Transaction Hash:
Block:
12379843 at May-06-2021 09:13:39 AM +UTC
Transaction Fee:
0.004927104 ETH
$7.88
Gas Used:
78,208 Gas / 63 Gwei
Emitted Events:
| 54 |
BPool.Transfer( src=[Receiver] Proxy, dst=Proxy, amt=267960284259154145342 )
|
| 55 |
Proxy.0x442e715f626346e8c54381002da614f62bee8d27386535b2521ec8540898556e( 0x442e715f626346e8c54381002da614f62bee8d27386535b2521ec8540898556e, 86dbbbb28d0c96eaeb978aa3264e38356140f2e39667c482363c5f82685f29f2, 0000000000000000000000000000000000000000000000000000000000000000 )
|
Account State Difference:
| Address | Before | After | State Difference | ||
|---|---|---|---|---|---|
| 0x5210c4dC...896ae05AA |
0.050798196987100094 Eth
Nonce: 196
|
0.045871092987100094 Eth
Nonce: 197
| 0.004927104 | ||
| 0xAfC2F2D8...01a0ec0d6 | |||||
| 0xdBe29107...e6FaBedcE | |||||
|
0xEA674fdD...16B898ec8
Miner
| (Ethermine) | 1,354.043243346894367899 Eth | 1,354.048170450894367899 Eth | 0.004927104 |
Execution Trace
Proxy.6a761202( )
GnosisSafe.execTransaction( to=0xdBe29107464D469c64A02AFe631Aba2e6FaBedcE, value=0, data=0xA9059CBB000000000000000000000000BC79855178842FDBA0C353494895DEEF509E26BB00000000000000000000000000000000000000000000000E86B22AD1BB94303E, operation=0, safeTxGas=69248, baseGas=0, gasPrice=0, gasToken=0x0000000000000000000000000000000000000000, refundReceiver=0x0000000000000000000000000000000000000000, signatures=0x0000000000000000000000005210C4DCD7EB899A1274FD6471ADEC9896AE05AA000000000000000000000000000000000000000000000000000000000000000001B6CCC3528590536566CF7AE8D9A79433E596DC6104E4F21250C283FB4B3C22251F34BDC89030EE999AC642B4D35027CD7DAFD833C9AFEA28136B352784950B501C96F58F9A161D0216A367E6A105CE86FCB77B1BC711B34BD37083075640F72CF22A12317FD32076B54AC07803FFBBF9ABE3A7B2E01EC122ACF368B5416177AADA1F ) => ( success=True )-
Null: 0x000...001.86dbbbb2( ) -
Null: 0x000...001.14e67ca5( ) -
BPool.transfer( dst=0xBc79855178842FDBA0c353494895DEEf509E26bB, amt=267960284259154145342 ) => ( True )
-
execTransaction[GnosisSafe (ln:774)]
encodeTransactionData[GnosisSafe (ln:792)]encode[GnosisSafe (ln:1041)]
checkSignatures[GnosisSafe (ln:800)]mul[GnosisSafe (ln:857)]signatureSplit[GnosisSafe (ln:866)]mul[GnosisSafe (ln:875)]add[GnosisSafe (ln:878)]add[GnosisSafe (ln:886)]add[GnosisSafe (ln:886)]isValidSignature[GnosisSafe (ln:895)]ecrecover[GnosisSafe (ln:908)]ecrecover[GnosisSafe (ln:911)]
gasleft[GnosisSafe (ln:802)]gasleft[GnosisSafe (ln:805)]execute[GnosisSafe (ln:807)]gasleft[GnosisSafe (ln:807)]sub[GnosisSafe (ln:808)]gasleft[GnosisSafe (ln:808)]handlePayment[GnosisSafe (ln:812)]ExecutionSuccess[GnosisSafe (ln:814)]ExecutionFailure[GnosisSafe (ln:815)]
File 1 of 4: Proxy
File 2 of 4: Proxy
File 3 of 4: BPool
File 4 of 4: GnosisSafe
pragma solidity ^0.5.0; /// @title Proxy - Generic proxy contract allows to execute all transactions applying the code of a master contract. /// @author Stefan George - <[email protected]> contract Proxy { // masterCopy always needs to be first declared variable, to ensure that it is at the same location in the contracts to which calls are delegated. // To reduce deployment costs this variable is internal and needs to be retrieved via `getStorageAt` address internal masterCopy; /// @dev Constructor function sets address of master copy contract. /// @param _masterCopy Master copy address. constructor(address _masterCopy) public { require(_masterCopy != address(0), "Invalid master copy address provided"); masterCopy = _masterCopy; } /// @dev Fallback function forwards all transactions and returns all received return data. function () external payable { // solium-disable-next-line security/no-inline-assembly assembly { let masterCopy := and(sload(0), 0xffffffffffffffffffffffffffffffffffffffff) calldatacopy(0, 0, calldatasize()) let success := delegatecall(gas, masterCopy, 0, calldatasize(), 0, 0) returndatacopy(0, 0, returndatasize()) if eq(success, 0) { revert(0, returndatasize()) } return(0, returndatasize()) } } }
File 2 of 4: Proxy
pragma solidity ^0.5.3; /// @title Proxy - Generic proxy contract allows to execute all transactions applying the code of a master contract. /// @author Stefan George - <[email protected]> /// @author Richard Meissner - <[email protected]> contract Proxy { // masterCopy always needs to be first declared variable, to ensure that it is at the same location in the contracts to which calls are delegated. // To reduce deployment costs this variable is internal and needs to be retrieved via `getStorageAt` address internal masterCopy; /// @dev Constructor function sets address of master copy contract. /// @param _masterCopy Master copy address. constructor(address _masterCopy) public { require(_masterCopy != address(0), "Invalid master copy address provided"); masterCopy = _masterCopy; } /// @dev Fallback function forwards all transactions and returns all received return data. function () external payable { // solium-disable-next-line security/no-inline-assembly assembly { let masterCopy := and(sload(0), 0xffffffffffffffffffffffffffffffffffffffff) // 0xa619486e == keccak("masterCopy()"). The value is right padded to 32-bytes with 0s if eq(calldataload(0), 0xa619486e00000000000000000000000000000000000000000000000000000000) { mstore(0, masterCopy) return(0, 0x20) } calldatacopy(0, 0, calldatasize()) let success := delegatecall(gas, masterCopy, 0, calldatasize(), 0, 0) returndatacopy(0, 0, returndatasize()) if eq(success, 0) { revert(0, returndatasize()) } return(0, returndatasize()) } } }
File 3 of 4: BPool
{"BColor.sol":{"content":"// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see \u003chttp://www.gnu.org/licenses/\u003e.\n\npragma solidity 0.5.12;\n\ncontract BColor {\n function getColor()\n external view\n returns (bytes32);\n}\n\ncontract BBronze is BColor {\n function getColor()\n external view\n returns (bytes32) {\n return bytes32(\"BRONZE\");\n }\n}\n"},"BConst.sol":{"content":"// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see \u003chttp://www.gnu.org/licenses/\u003e.\n\npragma solidity 0.5.12;\n\nimport \"./BColor.sol\";\n\ncontract BConst is BBronze {\n uint public constant BONE = 10**18;\n\n uint public constant MIN_BOUND_TOKENS = 2;\n uint public constant MAX_BOUND_TOKENS = 8;\n\n uint public constant MIN_FEE = BONE / 10**6;\n uint public constant MAX_FEE = BONE / 10;\n uint public constant EXIT_FEE = 0;\n\n uint public constant MIN_WEIGHT = BONE;\n uint public constant MAX_WEIGHT = BONE * 50;\n uint public constant MAX_TOTAL_WEIGHT = BONE * 50;\n uint public constant MIN_BALANCE = BONE / 10**12;\n\n uint public constant INIT_POOL_SUPPLY = BONE * 100;\n\n uint public constant MIN_BPOW_BASE = 1 wei;\n uint public constant MAX_BPOW_BASE = (2 * BONE) - 1 wei;\n uint public constant BPOW_PRECISION = BONE / 10**10;\n\n uint public constant MAX_IN_RATIO = BONE / 2;\n uint public constant MAX_OUT_RATIO = (BONE / 3) + 1 wei;\n}\n"},"BMath.sol":{"content":"// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see \u003chttp://www.gnu.org/licenses/\u003e.\n\npragma solidity 0.5.12;\n\nimport \"./BNum.sol\";\n\ncontract BMath is BBronze, BConst, BNum {\n /**********************************************************************************************\n // calcSpotPrice //\n // sP = spotPrice //\n // bI = tokenBalanceIn ( bI / wI ) 1 //\n // bO = tokenBalanceOut sP = ----------- * ---------- //\n // wI = tokenWeightIn ( bO / wO ) ( 1 - sF ) //\n // wO = tokenWeightOut //\n // sF = swapFee //\n **********************************************************************************************/\n function calcSpotPrice(\n uint tokenBalanceIn,\n uint tokenWeightIn,\n uint tokenBalanceOut,\n uint tokenWeightOut,\n uint swapFee\n )\n public pure\n returns (uint spotPrice)\n {\n uint numer = bdiv(tokenBalanceIn, tokenWeightIn);\n uint denom = bdiv(tokenBalanceOut, tokenWeightOut);\n uint ratio = bdiv(numer, denom);\n uint scale = bdiv(BONE, bsub(BONE, swapFee));\n return (spotPrice = bmul(ratio, scale));\n }\n\n /**********************************************************************************************\n // calcOutGivenIn //\n // aO = tokenAmountOut //\n // bO = tokenBalanceOut //\n // bI = tokenBalanceIn / / bI \\ (wI / wO) \\ //\n // aI = tokenAmountIn aO = bO * | 1 - | -------------------------- | ^ | //\n // wI = tokenWeightIn \\ \\ ( bI + ( aI * ( 1 - sF )) / / //\n // wO = tokenWeightOut //\n // sF = swapFee //\n **********************************************************************************************/\n function calcOutGivenIn(\n uint tokenBalanceIn,\n uint tokenWeightIn,\n uint tokenBalanceOut,\n uint tokenWeightOut,\n uint tokenAmountIn,\n uint swapFee\n )\n public pure\n returns (uint tokenAmountOut)\n {\n uint weightRatio = bdiv(tokenWeightIn, tokenWeightOut);\n uint adjustedIn = bsub(BONE, swapFee);\n adjustedIn = bmul(tokenAmountIn, adjustedIn);\n uint y = bdiv(tokenBalanceIn, badd(tokenBalanceIn, adjustedIn));\n uint foo = bpow(y, weightRatio);\n uint bar = bsub(BONE, foo);\n tokenAmountOut = bmul(tokenBalanceOut, bar);\n return tokenAmountOut;\n }\n\n /**********************************************************************************************\n // calcInGivenOut //\n // aI = tokenAmountIn //\n // bO = tokenBalanceOut / / bO \\ (wO / wI) \\ //\n // bI = tokenBalanceIn bI * | | ------------ | ^ - 1 | //\n // aO = tokenAmountOut aI = \\ \\ ( bO - aO ) / / //\n // wI = tokenWeightIn -------------------------------------------- //\n // wO = tokenWeightOut ( 1 - sF ) //\n // sF = swapFee //\n **********************************************************************************************/\n function calcInGivenOut(\n uint tokenBalanceIn,\n uint tokenWeightIn,\n uint tokenBalanceOut,\n uint tokenWeightOut,\n uint tokenAmountOut,\n uint swapFee\n )\n public pure\n returns (uint tokenAmountIn)\n {\n uint weightRatio = bdiv(tokenWeightOut, tokenWeightIn);\n uint diff = bsub(tokenBalanceOut, tokenAmountOut);\n uint y = bdiv(tokenBalanceOut, diff);\n uint foo = bpow(y, weightRatio);\n foo = bsub(foo, BONE);\n tokenAmountIn = bsub(BONE, swapFee);\n tokenAmountIn = bdiv(bmul(tokenBalanceIn, foo), tokenAmountIn);\n return tokenAmountIn;\n }\n\n /**********************************************************************************************\n // calcPoolOutGivenSingleIn //\n // pAo = poolAmountOut / \\ //\n // tAi = tokenAmountIn /// / // wI \\ \\\\ \\ wI \\ //\n // wI = tokenWeightIn //| tAi *| 1 - || 1 - -- | * sF || + tBi \\ -- \\ //\n // tW = totalWeight pAo=|| \\ \\ \\\\ tW / // | ^ tW | * pS - pS //\n // tBi = tokenBalanceIn \\\\ ------------------------------------- / / //\n // pS = poolSupply \\\\ tBi / / //\n // sF = swapFee \\ / //\n **********************************************************************************************/\n function calcPoolOutGivenSingleIn(\n uint tokenBalanceIn,\n uint tokenWeightIn,\n uint poolSupply,\n uint totalWeight,\n uint tokenAmountIn,\n uint swapFee\n )\n public pure\n returns (uint poolAmountOut)\n {\n // Charge the trading fee for the proportion of tokenAi\n /// which is implicitly traded to the other pool tokens.\n // That proportion is (1- weightTokenIn)\n // tokenAiAfterFee = tAi * (1 - (1-weightTi) * poolFee);\n uint normalizedWeight = bdiv(tokenWeightIn, totalWeight);\n uint zaz = bmul(bsub(BONE, normalizedWeight), swapFee); \n uint tokenAmountInAfterFee = bmul(tokenAmountIn, bsub(BONE, zaz));\n\n uint newTokenBalanceIn = badd(tokenBalanceIn, tokenAmountInAfterFee);\n uint tokenInRatio = bdiv(newTokenBalanceIn, tokenBalanceIn);\n\n // uint newPoolSupply = (ratioTi ^ weightTi) * poolSupply;\n uint poolRatio = bpow(tokenInRatio, normalizedWeight);\n uint newPoolSupply = bmul(poolRatio, poolSupply);\n poolAmountOut = bsub(newPoolSupply, poolSupply);\n return poolAmountOut;\n }\n\n /**********************************************************************************************\n // calcSingleInGivenPoolOut //\n // tAi = tokenAmountIn //(pS + pAo)\\ / 1 \\\\ //\n // pS = poolSupply || --------- | ^ | --------- || * bI - bI //\n // pAo = poolAmountOut \\\\ pS / \\(wI / tW)// //\n // bI = balanceIn tAi = -------------------------------------------- //\n // wI = weightIn / wI \\ //\n // tW = totalWeight | 1 - ---- | * sF //\n // sF = swapFee \\ tW / //\n **********************************************************************************************/\n function calcSingleInGivenPoolOut(\n uint tokenBalanceIn,\n uint tokenWeightIn,\n uint poolSupply,\n uint totalWeight,\n uint poolAmountOut,\n uint swapFee\n )\n public pure\n returns (uint tokenAmountIn)\n {\n uint normalizedWeight = bdiv(tokenWeightIn, totalWeight);\n uint newPoolSupply = badd(poolSupply, poolAmountOut);\n uint poolRatio = bdiv(newPoolSupply, poolSupply);\n \n //uint newBalTi = poolRatio^(1/weightTi) * balTi;\n uint boo = bdiv(BONE, normalizedWeight); \n uint tokenInRatio = bpow(poolRatio, boo);\n uint newTokenBalanceIn = bmul(tokenInRatio, tokenBalanceIn);\n uint tokenAmountInAfterFee = bsub(newTokenBalanceIn, tokenBalanceIn);\n // Do reverse order of fees charged in joinswap_ExternAmountIn, this way \n // ``` pAo == joinswap_ExternAmountIn(Ti, joinswap_PoolAmountOut(pAo, Ti)) ```\n //uint tAi = tAiAfterFee / (1 - (1-weightTi) * swapFee) ;\n uint zar = bmul(bsub(BONE, normalizedWeight), swapFee);\n tokenAmountIn = bdiv(tokenAmountInAfterFee, bsub(BONE, zar));\n return tokenAmountIn;\n }\n\n /**********************************************************************************************\n // calcSingleOutGivenPoolIn //\n // tAo = tokenAmountOut / / \\\\ //\n // bO = tokenBalanceOut / // pS - (pAi * (1 - eF)) \\ / 1 \\ \\\\ //\n // pAi = poolAmountIn | bO - || ----------------------- | ^ | --------- | * b0 || //\n // ps = poolSupply \\ \\\\ pS / \\(wO / tW)/ // //\n // wI = tokenWeightIn tAo = \\ \\ // //\n // tW = totalWeight / / wO \\ \\ //\n // sF = swapFee * | 1 - | 1 - ---- | * sF | //\n // eF = exitFee \\ \\ tW / / //\n **********************************************************************************************/\n function calcSingleOutGivenPoolIn(\n uint tokenBalanceOut,\n uint tokenWeightOut,\n uint poolSupply,\n uint totalWeight,\n uint poolAmountIn,\n uint swapFee\n )\n public pure\n returns (uint tokenAmountOut)\n {\n uint normalizedWeight = bdiv(tokenWeightOut, totalWeight);\n // charge exit fee on the pool token side\n // pAiAfterExitFee = pAi*(1-exitFee)\n uint poolAmountInAfterExitFee = bmul(poolAmountIn, bsub(BONE, EXIT_FEE));\n uint newPoolSupply = bsub(poolSupply, poolAmountInAfterExitFee);\n uint poolRatio = bdiv(newPoolSupply, poolSupply);\n \n // newBalTo = poolRatio^(1/weightTo) * balTo;\n uint tokenOutRatio = bpow(poolRatio, bdiv(BONE, normalizedWeight));\n uint newTokenBalanceOut = bmul(tokenOutRatio, tokenBalanceOut);\n\n uint tokenAmountOutBeforeSwapFee = bsub(tokenBalanceOut, newTokenBalanceOut);\n\n // charge swap fee on the output token side \n //uint tAo = tAoBeforeSwapFee * (1 - (1-weightTo) * swapFee)\n uint zaz = bmul(bsub(BONE, normalizedWeight), swapFee); \n tokenAmountOut = bmul(tokenAmountOutBeforeSwapFee, bsub(BONE, zaz));\n return tokenAmountOut;\n }\n\n /**********************************************************************************************\n // calcPoolInGivenSingleOut //\n // pAi = poolAmountIn // / tAo \\\\ / wO \\ \\ //\n // bO = tokenBalanceOut // | bO - -------------------------- |\\ | ---- | \\ //\n // tAo = tokenAmountOut pS - || \\ 1 - ((1 - (tO / tW)) * sF)/ | ^ \\ tW / * pS | //\n // ps = poolSupply \\\\ -----------------------------------/ / //\n // wO = tokenWeightOut pAi = \\\\ bO / / //\n // tW = totalWeight ------------------------------------------------------------- //\n // sF = swapFee ( 1 - eF ) //\n // eF = exitFee //\n **********************************************************************************************/\n function calcPoolInGivenSingleOut(\n uint tokenBalanceOut,\n uint tokenWeightOut,\n uint poolSupply,\n uint totalWeight,\n uint tokenAmountOut,\n uint swapFee\n )\n public pure\n returns (uint poolAmountIn)\n {\n\n // charge swap fee on the output token side \n uint normalizedWeight = bdiv(tokenWeightOut, totalWeight);\n //uint tAoBeforeSwapFee = tAo / (1 - (1-weightTo) * swapFee) ;\n uint zoo = bsub(BONE, normalizedWeight);\n uint zar = bmul(zoo, swapFee); \n uint tokenAmountOutBeforeSwapFee = bdiv(tokenAmountOut, bsub(BONE, zar));\n\n uint newTokenBalanceOut = bsub(tokenBalanceOut, tokenAmountOutBeforeSwapFee);\n uint tokenOutRatio = bdiv(newTokenBalanceOut, tokenBalanceOut);\n\n //uint newPoolSupply = (ratioTo ^ weightTo) * poolSupply;\n uint poolRatio = bpow(tokenOutRatio, normalizedWeight);\n uint newPoolSupply = bmul(poolRatio, poolSupply);\n uint poolAmountInAfterExitFee = bsub(poolSupply, newPoolSupply);\n\n // charge exit fee on the pool token side\n // pAi = pAiAfterExitFee/(1-exitFee)\n poolAmountIn = bdiv(poolAmountInAfterExitFee, bsub(BONE, EXIT_FEE));\n return poolAmountIn;\n }\n\n\n}\n"},"BNum.sol":{"content":"// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see \u003chttp://www.gnu.org/licenses/\u003e.\n\npragma solidity 0.5.12;\n\nimport \"./BConst.sol\";\n\ncontract BNum is BConst {\n\n function btoi(uint a)\n internal pure \n returns (uint)\n {\n return a / BONE;\n }\n\n function bfloor(uint a)\n internal pure\n returns (uint)\n {\n return btoi(a) * BONE;\n }\n\n function badd(uint a, uint b)\n internal pure\n returns (uint)\n {\n uint c = a + b;\n require(c \u003e= a, \"ERR_ADD_OVERFLOW\");\n return c;\n }\n\n function bsub(uint a, uint b)\n internal pure\n returns (uint)\n {\n (uint c, bool flag) = bsubSign(a, b);\n require(!flag, \"ERR_SUB_UNDERFLOW\");\n return c;\n }\n\n function bsubSign(uint a, uint b)\n internal pure\n returns (uint, bool)\n {\n if (a \u003e= b) {\n return (a - b, false);\n } else {\n return (b - a, true);\n }\n }\n\n function bmul(uint a, uint b)\n internal pure\n returns (uint)\n {\n uint c0 = a * b;\n require(a == 0 || c0 / a == b, \"ERR_MUL_OVERFLOW\");\n uint c1 = c0 + (BONE / 2);\n require(c1 \u003e= c0, \"ERR_MUL_OVERFLOW\");\n uint c2 = c1 / BONE;\n return c2;\n }\n\n function bdiv(uint a, uint b)\n internal pure\n returns (uint)\n {\n require(b != 0, \"ERR_DIV_ZERO\");\n uint c0 = a * BONE;\n require(a == 0 || c0 / a == BONE, \"ERR_DIV_INTERNAL\"); // bmul overflow\n uint c1 = c0 + (b / 2);\n require(c1 \u003e= c0, \"ERR_DIV_INTERNAL\"); // badd require\n uint c2 = c1 / b;\n return c2;\n }\n\n // DSMath.wpow\n function bpowi(uint a, uint n)\n internal pure\n returns (uint)\n {\n uint z = n % 2 != 0 ? a : BONE;\n\n for (n /= 2; n != 0; n /= 2) {\n a = bmul(a, a);\n\n if (n % 2 != 0) {\n z = bmul(z, a);\n }\n }\n return z;\n }\n\n // Compute b^(e.w) by splitting it into (b^e)*(b^0.w).\n // Use `bpowi` for `b^e` and `bpowK` for k iterations\n // of approximation of b^0.w\n function bpow(uint base, uint exp)\n internal pure\n returns (uint)\n {\n require(base \u003e= MIN_BPOW_BASE, \"ERR_BPOW_BASE_TOO_LOW\");\n require(base \u003c= MAX_BPOW_BASE, \"ERR_BPOW_BASE_TOO_HIGH\");\n\n uint whole = bfloor(exp); \n uint remain = bsub(exp, whole);\n\n uint wholePow = bpowi(base, btoi(whole));\n\n if (remain == 0) {\n return wholePow;\n }\n\n uint partialResult = bpowApprox(base, remain, BPOW_PRECISION);\n return bmul(wholePow, partialResult);\n }\n\n function bpowApprox(uint base, uint exp, uint precision)\n internal pure\n returns (uint)\n {\n // term 0:\n uint a = exp;\n (uint x, bool xneg) = bsubSign(base, BONE);\n uint term = BONE;\n uint sum = term;\n bool negative = false;\n\n\n // term(k) = numer / denom \n // = (product(a - i - 1, i=1--\u003ek) * x^k) / (k!)\n // each iteration, multiply previous term by (a-(k-1)) * x / k\n // continue until term is less than precision\n for (uint i = 1; term \u003e= precision; i++) {\n uint bigK = i * BONE;\n (uint c, bool cneg) = bsubSign(a, bsub(bigK, BONE));\n term = bmul(term, bmul(c, x));\n term = bdiv(term, bigK);\n if (term == 0) break;\n\n if (xneg) negative = !negative;\n if (cneg) negative = !negative;\n if (negative) {\n sum = bsub(sum, term);\n } else {\n sum = badd(sum, term);\n }\n }\n\n return sum;\n }\n\n}\n"},"BPool.sol":{"content":"// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see \u003chttp://www.gnu.org/licenses/\u003e.\n\npragma solidity 0.5.12;\n\nimport \"./BToken.sol\";\nimport \"./BMath.sol\";\n\ncontract BPool is BBronze, BToken, BMath {\n\n struct Record {\n bool bound; // is token bound to pool\n uint index; // private\n uint denorm; // denormalized weight\n uint balance;\n }\n\n event LOG_SWAP(\n address indexed caller,\n address indexed tokenIn,\n address indexed tokenOut,\n uint256 tokenAmountIn,\n uint256 tokenAmountOut\n );\n\n event LOG_JOIN(\n address indexed caller,\n address indexed tokenIn,\n uint256 tokenAmountIn\n );\n\n event LOG_EXIT(\n address indexed caller,\n address indexed tokenOut,\n uint256 tokenAmountOut\n );\n\n event LOG_CALL(\n bytes4 indexed sig,\n address indexed caller,\n bytes data\n ) anonymous;\n\n modifier _logs_() {\n emit LOG_CALL(msg.sig, msg.sender, msg.data);\n _;\n }\n\n modifier _lock_() {\n require(!_mutex, \"ERR_REENTRY\");\n _mutex = true;\n _;\n _mutex = false;\n }\n\n modifier _viewlock_() {\n require(!_mutex, \"ERR_REENTRY\");\n _;\n }\n\n bool private _mutex;\n\n address private _factory; // BFactory address to push token exitFee to\n address private _controller; // has CONTROL role\n bool private _publicSwap; // true if PUBLIC can call SWAP functions\n\n // `setSwapFee` and `finalize` require CONTROL\n // `finalize` sets `PUBLIC can SWAP`, `PUBLIC can JOIN`\n uint private _swapFee;\n bool private _finalized;\n\n address[] private _tokens;\n mapping(address=\u003eRecord) private _records;\n uint private _totalWeight;\n\n constructor() public {\n _controller = msg.sender;\n _factory = msg.sender;\n _swapFee = MIN_FEE;\n _publicSwap = false;\n _finalized = false;\n }\n\n function isPublicSwap()\n external view\n returns (bool)\n {\n return _publicSwap;\n }\n\n function isFinalized()\n external view\n returns (bool)\n {\n return _finalized;\n }\n\n function isBound(address t)\n external view\n returns (bool)\n {\n return _records[t].bound;\n }\n\n function getNumTokens()\n external view\n returns (uint) \n {\n return _tokens.length;\n }\n\n function getCurrentTokens()\n external view _viewlock_\n returns (address[] memory tokens)\n {\n return _tokens;\n }\n\n function getFinalTokens()\n external view\n _viewlock_\n returns (address[] memory tokens)\n {\n require(_finalized, \"ERR_NOT_FINALIZED\");\n return _tokens;\n }\n\n function getDenormalizedWeight(address token)\n external view\n _viewlock_\n returns (uint)\n {\n\n require(_records[token].bound, \"ERR_NOT_BOUND\");\n return _records[token].denorm;\n }\n\n function getTotalDenormalizedWeight()\n external view\n _viewlock_\n returns (uint)\n {\n return _totalWeight;\n }\n\n function getNormalizedWeight(address token)\n external view\n _viewlock_\n returns (uint)\n {\n\n require(_records[token].bound, \"ERR_NOT_BOUND\");\n uint denorm = _records[token].denorm;\n return bdiv(denorm, _totalWeight);\n }\n\n function getBalance(address token)\n external view\n _viewlock_\n returns (uint)\n {\n\n require(_records[token].bound, \"ERR_NOT_BOUND\");\n return _records[token].balance;\n }\n\n function getSwapFee()\n external view\n _viewlock_\n returns (uint)\n {\n return _swapFee;\n }\n\n function getController()\n external view\n _viewlock_\n returns (address)\n {\n return _controller;\n }\n\n function setSwapFee(uint swapFee)\n external\n _logs_\n _lock_\n { \n require(!_finalized, \"ERR_IS_FINALIZED\");\n require(msg.sender == _controller, \"ERR_NOT_CONTROLLER\");\n require(swapFee \u003e= MIN_FEE, \"ERR_MIN_FEE\");\n require(swapFee \u003c= MAX_FEE, \"ERR_MAX_FEE\");\n _swapFee = swapFee;\n }\n\n function setController(address manager)\n external\n _logs_\n _lock_\n {\n require(msg.sender == _controller, \"ERR_NOT_CONTROLLER\");\n _controller = manager;\n }\n\n function setPublicSwap(bool public_)\n external\n _logs_\n _lock_\n {\n require(!_finalized, \"ERR_IS_FINALIZED\");\n require(msg.sender == _controller, \"ERR_NOT_CONTROLLER\");\n _publicSwap = public_;\n }\n\n function finalize()\n external\n _logs_\n _lock_\n {\n require(msg.sender == _controller, \"ERR_NOT_CONTROLLER\");\n require(!_finalized, \"ERR_IS_FINALIZED\");\n require(_tokens.length \u003e= MIN_BOUND_TOKENS, \"ERR_MIN_TOKENS\");\n\n _finalized = true;\n _publicSwap = true;\n\n _mintPoolShare(INIT_POOL_SUPPLY);\n _pushPoolShare(msg.sender, INIT_POOL_SUPPLY);\n }\n\n\n function bind(address token, uint balance, uint denorm)\n external\n _logs_\n // _lock_ Bind does not lock because it jumps to `rebind`, which does\n {\n require(msg.sender == _controller, \"ERR_NOT_CONTROLLER\");\n require(!_records[token].bound, \"ERR_IS_BOUND\");\n require(!_finalized, \"ERR_IS_FINALIZED\");\n\n require(_tokens.length \u003c MAX_BOUND_TOKENS, \"ERR_MAX_TOKENS\");\n\n _records[token] = Record({\n bound: true,\n index: _tokens.length,\n denorm: 0, // balance and denorm will be validated\n balance: 0 // and set by `rebind`\n });\n _tokens.push(token);\n rebind(token, balance, denorm);\n }\n\n function rebind(address token, uint balance, uint denorm)\n public\n _logs_\n _lock_\n {\n\n require(msg.sender == _controller, \"ERR_NOT_CONTROLLER\");\n require(_records[token].bound, \"ERR_NOT_BOUND\");\n require(!_finalized, \"ERR_IS_FINALIZED\");\n\n require(denorm \u003e= MIN_WEIGHT, \"ERR_MIN_WEIGHT\");\n require(denorm \u003c= MAX_WEIGHT, \"ERR_MAX_WEIGHT\");\n require(balance \u003e= MIN_BALANCE, \"ERR_MIN_BALANCE\");\n\n // Adjust the denorm and totalWeight\n uint oldWeight = _records[token].denorm;\n if (denorm \u003e oldWeight) {\n _totalWeight = badd(_totalWeight, bsub(denorm, oldWeight));\n require(_totalWeight \u003c= MAX_TOTAL_WEIGHT, \"ERR_MAX_TOTAL_WEIGHT\");\n } else if (denorm \u003c oldWeight) {\n _totalWeight = bsub(_totalWeight, bsub(oldWeight, denorm));\n } \n _records[token].denorm = denorm;\n\n // Adjust the balance record and actual token balance\n uint oldBalance = _records[token].balance;\n _records[token].balance = balance;\n if (balance \u003e oldBalance) {\n _pullUnderlying(token, msg.sender, bsub(balance, oldBalance));\n } else if (balance \u003c oldBalance) {\n // In this case liquidity is being withdrawn, so charge EXIT_FEE\n uint tokenBalanceWithdrawn = bsub(oldBalance, balance);\n uint tokenExitFee = bmul(tokenBalanceWithdrawn, EXIT_FEE);\n _pushUnderlying(token, msg.sender, bsub(tokenBalanceWithdrawn, tokenExitFee));\n _pushUnderlying(token, _factory, tokenExitFee);\n }\n }\n\n function unbind(address token)\n external\n _logs_\n _lock_\n {\n\n require(msg.sender == _controller, \"ERR_NOT_CONTROLLER\");\n require(_records[token].bound, \"ERR_NOT_BOUND\");\n require(!_finalized, \"ERR_IS_FINALIZED\");\n\n uint tokenBalance = _records[token].balance;\n uint tokenExitFee = bmul(tokenBalance, EXIT_FEE);\n\n _totalWeight = bsub(_totalWeight, _records[token].denorm);\n\n // Swap the token-to-unbind with the last token,\n // then delete the last token\n uint index = _records[token].index;\n uint last = _tokens.length - 1;\n _tokens[index] = _tokens[last];\n _records[_tokens[index]].index = index;\n _tokens.pop();\n _records[token] = Record({\n bound: false,\n index: 0,\n denorm: 0,\n balance: 0\n });\n\n _pushUnderlying(token, msg.sender, bsub(tokenBalance, tokenExitFee));\n _pushUnderlying(token, _factory, tokenExitFee);\n }\n\n // Absorb any tokens that have been sent to this contract into the pool\n function gulp(address token)\n external\n _logs_\n _lock_\n {\n require(_records[token].bound, \"ERR_NOT_BOUND\");\n _records[token].balance = IERC20(token).balanceOf(address(this));\n }\n\n function getSpotPrice(address tokenIn, address tokenOut)\n external view\n _viewlock_\n returns (uint spotPrice)\n {\n require(_records[tokenIn].bound, \"ERR_NOT_BOUND\");\n require(_records[tokenOut].bound, \"ERR_NOT_BOUND\");\n Record storage inRecord = _records[tokenIn];\n Record storage outRecord = _records[tokenOut];\n return calcSpotPrice(inRecord.balance, inRecord.denorm, outRecord.balance, outRecord.denorm, _swapFee);\n }\n\n function getSpotPriceSansFee(address tokenIn, address tokenOut)\n external view\n _viewlock_\n returns (uint spotPrice)\n {\n require(_records[tokenIn].bound, \"ERR_NOT_BOUND\");\n require(_records[tokenOut].bound, \"ERR_NOT_BOUND\");\n Record storage inRecord = _records[tokenIn];\n Record storage outRecord = _records[tokenOut];\n return calcSpotPrice(inRecord.balance, inRecord.denorm, outRecord.balance, outRecord.denorm, 0);\n }\n\n function joinPool(uint poolAmountOut, uint[] calldata maxAmountsIn)\n external\n _logs_\n _lock_\n {\n require(_finalized, \"ERR_NOT_FINALIZED\");\n\n uint poolTotal = totalSupply();\n uint ratio = bdiv(poolAmountOut, poolTotal);\n require(ratio != 0, \"ERR_MATH_APPROX\");\n\n for (uint i = 0; i \u003c _tokens.length; i++) {\n address t = _tokens[i];\n uint bal = _records[t].balance;\n uint tokenAmountIn = bmul(ratio, bal);\n require(tokenAmountIn != 0, \"ERR_MATH_APPROX\");\n require(tokenAmountIn \u003c= maxAmountsIn[i], \"ERR_LIMIT_IN\");\n _records[t].balance = badd(_records[t].balance, tokenAmountIn);\n emit LOG_JOIN(msg.sender, t, tokenAmountIn);\n _pullUnderlying(t, msg.sender, tokenAmountIn);\n }\n _mintPoolShare(poolAmountOut);\n _pushPoolShare(msg.sender, poolAmountOut);\n }\n\n function exitPool(uint poolAmountIn, uint[] calldata minAmountsOut)\n external\n _logs_\n _lock_\n {\n require(_finalized, \"ERR_NOT_FINALIZED\");\n\n uint poolTotal = totalSupply();\n uint exitFee = bmul(poolAmountIn, EXIT_FEE);\n uint pAiAfterExitFee = bsub(poolAmountIn, exitFee);\n uint ratio = bdiv(pAiAfterExitFee, poolTotal);\n require(ratio != 0, \"ERR_MATH_APPROX\");\n\n _pullPoolShare(msg.sender, poolAmountIn);\n _pushPoolShare(_factory, exitFee);\n _burnPoolShare(pAiAfterExitFee);\n\n for (uint i = 0; i \u003c _tokens.length; i++) {\n address t = _tokens[i];\n uint bal = _records[t].balance;\n uint tokenAmountOut = bmul(ratio, bal);\n require(tokenAmountOut != 0, \"ERR_MATH_APPROX\");\n require(tokenAmountOut \u003e= minAmountsOut[i], \"ERR_LIMIT_OUT\");\n _records[t].balance = bsub(_records[t].balance, tokenAmountOut);\n emit LOG_EXIT(msg.sender, t, tokenAmountOut);\n _pushUnderlying(t, msg.sender, tokenAmountOut);\n }\n\n }\n\n\n function swapExactAmountIn(\n address tokenIn,\n uint tokenAmountIn,\n address tokenOut,\n uint minAmountOut,\n uint maxPrice\n )\n external\n _logs_\n _lock_\n returns (uint tokenAmountOut, uint spotPriceAfter)\n {\n\n require(_records[tokenIn].bound, \"ERR_NOT_BOUND\");\n require(_records[tokenOut].bound, \"ERR_NOT_BOUND\");\n require(_publicSwap, \"ERR_SWAP_NOT_PUBLIC\");\n\n Record storage inRecord = _records[address(tokenIn)];\n Record storage outRecord = _records[address(tokenOut)];\n\n require(tokenAmountIn \u003c= bmul(inRecord.balance, MAX_IN_RATIO), \"ERR_MAX_IN_RATIO\");\n\n uint spotPriceBefore = calcSpotPrice(\n inRecord.balance,\n inRecord.denorm,\n outRecord.balance,\n outRecord.denorm,\n _swapFee\n );\n require(spotPriceBefore \u003c= maxPrice, \"ERR_BAD_LIMIT_PRICE\");\n\n tokenAmountOut = calcOutGivenIn(\n inRecord.balance,\n inRecord.denorm,\n outRecord.balance,\n outRecord.denorm,\n tokenAmountIn,\n _swapFee\n );\n require(tokenAmountOut \u003e= minAmountOut, \"ERR_LIMIT_OUT\");\n\n inRecord.balance = badd(inRecord.balance, tokenAmountIn);\n outRecord.balance = bsub(outRecord.balance, tokenAmountOut);\n\n spotPriceAfter = calcSpotPrice(\n inRecord.balance,\n inRecord.denorm,\n outRecord.balance,\n outRecord.denorm,\n _swapFee\n );\n require(spotPriceAfter \u003e= spotPriceBefore, \"ERR_MATH_APPROX\"); \n require(spotPriceAfter \u003c= maxPrice, \"ERR_LIMIT_PRICE\");\n require(spotPriceBefore \u003c= bdiv(tokenAmountIn, tokenAmountOut), \"ERR_MATH_APPROX\");\n\n emit LOG_SWAP(msg.sender, tokenIn, tokenOut, tokenAmountIn, tokenAmountOut);\n\n _pullUnderlying(tokenIn, msg.sender, tokenAmountIn);\n _pushUnderlying(tokenOut, msg.sender, tokenAmountOut);\n\n return (tokenAmountOut, spotPriceAfter);\n }\n\n function swapExactAmountOut(\n address tokenIn,\n uint maxAmountIn,\n address tokenOut,\n uint tokenAmountOut,\n uint maxPrice\n )\n external\n _logs_\n _lock_ \n returns (uint tokenAmountIn, uint spotPriceAfter)\n {\n require(_records[tokenIn].bound, \"ERR_NOT_BOUND\");\n require(_records[tokenOut].bound, \"ERR_NOT_BOUND\");\n require(_publicSwap, \"ERR_SWAP_NOT_PUBLIC\");\n\n Record storage inRecord = _records[address(tokenIn)];\n Record storage outRecord = _records[address(tokenOut)];\n\n require(tokenAmountOut \u003c= bmul(outRecord.balance, MAX_OUT_RATIO), \"ERR_MAX_OUT_RATIO\");\n\n uint spotPriceBefore = calcSpotPrice(\n inRecord.balance,\n inRecord.denorm,\n outRecord.balance,\n outRecord.denorm,\n _swapFee\n );\n require(spotPriceBefore \u003c= maxPrice, \"ERR_BAD_LIMIT_PRICE\");\n\n tokenAmountIn = calcInGivenOut(\n inRecord.balance,\n inRecord.denorm,\n outRecord.balance,\n outRecord.denorm,\n tokenAmountOut,\n _swapFee\n );\n require(tokenAmountIn \u003c= maxAmountIn, \"ERR_LIMIT_IN\");\n\n inRecord.balance = badd(inRecord.balance, tokenAmountIn);\n outRecord.balance = bsub(outRecord.balance, tokenAmountOut);\n\n spotPriceAfter = calcSpotPrice(\n inRecord.balance,\n inRecord.denorm,\n outRecord.balance,\n outRecord.denorm,\n _swapFee\n );\n require(spotPriceAfter \u003e= spotPriceBefore, \"ERR_MATH_APPROX\");\n require(spotPriceAfter \u003c= maxPrice, \"ERR_LIMIT_PRICE\");\n require(spotPriceBefore \u003c= bdiv(tokenAmountIn, tokenAmountOut), \"ERR_MATH_APPROX\");\n\n emit LOG_SWAP(msg.sender, tokenIn, tokenOut, tokenAmountIn, tokenAmountOut);\n\n _pullUnderlying(tokenIn, msg.sender, tokenAmountIn);\n _pushUnderlying(tokenOut, msg.sender, tokenAmountOut);\n\n return (tokenAmountIn, spotPriceAfter);\n }\n\n\n function joinswapExternAmountIn(address tokenIn, uint tokenAmountIn, uint minPoolAmountOut)\n external\n _logs_\n _lock_\n returns (uint poolAmountOut)\n\n { \n require(_finalized, \"ERR_NOT_FINALIZED\");\n require(_records[tokenIn].bound, \"ERR_NOT_BOUND\");\n require(tokenAmountIn \u003c= bmul(_records[tokenIn].balance, MAX_IN_RATIO), \"ERR_MAX_IN_RATIO\");\n\n Record storage inRecord = _records[tokenIn];\n\n poolAmountOut = calcPoolOutGivenSingleIn(\n inRecord.balance,\n inRecord.denorm,\n _totalSupply,\n _totalWeight,\n tokenAmountIn,\n _swapFee\n );\n\n require(poolAmountOut \u003e= minPoolAmountOut, \"ERR_LIMIT_OUT\");\n\n inRecord.balance = badd(inRecord.balance, tokenAmountIn);\n\n emit LOG_JOIN(msg.sender, tokenIn, tokenAmountIn);\n\n _mintPoolShare(poolAmountOut);\n _pushPoolShare(msg.sender, poolAmountOut);\n _pullUnderlying(tokenIn, msg.sender, tokenAmountIn);\n\n return poolAmountOut;\n }\n\n function joinswapPoolAmountOut(address tokenIn, uint poolAmountOut, uint maxAmountIn)\n external\n _logs_\n _lock_\n returns (uint tokenAmountIn)\n {\n require(_finalized, \"ERR_NOT_FINALIZED\");\n require(_records[tokenIn].bound, \"ERR_NOT_BOUND\");\n\n Record storage inRecord = _records[tokenIn];\n\n tokenAmountIn = calcSingleInGivenPoolOut(\n inRecord.balance,\n inRecord.denorm,\n _totalSupply,\n _totalWeight,\n poolAmountOut,\n _swapFee\n );\n\n require(tokenAmountIn != 0, \"ERR_MATH_APPROX\");\n require(tokenAmountIn \u003c= maxAmountIn, \"ERR_LIMIT_IN\");\n \n require(tokenAmountIn \u003c= bmul(_records[tokenIn].balance, MAX_IN_RATIO), \"ERR_MAX_IN_RATIO\");\n\n inRecord.balance = badd(inRecord.balance, tokenAmountIn);\n\n emit LOG_JOIN(msg.sender, tokenIn, tokenAmountIn);\n\n _mintPoolShare(poolAmountOut);\n _pushPoolShare(msg.sender, poolAmountOut);\n _pullUnderlying(tokenIn, msg.sender, tokenAmountIn);\n\n return tokenAmountIn;\n }\n\n function exitswapPoolAmountIn(address tokenOut, uint poolAmountIn, uint minAmountOut)\n external\n _logs_\n _lock_\n returns (uint tokenAmountOut)\n {\n require(_finalized, \"ERR_NOT_FINALIZED\");\n require(_records[tokenOut].bound, \"ERR_NOT_BOUND\");\n\n Record storage outRecord = _records[tokenOut];\n\n tokenAmountOut = calcSingleOutGivenPoolIn(\n outRecord.balance,\n outRecord.denorm,\n _totalSupply,\n _totalWeight,\n poolAmountIn,\n _swapFee\n );\n\n require(tokenAmountOut \u003e= minAmountOut, \"ERR_LIMIT_OUT\");\n \n require(tokenAmountOut \u003c= bmul(_records[tokenOut].balance, MAX_OUT_RATIO), \"ERR_MAX_OUT_RATIO\");\n\n outRecord.balance = bsub(outRecord.balance, tokenAmountOut);\n\n uint exitFee = bmul(poolAmountIn, EXIT_FEE);\n\n emit LOG_EXIT(msg.sender, tokenOut, tokenAmountOut);\n\n _pullPoolShare(msg.sender, poolAmountIn);\n _burnPoolShare(bsub(poolAmountIn, exitFee));\n _pushPoolShare(_factory, exitFee);\n _pushUnderlying(tokenOut, msg.sender, tokenAmountOut);\n\n return tokenAmountOut;\n }\n\n function exitswapExternAmountOut(address tokenOut, uint tokenAmountOut, uint maxPoolAmountIn)\n external\n _logs_\n _lock_\n returns (uint poolAmountIn)\n {\n require(_finalized, \"ERR_NOT_FINALIZED\");\n require(_records[tokenOut].bound, \"ERR_NOT_BOUND\");\n require(tokenAmountOut \u003c= bmul(_records[tokenOut].balance, MAX_OUT_RATIO), \"ERR_MAX_OUT_RATIO\");\n\n Record storage outRecord = _records[tokenOut];\n\n poolAmountIn = calcPoolInGivenSingleOut(\n outRecord.balance,\n outRecord.denorm,\n _totalSupply,\n _totalWeight,\n tokenAmountOut,\n _swapFee\n );\n\n require(poolAmountIn != 0, \"ERR_MATH_APPROX\");\n require(poolAmountIn \u003c= maxPoolAmountIn, \"ERR_LIMIT_IN\");\n\n outRecord.balance = bsub(outRecord.balance, tokenAmountOut);\n\n uint exitFee = bmul(poolAmountIn, EXIT_FEE);\n\n emit LOG_EXIT(msg.sender, tokenOut, tokenAmountOut);\n\n _pullPoolShare(msg.sender, poolAmountIn);\n _burnPoolShare(bsub(poolAmountIn, exitFee));\n _pushPoolShare(_factory, exitFee);\n _pushUnderlying(tokenOut, msg.sender, tokenAmountOut); \n\n return poolAmountIn;\n }\n\n\n // ==\n // \u0027Underlying\u0027 token-manipulation functions make external calls but are NOT locked\n // You must `_lock_` or otherwise ensure reentry-safety\n\n function _pullUnderlying(address erc20, address from, uint amount)\n internal\n {\n bool xfer = IERC20(erc20).transferFrom(from, address(this), amount);\n require(xfer, \"ERR_ERC20_FALSE\");\n }\n\n function _pushUnderlying(address erc20, address to, uint amount)\n internal\n {\n bool xfer = IERC20(erc20).transfer(to, amount);\n require(xfer, \"ERR_ERC20_FALSE\");\n }\n\n function _pullPoolShare(address from, uint amount)\n internal\n {\n _pull(from, amount);\n }\n\n function _pushPoolShare(address to, uint amount)\n internal\n {\n _push(to, amount);\n }\n\n function _mintPoolShare(uint amount)\n internal\n {\n _mint(amount);\n }\n\n function _burnPoolShare(uint amount)\n internal\n {\n _burn(amount);\n }\n\n}\n"},"BToken.sol":{"content":"// This program is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n\n// This program is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n\n// You should have received a copy of the GNU General Public License\n// along with this program. If not, see \u003chttp://www.gnu.org/licenses/\u003e.\n\npragma solidity 0.5.12;\n\nimport \"./BNum.sol\";\n\n// Highly opinionated token implementation\n\ninterface IERC20 {\n event Approval(address indexed src, address indexed dst, uint amt);\n event Transfer(address indexed src, address indexed dst, uint amt);\n\n function totalSupply() external view returns (uint);\n function balanceOf(address whom) external view returns (uint);\n function allowance(address src, address dst) external view returns (uint);\n\n function approve(address dst, uint amt) external returns (bool);\n function transfer(address dst, uint amt) external returns (bool);\n function transferFrom(\n address src, address dst, uint amt\n ) external returns (bool);\n}\n\ncontract BTokenBase is BNum {\n\n mapping(address =\u003e uint) internal _balance;\n mapping(address =\u003e mapping(address=\u003euint)) internal _allowance;\n uint internal _totalSupply;\n\n event Approval(address indexed src, address indexed dst, uint amt);\n event Transfer(address indexed src, address indexed dst, uint amt);\n\n function _mint(uint amt) internal {\n _balance[address(this)] = badd(_balance[address(this)], amt);\n _totalSupply = badd(_totalSupply, amt);\n emit Transfer(address(0), address(this), amt);\n }\n\n function _burn(uint amt) internal {\n require(_balance[address(this)] \u003e= amt, \"ERR_INSUFFICIENT_BAL\");\n _balance[address(this)] = bsub(_balance[address(this)], amt);\n _totalSupply = bsub(_totalSupply, amt);\n emit Transfer(address(this), address(0), amt);\n }\n\n function _move(address src, address dst, uint amt) internal {\n require(_balance[src] \u003e= amt, \"ERR_INSUFFICIENT_BAL\");\n _balance[src] = bsub(_balance[src], amt);\n _balance[dst] = badd(_balance[dst], amt);\n emit Transfer(src, dst, amt);\n }\n\n function _push(address to, uint amt) internal {\n _move(address(this), to, amt);\n }\n\n function _pull(address from, uint amt) internal {\n _move(from, address(this), amt);\n }\n}\n\ncontract BToken is BTokenBase, IERC20 {\n\n string private _name = \"Balancer Pool Token\";\n string private _symbol = \"BPT\";\n uint8 private _decimals = 18;\n\n function name() public view returns (string memory) {\n return _name;\n }\n\n function symbol() public view returns (string memory) {\n return _symbol;\n }\n\n function decimals() public view returns(uint8) {\n return _decimals;\n }\n\n function allowance(address src, address dst) external view returns (uint) {\n return _allowance[src][dst];\n }\n\n function balanceOf(address whom) external view returns (uint) {\n return _balance[whom];\n }\n\n function totalSupply() public view returns (uint) {\n return _totalSupply;\n }\n\n function approve(address dst, uint amt) external returns (bool) {\n _allowance[msg.sender][dst] = amt;\n emit Approval(msg.sender, dst, amt);\n return true;\n }\n\n function increaseApproval(address dst, uint amt) external returns (bool) {\n _allowance[msg.sender][dst] = badd(_allowance[msg.sender][dst], amt);\n emit Approval(msg.sender, dst, _allowance[msg.sender][dst]);\n return true;\n }\n\n function decreaseApproval(address dst, uint amt) external returns (bool) {\n uint oldValue = _allowance[msg.sender][dst];\n if (amt \u003e oldValue) {\n _allowance[msg.sender][dst] = 0;\n } else {\n _allowance[msg.sender][dst] = bsub(oldValue, amt);\n }\n emit Approval(msg.sender, dst, _allowance[msg.sender][dst]);\n return true;\n }\n\n function transfer(address dst, uint amt) external returns (bool) {\n _move(msg.sender, dst, amt);\n return true;\n }\n\n function transferFrom(address src, address dst, uint amt) external returns (bool) {\n require(msg.sender == src || amt \u003c= _allowance[src][msg.sender], \"ERR_BTOKEN_BAD_CALLER\");\n _move(src, dst, amt);\n if (msg.sender != src \u0026\u0026 _allowance[src][msg.sender] != uint256(-1)) {\n _allowance[src][msg.sender] = bsub(_allowance[src][msg.sender], amt);\n emit Approval(msg.sender, dst, _allowance[src][msg.sender]);\n }\n return true;\n }\n}\n"}}File 4 of 4: GnosisSafe
pragma solidity >=0.5.0 <0.7.0; /// @title SelfAuthorized - authorizes current contract to perform actions /// @author Richard Meissner - <[email protected]> contract SelfAuthorized { modifier authorized() { require(msg.sender == address(this), "Method can only be called from this contract"); _; } } /// @title MasterCopy - Base for master copy contracts (should always be first super contract) /// This contract is tightly coupled to our proxy contract (see `proxies/Proxy.sol`) /// @author Richard Meissner - <[email protected]> contract MasterCopy is SelfAuthorized { event ChangedMasterCopy(address masterCopy); // masterCopy always needs to be first declared variable, to ensure that it is at the same location as in the Proxy contract. // It should also always be ensured that the address is stored alone (uses a full word) address private masterCopy; /// @dev Allows to upgrade the contract. This can only be done via a Safe transaction. /// @param _masterCopy New contract address. function changeMasterCopy(address _masterCopy) public authorized { // Master copy address cannot be null. require(_masterCopy != address(0), "Invalid master copy address provided"); masterCopy = _masterCopy; emit ChangedMasterCopy(_masterCopy); } } /// @title Module - Base class for modules. /// @author Stefan George - <[email protected]> /// @author Richard Meissner - <[email protected]> contract Module is MasterCopy { ModuleManager public manager; modifier authorized() { require(msg.sender == address(manager), "Method can only be called from manager"); _; } function setManager() internal { // manager can only be 0 at initalization of contract. // Check ensures that setup function can only be called once. require(address(manager) == address(0), "Manager has already been set"); manager = ModuleManager(msg.sender); } } /// @title Enum - Collection of enums /// @author Richard Meissner - <[email protected]> contract Enum { enum Operation { Call, DelegateCall } } /// @title Executor - A contract that can execute transactions /// @author Richard Meissner - <[email protected]> contract Executor { function execute(address to, uint256 value, bytes memory data, Enum.Operation operation, uint256 txGas) internal returns (bool success) { if (operation == Enum.Operation.Call) success = executeCall(to, value, data, txGas); else if (operation == Enum.Operation.DelegateCall) success = executeDelegateCall(to, data, txGas); else success = false; } function executeCall(address to, uint256 value, bytes memory data, uint256 txGas) internal returns (bool success) { // solium-disable-next-line security/no-inline-assembly assembly { success := call(txGas, to, value, add(data, 0x20), mload(data), 0, 0) } } function executeDelegateCall(address to, bytes memory data, uint256 txGas) internal returns (bool success) { // solium-disable-next-line security/no-inline-assembly assembly { success := delegatecall(txGas, to, add(data, 0x20), mload(data), 0, 0) } } } /// @title SecuredTokenTransfer - Secure token transfer /// @author Richard Meissner - <[email protected]> contract SecuredTokenTransfer { /// @dev Transfers a token and returns if it was a success /// @param token Token that should be transferred /// @param receiver Receiver to whom the token should be transferred /// @param amount The amount of tokens that should be transferred function transferToken ( address token, address receiver, uint256 amount ) internal returns (bool transferred) { bytes memory data = abi.encodeWithSignature("transfer(address,uint256)", receiver, amount); // solium-disable-next-line security/no-inline-assembly assembly { let success := call(sub(gas, 10000), token, 0, add(data, 0x20), mload(data), 0, 0) let ptr := mload(0x40) mstore(0x40, add(ptr, returndatasize())) returndatacopy(ptr, 0, returndatasize()) switch returndatasize() case 0 { transferred := success } case 0x20 { transferred := iszero(or(iszero(success), iszero(mload(ptr)))) } default { transferred := 0 } } } } /// @title Module Manager - A contract that manages modules that can execute transactions via this contract /// @author Stefan George - <[email protected]> /// @author Richard Meissner - <[email protected]> contract ModuleManager is SelfAuthorized, Executor { event EnabledModule(Module module); event DisabledModule(Module module); event ExecutionFromModuleSuccess(address indexed module); event ExecutionFromModuleFailure(address indexed module); address internal constant SENTINEL_MODULES = address(0x1); mapping (address => address) internal modules; function setupModules(address to, bytes memory data) internal { require(modules[SENTINEL_MODULES] == address(0), "Modules have already been initialized"); modules[SENTINEL_MODULES] = SENTINEL_MODULES; if (to != address(0)) // Setup has to complete successfully or transaction fails. require(executeDelegateCall(to, data, gasleft()), "Could not finish initialization"); } /// @dev Allows to add a module to the whitelist. /// This can only be done via a Safe transaction. /// @param module Module to be whitelisted. function enableModule(Module module) public authorized { // Module address cannot be null or sentinel. require(address(module) != address(0) && address(module) != SENTINEL_MODULES, "Invalid module address provided"); // Module cannot be added twice. require(modules[address(module)] == address(0), "Module has already been added"); modules[address(module)] = modules[SENTINEL_MODULES]; modules[SENTINEL_MODULES] = address(module); emit EnabledModule(module); } /// @dev Allows to remove a module from the whitelist. /// This can only be done via a Safe transaction. /// @param prevModule Module that pointed to the module to be removed in the linked list /// @param module Module to be removed. function disableModule(Module prevModule, Module module) public authorized { // Validate module address and check that it corresponds to module index. require(address(module) != address(0) && address(module) != SENTINEL_MODULES, "Invalid module address provided"); require(modules[address(prevModule)] == address(module), "Invalid prevModule, module pair provided"); modules[address(prevModule)] = modules[address(module)]; modules[address(module)] = address(0); emit DisabledModule(module); } /// @dev Allows a Module to execute a Safe transaction without any further confirmations. /// @param to Destination address of module transaction. /// @param value Ether value of module transaction. /// @param data Data payload of module transaction. /// @param operation Operation type of module transaction. function execTransactionFromModule(address to, uint256 value, bytes memory data, Enum.Operation operation) public returns (bool success) { // Only whitelisted modules are allowed. require(msg.sender != SENTINEL_MODULES && modules[msg.sender] != address(0), "Method can only be called from an enabled module"); // Execute transaction without further confirmations. success = execute(to, value, data, operation, gasleft()); if (success) emit ExecutionFromModuleSuccess(msg.sender); else emit ExecutionFromModuleFailure(msg.sender); } /// @dev Allows a Module to execute a Safe transaction without any further confirmations and return data /// @param to Destination address of module transaction. /// @param value Ether value of module transaction. /// @param data Data payload of module transaction. /// @param operation Operation type of module transaction. function execTransactionFromModuleReturnData(address to, uint256 value, bytes memory data, Enum.Operation operation) public returns (bool success, bytes memory returnData) { success = execTransactionFromModule(to, value, data, operation); // solium-disable-next-line security/no-inline-assembly assembly { // Load free memory location let ptr := mload(0x40) // We allocate memory for the return data by setting the free memory location to // current free memory location + data size + 32 bytes for data size value mstore(0x40, add(ptr, add(returndatasize(), 0x20))) // Store the size mstore(ptr, returndatasize()) // Store the data returndatacopy(add(ptr, 0x20), 0, returndatasize()) // Point the return data to the correct memory location returnData := ptr } } /// @dev Returns array of first 10 modules. /// @return Array of modules. function getModules() public view returns (address[] memory) { (address[] memory array,) = getModulesPaginated(SENTINEL_MODULES, 10); return array; } /// @dev Returns array of modules. /// @param start Start of the page. /// @param pageSize Maximum number of modules that should be returned. /// @return Array of modules. function getModulesPaginated(address start, uint256 pageSize) public view returns (address[] memory array, address next) { // Init array with max page size array = new address[](pageSize); // Populate return array uint256 moduleCount = 0; address currentModule = modules[start]; while(currentModule != address(0x0) && currentModule != SENTINEL_MODULES && moduleCount < pageSize) { array[moduleCount] = currentModule; currentModule = modules[currentModule]; moduleCount++; } next = currentModule; // Set correct size of returned array // solium-disable-next-line security/no-inline-assembly assembly { mstore(array, moduleCount) } } } /// @title OwnerManager - Manages a set of owners and a threshold to perform actions. /// @author Stefan George - <[email protected]> /// @author Richard Meissner - <[email protected]> contract OwnerManager is SelfAuthorized { event AddedOwner(address owner); event RemovedOwner(address owner); event ChangedThreshold(uint256 threshold); address internal constant SENTINEL_OWNERS = address(0x1); mapping(address => address) internal owners; uint256 ownerCount; uint256 internal threshold; /// @dev Setup function sets initial storage of contract. /// @param _owners List of Safe owners. /// @param _threshold Number of required confirmations for a Safe transaction. function setupOwners(address[] memory _owners, uint256 _threshold) internal { // Threshold can only be 0 at initialization. // Check ensures that setup function can only be called once. require(threshold == 0, "Owners have already been setup"); // Validate that threshold is smaller than number of added owners. require(_threshold <= _owners.length, "Threshold cannot exceed owner count"); // There has to be at least one Safe owner. require(_threshold >= 1, "Threshold needs to be greater than 0"); // Initializing Safe owners. address currentOwner = SENTINEL_OWNERS; for (uint256 i = 0; i < _owners.length; i++) { // Owner address cannot be null. address owner = _owners[i]; require(owner != address(0) && owner != SENTINEL_OWNERS, "Invalid owner address provided"); // No duplicate owners allowed. require(owners[owner] == address(0), "Duplicate owner address provided"); owners[currentOwner] = owner; currentOwner = owner; } owners[currentOwner] = SENTINEL_OWNERS; ownerCount = _owners.length; threshold = _threshold; } /// @dev Allows to add a new owner to the Safe and update the threshold at the same time. /// This can only be done via a Safe transaction. /// @param owner New owner address. /// @param _threshold New threshold. function addOwnerWithThreshold(address owner, uint256 _threshold) public authorized { // Owner address cannot be null. require(owner != address(0) && owner != SENTINEL_OWNERS, "Invalid owner address provided"); // No duplicate owners allowed. require(owners[owner] == address(0), "Address is already an owner"); owners[owner] = owners[SENTINEL_OWNERS]; owners[SENTINEL_OWNERS] = owner; ownerCount++; emit AddedOwner(owner); // Change threshold if threshold was changed. if (threshold != _threshold) changeThreshold(_threshold); } /// @dev Allows to remove an owner from the Safe and update the threshold at the same time. /// This can only be done via a Safe transaction. /// @param prevOwner Owner that pointed to the owner to be removed in the linked list /// @param owner Owner address to be removed. /// @param _threshold New threshold. function removeOwner(address prevOwner, address owner, uint256 _threshold) public authorized { // Only allow to remove an owner, if threshold can still be reached. require(ownerCount - 1 >= _threshold, "New owner count needs to be larger than new threshold"); // Validate owner address and check that it corresponds to owner index. require(owner != address(0) && owner != SENTINEL_OWNERS, "Invalid owner address provided"); require(owners[prevOwner] == owner, "Invalid prevOwner, owner pair provided"); owners[prevOwner] = owners[owner]; owners[owner] = address(0); ownerCount--; emit RemovedOwner(owner); // Change threshold if threshold was changed. if (threshold != _threshold) changeThreshold(_threshold); } /// @dev Allows to swap/replace an owner from the Safe with another address. /// This can only be done via a Safe transaction. /// @param prevOwner Owner that pointed to the owner to be replaced in the linked list /// @param oldOwner Owner address to be replaced. /// @param newOwner New owner address. function swapOwner(address prevOwner, address oldOwner, address newOwner) public authorized { // Owner address cannot be null. require(newOwner != address(0) && newOwner != SENTINEL_OWNERS, "Invalid owner address provided"); // No duplicate owners allowed. require(owners[newOwner] == address(0), "Address is already an owner"); // Validate oldOwner address and check that it corresponds to owner index. require(oldOwner != address(0) && oldOwner != SENTINEL_OWNERS, "Invalid owner address provided"); require(owners[prevOwner] == oldOwner, "Invalid prevOwner, owner pair provided"); owners[newOwner] = owners[oldOwner]; owners[prevOwner] = newOwner; owners[oldOwner] = address(0); emit RemovedOwner(oldOwner); emit AddedOwner(newOwner); } /// @dev Allows to update the number of required confirmations by Safe owners. /// This can only be done via a Safe transaction. /// @param _threshold New threshold. function changeThreshold(uint256 _threshold) public authorized { // Validate that threshold is smaller than number of owners. require(_threshold <= ownerCount, "Threshold cannot exceed owner count"); // There has to be at least one Safe owner. require(_threshold >= 1, "Threshold needs to be greater than 0"); threshold = _threshold; emit ChangedThreshold(threshold); } function getThreshold() public view returns (uint256) { return threshold; } function isOwner(address owner) public view returns (bool) { return owner != SENTINEL_OWNERS && owners[owner] != address(0); } /// @dev Returns array of owners. /// @return Array of Safe owners. function getOwners() public view returns (address[] memory) { address[] memory array = new address[](ownerCount); // populate return array uint256 index = 0; address currentOwner = owners[SENTINEL_OWNERS]; while(currentOwner != SENTINEL_OWNERS) { array[index] = currentOwner; currentOwner = owners[currentOwner]; index ++; } return array; } } /// @title Fallback Manager - A contract that manages fallback calls made to this contract /// @author Richard Meissner - <[email protected]> contract FallbackManager is SelfAuthorized { // keccak256("fallback_manager.handler.address") bytes32 internal constant FALLBACK_HANDLER_STORAGE_SLOT = 0x6c9a6c4a39284e37ed1cf53d337577d14212a4870fb976a4366c693b939918d5; function internalSetFallbackHandler(address handler) internal { bytes32 slot = FALLBACK_HANDLER_STORAGE_SLOT; // solium-disable-next-line security/no-inline-assembly assembly { sstore(slot, handler) } } /// @dev Allows to add a contract to handle fallback calls. /// Only fallback calls without value and with data will be forwarded. /// This can only be done via a Safe transaction. /// @param handler contract to handle fallbacks calls. function setFallbackHandler(address handler) public authorized { internalSetFallbackHandler(handler); } function () external payable { // Only calls without value and with data will be forwarded if (msg.value > 0 || msg.data.length == 0) { return; } bytes32 slot = FALLBACK_HANDLER_STORAGE_SLOT; address handler; // solium-disable-next-line security/no-inline-assembly assembly { handler := sload(slot) } if (handler != address(0)) { // solium-disable-next-line security/no-inline-assembly assembly { calldatacopy(0, 0, calldatasize()) let success := call(gas, handler, 0, 0, calldatasize(), 0, 0) returndatacopy(0, 0, returndatasize()) if eq(success, 0) { revert(0, returndatasize()) } return(0, returndatasize()) } } } } /// @title SignatureDecoder - Decodes signatures that a encoded as bytes /// @author Ricardo Guilherme Schmidt (Status Research & Development GmbH) /// @author Richard Meissner - <[email protected]> contract SignatureDecoder { /// @dev Recovers address who signed the message /// @param messageHash operation ethereum signed message hash /// @param messageSignature message `txHash` signature /// @param pos which signature to read function recoverKey ( bytes32 messageHash, bytes memory messageSignature, uint256 pos ) internal pure returns (address) { uint8 v; bytes32 r; bytes32 s; (v, r, s) = signatureSplit(messageSignature, pos); return ecrecover(messageHash, v, r, s); } /// @dev divides bytes signature into `uint8 v, bytes32 r, bytes32 s`. /// @notice Make sure to peform a bounds check for @param pos, to avoid out of bounds access on @param signatures /// @param pos which signature to read. A prior bounds check of this parameter should be performed, to avoid out of bounds access /// @param signatures concatenated rsv signatures function signatureSplit(bytes memory signatures, uint256 pos) internal pure returns (uint8 v, bytes32 r, bytes32 s) { // The signature format is a compact form of: // {bytes32 r}{bytes32 s}{uint8 v} // Compact means, uint8 is not padded to 32 bytes. // solium-disable-next-line security/no-inline-assembly assembly { let signaturePos := mul(0x41, pos) r := mload(add(signatures, add(signaturePos, 0x20))) s := mload(add(signatures, add(signaturePos, 0x40))) // Here we are loading the last 32 bytes, including 31 bytes // of 's'. There is no 'mload8' to do this. // // 'byte' is not working due to the Solidity parser, so lets // use the second best option, 'and' v := and(mload(add(signatures, add(signaturePos, 0x41))), 0xff) } } } contract ISignatureValidatorConstants { // bytes4(keccak256("isValidSignature(bytes,bytes)") bytes4 constant internal EIP1271_MAGIC_VALUE = 0x20c13b0b; } contract ISignatureValidator is ISignatureValidatorConstants { /** * @dev Should return whether the signature provided is valid for the provided data * @param _data Arbitrary length data signed on the behalf of address(this) * @param _signature Signature byte array associated with _data * * MUST return the bytes4 magic value 0x20c13b0b when function passes. * MUST NOT modify state (using STATICCALL for solc < 0.5, view modifier for solc > 0.5) * MUST allow external calls */ function isValidSignature( bytes memory _data, bytes memory _signature) public view returns (bytes4); } /** * @title SafeMath * @dev Math operations with safety checks that revert on error * TODO: remove once open zeppelin update to solc 0.5.0 */ library SafeMath { /** * @dev Multiplies two numbers, reverts on overflow. */ function mul(uint256 a, uint256 b) internal pure returns (uint256) { // Gas optimization: this is cheaper than requiring 'a' not being zero, but the // benefit is lost if 'b' is also tested. // See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522 if (a == 0) { return 0; } uint256 c = a * b; require(c / a == b); return c; } /** * @dev Integer division of two numbers truncating the quotient, reverts on division by zero. */ function div(uint256 a, uint256 b) internal pure returns (uint256) { require(b > 0); // Solidity only automatically asserts when dividing by 0 uint256 c = a / b; // assert(a == b * c + a % b); // There is no case in which this doesn't hold return c; } /** * @dev Subtracts two numbers, reverts on overflow (i.e. if subtrahend is greater than minuend). */ function sub(uint256 a, uint256 b) internal pure returns (uint256) { require(b <= a); uint256 c = a - b; return c; } /** * @dev Adds two numbers, reverts on overflow. */ function add(uint256 a, uint256 b) internal pure returns (uint256) { uint256 c = a + b; require(c >= a); return c; } /** * @dev Divides two numbers and returns the remainder (unsigned integer modulo), * reverts when dividing by zero. */ function mod(uint256 a, uint256 b) internal pure returns (uint256) { require(b != 0); return a % b; } } /// @title Gnosis Safe - A multisignature wallet with support for confirmations using signed messages based on ERC191. /// @author Stefan George - <[email protected]> /// @author Richard Meissner - <[email protected]> /// @author Ricardo Guilherme Schmidt - (Status Research & Development GmbH) - Gas Token Payment contract GnosisSafe is MasterCopy, ModuleManager, OwnerManager, SignatureDecoder, SecuredTokenTransfer, ISignatureValidatorConstants, FallbackManager { using SafeMath for uint256; string public constant NAME = "Gnosis Safe"; string public constant VERSION = "1.1.1"; //keccak256( // "EIP712Domain(address verifyingContract)" //); bytes32 private constant DOMAIN_SEPARATOR_TYPEHASH = 0x035aff83d86937d35b32e04f0ddc6ff469290eef2f1b692d8a815c89404d4749; //keccak256( // "SafeTx(address to,uint256 value,bytes data,uint8 operation,uint256 safeTxGas,uint256 baseGas,uint256 gasPrice,address gasToken,address refundReceiver,uint256 nonce)" //); bytes32 private constant SAFE_TX_TYPEHASH = 0xbb8310d486368db6bd6f849402fdd73ad53d316b5a4b2644ad6efe0f941286d8; //keccak256( // "SafeMessage(bytes message)" //); bytes32 private constant SAFE_MSG_TYPEHASH = 0x60b3cbf8b4a223d68d641b3b6ddf9a298e7f33710cf3d3a9d1146b5a6150fbca; event ApproveHash( bytes32 indexed approvedHash, address indexed owner ); event SignMsg( bytes32 indexed msgHash ); event ExecutionFailure( bytes32 txHash, uint256 payment ); event ExecutionSuccess( bytes32 txHash, uint256 payment ); uint256 public nonce; bytes32 public domainSeparator; // Mapping to keep track of all message hashes that have been approve by ALL REQUIRED owners mapping(bytes32 => uint256) public signedMessages; // Mapping to keep track of all hashes (message or transaction) that have been approve by ANY owners mapping(address => mapping(bytes32 => uint256)) public approvedHashes; // This constructor ensures that this contract can only be used as a master copy for Proxy contracts constructor() public { // By setting the threshold it is not possible to call setup anymore, // so we create a Safe with 0 owners and threshold 1. // This is an unusable Safe, perfect for the mastercopy threshold = 1; } /// @dev Setup function sets initial storage of contract. /// @param _owners List of Safe owners. /// @param _threshold Number of required confirmations for a Safe transaction. /// @param to Contract address for optional delegate call. /// @param data Data payload for optional delegate call. /// @param fallbackHandler Handler for fallback calls to this contract /// @param paymentToken Token that should be used for the payment (0 is ETH) /// @param payment Value that should be paid /// @param paymentReceiver Adddress that should receive the payment (or 0 if tx.origin) function setup( address[] calldata _owners, uint256 _threshold, address to, bytes calldata data, address fallbackHandler, address paymentToken, uint256 payment, address payable paymentReceiver ) external { require(domainSeparator == 0, "Domain Separator already set!"); domainSeparator = keccak256(abi.encode(DOMAIN_SEPARATOR_TYPEHASH, this)); setupOwners(_owners, _threshold); if (fallbackHandler != address(0)) internalSetFallbackHandler(fallbackHandler); // As setupOwners can only be called if the contract has not been initialized we don't need a check for setupModules setupModules(to, data); if (payment > 0) { // To avoid running into issues with EIP-170 we reuse the handlePayment function (to avoid adjusting code of that has been verified we do not adjust the method itself) // baseGas = 0, gasPrice = 1 and gas = payment => amount = (payment + 0) * 1 = payment handlePayment(payment, 0, 1, paymentToken, paymentReceiver); } } /// @dev Allows to execute a Safe transaction confirmed by required number of owners and then pays the account that submitted the transaction. /// Note: The fees are always transfered, even if the user transaction fails. /// @param to Destination address of Safe transaction. /// @param value Ether value of Safe transaction. /// @param data Data payload of Safe transaction. /// @param operation Operation type of Safe transaction. /// @param safeTxGas Gas that should be used for the Safe transaction. /// @param baseGas Gas costs for that are indipendent of the transaction execution(e.g. base transaction fee, signature check, payment of the refund) /// @param gasPrice Gas price that should be used for the payment calculation. /// @param gasToken Token address (or 0 if ETH) that is used for the payment. /// @param refundReceiver Address of receiver of gas payment (or 0 if tx.origin). /// @param signatures Packed signature data ({bytes32 r}{bytes32 s}{uint8 v}) function execTransaction( address to, uint256 value, bytes calldata data, Enum.Operation operation, uint256 safeTxGas, uint256 baseGas, uint256 gasPrice, address gasToken, address payable refundReceiver, bytes calldata signatures ) external returns (bool success) { bytes32 txHash; // Use scope here to limit variable lifetime and prevent `stack too deep` errors { bytes memory txHashData = encodeTransactionData( to, value, data, operation, // Transaction info safeTxGas, baseGas, gasPrice, gasToken, refundReceiver, // Payment info nonce ); // Increase nonce and execute transaction. nonce++; txHash = keccak256(txHashData); checkSignatures(txHash, txHashData, signatures, true); } require(gasleft() >= safeTxGas, "Not enough gas to execute safe transaction"); // Use scope here to limit variable lifetime and prevent `stack too deep` errors { uint256 gasUsed = gasleft(); // If no safeTxGas has been set and the gasPrice is 0 we assume that all available gas can be used success = execute(to, value, data, operation, safeTxGas == 0 && gasPrice == 0 ? gasleft() : safeTxGas); gasUsed = gasUsed.sub(gasleft()); // We transfer the calculated tx costs to the tx.origin to avoid sending it to intermediate contracts that have made calls uint256 payment = 0; if (gasPrice > 0) { payment = handlePayment(gasUsed, baseGas, gasPrice, gasToken, refundReceiver); } if (success) emit ExecutionSuccess(txHash, payment); else emit ExecutionFailure(txHash, payment); } } function handlePayment( uint256 gasUsed, uint256 baseGas, uint256 gasPrice, address gasToken, address payable refundReceiver ) private returns (uint256 payment) { // solium-disable-next-line security/no-tx-origin address payable receiver = refundReceiver == address(0) ? tx.origin : refundReceiver; if (gasToken == address(0)) { // For ETH we will only adjust the gas price to not be higher than the actual used gas price payment = gasUsed.add(baseGas).mul(gasPrice < tx.gasprice ? gasPrice : tx.gasprice); // solium-disable-next-line security/no-send require(receiver.send(payment), "Could not pay gas costs with ether"); } else { payment = gasUsed.add(baseGas).mul(gasPrice); require(transferToken(gasToken, receiver, payment), "Could not pay gas costs with token"); } } /** * @dev Checks whether the signature provided is valid for the provided data, hash. Will revert otherwise. * @param dataHash Hash of the data (could be either a message hash or transaction hash) * @param data That should be signed (this is passed to an external validator contract) * @param signatures Signature data that should be verified. Can be ECDSA signature, contract signature (EIP-1271) or approved hash. * @param consumeHash Indicates that in case of an approved hash the storage can be freed to save gas */ function checkSignatures(bytes32 dataHash, bytes memory data, bytes memory signatures, bool consumeHash) internal { // Load threshold to avoid multiple storage loads uint256 _threshold = threshold; // Check that a threshold is set require(_threshold > 0, "Threshold needs to be defined!"); // Check that the provided signature data is not too short require(signatures.length >= _threshold.mul(65), "Signatures data too short"); // There cannot be an owner with address 0. address lastOwner = address(0); address currentOwner; uint8 v; bytes32 r; bytes32 s; uint256 i; for (i = 0; i < _threshold; i++) { (v, r, s) = signatureSplit(signatures, i); // If v is 0 then it is a contract signature if (v == 0) { // When handling contract signatures the address of the contract is encoded into r currentOwner = address(uint256(r)); // Check that signature data pointer (s) is not pointing inside the static part of the signatures bytes // This check is not completely accurate, since it is possible that more signatures than the threshold are send. // Here we only check that the pointer is not pointing inside the part that is being processed require(uint256(s) >= _threshold.mul(65), "Invalid contract signature location: inside static part"); // Check that signature data pointer (s) is in bounds (points to the length of data -> 32 bytes) require(uint256(s).add(32) <= signatures.length, "Invalid contract signature location: length not present"); // Check if the contract signature is in bounds: start of data is s + 32 and end is start + signature length uint256 contractSignatureLen; // solium-disable-next-line security/no-inline-assembly assembly { contractSignatureLen := mload(add(add(signatures, s), 0x20)) } require(uint256(s).add(32).add(contractSignatureLen) <= signatures.length, "Invalid contract signature location: data not complete"); // Check signature bytes memory contractSignature; // solium-disable-next-line security/no-inline-assembly assembly { // The signature data for contract signatures is appended to the concatenated signatures and the offset is stored in s contractSignature := add(add(signatures, s), 0x20) } require(ISignatureValidator(currentOwner).isValidSignature(data, contractSignature) == EIP1271_MAGIC_VALUE, "Invalid contract signature provided"); // If v is 1 then it is an approved hash } else if (v == 1) { // When handling approved hashes the address of the approver is encoded into r currentOwner = address(uint256(r)); // Hashes are automatically approved by the sender of the message or when they have been pre-approved via a separate transaction require(msg.sender == currentOwner || approvedHashes[currentOwner][dataHash] != 0, "Hash has not been approved"); // Hash has been marked for consumption. If this hash was pre-approved free storage if (consumeHash && msg.sender != currentOwner) { approvedHashes[currentOwner][dataHash] = 0; } } else if (v > 30) { // To support eth_sign and similar we adjust v and hash the messageHash with the Ethereum message prefix before applying ecrecover currentOwner = ecrecover(keccak256(abi.encodePacked("\x19Ethereum Signed Message:\n32", dataHash)), v - 4, r, s); } else { // Use ecrecover with the messageHash for EOA signatures currentOwner = ecrecover(dataHash, v, r, s); } require ( currentOwner > lastOwner && owners[currentOwner] != address(0) && currentOwner != SENTINEL_OWNERS, "Invalid owner provided" ); lastOwner = currentOwner; } } /// @dev Allows to estimate a Safe transaction. /// This method is only meant for estimation purpose, therefore two different protection mechanism against execution in a transaction have been made: /// 1.) The method can only be called from the safe itself /// 2.) The response is returned with a revert /// When estimating set `from` to the address of the safe. /// Since the `estimateGas` function includes refunds, call this method to get an estimated of the costs that are deducted from the safe with `execTransaction` /// @param to Destination address of Safe transaction. /// @param value Ether value of Safe transaction. /// @param data Data payload of Safe transaction. /// @param operation Operation type of Safe transaction. /// @return Estimate without refunds and overhead fees (base transaction and payload data gas costs). function requiredTxGas(address to, uint256 value, bytes calldata data, Enum.Operation operation) external authorized returns (uint256) { uint256 startGas = gasleft(); // We don't provide an error message here, as we use it to return the estimate // solium-disable-next-line error-reason require(execute(to, value, data, operation, gasleft())); uint256 requiredGas = startGas - gasleft(); // Convert response to string and return via error message revert(string(abi.encodePacked(requiredGas))); } /** * @dev Marks a hash as approved. This can be used to validate a hash that is used by a signature. * @param hashToApprove The hash that should be marked as approved for signatures that are verified by this contract. */ function approveHash(bytes32 hashToApprove) external { require(owners[msg.sender] != address(0), "Only owners can approve a hash"); approvedHashes[msg.sender][hashToApprove] = 1; emit ApproveHash(hashToApprove, msg.sender); } /** * @dev Marks a message as signed * @param _data Arbitrary length data that should be marked as signed on the behalf of address(this) */ function signMessage(bytes calldata _data) external authorized { bytes32 msgHash = getMessageHash(_data); signedMessages[msgHash] = 1; emit SignMsg(msgHash); } /** * Implementation of ISignatureValidator (see `interfaces/ISignatureValidator.sol`) * @dev Should return whether the signature provided is valid for the provided data. * The save does not implement the interface since `checkSignatures` is not a view method. * The method will not perform any state changes (see parameters of `checkSignatures`) * @param _data Arbitrary length data signed on the behalf of address(this) * @param _signature Signature byte array associated with _data * @return a bool upon valid or invalid signature with corresponding _data */ function isValidSignature(bytes calldata _data, bytes calldata _signature) external returns (bytes4) { bytes32 messageHash = getMessageHash(_data); if (_signature.length == 0) { require(signedMessages[messageHash] != 0, "Hash not approved"); } else { // consumeHash needs to be false, as the state should not be changed checkSignatures(messageHash, _data, _signature, false); } return EIP1271_MAGIC_VALUE; } /// @dev Returns hash of a message that can be signed by owners. /// @param message Message that should be hashed /// @return Message hash. function getMessageHash( bytes memory message ) public view returns (bytes32) { bytes32 safeMessageHash = keccak256( abi.encode(SAFE_MSG_TYPEHASH, keccak256(message)) ); return keccak256( abi.encodePacked(byte(0x19), byte(0x01), domainSeparator, safeMessageHash) ); } /// @dev Returns the bytes that are hashed to be signed by owners. /// @param to Destination address. /// @param value Ether value. /// @param data Data payload. /// @param operation Operation type. /// @param safeTxGas Fas that should be used for the safe transaction. /// @param baseGas Gas costs for data used to trigger the safe transaction. /// @param gasPrice Maximum gas price that should be used for this transaction. /// @param gasToken Token address (or 0 if ETH) that is used for the payment. /// @param refundReceiver Address of receiver of gas payment (or 0 if tx.origin). /// @param _nonce Transaction nonce. /// @return Transaction hash bytes. function encodeTransactionData( address to, uint256 value, bytes memory data, Enum.Operation operation, uint256 safeTxGas, uint256 baseGas, uint256 gasPrice, address gasToken, address refundReceiver, uint256 _nonce ) public view returns (bytes memory) { bytes32 safeTxHash = keccak256( abi.encode(SAFE_TX_TYPEHASH, to, value, keccak256(data), operation, safeTxGas, baseGas, gasPrice, gasToken, refundReceiver, _nonce) ); return abi.encodePacked(byte(0x19), byte(0x01), domainSeparator, safeTxHash); } /// @dev Returns hash to be signed by owners. /// @param to Destination address. /// @param value Ether value. /// @param data Data payload. /// @param operation Operation type. /// @param safeTxGas Fas that should be used for the safe transaction. /// @param baseGas Gas costs for data used to trigger the safe transaction. /// @param gasPrice Maximum gas price that should be used for this transaction. /// @param gasToken Token address (or 0 if ETH) that is used for the payment. /// @param refundReceiver Address of receiver of gas payment (or 0 if tx.origin). /// @param _nonce Transaction nonce. /// @return Transaction hash. function getTransactionHash( address to, uint256 value, bytes memory data, Enum.Operation operation, uint256 safeTxGas, uint256 baseGas, uint256 gasPrice, address gasToken, address refundReceiver, uint256 _nonce ) public view returns (bytes32) { return keccak256(encodeTransactionData(to, value, data, operation, safeTxGas, baseGas, gasPrice, gasToken, refundReceiver, _nonce)); } }