0, amount1, to);
}
// this low-level function should be called from a contract which performs important safety checks
function swap(uint amount0Out, uint amount1Out, address to, bytes calldata data) external lock {
require(amount0Out > 0 || amount1Out > 0, 'UniswapV2: INSUFFICIENT_OUTPUT_AMOUNT');
(uint112 _reserve0, uint112 _reserve1,) = getReserves(); // gas savings
require(amount0Out < _reserve0 && amount1Out < _reserve1, 'UniswapV2: INSUFFICIENT_LIQUIDITY');
uint balance0;
uint balance1;
{ // scope for _token{0,1}, avoids stack too deep errors
address _token0 = token0;
address _token1 = token1;
require(to != _token0 && to != _token1, 'UniswapV2: INVALID_TO');
if (amount0Out > 0) _safeTransfer(_token0, to, amount0Out); // optimistically transfer tokens
if (amount1Out > 0) _safeTransfer(_token1, to, amount1Out); // optimistically transfer tokens
if (data.length > 0) IUniswapV2Callee(to).uniswapV2Call(msg.sender, amount0Out, amount1Out, data);
balance0 = IERC20(_token0).balanceOf(address(this));
balance1 = IERC20(_token1).balanceOf(address(this));
}
uint amount0In = balance0 > _reserve0 - amount0Out ? balance0 - (_reserve0 - amount0Out) : 0;
uint amount1In = balance1 > _reserve1 - amount1Out ? balance1 - (_reserve1 - amount1Out) : 0;
require(amount0In > 0 || amount1In > 0, 'UniswapV2: INSUFFICIENT_INPUT_AMOUNT');
{ // scope for reserve{0,1}Adjusted, avoids stack too deep errors
uint balance0Adjusted = balance0.mul(1000).sub(amount0In.mul(3));
uint balance1Adjusted = balance1.mul(1000).sub(amount1In.mul(3));
require(balance0Adjusted.mul(balance1Adjusted) >= uint(_reserve0).mul(_reserve1).mul(1000**2), 'UniswapV2: K');
}
_update(balance0, balance1, _reserve0, _reserve1);
emit Swap(msg.sender, amount0In, amount1In, amount0Out, amount1Out, to);
}
// force balances to match reserves
function skim(address to) external lock {
address _token0 = token0; // gas savings
address _token1 = token1; // gas savings
_safeTransfer(_token0, to, IERC20(_token0).balanceOf(address(this)).sub(reserve0));
_safeTransfer(_token1, to, IERC20(_token1).balanceOf(address(this)).sub(reserve1));
}
// force reserves to match balances
function sync() external lock {
_update(IERC20(token0).balanceOf(address(this)), IERC20(token1).balanceOf(address(this)), reserve0, reserve1);
}
}