Transaction Hash:
Block:
20670785 at Sep-03-2024 02:55:59 PM +UTC
Transaction Fee:
0.001586435108142705 ETH
$4.30
Gas Used:
209,085 Gas / 7.587512773 Gwei
Emitted Events:
204 |
FiatTokenProxy.0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef( 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef, 0x00000000000000000000000082c5c6d83041e34b186582bf10128d66ba93003f, 0x00000000000000000000000074de5d4fcbf63e00296fd95d33236b9794016631, 000000000000000000000000000000000000000000000000000000001e7b0f1a )
|
205 |
FiatTokenProxy.0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef( 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef, 0x00000000000000000000000074de5d4fcbf63e00296fd95d33236b9794016631, 0x00000000000000000000000051c72848c68a965f66fa7a88855f9f7784502a7f, 000000000000000000000000000000000000000000000000000000001e36c840 )
|
206 |
TetherToken.Transfer( from=0x51C72848c68a965f66FA7a88855F9f7784502a7F, to=Spender, value=506798617 )
|
207 |
TetherToken.Transfer( from=0x51C72848c68a965f66FA7a88855F9f7784502a7F, to=SplitWallet, value=253399 )
|
208 |
SwapERC20.SwapERC20( nonce=1721748611322, signerWallet=0x51C72848c68a965f66FA7a88855F9f7784502a7F, signerToken=TetherToken, signerAmount=506798617, protocolFee=5, senderWallet=Spender, senderToken=FiatTokenProxy, senderAmount=506906688 )
|
209 |
FiatTokenProxy.0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef( 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef, 0x00000000000000000000000074de5d4fcbf63e00296fd95d33236b9794016631, 0x0000000000000000000000002acf35c9a3f4c5c3f4c78ef5fb64c3ee82f07c45, 00000000000000000000000000000000000000000000000000000000004446da )
|
210 |
TetherToken.Transfer( from=Spender, to=[Sender] 0x82c5c6d83041e34b186582bf10128d66ba93003f, value=506798617 )
|
211 |
MetaSwap.Swap( 0xbeee1e6e7fe307ddcf84b0a16137a4430ad5e2480fc4f4a8e250ab56ccd7630d, 0x015123c6e2552626efe611b6c48de60d080a6650860a38f237bc2b6f651f79d1, 0x00000000000000000000000082c5c6d83041e34b186582bf10128d66ba93003f )
|
Account State Difference:
Address | Before | After | State Difference | ||
---|---|---|---|---|---|
0x4838B106...B0BAD5f97
Miner
| (Titan Builder) | 8.038930569638168242 Eth | 8.039348739638168242 Eth | 0.00041817 | |
0x82c5C6D8...6ba93003F |
0.004830840051775094 Eth
Nonce: 137
|
0.003244404943632389 Eth
Nonce: 138
| 0.001586435108142705 | ||
0xA0b86991...E3606eB48 | |||||
0xd82FA167...bB4b3a0F8 | (AirSwap: V4 DEX SwapERC20) | ||||
0xdAC17F95...13D831ec7 |
Execution Trace
MetaSwap.swap( aggregatorId=airswapLight4FeeDynamicFixed, tokenFrom=0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48, amount=511381274, data=0x00000000000000000000000000000000000000000000000000000190E036E0FA0000000000000000000000000000000000000000000000000000000066D723AC00000000000000000000000051C72848C68A965F66FA7A88855F9F7784502A7F000000000000000000000000DAC17F958D2EE523A2206206994597C13D831EC7000000000000000000000000000000000000000000000000000000001E352219000000000000000000000000A0B86991C6218B36C1D19D4A2E9EB0CE3606EB48000000000000000000000000000000000000000000000000000000001E36C840000000000000000000000000000000000000000000000000000000000000001C3F2D258A274C530F2CB334085E5B11CEE01F7B9A8FA6894C08CCE5AA33826BAA75470BFE2A76E207EC96179DF6EF9D015550FF12B192D99CA9BBC6BC7810D38200000000000000000000000000000000000000000000000000000000004446DA0000000000000000000000002ACF35C9A3F4C5C3F4C78EF5FB64C3EE82F07C450000000000000000000000000000000000000000000000000000000000000000 )
FiatTokenProxy.23b872dd( )
-
FiatTokenV2_2.transferFrom( from=0x82c5C6D83041e34B186582bF10128D66ba93003F, to=0x74de5d4FCbf63E00296fd95d33236B9794016631, value=511381274 ) => ( True )
-
Spender.swap( adapter=0xBBB0c50473990162A4A02B6A4Cce16fB0a6C38d1, data=0x4495C08800000000000000000000000082C5C6D83041E34B186582BF10128D66BA93003F00000000000000000000000000000000000000000000000000000190E036E0FA0000000000000000000000000000000000000000000000000000000066D723AC00000000000000000000000051C72848C68A965F66FA7A88855F9F7784502A7F000000000000000000000000DAC17F958D2EE523A2206206994597C13D831EC7000000000000000000000000000000000000000000000000000000001E352219000000000000000000000000A0B86991C6218B36C1D19D4A2E9EB0CE3606EB48000000000000000000000000000000000000000000000000000000001E36C840000000000000000000000000000000000000000000000000000000000000001C3F2D258A274C530F2CB334085E5B11CEE01F7B9A8FA6894C08CCE5AA33826BAA75470BFE2A76E207EC96179DF6EF9D015550FF12B192D99CA9BBC6BC7810D38200000000000000000000000000000000000000000000000000000000004446DA0000000000000000000000002ACF35C9A3F4C5C3F4C78EF5FB64C3EE82F07C450000000000000000000000000000000000000000000000000000000000000000 )
0xbbb0c50473990162a4a02b6a4cce16fb0a6c38d1.4495c088( )
FiatTokenProxy.dd62ed3e( )
-
FiatTokenV2_2.allowance( owner=0x74de5d4FCbf63E00296fd95d33236B9794016631, spender=0xd82FA167727a4dc6D6F55830A2c47aBbB4b3a0F8 ) => ( 115792089237316195423570985008687907853269984665640564039457583898236147465273 )
-
SwapERC20.swapLight( nonce=1721748611322, expiry=1725375404, signerWallet=0x51C72848c68a965f66FA7a88855F9f7784502a7F, signerToken=0xdAC17F958D2ee523a2206206994597C13D831ec7, signerAmount=506798617, senderToken=0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48, senderAmount=506906688, v=28, r=3F2D258A274C530F2CB334085E5B11CEE01F7B9A8FA6894C08CCE5AA33826BAA, s=75470BFE2A76E207EC96179DF6EF9D015550FF12B192D99CA9BBC6BC7810D382 )
-
Null: 0x000...001.1f75af97( )
FiatTokenProxy.23b872dd( )
-
FiatTokenV2_2.transferFrom( from=0x74de5d4FCbf63E00296fd95d33236B9794016631, to=0x51C72848c68a965f66FA7a88855F9f7784502a7F, value=506906688 ) => ( True )
-
-
TetherToken.transferFrom( _from=0x51C72848c68a965f66FA7a88855F9f7784502a7F, _to=0x74de5d4FCbf63E00296fd95d33236B9794016631, _value=506798617 )
-
TetherToken.transferFrom( _from=0x51C72848c68a965f66FA7a88855F9f7784502a7F, _to=0xaD30f7EEBD9Bd5150a256F47DA41d4403033CdF0, _value=253399 )
-
FiatTokenProxy.a9059cbb( )
-
FiatTokenV2_2.transfer( to=0x2aCf35C9A3F4c5C3F4c78EF5Fb64c3EE82f07c45, value=4474586 ) => ( True )
-
FiatTokenProxy.70a08231( )
-
FiatTokenV2_2.balanceOf( account=0x74de5d4FCbf63E00296fd95d33236B9794016631 ) => ( 0 )
-
-
TetherToken.balanceOf( who=0x74de5d4FCbf63E00296fd95d33236B9794016631 ) => ( 506798617 )
-
TetherToken.transfer( _to=0x82c5C6D83041e34B186582bF10128D66ba93003F, _value=506798617 )
swap[MetaSwap (ln:1598)]
_swap[MetaSwap (ln:1604)]
safeTransferFrom[MetaSwap (ln:1637)]
swap[MetaSwap (ln:1639)]
encode[MetaSwap (ln:1643)]
Swap[MetaSwap (ln:1648)]
File 1 of 7: MetaSwap
File 2 of 7: FiatTokenProxy
File 3 of 7: Spender
File 4 of 7: TetherToken
File 5 of 7: SplitWallet
File 6 of 7: SwapERC20
File 7 of 7: FiatTokenV2_2
pragma solidity ^0.6.0; import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; import "@openzeppelin/contracts/token/ERC20/SafeERC20.sol"; import "@openzeppelin/contracts/utils/Address.sol"; import "../Constants.sol"; contract CommonAdapter { using SafeERC20 for IERC20; using Address for address; using Address for address payable; /** * @dev Performs a swap * @param recipient The original msg.sender performing the swap * @param aggregator Address of the aggregator's contract * @param spender Address to which tokens will be approved * @param method Selector of the function to be called in the aggregator's contract * @param tokenFrom Token to be swapped * @param tokenTo Token to be received * @param amountFrom Amount of tokenFrom to swap * @param amountTo Minimum amount of tokenTo to receive * @param data Data used for the call made to the aggregator's contract */ function swap( address payable recipient, address aggregator, address spender, bytes4 method, IERC20 tokenFrom, IERC20 tokenTo, uint256 amountFrom, uint256 amountTo, bytes calldata data ) external payable { require(tokenFrom != tokenTo, "TOKEN_PAIR_INVALID"); if (address(tokenFrom) != Constants.ETH) { _approveSpender(tokenFrom, spender, amountFrom); } // We always forward msg.value as it may be necessary to pay fees bytes memory encodedData = abi.encodePacked(method, data); aggregator.functionCallWithValue(encodedData, msg.value); // Transfer remaining balance of tokenFrom to sender if (address(tokenFrom) != Constants.ETH) { uint256 balance = tokenFrom.balanceOf(address(this)); _transfer(tokenFrom, balance, recipient); } uint256 weiBalance = address(this).balance; // Transfer remaining balance of tokenTo to sender if (address(tokenTo) != Constants.ETH) { uint256 balance = tokenTo.balanceOf(address(this)); require(balance >= amountTo, "INSUFFICIENT_AMOUNT"); _transfer(tokenTo, balance, recipient); } else { // If tokenTo == ETH, then check that the remaining ETH balance >= amountTo require(weiBalance >= amountTo, "INSUFFICIENT_AMOUNT"); } // If there are unused fees or if tokenTo is ETH, transfer to sender if (weiBalance > 0) { recipient.sendValue(weiBalance); } } /** * @dev Transfers token to sender if amount > 0 * @param token IERC20 token to transfer to sender * @param amount Amount of token to transfer * @param recipient Address that will receive the tokens */ function _transfer( IERC20 token, uint256 amount, address recipient ) internal { if (amount > 0) { token.safeTransfer(recipient, amount); } } // https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/SafeERC20.sol /** * @dev Approves max amount of token to the spender if the allowance is lower than amount * @param token The ERC20 token to approve * @param spender Address to which funds will be approved * @param amount Amount used to compare current allowance */ function _approveSpender( IERC20 token, address spender, uint256 amount ) internal { // If allowance is not enough, approve max possible amount uint256 allowance = token.allowance(address(this), spender); if (allowance < amount) { bytes memory returndata = address(token).functionCall( abi.encodeWithSelector( token.approve.selector, spender, type(uint256).max ) ); if (returndata.length > 0) { // Return data is optional require(abi.decode(returndata, (bool)), "APPROVAL_FAILED"); } } } } // SPDX-License-Identifier: MIT pragma solidity ^0.6.0; /** * @dev Interface of the ERC20 standard as defined in the EIP. */ interface IERC20 { /** * @dev Returns the amount of tokens in existence. */ function totalSupply() external view returns (uint256); /** * @dev Returns the amount of tokens owned by `account`. */ function balanceOf(address account) external view returns (uint256); /** * @dev Moves `amount` tokens from the caller's account to `recipient`. * * Returns a boolean value indicating whether the operation succeeded. * * Emits a {Transfer} event. */ function transfer(address recipient, uint256 amount) external returns (bool); /** * @dev Returns the remaining number of tokens that `spender` will be * allowed to spend on behalf of `owner` through {transferFrom}. This is * zero by default. * * This value changes when {approve} or {transferFrom} are called. */ function allowance(address owner, address spender) external view returns (uint256); /** * @dev Sets `amount` as the allowance of `spender` over the caller's tokens. * * Returns a boolean value indicating whether the operation succeeded. * * IMPORTANT: Beware that changing an allowance with this method brings the risk * that someone may use both the old and the new allowance by unfortunate * transaction ordering. One possible solution to mitigate this race * condition is to first reduce the spender's allowance to 0 and set the * desired value afterwards: * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 * * Emits an {Approval} event. */ function approve(address spender, uint256 amount) external returns (bool); /** * @dev Moves `amount` tokens from `sender` to `recipient` using the * allowance mechanism. `amount` is then deducted from the caller's * allowance. * * Returns a boolean value indicating whether the operation succeeded. * * Emits a {Transfer} event. */ function transferFrom(address sender, address recipient, uint256 amount) external returns (bool); /** * @dev Emitted when `value` tokens are moved from one account (`from`) to * another (`to`). * * Note that `value` may be zero. */ event Transfer(address indexed from, address indexed to, uint256 value); /** * @dev Emitted when the allowance of a `spender` for an `owner` is set by * a call to {approve}. `value` is the new allowance. */ event Approval(address indexed owner, address indexed spender, uint256 value); } // SPDX-License-Identifier: MIT pragma solidity ^0.6.0; import "./IERC20.sol"; import "../../math/SafeMath.sol"; import "../../utils/Address.sol"; /** * @title SafeERC20 * @dev Wrappers around ERC20 operations that throw on failure (when the token * contract returns false). Tokens that return no value (and instead revert or * throw on failure) are also supported, non-reverting calls are assumed to be * successful. * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract, * which allows you to call the safe operations as `token.safeTransfer(...)`, etc. */ library SafeERC20 { using SafeMath for uint256; using Address for address; function safeTransfer(IERC20 token, address to, uint256 value) internal { _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value)); } function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal { _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value)); } /** * @dev Deprecated. This function has issues similar to the ones found in * {IERC20-approve}, and its usage is discouraged. * * Whenever possible, use {safeIncreaseAllowance} and * {safeDecreaseAllowance} instead. */ function safeApprove(IERC20 token, address spender, uint256 value) internal { // safeApprove should only be called when setting an initial allowance, // or when resetting it to zero. To increase and decrease it, use // 'safeIncreaseAllowance' and 'safeDecreaseAllowance' // solhint-disable-next-line max-line-length require((value == 0) || (token.allowance(address(this), spender) == 0), "SafeERC20: approve from non-zero to non-zero allowance" ); _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value)); } function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal { uint256 newAllowance = token.allowance(address(this), spender).add(value); _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance)); } function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal { uint256 newAllowance = token.allowance(address(this), spender).sub(value, "SafeERC20: decreased allowance below zero"); _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance)); } /** * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement * on the return value: the return value is optional (but if data is returned, it must not be false). * @param token The token targeted by the call. * @param data The call data (encoded using abi.encode or one of its variants). */ function _callOptionalReturn(IERC20 token, bytes memory data) private { // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since // we're implementing it ourselves. We use {Address.functionCall} to perform this call, which verifies that // the target address contains contract code and also asserts for success in the low-level call. bytes memory returndata = address(token).functionCall(data, "SafeERC20: low-level call failed"); if (returndata.length > 0) { // Return data is optional // solhint-disable-next-line max-line-length require(abi.decode(returndata, (bool)), "SafeERC20: ERC20 operation did not succeed"); } } } // SPDX-License-Identifier: MIT pragma solidity ^0.6.0; /** * @dev Wrappers over Solidity's arithmetic operations with added overflow * checks. * * Arithmetic operations in Solidity wrap on overflow. This can easily result * in bugs, because programmers usually assume that an overflow raises an * error, which is the standard behavior in high level programming languages. * `SafeMath` restores this intuition by reverting the transaction when an * operation overflows. * * Using this library instead of the unchecked operations eliminates an entire * class of bugs, so it's recommended to use it always. */ library SafeMath { /** * @dev Returns the addition of two unsigned integers, reverting on * overflow. * * Counterpart to Solidity's `+` operator. * * Requirements: * * - Addition cannot overflow. */ function add(uint256 a, uint256 b) internal pure returns (uint256) { uint256 c = a + b; require(c >= a, "SafeMath: addition overflow"); return c; } /** * @dev Returns the subtraction of two unsigned integers, reverting on * overflow (when the result is negative). * * Counterpart to Solidity's `-` operator. * * Requirements: * * - Subtraction cannot overflow. */ function sub(uint256 a, uint256 b) internal pure returns (uint256) { return sub(a, b, "SafeMath: subtraction overflow"); } /** * @dev Returns the subtraction of two unsigned integers, reverting with custom message on * overflow (when the result is negative). * * Counterpart to Solidity's `-` operator. * * Requirements: * * - Subtraction cannot overflow. */ function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) { require(b <= a, errorMessage); uint256 c = a - b; return c; } /** * @dev Returns the multiplication of two unsigned integers, reverting on * overflow. * * Counterpart to Solidity's `*` operator. * * Requirements: * * - Multiplication cannot overflow. */ function mul(uint256 a, uint256 b) internal pure returns (uint256) { // Gas optimization: this is cheaper than requiring 'a' not being zero, but the // benefit is lost if 'b' is also tested. // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522 if (a == 0) { return 0; } uint256 c = a * b; require(c / a == b, "SafeMath: multiplication overflow"); return c; } /** * @dev Returns the integer division of two unsigned integers. Reverts on * division by zero. The result is rounded towards zero. * * Counterpart to Solidity's `/` operator. Note: this function uses a * `revert` opcode (which leaves remaining gas untouched) while Solidity * uses an invalid opcode to revert (consuming all remaining gas). * * Requirements: * * - The divisor cannot be zero. */ function div(uint256 a, uint256 b) internal pure returns (uint256) { return div(a, b, "SafeMath: division by zero"); } /** * @dev Returns the integer division of two unsigned integers. Reverts with custom message on * division by zero. The result is rounded towards zero. * * Counterpart to Solidity's `/` operator. Note: this function uses a * `revert` opcode (which leaves remaining gas untouched) while Solidity * uses an invalid opcode to revert (consuming all remaining gas). * * Requirements: * * - The divisor cannot be zero. */ function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) { require(b > 0, errorMessage); uint256 c = a / b; // assert(a == b * c + a % b); // There is no case in which this doesn't hold return c; } /** * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo), * Reverts when dividing by zero. * * Counterpart to Solidity's `%` operator. This function uses a `revert` * opcode (which leaves remaining gas untouched) while Solidity uses an * invalid opcode to revert (consuming all remaining gas). * * Requirements: * * - The divisor cannot be zero. */ function mod(uint256 a, uint256 b) internal pure returns (uint256) { return mod(a, b, "SafeMath: modulo by zero"); } /** * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo), * Reverts with custom message when dividing by zero. * * Counterpart to Solidity's `%` operator. This function uses a `revert` * opcode (which leaves remaining gas untouched) while Solidity uses an * invalid opcode to revert (consuming all remaining gas). * * Requirements: * * - The divisor cannot be zero. */ function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) { require(b != 0, errorMessage); return a % b; } } // SPDX-License-Identifier: MIT pragma solidity ^0.6.2; /** * @dev Collection of functions related to the address type */ library Address { /** * @dev Returns true if `account` is a contract. * * [IMPORTANT] * ==== * It is unsafe to assume that an address for which this function returns * false is an externally-owned account (EOA) and not a contract. * * Among others, `isContract` will return false for the following * types of addresses: * * - an externally-owned account * - a contract in construction * - an address where a contract will be created * - an address where a contract lived, but was destroyed * ==== */ function isContract(address account) internal view returns (bool) { // This method relies in extcodesize, which returns 0 for contracts in // construction, since the code is only stored at the end of the // constructor execution. uint256 size; // solhint-disable-next-line no-inline-assembly assembly { size := extcodesize(account) } return size > 0; } /** * @dev Replacement for Solidity's `transfer`: sends `amount` wei to * `recipient`, forwarding all available gas and reverting on errors. * * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost * of certain opcodes, possibly making contracts go over the 2300 gas limit * imposed by `transfer`, making them unable to receive funds via * `transfer`. {sendValue} removes this limitation. * * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more]. * * IMPORTANT: because control is transferred to `recipient`, care must be * taken to not create reentrancy vulnerabilities. Consider using * {ReentrancyGuard} or the * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern]. */ function sendValue(address payable recipient, uint256 amount) internal { require(address(this).balance >= amount, "Address: insufficient balance"); // solhint-disable-next-line avoid-low-level-calls, avoid-call-value (bool success, ) = recipient.call{ value: amount }(""); require(success, "Address: unable to send value, recipient may have reverted"); } /** * @dev Performs a Solidity function call using a low level `call`. A * plain`call` is an unsafe replacement for a function call: use this * function instead. * * If `target` reverts with a revert reason, it is bubbled up by this * function (like regular Solidity function calls). * * Returns the raw returned data. To convert to the expected return value, * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`]. * * Requirements: * * - `target` must be a contract. * - calling `target` with `data` must not revert. * * _Available since v3.1._ */ function functionCall(address target, bytes memory data) internal returns (bytes memory) { return functionCall(target, data, "Address: low-level call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with * `errorMessage` as a fallback revert reason when `target` reverts. * * _Available since v3.1._ */ function functionCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) { return _functionCallWithValue(target, data, 0, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but also transferring `value` wei to `target`. * * Requirements: * * - the calling contract must have an ETH balance of at least `value`. * - the called Solidity function must be `payable`. * * _Available since v3.1._ */ function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) { return functionCallWithValue(target, data, value, "Address: low-level call with value failed"); } /** * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but * with `errorMessage` as a fallback revert reason when `target` reverts. * * _Available since v3.1._ */ function functionCallWithValue(address target, bytes memory data, uint256 value, string memory errorMessage) internal returns (bytes memory) { require(address(this).balance >= value, "Address: insufficient balance for call"); return _functionCallWithValue(target, data, value, errorMessage); } function _functionCallWithValue(address target, bytes memory data, uint256 weiValue, string memory errorMessage) private returns (bytes memory) { require(isContract(target), "Address: call to non-contract"); // solhint-disable-next-line avoid-low-level-calls (bool success, bytes memory returndata) = target.call{ value: weiValue }(data); if (success) { return returndata; } else { // Look for revert reason and bubble it up if present if (returndata.length > 0) { // The easiest way to bubble the revert reason is using memory via assembly // solhint-disable-next-line no-inline-assembly assembly { let returndata_size := mload(returndata) revert(add(32, returndata), returndata_size) } } else { revert(errorMessage); } } } } // SPDX-License-Identifier: MIT pragma solidity ^0.6.0; library Constants { address internal constant ETH = 0x0000000000000000000000000000000000000000; } pragma solidity ^0.6.0; import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; import "@openzeppelin/contracts/token/ERC20/SafeERC20.sol"; import "@openzeppelin/contracts/math/SafeMath.sol"; import "@openzeppelin/contracts/utils/Address.sol"; import "../Constants.sol"; contract FeeCommonAdapter { using SafeERC20 for IERC20; using Address for address; using Address for address payable; using SafeMath for uint256; // solhint-disable-next-line var-name-mixedcase address payable public immutable FEE_WALLET; constructor(address payable feeWallet) public { FEE_WALLET = feeWallet; } /** * @dev Performs a swap * @param recipient The original msg.sender performing the swap * @param aggregator Address of the aggregator's contract * @param spender Address to which tokens will be approved * @param method Selector of the function to be called in the aggregator's contract * @param tokenFrom Token to be swapped * @param tokenTo Token to be received * @param amountFrom Amount of tokenFrom to swap * @param amountTo Minimum amount of tokenTo to receive * @param data Data used for the call made to the aggregator's contract * @param fee Amount of tokenFrom sent to the fee wallet */ function swap( address payable recipient, address aggregator, address spender, bytes4 method, IERC20 tokenFrom, IERC20 tokenTo, uint256 amountFrom, uint256 amountTo, bytes calldata data, uint256 fee ) external payable { require(tokenFrom != tokenTo, "TOKEN_PAIR_INVALID"); if (address(tokenFrom) == Constants.ETH) { FEE_WALLET.sendValue(fee); } else { _transfer(tokenFrom, fee, FEE_WALLET); _approveSpender(tokenFrom, spender, amountFrom); } // We always forward msg.value as it may be necessary to pay fees aggregator.functionCallWithValue( abi.encodePacked(method, data), address(this).balance ); // Transfer remaining balance of tokenFrom to sender if (address(tokenFrom) != Constants.ETH) { _transfer(tokenFrom, tokenFrom.balanceOf(address(this)), recipient); } uint256 weiBalance = address(this).balance; // Transfer remaining balance of tokenTo to sender if (address(tokenTo) != Constants.ETH) { uint256 balance = tokenTo.balanceOf(address(this)); require(balance >= amountTo, "INSUFFICIENT_AMOUNT"); _transfer(tokenTo, balance, recipient); } else { // If tokenTo == ETH, then check that the remaining ETH balance >= amountTo require(weiBalance >= amountTo, "INSUFFICIENT_AMOUNT"); } // If there are unused fees or if tokenTo is ETH, transfer to sender if (weiBalance > 0) { recipient.sendValue(weiBalance); } } /** * @dev Transfers token to sender if amount > 0 * @param token IERC20 token to transfer to sender * @param amount Amount of token to transfer * @param recipient Address that will receive the tokens */ function _transfer( IERC20 token, uint256 amount, address recipient ) internal { if (amount > 0) { token.safeTransfer(recipient, amount); } } // https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/SafeERC20.sol /** * @dev Approves max amount of token to the spender if the allowance is lower than amount * @param token The ERC20 token to approve * @param spender Address to which funds will be approved * @param amount Amount used to compare current allowance */ function _approveSpender( IERC20 token, address spender, uint256 amount ) internal { // If allowance is not enough, approve max possible amount uint256 allowance = token.allowance(address(this), spender); if (allowance < amount) { bytes memory returndata = address(token).functionCall( abi.encodeWithSelector( token.approve.selector, spender, type(uint256).max ) ); if (returndata.length > 0) { // Return data is optional require(abi.decode(returndata, (bool)), "APPROVAL_FAILED"); } } } } pragma solidity ^0.6.0; import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; import "@openzeppelin/contracts/token/ERC20/SafeERC20.sol"; import "@openzeppelin/contracts/math/SafeMath.sol"; import "@openzeppelin/contracts/utils/Address.sol"; import "../Constants.sol"; import "../IWETH.sol"; contract FeeWethAdapter { using SafeERC20 for IERC20; using Address for address; using Address for address payable; using SafeMath for uint256; IWETH public immutable weth; // solhint-disable-next-line var-name-mixedcase address payable public immutable FEE_WALLET; constructor(IWETH _weth, address payable feeWallet) public { weth = _weth; FEE_WALLET = feeWallet; } /** * @dev Performs a swap * @param recipient The original msg.sender performing the swap * @param aggregator Address of the aggregator's contract * @param spender Address to which tokens will be approved * @param method Selector of the function to be called in the aggregator's contract * @param tokenFrom Token to be swapped * @param tokenTo Token to be received * @param amountFrom Amount of tokenFrom to swap * @param amountTo Minimum amount of tokenTo to receive * @param data Data used for the call made to the aggregator's contract * @param fee Amount of tokenFrom sent to the fee wallet */ function swap( address payable recipient, address aggregator, address spender, bytes4 method, IERC20 tokenFrom, IERC20 tokenTo, uint256 amountFrom, uint256 amountTo, bytes calldata data, uint256 fee ) external payable { require(tokenFrom != tokenTo, "TOKEN_PAIR_INVALID"); if (address(tokenFrom) == Constants.ETH) { FEE_WALLET.sendValue(fee); // If tokenFrom is ETH, msg.value = fee + amountFrom (total fee could be 0) // Can't deal with ETH, convert to WETH, the remaining balance will be the fee weth.deposit{value: amountFrom}(); _approveSpender(weth, spender, amountFrom); } else { _transfer(tokenFrom, fee, FEE_WALLET); // Otherwise capture tokens from sender _approveSpender(tokenFrom, spender, amountFrom); } // Perform the swap aggregator.functionCallWithValue( abi.encodePacked(method, data), address(this).balance ); // Transfer remaining balance of tokenFrom to sender if (address(tokenFrom) != Constants.ETH) { _transfer(tokenFrom, tokenFrom.balanceOf(address(this)), recipient); } else { // If using ETH, just unwrap any remaining WETH // At the end of this function all ETH will be transferred to the sender _unwrapWETH(); } uint256 weiBalance = address(this).balance; // Transfer remaining balance of tokenTo to sender if (address(tokenTo) != Constants.ETH) { uint256 balance = tokenTo.balanceOf(address(this)); require(balance >= amountTo, "INSUFFICIENT_AMOUNT"); _transfer(tokenTo, balance, recipient); } else { // If tokenTo == ETH, unwrap received WETH and add it to the wei balance, // then check that the remaining ETH balance >= amountTo // It is safe to not use safeMath as no one can have enough Ether to overflow weiBalance += _unwrapWETH(); require(weiBalance >= amountTo, "INSUFFICIENT_AMOUNT"); } // If there are unused fees or if tokenTo is ETH, transfer to sender if (weiBalance > 0) { recipient.sendValue(weiBalance); } } /** * @dev Unwraps all available WETH into ETH */ function _unwrapWETH() internal returns (uint256) { uint256 balance = weth.balanceOf(address(this)); weth.withdraw(balance); return balance; } /** * @dev Transfers token to sender if amount > 0 * @param token IERC20 token to transfer to sender * @param amount Amount of token to transfer * @param recipient Address that will receive the tokens */ function _transfer( IERC20 token, uint256 amount, address recipient ) internal { if (amount > 0) { token.safeTransfer(recipient, amount); } } // https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/SafeERC20.sol /** * @dev Approves max amount of token to the spender if the allowance is lower than amount * @param token The ERC20 token to approve * @param spender Address to which funds will be approved * @param amount Amount used to compare current allowance */ function _approveSpender( IERC20 token, address spender, uint256 amount ) internal { // If allowance is not enough, approve max possible amount uint256 allowance = token.allowance(address(this), spender); if (allowance < amount) { bytes memory returndata = address(token).functionCall( abi.encodeWithSelector( token.approve.selector, spender, type(uint256).max ) ); if (returndata.length > 0) { // Return data is optional require(abi.decode(returndata, (bool)), "APPROVAL_FAILED"); } } } } pragma solidity ^0.6.0; import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; interface IWETH is IERC20 { function deposit() external payable; function withdraw(uint256) external; } pragma solidity ^0.6.0; import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; import "@openzeppelin/contracts/token/ERC20/SafeERC20.sol"; import "@openzeppelin/contracts/math/SafeMath.sol"; import "@openzeppelin/contracts/utils/Address.sol"; import "@uniswap/v2-periphery/contracts/interfaces/IUniswapV2Router02.sol"; import "../Constants.sol"; contract UniswapAdapter { using SafeERC20 for IERC20; using Address for address; using Address for address payable; using SafeMath for uint256; // solhint-disable-next-line var-name-mixedcase IUniswapV2Router02 public immutable UNISWAP; // solhint-disable-next-line var-name-mixedcase address payable public immutable FEE_WALLET; constructor(address payable feeWallet, IUniswapV2Router02 uniswap) public { FEE_WALLET = feeWallet; UNISWAP = uniswap; } /** * @dev Performs a swap * @param recipient The original msg.sender performing the swap * @param tokenFrom Token to be swapped * @param tokenTo Token to be received * @param amountFrom Amount of tokenFrom to swap * @param amountTo Minimum amount of tokenTo to receive * @param path Used by Uniswap * @param deadline Timestamp at which the swap becomes invalid. Used by Uniswap * @param feeOnTransfer Use `supportingFeeOnTransfer` Uniswap methods * @param fee Amount of tokenFrom sent to the fee wallet */ function swap( address payable recipient, IERC20 tokenFrom, IERC20 tokenTo, uint256 amountFrom, uint256 amountTo, address[] calldata path, uint256 deadline, bool feeOnTransfer, uint256 fee ) external payable { require(tokenFrom != tokenTo, "TOKEN_PAIR_INVALID"); if (address(tokenFrom) == Constants.ETH) { FEE_WALLET.sendValue(fee); } else { _transfer(tokenFrom, fee, FEE_WALLET); } if (address(tokenFrom) == Constants.ETH) { if (feeOnTransfer) { UNISWAP.swapExactETHForTokensSupportingFeeOnTransferTokens{ value: address(this).balance }(amountTo, path, address(this), deadline); } else { UNISWAP.swapExactETHForTokens{value: address(this).balance}( amountTo, path, address(this), deadline ); } } else { _approveSpender(tokenFrom, address(UNISWAP), amountFrom); if (address(tokenTo) == Constants.ETH) { if (feeOnTransfer) { UNISWAP.swapExactTokensForETHSupportingFeeOnTransferTokens( amountFrom, amountTo, path, address(this), deadline ); } else { UNISWAP.swapExactTokensForETH( amountFrom, amountTo, path, address(this), deadline ); } } else { if (feeOnTransfer) { UNISWAP .swapExactTokensForTokensSupportingFeeOnTransferTokens( amountFrom, amountTo, path, address(this), deadline ); } else { UNISWAP.swapExactTokensForTokens( amountFrom, amountTo, path, address(this), deadline ); } } } // Transfer remaining balance of tokenFrom to sender if (address(tokenFrom) != Constants.ETH) { _transfer(tokenFrom, tokenFrom.balanceOf(address(this)), recipient); } uint256 weiBalance = address(this).balance; // Transfer remaining balance of tokenTo to sender if (address(tokenTo) != Constants.ETH) { uint256 balance = tokenTo.balanceOf(address(this)); require(balance >= amountTo, "INSUFFICIENT_AMOUNT"); _transfer(tokenTo, balance, recipient); } else { // If tokenTo == ETH, then check that the remaining ETH balance >= amountTo require(weiBalance >= amountTo, "INSUFFICIENT_AMOUNT"); } // If there are unused fees or if tokenTo is ETH, transfer to sender if (weiBalance > 0) { recipient.sendValue(weiBalance); } } /** * @dev Transfers token to sender if amount > 0 * @param token IERC20 token to transfer to sender * @param amount Amount of token to transfer * @param recipient Address that will receive the tokens */ function _transfer( IERC20 token, uint256 amount, address recipient ) internal { if (amount > 0) { token.safeTransfer(recipient, amount); } } // https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/SafeERC20.sol /** * @dev Approves max amount of token to the spender if the allowance is lower than amount * @param token The ERC20 token to approve * @param spender Address to which funds will be approved * @param amount Amount used to compare current allowance */ function _approveSpender( IERC20 token, address spender, uint256 amount ) internal { // If allowance is not enough, approve max possible amount uint256 allowance = token.allowance(address(this), spender); if (allowance < amount) { bytes memory returndata = address(token).functionCall( abi.encodeWithSelector( token.approve.selector, spender, type(uint256).max ) ); if (returndata.length > 0) { // Return data is optional require(abi.decode(returndata, (bool)), "APPROVAL_FAILED"); } } } } pragma solidity >=0.6.2; import './IUniswapV2Router01.sol'; interface IUniswapV2Router02 is IUniswapV2Router01 { function removeLiquidityETHSupportingFeeOnTransferTokens( address token, uint liquidity, uint amountTokenMin, uint amountETHMin, address to, uint deadline ) external returns (uint amountETH); function removeLiquidityETHWithPermitSupportingFeeOnTransferTokens( address token, uint liquidity, uint amountTokenMin, uint amountETHMin, address to, uint deadline, bool approveMax, uint8 v, bytes32 r, bytes32 s ) external returns (uint amountETH); function swapExactTokensForTokensSupportingFeeOnTransferTokens( uint amountIn, uint amountOutMin, address[] calldata path, address to, uint deadline ) external; function swapExactETHForTokensSupportingFeeOnTransferTokens( uint amountOutMin, address[] calldata path, address to, uint deadline ) external payable; function swapExactTokensForETHSupportingFeeOnTransferTokens( uint amountIn, uint amountOutMin, address[] calldata path, address to, uint deadline ) external; } pragma solidity >=0.6.2; interface IUniswapV2Router01 { function factory() external pure returns (address); function WETH() external pure returns (address); function addLiquidity( address tokenA, address tokenB, uint amountADesired, uint amountBDesired, uint amountAMin, uint amountBMin, address to, uint deadline ) external returns (uint amountA, uint amountB, uint liquidity); function addLiquidityETH( address token, uint amountTokenDesired, uint amountTokenMin, uint amountETHMin, address to, uint deadline ) external payable returns (uint amountToken, uint amountETH, uint liquidity); function removeLiquidity( address tokenA, address tokenB, uint liquidity, uint amountAMin, uint amountBMin, address to, uint deadline ) external returns (uint amountA, uint amountB); function removeLiquidityETH( address token, uint liquidity, uint amountTokenMin, uint amountETHMin, address to, uint deadline ) external returns (uint amountToken, uint amountETH); function removeLiquidityWithPermit( address tokenA, address tokenB, uint liquidity, uint amountAMin, uint amountBMin, address to, uint deadline, bool approveMax, uint8 v, bytes32 r, bytes32 s ) external returns (uint amountA, uint amountB); function removeLiquidityETHWithPermit( address token, uint liquidity, uint amountTokenMin, uint amountETHMin, address to, uint deadline, bool approveMax, uint8 v, bytes32 r, bytes32 s ) external returns (uint amountToken, uint amountETH); function swapExactTokensForTokens( uint amountIn, uint amountOutMin, address[] calldata path, address to, uint deadline ) external returns (uint[] memory amounts); function swapTokensForExactTokens( uint amountOut, uint amountInMax, address[] calldata path, address to, uint deadline ) external returns (uint[] memory amounts); function swapExactETHForTokens(uint amountOutMin, address[] calldata path, address to, uint deadline) external payable returns (uint[] memory amounts); function swapTokensForExactETH(uint amountOut, uint amountInMax, address[] calldata path, address to, uint deadline) external returns (uint[] memory amounts); function swapExactTokensForETH(uint amountIn, uint amountOutMin, address[] calldata path, address to, uint deadline) external returns (uint[] memory amounts); function swapETHForExactTokens(uint amountOut, address[] calldata path, address to, uint deadline) external payable returns (uint[] memory amounts); function quote(uint amountA, uint reserveA, uint reserveB) external pure returns (uint amountB); function getAmountOut(uint amountIn, uint reserveIn, uint reserveOut) external pure returns (uint amountOut); function getAmountIn(uint amountOut, uint reserveIn, uint reserveOut) external pure returns (uint amountIn); function getAmountsOut(uint amountIn, address[] calldata path) external view returns (uint[] memory amounts); function getAmountsIn(uint amountOut, address[] calldata path) external view returns (uint[] memory amounts); } pragma solidity ^0.6.0; import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; import "@openzeppelin/contracts/token/ERC20/SafeERC20.sol"; import "@openzeppelin/contracts/utils/Address.sol"; import "../Constants.sol"; import "../IWETH.sol"; contract WethAdapter { using SafeERC20 for IERC20; using Address for address; using Address for address payable; IWETH public immutable weth; constructor(IWETH _weth) public { weth = _weth; } /** * @dev Performs a swap * @param recipient The original msg.sender performing the swap * @param aggregator Address of the aggregator's contract * @param spender Address to which tokens will be approved * @param method Selector of the function to be called in the aggregator's contract * @param tokenFrom Token to be swapped * @param tokenTo Token to be received * @param amountFrom Amount of tokenFrom to swap * @param amountTo Minimum amount of tokenTo to receive * @param data Data used for the call made to the aggregator's contract */ function swap( address payable recipient, address aggregator, address spender, bytes4 method, IERC20 tokenFrom, IERC20 tokenTo, uint256 amountFrom, uint256 amountTo, bytes calldata data ) external payable { require(tokenFrom != tokenTo, "TOKEN_PAIR_INVALID"); if (address(tokenFrom) == Constants.ETH) { // If tokenFrom is ETH, msg.value = fee + amountFrom (total fee could be 0) // Can't deal with ETH, convert to WETH, the remaining balance will be the fee weth.deposit{value: amountFrom}(); _approveSpender(weth, spender, amountFrom); } else { // Otherwise capture tokens from sender _approveSpender(tokenFrom, spender, amountFrom); } // Perform the swap aggregator.functionCallWithValue( abi.encodePacked(method, data), address(this).balance ); // Transfer remaining balance of tokenFrom to sender if (address(tokenFrom) != Constants.ETH) { _transfer(tokenFrom, tokenFrom.balanceOf(address(this)), recipient); } else { // If using ETH, just unwrap any remaining WETH // At the end of this function all ETH will be transferred to the sender _unwrapWETH(); } uint256 weiBalance = address(this).balance; // Transfer remaining balance of tokenTo to sender if (address(tokenTo) != Constants.ETH) { uint256 balance = tokenTo.balanceOf(address(this)); require(balance >= amountTo, "INSUFFICIENT_AMOUNT"); _transfer(tokenTo, balance, recipient); } else { // If tokenTo == ETH, unwrap received WETH and add it to the wei balance, // then check that the remaining ETH balance >= amountTo // It is safe to not use safeMath as no one can have enough Ether to overflow weiBalance += _unwrapWETH(); require(weiBalance >= amountTo, "INSUFFICIENT_AMOUNT"); } // If there are unused fees or if tokenTo is ETH, transfer to sender if (weiBalance > 0) { recipient.sendValue(weiBalance); } } /** * @dev Unwraps all available WETH into ETH */ function _unwrapWETH() internal returns (uint256) { uint256 balance = weth.balanceOf(address(this)); weth.withdraw(balance); return balance; } /** * @dev Transfers token to sender if amount > 0 * @param token IERC20 token to transfer to sender * @param amount Amount of token to transfer * @param recipient Address that will receive the tokens */ function _transfer( IERC20 token, uint256 amount, address recipient ) internal { if (amount > 0) { token.safeTransfer(recipient, amount); } } // https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/SafeERC20.sol /** * @dev Approves max amount of token to the spender if the allowance is lower than amount * @param token The ERC20 token to approve * @param spender Address to which funds will be approved * @param amount Amount used to compare current allowance */ function _approveSpender( IERC20 token, address spender, uint256 amount ) internal { // If allowance is not enough, approve max possible amount uint256 allowance = token.allowance(address(this), spender); if (allowance < amount) { bytes memory returndata = address(token).functionCall( abi.encodeWithSelector( token.approve.selector, spender, type(uint256).max ) ); if (returndata.length > 0) { // Return data is optional require(abi.decode(returndata, (bool)), "APPROVAL_FAILED"); } } } } // SPDX-License-Identifier: MIT pragma solidity ^0.6.0; import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; interface ICHI is IERC20 { function freeUpTo(uint256 value) external returns (uint256); function freeFromUpTo( address from, uint256 value ) external returns (uint256); function mint(uint256 value) external; } // SPDX-License-Identifier: UNLICENSED pragma solidity ^0.6.0; // We import the contract so truffle compiles it, and we have the ABI // available when working from truffle console. import "@openzeppelin/contracts/token/ERC20/ERC20.sol"; //helpers// SPDX-License-Identifier: MIT pragma solidity ^0.6.0; import "../../GSN/Context.sol"; import "./IERC20.sol"; import "../../math/SafeMath.sol"; import "../../utils/Address.sol"; /** * @dev Implementation of the {IERC20} interface. * * This implementation is agnostic to the way tokens are created. This means * that a supply mechanism has to be added in a derived contract using {_mint}. * For a generic mechanism see {ERC20PresetMinterPauser}. * * TIP: For a detailed writeup see our guide * https://forum.zeppelin.solutions/t/how-to-implement-erc20-supply-mechanisms/226[How * to implement supply mechanisms]. * * We have followed general OpenZeppelin guidelines: functions revert instead * of returning `false` on failure. This behavior is nonetheless conventional * and does not conflict with the expectations of ERC20 applications. * * Additionally, an {Approval} event is emitted on calls to {transferFrom}. * This allows applications to reconstruct the allowance for all accounts just * by listening to said events. Other implementations of the EIP may not emit * these events, as it isn't required by the specification. * * Finally, the non-standard {decreaseAllowance} and {increaseAllowance} * functions have been added to mitigate the well-known issues around setting * allowances. See {IERC20-approve}. */ contract ERC20 is Context, IERC20 { using SafeMath for uint256; using Address for address; mapping (address => uint256) private _balances; mapping (address => mapping (address => uint256)) private _allowances; uint256 private _totalSupply; string private _name; string private _symbol; uint8 private _decimals; /** * @dev Sets the values for {name} and {symbol}, initializes {decimals} with * a default value of 18. * * To select a different value for {decimals}, use {_setupDecimals}. * * All three of these values are immutable: they can only be set once during * construction. */ constructor (string memory name, string memory symbol) public { _name = name; _symbol = symbol; _decimals = 18; } /** * @dev Returns the name of the token. */ function name() public view returns (string memory) { return _name; } /** * @dev Returns the symbol of the token, usually a shorter version of the * name. */ function symbol() public view returns (string memory) { return _symbol; } /** * @dev Returns the number of decimals used to get its user representation. * For example, if `decimals` equals `2`, a balance of `505` tokens should * be displayed to a user as `5,05` (`505 / 10 ** 2`). * * Tokens usually opt for a value of 18, imitating the relationship between * Ether and Wei. This is the value {ERC20} uses, unless {_setupDecimals} is * called. * * NOTE: This information is only used for _display_ purposes: it in * no way affects any of the arithmetic of the contract, including * {IERC20-balanceOf} and {IERC20-transfer}. */ function decimals() public view returns (uint8) { return _decimals; } /** * @dev See {IERC20-totalSupply}. */ function totalSupply() public view override returns (uint256) { return _totalSupply; } /** * @dev See {IERC20-balanceOf}. */ function balanceOf(address account) public view override returns (uint256) { return _balances[account]; } /** * @dev See {IERC20-transfer}. * * Requirements: * * - `recipient` cannot be the zero address. * - the caller must have a balance of at least `amount`. */ function transfer(address recipient, uint256 amount) public virtual override returns (bool) { _transfer(_msgSender(), recipient, amount); return true; } /** * @dev See {IERC20-allowance}. */ function allowance(address owner, address spender) public view virtual override returns (uint256) { return _allowances[owner][spender]; } /** * @dev See {IERC20-approve}. * * Requirements: * * - `spender` cannot be the zero address. */ function approve(address spender, uint256 amount) public virtual override returns (bool) { _approve(_msgSender(), spender, amount); return true; } /** * @dev See {IERC20-transferFrom}. * * Emits an {Approval} event indicating the updated allowance. This is not * required by the EIP. See the note at the beginning of {ERC20}; * * Requirements: * - `sender` and `recipient` cannot be the zero address. * - `sender` must have a balance of at least `amount`. * - the caller must have allowance for ``sender``'s tokens of at least * `amount`. */ function transferFrom(address sender, address recipient, uint256 amount) public virtual override returns (bool) { _transfer(sender, recipient, amount); _approve(sender, _msgSender(), _allowances[sender][_msgSender()].sub(amount, "ERC20: transfer amount exceeds allowance")); return true; } /** * @dev Atomically increases the allowance granted to `spender` by the caller. * * This is an alternative to {approve} that can be used as a mitigation for * problems described in {IERC20-approve}. * * Emits an {Approval} event indicating the updated allowance. * * Requirements: * * - `spender` cannot be the zero address. */ function increaseAllowance(address spender, uint256 addedValue) public virtual returns (bool) { _approve(_msgSender(), spender, _allowances[_msgSender()][spender].add(addedValue)); return true; } /** * @dev Atomically decreases the allowance granted to `spender` by the caller. * * This is an alternative to {approve} that can be used as a mitigation for * problems described in {IERC20-approve}. * * Emits an {Approval} event indicating the updated allowance. * * Requirements: * * - `spender` cannot be the zero address. * - `spender` must have allowance for the caller of at least * `subtractedValue`. */ function decreaseAllowance(address spender, uint256 subtractedValue) public virtual returns (bool) { _approve(_msgSender(), spender, _allowances[_msgSender()][spender].sub(subtractedValue, "ERC20: decreased allowance below zero")); return true; } /** * @dev Moves tokens `amount` from `sender` to `recipient`. * * This is internal function is equivalent to {transfer}, and can be used to * e.g. implement automatic token fees, slashing mechanisms, etc. * * Emits a {Transfer} event. * * Requirements: * * - `sender` cannot be the zero address. * - `recipient` cannot be the zero address. * - `sender` must have a balance of at least `amount`. */ function _transfer(address sender, address recipient, uint256 amount) internal virtual { require(sender != address(0), "ERC20: transfer from the zero address"); require(recipient != address(0), "ERC20: transfer to the zero address"); _beforeTokenTransfer(sender, recipient, amount); _balances[sender] = _balances[sender].sub(amount, "ERC20: transfer amount exceeds balance"); _balances[recipient] = _balances[recipient].add(amount); emit Transfer(sender, recipient, amount); } /** @dev Creates `amount` tokens and assigns them to `account`, increasing * the total supply. * * Emits a {Transfer} event with `from` set to the zero address. * * Requirements * * - `to` cannot be the zero address. */ function _mint(address account, uint256 amount) internal virtual { require(account != address(0), "ERC20: mint to the zero address"); _beforeTokenTransfer(address(0), account, amount); _totalSupply = _totalSupply.add(amount); _balances[account] = _balances[account].add(amount); emit Transfer(address(0), account, amount); } /** * @dev Destroys `amount` tokens from `account`, reducing the * total supply. * * Emits a {Transfer} event with `to` set to the zero address. * * Requirements * * - `account` cannot be the zero address. * - `account` must have at least `amount` tokens. */ function _burn(address account, uint256 amount) internal virtual { require(account != address(0), "ERC20: burn from the zero address"); _beforeTokenTransfer(account, address(0), amount); _balances[account] = _balances[account].sub(amount, "ERC20: burn amount exceeds balance"); _totalSupply = _totalSupply.sub(amount); emit Transfer(account, address(0), amount); } /** * @dev Sets `amount` as the allowance of `spender` over the `owner` s tokens. * * This internal function is equivalent to `approve`, and can be used to * e.g. set automatic allowances for certain subsystems, etc. * * Emits an {Approval} event. * * Requirements: * * - `owner` cannot be the zero address. * - `spender` cannot be the zero address. */ function _approve(address owner, address spender, uint256 amount) internal virtual { require(owner != address(0), "ERC20: approve from the zero address"); require(spender != address(0), "ERC20: approve to the zero address"); _allowances[owner][spender] = amount; emit Approval(owner, spender, amount); } /** * @dev Sets {decimals} to a value other than the default one of 18. * * WARNING: This function should only be called from the constructor. Most * applications that interact with token contracts will not expect * {decimals} to ever change, and may work incorrectly if it does. */ function _setupDecimals(uint8 decimals_) internal { _decimals = decimals_; } /** * @dev Hook that is called before any transfer of tokens. This includes * minting and burning. * * Calling conditions: * * - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens * will be to transferred to `to`. * - when `from` is zero, `amount` tokens will be minted for `to`. * - when `to` is zero, `amount` of ``from``'s tokens will be burned. * - `from` and `to` are never both zero. * * To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks]. */ function _beforeTokenTransfer(address from, address to, uint256 amount) internal virtual { } } // SPDX-License-Identifier: MIT pragma solidity ^0.6.0; /* * @dev Provides information about the current execution context, including the * sender of the transaction and its data. While these are generally available * via msg.sender and msg.data, they should not be accessed in such a direct * manner, since when dealing with GSN meta-transactions the account sending and * paying for execution may not be the actual sender (as far as an application * is concerned). * * This contract is only required for intermediate, library-like contracts. */ abstract contract Context { function _msgSender() internal view virtual returns (address payable) { return msg.sender; } function _msgData() internal view virtual returns (bytes memory) { this; // silence state mutability warning without generating bytecode - see https://github.com/ethereum/solidity/issues/2691 return msg.data; } } // SPDX-License-Identifier: MIT pragma solidity ^0.6.0; import "@openzeppelin/contracts/access/Ownable.sol"; import "@openzeppelin/contracts/utils/Pausable.sol"; import "@openzeppelin/contracts/utils/Address.sol"; import "@openzeppelin/contracts/utils/ReentrancyGuard.sol"; import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; import "@openzeppelin/contracts/token/ERC20/SafeERC20.sol"; import "./ICHI.sol"; import "./Spender.sol"; /** * @title MetaSwap */ contract MetaSwap is Ownable, Pausable, ReentrancyGuard { using SafeERC20 for IERC20; using Address for address; using Address for address payable; struct Adapter { address addr; // adapter's address bytes4 selector; bytes data; // adapter's fixed data } ICHI public immutable chi; Spender public immutable spender; // Mapping of aggregatorId to aggregator mapping(string => Adapter) public adapters; mapping(string => bool) public adapterRemoved; event AdapterSet( string indexed aggregatorId, address indexed addr, bytes4 selector, bytes data ); event AdapterRemoved(string indexed aggregatorId); event Swap(string indexed aggregatorId, address indexed sender); constructor(ICHI _chi) public { chi = _chi; spender = new Spender(); } /** * @dev Sets the adapter for an aggregator. It can't be changed later. * @param aggregatorId Aggregator's identifier * @param addr Address of the contract that contains the logic for this aggregator * @param selector The function selector of the swap function in the adapter * @param data Fixed abi encoded data the will be passed in each delegatecall made to the adapter */ function setAdapter( string calldata aggregatorId, address addr, bytes4 selector, bytes calldata data ) external onlyOwner { require(addr.isContract(), "ADAPTER_IS_NOT_A_CONTRACT"); require(!adapterRemoved[aggregatorId], "ADAPTER_REMOVED"); Adapter storage adapter = adapters[aggregatorId]; require(adapter.addr == address(0), "ADAPTER_EXISTS"); adapter.addr = addr; adapter.selector = selector; adapter.data = data; emit AdapterSet(aggregatorId, addr, selector, data); } /** * @dev Removes the adapter for an existing aggregator. This can't be undone. * @param aggregatorId Aggregator's identifier */ function removeAdapter(string calldata aggregatorId) external onlyOwner { require( adapters[aggregatorId].addr != address(0), "ADAPTER_DOES_NOT_EXIST" ); delete adapters[aggregatorId]; adapterRemoved[aggregatorId] = true; emit AdapterRemoved(aggregatorId); } /** * @dev Performs a swap * @param aggregatorId Identifier of the aggregator to be used for the swap * @param data Dynamic data which is concatenated with the fixed aggregator's * data in the delecatecall made to the adapter */ function swap( string calldata aggregatorId, IERC20 tokenFrom, uint256 amount, bytes calldata data ) external payable whenNotPaused nonReentrant { _swap(aggregatorId, tokenFrom, amount, data); } /** * @dev Performs a swap * @param aggregatorId Identifier of the aggregator to be used for the swap * @param data Dynamic data which is concatenated with the fixed aggregator's * data in the delecatecall made to the adapter */ function swapUsingGasToken( string calldata aggregatorId, IERC20 tokenFrom, uint256 amount, bytes calldata data ) external payable whenNotPaused nonReentrant { uint256 gas = gasleft(); _swap(aggregatorId, tokenFrom, amount, data); uint256 gasSpent = 21000 + gas - gasleft() + 16 * msg.data.length; chi.freeFromUpTo(msg.sender, (gasSpent + 14154) / 41947); } function pauseSwaps() external onlyOwner { _pause(); } function unpauseSwaps() external onlyOwner { _unpause(); } function _swap( string calldata aggregatorId, IERC20 tokenFrom, uint256 amount, bytes calldata data ) internal { Adapter storage adapter = adapters[aggregatorId]; if (address(tokenFrom) != Constants.ETH) { tokenFrom.safeTransferFrom(msg.sender, address(spender), amount); } spender.swap{value: msg.value}( adapter.addr, abi.encodePacked( adapter.selector, abi.encode(msg.sender), adapter.data, data ) ); emit Swap(aggregatorId, msg.sender); } } // SPDX-License-Identifier: MIT pragma solidity ^0.6.0; import "../GSN/Context.sol"; /** * @dev Contract module which provides a basic access control mechanism, where * there is an account (an owner) that can be granted exclusive access to * specific functions. * * By default, the owner account will be the one that deploys the contract. This * can later be changed with {transferOwnership}. * * This module is used through inheritance. It will make available the modifier * `onlyOwner`, which can be applied to your functions to restrict their use to * the owner. */ contract Ownable is Context { address private _owner; event OwnershipTransferred(address indexed previousOwner, address indexed newOwner); /** * @dev Initializes the contract setting the deployer as the initial owner. */ constructor () internal { address msgSender = _msgSender(); _owner = msgSender; emit OwnershipTransferred(address(0), msgSender); } /** * @dev Returns the address of the current owner. */ function owner() public view returns (address) { return _owner; } /** * @dev Throws if called by any account other than the owner. */ modifier onlyOwner() { require(_owner == _msgSender(), "Ownable: caller is not the owner"); _; } /** * @dev Leaves the contract without owner. It will not be possible to call * `onlyOwner` functions anymore. Can only be called by the current owner. * * NOTE: Renouncing ownership will leave the contract without an owner, * thereby removing any functionality that is only available to the owner. */ function renounceOwnership() public virtual onlyOwner { emit OwnershipTransferred(_owner, address(0)); _owner = address(0); } /** * @dev Transfers ownership of the contract to a new account (`newOwner`). * Can only be called by the current owner. */ function transferOwnership(address newOwner) public virtual onlyOwner { require(newOwner != address(0), "Ownable: new owner is the zero address"); emit OwnershipTransferred(_owner, newOwner); _owner = newOwner; } } // SPDX-License-Identifier: MIT pragma solidity ^0.6.0; import "../GSN/Context.sol"; /** * @dev Contract module which allows children to implement an emergency stop * mechanism that can be triggered by an authorized account. * * This module is used through inheritance. It will make available the * modifiers `whenNotPaused` and `whenPaused`, which can be applied to * the functions of your contract. Note that they will not be pausable by * simply including this module, only once the modifiers are put in place. */ contract Pausable is Context { /** * @dev Emitted when the pause is triggered by `account`. */ event Paused(address account); /** * @dev Emitted when the pause is lifted by `account`. */ event Unpaused(address account); bool private _paused; /** * @dev Initializes the contract in unpaused state. */ constructor () internal { _paused = false; } /** * @dev Returns true if the contract is paused, and false otherwise. */ function paused() public view returns (bool) { return _paused; } /** * @dev Modifier to make a function callable only when the contract is not paused. * * Requirements: * * - The contract must not be paused. */ modifier whenNotPaused() { require(!_paused, "Pausable: paused"); _; } /** * @dev Modifier to make a function callable only when the contract is paused. * * Requirements: * * - The contract must be paused. */ modifier whenPaused() { require(_paused, "Pausable: not paused"); _; } /** * @dev Triggers stopped state. * * Requirements: * * - The contract must not be paused. */ function _pause() internal virtual whenNotPaused { _paused = true; emit Paused(_msgSender()); } /** * @dev Returns to normal state. * * Requirements: * * - The contract must be paused. */ function _unpause() internal virtual whenPaused { _paused = false; emit Unpaused(_msgSender()); } } // SPDX-License-Identifier: MIT pragma solidity ^0.6.0; /** * @dev Contract module that helps prevent reentrant calls to a function. * * Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier * available, which can be applied to functions to make sure there are no nested * (reentrant) calls to them. * * Note that because there is a single `nonReentrant` guard, functions marked as * `nonReentrant` may not call one another. This can be worked around by making * those functions `private`, and then adding `external` `nonReentrant` entry * points to them. * * TIP: If you would like to learn more about reentrancy and alternative ways * to protect against it, check out our blog post * https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul]. */ contract ReentrancyGuard { // Booleans are more expensive than uint256 or any type that takes up a full // word because each write operation emits an extra SLOAD to first read the // slot's contents, replace the bits taken up by the boolean, and then write // back. This is the compiler's defense against contract upgrades and // pointer aliasing, and it cannot be disabled. // The values being non-zero value makes deployment a bit more expensive, // but in exchange the refund on every call to nonReentrant will be lower in // amount. Since refunds are capped to a percentage of the total // transaction's gas, it is best to keep them low in cases like this one, to // increase the likelihood of the full refund coming into effect. uint256 private constant _NOT_ENTERED = 1; uint256 private constant _ENTERED = 2; uint256 private _status; constructor () internal { _status = _NOT_ENTERED; } /** * @dev Prevents a contract from calling itself, directly or indirectly. * Calling a `nonReentrant` function from another `nonReentrant` * function is not supported. It is possible to prevent this from happening * by making the `nonReentrant` function external, and make it call a * `private` function that does the actual work. */ modifier nonReentrant() { // On the first call to nonReentrant, _notEntered will be true require(_status != _ENTERED, "ReentrancyGuard: reentrant call"); // Any calls to nonReentrant after this point will fail _status = _ENTERED; _; // By storing the original value once again, a refund is triggered (see // https://eips.ethereum.org/EIPS/eip-2200) _status = _NOT_ENTERED; } } // SPDX-License-Identifier: MIT pragma solidity ^0.6.0; import "./Constants.sol"; contract Spender { address public immutable metaswap; constructor() public { metaswap = msg.sender; } /// @dev Receives ether from swaps fallback() external payable {} function swap(address adapter, bytes calldata data) external payable { require(msg.sender == metaswap, "FORBIDDEN"); require(adapter != address(0), "ADAPTER_NOT_PROVIDED"); _delegate(adapter, data, "ADAPTER_DELEGATECALL_FAILED"); } /** * @dev Performs a delegatecall and bubbles up the errors, adapted from * https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/utils/Address.sol * @param target Address of the contract to delegatecall * @param data Data passed in the delegatecall * @param errorMessage Fallback revert reason */ function _delegate( address target, bytes memory data, string memory errorMessage ) private returns (bytes memory) { // solhint-disable-next-line avoid-low-level-calls (bool success, bytes memory returndata) = target.delegatecall(data); if (success) { return returndata; } else { // Look for revert reason and bubble it up if present if (returndata.length > 0) { // The easiest way to bubble the revert reason is using memory via assembly // solhint-disable-next-line no-inline-assembly assembly { let returndata_size := mload(returndata) revert(add(32, returndata), returndata_size) } } else { revert(errorMessage); } } } } pragma solidity ^0.6.0; import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; import "@openzeppelin/contracts/token/ERC20/SafeERC20.sol"; import "@openzeppelin/contracts/utils/Address.sol"; contract MockAdapter { using SafeERC20 for IERC20; using Address for address; using Address for address payable; event MockAdapterEvent( address sender, uint256 valueFixed, uint256 valueDynamic ); function test( address sender, uint256 valueFixed, uint256 valueDynamic ) external payable { emit MockAdapterEvent(sender, valueFixed, valueDynamic); } function testRevert( address, uint256, uint256 ) external payable { revert("SWAP_FAILED"); } function testRevertNoReturnData( address, uint256, uint256 ) external payable { revert(); } } pragma solidity ^0.6.0; // TAKEN FROM https://github.com/gnosis/mock-contract // TODO: use their npm package once it is published for solidity 0.6 interface MockInterface { /** * @dev After calling this method, the mock will return `response` when it is called * with any calldata that is not mocked more specifically below * (e.g. using givenMethodReturn). * @param response ABI encoded response that will be returned if method is invoked */ function givenAnyReturn(bytes calldata response) external; function givenAnyReturnBool(bool response) external; function givenAnyReturnUint(uint256 response) external; function givenAnyReturnAddress(address response) external; function givenAnyRevert() external; function givenAnyRevertWithMessage(string calldata message) external; function givenAnyRunOutOfGas() external; /** * @dev After calling this method, the mock will return `response` when the given * methodId is called regardless of arguments. If the methodId and arguments * are mocked more specifically (using `givenMethodAndArguments`) the latter * will take precedence. * @param method ABI encoded methodId. It is valid to pass full calldata (including arguments). The mock will extract the methodId from it * @param response ABI encoded response that will be returned if method is invoked */ function givenMethodReturn(bytes calldata method, bytes calldata response) external; function givenMethodReturnBool(bytes calldata method, bool response) external; function givenMethodReturnUint(bytes calldata method, uint256 response) external; function givenMethodReturnAddress(bytes calldata method, address response) external; function givenMethodRevert(bytes calldata method) external; function givenMethodRevertWithMessage( bytes calldata method, string calldata message ) external; function givenMethodRunOutOfGas(bytes calldata method) external; /** * @dev After calling this method, the mock will return `response` when the given * methodId is called with matching arguments. These exact calldataMocks will take * precedence over all other calldataMocks. * @param call ABI encoded calldata (methodId and arguments) * @param response ABI encoded response that will be returned if contract is invoked with calldata */ function givenCalldataReturn(bytes calldata call, bytes calldata response) external; function givenCalldataReturnBool(bytes calldata call, bool response) external; function givenCalldataReturnUint(bytes calldata call, uint256 response) external; function givenCalldataReturnAddress(bytes calldata call, address response) external; function givenCalldataRevert(bytes calldata call) external; function givenCalldataRevertWithMessage( bytes calldata call, string calldata message ) external; function givenCalldataRunOutOfGas(bytes calldata call) external; /** * @dev Returns the number of times anything has been called on this mock since last reset */ function invocationCount() external returns (uint256); /** * @dev Returns the number of times the given method has been called on this mock since last reset * @param method ABI encoded methodId. It is valid to pass full calldata (including arguments). The mock will extract the methodId from it */ function invocationCountForMethod(bytes calldata method) external returns (uint256); /** * @dev Returns the number of times this mock has been called with the exact calldata since last reset. * @param call ABI encoded calldata (methodId and arguments) */ function invocationCountForCalldata(bytes calldata call) external returns (uint256); /** * @dev Resets all mocked methods and invocation counts. */ function reset() external; } /** * Implementation of the MockInterface. */ contract MockContract is MockInterface { enum MockType {Return, Revert, OutOfGas} bytes32 public constant MOCKS_LIST_START = hex"01"; bytes public constant MOCKS_LIST_END = "0xff"; bytes32 public constant MOCKS_LIST_END_HASH = keccak256(MOCKS_LIST_END); bytes4 public constant SENTINEL_ANY_MOCKS = hex"01"; bytes public constant DEFAULT_FALLBACK_VALUE = abi.encode(false); // A linked list allows easy iteration and inclusion checks mapping(bytes32 => bytes) calldataMocks; mapping(bytes => MockType) calldataMockTypes; mapping(bytes => bytes) calldataExpectations; mapping(bytes => string) calldataRevertMessage; mapping(bytes32 => uint256) calldataInvocations; mapping(bytes4 => bytes4) methodIdMocks; mapping(bytes4 => MockType) methodIdMockTypes; mapping(bytes4 => bytes) methodIdExpectations; mapping(bytes4 => string) methodIdRevertMessages; mapping(bytes32 => uint256) methodIdInvocations; MockType fallbackMockType; bytes fallbackExpectation = DEFAULT_FALLBACK_VALUE; string fallbackRevertMessage; uint256 invocations; uint256 resetCount; constructor() public { calldataMocks[MOCKS_LIST_START] = MOCKS_LIST_END; methodIdMocks[SENTINEL_ANY_MOCKS] = SENTINEL_ANY_MOCKS; } function trackCalldataMock(bytes memory call) private { bytes32 callHash = keccak256(call); if (calldataMocks[callHash].length == 0) { calldataMocks[callHash] = calldataMocks[MOCKS_LIST_START]; calldataMocks[MOCKS_LIST_START] = call; } } function trackMethodIdMock(bytes4 methodId) private { if (methodIdMocks[methodId] == 0x0) { methodIdMocks[methodId] = methodIdMocks[SENTINEL_ANY_MOCKS]; methodIdMocks[SENTINEL_ANY_MOCKS] = methodId; } } function _givenAnyReturn(bytes memory response) internal { fallbackMockType = MockType.Return; fallbackExpectation = response; } function givenAnyReturn(bytes calldata response) external override { _givenAnyReturn(response); } function givenAnyReturnBool(bool response) external override { uint256 flag = response ? 1 : 0; _givenAnyReturn(uintToBytes(flag)); } function givenAnyReturnUint(uint256 response) external override { _givenAnyReturn(uintToBytes(response)); } function givenAnyReturnAddress(address response) external override { _givenAnyReturn(uintToBytes(uint256(response))); } function givenAnyRevert() external override { fallbackMockType = MockType.Revert; fallbackRevertMessage = ""; } function givenAnyRevertWithMessage(string calldata message) external override { fallbackMockType = MockType.Revert; fallbackRevertMessage = message; } function givenAnyRunOutOfGas() external override { fallbackMockType = MockType.OutOfGas; } function _givenCalldataReturn(bytes memory call, bytes memory response) private { calldataMockTypes[call] = MockType.Return; calldataExpectations[call] = response; trackCalldataMock(call); } function givenCalldataReturn(bytes calldata call, bytes calldata response) external override { _givenCalldataReturn(call, response); } function givenCalldataReturnBool(bytes calldata call, bool response) external override { uint256 flag = response ? 1 : 0; _givenCalldataReturn(call, uintToBytes(flag)); } function givenCalldataReturnUint(bytes calldata call, uint256 response) external override { _givenCalldataReturn(call, uintToBytes(response)); } function givenCalldataReturnAddress(bytes calldata call, address response) external override { _givenCalldataReturn(call, uintToBytes(uint256(response))); } function _givenMethodReturn(bytes memory call, bytes memory response) private { bytes4 method = bytesToBytes4(call); methodIdMockTypes[method] = MockType.Return; methodIdExpectations[method] = response; trackMethodIdMock(method); } function givenMethodReturn(bytes calldata call, bytes calldata response) external override { _givenMethodReturn(call, response); } function givenMethodReturnBool(bytes calldata call, bool response) external override { uint256 flag = response ? 1 : 0; _givenMethodReturn(call, uintToBytes(flag)); } function givenMethodReturnUint(bytes calldata call, uint256 response) external override { _givenMethodReturn(call, uintToBytes(response)); } function givenMethodReturnAddress(bytes calldata call, address response) external override { _givenMethodReturn(call, uintToBytes(uint256(response))); } function givenCalldataRevert(bytes calldata call) external override { calldataMockTypes[call] = MockType.Revert; calldataRevertMessage[call] = ""; trackCalldataMock(call); } function givenMethodRevert(bytes calldata call) external override { bytes4 method = bytesToBytes4(call); methodIdMockTypes[method] = MockType.Revert; trackMethodIdMock(method); } function givenCalldataRevertWithMessage( bytes calldata call, string calldata message ) external override { calldataMockTypes[call] = MockType.Revert; calldataRevertMessage[call] = message; trackCalldataMock(call); } function givenMethodRevertWithMessage( bytes calldata call, string calldata message ) external override { bytes4 method = bytesToBytes4(call); methodIdMockTypes[method] = MockType.Revert; methodIdRevertMessages[method] = message; trackMethodIdMock(method); } function givenCalldataRunOutOfGas(bytes calldata call) external override { calldataMockTypes[call] = MockType.OutOfGas; trackCalldataMock(call); } function givenMethodRunOutOfGas(bytes calldata call) external override { bytes4 method = bytesToBytes4(call); methodIdMockTypes[method] = MockType.OutOfGas; trackMethodIdMock(method); } function invocationCount() external override returns (uint256) { return invocations; } function invocationCountForMethod(bytes calldata call) external override returns (uint256) { bytes4 method = bytesToBytes4(call); return methodIdInvocations[keccak256( abi.encodePacked(resetCount, method) )]; } function invocationCountForCalldata(bytes calldata call) external override returns (uint256) { return calldataInvocations[keccak256(abi.encodePacked(resetCount, call))]; } function reset() external override { // Reset all exact calldataMocks bytes memory nextMock = calldataMocks[MOCKS_LIST_START]; bytes32 mockHash = keccak256(nextMock); // We cannot compary bytes while (mockHash != MOCKS_LIST_END_HASH) { // Reset all mock maps calldataMockTypes[nextMock] = MockType.Return; calldataExpectations[nextMock] = hex""; calldataRevertMessage[nextMock] = ""; // Set next mock to remove nextMock = calldataMocks[mockHash]; // Remove from linked list calldataMocks[mockHash] = ""; // Update mock hash mockHash = keccak256(nextMock); } // Clear list calldataMocks[MOCKS_LIST_START] = MOCKS_LIST_END; // Reset all any calldataMocks bytes4 nextAnyMock = methodIdMocks[SENTINEL_ANY_MOCKS]; while (nextAnyMock != SENTINEL_ANY_MOCKS) { bytes4 currentAnyMock = nextAnyMock; methodIdMockTypes[currentAnyMock] = MockType.Return; methodIdExpectations[currentAnyMock] = hex""; methodIdRevertMessages[currentAnyMock] = ""; nextAnyMock = methodIdMocks[currentAnyMock]; // Remove from linked list methodIdMocks[currentAnyMock] = 0x0; } // Clear list methodIdMocks[SENTINEL_ANY_MOCKS] = SENTINEL_ANY_MOCKS; fallbackExpectation = DEFAULT_FALLBACK_VALUE; fallbackMockType = MockType.Return; invocations = 0; resetCount += 1; } function useAllGas() private { while (true) { bool s; assembly { //expensive call to EC multiply contract s := call(sub(gas(), 2000), 6, 0, 0x0, 0xc0, 0x0, 0x60) } } } function bytesToBytes4(bytes memory b) private pure returns (bytes4) { bytes4 out; for (uint256 i = 0; i < 4; i++) { out |= bytes4(b[i] & 0xFF) >> (i * 8); } return out; } function uintToBytes(uint256 x) private pure returns (bytes memory b) { b = new bytes(32); assembly { mstore(add(b, 32), x) } } function updateInvocationCount( bytes4 methodId, bytes memory originalMsgData ) public { require( msg.sender == address(this), "Can only be called from the contract itself" ); invocations += 1; methodIdInvocations[keccak256( abi.encodePacked(resetCount, methodId) )] += 1; calldataInvocations[keccak256( abi.encodePacked(resetCount, originalMsgData) )] += 1; } fallback() external payable { bytes4 methodId; assembly { methodId := calldataload(0) } // First, check exact matching overrides if (calldataMockTypes[msg.data] == MockType.Revert) { revert(calldataRevertMessage[msg.data]); } if (calldataMockTypes[msg.data] == MockType.OutOfGas) { useAllGas(); } bytes memory result = calldataExpectations[msg.data]; // Then check method Id overrides if (result.length == 0) { if (methodIdMockTypes[methodId] == MockType.Revert) { revert(methodIdRevertMessages[methodId]); } if (methodIdMockTypes[methodId] == MockType.OutOfGas) { useAllGas(); } result = methodIdExpectations[methodId]; } // Last, use the fallback override if (result.length == 0) { if (fallbackMockType == MockType.Revert) { revert(fallbackRevertMessage); } if (fallbackMockType == MockType.OutOfGas) { useAllGas(); } result = fallbackExpectation; } // Record invocation as separate call so we don't rollback in case we are called with STATICCALL (, bytes memory r) = address(this).call{gas: 100000}( abi.encodeWithSignature( "updateInvocationCount(bytes4,bytes)", methodId, msg.data ) ); assert(r.length == 0); assembly { return(add(0x20, result), mload(result)) } } } pragma solidity ^0.6.0; contract MockSelfDestruct { constructor() public payable {} fallback() external payable { selfdestruct(msg.sender); } function kill(address payable target) external payable { selfdestruct(target); } }
File 2 of 7: FiatTokenProxy
pragma solidity ^0.4.24; // File: zos-lib/contracts/upgradeability/Proxy.sol /** * @title Proxy * @dev Implements delegation of calls to other contracts, with proper * forwarding of return values and bubbling of failures. * It defines a fallback function that delegates all calls to the address * returned by the abstract _implementation() internal function. */ contract Proxy { /** * @dev Fallback function. * Implemented entirely in `_fallback`. */ function () payable external { _fallback(); } /** * @return The Address of the implementation. */ function _implementation() internal view returns (address); /** * @dev Delegates execution to an implementation contract. * This is a low level function that doesn't return to its internal call site. * It will return to the external caller whatever the implementation returns. * @param implementation Address to delegate. */ function _delegate(address implementation) internal { assembly { // Copy msg.data. We take full control of memory in this inline assembly // block because it will not return to Solidity code. We overwrite the // Solidity scratch pad at memory position 0. calldatacopy(0, 0, calldatasize) // Call the implementation. // out and outsize are 0 because we don't know the size yet. let result := delegatecall(gas, implementation, 0, calldatasize, 0, 0) // Copy the returned data. returndatacopy(0, 0, returndatasize) switch result // delegatecall returns 0 on error. case 0 { revert(0, returndatasize) } default { return(0, returndatasize) } } } /** * @dev Function that is run as the first thing in the fallback function. * Can be redefined in derived contracts to add functionality. * Redefinitions must call super._willFallback(). */ function _willFallback() internal { } /** * @dev fallback implementation. * Extracted to enable manual triggering. */ function _fallback() internal { _willFallback(); _delegate(_implementation()); } } // File: openzeppelin-solidity/contracts/AddressUtils.sol /** * Utility library of inline functions on addresses */ library AddressUtils { /** * Returns whether the target address is a contract * @dev This function will return false if invoked during the constructor of a contract, * as the code is not actually created until after the constructor finishes. * @param addr address to check * @return whether the target address is a contract */ function isContract(address addr) internal view returns (bool) { uint256 size; // XXX Currently there is no better way to check if there is a contract in an address // than to check the size of the code at that address. // See https://ethereum.stackexchange.com/a/14016/36603 // for more details about how this works. // TODO Check this again before the Serenity release, because all addresses will be // contracts then. // solium-disable-next-line security/no-inline-assembly assembly { size := extcodesize(addr) } return size > 0; } } // File: zos-lib/contracts/upgradeability/UpgradeabilityProxy.sol /** * @title UpgradeabilityProxy * @dev This contract implements a proxy that allows to change the * implementation address to which it will delegate. * Such a change is called an implementation upgrade. */ contract UpgradeabilityProxy is Proxy { /** * @dev Emitted when the implementation is upgraded. * @param implementation Address of the new implementation. */ event Upgraded(address implementation); /** * @dev Storage slot with the address of the current implementation. * This is the keccak-256 hash of "org.zeppelinos.proxy.implementation", and is * validated in the constructor. */ bytes32 private constant IMPLEMENTATION_SLOT = 0x7050c9e0f4ca769c69bd3a8ef740bc37934f8e2c036e5a723fd8ee048ed3f8c3; /** * @dev Contract constructor. * @param _implementation Address of the initial implementation. */ constructor(address _implementation) public { assert(IMPLEMENTATION_SLOT == keccak256("org.zeppelinos.proxy.implementation")); _setImplementation(_implementation); } /** * @dev Returns the current implementation. * @return Address of the current implementation */ function _implementation() internal view returns (address impl) { bytes32 slot = IMPLEMENTATION_SLOT; assembly { impl := sload(slot) } } /** * @dev Upgrades the proxy to a new implementation. * @param newImplementation Address of the new implementation. */ function _upgradeTo(address newImplementation) internal { _setImplementation(newImplementation); emit Upgraded(newImplementation); } /** * @dev Sets the implementation address of the proxy. * @param newImplementation Address of the new implementation. */ function _setImplementation(address newImplementation) private { require(AddressUtils.isContract(newImplementation), "Cannot set a proxy implementation to a non-contract address"); bytes32 slot = IMPLEMENTATION_SLOT; assembly { sstore(slot, newImplementation) } } } // File: zos-lib/contracts/upgradeability/AdminUpgradeabilityProxy.sol /** * @title AdminUpgradeabilityProxy * @dev This contract combines an upgradeability proxy with an authorization * mechanism for administrative tasks. * All external functions in this contract must be guarded by the * `ifAdmin` modifier. See ethereum/solidity#3864 for a Solidity * feature proposal that would enable this to be done automatically. */ contract AdminUpgradeabilityProxy is UpgradeabilityProxy { /** * @dev Emitted when the administration has been transferred. * @param previousAdmin Address of the previous admin. * @param newAdmin Address of the new admin. */ event AdminChanged(address previousAdmin, address newAdmin); /** * @dev Storage slot with the admin of the contract. * This is the keccak-256 hash of "org.zeppelinos.proxy.admin", and is * validated in the constructor. */ bytes32 private constant ADMIN_SLOT = 0x10d6a54a4754c8869d6886b5f5d7fbfa5b4522237ea5c60d11bc4e7a1ff9390b; /** * @dev Modifier to check whether the `msg.sender` is the admin. * If it is, it will run the function. Otherwise, it will delegate the call * to the implementation. */ modifier ifAdmin() { if (msg.sender == _admin()) { _; } else { _fallback(); } } /** * Contract constructor. * It sets the `msg.sender` as the proxy administrator. * @param _implementation address of the initial implementation. */ constructor(address _implementation) UpgradeabilityProxy(_implementation) public { assert(ADMIN_SLOT == keccak256("org.zeppelinos.proxy.admin")); _setAdmin(msg.sender); } /** * @return The address of the proxy admin. */ function admin() external view ifAdmin returns (address) { return _admin(); } /** * @return The address of the implementation. */ function implementation() external view ifAdmin returns (address) { return _implementation(); } /** * @dev Changes the admin of the proxy. * Only the current admin can call this function. * @param newAdmin Address to transfer proxy administration to. */ function changeAdmin(address newAdmin) external ifAdmin { require(newAdmin != address(0), "Cannot change the admin of a proxy to the zero address"); emit AdminChanged(_admin(), newAdmin); _setAdmin(newAdmin); } /** * @dev Upgrade the backing implementation of the proxy. * Only the admin can call this function. * @param newImplementation Address of the new implementation. */ function upgradeTo(address newImplementation) external ifAdmin { _upgradeTo(newImplementation); } /** * @dev Upgrade the backing implementation of the proxy and call a function * on the new implementation. * This is useful to initialize the proxied contract. * @param newImplementation Address of the new implementation. * @param data Data to send as msg.data in the low level call. * It should include the signature and the parameters of the function to be * called, as described in * https://solidity.readthedocs.io/en/develop/abi-spec.html#function-selector-and-argument-encoding. */ function upgradeToAndCall(address newImplementation, bytes data) payable external ifAdmin { _upgradeTo(newImplementation); require(address(this).call.value(msg.value)(data)); } /** * @return The admin slot. */ function _admin() internal view returns (address adm) { bytes32 slot = ADMIN_SLOT; assembly { adm := sload(slot) } } /** * @dev Sets the address of the proxy admin. * @param newAdmin Address of the new proxy admin. */ function _setAdmin(address newAdmin) internal { bytes32 slot = ADMIN_SLOT; assembly { sstore(slot, newAdmin) } } /** * @dev Only fall back when the sender is not the admin. */ function _willFallback() internal { require(msg.sender != _admin(), "Cannot call fallback function from the proxy admin"); super._willFallback(); } } // File: contracts/FiatTokenProxy.sol /** * Copyright CENTRE SECZ 2018 * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is furnished to * do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in all * copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ pragma solidity ^0.4.24; /** * @title FiatTokenProxy * @dev This contract proxies FiatToken calls and enables FiatToken upgrades */ contract FiatTokenProxy is AdminUpgradeabilityProxy { constructor(address _implementation) public AdminUpgradeabilityProxy(_implementation) { } }
File 3 of 7: Spender
{"Constants.84ef19f8.sol":{"content":"// SPDX-License-Identifier: MIT\r\n\r\npragma solidity ^0.6.0;\r\n\r\nlibrary Constants {\r\n address internal constant ETH = 0x0000000000000000000000000000000000000000;\r\n}\r\n"},"Spender.3372a096.sol":{"content":"// SPDX-License-Identifier: MIT\r\n\r\npragma solidity ^0.6.0;\r\n\r\nimport \"./Constants.84ef19f8.sol\";\r\n\r\ncontract Spender {\r\n address public immutable metaswap;\r\n\r\n constructor() public {\r\n metaswap = msg.sender;\r\n }\r\n\r\n /// @dev Receives ether from swaps\r\n fallback() external payable {}\r\n\r\n function swap(address adapter, bytes calldata data) external payable {\r\n require(msg.sender == metaswap, \"FORBIDDEN\");\r\n require(adapter != address(0), \"ADAPTER_NOT_PROVIDED\");\r\n _delegate(adapter, data, \"ADAPTER_DELEGATECALL_FAILED\");\r\n }\r\n\r\n /**\r\n * @dev Performs a delegatecall and bubbles up the errors, adapted from\r\n * https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/utils/Address.sol\r\n * @param target Address of the contract to delegatecall\r\n * @param data Data passed in the delegatecall\r\n * @param errorMessage Fallback revert reason\r\n */\r\n function _delegate(\r\n address target,\r\n bytes memory data,\r\n string memory errorMessage\r\n ) private returns (bytes memory) {\r\n // solhint-disable-next-line avoid-low-level-calls\r\n (bool success, bytes memory returndata) = target.delegatecall(data);\r\n if (success) {\r\n return returndata;\r\n } else {\r\n // Look for revert reason and bubble it up if present\r\n if (returndata.length \u003e 0) {\r\n // The easiest way to bubble the revert reason is using memory via assembly\r\n\r\n // solhint-disable-next-line no-inline-assembly\r\n assembly {\r\n let returndata_size := mload(returndata)\r\n revert(add(32, returndata), returndata_size)\r\n }\r\n } else {\r\n revert(errorMessage);\r\n }\r\n }\r\n }\r\n}\r\n"}}
File 4 of 7: TetherToken
pragma solidity ^0.4.17; /** * @title SafeMath * @dev Math operations with safety checks that throw on error */ library SafeMath { function mul(uint256 a, uint256 b) internal pure returns (uint256) { if (a == 0) { return 0; } uint256 c = a * b; assert(c / a == b); return c; } function div(uint256 a, uint256 b) internal pure returns (uint256) { // assert(b > 0); // Solidity automatically throws when dividing by 0 uint256 c = a / b; // assert(a == b * c + a % b); // There is no case in which this doesn't hold return c; } function sub(uint256 a, uint256 b) internal pure returns (uint256) { assert(b <= a); return a - b; } function add(uint256 a, uint256 b) internal pure returns (uint256) { uint256 c = a + b; assert(c >= a); return c; } } /** * @title Ownable * @dev The Ownable contract has an owner address, and provides basic authorization control * functions, this simplifies the implementation of "user permissions". */ contract Ownable { address public owner; /** * @dev The Ownable constructor sets the original `owner` of the contract to the sender * account. */ function Ownable() public { owner = msg.sender; } /** * @dev Throws if called by any account other than the owner. */ modifier onlyOwner() { require(msg.sender == owner); _; } /** * @dev Allows the current owner to transfer control of the contract to a newOwner. * @param newOwner The address to transfer ownership to. */ function transferOwnership(address newOwner) public onlyOwner { if (newOwner != address(0)) { owner = newOwner; } } } /** * @title ERC20Basic * @dev Simpler version of ERC20 interface * @dev see https://github.com/ethereum/EIPs/issues/20 */ contract ERC20Basic { uint public _totalSupply; function totalSupply() public constant returns (uint); function balanceOf(address who) public constant returns (uint); function transfer(address to, uint value) public; event Transfer(address indexed from, address indexed to, uint value); } /** * @title ERC20 interface * @dev see https://github.com/ethereum/EIPs/issues/20 */ contract ERC20 is ERC20Basic { function allowance(address owner, address spender) public constant returns (uint); function transferFrom(address from, address to, uint value) public; function approve(address spender, uint value) public; event Approval(address indexed owner, address indexed spender, uint value); } /** * @title Basic token * @dev Basic version of StandardToken, with no allowances. */ contract BasicToken is Ownable, ERC20Basic { using SafeMath for uint; mapping(address => uint) public balances; // additional variables for use if transaction fees ever became necessary uint public basisPointsRate = 0; uint public maximumFee = 0; /** * @dev Fix for the ERC20 short address attack. */ modifier onlyPayloadSize(uint size) { require(!(msg.data.length < size + 4)); _; } /** * @dev transfer token for a specified address * @param _to The address to transfer to. * @param _value The amount to be transferred. */ function transfer(address _to, uint _value) public onlyPayloadSize(2 * 32) { uint fee = (_value.mul(basisPointsRate)).div(10000); if (fee > maximumFee) { fee = maximumFee; } uint sendAmount = _value.sub(fee); balances[msg.sender] = balances[msg.sender].sub(_value); balances[_to] = balances[_to].add(sendAmount); if (fee > 0) { balances[owner] = balances[owner].add(fee); Transfer(msg.sender, owner, fee); } Transfer(msg.sender, _to, sendAmount); } /** * @dev Gets the balance of the specified address. * @param _owner The address to query the the balance of. * @return An uint representing the amount owned by the passed address. */ function balanceOf(address _owner) public constant returns (uint balance) { return balances[_owner]; } } /** * @title Standard ERC20 token * * @dev Implementation of the basic standard token. * @dev https://github.com/ethereum/EIPs/issues/20 * @dev Based oncode by FirstBlood: https://github.com/Firstbloodio/token/blob/master/smart_contract/FirstBloodToken.sol */ contract StandardToken is BasicToken, ERC20 { mapping (address => mapping (address => uint)) public allowed; uint public constant MAX_UINT = 2**256 - 1; /** * @dev Transfer tokens from one address to another * @param _from address The address which you want to send tokens from * @param _to address The address which you want to transfer to * @param _value uint the amount of tokens to be transferred */ function transferFrom(address _from, address _to, uint _value) public onlyPayloadSize(3 * 32) { var _allowance = allowed[_from][msg.sender]; // Check is not needed because sub(_allowance, _value) will already throw if this condition is not met // if (_value > _allowance) throw; uint fee = (_value.mul(basisPointsRate)).div(10000); if (fee > maximumFee) { fee = maximumFee; } if (_allowance < MAX_UINT) { allowed[_from][msg.sender] = _allowance.sub(_value); } uint sendAmount = _value.sub(fee); balances[_from] = balances[_from].sub(_value); balances[_to] = balances[_to].add(sendAmount); if (fee > 0) { balances[owner] = balances[owner].add(fee); Transfer(_from, owner, fee); } Transfer(_from, _to, sendAmount); } /** * @dev Approve the passed address to spend the specified amount of tokens on behalf of msg.sender. * @param _spender The address which will spend the funds. * @param _value The amount of tokens to be spent. */ function approve(address _spender, uint _value) public onlyPayloadSize(2 * 32) { // To change the approve amount you first have to reduce the addresses` // allowance to zero by calling `approve(_spender, 0)` if it is not // already 0 to mitigate the race condition described here: // https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 require(!((_value != 0) && (allowed[msg.sender][_spender] != 0))); allowed[msg.sender][_spender] = _value; Approval(msg.sender, _spender, _value); } /** * @dev Function to check the amount of tokens than an owner allowed to a spender. * @param _owner address The address which owns the funds. * @param _spender address The address which will spend the funds. * @return A uint specifying the amount of tokens still available for the spender. */ function allowance(address _owner, address _spender) public constant returns (uint remaining) { return allowed[_owner][_spender]; } } /** * @title Pausable * @dev Base contract which allows children to implement an emergency stop mechanism. */ contract Pausable is Ownable { event Pause(); event Unpause(); bool public paused = false; /** * @dev Modifier to make a function callable only when the contract is not paused. */ modifier whenNotPaused() { require(!paused); _; } /** * @dev Modifier to make a function callable only when the contract is paused. */ modifier whenPaused() { require(paused); _; } /** * @dev called by the owner to pause, triggers stopped state */ function pause() onlyOwner whenNotPaused public { paused = true; Pause(); } /** * @dev called by the owner to unpause, returns to normal state */ function unpause() onlyOwner whenPaused public { paused = false; Unpause(); } } contract BlackList is Ownable, BasicToken { /////// Getters to allow the same blacklist to be used also by other contracts (including upgraded Tether) /////// function getBlackListStatus(address _maker) external constant returns (bool) { return isBlackListed[_maker]; } function getOwner() external constant returns (address) { return owner; } mapping (address => bool) public isBlackListed; function addBlackList (address _evilUser) public onlyOwner { isBlackListed[_evilUser] = true; AddedBlackList(_evilUser); } function removeBlackList (address _clearedUser) public onlyOwner { isBlackListed[_clearedUser] = false; RemovedBlackList(_clearedUser); } function destroyBlackFunds (address _blackListedUser) public onlyOwner { require(isBlackListed[_blackListedUser]); uint dirtyFunds = balanceOf(_blackListedUser); balances[_blackListedUser] = 0; _totalSupply -= dirtyFunds; DestroyedBlackFunds(_blackListedUser, dirtyFunds); } event DestroyedBlackFunds(address _blackListedUser, uint _balance); event AddedBlackList(address _user); event RemovedBlackList(address _user); } contract UpgradedStandardToken is StandardToken{ // those methods are called by the legacy contract // and they must ensure msg.sender to be the contract address function transferByLegacy(address from, address to, uint value) public; function transferFromByLegacy(address sender, address from, address spender, uint value) public; function approveByLegacy(address from, address spender, uint value) public; } contract TetherToken is Pausable, StandardToken, BlackList { string public name; string public symbol; uint public decimals; address public upgradedAddress; bool public deprecated; // The contract can be initialized with a number of tokens // All the tokens are deposited to the owner address // // @param _balance Initial supply of the contract // @param _name Token Name // @param _symbol Token symbol // @param _decimals Token decimals function TetherToken(uint _initialSupply, string _name, string _symbol, uint _decimals) public { _totalSupply = _initialSupply; name = _name; symbol = _symbol; decimals = _decimals; balances[owner] = _initialSupply; deprecated = false; } // Forward ERC20 methods to upgraded contract if this one is deprecated function transfer(address _to, uint _value) public whenNotPaused { require(!isBlackListed[msg.sender]); if (deprecated) { return UpgradedStandardToken(upgradedAddress).transferByLegacy(msg.sender, _to, _value); } else { return super.transfer(_to, _value); } } // Forward ERC20 methods to upgraded contract if this one is deprecated function transferFrom(address _from, address _to, uint _value) public whenNotPaused { require(!isBlackListed[_from]); if (deprecated) { return UpgradedStandardToken(upgradedAddress).transferFromByLegacy(msg.sender, _from, _to, _value); } else { return super.transferFrom(_from, _to, _value); } } // Forward ERC20 methods to upgraded contract if this one is deprecated function balanceOf(address who) public constant returns (uint) { if (deprecated) { return UpgradedStandardToken(upgradedAddress).balanceOf(who); } else { return super.balanceOf(who); } } // Forward ERC20 methods to upgraded contract if this one is deprecated function approve(address _spender, uint _value) public onlyPayloadSize(2 * 32) { if (deprecated) { return UpgradedStandardToken(upgradedAddress).approveByLegacy(msg.sender, _spender, _value); } else { return super.approve(_spender, _value); } } // Forward ERC20 methods to upgraded contract if this one is deprecated function allowance(address _owner, address _spender) public constant returns (uint remaining) { if (deprecated) { return StandardToken(upgradedAddress).allowance(_owner, _spender); } else { return super.allowance(_owner, _spender); } } // deprecate current contract in favour of a new one function deprecate(address _upgradedAddress) public onlyOwner { deprecated = true; upgradedAddress = _upgradedAddress; Deprecate(_upgradedAddress); } // deprecate current contract if favour of a new one function totalSupply() public constant returns (uint) { if (deprecated) { return StandardToken(upgradedAddress).totalSupply(); } else { return _totalSupply; } } // Issue a new amount of tokens // these tokens are deposited into the owner address // // @param _amount Number of tokens to be issued function issue(uint amount) public onlyOwner { require(_totalSupply + amount > _totalSupply); require(balances[owner] + amount > balances[owner]); balances[owner] += amount; _totalSupply += amount; Issue(amount); } // Redeem tokens. // These tokens are withdrawn from the owner address // if the balance must be enough to cover the redeem // or the call will fail. // @param _amount Number of tokens to be issued function redeem(uint amount) public onlyOwner { require(_totalSupply >= amount); require(balances[owner] >= amount); _totalSupply -= amount; balances[owner] -= amount; Redeem(amount); } function setParams(uint newBasisPoints, uint newMaxFee) public onlyOwner { // Ensure transparency by hardcoding limit beyond which fees can never be added require(newBasisPoints < 20); require(newMaxFee < 50); basisPointsRate = newBasisPoints; maximumFee = newMaxFee.mul(10**decimals); Params(basisPointsRate, maximumFee); } // Called when new token are issued event Issue(uint amount); // Called when tokens are redeemed event Redeem(uint amount); // Called when contract is deprecated event Deprecate(address newAddress); // Called if contract ever adds fees event Params(uint feeBasisPoints, uint maxFee); }
File 5 of 7: SplitWallet
// SPDX-License-Identifier: GPL-3.0-or-later pragma solidity 0.8.4; import {ISplitMain} from './interfaces/ISplitMain.sol'; import {ERC20} from '@rari-capital/solmate/src/tokens/ERC20.sol'; import {SafeTransferLib} from '@rari-capital/solmate/src/utils/SafeTransferLib.sol'; /** * ERRORS */ /// @notice Unauthorized sender error Unauthorized(); /** * @title SplitWallet * @author 0xSplits <[email protected]> * @notice The implementation logic for `SplitProxy`. * @dev `SplitProxy` handles `receive()` itself to avoid the gas cost with `DELEGATECALL`. */ contract SplitWallet { using SafeTransferLib for address; using SafeTransferLib for ERC20; /** * EVENTS */ /** @notice emitted after each successful ETH transfer to proxy * @param split Address of the split that received ETH * @param amount Amount of ETH received */ event ReceiveETH(address indexed split, uint256 amount); /** * STORAGE */ /** * STORAGE - CONSTANTS & IMMUTABLES */ /// @notice address of SplitMain for split distributions & EOA/SC withdrawals ISplitMain public immutable splitMain; /** * MODIFIERS */ /// @notice Reverts if the sender isn't SplitMain modifier onlySplitMain() { if (msg.sender != address(splitMain)) revert Unauthorized(); _; } /** * CONSTRUCTOR */ constructor() { splitMain = ISplitMain(msg.sender); } /** * FUNCTIONS - PUBLIC & EXTERNAL */ /** @notice Sends amount `amount` of ETH in proxy to SplitMain * @dev payable reduces gas cost; no vulnerability to accidentally lock * ETH introduced since fn call is restricted to SplitMain * @param amount Amount to send */ function sendETHToMain(uint256 amount) external payable onlySplitMain() { address(splitMain).safeTransferETH(amount); } /** @notice Sends amount `amount` of ERC20 `token` in proxy to SplitMain * @dev payable reduces gas cost; no vulnerability to accidentally lock * ETH introduced since fn call is restricted to SplitMain * @param token Token to send * @param amount Amount to send */ function sendERC20ToMain(ERC20 token, uint256 amount) external payable onlySplitMain() { token.safeTransfer(address(splitMain), amount); } } // SPDX-License-Identifier: GPL-3.0-or-later pragma solidity 0.8.4; import {ERC20} from '@rari-capital/solmate/src/tokens/ERC20.sol'; /** * @title ISplitMain * @author 0xSplits <[email protected]> */ interface ISplitMain { /** * FUNCTIONS */ function walletImplementation() external returns (address); function createSplit( address[] calldata accounts, uint32[] calldata percentAllocations, uint32 distributorFee, address controller ) external returns (address); function predictImmutableSplitAddress( address[] calldata accounts, uint32[] calldata percentAllocations, uint32 distributorFee ) external view returns (address); function updateSplit( address split, address[] calldata accounts, uint32[] calldata percentAllocations, uint32 distributorFee ) external; function transferControl(address split, address newController) external; function cancelControlTransfer(address split) external; function acceptControl(address split) external; function makeSplitImmutable(address split) external; function distributeETH( address split, address[] calldata accounts, uint32[] calldata percentAllocations, uint32 distributorFee, address distributorAddress ) external; function updateAndDistributeETH( address split, address[] calldata accounts, uint32[] calldata percentAllocations, uint32 distributorFee, address distributorAddress ) external; function distributeERC20( address split, ERC20 token, address[] calldata accounts, uint32[] calldata percentAllocations, uint32 distributorFee, address distributorAddress ) external; function updateAndDistributeERC20( address split, ERC20 token, address[] calldata accounts, uint32[] calldata percentAllocations, uint32 distributorFee, address distributorAddress ) external; function withdraw( address account, uint256 withdrawETH, ERC20[] calldata tokens ) external; /** * EVENTS */ /** @notice emitted after each successful split creation * @param split Address of the created split */ event CreateSplit(address indexed split); /** @notice emitted after each successful split update * @param split Address of the updated split */ event UpdateSplit(address indexed split); /** @notice emitted after each initiated split control transfer * @param split Address of the split control transfer was initiated for * @param newPotentialController Address of the split's new potential controller */ event InitiateControlTransfer( address indexed split, address indexed newPotentialController ); /** @notice emitted after each canceled split control transfer * @param split Address of the split control transfer was canceled for */ event CancelControlTransfer(address indexed split); /** @notice emitted after each successful split control transfer * @param split Address of the split control was transferred for * @param previousController Address of the split's previous controller * @param newController Address of the split's new controller */ event ControlTransfer( address indexed split, address indexed previousController, address indexed newController ); /** @notice emitted after each successful ETH balance split * @param split Address of the split that distributed its balance * @param amount Amount of ETH distributed * @param distributorAddress Address to credit distributor fee to */ event DistributeETH( address indexed split, uint256 amount, address indexed distributorAddress ); /** @notice emitted after each successful ERC20 balance split * @param split Address of the split that distributed its balance * @param token Address of ERC20 distributed * @param amount Amount of ERC20 distributed * @param distributorAddress Address to credit distributor fee to */ event DistributeERC20( address indexed split, ERC20 indexed token, uint256 amount, address indexed distributorAddress ); /** @notice emitted after each successful withdrawal * @param account Address that funds were withdrawn to * @param ethAmount Amount of ETH withdrawn * @param tokens Addresses of ERC20s withdrawn * @param tokenAmounts Amounts of corresponding ERC20s withdrawn */ event Withdrawal( address indexed account, uint256 ethAmount, ERC20[] tokens, uint256[] tokenAmounts ); } // SPDX-License-Identifier: AGPL-3.0-only pragma solidity >=0.8.0; /// @notice Modern and gas efficient ERC20 + EIP-2612 implementation. /// @author Solmate (https://github.com/Rari-Capital/solmate/blob/main/src/tokens/ERC20.sol) /// @author Modified from Uniswap (https://github.com/Uniswap/uniswap-v2-core/blob/master/contracts/UniswapV2ERC20.sol) /// @dev Do not manually set balances without updating totalSupply, as the sum of all user balances must not exceed it. abstract contract ERC20 { /*/////////////////////////////////////////////////////////////// EVENTS //////////////////////////////////////////////////////////////*/ event Transfer(address indexed from, address indexed to, uint256 amount); event Approval(address indexed owner, address indexed spender, uint256 amount); /*/////////////////////////////////////////////////////////////// METADATA STORAGE //////////////////////////////////////////////////////////////*/ string public name; string public symbol; uint8 public immutable decimals; /*/////////////////////////////////////////////////////////////// ERC20 STORAGE //////////////////////////////////////////////////////////////*/ uint256 public totalSupply; mapping(address => uint256) public balanceOf; mapping(address => mapping(address => uint256)) public allowance; /*/////////////////////////////////////////////////////////////// EIP-2612 STORAGE //////////////////////////////////////////////////////////////*/ bytes32 public constant PERMIT_TYPEHASH = keccak256("Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)"); uint256 internal immutable INITIAL_CHAIN_ID; bytes32 internal immutable INITIAL_DOMAIN_SEPARATOR; mapping(address => uint256) public nonces; /*/////////////////////////////////////////////////////////////// CONSTRUCTOR //////////////////////////////////////////////////////////////*/ constructor( string memory _name, string memory _symbol, uint8 _decimals ) { name = _name; symbol = _symbol; decimals = _decimals; INITIAL_CHAIN_ID = block.chainid; INITIAL_DOMAIN_SEPARATOR = computeDomainSeparator(); } /*/////////////////////////////////////////////////////////////// ERC20 LOGIC //////////////////////////////////////////////////////////////*/ function approve(address spender, uint256 amount) public virtual returns (bool) { allowance[msg.sender][spender] = amount; emit Approval(msg.sender, spender, amount); return true; } function transfer(address to, uint256 amount) public virtual returns (bool) { balanceOf[msg.sender] -= amount; // Cannot overflow because the sum of all user // balances can't exceed the max uint256 value. unchecked { balanceOf[to] += amount; } emit Transfer(msg.sender, to, amount); return true; } function transferFrom( address from, address to, uint256 amount ) public virtual returns (bool) { uint256 allowed = allowance[from][msg.sender]; // Saves gas for limited approvals. if (allowed != type(uint256).max) allowance[from][msg.sender] = allowed - amount; balanceOf[from] -= amount; // Cannot overflow because the sum of all user // balances can't exceed the max uint256 value. unchecked { balanceOf[to] += amount; } emit Transfer(from, to, amount); return true; } /*/////////////////////////////////////////////////////////////// EIP-2612 LOGIC //////////////////////////////////////////////////////////////*/ function permit( address owner, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s ) public virtual { require(deadline >= block.timestamp, "PERMIT_DEADLINE_EXPIRED"); // Unchecked because the only math done is incrementing // the owner's nonce which cannot realistically overflow. unchecked { bytes32 digest = keccak256( abi.encodePacked( "\\x19\\x01", DOMAIN_SEPARATOR(), keccak256(abi.encode(PERMIT_TYPEHASH, owner, spender, value, nonces[owner]++, deadline)) ) ); address recoveredAddress = ecrecover(digest, v, r, s); require(recoveredAddress != address(0) && recoveredAddress == owner, "INVALID_SIGNER"); allowance[recoveredAddress][spender] = value; } emit Approval(owner, spender, value); } function DOMAIN_SEPARATOR() public view virtual returns (bytes32) { return block.chainid == INITIAL_CHAIN_ID ? INITIAL_DOMAIN_SEPARATOR : computeDomainSeparator(); } function computeDomainSeparator() internal view virtual returns (bytes32) { return keccak256( abi.encode( keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"), keccak256(bytes(name)), keccak256("1"), block.chainid, address(this) ) ); } /*/////////////////////////////////////////////////////////////// INTERNAL MINT/BURN LOGIC //////////////////////////////////////////////////////////////*/ function _mint(address to, uint256 amount) internal virtual { totalSupply += amount; // Cannot overflow because the sum of all user // balances can't exceed the max uint256 value. unchecked { balanceOf[to] += amount; } emit Transfer(address(0), to, amount); } function _burn(address from, uint256 amount) internal virtual { balanceOf[from] -= amount; // Cannot underflow because a user's balance // will never be larger than the total supply. unchecked { totalSupply -= amount; } emit Transfer(from, address(0), amount); } } // SPDX-License-Identifier: AGPL-3.0-only pragma solidity >=0.8.0; import {ERC20} from "../tokens/ERC20.sol"; /// @notice Safe ETH and ERC20 transfer library that gracefully handles missing return values. /// @author Solmate (https://github.com/Rari-Capital/solmate/blob/main/src/utils/SafeTransferLib.sol) /// @author Modified from Gnosis (https://github.com/gnosis/gp-v2-contracts/blob/main/src/contracts/libraries/GPv2SafeERC20.sol) /// @dev Use with caution! Some functions in this library knowingly create dirty bits at the destination of the free memory pointer. library SafeTransferLib { /*/////////////////////////////////////////////////////////////// ETH OPERATIONS //////////////////////////////////////////////////////////////*/ function safeTransferETH(address to, uint256 amount) internal { bool callStatus; assembly { // Transfer the ETH and store if it succeeded or not. callStatus := call(gas(), to, amount, 0, 0, 0, 0) } require(callStatus, "ETH_TRANSFER_FAILED"); } /*/////////////////////////////////////////////////////////////// ERC20 OPERATIONS //////////////////////////////////////////////////////////////*/ function safeTransferFrom( ERC20 token, address from, address to, uint256 amount ) internal { bool callStatus; assembly { // Get a pointer to some free memory. let freeMemoryPointer := mload(0x40) // Write the abi-encoded calldata to memory piece by piece: mstore(freeMemoryPointer, 0x23b872dd00000000000000000000000000000000000000000000000000000000) // Begin with the function selector. mstore(add(freeMemoryPointer, 4), and(from, 0xffffffffffffffffffffffffffffffffffffffff)) // Mask and append the "from" argument. mstore(add(freeMemoryPointer, 36), and(to, 0xffffffffffffffffffffffffffffffffffffffff)) // Mask and append the "to" argument. mstore(add(freeMemoryPointer, 68), amount) // Finally append the "amount" argument. No mask as it's a full 32 byte value. // Call the token and store if it succeeded or not. // We use 100 because the calldata length is 4 + 32 * 3. callStatus := call(gas(), token, 0, freeMemoryPointer, 100, 0, 0) } require(didLastOptionalReturnCallSucceed(callStatus), "TRANSFER_FROM_FAILED"); } function safeTransfer( ERC20 token, address to, uint256 amount ) internal { bool callStatus; assembly { // Get a pointer to some free memory. let freeMemoryPointer := mload(0x40) // Write the abi-encoded calldata to memory piece by piece: mstore(freeMemoryPointer, 0xa9059cbb00000000000000000000000000000000000000000000000000000000) // Begin with the function selector. mstore(add(freeMemoryPointer, 4), and(to, 0xffffffffffffffffffffffffffffffffffffffff)) // Mask and append the "to" argument. mstore(add(freeMemoryPointer, 36), amount) // Finally append the "amount" argument. No mask as it's a full 32 byte value. // Call the token and store if it succeeded or not. // We use 68 because the calldata length is 4 + 32 * 2. callStatus := call(gas(), token, 0, freeMemoryPointer, 68, 0, 0) } require(didLastOptionalReturnCallSucceed(callStatus), "TRANSFER_FAILED"); } function safeApprove( ERC20 token, address to, uint256 amount ) internal { bool callStatus; assembly { // Get a pointer to some free memory. let freeMemoryPointer := mload(0x40) // Write the abi-encoded calldata to memory piece by piece: mstore(freeMemoryPointer, 0x095ea7b300000000000000000000000000000000000000000000000000000000) // Begin with the function selector. mstore(add(freeMemoryPointer, 4), and(to, 0xffffffffffffffffffffffffffffffffffffffff)) // Mask and append the "to" argument. mstore(add(freeMemoryPointer, 36), amount) // Finally append the "amount" argument. No mask as it's a full 32 byte value. // Call the token and store if it succeeded or not. // We use 68 because the calldata length is 4 + 32 * 2. callStatus := call(gas(), token, 0, freeMemoryPointer, 68, 0, 0) } require(didLastOptionalReturnCallSucceed(callStatus), "APPROVE_FAILED"); } /*/////////////////////////////////////////////////////////////// INTERNAL HELPER LOGIC //////////////////////////////////////////////////////////////*/ function didLastOptionalReturnCallSucceed(bool callStatus) private pure returns (bool success) { assembly { // Get how many bytes the call returned. let returnDataSize := returndatasize() // If the call reverted: if iszero(callStatus) { // Copy the revert message into memory. returndatacopy(0, 0, returnDataSize) // Revert with the same message. revert(0, returnDataSize) } switch returnDataSize case 32 { // Copy the return data into memory. returndatacopy(0, 0, returnDataSize) // Set success to whether it returned true. success := iszero(iszero(mload(0))) } case 0 { // There was no return data. success := 1 } default { // It returned some malformed input. success := 0 } } } }
File 6 of 7: SwapERC20
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.7.0) (access/Ownable.sol) pragma solidity ^0.8.0; import "../utils/Context.sol"; /** * @dev Contract module which provides a basic access control mechanism, where * there is an account (an owner) that can be granted exclusive access to * specific functions. * * By default, the owner account will be the one that deploys the contract. This * can later be changed with {transferOwnership}. * * This module is used through inheritance. It will make available the modifier * `onlyOwner`, which can be applied to your functions to restrict their use to * the owner. */ abstract contract Ownable is Context { address private _owner; event OwnershipTransferred(address indexed previousOwner, address indexed newOwner); /** * @dev Initializes the contract setting the deployer as the initial owner. */ constructor() { _transferOwnership(_msgSender()); } /** * @dev Throws if called by any account other than the owner. */ modifier onlyOwner() { _checkOwner(); _; } /** * @dev Returns the address of the current owner. */ function owner() public view virtual returns (address) { return _owner; } /** * @dev Throws if the sender is not the owner. */ function _checkOwner() internal view virtual { require(owner() == _msgSender(), "Ownable: caller is not the owner"); } /** * @dev Leaves the contract without owner. It will not be possible to call * `onlyOwner` functions anymore. Can only be called by the current owner. * * NOTE: Renouncing ownership will leave the contract without an owner, * thereby removing any functionality that is only available to the owner. */ function renounceOwnership() public virtual onlyOwner { _transferOwnership(address(0)); } /** * @dev Transfers ownership of the contract to a new account (`newOwner`). * Can only be called by the current owner. */ function transferOwnership(address newOwner) public virtual onlyOwner { require(newOwner != address(0), "Ownable: new owner is the zero address"); _transferOwnership(newOwner); } /** * @dev Transfers ownership of the contract to a new account (`newOwner`). * Internal function without access restriction. */ function _transferOwnership(address newOwner) internal virtual { address oldOwner = _owner; _owner = newOwner; emit OwnershipTransferred(oldOwner, newOwner); } } // SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.8.0) (access/Ownable2Step.sol) pragma solidity ^0.8.0; import "./Ownable.sol"; /** * @dev Contract module which provides access control mechanism, where * there is an account (an owner) that can be granted exclusive access to * specific functions. * * By default, the owner account will be the one that deploys the contract. This * can later be changed with {transferOwnership} and {acceptOwnership}. * * This module is used through inheritance. It will make available all functions * from parent (Ownable). */ abstract contract Ownable2Step is Ownable { address private _pendingOwner; event OwnershipTransferStarted(address indexed previousOwner, address indexed newOwner); /** * @dev Returns the address of the pending owner. */ function pendingOwner() public view virtual returns (address) { return _pendingOwner; } /** * @dev Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one. * Can only be called by the current owner. */ function transferOwnership(address newOwner) public virtual override onlyOwner { _pendingOwner = newOwner; emit OwnershipTransferStarted(owner(), newOwner); } /** * @dev Transfers ownership of the contract to a new account (`newOwner`) and deletes any pending owner. * Internal function without access restriction. */ function _transferOwnership(address newOwner) internal virtual override { delete _pendingOwner; super._transferOwnership(newOwner); } /** * @dev The new owner accepts the ownership transfer. */ function acceptOwnership() external { address sender = _msgSender(); require(pendingOwner() == sender, "Ownable2Step: caller is not the new owner"); _transferOwnership(sender); } } // SPDX-License-Identifier: MIT // OpenZeppelin Contracts v4.4.1 (token/ERC20/extensions/draft-IERC20Permit.sol) pragma solidity ^0.8.0; /** * @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in * https://eips.ethereum.org/EIPS/eip-2612[EIP-2612]. * * Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by * presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't * need to send a transaction, and thus is not required to hold Ether at all. */ interface IERC20Permit { /** * @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens, * given ``owner``'s signed approval. * * IMPORTANT: The same issues {IERC20-approve} has related to transaction * ordering also apply here. * * Emits an {Approval} event. * * Requirements: * * - `spender` cannot be the zero address. * - `deadline` must be a timestamp in the future. * - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner` * over the EIP712-formatted function arguments. * - the signature must use ``owner``'s current nonce (see {nonces}). * * For more information on the signature format, see the * https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP * section]. */ function permit( address owner, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s ) external; /** * @dev Returns the current nonce for `owner`. This value must be * included whenever a signature is generated for {permit}. * * Every successful call to {permit} increases ``owner``'s nonce by one. This * prevents a signature from being used multiple times. */ function nonces(address owner) external view returns (uint256); /** * @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}. */ // solhint-disable-next-line func-name-mixedcase function DOMAIN_SEPARATOR() external view returns (bytes32); } // SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.6.0) (token/ERC20/IERC20.sol) pragma solidity ^0.8.0; /** * @dev Interface of the ERC20 standard as defined in the EIP. */ interface IERC20 { /** * @dev Emitted when `value` tokens are moved from one account (`from`) to * another (`to`). * * Note that `value` may be zero. */ event Transfer(address indexed from, address indexed to, uint256 value); /** * @dev Emitted when the allowance of a `spender` for an `owner` is set by * a call to {approve}. `value` is the new allowance. */ event Approval(address indexed owner, address indexed spender, uint256 value); /** * @dev Returns the amount of tokens in existence. */ function totalSupply() external view returns (uint256); /** * @dev Returns the amount of tokens owned by `account`. */ function balanceOf(address account) external view returns (uint256); /** * @dev Moves `amount` tokens from the caller's account to `to`. * * Returns a boolean value indicating whether the operation succeeded. * * Emits a {Transfer} event. */ function transfer(address to, uint256 amount) external returns (bool); /** * @dev Returns the remaining number of tokens that `spender` will be * allowed to spend on behalf of `owner` through {transferFrom}. This is * zero by default. * * This value changes when {approve} or {transferFrom} are called. */ function allowance(address owner, address spender) external view returns (uint256); /** * @dev Sets `amount` as the allowance of `spender` over the caller's tokens. * * Returns a boolean value indicating whether the operation succeeded. * * IMPORTANT: Beware that changing an allowance with this method brings the risk * that someone may use both the old and the new allowance by unfortunate * transaction ordering. One possible solution to mitigate this race * condition is to first reduce the spender's allowance to 0 and set the * desired value afterwards: * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 * * Emits an {Approval} event. */ function approve(address spender, uint256 amount) external returns (bool); /** * @dev Moves `amount` tokens from `from` to `to` using the * allowance mechanism. `amount` is then deducted from the caller's * allowance. * * Returns a boolean value indicating whether the operation succeeded. * * Emits a {Transfer} event. */ function transferFrom( address from, address to, uint256 amount ) external returns (bool); } // SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.8.0) (token/ERC20/utils/SafeERC20.sol) pragma solidity ^0.8.0; import "../IERC20.sol"; import "../extensions/draft-IERC20Permit.sol"; import "../../../utils/Address.sol"; /** * @title SafeERC20 * @dev Wrappers around ERC20 operations that throw on failure (when the token * contract returns false). Tokens that return no value (and instead revert or * throw on failure) are also supported, non-reverting calls are assumed to be * successful. * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract, * which allows you to call the safe operations as `token.safeTransfer(...)`, etc. */ library SafeERC20 { using Address for address; function safeTransfer( IERC20 token, address to, uint256 value ) internal { _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value)); } function safeTransferFrom( IERC20 token, address from, address to, uint256 value ) internal { _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value)); } /** * @dev Deprecated. This function has issues similar to the ones found in * {IERC20-approve}, and its usage is discouraged. * * Whenever possible, use {safeIncreaseAllowance} and * {safeDecreaseAllowance} instead. */ function safeApprove( IERC20 token, address spender, uint256 value ) internal { // safeApprove should only be called when setting an initial allowance, // or when resetting it to zero. To increase and decrease it, use // 'safeIncreaseAllowance' and 'safeDecreaseAllowance' require( (value == 0) || (token.allowance(address(this), spender) == 0), "SafeERC20: approve from non-zero to non-zero allowance" ); _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value)); } function safeIncreaseAllowance( IERC20 token, address spender, uint256 value ) internal { uint256 newAllowance = token.allowance(address(this), spender) + value; _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance)); } function safeDecreaseAllowance( IERC20 token, address spender, uint256 value ) internal { unchecked { uint256 oldAllowance = token.allowance(address(this), spender); require(oldAllowance >= value, "SafeERC20: decreased allowance below zero"); uint256 newAllowance = oldAllowance - value; _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance)); } } function safePermit( IERC20Permit token, address owner, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s ) internal { uint256 nonceBefore = token.nonces(owner); token.permit(owner, spender, value, deadline, v, r, s); uint256 nonceAfter = token.nonces(owner); require(nonceAfter == nonceBefore + 1, "SafeERC20: permit did not succeed"); } /** * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement * on the return value: the return value is optional (but if data is returned, it must not be false). * @param token The token targeted by the call. * @param data The call data (encoded using abi.encode or one of its variants). */ function _callOptionalReturn(IERC20 token, bytes memory data) private { // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since // we're implementing it ourselves. We use {Address-functionCall} to perform this call, which verifies that // the target address contains contract code and also asserts for success in the low-level call. bytes memory returndata = address(token).functionCall(data, "SafeERC20: low-level call failed"); if (returndata.length > 0) { // Return data is optional require(abi.decode(returndata, (bool)), "SafeERC20: ERC20 operation did not succeed"); } } } // SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.8.0) (utils/Address.sol) pragma solidity ^0.8.1; /** * @dev Collection of functions related to the address type */ library Address { /** * @dev Returns true if `account` is a contract. * * [IMPORTANT] * ==== * It is unsafe to assume that an address for which this function returns * false is an externally-owned account (EOA) and not a contract. * * Among others, `isContract` will return false for the following * types of addresses: * * - an externally-owned account * - a contract in construction * - an address where a contract will be created * - an address where a contract lived, but was destroyed * ==== * * [IMPORTANT] * ==== * You shouldn't rely on `isContract` to protect against flash loan attacks! * * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract * constructor. * ==== */ function isContract(address account) internal view returns (bool) { // This method relies on extcodesize/address.code.length, which returns 0 // for contracts in construction, since the code is only stored at the end // of the constructor execution. return account.code.length > 0; } /** * @dev Replacement for Solidity's `transfer`: sends `amount` wei to * `recipient`, forwarding all available gas and reverting on errors. * * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost * of certain opcodes, possibly making contracts go over the 2300 gas limit * imposed by `transfer`, making them unable to receive funds via * `transfer`. {sendValue} removes this limitation. * * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more]. * * IMPORTANT: because control is transferred to `recipient`, care must be * taken to not create reentrancy vulnerabilities. Consider using * {ReentrancyGuard} or the * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern]. */ function sendValue(address payable recipient, uint256 amount) internal { require(address(this).balance >= amount, "Address: insufficient balance"); (bool success, ) = recipient.call{value: amount}(""); require(success, "Address: unable to send value, recipient may have reverted"); } /** * @dev Performs a Solidity function call using a low level `call`. A * plain `call` is an unsafe replacement for a function call: use this * function instead. * * If `target` reverts with a revert reason, it is bubbled up by this * function (like regular Solidity function calls). * * Returns the raw returned data. To convert to the expected return value, * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`]. * * Requirements: * * - `target` must be a contract. * - calling `target` with `data` must not revert. * * _Available since v3.1._ */ function functionCall(address target, bytes memory data) internal returns (bytes memory) { return functionCallWithValue(target, data, 0, "Address: low-level call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with * `errorMessage` as a fallback revert reason when `target` reverts. * * _Available since v3.1._ */ function functionCall( address target, bytes memory data, string memory errorMessage ) internal returns (bytes memory) { return functionCallWithValue(target, data, 0, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but also transferring `value` wei to `target`. * * Requirements: * * - the calling contract must have an ETH balance of at least `value`. * - the called Solidity function must be `payable`. * * _Available since v3.1._ */ function functionCallWithValue( address target, bytes memory data, uint256 value ) internal returns (bytes memory) { return functionCallWithValue(target, data, value, "Address: low-level call with value failed"); } /** * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but * with `errorMessage` as a fallback revert reason when `target` reverts. * * _Available since v3.1._ */ function functionCallWithValue( address target, bytes memory data, uint256 value, string memory errorMessage ) internal returns (bytes memory) { require(address(this).balance >= value, "Address: insufficient balance for call"); (bool success, bytes memory returndata) = target.call{value: value}(data); return verifyCallResultFromTarget(target, success, returndata, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but performing a static call. * * _Available since v3.3._ */ function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) { return functionStaticCall(target, data, "Address: low-level static call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`], * but performing a static call. * * _Available since v3.3._ */ function functionStaticCall( address target, bytes memory data, string memory errorMessage ) internal view returns (bytes memory) { (bool success, bytes memory returndata) = target.staticcall(data); return verifyCallResultFromTarget(target, success, returndata, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but performing a delegate call. * * _Available since v3.4._ */ function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) { return functionDelegateCall(target, data, "Address: low-level delegate call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`], * but performing a delegate call. * * _Available since v3.4._ */ function functionDelegateCall( address target, bytes memory data, string memory errorMessage ) internal returns (bytes memory) { (bool success, bytes memory returndata) = target.delegatecall(data); return verifyCallResultFromTarget(target, success, returndata, errorMessage); } /** * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract. * * _Available since v4.8._ */ function verifyCallResultFromTarget( address target, bool success, bytes memory returndata, string memory errorMessage ) internal view returns (bytes memory) { if (success) { if (returndata.length == 0) { // only check isContract if the call was successful and the return data is empty // otherwise we already know that it was a contract require(isContract(target), "Address: call to non-contract"); } return returndata; } else { _revert(returndata, errorMessage); } } /** * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the * revert reason or using the provided one. * * _Available since v4.3._ */ function verifyCallResult( bool success, bytes memory returndata, string memory errorMessage ) internal pure returns (bytes memory) { if (success) { return returndata; } else { _revert(returndata, errorMessage); } } function _revert(bytes memory returndata, string memory errorMessage) private pure { // Look for revert reason and bubble it up if present if (returndata.length > 0) { // The easiest way to bubble the revert reason is using memory via assembly /// @solidity memory-safe-assembly assembly { let returndata_size := mload(returndata) revert(add(32, returndata), returndata_size) } } else { revert(errorMessage); } } } // SPDX-License-Identifier: MIT // OpenZeppelin Contracts v4.4.1 (utils/Context.sol) pragma solidity ^0.8.0; /** * @dev Provides information about the current execution context, including the * sender of the transaction and its data. While these are generally available * via msg.sender and msg.data, they should not be accessed in such a direct * manner, since when dealing with meta-transactions the account sending and * paying for execution may not be the actual sender (as far as an application * is concerned). * * This contract is only required for intermediate, library-like contracts. */ abstract contract Context { function _msgSender() internal view virtual returns (address) { return msg.sender; } function _msgData() internal view virtual returns (bytes calldata) { return msg.data; } } // SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.8.0) (utils/cryptography/ECDSA.sol) pragma solidity ^0.8.0; import "../Strings.sol"; /** * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations. * * These functions can be used to verify that a message was signed by the holder * of the private keys of a given address. */ library ECDSA { enum RecoverError { NoError, InvalidSignature, InvalidSignatureLength, InvalidSignatureS, InvalidSignatureV // Deprecated in v4.8 } function _throwError(RecoverError error) private pure { if (error == RecoverError.NoError) { return; // no error: do nothing } else if (error == RecoverError.InvalidSignature) { revert("ECDSA: invalid signature"); } else if (error == RecoverError.InvalidSignatureLength) { revert("ECDSA: invalid signature length"); } else if (error == RecoverError.InvalidSignatureS) { revert("ECDSA: invalid signature 's' value"); } } /** * @dev Returns the address that signed a hashed message (`hash`) with * `signature` or error string. This address can then be used for verification purposes. * * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures: * this function rejects them by requiring the `s` value to be in the lower * half order, and the `v` value to be either 27 or 28. * * IMPORTANT: `hash` _must_ be the result of a hash operation for the * verification to be secure: it is possible to craft signatures that * recover to arbitrary addresses for non-hashed data. A safe way to ensure * this is by receiving a hash of the original message (which may otherwise * be too long), and then calling {toEthSignedMessageHash} on it. * * Documentation for signature generation: * - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js] * - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers] * * _Available since v4.3._ */ function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError) { if (signature.length == 65) { bytes32 r; bytes32 s; uint8 v; // ecrecover takes the signature parameters, and the only way to get them // currently is to use assembly. /// @solidity memory-safe-assembly assembly { r := mload(add(signature, 0x20)) s := mload(add(signature, 0x40)) v := byte(0, mload(add(signature, 0x60))) } return tryRecover(hash, v, r, s); } else { return (address(0), RecoverError.InvalidSignatureLength); } } /** * @dev Returns the address that signed a hashed message (`hash`) with * `signature`. This address can then be used for verification purposes. * * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures: * this function rejects them by requiring the `s` value to be in the lower * half order, and the `v` value to be either 27 or 28. * * IMPORTANT: `hash` _must_ be the result of a hash operation for the * verification to be secure: it is possible to craft signatures that * recover to arbitrary addresses for non-hashed data. A safe way to ensure * this is by receiving a hash of the original message (which may otherwise * be too long), and then calling {toEthSignedMessageHash} on it. */ function recover(bytes32 hash, bytes memory signature) internal pure returns (address) { (address recovered, RecoverError error) = tryRecover(hash, signature); _throwError(error); return recovered; } /** * @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately. * * See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures] * * _Available since v4.3._ */ function tryRecover( bytes32 hash, bytes32 r, bytes32 vs ) internal pure returns (address, RecoverError) { bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff); uint8 v = uint8((uint256(vs) >> 255) + 27); return tryRecover(hash, v, r, s); } /** * @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately. * * _Available since v4.2._ */ function recover( bytes32 hash, bytes32 r, bytes32 vs ) internal pure returns (address) { (address recovered, RecoverError error) = tryRecover(hash, r, vs); _throwError(error); return recovered; } /** * @dev Overload of {ECDSA-tryRecover} that receives the `v`, * `r` and `s` signature fields separately. * * _Available since v4.3._ */ function tryRecover( bytes32 hash, uint8 v, bytes32 r, bytes32 s ) internal pure returns (address, RecoverError) { // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines // the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most // signatures from current libraries generate a unique signature with an s-value in the lower half order. // // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept // these malleable signatures as well. if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) { return (address(0), RecoverError.InvalidSignatureS); } // If the signature is valid (and not malleable), return the signer address address signer = ecrecover(hash, v, r, s); if (signer == address(0)) { return (address(0), RecoverError.InvalidSignature); } return (signer, RecoverError.NoError); } /** * @dev Overload of {ECDSA-recover} that receives the `v`, * `r` and `s` signature fields separately. */ function recover( bytes32 hash, uint8 v, bytes32 r, bytes32 s ) internal pure returns (address) { (address recovered, RecoverError error) = tryRecover(hash, v, r, s); _throwError(error); return recovered; } /** * @dev Returns an Ethereum Signed Message, created from a `hash`. This * produces hash corresponding to the one signed with the * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`] * JSON-RPC method as part of EIP-191. * * See {recover}. */ function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32) { // 32 is the length in bytes of hash, // enforced by the type signature above return keccak256(abi.encodePacked("\\x19Ethereum Signed Message:\ 32", hash)); } /** * @dev Returns an Ethereum Signed Message, created from `s`. This * produces hash corresponding to the one signed with the * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`] * JSON-RPC method as part of EIP-191. * * See {recover}. */ function toEthSignedMessageHash(bytes memory s) internal pure returns (bytes32) { return keccak256(abi.encodePacked("\\x19Ethereum Signed Message:\ ", Strings.toString(s.length), s)); } /** * @dev Returns an Ethereum Signed Typed Data, created from a * `domainSeparator` and a `structHash`. This produces hash corresponding * to the one signed with the * https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`] * JSON-RPC method as part of EIP-712. * * See {recover}. */ function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32) { return keccak256(abi.encodePacked("\\x19\\x01", domainSeparator, structHash)); } } // SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.8.0) (utils/cryptography/EIP712.sol) pragma solidity ^0.8.0; import "./ECDSA.sol"; /** * @dev https://eips.ethereum.org/EIPS/eip-712[EIP 712] is a standard for hashing and signing of typed structured data. * * The encoding specified in the EIP is very generic, and such a generic implementation in Solidity is not feasible, * thus this contract does not implement the encoding itself. Protocols need to implement the type-specific encoding * they need in their contracts using a combination of `abi.encode` and `keccak256`. * * This contract implements the EIP 712 domain separator ({_domainSeparatorV4}) that is used as part of the encoding * scheme, and the final step of the encoding to obtain the message digest that is then signed via ECDSA * ({_hashTypedDataV4}). * * The implementation of the domain separator was designed to be as efficient as possible while still properly updating * the chain id to protect against replay attacks on an eventual fork of the chain. * * NOTE: This contract implements the version of the encoding known as "v4", as implemented by the JSON RPC method * https://docs.metamask.io/guide/signing-data.html[`eth_signTypedDataV4` in MetaMask]. * * _Available since v3.4._ */ abstract contract EIP712 { /* solhint-disable var-name-mixedcase */ // Cache the domain separator as an immutable value, but also store the chain id that it corresponds to, in order to // invalidate the cached domain separator if the chain id changes. bytes32 private immutable _CACHED_DOMAIN_SEPARATOR; uint256 private immutable _CACHED_CHAIN_ID; address private immutable _CACHED_THIS; bytes32 private immutable _HASHED_NAME; bytes32 private immutable _HASHED_VERSION; bytes32 private immutable _TYPE_HASH; /* solhint-enable var-name-mixedcase */ /** * @dev Initializes the domain separator and parameter caches. * * The meaning of `name` and `version` is specified in * https://eips.ethereum.org/EIPS/eip-712#definition-of-domainseparator[EIP 712]: * * - `name`: the user readable name of the signing domain, i.e. the name of the DApp or the protocol. * - `version`: the current major version of the signing domain. * * NOTE: These parameters cannot be changed except through a xref:learn::upgrading-smart-contracts.adoc[smart * contract upgrade]. */ constructor(string memory name, string memory version) { bytes32 hashedName = keccak256(bytes(name)); bytes32 hashedVersion = keccak256(bytes(version)); bytes32 typeHash = keccak256( "EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)" ); _HASHED_NAME = hashedName; _HASHED_VERSION = hashedVersion; _CACHED_CHAIN_ID = block.chainid; _CACHED_DOMAIN_SEPARATOR = _buildDomainSeparator(typeHash, hashedName, hashedVersion); _CACHED_THIS = address(this); _TYPE_HASH = typeHash; } /** * @dev Returns the domain separator for the current chain. */ function _domainSeparatorV4() internal view returns (bytes32) { if (address(this) == _CACHED_THIS && block.chainid == _CACHED_CHAIN_ID) { return _CACHED_DOMAIN_SEPARATOR; } else { return _buildDomainSeparator(_TYPE_HASH, _HASHED_NAME, _HASHED_VERSION); } } function _buildDomainSeparator( bytes32 typeHash, bytes32 nameHash, bytes32 versionHash ) private view returns (bytes32) { return keccak256(abi.encode(typeHash, nameHash, versionHash, block.chainid, address(this))); } /** * @dev Given an already https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct[hashed struct], this * function returns the hash of the fully encoded EIP712 message for this domain. * * This hash can be used together with {ECDSA-recover} to obtain the signer of a message. For example: * * ```solidity * bytes32 digest = _hashTypedDataV4(keccak256(abi.encode( * keccak256("Mail(address to,string contents)"), * mailTo, * keccak256(bytes(mailContents)) * ))); * address signer = ECDSA.recover(digest, signature); * ``` */ function _hashTypedDataV4(bytes32 structHash) internal view virtual returns (bytes32) { return ECDSA.toTypedDataHash(_domainSeparatorV4(), structHash); } } // SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.8.0) (utils/math/Math.sol) pragma solidity ^0.8.0; /** * @dev Standard math utilities missing in the Solidity language. */ library Math { enum Rounding { Down, // Toward negative infinity Up, // Toward infinity Zero // Toward zero } /** * @dev Returns the largest of two numbers. */ function max(uint256 a, uint256 b) internal pure returns (uint256) { return a > b ? a : b; } /** * @dev Returns the smallest of two numbers. */ function min(uint256 a, uint256 b) internal pure returns (uint256) { return a < b ? a : b; } /** * @dev Returns the average of two numbers. The result is rounded towards * zero. */ function average(uint256 a, uint256 b) internal pure returns (uint256) { // (a + b) / 2 can overflow. return (a & b) + (a ^ b) / 2; } /** * @dev Returns the ceiling of the division of two numbers. * * This differs from standard division with `/` in that it rounds up instead * of rounding down. */ function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) { // (a + b - 1) / b can overflow on addition, so we distribute. return a == 0 ? 0 : (a - 1) / b + 1; } /** * @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or denominator == 0 * @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv) * with further edits by Uniswap Labs also under MIT license. */ function mulDiv( uint256 x, uint256 y, uint256 denominator ) internal pure returns (uint256 result) { unchecked { // 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use // use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256 // variables such that product = prod1 * 2^256 + prod0. uint256 prod0; // Least significant 256 bits of the product uint256 prod1; // Most significant 256 bits of the product assembly { let mm := mulmod(x, y, not(0)) prod0 := mul(x, y) prod1 := sub(sub(mm, prod0), lt(mm, prod0)) } // Handle non-overflow cases, 256 by 256 division. if (prod1 == 0) { return prod0 / denominator; } // Make sure the result is less than 2^256. Also prevents denominator == 0. require(denominator > prod1); /////////////////////////////////////////////// // 512 by 256 division. /////////////////////////////////////////////// // Make division exact by subtracting the remainder from [prod1 prod0]. uint256 remainder; assembly { // Compute remainder using mulmod. remainder := mulmod(x, y, denominator) // Subtract 256 bit number from 512 bit number. prod1 := sub(prod1, gt(remainder, prod0)) prod0 := sub(prod0, remainder) } // Factor powers of two out of denominator and compute largest power of two divisor of denominator. Always >= 1. // See https://cs.stackexchange.com/q/138556/92363. // Does not overflow because the denominator cannot be zero at this stage in the function. uint256 twos = denominator & (~denominator + 1); assembly { // Divide denominator by twos. denominator := div(denominator, twos) // Divide [prod1 prod0] by twos. prod0 := div(prod0, twos) // Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one. twos := add(div(sub(0, twos), twos), 1) } // Shift in bits from prod1 into prod0. prod0 |= prod1 * twos; // Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such // that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for // four bits. That is, denominator * inv = 1 mod 2^4. uint256 inverse = (3 * denominator) ^ 2; // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also works // in modular arithmetic, doubling the correct bits in each step. inverse *= 2 - denominator * inverse; // inverse mod 2^8 inverse *= 2 - denominator * inverse; // inverse mod 2^16 inverse *= 2 - denominator * inverse; // inverse mod 2^32 inverse *= 2 - denominator * inverse; // inverse mod 2^64 inverse *= 2 - denominator * inverse; // inverse mod 2^128 inverse *= 2 - denominator * inverse; // inverse mod 2^256 // Because the division is now exact we can divide by multiplying with the modular inverse of denominator. // This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is // less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1 // is no longer required. result = prod0 * inverse; return result; } } /** * @notice Calculates x * y / denominator with full precision, following the selected rounding direction. */ function mulDiv( uint256 x, uint256 y, uint256 denominator, Rounding rounding ) internal pure returns (uint256) { uint256 result = mulDiv(x, y, denominator); if (rounding == Rounding.Up && mulmod(x, y, denominator) > 0) { result += 1; } return result; } /** * @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded down. * * Inspired by Henry S. Warren, Jr.'s "Hacker's Delight" (Chapter 11). */ function sqrt(uint256 a) internal pure returns (uint256) { if (a == 0) { return 0; } // For our first guess, we get the biggest power of 2 which is smaller than the square root of the target. // // We know that the "msb" (most significant bit) of our target number `a` is a power of 2 such that we have // `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`. // // This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)` // → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))` // → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)` // // Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit. uint256 result = 1 << (log2(a) >> 1); // At this point `result` is an estimation with one bit of precision. We know the true value is a uint128, // since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at // every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision // into the expected uint128 result. unchecked { result = (result + a / result) >> 1; result = (result + a / result) >> 1; result = (result + a / result) >> 1; result = (result + a / result) >> 1; result = (result + a / result) >> 1; result = (result + a / result) >> 1; result = (result + a / result) >> 1; return min(result, a / result); } } /** * @notice Calculates sqrt(a), following the selected rounding direction. */ function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) { unchecked { uint256 result = sqrt(a); return result + (rounding == Rounding.Up && result * result < a ? 1 : 0); } } /** * @dev Return the log in base 2, rounded down, of a positive value. * Returns 0 if given 0. */ function log2(uint256 value) internal pure returns (uint256) { uint256 result = 0; unchecked { if (value >> 128 > 0) { value >>= 128; result += 128; } if (value >> 64 > 0) { value >>= 64; result += 64; } if (value >> 32 > 0) { value >>= 32; result += 32; } if (value >> 16 > 0) { value >>= 16; result += 16; } if (value >> 8 > 0) { value >>= 8; result += 8; } if (value >> 4 > 0) { value >>= 4; result += 4; } if (value >> 2 > 0) { value >>= 2; result += 2; } if (value >> 1 > 0) { result += 1; } } return result; } /** * @dev Return the log in base 2, following the selected rounding direction, of a positive value. * Returns 0 if given 0. */ function log2(uint256 value, Rounding rounding) internal pure returns (uint256) { unchecked { uint256 result = log2(value); return result + (rounding == Rounding.Up && 1 << result < value ? 1 : 0); } } /** * @dev Return the log in base 10, rounded down, of a positive value. * Returns 0 if given 0. */ function log10(uint256 value) internal pure returns (uint256) { uint256 result = 0; unchecked { if (value >= 10**64) { value /= 10**64; result += 64; } if (value >= 10**32) { value /= 10**32; result += 32; } if (value >= 10**16) { value /= 10**16; result += 16; } if (value >= 10**8) { value /= 10**8; result += 8; } if (value >= 10**4) { value /= 10**4; result += 4; } if (value >= 10**2) { value /= 10**2; result += 2; } if (value >= 10**1) { result += 1; } } return result; } /** * @dev Return the log in base 10, following the selected rounding direction, of a positive value. * Returns 0 if given 0. */ function log10(uint256 value, Rounding rounding) internal pure returns (uint256) { unchecked { uint256 result = log10(value); return result + (rounding == Rounding.Up && 10**result < value ? 1 : 0); } } /** * @dev Return the log in base 256, rounded down, of a positive value. * Returns 0 if given 0. * * Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string. */ function log256(uint256 value) internal pure returns (uint256) { uint256 result = 0; unchecked { if (value >> 128 > 0) { value >>= 128; result += 16; } if (value >> 64 > 0) { value >>= 64; result += 8; } if (value >> 32 > 0) { value >>= 32; result += 4; } if (value >> 16 > 0) { value >>= 16; result += 2; } if (value >> 8 > 0) { result += 1; } } return result; } /** * @dev Return the log in base 10, following the selected rounding direction, of a positive value. * Returns 0 if given 0. */ function log256(uint256 value, Rounding rounding) internal pure returns (uint256) { unchecked { uint256 result = log256(value); return result + (rounding == Rounding.Up && 1 << (result * 8) < value ? 1 : 0); } } } // SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.8.0) (utils/Strings.sol) pragma solidity ^0.8.0; import "./math/Math.sol"; /** * @dev String operations. */ library Strings { bytes16 private constant _SYMBOLS = "0123456789abcdef"; uint8 private constant _ADDRESS_LENGTH = 20; /** * @dev Converts a `uint256` to its ASCII `string` decimal representation. */ function toString(uint256 value) internal pure returns (string memory) { unchecked { uint256 length = Math.log10(value) + 1; string memory buffer = new string(length); uint256 ptr; /// @solidity memory-safe-assembly assembly { ptr := add(buffer, add(32, length)) } while (true) { ptr--; /// @solidity memory-safe-assembly assembly { mstore8(ptr, byte(mod(value, 10), _SYMBOLS)) } value /= 10; if (value == 0) break; } return buffer; } } /** * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation. */ function toHexString(uint256 value) internal pure returns (string memory) { unchecked { return toHexString(value, Math.log256(value) + 1); } } /** * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length. */ function toHexString(uint256 value, uint256 length) internal pure returns (string memory) { bytes memory buffer = new bytes(2 * length + 2); buffer[0] = "0"; buffer[1] = "x"; for (uint256 i = 2 * length + 1; i > 1; --i) { buffer[i] = _SYMBOLS[value & 0xf]; value >>= 4; } require(value == 0, "Strings: hex length insufficient"); return string(buffer); } /** * @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation. */ function toHexString(address addr) internal pure returns (string memory) { return toHexString(uint256(uint160(addr)), _ADDRESS_LENGTH); } } // SPDX-License-Identifier: MIT pragma solidity 0.8.17; interface ISwapERC20 { struct OrderERC20 { uint256 nonce; // Unique number per signatory per order uint256 expiry; // Expiry time (seconds since unix epoch) address signerWallet; // Party to the swap that sets terms address signerToken; // ERC20 token address transferred from signer uint256 signerAmount; // Amount of tokens transferred from signer address senderWallet; // Party to the swap that accepts terms address senderToken; // ERC20 token address transferred from sender uint256 senderAmount; // Amount of tokens transferred from sender uint8 v; // ECDSA bytes32 r; bytes32 s; } event SwapERC20( uint256 indexed nonce, address indexed signerWallet, address signerToken, uint256 signerAmount, uint256 protocolFee, address indexed senderWallet, address senderToken, uint256 senderAmount ); event Cancel(uint256 indexed nonce, address indexed signerWallet); event Authorize(address indexed signer, address indexed signerWallet); event Revoke(address indexed signer, address indexed signerWallet); event SetProtocolFee(uint256 protocolFee); event SetProtocolFeeLight(uint256 protocolFeeLight); event SetProtocolFeeWallet(address indexed feeWallet); event SetRebateScale(uint256 rebateScale); event SetRebateMax(uint256 rebateMax); event SetStaking(address indexed staking); error ChainIdChanged(); error InvalidFee(); error InvalidFeeLight(); error InvalidFeeWallet(); error InvalidStaking(); error OrderExpired(); error MaxTooHigh(); error NonceAlreadyUsed(uint256); error ScaleTooHigh(); error SignatureInvalid(); error SignatoryInvalid(); error SignatoryUnauthorized(); error Unauthorized(); function swap( address recipient, uint256 nonce, uint256 expiry, address signerWallet, address signerToken, uint256 signerAmount, address senderToken, uint256 senderAmount, uint8 v, bytes32 r, bytes32 s ) external; function swapAnySender( address recipient, uint256 nonce, uint256 expiry, address signerWallet, address signerToken, uint256 signerAmount, address senderToken, uint256 senderAmount, uint8 v, bytes32 r, bytes32 s ) external; function swapLight( uint256 nonce, uint256 expiry, address signerWallet, address signerToken, uint256 signerAmount, address senderToken, uint256 senderAmount, uint8 v, bytes32 r, bytes32 s ) external; function authorize(address sender) external; function revoke() external; function cancel(uint256[] calldata nonces) external; function nonceUsed(address, uint256) external view returns (bool); function authorized(address) external view returns (address); function calculateProtocolFee( address, uint256 ) external view returns (uint256); } // SPDX-License-Identifier: MIT pragma solidity 0.8.17; import "@openzeppelin/contracts/access/Ownable2Step.sol"; import "@openzeppelin/contracts/utils/cryptography/EIP712.sol"; import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol"; import "./interfaces/ISwapERC20.sol"; /** * @title AirSwap: Atomic ERC20 Token Swap * @notice https://www.airswap.io/ */ contract SwapERC20 is ISwapERC20, Ownable2Step, EIP712 { using SafeERC20 for IERC20; bytes32 public constant ORDER_TYPEHASH = keccak256( abi.encodePacked( "OrderERC20(uint256 nonce,uint256 expiry,address signerWallet,address signerToken,uint256 signerAmount,", "uint256 protocolFee,address senderWallet,address senderToken,uint256 senderAmount)" ) ); // Domain name and version for use in EIP712 signatures string public constant DOMAIN_NAME = "SWAP_ERC20"; string public constant DOMAIN_VERSION = "4"; uint256 public immutable DOMAIN_CHAIN_ID; bytes32 public immutable DOMAIN_SEPARATOR; uint256 public constant FEE_DIVISOR = 10000; uint256 internal constant MAX_PERCENTAGE = 100; uint256 internal constant MAX_SCALE = 77; uint256 internal constant MAX_ERROR_COUNT = 9; /** * @notice Double mapping of signers to nonce groups to nonce states * @dev The nonce group is computed as nonce / 256, so each group of 256 sequential nonces uses the same key * @dev The nonce states are encoded as 256 bits, for each nonce in the group 0 means available and 1 means used */ mapping(address => mapping(uint256 => uint256)) internal _nonceGroups; // Mapping of signer to authorized signatory mapping(address => address) public override authorized; uint256 public protocolFee; uint256 public protocolFeeLight; address public protocolFeeWallet; uint256 public rebateScale; uint256 public rebateMax; address public staking; /** * @notice Constructor * @dev Sets domain and version for EIP712 signatures * @param _protocolFee uin256 fee to be assessed on swaps * @param _protocolFeeWallet address destination for fees * @param _rebateScale uin256 scale factor for rebate * @param _rebateMax uint256 max rebate percentage * @param _staking address staking contract address */ constructor( uint256 _protocolFee, uint256 _protocolFeeLight, address _protocolFeeWallet, uint256 _rebateScale, uint256 _rebateMax, address _staking ) EIP712(DOMAIN_NAME, DOMAIN_VERSION) { if (_protocolFee >= FEE_DIVISOR) revert InvalidFee(); if (_protocolFeeLight >= FEE_DIVISOR) revert InvalidFeeLight(); if (_protocolFeeWallet == address(0)) revert InvalidFeeWallet(); if (_rebateScale > MAX_SCALE) revert ScaleTooHigh(); if (_rebateMax > MAX_PERCENTAGE) revert MaxTooHigh(); if (_staking == address(0)) revert InvalidStaking(); DOMAIN_CHAIN_ID = block.chainid; DOMAIN_SEPARATOR = _domainSeparatorV4(); protocolFee = _protocolFee; protocolFeeLight = _protocolFeeLight; protocolFeeWallet = _protocolFeeWallet; rebateScale = _rebateScale; rebateMax = _rebateMax; staking = _staking; } /** * @notice Atomic ERC20 Swap * @param recipient address Wallet to receive sender proceeds * @param nonce uint256 Unique and should be sequential * @param expiry uint256 Expiry in seconds since 1 January 1970 * @param signerWallet address Wallet of the signer * @param signerToken address ERC20 token transferred from the signer * @param signerAmount uint256 Amount transferred from the signer * @param senderToken address ERC20 token transferred from the sender * @param senderAmount uint256 Amount transferred from the sender * @param v uint8 "v" value of the ECDSA signature * @param r bytes32 "r" value of the ECDSA signature * @param s bytes32 "s" value of the ECDSA signature */ function swap( address recipient, uint256 nonce, uint256 expiry, address signerWallet, address signerToken, uint256 signerAmount, address senderToken, uint256 senderAmount, uint8 v, bytes32 r, bytes32 s ) external override { // Ensure the order is valid for signer and sender _check( nonce, expiry, signerWallet, signerToken, signerAmount, msg.sender, senderToken, senderAmount, v, r, s ); // Transfer token from sender to signer IERC20(senderToken).safeTransferFrom( msg.sender, signerWallet, senderAmount ); // Transfer token from signer to recipient IERC20(signerToken).safeTransferFrom(signerWallet, recipient, signerAmount); // Calculate and transfer protocol fee and any rebate _transferProtocolFee(signerToken, signerWallet, signerAmount); // Emit a Swap event emit SwapERC20( nonce, signerWallet, signerToken, signerAmount, protocolFee, msg.sender, senderToken, senderAmount ); } /** * @notice Atomic ERC20 Swap for Any Sender * @param recipient address Wallet to receive sender proceeds * @param nonce uint256 Unique and should be sequential * @param expiry uint256 Expiry in seconds since 1 January 1970 * @param signerWallet address Wallet of the signer * @param signerToken address ERC20 token transferred from the signer * @param signerAmount uint256 Amount transferred from the signer * @param senderToken address ERC20 token transferred from the sender * @param senderAmount uint256 Amount transferred from the sender * @param v uint8 "v" value of the ECDSA signature * @param r bytes32 "r" value of the ECDSA signature * @param s bytes32 "s" value of the ECDSA signature */ function swapAnySender( address recipient, uint256 nonce, uint256 expiry, address signerWallet, address signerToken, uint256 signerAmount, address senderToken, uint256 senderAmount, uint8 v, bytes32 r, bytes32 s ) external override { // Ensure the order is valid _check( nonce, expiry, signerWallet, signerToken, signerAmount, address(0), senderToken, senderAmount, v, r, s ); // Transfer token from sender to signer IERC20(senderToken).safeTransferFrom( msg.sender, signerWallet, senderAmount ); // Transfer token from signer to recipient IERC20(signerToken).safeTransferFrom(signerWallet, recipient, signerAmount); // Calculate and transfer protocol fee and any rebate _transferProtocolFee(signerToken, signerWallet, signerAmount); // Emit a Swap event emit SwapERC20( nonce, signerWallet, signerToken, signerAmount, protocolFee, msg.sender, senderToken, senderAmount ); } /** * @notice Swap Atomic ERC20 Swap (Low Gas Usage) * @param nonce uint256 Unique and should be sequential * @param expiry uint256 Expiry in seconds since 1 January 1970 * @param signerWallet address Wallet of the signer * @param signerToken address ERC20 token transferred from the signer * @param signerAmount uint256 Amount transferred from the signer * @param senderToken address ERC20 token transferred from the sender * @param senderAmount uint256 Amount transferred from the sender * @param v uint8 "v" value of the ECDSA signature * @param r bytes32 "r" value of the ECDSA signature * @param s bytes32 "s" value of the ECDSA signature */ function swapLight( uint256 nonce, uint256 expiry, address signerWallet, address signerToken, uint256 signerAmount, address senderToken, uint256 senderAmount, uint8 v, bytes32 r, bytes32 s ) external override { if (DOMAIN_CHAIN_ID != block.chainid) revert ChainIdChanged(); // Ensure the expiry is not passed if (expiry <= block.timestamp) revert OrderExpired(); // Recover the signatory from the hash and signature (address signatory, ) = ECDSA.tryRecover( keccak256( abi.encodePacked( "\\x19\\x01", // EIP191: Indicates EIP712 DOMAIN_SEPARATOR, keccak256( abi.encode( ORDER_TYPEHASH, nonce, expiry, signerWallet, signerToken, signerAmount, protocolFeeLight, msg.sender, senderToken, senderAmount ) ) ) ), v, r, s ); // Ensure the signatory is not null if (signatory == address(0)) revert SignatureInvalid(); // Ensure the nonce is not yet used and if not mark it used if (!_markNonceAsUsed(signatory, nonce)) revert NonceAlreadyUsed(nonce); // Ensure signatory is authorized to sign if (authorized[signerWallet] != address(0)) { // If one is set by signer wallet, signatory must be authorized if (signatory != authorized[signerWallet]) revert SignatoryUnauthorized(); } else { // Otherwise, signatory must be signer wallet if (signatory != signerWallet) revert Unauthorized(); } // Transfer token from sender to signer IERC20(senderToken).safeTransferFrom( msg.sender, signerWallet, senderAmount ); // Transfer token from signer to recipient IERC20(signerToken).safeTransferFrom( signerWallet, msg.sender, signerAmount ); // Transfer fee from signer to feeWallet IERC20(signerToken).safeTransferFrom( signerWallet, protocolFeeWallet, (signerAmount * protocolFeeLight) / FEE_DIVISOR ); // Emit a Swap event emit SwapERC20( nonce, signerWallet, signerToken, signerAmount, protocolFeeLight, msg.sender, senderToken, senderAmount ); } /** * @notice Set the fee * @param _protocolFee uint256 Value of the fee in basis points */ function setProtocolFee(uint256 _protocolFee) external onlyOwner { // Ensure the fee is less than divisor if (_protocolFee >= FEE_DIVISOR) revert InvalidFee(); protocolFee = _protocolFee; emit SetProtocolFee(_protocolFee); } /** * @notice Set the light fee * @param _protocolFeeLight uint256 Value of the fee in basis points */ function setProtocolFeeLight(uint256 _protocolFeeLight) external onlyOwner { // Ensure the fee is less than divisor if (_protocolFeeLight >= FEE_DIVISOR) revert InvalidFeeLight(); protocolFeeLight = _protocolFeeLight; emit SetProtocolFeeLight(_protocolFeeLight); } /** * @notice Set the fee wallet * @param _protocolFeeWallet address Wallet to transfer fee to */ function setProtocolFeeWallet(address _protocolFeeWallet) external onlyOwner { // Ensure the new fee wallet is not null if (_protocolFeeWallet == address(0)) revert InvalidFeeWallet(); protocolFeeWallet = _protocolFeeWallet; emit SetProtocolFeeWallet(_protocolFeeWallet); } /** * @notice Set scale * @dev Only owner * @param _rebateScale uint256 */ function setRebateScale(uint256 _rebateScale) external onlyOwner { if (_rebateScale > MAX_SCALE) revert ScaleTooHigh(); rebateScale = _rebateScale; emit SetRebateScale(_rebateScale); } /** * @notice Set max * @dev Only owner * @param _rebateMax uint256 */ function setRebateMax(uint256 _rebateMax) external onlyOwner { if (_rebateMax > MAX_PERCENTAGE) revert MaxTooHigh(); rebateMax = _rebateMax; emit SetRebateMax(_rebateMax); } /** * @notice Set the staking token * @param newstaking address Token to check balances on */ function setStaking(address newstaking) external onlyOwner { // Ensure the new staking token is not null if (newstaking == address(0)) revert InvalidStaking(); staking = newstaking; emit SetStaking(newstaking); } /** * @notice Authorize a signatory * @param signatory address Wallet of the signatory to authorize * @dev Emits an Authorize event */ function authorize(address signatory) external override { if (signatory == address(0)) revert SignatoryInvalid(); authorized[msg.sender] = signatory; emit Authorize(signatory, msg.sender); } /** * @notice Revoke the signatory * @dev Emits a Revoke event */ function revoke() external override { address tmp = authorized[msg.sender]; delete authorized[msg.sender]; emit Revoke(tmp, msg.sender); } /** * @notice Cancel one or more nonces * @dev Cancelled nonces are marked as used * @dev Emits a Cancel event * @dev Out of gas may occur in arrays of length > 400 * @param nonces uint256[] List of nonces to cancel */ function cancel(uint256[] calldata nonces) external override { for (uint256 i = 0; i < nonces.length; i++) { uint256 nonce = nonces[i]; if (_markNonceAsUsed(msg.sender, nonce)) { emit Cancel(nonce, msg.sender); } } } /** * @notice Checks order and returns list of errors * @param senderWallet address Wallet that would send the order * @param nonce uint256 Unique and should be sequential * @param expiry uint256 Expiry in seconds since 1 January 1970 * @param signerWallet address Wallet of the signer * @param signerToken address ERC20 token transferred from the signer * @param signerAmount uint256 Amount transferred from the signer * @param senderToken address ERC20 token transferred from the sender * @param senderAmount uint256 Amount transferred from the sender * @param v uint8 "v" value of the ECDSA signature * @param r bytes32 "r" value of the ECDSA signature * @param s bytes32 "s" value of the ECDSA signature * @return tuple of error count and bytes32[] memory array of error messages */ function check( address senderWallet, uint256 nonce, uint256 expiry, address signerWallet, address signerToken, uint256 signerAmount, address senderToken, uint256 senderAmount, uint8 v, bytes32 r, bytes32 s ) public view returns (uint256, bytes32[] memory) { bytes32[] memory errors = new bytes32[](MAX_ERROR_COUNT); OrderERC20 memory order; uint256 errCount; order.nonce = nonce; order.expiry = expiry; order.signerWallet = signerWallet; order.signerToken = signerToken; order.signerAmount = signerAmount; order.senderToken = senderToken; order.senderAmount = senderAmount; order.v = v; order.r = r; order.s = s; order.senderWallet = senderWallet; address signatory = ecrecover( _getOrderHash( order.nonce, order.expiry, order.signerWallet, order.signerToken, order.signerAmount, order.senderWallet, order.senderToken, order.senderAmount ), order.v, order.r, order.s ); if (signatory == address(0)) { errors[errCount] = "SignatureInvalid"; errCount++; } else { if ( authorized[order.signerWallet] != address(0) && signatory != authorized[order.signerWallet] ) { errors[errCount] = "SignatoryUnauthorized"; errCount++; } else if ( authorized[order.signerWallet] == address(0) && signatory != order.signerWallet ) { errors[errCount] = "Unauthorized"; errCount++; } else if (nonceUsed(signatory, order.nonce)) { errors[errCount] = "NonceAlreadyUsed"; errCount++; } } if (order.expiry < block.timestamp) { errors[errCount] = "OrderExpired"; errCount++; } if (order.senderWallet != address(0)) { uint256 senderBalance = IERC20(order.senderToken).balanceOf( order.senderWallet ); uint256 senderAllowance = IERC20(order.senderToken).allowance( order.senderWallet, address(this) ); if (senderAllowance < order.senderAmount) { errors[errCount] = "SenderAllowanceLow"; errCount++; } if (senderBalance < order.senderAmount) { errors[errCount] = "SenderBalanceLow"; errCount++; } } uint256 signerBalance = IERC20(order.signerToken).balanceOf( order.signerWallet ); uint256 signerAllowance = IERC20(order.signerToken).allowance( order.signerWallet, address(this) ); uint256 signerFeeAmount = (order.signerAmount * protocolFee) / FEE_DIVISOR; if (signerAllowance < order.signerAmount + signerFeeAmount) { errors[errCount] = "SignerAllowanceLow"; errCount++; } if (signerBalance < order.signerAmount + signerFeeAmount) { errors[errCount] = "SignerBalanceLow"; errCount++; } return (errCount, errors); } /** * @notice Calculate output amount for an input score * @param stakingBalance uint256 * @param feeAmount uint256 */ function calculateDiscount( uint256 stakingBalance, uint256 feeAmount ) public view returns (uint256) { uint256 divisor = (uint256(10) ** rebateScale) + stakingBalance; return (rebateMax * stakingBalance * feeAmount) / divisor / 100; } /** * @notice Calculates and refers fee amount * @param wallet address * @param amount uint256 */ function calculateProtocolFee( address wallet, uint256 amount ) public view override returns (uint256) { // Transfer fee from signer to feeWallet uint256 feeAmount = (amount * protocolFee) / FEE_DIVISOR; if (feeAmount > 0) { uint256 discountAmount = calculateDiscount( IERC20(staking).balanceOf(wallet), feeAmount ); return feeAmount - discountAmount; } return feeAmount; } /** * @notice Returns true if the nonce has been used * @param signer address Address of the signer * @param nonce uint256 Nonce being checked */ function nonceUsed( address signer, uint256 nonce ) public view override returns (bool) { uint256 groupKey = nonce / 256; uint256 indexInGroup = nonce % 256; return (_nonceGroups[signer][groupKey] >> indexInGroup) & 1 == 1; } /** * @notice Marks a nonce as used for the given signer * @param signer address Address of the signer for which to mark the nonce as used * @param nonce uint256 Nonce to be marked as used * @return bool True if the nonce was not marked as used already */ function _markNonceAsUsed( address signer, uint256 nonce ) internal returns (bool) { uint256 groupKey = nonce / 256; uint256 indexInGroup = nonce % 256; uint256 group = _nonceGroups[signer][groupKey]; // If it is already used, return false if ((group >> indexInGroup) & 1 == 1) { return false; } _nonceGroups[signer][groupKey] = group | (uint256(1) << indexInGroup); return true; } /** * @notice Checks order and reverts on error * @param nonce uint256 Unique and should be sequential * @param expiry uint256 Expiry in seconds since 1 January 1970 * @param signerWallet address Wallet of the signer * @param signerToken address ERC20 token transferred from the signer * @param signerAmount uint256 Amount transferred from the signer * @param senderToken address ERC20 token transferred from the sender * @param senderAmount uint256 Amount transferred from the sender * @param v uint8 "v" value of the ECDSA signature * @param r bytes32 "r" value of the ECDSA signature * @param s bytes32 "s" value of the ECDSA signature */ function _check( uint256 nonce, uint256 expiry, address signerWallet, address signerToken, uint256 signerAmount, address senderWallet, address senderToken, uint256 senderAmount, uint8 v, bytes32 r, bytes32 s ) internal { // Ensure execution on the intended chain if (DOMAIN_CHAIN_ID != block.chainid) revert ChainIdChanged(); // Ensure the expiry is not passed if (expiry <= block.timestamp) revert OrderExpired(); // Recover the signatory from the hash and signature (address signatory, ) = ECDSA.tryRecover( _getOrderHash( nonce, expiry, signerWallet, signerToken, signerAmount, senderWallet, senderToken, senderAmount ), v, r, s ); // Ensure the signatory is not null if (signatory == address(0)) revert SignatureInvalid(); // Ensure signatory is authorized to sign if (authorized[signerWallet] != address(0)) { // If one is set by signer wallet, signatory must be authorized if (signatory != authorized[signerWallet]) revert SignatoryUnauthorized(); } else { // Otherwise, signatory must be signer wallet if (signatory != signerWallet) revert Unauthorized(); } // Ensure the nonce is not yet used and if not mark it used if (!_markNonceAsUsed(signatory, nonce)) revert NonceAlreadyUsed(nonce); } /** * @notice Hash order parameters * @param nonce uint256 * @param expiry uint256 * @param signerWallet address * @param signerToken address * @param signerAmount uint256 * @param senderToken address * @param senderAmount uint256 * @return bytes32 */ function _getOrderHash( uint256 nonce, uint256 expiry, address signerWallet, address signerToken, uint256 signerAmount, address senderWallet, address senderToken, uint256 senderAmount ) internal view returns (bytes32) { return keccak256( abi.encodePacked( "\\x19\\x01", // EIP191: Indicates EIP712 DOMAIN_SEPARATOR, keccak256( abi.encode( ORDER_TYPEHASH, nonce, expiry, signerWallet, signerToken, signerAmount, protocolFee, senderWallet, senderToken, senderAmount ) ) ) ); } /** * @notice Calculates and transfers protocol fee and rebate * @param sourceToken address * @param sourceWallet address * @param amount uint256 */ function _transferProtocolFee( address sourceToken, address sourceWallet, uint256 amount ) internal { // Transfer fee from signer to feeWallet uint256 feeAmount = (amount * protocolFee) / FEE_DIVISOR; if (feeAmount > 0) { uint256 discountAmount = calculateDiscount( IERC20(staking).balanceOf(msg.sender), feeAmount ); if (discountAmount > 0) { // Transfer fee from signer to sender IERC20(sourceToken).safeTransferFrom( sourceWallet, msg.sender, discountAmount ); // Transfer fee from signer to feeWallet IERC20(sourceToken).safeTransferFrom( sourceWallet, protocolFeeWallet, feeAmount - discountAmount ); } else { IERC20(sourceToken).safeTransferFrom( sourceWallet, protocolFeeWallet, feeAmount ); } } } }
File 7 of 7: FiatTokenV2_2
/** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; import { EIP712Domain } from "./EIP712Domain.sol"; // solhint-disable-line no-unused-import import { Blacklistable } from "../v1/Blacklistable.sol"; // solhint-disable-line no-unused-import import { FiatTokenV1 } from "../v1/FiatTokenV1.sol"; // solhint-disable-line no-unused-import import { FiatTokenV2 } from "./FiatTokenV2.sol"; // solhint-disable-line no-unused-import import { FiatTokenV2_1 } from "./FiatTokenV2_1.sol"; import { EIP712 } from "../util/EIP712.sol"; // solhint-disable func-name-mixedcase /** * @title FiatToken V2.2 * @notice ERC20 Token backed by fiat reserves, version 2.2 */ contract FiatTokenV2_2 is FiatTokenV2_1 { /** * @notice Initialize v2.2 * @param accountsToBlacklist A list of accounts to migrate from the old blacklist * @param newSymbol New token symbol * data structure to the new blacklist data structure. */ function initializeV2_2( address[] calldata accountsToBlacklist, string calldata newSymbol ) external { // solhint-disable-next-line reason-string require(_initializedVersion == 2); // Update fiat token symbol symbol = newSymbol; // Add previously blacklisted accounts to the new blacklist data structure // and remove them from the old blacklist data structure. for (uint256 i = 0; i < accountsToBlacklist.length; i++) { require( _deprecatedBlacklisted[accountsToBlacklist[i]], "FiatTokenV2_2: Blacklisting previously unblacklisted account!" ); _blacklist(accountsToBlacklist[i]); delete _deprecatedBlacklisted[accountsToBlacklist[i]]; } _blacklist(address(this)); delete _deprecatedBlacklisted[address(this)]; _initializedVersion = 3; } /** * @dev Internal function to get the current chain id. * @return The current chain id. */ function _chainId() internal virtual view returns (uint256) { uint256 chainId; assembly { chainId := chainid() } return chainId; } /** * @inheritdoc EIP712Domain */ function _domainSeparator() internal override view returns (bytes32) { return EIP712.makeDomainSeparator(name, "2", _chainId()); } /** * @notice Update allowance with a signed permit * @dev EOA wallet signatures should be packed in the order of r, s, v. * @param owner Token owner's address (Authorizer) * @param spender Spender's address * @param value Amount of allowance * @param deadline The time at which the signature expires (unix time), or max uint256 value to signal no expiration * @param signature Signature bytes signed by an EOA wallet or a contract wallet */ function permit( address owner, address spender, uint256 value, uint256 deadline, bytes memory signature ) external whenNotPaused { _permit(owner, spender, value, deadline, signature); } /** * @notice Execute a transfer with a signed authorization * @dev EOA wallet signatures should be packed in the order of r, s, v. * @param from Payer's address (Authorizer) * @param to Payee's address * @param value Amount to be transferred * @param validAfter The time after which this is valid (unix time) * @param validBefore The time before which this is valid (unix time) * @param nonce Unique nonce * @param signature Signature bytes signed by an EOA wallet or a contract wallet */ function transferWithAuthorization( address from, address to, uint256 value, uint256 validAfter, uint256 validBefore, bytes32 nonce, bytes memory signature ) external whenNotPaused notBlacklisted(from) notBlacklisted(to) { _transferWithAuthorization( from, to, value, validAfter, validBefore, nonce, signature ); } /** * @notice Receive a transfer with a signed authorization from the payer * @dev This has an additional check to ensure that the payee's address * matches the caller of this function to prevent front-running attacks. * EOA wallet signatures should be packed in the order of r, s, v. * @param from Payer's address (Authorizer) * @param to Payee's address * @param value Amount to be transferred * @param validAfter The time after which this is valid (unix time) * @param validBefore The time before which this is valid (unix time) * @param nonce Unique nonce * @param signature Signature bytes signed by an EOA wallet or a contract wallet */ function receiveWithAuthorization( address from, address to, uint256 value, uint256 validAfter, uint256 validBefore, bytes32 nonce, bytes memory signature ) external whenNotPaused notBlacklisted(from) notBlacklisted(to) { _receiveWithAuthorization( from, to, value, validAfter, validBefore, nonce, signature ); } /** * @notice Attempt to cancel an authorization * @dev Works only if the authorization is not yet used. * EOA wallet signatures should be packed in the order of r, s, v. * @param authorizer Authorizer's address * @param nonce Nonce of the authorization * @param signature Signature bytes signed by an EOA wallet or a contract wallet */ function cancelAuthorization( address authorizer, bytes32 nonce, bytes memory signature ) external whenNotPaused { _cancelAuthorization(authorizer, nonce, signature); } /** * @dev Helper method that sets the blacklist state of an account on balanceAndBlacklistStates. * If _shouldBlacklist is true, we apply a (1 << 255) bitmask with an OR operation on the * account's balanceAndBlacklistState. This flips the high bit for the account to 1, * indicating that the account is blacklisted. * * If _shouldBlacklist if false, we reset the account's balanceAndBlacklistStates to their * balances. This clears the high bit for the account, indicating that the account is unblacklisted. * @param _account The address of the account. * @param _shouldBlacklist True if the account should be blacklisted, false if the account should be unblacklisted. */ function _setBlacklistState(address _account, bool _shouldBlacklist) internal override { balanceAndBlacklistStates[_account] = _shouldBlacklist ? balanceAndBlacklistStates[_account] | (1 << 255) : _balanceOf(_account); } /** * @dev Helper method that sets the balance of an account on balanceAndBlacklistStates. * Since balances are stored in the last 255 bits of the balanceAndBlacklistStates value, * we need to ensure that the updated balance does not exceed (2^255 - 1). * Since blacklisted accounts' balances cannot be updated, the method will also * revert if the account is blacklisted * @param _account The address of the account. * @param _balance The new fiat token balance of the account (max: (2^255 - 1)). */ function _setBalance(address _account, uint256 _balance) internal override { require( _balance <= ((1 << 255) - 1), "FiatTokenV2_2: Balance exceeds (2^255 - 1)" ); require( !_isBlacklisted(_account), "FiatTokenV2_2: Account is blacklisted" ); balanceAndBlacklistStates[_account] = _balance; } /** * @inheritdoc Blacklistable */ function _isBlacklisted(address _account) internal override view returns (bool) { return balanceAndBlacklistStates[_account] >> 255 == 1; } /** * @dev Helper method to obtain the balance of an account. Since balances * are stored in the last 255 bits of the balanceAndBlacklistStates value, * we apply a ((1 << 255) - 1) bit bitmask with an AND operation on the * balanceAndBlacklistState to obtain the balance. * @param _account The address of the account. * @return The fiat token balance of the account. */ function _balanceOf(address _account) internal override view returns (uint256) { return balanceAndBlacklistStates[_account] & ((1 << 255) - 1); } /** * @inheritdoc FiatTokenV1 */ function approve(address spender, uint256 value) external override whenNotPaused returns (bool) { _approve(msg.sender, spender, value); return true; } /** * @inheritdoc FiatTokenV2 */ function permit( address owner, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s ) external override whenNotPaused { _permit(owner, spender, value, deadline, v, r, s); } /** * @inheritdoc FiatTokenV2 */ function increaseAllowance(address spender, uint256 increment) external override whenNotPaused returns (bool) { _increaseAllowance(msg.sender, spender, increment); return true; } /** * @inheritdoc FiatTokenV2 */ function decreaseAllowance(address spender, uint256 decrement) external override whenNotPaused returns (bool) { _decreaseAllowance(msg.sender, spender, decrement); return true; } } // SPDX-License-Identifier: MIT pragma solidity >=0.6.2 <0.8.0; /** * @dev Collection of functions related to the address type */ library Address { /** * @dev Returns true if `account` is a contract. * * [IMPORTANT] * ==== * It is unsafe to assume that an address for which this function returns * false is an externally-owned account (EOA) and not a contract. * * Among others, `isContract` will return false for the following * types of addresses: * * - an externally-owned account * - a contract in construction * - an address where a contract will be created * - an address where a contract lived, but was destroyed * ==== */ function isContract(address account) internal view returns (bool) { // This method relies on extcodesize, which returns 0 for contracts in // construction, since the code is only stored at the end of the // constructor execution. uint256 size; // solhint-disable-next-line no-inline-assembly assembly { size := extcodesize(account) } return size > 0; } /** * @dev Replacement for Solidity's `transfer`: sends `amount` wei to * `recipient`, forwarding all available gas and reverting on errors. * * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost * of certain opcodes, possibly making contracts go over the 2300 gas limit * imposed by `transfer`, making them unable to receive funds via * `transfer`. {sendValue} removes this limitation. * * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more]. * * IMPORTANT: because control is transferred to `recipient`, care must be * taken to not create reentrancy vulnerabilities. Consider using * {ReentrancyGuard} or the * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern]. */ function sendValue(address payable recipient, uint256 amount) internal { require(address(this).balance >= amount, "Address: insufficient balance"); // solhint-disable-next-line avoid-low-level-calls, avoid-call-value (bool success, ) = recipient.call{ value: amount }(""); require(success, "Address: unable to send value, recipient may have reverted"); } /** * @dev Performs a Solidity function call using a low level `call`. A * plain`call` is an unsafe replacement for a function call: use this * function instead. * * If `target` reverts with a revert reason, it is bubbled up by this * function (like regular Solidity function calls). * * Returns the raw returned data. To convert to the expected return value, * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`]. * * Requirements: * * - `target` must be a contract. * - calling `target` with `data` must not revert. * * _Available since v3.1._ */ function functionCall(address target, bytes memory data) internal returns (bytes memory) { return functionCall(target, data, "Address: low-level call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with * `errorMessage` as a fallback revert reason when `target` reverts. * * _Available since v3.1._ */ function functionCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) { return functionCallWithValue(target, data, 0, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but also transferring `value` wei to `target`. * * Requirements: * * - the calling contract must have an ETH balance of at least `value`. * - the called Solidity function must be `payable`. * * _Available since v3.1._ */ function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) { return functionCallWithValue(target, data, value, "Address: low-level call with value failed"); } /** * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but * with `errorMessage` as a fallback revert reason when `target` reverts. * * _Available since v3.1._ */ function functionCallWithValue(address target, bytes memory data, uint256 value, string memory errorMessage) internal returns (bytes memory) { require(address(this).balance >= value, "Address: insufficient balance for call"); require(isContract(target), "Address: call to non-contract"); // solhint-disable-next-line avoid-low-level-calls (bool success, bytes memory returndata) = target.call{ value: value }(data); return _verifyCallResult(success, returndata, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but performing a static call. * * _Available since v3.3._ */ function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) { return functionStaticCall(target, data, "Address: low-level static call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`], * but performing a static call. * * _Available since v3.3._ */ function functionStaticCall(address target, bytes memory data, string memory errorMessage) internal view returns (bytes memory) { require(isContract(target), "Address: static call to non-contract"); // solhint-disable-next-line avoid-low-level-calls (bool success, bytes memory returndata) = target.staticcall(data); return _verifyCallResult(success, returndata, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but performing a delegate call. * * _Available since v3.4._ */ function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) { return functionDelegateCall(target, data, "Address: low-level delegate call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`], * but performing a delegate call. * * _Available since v3.4._ */ function functionDelegateCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) { require(isContract(target), "Address: delegate call to non-contract"); // solhint-disable-next-line avoid-low-level-calls (bool success, bytes memory returndata) = target.delegatecall(data); return _verifyCallResult(success, returndata, errorMessage); } function _verifyCallResult(bool success, bytes memory returndata, string memory errorMessage) private pure returns(bytes memory) { if (success) { return returndata; } else { // Look for revert reason and bubble it up if present if (returndata.length > 0) { // The easiest way to bubble the revert reason is using memory via assembly // solhint-disable-next-line no-inline-assembly assembly { let returndata_size := mload(returndata) revert(add(32, returndata), returndata_size) } } else { revert(errorMessage); } } } } // SPDX-License-Identifier: MIT pragma solidity >=0.6.0 <0.8.0; import "./IERC20.sol"; import "../../math/SafeMath.sol"; import "../../utils/Address.sol"; /** * @title SafeERC20 * @dev Wrappers around ERC20 operations that throw on failure (when the token * contract returns false). Tokens that return no value (and instead revert or * throw on failure) are also supported, non-reverting calls are assumed to be * successful. * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract, * which allows you to call the safe operations as `token.safeTransfer(...)`, etc. */ library SafeERC20 { using SafeMath for uint256; using Address for address; function safeTransfer(IERC20 token, address to, uint256 value) internal { _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value)); } function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal { _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value)); } /** * @dev Deprecated. This function has issues similar to the ones found in * {IERC20-approve}, and its usage is discouraged. * * Whenever possible, use {safeIncreaseAllowance} and * {safeDecreaseAllowance} instead. */ function safeApprove(IERC20 token, address spender, uint256 value) internal { // safeApprove should only be called when setting an initial allowance, // or when resetting it to zero. To increase and decrease it, use // 'safeIncreaseAllowance' and 'safeDecreaseAllowance' // solhint-disable-next-line max-line-length require((value == 0) || (token.allowance(address(this), spender) == 0), "SafeERC20: approve from non-zero to non-zero allowance" ); _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value)); } function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal { uint256 newAllowance = token.allowance(address(this), spender).add(value); _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance)); } function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal { uint256 newAllowance = token.allowance(address(this), spender).sub(value, "SafeERC20: decreased allowance below zero"); _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance)); } /** * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement * on the return value: the return value is optional (but if data is returned, it must not be false). * @param token The token targeted by the call. * @param data The call data (encoded using abi.encode or one of its variants). */ function _callOptionalReturn(IERC20 token, bytes memory data) private { // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since // we're implementing it ourselves. We use {Address.functionCall} to perform this call, which verifies that // the target address contains contract code and also asserts for success in the low-level call. bytes memory returndata = address(token).functionCall(data, "SafeERC20: low-level call failed"); if (returndata.length > 0) { // Return data is optional // solhint-disable-next-line max-line-length require(abi.decode(returndata, (bool)), "SafeERC20: ERC20 operation did not succeed"); } } } // SPDX-License-Identifier: MIT pragma solidity >=0.6.0 <0.8.0; /** * @dev Interface of the ERC20 standard as defined in the EIP. */ interface IERC20 { /** * @dev Returns the amount of tokens in existence. */ function totalSupply() external view returns (uint256); /** * @dev Returns the amount of tokens owned by `account`. */ function balanceOf(address account) external view returns (uint256); /** * @dev Moves `amount` tokens from the caller's account to `recipient`. * * Returns a boolean value indicating whether the operation succeeded. * * Emits a {Transfer} event. */ function transfer(address recipient, uint256 amount) external returns (bool); /** * @dev Returns the remaining number of tokens that `spender` will be * allowed to spend on behalf of `owner` through {transferFrom}. This is * zero by default. * * This value changes when {approve} or {transferFrom} are called. */ function allowance(address owner, address spender) external view returns (uint256); /** * @dev Sets `amount` as the allowance of `spender` over the caller's tokens. * * Returns a boolean value indicating whether the operation succeeded. * * IMPORTANT: Beware that changing an allowance with this method brings the risk * that someone may use both the old and the new allowance by unfortunate * transaction ordering. One possible solution to mitigate this race * condition is to first reduce the spender's allowance to 0 and set the * desired value afterwards: * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 * * Emits an {Approval} event. */ function approve(address spender, uint256 amount) external returns (bool); /** * @dev Moves `amount` tokens from `sender` to `recipient` using the * allowance mechanism. `amount` is then deducted from the caller's * allowance. * * Returns a boolean value indicating whether the operation succeeded. * * Emits a {Transfer} event. */ function transferFrom(address sender, address recipient, uint256 amount) external returns (bool); /** * @dev Emitted when `value` tokens are moved from one account (`from`) to * another (`to`). * * Note that `value` may be zero. */ event Transfer(address indexed from, address indexed to, uint256 value); /** * @dev Emitted when the allowance of a `spender` for an `owner` is set by * a call to {approve}. `value` is the new allowance. */ event Approval(address indexed owner, address indexed spender, uint256 value); } // SPDX-License-Identifier: MIT pragma solidity >=0.6.0 <0.8.0; /** * @dev Wrappers over Solidity's arithmetic operations with added overflow * checks. * * Arithmetic operations in Solidity wrap on overflow. This can easily result * in bugs, because programmers usually assume that an overflow raises an * error, which is the standard behavior in high level programming languages. * `SafeMath` restores this intuition by reverting the transaction when an * operation overflows. * * Using this library instead of the unchecked operations eliminates an entire * class of bugs, so it's recommended to use it always. */ library SafeMath { /** * @dev Returns the addition of two unsigned integers, with an overflow flag. * * _Available since v3.4._ */ function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) { uint256 c = a + b; if (c < a) return (false, 0); return (true, c); } /** * @dev Returns the substraction of two unsigned integers, with an overflow flag. * * _Available since v3.4._ */ function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) { if (b > a) return (false, 0); return (true, a - b); } /** * @dev Returns the multiplication of two unsigned integers, with an overflow flag. * * _Available since v3.4._ */ function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) { // Gas optimization: this is cheaper than requiring 'a' not being zero, but the // benefit is lost if 'b' is also tested. // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522 if (a == 0) return (true, 0); uint256 c = a * b; if (c / a != b) return (false, 0); return (true, c); } /** * @dev Returns the division of two unsigned integers, with a division by zero flag. * * _Available since v3.4._ */ function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) { if (b == 0) return (false, 0); return (true, a / b); } /** * @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag. * * _Available since v3.4._ */ function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) { if (b == 0) return (false, 0); return (true, a % b); } /** * @dev Returns the addition of two unsigned integers, reverting on * overflow. * * Counterpart to Solidity's `+` operator. * * Requirements: * * - Addition cannot overflow. */ function add(uint256 a, uint256 b) internal pure returns (uint256) { uint256 c = a + b; require(c >= a, "SafeMath: addition overflow"); return c; } /** * @dev Returns the subtraction of two unsigned integers, reverting on * overflow (when the result is negative). * * Counterpart to Solidity's `-` operator. * * Requirements: * * - Subtraction cannot overflow. */ function sub(uint256 a, uint256 b) internal pure returns (uint256) { require(b <= a, "SafeMath: subtraction overflow"); return a - b; } /** * @dev Returns the multiplication of two unsigned integers, reverting on * overflow. * * Counterpart to Solidity's `*` operator. * * Requirements: * * - Multiplication cannot overflow. */ function mul(uint256 a, uint256 b) internal pure returns (uint256) { if (a == 0) return 0; uint256 c = a * b; require(c / a == b, "SafeMath: multiplication overflow"); return c; } /** * @dev Returns the integer division of two unsigned integers, reverting on * division by zero. The result is rounded towards zero. * * Counterpart to Solidity's `/` operator. Note: this function uses a * `revert` opcode (which leaves remaining gas untouched) while Solidity * uses an invalid opcode to revert (consuming all remaining gas). * * Requirements: * * - The divisor cannot be zero. */ function div(uint256 a, uint256 b) internal pure returns (uint256) { require(b > 0, "SafeMath: division by zero"); return a / b; } /** * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo), * reverting when dividing by zero. * * Counterpart to Solidity's `%` operator. This function uses a `revert` * opcode (which leaves remaining gas untouched) while Solidity uses an * invalid opcode to revert (consuming all remaining gas). * * Requirements: * * - The divisor cannot be zero. */ function mod(uint256 a, uint256 b) internal pure returns (uint256) { require(b > 0, "SafeMath: modulo by zero"); return a % b; } /** * @dev Returns the subtraction of two unsigned integers, reverting with custom message on * overflow (when the result is negative). * * CAUTION: This function is deprecated because it requires allocating memory for the error * message unnecessarily. For custom revert reasons use {trySub}. * * Counterpart to Solidity's `-` operator. * * Requirements: * * - Subtraction cannot overflow. */ function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) { require(b <= a, errorMessage); return a - b; } /** * @dev Returns the integer division of two unsigned integers, reverting with custom message on * division by zero. The result is rounded towards zero. * * CAUTION: This function is deprecated because it requires allocating memory for the error * message unnecessarily. For custom revert reasons use {tryDiv}. * * Counterpart to Solidity's `/` operator. Note: this function uses a * `revert` opcode (which leaves remaining gas untouched) while Solidity * uses an invalid opcode to revert (consuming all remaining gas). * * Requirements: * * - The divisor cannot be zero. */ function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) { require(b > 0, errorMessage); return a / b; } /** * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo), * reverting with custom message when dividing by zero. * * CAUTION: This function is deprecated because it requires allocating memory for the error * message unnecessarily. For custom revert reasons use {tryMod}. * * Counterpart to Solidity's `%` operator. This function uses a `revert` * opcode (which leaves remaining gas untouched) while Solidity uses an * invalid opcode to revert (consuming all remaining gas). * * Requirements: * * - The divisor cannot be zero. */ function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) { require(b > 0, errorMessage); return a % b; } } /** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; import { FiatTokenV2 } from "./FiatTokenV2.sol"; // solhint-disable func-name-mixedcase /** * @title FiatToken V2.1 * @notice ERC20 Token backed by fiat reserves, version 2.1 */ contract FiatTokenV2_1 is FiatTokenV2 { /** * @notice Initialize v2.1 * @param lostAndFound The address to which the locked funds are sent */ function initializeV2_1(address lostAndFound) external { // solhint-disable-next-line reason-string require(_initializedVersion == 1); uint256 lockedAmount = _balanceOf(address(this)); if (lockedAmount > 0) { _transfer(address(this), lostAndFound, lockedAmount); } _blacklist(address(this)); _initializedVersion = 2; } /** * @notice Version string for the EIP712 domain separator * @return Version string */ function version() external pure returns (string memory) { return "2"; } } /** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; import { FiatTokenV1_1 } from "../v1.1/FiatTokenV1_1.sol"; import { EIP712 } from "../util/EIP712.sol"; import { EIP3009 } from "./EIP3009.sol"; import { EIP2612 } from "./EIP2612.sol"; /** * @title FiatToken V2 * @notice ERC20 Token backed by fiat reserves, version 2 */ contract FiatTokenV2 is FiatTokenV1_1, EIP3009, EIP2612 { uint8 internal _initializedVersion; /** * @notice Initialize v2 * @param newName New token name */ function initializeV2(string calldata newName) external { // solhint-disable-next-line reason-string require(initialized && _initializedVersion == 0); name = newName; _DEPRECATED_CACHED_DOMAIN_SEPARATOR = EIP712.makeDomainSeparator( newName, "2" ); _initializedVersion = 1; } /** * @notice Increase the allowance by a given increment * @param spender Spender's address * @param increment Amount of increase in allowance * @return True if successful */ function increaseAllowance(address spender, uint256 increment) external virtual whenNotPaused notBlacklisted(msg.sender) notBlacklisted(spender) returns (bool) { _increaseAllowance(msg.sender, spender, increment); return true; } /** * @notice Decrease the allowance by a given decrement * @param spender Spender's address * @param decrement Amount of decrease in allowance * @return True if successful */ function decreaseAllowance(address spender, uint256 decrement) external virtual whenNotPaused notBlacklisted(msg.sender) notBlacklisted(spender) returns (bool) { _decreaseAllowance(msg.sender, spender, decrement); return true; } /** * @notice Execute a transfer with a signed authorization * @param from Payer's address (Authorizer) * @param to Payee's address * @param value Amount to be transferred * @param validAfter The time after which this is valid (unix time) * @param validBefore The time before which this is valid (unix time) * @param nonce Unique nonce * @param v v of the signature * @param r r of the signature * @param s s of the signature */ function transferWithAuthorization( address from, address to, uint256 value, uint256 validAfter, uint256 validBefore, bytes32 nonce, uint8 v, bytes32 r, bytes32 s ) external whenNotPaused notBlacklisted(from) notBlacklisted(to) { _transferWithAuthorization( from, to, value, validAfter, validBefore, nonce, v, r, s ); } /** * @notice Receive a transfer with a signed authorization from the payer * @dev This has an additional check to ensure that the payee's address * matches the caller of this function to prevent front-running attacks. * @param from Payer's address (Authorizer) * @param to Payee's address * @param value Amount to be transferred * @param validAfter The time after which this is valid (unix time) * @param validBefore The time before which this is valid (unix time) * @param nonce Unique nonce * @param v v of the signature * @param r r of the signature * @param s s of the signature */ function receiveWithAuthorization( address from, address to, uint256 value, uint256 validAfter, uint256 validBefore, bytes32 nonce, uint8 v, bytes32 r, bytes32 s ) external whenNotPaused notBlacklisted(from) notBlacklisted(to) { _receiveWithAuthorization( from, to, value, validAfter, validBefore, nonce, v, r, s ); } /** * @notice Attempt to cancel an authorization * @dev Works only if the authorization is not yet used. * @param authorizer Authorizer's address * @param nonce Nonce of the authorization * @param v v of the signature * @param r r of the signature * @param s s of the signature */ function cancelAuthorization( address authorizer, bytes32 nonce, uint8 v, bytes32 r, bytes32 s ) external whenNotPaused { _cancelAuthorization(authorizer, nonce, v, r, s); } /** * @notice Update allowance with a signed permit * @param owner Token owner's address (Authorizer) * @param spender Spender's address * @param value Amount of allowance * @param deadline The time at which the signature expires (unix time), or max uint256 value to signal no expiration * @param v v of the signature * @param r r of the signature * @param s s of the signature */ function permit( address owner, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s ) external virtual whenNotPaused notBlacklisted(owner) notBlacklisted(spender) { _permit(owner, spender, value, deadline, v, r, s); } /** * @dev Internal function to increase the allowance by a given increment * @param owner Token owner's address * @param spender Spender's address * @param increment Amount of increase */ function _increaseAllowance( address owner, address spender, uint256 increment ) internal override { _approve(owner, spender, allowed[owner][spender].add(increment)); } /** * @dev Internal function to decrease the allowance by a given decrement * @param owner Token owner's address * @param spender Spender's address * @param decrement Amount of decrease */ function _decreaseAllowance( address owner, address spender, uint256 decrement ) internal override { _approve( owner, spender, allowed[owner][spender].sub( decrement, "ERC20: decreased allowance below zero" ) ); } } /** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; // solhint-disable func-name-mixedcase /** * @title EIP712 Domain */ contract EIP712Domain { // was originally DOMAIN_SEPARATOR // but that has been moved to a method so we can override it in V2_2+ bytes32 internal _DEPRECATED_CACHED_DOMAIN_SEPARATOR; /** * @notice Get the EIP712 Domain Separator. * @return The bytes32 EIP712 domain separator. */ function DOMAIN_SEPARATOR() external view returns (bytes32) { return _domainSeparator(); } /** * @dev Internal method to get the EIP712 Domain Separator. * @return The bytes32 EIP712 domain separator. */ function _domainSeparator() internal virtual view returns (bytes32) { return _DEPRECATED_CACHED_DOMAIN_SEPARATOR; } } /** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; import { AbstractFiatTokenV2 } from "./AbstractFiatTokenV2.sol"; import { EIP712Domain } from "./EIP712Domain.sol"; import { SignatureChecker } from "../util/SignatureChecker.sol"; import { MessageHashUtils } from "../util/MessageHashUtils.sol"; /** * @title EIP-3009 * @notice Provide internal implementation for gas-abstracted transfers * @dev Contracts that inherit from this must wrap these with publicly * accessible functions, optionally adding modifiers where necessary */ abstract contract EIP3009 is AbstractFiatTokenV2, EIP712Domain { // keccak256("TransferWithAuthorization(address from,address to,uint256 value,uint256 validAfter,uint256 validBefore,bytes32 nonce)") bytes32 public constant TRANSFER_WITH_AUTHORIZATION_TYPEHASH = 0x7c7c6cdb67a18743f49ec6fa9b35f50d52ed05cbed4cc592e13b44501c1a2267; // keccak256("ReceiveWithAuthorization(address from,address to,uint256 value,uint256 validAfter,uint256 validBefore,bytes32 nonce)") bytes32 public constant RECEIVE_WITH_AUTHORIZATION_TYPEHASH = 0xd099cc98ef71107a616c4f0f941f04c322d8e254fe26b3c6668db87aae413de8; // keccak256("CancelAuthorization(address authorizer,bytes32 nonce)") bytes32 public constant CANCEL_AUTHORIZATION_TYPEHASH = 0x158b0a9edf7a828aad02f63cd515c68ef2f50ba807396f6d12842833a1597429; /** * @dev authorizer address => nonce => bool (true if nonce is used) */ mapping(address => mapping(bytes32 => bool)) private _authorizationStates; event AuthorizationUsed(address indexed authorizer, bytes32 indexed nonce); event AuthorizationCanceled( address indexed authorizer, bytes32 indexed nonce ); /** * @notice Returns the state of an authorization * @dev Nonces are randomly generated 32-byte data unique to the * authorizer's address * @param authorizer Authorizer's address * @param nonce Nonce of the authorization * @return True if the nonce is used */ function authorizationState(address authorizer, bytes32 nonce) external view returns (bool) { return _authorizationStates[authorizer][nonce]; } /** * @notice Execute a transfer with a signed authorization * @param from Payer's address (Authorizer) * @param to Payee's address * @param value Amount to be transferred * @param validAfter The time after which this is valid (unix time) * @param validBefore The time before which this is valid (unix time) * @param nonce Unique nonce * @param v v of the signature * @param r r of the signature * @param s s of the signature */ function _transferWithAuthorization( address from, address to, uint256 value, uint256 validAfter, uint256 validBefore, bytes32 nonce, uint8 v, bytes32 r, bytes32 s ) internal { _transferWithAuthorization( from, to, value, validAfter, validBefore, nonce, abi.encodePacked(r, s, v) ); } /** * @notice Execute a transfer with a signed authorization * @dev EOA wallet signatures should be packed in the order of r, s, v. * @param from Payer's address (Authorizer) * @param to Payee's address * @param value Amount to be transferred * @param validAfter The time after which this is valid (unix time) * @param validBefore The time before which this is valid (unix time) * @param nonce Unique nonce * @param signature Signature byte array produced by an EOA wallet or a contract wallet */ function _transferWithAuthorization( address from, address to, uint256 value, uint256 validAfter, uint256 validBefore, bytes32 nonce, bytes memory signature ) internal { _requireValidAuthorization(from, nonce, validAfter, validBefore); _requireValidSignature( from, keccak256( abi.encode( TRANSFER_WITH_AUTHORIZATION_TYPEHASH, from, to, value, validAfter, validBefore, nonce ) ), signature ); _markAuthorizationAsUsed(from, nonce); _transfer(from, to, value); } /** * @notice Receive a transfer with a signed authorization from the payer * @dev This has an additional check to ensure that the payee's address * matches the caller of this function to prevent front-running attacks. * @param from Payer's address (Authorizer) * @param to Payee's address * @param value Amount to be transferred * @param validAfter The time after which this is valid (unix time) * @param validBefore The time before which this is valid (unix time) * @param nonce Unique nonce * @param v v of the signature * @param r r of the signature * @param s s of the signature */ function _receiveWithAuthorization( address from, address to, uint256 value, uint256 validAfter, uint256 validBefore, bytes32 nonce, uint8 v, bytes32 r, bytes32 s ) internal { _receiveWithAuthorization( from, to, value, validAfter, validBefore, nonce, abi.encodePacked(r, s, v) ); } /** * @notice Receive a transfer with a signed authorization from the payer * @dev This has an additional check to ensure that the payee's address * matches the caller of this function to prevent front-running attacks. * EOA wallet signatures should be packed in the order of r, s, v. * @param from Payer's address (Authorizer) * @param to Payee's address * @param value Amount to be transferred * @param validAfter The time after which this is valid (unix time) * @param validBefore The time before which this is valid (unix time) * @param nonce Unique nonce * @param signature Signature byte array produced by an EOA wallet or a contract wallet */ function _receiveWithAuthorization( address from, address to, uint256 value, uint256 validAfter, uint256 validBefore, bytes32 nonce, bytes memory signature ) internal { require(to == msg.sender, "FiatTokenV2: caller must be the payee"); _requireValidAuthorization(from, nonce, validAfter, validBefore); _requireValidSignature( from, keccak256( abi.encode( RECEIVE_WITH_AUTHORIZATION_TYPEHASH, from, to, value, validAfter, validBefore, nonce ) ), signature ); _markAuthorizationAsUsed(from, nonce); _transfer(from, to, value); } /** * @notice Attempt to cancel an authorization * @param authorizer Authorizer's address * @param nonce Nonce of the authorization * @param v v of the signature * @param r r of the signature * @param s s of the signature */ function _cancelAuthorization( address authorizer, bytes32 nonce, uint8 v, bytes32 r, bytes32 s ) internal { _cancelAuthorization(authorizer, nonce, abi.encodePacked(r, s, v)); } /** * @notice Attempt to cancel an authorization * @dev EOA wallet signatures should be packed in the order of r, s, v. * @param authorizer Authorizer's address * @param nonce Nonce of the authorization * @param signature Signature byte array produced by an EOA wallet or a contract wallet */ function _cancelAuthorization( address authorizer, bytes32 nonce, bytes memory signature ) internal { _requireUnusedAuthorization(authorizer, nonce); _requireValidSignature( authorizer, keccak256( abi.encode(CANCEL_AUTHORIZATION_TYPEHASH, authorizer, nonce) ), signature ); _authorizationStates[authorizer][nonce] = true; emit AuthorizationCanceled(authorizer, nonce); } /** * @notice Validates that signature against input data struct * @param signer Signer's address * @param dataHash Hash of encoded data struct * @param signature Signature byte array produced by an EOA wallet or a contract wallet */ function _requireValidSignature( address signer, bytes32 dataHash, bytes memory signature ) private view { require( SignatureChecker.isValidSignatureNow( signer, MessageHashUtils.toTypedDataHash(_domainSeparator(), dataHash), signature ), "FiatTokenV2: invalid signature" ); } /** * @notice Check that an authorization is unused * @param authorizer Authorizer's address * @param nonce Nonce of the authorization */ function _requireUnusedAuthorization(address authorizer, bytes32 nonce) private view { require( !_authorizationStates[authorizer][nonce], "FiatTokenV2: authorization is used or canceled" ); } /** * @notice Check that authorization is valid * @param authorizer Authorizer's address * @param nonce Nonce of the authorization * @param validAfter The time after which this is valid (unix time) * @param validBefore The time before which this is valid (unix time) */ function _requireValidAuthorization( address authorizer, bytes32 nonce, uint256 validAfter, uint256 validBefore ) private view { require( now > validAfter, "FiatTokenV2: authorization is not yet valid" ); require(now < validBefore, "FiatTokenV2: authorization is expired"); _requireUnusedAuthorization(authorizer, nonce); } /** * @notice Mark an authorization as used * @param authorizer Authorizer's address * @param nonce Nonce of the authorization */ function _markAuthorizationAsUsed(address authorizer, bytes32 nonce) private { _authorizationStates[authorizer][nonce] = true; emit AuthorizationUsed(authorizer, nonce); } } /** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; import { AbstractFiatTokenV2 } from "./AbstractFiatTokenV2.sol"; import { EIP712Domain } from "./EIP712Domain.sol"; import { MessageHashUtils } from "../util/MessageHashUtils.sol"; import { SignatureChecker } from "../util/SignatureChecker.sol"; /** * @title EIP-2612 * @notice Provide internal implementation for gas-abstracted approvals */ abstract contract EIP2612 is AbstractFiatTokenV2, EIP712Domain { // keccak256("Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)") bytes32 public constant PERMIT_TYPEHASH = 0x6e71edae12b1b97f4d1f60370fef10105fa2faae0126114a169c64845d6126c9; mapping(address => uint256) private _permitNonces; /** * @notice Nonces for permit * @param owner Token owner's address (Authorizer) * @return Next nonce */ function nonces(address owner) external view returns (uint256) { return _permitNonces[owner]; } /** * @notice Verify a signed approval permit and execute if valid * @param owner Token owner's address (Authorizer) * @param spender Spender's address * @param value Amount of allowance * @param deadline The time at which the signature expires (unix time), or max uint256 value to signal no expiration * @param v v of the signature * @param r r of the signature * @param s s of the signature */ function _permit( address owner, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s ) internal { _permit(owner, spender, value, deadline, abi.encodePacked(r, s, v)); } /** * @notice Verify a signed approval permit and execute if valid * @dev EOA wallet signatures should be packed in the order of r, s, v. * @param owner Token owner's address (Authorizer) * @param spender Spender's address * @param value Amount of allowance * @param deadline The time at which the signature expires (unix time), or max uint256 value to signal no expiration * @param signature Signature byte array signed by an EOA wallet or a contract wallet */ function _permit( address owner, address spender, uint256 value, uint256 deadline, bytes memory signature ) internal { require( deadline == type(uint256).max || deadline >= now, "FiatTokenV2: permit is expired" ); bytes32 typedDataHash = MessageHashUtils.toTypedDataHash( _domainSeparator(), keccak256( abi.encode( PERMIT_TYPEHASH, owner, spender, value, _permitNonces[owner]++, deadline ) ) ); require( SignatureChecker.isValidSignatureNow( owner, typedDataHash, signature ), "EIP2612: invalid signature" ); _approve(owner, spender, value); } } /** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; import { AbstractFiatTokenV1 } from "../v1/AbstractFiatTokenV1.sol"; abstract contract AbstractFiatTokenV2 is AbstractFiatTokenV1 { function _increaseAllowance( address owner, address spender, uint256 increment ) internal virtual; function _decreaseAllowance( address owner, address spender, uint256 decrement ) internal virtual; } /** * SPDX-License-Identifier: MIT * * Copyright (c) 2016 Smart Contract Solutions, Inc. * Copyright (c) 2018-2020 CENTRE SECZ * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ pragma solidity 0.6.12; import { Ownable } from "./Ownable.sol"; /** * @notice Base contract which allows children to implement an emergency stop * mechanism * @dev Forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/feb665136c0dae9912e08397c1a21c4af3651ef3/contracts/lifecycle/Pausable.sol * Modifications: * 1. Added pauser role, switched pause/unpause to be onlyPauser (6/14/2018) * 2. Removed whenNotPause/whenPaused from pause/unpause (6/14/2018) * 3. Removed whenPaused (6/14/2018) * 4. Switches ownable library to use ZeppelinOS (7/12/18) * 5. Remove constructor (7/13/18) * 6. Reformat, conform to Solidity 0.6 syntax and add error messages (5/13/20) * 7. Make public functions external (5/27/20) */ contract Pausable is Ownable { event Pause(); event Unpause(); event PauserChanged(address indexed newAddress); address public pauser; bool public paused = false; /** * @dev Modifier to make a function callable only when the contract is not paused. */ modifier whenNotPaused() { require(!paused, "Pausable: paused"); _; } /** * @dev throws if called by any account other than the pauser */ modifier onlyPauser() { require(msg.sender == pauser, "Pausable: caller is not the pauser"); _; } /** * @dev called by the owner to pause, triggers stopped state */ function pause() external onlyPauser { paused = true; emit Pause(); } /** * @dev called by the owner to unpause, returns to normal state */ function unpause() external onlyPauser { paused = false; emit Unpause(); } /** * @notice Updates the pauser address. * @param _newPauser The address of the new pauser. */ function updatePauser(address _newPauser) external onlyOwner { require( _newPauser != address(0), "Pausable: new pauser is the zero address" ); pauser = _newPauser; emit PauserChanged(pauser); } } /** * SPDX-License-Identifier: MIT * * Copyright (c) 2018 zOS Global Limited. * Copyright (c) 2018-2020 CENTRE SECZ * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ pragma solidity 0.6.12; /** * @notice The Ownable contract has an owner address, and provides basic * authorization control functions * @dev Forked from https://github.com/OpenZeppelin/openzeppelin-labs/blob/3887ab77b8adafba4a26ace002f3a684c1a3388b/upgradeability_ownership/contracts/ownership/Ownable.sol * Modifications: * 1. Consolidate OwnableStorage into this contract (7/13/18) * 2. Reformat, conform to Solidity 0.6 syntax, and add error messages (5/13/20) * 3. Make public functions external (5/27/20) */ contract Ownable { // Owner of the contract address private _owner; /** * @dev Event to show ownership has been transferred * @param previousOwner representing the address of the previous owner * @param newOwner representing the address of the new owner */ event OwnershipTransferred(address previousOwner, address newOwner); /** * @dev The constructor sets the original owner of the contract to the sender account. */ constructor() public { setOwner(msg.sender); } /** * @dev Tells the address of the owner * @return the address of the owner */ function owner() external view returns (address) { return _owner; } /** * @dev Sets a new owner address */ function setOwner(address newOwner) internal { _owner = newOwner; } /** * @dev Throws if called by any account other than the owner. */ modifier onlyOwner() { require(msg.sender == _owner, "Ownable: caller is not the owner"); _; } /** * @dev Allows the current owner to transfer control of the contract to a newOwner. * @param newOwner The address to transfer ownership to. */ function transferOwnership(address newOwner) external onlyOwner { require( newOwner != address(0), "Ownable: new owner is the zero address" ); emit OwnershipTransferred(_owner, newOwner); setOwner(newOwner); } } /** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; import { SafeMath } from "@openzeppelin/contracts/math/SafeMath.sol"; import { AbstractFiatTokenV1 } from "./AbstractFiatTokenV1.sol"; import { Ownable } from "./Ownable.sol"; import { Pausable } from "./Pausable.sol"; import { Blacklistable } from "./Blacklistable.sol"; /** * @title FiatToken * @dev ERC20 Token backed by fiat reserves */ contract FiatTokenV1 is AbstractFiatTokenV1, Ownable, Pausable, Blacklistable { using SafeMath for uint256; string public name; string public symbol; uint8 public decimals; string public currency; address public masterMinter; bool internal initialized; /// @dev A mapping that stores the balance and blacklist states for a given address. /// The first bit defines whether the address is blacklisted (1 if blacklisted, 0 otherwise). /// The last 255 bits define the balance for the address. mapping(address => uint256) internal balanceAndBlacklistStates; mapping(address => mapping(address => uint256)) internal allowed; uint256 internal totalSupply_ = 0; mapping(address => bool) internal minters; mapping(address => uint256) internal minterAllowed; event Mint(address indexed minter, address indexed to, uint256 amount); event Burn(address indexed burner, uint256 amount); event MinterConfigured(address indexed minter, uint256 minterAllowedAmount); event MinterRemoved(address indexed oldMinter); event MasterMinterChanged(address indexed newMasterMinter); /** * @notice Initializes the fiat token contract. * @param tokenName The name of the fiat token. * @param tokenSymbol The symbol of the fiat token. * @param tokenCurrency The fiat currency that the token represents. * @param tokenDecimals The number of decimals that the token uses. * @param newMasterMinter The masterMinter address for the fiat token. * @param newPauser The pauser address for the fiat token. * @param newBlacklister The blacklister address for the fiat token. * @param newOwner The owner of the fiat token. */ function initialize( string memory tokenName, string memory tokenSymbol, string memory tokenCurrency, uint8 tokenDecimals, address newMasterMinter, address newPauser, address newBlacklister, address newOwner ) public { require(!initialized, "FiatToken: contract is already initialized"); require( newMasterMinter != address(0), "FiatToken: new masterMinter is the zero address" ); require( newPauser != address(0), "FiatToken: new pauser is the zero address" ); require( newBlacklister != address(0), "FiatToken: new blacklister is the zero address" ); require( newOwner != address(0), "FiatToken: new owner is the zero address" ); name = tokenName; symbol = tokenSymbol; currency = tokenCurrency; decimals = tokenDecimals; masterMinter = newMasterMinter; pauser = newPauser; blacklister = newBlacklister; setOwner(newOwner); initialized = true; } /** * @dev Throws if called by any account other than a minter. */ modifier onlyMinters() { require(minters[msg.sender], "FiatToken: caller is not a minter"); _; } /** * @notice Mints fiat tokens to an address. * @param _to The address that will receive the minted tokens. * @param _amount The amount of tokens to mint. Must be less than or equal * to the minterAllowance of the caller. * @return True if the operation was successful. */ function mint(address _to, uint256 _amount) external whenNotPaused onlyMinters notBlacklisted(msg.sender) notBlacklisted(_to) returns (bool) { require(_to != address(0), "FiatToken: mint to the zero address"); require(_amount > 0, "FiatToken: mint amount not greater than 0"); uint256 mintingAllowedAmount = minterAllowed[msg.sender]; require( _amount <= mintingAllowedAmount, "FiatToken: mint amount exceeds minterAllowance" ); totalSupply_ = totalSupply_.add(_amount); _setBalance(_to, _balanceOf(_to).add(_amount)); minterAllowed[msg.sender] = mintingAllowedAmount.sub(_amount); emit Mint(msg.sender, _to, _amount); emit Transfer(address(0), _to, _amount); return true; } /** * @dev Throws if called by any account other than the masterMinter */ modifier onlyMasterMinter() { require( msg.sender == masterMinter, "FiatToken: caller is not the masterMinter" ); _; } /** * @notice Gets the minter allowance for an account. * @param minter The address to check. * @return The remaining minter allowance for the account. */ function minterAllowance(address minter) external view returns (uint256) { return minterAllowed[minter]; } /** * @notice Checks if an account is a minter. * @param account The address to check. * @return True if the account is a minter, false if the account is not a minter. */ function isMinter(address account) external view returns (bool) { return minters[account]; } /** * @notice Gets the remaining amount of fiat tokens a spender is allowed to transfer on * behalf of the token owner. * @param owner The token owner's address. * @param spender The spender's address. * @return The remaining allowance. */ function allowance(address owner, address spender) external override view returns (uint256) { return allowed[owner][spender]; } /** * @notice Gets the totalSupply of the fiat token. * @return The totalSupply of the fiat token. */ function totalSupply() external override view returns (uint256) { return totalSupply_; } /** * @notice Gets the fiat token balance of an account. * @param account The address to check. * @return balance The fiat token balance of the account. */ function balanceOf(address account) external override view returns (uint256) { return _balanceOf(account); } /** * @notice Sets a fiat token allowance for a spender to spend on behalf of the caller. * @param spender The spender's address. * @param value The allowance amount. * @return True if the operation was successful. */ function approve(address spender, uint256 value) external virtual override whenNotPaused notBlacklisted(msg.sender) notBlacklisted(spender) returns (bool) { _approve(msg.sender, spender, value); return true; } /** * @dev Internal function to set allowance. * @param owner Token owner's address. * @param spender Spender's address. * @param value Allowance amount. */ function _approve( address owner, address spender, uint256 value ) internal override { require(owner != address(0), "ERC20: approve from the zero address"); require(spender != address(0), "ERC20: approve to the zero address"); allowed[owner][spender] = value; emit Approval(owner, spender, value); } /** * @notice Transfers tokens from an address to another by spending the caller's allowance. * @dev The caller must have some fiat token allowance on the payer's tokens. * @param from Payer's address. * @param to Payee's address. * @param value Transfer amount. * @return True if the operation was successful. */ function transferFrom( address from, address to, uint256 value ) external override whenNotPaused notBlacklisted(msg.sender) notBlacklisted(from) notBlacklisted(to) returns (bool) { require( value <= allowed[from][msg.sender], "ERC20: transfer amount exceeds allowance" ); _transfer(from, to, value); allowed[from][msg.sender] = allowed[from][msg.sender].sub(value); return true; } /** * @notice Transfers tokens from the caller. * @param to Payee's address. * @param value Transfer amount. * @return True if the operation was successful. */ function transfer(address to, uint256 value) external override whenNotPaused notBlacklisted(msg.sender) notBlacklisted(to) returns (bool) { _transfer(msg.sender, to, value); return true; } /** * @dev Internal function to process transfers. * @param from Payer's address. * @param to Payee's address. * @param value Transfer amount. */ function _transfer( address from, address to, uint256 value ) internal override { require(from != address(0), "ERC20: transfer from the zero address"); require(to != address(0), "ERC20: transfer to the zero address"); require( value <= _balanceOf(from), "ERC20: transfer amount exceeds balance" ); _setBalance(from, _balanceOf(from).sub(value)); _setBalance(to, _balanceOf(to).add(value)); emit Transfer(from, to, value); } /** * @notice Adds or updates a new minter with a mint allowance. * @param minter The address of the minter. * @param minterAllowedAmount The minting amount allowed for the minter. * @return True if the operation was successful. */ function configureMinter(address minter, uint256 minterAllowedAmount) external whenNotPaused onlyMasterMinter returns (bool) { minters[minter] = true; minterAllowed[minter] = minterAllowedAmount; emit MinterConfigured(minter, minterAllowedAmount); return true; } /** * @notice Removes a minter. * @param minter The address of the minter to remove. * @return True if the operation was successful. */ function removeMinter(address minter) external onlyMasterMinter returns (bool) { minters[minter] = false; minterAllowed[minter] = 0; emit MinterRemoved(minter); return true; } /** * @notice Allows a minter to burn some of its own tokens. * @dev The caller must be a minter, must not be blacklisted, and the amount to burn * should be less than or equal to the account's balance. * @param _amount the amount of tokens to be burned. */ function burn(uint256 _amount) external whenNotPaused onlyMinters notBlacklisted(msg.sender) { uint256 balance = _balanceOf(msg.sender); require(_amount > 0, "FiatToken: burn amount not greater than 0"); require(balance >= _amount, "FiatToken: burn amount exceeds balance"); totalSupply_ = totalSupply_.sub(_amount); _setBalance(msg.sender, balance.sub(_amount)); emit Burn(msg.sender, _amount); emit Transfer(msg.sender, address(0), _amount); } /** * @notice Updates the master minter address. * @param _newMasterMinter The address of the new master minter. */ function updateMasterMinter(address _newMasterMinter) external onlyOwner { require( _newMasterMinter != address(0), "FiatToken: new masterMinter is the zero address" ); masterMinter = _newMasterMinter; emit MasterMinterChanged(masterMinter); } /** * @inheritdoc Blacklistable */ function _blacklist(address _account) internal override { _setBlacklistState(_account, true); } /** * @inheritdoc Blacklistable */ function _unBlacklist(address _account) internal override { _setBlacklistState(_account, false); } /** * @dev Helper method that sets the blacklist state of an account. * @param _account The address of the account. * @param _shouldBlacklist True if the account should be blacklisted, false if the account should be unblacklisted. */ function _setBlacklistState(address _account, bool _shouldBlacklist) internal virtual { _deprecatedBlacklisted[_account] = _shouldBlacklist; } /** * @dev Helper method that sets the balance of an account. * @param _account The address of the account. * @param _balance The new fiat token balance of the account. */ function _setBalance(address _account, uint256 _balance) internal virtual { balanceAndBlacklistStates[_account] = _balance; } /** * @inheritdoc Blacklistable */ function _isBlacklisted(address _account) internal virtual override view returns (bool) { return _deprecatedBlacklisted[_account]; } /** * @dev Helper method to obtain the balance of an account. * @param _account The address of the account. * @return The fiat token balance of the account. */ function _balanceOf(address _account) internal virtual view returns (uint256) { return balanceAndBlacklistStates[_account]; } } /** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; import { Ownable } from "./Ownable.sol"; /** * @title Blacklistable Token * @dev Allows accounts to be blacklisted by a "blacklister" role */ abstract contract Blacklistable is Ownable { address public blacklister; mapping(address => bool) internal _deprecatedBlacklisted; event Blacklisted(address indexed _account); event UnBlacklisted(address indexed _account); event BlacklisterChanged(address indexed newBlacklister); /** * @dev Throws if called by any account other than the blacklister. */ modifier onlyBlacklister() { require( msg.sender == blacklister, "Blacklistable: caller is not the blacklister" ); _; } /** * @dev Throws if argument account is blacklisted. * @param _account The address to check. */ modifier notBlacklisted(address _account) { require( !_isBlacklisted(_account), "Blacklistable: account is blacklisted" ); _; } /** * @notice Checks if account is blacklisted. * @param _account The address to check. * @return True if the account is blacklisted, false if the account is not blacklisted. */ function isBlacklisted(address _account) external view returns (bool) { return _isBlacklisted(_account); } /** * @notice Adds account to blacklist. * @param _account The address to blacklist. */ function blacklist(address _account) external onlyBlacklister { _blacklist(_account); emit Blacklisted(_account); } /** * @notice Removes account from blacklist. * @param _account The address to remove from the blacklist. */ function unBlacklist(address _account) external onlyBlacklister { _unBlacklist(_account); emit UnBlacklisted(_account); } /** * @notice Updates the blacklister address. * @param _newBlacklister The address of the new blacklister. */ function updateBlacklister(address _newBlacklister) external onlyOwner { require( _newBlacklister != address(0), "Blacklistable: new blacklister is the zero address" ); blacklister = _newBlacklister; emit BlacklisterChanged(blacklister); } /** * @dev Checks if account is blacklisted. * @param _account The address to check. * @return true if the account is blacklisted, false otherwise. */ function _isBlacklisted(address _account) internal virtual view returns (bool); /** * @dev Helper method that blacklists an account. * @param _account The address to blacklist. */ function _blacklist(address _account) internal virtual; /** * @dev Helper method that unblacklists an account. * @param _account The address to unblacklist. */ function _unBlacklist(address _account) internal virtual; } /** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol"; abstract contract AbstractFiatTokenV1 is IERC20 { function _approve( address owner, address spender, uint256 value ) internal virtual; function _transfer( address from, address to, uint256 value ) internal virtual; } /** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; import { Ownable } from "../v1/Ownable.sol"; import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol"; import { SafeERC20 } from "@openzeppelin/contracts/token/ERC20/SafeERC20.sol"; contract Rescuable is Ownable { using SafeERC20 for IERC20; address private _rescuer; event RescuerChanged(address indexed newRescuer); /** * @notice Returns current rescuer * @return Rescuer's address */ function rescuer() external view returns (address) { return _rescuer; } /** * @notice Revert if called by any account other than the rescuer. */ modifier onlyRescuer() { require(msg.sender == _rescuer, "Rescuable: caller is not the rescuer"); _; } /** * @notice Rescue ERC20 tokens locked up in this contract. * @param tokenContract ERC20 token contract address * @param to Recipient address * @param amount Amount to withdraw */ function rescueERC20( IERC20 tokenContract, address to, uint256 amount ) external onlyRescuer { tokenContract.safeTransfer(to, amount); } /** * @notice Updates the rescuer address. * @param newRescuer The address of the new rescuer. */ function updateRescuer(address newRescuer) external onlyOwner { require( newRescuer != address(0), "Rescuable: new rescuer is the zero address" ); _rescuer = newRescuer; emit RescuerChanged(newRescuer); } } /** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; import { FiatTokenV1 } from "../v1/FiatTokenV1.sol"; import { Rescuable } from "./Rescuable.sol"; /** * @title FiatTokenV1_1 * @dev ERC20 Token backed by fiat reserves */ contract FiatTokenV1_1 is FiatTokenV1, Rescuable { } /** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; import { ECRecover } from "./ECRecover.sol"; import { IERC1271 } from "../interface/IERC1271.sol"; /** * @dev Signature verification helper that can be used instead of `ECRecover.recover` to seamlessly support both ECDSA * signatures from externally owned accounts (EOAs) as well as ERC1271 signatures from smart contract wallets. * * Adapted from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/21bb89ef5bfc789b9333eb05e3ba2b7b284ac77c/contracts/utils/cryptography/SignatureChecker.sol */ library SignatureChecker { /** * @dev Checks if a signature is valid for a given signer and data hash. If the signer is a smart contract, the * signature is validated against that smart contract using ERC1271, otherwise it's validated using `ECRecover.recover`. * @param signer Address of the claimed signer * @param digest Keccak-256 hash digest of the signed message * @param signature Signature byte array associated with hash */ function isValidSignatureNow( address signer, bytes32 digest, bytes memory signature ) external view returns (bool) { if (!isContract(signer)) { return ECRecover.recover(digest, signature) == signer; } return isValidERC1271SignatureNow(signer, digest, signature); } /** * @dev Checks if a signature is valid for a given signer and data hash. The signature is validated * against the signer smart contract using ERC1271. * @param signer Address of the claimed signer * @param digest Keccak-256 hash digest of the signed message * @param signature Signature byte array associated with hash * * NOTE: Unlike ECDSA signatures, contract signatures are revocable, and the outcome of this function can thus * change through time. It could return true at block N and false at block N+1 (or the opposite). */ function isValidERC1271SignatureNow( address signer, bytes32 digest, bytes memory signature ) internal view returns (bool) { (bool success, bytes memory result) = signer.staticcall( abi.encodeWithSelector( IERC1271.isValidSignature.selector, digest, signature ) ); return (success && result.length >= 32 && abi.decode(result, (bytes32)) == bytes32(IERC1271.isValidSignature.selector)); } /** * @dev Checks if the input address is a smart contract. */ function isContract(address addr) internal view returns (bool) { uint256 size; assembly { size := extcodesize(addr) } return size > 0; } } /** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; /** * @dev Signature message hash utilities for producing digests to be consumed by {ECDSA} recovery or signing. * * The library provides methods for generating a hash of a message that conforms to the * https://eips.ethereum.org/EIPS/eip-191[EIP 191] and https://eips.ethereum.org/EIPS/eip-712[EIP 712] * specifications. */ library MessageHashUtils { /** * @dev Returns the keccak256 digest of an EIP-712 typed data (EIP-191 version `0x01`). * Adapted from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/21bb89ef5bfc789b9333eb05e3ba2b7b284ac77c/contracts/utils/cryptography/MessageHashUtils.sol * * The digest is calculated from a `domainSeparator` and a `structHash`, by prefixing them with * `\\x19\\x01` and hashing the result. It corresponds to the hash signed by the * https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`] JSON-RPC method as part of EIP-712. * * @param domainSeparator Domain separator * @param structHash Hashed EIP-712 data struct * @return digest The keccak256 digest of an EIP-712 typed data */ function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 digest) { assembly { let ptr := mload(0x40) mstore(ptr, "\\x19\\x01") mstore(add(ptr, 0x02), domainSeparator) mstore(add(ptr, 0x22), structHash) digest := keccak256(ptr, 0x42) } } } /** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; /** * @title EIP712 * @notice A library that provides EIP712 helper functions */ library EIP712 { /** * @notice Make EIP712 domain separator * @param name Contract name * @param version Contract version * @param chainId Blockchain ID * @return Domain separator */ function makeDomainSeparator( string memory name, string memory version, uint256 chainId ) internal view returns (bytes32) { return keccak256( abi.encode( // keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)") 0x8b73c3c69bb8fe3d512ecc4cf759cc79239f7b179b0ffacaa9a75d522b39400f, keccak256(bytes(name)), keccak256(bytes(version)), chainId, address(this) ) ); } /** * @notice Make EIP712 domain separator * @param name Contract name * @param version Contract version * @return Domain separator */ function makeDomainSeparator(string memory name, string memory version) internal view returns (bytes32) { uint256 chainId; assembly { chainId := chainid() } return makeDomainSeparator(name, version, chainId); } } /** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; /** * @title ECRecover * @notice A library that provides a safe ECDSA recovery function */ library ECRecover { /** * @notice Recover signer's address from a signed message * @dev Adapted from: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/65e4ffde586ec89af3b7e9140bdc9235d1254853/contracts/cryptography/ECDSA.sol * Modifications: Accept v, r, and s as separate arguments * @param digest Keccak-256 hash digest of the signed message * @param v v of the signature * @param r r of the signature * @param s s of the signature * @return Signer address */ function recover( bytes32 digest, uint8 v, bytes32 r, bytes32 s ) internal pure returns (address) { // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines // the valid range for s in (281): 0 < s < secp256k1n ÷ 2 + 1, and for v in (282): v ∈ {27, 28}. Most // signatures from current libraries generate a unique signature with an s-value in the lower half order. // // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept // these malleable signatures as well. if ( uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0 ) { revert("ECRecover: invalid signature 's' value"); } if (v != 27 && v != 28) { revert("ECRecover: invalid signature 'v' value"); } // If the signature is valid (and not malleable), return the signer address address signer = ecrecover(digest, v, r, s); require(signer != address(0), "ECRecover: invalid signature"); return signer; } /** * @notice Recover signer's address from a signed message * @dev Adapted from: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/0053ee040a7ff1dbc39691c9e67a69f564930a88/contracts/utils/cryptography/ECDSA.sol * @param digest Keccak-256 hash digest of the signed message * @param signature Signature byte array associated with hash * @return Signer address */ function recover(bytes32 digest, bytes memory signature) internal pure returns (address) { require(signature.length == 65, "ECRecover: invalid signature length"); bytes32 r; bytes32 s; uint8 v; // ecrecover takes the signature parameters, and the only way to get them // currently is to use assembly. /// @solidity memory-safe-assembly assembly { r := mload(add(signature, 0x20)) s := mload(add(signature, 0x40)) v := byte(0, mload(add(signature, 0x60))) } return recover(digest, v, r, s); } } /** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; /** * @dev Interface of the ERC1271 standard signature validation method for * contracts as defined in https://eips.ethereum.org/EIPS/eip-1271[ERC-1271]. */ interface IERC1271 { /** * @dev Should return whether the signature provided is valid for the provided data * @param hash Hash of the data to be signed * @param signature Signature byte array associated with the provided data hash * @return magicValue bytes4 magic value 0x1626ba7e when function passes */ function isValidSignature(bytes32 hash, bytes memory signature) external view returns (bytes4 magicValue); }