Transaction Hash:
Block:
21944647 at Feb-28-2025 11:49:11 AM +UTC
Transaction Fee:
0.000198254827437667 ETH
$0.50
Gas Used:
103,961 Gas / 1.907011547 Gwei
Emitted Events:
| 183 |
FiatTokenProxy.0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef( 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef, 0x0000000000000000000000005d22045daceab03b158031ecb7d9d06fad24609b, 0x0000000000000000000000003eb0cc63e65163436b845e6c619e7873ac11e92c, 00000000000000000000000000000000000000000000000000000000004dd40a )
|
| 184 |
Proxy.0xb7477a7b93b2addc5272bbd7ad0986ef1c0d0bd265f26c3dc4bbe42727c2ac0c( 0xb7477a7b93b2addc5272bbd7ad0986ef1c0d0bd265f26c3dc4bbe42727c2ac0c, 0000000000000000000000003eb0cc63e65163436b845e6c619e7873ac11e92c, 02893294412a4c8f915f75892b395ebbf6859ec246ec365c3b1f56f47c3a0a5d, 00000000000000000000000000000000000000000000000000000000004dd40a, 00000000000000000000000000000000000000000000000000000000004dd40a, 0000000000000000000000003eb0cc63e65163436b845e6c619e7873ac11e92c )
|
Account State Difference:
| Address | Before | After | State Difference | ||
|---|---|---|---|---|---|
| 0x3eb0cC63...3ac11E92C |
1.02946517511693763 Eth
Nonce: 45
|
1.029266920289499963 Eth
Nonce: 46
| 0.000198254827437667 | ||
|
0x4838B106...B0BAD5f97
Miner
| (Titan Builder) | 13.970099075194622921 Eth | 13.970203036194622921 Eth | 0.000103961 | |
| 0x5d22045D...Fad24609b | (Rhino.fi: Bridge) | ||||
| 0xA0b86991...E3606eB48 |
Execution Trace
Proxy.441a3e70( )
StarkExchange.441a3e70( )TokensAndRamping.withdraw( ownerKey=357900163846448872814773542926719736686666967340, assetType=1147032829293317481173155891309375254605214077236177772270270553197624560221 )
FiatTokenProxy.70a08231( )
-
FiatTokenV2_2.balanceOf( account=0x5d22045DAcEAB03B158031eCB7D9d06Fad24609b ) => ( 1215984056448 )
-
- FiatTokenProxy.a9059cbb( )
-
FiatTokenV2_2.transfer( to=0x3eb0cC63E65163436B845e6c619E7873ac11E92C, value=5100554 ) => ( True )
-
- FiatTokenProxy.70a08231( )
-
FiatTokenV2_2.balanceOf( account=0x5d22045DAcEAB03B158031eCB7D9d06Fad24609b ) => ( 1215978955894 )
-
File 1 of 5: Proxy
File 2 of 5: FiatTokenProxy
File 3 of 5: StarkExchange
File 4 of 5: TokensAndRamping
File 5 of 5: FiatTokenV2_2
{"Common.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\n/*\n Common Utility libraries.\n 1. Addresses (extending address).\n*/\nlibrary Addresses {\n function isContract(address account) internal view returns (bool) {\n uint256 size;\n // solium-disable-next-line security/no-inline-assembly\n assembly {\n size := extcodesize(account)\n }\n return size \u003e 0;\n }\n}\n"},"Governance.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\nimport \"GovernanceStorage.sol\";\nimport \"MGovernance.sol\";\n\n/*\n Implements Generic Governance, applicable for both proxy and main contract, and possibly others.\n Notes:\n 1. This class is virtual (getGovernanceTag is not implemented).\n 2. The use of the same function names by both the Proxy and a delegated implementation\n is not possible since calling the implementation functions is done via the default function\n of the Proxy. For this reason, for example, the implementation of MainContract (MainGovernance)\n exposes mainIsGovernor, which calls the internal isGovernor method.\n*/\ncontract Governance is GovernanceStorage, MGovernance {\n event LogNominatedGovernor(address nominatedGovernor);\n event LogNewGovernorAccepted(address acceptedGovernor);\n event LogRemovedGovernor(address removedGovernor);\n event LogNominationCancelled();\n\n address internal constant ZERO_ADDRESS = address(0x0);\n\n /*\n Returns a string which uniquely identifies the type of the governance mechanism.\n */\n function getGovernanceTag()\n internal\n view\n returns (string memory);\n\n /*\n Returns the GovernanceInfoStruct associated with the governance tag.\n */\n function contractGovernanceInfo()\n internal\n view\n returns (GovernanceInfoStruct storage) {\n string memory tag = getGovernanceTag();\n GovernanceInfoStruct storage gub = governanceInfo[tag];\n require(gub.initialized == true, \"NOT_INITIALIZED\");\n return gub;\n }\n\n function initGovernance()\n internal\n {\n string memory tag = getGovernanceTag();\n GovernanceInfoStruct storage gub = governanceInfo[tag];\n require(gub.initialized == false, \"ALREADY_INITIALIZED\");\n gub.initialized = true; // to ensure addGovernor() won\u0027t fail.\n // Add the initial governer.\n addGovernor(msg.sender);\n }\n\n modifier onlyGovernance()\n {\n require(isGovernor(msg.sender), \"ONLY_GOVERNANCE\");\n _;\n }\n\n function isGovernor(address testGovernor)\n internal view\n returns (bool addressIsGovernor){\n GovernanceInfoStruct storage gub = contractGovernanceInfo();\n addressIsGovernor = gub.effectiveGovernors[testGovernor];\n }\n\n /*\n Cancels the nomination of a governor condidate.\n */\n function cancelNomination() internal onlyGovernance() {\n GovernanceInfoStruct storage gub = contractGovernanceInfo();\n gub.candidateGovernor = ZERO_ADDRESS;\n emit LogNominationCancelled();\n }\n\n function nominateNewGovernor(address newGovernor) internal onlyGovernance() {\n GovernanceInfoStruct storage gub = contractGovernanceInfo();\n require(isGovernor(newGovernor) == false, \"ALREADY_GOVERNOR\");\n gub.candidateGovernor = newGovernor;\n emit LogNominatedGovernor(newGovernor);\n }\n\n /*\n The addGovernor is called in two cases:\n 1. by acceptGovernance when a new governor accepts its role.\n 2. by initGovernance to add the initial governor.\n The difference is that the init path skips the nominate step\n that would fail because of the onlyGovernance modifier.\n */\n function addGovernor(address newGovernor) private {\n require(isGovernor(newGovernor) == false, \"ALREADY_GOVERNOR\");\n GovernanceInfoStruct storage gub = contractGovernanceInfo();\n gub.effectiveGovernors[newGovernor] = true;\n }\n\n function acceptGovernance()\n internal\n {\n // The new governor was proposed as a candidate by the current governor.\n GovernanceInfoStruct storage gub = contractGovernanceInfo();\n require(msg.sender == gub.candidateGovernor, \"ONLY_CANDIDATE_GOVERNOR\");\n\n // Update state.\n addGovernor(gub.candidateGovernor);\n gub.candidateGovernor = ZERO_ADDRESS;\n\n // Send a notification about the change of governor.\n emit LogNewGovernorAccepted(msg.sender);\n }\n\n /*\n Remove a governor from office.\n */\n function removeGovernor(address governorForRemoval) internal onlyGovernance() {\n require(msg.sender != governorForRemoval, \"GOVERNOR_SELF_REMOVE\");\n GovernanceInfoStruct storage gub = contractGovernanceInfo();\n require (isGovernor(governorForRemoval), \"NOT_GOVERNOR\");\n gub.effectiveGovernors[governorForRemoval] = false;\n emit LogRemovedGovernor(governorForRemoval);\n }\n}\n"},"GovernanceStorage.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\n/*\n Holds the governance slots for ALL entities, including proxy and the main contract.\n*/\ncontract GovernanceStorage {\n\n struct GovernanceInfoStruct {\n mapping (address =\u003e bool) effectiveGovernors;\n address candidateGovernor;\n bool initialized;\n }\n\n // A map from a Governor tag to its own GovernanceInfoStruct.\n mapping (string =\u003e GovernanceInfoStruct) internal governanceInfo;\n}\n"},"MGovernance.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\ncontract MGovernance {\n /*\n Allows calling the function only by a Governor.\n */\n modifier onlyGovernance()\n {\n // Pure modifier declarations are not supported. Instead we provide\n // a dummy definition.\n revert(\"UNIMPLEMENTED\");\n _;\n }\n}\n"},"Proxy.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\nimport \"ProxyGovernance.sol\";\nimport \"ProxyStorage.sol\";\nimport \"Common.sol\";\n\n/**\n The Proxy contract implements delegation of calls to other contracts (`implementations`), with\n proper forwarding of return values and revert reasons. This pattern allows retaining the contract\n storage while replacing implementation code.\n\n The following operations are supported by the proxy contract:\n\n - :sol:func:`addImplementation`: Defines a new implementation, the data with which it should be initialized and whether this will be the last version of implementation.\n - :sol:func:`upgradeTo`: Once an implementation is added, the governor may upgrade to that implementation only after a safety time period has passed (time lock), the current implementation is not the last version and the implementation is not frozen (see :sol:mod:`FullWithdrawals`).\n - :sol:func:`removeImplementation`: Any announced implementation may be removed. Removing an implementation is especially important once it has been used for an upgrade in order to avoid an additional unwanted revert to an older version.\n\n The only entity allowed to perform the above operations is the proxy governor\n (see :sol:mod:`ProxyGovernance`).\n\n Every implementation is required to have an `initialize` function that replaces the constructor\n of a normal contract. Furthermore, the only parameter of this function is an array of bytes\n (`data`) which may be decoded arbitrarily by the `initialize` function. It is up to the\n implementation to ensure that this function cannot be run more than once if so desired.\n\n When an implementation is added (:sol:func:`addImplementation`) the initialization `data` is also\n announced, allowing users of the contract to analyze the full effect of an upgrade to the new\n implementation. During an :sol:func:`upgradeTo`, the `data` is provided again and only if it is\n identical to the announced `data` is the upgrade performed by pointing the proxy to the new\n implementation and calling its `initialize` function with this `data`.\n\n It is the responsibility of the implementation not to overwrite any storage belonging to the\n proxy (`ProxyStorage`). In addition, upon upgrade, the new implementation is assumed to be\n backward compatible with previous implementations with respect to the storage used until that\n point.\n*/\ncontract Proxy is ProxyStorage, ProxyGovernance {\n\n // Emitted when the active implementation is replaced.\n event Upgraded(address indexed implementation);\n\n // Emitted when an implementation is submitted as an upgrade candidate and a time lock\n // is activated.\n event ImplementationAdded(address indexed implementation, bytes initializer, bool finalize);\n\n // Emitted when an implementation is removed from the list of upgrade candidates.\n event ImplementationRemoved(address indexed implementation);\n\n // Emitted when the implementation is finalized.\n event FinalizedImplementation(address indexed implementation);\n\n // Storage slot with the address of the current implementation.\n // The address of the slot is keccak256(\"StarkWare2019.implemntation-slot\").\n // We need to keep this variable stored outside of the commonly used space,\n // so that it\u0027s not overrun by the logical implementaiton (the proxied contract).\n bytes32 internal constant IMPLEMENTATION_SLOT =\n 0x177667240aeeea7e35eabe3a35e18306f336219e1386f7710a6bf8783f761b24;\n\n // This storage slot stores the finalization flag.\n // Once the value stored in this slot is set to non-zero\n // the proxy blocks implementation upgrades.\n // The current implementation is then referred to as Finalized.\n // Web3.solidityKeccak([\u0027string\u0027], [\"StarkWare2019.finalization-flag-slot\"]).\n bytes32 internal constant FINALIZED_STATE_SLOT =\n 0x7d433c6f837e8f93009937c466c82efbb5ba621fae36886d0cac433c5d0aa7d2;\n uint256 public constant UPGRADE_ACTIVATION_DELAY = 28 days;\n\n using Addresses for address;\n\n constructor ( )\n public\n {\n initGovernance();\n }\n\n /*\n Returns true if the implementation is frozen.\n If the implementation was not assigned yet, returns false.\n */\n function implementationIsFrozen() private returns (bool) {\n address _implementation = implementation();\n\n // We can\u0027t call low level implementation before it\u0027s assigned. (i.e. ZERO).\n if (_implementation == ZERO_ADDRESS) {\n return false;\n }\n // solium-disable-next-line security/no-low-level-calls\n (bool success, bytes memory returndata) = _implementation.delegatecall(\n abi.encodeWithSignature(\"isFrozen()\"));\n require(success, string(returndata));\n return abi.decode(returndata, (bool));\n }\n\n /*\n This method blocks delegation to initialize().\n Only upgradeTo should be able to delegate call to initialize().\n */\n function initialize(bytes calldata /*data*/)\n external pure\n {\n revert(\"CANNOT_CALL_INITIALIZE\");\n }\n\n modifier notFinalized()\n {\n require(isNotFinalized(), \"IMPLEMENTATION_FINALIZED\");\n _;\n }\n\n /*\n Forbids calling the function if the implementation is frozen.\n This modifier relies on the lower level (logical contract) implementation of isFrozen().\n */\n modifier notFrozen()\n {\n require(implementationIsFrozen() == false, \"STATE_IS_FROZEN\");\n _;\n }\n\n /*\n Contract\u0027s default function. Delegates execution to the implementation contract.\n It returns back to the external caller whatever the implementation delegated code returns.\n */\n function () external payable {\n address _implementation = implementation();\n require (_implementation != ZERO_ADDRESS, \"MISSING_IMPLEMENTATION\");\n\n // solium-disable-next-line security/no-inline-assembly\n assembly {\n // Copy msg.data. We take full control of memory in this inline assembly\n // block because it will not return to Solidity code. We overwrite the\n // Solidity scratch pad at memory position 0.\n calldatacopy(0, 0, calldatasize)\n\n // Call the implementation.\n // out and outsize are 0 for now, as we don\u0027t know the out size yet.\n let result := delegatecall(gas, _implementation, 0, calldatasize, 0, 0)\n\n // Copy the returned data.\n returndatacopy(0, 0, returndatasize)\n\n switch result\n // delegatecall returns 0 on error.\n case 0 { revert(0, returndatasize) }\n default { return(0, returndatasize) }\n }\n }\n\n /*\n Returns the address of the current implementation.\n */\n function implementation() public view returns (address _implementation) {\n bytes32 slot = IMPLEMENTATION_SLOT;\n // solium-disable-next-line security/no-inline-assembly\n assembly {\n _implementation := sload(slot)\n }\n }\n\n /*\n Sets the implementation address of the proxy.\n */\n function setImplementation(address newImplementation) private {\n bytes32 slot = IMPLEMENTATION_SLOT;\n // solium-disable-next-line security/no-inline-assembly\n assembly {\n sstore(slot, newImplementation)\n }\n }\n\n /*\n Returns true if the contract is not in the finalized state.\n */\n function isNotFinalized() public view returns (bool notFinal) {\n bytes32 slot = FINALIZED_STATE_SLOT;\n uint256 slotValue;\n // solium-disable-next-line security/no-inline-assembly\n assembly {\n slotValue := sload(slot)\n }\n notFinal = (slotValue == 0);\n }\n\n /*\n Marks the current implementation as finalized.\n */\n function setFinalizedFlag() private {\n bytes32 slot = FINALIZED_STATE_SLOT;\n // solium-disable-next-line security/no-inline-assembly\n assembly {\n sstore(slot, 0x1)\n }\n }\n\n /*\n Introduce an implementation and its initialization vector,\n and start the time-lock before it can be upgraded to.\n addImplementation is not blocked when frozen or finalized.\n (upgradeTo API is blocked when finalized or frozen).\n */\n function addImplementation(address newImplementation, bytes calldata data, bool finalize)\n external onlyGovernance {\n require(newImplementation.isContract(), \"ADDRESS_NOT_CONTRACT\");\n\n bytes32 init_hash = keccak256(abi.encode(data, finalize));\n initializationHash[newImplementation] = init_hash;\n\n // solium-disable-next-line security/no-block-members\n uint256 activation_time = now + UPGRADE_ACTIVATION_DELAY;\n\n // First implementation should not have time-lock.\n if (implementation() == ZERO_ADDRESS) {\n // solium-disable-next-line security/no-block-members\n activation_time = now;\n }\n\n enabledTime[newImplementation] = activation_time;\n emit ImplementationAdded(newImplementation, data, finalize);\n }\n\n /*\n Removes a candidate implementation.\n Note that it is possible to remove the current implementation. Doing so doesn\u0027t affect the\n current implementation, but rather revokes it as a future candidate.\n */\n function removeImplementation(address newImplementation)\n external onlyGovernance {\n\n // If we have initializer, we set the hash of it.\n uint256 activation_time = enabledTime[newImplementation];\n\n require(activation_time \u003e 0, \"ADDRESS_NOT_UPGRADE_CANDIDATE\");\n\n enabledTime[newImplementation] = 0;\n\n initializationHash[newImplementation] = 0;\n emit ImplementationRemoved(newImplementation);\n }\n\n /*\n Upgrades the proxy to a new implementation, with its initialization.\n to upgrade successfully, implementation must have been added time-lock agreeably\n before, and the init vector must be identical ot the one submitted before.\n\n Upon assignment of new implementation address,\n its initialize will be called with the inititalizing vector (even if empty).\n Therefore, the implementatin MUST must have such a method.\n */\n function upgradeTo(address newImplementation, bytes calldata data, bool finalize)\n external payable onlyGovernance notFinalized notFrozen {\n uint256 activation_time = enabledTime[newImplementation];\n\n require(activation_time \u003e 0, \"ADDRESS_NOT_UPGRADE_CANDIDATE\");\n // solium-disable-next-line security/no-block-members\n require(activation_time \u003c= now, \"UPGRADE_NOT_ENABLED_YET\");\n\n bytes32 init_vector_hash = initializationHash[newImplementation];\n require(init_vector_hash == keccak256(abi.encode(data, finalize)), \"CHANGED_INITIALIZER\");\n setImplementation(newImplementation);\n\n // solium-disable-next-line security/no-low-level-calls\n (bool success, bytes memory returndata) = newImplementation.delegatecall(\n abi.encodeWithSelector(this.initialize.selector, data));\n require(success, string(returndata));\n\n // Verify that the new implementation is not frozen post initialization.\n (success, returndata) = newImplementation.delegatecall(\n abi.encodeWithSignature(\"isFrozen()\"));\n require(success, \"CALL_TO_ISFROZEN_REVERTED\");\n require(abi.decode(returndata, (bool)) == false, \"NEW_IMPLEMENTATION_FROZEN\");\n\n if (finalize == true) {\n setFinalizedFlag();\n emit FinalizedImplementation(newImplementation);\n }\n\n emit Upgraded(newImplementation);\n }\n}\n"},"ProxyGovernance.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\nimport \"Governance.sol\";\n\n/**\n The Proxy contract is governed by one or more Governors of which the initial one is the\n deployer of the contract.\n\n A governor has the sole authority to perform the following operations:\n\n 1. Nominate additional governors (:sol:func:`proxyNominateNewGovernor`)\n 2. Remove other governors (:sol:func:`proxyRemoveGovernor`)\n 3. Add new `implementations` (proxied contracts)\n 4. Remove (new or old) `implementations`\n 5. Update `implementations` after a timelock allows it\n\n Adding governors is performed in a two step procedure:\n\n 1. First, an existing governor nominates a new governor (:sol:func:`proxyNominateNewGovernor`)\n 2. Then, the new governor must accept governance to become a governor (:sol:func:`proxyAcceptGovernance`)\n\n This two step procedure ensures that a governor public key cannot be nominated unless there is an\n entity that has the corresponding private key. This is intended to prevent errors in the addition\n process.\n\n The governor private key should typically be held in a secure cold wallet or managed via a\n multi-sig contract.\n*/\n/*\n Implements Governance for the proxy contract.\n It is a thin wrapper to the Governance contract,\n which is needed so that it can have non-colliding function names,\n and a specific tag (key) to allow unique state storage.\n*/\ncontract ProxyGovernance is Governance {\n\n // The tag is the string key that is used in the Governance storage mapping.\n string public constant PROXY_GOVERNANCE_TAG = \"StarkEx.Proxy.2019.GovernorsInformation\";\n\n function getGovernanceTag()\n internal\n view\n returns (string memory tag) {\n tag = PROXY_GOVERNANCE_TAG;\n }\n\n function proxyIsGovernor(address testGovernor) external view returns (bool) {\n return isGovernor(testGovernor);\n }\n\n function proxyNominateNewGovernor(address newGovernor) external {\n nominateNewGovernor(newGovernor);\n }\n\n function proxyRemoveGovernor(address governorForRemoval) external {\n removeGovernor(governorForRemoval);\n }\n\n function proxyAcceptGovernance()\n external\n {\n acceptGovernance();\n }\n\n function proxyCancelNomination() external {\n cancelNomination();\n }\n}\n"},"ProxyStorage.sol":{"content":"/*\n Copyright 2019,2020 StarkWare Industries Ltd.\n\n Licensed under the Apache License, Version 2.0 (the \"License\").\n You may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n https://www.starkware.co/open-source-license/\n\n Unless required by applicable law or agreed to in writing,\n software distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions\n and limitations under the License.\n*/\npragma solidity ^0.5.2;\n\nimport \"GovernanceStorage.sol\";\n\n/*\n Holds the Proxy-specific state variables.\n This contract is inherited by the GovernanceStorage (and indirectly by MainStorage)\n to prevent collision hazard.\n*/\ncontract ProxyStorage is GovernanceStorage {\n\n // Stores the hash of the initialization vector of the added implementation.\n // Upon upgradeTo the implementation, the initialization vector is verified\n // to be identical to the one submitted when adding the implementaion.\n mapping (address =\u003e bytes32) internal initializationHash;\n\n // The time after which we can switch to the implementation.\n mapping (address =\u003e uint256) internal enabledTime;\n\n // A central storage of the flags whether implementation has been initialized.\n // Note - it can be used flexibly enough to accomodate multiple level of initialization\n // (i.e. using different key salting schemes for different initialization levels).\n mapping (bytes32 =\u003e bool) internal initialized;\n}\n"}}File 2 of 5: FiatTokenProxy
pragma solidity ^0.4.24;
// File: zos-lib/contracts/upgradeability/Proxy.sol
/**
* @title Proxy
* @dev Implements delegation of calls to other contracts, with proper
* forwarding of return values and bubbling of failures.
* It defines a fallback function that delegates all calls to the address
* returned by the abstract _implementation() internal function.
*/
contract Proxy {
/**
* @dev Fallback function.
* Implemented entirely in `_fallback`.
*/
function () payable external {
_fallback();
}
/**
* @return The Address of the implementation.
*/
function _implementation() internal view returns (address);
/**
* @dev Delegates execution to an implementation contract.
* This is a low level function that doesn't return to its internal call site.
* It will return to the external caller whatever the implementation returns.
* @param implementation Address to delegate.
*/
function _delegate(address implementation) internal {
assembly {
// Copy msg.data. We take full control of memory in this inline assembly
// block because it will not return to Solidity code. We overwrite the
// Solidity scratch pad at memory position 0.
calldatacopy(0, 0, calldatasize)
// Call the implementation.
// out and outsize are 0 because we don't know the size yet.
let result := delegatecall(gas, implementation, 0, calldatasize, 0, 0)
// Copy the returned data.
returndatacopy(0, 0, returndatasize)
switch result
// delegatecall returns 0 on error.
case 0 { revert(0, returndatasize) }
default { return(0, returndatasize) }
}
}
/**
* @dev Function that is run as the first thing in the fallback function.
* Can be redefined in derived contracts to add functionality.
* Redefinitions must call super._willFallback().
*/
function _willFallback() internal {
}
/**
* @dev fallback implementation.
* Extracted to enable manual triggering.
*/
function _fallback() internal {
_willFallback();
_delegate(_implementation());
}
}
// File: openzeppelin-solidity/contracts/AddressUtils.sol
/**
* Utility library of inline functions on addresses
*/
library AddressUtils {
/**
* Returns whether the target address is a contract
* @dev This function will return false if invoked during the constructor of a contract,
* as the code is not actually created until after the constructor finishes.
* @param addr address to check
* @return whether the target address is a contract
*/
function isContract(address addr) internal view returns (bool) {
uint256 size;
// XXX Currently there is no better way to check if there is a contract in an address
// than to check the size of the code at that address.
// See https://ethereum.stackexchange.com/a/14016/36603
// for more details about how this works.
// TODO Check this again before the Serenity release, because all addresses will be
// contracts then.
// solium-disable-next-line security/no-inline-assembly
assembly { size := extcodesize(addr) }
return size > 0;
}
}
// File: zos-lib/contracts/upgradeability/UpgradeabilityProxy.sol
/**
* @title UpgradeabilityProxy
* @dev This contract implements a proxy that allows to change the
* implementation address to which it will delegate.
* Such a change is called an implementation upgrade.
*/
contract UpgradeabilityProxy is Proxy {
/**
* @dev Emitted when the implementation is upgraded.
* @param implementation Address of the new implementation.
*/
event Upgraded(address implementation);
/**
* @dev Storage slot with the address of the current implementation.
* This is the keccak-256 hash of "org.zeppelinos.proxy.implementation", and is
* validated in the constructor.
*/
bytes32 private constant IMPLEMENTATION_SLOT = 0x7050c9e0f4ca769c69bd3a8ef740bc37934f8e2c036e5a723fd8ee048ed3f8c3;
/**
* @dev Contract constructor.
* @param _implementation Address of the initial implementation.
*/
constructor(address _implementation) public {
assert(IMPLEMENTATION_SLOT == keccak256("org.zeppelinos.proxy.implementation"));
_setImplementation(_implementation);
}
/**
* @dev Returns the current implementation.
* @return Address of the current implementation
*/
function _implementation() internal view returns (address impl) {
bytes32 slot = IMPLEMENTATION_SLOT;
assembly {
impl := sload(slot)
}
}
/**
* @dev Upgrades the proxy to a new implementation.
* @param newImplementation Address of the new implementation.
*/
function _upgradeTo(address newImplementation) internal {
_setImplementation(newImplementation);
emit Upgraded(newImplementation);
}
/**
* @dev Sets the implementation address of the proxy.
* @param newImplementation Address of the new implementation.
*/
function _setImplementation(address newImplementation) private {
require(AddressUtils.isContract(newImplementation), "Cannot set a proxy implementation to a non-contract address");
bytes32 slot = IMPLEMENTATION_SLOT;
assembly {
sstore(slot, newImplementation)
}
}
}
// File: zos-lib/contracts/upgradeability/AdminUpgradeabilityProxy.sol
/**
* @title AdminUpgradeabilityProxy
* @dev This contract combines an upgradeability proxy with an authorization
* mechanism for administrative tasks.
* All external functions in this contract must be guarded by the
* `ifAdmin` modifier. See ethereum/solidity#3864 for a Solidity
* feature proposal that would enable this to be done automatically.
*/
contract AdminUpgradeabilityProxy is UpgradeabilityProxy {
/**
* @dev Emitted when the administration has been transferred.
* @param previousAdmin Address of the previous admin.
* @param newAdmin Address of the new admin.
*/
event AdminChanged(address previousAdmin, address newAdmin);
/**
* @dev Storage slot with the admin of the contract.
* This is the keccak-256 hash of "org.zeppelinos.proxy.admin", and is
* validated in the constructor.
*/
bytes32 private constant ADMIN_SLOT = 0x10d6a54a4754c8869d6886b5f5d7fbfa5b4522237ea5c60d11bc4e7a1ff9390b;
/**
* @dev Modifier to check whether the `msg.sender` is the admin.
* If it is, it will run the function. Otherwise, it will delegate the call
* to the implementation.
*/
modifier ifAdmin() {
if (msg.sender == _admin()) {
_;
} else {
_fallback();
}
}
/**
* Contract constructor.
* It sets the `msg.sender` as the proxy administrator.
* @param _implementation address of the initial implementation.
*/
constructor(address _implementation) UpgradeabilityProxy(_implementation) public {
assert(ADMIN_SLOT == keccak256("org.zeppelinos.proxy.admin"));
_setAdmin(msg.sender);
}
/**
* @return The address of the proxy admin.
*/
function admin() external view ifAdmin returns (address) {
return _admin();
}
/**
* @return The address of the implementation.
*/
function implementation() external view ifAdmin returns (address) {
return _implementation();
}
/**
* @dev Changes the admin of the proxy.
* Only the current admin can call this function.
* @param newAdmin Address to transfer proxy administration to.
*/
function changeAdmin(address newAdmin) external ifAdmin {
require(newAdmin != address(0), "Cannot change the admin of a proxy to the zero address");
emit AdminChanged(_admin(), newAdmin);
_setAdmin(newAdmin);
}
/**
* @dev Upgrade the backing implementation of the proxy.
* Only the admin can call this function.
* @param newImplementation Address of the new implementation.
*/
function upgradeTo(address newImplementation) external ifAdmin {
_upgradeTo(newImplementation);
}
/**
* @dev Upgrade the backing implementation of the proxy and call a function
* on the new implementation.
* This is useful to initialize the proxied contract.
* @param newImplementation Address of the new implementation.
* @param data Data to send as msg.data in the low level call.
* It should include the signature and the parameters of the function to be
* called, as described in
* https://solidity.readthedocs.io/en/develop/abi-spec.html#function-selector-and-argument-encoding.
*/
function upgradeToAndCall(address newImplementation, bytes data) payable external ifAdmin {
_upgradeTo(newImplementation);
require(address(this).call.value(msg.value)(data));
}
/**
* @return The admin slot.
*/
function _admin() internal view returns (address adm) {
bytes32 slot = ADMIN_SLOT;
assembly {
adm := sload(slot)
}
}
/**
* @dev Sets the address of the proxy admin.
* @param newAdmin Address of the new proxy admin.
*/
function _setAdmin(address newAdmin) internal {
bytes32 slot = ADMIN_SLOT;
assembly {
sstore(slot, newAdmin)
}
}
/**
* @dev Only fall back when the sender is not the admin.
*/
function _willFallback() internal {
require(msg.sender != _admin(), "Cannot call fallback function from the proxy admin");
super._willFallback();
}
}
// File: contracts/FiatTokenProxy.sol
/**
* Copyright CENTRE SECZ 2018
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is furnished to
* do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
* WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
pragma solidity ^0.4.24;
/**
* @title FiatTokenProxy
* @dev This contract proxies FiatToken calls and enables FiatToken upgrades
*/
contract FiatTokenProxy is AdminUpgradeabilityProxy {
constructor(address _implementation) public AdminUpgradeabilityProxy(_implementation) {
}
}File 3 of 5: StarkExchange
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
/*
This contract provides means to block direct call of an external function.
A derived contract (e.g. MainDispatcherBase) should decorate sensitive functions with the
notCalledDirectly modifier, thereby preventing it from being called directly, and allowing only calling
using delegate_call.
*/
abstract contract BlockDirectCall {
address immutable this_;
constructor() internal {
this_ = address(this);
}
modifier notCalledDirectly() {
require(this_ != address(this), "DIRECT_CALL_DISALLOWED");
_;
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
/*
Common Utility librarries.
I. Addresses (extending address).
*/
library Addresses {
function isContract(address account) internal view returns (bool) {
uint256 size;
assembly {
size := extcodesize(account)
}
return size > 0;
}
function performEthTransfer(address recipient, uint256 amount) internal {
(bool success, ) = recipient.call{value: amount}(""); // NOLINT: low-level-calls.
require(success, "ETH_TRANSFER_FAILED");
}
/*
Safe wrapper around ERC20/ERC721 calls.
This is required because many deployed ERC20 contracts don't return a value.
See https://github.com/ethereum/solidity/issues/4116.
*/
function safeTokenContractCall(address tokenAddress, bytes memory callData) internal {
require(isContract(tokenAddress), "BAD_TOKEN_ADDRESS");
// NOLINTNEXTLINE: low-level-calls.
(bool success, bytes memory returndata) = tokenAddress.call(callData);
require(success, string(returndata));
if (returndata.length > 0) {
require(abi.decode(returndata, (bool)), "TOKEN_OPERATION_FAILED");
}
}
/*
Validates that the passed contract address is of a real contract,
and that its id hash (as infered fromn identify()) matched the expected one.
*/
function validateContractId(address contractAddress, bytes32 expectedIdHash) internal {
require(isContract(contractAddress), "ADDRESS_NOT_CONTRACT");
(bool success, bytes memory returndata) = contractAddress.call( // NOLINT: low-level-calls.
abi.encodeWithSignature("identify()")
);
require(success, "FAILED_TO_IDENTIFY_CONTRACT");
string memory realContractId = abi.decode(returndata, (string));
require(
keccak256(abi.encodePacked(realContractId)) == expectedIdHash,
"UNEXPECTED_CONTRACT_IDENTIFIER"
);
}
}
/*
II. StarkExTypes - Common data types.
*/
library StarkExTypes {
// Structure representing a list of verifiers (validity/availability).
// A statement is valid only if all the verifiers in the list agree on it.
// Adding a verifier to the list is immediate - this is used for fast resolution of
// any soundness issues.
// Removing from the list is time-locked, to ensure that any user of the system
// not content with the announced removal has ample time to leave the system before it is
// removed.
struct ApprovalChainData {
address[] list;
// Represents the time after which the verifier with the given address can be removed.
// Removal of the verifier with address A is allowed only in the case the value
// of unlockedForRemovalTime[A] != 0 and unlockedForRemovalTime[A] < (current time).
mapping(address => uint256) unlockedForRemovalTime;
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "../interfaces/MGovernance.sol";
/*
Holds the governance slots for ALL entities, including proxy and the main contract.
*/
contract GovernanceStorage {
// A map from a Governor tag to its own GovernanceInfoStruct.
mapping(string => GovernanceInfoStruct) internal governanceInfo; //NOLINT uninitialized-state.
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
/*
Interface for a generic dispatcher to use, which the concrete dispatcher must implement.
It contains the functions that are specific to the concrete dispatcher instance.
The interface is implemented as contract, because interface implies all methods external.
*/
abstract contract IDispatcherBase {
function getSubContract(bytes4 selector) public view virtual returns (address);
function setSubContractAddress(uint256 index, address subContract) internal virtual;
function getNumSubcontracts() internal pure virtual returns (uint256);
function validateSubContractIndex(uint256 index, address subContract) internal pure virtual;
/*
Ensures initializer can be called. Reverts otherwise.
*/
function initializationSentinel() internal view virtual;
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
interface Identity {
/*
Allows a caller, typically another contract,
to ensure that the provided address is of the expected type and version.
*/
function identify() external pure returns (string memory);
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
struct GovernanceInfoStruct {
mapping(address => bool) effectiveGovernors;
address candidateGovernor;
bool initialized;
}
abstract contract MGovernance {
function _isGovernor(address testGovernor) internal view virtual returns (bool);
/*
Allows calling the function only by a Governor.
*/
modifier onlyGovernance() {
require(_isGovernor(msg.sender), "ONLY_GOVERNANCE");
_;
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "../components/MainStorage.sol";
import "./MainDispatcherBase.sol";
abstract contract MainDispatcher is MainStorage, MainDispatcherBase {
uint256 constant SUBCONTRACT_BITS = 4;
function magicSalt() internal pure virtual returns (uint256);
function handlerMapSection(uint256 section) internal pure virtual returns (uint256);
function expectedIdByIndex(uint256 index) internal pure virtual returns (string memory id);
function validateSubContractIndex(uint256 index, address subContract) internal pure override {
string memory id = SubContractor(subContract).identify();
bytes32 hashed_expected_id = keccak256(abi.encodePacked(expectedIdByIndex(index)));
require(
hashed_expected_id == keccak256(abi.encodePacked(id)),
"MISPLACED_INDEX_OR_BAD_CONTRACT_ID"
);
// Gets the list of critical selectors from the sub-contract and checks that the selector
// is mapped to that sub-contract.
bytes4[] memory selectorsToValidate = SubContractor(subContract).validatedSelectors();
for (uint256 i = 0; i < selectorsToValidate.length; i++) {
require(
getSubContractIndex(selectorsToValidate[i]) == index,
"INCONSISTENT_DISPATCHER_MAP"
);
}
}
function handlingContractId(bytes4 selector) external pure virtual returns (string memory id) {
uint256 index = getSubContractIndex(selector);
return expectedIdByIndex(index);
}
/*
Returns the index in subContracts where the address of the sub-contract implementing
the function with the queried selector is held.
Note: The nature of the sub-contracts handler map is such that all the required selectors
are mapped. However, other selectors, such that are not implemented in any subcontract,
may also return a sub-contract address.
This behavior is by-design, and not a problem.
*/
function getSubContractIndex(bytes4 selector) internal pure returns (uint256) {
uint256 location = 0xFF & uint256(keccak256(abi.encodePacked(selector, magicSalt())));
uint256 offset = (SUBCONTRACT_BITS * location) % 256;
// We have 64 locations in each register, hence the >> 6 (i.e. location // 64).
return (handlerMapSection(location >> 6) >> offset) & 0xF;
}
/*
Returns the address of the sub-contract that would be delegated to handle a call
with the queried selector. (see note above).
*/
function getSubContract(bytes4 selector) public view override returns (address) {
return subContracts[getSubContractIndex(selector)];
}
function setSubContractAddress(uint256 index, address subContractAddress) internal override {
subContracts[index] = subContractAddress;
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "./SubContractor.sol";
import "./IDispatcherBase.sol";
import "../interfaces/BlockDirectCall.sol";
import "../libraries/Common.sol";
abstract contract MainDispatcherBase is IDispatcherBase, BlockDirectCall {
using Addresses for address;
/*
This entry point serves only transactions with empty calldata. (i.e. pure value transfer tx).
We don't expect to receive such, thus block them.
*/
receive() external payable {
revert("CONTRACT_NOT_EXPECTED_TO_RECEIVE");
}
fallback() external payable {
address subContractAddress = getSubContract(msg.sig);
require(subContractAddress != address(0x0), "NO_CONTRACT_FOR_FUNCTION");
assembly {
// Copy msg.data. We take full control of memory in this inline assembly
// block because it will not return to Solidity code. We overwrite the
// Solidity scratch pad at memory position 0.
calldatacopy(0, 0, calldatasize())
// Call the implementation.
// out and outsize are 0 for now, as we don"t know the out size yet.
let result := delegatecall(gas(), subContractAddress, 0, calldatasize(), 0, 0)
// Copy the returned data.
returndatacopy(0, 0, returndatasize())
switch result
// delegatecall returns 0 on error.
case 0 {
revert(0, returndatasize())
}
default {
return(0, returndatasize())
}
}
}
/*
1. Extract subcontracts.
2. Verify correct sub-contract initializer size.
3. Extract sub-contract initializer data.
4. Call sub-contract initializer.
The init data bytes passed to initialize are structed as following:
I. N slots (uin256 size) addresses of the deployed sub-contracts.
II. An address of an external initialization contract (optional, or ZERO_ADDRESS).
III. (Up to) N bytes sections of the sub-contracts initializers.
If already initialized (i.e. upgrade) we expect the init data to be consistent with this.
and if a different size of init data is expected when upgrading, the initializerSize should
reflect this.
If an external initializer contract is not used, ZERO_ADDRESS is passed in its slot.
If the external initializer contract is used, all the remaining init data is passed to it,
and internal initialization will not occur.
External Initialization Contract
--------------------------------
External Initialization Contract (EIC) is a hook for custom initialization.
Typically in an upgrade flow, the expected initialization contains only the addresses of
the sub-contracts. Normal initialization of the sub-contracts is such that is not needed
in an upgrade, and actually may be very dangerous, as changing of state on a working system
may corrupt it.
In the event that some state initialization is required, the EIC is a hook that allows this.
It may be deployed and called specifically for this purpose.
The address of the EIC must be provided (if at all) when a new implementation is added to
a Proxy contract (as part of the initialization vector).
Hence, it is considered part of the code open to reviewers prior to a time-locked upgrade.
When a custom initialization is performed using an EIC,
the main dispatcher initialize extracts and stores the sub-contracts addresses, and then
yields to the EIC, skipping the rest of its initialization code.
Flow of MainDispatcher initialize
---------------------------------
1. Extraction and assignment of subcontracts addresses
Main dispatcher expects a valid and consistent set of addresses in the passed data.
It validates that, extracts the addresses from the data, and validates that the addresses
are of the expected type and order. Then those addresses are stored.
2. Extraction of EIC address
The address of the EIC is extracted from the data.
External Initializer Contract is optional. ZERO_ADDRESS indicates it is not used.
3a. EIC is used
Dispatcher calls the EIC initialize function with the remaining data.
Note - In this option 3b is not performed.
3b. EIC is not used
If there is additional initialization data then:
I. Sentitenl function is called to permit subcontracts initialization.
II. Dispatcher loops through the subcontracts and for each one it extracts the
initializing data and passes it to the subcontract's initialize function.
*/
function initialize(bytes calldata data) external virtual notCalledDirectly {
// Number of sub-contracts.
uint256 nSubContracts = getNumSubcontracts();
// We support currently 4 bits per contract, i.e. 16, reserving 00 leads to 15.
require(nSubContracts <= 15, "TOO_MANY_SUB_CONTRACTS");
// Sum of subcontract initializers. Aggregated for verification near the end.
uint256 totalInitSizes = 0;
// Offset (within data) of sub-contract initializer vector.
// Just past the sub-contract+eic addresses.
uint256 initDataContractsOffset = 32 * (nSubContracts + 1);
// Init data MUST include addresses for all sub-contracts + EIC.
require(data.length >= initDataContractsOffset, "SUB_CONTRACTS_NOT_PROVIDED");
// Size of passed data, excluding sub-contract addresses.
uint256 additionalDataSize = data.length - initDataContractsOffset;
// Extract & update contract addresses.
for (uint256 nContract = 1; nContract <= nSubContracts; nContract++) {
// Extract sub-contract address.
address contractAddress = abi.decode(
data[32 * (nContract - 1):32 * nContract],
(address)
);
validateSubContractIndex(nContract, contractAddress);
// Contracts are indexed from 1 and 0 is not in use here.
setSubContractAddress(nContract, contractAddress);
}
// Check if we have an external initializer contract.
address externalInitializerAddr = abi.decode(
data[initDataContractsOffset - 32:initDataContractsOffset],
(address)
);
// 3(a). Yield to EIC initialization.
if (externalInitializerAddr != address(0x0)) {
callExternalInitializer(externalInitializerAddr, data[initDataContractsOffset:]);
return;
}
// 3(b). Subcontracts initialization.
// I. If no init data passed besides sub-contracts, return.
if (additionalDataSize == 0) {
return;
}
// Just to be on the safe side.
assert(externalInitializerAddr == address(0x0));
// II. Gate further initialization.
initializationSentinel();
// III. Loops through the subcontracts, extracts their data and calls their initializer.
for (uint256 nContract = 1; nContract <= nSubContracts; nContract++) {
// Extract sub-contract address.
address contractAddress = abi.decode(
data[32 * (nContract - 1):32 * nContract],
(address)
);
// The initializerSize is called via delegatecall, so that it can relate to the state,
// and not only to the new contract code. (e.g. return 0 if state-intialized else 192).
// NOLINTNEXTLINE: controlled-delegatecall low-level-calls calls-loop.
(bool success, bytes memory returndata) = contractAddress.delegatecall(
abi.encodeWithSelector(SubContractor(contractAddress).initializerSize.selector)
);
require(success, string(returndata));
uint256 initSize = abi.decode(returndata, (uint256));
require(initSize <= additionalDataSize, "INVALID_INITIALIZER_SIZE");
require(totalInitSizes + initSize <= additionalDataSize, "INVALID_INITIALIZER_SIZE");
if (initSize == 0) {
continue;
}
// Call sub-contract initializer.
// NOLINTNEXTLINE: controlled-delegatecall calls-loop.
(success, returndata) = contractAddress.delegatecall(
abi.encodeWithSelector(
this.initialize.selector,
data[initDataContractsOffset:initDataContractsOffset + initSize]
)
);
require(success, string(returndata));
totalInitSizes += initSize;
initDataContractsOffset += initSize;
}
require(additionalDataSize == totalInitSizes, "MISMATCHING_INIT_DATA_SIZE");
}
function callExternalInitializer(address externalInitializerAddr, bytes calldata extInitData)
private
{
require(externalInitializerAddr.isContract(), "NOT_A_CONTRACT");
// NOLINTNEXTLINE: low-level-calls, controlled-delegatecall.
(bool success, bytes memory returndata) = externalInitializerAddr.delegatecall(
abi.encodeWithSelector(this.initialize.selector, extInitData)
);
require(success, string(returndata));
require(returndata.length == 0, string(returndata));
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "../upgrade/ProxyStorage.sol";
import "../libraries/Common.sol";
/*
Holds ALL the main contract state (storage) variables.
*/
contract MainStorage is ProxyStorage {
uint256 internal constant LAYOUT_LENGTH = 2**64;
address escapeVerifierAddress; // NOLINT: constable-states.
// Global dex-frozen flag.
bool stateFrozen; // NOLINT: constable-states.
// Time when unFreeze can be successfully called (UNFREEZE_DELAY after freeze).
uint256 unFreezeTime; // NOLINT: constable-states.
// Pending deposits.
// A map STARK key => asset id => vault id => quantized amount.
mapping(uint256 => mapping(uint256 => mapping(uint256 => uint256))) pendingDeposits;
// Cancellation requests.
// A map STARK key => asset id => vault id => request timestamp.
mapping(uint256 => mapping(uint256 => mapping(uint256 => uint256))) cancellationRequests;
// Pending withdrawals.
// A map STARK key => asset id => quantized amount.
mapping(uint256 => mapping(uint256 => uint256)) pendingWithdrawals;
// vault_id => escape used boolean.
mapping(uint256 => bool) escapesUsed;
// Number of escapes that were performed when frozen.
uint256 escapesUsedCount; // NOLINT: constable-states.
// NOTE: fullWithdrawalRequests is deprecated, and replaced by forcedActionRequests.
// NOLINTNEXTLINE naming-convention.
mapping(uint256 => mapping(uint256 => uint256)) fullWithdrawalRequests_DEPRECATED;
// State sequence number.
uint256 sequenceNumber; // NOLINT: constable-states uninitialized-state.
// Validium Vaults Tree Root & Height.
uint256 validiumVaultRoot; // NOLINT: constable-states uninitialized-state.
uint256 validiumTreeHeight; // NOLINT: constable-states uninitialized-state.
// Order Tree Root & Height.
uint256 orderRoot; // NOLINT: constable-states uninitialized-state.
uint256 orderTreeHeight; // NOLINT: constable-states uninitialized-state.
// True if and only if the address is allowed to add tokens.
mapping(address => bool) tokenAdmins;
// This mapping is no longer in use, remains for backwards compatibility.
mapping(address => bool) userAdmins_DEPRECATED; // NOLINT: naming-convention.
// True if and only if the address is an operator (allowed to update state).
mapping(address => bool) operators; // NOLINT: uninitialized-state.
// Mapping of contract ID to asset data.
mapping(uint256 => bytes) assetTypeToAssetInfo; // NOLINT: uninitialized-state.
// Mapping of registered contract IDs.
mapping(uint256 => bool) registeredAssetType; // NOLINT: uninitialized-state.
// Mapping from contract ID to quantum.
mapping(uint256 => uint256) assetTypeToQuantum; // NOLINT: uninitialized-state.
// This mapping is no longer in use, remains for backwards compatibility.
mapping(address => uint256) starkKeys_DEPRECATED; // NOLINT: naming-convention.
// Mapping from STARK public key to the Ethereum public key of its owner.
mapping(uint256 => address) ethKeys; // NOLINT: uninitialized-state.
// Timelocked state transition and availability verification chain.
StarkExTypes.ApprovalChainData verifiersChain;
StarkExTypes.ApprovalChainData availabilityVerifiersChain;
// Batch id of last accepted proof.
uint256 lastBatchId; // NOLINT: constable-states uninitialized-state.
// Mapping between sub-contract index to sub-contract address.
mapping(uint256 => address) subContracts; // NOLINT: uninitialized-state.
mapping(uint256 => bool) permissiveAssetType_DEPRECATED; // NOLINT: naming-convention.
// ---- END OF MAIN STORAGE AS DEPLOYED IN STARKEX2.0 ----
// Onchain-data version configured for the system.
uint256 onchainDataVersion_DEPRECATED; // NOLINT: naming-convention constable-states.
// Counter of forced action request in block. The key is the block number.
mapping(uint256 => uint256) forcedRequestsInBlock;
// ForcedAction requests: actionHash => requestTime.
mapping(bytes32 => uint256) forcedActionRequests;
// Mapping for timelocked actions.
// A actionKey => activation time.
mapping(bytes32 => uint256) actionsTimeLock;
// Append only list of requested forced action hashes.
bytes32[] actionHashList;
// ---- END OF MAIN STORAGE AS DEPLOYED IN STARKEX3.0 ----
// ---- END OF MAIN STORAGE AS DEPLOYED IN STARKEX4.0 ----
// Rollup Vaults Tree Root & Height.
uint256 rollupVaultRoot; // NOLINT: constable-states uninitialized-state.
uint256 rollupTreeHeight; // NOLINT: constable-states uninitialized-state.
uint256 globalConfigCode; // NOLINT: constable-states uninitialized-state.
// Mapping of owner keys that are blocked from withdrawals.
mapping(uint256 => uint256) internal blockListed;
// Reserved storage space for Extensibility.
// Every added MUST be added above the end gap, and the __endGap size must be reduced
// accordingly.
// NOLINTNEXTLINE: naming-convention.
uint256[LAYOUT_LENGTH - 41] private __endGap; // __endGap complements layout to LAYOUT_LENGTH.
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "../components/GovernanceStorage.sol";
/*
Holds the Proxy-specific state variables.
This contract is inherited by the GovernanceStorage (and indirectly by MainStorage)
to prevent collision hazard.
*/
contract ProxyStorage is GovernanceStorage {
// NOLINTNEXTLINE: naming-convention uninitialized-state.
mapping(address => bytes32) internal initializationHash_DEPRECATED;
// The time after which we can switch to the implementation.
// Hash(implementation, data, finalize) => time.
mapping(bytes32 => uint256) internal enabledTime;
// A central storage of the flags whether implementation has been initialized.
// Note - it can be used flexibly enough to accommodate multiple levels of initialization
// (i.e. using different key salting schemes for different initialization levels).
mapping(bytes32 => bool) internal initialized;
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "../interfaces/MainDispatcher.sol";
contract StarkExchange is MainDispatcher {
string public constant VERSION = "4.5.3-blc";
// Salt for a 8 bit unique spread of all relevant selectors. Pre-caclulated.
// ---------- The following code was auto-generated. PLEASE DO NOT EDIT. ----------
uint256 constant MAGIC_SALT = 4259003;
uint256 constant IDX_MAP_0 = 0x1030220010120000001021030000002223022000021220125001010000021300;
uint256 constant IDX_MAP_1 = 0x2023105020000205000002451020200305120020000000000002230015000201;
uint256 constant IDX_MAP_2 = 0x1000000030000003000002000000020000500100500230025010222000010;
uint256 constant IDX_MAP_3 = 0x420002010300345030000000005010021020004000000050002052300060001;
// ---------- End of auto-generated code. ----------
function getNumSubcontracts() internal pure override returns (uint256) {
return 6;
}
function magicSalt() internal pure override returns (uint256) {
return MAGIC_SALT;
}
function handlerMapSection(uint256 section) internal pure override returns (uint256) {
if (section == 0) {
return IDX_MAP_0;
} else if (section == 1) {
return IDX_MAP_1;
} else if (section == 2) {
return IDX_MAP_2;
} else if (section == 3) {
return IDX_MAP_3;
}
revert("BAD_IDX_MAP_SECTION");
}
function expectedIdByIndex(uint256 index) internal pure override returns (string memory id) {
if (index == 1) {
id = "StarkWare_AllVerifiers_2022_2";
} else if (index == 2) {
id = "StarkWare_TokensAndRamping_2024_4";
} else if (index == 3) {
id = "StarkWare_StarkExState_2022_5";
} else if (index == 4) {
id = "StarkWare_ForcedActions_2022_3";
} else if (index == 5) {
id = "StarkWare_OnchainVaults_2022_2";
} else if (index == 6) {
id = "StarkWare_ProxyUtils_2022_2";
} else {
revert("UNEXPECTED_INDEX");
}
}
function initializationSentinel() internal view override {
string memory REVERT_MSG = "INITIALIZATION_BLOCKED";
// This initializer sets roots etc. It must not be applied twice.
// I.e. it can run only when the state is still empty.
require(validiumVaultRoot == 0, REVERT_MSG);
require(validiumTreeHeight == 0, REVERT_MSG);
require(rollupVaultRoot == 0, REVERT_MSG);
require(rollupTreeHeight == 0, REVERT_MSG);
require(orderRoot == 0, REVERT_MSG);
require(orderTreeHeight == 0, REVERT_MSG);
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "./Identity.sol";
interface SubContractor is Identity {
function initialize(bytes calldata data) external;
function initializerSize() external view returns (uint256);
/*
Returns an array with selectors for validation.
These selectors are the critical ones for maintaining self custody and anti censorship.
During the upgrade process, as part of the sub-contract validation, the MainDispatcher
validates that the selectos are mapped to the correct sub-contract.
*/
function validatedSelectors() external pure returns (bytes4[] memory);
}
File 4 of 5: TokensAndRamping
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "../libraries/LibConstants.sol";
import "../interfaces/MAcceptModifications.sol";
import "../interfaces/MTokenQuantization.sol";
import "../components/MainStorage.sol";
/*
Interface containing actions a verifier can invoke on the state.
The contract containing the state should implement these and verify correctness.
*/
abstract contract AcceptModifications is
MainStorage,
LibConstants,
MAcceptModifications,
MTokenQuantization
{
event LogWithdrawalAllowed(
uint256 ownerKey,
uint256 assetType,
uint256 nonQuantizedAmount,
uint256 quantizedAmount
);
event LogNftWithdrawalAllowed(uint256 ownerKey, uint256 assetId);
event LogAssetWithdrawalAllowed(uint256 ownerKey, uint256 assetId, uint256 quantizedAmount);
event LogMintableWithdrawalAllowed(uint256 ownerKey, uint256 assetId, uint256 quantizedAmount);
/*
Transfers funds from the on-chain deposit area to the off-chain area.
Implemented in the Deposits contracts.
*/
function acceptDeposit(
uint256 ownerKey,
uint256 vaultId,
uint256 assetId,
uint256 quantizedAmount
) internal virtual override {
// Fetch deposit.
require(
pendingDeposits[ownerKey][assetId][vaultId] >= quantizedAmount,
"DEPOSIT_INSUFFICIENT"
);
// Subtract accepted quantized amount.
pendingDeposits[ownerKey][assetId][vaultId] -= quantizedAmount;
}
/*
Transfers funds from the off-chain area to the on-chain withdrawal area.
*/
function allowWithdrawal(
uint256 ownerKey,
uint256 assetId,
uint256 quantizedAmount
) internal override {
// Fetch withdrawal.
uint256 withdrawal = pendingWithdrawals[ownerKey][assetId];
// Add accepted quantized amount.
withdrawal += quantizedAmount;
require(withdrawal >= quantizedAmount, "WITHDRAWAL_OVERFLOW");
// Store withdrawal.
pendingWithdrawals[ownerKey][assetId] = withdrawal;
// Log event.
uint256 presumedAssetType = assetId;
if (registeredAssetType[presumedAssetType]) {
emit LogWithdrawalAllowed(
ownerKey,
presumedAssetType,
fromQuantized(presumedAssetType, quantizedAmount),
quantizedAmount
);
} else if (assetId == ((assetId & MASK_240) | MINTABLE_ASSET_ID_FLAG)) {
emit LogMintableWithdrawalAllowed(ownerKey, assetId, quantizedAmount);
} else {
// Default case is Non-Mintable ERC721 or ERC1155 asset id.
// In ERC721 and ERC1155 cases, assetId is not the assetType.
require(assetId == assetId & MASK_250, "INVALID_ASSET_ID");
// If withdrawal amount is 1, the asset could be either NFT or SFT. In that case, both
// NFT and general events will be emitted so that the listened for event is captured.
// When withdrawal is greater than 1, it must be SFT and only one event will be emitted.
if (withdrawal <= 1) {
emit LogNftWithdrawalAllowed(ownerKey, assetId);
}
emit LogAssetWithdrawalAllowed(ownerKey, assetId, quantizedAmount);
}
}
// Verifier authorizes withdrawal.
function acceptWithdrawal(
uint256 ownerKey,
uint256 assetId,
uint256 quantizedAmount
) internal virtual override {
allowWithdrawal(ownerKey, assetId, quantizedAmount);
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "../components/MainStorage.sol";
import "../libraries/LibConstants.sol";
/*
Calculation action hash for the various forced actions in a generic manner.
*/
contract ActionHash is MainStorage, LibConstants {
function getActionHash(string memory actionName, bytes memory packedActionParameters)
internal
pure
returns (bytes32 actionHash)
{
actionHash = keccak256(abi.encodePacked(actionName, packedActionParameters));
}
function setActionHash(bytes32 actionHash, bool premiumCost) internal {
// The rate of forced trade requests is restricted.
// First restriction is by capping the number of requests in a block.
// User can override this cap by requesting with a permium flag set,
// in this case, the gas cost is high (~1M) but no "technical" limit is set.
// However, the high gas cost creates an obvious limitation due to the block gas limit.
if (premiumCost) {
for (uint256 i = 0; i < 21129; i++) {}
} else {
require(
forcedRequestsInBlock[block.number] < MAX_FORCED_ACTIONS_REQS_PER_BLOCK,
"MAX_REQUESTS_PER_BLOCK_REACHED"
);
forcedRequestsInBlock[block.number] += 1;
}
forcedActionRequests[actionHash] = block.timestamp;
actionHashList.push(actionHash);
}
function getActionCount() external view returns (uint256) {
return actionHashList.length;
}
function getActionHashByIndex(uint256 actionIndex) external view returns (bytes32) {
require(actionIndex < actionHashList.length, "ACTION_INDEX_TOO_HIGH");
return actionHashList[actionIndex];
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "../components/MainStorage.sol";
import "../interfaces/MBlocklist.sol";
abstract contract Blocklist is MainStorage, MBlocklist {
uint256 constant CLEARANCE_DELAY = 2 weeks;
// NOLINTNEXTLINE: external-function.
function isBlockListed(uint256 ownerKey) public view override returns (bool) {
return blockListed[ownerKey] > 0;
}
function readyForClearance(uint256 ownerKey) public view override returns (bool) {
return isBlockListed(ownerKey) && blockListed[ownerKey] <= block.timestamp;
}
function addToBlockedList(uint256 ownerKey) public override onlyBlockAdmin {
if (!isBlockListed(ownerKey)) {
emit BlockPlaced(ownerKey);
}
blockListed[ownerKey] = block.timestamp + CLEARANCE_DELAY;
}
function removeFromBlockedList(uint256 ownerKey) public override onlyBlockAdmin {
if (isBlockListed(ownerKey)) {
emit BlockReleased(ownerKey);
}
blockListed[ownerKey] = 0;
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
/*
Common Utility librarries.
I. Addresses (extending address).
*/
library Addresses {
function isContract(address account) internal view returns (bool) {
uint256 size;
assembly {
size := extcodesize(account)
}
return size > 0;
}
function performEthTransfer(address recipient, uint256 amount) internal {
(bool success, ) = recipient.call{value: amount}(""); // NOLINT: low-level-calls.
require(success, "ETH_TRANSFER_FAILED");
}
/*
Safe wrapper around ERC20/ERC721 calls.
This is required because many deployed ERC20 contracts don't return a value.
See https://github.com/ethereum/solidity/issues/4116.
*/
function safeTokenContractCall(address tokenAddress, bytes memory callData) internal {
require(isContract(tokenAddress), "BAD_TOKEN_ADDRESS");
// NOLINTNEXTLINE: low-level-calls.
(bool success, bytes memory returndata) = tokenAddress.call(callData);
require(success, string(returndata));
if (returndata.length > 0) {
require(abi.decode(returndata, (bool)), "TOKEN_OPERATION_FAILED");
}
}
/*
Validates that the passed contract address is of a real contract,
and that its id hash (as infered fromn identify()) matched the expected one.
*/
function validateContractId(address contractAddress, bytes32 expectedIdHash) internal {
require(isContract(contractAddress), "ADDRESS_NOT_CONTRACT");
(bool success, bytes memory returndata) = contractAddress.call( // NOLINT: low-level-calls.
abi.encodeWithSignature("identify()")
);
require(success, "FAILED_TO_IDENTIFY_CONTRACT");
string memory realContractId = abi.decode(returndata, (string));
require(
keccak256(abi.encodePacked(realContractId)) == expectedIdHash,
"UNEXPECTED_CONTRACT_IDENTIFIER"
);
}
}
/*
II. StarkExTypes - Common data types.
*/
library StarkExTypes {
// Structure representing a list of verifiers (validity/availability).
// A statement is valid only if all the verifiers in the list agree on it.
// Adding a verifier to the list is immediate - this is used for fast resolution of
// any soundness issues.
// Removing from the list is time-locked, to ensure that any user of the system
// not content with the announced removal has ample time to leave the system before it is
// removed.
struct ApprovalChainData {
address[] list;
// Represents the time after which the verifier with the given address can be removed.
// Removal of the verifier with address A is allowed only in the case the value
// of unlockedForRemovalTime[A] != 0 and unlockedForRemovalTime[A] < (current time).
mapping(address => uint256) unlockedForRemovalTime;
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "../libraries/LibConstants.sol";
import "../interfaces/MAcceptModifications.sol";
import "../interfaces/MDeposits.sol";
import "../interfaces/MTokenQuantization.sol";
import "../interfaces/MTokenAssetData.sol";
import "../interfaces/MFreezable.sol";
import "../interfaces/MKeyGetters.sol";
import "../interfaces/MTokenTransfers.sol";
import "../components/MainStorage.sol";
/**
For a user to perform a deposit to the contract two calls need to take place:
1. A call to an ERC20 contract, authorizing this contract to transfer funds on behalf of the user.
2. A call to :sol:func:`deposit` indicating the starkKey, amount, asset type and target vault ID to which to send the deposit.
The amount should be quantized, according to the specific quantization defined for the asset type.
The result of the operation, assuming all requirements are met, is that an amount of ERC20 tokens
equaling the amount specified in the :sol:func:`deposit` call times the quantization factor is
transferred on behalf of the user to the contract. In addition, the contract adds the funds to an
accumulator of pending deposits for the provided user, asset ID and vault ID.
Once a deposit is made, the exchange may include it in a proof which will result in addition
of the amount(s) deposited to the off-chain vault with the specified ID. When the contract
receives such valid proof, it deducts the transfered funds from the pending deposits for the
specified Stark key, asset ID and vault ID.
The exchange will not be able to move the deposited funds to the off-chain vault if the Stark key
is not registered in the system.
Until that point, the user may cancel the deposit by performing a time-locked cancel-deposit
operation consisting of two calls:
1. A call to :sol:func:`depositCancel`, setting a timer to enable reclaiming the deposit. Until this timer expires the user cannot reclaim funds as the exchange may still be processing the deposit for inclusion in the off chain vault.
2. A call to :sol:func:`depositReclaim`, to perform the actual transfer of funds from the contract back to the ERC20 contract. This will only succeed if the timer set in the previous call has expired. The result should be the transfer of all funds not accounted for in proofs for off-chain inclusion, back to the user account on the ERC20 contract.
Calling depositCancel and depositReclaim can only be done via an ethKey that is associated with
that vault's starkKey. This is enforced by the contract.
*/
abstract contract Deposits is
MainStorage,
LibConstants,
MAcceptModifications,
MDeposits,
MTokenQuantization,
MTokenAssetData,
MFreezable,
MKeyGetters,
MTokenTransfers
{
event LogDeposit(
address depositorEthKey,
uint256 starkKey,
uint256 vaultId,
uint256 assetType,
uint256 nonQuantizedAmount,
uint256 quantizedAmount
);
event LogNftDeposit(
address depositorEthKey,
uint256 starkKey,
uint256 vaultId,
uint256 assetType,
uint256 tokenId,
uint256 assetId
);
event LogDepositWithTokenId(
address depositorEthKey,
uint256 starkKey,
uint256 vaultId,
uint256 assetType,
uint256 tokenId,
uint256 assetId,
uint256 nonQuantizedAmount,
uint256 quantizedAmount
);
event LogDepositCancel(uint256 starkKey, uint256 vaultId, uint256 assetId);
event LogDepositCancelReclaimed(
uint256 starkKey,
uint256 vaultId,
uint256 assetType,
uint256 nonQuantizedAmount,
uint256 quantizedAmount
);
event LogDepositNftCancelReclaimed(
uint256 starkKey,
uint256 vaultId,
uint256 assetType,
uint256 tokenId,
uint256 assetId
);
event LogDepositWithTokenIdCancelReclaimed(
uint256 starkKey,
uint256 vaultId,
uint256 assetType,
uint256 tokenId,
uint256 assetId,
uint256 nonQuantizedAmount,
uint256 quantizedAmount
);
function getDepositBalance(
uint256 starkKey,
uint256 assetId,
uint256 vaultId
) external view returns (uint256) {
uint256 presumedAssetType = assetId;
return fromQuantized(presumedAssetType, pendingDeposits[starkKey][assetId][vaultId]);
}
function getQuantizedDepositBalance(
uint256 starkKey,
uint256 assetId,
uint256 vaultId
) external view returns (uint256) {
return pendingDeposits[starkKey][assetId][vaultId];
}
function depositNft(
uint256 starkKey,
uint256 assetType,
uint256 vaultId,
uint256 tokenId
) external notFrozen {
require(isERC721(assetType), "NOT_ERC721_TOKEN");
depositWithTokenId(starkKey, assetType, tokenId, vaultId, 1);
}
function depositERC1155(
uint256 starkKey,
uint256 assetType,
uint256 tokenId,
uint256 vaultId,
uint256 quantizedAmount
) external notFrozen {
require(isERC1155(assetType), "NOT_ERC1155_TOKEN");
depositWithTokenId(starkKey, assetType, tokenId, vaultId, quantizedAmount);
}
function depositStateUpdate(
uint256 starkKey,
uint256 assetId,
uint256 vaultId,
uint256 quantizedAmount
) private returns (uint256) {
// Checks for overflow and updates the pendingDeposits balance.
uint256 vaultBalance = pendingDeposits[starkKey][assetId][vaultId];
vaultBalance += quantizedAmount;
require(vaultBalance >= quantizedAmount, "DEPOSIT_OVERFLOW");
pendingDeposits[starkKey][assetId][vaultId] = vaultBalance;
// Disable the cancellationRequest timeout when users deposit into their own account.
if (
isMsgSenderKeyOwner(starkKey) && cancellationRequests[starkKey][assetId][vaultId] != 0
) {
delete cancellationRequests[starkKey][assetId][vaultId];
}
// Returns the updated vault balance.
return vaultBalance;
}
function depositWithTokenId(
uint256 starkKey,
uint256 assetType,
uint256 tokenId,
uint256 vaultId,
uint256 quantizedAmount
) public notFrozen {
// The vaultId is not validated but should be in the allowed range supported by the
// exchange. If not, it will be ignored by the exchange and the starkKey owner may reclaim
// the funds by using depositCancel + depositReclaim.
require(isAssetTypeWithTokenId(assetType), "INVALID_ASSET_TYPE");
uint256 assetId = calculateAssetIdWithTokenId(assetType, tokenId);
// Updates the pendingDeposits balance and clears cancellationRequests when applicable.
uint256 newVaultBalance = depositStateUpdate(starkKey, assetId, vaultId, quantizedAmount);
// No need to verify amount > 0, a deposit with amount = 0 can be used to undo cancellation.
if (isERC721(assetType)) {
require(newVaultBalance <= 1, "ILLEGAL_ERC721_AMOUNT");
emit LogNftDeposit(msg.sender, starkKey, vaultId, assetType, tokenId, assetId);
}
// Transfer the tokens to the Deposit contract.
transferInWithTokenId(assetType, tokenId, quantizedAmount);
// Log event.
emit LogDepositWithTokenId(
msg.sender,
starkKey,
vaultId,
assetType,
tokenId,
assetId,
fromQuantized(assetType, quantizedAmount),
quantizedAmount
);
}
function getCancellationRequest(
uint256 starkKey,
uint256 assetId,
uint256 vaultId
) external view returns (uint256 request) {
request = cancellationRequests[starkKey][assetId][vaultId];
}
function depositERC20(
uint256 starkKey,
uint256 assetType,
uint256 vaultId,
uint256 quantizedAmount
) public override {
deposit(starkKey, assetType, vaultId, quantizedAmount);
}
// NOLINTNEXTLINE: locked-ether.
function depositEth(
uint256 starkKey,
uint256 assetType,
uint256 vaultId
) public payable override {
require(isEther(assetType), "INVALID_ASSET_TYPE");
deposit(starkKey, assetType, vaultId, toQuantized(assetType, msg.value));
}
function deposit(
uint256 starkKey,
uint256 assetType,
uint256 vaultId,
uint256 quantizedAmount
) public notFrozen {
// The vaultId is not validated but should be in the allowed range supported by the
// exchange. If not, it will be ignored by the exchange and the starkKey owner may reclaim
// the funds by using depositCancel + depositReclaim.
// No need to verify amount > 0, a deposit with amount = 0 can be used to undo cancellation.
require(!isMintableAssetType(assetType), "MINTABLE_ASSET_TYPE");
require(isFungibleAssetType(assetType), "NON_FUNGIBLE_ASSET_TYPE");
uint256 assetId = assetType;
// Updates the pendingDeposits balance and clears cancellationRequests when applicable.
depositStateUpdate(starkKey, assetId, vaultId, quantizedAmount);
// Transfer the tokens to the Deposit contract.
transferIn(assetType, quantizedAmount);
// Log event.
emit LogDeposit(
msg.sender,
starkKey,
vaultId,
assetType,
fromQuantized(assetType, quantizedAmount),
quantizedAmount
);
}
function deposit(
// NOLINT: locked-ether.
uint256 starkKey,
uint256 assetType,
uint256 vaultId
) external payable {
require(isEther(assetType), "INVALID_ASSET_TYPE");
deposit(starkKey, assetType, vaultId, toQuantized(assetType, msg.value));
}
function depositCancel(
uint256 starkKey,
uint256 assetId,
uint256 vaultId
)
external
onlyKeyOwner(starkKey)
// No notFrozen modifier: This function can always be used, even when frozen.
{
// Allow cancellation only for real deposit that were placed.
require(pendingDeposits[starkKey][assetId][vaultId] > 0, "DEPOSIT_DOESNT_EXIST");
// Start the timeout.
cancellationRequests[starkKey][assetId][vaultId] = block.timestamp;
// Log event.
emit LogDepositCancel(starkKey, vaultId, assetId);
}
function clearCancelledDeposit(
uint256 starkKey,
uint256 assetId,
uint256 vaultId
) private returns (uint256) {
// Make sure enough time has passed.
uint256 requestTime = cancellationRequests[starkKey][assetId][vaultId];
require(requestTime != 0, "DEPOSIT_NOT_CANCELED");
uint256 freeTime = requestTime + DEPOSIT_CANCEL_DELAY;
assert(freeTime >= DEPOSIT_CANCEL_DELAY);
require(block.timestamp >= freeTime, "DEPOSIT_LOCKED"); // NOLINT: timestamp.
// Clear deposit.
uint256 quantizedAmount = pendingDeposits[starkKey][assetId][vaultId];
delete pendingDeposits[starkKey][assetId][vaultId];
delete cancellationRequests[starkKey][assetId][vaultId];
// Return the cleared amount so it can be transferred back to the reclaimer.
return quantizedAmount;
}
function depositReclaim(
uint256 starkKey,
uint256 assetType,
uint256 vaultId
)
external
onlyKeyOwner(starkKey)
// No notFrozen modifier: This function can always be used, even when frozen.
{
require(isFungibleAssetType(assetType), "NON_FUNGIBLE_ASSET_TYPE");
// Clear deposit and attain the cleared amount to be transferred out.
uint256 assetId = assetType;
uint256 quantizedAmount = clearCancelledDeposit(starkKey, assetId, vaultId);
// Refund deposit.
transferOut(msg.sender, assetType, quantizedAmount);
// Log event.
emit LogDepositCancelReclaimed(
starkKey,
vaultId,
assetType,
fromQuantized(assetType, quantizedAmount),
quantizedAmount
);
}
function depositWithTokenIdReclaim(
uint256 starkKey,
uint256 assetType,
uint256 tokenId,
uint256 vaultId
)
public
onlyKeyOwner(starkKey)
// No notFrozen modifier: This function can always be used, even when frozen.
{
require(isAssetTypeWithTokenId(assetType), "INVALID_ASSET_TYPE");
// Clear deposit and attain the cleared amount to be transferred out.
uint256 assetId = calculateAssetIdWithTokenId(assetType, tokenId);
uint256 quantizedAmount = clearCancelledDeposit(starkKey, assetId, vaultId);
if (quantizedAmount > 0) {
// Refund deposit.
transferOutWithTokenId(msg.sender, assetType, tokenId, quantizedAmount);
}
// Log event.
if (isERC721(assetType)) {
emit LogDepositNftCancelReclaimed(starkKey, vaultId, assetType, tokenId, assetId);
}
emit LogDepositWithTokenIdCancelReclaimed(
starkKey,
vaultId,
assetType,
tokenId,
assetId,
fromQuantized(assetType, quantizedAmount),
quantizedAmount
);
}
function depositNftReclaim(
uint256 starkKey,
uint256 assetType,
uint256 vaultId,
uint256 tokenId
)
external
onlyKeyOwner(starkKey)
// No notFrozen modifier: This function can always be used, even when frozen.
{
depositWithTokenIdReclaim(starkKey, assetType, tokenId, vaultId);
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "../tokens/ERC1155/IERC1155Receiver.sol";
/*
ERC1155 token receiver interface.
EIP-1155 requires any contract receiving ERC1155 tokens to implement IERC1155Receiver interface.
By EIP:
1. safeTransferFrom API of ERC1155 shall call onERC1155Received on the receiving contract.
2. safeBatchTransferFrom API of ERC1155 to call onERC1155BatchReceived on the receiving contract.
Have the receiving contract failed to respond as expected, the safe transfer functions shall be reverted.
*/
contract ERC1155Receiver is IERC1155Receiver {
/**
Handles the receipt of a single ERC1155 token type.
@param `operator` The address which called `safeTransferFrom` function
@param `from` The address which previously owned the token
@param `id` The identifier of the token which is being transferred
@param `value` the amount of token units being transferred
@param `data` Additional data with no specified format
Returns:
When invoked by the receiving contract, satisfying the deposit pattern (i.e. operator == this)
`bytes4(keccak256("onERC1155Received(address,address,uint256,uint256,bytes)"))` is returned.
In all other cases returns `bytes4(0)`, which should invoke an error of the form
`ERC1155: ERC1155Receiver rejected tokens`.
*/
function onERC1155Received(
address operator,
address, // from
uint256, // id
uint256, // value
bytes calldata // data
) external override returns (bytes4) {
return (operator == address(this) ? this.onERC1155Received.selector : bytes4(0));
}
/**
Handles the receipt of multiple ERC1155 token types.
@param `operator` The address which called `safeBatchTransferFrom` function
@param `from` The address which previously owned the token
@param `ids` The identifier of the token which is being transferred
@param `values` the amount of token units being transferred
@param `data` Additional data with no specified format
Returns:
When invoked by the receiving contract, satisfying the deposit pattern (i.e. operator == this)
`bytes4(keccak256("onERC1155BatchReceived(address,address,uint256,uint256,bytes)"))` is returned.
In all other cases returns `bytes4(0)`, which should invoke an error of the form
`ERC1155: ERC1155Receiver rejected tokens`.
Note: a rejection value `bytes4(0)` is to be expected. Batch deposits are unsupported by StarkEx.
*/
function onERC1155BatchReceived(
address operator,
address, // from
uint256[] calldata, // ids
uint256[] calldata, // values
bytes calldata // data
) external override returns (bytes4) {
return (operator == address(this) ? this.onERC1155BatchReceived.selector : bytes4(0));
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "../tokens/ERC721/IERC721Receiver.sol";
/*
ERC721 token receiver interface
EIP-721 requires any contract receiving ERC721 tokens to implement IERC721Receiver interface.
By EIP, safeTransferFrom API of ERC721 shall call onERC721Received on the receiving contract.
Have the receiving contract failed to respond as expected, the safeTransferFrom shall be reverted.
Params:
`operator` The address which called `safeTransferFrom` function
`from` The address which previously owned the token
`tokenId` The NFT identifier which is being transferred
`data` Additional data with no specified format
Returns:
When invoked by the main contract, following the deposit pattern:
`bytes4(keccak256("onERC721Received(address,address,uint256,bytes)"))`, which indicates success.
In all other cases: `bytes4(0)`, which should fail ERC721's safeTransferFrom.
*/
contract ERC721Receiver is IERC721Receiver {
function onERC721Received(
address operator, // The address which called `safeTransferFrom` function.
address, // from - The address which previously owned the token.
uint256, // tokenId - The NFT identifier which is being transferred.
bytes calldata // data - Additional data with no specified format.
) external override returns (bytes4) {
return (operator == address(this) ? this.onERC721Received.selector : bytes4(0));
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "../libraries/LibConstants.sol";
import "../interfaces/MFreezable.sol";
import "../interfaces/MGovernance.sol";
import "./MainStorage.sol";
/*
Implements MFreezable.
*/
abstract contract Freezable is MainStorage, LibConstants, MGovernance, MFreezable {
event LogFrozen();
event LogUnFrozen();
function isFrozen() public view override returns (bool) {
return stateFrozen;
}
function validateFreezeRequest(uint256 requestTime) internal override {
require(requestTime != 0, "FORCED_ACTION_UNREQUESTED");
// Verify timer on escape request.
uint256 freezeTime = requestTime + FREEZE_GRACE_PERIOD;
// Prevent wraparound.
assert(freezeTime >= FREEZE_GRACE_PERIOD);
require(block.timestamp >= freezeTime, "FORCED_ACTION_PENDING"); // NOLINT: timestamp.
// Forced action requests placed before freeze, are no longer valid after the un-freeze.
require(freezeTime > unFreezeTime, "REFREEZE_ATTEMPT");
}
function freeze() internal override notFrozen {
unFreezeTime = block.timestamp + UNFREEZE_DELAY;
// Update state.
stateFrozen = true;
// Log event.
emit LogFrozen();
}
function unFreeze() external onlyFrozen onlyGovernance {
require(block.timestamp >= unFreezeTime, "UNFREEZE_NOT_ALLOWED_YET");
// Update state.
stateFrozen = false;
// Increment roots to invalidate them, w/o losing information.
validiumVaultRoot += 1;
rollupVaultRoot += 1;
orderRoot += 1;
// Log event.
emit LogUnFrozen();
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "../interfaces/MGovernance.sol";
/*
Implements Generic Governance, applicable for both proxy and main contract, and possibly others.
Notes:
The use of the same function names by both the Proxy and a delegated implementation
is not possible since calling the implementation functions is done via the default function
of the Proxy. For this reason, for example, the implementation of MainContract (MainGovernance)
exposes mainIsGovernor, which calls the internal _isGovernor method.
*/
abstract contract Governance is MGovernance {
event LogNominatedGovernor(address nominatedGovernor);
event LogNewGovernorAccepted(address acceptedGovernor);
event LogRemovedGovernor(address removedGovernor);
event LogNominationCancelled();
function getGovernanceInfo() internal view virtual returns (GovernanceInfoStruct storage);
/*
Current code intentionally prevents governance re-initialization.
This may be a problem in an upgrade situation, in a case that the upgrade-to implementation
performs an initialization (for real) and within that calls initGovernance().
Possible workarounds:
1. Clearing the governance info altogether by changing the MAIN_GOVERNANCE_INFO_TAG.
This will remove existing main governance information.
2. Modify the require part in this function, so that it will exit quietly
when trying to re-initialize (uncomment the lines below).
*/
function initGovernance() internal {
GovernanceInfoStruct storage gub = getGovernanceInfo();
require(!gub.initialized, "ALREADY_INITIALIZED");
gub.initialized = true; // to ensure addGovernor() won't fail.
// Add the initial governer.
addGovernor(msg.sender);
}
function _isGovernor(address testGovernor) internal view override returns (bool) {
GovernanceInfoStruct storage gub = getGovernanceInfo();
return gub.effectiveGovernors[testGovernor];
}
/*
Cancels the nomination of a governor candidate.
*/
function _cancelNomination() internal onlyGovernance {
GovernanceInfoStruct storage gub = getGovernanceInfo();
gub.candidateGovernor = address(0x0);
emit LogNominationCancelled();
}
function _nominateNewGovernor(address newGovernor) internal onlyGovernance {
GovernanceInfoStruct storage gub = getGovernanceInfo();
require(!_isGovernor(newGovernor), "ALREADY_GOVERNOR");
gub.candidateGovernor = newGovernor;
emit LogNominatedGovernor(newGovernor);
}
/*
The addGovernor is called in two cases:
1. by _acceptGovernance when a new governor accepts its role.
2. by initGovernance to add the initial governor.
The difference is that the init path skips the nominate step
that would fail because of the onlyGovernance modifier.
*/
function addGovernor(address newGovernor) private {
require(!_isGovernor(newGovernor), "ALREADY_GOVERNOR");
GovernanceInfoStruct storage gub = getGovernanceInfo();
gub.effectiveGovernors[newGovernor] = true;
}
function _acceptGovernance() internal {
// The new governor was proposed as a candidate by the current governor.
GovernanceInfoStruct storage gub = getGovernanceInfo();
require(msg.sender == gub.candidateGovernor, "ONLY_CANDIDATE_GOVERNOR");
// Update state.
addGovernor(gub.candidateGovernor);
gub.candidateGovernor = address(0x0);
// Send a notification about the change of governor.
emit LogNewGovernorAccepted(msg.sender);
}
/*
Remove a governor from office.
*/
function _removeGovernor(address governorForRemoval) internal onlyGovernance {
require(msg.sender != governorForRemoval, "GOVERNOR_SELF_REMOVE");
GovernanceInfoStruct storage gub = getGovernanceInfo();
require(_isGovernor(governorForRemoval), "NOT_GOVERNOR");
gub.effectiveGovernors[governorForRemoval] = false;
emit LogRemovedGovernor(governorForRemoval);
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "../interfaces/MGovernance.sol";
/*
Holds the governance slots for ALL entities, including proxy and the main contract.
*/
contract GovernanceStorage {
// A map from a Governor tag to its own GovernanceInfoStruct.
mapping(string => GovernanceInfoStruct) internal governanceInfo; //NOLINT uninitialized-state.
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: MIT.
pragma solidity ^0.6.12;
/**
Required interface of an ERC1155 compliant contract, as defined in the
https://eips.ethereum.org/EIPS/eip-1155[EIP].
_Available since v3.1.
*/
interface IERC1155 {
/**
Emitted when `value` tokens of token type `id` are transferred from `from` to `to` by `operator`.
*/
event TransferSingle(
address indexed operator,
address indexed from,
address indexed to,
uint256 id,
uint256 value
);
/**
Equivalent to multiple {TransferSingle} events, where `operator`, `from` and `to` are the same for all
transfers.
*/
event TransferBatch(
address indexed operator,
address indexed from,
address indexed to,
uint256[] ids,
uint256[] values
);
/**
Emitted when `account` grants or revokes permission to `operator` to transfer their tokens, according to
`approved`.
*/
event ApprovalForAll(address indexed account, address indexed operator, bool approved);
/**
Emitted when the URI for token type `id` changes to `value`, if it is a non-programmatic URI.
If an {URI} event was emitted for `id`, the standard
https://eips.ethereum.org/EIPS/eip-1155#metadata-extensions[guarantees] that `value` will equal the value
returned by {IERC1155MetadataURI-uri}.
*/
event URI(string value, uint256 indexed id);
/**
Returns the amount of tokens of token type `id` owned by `account`.
Requirements:
- `account` cannot be the zero address.
*/
function balanceOf(address account, uint256 id) external view returns (uint256);
/**
Requirements:
- `accounts` and `ids` must have the same length.
*/
function balanceOfBatch(address[] calldata accounts, uint256[] calldata ids)
external
view
returns (uint256[] memory);
/**
Grants or revokes permission to `operator` to transfer the caller's tokens, according to `approved`,
Emits an {ApprovalForAll} event.
Requirements:
- `operator` cannot be the caller.
*/
function setApprovalForAll(address operator, bool approved) external;
/**
Returns true if `operator` is approved to transfer ``account``'s tokens.
See {setApprovalForAll}.
*/
function isApprovedForAll(address account, address operator) external view returns (bool);
/**
Transfers `amount` tokens of token type `id` from `from` to `to`.
Emits a {TransferSingle} event.
Requirements:
- `to` cannot be the zero address.
- If the caller is not `from`, it must be have been approved to spend ``from``'s tokens via {setApprovalForAll}.
- `from` must have a balance of tokens of type `id` of at least `amount`.
- If `to` refers to a smart contract, it must implement {IERC1155Receiver-onERC1155Received} and return the
acceptance magic value.
*/
function safeTransferFrom(
address from,
address to,
uint256 id,
uint256 amount,
bytes calldata data
) external;
/**
Emits a {TransferBatch} event.
Requirements:
- `ids` and `amounts` must have the same length.
- If `to` refers to a smart contract, it must implement {IERC1155Receiver-onERC1155BatchReceived} and return the
acceptance magic value.
*/
function safeBatchTransferFrom(
address from,
address to,
uint256[] calldata ids,
uint256[] calldata amounts,
bytes calldata data
) external;
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
/**
Note: The ERC-165 identifier for this interface is 0x4e2312e0.
*/
interface IERC1155Receiver {
/**
Handles the receipt of a single ERC1155 token type.
@dev An ERC1155-compliant smart contract MUST call this function on the token recipient contract, at the end of a `safeTransferFrom` after the balance has been updated.
This function MUST return `bytes4(keccak256("onERC1155Received(address,address,uint256,uint256,bytes)"))` (i.e. 0xf23a6e61) if it accepts the transfer.
This function MUST revert if it rejects the transfer.
Return of any other value than the prescribed keccak256 generated value MUST result in the transaction being reverted by the caller.
@param operator The address which initiated the transfer (i.e. msg.sender)
@param from The address which previously owned the token
@param id The ID of the token being transferred
@param value The amount of tokens being transferred
@param data Additional data with no specified format
@return `bytes4(keccak256("onERC1155Received(address,address,uint256,uint256,bytes)"))` .
*/
function onERC1155Received(
address operator,
address from,
uint256 id,
uint256 value,
bytes calldata data
) external returns (bytes4);
/**
Handles the receipt of multiple ERC1155 token types.
@dev An ERC1155-compliant smart contract MUST call this function on the token recipient contract, at the end of a `safeBatchTransferFrom` after the balances have been updated.
This function MUST return `bytes4(keccak256("onERC1155BatchReceived(address,address,uint256[],uint256[],bytes)"))` (i.e. 0xbc197c81) if it accepts the transfer(s).
This function MUST revert if it rejects the transfer(s).
Return of any other value than the prescribed keccak256 generated value MUST result in the transaction being reverted by the caller.
@param operator The address which initiated the batch transfer (i.e. msg.sender)
@param from The address which previously owned the token
@param ids An array containing ids of each token being transferred (order and length must match values array)
@param values An array containing amounts of each token being transferred (order and length must match ids array)
@param data Additional data with no specified format
@return `bytes4(keccak256("onERC1155BatchReceived(address,address,uint256[],uint256[],bytes)"))` .
*/
function onERC1155BatchReceived(
address operator,
address from,
uint256[] calldata ids,
uint256[] calldata values,
bytes calldata data
) external returns (bytes4);
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
/**
Interface of the ERC20 standard as defined in the EIP. Does not include
the optional functions; to access them see {ERC20Detailed}.
*/
interface IERC20 {
function totalSupply() external view returns (uint256);
function balanceOf(address account) external view returns (uint256);
function transfer(address recipient, uint256 amount) external returns (bool);
function allowance(address owner, address spender) external view returns (uint256);
function approve(address spender, uint256 amount) external returns (bool);
function transferFrom(
address sender,
address recipient,
uint256 amount
) external returns (bool);
event Transfer(address indexed from, address indexed to, uint256 value);
event Approval(address indexed owner, address indexed spender, uint256 value);
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
interface IERC721Receiver {
function onERC721Received(
address operator,
address from,
uint256 tokenId,
bytes calldata data
) external returns (bytes4);
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
interface Identity {
/*
Allows a caller, typically another contract,
to ensure that the provided address is of the expected type and version.
*/
function identify() external pure returns (string memory);
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "../components/MainStorage.sol";
import "../interfaces/MKeyGetters.sol";
/*
Implements MKeyGetters.
*/
contract KeyGetters is MainStorage, MKeyGetters {
uint256 internal constant MASK_ADDRESS = (1 << 160) - 1;
/*
Returns the Ethereum public key (address) that owns the given ownerKey.
If the ownerKey size is within the range of an Ethereum address (i.e. < 2**160)
it returns the owner key itself.
If the ownerKey is larger than a potential eth address, the eth address for which the starkKey
was registered is returned, and 0 if the starkKey is not registered.
Note - prior to version 4.0 this function reverted on an unregistered starkKey.
For a variant of this function that reverts on an unregistered starkKey, use strictGetEthKey.
*/
function getEthKey(uint256 ownerKey) public view override returns (address) {
address registeredEth = ethKeys[ownerKey];
if (registeredEth != address(0x0)) {
return registeredEth;
}
return ownerKey == (ownerKey & MASK_ADDRESS) ? address(ownerKey) : address(0x0);
}
/*
Same as getEthKey, but fails when a stark key is not registered.
*/
function strictGetEthKey(uint256 ownerKey) internal view override returns (address ethKey) {
ethKey = getEthKey(ownerKey);
require(ethKey != address(0x0), "USER_UNREGISTERED");
}
function isMsgSenderKeyOwner(uint256 ownerKey) internal view override returns (bool) {
return msg.sender == getEthKey(ownerKey);
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
contract LibConstants {
// Durations for time locked mechanisms (in seconds).
// Note that it is known that miners can manipulate block timestamps
// up to a deviation of a few seconds.
// This mechanism should not be used for fine grained timing.
// The time required to cancel a deposit, in the case the operator does not move the funds
// to the off-chain storage.
uint256 public constant DEPOSIT_CANCEL_DELAY = 2 days;
// The time required to freeze the exchange, in the case the operator does not execute a
// requested full withdrawal.
uint256 public constant FREEZE_GRACE_PERIOD = 7 days;
// The time after which the exchange may be unfrozen after it froze. This should be enough time
// for users to perform escape hatches to get back their funds.
uint256 public constant UNFREEZE_DELAY = 365 days;
// Maximal number of verifiers which may co-exist.
uint256 public constant MAX_VERIFIER_COUNT = uint256(64);
// The time required to remove a verifier in case of a verifier upgrade.
uint256 public constant VERIFIER_REMOVAL_DELAY = FREEZE_GRACE_PERIOD + (21 days);
address constant ZERO_ADDRESS = address(0x0);
uint256 constant K_MODULUS = 0x800000000000011000000000000000000000000000000000000000000000001;
uint256 constant K_BETA = 0x6f21413efbe40de150e596d72f7a8c5609ad26c15c915c1f4cdfcb99cee9e89;
uint256 internal constant MASK_250 =
0x03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF;
uint256 internal constant MASK_240 =
0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF;
uint256 public constant MAX_FORCED_ACTIONS_REQS_PER_BLOCK = 10;
uint256 constant QUANTUM_UPPER_BOUND = 2**128;
uint256 internal constant MINTABLE_ASSET_ID_FLAG = 1 << 250;
// The 64th bit (indexed 63, counting from 0) is a flag indicating a rollup vault id.
uint256 constant ROLLUP_VAULTS_BIT = 63;
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
/*
Interface containing actions a verifier can invoke on the state.
The contract containing the state should implement these and verify correctness.
*/
abstract contract MAcceptModifications {
function acceptDeposit(
uint256 ownerKey,
uint256 vaultId,
uint256 assetId,
uint256 quantizedAmount
) internal virtual;
function allowWithdrawal(
uint256 ownerKey,
uint256 assetId,
uint256 quantizedAmount
) internal virtual;
function acceptWithdrawal(
uint256 ownerKey,
uint256 assetId,
uint256 quantizedAmount
) internal virtual;
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
abstract contract MBlocklist {
event BlockPlaced(uint256 indexed ownerKey);
event BlockReleased(uint256 indexed ownerKey);
event AdminForcedWithdrawal(uint256 indexed ownerKey, address indexed destination);
address internal constant BLOCK_ADMIN = 0x520Cf70a2D0B3dfB7386A2Bc9F800321F62a5c3a;
// NOLINTNEXTLINE: external-function.
function isBlockListed(uint256 ownerKey) public view virtual returns (bool);
// NOLINTNEXTLINE: external-function.
function readyForClearance(uint256 ownerKey) public view virtual returns (bool);
function addToBlockedList(uint256 ownerKey) external virtual;
function removeFromBlockedList(uint256 ownerKey) external virtual;
/**
Reverts if called by a blocked account.
*/
modifier onlyNotBlocked(uint256 ownerKey) {
require(!isBlockListed(ownerKey), "USER_BLOCK_LISTED");
_;
}
modifier onlyBlockAdmin() {
require(msg.sender == BLOCK_ADMIN, "ONLY_BLOCK_ADMIN");
_;
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
abstract contract MDeposits {
function depositERC20(
// NOLINT external-function.
uint256 starkKey,
uint256 assetType,
uint256 vaultId,
uint256 quantizedAmount
) public virtual;
function depositEth(
// NOLINT external-function.
uint256 starkKey,
uint256 assetType,
uint256 vaultId
) public payable virtual;
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
abstract contract MFreezable {
/*
Returns true if the exchange is frozen.
*/
function isFrozen() public view virtual returns (bool); // NOLINT: external-function.
/*
Forbids calling the function if the exchange is frozen.
*/
modifier notFrozen() {
require(!isFrozen(), "STATE_IS_FROZEN");
_;
}
function validateFreezeRequest(uint256 requestTime) internal virtual;
/*
Allows calling the function only if the exchange is frozen.
*/
modifier onlyFrozen() {
require(isFrozen(), "STATE_NOT_FROZEN");
_;
}
/*
Freezes the exchange.
*/
function freeze() internal virtual;
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
struct GovernanceInfoStruct {
mapping(address => bool) effectiveGovernors;
address candidateGovernor;
bool initialized;
}
abstract contract MGovernance {
function _isGovernor(address testGovernor) internal view virtual returns (bool);
/*
Allows calling the function only by a Governor.
*/
modifier onlyGovernance() {
require(_isGovernor(msg.sender), "ONLY_GOVERNANCE");
_;
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
abstract contract MKeyGetters {
// NOLINTNEXTLINE: external-function.
function getEthKey(uint256 ownerKey) public view virtual returns (address);
function strictGetEthKey(uint256 ownerKey) internal view virtual returns (address);
function isMsgSenderKeyOwner(uint256 ownerKey) internal view virtual returns (bool);
/*
Allows calling the function only if ownerKey is registered to msg.sender.
*/
modifier onlyKeyOwner(uint256 ownerKey) {
// Require the calling user to own the stark key.
require(msg.sender == strictGetEthKey(ownerKey), "MISMATCHING_STARK_ETH_KEYS");
_;
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
abstract contract MStarkExForcedActionState {
function fullWithdrawActionHash(uint256 ownerKey, uint256 vaultId)
internal
pure
virtual
returns (bytes32);
function clearFullWithdrawalRequest(uint256 ownerKey, uint256 vaultId) internal virtual;
// NOLINTNEXTLINE: external-function.
function getFullWithdrawalRequest(uint256 ownerKey, uint256 vaultId)
public
view
virtual
returns (uint256);
function setFullWithdrawalRequest(uint256 ownerKey, uint256 vaultId) internal virtual;
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
abstract contract MTokenAssetData {
// NOLINTNEXTLINE: external-function.
function getAssetInfo(uint256 assetType) public view virtual returns (bytes memory);
function isEther(uint256 assetType) internal view virtual returns (bool);
function isERC20(uint256 assetType) internal view virtual returns (bool);
function isERC721(uint256 assetType) internal view virtual returns (bool);
function isERC1155(uint256 assetType) internal view virtual returns (bool);
function isFungibleAssetType(uint256 assetType) internal view virtual returns (bool);
function isMintableAssetType(uint256 assetType) internal view virtual returns (bool);
function isAssetTypeWithTokenId(uint256 assetType) internal view virtual returns (bool);
function extractContractAddress(uint256 assetType) internal view virtual returns (address);
function verifyAssetInfo(bytes memory assetInfo) internal view virtual;
function isNonFungibleAssetInfo(bytes memory assetInfo) internal pure virtual returns (bool);
function calculateAssetIdWithTokenId(uint256 assetType, uint256 tokenId)
public
view
virtual
returns (uint256);
function calculateMintableAssetId(uint256 assetType, bytes memory mintingBlob)
public
pure
virtual
returns (uint256);
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
abstract contract MTokenQuantization {
function fromQuantized(uint256 presumedAssetType, uint256 quantizedAmount)
internal
view
virtual
returns (uint256 amount);
// NOLINTNEXTLINE: external-function.
function getQuantum(uint256 presumedAssetType) public view virtual returns (uint256 quantum);
function toQuantized(uint256 presumedAssetType, uint256 amount)
internal
view
virtual
returns (uint256 quantizedAmount);
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
abstract contract MTokenTransfers {
function transferIn(uint256 assetType, uint256 quantizedAmount) internal virtual;
function transferInWithTokenId(
uint256 assetType,
uint256 tokenId,
uint256 quantizedAmount
) internal virtual;
function transferOut(
address payable recipient,
uint256 assetType,
uint256 quantizedAmount
) internal virtual;
function transferOutWithTokenId(
address recipient,
uint256 assetType,
uint256 tokenId,
uint256 quantizedAmount
) internal virtual;
function transferOutMint(
uint256 assetType,
uint256 quantizedAmount,
address recipient,
bytes calldata mintingBlob
) internal virtual;
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "./Governance.sol";
import "./GovernanceStorage.sol";
/**
The StarkEx contract is governed by one or more Governors of which the initial one is the
deployer of the contract.
A governor has the sole authority to perform the following operations:
1. Nominate additional governors (:sol:func:`mainNominateNewGovernor`)
2. Remove other governors (:sol:func:`mainRemoveGovernor`)
3. Add new :sol:mod:`Verifiers` and :sol:mod:`AvailabilityVerifiers`
4. Remove :sol:mod:`Verifiers` and :sol:mod:`AvailabilityVerifiers` after a timelock allows it
5. Nominate Operators (see :sol:mod:`Operator`) and Token Administrators (see :sol:mod:`TokenRegister`)
Adding governors is performed in a two step procedure:
1. First, an existing governor nominates a new governor (:sol:func:`mainNominateNewGovernor`)
2. Then, the new governor must accept governance to become a governor (:sol:func:`mainAcceptGovernance`)
This two step procedure ensures that a governor public key cannot be nominated unless there is an
entity that has the corresponding private key. This is intended to prevent errors in the addition
process.
The governor private key should typically be held in a secure cold wallet.
*/
/*
Implements Governance for the StarkDex main contract.
The wrapper methods (e.g. mainIsGovernor wrapping _isGovernor) are needed to give
the method unique names.
Both Proxy and StarkExchange inherit from Governance. Thus, the logical contract method names
must have unique names in order for the proxy to successfully delegate to them.
*/
contract MainGovernance is GovernanceStorage, Governance {
// The tag is the sting key that is used in the Governance storage mapping.
string public constant MAIN_GOVERNANCE_INFO_TAG = "StarkEx.Main.2019.GovernorsInformation";
/*
Returns the GovernanceInfoStruct associated with the governance tag.
*/
function getGovernanceInfo() internal view override returns (GovernanceInfoStruct storage) {
return governanceInfo[MAIN_GOVERNANCE_INFO_TAG];
}
function mainIsGovernor(address testGovernor) external view returns (bool) {
return _isGovernor(testGovernor);
}
function mainNominateNewGovernor(address newGovernor) external {
_nominateNewGovernor(newGovernor);
}
function mainRemoveGovernor(address governorForRemoval) external {
_removeGovernor(governorForRemoval);
}
function mainAcceptGovernance() external {
_acceptGovernance();
}
function mainCancelNomination() external {
_cancelNomination();
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "../upgrade/ProxyStorage.sol";
import "../libraries/Common.sol";
/*
Holds ALL the main contract state (storage) variables.
*/
contract MainStorage is ProxyStorage {
uint256 internal constant LAYOUT_LENGTH = 2**64;
address escapeVerifierAddress; // NOLINT: constable-states.
// Global dex-frozen flag.
bool stateFrozen; // NOLINT: constable-states.
// Time when unFreeze can be successfully called (UNFREEZE_DELAY after freeze).
uint256 unFreezeTime; // NOLINT: constable-states.
// Pending deposits.
// A map STARK key => asset id => vault id => quantized amount.
mapping(uint256 => mapping(uint256 => mapping(uint256 => uint256))) pendingDeposits;
// Cancellation requests.
// A map STARK key => asset id => vault id => request timestamp.
mapping(uint256 => mapping(uint256 => mapping(uint256 => uint256))) cancellationRequests;
// Pending withdrawals.
// A map STARK key => asset id => quantized amount.
mapping(uint256 => mapping(uint256 => uint256)) pendingWithdrawals;
// vault_id => escape used boolean.
mapping(uint256 => bool) escapesUsed;
// Number of escapes that were performed when frozen.
uint256 escapesUsedCount; // NOLINT: constable-states.
// NOTE: fullWithdrawalRequests is deprecated, and replaced by forcedActionRequests.
// NOLINTNEXTLINE naming-convention.
mapping(uint256 => mapping(uint256 => uint256)) fullWithdrawalRequests_DEPRECATED;
// State sequence number.
uint256 sequenceNumber; // NOLINT: constable-states uninitialized-state.
// Validium Vaults Tree Root & Height.
uint256 validiumVaultRoot; // NOLINT: constable-states uninitialized-state.
uint256 validiumTreeHeight; // NOLINT: constable-states uninitialized-state.
// Order Tree Root & Height.
uint256 orderRoot; // NOLINT: constable-states uninitialized-state.
uint256 orderTreeHeight; // NOLINT: constable-states uninitialized-state.
// True if and only if the address is allowed to add tokens.
mapping(address => bool) tokenAdmins;
// This mapping is no longer in use, remains for backwards compatibility.
mapping(address => bool) userAdmins_DEPRECATED; // NOLINT: naming-convention.
// True if and only if the address is an operator (allowed to update state).
mapping(address => bool) operators; // NOLINT: uninitialized-state.
// Mapping of contract ID to asset data.
mapping(uint256 => bytes) assetTypeToAssetInfo; // NOLINT: uninitialized-state.
// Mapping of registered contract IDs.
mapping(uint256 => bool) registeredAssetType; // NOLINT: uninitialized-state.
// Mapping from contract ID to quantum.
mapping(uint256 => uint256) assetTypeToQuantum; // NOLINT: uninitialized-state.
// This mapping is no longer in use, remains for backwards compatibility.
mapping(address => uint256) starkKeys_DEPRECATED; // NOLINT: naming-convention.
// Mapping from STARK public key to the Ethereum public key of its owner.
mapping(uint256 => address) ethKeys; // NOLINT: uninitialized-state.
// Timelocked state transition and availability verification chain.
StarkExTypes.ApprovalChainData verifiersChain;
StarkExTypes.ApprovalChainData availabilityVerifiersChain;
// Batch id of last accepted proof.
uint256 lastBatchId; // NOLINT: constable-states uninitialized-state.
// Mapping between sub-contract index to sub-contract address.
mapping(uint256 => address) subContracts; // NOLINT: uninitialized-state.
mapping(uint256 => bool) permissiveAssetType_DEPRECATED; // NOLINT: naming-convention.
// ---- END OF MAIN STORAGE AS DEPLOYED IN STARKEX2.0 ----
// Onchain-data version configured for the system.
uint256 onchainDataVersion_DEPRECATED; // NOLINT: naming-convention constable-states.
// Counter of forced action request in block. The key is the block number.
mapping(uint256 => uint256) forcedRequestsInBlock;
// ForcedAction requests: actionHash => requestTime.
mapping(bytes32 => uint256) forcedActionRequests;
// Mapping for timelocked actions.
// A actionKey => activation time.
mapping(bytes32 => uint256) actionsTimeLock;
// Append only list of requested forced action hashes.
bytes32[] actionHashList;
// ---- END OF MAIN STORAGE AS DEPLOYED IN STARKEX3.0 ----
// ---- END OF MAIN STORAGE AS DEPLOYED IN STARKEX4.0 ----
// Rollup Vaults Tree Root & Height.
uint256 rollupVaultRoot; // NOLINT: constable-states uninitialized-state.
uint256 rollupTreeHeight; // NOLINT: constable-states uninitialized-state.
uint256 globalConfigCode; // NOLINT: constable-states uninitialized-state.
// Mapping of owner keys that are blocked from withdrawals.
mapping(uint256 => uint256) internal blockListed;
// Reserved storage space for Extensibility.
// Every added MUST be added above the end gap, and the __endGap size must be reduced
// accordingly.
// NOLINTNEXTLINE: naming-convention.
uint256[LAYOUT_LENGTH - 41] private __endGap; // __endGap complements layout to LAYOUT_LENGTH.
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "../components/GovernanceStorage.sol";
/*
Holds the Proxy-specific state variables.
This contract is inherited by the GovernanceStorage (and indirectly by MainStorage)
to prevent collision hazard.
*/
contract ProxyStorage is GovernanceStorage {
// NOLINTNEXTLINE: naming-convention uninitialized-state.
mapping(address => bytes32) internal initializationHash_DEPRECATED;
// The time after which we can switch to the implementation.
// Hash(implementation, data, finalize) => time.
mapping(bytes32 => uint256) internal enabledTime;
// A central storage of the flags whether implementation has been initialized.
// Note - it can be used flexibly enough to accommodate multiple levels of initialization
// (i.e. using different key salting schemes for different initialization levels).
mapping(bytes32 => bool) internal initialized;
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "../components/StarkExStorage.sol";
import "../interfaces/MStarkExForcedActionState.sol";
import "../../components/ActionHash.sol";
/*
StarkExchange specific action hashses.
*/
contract StarkExForcedActionState is StarkExStorage, ActionHash, MStarkExForcedActionState {
function fullWithdrawActionHash(uint256 ownerKey, uint256 vaultId)
internal
pure
override
returns (bytes32)
{
return getActionHash("FULL_WITHDRAWAL", abi.encode(ownerKey, vaultId));
}
/*
Implemented in the FullWithdrawal contracts.
*/
function clearFullWithdrawalRequest(uint256 ownerKey, uint256 vaultId)
internal
virtual
override
{
// Reset escape request.
delete forcedActionRequests[fullWithdrawActionHash(ownerKey, vaultId)];
}
function getFullWithdrawalRequest(uint256 ownerKey, uint256 vaultId)
public
view
override
returns (uint256)
{
// Return request value. Expect zero if the request doesn't exist or has been serviced, and
// a non-zero value otherwise.
return forcedActionRequests[fullWithdrawActionHash(ownerKey, vaultId)];
}
function setFullWithdrawalRequest(uint256 ownerKey, uint256 vaultId) internal override {
// FullWithdrawal is always at premium cost, hence the `true`.
setActionHash(fullWithdrawActionHash(ownerKey, vaultId), true);
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "../../components/MainStorage.sol";
/*
Extends MainStorage, holds StarkEx App specific state (storage) variables.
ALL State variables that are common to all applications, reside in MainStorage,
whereas ALL the StarkEx app specific ones reside here.
*/
contract StarkExStorage is MainStorage {
// Onchain vaults balances.
// A map eth_address => asset_id => vault_id => quantized amount.
mapping(address => mapping(uint256 => mapping(uint256 => uint256))) vaultsBalances;
// Onchain vaults withdrawal lock time.
// A map eth_address => asset_id => vault_id => lock expiration timestamp.
mapping(address => mapping(uint256 => mapping(uint256 => uint256))) vaultsWithdrawalLocks;
// Enforces the minimal balance requirement (as output by Cairo) on onchain vault updates.
// When disabled, flash loans are enabled.
bool strictVaultBalancePolicy; // NOLINT: constable-states, uninitialized-state.
// The default time, in seconds, that an onchain vault is locked for withdrawal after a deposit.
uint256 public defaultVaultWithdrawalLock; // NOLINT: constable-states.
// Address of the message registry contract that is used to sign and verify L1 orders.
address public orderRegistryAddress; // NOLINT: constable-states.
// Reserved storage space for Extensibility.
// Every added MUST be added above the end gap, and the __endGap size must be reduced
// accordingly.
// NOLINTNEXTLINE: naming-convention shadowing-abstract.
uint256[LAYOUT_LENGTH - 5] private __endGap; // __endGap complements layout to LAYOUT_LENGTH.
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "./Identity.sol";
interface SubContractor is Identity {
function initialize(bytes calldata data) external;
function initializerSize() external view returns (uint256);
/*
Returns an array with selectors for validation.
These selectors are the critical ones for maintaining self custody and anti censorship.
During the upgrade process, as part of the sub-contract validation, the MainDispatcher
validates that the selectos are mapped to the correct sub-contract.
*/
function validatedSelectors() external pure returns (bytes4[] memory);
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "../components/MainStorage.sol";
import "../interfaces/MTokenAssetData.sol";
import "../libraries/Common.sol";
import "../libraries/LibConstants.sol";
contract TokenAssetData is MainStorage, LibConstants, MTokenAssetData {
bytes4 internal constant ERC20_SELECTOR = bytes4(keccak256("ERC20Token(address)"));
bytes4 internal constant ETH_SELECTOR = bytes4(keccak256("ETH()"));
bytes4 internal constant ERC721_SELECTOR = bytes4(keccak256("ERC721Token(address,uint256)"));
bytes4 internal constant ERC1155_SELECTOR = bytes4(keccak256("ERC1155Token(address,uint256)"));
bytes4 internal constant MINTABLE_ERC20_SELECTOR =
bytes4(keccak256("MintableERC20Token(address)"));
bytes4 internal constant MINTABLE_ERC721_SELECTOR =
bytes4(keccak256("MintableERC721Token(address,uint256)"));
// The selector follows the 0x20 bytes assetInfo.length field.
uint256 internal constant SELECTOR_OFFSET = 0x20;
uint256 internal constant SELECTOR_SIZE = 4;
uint256 internal constant TOKEN_CONTRACT_ADDRESS_OFFSET = SELECTOR_OFFSET + SELECTOR_SIZE;
string internal constant NFT_ASSET_ID_PREFIX = "NFT:";
string internal constant NON_MINTABLE_PREFIX = "NON_MINTABLE:";
string internal constant MINTABLE_PREFIX = "MINTABLE:";
using Addresses for address;
/*
Extract the tokenSelector from assetInfo.
Works like bytes4 tokenSelector = abi.decode(assetInfo, (bytes4))
but does not revert when assetInfo.length < SELECTOR_OFFSET.
*/
function extractTokenSelectorFromAssetInfo(bytes memory assetInfo)
private
pure
returns (bytes4 selector)
{
assembly {
selector := and(
0xffffffff00000000000000000000000000000000000000000000000000000000,
mload(add(assetInfo, SELECTOR_OFFSET))
)
}
}
function getAssetInfo(uint256 assetType) public view override returns (bytes memory assetInfo) {
// Verify that the registration is set and valid.
require(registeredAssetType[assetType], "ASSET_TYPE_NOT_REGISTERED");
// Retrieve registration.
assetInfo = assetTypeToAssetInfo[assetType];
}
function extractTokenSelectorFromAssetType(uint256 assetType) private view returns (bytes4) {
return extractTokenSelectorFromAssetInfo(getAssetInfo(assetType));
}
function isEther(uint256 assetType) internal view override returns (bool) {
return extractTokenSelectorFromAssetType(assetType) == ETH_SELECTOR;
}
function isERC20(uint256 assetType) internal view override returns (bool) {
return extractTokenSelectorFromAssetType(assetType) == ERC20_SELECTOR;
}
function isERC721(uint256 assetType) internal view override returns (bool) {
return extractTokenSelectorFromAssetType(assetType) == ERC721_SELECTOR;
}
function isERC1155(uint256 assetType) internal view override returns (bool) {
return extractTokenSelectorFromAssetType(assetType) == ERC1155_SELECTOR;
}
function isFungibleAssetType(uint256 assetType) internal view override returns (bool) {
bytes4 tokenSelector = extractTokenSelectorFromAssetType(assetType);
return
tokenSelector == ETH_SELECTOR ||
tokenSelector == ERC20_SELECTOR ||
tokenSelector == MINTABLE_ERC20_SELECTOR;
}
function isMintableAssetType(uint256 assetType) internal view override returns (bool) {
bytes4 tokenSelector = extractTokenSelectorFromAssetType(assetType);
return
tokenSelector == MINTABLE_ERC20_SELECTOR || tokenSelector == MINTABLE_ERC721_SELECTOR;
}
function isAssetTypeWithTokenId(uint256 assetType) internal view override returns (bool) {
bytes4 tokenSelector = extractTokenSelectorFromAssetType(assetType);
return tokenSelector == ERC721_SELECTOR || tokenSelector == ERC1155_SELECTOR;
}
function isTokenSupported(bytes4 tokenSelector) private pure returns (bool) {
return
tokenSelector == ETH_SELECTOR ||
tokenSelector == ERC20_SELECTOR ||
tokenSelector == ERC721_SELECTOR ||
tokenSelector == MINTABLE_ERC20_SELECTOR ||
tokenSelector == MINTABLE_ERC721_SELECTOR ||
tokenSelector == ERC1155_SELECTOR;
}
function extractContractAddressFromAssetInfo(bytes memory assetInfo)
private
pure
returns (address)
{
uint256 offset = TOKEN_CONTRACT_ADDRESS_OFFSET;
uint256 res;
assembly {
res := mload(add(assetInfo, offset))
}
return address(res);
}
function extractContractAddress(uint256 assetType) internal view override returns (address) {
return extractContractAddressFromAssetInfo(getAssetInfo(assetType));
}
function verifyAssetInfo(bytes memory assetInfo) internal view override {
bytes4 tokenSelector = extractTokenSelectorFromAssetInfo(assetInfo);
// Ensure the selector is of an asset type we know.
require(isTokenSupported(tokenSelector), "UNSUPPORTED_TOKEN_TYPE");
if (tokenSelector == ETH_SELECTOR) {
// Assset info for ETH assetType is only a selector, i.e. 4 bytes length.
require(assetInfo.length == 4, "INVALID_ASSET_STRING");
} else {
// Assset info for other asset types are a selector + uint256 concatanation.
// We pass the address as a uint256 (zero padded),
// thus its length is 0x04 + 0x20 = 0x24.
require(assetInfo.length == 0x24, "INVALID_ASSET_STRING");
address tokenAddress = extractContractAddressFromAssetInfo(assetInfo);
require(tokenAddress.isContract(), "BAD_TOKEN_ADDRESS");
}
}
function isNonFungibleAssetInfo(bytes memory assetInfo) internal pure override returns (bool) {
bytes4 tokenSelector = extractTokenSelectorFromAssetInfo(assetInfo);
return tokenSelector == ERC721_SELECTOR || tokenSelector == MINTABLE_ERC721_SELECTOR;
}
function calculateAssetIdWithTokenId(uint256 assetType, uint256 tokenId)
public
view
override
returns (uint256)
{
require(isAssetTypeWithTokenId(assetType), "ASSET_TYPE_DOES_NOT_TAKE_TOKEN_ID");
string memory prefix = isERC721(assetType) ? NFT_ASSET_ID_PREFIX : NON_MINTABLE_PREFIX;
return uint256(keccak256(abi.encodePacked(prefix, assetType, tokenId))) & MASK_250;
}
function calculateMintableAssetId(uint256 assetType, bytes memory mintingBlob)
public
pure
override
returns (uint256 assetId)
{
uint256 blobHash = uint256(keccak256(mintingBlob));
assetId =
(uint256(keccak256(abi.encodePacked(MINTABLE_PREFIX, assetType, blobHash))) &
MASK_240) |
MINTABLE_ASSET_ID_FLAG;
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "../components/MainStorage.sol";
import "../interfaces/MTokenQuantization.sol";
contract TokenQuantization is MainStorage, MTokenQuantization {
function fromQuantized(uint256 presumedAssetType, uint256 quantizedAmount)
internal
view
override
returns (uint256 amount)
{
uint256 quantum = getQuantum(presumedAssetType);
amount = quantizedAmount * quantum;
require(amount / quantum == quantizedAmount, "DEQUANTIZATION_OVERFLOW");
}
function getQuantum(uint256 presumedAssetType) public view override returns (uint256 quantum) {
if (!registeredAssetType[presumedAssetType]) {
// Default quantization, for NFTs etc.
quantum = 1;
} else {
// Retrieve registration.
quantum = assetTypeToQuantum[presumedAssetType];
}
}
function toQuantized(uint256 presumedAssetType, uint256 amount)
internal
view
override
returns (uint256 quantizedAmount)
{
uint256 quantum = getQuantum(presumedAssetType);
require(amount % quantum == 0, "INVALID_AMOUNT");
quantizedAmount = amount / quantum;
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "../libraries/LibConstants.sol";
import "../interfaces/MGovernance.sol";
import "../interfaces/MTokenAssetData.sol";
import "../tokens/ERC20/IERC20.sol";
import "./MainStorage.sol";
/**
Registration of a new token (:sol:func:`registerToken`) entails defining a new asset type within
the system, and associating it with an `assetInfo` array of
bytes and a quantization factor (`quantum`).
The `assetInfo` is a byte array, with a size depending on the token.
For ETH, assetInfo is 4 bytes long. For ERC20 tokens, it is 36 bytes long.
For each token type, the following constant 4-byte hash is defined, called the `selector`:
| `ETH_SELECTOR = bytes4(keccak256("ETH()"));`
| `ERC20_SELECTOR = bytes4(keccak256("ERC20Token(address)"));`
| `ERC721_SELECTOR = bytes4(keccak256("ERC721Token(address,uint256)"));`
| `MINTABLE_ERC20_SELECTOR = bytes4(keccak256("MintableERC20Token(address)"));`
| `MINTABLE_ERC721_SELECTOR = bytes4(keccak256("MintableERC721Token(address,uint256)"));`
For each token type, `assetInfo` is defined as follows:
The `quantum` quantization factor defines the multiplicative transformation from the native token
denomination as a 256b unsigned integer to a 63b unsigned integer representation as used by the
Stark exchange. Only amounts in the native representation that represent an integer number of
quanta are allowed in the system.
The asset type is restricted to be the result of a hash of the `assetInfo` and the
`quantum` masked to 250 bits (to be less than the prime used) according to the following formula:
| ``uint256 assetType = uint256(keccak256(abi.encodePacked(assetInfo, quantum))) &``
| ``0x03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF;``
Once registered, tokens cannot be removed from the system, as their IDs may be used by off-chain
accounts.
New tokens may only be registered by a Token Administrator. A Token Administrator may be instantly
appointed or removed by the contract Governor (see :sol:mod:`MainGovernance`). Typically, the
Token Administrator's private key should be kept in a cold wallet.
*/
abstract contract TokenRegister is MainStorage, LibConstants, MGovernance, MTokenAssetData {
event LogTokenRegistered(uint256 assetType, bytes assetInfo, uint256 quantum);
event LogTokenAdminAdded(address tokenAdmin);
event LogTokenAdminRemoved(address tokenAdmin);
modifier onlyTokensAdmin() {
require(isTokenAdmin(msg.sender), "ONLY_TOKENS_ADMIN");
_;
}
function isTokenAdmin(address testedAdmin) public view returns (bool) {
return tokenAdmins[testedAdmin];
}
function registerTokenAdmin(address newAdmin) external onlyGovernance {
tokenAdmins[newAdmin] = true;
emit LogTokenAdminAdded(newAdmin);
}
function unregisterTokenAdmin(address oldAdmin) external onlyGovernance {
tokenAdmins[oldAdmin] = false;
emit LogTokenAdminRemoved(oldAdmin);
}
function isAssetRegistered(uint256 assetType) public view returns (bool) {
return registeredAssetType[assetType];
}
/*
Registers a new asset to the system.
Once added, it can not be removed and there is a limited number
of slots available.
*/
function registerToken(
uint256 assetType,
bytes calldata assetInfo,
uint256 quantum
) public virtual onlyTokensAdmin {
// Make sure it is not invalid or already registered.
require(!isAssetRegistered(assetType), "ASSET_ALREADY_REGISTERED");
require(assetType < K_MODULUS, "INVALID_ASSET_TYPE");
require(quantum > 0, "INVALID_QUANTUM");
require(quantum < QUANTUM_UPPER_BOUND, "INVALID_QUANTUM");
// Require that the assetType is the hash of the assetInfo and quantum truncated to 250 bits.
uint256 enforcedId = uint256(keccak256(abi.encodePacked(assetInfo, quantum))) & MASK_250;
require(assetType == enforcedId, "INVALID_ASSET_TYPE");
verifyAssetInfo(assetInfo);
// NFTs quantum must equal one.
if (isNonFungibleAssetInfo(assetInfo)) {
require(quantum == 1, "INVALID_NFT_QUANTUM");
}
// Add token to the in-storage structures.
registeredAssetType[assetType] = true;
assetTypeToAssetInfo[assetType] = assetInfo;
assetTypeToQuantum[assetType] = quantum;
// Log the registration of a new token.
emit LogTokenRegistered(assetType, assetInfo, quantum);
}
function registerToken(uint256 assetType, bytes calldata assetInfo) external virtual {
registerToken(assetType, assetInfo, 1);
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "../libraries/Common.sol";
import "../interfaces/MTokenTransfers.sol";
import "../interfaces/MTokenAssetData.sol";
import "../interfaces/MTokenQuantization.sol";
import "../tokens/ERC1155/IERC1155.sol";
import "../tokens/ERC20/IERC20.sol";
/*
Implements various transferIn and transferOut functionalities.
*/
abstract contract TokenTransfers is MTokenQuantization, MTokenAssetData, MTokenTransfers {
using Addresses for address;
using Addresses for address payable;
/*
Transfers funds from msg.sender to the exchange.
*/
function transferIn(uint256 assetType, uint256 quantizedAmount) internal override {
uint256 amount = fromQuantized(assetType, quantizedAmount);
if (isERC20(assetType)) {
if (quantizedAmount == 0) return;
address tokenAddress = extractContractAddress(assetType);
IERC20 token = IERC20(tokenAddress);
uint256 exchangeBalanceBefore = token.balanceOf(address(this));
bytes memory callData = abi.encodeWithSelector(
token.transferFrom.selector,
msg.sender,
address(this),
amount
);
tokenAddress.safeTokenContractCall(callData);
uint256 exchangeBalanceAfter = token.balanceOf(address(this));
require(exchangeBalanceAfter >= exchangeBalanceBefore, "OVERFLOW");
// NOLINTNEXTLINE(incorrect-equality): strict equality needed.
require(
exchangeBalanceAfter == exchangeBalanceBefore + amount,
"INCORRECT_AMOUNT_TRANSFERRED"
);
} else if (isEther(assetType)) {
require(msg.value == amount, "INCORRECT_DEPOSIT_AMOUNT");
} else {
revert("UNSUPPORTED_TOKEN_TYPE");
}
}
/*
Transfers non fungible and semi fungible tokens from a user to the exchange.
*/
function transferInWithTokenId(
uint256 assetType,
uint256 tokenId,
uint256 quantizedAmount
) internal override {
require(isAssetTypeWithTokenId(assetType), "FUNGIBLE_ASSET_TYPE");
if (isERC721(assetType)) {
require(quantizedAmount == 1, "ILLEGAL_NFT_BALANCE");
transferInNft(assetType, tokenId);
} else if (quantizedAmount > 0) {
transferInSft(assetType, tokenId, quantizedAmount);
}
}
function transferInNft(uint256 assetType, uint256 tokenId) private {
require(isERC721(assetType), "NOT_ERC721_TOKEN");
address tokenAddress = extractContractAddress(assetType);
tokenAddress.safeTokenContractCall(
abi.encodeWithSignature(
"safeTransferFrom(address,address,uint256)",
msg.sender,
address(this),
tokenId
)
);
}
function transferInSft(
uint256 assetType,
uint256 tokenId,
uint256 quantizedAmount
) private {
require(isERC1155(assetType), "NOT_ERC1155_TOKEN");
if (quantizedAmount == 0) return;
uint256 amount = fromQuantized(assetType, quantizedAmount);
address tokenAddress = extractContractAddress(assetType);
IERC1155 token = IERC1155(tokenAddress);
uint256 exchangeBalanceBefore = token.balanceOf(address(this), tokenId);
// Call an ERC1155 token transfer.
tokenAddress.safeTokenContractCall(
abi.encodeWithSelector(
token.safeTransferFrom.selector,
msg.sender,
address(this),
tokenId,
amount,
bytes("")
)
);
uint256 exchangeBalanceAfter = token.balanceOf(address(this), tokenId);
require(exchangeBalanceAfter >= exchangeBalanceBefore, "OVERFLOW");
// NOLINTNEXTLINE(incorrect-equality): strict equality needed.
require(
exchangeBalanceAfter == exchangeBalanceBefore + amount,
"INCORRECT_AMOUNT_TRANSFERRED"
);
}
/*
Transfers funds from the exchange to recipient.
*/
function transferOut(
address payable recipient,
uint256 assetType,
uint256 quantizedAmount
) internal override {
// Make sure we don't accidentally burn funds.
require(recipient != address(0x0), "INVALID_RECIPIENT");
uint256 amount = fromQuantized(assetType, quantizedAmount);
if (isERC20(assetType)) {
if (quantizedAmount == 0) return;
address tokenAddress = extractContractAddress(assetType);
IERC20 token = IERC20(tokenAddress);
uint256 exchangeBalanceBefore = token.balanceOf(address(this));
bytes memory callData = abi.encodeWithSelector(
token.transfer.selector,
recipient,
amount
);
tokenAddress.safeTokenContractCall(callData);
uint256 exchangeBalanceAfter = token.balanceOf(address(this));
require(exchangeBalanceAfter <= exchangeBalanceBefore, "UNDERFLOW");
// NOLINTNEXTLINE(incorrect-equality): strict equality needed.
require(
exchangeBalanceAfter == exchangeBalanceBefore - amount,
"INCORRECT_AMOUNT_TRANSFERRED"
);
} else if (isEther(assetType)) {
if (quantizedAmount == 0) return;
recipient.performEthTransfer(amount);
} else {
revert("UNSUPPORTED_TOKEN_TYPE");
}
}
/*
Transfers non fungible and semi fungible tokens from the exchange to recipient.
*/
function transferOutWithTokenId(
address recipient,
uint256 assetType,
uint256 tokenId,
uint256 quantizedAmount
) internal override {
require(isAssetTypeWithTokenId(assetType), "FUNGIBLE_ASSET_TYPE");
if (isERC721(assetType)) {
require(quantizedAmount == 1, "ILLEGAL_NFT_BALANCE");
transferOutNft(recipient, assetType, tokenId);
} else if (quantizedAmount > 0) {
transferOutSft(recipient, assetType, tokenId, quantizedAmount);
}
}
/*
Transfers NFT from the exchange to recipient.
*/
function transferOutNft(
address recipient,
uint256 assetType,
uint256 tokenId
) private {
// Make sure we don't accidentally burn funds.
require(recipient != address(0x0), "INVALID_RECIPIENT");
require(isERC721(assetType), "NOT_ERC721_TOKEN");
address tokenAddress = extractContractAddress(assetType);
tokenAddress.safeTokenContractCall(
abi.encodeWithSignature(
"safeTransferFrom(address,address,uint256)",
address(this),
recipient,
tokenId
)
);
}
/*
Transfers Semi Fungible Tokens from the exchange to recipient.
*/
function transferOutSft(
address recipient,
uint256 assetType,
uint256 tokenId,
uint256 quantizedAmount
) private {
// Make sure we don't accidentally burn funds.
require(recipient != address(0x0), "INVALID_RECIPIENT");
require(isERC1155(assetType), "NOT_ERC1155_TOKEN");
if (quantizedAmount == 0) return;
uint256 amount = fromQuantized(assetType, quantizedAmount);
address tokenAddress = extractContractAddress(assetType);
IERC1155 token = IERC1155(tokenAddress);
uint256 exchangeBalanceBefore = token.balanceOf(address(this), tokenId);
// Call an ERC1155 token transfer.
tokenAddress.safeTokenContractCall(
abi.encodeWithSelector(
token.safeTransferFrom.selector,
address(this),
recipient,
tokenId,
amount,
bytes("")
)
);
uint256 exchangeBalanceAfter = token.balanceOf(address(this), tokenId);
require(exchangeBalanceAfter <= exchangeBalanceBefore, "UNDERFLOW");
// NOLINTNEXTLINE(incorrect-equality): strict equality needed.
require(
exchangeBalanceAfter == exchangeBalanceBefore - amount,
"INCORRECT_AMOUNT_TRANSFERRED"
);
}
function transferOutMint(
uint256 assetType,
uint256 quantizedAmount,
address recipient,
bytes calldata mintingBlob
) internal override {
// Make sure we don't accidentally burn funds.
require(recipient != address(0x0), "INVALID_RECIPIENT");
require(isMintableAssetType(assetType), "NON_MINTABLE_ASSET_TYPE");
require(quantizedAmount > 0, "INVALID_MINT_AMOUNT");
uint256 amount = fromQuantized(assetType, quantizedAmount);
address tokenAddress = extractContractAddress(assetType);
tokenAddress.safeTokenContractCall(
abi.encodeWithSignature(
"mintFor(address,uint256,bytes)",
recipient,
amount,
mintingBlob
)
);
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "../interactions/StarkExForcedActionState.sol";
import "../../components/ERC721Receiver.sol";
import "../../components/ERC1155Receiver.sol";
import "../../components/Freezable.sol";
import "../../components/KeyGetters.sol";
import "../../components/TokenRegister.sol";
import "../../components/TokenTransfers.sol";
import "../../components/MainGovernance.sol";
import "../../interactions/AcceptModifications.sol";
import "../../interactions/Blocklist.sol";
import "../../interactions/Deposits.sol";
import "../../interactions/TokenAssetData.sol";
import "../../interactions/TokenQuantization.sol";
import "../../interactions/Withdrawals.sol";
import "../../interfaces/SubContractor.sol";
contract TokensAndRamping is
ERC1155Receiver,
ERC721Receiver,
SubContractor,
Freezable,
MainGovernance,
AcceptModifications,
StarkExForcedActionState,
TokenAssetData,
TokenQuantization,
TokenRegister,
TokenTransfers,
KeyGetters,
Deposits,
Withdrawals,
Blocklist
{
function initialize(
bytes calldata /* data */
) external override {
revert("NOT_IMPLEMENTED");
}
function initializerSize() external view override returns (uint256) {
return 0;
}
function validatedSelectors() external pure override returns (bytes4[] memory selectors) {
uint256 len_ = 8;
uint256 index_ = 0;
selectors = new bytes4[](len_);
selectors[index_++] = Deposits.depositCancel.selector;
selectors[index_++] = Deposits.depositWithTokenIdReclaim.selector;
selectors[index_++] = Deposits.depositReclaim.selector;
selectors[index_++] = Withdrawals.withdraw.selector;
selectors[index_++] = Withdrawals.withdrawAndMint.selector;
selectors[index_++] = Withdrawals.withdrawWithTokenId.selector;
selectors[index_++] = Withdrawals.adminForcedWithdraw.selector;
selectors[index_++] = Blocklist.addToBlockedList.selector;
require(index_ == len_, "INCORRECT_SELECTORS_ARRAY_LENGTH");
}
function identify() external pure override returns (string memory) {
return "StarkWare_TokensAndRamping_2024_4";
}
}
/*
Copyright 2019-2024 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "../interfaces/MAcceptModifications.sol";
import "../interfaces/MBlocklist.sol";
import "../interfaces/MTokenQuantization.sol";
import "../interfaces/MTokenAssetData.sol";
import "../interfaces/MFreezable.sol";
import "../interfaces/MKeyGetters.sol";
import "../interfaces/MTokenTransfers.sol";
import "../components/MainStorage.sol";
/**
For a user to perform a withdrawal operation from the Stark Exchange during normal operation
two calls are required:
1. A call to an offchain exchange API, requesting a withdrawal from a user account (vault).
2. A call to the on-chain :sol:func:`withdraw` function to perform the actual withdrawal of funds transferring them to the users Eth or ERC20 account (depending on the token type).
For simplicity, hereafter it is assumed that all tokens are ERC20 tokens but the text below
applies to Eth in the same manner.
In the first call mentioned above, anyone can call the API to request the withdrawal of an
amount from a given vault. Following the request, the exchange may include the withdrawal in a
STARK proof. The submission of a proof then results in the addition of the amount(s) withdrawn to
an on-chain pending withdrawals account under the stark key of the vault owner and the appropriate
asset ID. At the same time, this also implies that this amount is deducted from the off-chain
vault.
Once the amount to be withdrawn has been transfered to the on-chain pending withdrawals account,
the user may perform the second call mentioned above to complete the transfer of funds from the
Stark Exchange contract to the appropriate ERC20 account. Only a user holding the Eth key
corresponding to the Stark Key of a pending withdrawals account may perform this operation.
It is possible that for multiple withdrawal calls to the API, a single withdrawal call to the
contract may retrieve all funds, as long as they are all for the same asset ID.
The result of the operation, assuming all requirements are met, is that an amount of ERC20 tokens
in the pending withdrawal account times the quantization factor is transferred to the ERC20
account of the user.
A withdrawal request cannot be cancelled. Once funds reach the pending withdrawals account
on-chain, they cannot be moved back into an off-chain vault before completion of the withdrawal
to the ERC20 account of the user.
In the event that the exchange reaches a frozen state the user may perform a withdrawal operation
via an alternative flow, known as the "Escape" flow. In this flow, the API call above is replaced
with an :sol:func:`escape` call to the on-chain contract (see :sol:mod:`Escapes`) proving the
ownership of off-chain funds. If such proof is accepted, the user may proceed as above with
the :sol:func:`withdraw` call to the contract to complete the operation.
*/
abstract contract Withdrawals is
MainStorage,
MAcceptModifications,
MTokenQuantization,
MTokenAssetData,
MFreezable,
MKeyGetters,
MTokenTransfers,
MBlocklist
{
event LogWithdrawalPerformed(
uint256 ownerKey,
uint256 assetType,
uint256 nonQuantizedAmount,
uint256 quantizedAmount,
address recipient
);
event LogNftWithdrawalPerformed(
uint256 ownerKey,
uint256 assetType,
uint256 tokenId,
uint256 assetId,
address recipient
);
event LogWithdrawalWithTokenIdPerformed(
uint256 ownerKey,
uint256 assetType,
uint256 tokenId,
uint256 assetId,
uint256 nonQuantizedAmount,
uint256 quantizedAmount,
address recipient
);
event LogMintWithdrawalPerformed(
uint256 ownerKey,
uint256 assetType,
uint256 nonQuantizedAmount,
uint256 quantizedAmount,
uint256 assetId
);
function getWithdrawalBalance(uint256 ownerKey, uint256 assetId)
external
view
returns (uint256)
{
uint256 presumedAssetType = assetId;
return fromQuantized(presumedAssetType, pendingWithdrawals[ownerKey][assetId]);
}
/*
Moves funds from the pending withdrawal account to the owner address.
Note: this function can be called by anyone.
Can be called normally while frozen.
*/
function withdraw(uint256 ownerKey, uint256 assetType) external onlyNotBlocked(ownerKey) {
address payable recipient = payable(strictGetEthKey(ownerKey));
_withdraw(ownerKey, assetType, recipient);
}
function adminForcedWithdraw(
uint256 ownerKey,
uint256 assetType,
address payable destination
) external onlyBlockAdmin {
require(readyForClearance(ownerKey), "CANNOT_ADMIN_FORCE_WITHDRAW");
emit AdminForcedWithdrawal(ownerKey, destination);
_withdraw(ownerKey, assetType, destination);
}
function _withdraw(
uint256 ownerKey,
uint256 assetType,
address payable recipient
) private {
// address payable recipient = payable(strictGetEthKey(ownerKey));
require(!isMintableAssetType(assetType), "MINTABLE_ASSET_TYPE");
require(isFungibleAssetType(assetType), "NON_FUNGIBLE_ASSET_TYPE");
uint256 assetId = assetType;
// Fetch and clear quantized amount.
uint256 quantizedAmount = pendingWithdrawals[ownerKey][assetId];
pendingWithdrawals[ownerKey][assetId] = 0;
// Transfer funds.
transferOut(recipient, assetType, quantizedAmount);
emit LogWithdrawalPerformed(
ownerKey,
assetType,
fromQuantized(assetType, quantizedAmount),
quantizedAmount,
recipient
);
}
/*
Allows withdrawal of tokens to their owner's account.
Note: this function can be called by anyone.
This function can be called normally while frozen.
*/
function withdrawWithTokenId(
uint256 ownerKey,
uint256 assetType,
uint256 tokenId // No notFrozen modifier: This function can always be used, even when frozen.
) public onlyNotBlocked(ownerKey) {
address recipient = strictGetEthKey(ownerKey);
_withdrawWithTokenId(ownerKey, assetType, tokenId, recipient);
}
function adminForcedWithdrawWithTokenId(
uint256 ownerKey,
uint256 assetType,
uint256 tokenId,
address destination
) external onlyBlockAdmin {
require(readyForClearance(ownerKey), "CANNOT_ADMIN_FORCE_WITHDRAW");
emit AdminForcedWithdrawal(ownerKey, destination);
_withdrawWithTokenId(ownerKey, assetType, tokenId, destination);
}
function _withdrawWithTokenId(
uint256 ownerKey,
uint256 assetType,
uint256 tokenId,
address recipient
) private {
require(isAssetTypeWithTokenId(assetType), "INVALID_ASSET_TYPE");
uint256 assetId = calculateAssetIdWithTokenId(assetType, tokenId);
uint256 quantizedAmount = pendingWithdrawals[ownerKey][assetId];
pendingWithdrawals[ownerKey][assetId] = 0;
// Transfer funds.
transferOutWithTokenId(recipient, assetType, tokenId, quantizedAmount);
if (isERC721(assetType)) {
emit LogNftWithdrawalPerformed(ownerKey, assetType, tokenId, assetId, recipient);
}
emit LogWithdrawalWithTokenIdPerformed(
ownerKey,
assetType,
tokenId,
assetId,
fromQuantized(assetType, quantizedAmount),
quantizedAmount,
recipient
);
}
/*
Allows withdrawal of an NFT to its owner's account.
Note: this function can be called by anyone.
This function can be called normally while frozen.
*/
function withdrawNft(
uint256 ownerKey,
uint256 assetType,
uint256 tokenId // No notFrozen modifier: This function can always be used, even when frozen.
) external {
withdrawWithTokenId(ownerKey, assetType, tokenId);
}
function withdrawAndMint(
uint256 ownerKey,
uint256 assetType,
bytes calldata mintingBlob
) external onlyNotBlocked(ownerKey) {
address recipient = strictGetEthKey(ownerKey);
_withdrawAndMint(ownerKey, assetType, mintingBlob, recipient);
}
function adminForcedWithdrawAndMint(
uint256 ownerKey,
uint256 assetType,
bytes calldata mintingBlob,
address destination
) external onlyBlockAdmin {
require(readyForClearance(ownerKey), "CANNOT_ADMIN_FORCE_WITHDRAW");
emit AdminForcedWithdrawal(ownerKey, destination);
_withdrawAndMint(ownerKey, assetType, mintingBlob, destination);
}
function _withdrawAndMint(
uint256 ownerKey,
uint256 assetType,
bytes calldata mintingBlob,
address recipient
) private {
require(registeredAssetType[assetType], "INVALID_ASSET_TYPE");
require(isMintableAssetType(assetType), "NON_MINTABLE_ASSET_TYPE");
uint256 assetId = calculateMintableAssetId(assetType, mintingBlob);
require(pendingWithdrawals[ownerKey][assetId] > 0, "NO_PENDING_WITHDRAWAL_BALANCE");
uint256 quantizedAmount = pendingWithdrawals[ownerKey][assetId];
pendingWithdrawals[ownerKey][assetId] = 0;
// Transfer funds.
transferOutMint(assetType, quantizedAmount, recipient, mintingBlob);
emit LogMintWithdrawalPerformed(
ownerKey,
assetType,
fromQuantized(assetType, quantizedAmount),
quantizedAmount,
assetId
);
}
}
File 5 of 5: FiatTokenV2_2
/**
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2023, Circle Internet Financial, LLC.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
pragma solidity 0.6.12;
import { EIP712Domain } from "./EIP712Domain.sol"; // solhint-disable-line no-unused-import
import { Blacklistable } from "../v1/Blacklistable.sol"; // solhint-disable-line no-unused-import
import { FiatTokenV1 } from "../v1/FiatTokenV1.sol"; // solhint-disable-line no-unused-import
import { FiatTokenV2 } from "./FiatTokenV2.sol"; // solhint-disable-line no-unused-import
import { FiatTokenV2_1 } from "./FiatTokenV2_1.sol";
import { EIP712 } from "../util/EIP712.sol";
// solhint-disable func-name-mixedcase
/**
* @title FiatToken V2.2
* @notice ERC20 Token backed by fiat reserves, version 2.2
*/
contract FiatTokenV2_2 is FiatTokenV2_1 {
/**
* @notice Initialize v2.2
* @param accountsToBlacklist A list of accounts to migrate from the old blacklist
* @param newSymbol New token symbol
* data structure to the new blacklist data structure.
*/
function initializeV2_2(
address[] calldata accountsToBlacklist,
string calldata newSymbol
) external {
// solhint-disable-next-line reason-string
require(_initializedVersion == 2);
// Update fiat token symbol
symbol = newSymbol;
// Add previously blacklisted accounts to the new blacklist data structure
// and remove them from the old blacklist data structure.
for (uint256 i = 0; i < accountsToBlacklist.length; i++) {
require(
_deprecatedBlacklisted[accountsToBlacklist[i]],
"FiatTokenV2_2: Blacklisting previously unblacklisted account!"
);
_blacklist(accountsToBlacklist[i]);
delete _deprecatedBlacklisted[accountsToBlacklist[i]];
}
_blacklist(address(this));
delete _deprecatedBlacklisted[address(this)];
_initializedVersion = 3;
}
/**
* @dev Internal function to get the current chain id.
* @return The current chain id.
*/
function _chainId() internal virtual view returns (uint256) {
uint256 chainId;
assembly {
chainId := chainid()
}
return chainId;
}
/**
* @inheritdoc EIP712Domain
*/
function _domainSeparator() internal override view returns (bytes32) {
return EIP712.makeDomainSeparator(name, "2", _chainId());
}
/**
* @notice Update allowance with a signed permit
* @dev EOA wallet signatures should be packed in the order of r, s, v.
* @param owner Token owner's address (Authorizer)
* @param spender Spender's address
* @param value Amount of allowance
* @param deadline The time at which the signature expires (unix time), or max uint256 value to signal no expiration
* @param signature Signature bytes signed by an EOA wallet or a contract wallet
*/
function permit(
address owner,
address spender,
uint256 value,
uint256 deadline,
bytes memory signature
) external whenNotPaused {
_permit(owner, spender, value, deadline, signature);
}
/**
* @notice Execute a transfer with a signed authorization
* @dev EOA wallet signatures should be packed in the order of r, s, v.
* @param from Payer's address (Authorizer)
* @param to Payee's address
* @param value Amount to be transferred
* @param validAfter The time after which this is valid (unix time)
* @param validBefore The time before which this is valid (unix time)
* @param nonce Unique nonce
* @param signature Signature bytes signed by an EOA wallet or a contract wallet
*/
function transferWithAuthorization(
address from,
address to,
uint256 value,
uint256 validAfter,
uint256 validBefore,
bytes32 nonce,
bytes memory signature
) external whenNotPaused notBlacklisted(from) notBlacklisted(to) {
_transferWithAuthorization(
from,
to,
value,
validAfter,
validBefore,
nonce,
signature
);
}
/**
* @notice Receive a transfer with a signed authorization from the payer
* @dev This has an additional check to ensure that the payee's address
* matches the caller of this function to prevent front-running attacks.
* EOA wallet signatures should be packed in the order of r, s, v.
* @param from Payer's address (Authorizer)
* @param to Payee's address
* @param value Amount to be transferred
* @param validAfter The time after which this is valid (unix time)
* @param validBefore The time before which this is valid (unix time)
* @param nonce Unique nonce
* @param signature Signature bytes signed by an EOA wallet or a contract wallet
*/
function receiveWithAuthorization(
address from,
address to,
uint256 value,
uint256 validAfter,
uint256 validBefore,
bytes32 nonce,
bytes memory signature
) external whenNotPaused notBlacklisted(from) notBlacklisted(to) {
_receiveWithAuthorization(
from,
to,
value,
validAfter,
validBefore,
nonce,
signature
);
}
/**
* @notice Attempt to cancel an authorization
* @dev Works only if the authorization is not yet used.
* EOA wallet signatures should be packed in the order of r, s, v.
* @param authorizer Authorizer's address
* @param nonce Nonce of the authorization
* @param signature Signature bytes signed by an EOA wallet or a contract wallet
*/
function cancelAuthorization(
address authorizer,
bytes32 nonce,
bytes memory signature
) external whenNotPaused {
_cancelAuthorization(authorizer, nonce, signature);
}
/**
* @dev Helper method that sets the blacklist state of an account on balanceAndBlacklistStates.
* If _shouldBlacklist is true, we apply a (1 << 255) bitmask with an OR operation on the
* account's balanceAndBlacklistState. This flips the high bit for the account to 1,
* indicating that the account is blacklisted.
*
* If _shouldBlacklist if false, we reset the account's balanceAndBlacklistStates to their
* balances. This clears the high bit for the account, indicating that the account is unblacklisted.
* @param _account The address of the account.
* @param _shouldBlacklist True if the account should be blacklisted, false if the account should be unblacklisted.
*/
function _setBlacklistState(address _account, bool _shouldBlacklist)
internal
override
{
balanceAndBlacklistStates[_account] = _shouldBlacklist
? balanceAndBlacklistStates[_account] | (1 << 255)
: _balanceOf(_account);
}
/**
* @dev Helper method that sets the balance of an account on balanceAndBlacklistStates.
* Since balances are stored in the last 255 bits of the balanceAndBlacklistStates value,
* we need to ensure that the updated balance does not exceed (2^255 - 1).
* Since blacklisted accounts' balances cannot be updated, the method will also
* revert if the account is blacklisted
* @param _account The address of the account.
* @param _balance The new fiat token balance of the account (max: (2^255 - 1)).
*/
function _setBalance(address _account, uint256 _balance) internal override {
require(
_balance <= ((1 << 255) - 1),
"FiatTokenV2_2: Balance exceeds (2^255 - 1)"
);
require(
!_isBlacklisted(_account),
"FiatTokenV2_2: Account is blacklisted"
);
balanceAndBlacklistStates[_account] = _balance;
}
/**
* @inheritdoc Blacklistable
*/
function _isBlacklisted(address _account)
internal
override
view
returns (bool)
{
return balanceAndBlacklistStates[_account] >> 255 == 1;
}
/**
* @dev Helper method to obtain the balance of an account. Since balances
* are stored in the last 255 bits of the balanceAndBlacklistStates value,
* we apply a ((1 << 255) - 1) bit bitmask with an AND operation on the
* balanceAndBlacklistState to obtain the balance.
* @param _account The address of the account.
* @return The fiat token balance of the account.
*/
function _balanceOf(address _account)
internal
override
view
returns (uint256)
{
return balanceAndBlacklistStates[_account] & ((1 << 255) - 1);
}
/**
* @inheritdoc FiatTokenV1
*/
function approve(address spender, uint256 value)
external
override
whenNotPaused
returns (bool)
{
_approve(msg.sender, spender, value);
return true;
}
/**
* @inheritdoc FiatTokenV2
*/
function permit(
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) external override whenNotPaused {
_permit(owner, spender, value, deadline, v, r, s);
}
/**
* @inheritdoc FiatTokenV2
*/
function increaseAllowance(address spender, uint256 increment)
external
override
whenNotPaused
returns (bool)
{
_increaseAllowance(msg.sender, spender, increment);
return true;
}
/**
* @inheritdoc FiatTokenV2
*/
function decreaseAllowance(address spender, uint256 decrement)
external
override
whenNotPaused
returns (bool)
{
_decreaseAllowance(msg.sender, spender, decrement);
return true;
}
}
// SPDX-License-Identifier: MIT
pragma solidity >=0.6.2 <0.8.0;
/**
* @dev Collection of functions related to the address type
*/
library Address {
/**
* @dev Returns true if `account` is a contract.
*
* [IMPORTANT]
* ====
* It is unsafe to assume that an address for which this function returns
* false is an externally-owned account (EOA) and not a contract.
*
* Among others, `isContract` will return false for the following
* types of addresses:
*
* - an externally-owned account
* - a contract in construction
* - an address where a contract will be created
* - an address where a contract lived, but was destroyed
* ====
*/
function isContract(address account) internal view returns (bool) {
// This method relies on extcodesize, which returns 0 for contracts in
// construction, since the code is only stored at the end of the
// constructor execution.
uint256 size;
// solhint-disable-next-line no-inline-assembly
assembly { size := extcodesize(account) }
return size > 0;
}
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
require(address(this).balance >= amount, "Address: insufficient balance");
// solhint-disable-next-line avoid-low-level-calls, avoid-call-value
(bool success, ) = recipient.call{ value: amount }("");
require(success, "Address: unable to send value, recipient may have reverted");
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain`call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason, it is bubbled up by this
* function (like regular Solidity function calls).
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*
* _Available since v3.1._
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCall(target, data, "Address: low-level call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
* `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*
* _Available since v3.1._
*/
function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
}
/**
* @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
* with `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCallWithValue(address target, bytes memory data, uint256 value, string memory errorMessage) internal returns (bytes memory) {
require(address(this).balance >= value, "Address: insufficient balance for call");
require(isContract(target), "Address: call to non-contract");
// solhint-disable-next-line avoid-low-level-calls
(bool success, bytes memory returndata) = target.call{ value: value }(data);
return _verifyCallResult(success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
return functionStaticCall(target, data, "Address: low-level static call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(address target, bytes memory data, string memory errorMessage) internal view returns (bytes memory) {
require(isContract(target), "Address: static call to non-contract");
// solhint-disable-next-line avoid-low-level-calls
(bool success, bytes memory returndata) = target.staticcall(data);
return _verifyCallResult(success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
return functionDelegateCall(target, data, "Address: low-level delegate call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {
require(isContract(target), "Address: delegate call to non-contract");
// solhint-disable-next-line avoid-low-level-calls
(bool success, bytes memory returndata) = target.delegatecall(data);
return _verifyCallResult(success, returndata, errorMessage);
}
function _verifyCallResult(bool success, bytes memory returndata, string memory errorMessage) private pure returns(bytes memory) {
if (success) {
return returndata;
} else {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly
// solhint-disable-next-line no-inline-assembly
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert(errorMessage);
}
}
}
}
// SPDX-License-Identifier: MIT
pragma solidity >=0.6.0 <0.8.0;
import "./IERC20.sol";
import "../../math/SafeMath.sol";
import "../../utils/Address.sol";
/**
* @title SafeERC20
* @dev Wrappers around ERC20 operations that throw on failure (when the token
* contract returns false). Tokens that return no value (and instead revert or
* throw on failure) are also supported, non-reverting calls are assumed to be
* successful.
* To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
* which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
*/
library SafeERC20 {
using SafeMath for uint256;
using Address for address;
function safeTransfer(IERC20 token, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));
}
function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));
}
/**
* @dev Deprecated. This function has issues similar to the ones found in
* {IERC20-approve}, and its usage is discouraged.
*
* Whenever possible, use {safeIncreaseAllowance} and
* {safeDecreaseAllowance} instead.
*/
function safeApprove(IERC20 token, address spender, uint256 value) internal {
// safeApprove should only be called when setting an initial allowance,
// or when resetting it to zero. To increase and decrease it, use
// 'safeIncreaseAllowance' and 'safeDecreaseAllowance'
// solhint-disable-next-line max-line-length
require((value == 0) || (token.allowance(address(this), spender) == 0),
"SafeERC20: approve from non-zero to non-zero allowance"
);
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));
}
function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {
uint256 newAllowance = token.allowance(address(this), spender).add(value);
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));
}
function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {
uint256 newAllowance = token.allowance(address(this), spender).sub(value, "SafeERC20: decreased allowance below zero");
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*/
function _callOptionalReturn(IERC20 token, bytes memory data) private {
// We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
// we're implementing it ourselves. We use {Address.functionCall} to perform this call, which verifies that
// the target address contains contract code and also asserts for success in the low-level call.
bytes memory returndata = address(token).functionCall(data, "SafeERC20: low-level call failed");
if (returndata.length > 0) { // Return data is optional
// solhint-disable-next-line max-line-length
require(abi.decode(returndata, (bool)), "SafeERC20: ERC20 operation did not succeed");
}
}
}
// SPDX-License-Identifier: MIT
pragma solidity >=0.6.0 <0.8.0;
/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/
interface IERC20 {
/**
* @dev Returns the amount of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the amount of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves `amount` tokens from the caller's account to `recipient`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address recipient, uint256 amount) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 amount) external returns (bool);
/**
* @dev Moves `amount` tokens from `sender` to `recipient` using the
* allowance mechanism. `amount` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
}
// SPDX-License-Identifier: MIT
pragma solidity >=0.6.0 <0.8.0;
/**
* @dev Wrappers over Solidity's arithmetic operations with added overflow
* checks.
*
* Arithmetic operations in Solidity wrap on overflow. This can easily result
* in bugs, because programmers usually assume that an overflow raises an
* error, which is the standard behavior in high level programming languages.
* `SafeMath` restores this intuition by reverting the transaction when an
* operation overflows.
*
* Using this library instead of the unchecked operations eliminates an entire
* class of bugs, so it's recommended to use it always.
*/
library SafeMath {
/**
* @dev Returns the addition of two unsigned integers, with an overflow flag.
*
* _Available since v3.4._
*/
function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) {
uint256 c = a + b;
if (c < a) return (false, 0);
return (true, c);
}
/**
* @dev Returns the substraction of two unsigned integers, with an overflow flag.
*
* _Available since v3.4._
*/
function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) {
if (b > a) return (false, 0);
return (true, a - b);
}
/**
* @dev Returns the multiplication of two unsigned integers, with an overflow flag.
*
* _Available since v3.4._
*/
function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) {
// Gas optimization: this is cheaper than requiring 'a' not being zero, but the
// benefit is lost if 'b' is also tested.
// See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522
if (a == 0) return (true, 0);
uint256 c = a * b;
if (c / a != b) return (false, 0);
return (true, c);
}
/**
* @dev Returns the division of two unsigned integers, with a division by zero flag.
*
* _Available since v3.4._
*/
function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) {
if (b == 0) return (false, 0);
return (true, a / b);
}
/**
* @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag.
*
* _Available since v3.4._
*/
function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) {
if (b == 0) return (false, 0);
return (true, a % b);
}
/**
* @dev Returns the addition of two unsigned integers, reverting on
* overflow.
*
* Counterpart to Solidity's `+` operator.
*
* Requirements:
*
* - Addition cannot overflow.
*/
function add(uint256 a, uint256 b) internal pure returns (uint256) {
uint256 c = a + b;
require(c >= a, "SafeMath: addition overflow");
return c;
}
/**
* @dev Returns the subtraction of two unsigned integers, reverting on
* overflow (when the result is negative).
*
* Counterpart to Solidity's `-` operator.
*
* Requirements:
*
* - Subtraction cannot overflow.
*/
function sub(uint256 a, uint256 b) internal pure returns (uint256) {
require(b <= a, "SafeMath: subtraction overflow");
return a - b;
}
/**
* @dev Returns the multiplication of two unsigned integers, reverting on
* overflow.
*
* Counterpart to Solidity's `*` operator.
*
* Requirements:
*
* - Multiplication cannot overflow.
*/
function mul(uint256 a, uint256 b) internal pure returns (uint256) {
if (a == 0) return 0;
uint256 c = a * b;
require(c / a == b, "SafeMath: multiplication overflow");
return c;
}
/**
* @dev Returns the integer division of two unsigned integers, reverting on
* division by zero. The result is rounded towards zero.
*
* Counterpart to Solidity's `/` operator. Note: this function uses a
* `revert` opcode (which leaves remaining gas untouched) while Solidity
* uses an invalid opcode to revert (consuming all remaining gas).
*
* Requirements:
*
* - The divisor cannot be zero.
*/
function div(uint256 a, uint256 b) internal pure returns (uint256) {
require(b > 0, "SafeMath: division by zero");
return a / b;
}
/**
* @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),
* reverting when dividing by zero.
*
* Counterpart to Solidity's `%` operator. This function uses a `revert`
* opcode (which leaves remaining gas untouched) while Solidity uses an
* invalid opcode to revert (consuming all remaining gas).
*
* Requirements:
*
* - The divisor cannot be zero.
*/
function mod(uint256 a, uint256 b) internal pure returns (uint256) {
require(b > 0, "SafeMath: modulo by zero");
return a % b;
}
/**
* @dev Returns the subtraction of two unsigned integers, reverting with custom message on
* overflow (when the result is negative).
*
* CAUTION: This function is deprecated because it requires allocating memory for the error
* message unnecessarily. For custom revert reasons use {trySub}.
*
* Counterpart to Solidity's `-` operator.
*
* Requirements:
*
* - Subtraction cannot overflow.
*/
function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {
require(b <= a, errorMessage);
return a - b;
}
/**
* @dev Returns the integer division of two unsigned integers, reverting with custom message on
* division by zero. The result is rounded towards zero.
*
* CAUTION: This function is deprecated because it requires allocating memory for the error
* message unnecessarily. For custom revert reasons use {tryDiv}.
*
* Counterpart to Solidity's `/` operator. Note: this function uses a
* `revert` opcode (which leaves remaining gas untouched) while Solidity
* uses an invalid opcode to revert (consuming all remaining gas).
*
* Requirements:
*
* - The divisor cannot be zero.
*/
function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {
require(b > 0, errorMessage);
return a / b;
}
/**
* @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),
* reverting with custom message when dividing by zero.
*
* CAUTION: This function is deprecated because it requires allocating memory for the error
* message unnecessarily. For custom revert reasons use {tryMod}.
*
* Counterpart to Solidity's `%` operator. This function uses a `revert`
* opcode (which leaves remaining gas untouched) while Solidity uses an
* invalid opcode to revert (consuming all remaining gas).
*
* Requirements:
*
* - The divisor cannot be zero.
*/
function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {
require(b > 0, errorMessage);
return a % b;
}
}
/**
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2023, Circle Internet Financial, LLC.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
pragma solidity 0.6.12;
import { FiatTokenV2 } from "./FiatTokenV2.sol";
// solhint-disable func-name-mixedcase
/**
* @title FiatToken V2.1
* @notice ERC20 Token backed by fiat reserves, version 2.1
*/
contract FiatTokenV2_1 is FiatTokenV2 {
/**
* @notice Initialize v2.1
* @param lostAndFound The address to which the locked funds are sent
*/
function initializeV2_1(address lostAndFound) external {
// solhint-disable-next-line reason-string
require(_initializedVersion == 1);
uint256 lockedAmount = _balanceOf(address(this));
if (lockedAmount > 0) {
_transfer(address(this), lostAndFound, lockedAmount);
}
_blacklist(address(this));
_initializedVersion = 2;
}
/**
* @notice Version string for the EIP712 domain separator
* @return Version string
*/
function version() external pure returns (string memory) {
return "2";
}
}
/**
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2023, Circle Internet Financial, LLC.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
pragma solidity 0.6.12;
import { FiatTokenV1_1 } from "../v1.1/FiatTokenV1_1.sol";
import { EIP712 } from "../util/EIP712.sol";
import { EIP3009 } from "./EIP3009.sol";
import { EIP2612 } from "./EIP2612.sol";
/**
* @title FiatToken V2
* @notice ERC20 Token backed by fiat reserves, version 2
*/
contract FiatTokenV2 is FiatTokenV1_1, EIP3009, EIP2612 {
uint8 internal _initializedVersion;
/**
* @notice Initialize v2
* @param newName New token name
*/
function initializeV2(string calldata newName) external {
// solhint-disable-next-line reason-string
require(initialized && _initializedVersion == 0);
name = newName;
_DEPRECATED_CACHED_DOMAIN_SEPARATOR = EIP712.makeDomainSeparator(
newName,
"2"
);
_initializedVersion = 1;
}
/**
* @notice Increase the allowance by a given increment
* @param spender Spender's address
* @param increment Amount of increase in allowance
* @return True if successful
*/
function increaseAllowance(address spender, uint256 increment)
external
virtual
whenNotPaused
notBlacklisted(msg.sender)
notBlacklisted(spender)
returns (bool)
{
_increaseAllowance(msg.sender, spender, increment);
return true;
}
/**
* @notice Decrease the allowance by a given decrement
* @param spender Spender's address
* @param decrement Amount of decrease in allowance
* @return True if successful
*/
function decreaseAllowance(address spender, uint256 decrement)
external
virtual
whenNotPaused
notBlacklisted(msg.sender)
notBlacklisted(spender)
returns (bool)
{
_decreaseAllowance(msg.sender, spender, decrement);
return true;
}
/**
* @notice Execute a transfer with a signed authorization
* @param from Payer's address (Authorizer)
* @param to Payee's address
* @param value Amount to be transferred
* @param validAfter The time after which this is valid (unix time)
* @param validBefore The time before which this is valid (unix time)
* @param nonce Unique nonce
* @param v v of the signature
* @param r r of the signature
* @param s s of the signature
*/
function transferWithAuthorization(
address from,
address to,
uint256 value,
uint256 validAfter,
uint256 validBefore,
bytes32 nonce,
uint8 v,
bytes32 r,
bytes32 s
) external whenNotPaused notBlacklisted(from) notBlacklisted(to) {
_transferWithAuthorization(
from,
to,
value,
validAfter,
validBefore,
nonce,
v,
r,
s
);
}
/**
* @notice Receive a transfer with a signed authorization from the payer
* @dev This has an additional check to ensure that the payee's address
* matches the caller of this function to prevent front-running attacks.
* @param from Payer's address (Authorizer)
* @param to Payee's address
* @param value Amount to be transferred
* @param validAfter The time after which this is valid (unix time)
* @param validBefore The time before which this is valid (unix time)
* @param nonce Unique nonce
* @param v v of the signature
* @param r r of the signature
* @param s s of the signature
*/
function receiveWithAuthorization(
address from,
address to,
uint256 value,
uint256 validAfter,
uint256 validBefore,
bytes32 nonce,
uint8 v,
bytes32 r,
bytes32 s
) external whenNotPaused notBlacklisted(from) notBlacklisted(to) {
_receiveWithAuthorization(
from,
to,
value,
validAfter,
validBefore,
nonce,
v,
r,
s
);
}
/**
* @notice Attempt to cancel an authorization
* @dev Works only if the authorization is not yet used.
* @param authorizer Authorizer's address
* @param nonce Nonce of the authorization
* @param v v of the signature
* @param r r of the signature
* @param s s of the signature
*/
function cancelAuthorization(
address authorizer,
bytes32 nonce,
uint8 v,
bytes32 r,
bytes32 s
) external whenNotPaused {
_cancelAuthorization(authorizer, nonce, v, r, s);
}
/**
* @notice Update allowance with a signed permit
* @param owner Token owner's address (Authorizer)
* @param spender Spender's address
* @param value Amount of allowance
* @param deadline The time at which the signature expires (unix time), or max uint256 value to signal no expiration
* @param v v of the signature
* @param r r of the signature
* @param s s of the signature
*/
function permit(
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
)
external
virtual
whenNotPaused
notBlacklisted(owner)
notBlacklisted(spender)
{
_permit(owner, spender, value, deadline, v, r, s);
}
/**
* @dev Internal function to increase the allowance by a given increment
* @param owner Token owner's address
* @param spender Spender's address
* @param increment Amount of increase
*/
function _increaseAllowance(
address owner,
address spender,
uint256 increment
) internal override {
_approve(owner, spender, allowed[owner][spender].add(increment));
}
/**
* @dev Internal function to decrease the allowance by a given decrement
* @param owner Token owner's address
* @param spender Spender's address
* @param decrement Amount of decrease
*/
function _decreaseAllowance(
address owner,
address spender,
uint256 decrement
) internal override {
_approve(
owner,
spender,
allowed[owner][spender].sub(
decrement,
"ERC20: decreased allowance below zero"
)
);
}
}
/**
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2023, Circle Internet Financial, LLC.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
pragma solidity 0.6.12;
// solhint-disable func-name-mixedcase
/**
* @title EIP712 Domain
*/
contract EIP712Domain {
// was originally DOMAIN_SEPARATOR
// but that has been moved to a method so we can override it in V2_2+
bytes32 internal _DEPRECATED_CACHED_DOMAIN_SEPARATOR;
/**
* @notice Get the EIP712 Domain Separator.
* @return The bytes32 EIP712 domain separator.
*/
function DOMAIN_SEPARATOR() external view returns (bytes32) {
return _domainSeparator();
}
/**
* @dev Internal method to get the EIP712 Domain Separator.
* @return The bytes32 EIP712 domain separator.
*/
function _domainSeparator() internal virtual view returns (bytes32) {
return _DEPRECATED_CACHED_DOMAIN_SEPARATOR;
}
}
/**
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2023, Circle Internet Financial, LLC.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
pragma solidity 0.6.12;
import { AbstractFiatTokenV2 } from "./AbstractFiatTokenV2.sol";
import { EIP712Domain } from "./EIP712Domain.sol";
import { SignatureChecker } from "../util/SignatureChecker.sol";
import { MessageHashUtils } from "../util/MessageHashUtils.sol";
/**
* @title EIP-3009
* @notice Provide internal implementation for gas-abstracted transfers
* @dev Contracts that inherit from this must wrap these with publicly
* accessible functions, optionally adding modifiers where necessary
*/
abstract contract EIP3009 is AbstractFiatTokenV2, EIP712Domain {
// keccak256("TransferWithAuthorization(address from,address to,uint256 value,uint256 validAfter,uint256 validBefore,bytes32 nonce)")
bytes32
public constant TRANSFER_WITH_AUTHORIZATION_TYPEHASH = 0x7c7c6cdb67a18743f49ec6fa9b35f50d52ed05cbed4cc592e13b44501c1a2267;
// keccak256("ReceiveWithAuthorization(address from,address to,uint256 value,uint256 validAfter,uint256 validBefore,bytes32 nonce)")
bytes32
public constant RECEIVE_WITH_AUTHORIZATION_TYPEHASH = 0xd099cc98ef71107a616c4f0f941f04c322d8e254fe26b3c6668db87aae413de8;
// keccak256("CancelAuthorization(address authorizer,bytes32 nonce)")
bytes32
public constant CANCEL_AUTHORIZATION_TYPEHASH = 0x158b0a9edf7a828aad02f63cd515c68ef2f50ba807396f6d12842833a1597429;
/**
* @dev authorizer address => nonce => bool (true if nonce is used)
*/
mapping(address => mapping(bytes32 => bool)) private _authorizationStates;
event AuthorizationUsed(address indexed authorizer, bytes32 indexed nonce);
event AuthorizationCanceled(
address indexed authorizer,
bytes32 indexed nonce
);
/**
* @notice Returns the state of an authorization
* @dev Nonces are randomly generated 32-byte data unique to the
* authorizer's address
* @param authorizer Authorizer's address
* @param nonce Nonce of the authorization
* @return True if the nonce is used
*/
function authorizationState(address authorizer, bytes32 nonce)
external
view
returns (bool)
{
return _authorizationStates[authorizer][nonce];
}
/**
* @notice Execute a transfer with a signed authorization
* @param from Payer's address (Authorizer)
* @param to Payee's address
* @param value Amount to be transferred
* @param validAfter The time after which this is valid (unix time)
* @param validBefore The time before which this is valid (unix time)
* @param nonce Unique nonce
* @param v v of the signature
* @param r r of the signature
* @param s s of the signature
*/
function _transferWithAuthorization(
address from,
address to,
uint256 value,
uint256 validAfter,
uint256 validBefore,
bytes32 nonce,
uint8 v,
bytes32 r,
bytes32 s
) internal {
_transferWithAuthorization(
from,
to,
value,
validAfter,
validBefore,
nonce,
abi.encodePacked(r, s, v)
);
}
/**
* @notice Execute a transfer with a signed authorization
* @dev EOA wallet signatures should be packed in the order of r, s, v.
* @param from Payer's address (Authorizer)
* @param to Payee's address
* @param value Amount to be transferred
* @param validAfter The time after which this is valid (unix time)
* @param validBefore The time before which this is valid (unix time)
* @param nonce Unique nonce
* @param signature Signature byte array produced by an EOA wallet or a contract wallet
*/
function _transferWithAuthorization(
address from,
address to,
uint256 value,
uint256 validAfter,
uint256 validBefore,
bytes32 nonce,
bytes memory signature
) internal {
_requireValidAuthorization(from, nonce, validAfter, validBefore);
_requireValidSignature(
from,
keccak256(
abi.encode(
TRANSFER_WITH_AUTHORIZATION_TYPEHASH,
from,
to,
value,
validAfter,
validBefore,
nonce
)
),
signature
);
_markAuthorizationAsUsed(from, nonce);
_transfer(from, to, value);
}
/**
* @notice Receive a transfer with a signed authorization from the payer
* @dev This has an additional check to ensure that the payee's address
* matches the caller of this function to prevent front-running attacks.
* @param from Payer's address (Authorizer)
* @param to Payee's address
* @param value Amount to be transferred
* @param validAfter The time after which this is valid (unix time)
* @param validBefore The time before which this is valid (unix time)
* @param nonce Unique nonce
* @param v v of the signature
* @param r r of the signature
* @param s s of the signature
*/
function _receiveWithAuthorization(
address from,
address to,
uint256 value,
uint256 validAfter,
uint256 validBefore,
bytes32 nonce,
uint8 v,
bytes32 r,
bytes32 s
) internal {
_receiveWithAuthorization(
from,
to,
value,
validAfter,
validBefore,
nonce,
abi.encodePacked(r, s, v)
);
}
/**
* @notice Receive a transfer with a signed authorization from the payer
* @dev This has an additional check to ensure that the payee's address
* matches the caller of this function to prevent front-running attacks.
* EOA wallet signatures should be packed in the order of r, s, v.
* @param from Payer's address (Authorizer)
* @param to Payee's address
* @param value Amount to be transferred
* @param validAfter The time after which this is valid (unix time)
* @param validBefore The time before which this is valid (unix time)
* @param nonce Unique nonce
* @param signature Signature byte array produced by an EOA wallet or a contract wallet
*/
function _receiveWithAuthorization(
address from,
address to,
uint256 value,
uint256 validAfter,
uint256 validBefore,
bytes32 nonce,
bytes memory signature
) internal {
require(to == msg.sender, "FiatTokenV2: caller must be the payee");
_requireValidAuthorization(from, nonce, validAfter, validBefore);
_requireValidSignature(
from,
keccak256(
abi.encode(
RECEIVE_WITH_AUTHORIZATION_TYPEHASH,
from,
to,
value,
validAfter,
validBefore,
nonce
)
),
signature
);
_markAuthorizationAsUsed(from, nonce);
_transfer(from, to, value);
}
/**
* @notice Attempt to cancel an authorization
* @param authorizer Authorizer's address
* @param nonce Nonce of the authorization
* @param v v of the signature
* @param r r of the signature
* @param s s of the signature
*/
function _cancelAuthorization(
address authorizer,
bytes32 nonce,
uint8 v,
bytes32 r,
bytes32 s
) internal {
_cancelAuthorization(authorizer, nonce, abi.encodePacked(r, s, v));
}
/**
* @notice Attempt to cancel an authorization
* @dev EOA wallet signatures should be packed in the order of r, s, v.
* @param authorizer Authorizer's address
* @param nonce Nonce of the authorization
* @param signature Signature byte array produced by an EOA wallet or a contract wallet
*/
function _cancelAuthorization(
address authorizer,
bytes32 nonce,
bytes memory signature
) internal {
_requireUnusedAuthorization(authorizer, nonce);
_requireValidSignature(
authorizer,
keccak256(
abi.encode(CANCEL_AUTHORIZATION_TYPEHASH, authorizer, nonce)
),
signature
);
_authorizationStates[authorizer][nonce] = true;
emit AuthorizationCanceled(authorizer, nonce);
}
/**
* @notice Validates that signature against input data struct
* @param signer Signer's address
* @param dataHash Hash of encoded data struct
* @param signature Signature byte array produced by an EOA wallet or a contract wallet
*/
function _requireValidSignature(
address signer,
bytes32 dataHash,
bytes memory signature
) private view {
require(
SignatureChecker.isValidSignatureNow(
signer,
MessageHashUtils.toTypedDataHash(_domainSeparator(), dataHash),
signature
),
"FiatTokenV2: invalid signature"
);
}
/**
* @notice Check that an authorization is unused
* @param authorizer Authorizer's address
* @param nonce Nonce of the authorization
*/
function _requireUnusedAuthorization(address authorizer, bytes32 nonce)
private
view
{
require(
!_authorizationStates[authorizer][nonce],
"FiatTokenV2: authorization is used or canceled"
);
}
/**
* @notice Check that authorization is valid
* @param authorizer Authorizer's address
* @param nonce Nonce of the authorization
* @param validAfter The time after which this is valid (unix time)
* @param validBefore The time before which this is valid (unix time)
*/
function _requireValidAuthorization(
address authorizer,
bytes32 nonce,
uint256 validAfter,
uint256 validBefore
) private view {
require(
now > validAfter,
"FiatTokenV2: authorization is not yet valid"
);
require(now < validBefore, "FiatTokenV2: authorization is expired");
_requireUnusedAuthorization(authorizer, nonce);
}
/**
* @notice Mark an authorization as used
* @param authorizer Authorizer's address
* @param nonce Nonce of the authorization
*/
function _markAuthorizationAsUsed(address authorizer, bytes32 nonce)
private
{
_authorizationStates[authorizer][nonce] = true;
emit AuthorizationUsed(authorizer, nonce);
}
}
/**
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2023, Circle Internet Financial, LLC.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
pragma solidity 0.6.12;
import { AbstractFiatTokenV2 } from "./AbstractFiatTokenV2.sol";
import { EIP712Domain } from "./EIP712Domain.sol";
import { MessageHashUtils } from "../util/MessageHashUtils.sol";
import { SignatureChecker } from "../util/SignatureChecker.sol";
/**
* @title EIP-2612
* @notice Provide internal implementation for gas-abstracted approvals
*/
abstract contract EIP2612 is AbstractFiatTokenV2, EIP712Domain {
// keccak256("Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)")
bytes32
public constant PERMIT_TYPEHASH = 0x6e71edae12b1b97f4d1f60370fef10105fa2faae0126114a169c64845d6126c9;
mapping(address => uint256) private _permitNonces;
/**
* @notice Nonces for permit
* @param owner Token owner's address (Authorizer)
* @return Next nonce
*/
function nonces(address owner) external view returns (uint256) {
return _permitNonces[owner];
}
/**
* @notice Verify a signed approval permit and execute if valid
* @param owner Token owner's address (Authorizer)
* @param spender Spender's address
* @param value Amount of allowance
* @param deadline The time at which the signature expires (unix time), or max uint256 value to signal no expiration
* @param v v of the signature
* @param r r of the signature
* @param s s of the signature
*/
function _permit(
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) internal {
_permit(owner, spender, value, deadline, abi.encodePacked(r, s, v));
}
/**
* @notice Verify a signed approval permit and execute if valid
* @dev EOA wallet signatures should be packed in the order of r, s, v.
* @param owner Token owner's address (Authorizer)
* @param spender Spender's address
* @param value Amount of allowance
* @param deadline The time at which the signature expires (unix time), or max uint256 value to signal no expiration
* @param signature Signature byte array signed by an EOA wallet or a contract wallet
*/
function _permit(
address owner,
address spender,
uint256 value,
uint256 deadline,
bytes memory signature
) internal {
require(
deadline == type(uint256).max || deadline >= now,
"FiatTokenV2: permit is expired"
);
bytes32 typedDataHash = MessageHashUtils.toTypedDataHash(
_domainSeparator(),
keccak256(
abi.encode(
PERMIT_TYPEHASH,
owner,
spender,
value,
_permitNonces[owner]++,
deadline
)
)
);
require(
SignatureChecker.isValidSignatureNow(
owner,
typedDataHash,
signature
),
"EIP2612: invalid signature"
);
_approve(owner, spender, value);
}
}
/**
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2023, Circle Internet Financial, LLC.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
pragma solidity 0.6.12;
import { AbstractFiatTokenV1 } from "../v1/AbstractFiatTokenV1.sol";
abstract contract AbstractFiatTokenV2 is AbstractFiatTokenV1 {
function _increaseAllowance(
address owner,
address spender,
uint256 increment
) internal virtual;
function _decreaseAllowance(
address owner,
address spender,
uint256 decrement
) internal virtual;
}
/**
* SPDX-License-Identifier: MIT
*
* Copyright (c) 2016 Smart Contract Solutions, Inc.
* Copyright (c) 2018-2020 CENTRE SECZ
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
pragma solidity 0.6.12;
import { Ownable } from "./Ownable.sol";
/**
* @notice Base contract which allows children to implement an emergency stop
* mechanism
* @dev Forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/feb665136c0dae9912e08397c1a21c4af3651ef3/contracts/lifecycle/Pausable.sol
* Modifications:
* 1. Added pauser role, switched pause/unpause to be onlyPauser (6/14/2018)
* 2. Removed whenNotPause/whenPaused from pause/unpause (6/14/2018)
* 3. Removed whenPaused (6/14/2018)
* 4. Switches ownable library to use ZeppelinOS (7/12/18)
* 5. Remove constructor (7/13/18)
* 6. Reformat, conform to Solidity 0.6 syntax and add error messages (5/13/20)
* 7. Make public functions external (5/27/20)
*/
contract Pausable is Ownable {
event Pause();
event Unpause();
event PauserChanged(address indexed newAddress);
address public pauser;
bool public paused = false;
/**
* @dev Modifier to make a function callable only when the contract is not paused.
*/
modifier whenNotPaused() {
require(!paused, "Pausable: paused");
_;
}
/**
* @dev throws if called by any account other than the pauser
*/
modifier onlyPauser() {
require(msg.sender == pauser, "Pausable: caller is not the pauser");
_;
}
/**
* @dev called by the owner to pause, triggers stopped state
*/
function pause() external onlyPauser {
paused = true;
emit Pause();
}
/**
* @dev called by the owner to unpause, returns to normal state
*/
function unpause() external onlyPauser {
paused = false;
emit Unpause();
}
/**
* @notice Updates the pauser address.
* @param _newPauser The address of the new pauser.
*/
function updatePauser(address _newPauser) external onlyOwner {
require(
_newPauser != address(0),
"Pausable: new pauser is the zero address"
);
pauser = _newPauser;
emit PauserChanged(pauser);
}
}
/**
* SPDX-License-Identifier: MIT
*
* Copyright (c) 2018 zOS Global Limited.
* Copyright (c) 2018-2020 CENTRE SECZ
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
pragma solidity 0.6.12;
/**
* @notice The Ownable contract has an owner address, and provides basic
* authorization control functions
* @dev Forked from https://github.com/OpenZeppelin/openzeppelin-labs/blob/3887ab77b8adafba4a26ace002f3a684c1a3388b/upgradeability_ownership/contracts/ownership/Ownable.sol
* Modifications:
* 1. Consolidate OwnableStorage into this contract (7/13/18)
* 2. Reformat, conform to Solidity 0.6 syntax, and add error messages (5/13/20)
* 3. Make public functions external (5/27/20)
*/
contract Ownable {
// Owner of the contract
address private _owner;
/**
* @dev Event to show ownership has been transferred
* @param previousOwner representing the address of the previous owner
* @param newOwner representing the address of the new owner
*/
event OwnershipTransferred(address previousOwner, address newOwner);
/**
* @dev The constructor sets the original owner of the contract to the sender account.
*/
constructor() public {
setOwner(msg.sender);
}
/**
* @dev Tells the address of the owner
* @return the address of the owner
*/
function owner() external view returns (address) {
return _owner;
}
/**
* @dev Sets a new owner address
*/
function setOwner(address newOwner) internal {
_owner = newOwner;
}
/**
* @dev Throws if called by any account other than the owner.
*/
modifier onlyOwner() {
require(msg.sender == _owner, "Ownable: caller is not the owner");
_;
}
/**
* @dev Allows the current owner to transfer control of the contract to a newOwner.
* @param newOwner The address to transfer ownership to.
*/
function transferOwnership(address newOwner) external onlyOwner {
require(
newOwner != address(0),
"Ownable: new owner is the zero address"
);
emit OwnershipTransferred(_owner, newOwner);
setOwner(newOwner);
}
}
/**
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2023, Circle Internet Financial, LLC.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
pragma solidity 0.6.12;
import { SafeMath } from "@openzeppelin/contracts/math/SafeMath.sol";
import { AbstractFiatTokenV1 } from "./AbstractFiatTokenV1.sol";
import { Ownable } from "./Ownable.sol";
import { Pausable } from "./Pausable.sol";
import { Blacklistable } from "./Blacklistable.sol";
/**
* @title FiatToken
* @dev ERC20 Token backed by fiat reserves
*/
contract FiatTokenV1 is AbstractFiatTokenV1, Ownable, Pausable, Blacklistable {
using SafeMath for uint256;
string public name;
string public symbol;
uint8 public decimals;
string public currency;
address public masterMinter;
bool internal initialized;
/// @dev A mapping that stores the balance and blacklist states for a given address.
/// The first bit defines whether the address is blacklisted (1 if blacklisted, 0 otherwise).
/// The last 255 bits define the balance for the address.
mapping(address => uint256) internal balanceAndBlacklistStates;
mapping(address => mapping(address => uint256)) internal allowed;
uint256 internal totalSupply_ = 0;
mapping(address => bool) internal minters;
mapping(address => uint256) internal minterAllowed;
event Mint(address indexed minter, address indexed to, uint256 amount);
event Burn(address indexed burner, uint256 amount);
event MinterConfigured(address indexed minter, uint256 minterAllowedAmount);
event MinterRemoved(address indexed oldMinter);
event MasterMinterChanged(address indexed newMasterMinter);
/**
* @notice Initializes the fiat token contract.
* @param tokenName The name of the fiat token.
* @param tokenSymbol The symbol of the fiat token.
* @param tokenCurrency The fiat currency that the token represents.
* @param tokenDecimals The number of decimals that the token uses.
* @param newMasterMinter The masterMinter address for the fiat token.
* @param newPauser The pauser address for the fiat token.
* @param newBlacklister The blacklister address for the fiat token.
* @param newOwner The owner of the fiat token.
*/
function initialize(
string memory tokenName,
string memory tokenSymbol,
string memory tokenCurrency,
uint8 tokenDecimals,
address newMasterMinter,
address newPauser,
address newBlacklister,
address newOwner
) public {
require(!initialized, "FiatToken: contract is already initialized");
require(
newMasterMinter != address(0),
"FiatToken: new masterMinter is the zero address"
);
require(
newPauser != address(0),
"FiatToken: new pauser is the zero address"
);
require(
newBlacklister != address(0),
"FiatToken: new blacklister is the zero address"
);
require(
newOwner != address(0),
"FiatToken: new owner is the zero address"
);
name = tokenName;
symbol = tokenSymbol;
currency = tokenCurrency;
decimals = tokenDecimals;
masterMinter = newMasterMinter;
pauser = newPauser;
blacklister = newBlacklister;
setOwner(newOwner);
initialized = true;
}
/**
* @dev Throws if called by any account other than a minter.
*/
modifier onlyMinters() {
require(minters[msg.sender], "FiatToken: caller is not a minter");
_;
}
/**
* @notice Mints fiat tokens to an address.
* @param _to The address that will receive the minted tokens.
* @param _amount The amount of tokens to mint. Must be less than or equal
* to the minterAllowance of the caller.
* @return True if the operation was successful.
*/
function mint(address _to, uint256 _amount)
external
whenNotPaused
onlyMinters
notBlacklisted(msg.sender)
notBlacklisted(_to)
returns (bool)
{
require(_to != address(0), "FiatToken: mint to the zero address");
require(_amount > 0, "FiatToken: mint amount not greater than 0");
uint256 mintingAllowedAmount = minterAllowed[msg.sender];
require(
_amount <= mintingAllowedAmount,
"FiatToken: mint amount exceeds minterAllowance"
);
totalSupply_ = totalSupply_.add(_amount);
_setBalance(_to, _balanceOf(_to).add(_amount));
minterAllowed[msg.sender] = mintingAllowedAmount.sub(_amount);
emit Mint(msg.sender, _to, _amount);
emit Transfer(address(0), _to, _amount);
return true;
}
/**
* @dev Throws if called by any account other than the masterMinter
*/
modifier onlyMasterMinter() {
require(
msg.sender == masterMinter,
"FiatToken: caller is not the masterMinter"
);
_;
}
/**
* @notice Gets the minter allowance for an account.
* @param minter The address to check.
* @return The remaining minter allowance for the account.
*/
function minterAllowance(address minter) external view returns (uint256) {
return minterAllowed[minter];
}
/**
* @notice Checks if an account is a minter.
* @param account The address to check.
* @return True if the account is a minter, false if the account is not a minter.
*/
function isMinter(address account) external view returns (bool) {
return minters[account];
}
/**
* @notice Gets the remaining amount of fiat tokens a spender is allowed to transfer on
* behalf of the token owner.
* @param owner The token owner's address.
* @param spender The spender's address.
* @return The remaining allowance.
*/
function allowance(address owner, address spender)
external
override
view
returns (uint256)
{
return allowed[owner][spender];
}
/**
* @notice Gets the totalSupply of the fiat token.
* @return The totalSupply of the fiat token.
*/
function totalSupply() external override view returns (uint256) {
return totalSupply_;
}
/**
* @notice Gets the fiat token balance of an account.
* @param account The address to check.
* @return balance The fiat token balance of the account.
*/
function balanceOf(address account)
external
override
view
returns (uint256)
{
return _balanceOf(account);
}
/**
* @notice Sets a fiat token allowance for a spender to spend on behalf of the caller.
* @param spender The spender's address.
* @param value The allowance amount.
* @return True if the operation was successful.
*/
function approve(address spender, uint256 value)
external
virtual
override
whenNotPaused
notBlacklisted(msg.sender)
notBlacklisted(spender)
returns (bool)
{
_approve(msg.sender, spender, value);
return true;
}
/**
* @dev Internal function to set allowance.
* @param owner Token owner's address.
* @param spender Spender's address.
* @param value Allowance amount.
*/
function _approve(
address owner,
address spender,
uint256 value
) internal override {
require(owner != address(0), "ERC20: approve from the zero address");
require(spender != address(0), "ERC20: approve to the zero address");
allowed[owner][spender] = value;
emit Approval(owner, spender, value);
}
/**
* @notice Transfers tokens from an address to another by spending the caller's allowance.
* @dev The caller must have some fiat token allowance on the payer's tokens.
* @param from Payer's address.
* @param to Payee's address.
* @param value Transfer amount.
* @return True if the operation was successful.
*/
function transferFrom(
address from,
address to,
uint256 value
)
external
override
whenNotPaused
notBlacklisted(msg.sender)
notBlacklisted(from)
notBlacklisted(to)
returns (bool)
{
require(
value <= allowed[from][msg.sender],
"ERC20: transfer amount exceeds allowance"
);
_transfer(from, to, value);
allowed[from][msg.sender] = allowed[from][msg.sender].sub(value);
return true;
}
/**
* @notice Transfers tokens from the caller.
* @param to Payee's address.
* @param value Transfer amount.
* @return True if the operation was successful.
*/
function transfer(address to, uint256 value)
external
override
whenNotPaused
notBlacklisted(msg.sender)
notBlacklisted(to)
returns (bool)
{
_transfer(msg.sender, to, value);
return true;
}
/**
* @dev Internal function to process transfers.
* @param from Payer's address.
* @param to Payee's address.
* @param value Transfer amount.
*/
function _transfer(
address from,
address to,
uint256 value
) internal override {
require(from != address(0), "ERC20: transfer from the zero address");
require(to != address(0), "ERC20: transfer to the zero address");
require(
value <= _balanceOf(from),
"ERC20: transfer amount exceeds balance"
);
_setBalance(from, _balanceOf(from).sub(value));
_setBalance(to, _balanceOf(to).add(value));
emit Transfer(from, to, value);
}
/**
* @notice Adds or updates a new minter with a mint allowance.
* @param minter The address of the minter.
* @param minterAllowedAmount The minting amount allowed for the minter.
* @return True if the operation was successful.
*/
function configureMinter(address minter, uint256 minterAllowedAmount)
external
whenNotPaused
onlyMasterMinter
returns (bool)
{
minters[minter] = true;
minterAllowed[minter] = minterAllowedAmount;
emit MinterConfigured(minter, minterAllowedAmount);
return true;
}
/**
* @notice Removes a minter.
* @param minter The address of the minter to remove.
* @return True if the operation was successful.
*/
function removeMinter(address minter)
external
onlyMasterMinter
returns (bool)
{
minters[minter] = false;
minterAllowed[minter] = 0;
emit MinterRemoved(minter);
return true;
}
/**
* @notice Allows a minter to burn some of its own tokens.
* @dev The caller must be a minter, must not be blacklisted, and the amount to burn
* should be less than or equal to the account's balance.
* @param _amount the amount of tokens to be burned.
*/
function burn(uint256 _amount)
external
whenNotPaused
onlyMinters
notBlacklisted(msg.sender)
{
uint256 balance = _balanceOf(msg.sender);
require(_amount > 0, "FiatToken: burn amount not greater than 0");
require(balance >= _amount, "FiatToken: burn amount exceeds balance");
totalSupply_ = totalSupply_.sub(_amount);
_setBalance(msg.sender, balance.sub(_amount));
emit Burn(msg.sender, _amount);
emit Transfer(msg.sender, address(0), _amount);
}
/**
* @notice Updates the master minter address.
* @param _newMasterMinter The address of the new master minter.
*/
function updateMasterMinter(address _newMasterMinter) external onlyOwner {
require(
_newMasterMinter != address(0),
"FiatToken: new masterMinter is the zero address"
);
masterMinter = _newMasterMinter;
emit MasterMinterChanged(masterMinter);
}
/**
* @inheritdoc Blacklistable
*/
function _blacklist(address _account) internal override {
_setBlacklistState(_account, true);
}
/**
* @inheritdoc Blacklistable
*/
function _unBlacklist(address _account) internal override {
_setBlacklistState(_account, false);
}
/**
* @dev Helper method that sets the blacklist state of an account.
* @param _account The address of the account.
* @param _shouldBlacklist True if the account should be blacklisted, false if the account should be unblacklisted.
*/
function _setBlacklistState(address _account, bool _shouldBlacklist)
internal
virtual
{
_deprecatedBlacklisted[_account] = _shouldBlacklist;
}
/**
* @dev Helper method that sets the balance of an account.
* @param _account The address of the account.
* @param _balance The new fiat token balance of the account.
*/
function _setBalance(address _account, uint256 _balance) internal virtual {
balanceAndBlacklistStates[_account] = _balance;
}
/**
* @inheritdoc Blacklistable
*/
function _isBlacklisted(address _account)
internal
virtual
override
view
returns (bool)
{
return _deprecatedBlacklisted[_account];
}
/**
* @dev Helper method to obtain the balance of an account.
* @param _account The address of the account.
* @return The fiat token balance of the account.
*/
function _balanceOf(address _account)
internal
virtual
view
returns (uint256)
{
return balanceAndBlacklistStates[_account];
}
}
/**
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2023, Circle Internet Financial, LLC.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
pragma solidity 0.6.12;
import { Ownable } from "./Ownable.sol";
/**
* @title Blacklistable Token
* @dev Allows accounts to be blacklisted by a "blacklister" role
*/
abstract contract Blacklistable is Ownable {
address public blacklister;
mapping(address => bool) internal _deprecatedBlacklisted;
event Blacklisted(address indexed _account);
event UnBlacklisted(address indexed _account);
event BlacklisterChanged(address indexed newBlacklister);
/**
* @dev Throws if called by any account other than the blacklister.
*/
modifier onlyBlacklister() {
require(
msg.sender == blacklister,
"Blacklistable: caller is not the blacklister"
);
_;
}
/**
* @dev Throws if argument account is blacklisted.
* @param _account The address to check.
*/
modifier notBlacklisted(address _account) {
require(
!_isBlacklisted(_account),
"Blacklistable: account is blacklisted"
);
_;
}
/**
* @notice Checks if account is blacklisted.
* @param _account The address to check.
* @return True if the account is blacklisted, false if the account is not blacklisted.
*/
function isBlacklisted(address _account) external view returns (bool) {
return _isBlacklisted(_account);
}
/**
* @notice Adds account to blacklist.
* @param _account The address to blacklist.
*/
function blacklist(address _account) external onlyBlacklister {
_blacklist(_account);
emit Blacklisted(_account);
}
/**
* @notice Removes account from blacklist.
* @param _account The address to remove from the blacklist.
*/
function unBlacklist(address _account) external onlyBlacklister {
_unBlacklist(_account);
emit UnBlacklisted(_account);
}
/**
* @notice Updates the blacklister address.
* @param _newBlacklister The address of the new blacklister.
*/
function updateBlacklister(address _newBlacklister) external onlyOwner {
require(
_newBlacklister != address(0),
"Blacklistable: new blacklister is the zero address"
);
blacklister = _newBlacklister;
emit BlacklisterChanged(blacklister);
}
/**
* @dev Checks if account is blacklisted.
* @param _account The address to check.
* @return true if the account is blacklisted, false otherwise.
*/
function _isBlacklisted(address _account)
internal
virtual
view
returns (bool);
/**
* @dev Helper method that blacklists an account.
* @param _account The address to blacklist.
*/
function _blacklist(address _account) internal virtual;
/**
* @dev Helper method that unblacklists an account.
* @param _account The address to unblacklist.
*/
function _unBlacklist(address _account) internal virtual;
}
/**
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2023, Circle Internet Financial, LLC.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
pragma solidity 0.6.12;
import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
abstract contract AbstractFiatTokenV1 is IERC20 {
function _approve(
address owner,
address spender,
uint256 value
) internal virtual;
function _transfer(
address from,
address to,
uint256 value
) internal virtual;
}
/**
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2023, Circle Internet Financial, LLC.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
pragma solidity 0.6.12;
import { Ownable } from "../v1/Ownable.sol";
import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import { SafeERC20 } from "@openzeppelin/contracts/token/ERC20/SafeERC20.sol";
contract Rescuable is Ownable {
using SafeERC20 for IERC20;
address private _rescuer;
event RescuerChanged(address indexed newRescuer);
/**
* @notice Returns current rescuer
* @return Rescuer's address
*/
function rescuer() external view returns (address) {
return _rescuer;
}
/**
* @notice Revert if called by any account other than the rescuer.
*/
modifier onlyRescuer() {
require(msg.sender == _rescuer, "Rescuable: caller is not the rescuer");
_;
}
/**
* @notice Rescue ERC20 tokens locked up in this contract.
* @param tokenContract ERC20 token contract address
* @param to Recipient address
* @param amount Amount to withdraw
*/
function rescueERC20(
IERC20 tokenContract,
address to,
uint256 amount
) external onlyRescuer {
tokenContract.safeTransfer(to, amount);
}
/**
* @notice Updates the rescuer address.
* @param newRescuer The address of the new rescuer.
*/
function updateRescuer(address newRescuer) external onlyOwner {
require(
newRescuer != address(0),
"Rescuable: new rescuer is the zero address"
);
_rescuer = newRescuer;
emit RescuerChanged(newRescuer);
}
}
/**
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2023, Circle Internet Financial, LLC.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
pragma solidity 0.6.12;
import { FiatTokenV1 } from "../v1/FiatTokenV1.sol";
import { Rescuable } from "./Rescuable.sol";
/**
* @title FiatTokenV1_1
* @dev ERC20 Token backed by fiat reserves
*/
contract FiatTokenV1_1 is FiatTokenV1, Rescuable {
}
/**
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2023, Circle Internet Financial, LLC.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
pragma solidity 0.6.12;
import { ECRecover } from "./ECRecover.sol";
import { IERC1271 } from "../interface/IERC1271.sol";
/**
* @dev Signature verification helper that can be used instead of `ECRecover.recover` to seamlessly support both ECDSA
* signatures from externally owned accounts (EOAs) as well as ERC1271 signatures from smart contract wallets.
*
* Adapted from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/21bb89ef5bfc789b9333eb05e3ba2b7b284ac77c/contracts/utils/cryptography/SignatureChecker.sol
*/
library SignatureChecker {
/**
* @dev Checks if a signature is valid for a given signer and data hash. If the signer is a smart contract, the
* signature is validated against that smart contract using ERC1271, otherwise it's validated using `ECRecover.recover`.
* @param signer Address of the claimed signer
* @param digest Keccak-256 hash digest of the signed message
* @param signature Signature byte array associated with hash
*/
function isValidSignatureNow(
address signer,
bytes32 digest,
bytes memory signature
) external view returns (bool) {
if (!isContract(signer)) {
return ECRecover.recover(digest, signature) == signer;
}
return isValidERC1271SignatureNow(signer, digest, signature);
}
/**
* @dev Checks if a signature is valid for a given signer and data hash. The signature is validated
* against the signer smart contract using ERC1271.
* @param signer Address of the claimed signer
* @param digest Keccak-256 hash digest of the signed message
* @param signature Signature byte array associated with hash
*
* NOTE: Unlike ECDSA signatures, contract signatures are revocable, and the outcome of this function can thus
* change through time. It could return true at block N and false at block N+1 (or the opposite).
*/
function isValidERC1271SignatureNow(
address signer,
bytes32 digest,
bytes memory signature
) internal view returns (bool) {
(bool success, bytes memory result) = signer.staticcall(
abi.encodeWithSelector(
IERC1271.isValidSignature.selector,
digest,
signature
)
);
return (success &&
result.length >= 32 &&
abi.decode(result, (bytes32)) ==
bytes32(IERC1271.isValidSignature.selector));
}
/**
* @dev Checks if the input address is a smart contract.
*/
function isContract(address addr) internal view returns (bool) {
uint256 size;
assembly {
size := extcodesize(addr)
}
return size > 0;
}
}
/**
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2023, Circle Internet Financial, LLC.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
pragma solidity 0.6.12;
/**
* @dev Signature message hash utilities for producing digests to be consumed by {ECDSA} recovery or signing.
*
* The library provides methods for generating a hash of a message that conforms to the
* https://eips.ethereum.org/EIPS/eip-191[EIP 191] and https://eips.ethereum.org/EIPS/eip-712[EIP 712]
* specifications.
*/
library MessageHashUtils {
/**
* @dev Returns the keccak256 digest of an EIP-712 typed data (EIP-191 version `0x01`).
* Adapted from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/21bb89ef5bfc789b9333eb05e3ba2b7b284ac77c/contracts/utils/cryptography/MessageHashUtils.sol
*
* The digest is calculated from a `domainSeparator` and a `structHash`, by prefixing them with
* `\\x19\\x01` and hashing the result. It corresponds to the hash signed by the
* https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`] JSON-RPC method as part of EIP-712.
*
* @param domainSeparator Domain separator
* @param structHash Hashed EIP-712 data struct
* @return digest The keccak256 digest of an EIP-712 typed data
*/
function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash)
internal
pure
returns (bytes32 digest)
{
assembly {
let ptr := mload(0x40)
mstore(ptr, "\\x19\\x01")
mstore(add(ptr, 0x02), domainSeparator)
mstore(add(ptr, 0x22), structHash)
digest := keccak256(ptr, 0x42)
}
}
}
/**
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2023, Circle Internet Financial, LLC.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
pragma solidity 0.6.12;
/**
* @title EIP712
* @notice A library that provides EIP712 helper functions
*/
library EIP712 {
/**
* @notice Make EIP712 domain separator
* @param name Contract name
* @param version Contract version
* @param chainId Blockchain ID
* @return Domain separator
*/
function makeDomainSeparator(
string memory name,
string memory version,
uint256 chainId
) internal view returns (bytes32) {
return
keccak256(
abi.encode(
// keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)")
0x8b73c3c69bb8fe3d512ecc4cf759cc79239f7b179b0ffacaa9a75d522b39400f,
keccak256(bytes(name)),
keccak256(bytes(version)),
chainId,
address(this)
)
);
}
/**
* @notice Make EIP712 domain separator
* @param name Contract name
* @param version Contract version
* @return Domain separator
*/
function makeDomainSeparator(string memory name, string memory version)
internal
view
returns (bytes32)
{
uint256 chainId;
assembly {
chainId := chainid()
}
return makeDomainSeparator(name, version, chainId);
}
}
/**
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2023, Circle Internet Financial, LLC.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
pragma solidity 0.6.12;
/**
* @title ECRecover
* @notice A library that provides a safe ECDSA recovery function
*/
library ECRecover {
/**
* @notice Recover signer's address from a signed message
* @dev Adapted from: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/65e4ffde586ec89af3b7e9140bdc9235d1254853/contracts/cryptography/ECDSA.sol
* Modifications: Accept v, r, and s as separate arguments
* @param digest Keccak-256 hash digest of the signed message
* @param v v of the signature
* @param r r of the signature
* @param s s of the signature
* @return Signer address
*/
function recover(
bytes32 digest,
uint8 v,
bytes32 r,
bytes32 s
) internal pure returns (address) {
// EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature
// unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
// the valid range for s in (281): 0 < s < secp256k1n ÷ 2 + 1, and for v in (282): v ∈ {27, 28}. Most
// signatures from current libraries generate a unique signature with an s-value in the lower half order.
//
// If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value
// with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or
// vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept
// these malleable signatures as well.
if (
uint256(s) >
0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0
) {
revert("ECRecover: invalid signature 's' value");
}
if (v != 27 && v != 28) {
revert("ECRecover: invalid signature 'v' value");
}
// If the signature is valid (and not malleable), return the signer address
address signer = ecrecover(digest, v, r, s);
require(signer != address(0), "ECRecover: invalid signature");
return signer;
}
/**
* @notice Recover signer's address from a signed message
* @dev Adapted from: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/0053ee040a7ff1dbc39691c9e67a69f564930a88/contracts/utils/cryptography/ECDSA.sol
* @param digest Keccak-256 hash digest of the signed message
* @param signature Signature byte array associated with hash
* @return Signer address
*/
function recover(bytes32 digest, bytes memory signature)
internal
pure
returns (address)
{
require(signature.length == 65, "ECRecover: invalid signature length");
bytes32 r;
bytes32 s;
uint8 v;
// ecrecover takes the signature parameters, and the only way to get them
// currently is to use assembly.
/// @solidity memory-safe-assembly
assembly {
r := mload(add(signature, 0x20))
s := mload(add(signature, 0x40))
v := byte(0, mload(add(signature, 0x60)))
}
return recover(digest, v, r, s);
}
}
/**
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2023, Circle Internet Financial, LLC.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
pragma solidity 0.6.12;
/**
* @dev Interface of the ERC1271 standard signature validation method for
* contracts as defined in https://eips.ethereum.org/EIPS/eip-1271[ERC-1271].
*/
interface IERC1271 {
/**
* @dev Should return whether the signature provided is valid for the provided data
* @param hash Hash of the data to be signed
* @param signature Signature byte array associated with the provided data hash
* @return magicValue bytes4 magic value 0x1626ba7e when function passes
*/
function isValidSignature(bytes32 hash, bytes memory signature)
external
view
returns (bytes4 magicValue);
}