pragma solidity ^0.4.18;

// File: contracts/zeppelin-solidity/contracts/ownership/Ownable.sol

/**
 * @title Ownable
 * @dev The Ownable contract has an owner address, and provides basic authorization control
 * functions, this simplifies the implementation of "user permissions".
 */
contract Ownable {
  address public owner;


  event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);


  /**
   * @dev The Ownable constructor sets the original `owner` of the contract to the sender
   * account.
   */
  function Ownable() public {
    owner = msg.sender;
  }

  /**
   * @dev Throws if called by any account other than the owner.
   */
  modifier onlyOwner() {
    require(msg.sender == owner);
    _;
  }

  /**
   * @dev Allows the current owner to transfer control of the contract to a newOwner.
   * @param newOwner The address to transfer ownership to.
   */
  function transferOwnership(address newOwner) public onlyOwner {
    require(newOwner != address(0));
    OwnershipTransferred(owner, newOwner);
    owner = newOwner;
  }

}

// File: contracts/zeppelin-solidity/contracts/ownership/Claimable.sol

/**
 * @title Claimable
 * @dev Extension for the Ownable contract, where the ownership needs to be claimed.
 * This allows the new owner to accept the transfer.
 */
contract Claimable is Ownable {
  address public pendingOwner;

  /**
   * @dev Modifier throws if called by any account other than the pendingOwner.
   */
  modifier onlyPendingOwner() {
    require(msg.sender == pendingOwner);
    _;
  }

  /**
   * @dev Allows the current owner to set the pendingOwner address.
   * @param newOwner The address to transfer ownership to.
   */
  function transferOwnership(address newOwner) onlyOwner public {
    pendingOwner = newOwner;
  }

  /**
   * @dev Allows the pendingOwner address to finalize the transfer.
   */
  function claimOwnership() onlyPendingOwner public {
    OwnershipTransferred(owner, pendingOwner);
    owner = pendingOwner;
    pendingOwner = address(0);
  }
}

// File: contracts/OwnClaimRenounceable.sol

/**
 * @title `owner` can renounce its role and leave the contract unowned.
 * @dev There can not be a new `owner`.
 * @dev No `onlyOwner` functions can ever be called again.
 */
contract OwnClaimRenounceable is Claimable {

    function renounceOwnershipForever(uint8 _confirm)
        public
        onlyOwner
    {
        require(_confirm == 73); // Owner knows what he's doing
        owner = address(0);
        pendingOwner = address(0);
    }

}

// File: contracts/TokenController.sol

/** The interface for a token contract to notify a controller of every transfers. */
contract TokenController {
    bytes4 public constant INTERFACE = bytes4(keccak256("TokenController"));

    function allowTransfer(address _sender, address _from, address _to, uint256 _value, bytes _purpose) public returns (bool);
}


// Basic examples

contract YesController is TokenController {
    function allowTransfer(address /* _sender */, address /* _from */, address /* _to */, uint256 /* _value */, bytes /* _purpose */)
        public returns (bool)
    {
        return true; // allow all transfers
    }
}


contract NoController is TokenController {
    function allowTransfer(address /* _sender */, address /* _from */, address /* _to */, uint256 /* _value */, bytes /* _purpose */)
        public returns (bool)
    {
        return false; // veto all transfers
    }
}

// File: contracts/zeppelin-solidity/contracts/math/SafeMath.sol

/**
 * @title SafeMath
 * @dev Math operations with safety checks that throw on error
 */
library SafeMath {

  /**
  * @dev Multiplies two numbers, throws on overflow.
  */
  function mul(uint256 a, uint256 b) internal pure returns (uint256) {
    if (a == 0) {
      return 0;
    }
    uint256 c = a * b;
    assert(c / a == b);
    return c;
  }

  /**
  * @dev Integer division of two numbers, truncating the quotient.
  */
  function div(uint256 a, uint256 b) internal pure returns (uint256) {
    // assert(b > 0); // Solidity automatically throws when dividing by 0
    uint256 c = a / b;
    // assert(a == b * c + a % b); // There is no case in which this doesn't hold
    return c;
  }

  /**
  * @dev Substracts two numbers, throws on overflow (i.e. if subtrahend is greater than minuend).
  */
  function sub(uint256 a, uint256 b) internal pure returns (uint256) {
    assert(b <= a);
    return a - b;
  }

  /**
  * @dev Adds two numbers, throws on overflow.
  */
  function add(uint256 a, uint256 b) internal pure returns (uint256) {
    uint256 c = a + b;
    assert(c >= a);
    return c;
  }
}

// File: contracts/zeppelin-solidity/contracts/token/ERC20/ERC20Basic.sol

/**
 * @title ERC20Basic
 * @dev Simpler version of ERC20 interface
 * @dev see https://github.com/ethereum/EIPs/issues/179
 */
contract ERC20Basic {
  function totalSupply() public view returns (uint256);
  function balanceOf(address who) public view returns (uint256);
  function transfer(address to, uint256 value) public returns (bool);
  event Transfer(address indexed from, address indexed to, uint256 value);
}

// File: contracts/zeppelin-solidity/contracts/token/ERC20/BasicToken.sol

/**
 * @title Basic token
 * @dev Basic version of StandardToken, with no allowances.
 */
contract BasicToken is ERC20Basic {
  using SafeMath for uint256;

  mapping(address => uint256) balances;

  uint256 totalSupply_;

  /**
  * @dev total number of tokens in existence
  */
  function totalSupply() public view returns (uint256) {
    return totalSupply_;
  }

  /**
  * @dev transfer token for a specified address
  * @param _to The address to transfer to.
  * @param _value The amount to be transferred.
  */
  function transfer(address _to, uint256 _value) public returns (bool) {
    require(_to != address(0));
    require(_value <= balances[msg.sender]);

    // SafeMath.sub will throw if there is not enough balance.
    balances[msg.sender] = balances[msg.sender].sub(_value);
    balances[_to] = balances[_to].add(_value);
    Transfer(msg.sender, _to, _value);
    return true;
  }

  /**
  * @dev Gets the balance of the specified address.
  * @param _owner The address to query the the balance of.
  * @return An uint256 representing the amount owned by the passed address.
  */
  function balanceOf(address _owner) public view returns (uint256 balance) {
    return balances[_owner];
  }

}

// File: contracts/zeppelin-solidity/contracts/token/ERC20/ERC20.sol

/**
 * @title ERC20 interface
 * @dev see https://github.com/ethereum/EIPs/issues/20
 */
contract ERC20 is ERC20Basic {
  function allowance(address owner, address spender) public view returns (uint256);
  function transferFrom(address from, address to, uint256 value) public returns (bool);
  function approve(address spender, uint256 value) public returns (bool);
  event Approval(address indexed owner, address indexed spender, uint256 value);
}

// File: contracts/zeppelin-solidity/contracts/token/ERC20/StandardToken.sol

/**
 * @title Standard ERC20 token
 *
 * @dev Implementation of the basic standard token.
 * @dev https://github.com/ethereum/EIPs/issues/20
 * @dev Based on code by FirstBlood: https://github.com/Firstbloodio/token/blob/master/smart_contract/FirstBloodToken.sol
 */
contract StandardToken is ERC20, BasicToken {

  mapping (address => mapping (address => uint256)) internal allowed;


  /**
   * @dev Transfer tokens from one address to another
   * @param _from address The address which you want to send tokens from
   * @param _to address The address which you want to transfer to
   * @param _value uint256 the amount of tokens to be transferred
   */
  function transferFrom(address _from, address _to, uint256 _value) public returns (bool) {
    require(_to != address(0));
    require(_value <= balances[_from]);
    require(_value <= allowed[_from][msg.sender]);

    balances[_from] = balances[_from].sub(_value);
    balances[_to] = balances[_to].add(_value);
    allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value);
    Transfer(_from, _to, _value);
    return true;
  }

  /**
   * @dev Approve the passed address to spend the specified amount of tokens on behalf of msg.sender.
   *
   * Beware that changing an allowance with this method brings the risk that someone may use both the old
   * and the new allowance by unfortunate transaction ordering. One possible solution to mitigate this
   * race condition is to first reduce the spender's allowance to 0 and set the desired value afterwards:
   * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
   * @param _spender The address which will spend the funds.
   * @param _value The amount of tokens to be spent.
   */
  function approve(address _spender, uint256 _value) public returns (bool) {
    allowed[msg.sender][_spender] = _value;
    Approval(msg.sender, _spender, _value);
    return true;
  }

  /**
   * @dev Function to check the amount of tokens that an owner allowed to a spender.
   * @param _owner address The address which owns the funds.
   * @param _spender address The address which will spend the funds.
   * @return A uint256 specifying the amount of tokens still available for the spender.
   */
  function allowance(address _owner, address _spender) public view returns (uint256) {
    return allowed[_owner][_spender];
  }

  /**
   * @dev Increase the amount of tokens that an owner allowed to a spender.
   *
   * approve should be called when allowed[_spender] == 0. To increment
   * allowed value is better to use this function to avoid 2 calls (and wait until
   * the first transaction is mined)
   * From MonolithDAO Token.sol
   * @param _spender The address which will spend the funds.
   * @param _addedValue The amount of tokens to increase the allowance by.
   */
  function increaseApproval(address _spender, uint _addedValue) public returns (bool) {
    allowed[msg.sender][_spender] = allowed[msg.sender][_spender].add(_addedValue);
    Approval(msg.sender, _spender, allowed[msg.sender][_spender]);
    return true;
  }

  /**
   * @dev Decrease the amount of tokens that an owner allowed to a spender.
   *
   * approve should be called when allowed[_spender] == 0. To decrement
   * allowed value is better to use this function to avoid 2 calls (and wait until
   * the first transaction is mined)
   * From MonolithDAO Token.sol
   * @param _spender The address which will spend the funds.
   * @param _subtractedValue The amount of tokens to decrease the allowance by.
   */
  function decreaseApproval(address _spender, uint _subtractedValue) public returns (bool) {
    uint oldValue = allowed[msg.sender][_spender];
    if (_subtractedValue > oldValue) {
      allowed[msg.sender][_spender] = 0;
    } else {
      allowed[msg.sender][_spender] = oldValue.sub(_subtractedValue);
    }
    Approval(msg.sender, _spender, allowed[msg.sender][_spender]);
    return true;
  }

}

// File: contracts/SapienCoin.sol

/**
 * @title Has a `controller`.
 * @dev The `controller` must be a contract implementing TokenController.
 * @dev The `controller` can track or veto the tokens transfers.
 * @dev The `controller` can assign its role to another address.
 * @dev The `owner` have all the powers of the `controller`.
 */
contract Controlled is OwnClaimRenounceable {

    bytes4 public constant TOKEN_CONTROLLER_INTERFACE = bytes4(keccak256("TokenController"));
    TokenController public controller;

    function Controlled() public {}

    /// @notice The address of the controller is the only address that can call
    ///  a function with this modifier
    modifier onlyControllerOrOwner {
        require((msg.sender == address(controller)) || (msg.sender == owner));
        _;
    }

    /// @notice Changes the controller of the contract
    /// @param _newController The new controller of the contract
    function changeController(TokenController _newController)
        public onlyControllerOrOwner
    {
        if(address(_newController) != address(0)) {
            // Check type to prevent mistakes
            require(_newController.INTERFACE() == TOKEN_CONTROLLER_INTERFACE);
        }
        controller = _newController;
    }

}


contract ControlledToken is StandardToken, Controlled {

    modifier controllerCallback(address _from, address _to, uint256 _value, bytes _purpose) {
        // If a controller is present, ask it about the transfer.
        if(address(controller) != address(0)) {
            bool _allow = controller.allowTransfer(msg.sender, _from, _to, _value, _purpose);
            if(!_allow) {
                return; // Do not transfer
            }
        }
        _; // Proceed with the transfer
    }

    /** @dev ERC20 transfer with controller callback */
    function transfer(address _to, uint256 _value)
        public
        controllerCallback(msg.sender, _to, _value, hex"")
        returns (bool)
    {
        return super.transfer(_to, _value);
    }

    /** @dev ERC20 transferFrom with controller callback */
    function transferFrom(address _from, address _to, uint256 _value)
        public
        controllerCallback(_from, _to, _value, hex"")
        returns (bool)
    {
        return super.transferFrom(_from, _to, _value);
    }

    /**
    * @dev Transfer tokens to a specified address, including a purpose.
    * @param _to The address to transfer to.
    * @param _value The amount to be transferred.
    * @param _purpose Arbitrary data attached to the transaction.
    */
    function transferWithPurpose(address _to, uint256 _value, bytes _purpose)
        public
        controllerCallback(msg.sender, _to, _value, _purpose)
        returns (bool)
    {
        return super.transfer(_to, _value);
    }

}


contract BatchToken is ControlledToken {

    /**
    * @dev Transfer to many addresses in a single transaction.
    * @dev Call transfer(to, amount) with the arguments taken from two arrays.
    * @dev If one transfer is invalid, everything is aborted.
    * @dev The `_expectZero` option is intended for the initial batch minting.
    *      It allows operations to be retried and prevents double-minting due to the
    *      asynchronous and uncertain nature of blockchain transactions.
    *      It should be avoided after trading has started.
    * @param _toArray Addresses that will receive tokens.
    * @param _amountArray Amounts of tokens to transfer, in the same order as `_toArray`.
    * @param _expectZero If false, transfer the tokens immediately.
    *                    If true, expect the current balance of `_to` to be zero before
    *                    the transfer. If not zero, skip this transfer but continue.
    */
    function transferBatchIdempotent(address[] _toArray, uint256[] _amountArray, bool _expectZero)
        // Anyone can call if they have the balance
        public
    {
        // Check that the arrays are the same size
        uint256 _count = _toArray.length;
        require(_amountArray.length == _count);

        for (uint256 i = 0; i < _count; i++) {
            address _to = _toArray[i];
            // Either regular transfer, or check that BasicToken.balances is zero.
            if(!_expectZero || (balanceOf(_to) == 0)) {
                transfer(_to, _amountArray[i]);
            }
        }
    }

}


/**
 * @title The Sapien Token.
 */
contract SapienToken is BatchToken {

    string public constant name = "Sapien Network";
    string public constant symbol = "SPN";
    uint256 public constant decimals = 6;
    string public constant website = "https://sapien.network";

    /**
    * @dev The maximum supply that can be minted, in microSPN.
    *      500M with 6 decimals.
    */
    uint256 public constant MAX_SUPPLY_USPN = 500 * 1000 * 1000 * (10**decimals);

    function SapienToken() public {
        // All initial tokens to owner
        balances[msg.sender] = MAX_SUPPLY_USPN;
        totalSupply_ = MAX_SUPPLY_USPN;
    }

}