Transaction Hash:
Block:
22650770 at Jun-07-2025 05:58:35 AM +UTC
Transaction Fee:
0.000226333301759352 ETH
$0.60
Gas Used:
178,632 Gas / 1.267036711 Gwei
Emitted Events:
25 |
FiatTokenProxy.0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef( 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef, 0x000000000000000000000000fe3240995c771f10d2583e8fa95f92ee40e15150, 0x0000000000000000000000008533ac4f1664dc4dac5d3c5875152eafd3172485, 00000000000000000000000000000000000000000000000000000002540be400 )
|
26 |
TransparentUpgradeableProxy.0x1df3f2a973a00d6635911755c260704e95e8a5876997546798770f76396fda4d( 0x1df3f2a973a00d6635911755c260704e95e8a5876997546798770f76396fda4d, 0000000000000000000000000000000000000000000000000000000200001ab0, 0000000000000000000000000000000000000000000000000000000000000003, 0000000000000000000000001a8c4999d32f05b63a227517be0824aed47e4728, 000000000000000000000000fe3240995c771f10d2583e8fa95f92ee40e15150, 0000000000000000000000000000000000000000000000000000000000000000 )
|
Account State Difference:
Address | Before | After | State Difference | ||
---|---|---|---|---|---|
0x2a3DD3EB...10Dca2EDe | (Polygon (Matic): zkEVM Bridge) | ||||
0x8533ac4f...Fd3172485 |
0.066283104949609815 Eth
Nonce: 557
|
0.066056771647850463 Eth
Nonce: 558
| 0.000226333301759352 | ||
0x95222290...5CC4BAfe5
Miner
| (beaverbuild) | 15.25349963243998526 Eth | 15.25358894843998526 Eth | 0.000089316 | |
0xA0b86991...E3606eB48 |
Execution Trace
TransparentUpgradeableProxy.f5efcd79( )
PolygonZkEVMBridgeV2.claimMessage( smtProofLocalExitRoot=[nmgZQYCE5qeIeKyt/DxxKxgRr8FBjPA4yhNJdPMsOQ8=, rTIotnb3081ChKVEPxfxlis25JGzCkCyQFhJ5Ze6X7U=, tMEZUZV8b49kLEr2HNayRkD+xtx/xgfuggapnpJBDTA=, Id25o1aBXD+sECa23sXfMSSvuttIXJulo+M5igS3uoU=, AfPZWCOvqws0t9cKm04vKk25Vbtrjfg/d7PSMkTYdrM=, Vctu60AE1QcgjhTtUG4Vn5g8RrPu8/H8uHh3hd3QjFg=, iHwivYdQ00AWrDxmtf8QLazdc/awFOcQtR6AIq+aGWg=, TOpi/AFgVIes7qozjDRYnNJ5DzbpwGizekA1OYdSh1c=, mGfMX38Za5O64eJ+YyB0JEXSkPImOCdJi1T+xTn3Vq8=, TMjIm7mR9keQUd49g/XN08cF6TIidwSCVwTwHV9hCXc=, +dw+f+AW4FDv8mAzTxil1P45HYIJIxn1lk8uLrfBw6U=, pAhlVfWswoBZ1gvhOtn54f+lNDScYnrbXCHrv5ngIxI=, JYH9VXrKDeHnxtWIxQCZULCnqDi7L7EyapvN/2E7Wds=, wd+C2cS4dBPq4u8Ej5S001VM6nPZKw96+W4CccaR4rs=, XGet18bK8wIlat7ferEU2grP6HDUSaOkifeB1lnovsw=, 2nvOn06GGLa9L0EyznmM3Hpg5+FGCnKZ48Y0KleWJtI=, JzPlD1JuwvoZoisx6O1Q8jzR/flMkVTtOnYJovH/mB8=, 4dO1yAeygeRoPMbWMVz5W5rehkHe/LMjcvHBJuOY73o=, Wi3OCop/aLt0Vg+PcYN8LC67y/f/+0KuGJbxP3x0eaA=, tGootvVVQPiURPY94DeOPRIb4J4GzJ3tHCDmWHbTaqA=, xl6WRWRHhrYg4t0q1kjd/L9KflsaOk7P5/ZGZ6Pwt+I=, 9EGFiO01okWM/+s5uT0m8Y0qsTvc5q7ljnuZNZ7C39k=, WpwW3ADW7xi3kzpvjcZcy1VmcTh3b33qEBBw3IeW43c=, TfhPQK4MginQ1gaeXI85p8KZZ3oJ02f8ewXjvDgO5lI=, zccllfdMexBD0OH/urc0ZIyDjfsFJ9lxtgK8IWyWGe8=, Cr9ayXSh7Vf0BQqlEN2cdPUIJ3s515c7st/Mxe6wYY0=, uM10BG/zN/CnvyyOA+EPZCwYhnmNcYBqseiI2eXuh9A=, g4xWVcshxsuDMTtaYxF13/SWN3LM6RCBiLNKyHyBxB4=, Zi7k3S3XsrxweWGx5kbEBHZp3LZYTw2Ndw2vXX596y4=, OIqyDiVz0XGogQjnnYIOmPJsC4Sqiy9KpJaNu4GOoyI=, kyN8ULp17khfTCKt8vdBQAvfjWqcx99+yuV2IhZl1zU=, hEiBi7SuRWKEnpSeF6wW4L4WaI4Va1zxXgmMYnwAVqk=], smtProofRollupExitRoot=[AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=, rQ8AdOwOCTTwP9idPS2CAoE8f7jANr0E6uvjVE2eMVY=, sgLU4hx6gO03oNlVmvdJi1ScggG9pjEQYPkKL0PPYvE=, 6h7wd9qwDl3qZ92XtcHOjhri4lWJc9iXRljoZHm3UV8=, F7A5tIFvRT9ibT3ra1bV52ot8urve6Q952x65xmTQKc=, DrAev8ntJ1AM1N/JeSctHwkTzJ9mVA1+gAWBEQnhzy0=, iHwivYdQ00AWrDxmtf8QLazdc/awFOcQtR6AIq+aGWg=, /9cBV+SAY/wzyXoFD39kAjO/ZGzJjZUkxrkrzzq1b4M=, mGfMX38Za5O64eJ+YyB0JEXSkPImOCdJi1T+xTn3Vq8=, zvrU5QjAmLmn4dj+sZlV+wK6lnVYUHhxCWnTRA9QVOA=, +dw+f+AW4FDv8mAzTxil1P45HYIJIxn1lk8uLrfBw6U=, +LE6SeKC9gnDF6gz+42XbRFRfFcdEiGiZdJa93js+JI=, NJDGzutFCuzcguKCkwMdEMfXO/heV78EGpc2CqLF2Zw=, wd+C2cS4dBPq4u8Ej5S001VM6nPZKw96+W4CccaR4rs=, XGet18bK8wIlat7ferEU2grP6HDUSaOkifeB1lnovsw=, 2nvOn06GGLa9L0EyznmM3Hpg5+FGCnKZ48Y0KleWJtI=, JzPlD1JuwvoZoisx6O1Q8jzR/flMkVTtOnYJovH/mB8=, 4dO1yAeygeRoPMbWMVz5W5rehkHe/LMjcvHBJuOY73o=, Wi3OCop/aLt0Vg+PcYN8LC67y/f/+0KuGJbxP3x0eaA=, tGootvVVQPiURPY94DeOPRIb4J4GzJ3tHCDmWHbTaqA=, xl6WRWRHhrYg4t0q1kjd/L9KflsaOk7P5/ZGZ6Pwt+I=, 9EGFiO01okWM/+s5uT0m8Y0qsTvc5q7ljnuZNZ7C39k=, WpwW3ADW7xi3kzpvjcZcy1VmcTh3b33qEBBw3IeW43c=, TfhPQK4MginQ1gaeXI85p8KZZ3oJ02f8ewXjvDgO5lI=, zccllfdMexBD0OH/urc0ZIyDjfsFJ9lxtgK8IWyWGe8=, Cr9ayXSh7Vf0BQqlEN2cdPUIJ3s515c7st/Mxe6wYY0=, uM10BG/zN/CnvyyOA+EPZCwYhnmNcYBqseiI2eXuh9A=, g4xWVcshxsuDMTtaYxF13/SWN3LM6RCBiLNKyHyBxB4=, Zi7k3S3XsrxweWGx5kbEBHZp3LZYTw2Ndw2vXX596y4=, OIqyDiVz0XGogQjnnYIOmPJsC4Sqiy9KpJaNu4GOoyI=, kyN8ULp17khfTCKt8vdBQAvfjWqcx99+yuV2IhZl1zU=, hEiBi7SuRWKEnpSeF6wW4L4WaI4Va1zxXgmMYnwAVqk=], globalIndex=8589941424, mainnetExitRoot=FAB7AB2DEF52AD7ED543B288C575123836389232D7A385DC6269A0E93757CDB2, rollupExitRoot=3F8EA9A76CE765705AF972E21EE7119FBA0231D4B2C48AB1FDE53530900ADAA8, originNetwork=3, originAddress=0x1A8C4999D32F05B63A227517Be0824AeD47e4728, destinationNetwork=0, destinationAddress=0xfe3240995c771f10D2583e8fa95F92ee40E15150, amount=0, metadata=0x0000000000000000000000008533AC4F1664DC4DAC5D3C5875152EAFD317248500000000000000000000000000000000000000000000000000000002540BE400 )
TransparentUpgradeableProxy.257b3632( )
-
PolygonZkEVMGlobalExitRootV2.globalExitRootMap( FC51B099DE048640DB214EDABD8CF16AD0178A2FFEA61B02ECCEB130B2FDA811 ) => ( 44616350471591209503997008584659576001814235874828583795833316604912246894715 )
-
L1EscrowProxy.1806b5f2( )
L1Escrow.onMessageReceived( originAddress=0x1A8C4999D32F05B63A227517Be0824AeD47e4728, originNetwork=3, data=0x0000000000000000000000008533AC4F1664DC4DAC5D3C5875152EAFD317248500000000000000000000000000000000000000000000000000000002540BE400 )
FiatTokenProxy.a9059cbb( )
-
FiatTokenV2_2.transfer( to=0x8533ac4f1664dc4Dac5D3c5875152EaFd3172485, value=10000000000 ) => ( True )
-
claimMessage[PolygonZkEVMBridgeV2 (ln:2192)]
DestinationNetworkInvalid[PolygonZkEVMBridgeV2 (ln:2207)]
_verifyLeaf[PolygonZkEVMBridgeV2 (ln:2210)]
globalExitRootMap[PolygonZkEVMBridgeV2 (ln:2345)]
calculateGlobalExitRoot[PolygonZkEVMBridgeV2 (ln:2347)]
GlobalExitRootInvalid[PolygonZkEVMBridgeV2 (ln:2354)]
verifyMerkleProof[PolygonZkEVMBridgeV2 (ln:2364)]
InvalidSmtProof[PolygonZkEVMBridgeV2 (ln:2371)]
verifyMerkleProof[PolygonZkEVMBridgeV2 (ln:2381)]
calculateRoot[PolygonZkEVMBridgeV2 (ln:2382)]
InvalidSmtProof[PolygonZkEVMBridgeV2 (ln:2388)]
_setAndCheckClaimed[PolygonZkEVMBridgeV2 (ln:2392)]
_bitmapPositions[PolygonZkEVMBridgeV2 (ln:2442)]
AlreadyClaimed[PolygonZkEVMBridgeV2 (ln:2446)]
getLeafValue[PolygonZkEVMBridgeV2 (ln:2216)]
call[PolygonZkEVMBridgeV2 (ln:2232)]
encodeCall[PolygonZkEVMBridgeV2 (ln:2233)]
mint[PolygonZkEVMBridgeV2 (ln:2240)]
call[PolygonZkEVMBridgeV2 (ln:2243)]
encodeCall[PolygonZkEVMBridgeV2 (ln:2244)]
MessageFailed[PolygonZkEVMBridgeV2 (ln:2251)]
ClaimEvent[PolygonZkEVMBridgeV2 (ln:2253)]
File 1 of 8: TransparentUpgradeableProxy
File 2 of 8: FiatTokenProxy
File 3 of 8: PolygonZkEVMBridgeV2
File 4 of 8: TransparentUpgradeableProxy
File 5 of 8: PolygonZkEVMGlobalExitRootV2
File 6 of 8: L1EscrowProxy
File 7 of 8: L1Escrow
File 8 of 8: FiatTokenV2_2
// Sources flattened with hardhat v2.9.9 https://hardhat.org // File interfaces/IInterchainGasPaymaster.sol // SPDX-License-Identifier: MIT pragma solidity >=0.6.11; /** * @title IInterchainGasPaymaster * @notice Manages payments on a source chain to cover gas costs of relaying * messages to destination chains. */ interface IInterchainGasPaymaster { function payForGas( bytes32 _messageId, uint32 _destinationDomain, uint256 _gas, address _refundAddress ) external payable; } // File interfaces/IInterchainSecurityModule.sol pragma solidity >=0.6.11; interface IInterchainSecurityModule { /** * @notice Returns an enum that represents the type of security model * encoded by this ISM. * @dev Relayers infer how to fetch and format metadata. */ function moduleType() external view returns (uint8); /** * @notice Defines a security model responsible for verifying interchain * messages based on the provided metadata. * @param _metadata Off-chain metadata provided by a relayer, specific to * the security model encoded by the module (e.g. validator signatures) * @param _message Hyperlane encoded interchain message * @return True if the message was verified */ function verify(bytes calldata _metadata, bytes calldata _message) external returns (bool); } interface ISpecifiesInterchainSecurityModule { function interchainSecurityModule() external view returns (IInterchainSecurityModule); } // File interfaces/IMailbox.sol pragma solidity >=0.8.0; interface IMailbox { function localDomain() external view returns (uint32); function dispatch( uint32 _destinationDomain, bytes32 _recipientAddress, bytes calldata _messageBody ) external returns (bytes32); function process(bytes calldata _metadata, bytes calldata _message) external; function count() external view returns (uint32); function root() external view returns (bytes32); function latestCheckpoint() external view returns (bytes32, uint32); function recipientIsm(address _recipient) external view returns (IInterchainSecurityModule); } // File @openzeppelin/contracts-upgradeable/utils/[email protected] // OpenZeppelin Contracts (last updated v4.8.0) (utils/Address.sol) pragma solidity ^0.8.1; /** * @dev Collection of functions related to the address type */ library AddressUpgradeable { /** * @dev Returns true if `account` is a contract. * * [IMPORTANT] * ==== * It is unsafe to assume that an address for which this function returns * false is an externally-owned account (EOA) and not a contract. * * Among others, `isContract` will return false for the following * types of addresses: * * - an externally-owned account * - a contract in construction * - an address where a contract will be created * - an address where a contract lived, but was destroyed * ==== * * [IMPORTANT] * ==== * You shouldn't rely on `isContract` to protect against flash loan attacks! * * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract * constructor. * ==== */ function isContract(address account) internal view returns (bool) { // This method relies on extcodesize/address.code.length, which returns 0 // for contracts in construction, since the code is only stored at the end // of the constructor execution. return account.code.length > 0; } /** * @dev Replacement for Solidity's `transfer`: sends `amount` wei to * `recipient`, forwarding all available gas and reverting on errors. * * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost * of certain opcodes, possibly making contracts go over the 2300 gas limit * imposed by `transfer`, making them unable to receive funds via * `transfer`. {sendValue} removes this limitation. * * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more]. * * IMPORTANT: because control is transferred to `recipient`, care must be * taken to not create reentrancy vulnerabilities. Consider using * {ReentrancyGuard} or the * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern]. */ function sendValue(address payable recipient, uint256 amount) internal { require(address(this).balance >= amount, "Address: insufficient balance"); (bool success, ) = recipient.call{value: amount}(""); require(success, "Address: unable to send value, recipient may have reverted"); } /** * @dev Performs a Solidity function call using a low level `call`. A * plain `call` is an unsafe replacement for a function call: use this * function instead. * * If `target` reverts with a revert reason, it is bubbled up by this * function (like regular Solidity function calls). * * Returns the raw returned data. To convert to the expected return value, * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`]. * * Requirements: * * - `target` must be a contract. * - calling `target` with `data` must not revert. * * _Available since v3.1._ */ function functionCall(address target, bytes memory data) internal returns (bytes memory) { return functionCallWithValue(target, data, 0, "Address: low-level call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with * `errorMessage` as a fallback revert reason when `target` reverts. * * _Available since v3.1._ */ function functionCall( address target, bytes memory data, string memory errorMessage ) internal returns (bytes memory) { return functionCallWithValue(target, data, 0, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but also transferring `value` wei to `target`. * * Requirements: * * - the calling contract must have an ETH balance of at least `value`. * - the called Solidity function must be `payable`. * * _Available since v3.1._ */ function functionCallWithValue( address target, bytes memory data, uint256 value ) internal returns (bytes memory) { return functionCallWithValue(target, data, value, "Address: low-level call with value failed"); } /** * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but * with `errorMessage` as a fallback revert reason when `target` reverts. * * _Available since v3.1._ */ function functionCallWithValue( address target, bytes memory data, uint256 value, string memory errorMessage ) internal returns (bytes memory) { require(address(this).balance >= value, "Address: insufficient balance for call"); (bool success, bytes memory returndata) = target.call{value: value}(data); return verifyCallResultFromTarget(target, success, returndata, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but performing a static call. * * _Available since v3.3._ */ function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) { return functionStaticCall(target, data, "Address: low-level static call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`], * but performing a static call. * * _Available since v3.3._ */ function functionStaticCall( address target, bytes memory data, string memory errorMessage ) internal view returns (bytes memory) { (bool success, bytes memory returndata) = target.staticcall(data); return verifyCallResultFromTarget(target, success, returndata, errorMessage); } /** * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract. * * _Available since v4.8._ */ function verifyCallResultFromTarget( address target, bool success, bytes memory returndata, string memory errorMessage ) internal view returns (bytes memory) { if (success) { if (returndata.length == 0) { // only check isContract if the call was successful and the return data is empty // otherwise we already know that it was a contract require(isContract(target), "Address: call to non-contract"); } return returndata; } else { _revert(returndata, errorMessage); } } /** * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the * revert reason or using the provided one. * * _Available since v4.3._ */ function verifyCallResult( bool success, bytes memory returndata, string memory errorMessage ) internal pure returns (bytes memory) { if (success) { return returndata; } else { _revert(returndata, errorMessage); } } function _revert(bytes memory returndata, string memory errorMessage) private pure { // Look for revert reason and bubble it up if present if (returndata.length > 0) { // The easiest way to bubble the revert reason is using memory via assembly /// @solidity memory-safe-assembly assembly { let returndata_size := mload(returndata) revert(add(32, returndata), returndata_size) } } else { revert(errorMessage); } } } // File @openzeppelin/contracts-upgradeable/proxy/utils/[email protected] // OpenZeppelin Contracts (last updated v4.8.0) (proxy/utils/Initializable.sol) pragma solidity ^0.8.2; /** * @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed * behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an * external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer * function so it can only be called once. The {initializer} modifier provided by this contract will have this effect. * * The initialization functions use a version number. Once a version number is used, it is consumed and cannot be * reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in * case an upgrade adds a module that needs to be initialized. * * For example: * * [.hljs-theme-light.nopadding] * ``` * contract MyToken is ERC20Upgradeable { * function initialize() initializer public { * __ERC20_init("MyToken", "MTK"); * } * } * contract MyTokenV2 is MyToken, ERC20PermitUpgradeable { * function initializeV2() reinitializer(2) public { * __ERC20Permit_init("MyToken"); * } * } * ``` * * TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as * possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}. * * CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure * that all initializers are idempotent. This is not verified automatically as constructors are by Solidity. * * [CAUTION] * ==== * Avoid leaving a contract uninitialized. * * An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation * contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke * the {_disableInitializers} function in the constructor to automatically lock it when it is deployed: * * [.hljs-theme-light.nopadding] * ``` * /// @custom:oz-upgrades-unsafe-allow constructor * constructor() { * _disableInitializers(); * } * ``` * ==== */ abstract contract Initializable { /** * @dev Indicates that the contract has been initialized. * @custom:oz-retyped-from bool */ uint8 private _initialized; /** * @dev Indicates that the contract is in the process of being initialized. */ bool private _initializing; /** * @dev Triggered when the contract has been initialized or reinitialized. */ event Initialized(uint8 version); /** * @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope, * `onlyInitializing` functions can be used to initialize parent contracts. * * Similar to `reinitializer(1)`, except that functions marked with `initializer` can be nested in the context of a * constructor. * * Emits an {Initialized} event. */ modifier initializer() { bool isTopLevelCall = !_initializing; require( (isTopLevelCall && _initialized < 1) || (!AddressUpgradeable.isContract(address(this)) && _initialized == 1), "Initializable: contract is already initialized" ); _initialized = 1; if (isTopLevelCall) { _initializing = true; } _; if (isTopLevelCall) { _initializing = false; emit Initialized(1); } } /** * @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the * contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be * used to initialize parent contracts. * * A reinitializer may be used after the original initialization step. This is essential to configure modules that * are added through upgrades and that require initialization. * * When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer` * cannot be nested. If one is invoked in the context of another, execution will revert. * * Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in * a contract, executing them in the right order is up to the developer or operator. * * WARNING: setting the version to 255 will prevent any future reinitialization. * * Emits an {Initialized} event. */ modifier reinitializer(uint8 version) { require(!_initializing && _initialized < version, "Initializable: contract is already initialized"); _initialized = version; _initializing = true; _; _initializing = false; emit Initialized(version); } /** * @dev Modifier to protect an initialization function so that it can only be invoked by functions with the * {initializer} and {reinitializer} modifiers, directly or indirectly. */ modifier onlyInitializing() { require(_initializing, "Initializable: contract is not initializing"); _; } /** * @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call. * Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized * to any version. It is recommended to use this to lock implementation contracts that are designed to be called * through proxies. * * Emits an {Initialized} event the first time it is successfully executed. */ function _disableInitializers() internal virtual { require(!_initializing, "Initializable: contract is initializing"); if (_initialized < type(uint8).max) { _initialized = type(uint8).max; emit Initialized(type(uint8).max); } } /** * @dev Internal function that returns the initialized version. Returns `_initialized` */ function _getInitializedVersion() internal view returns (uint8) { return _initialized; } /** * @dev Internal function that returns the initialized version. Returns `_initializing` */ function _isInitializing() internal view returns (bool) { return _initializing; } } // File @openzeppelin/contracts-upgradeable/utils/[email protected] // OpenZeppelin Contracts v4.4.1 (utils/Context.sol) pragma solidity ^0.8.0; /** * @dev Provides information about the current execution context, including the * sender of the transaction and its data. While these are generally available * via msg.sender and msg.data, they should not be accessed in such a direct * manner, since when dealing with meta-transactions the account sending and * paying for execution may not be the actual sender (as far as an application * is concerned). * * This contract is only required for intermediate, library-like contracts. */ abstract contract ContextUpgradeable is Initializable { function __Context_init() internal onlyInitializing { } function __Context_init_unchained() internal onlyInitializing { } function _msgSender() internal view virtual returns (address) { return msg.sender; } function _msgData() internal view virtual returns (bytes calldata) { return msg.data; } /** * @dev This empty reserved space is put in place to allow future versions to add new * variables without shifting down storage in the inheritance chain. * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps */ uint256[50] private __gap; } // File @openzeppelin/contracts-upgradeable/access/[email protected] // OpenZeppelin Contracts (last updated v4.7.0) (access/Ownable.sol) pragma solidity ^0.8.0; /** * @dev Contract module which provides a basic access control mechanism, where * there is an account (an owner) that can be granted exclusive access to * specific functions. * * By default, the owner account will be the one that deploys the contract. This * can later be changed with {transferOwnership}. * * This module is used through inheritance. It will make available the modifier * `onlyOwner`, which can be applied to your functions to restrict their use to * the owner. */ abstract contract OwnableUpgradeable is Initializable, ContextUpgradeable { address private _owner; event OwnershipTransferred(address indexed previousOwner, address indexed newOwner); /** * @dev Initializes the contract setting the deployer as the initial owner. */ function __Ownable_init() internal onlyInitializing { __Ownable_init_unchained(); } function __Ownable_init_unchained() internal onlyInitializing { _transferOwnership(_msgSender()); } /** * @dev Throws if called by any account other than the owner. */ modifier onlyOwner() { _checkOwner(); _; } /** * @dev Returns the address of the current owner. */ function owner() public view virtual returns (address) { return _owner; } /** * @dev Throws if the sender is not the owner. */ function _checkOwner() internal view virtual { require(owner() == _msgSender(), "Ownable: caller is not the owner"); } /** * @dev Leaves the contract without owner. It will not be possible to call * `onlyOwner` functions anymore. Can only be called by the current owner. * * NOTE: Renouncing ownership will leave the contract without an owner, * thereby removing any functionality that is only available to the owner. */ function renounceOwnership() public virtual onlyOwner { _transferOwnership(address(0)); } /** * @dev Transfers ownership of the contract to a new account (`newOwner`). * Can only be called by the current owner. */ function transferOwnership(address newOwner) public virtual onlyOwner { require(newOwner != address(0), "Ownable: new owner is the zero address"); _transferOwnership(newOwner); } /** * @dev Transfers ownership of the contract to a new account (`newOwner`). * Internal function without access restriction. */ function _transferOwnership(address newOwner) internal virtual { address oldOwner = _owner; _owner = newOwner; emit OwnershipTransferred(oldOwner, newOwner); } /** * @dev This empty reserved space is put in place to allow future versions to add new * variables without shifting down storage in the inheritance chain. * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps */ uint256[49] private __gap; } // File @openzeppelin/contracts/utils/[email protected] // OpenZeppelin Contracts (last updated v4.8.0) (utils/Address.sol) pragma solidity ^0.8.1; /** * @dev Collection of functions related to the address type */ library Address { /** * @dev Returns true if `account` is a contract. * * [IMPORTANT] * ==== * It is unsafe to assume that an address for which this function returns * false is an externally-owned account (EOA) and not a contract. * * Among others, `isContract` will return false for the following * types of addresses: * * - an externally-owned account * - a contract in construction * - an address where a contract will be created * - an address where a contract lived, but was destroyed * ==== * * [IMPORTANT] * ==== * You shouldn't rely on `isContract` to protect against flash loan attacks! * * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract * constructor. * ==== */ function isContract(address account) internal view returns (bool) { // This method relies on extcodesize/address.code.length, which returns 0 // for contracts in construction, since the code is only stored at the end // of the constructor execution. return account.code.length > 0; } /** * @dev Replacement for Solidity's `transfer`: sends `amount` wei to * `recipient`, forwarding all available gas and reverting on errors. * * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost * of certain opcodes, possibly making contracts go over the 2300 gas limit * imposed by `transfer`, making them unable to receive funds via * `transfer`. {sendValue} removes this limitation. * * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more]. * * IMPORTANT: because control is transferred to `recipient`, care must be * taken to not create reentrancy vulnerabilities. Consider using * {ReentrancyGuard} or the * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern]. */ function sendValue(address payable recipient, uint256 amount) internal { require(address(this).balance >= amount, "Address: insufficient balance"); (bool success, ) = recipient.call{value: amount}(""); require(success, "Address: unable to send value, recipient may have reverted"); } /** * @dev Performs a Solidity function call using a low level `call`. A * plain `call` is an unsafe replacement for a function call: use this * function instead. * * If `target` reverts with a revert reason, it is bubbled up by this * function (like regular Solidity function calls). * * Returns the raw returned data. To convert to the expected return value, * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`]. * * Requirements: * * - `target` must be a contract. * - calling `target` with `data` must not revert. * * _Available since v3.1._ */ function functionCall(address target, bytes memory data) internal returns (bytes memory) { return functionCallWithValue(target, data, 0, "Address: low-level call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with * `errorMessage` as a fallback revert reason when `target` reverts. * * _Available since v3.1._ */ function functionCall( address target, bytes memory data, string memory errorMessage ) internal returns (bytes memory) { return functionCallWithValue(target, data, 0, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but also transferring `value` wei to `target`. * * Requirements: * * - the calling contract must have an ETH balance of at least `value`. * - the called Solidity function must be `payable`. * * _Available since v3.1._ */ function functionCallWithValue( address target, bytes memory data, uint256 value ) internal returns (bytes memory) { return functionCallWithValue(target, data, value, "Address: low-level call with value failed"); } /** * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but * with `errorMessage` as a fallback revert reason when `target` reverts. * * _Available since v3.1._ */ function functionCallWithValue( address target, bytes memory data, uint256 value, string memory errorMessage ) internal returns (bytes memory) { require(address(this).balance >= value, "Address: insufficient balance for call"); (bool success, bytes memory returndata) = target.call{value: value}(data); return verifyCallResultFromTarget(target, success, returndata, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but performing a static call. * * _Available since v3.3._ */ function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) { return functionStaticCall(target, data, "Address: low-level static call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`], * but performing a static call. * * _Available since v3.3._ */ function functionStaticCall( address target, bytes memory data, string memory errorMessage ) internal view returns (bytes memory) { (bool success, bytes memory returndata) = target.staticcall(data); return verifyCallResultFromTarget(target, success, returndata, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but performing a delegate call. * * _Available since v3.4._ */ function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) { return functionDelegateCall(target, data, "Address: low-level delegate call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`], * but performing a delegate call. * * _Available since v3.4._ */ function functionDelegateCall( address target, bytes memory data, string memory errorMessage ) internal returns (bytes memory) { (bool success, bytes memory returndata) = target.delegatecall(data); return verifyCallResultFromTarget(target, success, returndata, errorMessage); } /** * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract. * * _Available since v4.8._ */ function verifyCallResultFromTarget( address target, bool success, bytes memory returndata, string memory errorMessage ) internal view returns (bytes memory) { if (success) { if (returndata.length == 0) { // only check isContract if the call was successful and the return data is empty // otherwise we already know that it was a contract require(isContract(target), "Address: call to non-contract"); } return returndata; } else { _revert(returndata, errorMessage); } } /** * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the * revert reason or using the provided one. * * _Available since v4.3._ */ function verifyCallResult( bool success, bytes memory returndata, string memory errorMessage ) internal pure returns (bytes memory) { if (success) { return returndata; } else { _revert(returndata, errorMessage); } } function _revert(bytes memory returndata, string memory errorMessage) private pure { // Look for revert reason and bubble it up if present if (returndata.length > 0) { // The easiest way to bubble the revert reason is using memory via assembly /// @solidity memory-safe-assembly assembly { let returndata_size := mload(returndata) revert(add(32, returndata), returndata_size) } } else { revert(errorMessage); } } } // File contracts/HyperlaneConnectionClient.sol pragma solidity >=0.6.11; // ============ Internal Imports ============ // ============ External Imports ============ abstract contract HyperlaneConnectionClient is OwnableUpgradeable, ISpecifiesInterchainSecurityModule { // ============ Mutable Storage ============ IMailbox public mailbox; // Interchain Gas Paymaster contract. The relayer associated with this contract // must be willing to relay messages dispatched from the current Mailbox contract, // otherwise payments made to the paymaster will not result in relayed messages. IInterchainGasPaymaster public interchainGasPaymaster; IInterchainSecurityModule public interchainSecurityModule; uint256[48] private __GAP; // gap for upgrade safety // ============ Events ============ /** * @notice Emitted when a new mailbox is set. * @param mailbox The address of the mailbox contract */ event MailboxSet(address indexed mailbox); /** * @notice Emitted when a new Interchain Gas Paymaster is set. * @param interchainGasPaymaster The address of the Interchain Gas Paymaster. */ event InterchainGasPaymasterSet(address indexed interchainGasPaymaster); event InterchainSecurityModuleSet(address indexed module); // ============ Modifiers ============ /** * @notice Only accept messages from an Hyperlane Mailbox contract */ modifier onlyMailbox() { require(msg.sender == address(mailbox), "!mailbox"); _; } /** * @notice Only accept addresses that at least have contract code */ modifier onlyContract(address _contract) { require(Address.isContract(_contract), "!contract"); _; } // ======== Initializer ========= function __HyperlaneConnectionClient_initialize(address _mailbox) internal onlyInitializing { _setMailbox(_mailbox); __Ownable_init(); } function __HyperlaneConnectionClient_initialize( address _mailbox, address _interchainGasPaymaster ) internal onlyInitializing { _setInterchainGasPaymaster(_interchainGasPaymaster); __HyperlaneConnectionClient_initialize(_mailbox); } function __HyperlaneConnectionClient_initialize( address _mailbox, address _interchainGasPaymaster, address _interchainSecurityModule ) internal onlyInitializing { _setInterchainSecurityModule(_interchainSecurityModule); __HyperlaneConnectionClient_initialize( _mailbox, _interchainGasPaymaster ); } // ============ External functions ============ /** * @notice Sets the address of the application's Mailbox. * @param _mailbox The address of the Mailbox contract. */ function setMailbox(address _mailbox) external virtual onlyOwner { _setMailbox(_mailbox); } /** * @notice Sets the address of the application's InterchainGasPaymaster. * @param _interchainGasPaymaster The address of the InterchainGasPaymaster contract. */ function setInterchainGasPaymaster(address _interchainGasPaymaster) external virtual onlyOwner { _setInterchainGasPaymaster(_interchainGasPaymaster); } function setInterchainSecurityModule(address _module) external virtual onlyOwner { _setInterchainSecurityModule(_module); } // ============ Internal functions ============ /** * @notice Sets the address of the application's InterchainGasPaymaster. * @param _interchainGasPaymaster The address of the InterchainGasPaymaster contract. */ function _setInterchainGasPaymaster(address _interchainGasPaymaster) internal onlyContract(_interchainGasPaymaster) { interchainGasPaymaster = IInterchainGasPaymaster( _interchainGasPaymaster ); emit InterchainGasPaymasterSet(_interchainGasPaymaster); } /** * @notice Modify the contract the Application uses to validate Mailbox contracts * @param _mailbox The address of the mailbox contract */ function _setMailbox(address _mailbox) internal onlyContract(_mailbox) { mailbox = IMailbox(_mailbox); emit MailboxSet(_mailbox); } function _setInterchainSecurityModule(address _module) internal onlyContract(_module) { interchainSecurityModule = IInterchainSecurityModule(_module); emit InterchainSecurityModuleSet(_module); } } // File contracts/InterchainGasPaymaster.sol pragma solidity >=0.8.0; // ============ Internal Imports ============ // ============ External Imports ============ /** * @title InterchainGasPaymaster * @notice Manages payments on a source chain to cover gas costs of relaying * messages to destination chains. */ contract InterchainGasPaymaster is IInterchainGasPaymaster, OwnableUpgradeable { // ============ Events ============ /** * @notice Emitted when a payment is made for a message's gas costs. * @param messageId The ID of the message to pay for. * @param gasAmount The amount of destination gas paid for. * @param payment The amount of native tokens paid. */ event GasPayment( bytes32 indexed messageId, uint256 gasAmount, uint256 payment ); // ============ Constructor ============ // solhint-disable-next-line no-empty-blocks constructor() { initialize(); // allows contract to be used without proxying } // ============ External Functions ============ function initialize() public initializer { __Ownable_init(); } /** * @notice Deposits msg.value as a payment for the relaying of a message * to its destination chain. * @param _messageId The ID of the message to pay for. * @param _destinationDomain The domain of the message's destination chain. * @param _gasAmount The amount of destination gas to pay for. Currently unused. * @param _refundAddress The address to refund any overpayment to. Currently unused. */ function payForGas( bytes32 _messageId, uint32 _destinationDomain, uint256 _gasAmount, address _refundAddress ) external payable override { // Silence compiler warning. The NatSpec @param requires the parameter to be named. // While not used at the moment, future versions of the paymaster have behavior specific // to the destination domain and refund overpayments to the _refundAddress. _destinationDomain; _refundAddress; emit GasPayment(_messageId, _gasAmount, msg.value); } /** * @notice Transfers the entire native token balance to the owner of the contract. * @dev The owner must be able to receive native tokens. */ function claim() external { // Transfer the entire balance to owner. (bool success, ) = owner().call{value: address(this).balance}(""); require(success, "!transfer"); } } // File @openzeppelin/contracts/utils/[email protected] // OpenZeppelin Contracts v4.4.1 (utils/Context.sol) pragma solidity ^0.8.0; /** * @dev Provides information about the current execution context, including the * sender of the transaction and its data. While these are generally available * via msg.sender and msg.data, they should not be accessed in such a direct * manner, since when dealing with meta-transactions the account sending and * paying for execution may not be the actual sender (as far as an application * is concerned). * * This contract is only required for intermediate, library-like contracts. */ abstract contract Context { function _msgSender() internal view virtual returns (address) { return msg.sender; } function _msgData() internal view virtual returns (bytes calldata) { return msg.data; } } // File @openzeppelin/contracts/access/[email protected] // OpenZeppelin Contracts (last updated v4.7.0) (access/Ownable.sol) pragma solidity ^0.8.0; /** * @dev Contract module which provides a basic access control mechanism, where * there is an account (an owner) that can be granted exclusive access to * specific functions. * * By default, the owner account will be the one that deploys the contract. This * can later be changed with {transferOwnership}. * * This module is used through inheritance. It will make available the modifier * `onlyOwner`, which can be applied to your functions to restrict their use to * the owner. */ abstract contract Ownable is Context { address private _owner; event OwnershipTransferred(address indexed previousOwner, address indexed newOwner); /** * @dev Initializes the contract setting the deployer as the initial owner. */ constructor() { _transferOwnership(_msgSender()); } /** * @dev Throws if called by any account other than the owner. */ modifier onlyOwner() { _checkOwner(); _; } /** * @dev Returns the address of the current owner. */ function owner() public view virtual returns (address) { return _owner; } /** * @dev Throws if the sender is not the owner. */ function _checkOwner() internal view virtual { require(owner() == _msgSender(), "Ownable: caller is not the owner"); } /** * @dev Leaves the contract without owner. It will not be possible to call * `onlyOwner` functions anymore. Can only be called by the current owner. * * NOTE: Renouncing ownership will leave the contract without an owner, * thereby removing any functionality that is only available to the owner. */ function renounceOwnership() public virtual onlyOwner { _transferOwnership(address(0)); } /** * @dev Transfers ownership of the contract to a new account (`newOwner`). * Can only be called by the current owner. */ function transferOwnership(address newOwner) public virtual onlyOwner { require(newOwner != address(0), "Ownable: new owner is the zero address"); _transferOwnership(newOwner); } /** * @dev Transfers ownership of the contract to a new account (`newOwner`). * Internal function without access restriction. */ function _transferOwnership(address newOwner) internal virtual { address oldOwner = _owner; _owner = newOwner; emit OwnershipTransferred(oldOwner, newOwner); } } // File @openzeppelin/contracts/utils/math/[email protected] // OpenZeppelin Contracts (last updated v4.8.0) (utils/math/Math.sol) pragma solidity ^0.8.0; /** * @dev Standard math utilities missing in the Solidity language. */ library Math { enum Rounding { Down, // Toward negative infinity Up, // Toward infinity Zero // Toward zero } /** * @dev Returns the largest of two numbers. */ function max(uint256 a, uint256 b) internal pure returns (uint256) { return a > b ? a : b; } /** * @dev Returns the smallest of two numbers. */ function min(uint256 a, uint256 b) internal pure returns (uint256) { return a < b ? a : b; } /** * @dev Returns the average of two numbers. The result is rounded towards * zero. */ function average(uint256 a, uint256 b) internal pure returns (uint256) { // (a + b) / 2 can overflow. return (a & b) + (a ^ b) / 2; } /** * @dev Returns the ceiling of the division of two numbers. * * This differs from standard division with `/` in that it rounds up instead * of rounding down. */ function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) { // (a + b - 1) / b can overflow on addition, so we distribute. return a == 0 ? 0 : (a - 1) / b + 1; } /** * @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or denominator == 0 * @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv) * with further edits by Uniswap Labs also under MIT license. */ function mulDiv( uint256 x, uint256 y, uint256 denominator ) internal pure returns (uint256 result) { unchecked { // 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use // use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256 // variables such that product = prod1 * 2^256 + prod0. uint256 prod0; // Least significant 256 bits of the product uint256 prod1; // Most significant 256 bits of the product assembly { let mm := mulmod(x, y, not(0)) prod0 := mul(x, y) prod1 := sub(sub(mm, prod0), lt(mm, prod0)) } // Handle non-overflow cases, 256 by 256 division. if (prod1 == 0) { return prod0 / denominator; } // Make sure the result is less than 2^256. Also prevents denominator == 0. require(denominator > prod1); /////////////////////////////////////////////// // 512 by 256 division. /////////////////////////////////////////////// // Make division exact by subtracting the remainder from [prod1 prod0]. uint256 remainder; assembly { // Compute remainder using mulmod. remainder := mulmod(x, y, denominator) // Subtract 256 bit number from 512 bit number. prod1 := sub(prod1, gt(remainder, prod0)) prod0 := sub(prod0, remainder) } // Factor powers of two out of denominator and compute largest power of two divisor of denominator. Always >= 1. // See https://cs.stackexchange.com/q/138556/92363. // Does not overflow because the denominator cannot be zero at this stage in the function. uint256 twos = denominator & (~denominator + 1); assembly { // Divide denominator by twos. denominator := div(denominator, twos) // Divide [prod1 prod0] by twos. prod0 := div(prod0, twos) // Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one. twos := add(div(sub(0, twos), twos), 1) } // Shift in bits from prod1 into prod0. prod0 |= prod1 * twos; // Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such // that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for // four bits. That is, denominator * inv = 1 mod 2^4. uint256 inverse = (3 * denominator) ^ 2; // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also works // in modular arithmetic, doubling the correct bits in each step. inverse *= 2 - denominator * inverse; // inverse mod 2^8 inverse *= 2 - denominator * inverse; // inverse mod 2^16 inverse *= 2 - denominator * inverse; // inverse mod 2^32 inverse *= 2 - denominator * inverse; // inverse mod 2^64 inverse *= 2 - denominator * inverse; // inverse mod 2^128 inverse *= 2 - denominator * inverse; // inverse mod 2^256 // Because the division is now exact we can divide by multiplying with the modular inverse of denominator. // This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is // less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1 // is no longer required. result = prod0 * inverse; return result; } } /** * @notice Calculates x * y / denominator with full precision, following the selected rounding direction. */ function mulDiv( uint256 x, uint256 y, uint256 denominator, Rounding rounding ) internal pure returns (uint256) { uint256 result = mulDiv(x, y, denominator); if (rounding == Rounding.Up && mulmod(x, y, denominator) > 0) { result += 1; } return result; } /** * @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded down. * * Inspired by Henry S. Warren, Jr.'s "Hacker's Delight" (Chapter 11). */ function sqrt(uint256 a) internal pure returns (uint256) { if (a == 0) { return 0; } // For our first guess, we get the biggest power of 2 which is smaller than the square root of the target. // // We know that the "msb" (most significant bit) of our target number `a` is a power of 2 such that we have // `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`. // // This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)` // → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))` // → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)` // // Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit. uint256 result = 1 << (log2(a) >> 1); // At this point `result` is an estimation with one bit of precision. We know the true value is a uint128, // since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at // every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision // into the expected uint128 result. unchecked { result = (result + a / result) >> 1; result = (result + a / result) >> 1; result = (result + a / result) >> 1; result = (result + a / result) >> 1; result = (result + a / result) >> 1; result = (result + a / result) >> 1; result = (result + a / result) >> 1; return min(result, a / result); } } /** * @notice Calculates sqrt(a), following the selected rounding direction. */ function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) { unchecked { uint256 result = sqrt(a); return result + (rounding == Rounding.Up && result * result < a ? 1 : 0); } } /** * @dev Return the log in base 2, rounded down, of a positive value. * Returns 0 if given 0. */ function log2(uint256 value) internal pure returns (uint256) { uint256 result = 0; unchecked { if (value >> 128 > 0) { value >>= 128; result += 128; } if (value >> 64 > 0) { value >>= 64; result += 64; } if (value >> 32 > 0) { value >>= 32; result += 32; } if (value >> 16 > 0) { value >>= 16; result += 16; } if (value >> 8 > 0) { value >>= 8; result += 8; } if (value >> 4 > 0) { value >>= 4; result += 4; } if (value >> 2 > 0) { value >>= 2; result += 2; } if (value >> 1 > 0) { result += 1; } } return result; } /** * @dev Return the log in base 2, following the selected rounding direction, of a positive value. * Returns 0 if given 0. */ function log2(uint256 value, Rounding rounding) internal pure returns (uint256) { unchecked { uint256 result = log2(value); return result + (rounding == Rounding.Up && 1 << result < value ? 1 : 0); } } /** * @dev Return the log in base 10, rounded down, of a positive value. * Returns 0 if given 0. */ function log10(uint256 value) internal pure returns (uint256) { uint256 result = 0; unchecked { if (value >= 10**64) { value /= 10**64; result += 64; } if (value >= 10**32) { value /= 10**32; result += 32; } if (value >= 10**16) { value /= 10**16; result += 16; } if (value >= 10**8) { value /= 10**8; result += 8; } if (value >= 10**4) { value /= 10**4; result += 4; } if (value >= 10**2) { value /= 10**2; result += 2; } if (value >= 10**1) { result += 1; } } return result; } /** * @dev Return the log in base 10, following the selected rounding direction, of a positive value. * Returns 0 if given 0. */ function log10(uint256 value, Rounding rounding) internal pure returns (uint256) { unchecked { uint256 result = log10(value); return result + (rounding == Rounding.Up && 10**result < value ? 1 : 0); } } /** * @dev Return the log in base 256, rounded down, of a positive value. * Returns 0 if given 0. * * Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string. */ function log256(uint256 value) internal pure returns (uint256) { uint256 result = 0; unchecked { if (value >> 128 > 0) { value >>= 128; result += 16; } if (value >> 64 > 0) { value >>= 64; result += 8; } if (value >> 32 > 0) { value >>= 32; result += 4; } if (value >> 16 > 0) { value >>= 16; result += 2; } if (value >> 8 > 0) { result += 1; } } return result; } /** * @dev Return the log in base 10, following the selected rounding direction, of a positive value. * Returns 0 if given 0. */ function log256(uint256 value, Rounding rounding) internal pure returns (uint256) { unchecked { uint256 result = log256(value); return result + (rounding == Rounding.Up && 1 << (result * 8) < value ? 1 : 0); } } } // File @openzeppelin/contracts/utils/[email protected] // OpenZeppelin Contracts (last updated v4.8.0) (utils/Strings.sol) pragma solidity ^0.8.0; /** * @dev String operations. */ library Strings { bytes16 private constant _SYMBOLS = "0123456789abcdef"; uint8 private constant _ADDRESS_LENGTH = 20; /** * @dev Converts a `uint256` to its ASCII `string` decimal representation. */ function toString(uint256 value) internal pure returns (string memory) { unchecked { uint256 length = Math.log10(value) + 1; string memory buffer = new string(length); uint256 ptr; /// @solidity memory-safe-assembly assembly { ptr := add(buffer, add(32, length)) } while (true) { ptr--; /// @solidity memory-safe-assembly assembly { mstore8(ptr, byte(mod(value, 10), _SYMBOLS)) } value /= 10; if (value == 0) break; } return buffer; } } /** * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation. */ function toHexString(uint256 value) internal pure returns (string memory) { unchecked { return toHexString(value, Math.log256(value) + 1); } } /** * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length. */ function toHexString(uint256 value, uint256 length) internal pure returns (string memory) { bytes memory buffer = new bytes(2 * length + 2); buffer[0] = "0"; buffer[1] = "x"; for (uint256 i = 2 * length + 1; i > 1; --i) { buffer[i] = _SYMBOLS[value & 0xf]; value >>= 4; } require(value == 0, "Strings: hex length insufficient"); return string(buffer); } /** * @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation. */ function toHexString(address addr) internal pure returns (string memory) { return toHexString(uint256(uint160(addr)), _ADDRESS_LENGTH); } } // File @openzeppelin/contracts/utils/cryptography/[email protected] // OpenZeppelin Contracts (last updated v4.8.0) (utils/cryptography/ECDSA.sol) pragma solidity ^0.8.0; /** * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations. * * These functions can be used to verify that a message was signed by the holder * of the private keys of a given address. */ library ECDSA { enum RecoverError { NoError, InvalidSignature, InvalidSignatureLength, InvalidSignatureS, InvalidSignatureV // Deprecated in v4.8 } function _throwError(RecoverError error) private pure { if (error == RecoverError.NoError) { return; // no error: do nothing } else if (error == RecoverError.InvalidSignature) { revert("ECDSA: invalid signature"); } else if (error == RecoverError.InvalidSignatureLength) { revert("ECDSA: invalid signature length"); } else if (error == RecoverError.InvalidSignatureS) { revert("ECDSA: invalid signature 's' value"); } } /** * @dev Returns the address that signed a hashed message (`hash`) with * `signature` or error string. This address can then be used for verification purposes. * * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures: * this function rejects them by requiring the `s` value to be in the lower * half order, and the `v` value to be either 27 or 28. * * IMPORTANT: `hash` _must_ be the result of a hash operation for the * verification to be secure: it is possible to craft signatures that * recover to arbitrary addresses for non-hashed data. A safe way to ensure * this is by receiving a hash of the original message (which may otherwise * be too long), and then calling {toEthSignedMessageHash} on it. * * Documentation for signature generation: * - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js] * - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers] * * _Available since v4.3._ */ function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError) { if (signature.length == 65) { bytes32 r; bytes32 s; uint8 v; // ecrecover takes the signature parameters, and the only way to get them // currently is to use assembly. /// @solidity memory-safe-assembly assembly { r := mload(add(signature, 0x20)) s := mload(add(signature, 0x40)) v := byte(0, mload(add(signature, 0x60))) } return tryRecover(hash, v, r, s); } else { return (address(0), RecoverError.InvalidSignatureLength); } } /** * @dev Returns the address that signed a hashed message (`hash`) with * `signature`. This address can then be used for verification purposes. * * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures: * this function rejects them by requiring the `s` value to be in the lower * half order, and the `v` value to be either 27 or 28. * * IMPORTANT: `hash` _must_ be the result of a hash operation for the * verification to be secure: it is possible to craft signatures that * recover to arbitrary addresses for non-hashed data. A safe way to ensure * this is by receiving a hash of the original message (which may otherwise * be too long), and then calling {toEthSignedMessageHash} on it. */ function recover(bytes32 hash, bytes memory signature) internal pure returns (address) { (address recovered, RecoverError error) = tryRecover(hash, signature); _throwError(error); return recovered; } /** * @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately. * * See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures] * * _Available since v4.3._ */ function tryRecover( bytes32 hash, bytes32 r, bytes32 vs ) internal pure returns (address, RecoverError) { bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff); uint8 v = uint8((uint256(vs) >> 255) + 27); return tryRecover(hash, v, r, s); } /** * @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately. * * _Available since v4.2._ */ function recover( bytes32 hash, bytes32 r, bytes32 vs ) internal pure returns (address) { (address recovered, RecoverError error) = tryRecover(hash, r, vs); _throwError(error); return recovered; } /** * @dev Overload of {ECDSA-tryRecover} that receives the `v`, * `r` and `s` signature fields separately. * * _Available since v4.3._ */ function tryRecover( bytes32 hash, uint8 v, bytes32 r, bytes32 s ) internal pure returns (address, RecoverError) { // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines // the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most // signatures from current libraries generate a unique signature with an s-value in the lower half order. // // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept // these malleable signatures as well. if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) { return (address(0), RecoverError.InvalidSignatureS); } // If the signature is valid (and not malleable), return the signer address address signer = ecrecover(hash, v, r, s); if (signer == address(0)) { return (address(0), RecoverError.InvalidSignature); } return (signer, RecoverError.NoError); } /** * @dev Overload of {ECDSA-recover} that receives the `v`, * `r` and `s` signature fields separately. */ function recover( bytes32 hash, uint8 v, bytes32 r, bytes32 s ) internal pure returns (address) { (address recovered, RecoverError error) = tryRecover(hash, v, r, s); _throwError(error); return recovered; } /** * @dev Returns an Ethereum Signed Message, created from a `hash`. This * produces hash corresponding to the one signed with the * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`] * JSON-RPC method as part of EIP-191. * * See {recover}. */ function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32) { // 32 is the length in bytes of hash, // enforced by the type signature above return keccak256(abi.encodePacked("\x19Ethereum Signed Message:\n32", hash)); } /** * @dev Returns an Ethereum Signed Message, created from `s`. This * produces hash corresponding to the one signed with the * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`] * JSON-RPC method as part of EIP-191. * * See {recover}. */ function toEthSignedMessageHash(bytes memory s) internal pure returns (bytes32) { return keccak256(abi.encodePacked("\x19Ethereum Signed Message:\n", Strings.toString(s.length), s)); } /** * @dev Returns an Ethereum Signed Typed Data, created from a * `domainSeparator` and a `structHash`. This produces hash corresponding * to the one signed with the * https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`] * JSON-RPC method as part of EIP-712. * * See {recover}. */ function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32) { return keccak256(abi.encodePacked("\x19\x01", domainSeparator, structHash)); } } // File @openzeppelin/contracts/utils/structs/[email protected] // OpenZeppelin Contracts (last updated v4.8.0) (utils/structs/EnumerableSet.sol) // This file was procedurally generated from scripts/generate/templates/EnumerableSet.js. pragma solidity ^0.8.0; /** * @dev Library for managing * https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive * types. * * Sets have the following properties: * * - Elements are added, removed, and checked for existence in constant time * (O(1)). * - Elements are enumerated in O(n). No guarantees are made on the ordering. * * ``` * contract Example { * // Add the library methods * using EnumerableSet for EnumerableSet.AddressSet; * * // Declare a set state variable * EnumerableSet.AddressSet private mySet; * } * ``` * * As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`) * and `uint256` (`UintSet`) are supported. * * [WARNING] * ==== * Trying to delete such a structure from storage will likely result in data corruption, rendering the structure * unusable. * See https://github.com/ethereum/solidity/pull/11843[ethereum/solidity#11843] for more info. * * In order to clean an EnumerableSet, you can either remove all elements one by one or create a fresh instance using an * array of EnumerableSet. * ==== */ library EnumerableSet { // To implement this library for multiple types with as little code // repetition as possible, we write it in terms of a generic Set type with // bytes32 values. // The Set implementation uses private functions, and user-facing // implementations (such as AddressSet) are just wrappers around the // underlying Set. // This means that we can only create new EnumerableSets for types that fit // in bytes32. struct Set { // Storage of set values bytes32[] _values; // Position of the value in the `values` array, plus 1 because index 0 // means a value is not in the set. mapping(bytes32 => uint256) _indexes; } /** * @dev Add a value to a set. O(1). * * Returns true if the value was added to the set, that is if it was not * already present. */ function _add(Set storage set, bytes32 value) private returns (bool) { if (!_contains(set, value)) { set._values.push(value); // The value is stored at length-1, but we add 1 to all indexes // and use 0 as a sentinel value set._indexes[value] = set._values.length; return true; } else { return false; } } /** * @dev Removes a value from a set. O(1). * * Returns true if the value was removed from the set, that is if it was * present. */ function _remove(Set storage set, bytes32 value) private returns (bool) { // We read and store the value's index to prevent multiple reads from the same storage slot uint256 valueIndex = set._indexes[value]; if (valueIndex != 0) { // Equivalent to contains(set, value) // To delete an element from the _values array in O(1), we swap the element to delete with the last one in // the array, and then remove the last element (sometimes called as 'swap and pop'). // This modifies the order of the array, as noted in {at}. uint256 toDeleteIndex = valueIndex - 1; uint256 lastIndex = set._values.length - 1; if (lastIndex != toDeleteIndex) { bytes32 lastValue = set._values[lastIndex]; // Move the last value to the index where the value to delete is set._values[toDeleteIndex] = lastValue; // Update the index for the moved value set._indexes[lastValue] = valueIndex; // Replace lastValue's index to valueIndex } // Delete the slot where the moved value was stored set._values.pop(); // Delete the index for the deleted slot delete set._indexes[value]; return true; } else { return false; } } /** * @dev Returns true if the value is in the set. O(1). */ function _contains(Set storage set, bytes32 value) private view returns (bool) { return set._indexes[value] != 0; } /** * @dev Returns the number of values on the set. O(1). */ function _length(Set storage set) private view returns (uint256) { return set._values.length; } /** * @dev Returns the value stored at position `index` in the set. O(1). * * Note that there are no guarantees on the ordering of values inside the * array, and it may change when more values are added or removed. * * Requirements: * * - `index` must be strictly less than {length}. */ function _at(Set storage set, uint256 index) private view returns (bytes32) { return set._values[index]; } /** * @dev Return the entire set in an array * * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that * this function has an unbounded cost, and using it as part of a state-changing function may render the function * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block. */ function _values(Set storage set) private view returns (bytes32[] memory) { return set._values; } // Bytes32Set struct Bytes32Set { Set _inner; } /** * @dev Add a value to a set. O(1). * * Returns true if the value was added to the set, that is if it was not * already present. */ function add(Bytes32Set storage set, bytes32 value) internal returns (bool) { return _add(set._inner, value); } /** * @dev Removes a value from a set. O(1). * * Returns true if the value was removed from the set, that is if it was * present. */ function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) { return _remove(set._inner, value); } /** * @dev Returns true if the value is in the set. O(1). */ function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) { return _contains(set._inner, value); } /** * @dev Returns the number of values in the set. O(1). */ function length(Bytes32Set storage set) internal view returns (uint256) { return _length(set._inner); } /** * @dev Returns the value stored at position `index` in the set. O(1). * * Note that there are no guarantees on the ordering of values inside the * array, and it may change when more values are added or removed. * * Requirements: * * - `index` must be strictly less than {length}. */ function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) { return _at(set._inner, index); } /** * @dev Return the entire set in an array * * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that * this function has an unbounded cost, and using it as part of a state-changing function may render the function * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block. */ function values(Bytes32Set storage set) internal view returns (bytes32[] memory) { bytes32[] memory store = _values(set._inner); bytes32[] memory result; /// @solidity memory-safe-assembly assembly { result := store } return result; } // AddressSet struct AddressSet { Set _inner; } /** * @dev Add a value to a set. O(1). * * Returns true if the value was added to the set, that is if it was not * already present. */ function add(AddressSet storage set, address value) internal returns (bool) { return _add(set._inner, bytes32(uint256(uint160(value)))); } /** * @dev Removes a value from a set. O(1). * * Returns true if the value was removed from the set, that is if it was * present. */ function remove(AddressSet storage set, address value) internal returns (bool) { return _remove(set._inner, bytes32(uint256(uint160(value)))); } /** * @dev Returns true if the value is in the set. O(1). */ function contains(AddressSet storage set, address value) internal view returns (bool) { return _contains(set._inner, bytes32(uint256(uint160(value)))); } /** * @dev Returns the number of values in the set. O(1). */ function length(AddressSet storage set) internal view returns (uint256) { return _length(set._inner); } /** * @dev Returns the value stored at position `index` in the set. O(1). * * Note that there are no guarantees on the ordering of values inside the * array, and it may change when more values are added or removed. * * Requirements: * * - `index` must be strictly less than {length}. */ function at(AddressSet storage set, uint256 index) internal view returns (address) { return address(uint160(uint256(_at(set._inner, index)))); } /** * @dev Return the entire set in an array * * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that * this function has an unbounded cost, and using it as part of a state-changing function may render the function * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block. */ function values(AddressSet storage set) internal view returns (address[] memory) { bytes32[] memory store = _values(set._inner); address[] memory result; /// @solidity memory-safe-assembly assembly { result := store } return result; } // UintSet struct UintSet { Set _inner; } /** * @dev Add a value to a set. O(1). * * Returns true if the value was added to the set, that is if it was not * already present. */ function add(UintSet storage set, uint256 value) internal returns (bool) { return _add(set._inner, bytes32(value)); } /** * @dev Removes a value from a set. O(1). * * Returns true if the value was removed from the set, that is if it was * present. */ function remove(UintSet storage set, uint256 value) internal returns (bool) { return _remove(set._inner, bytes32(value)); } /** * @dev Returns true if the value is in the set. O(1). */ function contains(UintSet storage set, uint256 value) internal view returns (bool) { return _contains(set._inner, bytes32(value)); } /** * @dev Returns the number of values in the set. O(1). */ function length(UintSet storage set) internal view returns (uint256) { return _length(set._inner); } /** * @dev Returns the value stored at position `index` in the set. O(1). * * Note that there are no guarantees on the ordering of values inside the * array, and it may change when more values are added or removed. * * Requirements: * * - `index` must be strictly less than {length}. */ function at(UintSet storage set, uint256 index) internal view returns (uint256) { return uint256(_at(set._inner, index)); } /** * @dev Return the entire set in an array * * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that * this function has an unbounded cost, and using it as part of a state-changing function may render the function * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block. */ function values(UintSet storage set) internal view returns (uint256[] memory) { bytes32[] memory store = _values(set._inner); uint256[] memory result; /// @solidity memory-safe-assembly assembly { result := store } return result; } } // File interfaces/IMultisigIsm.sol pragma solidity >=0.6.0; interface IMultisigIsm is IInterchainSecurityModule { /** * @notice Returns the set of validators responsible for verifying _message * and the number of signatures required * @dev Can change based on the content of _message * @param _message Hyperlane formatted interchain message * @return validators The array of validator addresses * @return threshold The number of validator signatures needed */ function validatorsAndThreshold(bytes calldata _message) external view returns (address[] memory validators, uint8 threshold); } // File contracts/libs/TypeCasts.sol pragma solidity >=0.6.11; library TypeCasts { // treat it as a null-terminated string of max 32 bytes function coerceString(bytes32 _buf) internal pure returns (string memory _newStr) { uint8 _slen = 0; while (_slen < 32 && _buf[_slen] != 0) { _slen++; } // solhint-disable-next-line no-inline-assembly assembly { _newStr := mload(0x40) mstore(0x40, add(_newStr, 0x40)) // may end up with extra mstore(_newStr, _slen) mstore(add(_newStr, 0x20), _buf) } } // alignment preserving cast function addressToBytes32(address _addr) internal pure returns (bytes32) { return bytes32(uint256(uint160(_addr))); } // alignment preserving cast function bytes32ToAddress(bytes32 _buf) internal pure returns (address) { return address(uint160(uint256(_buf))); } } // File contracts/libs/Message.sol pragma solidity >=0.8.0; /** * @title Hyperlane Message Library * @notice Library for formatted messages used by Mailbox **/ library Message { using TypeCasts for bytes32; uint256 private constant VERSION_OFFSET = 0; uint256 private constant NONCE_OFFSET = 1; uint256 private constant ORIGIN_OFFSET = 5; uint256 private constant SENDER_OFFSET = 9; uint256 private constant DESTINATION_OFFSET = 41; uint256 private constant RECIPIENT_OFFSET = 45; uint256 private constant BODY_OFFSET = 77; /** * @notice Returns formatted (packed) Hyperlane message with provided fields * @dev This function should only be used in memory message construction. * @param _version The version of the origin and destination Mailboxes * @param _nonce A nonce to uniquely identify the message on its origin chain * @param _originDomain Domain of origin chain * @param _sender Address of sender as bytes32 * @param _destinationDomain Domain of destination chain * @param _recipient Address of recipient on destination chain as bytes32 * @param _messageBody Raw bytes of message body * @return Formatted message */ function formatMessage( uint8 _version, uint32 _nonce, uint32 _originDomain, bytes32 _sender, uint32 _destinationDomain, bytes32 _recipient, bytes calldata _messageBody ) internal pure returns (bytes memory) { return abi.encodePacked( _version, _nonce, _originDomain, _sender, _destinationDomain, _recipient, _messageBody ); } /** * @notice Returns the message ID. * @param _message ABI encoded Hyperlane message. * @return ID of `_message` */ function id(bytes memory _message) internal pure returns (bytes32) { return keccak256(_message); } /** * @notice Returns the message version. * @param _message ABI encoded Hyperlane message. * @return Version of `_message` */ function version(bytes calldata _message) internal pure returns (uint8) { return uint8(bytes1(_message[VERSION_OFFSET:NONCE_OFFSET])); } /** * @notice Returns the message nonce. * @param _message ABI encoded Hyperlane message. * @return Nonce of `_message` */ function nonce(bytes calldata _message) internal pure returns (uint32) { return uint32(bytes4(_message[NONCE_OFFSET:ORIGIN_OFFSET])); } /** * @notice Returns the message origin domain. * @param _message ABI encoded Hyperlane message. * @return Origin domain of `_message` */ function origin(bytes calldata _message) internal pure returns (uint32) { return uint32(bytes4(_message[ORIGIN_OFFSET:SENDER_OFFSET])); } /** * @notice Returns the message sender as bytes32. * @param _message ABI encoded Hyperlane message. * @return Sender of `_message` as bytes32 */ function sender(bytes calldata _message) internal pure returns (bytes32) { return bytes32(_message[SENDER_OFFSET:DESTINATION_OFFSET]); } /** * @notice Returns the message sender as address. * @param _message ABI encoded Hyperlane message. * @return Sender of `_message` as address */ function senderAddress(bytes calldata _message) internal pure returns (address) { return sender(_message).bytes32ToAddress(); } /** * @notice Returns the message destination domain. * @param _message ABI encoded Hyperlane message. * @return Destination domain of `_message` */ function destination(bytes calldata _message) internal pure returns (uint32) { return uint32(bytes4(_message[DESTINATION_OFFSET:RECIPIENT_OFFSET])); } /** * @notice Returns the message recipient as bytes32. * @param _message ABI encoded Hyperlane message. * @return Recipient of `_message` as bytes32 */ function recipient(bytes calldata _message) internal pure returns (bytes32) { return bytes32(_message[RECIPIENT_OFFSET:BODY_OFFSET]); } /** * @notice Returns the message recipient as address. * @param _message ABI encoded Hyperlane message. * @return Recipient of `_message` as address */ function recipientAddress(bytes calldata _message) internal pure returns (address) { return recipient(_message).bytes32ToAddress(); } /** * @notice Returns the message body. * @param _message ABI encoded Hyperlane message. * @return Body of `_message` */ function body(bytes calldata _message) internal pure returns (bytes calldata) { return bytes(_message[BODY_OFFSET:]); } } // File contracts/libs/MultisigIsmMetadata.sol pragma solidity >=0.8.0; /** * Format of metadata: * [ 0: 32] Merkle root * [ 32: 36] Root index * [ 36: 68] Origin mailbox address * [ 68:1092] Merkle proof * [1092:1093] Threshold * [1093:????] Validator signatures, 65 bytes each, length == Threshold * [????:????] Addresses of the entire validator set, left padded to bytes32 */ library MultisigIsmMetadata { uint256 private constant MERKLE_ROOT_OFFSET = 0; uint256 private constant MERKLE_INDEX_OFFSET = 32; uint256 private constant ORIGIN_MAILBOX_OFFSET = 36; uint256 private constant MERKLE_PROOF_OFFSET = 68; uint256 private constant THRESHOLD_OFFSET = 1092; uint256 private constant SIGNATURES_OFFSET = 1093; uint256 private constant SIGNATURE_LENGTH = 65; /** * @notice Returns the merkle root of the signed checkpoint. * @param _metadata ABI encoded Multisig ISM metadata. * @return Merkle root of the signed checkpoint */ function root(bytes calldata _metadata) internal pure returns (bytes32) { return bytes32(_metadata[MERKLE_ROOT_OFFSET:MERKLE_INDEX_OFFSET]); } /** * @notice Returns the index of the signed checkpoint. * @param _metadata ABI encoded Multisig ISM metadata. * @return Index of the signed checkpoint */ function index(bytes calldata _metadata) internal pure returns (uint32) { return uint32( bytes4(_metadata[MERKLE_INDEX_OFFSET:ORIGIN_MAILBOX_OFFSET]) ); } /** * @notice Returns the origin mailbox of the signed checkpoint as bytes32. * @param _metadata ABI encoded Multisig ISM metadata. * @return Origin mailbox of the signed checkpoint as bytes32 */ function originMailbox(bytes calldata _metadata) internal pure returns (bytes32) { return bytes32(_metadata[ORIGIN_MAILBOX_OFFSET:MERKLE_PROOF_OFFSET]); } /** * @notice Returns the merkle proof branch of the message. * @dev This appears to be more gas efficient than returning a calldata * slice and using that. * @param _metadata ABI encoded Multisig ISM metadata. * @return Merkle proof branch of the message. */ function proof(bytes calldata _metadata) internal pure returns (bytes32[32] memory) { return abi.decode( _metadata[MERKLE_PROOF_OFFSET:THRESHOLD_OFFSET], (bytes32[32]) ); } /** * @notice Returns the number of required signatures. Verified against * the commitment stored in the module. * @param _metadata ABI encoded Multisig ISM metadata. * @return The number of required signatures. */ function threshold(bytes calldata _metadata) internal pure returns (uint8) { return uint8(bytes1(_metadata[THRESHOLD_OFFSET:SIGNATURES_OFFSET])); } /** * @notice Returns the validator ECDSA signature at `_index`. * @dev Assumes signatures are sorted by validator * @dev Assumes `_metadata` encodes `threshold` signatures. * @dev Assumes `_index` is less than `threshold` * @param _metadata ABI encoded Multisig ISM metadata. * @param _index The index of the signature to return. * @return The validator ECDSA signature at `_index`. */ function signatureAt(bytes calldata _metadata, uint256 _index) internal pure returns (bytes calldata) { uint256 _start = SIGNATURES_OFFSET + (_index * SIGNATURE_LENGTH); uint256 _end = _start + SIGNATURE_LENGTH; return _metadata[_start:_end]; } /** * @notice Returns the validator address at `_index`. * @dev Assumes `_index` is less than the number of validators * @param _metadata ABI encoded Multisig ISM metadata. * @param _index The index of the validator to return. * @return The validator address at `_index`. */ function validatorAt(bytes calldata _metadata, uint256 _index) internal pure returns (address) { // Validator addresses are left padded to bytes32 in order to match // abi.encodePacked(address[]). uint256 _start = _validatorsOffset(_metadata) + (_index * 32) + 12; uint256 _end = _start + 20; return address(bytes20(_metadata[_start:_end])); } /** * @notice Returns the validator set encoded as bytes. Verified against the * commitment stored in the module. * @dev Validator addresses are encoded as tightly packed array of bytes32, * sorted to match the enumerable set stored by the module. * @param _metadata ABI encoded Multisig ISM metadata. * @return The validator set encoded as bytes. */ function validators(bytes calldata _metadata) internal pure returns (bytes calldata) { return _metadata[_validatorsOffset(_metadata):]; } /** * @notice Returns the size of the validator set encoded in the metadata * @dev Validator addresses are encoded as tightly packed array of bytes32, * sorted to match the enumerable set stored by the module. * @param _metadata ABI encoded Multisig ISM metadata. * @return The size of the validator set encoded in the metadata */ function commitment(bytes calldata _metadata) internal pure returns (uint256) { return (_metadata.length - _validatorsOffset(_metadata)) / 32; } /** * @notice Returns the size of the validator set encoded in the metadata * @dev Validator addresses are encoded as tightly packed array of bytes32, * sorted to match the enumerable set stored by the module. * @param _metadata ABI encoded Multisig ISM metadata. * @return The size of the validator set encoded in the metadata */ function validatorCount(bytes calldata _metadata) internal pure returns (uint256) { return (_metadata.length - _validatorsOffset(_metadata)) / 32; } /** * @notice Returns the offset in bytes of the list of validators within * `_metadata`. * @param _metadata ABI encoded Multisig ISM metadata. * @return The index at which the list of validators starts */ function _validatorsOffset(bytes calldata _metadata) private pure returns (uint256) { return SIGNATURES_OFFSET + (uint256(threshold(_metadata)) * SIGNATURE_LENGTH); } } // File contracts/libs/Merkle.sol pragma solidity >=0.6.11; // work based on eth2 deposit contract, which is used under CC0-1.0 /** * @title MerkleLib * @author Celo Labs Inc. * @notice An incremental merkle tree modeled on the eth2 deposit contract. **/ library MerkleLib { uint256 internal constant TREE_DEPTH = 32; uint256 internal constant MAX_LEAVES = 2**TREE_DEPTH - 1; /** * @notice Struct representing incremental merkle tree. Contains current * branch and the number of inserted leaves in the tree. **/ struct Tree { bytes32[TREE_DEPTH] branch; uint256 count; } /** * @notice Inserts `_node` into merkle tree * @dev Reverts if tree is full * @param _node Element to insert into tree **/ function insert(Tree storage _tree, bytes32 _node) internal { require(_tree.count < MAX_LEAVES, "merkle tree full"); _tree.count += 1; uint256 size = _tree.count; for (uint256 i = 0; i < TREE_DEPTH; i++) { if ((size & 1) == 1) { _tree.branch[i] = _node; return; } _node = keccak256(abi.encodePacked(_tree.branch[i], _node)); size /= 2; } // As the loop should always end prematurely with the `return` statement, // this code should be unreachable. We assert `false` just to be safe. assert(false); } /** * @notice Calculates and returns`_tree`'s current root given array of zero * hashes * @param _zeroes Array of zero hashes * @return _current Calculated root of `_tree` **/ function rootWithCtx(Tree storage _tree, bytes32[TREE_DEPTH] memory _zeroes) internal view returns (bytes32 _current) { uint256 _index = _tree.count; for (uint256 i = 0; i < TREE_DEPTH; i++) { uint256 _ithBit = (_index >> i) & 0x01; bytes32 _next = _tree.branch[i]; if (_ithBit == 1) { _current = keccak256(abi.encodePacked(_next, _current)); } else { _current = keccak256(abi.encodePacked(_current, _zeroes[i])); } } } /// @notice Calculates and returns`_tree`'s current root function root(Tree storage _tree) internal view returns (bytes32) { return rootWithCtx(_tree, zeroHashes()); } /// @notice Returns array of TREE_DEPTH zero hashes /// @return _zeroes Array of TREE_DEPTH zero hashes function zeroHashes() internal pure returns (bytes32[TREE_DEPTH] memory _zeroes) { _zeroes[0] = Z_0; _zeroes[1] = Z_1; _zeroes[2] = Z_2; _zeroes[3] = Z_3; _zeroes[4] = Z_4; _zeroes[5] = Z_5; _zeroes[6] = Z_6; _zeroes[7] = Z_7; _zeroes[8] = Z_8; _zeroes[9] = Z_9; _zeroes[10] = Z_10; _zeroes[11] = Z_11; _zeroes[12] = Z_12; _zeroes[13] = Z_13; _zeroes[14] = Z_14; _zeroes[15] = Z_15; _zeroes[16] = Z_16; _zeroes[17] = Z_17; _zeroes[18] = Z_18; _zeroes[19] = Z_19; _zeroes[20] = Z_20; _zeroes[21] = Z_21; _zeroes[22] = Z_22; _zeroes[23] = Z_23; _zeroes[24] = Z_24; _zeroes[25] = Z_25; _zeroes[26] = Z_26; _zeroes[27] = Z_27; _zeroes[28] = Z_28; _zeroes[29] = Z_29; _zeroes[30] = Z_30; _zeroes[31] = Z_31; } /** * @notice Calculates and returns the merkle root for the given leaf * `_item`, a merkle branch, and the index of `_item` in the tree. * @param _item Merkle leaf * @param _branch Merkle proof * @param _index Index of `_item` in tree * @return _current Calculated merkle root **/ function branchRoot( bytes32 _item, bytes32[TREE_DEPTH] memory _branch, uint256 _index ) internal pure returns (bytes32 _current) { _current = _item; for (uint256 i = 0; i < TREE_DEPTH; i++) { uint256 _ithBit = (_index >> i) & 0x01; bytes32 _next = _branch[i]; if (_ithBit == 1) { _current = keccak256(abi.encodePacked(_next, _current)); } else { _current = keccak256(abi.encodePacked(_current, _next)); } } } // keccak256 zero hashes bytes32 internal constant Z_0 = hex"0000000000000000000000000000000000000000000000000000000000000000"; bytes32 internal constant Z_1 = hex"ad3228b676f7d3cd4284a5443f17f1962b36e491b30a40b2405849e597ba5fb5"; bytes32 internal constant Z_2 = hex"b4c11951957c6f8f642c4af61cd6b24640fec6dc7fc607ee8206a99e92410d30"; bytes32 internal constant Z_3 = hex"21ddb9a356815c3fac1026b6dec5df3124afbadb485c9ba5a3e3398a04b7ba85"; bytes32 internal constant Z_4 = hex"e58769b32a1beaf1ea27375a44095a0d1fb664ce2dd358e7fcbfb78c26a19344"; bytes32 internal constant Z_5 = hex"0eb01ebfc9ed27500cd4dfc979272d1f0913cc9f66540d7e8005811109e1cf2d"; bytes32 internal constant Z_6 = hex"887c22bd8750d34016ac3c66b5ff102dacdd73f6b014e710b51e8022af9a1968"; bytes32 internal constant Z_7 = hex"ffd70157e48063fc33c97a050f7f640233bf646cc98d9524c6b92bcf3ab56f83"; bytes32 internal constant Z_8 = hex"9867cc5f7f196b93bae1e27e6320742445d290f2263827498b54fec539f756af"; bytes32 internal constant Z_9 = hex"cefad4e508c098b9a7e1d8feb19955fb02ba9675585078710969d3440f5054e0"; bytes32 internal constant Z_10 = hex"f9dc3e7fe016e050eff260334f18a5d4fe391d82092319f5964f2e2eb7c1c3a5"; bytes32 internal constant Z_11 = hex"f8b13a49e282f609c317a833fb8d976d11517c571d1221a265d25af778ecf892"; bytes32 internal constant Z_12 = hex"3490c6ceeb450aecdc82e28293031d10c7d73bf85e57bf041a97360aa2c5d99c"; bytes32 internal constant Z_13 = hex"c1df82d9c4b87413eae2ef048f94b4d3554cea73d92b0f7af96e0271c691e2bb"; bytes32 internal constant Z_14 = hex"5c67add7c6caf302256adedf7ab114da0acfe870d449a3a489f781d659e8becc"; bytes32 internal constant Z_15 = hex"da7bce9f4e8618b6bd2f4132ce798cdc7a60e7e1460a7299e3c6342a579626d2"; bytes32 internal constant Z_16 = hex"2733e50f526ec2fa19a22b31e8ed50f23cd1fdf94c9154ed3a7609a2f1ff981f"; bytes32 internal constant Z_17 = hex"e1d3b5c807b281e4683cc6d6315cf95b9ade8641defcb32372f1c126e398ef7a"; bytes32 internal constant Z_18 = hex"5a2dce0a8a7f68bb74560f8f71837c2c2ebbcbf7fffb42ae1896f13f7c7479a0"; bytes32 internal constant Z_19 = hex"b46a28b6f55540f89444f63de0378e3d121be09e06cc9ded1c20e65876d36aa0"; bytes32 internal constant Z_20 = hex"c65e9645644786b620e2dd2ad648ddfcbf4a7e5b1a3a4ecfe7f64667a3f0b7e2"; bytes32 internal constant Z_21 = hex"f4418588ed35a2458cffeb39b93d26f18d2ab13bdce6aee58e7b99359ec2dfd9"; bytes32 internal constant Z_22 = hex"5a9c16dc00d6ef18b7933a6f8dc65ccb55667138776f7dea101070dc8796e377"; bytes32 internal constant Z_23 = hex"4df84f40ae0c8229d0d6069e5c8f39a7c299677a09d367fc7b05e3bc380ee652"; bytes32 internal constant Z_24 = hex"cdc72595f74c7b1043d0e1ffbab734648c838dfb0527d971b602bc216c9619ef"; bytes32 internal constant Z_25 = hex"0abf5ac974a1ed57f4050aa510dd9c74f508277b39d7973bb2dfccc5eeb0618d"; bytes32 internal constant Z_26 = hex"b8cd74046ff337f0a7bf2c8e03e10f642c1886798d71806ab1e888d9e5ee87d0"; bytes32 internal constant Z_27 = hex"838c5655cb21c6cb83313b5a631175dff4963772cce9108188b34ac87c81c41e"; bytes32 internal constant Z_28 = hex"662ee4dd2dd7b2bc707961b1e646c4047669dcb6584f0d8d770daf5d7e7deb2e"; bytes32 internal constant Z_29 = hex"388ab20e2573d171a88108e79d820e98f26c0b84aa8b2f4aa4968dbb818ea322"; bytes32 internal constant Z_30 = hex"93237c50ba75ee485f4c22adf2f741400bdf8d6a9cc7df7ecae576221665d735"; bytes32 internal constant Z_31 = hex"8448818bb4ae4562849e949e17ac16e0be16688e156b5cf15e098c627c0056a9"; } // File contracts/isms/MultisigIsm.sol pragma solidity >=0.8.0; // ============ External Imports ============ // ============ Internal Imports ============ /** * @title MultisigIsm * @notice Manages an ownable set of validators that ECDSA sign checkpoints to * reach a quorum. */ contract MultisigIsm is IMultisigIsm, Ownable { // ============ Libraries ============ using EnumerableSet for EnumerableSet.AddressSet; using Message for bytes; using MultisigIsmMetadata for bytes; using MerkleLib for MerkleLib.Tree; // ============ Constants ============ uint8 public constant moduleType = 3; // ============ Mutable Storage ============ /// @notice The validator threshold for each remote domain. mapping(uint32 => uint8) public threshold; /// @notice The validator set for each remote domain. mapping(uint32 => EnumerableSet.AddressSet) private validatorSet; /// @notice A succinct commitment to the validator set and threshold for each remote /// domain. mapping(uint32 => bytes32) public commitment; // ============ Events ============ /** * @notice Emitted when a validator is enrolled in a validator set. * @param domain The remote domain of the validator set. * @param validator The address of the validator. * @param validatorCount The number of enrolled validators in the validator set. */ event ValidatorEnrolled( uint32 indexed domain, address indexed validator, uint256 validatorCount ); /** * @notice Emitted when a validator is unenrolled from a validator set. * @param domain The remote domain of the validator set. * @param validator The address of the validator. * @param validatorCount The number of enrolled validators in the validator set. */ event ValidatorUnenrolled( uint32 indexed domain, address indexed validator, uint256 validatorCount ); /** * @notice Emitted when the quorum threshold is set. * @param domain The remote domain of the validator set. * @param threshold The new quorum threshold. */ event ThresholdSet(uint32 indexed domain, uint8 threshold); /** * @notice Emitted when the validator set or threshold changes. * @param domain The remote domain of the validator set. * @param commitment A commitment to the validator set and threshold. */ event CommitmentUpdated(uint32 domain, bytes32 commitment); // ============ Constructor ============ // solhint-disable-next-line no-empty-blocks constructor() Ownable() {} // ============ External Functions ============ /** * @notice Enrolls multiple validators into a validator set. * @dev Reverts if `_validator` is already in the validator set. * @param _domains The remote domains of the validator sets. * @param _validators The validators to add to the validator sets. * @dev _validators[i] are the validators to enroll for _domains[i]. */ function enrollValidators( uint32[] calldata _domains, address[][] calldata _validators ) external onlyOwner { require(_domains.length == _validators.length, "!length"); for (uint256 i = 0; i < _domains.length; i += 1) { address[] calldata _domainValidators = _validators[i]; for (uint256 j = 0; j < _domainValidators.length; j += 1) { _enrollValidator(_domains[i], _domainValidators[j]); } _updateCommitment(_domains[i]); } } /** * @notice Enrolls a validator into a validator set. * @dev Reverts if `_validator` is already in the validator set. * @param _domain The remote domain of the validator set. * @param _validator The validator to add to the validator set. */ function enrollValidator(uint32 _domain, address _validator) external onlyOwner { _enrollValidator(_domain, _validator); _updateCommitment(_domain); } /** * @notice Unenrolls a validator from a validator set. * @dev Reverts if `_validator` is not in the validator set. * @param _domain The remote domain of the validator set. * @param _validator The validator to remove from the validator set. */ function unenrollValidator(uint32 _domain, address _validator) external onlyOwner { require(validatorSet[_domain].remove(_validator), "!enrolled"); uint256 _validatorCount = validatorCount(_domain); require( _validatorCount >= threshold[_domain], "violates quorum threshold" ); _updateCommitment(_domain); emit ValidatorUnenrolled(_domain, _validator, _validatorCount); } /** * @notice Sets the quorum threshold for multiple domains. * @param _domains The remote domains of the validator sets. * @param _thresholds The new quorum thresholds. */ function setThresholds( uint32[] calldata _domains, uint8[] calldata _thresholds ) external onlyOwner { require(_domains.length == _thresholds.length, "!length"); for (uint256 i = 0; i < _domains.length; i += 1) { setThreshold(_domains[i], _thresholds[i]); } } /** * @notice Returns whether an address is enrolled in a validator set. * @param _domain The remote domain of the validator set. * @param _address The address to test for set membership. * @return True if the address is enrolled, false otherwise. */ function isEnrolled(uint32 _domain, address _address) external view returns (bool) { EnumerableSet.AddressSet storage _validatorSet = validatorSet[_domain]; return _validatorSet.contains(_address); } // ============ Public Functions ============ /** * @notice Sets the quorum threshold. * @param _domain The remote domain of the validator set. * @param _threshold The new quorum threshold. */ function setThreshold(uint32 _domain, uint8 _threshold) public onlyOwner { require( _threshold > 0 && _threshold <= validatorCount(_domain), "!range" ); threshold[_domain] = _threshold; emit ThresholdSet(_domain, _threshold); _updateCommitment(_domain); } /** * @notice Verifies that a quorum of the origin domain's validators signed * a checkpoint, and verifies the merkle proof of `_message` against that * checkpoint. * @param _metadata ABI encoded module metadata (see MultisigIsmMetadata.sol) * @param _message Formatted Hyperlane message (see Message.sol). */ function verify(bytes calldata _metadata, bytes calldata _message) public view returns (bool) { require(_verifyMerkleProof(_metadata, _message), "!merkle"); require(_verifyValidatorSignatures(_metadata, _message), "!sigs"); return true; } /** * @notice Gets the current validator set * @param _domain The remote domain of the validator set. * @return The addresses of the validator set. */ function validators(uint32 _domain) public view returns (address[] memory) { EnumerableSet.AddressSet storage _validatorSet = validatorSet[_domain]; uint256 _validatorCount = _validatorSet.length(); address[] memory _validators = new address[](_validatorCount); for (uint256 i = 0; i < _validatorCount; i++) { _validators[i] = _validatorSet.at(i); } return _validators; } /** * @notice Returns the set of validators responsible for verifying _message * and the number of signatures required * @dev Can change based on the content of _message * @param _message Hyperlane formatted interchain message * @return validators The array of validator addresses * @return threshold The number of validator signatures needed */ function validatorsAndThreshold(bytes calldata _message) external view returns (address[] memory, uint8) { uint32 _origin = _message.origin(); address[] memory _validators = validators(_origin); uint8 _threshold = threshold[_origin]; return (_validators, _threshold); } /** * @notice Returns the number of validators enrolled in the validator set. * @param _domain The remote domain of the validator set. * @return The number of validators enrolled in the validator set. */ function validatorCount(uint32 _domain) public view returns (uint256) { return validatorSet[_domain].length(); } // ============ Internal Functions ============ /** * @notice Enrolls a validator into a validator set. * @dev Reverts if `_validator` is already in the validator set. * @param _domain The remote domain of the validator set. * @param _validator The validator to add to the validator set. */ function _enrollValidator(uint32 _domain, address _validator) internal { require(_validator != address(0), "zero address"); require(validatorSet[_domain].add(_validator), "already enrolled"); emit ValidatorEnrolled(_domain, _validator, validatorCount(_domain)); } /** * @notice Updates the commitment to the validator set for `_domain`. * @param _domain The remote domain of the validator set. * @return The commitment to the validator set for `_domain`. */ function _updateCommitment(uint32 _domain) internal returns (bytes32) { address[] memory _validators = validators(_domain); uint8 _threshold = threshold[_domain]; bytes32 _commitment = keccak256( abi.encodePacked(_threshold, _validators) ); commitment[_domain] = _commitment; emit CommitmentUpdated(_domain, _commitment); return _commitment; } /** * @notice Verifies the merkle proof of `_message` against the provided * checkpoint. * @param _metadata ABI encoded module metadata (see MultisigIsmMetadata.sol) * @param _message Formatted Hyperlane message (see Message.sol). */ function _verifyMerkleProof( bytes calldata _metadata, bytes calldata _message ) internal pure returns (bool) { // calculate the expected root based on the proof bytes32 _calculatedRoot = MerkleLib.branchRoot( _message.id(), _metadata.proof(), _message.nonce() ); return _calculatedRoot == _metadata.root(); } /** * @notice Verifies that a quorum of the origin domain's validators signed * the provided checkpoint. * @param _metadata ABI encoded module metadata (see MultisigIsmMetadata.sol) * @param _message Formatted Hyperlane message (see Message.sol). */ function _verifyValidatorSignatures( bytes calldata _metadata, bytes calldata _message ) internal view returns (bool) { uint8 _threshold = _metadata.threshold(); bytes32 _digest; { uint32 _origin = _message.origin(); bytes32 _commitment = keccak256( abi.encodePacked(_threshold, _metadata.validators()) ); // Ensures the validator set encoded in the metadata matches // what we've stored on chain. // NB: An empty validator set in `_metadata` will result in a // non-zero computed commitment, and this check will fail // as the commitment in storage will be zero. require(_commitment == commitment[_origin], "!commitment"); _digest = _getCheckpointDigest(_metadata, _origin); } uint256 _validatorCount = _metadata.validatorCount(); uint256 _validatorIndex = 0; // Assumes that signatures are ordered by validator for (uint256 i = 0; i < _threshold; ++i) { address _signer = ECDSA.recover(_digest, _metadata.signatureAt(i)); // Loop through remaining validators until we find a match for ( ; _validatorIndex < _validatorCount && _signer != _metadata.validatorAt(_validatorIndex); ++_validatorIndex ) {} // Fail if we never found a match require(_validatorIndex < _validatorCount, "!threshold"); ++_validatorIndex; } return true; } /** * @notice Returns the domain hash that validators are expected to use * when signing checkpoints. * @param _origin The origin domain of the checkpoint. * @param _originMailbox The address of the origin mailbox as bytes32. * @return The domain hash. */ function _getDomainHash(uint32 _origin, bytes32 _originMailbox) internal pure returns (bytes32) { // Including the origin mailbox address in the signature allows the slashing // protocol to enroll multiple mailboxes. Otherwise, a valid signature for // mailbox A would be indistinguishable from a fraudulent signature for mailbox // B. // The slashing protocol should slash if validators sign attestations for // anything other than a whitelisted mailbox. return keccak256(abi.encodePacked(_origin, _originMailbox, "HYPERLANE")); } /** * @notice Returns the digest validators are expected to sign when signing checkpoints. * @param _metadata ABI encoded module metadata (see MultisigIsmMetadata.sol) * @param _origin The origin domain of the checkpoint. * @return The digest of the checkpoint. */ function _getCheckpointDigest(bytes calldata _metadata, uint32 _origin) internal pure returns (bytes32) { bytes32 _domainHash = _getDomainHash( _origin, _metadata.originMailbox() ); return ECDSA.toEthSignedMessageHash( keccak256( abi.encodePacked( _domainHash, _metadata.root(), _metadata.index() ) ) ); } } // File @openzeppelin/contracts/utils/structs/[email protected] // OpenZeppelin Contracts (last updated v4.8.0) (utils/structs/EnumerableMap.sol) // This file was procedurally generated from scripts/generate/templates/EnumerableMap.js. pragma solidity ^0.8.0; /** * @dev Library for managing an enumerable variant of Solidity's * https://solidity.readthedocs.io/en/latest/types.html#mapping-types[`mapping`] * type. * * Maps have the following properties: * * - Entries are added, removed, and checked for existence in constant time * (O(1)). * - Entries are enumerated in O(n). No guarantees are made on the ordering. * * ``` * contract Example { * // Add the library methods * using EnumerableMap for EnumerableMap.UintToAddressMap; * * // Declare a set state variable * EnumerableMap.UintToAddressMap private myMap; * } * ``` * * The following map types are supported: * * - `uint256 -> address` (`UintToAddressMap`) since v3.0.0 * - `address -> uint256` (`AddressToUintMap`) since v4.6.0 * - `bytes32 -> bytes32` (`Bytes32ToBytes32Map`) since v4.6.0 * - `uint256 -> uint256` (`UintToUintMap`) since v4.7.0 * - `bytes32 -> uint256` (`Bytes32ToUintMap`) since v4.7.0 * * [WARNING] * ==== * Trying to delete such a structure from storage will likely result in data corruption, rendering the structure * unusable. * See https://github.com/ethereum/solidity/pull/11843[ethereum/solidity#11843] for more info. * * In order to clean an EnumerableMap, you can either remove all elements one by one or create a fresh instance using an * array of EnumerableMap. * ==== */ library EnumerableMap { using EnumerableSet for EnumerableSet.Bytes32Set; // To implement this library for multiple types with as little code // repetition as possible, we write it in terms of a generic Map type with // bytes32 keys and values. // The Map implementation uses private functions, and user-facing // implementations (such as Uint256ToAddressMap) are just wrappers around // the underlying Map. // This means that we can only create new EnumerableMaps for types that fit // in bytes32. struct Bytes32ToBytes32Map { // Storage of keys EnumerableSet.Bytes32Set _keys; mapping(bytes32 => bytes32) _values; } /** * @dev Adds a key-value pair to a map, or updates the value for an existing * key. O(1). * * Returns true if the key was added to the map, that is if it was not * already present. */ function set( Bytes32ToBytes32Map storage map, bytes32 key, bytes32 value ) internal returns (bool) { map._values[key] = value; return map._keys.add(key); } /** * @dev Removes a key-value pair from a map. O(1). * * Returns true if the key was removed from the map, that is if it was present. */ function remove(Bytes32ToBytes32Map storage map, bytes32 key) internal returns (bool) { delete map._values[key]; return map._keys.remove(key); } /** * @dev Returns true if the key is in the map. O(1). */ function contains(Bytes32ToBytes32Map storage map, bytes32 key) internal view returns (bool) { return map._keys.contains(key); } /** * @dev Returns the number of key-value pairs in the map. O(1). */ function length(Bytes32ToBytes32Map storage map) internal view returns (uint256) { return map._keys.length(); } /** * @dev Returns the key-value pair stored at position `index` in the map. O(1). * * Note that there are no guarantees on the ordering of entries inside the * array, and it may change when more entries are added or removed. * * Requirements: * * - `index` must be strictly less than {length}. */ function at(Bytes32ToBytes32Map storage map, uint256 index) internal view returns (bytes32, bytes32) { bytes32 key = map._keys.at(index); return (key, map._values[key]); } /** * @dev Tries to returns the value associated with `key`. O(1). * Does not revert if `key` is not in the map. */ function tryGet(Bytes32ToBytes32Map storage map, bytes32 key) internal view returns (bool, bytes32) { bytes32 value = map._values[key]; if (value == bytes32(0)) { return (contains(map, key), bytes32(0)); } else { return (true, value); } } /** * @dev Returns the value associated with `key`. O(1). * * Requirements: * * - `key` must be in the map. */ function get(Bytes32ToBytes32Map storage map, bytes32 key) internal view returns (bytes32) { bytes32 value = map._values[key]; require(value != 0 || contains(map, key), "EnumerableMap: nonexistent key"); return value; } /** * @dev Same as {get}, with a custom error message when `key` is not in the map. * * CAUTION: This function is deprecated because it requires allocating memory for the error * message unnecessarily. For custom revert reasons use {tryGet}. */ function get( Bytes32ToBytes32Map storage map, bytes32 key, string memory errorMessage ) internal view returns (bytes32) { bytes32 value = map._values[key]; require(value != 0 || contains(map, key), errorMessage); return value; } // UintToUintMap struct UintToUintMap { Bytes32ToBytes32Map _inner; } /** * @dev Adds a key-value pair to a map, or updates the value for an existing * key. O(1). * * Returns true if the key was added to the map, that is if it was not * already present. */ function set( UintToUintMap storage map, uint256 key, uint256 value ) internal returns (bool) { return set(map._inner, bytes32(key), bytes32(value)); } /** * @dev Removes a value from a set. O(1). * * Returns true if the key was removed from the map, that is if it was present. */ function remove(UintToUintMap storage map, uint256 key) internal returns (bool) { return remove(map._inner, bytes32(key)); } /** * @dev Returns true if the key is in the map. O(1). */ function contains(UintToUintMap storage map, uint256 key) internal view returns (bool) { return contains(map._inner, bytes32(key)); } /** * @dev Returns the number of elements in the map. O(1). */ function length(UintToUintMap storage map) internal view returns (uint256) { return length(map._inner); } /** * @dev Returns the element stored at position `index` in the set. O(1). * Note that there are no guarantees on the ordering of values inside the * array, and it may change when more values are added or removed. * * Requirements: * * - `index` must be strictly less than {length}. */ function at(UintToUintMap storage map, uint256 index) internal view returns (uint256, uint256) { (bytes32 key, bytes32 value) = at(map._inner, index); return (uint256(key), uint256(value)); } /** * @dev Tries to returns the value associated with `key`. O(1). * Does not revert if `key` is not in the map. */ function tryGet(UintToUintMap storage map, uint256 key) internal view returns (bool, uint256) { (bool success, bytes32 value) = tryGet(map._inner, bytes32(key)); return (success, uint256(value)); } /** * @dev Returns the value associated with `key`. O(1). * * Requirements: * * - `key` must be in the map. */ function get(UintToUintMap storage map, uint256 key) internal view returns (uint256) { return uint256(get(map._inner, bytes32(key))); } /** * @dev Same as {get}, with a custom error message when `key` is not in the map. * * CAUTION: This function is deprecated because it requires allocating memory for the error * message unnecessarily. For custom revert reasons use {tryGet}. */ function get( UintToUintMap storage map, uint256 key, string memory errorMessage ) internal view returns (uint256) { return uint256(get(map._inner, bytes32(key), errorMessage)); } // UintToAddressMap struct UintToAddressMap { Bytes32ToBytes32Map _inner; } /** * @dev Adds a key-value pair to a map, or updates the value for an existing * key. O(1). * * Returns true if the key was added to the map, that is if it was not * already present. */ function set( UintToAddressMap storage map, uint256 key, address value ) internal returns (bool) { return set(map._inner, bytes32(key), bytes32(uint256(uint160(value)))); } /** * @dev Removes a value from a set. O(1). * * Returns true if the key was removed from the map, that is if it was present. */ function remove(UintToAddressMap storage map, uint256 key) internal returns (bool) { return remove(map._inner, bytes32(key)); } /** * @dev Returns true if the key is in the map. O(1). */ function contains(UintToAddressMap storage map, uint256 key) internal view returns (bool) { return contains(map._inner, bytes32(key)); } /** * @dev Returns the number of elements in the map. O(1). */ function length(UintToAddressMap storage map) internal view returns (uint256) { return length(map._inner); } /** * @dev Returns the element stored at position `index` in the set. O(1). * Note that there are no guarantees on the ordering of values inside the * array, and it may change when more values are added or removed. * * Requirements: * * - `index` must be strictly less than {length}. */ function at(UintToAddressMap storage map, uint256 index) internal view returns (uint256, address) { (bytes32 key, bytes32 value) = at(map._inner, index); return (uint256(key), address(uint160(uint256(value)))); } /** * @dev Tries to returns the value associated with `key`. O(1). * Does not revert if `key` is not in the map. */ function tryGet(UintToAddressMap storage map, uint256 key) internal view returns (bool, address) { (bool success, bytes32 value) = tryGet(map._inner, bytes32(key)); return (success, address(uint160(uint256(value)))); } /** * @dev Returns the value associated with `key`. O(1). * * Requirements: * * - `key` must be in the map. */ function get(UintToAddressMap storage map, uint256 key) internal view returns (address) { return address(uint160(uint256(get(map._inner, bytes32(key))))); } /** * @dev Same as {get}, with a custom error message when `key` is not in the map. * * CAUTION: This function is deprecated because it requires allocating memory for the error * message unnecessarily. For custom revert reasons use {tryGet}. */ function get( UintToAddressMap storage map, uint256 key, string memory errorMessage ) internal view returns (address) { return address(uint160(uint256(get(map._inner, bytes32(key), errorMessage)))); } // AddressToUintMap struct AddressToUintMap { Bytes32ToBytes32Map _inner; } /** * @dev Adds a key-value pair to a map, or updates the value for an existing * key. O(1). * * Returns true if the key was added to the map, that is if it was not * already present. */ function set( AddressToUintMap storage map, address key, uint256 value ) internal returns (bool) { return set(map._inner, bytes32(uint256(uint160(key))), bytes32(value)); } /** * @dev Removes a value from a set. O(1). * * Returns true if the key was removed from the map, that is if it was present. */ function remove(AddressToUintMap storage map, address key) internal returns (bool) { return remove(map._inner, bytes32(uint256(uint160(key)))); } /** * @dev Returns true if the key is in the map. O(1). */ function contains(AddressToUintMap storage map, address key) internal view returns (bool) { return contains(map._inner, bytes32(uint256(uint160(key)))); } /** * @dev Returns the number of elements in the map. O(1). */ function length(AddressToUintMap storage map) internal view returns (uint256) { return length(map._inner); } /** * @dev Returns the element stored at position `index` in the set. O(1). * Note that there are no guarantees on the ordering of values inside the * array, and it may change when more values are added or removed. * * Requirements: * * - `index` must be strictly less than {length}. */ function at(AddressToUintMap storage map, uint256 index) internal view returns (address, uint256) { (bytes32 key, bytes32 value) = at(map._inner, index); return (address(uint160(uint256(key))), uint256(value)); } /** * @dev Tries to returns the value associated with `key`. O(1). * Does not revert if `key` is not in the map. */ function tryGet(AddressToUintMap storage map, address key) internal view returns (bool, uint256) { (bool success, bytes32 value) = tryGet(map._inner, bytes32(uint256(uint160(key)))); return (success, uint256(value)); } /** * @dev Returns the value associated with `key`. O(1). * * Requirements: * * - `key` must be in the map. */ function get(AddressToUintMap storage map, address key) internal view returns (uint256) { return uint256(get(map._inner, bytes32(uint256(uint160(key))))); } /** * @dev Same as {get}, with a custom error message when `key` is not in the map. * * CAUTION: This function is deprecated because it requires allocating memory for the error * message unnecessarily. For custom revert reasons use {tryGet}. */ function get( AddressToUintMap storage map, address key, string memory errorMessage ) internal view returns (uint256) { return uint256(get(map._inner, bytes32(uint256(uint160(key))), errorMessage)); } // Bytes32ToUintMap struct Bytes32ToUintMap { Bytes32ToBytes32Map _inner; } /** * @dev Adds a key-value pair to a map, or updates the value for an existing * key. O(1). * * Returns true if the key was added to the map, that is if it was not * already present. */ function set( Bytes32ToUintMap storage map, bytes32 key, uint256 value ) internal returns (bool) { return set(map._inner, key, bytes32(value)); } /** * @dev Removes a value from a set. O(1). * * Returns true if the key was removed from the map, that is if it was present. */ function remove(Bytes32ToUintMap storage map, bytes32 key) internal returns (bool) { return remove(map._inner, key); } /** * @dev Returns true if the key is in the map. O(1). */ function contains(Bytes32ToUintMap storage map, bytes32 key) internal view returns (bool) { return contains(map._inner, key); } /** * @dev Returns the number of elements in the map. O(1). */ function length(Bytes32ToUintMap storage map) internal view returns (uint256) { return length(map._inner); } /** * @dev Returns the element stored at position `index` in the set. O(1). * Note that there are no guarantees on the ordering of values inside the * array, and it may change when more values are added or removed. * * Requirements: * * - `index` must be strictly less than {length}. */ function at(Bytes32ToUintMap storage map, uint256 index) internal view returns (bytes32, uint256) { (bytes32 key, bytes32 value) = at(map._inner, index); return (key, uint256(value)); } /** * @dev Tries to returns the value associated with `key`. O(1). * Does not revert if `key` is not in the map. */ function tryGet(Bytes32ToUintMap storage map, bytes32 key) internal view returns (bool, uint256) { (bool success, bytes32 value) = tryGet(map._inner, key); return (success, uint256(value)); } /** * @dev Returns the value associated with `key`. O(1). * * Requirements: * * - `key` must be in the map. */ function get(Bytes32ToUintMap storage map, bytes32 key) internal view returns (uint256) { return uint256(get(map._inner, key)); } /** * @dev Same as {get}, with a custom error message when `key` is not in the map. * * CAUTION: This function is deprecated because it requires allocating memory for the error * message unnecessarily. For custom revert reasons use {tryGet}. */ function get( Bytes32ToUintMap storage map, bytes32 key, string memory errorMessage ) internal view returns (uint256) { return uint256(get(map._inner, key, errorMessage)); } } // File contracts/libs/EnumerableMapExtended.sol pragma solidity >=0.6.11; // ============ External Imports ============ // extends EnumerableMap with uint256 => bytes32 type // modelled after https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v4.8.0/contracts/utils/structs/EnumerableMap.sol library EnumerableMapExtended { using EnumerableMap for EnumerableMap.Bytes32ToBytes32Map; struct UintToBytes32Map { EnumerableMap.Bytes32ToBytes32Map _inner; } // ============ Library Functions ============ function keys(UintToBytes32Map storage map) internal view returns (bytes32[] storage) { return map._inner._keys._inner._values; } function set( UintToBytes32Map storage map, uint256 key, bytes32 value ) internal { map._inner.set(bytes32(key), value); } function get(UintToBytes32Map storage map, uint256 key) internal view returns (bytes32) { return map._inner.get(bytes32(key)); } function remove(UintToBytes32Map storage map, uint256 key) internal returns (bool) { return map._inner.remove(bytes32(key)); } function contains(UintToBytes32Map storage map, uint256 key) internal view returns (bool) { return map._inner.contains(bytes32(key)); } function length(UintToBytes32Map storage map) internal view returns (uint256) { return map._inner.length(); } function at(UintToBytes32Map storage map, uint256 index) internal view returns (uint256, bytes32) { (bytes32 key, bytes32 value) = map._inner.at(index); return (uint256(key), value); } } // File contracts/upgrade/Versioned.sol pragma solidity >=0.6.11; /** * @title Versioned * @notice Version getter for contracts **/ contract Versioned { uint8 public constant VERSION = 0; } // File interfaces/IMessageRecipient.sol pragma solidity >=0.6.11; interface IMessageRecipient { function handle( uint32 _origin, bytes32 _sender, bytes calldata _message ) external; } // File contracts/PausableReentrancyGuard.sol pragma solidity >=0.8.0; // adapted from "@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol"; abstract contract PausableReentrancyGuardUpgradeable is Initializable { uint256 private constant _NOT_ENTERED = 1; uint256 private constant _ENTERED = 2; uint256 private constant _PAUSED = 3; uint256 private _status; /** * @dev MUST be called for `nonReentrant` to not always revert */ function __PausableReentrancyGuard_init() internal onlyInitializing { _status = _NOT_ENTERED; } function _isPaused() internal view returns (bool) { return _status == _PAUSED; } function _pause() internal notPaused { _status = _PAUSED; } function _unpause() internal { require(_isPaused(), "!paused"); _status = _NOT_ENTERED; } /** * @dev Prevents a contract from being entered when paused. */ modifier notPaused() { require(!_isPaused(), "paused"); _; } /** * @dev Prevents a contract from calling itself, directly or indirectly. * Calling a `nonReentrant` function from another `nonReentrant` * function is not supported. It is possible to prevent this from happening * by making the `nonReentrant` function external, and making it call a * `private` function that does the actual work. */ modifier nonReentrantAndNotPaused() { // status must have been initialized require(_status == _NOT_ENTERED, "reentrant call (or paused)"); // Any calls to nonReentrant after this point will fail _status = _ENTERED; _; // By storing the original value once again, a refund is triggered (see // https://eips.ethereum.org/EIPS/eip-2200) _status = _NOT_ENTERED; } /** * @dev This empty reserved space is put in place to allow future versions to add new * variables without shifting down storage in the inheritance chain. * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps */ uint256[49] private __gap; } // File contracts/Mailbox.sol pragma solidity >=0.8.0; // ============ Internal Imports ============ // ============ External Imports ============ contract Mailbox is IMailbox, OwnableUpgradeable, PausableReentrancyGuardUpgradeable, Versioned { // ============ Libraries ============ using MerkleLib for MerkleLib.Tree; using Message for bytes; using TypeCasts for bytes32; using TypeCasts for address; // ============ Constants ============ // Maximum bytes per message = 2 KiB (somewhat arbitrarily set to begin) uint256 public constant MAX_MESSAGE_BODY_BYTES = 2 * 2**10; // Domain of chain on which the contract is deployed uint32 public immutable localDomain; // ============ Public Storage ============ // The default ISM, used if the recipient fails to specify one. IInterchainSecurityModule public defaultIsm; // An incremental merkle tree used to store outbound message IDs. MerkleLib.Tree public tree; // Mapping of message ID to whether or not that message has been delivered. mapping(bytes32 => bool) public delivered; // ============ Upgrade Gap ============ // gap for upgrade safety uint256[47] private __GAP; // ============ Events ============ /** * @notice Emitted when the default ISM is updated * @param module The new default ISM */ event DefaultIsmSet(address indexed module); /** * @notice Emitted when a new message is dispatched via Hyperlane * @param sender The address that dispatched the message * @param destination The destination domain of the message * @param recipient The message recipient address on `destination` * @param message Raw bytes of message */ event Dispatch( address indexed sender, uint32 indexed destination, bytes32 indexed recipient, bytes message ); /** * @notice Emitted when a new message is dispatched via Hyperlane * @param messageId The unique message identifier */ event DispatchId(bytes32 indexed messageId); /** * @notice Emitted when a Hyperlane message is processed * @param messageId The unique message identifier */ event ProcessId(bytes32 indexed messageId); /** * @notice Emitted when a Hyperlane message is delivered * @param origin The origin domain of the message * @param sender The message sender address on `origin` * @param recipient The address that handled the message */ event Process( uint32 indexed origin, bytes32 indexed sender, address indexed recipient ); /** * @notice Emitted when Mailbox is paused */ event Paused(); /** * @notice Emitted when Mailbox is unpaused */ event Unpaused(); // ============ Constructor ============ // solhint-disable-next-line no-empty-blocks constructor(uint32 _localDomain) { localDomain = _localDomain; } // ============ Initializers ============ function initialize(address _owner, address _defaultIsm) external initializer { __PausableReentrancyGuard_init(); __Ownable_init(); transferOwnership(_owner); _setDefaultIsm(_defaultIsm); } // ============ External Functions ============ /** * @notice Sets the default ISM for the Mailbox. * @param _module The new default ISM. Must be a contract. */ function setDefaultIsm(address _module) external onlyOwner { _setDefaultIsm(_module); } /** * @notice Dispatches a message to the destination domain & recipient. * @param _destinationDomain Domain of destination chain * @param _recipientAddress Address of recipient on destination chain as bytes32 * @param _messageBody Raw bytes content of message body * @return The message ID inserted into the Mailbox's merkle tree */ function dispatch( uint32 _destinationDomain, bytes32 _recipientAddress, bytes calldata _messageBody ) external override notPaused returns (bytes32) { require(_messageBody.length <= MAX_MESSAGE_BODY_BYTES, "msg too long"); // Format the message into packed bytes. bytes memory _message = Message.formatMessage( VERSION, count(), localDomain, msg.sender.addressToBytes32(), _destinationDomain, _recipientAddress, _messageBody ); // Insert the message ID into the merkle tree. bytes32 _id = _message.id(); tree.insert(_id); emit Dispatch( msg.sender, _destinationDomain, _recipientAddress, _message ); emit DispatchId(_id); return _id; } /** * @notice Attempts to deliver `_message` to its recipient. Verifies * `_message` via the recipient's ISM using the provided `_metadata`. * @param _metadata Metadata used by the ISM to verify `_message`. * @param _message Formatted Hyperlane message (refer to Message.sol). */ function process(bytes calldata _metadata, bytes calldata _message) external override nonReentrantAndNotPaused { // Check that the message was intended for this mailbox. require(_message.version() == VERSION, "!version"); require(_message.destination() == localDomain, "!destination"); // Check that the message hasn't already been delivered. bytes32 _id = _message.id(); require(delivered[_id] == false, "delivered"); delivered[_id] = true; // Verify the message via the ISM. IInterchainSecurityModule _ism = IInterchainSecurityModule( recipientIsm(_message.recipientAddress()) ); require(_ism.verify(_metadata, _message), "!module"); // Deliver the message to the recipient. uint32 origin = _message.origin(); bytes32 sender = _message.sender(); address recipient = _message.recipientAddress(); IMessageRecipient(recipient).handle(origin, sender, _message.body()); emit Process(origin, sender, recipient); emit ProcessId(_id); } // ============ Public Functions ============ /** * @notice Calculates and returns tree's current root */ function root() public view returns (bytes32) { return tree.root(); } /** * @notice Returns the number of inserted leaves in the tree */ function count() public view returns (uint32) { // count cannot exceed 2**TREE_DEPTH, see MerkleLib.sol return uint32(tree.count); } /** * @notice Returns a checkpoint representing the current merkle tree. * @return root The root of the Mailbox's merkle tree. * @return index The index of the last element in the tree. */ function latestCheckpoint() public view returns (bytes32, uint32) { return (root(), count() - 1); } /** * @notice Pauses mailbox and prevents further dispatch/process calls * @dev Only `owner` can pause the mailbox. */ function pause() external onlyOwner { _pause(); emit Paused(); } /** * @notice Unpauses mailbox and allows for message processing. * @dev Only `owner` can unpause the mailbox. */ function unpause() external onlyOwner { _unpause(); emit Unpaused(); } /** * @notice Returns whether mailbox is paused. */ function isPaused() external view returns (bool) { return _isPaused(); } /** * @notice Returns the ISM to use for the recipient, defaulting to the * default ISM if none is specified. * @param _recipient The message recipient whose ISM should be returned. * @return The ISM to use for `_recipient`. */ function recipientIsm(address _recipient) public view returns (IInterchainSecurityModule) { // Use a default interchainSecurityModule if one is not specified by the // recipient. // This is useful for backwards compatibility and for convenience as // recipients are not mandated to specify an ISM. try ISpecifiesInterchainSecurityModule(_recipient) .interchainSecurityModule() returns (IInterchainSecurityModule _val) { // If the recipient specifies a zero address, use the default ISM. if (address(_val) != address(0)) { return _val; } } catch {} return defaultIsm; } // ============ Internal Functions ============ /** * @notice Sets the default ISM for the Mailbox. * @param _module The new default ISM. Must be a contract. */ function _setDefaultIsm(address _module) internal { require(Address.isContract(_module), "!contract"); defaultIsm = IInterchainSecurityModule(_module); emit DefaultIsmSet(_module); } } // File contracts/Call.sol pragma solidity ^0.8.13; struct Call { address to; bytes data; } // File contracts/OwnableMulticall.sol pragma solidity ^0.8.13; // ============ External Imports ============ /* * @title OwnableMulticall * @dev Allows only only address to execute calls to other contracts */ contract OwnableMulticall is OwnableUpgradeable { constructor() { _transferOwnership(msg.sender); } function initialize() external initializer { _transferOwnership(msg.sender); } function proxyCalls(Call[] calldata calls) external onlyOwner { for (uint256 i = 0; i < calls.length; i += 1) { (bool success, bytes memory returnData) = calls[i].to.call( calls[i].data ); if (!success) { assembly { revert(add(returnData, 32), returnData) } } } } function _call(Call[] memory calls, bytes[] memory callbacks) internal returns (bytes[] memory resolveCalls) { resolveCalls = new bytes[](callbacks.length); for (uint256 i = 0; i < calls.length; i++) { (bool success, bytes memory returnData) = calls[i].to.call( calls[i].data ); require(success, "Multicall: call failed"); resolveCalls[i] = bytes.concat(callbacks[i], returnData); } } // TODO: deduplicate function proxyCallBatch(address to, bytes[] memory calls) internal { for (uint256 i = 0; i < calls.length; i += 1) { (bool success, bytes memory returnData) = to.call(calls[i]); if (!success) { assembly { revert(add(returnData, 32), returnData) } } } } } // File contracts/Router.sol pragma solidity >=0.6.11; // ============ Internal Imports ============ abstract contract Router is HyperlaneConnectionClient, IMessageRecipient { using EnumerableMapExtended for EnumerableMapExtended.UintToBytes32Map; string constant NO_ROUTER_ENROLLED_REVERT_MESSAGE = "No router enrolled for domain. Did you specify the right domain ID?"; // ============ Mutable Storage ============ EnumerableMapExtended.UintToBytes32Map internal _routers; uint256[49] private __GAP; // gap for upgrade safety // ============ Events ============ /** * @notice Emitted when a router is set. * @param domain The domain of the new router * @param router The address of the new router */ event RemoteRouterEnrolled(uint32 indexed domain, bytes32 indexed router); // ============ Modifiers ============ /** * @notice Only accept messages from a remote Router contract * @param _origin The domain the message is coming from * @param _router The address the message is coming from */ modifier onlyRemoteRouter(uint32 _origin, bytes32 _router) { require( _isRemoteRouter(_origin, _router), NO_ROUTER_ENROLLED_REVERT_MESSAGE ); _; } // ======== Initializer ========= function __Router_initialize(address _mailbox) internal onlyInitializing { __HyperlaneConnectionClient_initialize(_mailbox); } function __Router_initialize( address _mailbox, address _interchainGasPaymaster ) internal onlyInitializing { __HyperlaneConnectionClient_initialize( _mailbox, _interchainGasPaymaster ); } function __Router_initialize( address _mailbox, address _interchainGasPaymaster, address _interchainSecurityModule ) internal onlyInitializing { __HyperlaneConnectionClient_initialize( _mailbox, _interchainGasPaymaster, _interchainSecurityModule ); } // ============ External functions ============ function domains() external view returns (uint32[] memory) { bytes32[] storage rawKeys = _routers.keys(); uint32[] memory keys = new uint32[](rawKeys.length); for (uint256 i = 0; i < rawKeys.length; i++) { keys[i] = uint32(uint256(rawKeys[i])); } return keys; } function routers(uint32 _domain) public view returns (bytes32) { if (_routers.contains(_domain)) { return _routers.get(_domain); } else { return bytes32(0); // for backwards compatibility with storage mapping } } /** * @notice Register the address of a Router contract for the same Application on a remote chain * @param _domain The domain of the remote Application Router * @param _router The address of the remote Application Router */ function enrollRemoteRouter(uint32 _domain, bytes32 _router) external virtual onlyOwner { _enrollRemoteRouter(_domain, _router); } /** * @notice Batch version of `enrollRemoteRouter` * @param _domains The domaisn of the remote Application Routers * @param _addresses The addresses of the remote Application Routers */ function enrollRemoteRouters( uint32[] calldata _domains, bytes32[] calldata _addresses ) external virtual onlyOwner { require(_domains.length == _addresses.length, "!length"); for (uint256 i = 0; i < _domains.length; i += 1) { _enrollRemoteRouter(_domains[i], _addresses[i]); } } /** * @notice Handles an incoming message * @param _origin The origin domain * @param _sender The sender address * @param _message The message */ function handle( uint32 _origin, bytes32 _sender, bytes calldata _message ) external virtual override onlyMailbox onlyRemoteRouter(_origin, _sender) { // TODO: callbacks on success/failure _handle(_origin, _sender, _message); } // ============ Virtual functions ============ function _handle( uint32 _origin, bytes32 _sender, bytes calldata _message ) internal virtual; // ============ Internal functions ============ /** * @notice Set the router for a given domain * @param _domain The domain * @param _address The new router */ function _enrollRemoteRouter(uint32 _domain, bytes32 _address) internal { _routers.set(_domain, _address); emit RemoteRouterEnrolled(_domain, _address); } /** * @notice Return true if the given domain / router is the address of a remote Application Router * @param _domain The domain of the potential remote Application Router * @param _address The address of the potential remote Application Router */ function _isRemoteRouter(uint32 _domain, bytes32 _address) internal view returns (bool) { return routers(_domain) == _address; } /** * @notice Assert that the given domain has a Application Router registered and return its address * @param _domain The domain of the chain for which to get the Application Router * @return _router The address of the remote Application Router on _domain */ function _mustHaveRemoteRouter(uint32 _domain) internal view returns (bytes32 _router) { _router = routers(_domain); require(_router != bytes32(0), NO_ROUTER_ENROLLED_REVERT_MESSAGE); } /** * @notice Dispatches a message to an enrolled router via the local router's Mailbox * and pays for it to be relayed to the destination. * @dev Reverts if there is no enrolled router for _destinationDomain. * @param _destinationDomain The domain of the chain to which to send the message. * @param _messageBody Raw bytes content of message. * @param _gasAmount The amount of destination gas for the message that is requested via the InterchainGasPaymaster. * @param _gasPayment The amount of native tokens to pay for the message to be relayed. * @param _gasPaymentRefundAddress The address to refund any gas overpayment to. */ function _dispatchWithGas( uint32 _destinationDomain, bytes memory _messageBody, uint256 _gasAmount, uint256 _gasPayment, address _gasPaymentRefundAddress ) internal returns (bytes32 _messageId) { _messageId = _dispatch(_destinationDomain, _messageBody); // Call the IGP even if the gas payment is zero. This is to support on-chain // fee quoting in IGPs, which should always revert if gas payment is insufficient. interchainGasPaymaster.payForGas{value: _gasPayment}( _messageId, _destinationDomain, _gasAmount, _gasPaymentRefundAddress ); } /** * @notice Dispatches a message to an enrolled router via the provided Mailbox. * @dev Does not pay interchain gas. * @dev Reverts if there is no enrolled router for _destinationDomain. * @param _destinationDomain The domain of the chain to which to send the message. * @param _messageBody Raw bytes content of message. */ function _dispatch(uint32 _destinationDomain, bytes memory _messageBody) internal virtual returns (bytes32) { // Ensure that destination chain has an enrolled router. bytes32 _router = _mustHaveRemoteRouter(_destinationDomain); return mailbox.dispatch(_destinationDomain, _router, _messageBody); } } // File interfaces/IInterchainAccountRouter.sol pragma solidity >=0.6.11; interface IInterchainAccountRouter { function dispatch(uint32 _destinationDomain, Call[] calldata calls) external returns (bytes32); function dispatch( uint32 _destinationDomain, address target, bytes calldata data ) external returns (bytes32); function getInterchainAccount(uint32 _originDomain, address _sender) external view returns (address); } // File contracts/libs/MinimalProxy.sol pragma solidity >=0.6.11; // Library for building bytecode of minimal proxies (see https://eips.ethereum.org/EIPS/eip-1167) library MinimalProxy { bytes20 constant PREFIX = hex"3d602d80600a3d3981f3363d3d373d3d3d363d73"; bytes15 constant SUFFIX = hex"5af43d82803e903d91602b57fd5bf3"; function bytecode(address implementation) internal pure returns (bytes memory) { return abi.encodePacked(PREFIX, bytes20(implementation), SUFFIX); } } // File @openzeppelin/contracts/utils/[email protected] // OpenZeppelin Contracts (last updated v4.8.0) (utils/Create2.sol) pragma solidity ^0.8.0; /** * @dev Helper to make usage of the `CREATE2` EVM opcode easier and safer. * `CREATE2` can be used to compute in advance the address where a smart * contract will be deployed, which allows for interesting new mechanisms known * as 'counterfactual interactions'. * * See the https://eips.ethereum.org/EIPS/eip-1014#motivation[EIP] for more * information. */ library Create2 { /** * @dev Deploys a contract using `CREATE2`. The address where the contract * will be deployed can be known in advance via {computeAddress}. * * The bytecode for a contract can be obtained from Solidity with * `type(contractName).creationCode`. * * Requirements: * * - `bytecode` must not be empty. * - `salt` must have not been used for `bytecode` already. * - the factory must have a balance of at least `amount`. * - if `amount` is non-zero, `bytecode` must have a `payable` constructor. */ function deploy( uint256 amount, bytes32 salt, bytes memory bytecode ) internal returns (address addr) { require(address(this).balance >= amount, "Create2: insufficient balance"); require(bytecode.length != 0, "Create2: bytecode length is zero"); /// @solidity memory-safe-assembly assembly { addr := create2(amount, add(bytecode, 0x20), mload(bytecode), salt) } require(addr != address(0), "Create2: Failed on deploy"); } /** * @dev Returns the address where a contract will be stored if deployed via {deploy}. Any change in the * `bytecodeHash` or `salt` will result in a new destination address. */ function computeAddress(bytes32 salt, bytes32 bytecodeHash) internal view returns (address) { return computeAddress(salt, bytecodeHash, address(this)); } /** * @dev Returns the address where a contract will be stored if deployed via {deploy} from a contract located at * `deployer`. If `deployer` is this contract's address, returns the same value as {computeAddress}. */ function computeAddress( bytes32 salt, bytes32 bytecodeHash, address deployer ) internal pure returns (address addr) { /// @solidity memory-safe-assembly assembly { let ptr := mload(0x40) // Get free memory pointer // | | ↓ ptr ... ↓ ptr + 0x0B (start) ... ↓ ptr + 0x20 ... ↓ ptr + 0x40 ... | // |-------------------|---------------------------------------------------------------------------| // | bytecodeHash | CCCCCCCCCCCCC...CC | // | salt | BBBBBBBBBBBBB...BB | // | deployer | 000000...0000AAAAAAAAAAAAAAAAAAA...AA | // | 0xFF | FF | // |-------------------|---------------------------------------------------------------------------| // | memory | 000000...00FFAAAAAAAAAAAAAAAAAAA...AABBBBBBBBBBBBB...BBCCCCCCCCCCCCC...CC | // | keccak(start, 85) | ↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑ | mstore(add(ptr, 0x40), bytecodeHash) mstore(add(ptr, 0x20), salt) mstore(ptr, deployer) // Right-aligned with 12 preceding garbage bytes let start := add(ptr, 0x0b) // The hashed data starts at the final garbage byte which we will set to 0xff mstore8(start, 0xff) addr := keccak256(start, 85) } } } // File contracts/middleware/InterchainAccountRouter.sol pragma solidity ^0.8.13; // ============ Internal Imports ============ // ============ External Imports ============ /* * @title The Hello World App * @dev You can use this simple app as a starting point for your own application. */ contract InterchainAccountRouter is Router, IInterchainAccountRouter { address immutable implementation; bytes32 immutable bytecodeHash; event InterchainAccountCreated( uint32 indexed origin, address sender, address account ); constructor() { implementation = address(new OwnableMulticall()); // cannot be stored immutably because it is dynamically sized bytes memory bytecode = MinimalProxy.bytecode(implementation); bytecodeHash = keccak256(bytecode); } function initialize( address _mailbox, address _interchainGasPaymaster, address _interchainSecurityModule ) public initializer { // Transfer ownership of the contract to `msg.sender` __Router_initialize( _mailbox, _interchainGasPaymaster, _interchainSecurityModule ); } function initialize(address _mailbox, address _interchainGasPaymaster) public initializer { // Transfer ownership of the contract to `msg.sender` __Router_initialize(_mailbox, _interchainGasPaymaster); } function dispatch(uint32 _destinationDomain, Call[] calldata calls) external returns (bytes32) { return _dispatch(_destinationDomain, abi.encode(msg.sender, calls)); } function dispatch( uint32 _destinationDomain, address target, bytes calldata data ) external returns (bytes32) { Call[] memory calls = new Call[](1); calls[0] = Call({to: target, data: data}); return _dispatch(_destinationDomain, abi.encode(msg.sender, calls)); } function getInterchainAccount(uint32 _origin, address _sender) public view returns (address) { return _getInterchainAccount(_salt(_origin, _sender)); } function getDeployedInterchainAccount(uint32 _origin, address _sender) public returns (OwnableMulticall) { bytes32 salt = _salt(_origin, _sender); address interchainAccount = _getInterchainAccount(salt); if (!Address.isContract(interchainAccount)) { bytes memory bytecode = MinimalProxy.bytecode(implementation); interchainAccount = Create2.deploy(0, salt, bytecode); OwnableMulticall(interchainAccount).initialize(); emit InterchainAccountCreated(_origin, _sender, interchainAccount); } return OwnableMulticall(interchainAccount); } function _salt(uint32 _origin, address _sender) internal pure returns (bytes32) { return bytes32(abi.encodePacked(_origin, _sender)); } function _getInterchainAccount(bytes32 salt) internal view returns (address) { return Create2.computeAddress(salt, bytecodeHash); } function _handle( uint32 _origin, bytes32, // router sender bytes calldata _message ) internal override { (address sender, Call[] memory calls) = abi.decode( _message, (address, Call[]) ); getDeployedInterchainAccount(_origin, sender).proxyCalls(calls); } } // File interfaces/IInterchainQueryRouter.sol pragma solidity >=0.6.11; interface IInterchainQueryRouter { function query( uint32 _destinationDomain, address target, bytes calldata queryData, bytes calldata callback ) external returns (bytes32); function query( uint32 _destinationDomain, Call calldata call, bytes calldata callback ) external returns (bytes32); function query( uint32 _destinationDomain, Call[] calldata calls, bytes[] calldata callbacks ) external returns (bytes32); } // File contracts/middleware/InterchainQueryRouter.sol pragma solidity ^0.8.13; // ============ Internal Imports ============ // ============ External Imports ============ contract InterchainQueryRouter is Router, OwnableMulticall, IInterchainQueryRouter { enum Action { DISPATCH, RESOLVE } event QueryDispatched( uint32 indexed destinationDomain, address indexed sender ); event QueryReturned(uint32 indexed originDomain, address indexed sender); event QueryResolved( uint32 indexed destinationDomain, address indexed sender ); function initialize( address _mailbox, address _interchainGasPaymaster, address _interchainSecurityModule ) public initializer { // Transfer ownership of the contract to `msg.sender` __Router_initialize( _mailbox, _interchainGasPaymaster, _interchainSecurityModule ); } function initialize(address _mailbox, address _interchainGasPaymaster) public initializer { // Transfer ownership of the contract to `msg.sender` __Router_initialize(_mailbox, _interchainGasPaymaster); } /** * @param _destinationDomain Domain of destination chain * @param target The address of the contract to query on destination chain. * @param queryData The calldata of the view call to make on the destination chain. * @param callback Callback function selector on `msg.sender` and optionally abi-encoded prefix arguments. */ function query( uint32 _destinationDomain, address target, bytes calldata queryData, bytes calldata callback ) external returns (bytes32 messageId) { // TODO: fix this ugly arrayification Call[] memory calls = new Call[](1); calls[0] = Call({to: target, data: queryData}); bytes[] memory callbacks = new bytes[](1); callbacks[0] = callback; messageId = query(_destinationDomain, calls, callbacks); } /** * @param _destinationDomain Domain of destination chain * @param call Call (to and data packed struct) to be made on destination chain. * @param callback Callback function selector on `msg.sender` and optionally abi-encoded prefix arguments. */ function query( uint32 _destinationDomain, Call calldata call, bytes calldata callback ) external returns (bytes32 messageId) { // TODO: fix this ugly arrayification Call[] memory calls = new Call[](1); calls[0] = call; bytes[] memory callbacks = new bytes[](1); callbacks[0] = callback; messageId = query(_destinationDomain, calls, callbacks); } /** * @param _destinationDomain Domain of destination chain * @param calls Array of calls (to and data packed struct) to be made on destination chain in sequence. * @param callbacks Array of callback function selectors on `msg.sender` and optionally abi-encoded prefix arguments. */ function query( uint32 _destinationDomain, Call[] memory calls, bytes[] memory callbacks ) public returns (bytes32 messageId) { require( calls.length == callbacks.length, "InterchainQueryRouter: calls and callbacks must be same length" ); messageId = _dispatch( _destinationDomain, abi.encode(Action.DISPATCH, msg.sender, calls, callbacks) ); emit QueryDispatched(_destinationDomain, msg.sender); } // TODO: add REJECT behavior ala NodeJS Promise API function _handle( uint32 _origin, bytes32, // router sender bytes calldata _message ) internal override { // TODO: fix double ABI decoding with calldata slices Action action = abi.decode(_message, (Action)); if (action == Action.DISPATCH) { ( , address sender, Call[] memory calls, bytes[] memory callbacks ) = abi.decode(_message, (Action, address, Call[], bytes[])); bytes[] memory resolveCallbacks = _call(calls, callbacks); _dispatch( _origin, abi.encode(Action.RESOLVE, sender, resolveCallbacks) ); emit QueryReturned(_origin, sender); } else if (action == Action.RESOLVE) { (, address sender, bytes[] memory resolveCallbacks) = abi.decode( _message, (Action, address, bytes[]) ); proxyCallBatch(sender, resolveCallbacks); emit QueryResolved(_origin, sender); } } } // File contracts/middleware/liquidity-layer/interfaces/circle/ICircleBridge.sol pragma solidity ^0.8.13; interface ICircleBridge { event MessageSent(bytes message); /** * @notice Deposits and burns tokens from sender to be minted on destination domain. * Emits a `DepositForBurn` event. * @dev reverts if: * - given burnToken is not supported * - given destinationDomain has no CircleBridge registered * - transferFrom() reverts. For example, if sender's burnToken balance or approved allowance * to this contract is less than `amount`. * - burn() reverts. For example, if `amount` is 0. * - MessageTransmitter returns false or reverts. * @param _amount amount of tokens to burn * @param _destinationDomain destination domain (ETH = 0, AVAX = 1) * @param _mintRecipient address of mint recipient on destination domain * @param _burnToken address of contract to burn deposited tokens, on local domain * @return _nonce unique nonce reserved by message */ function depositForBurn( uint256 _amount, uint32 _destinationDomain, bytes32 _mintRecipient, address _burnToken ) external returns (uint64 _nonce); /** * @notice Deposits and burns tokens from sender to be minted on destination domain. The mint * on the destination domain must be called by `_destinationCaller`. * WARNING: if the `_destinationCaller` does not represent a valid address as bytes32, then it will not be possible * to broadcast the message on the destination domain. This is an advanced feature, and the standard * depositForBurn() should be preferred for use cases where a specific destination caller is not required. * Emits a `DepositForBurn` event. * @dev reverts if: * - given destinationCaller is zero address * - given burnToken is not supported * - given destinationDomain has no CircleBridge registered * - transferFrom() reverts. For example, if sender's burnToken balance or approved allowance * to this contract is less than `amount`. * - burn() reverts. For example, if `amount` is 0. * - MessageTransmitter returns false or reverts. * @param _amount amount of tokens to burn * @param _destinationDomain destination domain * @param _mintRecipient address of mint recipient on destination domain * @param _burnToken address of contract to burn deposited tokens, on local domain * @param _destinationCaller caller on the destination domain, as bytes32 * @return _nonce unique nonce reserved by message */ function depositForBurnWithCaller( uint256 _amount, uint32 _destinationDomain, bytes32 _mintRecipient, address _burnToken, bytes32 _destinationCaller ) external returns (uint64 _nonce); } // File contracts/middleware/liquidity-layer/interfaces/circle/ICircleMessageTransmitter.sol pragma solidity ^0.8.13; interface ICircleMessageTransmitter { /** * @notice Receive a message. Messages with a given nonce * can only be broadcast once for a (sourceDomain, destinationDomain) * pair. The message body of a valid message is passed to the * specified recipient for further processing. * * @dev Attestation format: * A valid attestation is the concatenated 65-byte signature(s) of exactly * `thresholdSignature` signatures, in increasing order of attester address. * ***If the attester addresses recovered from signatures are not in * increasing order, signature verification will fail.*** * If incorrect number of signatures or duplicate signatures are supplied, * signature verification will fail. * * Message format: * Field Bytes Type Index * version 4 uint32 0 * sourceDomain 4 uint32 4 * destinationDomain 4 uint32 8 * nonce 8 uint64 12 * sender 32 bytes32 20 * recipient 32 bytes32 52 * messageBody dynamic bytes 84 * @param _message Message bytes * @param _attestation Concatenated 65-byte signature(s) of `_message`, in increasing order * of the attester address recovered from signatures. * @return success bool, true if successful */ function receiveMessage(bytes memory _message, bytes calldata _attestation) external returns (bool success); function usedNonces(bytes32 _nonceId) external view returns (bool); } // File contracts/middleware/liquidity-layer/interfaces/ILiquidityLayerAdapter.sol pragma solidity ^0.8.13; interface ILiquidityLayerAdapter { function sendTokens( uint32 _destinationDomain, bytes32 _recipientAddress, address _token, uint256 _amount ) external returns (bytes memory _adapterData); function receiveTokens( uint32 _originDomain, // Hyperlane domain address _recipientAddress, uint256 _amount, bytes calldata _adapterData // The adapter data from the message ) external returns (address, uint256); } // File @openzeppelin/contracts/token/ERC20/[email protected] // OpenZeppelin Contracts (last updated v4.6.0) (token/ERC20/IERC20.sol) pragma solidity ^0.8.0; /** * @dev Interface of the ERC20 standard as defined in the EIP. */ interface IERC20 { /** * @dev Emitted when `value` tokens are moved from one account (`from`) to * another (`to`). * * Note that `value` may be zero. */ event Transfer(address indexed from, address indexed to, uint256 value); /** * @dev Emitted when the allowance of a `spender` for an `owner` is set by * a call to {approve}. `value` is the new allowance. */ event Approval(address indexed owner, address indexed spender, uint256 value); /** * @dev Returns the amount of tokens in existence. */ function totalSupply() external view returns (uint256); /** * @dev Returns the amount of tokens owned by `account`. */ function balanceOf(address account) external view returns (uint256); /** * @dev Moves `amount` tokens from the caller's account to `to`. * * Returns a boolean value indicating whether the operation succeeded. * * Emits a {Transfer} event. */ function transfer(address to, uint256 amount) external returns (bool); /** * @dev Returns the remaining number of tokens that `spender` will be * allowed to spend on behalf of `owner` through {transferFrom}. This is * zero by default. * * This value changes when {approve} or {transferFrom} are called. */ function allowance(address owner, address spender) external view returns (uint256); /** * @dev Sets `amount` as the allowance of `spender` over the caller's tokens. * * Returns a boolean value indicating whether the operation succeeded. * * IMPORTANT: Beware that changing an allowance with this method brings the risk * that someone may use both the old and the new allowance by unfortunate * transaction ordering. One possible solution to mitigate this race * condition is to first reduce the spender's allowance to 0 and set the * desired value afterwards: * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 * * Emits an {Approval} event. */ function approve(address spender, uint256 amount) external returns (bool); /** * @dev Moves `amount` tokens from `from` to `to` using the * allowance mechanism. `amount` is then deducted from the caller's * allowance. * * Returns a boolean value indicating whether the operation succeeded. * * Emits a {Transfer} event. */ function transferFrom( address from, address to, uint256 amount ) external returns (bool); } // File contracts/middleware/liquidity-layer/adapters/CircleBridgeAdapter.sol pragma solidity ^0.8.13; contract CircleBridgeAdapter is ILiquidityLayerAdapter, Router { /// @notice The CircleBridge contract. ICircleBridge public circleBridge; /// @notice The Circle MessageTransmitter contract. ICircleMessageTransmitter public circleMessageTransmitter; /// @notice The LiquidityLayerRouter contract. address public liquidityLayerRouter; /// @notice Hyperlane domain => Circle domain. /// ATM, known Circle domains are Ethereum = 0 and Avalanche = 1. /// Note this could result in ambiguity between the Circle domain being /// Ethereum or unknown. TODO fix? mapping(uint32 => uint32) public hyperlaneDomainToCircleDomain; /// @notice Token symbol => address of token on local chain. mapping(string => IERC20) public tokenSymbolToAddress; /// @notice Local chain token address => token symbol. mapping(address => string) public tokenAddressToSymbol; /** * @notice Emits the nonce of the Circle message when a token is bridged. * @param nonce The nonce of the Circle message. */ event BridgedToken(uint64 nonce); /** * @notice Emitted when the Hyperlane domain to Circle domain mapping is updated. * @param hyperlaneDomain The Hyperlane domain. * @param circleDomain The Circle domain. */ event DomainAdded(uint32 indexed hyperlaneDomain, uint32 circleDomain); /** * @notice Emitted when a local token and its token symbol have been added. */ event TokenAdded(address indexed token, string indexed symbol); /** * @notice Emitted when a local token and its token symbol have been removed. */ event TokenRemoved(address indexed token, string indexed symbol); modifier onlyLiquidityLayerRouter() { require(msg.sender == liquidityLayerRouter, "!liquidityLayerRouter"); _; } /** * @param _owner The new owner. * @param _circleBridge The CircleBridge contract. * @param _circleMessageTransmitter The Circle MessageTransmitter contract. * @param _liquidityLayerRouter The LiquidityLayerRouter contract. */ function initialize( address _owner, address _circleBridge, address _circleMessageTransmitter, address _liquidityLayerRouter ) public initializer { // Transfer ownership of the contract to deployer _transferOwnership(_owner); circleBridge = ICircleBridge(_circleBridge); circleMessageTransmitter = ICircleMessageTransmitter( _circleMessageTransmitter ); liquidityLayerRouter = _liquidityLayerRouter; } function sendTokens( uint32 _destinationDomain, bytes32, // _recipientAddress, unused address _token, uint256 _amount ) external onlyLiquidityLayerRouter returns (bytes memory) { string memory _tokenSymbol = tokenAddressToSymbol[_token]; require( bytes(_tokenSymbol).length > 0, "CircleBridgeAdapter: Unknown token" ); uint32 _circleDomain = hyperlaneDomainToCircleDomain[ _destinationDomain ]; bytes32 _remoteRouter = routers(_destinationDomain); require( _remoteRouter != bytes32(0), "CircleBridgeAdapter: No router for domain" ); // Approve the token to Circle. We assume that the LiquidityLayerRouter // has already transferred the token to this contract. require( IERC20(_token).approve(address(circleBridge), _amount), "!approval" ); uint64 _nonce = circleBridge.depositForBurn( _amount, _circleDomain, _remoteRouter, // Mint to the remote router _token ); emit BridgedToken(_nonce); return abi.encode(_nonce, _tokenSymbol); } // Returns the token and amount sent function receiveTokens( uint32 _originDomain, // Hyperlane domain address _recipient, uint256 _amount, bytes calldata _adapterData // The adapter data from the message ) external onlyLiquidityLayerRouter returns (address, uint256) { // The origin Circle domain uint32 _originCircleDomain = hyperlaneDomainToCircleDomain[ _originDomain ]; // Get the token symbol and nonce of the transfer from the _adapterData (uint64 _nonce, string memory _tokenSymbol) = abi.decode( _adapterData, (uint64, string) ); // Require the circle message to have been processed bytes32 _nonceId = _circleNonceId(_originCircleDomain, _nonce); require( circleMessageTransmitter.usedNonces(_nonceId), "Circle message not processed yet" ); IERC20 _token = tokenSymbolToAddress[_tokenSymbol]; require( address(_token) != address(0), "CircleBridgeAdapter: Unknown token" ); // Transfer the token out to the recipient // TODO: use safeTransfer // Circle doesn't charge any fee, so we can safely transfer out the // exact amount that was bridged over. require(_token.transfer(_recipient, _amount), "!transfer out"); return (address(_token), _amount); } // This contract is only a Router to be aware of remote router addresses, // and doesn't actually send/handle Hyperlane messages directly function _handle( uint32, // origin bytes32, // sender bytes calldata // message ) internal pure override { revert("No messages expected"); } function addDomain(uint32 _hyperlaneDomain, uint32 _circleDomain) external onlyOwner { hyperlaneDomainToCircleDomain[_hyperlaneDomain] = _circleDomain; emit DomainAdded(_hyperlaneDomain, _circleDomain); } function addToken(address _token, string calldata _tokenSymbol) external onlyOwner { require( _token != address(0) && bytes(_tokenSymbol).length > 0, "Cannot add default values" ); // Require the token and token symbol to be unset. address _existingToken = address(tokenSymbolToAddress[_tokenSymbol]); require(_existingToken == address(0), "token symbol already has token"); string memory _existingSymbol = tokenAddressToSymbol[_token]; require( bytes(_existingSymbol).length == 0, "token already has token symbol" ); tokenAddressToSymbol[_token] = _tokenSymbol; tokenSymbolToAddress[_tokenSymbol] = IERC20(_token); emit TokenAdded(_token, _tokenSymbol); } function removeToken(address _token, string calldata _tokenSymbol) external onlyOwner { // Require the provided token and token symbols match what's in storage. address _existingToken = address(tokenSymbolToAddress[_tokenSymbol]); require(_existingToken == _token, "Token mismatch"); string memory _existingSymbol = tokenAddressToSymbol[_token]; require( keccak256(bytes(_existingSymbol)) == keccak256(bytes(_tokenSymbol)), "Token symbol mismatch" ); // Delete them from storage. delete tokenSymbolToAddress[_tokenSymbol]; delete tokenAddressToSymbol[_token]; emit TokenRemoved(_token, _tokenSymbol); } /** * @notice Gets the Circle nonce ID by hashing _originCircleDomain and _nonce. * @param _originCircleDomain Domain of chain where the transfer originated * @param _nonce The unique identifier for the message from source to destination * @return hash of source and nonce */ function _circleNonceId(uint32 _originCircleDomain, uint64 _nonce) internal pure returns (bytes32) { // The hash is of a uint256 nonce, not a uint64 one. return keccak256(abi.encodePacked(_originCircleDomain, uint256(_nonce))); } } // File interfaces/ILiquidityLayerRouter.sol pragma solidity >=0.6.11; interface ILiquidityLayerRouter { function dispatchWithTokens( uint32 _destinationDomain, bytes32 _recipientAddress, bytes calldata _messageBody, address _token, uint256 _amount, string calldata _bridge ) external payable returns (bytes32); } // File interfaces/ILiquidityLayerMessageRecipient.sol pragma solidity ^0.8.13; interface ILiquidityLayerMessageRecipient { function handleWithTokens( uint32 _origin, bytes32 _sender, bytes calldata _message, address _token, uint256 _amount ) external; } // File contracts/middleware/liquidity-layer/LiquidityLayerRouter.sol pragma solidity ^0.8.13; contract LiquidityLayerRouter is Router, ILiquidityLayerRouter { // Token bridge => adapter address mapping(string => address) public liquidityLayerAdapters; event LiquidityLayerAdapterSet(string indexed bridge, address adapter); function initialize( address _mailbox, address _interchainGasPaymaster, address _interchainSecurityModule ) public initializer { // Transfer ownership of the contract to `msg.sender` __Router_initialize( _mailbox, _interchainGasPaymaster, _interchainSecurityModule ); } function initialize(address _mailbox, address _interchainGasPaymaster) public initializer { // Transfer ownership of the contract to `msg.sender` __Router_initialize(_mailbox, _interchainGasPaymaster); } function dispatchWithTokens( uint32 _destinationDomain, bytes32 _recipientAddress, bytes calldata _messageBody, address _token, uint256 _amount, string calldata _bridge ) external payable returns (bytes32) { ILiquidityLayerAdapter _adapter = _getAdapter(_bridge); // Transfer the tokens to the adapter // TODO: use safeTransferFrom // TODO: Are there scenarios where a transferFrom fails and it doesn't revert? require( IERC20(_token).transferFrom(msg.sender, address(_adapter), _amount), "!transfer in" ); // Reverts if the bridge was unsuccessful. // Gets adapter-specific data that is encoded into the message // ultimately sent via Hyperlane. bytes memory _adapterData = _adapter.sendTokens( _destinationDomain, _recipientAddress, _token, _amount ); // The user's message "wrapped" with metadata required by this middleware bytes memory _messageWithMetadata = abi.encode( TypeCasts.addressToBytes32(msg.sender), _recipientAddress, // The "user" recipient _amount, // The amount of the tokens sent over the bridge _bridge, // The destination token bridge ID _adapterData, // The adapter-specific data _messageBody // The "user" message ); // Dispatch the _messageWithMetadata to the destination's LiquidityLayerRouter. return _dispatchWithGas( _destinationDomain, _messageWithMetadata, 0, // TODO eventually accommodate gas amounts msg.value, msg.sender ); } // Handles a message from an enrolled remote LiquidityLayerRouter function _handle( uint32 _origin, bytes32, // _sender, unused bytes calldata _message ) internal override { // Decode the message with metadata, "unwrapping" the user's message body ( bytes32 _originalSender, bytes32 _userRecipientAddress, uint256 _amount, string memory _bridge, bytes memory _adapterData, bytes memory _userMessageBody ) = abi.decode( _message, (bytes32, bytes32, uint256, string, bytes, bytes) ); ILiquidityLayerMessageRecipient _userRecipient = ILiquidityLayerMessageRecipient( TypeCasts.bytes32ToAddress(_userRecipientAddress) ); // Reverts if the adapter hasn't received the bridged tokens yet (address _token, uint256 _receivedAmount) = _getAdapter(_bridge) .receiveTokens( _origin, address(_userRecipient), _amount, _adapterData ); _userRecipient.handleWithTokens( _origin, _originalSender, _userMessageBody, _token, _receivedAmount ); } function setLiquidityLayerAdapter(string calldata _bridge, address _adapter) external onlyOwner { liquidityLayerAdapters[_bridge] = _adapter; emit LiquidityLayerAdapterSet(_bridge, _adapter); } function _getAdapter(string memory _bridge) internal view returns (ILiquidityLayerAdapter _adapter) { _adapter = ILiquidityLayerAdapter(liquidityLayerAdapters[_bridge]); // Require the adapter to have been set require(address(_adapter) != address(0), "No adapter found for bridge"); } } // File @openzeppelin/contracts-upgradeable/token/ERC20/[email protected] // OpenZeppelin Contracts (last updated v4.6.0) (token/ERC20/IERC20.sol) pragma solidity ^0.8.0; /** * @dev Interface of the ERC20 standard as defined in the EIP. */ interface IERC20Upgradeable { /** * @dev Emitted when `value` tokens are moved from one account (`from`) to * another (`to`). * * Note that `value` may be zero. */ event Transfer(address indexed from, address indexed to, uint256 value); /** * @dev Emitted when the allowance of a `spender` for an `owner` is set by * a call to {approve}. `value` is the new allowance. */ event Approval(address indexed owner, address indexed spender, uint256 value); /** * @dev Returns the amount of tokens in existence. */ function totalSupply() external view returns (uint256); /** * @dev Returns the amount of tokens owned by `account`. */ function balanceOf(address account) external view returns (uint256); /** * @dev Moves `amount` tokens from the caller's account to `to`. * * Returns a boolean value indicating whether the operation succeeded. * * Emits a {Transfer} event. */ function transfer(address to, uint256 amount) external returns (bool); /** * @dev Returns the remaining number of tokens that `spender` will be * allowed to spend on behalf of `owner` through {transferFrom}. This is * zero by default. * * This value changes when {approve} or {transferFrom} are called. */ function allowance(address owner, address spender) external view returns (uint256); /** * @dev Sets `amount` as the allowance of `spender` over the caller's tokens. * * Returns a boolean value indicating whether the operation succeeded. * * IMPORTANT: Beware that changing an allowance with this method brings the risk * that someone may use both the old and the new allowance by unfortunate * transaction ordering. One possible solution to mitigate this race * condition is to first reduce the spender's allowance to 0 and set the * desired value afterwards: * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 * * Emits an {Approval} event. */ function approve(address spender, uint256 amount) external returns (bool); /** * @dev Moves `amount` tokens from `from` to `to` using the * allowance mechanism. `amount` is then deducted from the caller's * allowance. * * Returns a boolean value indicating whether the operation succeeded. * * Emits a {Transfer} event. */ function transferFrom( address from, address to, uint256 amount ) external returns (bool); } // File @openzeppelin/contracts-upgradeable/token/ERC20/extensions/[email protected] // OpenZeppelin Contracts v4.4.1 (token/ERC20/extensions/IERC20Metadata.sol) pragma solidity ^0.8.0; /** * @dev Interface for the optional metadata functions from the ERC20 standard. * * _Available since v4.1._ */ interface IERC20MetadataUpgradeable is IERC20Upgradeable { /** * @dev Returns the name of the token. */ function name() external view returns (string memory); /** * @dev Returns the symbol of the token. */ function symbol() external view returns (string memory); /** * @dev Returns the decimals places of the token. */ function decimals() external view returns (uint8); } // File @openzeppelin/contracts-upgradeable/token/ERC20/[email protected] // OpenZeppelin Contracts (last updated v4.8.0) (token/ERC20/ERC20.sol) pragma solidity ^0.8.0; /** * @dev Implementation of the {IERC20} interface. * * This implementation is agnostic to the way tokens are created. This means * that a supply mechanism has to be added in a derived contract using {_mint}. * For a generic mechanism see {ERC20PresetMinterPauser}. * * TIP: For a detailed writeup see our guide * https://forum.openzeppelin.com/t/how-to-implement-erc20-supply-mechanisms/226[How * to implement supply mechanisms]. * * We have followed general OpenZeppelin Contracts guidelines: functions revert * instead returning `false` on failure. This behavior is nonetheless * conventional and does not conflict with the expectations of ERC20 * applications. * * Additionally, an {Approval} event is emitted on calls to {transferFrom}. * This allows applications to reconstruct the allowance for all accounts just * by listening to said events. Other implementations of the EIP may not emit * these events, as it isn't required by the specification. * * Finally, the non-standard {decreaseAllowance} and {increaseAllowance} * functions have been added to mitigate the well-known issues around setting * allowances. See {IERC20-approve}. */ contract ERC20Upgradeable is Initializable, ContextUpgradeable, IERC20Upgradeable, IERC20MetadataUpgradeable { mapping(address => uint256) private _balances; mapping(address => mapping(address => uint256)) private _allowances; uint256 private _totalSupply; string private _name; string private _symbol; /** * @dev Sets the values for {name} and {symbol}. * * The default value of {decimals} is 18. To select a different value for * {decimals} you should overload it. * * All two of these values are immutable: they can only be set once during * construction. */ function __ERC20_init(string memory name_, string memory symbol_) internal onlyInitializing { __ERC20_init_unchained(name_, symbol_); } function __ERC20_init_unchained(string memory name_, string memory symbol_) internal onlyInitializing { _name = name_; _symbol = symbol_; } /** * @dev Returns the name of the token. */ function name() public view virtual override returns (string memory) { return _name; } /** * @dev Returns the symbol of the token, usually a shorter version of the * name. */ function symbol() public view virtual override returns (string memory) { return _symbol; } /** * @dev Returns the number of decimals used to get its user representation. * For example, if `decimals` equals `2`, a balance of `505` tokens should * be displayed to a user as `5.05` (`505 / 10 ** 2`). * * Tokens usually opt for a value of 18, imitating the relationship between * Ether and Wei. This is the value {ERC20} uses, unless this function is * overridden; * * NOTE: This information is only used for _display_ purposes: it in * no way affects any of the arithmetic of the contract, including * {IERC20-balanceOf} and {IERC20-transfer}. */ function decimals() public view virtual override returns (uint8) { return 18; } /** * @dev See {IERC20-totalSupply}. */ function totalSupply() public view virtual override returns (uint256) { return _totalSupply; } /** * @dev See {IERC20-balanceOf}. */ function balanceOf(address account) public view virtual override returns (uint256) { return _balances[account]; } /** * @dev See {IERC20-transfer}. * * Requirements: * * - `to` cannot be the zero address. * - the caller must have a balance of at least `amount`. */ function transfer(address to, uint256 amount) public virtual override returns (bool) { address owner = _msgSender(); _transfer(owner, to, amount); return true; } /** * @dev See {IERC20-allowance}. */ function allowance(address owner, address spender) public view virtual override returns (uint256) { return _allowances[owner][spender]; } /** * @dev See {IERC20-approve}. * * NOTE: If `amount` is the maximum `uint256`, the allowance is not updated on * `transferFrom`. This is semantically equivalent to an infinite approval. * * Requirements: * * - `spender` cannot be the zero address. */ function approve(address spender, uint256 amount) public virtual override returns (bool) { address owner = _msgSender(); _approve(owner, spender, amount); return true; } /** * @dev See {IERC20-transferFrom}. * * Emits an {Approval} event indicating the updated allowance. This is not * required by the EIP. See the note at the beginning of {ERC20}. * * NOTE: Does not update the allowance if the current allowance * is the maximum `uint256`. * * Requirements: * * - `from` and `to` cannot be the zero address. * - `from` must have a balance of at least `amount`. * - the caller must have allowance for ``from``'s tokens of at least * `amount`. */ function transferFrom( address from, address to, uint256 amount ) public virtual override returns (bool) { address spender = _msgSender(); _spendAllowance(from, spender, amount); _transfer(from, to, amount); return true; } /** * @dev Atomically increases the allowance granted to `spender` by the caller. * * This is an alternative to {approve} that can be used as a mitigation for * problems described in {IERC20-approve}. * * Emits an {Approval} event indicating the updated allowance. * * Requirements: * * - `spender` cannot be the zero address. */ function increaseAllowance(address spender, uint256 addedValue) public virtual returns (bool) { address owner = _msgSender(); _approve(owner, spender, allowance(owner, spender) + addedValue); return true; } /** * @dev Atomically decreases the allowance granted to `spender` by the caller. * * This is an alternative to {approve} that can be used as a mitigation for * problems described in {IERC20-approve}. * * Emits an {Approval} event indicating the updated allowance. * * Requirements: * * - `spender` cannot be the zero address. * - `spender` must have allowance for the caller of at least * `subtractedValue`. */ function decreaseAllowance(address spender, uint256 subtractedValue) public virtual returns (bool) { address owner = _msgSender(); uint256 currentAllowance = allowance(owner, spender); require(currentAllowance >= subtractedValue, "ERC20: decreased allowance below zero"); unchecked { _approve(owner, spender, currentAllowance - subtractedValue); } return true; } /** * @dev Moves `amount` of tokens from `from` to `to`. * * This internal function is equivalent to {transfer}, and can be used to * e.g. implement automatic token fees, slashing mechanisms, etc. * * Emits a {Transfer} event. * * Requirements: * * - `from` cannot be the zero address. * - `to` cannot be the zero address. * - `from` must have a balance of at least `amount`. */ function _transfer( address from, address to, uint256 amount ) internal virtual { require(from != address(0), "ERC20: transfer from the zero address"); require(to != address(0), "ERC20: transfer to the zero address"); _beforeTokenTransfer(from, to, amount); uint256 fromBalance = _balances[from]; require(fromBalance >= amount, "ERC20: transfer amount exceeds balance"); unchecked { _balances[from] = fromBalance - amount; // Overflow not possible: the sum of all balances is capped by totalSupply, and the sum is preserved by // decrementing then incrementing. _balances[to] += amount; } emit Transfer(from, to, amount); _afterTokenTransfer(from, to, amount); } /** @dev Creates `amount` tokens and assigns them to `account`, increasing * the total supply. * * Emits a {Transfer} event with `from` set to the zero address. * * Requirements: * * - `account` cannot be the zero address. */ function _mint(address account, uint256 amount) internal virtual { require(account != address(0), "ERC20: mint to the zero address"); _beforeTokenTransfer(address(0), account, amount); _totalSupply += amount; unchecked { // Overflow not possible: balance + amount is at most totalSupply + amount, which is checked above. _balances[account] += amount; } emit Transfer(address(0), account, amount); _afterTokenTransfer(address(0), account, amount); } /** * @dev Destroys `amount` tokens from `account`, reducing the * total supply. * * Emits a {Transfer} event with `to` set to the zero address. * * Requirements: * * - `account` cannot be the zero address. * - `account` must have at least `amount` tokens. */ function _burn(address account, uint256 amount) internal virtual { require(account != address(0), "ERC20: burn from the zero address"); _beforeTokenTransfer(account, address(0), amount); uint256 accountBalance = _balances[account]; require(accountBalance >= amount, "ERC20: burn amount exceeds balance"); unchecked { _balances[account] = accountBalance - amount; // Overflow not possible: amount <= accountBalance <= totalSupply. _totalSupply -= amount; } emit Transfer(account, address(0), amount); _afterTokenTransfer(account, address(0), amount); } /** * @dev Sets `amount` as the allowance of `spender` over the `owner` s tokens. * * This internal function is equivalent to `approve`, and can be used to * e.g. set automatic allowances for certain subsystems, etc. * * Emits an {Approval} event. * * Requirements: * * - `owner` cannot be the zero address. * - `spender` cannot be the zero address. */ function _approve( address owner, address spender, uint256 amount ) internal virtual { require(owner != address(0), "ERC20: approve from the zero address"); require(spender != address(0), "ERC20: approve to the zero address"); _allowances[owner][spender] = amount; emit Approval(owner, spender, amount); } /** * @dev Updates `owner` s allowance for `spender` based on spent `amount`. * * Does not update the allowance amount in case of infinite allowance. * Revert if not enough allowance is available. * * Might emit an {Approval} event. */ function _spendAllowance( address owner, address spender, uint256 amount ) internal virtual { uint256 currentAllowance = allowance(owner, spender); if (currentAllowance != type(uint256).max) { require(currentAllowance >= amount, "ERC20: insufficient allowance"); unchecked { _approve(owner, spender, currentAllowance - amount); } } } /** * @dev Hook that is called before any transfer of tokens. This includes * minting and burning. * * Calling conditions: * * - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens * will be transferred to `to`. * - when `from` is zero, `amount` tokens will be minted for `to`. * - when `to` is zero, `amount` of ``from``'s tokens will be burned. * - `from` and `to` are never both zero. * * To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks]. */ function _beforeTokenTransfer( address from, address to, uint256 amount ) internal virtual {} /** * @dev Hook that is called after any transfer of tokens. This includes * minting and burning. * * Calling conditions: * * - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens * has been transferred to `to`. * - when `from` is zero, `amount` tokens have been minted for `to`. * - when `to` is zero, `amount` of ``from``'s tokens have been burned. * - `from` and `to` are never both zero. * * To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks]. */ function _afterTokenTransfer( address from, address to, uint256 amount ) internal virtual {} /** * @dev This empty reserved space is put in place to allow future versions to add new * variables without shifting down storage in the inheritance chain. * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps */ uint256[45] private __gap; } // File contracts/mock/MockToken.sol pragma solidity ^0.8.13; contract MockToken is ERC20Upgradeable { function mint(address account, uint256 amount) external { _mint(account, amount); } function burn(uint256 _amount) external { _burn(msg.sender, _amount); } } // File contracts/mock/MockCircleBridge.sol pragma solidity ^0.8.13; contract MockCircleBridge is ICircleBridge { uint64 public nextNonce = 0; MockToken token; constructor(MockToken _token) { token = _token; } function depositForBurn( uint256 _amount, uint32, bytes32, address _burnToken ) external returns (uint64 _nonce) { nextNonce = nextNonce + 1; _nonce = nextNonce; require(address(token) == _burnToken); token.transferFrom(msg.sender, address(this), _amount); token.burn(_amount); } function depositForBurnWithCaller( uint256, uint32, bytes32, address, bytes32 ) external returns (uint64 _nonce) { nextNonce = nextNonce + 1; _nonce = nextNonce; } } // File contracts/mock/MockCircleMessageTransmitter.sol pragma solidity ^0.8.13; contract MockCircleMessageTransmitter is ICircleMessageTransmitter { mapping(bytes32 => bool) processedNonces; MockToken token; constructor(MockToken _token) { token = _token; } function receiveMessage(bytes memory, bytes calldata) external pure returns (bool success) { success = true; } function hashSourceAndNonce(uint32 _source, uint256 _nonce) public pure returns (bytes32) { return keccak256(abi.encodePacked(_source, _nonce)); } function process( bytes32 _nonceId, address _recipient, uint256 _amount ) public { processedNonces[_nonceId] = true; token.mint(_recipient, _amount); } function usedNonces(bytes32 _nonceId) external view returns (bool) { return processedNonces[_nonceId]; } } // File contracts/mock/MockMailbox.sol pragma solidity ^0.8.0; contract MockMailbox { using TypeCasts for address; using TypeCasts for bytes32; // Domain of chain on which the contract is deployed uint32 public immutable domain; uint32 public immutable version = 0; uint256 public outboundNonce = 0; uint256 public inboundUnprocessedNonce = 0; uint256 public inboundProcessedNonce = 0; mapping(uint32 => MockMailbox) public remoteMailboxes; mapping(uint256 => Message) public inboundMessages; struct Message { uint32 origin; address sender; address recipient; bytes body; } constructor(uint32 _domain) { domain = _domain; } function addRemoteMailbox(uint32 _domain, MockMailbox _mailbox) external { remoteMailboxes[_domain] = _mailbox; } function dispatch( uint32 _destinationDomain, bytes32 _recipientAddress, bytes calldata _messageBody ) external returns (bytes32) { MockMailbox _destinationMailbox = remoteMailboxes[_destinationDomain]; require( address(_destinationMailbox) != address(0), "Missing remote mailbox" ); _destinationMailbox.addInboundMessage( domain, msg.sender, _recipientAddress.bytes32ToAddress(), _messageBody ); outboundNonce++; return bytes32(0); } function addInboundMessage( uint32 _origin, address _sender, address _recipient, bytes calldata _body ) external { inboundMessages[inboundUnprocessedNonce] = Message( _origin, _sender, _recipient, _body ); inboundUnprocessedNonce++; } function processNextInboundMessage() public { Message memory _message = inboundMessages[inboundProcessedNonce]; IMessageRecipient(_message.recipient).handle( _message.origin, _message.sender.addressToBytes32(), _message.body ); inboundProcessedNonce++; } } // File contracts/test/TestIsm.sol pragma solidity >=0.8.0; contract TestIsm is IInterchainSecurityModule { uint8 public constant moduleType = 0; bool public accept; function setAccept(bool _val) external { accept = _val; } function verify(bytes calldata, bytes calldata) external view returns (bool) { return accept; } } // File contracts/mock/MockHyperlaneEnvironment.sol pragma solidity ^0.8.13; contract MockHyperlaneEnvironment { uint32 originDomain; uint32 destinationDomain; mapping(uint32 => MockMailbox) public mailboxes; mapping(uint32 => InterchainGasPaymaster) public igps; mapping(uint32 => IInterchainSecurityModule) public isms; mapping(uint32 => InterchainQueryRouter) public queryRouters; constructor(uint32 _originDomain, uint32 _destinationDomain) { originDomain = _originDomain; destinationDomain = _destinationDomain; MockMailbox originMailbox = new MockMailbox(_originDomain); MockMailbox destinationMailbox = new MockMailbox(_destinationDomain); originMailbox.addRemoteMailbox(_destinationDomain, destinationMailbox); destinationMailbox.addRemoteMailbox(_originDomain, originMailbox); igps[originDomain] = new InterchainGasPaymaster(); igps[destinationDomain] = new InterchainGasPaymaster(); isms[originDomain] = new TestIsm(); isms[destinationDomain] = new TestIsm(); mailboxes[_originDomain] = originMailbox; mailboxes[_destinationDomain] = destinationMailbox; InterchainQueryRouter originQueryRouter = new InterchainQueryRouter(); InterchainQueryRouter destinationQueryRouter = new InterchainQueryRouter(); originQueryRouter.initialize( address(originMailbox), address(igps[originDomain]), address(isms[originDomain]) ); destinationQueryRouter.initialize( address(destinationMailbox), address(igps[destinationDomain]), address(isms[destinationDomain]) ); originQueryRouter.enrollRemoteRouter( _destinationDomain, TypeCasts.addressToBytes32(address(destinationQueryRouter)) ); destinationQueryRouter.enrollRemoteRouter( _originDomain, TypeCasts.addressToBytes32(address(originQueryRouter)) ); queryRouters[_originDomain] = originQueryRouter; queryRouters[_destinationDomain] = destinationQueryRouter; } function processNextPendingMessage() public { mailboxes[destinationDomain].processNextInboundMessage(); } function processNextPendingMessageFromDestination() public { mailboxes[originDomain].processNextInboundMessage(); } } // File contracts/mock/MockInterchainAccountRouter.sol pragma solidity ^0.8.13; /* * @title The Hello World App * @dev You can use this simple app as a starting point for your own application. */ contract MockInterchainAccountRouter is InterchainAccountRouter { struct PendingCall { uint32 originDomain; bytes senderAndCalls; } uint32 public originDomain; mapping(uint256 => PendingCall) pendingCalls; uint256 totalCalls = 0; uint256 callsProcessed = 0; constructor(uint32 _originDomain) InterchainAccountRouter() { originDomain = _originDomain; } function _dispatch(uint32, bytes memory _messageBody) internal override returns (bytes32) { pendingCalls[totalCalls] = PendingCall(originDomain, _messageBody); totalCalls += 1; return keccak256(abi.encodePacked(totalCalls)); } function processNextPendingCall() public { PendingCall memory pendingCall = pendingCalls[callsProcessed]; (address sender, Call[] memory calls) = abi.decode( pendingCall.senderAndCalls, (address, Call[]) ); getDeployedInterchainAccount(originDomain, sender).proxyCalls(calls); callsProcessed += 1; } } // File contracts/test/bad-recipient/BadRecipient1.sol pragma solidity >=0.8.0; contract BadRecipient1 is IMessageRecipient { function handle( uint32, bytes32, bytes calldata ) external pure override { assembly { revert(0, 0) } } } // File contracts/test/bad-recipient/BadRecipient3.sol pragma solidity >=0.8.0; contract BadRecipient3 is IMessageRecipient { function handle( uint32, bytes32, bytes calldata ) external pure override { assembly { mstore(0, 0xabcdef) revert(0, 32) } } } // File contracts/test/bad-recipient/BadRecipient5.sol pragma solidity >=0.8.0; contract BadRecipient5 is IMessageRecipient { function handle( uint32, bytes32, bytes calldata ) external pure override { require(false, "no can do"); } } // File contracts/test/bad-recipient/BadRecipient6.sol pragma solidity >=0.8.0; contract BadRecipient6 is IMessageRecipient { function handle( uint32, bytes32, bytes calldata ) external pure override { require(false); // solhint-disable-line reason-string } } // File contracts/test/TestHyperlaneConnectionClient.sol pragma solidity >=0.6.11; contract TestHyperlaneConnectionClient is HyperlaneConnectionClient { function initialize(address _mailbox) external initializer { __HyperlaneConnectionClient_initialize(_mailbox); } function localDomain() external view returns (uint32) { return mailbox.localDomain(); } } // File contracts/test/TestLiquidityLayerMessageRecipient.sol pragma solidity ^0.8.13; contract TestLiquidityLayerMessageRecipient is ILiquidityLayerMessageRecipient { event HandledWithTokens( uint32 origin, bytes32 sender, bytes message, address token, uint256 amount ); function handleWithTokens( uint32 _origin, bytes32 _sender, bytes calldata _message, address _token, uint256 _amount ) external { emit HandledWithTokens(_origin, _sender, _message, _token, _amount); } } // File contracts/test/TestMailbox.sol pragma solidity >=0.8.0; contract TestMailbox is Mailbox { using TypeCasts for bytes32; constructor(uint32 _localDomain) Mailbox(_localDomain) {} // solhint-disable-line no-empty-blocks function proof() external view returns (bytes32[32] memory) { bytes32[32] memory _zeroes = MerkleLib.zeroHashes(); uint256 _index = tree.count - 1; bytes32[32] memory _proof; for (uint256 i = 0; i < 32; i++) { uint256 _ithBit = (_index >> i) & 0x01; if (_ithBit == 1) { _proof[i] = tree.branch[i]; } else { _proof[i] = _zeroes[i]; } } return _proof; } function testHandle( uint32 _origin, bytes32 _sender, bytes32 _recipient, bytes calldata _body ) external { IMessageRecipient(_recipient.bytes32ToAddress()).handle( _origin, _sender, _body ); } } // File contracts/test/TestMerkle.sol pragma solidity >=0.8.0; contract TestMerkle { using MerkleLib for MerkleLib.Tree; MerkleLib.Tree public tree; // solhint-disable-next-line no-empty-blocks constructor() {} function insert(bytes32 _node) external { tree.insert(_node); } function branchRoot( bytes32 _leaf, bytes32[32] calldata _proof, uint256 _index ) external pure returns (bytes32 _node) { return MerkleLib.branchRoot(_leaf, _proof, _index); } /** * @notice Returns the number of inserted leaves in the tree */ function count() public view returns (uint256) { return tree.count; } function root() public view returns (bytes32) { return tree.root(); } } // File contracts/test/TestMessage.sol pragma solidity >=0.6.11; contract TestMessage { using Message for bytes; function version(bytes calldata _message) external pure returns (uint32 _version) { return _message.version(); } function nonce(bytes calldata _message) external pure returns (uint256 _nonce) { return _message.nonce(); } function body(bytes calldata _message) external pure returns (bytes calldata _body) { return _message.body(); } function origin(bytes calldata _message) external pure returns (uint32 _origin) { return _message.origin(); } function sender(bytes calldata _message) external pure returns (bytes32 _sender) { return _message.sender(); } function destination(bytes calldata _message) external pure returns (uint32 _destination) { return _message.destination(); } function recipient(bytes calldata _message) external pure returns (bytes32 _recipient) { return _message.recipient(); } function recipientAddress(bytes calldata _message) external pure returns (address _recipient) { return _message.recipientAddress(); } function id(bytes calldata _message) external pure returns (bytes32) { return _message.id(); } } // File contracts/test/TestMultisigIsm.sol pragma solidity >=0.8.0; // ============ Internal Imports ============ contract TestMultisigIsm is MultisigIsm { function getDomainHash(uint32 _origin, bytes32 _originMailbox) external pure returns (bytes32) { return _getDomainHash(_origin, _originMailbox); } function getCheckpointDigest(bytes calldata _metadata, uint32 _origin) external pure returns (bytes32) { return _getCheckpointDigest(_metadata, _origin); } } // File contracts/test/TestQuery.sol pragma solidity ^0.8.13; contract TestQuery { InterchainQueryRouter public router; event Owner(uint256, address); constructor(address _router) { router = InterchainQueryRouter(_router); } /** * @dev Fetches owner of InterchainQueryRouter on provided domain and passes along with provided secret to `this.receiveRouterOwner` */ function queryRouterOwner(uint32 domain, uint256 secret) external { Call memory call = Call({ to: TypeCasts.bytes32ToAddress(router.routers(domain)), data: abi.encodeWithSignature("owner()") }); bytes memory callback = bytes.concat( this.receiveRouterOwer.selector, bytes32(secret) ); router.query(domain, call, callback); } /** * @dev `msg.sender` must be restricted to `this.router` to prevent any local account from spoofing query data. */ function receiveRouterOwer(uint256 secret, address owner) external { require(msg.sender == address(router), "TestQuery: not from router"); emit Owner(secret, owner); } } // File contracts/test/TestQuerySender.sol pragma solidity >=0.8.0; contract TestQuerySender is Initializable { IInterchainQueryRouter queryRouter; address public lastAddressResult; uint256 public lastUint256Result; bytes32 public lastBytes32Result; event ReceivedAddressResult(address result); event ReceivedUint256Result(uint256 result); event ReceivedBytes32Result(bytes32 result); function initialize(address _queryRouterAddress) public initializer { queryRouter = IInterchainQueryRouter(_queryRouterAddress); } function queryAddress( uint32 _destinationDomain, address _target, bytes calldata _targetData ) public { queryRouter.query( _destinationDomain, Call({to: _target, data: _targetData}), abi.encodePacked(this.handleQueryAddressResult.selector) ); } function handleQueryAddressResult(address _result) public { emit ReceivedAddressResult(_result); lastAddressResult = _result; } function queryUint256( uint32 _destinationDomain, address _target, bytes calldata _targetData ) public { queryRouter.query( _destinationDomain, Call({to: _target, data: _targetData}), abi.encodePacked(this.handleQueryUint256Result.selector) ); } function handleQueryUint256Result(uint256 _result) public { emit ReceivedUint256Result(_result); lastUint256Result = _result; } function queryBytes32( uint32 _destinationDomain, address _target, bytes calldata _targetData ) public { queryRouter.query( _destinationDomain, Call({to: _target, data: _targetData}), abi.encodePacked(this.handleQueryBytes32Result.selector) ); } function handleQueryBytes32Result(bytes32 _result) public { emit ReceivedBytes32Result(_result); lastBytes32Result = _result; } } // File contracts/test/TestRecipient.sol pragma solidity >=0.8.0; contract TestRecipient is IMessageRecipient, ISpecifiesInterchainSecurityModule { IInterchainSecurityModule public interchainSecurityModule; bytes32 public lastSender; bytes public lastData; address public lastCaller; string public lastCallMessage; event ReceivedMessage( uint32 indexed origin, bytes32 indexed sender, string message ); event ReceivedCall(address indexed caller, uint256 amount, string message); function setInterchainSecurityModule(address _ism) external { interchainSecurityModule = IInterchainSecurityModule(_ism); } function handle( uint32 _origin, bytes32 _sender, bytes calldata _data ) external override { emit ReceivedMessage(_origin, _sender, string(_data)); lastSender = _sender; lastData = _data; } function fooBar(uint256 amount, string calldata message) external { emit ReceivedCall(msg.sender, amount, message); lastCaller = msg.sender; lastCallMessage = message; } } // File contracts/test/TestRouter.sol pragma solidity >=0.6.11; contract TestRouter is Router { event InitializeOverload(); function initialize(address _mailbox) external initializer { __Router_initialize(_mailbox); emit InitializeOverload(); } function _handle( uint32, bytes32, bytes calldata ) internal pure override {} function isRemoteRouter(uint32 _domain, bytes32 _potentialRemoteRouter) external view returns (bool) { return _isRemoteRouter(_domain, _potentialRemoteRouter); } function mustHaveRemoteRouter(uint32 _domain) external view returns (bytes32) { return _mustHaveRemoteRouter(_domain); } function dispatch(uint32 _destination, bytes memory _msg) external { _dispatch(_destination, _msg); } function dispatchWithGas( uint32 _destinationDomain, bytes memory _messageBody, uint256 _gasAmount, uint256 _gasPayment, address _gasPaymentRefundAddress ) external payable { _dispatchWithGas( _destinationDomain, _messageBody, _gasAmount, _gasPayment, _gasPaymentRefundAddress ); } } // File contracts/test/TestSendReceiver.sol pragma solidity >=0.8.0; contract TestSendReceiver is IMessageRecipient { using TypeCasts for address; uint256 public constant HANDLE_GAS_AMOUNT = 50_000; event Handled(bytes32 blockHash); function dispatchToSelf( IMailbox _mailbox, IInterchainGasPaymaster _paymaster, uint32 _destinationDomain, bytes calldata _messageBody ) external payable { bytes32 _messageId = _mailbox.dispatch( _destinationDomain, address(this).addressToBytes32(), _messageBody ); uint256 _blockHashNum = uint256(previousBlockHash()); uint256 _value = msg.value; if (_blockHashNum % 5 == 0) { // Pay in two separate calls, resulting in 2 distinct events uint256 _halfPayment = _value / 2; uint256 _halfGasAmount = HANDLE_GAS_AMOUNT / 2; _paymaster.payForGas{value: _halfPayment}( _messageId, _destinationDomain, _halfGasAmount, msg.sender ); _paymaster.payForGas{value: _value - _halfPayment}( _messageId, _destinationDomain, HANDLE_GAS_AMOUNT - _halfGasAmount, msg.sender ); } else { // Pay the entire msg.value in one call _paymaster.payForGas{value: _value}( _messageId, _destinationDomain, HANDLE_GAS_AMOUNT, msg.sender ); } } function handle( uint32, bytes32, bytes calldata ) external override { bytes32 blockHash = previousBlockHash(); bool isBlockHashEven = uint256(blockHash) % 2 == 0; require(isBlockHashEven, "block hash is odd"); emit Handled(blockHash); } function previousBlockHash() internal view returns (bytes32) { return blockhash(block.number - 1); } } // File contracts/test/TestTokenRecipient.sol pragma solidity >=0.8.0; contract TestTokenRecipient is ILiquidityLayerMessageRecipient { bytes32 public lastSender; bytes public lastData; address public lastToken; uint256 public lastAmount; address public lastCaller; string public lastCallMessage; event ReceivedMessage( uint32 indexed origin, bytes32 indexed sender, string message, address token, uint256 amount ); event ReceivedCall(address indexed caller, uint256 amount, string message); function handleWithTokens( uint32 _origin, bytes32 _sender, bytes calldata _data, address _token, uint256 _amount ) external override { emit ReceivedMessage(_origin, _sender, string(_data), _token, _amount); lastSender = _sender; lastData = _data; lastToken = _token; lastAmount = _amount; } function fooBar(uint256 amount, string calldata message) external { emit ReceivedCall(msg.sender, amount, message); lastCaller = msg.sender; lastCallMessage = message; } } // File @openzeppelin/contracts/proxy/[email protected] // OpenZeppelin Contracts (last updated v4.6.0) (proxy/Proxy.sol) pragma solidity ^0.8.0; /** * @dev This abstract contract provides a fallback function that delegates all calls to another contract using the EVM * instruction `delegatecall`. We refer to the second contract as the _implementation_ behind the proxy, and it has to * be specified by overriding the virtual {_implementation} function. * * Additionally, delegation to the implementation can be triggered manually through the {_fallback} function, or to a * different contract through the {_delegate} function. * * The success and return data of the delegated call will be returned back to the caller of the proxy. */ abstract contract Proxy { /** * @dev Delegates the current call to `implementation`. * * This function does not return to its internal call site, it will return directly to the external caller. */ function _delegate(address implementation) internal virtual { assembly { // Copy msg.data. We take full control of memory in this inline assembly // block because it will not return to Solidity code. We overwrite the // Solidity scratch pad at memory position 0. calldatacopy(0, 0, calldatasize()) // Call the implementation. // out and outsize are 0 because we don't know the size yet. let result := delegatecall(gas(), implementation, 0, calldatasize(), 0, 0) // Copy the returned data. returndatacopy(0, 0, returndatasize()) switch result // delegatecall returns 0 on error. case 0 { revert(0, returndatasize()) } default { return(0, returndatasize()) } } } /** * @dev This is a virtual function that should be overridden so it returns the address to which the fallback function * and {_fallback} should delegate. */ function _implementation() internal view virtual returns (address); /** * @dev Delegates the current call to the address returned by `_implementation()`. * * This function does not return to its internal call site, it will return directly to the external caller. */ function _fallback() internal virtual { _beforeFallback(); _delegate(_implementation()); } /** * @dev Fallback function that delegates calls to the address returned by `_implementation()`. Will run if no other * function in the contract matches the call data. */ fallback() external payable virtual { _fallback(); } /** * @dev Fallback function that delegates calls to the address returned by `_implementation()`. Will run if call data * is empty. */ receive() external payable virtual { _fallback(); } /** * @dev Hook that is called before falling back to the implementation. Can happen as part of a manual `_fallback` * call, or as part of the Solidity `fallback` or `receive` functions. * * If overridden should call `super._beforeFallback()`. */ function _beforeFallback() internal virtual {} } // File @openzeppelin/contracts/proxy/beacon/[email protected] // OpenZeppelin Contracts v4.4.1 (proxy/beacon/IBeacon.sol) pragma solidity ^0.8.0; /** * @dev This is the interface that {BeaconProxy} expects of its beacon. */ interface IBeacon { /** * @dev Must return an address that can be used as a delegate call target. * * {BeaconProxy} will check that this address is a contract. */ function implementation() external view returns (address); } // File @openzeppelin/contracts/interfaces/[email protected] // OpenZeppelin Contracts (last updated v4.5.0) (interfaces/draft-IERC1822.sol) pragma solidity ^0.8.0; /** * @dev ERC1822: Universal Upgradeable Proxy Standard (UUPS) documents a method for upgradeability through a simplified * proxy whose upgrades are fully controlled by the current implementation. */ interface IERC1822Proxiable { /** * @dev Returns the storage slot that the proxiable contract assumes is being used to store the implementation * address. * * IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks * bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this * function revert if invoked through a proxy. */ function proxiableUUID() external view returns (bytes32); } // File @openzeppelin/contracts/utils/[email protected] // OpenZeppelin Contracts (last updated v4.7.0) (utils/StorageSlot.sol) pragma solidity ^0.8.0; /** * @dev Library for reading and writing primitive types to specific storage slots. * * Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts. * This library helps with reading and writing to such slots without the need for inline assembly. * * The functions in this library return Slot structs that contain a `value` member that can be used to read or write. * * Example usage to set ERC1967 implementation slot: * ``` * contract ERC1967 { * bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc; * * function _getImplementation() internal view returns (address) { * return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value; * } * * function _setImplementation(address newImplementation) internal { * require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract"); * StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation; * } * } * ``` * * _Available since v4.1 for `address`, `bool`, `bytes32`, and `uint256`._ */ library StorageSlot { struct AddressSlot { address value; } struct BooleanSlot { bool value; } struct Bytes32Slot { bytes32 value; } struct Uint256Slot { uint256 value; } /** * @dev Returns an `AddressSlot` with member `value` located at `slot`. */ function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) { /// @solidity memory-safe-assembly assembly { r.slot := slot } } /** * @dev Returns an `BooleanSlot` with member `value` located at `slot`. */ function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) { /// @solidity memory-safe-assembly assembly { r.slot := slot } } /** * @dev Returns an `Bytes32Slot` with member `value` located at `slot`. */ function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) { /// @solidity memory-safe-assembly assembly { r.slot := slot } } /** * @dev Returns an `Uint256Slot` with member `value` located at `slot`. */ function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) { /// @solidity memory-safe-assembly assembly { r.slot := slot } } } // File @openzeppelin/contracts/proxy/ERC1967/[email protected] // OpenZeppelin Contracts (last updated v4.5.0) (proxy/ERC1967/ERC1967Upgrade.sol) pragma solidity ^0.8.2; /** * @dev This abstract contract provides getters and event emitting update functions for * https://eips.ethereum.org/EIPS/eip-1967[EIP1967] slots. * * _Available since v4.1._ * * @custom:oz-upgrades-unsafe-allow delegatecall */ abstract contract ERC1967Upgrade { // This is the keccak-256 hash of "eip1967.proxy.rollback" subtracted by 1 bytes32 private constant _ROLLBACK_SLOT = 0x4910fdfa16fed3260ed0e7147f7cc6da11a60208b5b9406d12a635614ffd9143; /** * @dev Storage slot with the address of the current implementation. * This is the keccak-256 hash of "eip1967.proxy.implementation" subtracted by 1, and is * validated in the constructor. */ bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc; /** * @dev Emitted when the implementation is upgraded. */ event Upgraded(address indexed implementation); /** * @dev Returns the current implementation address. */ function _getImplementation() internal view returns (address) { return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value; } /** * @dev Stores a new address in the EIP1967 implementation slot. */ function _setImplementation(address newImplementation) private { require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract"); StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation; } /** * @dev Perform implementation upgrade * * Emits an {Upgraded} event. */ function _upgradeTo(address newImplementation) internal { _setImplementation(newImplementation); emit Upgraded(newImplementation); } /** * @dev Perform implementation upgrade with additional setup call. * * Emits an {Upgraded} event. */ function _upgradeToAndCall( address newImplementation, bytes memory data, bool forceCall ) internal { _upgradeTo(newImplementation); if (data.length > 0 || forceCall) { Address.functionDelegateCall(newImplementation, data); } } /** * @dev Perform implementation upgrade with security checks for UUPS proxies, and additional setup call. * * Emits an {Upgraded} event. */ function _upgradeToAndCallUUPS( address newImplementation, bytes memory data, bool forceCall ) internal { // Upgrades from old implementations will perform a rollback test. This test requires the new // implementation to upgrade back to the old, non-ERC1822 compliant, implementation. Removing // this special case will break upgrade paths from old UUPS implementation to new ones. if (StorageSlot.getBooleanSlot(_ROLLBACK_SLOT).value) { _setImplementation(newImplementation); } else { try IERC1822Proxiable(newImplementation).proxiableUUID() returns (bytes32 slot) { require(slot == _IMPLEMENTATION_SLOT, "ERC1967Upgrade: unsupported proxiableUUID"); } catch { revert("ERC1967Upgrade: new implementation is not UUPS"); } _upgradeToAndCall(newImplementation, data, forceCall); } } /** * @dev Storage slot with the admin of the contract. * This is the keccak-256 hash of "eip1967.proxy.admin" subtracted by 1, and is * validated in the constructor. */ bytes32 internal constant _ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103; /** * @dev Emitted when the admin account has changed. */ event AdminChanged(address previousAdmin, address newAdmin); /** * @dev Returns the current admin. */ function _getAdmin() internal view returns (address) { return StorageSlot.getAddressSlot(_ADMIN_SLOT).value; } /** * @dev Stores a new address in the EIP1967 admin slot. */ function _setAdmin(address newAdmin) private { require(newAdmin != address(0), "ERC1967: new admin is the zero address"); StorageSlot.getAddressSlot(_ADMIN_SLOT).value = newAdmin; } /** * @dev Changes the admin of the proxy. * * Emits an {AdminChanged} event. */ function _changeAdmin(address newAdmin) internal { emit AdminChanged(_getAdmin(), newAdmin); _setAdmin(newAdmin); } /** * @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy. * This is bytes32(uint256(keccak256('eip1967.proxy.beacon')) - 1)) and is validated in the constructor. */ bytes32 internal constant _BEACON_SLOT = 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50; /** * @dev Emitted when the beacon is upgraded. */ event BeaconUpgraded(address indexed beacon); /** * @dev Returns the current beacon. */ function _getBeacon() internal view returns (address) { return StorageSlot.getAddressSlot(_BEACON_SLOT).value; } /** * @dev Stores a new beacon in the EIP1967 beacon slot. */ function _setBeacon(address newBeacon) private { require(Address.isContract(newBeacon), "ERC1967: new beacon is not a contract"); require( Address.isContract(IBeacon(newBeacon).implementation()), "ERC1967: beacon implementation is not a contract" ); StorageSlot.getAddressSlot(_BEACON_SLOT).value = newBeacon; } /** * @dev Perform beacon upgrade with additional setup call. Note: This upgrades the address of the beacon, it does * not upgrade the implementation contained in the beacon (see {UpgradeableBeacon-_setImplementation} for that). * * Emits a {BeaconUpgraded} event. */ function _upgradeBeaconToAndCall( address newBeacon, bytes memory data, bool forceCall ) internal { _setBeacon(newBeacon); emit BeaconUpgraded(newBeacon); if (data.length > 0 || forceCall) { Address.functionDelegateCall(IBeacon(newBeacon).implementation(), data); } } } // File @openzeppelin/contracts/proxy/ERC1967/[email protected] // OpenZeppelin Contracts (last updated v4.7.0) (proxy/ERC1967/ERC1967Proxy.sol) pragma solidity ^0.8.0; /** * @dev This contract implements an upgradeable proxy. It is upgradeable because calls are delegated to an * implementation address that can be changed. This address is stored in storage in the location specified by * https://eips.ethereum.org/EIPS/eip-1967[EIP1967], so that it doesn't conflict with the storage layout of the * implementation behind the proxy. */ contract ERC1967Proxy is Proxy, ERC1967Upgrade { /** * @dev Initializes the upgradeable proxy with an initial implementation specified by `_logic`. * * If `_data` is nonempty, it's used as data in a delegate call to `_logic`. This will typically be an encoded * function call, and allows initializing the storage of the proxy like a Solidity constructor. */ constructor(address _logic, bytes memory _data) payable { _upgradeToAndCall(_logic, _data, false); } /** * @dev Returns the current implementation address. */ function _implementation() internal view virtual override returns (address impl) { return ERC1967Upgrade._getImplementation(); } } // File @openzeppelin/contracts/proxy/transparent/[email protected] // OpenZeppelin Contracts (last updated v4.7.0) (proxy/transparent/TransparentUpgradeableProxy.sol) pragma solidity ^0.8.0; /** * @dev This contract implements a proxy that is upgradeable by an admin. * * To avoid https://medium.com/nomic-labs-blog/malicious-backdoors-in-ethereum-proxies-62629adf3357[proxy selector * clashing], which can potentially be used in an attack, this contract uses the * https://blog.openzeppelin.com/the-transparent-proxy-pattern/[transparent proxy pattern]. This pattern implies two * things that go hand in hand: * * 1. If any account other than the admin calls the proxy, the call will be forwarded to the implementation, even if * that call matches one of the admin functions exposed by the proxy itself. * 2. If the admin calls the proxy, it can access the admin functions, but its calls will never be forwarded to the * implementation. If the admin tries to call a function on the implementation it will fail with an error that says * "admin cannot fallback to proxy target". * * These properties mean that the admin account can only be used for admin actions like upgrading the proxy or changing * the admin, so it's best if it's a dedicated account that is not used for anything else. This will avoid headaches due * to sudden errors when trying to call a function from the proxy implementation. * * Our recommendation is for the dedicated account to be an instance of the {ProxyAdmin} contract. If set up this way, * you should think of the `ProxyAdmin` instance as the real administrative interface of your proxy. */ contract TransparentUpgradeableProxy is ERC1967Proxy { /** * @dev Initializes an upgradeable proxy managed by `_admin`, backed by the implementation at `_logic`, and * optionally initialized with `_data` as explained in {ERC1967Proxy-constructor}. */ constructor( address _logic, address admin_, bytes memory _data ) payable ERC1967Proxy(_logic, _data) { _changeAdmin(admin_); } /** * @dev Modifier used internally that will delegate the call to the implementation unless the sender is the admin. */ modifier ifAdmin() { if (msg.sender == _getAdmin()) { _; } else { _fallback(); } } /** * @dev Returns the current admin. * * NOTE: Only the admin can call this function. See {ProxyAdmin-getProxyAdmin}. * * TIP: To get this value clients can read directly from the storage slot shown below (specified by EIP1967) using the * https://eth.wiki/json-rpc/API#eth_getstorageat[`eth_getStorageAt`] RPC call. * `0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103` */ function admin() external ifAdmin returns (address admin_) { admin_ = _getAdmin(); } /** * @dev Returns the current implementation. * * NOTE: Only the admin can call this function. See {ProxyAdmin-getProxyImplementation}. * * TIP: To get this value clients can read directly from the storage slot shown below (specified by EIP1967) using the * https://eth.wiki/json-rpc/API#eth_getstorageat[`eth_getStorageAt`] RPC call. * `0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc` */ function implementation() external ifAdmin returns (address implementation_) { implementation_ = _implementation(); } /** * @dev Changes the admin of the proxy. * * Emits an {AdminChanged} event. * * NOTE: Only the admin can call this function. See {ProxyAdmin-changeProxyAdmin}. */ function changeAdmin(address newAdmin) external virtual ifAdmin { _changeAdmin(newAdmin); } /** * @dev Upgrade the implementation of the proxy. * * NOTE: Only the admin can call this function. See {ProxyAdmin-upgrade}. */ function upgradeTo(address newImplementation) external ifAdmin { _upgradeToAndCall(newImplementation, bytes(""), false); } /** * @dev Upgrade the implementation of the proxy, and then call a function from the new implementation as specified * by `data`, which should be an encoded function call. This is useful to initialize new storage variables in the * proxied contract. * * NOTE: Only the admin can call this function. See {ProxyAdmin-upgradeAndCall}. */ function upgradeToAndCall(address newImplementation, bytes calldata data) external payable ifAdmin { _upgradeToAndCall(newImplementation, data, true); } /** * @dev Returns the current admin. */ function _admin() internal view virtual returns (address) { return _getAdmin(); } /** * @dev Makes sure the admin cannot access the fallback function. See {Proxy-_beforeFallback}. */ function _beforeFallback() internal virtual override { require(msg.sender != _getAdmin(), "TransparentUpgradeableProxy: admin cannot fallback to proxy target"); super._beforeFallback(); } } // File @openzeppelin/contracts/proxy/transparent/[email protected] // OpenZeppelin Contracts v4.4.1 (proxy/transparent/ProxyAdmin.sol) pragma solidity ^0.8.0; /** * @dev This is an auxiliary contract meant to be assigned as the admin of a {TransparentUpgradeableProxy}. For an * explanation of why you would want to use this see the documentation for {TransparentUpgradeableProxy}. */ contract ProxyAdmin is Ownable { /** * @dev Returns the current implementation of `proxy`. * * Requirements: * * - This contract must be the admin of `proxy`. */ function getProxyImplementation(TransparentUpgradeableProxy proxy) public view virtual returns (address) { // We need to manually run the static call since the getter cannot be flagged as view // bytes4(keccak256("implementation()")) == 0x5c60da1b (bool success, bytes memory returndata) = address(proxy).staticcall(hex"5c60da1b"); require(success); return abi.decode(returndata, (address)); } /** * @dev Returns the current admin of `proxy`. * * Requirements: * * - This contract must be the admin of `proxy`. */ function getProxyAdmin(TransparentUpgradeableProxy proxy) public view virtual returns (address) { // We need to manually run the static call since the getter cannot be flagged as view // bytes4(keccak256("admin()")) == 0xf851a440 (bool success, bytes memory returndata) = address(proxy).staticcall(hex"f851a440"); require(success); return abi.decode(returndata, (address)); } /** * @dev Changes the admin of `proxy` to `newAdmin`. * * Requirements: * * - This contract must be the current admin of `proxy`. */ function changeProxyAdmin(TransparentUpgradeableProxy proxy, address newAdmin) public virtual onlyOwner { proxy.changeAdmin(newAdmin); } /** * @dev Upgrades `proxy` to `implementation`. See {TransparentUpgradeableProxy-upgradeTo}. * * Requirements: * * - This contract must be the admin of `proxy`. */ function upgrade(TransparentUpgradeableProxy proxy, address implementation) public virtual onlyOwner { proxy.upgradeTo(implementation); } /** * @dev Upgrades `proxy` to `implementation` and calls a function on the new implementation. See * {TransparentUpgradeableProxy-upgradeToAndCall}. * * Requirements: * * - This contract must be the admin of `proxy`. */ function upgradeAndCall( TransparentUpgradeableProxy proxy, address implementation, bytes memory data ) public payable virtual onlyOwner { proxy.upgradeToAndCall{value: msg.value}(implementation, data); } } // File contracts/upgrade/ProxyAdmin.sol // OpenZeppelin Contracts v4.4.1 (proxy/transparent/ProxyAdmin.sol) pragma solidity ^0.8.0; // File contracts/upgrade/TransparentUpgradeableProxy.sol // OpenZeppelin Contracts (last updated v4.7.0) (proxy/transparent/TransparentUpgradeableProxy.sol) pragma solidity ^0.8.0; // File contracts/Create2Factory.sol // Copied from https://github.com/axelarnetwork/axelar-utils-solidity/commits/main/contracts/ConstAddressDeployer.sol pragma solidity ^0.8.0; contract Create2Factory { error EmptyBytecode(); error FailedDeploy(); error FailedInit(); event Deployed( bytes32 indexed bytecodeHash, bytes32 indexed salt, address indexed deployedAddress ); /** * @dev Deploys a contract using `CREATE2`. The address where the contract * will be deployed can be known in advance via {deployedAddress}. * * The bytecode for a contract can be obtained from Solidity with * `type(contractName).creationCode`. * * Requirements: * * - `bytecode` must not be empty. * - `salt` must have not been used for `bytecode` already by the same `msg.sender`. */ function deploy(bytes memory bytecode, bytes32 salt) external returns (address deployedAddress_) { deployedAddress_ = _deploy( bytecode, keccak256(abi.encode(msg.sender, salt)) ); } /** * @dev Deploys a contract using `CREATE2` and initialize it. The address where the contract * will be deployed can be known in advance via {deployedAddress}. * * The bytecode for a contract can be obtained from Solidity with * `type(contractName).creationCode`. * * Requirements: * * - `bytecode` must not be empty. * - `salt` must have not been used for `bytecode` already by the same `msg.sender`. * - `init` is used to initialize the deployed contract * as an option to not have the constructor args affect the address derived by `CREATE2`. */ function deployAndInit( bytes memory bytecode, bytes32 salt, bytes calldata init ) external returns (address deployedAddress_) { deployedAddress_ = _deploy( bytecode, keccak256(abi.encode(msg.sender, salt)) ); // solhint-disable-next-line avoid-low-level-calls (bool success, ) = deployedAddress_.call(init); if (!success) revert FailedInit(); } /** * @dev Returns the address where a contract will be stored if deployed via {deploy} or {deployAndInit} by `sender`. * Any change in the `bytecode`, `sender`, or `salt` will result in a new destination address. */ function deployedAddress( bytes calldata bytecode, address sender, bytes32 salt ) external view returns (address deployedAddress_) { bytes32 newSalt = keccak256(abi.encode(sender, salt)); deployedAddress_ = address( uint160( uint256( keccak256( abi.encodePacked( hex"ff", address(this), newSalt, keccak256(bytecode) // init code hash ) ) ) ) ); } function _deploy(bytes memory bytecode, bytes32 salt) internal returns (address deployedAddress_) { if (bytecode.length == 0) revert EmptyBytecode(); // solhint-disable-next-line no-inline-assembly assembly { deployedAddress_ := create2( 0, add(bytecode, 32), mload(bytecode), salt ) } if (deployedAddress_ == address(0)) revert FailedDeploy(); emit Deployed(keccak256(bytecode), salt, deployedAddress_); } } // File contracts/test/bad-recipient/BadRecipient2.sol pragma solidity >=0.8.0; contract BadRecipient2 { function handle(uint32, bytes32) external pure {} // solhint-disable-line no-empty-blocks }
File 2 of 8: FiatTokenProxy
pragma solidity ^0.4.24; // File: zos-lib/contracts/upgradeability/Proxy.sol /** * @title Proxy * @dev Implements delegation of calls to other contracts, with proper * forwarding of return values and bubbling of failures. * It defines a fallback function that delegates all calls to the address * returned by the abstract _implementation() internal function. */ contract Proxy { /** * @dev Fallback function. * Implemented entirely in `_fallback`. */ function () payable external { _fallback(); } /** * @return The Address of the implementation. */ function _implementation() internal view returns (address); /** * @dev Delegates execution to an implementation contract. * This is a low level function that doesn't return to its internal call site. * It will return to the external caller whatever the implementation returns. * @param implementation Address to delegate. */ function _delegate(address implementation) internal { assembly { // Copy msg.data. We take full control of memory in this inline assembly // block because it will not return to Solidity code. We overwrite the // Solidity scratch pad at memory position 0. calldatacopy(0, 0, calldatasize) // Call the implementation. // out and outsize are 0 because we don't know the size yet. let result := delegatecall(gas, implementation, 0, calldatasize, 0, 0) // Copy the returned data. returndatacopy(0, 0, returndatasize) switch result // delegatecall returns 0 on error. case 0 { revert(0, returndatasize) } default { return(0, returndatasize) } } } /** * @dev Function that is run as the first thing in the fallback function. * Can be redefined in derived contracts to add functionality. * Redefinitions must call super._willFallback(). */ function _willFallback() internal { } /** * @dev fallback implementation. * Extracted to enable manual triggering. */ function _fallback() internal { _willFallback(); _delegate(_implementation()); } } // File: openzeppelin-solidity/contracts/AddressUtils.sol /** * Utility library of inline functions on addresses */ library AddressUtils { /** * Returns whether the target address is a contract * @dev This function will return false if invoked during the constructor of a contract, * as the code is not actually created until after the constructor finishes. * @param addr address to check * @return whether the target address is a contract */ function isContract(address addr) internal view returns (bool) { uint256 size; // XXX Currently there is no better way to check if there is a contract in an address // than to check the size of the code at that address. // See https://ethereum.stackexchange.com/a/14016/36603 // for more details about how this works. // TODO Check this again before the Serenity release, because all addresses will be // contracts then. // solium-disable-next-line security/no-inline-assembly assembly { size := extcodesize(addr) } return size > 0; } } // File: zos-lib/contracts/upgradeability/UpgradeabilityProxy.sol /** * @title UpgradeabilityProxy * @dev This contract implements a proxy that allows to change the * implementation address to which it will delegate. * Such a change is called an implementation upgrade. */ contract UpgradeabilityProxy is Proxy { /** * @dev Emitted when the implementation is upgraded. * @param implementation Address of the new implementation. */ event Upgraded(address implementation); /** * @dev Storage slot with the address of the current implementation. * This is the keccak-256 hash of "org.zeppelinos.proxy.implementation", and is * validated in the constructor. */ bytes32 private constant IMPLEMENTATION_SLOT = 0x7050c9e0f4ca769c69bd3a8ef740bc37934f8e2c036e5a723fd8ee048ed3f8c3; /** * @dev Contract constructor. * @param _implementation Address of the initial implementation. */ constructor(address _implementation) public { assert(IMPLEMENTATION_SLOT == keccak256("org.zeppelinos.proxy.implementation")); _setImplementation(_implementation); } /** * @dev Returns the current implementation. * @return Address of the current implementation */ function _implementation() internal view returns (address impl) { bytes32 slot = IMPLEMENTATION_SLOT; assembly { impl := sload(slot) } } /** * @dev Upgrades the proxy to a new implementation. * @param newImplementation Address of the new implementation. */ function _upgradeTo(address newImplementation) internal { _setImplementation(newImplementation); emit Upgraded(newImplementation); } /** * @dev Sets the implementation address of the proxy. * @param newImplementation Address of the new implementation. */ function _setImplementation(address newImplementation) private { require(AddressUtils.isContract(newImplementation), "Cannot set a proxy implementation to a non-contract address"); bytes32 slot = IMPLEMENTATION_SLOT; assembly { sstore(slot, newImplementation) } } } // File: zos-lib/contracts/upgradeability/AdminUpgradeabilityProxy.sol /** * @title AdminUpgradeabilityProxy * @dev This contract combines an upgradeability proxy with an authorization * mechanism for administrative tasks. * All external functions in this contract must be guarded by the * `ifAdmin` modifier. See ethereum/solidity#3864 for a Solidity * feature proposal that would enable this to be done automatically. */ contract AdminUpgradeabilityProxy is UpgradeabilityProxy { /** * @dev Emitted when the administration has been transferred. * @param previousAdmin Address of the previous admin. * @param newAdmin Address of the new admin. */ event AdminChanged(address previousAdmin, address newAdmin); /** * @dev Storage slot with the admin of the contract. * This is the keccak-256 hash of "org.zeppelinos.proxy.admin", and is * validated in the constructor. */ bytes32 private constant ADMIN_SLOT = 0x10d6a54a4754c8869d6886b5f5d7fbfa5b4522237ea5c60d11bc4e7a1ff9390b; /** * @dev Modifier to check whether the `msg.sender` is the admin. * If it is, it will run the function. Otherwise, it will delegate the call * to the implementation. */ modifier ifAdmin() { if (msg.sender == _admin()) { _; } else { _fallback(); } } /** * Contract constructor. * It sets the `msg.sender` as the proxy administrator. * @param _implementation address of the initial implementation. */ constructor(address _implementation) UpgradeabilityProxy(_implementation) public { assert(ADMIN_SLOT == keccak256("org.zeppelinos.proxy.admin")); _setAdmin(msg.sender); } /** * @return The address of the proxy admin. */ function admin() external view ifAdmin returns (address) { return _admin(); } /** * @return The address of the implementation. */ function implementation() external view ifAdmin returns (address) { return _implementation(); } /** * @dev Changes the admin of the proxy. * Only the current admin can call this function. * @param newAdmin Address to transfer proxy administration to. */ function changeAdmin(address newAdmin) external ifAdmin { require(newAdmin != address(0), "Cannot change the admin of a proxy to the zero address"); emit AdminChanged(_admin(), newAdmin); _setAdmin(newAdmin); } /** * @dev Upgrade the backing implementation of the proxy. * Only the admin can call this function. * @param newImplementation Address of the new implementation. */ function upgradeTo(address newImplementation) external ifAdmin { _upgradeTo(newImplementation); } /** * @dev Upgrade the backing implementation of the proxy and call a function * on the new implementation. * This is useful to initialize the proxied contract. * @param newImplementation Address of the new implementation. * @param data Data to send as msg.data in the low level call. * It should include the signature and the parameters of the function to be * called, as described in * https://solidity.readthedocs.io/en/develop/abi-spec.html#function-selector-and-argument-encoding. */ function upgradeToAndCall(address newImplementation, bytes data) payable external ifAdmin { _upgradeTo(newImplementation); require(address(this).call.value(msg.value)(data)); } /** * @return The admin slot. */ function _admin() internal view returns (address adm) { bytes32 slot = ADMIN_SLOT; assembly { adm := sload(slot) } } /** * @dev Sets the address of the proxy admin. * @param newAdmin Address of the new proxy admin. */ function _setAdmin(address newAdmin) internal { bytes32 slot = ADMIN_SLOT; assembly { sstore(slot, newAdmin) } } /** * @dev Only fall back when the sender is not the admin. */ function _willFallback() internal { require(msg.sender != _admin(), "Cannot call fallback function from the proxy admin"); super._willFallback(); } } // File: contracts/FiatTokenProxy.sol /** * Copyright CENTRE SECZ 2018 * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is furnished to * do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in all * copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ pragma solidity ^0.4.24; /** * @title FiatTokenProxy * @dev This contract proxies FiatToken calls and enables FiatToken upgrades */ contract FiatTokenProxy is AdminUpgradeabilityProxy { constructor(address _implementation) public AdminUpgradeabilityProxy(_implementation) { } }
File 3 of 8: PolygonZkEVMBridgeV2
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.8.1) (proxy/utils/Initializable.sol) pragma solidity ^0.8.2; import "../../utils/AddressUpgradeable.sol"; /** * @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed * behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an * external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer * function so it can only be called once. The {initializer} modifier provided by this contract will have this effect. * * The initialization functions use a version number. Once a version number is used, it is consumed and cannot be * reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in * case an upgrade adds a module that needs to be initialized. * * For example: * * [.hljs-theme-light.nopadding] * ``` * contract MyToken is ERC20Upgradeable { * function initialize() initializer public { * __ERC20_init("MyToken", "MTK"); * } * } * contract MyTokenV2 is MyToken, ERC20PermitUpgradeable { * function initializeV2() reinitializer(2) public { * __ERC20Permit_init("MyToken"); * } * } * ``` * * TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as * possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}. * * CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure * that all initializers are idempotent. This is not verified automatically as constructors are by Solidity. * * [CAUTION] * ==== * Avoid leaving a contract uninitialized. * * An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation * contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke * the {_disableInitializers} function in the constructor to automatically lock it when it is deployed: * * [.hljs-theme-light.nopadding] * ``` * /// @custom:oz-upgrades-unsafe-allow constructor * constructor() { * _disableInitializers(); * } * ``` * ==== */ abstract contract Initializable { /** * @dev Indicates that the contract has been initialized. * @custom:oz-retyped-from bool */ uint8 private _initialized; /** * @dev Indicates that the contract is in the process of being initialized. */ bool private _initializing; /** * @dev Triggered when the contract has been initialized or reinitialized. */ event Initialized(uint8 version); /** * @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope, * `onlyInitializing` functions can be used to initialize parent contracts. * * Similar to `reinitializer(1)`, except that functions marked with `initializer` can be nested in the context of a * constructor. * * Emits an {Initialized} event. */ modifier initializer() { bool isTopLevelCall = !_initializing; require( (isTopLevelCall && _initialized < 1) || (!AddressUpgradeable.isContract(address(this)) && _initialized == 1), "Initializable: contract is already initialized" ); _initialized = 1; if (isTopLevelCall) { _initializing = true; } _; if (isTopLevelCall) { _initializing = false; emit Initialized(1); } } /** * @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the * contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be * used to initialize parent contracts. * * A reinitializer may be used after the original initialization step. This is essential to configure modules that * are added through upgrades and that require initialization. * * When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer` * cannot be nested. If one is invoked in the context of another, execution will revert. * * Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in * a contract, executing them in the right order is up to the developer or operator. * * WARNING: setting the version to 255 will prevent any future reinitialization. * * Emits an {Initialized} event. */ modifier reinitializer(uint8 version) { require(!_initializing && _initialized < version, "Initializable: contract is already initialized"); _initialized = version; _initializing = true; _; _initializing = false; emit Initialized(version); } /** * @dev Modifier to protect an initialization function so that it can only be invoked by functions with the * {initializer} and {reinitializer} modifiers, directly or indirectly. */ modifier onlyInitializing() { require(_initializing, "Initializable: contract is not initializing"); _; } /** * @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call. * Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized * to any version. It is recommended to use this to lock implementation contracts that are designed to be called * through proxies. * * Emits an {Initialized} event the first time it is successfully executed. */ function _disableInitializers() internal virtual { require(!_initializing, "Initializable: contract is initializing"); if (_initialized < type(uint8).max) { _initialized = type(uint8).max; emit Initialized(type(uint8).max); } } /** * @dev Returns the highest version that has been initialized. See {reinitializer}. */ function _getInitializedVersion() internal view returns (uint8) { return _initialized; } /** * @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}. */ function _isInitializing() internal view returns (bool) { return _initializing; } } // SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.8.0) (security/ReentrancyGuard.sol) pragma solidity ^0.8.0; import "../proxy/utils/Initializable.sol"; /** * @dev Contract module that helps prevent reentrant calls to a function. * * Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier * available, which can be applied to functions to make sure there are no nested * (reentrant) calls to them. * * Note that because there is a single `nonReentrant` guard, functions marked as * `nonReentrant` may not call one another. This can be worked around by making * those functions `private`, and then adding `external` `nonReentrant` entry * points to them. * * TIP: If you would like to learn more about reentrancy and alternative ways * to protect against it, check out our blog post * https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul]. */ abstract contract ReentrancyGuardUpgradeable is Initializable { // Booleans are more expensive than uint256 or any type that takes up a full // word because each write operation emits an extra SLOAD to first read the // slot's contents, replace the bits taken up by the boolean, and then write // back. This is the compiler's defense against contract upgrades and // pointer aliasing, and it cannot be disabled. // The values being non-zero value makes deployment a bit more expensive, // but in exchange the refund on every call to nonReentrant will be lower in // amount. Since refunds are capped to a percentage of the total // transaction's gas, it is best to keep them low in cases like this one, to // increase the likelihood of the full refund coming into effect. uint256 private constant _NOT_ENTERED = 1; uint256 private constant _ENTERED = 2; uint256 private _status; function __ReentrancyGuard_init() internal onlyInitializing { __ReentrancyGuard_init_unchained(); } function __ReentrancyGuard_init_unchained() internal onlyInitializing { _status = _NOT_ENTERED; } /** * @dev Prevents a contract from calling itself, directly or indirectly. * Calling a `nonReentrant` function from another `nonReentrant` * function is not supported. It is possible to prevent this from happening * by making the `nonReentrant` function external, and making it call a * `private` function that does the actual work. */ modifier nonReentrant() { _nonReentrantBefore(); _; _nonReentrantAfter(); } function _nonReentrantBefore() private { // On the first call to nonReentrant, _status will be _NOT_ENTERED require(_status != _ENTERED, "ReentrancyGuard: reentrant call"); // Any calls to nonReentrant after this point will fail _status = _ENTERED; } function _nonReentrantAfter() private { // By storing the original value once again, a refund is triggered (see // https://eips.ethereum.org/EIPS/eip-2200) _status = _NOT_ENTERED; } /** * @dev This empty reserved space is put in place to allow future versions to add new * variables without shifting down storage in the inheritance chain. * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps */ uint256[49] private __gap; } // SPDX-License-Identifier: MIT // OpenZeppelin Contracts v4.4.1 (token/ERC20/extensions/draft-IERC20Permit.sol) pragma solidity ^0.8.0; /** * @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in * https://eips.ethereum.org/EIPS/eip-2612[EIP-2612]. * * Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by * presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't * need to send a transaction, and thus is not required to hold Ether at all. */ interface IERC20PermitUpgradeable { /** * @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens, * given ``owner``'s signed approval. * * IMPORTANT: The same issues {IERC20-approve} has related to transaction * ordering also apply here. * * Emits an {Approval} event. * * Requirements: * * - `spender` cannot be the zero address. * - `deadline` must be a timestamp in the future. * - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner` * over the EIP712-formatted function arguments. * - the signature must use ``owner``'s current nonce (see {nonces}). * * For more information on the signature format, see the * https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP * section]. */ function permit( address owner, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s ) external; /** * @dev Returns the current nonce for `owner`. This value must be * included whenever a signature is generated for {permit}. * * Every successful call to {permit} increases ``owner``'s nonce by one. This * prevents a signature from being used multiple times. */ function nonces(address owner) external view returns (uint256); /** * @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}. */ // solhint-disable-next-line func-name-mixedcase function DOMAIN_SEPARATOR() external view returns (bytes32); } // SPDX-License-Identifier: MIT // OpenZeppelin Contracts v4.4.1 (token/ERC20/extensions/IERC20Metadata.sol) pragma solidity ^0.8.0; import "../IERC20Upgradeable.sol"; /** * @dev Interface for the optional metadata functions from the ERC20 standard. * * _Available since v4.1._ */ interface IERC20MetadataUpgradeable is IERC20Upgradeable { /** * @dev Returns the name of the token. */ function name() external view returns (string memory); /** * @dev Returns the symbol of the token. */ function symbol() external view returns (string memory); /** * @dev Returns the decimals places of the token. */ function decimals() external view returns (uint8); } // SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.6.0) (token/ERC20/IERC20.sol) pragma solidity ^0.8.0; /** * @dev Interface of the ERC20 standard as defined in the EIP. */ interface IERC20Upgradeable { /** * @dev Emitted when `value` tokens are moved from one account (`from`) to * another (`to`). * * Note that `value` may be zero. */ event Transfer(address indexed from, address indexed to, uint256 value); /** * @dev Emitted when the allowance of a `spender` for an `owner` is set by * a call to {approve}. `value` is the new allowance. */ event Approval(address indexed owner, address indexed spender, uint256 value); /** * @dev Returns the amount of tokens in existence. */ function totalSupply() external view returns (uint256); /** * @dev Returns the amount of tokens owned by `account`. */ function balanceOf(address account) external view returns (uint256); /** * @dev Moves `amount` tokens from the caller's account to `to`. * * Returns a boolean value indicating whether the operation succeeded. * * Emits a {Transfer} event. */ function transfer(address to, uint256 amount) external returns (bool); /** * @dev Returns the remaining number of tokens that `spender` will be * allowed to spend on behalf of `owner` through {transferFrom}. This is * zero by default. * * This value changes when {approve} or {transferFrom} are called. */ function allowance(address owner, address spender) external view returns (uint256); /** * @dev Sets `amount` as the allowance of `spender` over the caller's tokens. * * Returns a boolean value indicating whether the operation succeeded. * * IMPORTANT: Beware that changing an allowance with this method brings the risk * that someone may use both the old and the new allowance by unfortunate * transaction ordering. One possible solution to mitigate this race * condition is to first reduce the spender's allowance to 0 and set the * desired value afterwards: * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 * * Emits an {Approval} event. */ function approve(address spender, uint256 amount) external returns (bool); /** * @dev Moves `amount` tokens from `from` to `to` using the * allowance mechanism. `amount` is then deducted from the caller's * allowance. * * Returns a boolean value indicating whether the operation succeeded. * * Emits a {Transfer} event. */ function transferFrom( address from, address to, uint256 amount ) external returns (bool); } // SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.8.0) (token/ERC20/utils/SafeERC20.sol) pragma solidity ^0.8.0; import "../IERC20Upgradeable.sol"; import "../extensions/draft-IERC20PermitUpgradeable.sol"; import "../../../utils/AddressUpgradeable.sol"; /** * @title SafeERC20 * @dev Wrappers around ERC20 operations that throw on failure (when the token * contract returns false). Tokens that return no value (and instead revert or * throw on failure) are also supported, non-reverting calls are assumed to be * successful. * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract, * which allows you to call the safe operations as `token.safeTransfer(...)`, etc. */ library SafeERC20Upgradeable { using AddressUpgradeable for address; function safeTransfer( IERC20Upgradeable token, address to, uint256 value ) internal { _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value)); } function safeTransferFrom( IERC20Upgradeable token, address from, address to, uint256 value ) internal { _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value)); } /** * @dev Deprecated. This function has issues similar to the ones found in * {IERC20-approve}, and its usage is discouraged. * * Whenever possible, use {safeIncreaseAllowance} and * {safeDecreaseAllowance} instead. */ function safeApprove( IERC20Upgradeable token, address spender, uint256 value ) internal { // safeApprove should only be called when setting an initial allowance, // or when resetting it to zero. To increase and decrease it, use // 'safeIncreaseAllowance' and 'safeDecreaseAllowance' require( (value == 0) || (token.allowance(address(this), spender) == 0), "SafeERC20: approve from non-zero to non-zero allowance" ); _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value)); } function safeIncreaseAllowance( IERC20Upgradeable token, address spender, uint256 value ) internal { uint256 newAllowance = token.allowance(address(this), spender) + value; _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance)); } function safeDecreaseAllowance( IERC20Upgradeable token, address spender, uint256 value ) internal { unchecked { uint256 oldAllowance = token.allowance(address(this), spender); require(oldAllowance >= value, "SafeERC20: decreased allowance below zero"); uint256 newAllowance = oldAllowance - value; _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance)); } } function safePermit( IERC20PermitUpgradeable token, address owner, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s ) internal { uint256 nonceBefore = token.nonces(owner); token.permit(owner, spender, value, deadline, v, r, s); uint256 nonceAfter = token.nonces(owner); require(nonceAfter == nonceBefore + 1, "SafeERC20: permit did not succeed"); } /** * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement * on the return value: the return value is optional (but if data is returned, it must not be false). * @param token The token targeted by the call. * @param data The call data (encoded using abi.encode or one of its variants). */ function _callOptionalReturn(IERC20Upgradeable token, bytes memory data) private { // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since // we're implementing it ourselves. We use {Address-functionCall} to perform this call, which verifies that // the target address contains contract code and also asserts for success in the low-level call. bytes memory returndata = address(token).functionCall(data, "SafeERC20: low-level call failed"); if (returndata.length > 0) { // Return data is optional require(abi.decode(returndata, (bool)), "SafeERC20: ERC20 operation did not succeed"); } } } // SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.8.0) (utils/Address.sol) pragma solidity ^0.8.1; /** * @dev Collection of functions related to the address type */ library AddressUpgradeable { /** * @dev Returns true if `account` is a contract. * * [IMPORTANT] * ==== * It is unsafe to assume that an address for which this function returns * false is an externally-owned account (EOA) and not a contract. * * Among others, `isContract` will return false for the following * types of addresses: * * - an externally-owned account * - a contract in construction * - an address where a contract will be created * - an address where a contract lived, but was destroyed * ==== * * [IMPORTANT] * ==== * You shouldn't rely on `isContract` to protect against flash loan attacks! * * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract * constructor. * ==== */ function isContract(address account) internal view returns (bool) { // This method relies on extcodesize/address.code.length, which returns 0 // for contracts in construction, since the code is only stored at the end // of the constructor execution. return account.code.length > 0; } /** * @dev Replacement for Solidity's `transfer`: sends `amount` wei to * `recipient`, forwarding all available gas and reverting on errors. * * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost * of certain opcodes, possibly making contracts go over the 2300 gas limit * imposed by `transfer`, making them unable to receive funds via * `transfer`. {sendValue} removes this limitation. * * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more]. * * IMPORTANT: because control is transferred to `recipient`, care must be * taken to not create reentrancy vulnerabilities. Consider using * {ReentrancyGuard} or the * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern]. */ function sendValue(address payable recipient, uint256 amount) internal { require(address(this).balance >= amount, "Address: insufficient balance"); (bool success, ) = recipient.call{value: amount}(""); require(success, "Address: unable to send value, recipient may have reverted"); } /** * @dev Performs a Solidity function call using a low level `call`. A * plain `call` is an unsafe replacement for a function call: use this * function instead. * * If `target` reverts with a revert reason, it is bubbled up by this * function (like regular Solidity function calls). * * Returns the raw returned data. To convert to the expected return value, * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`]. * * Requirements: * * - `target` must be a contract. * - calling `target` with `data` must not revert. * * _Available since v3.1._ */ function functionCall(address target, bytes memory data) internal returns (bytes memory) { return functionCallWithValue(target, data, 0, "Address: low-level call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with * `errorMessage` as a fallback revert reason when `target` reverts. * * _Available since v3.1._ */ function functionCall( address target, bytes memory data, string memory errorMessage ) internal returns (bytes memory) { return functionCallWithValue(target, data, 0, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but also transferring `value` wei to `target`. * * Requirements: * * - the calling contract must have an ETH balance of at least `value`. * - the called Solidity function must be `payable`. * * _Available since v3.1._ */ function functionCallWithValue( address target, bytes memory data, uint256 value ) internal returns (bytes memory) { return functionCallWithValue(target, data, value, "Address: low-level call with value failed"); } /** * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but * with `errorMessage` as a fallback revert reason when `target` reverts. * * _Available since v3.1._ */ function functionCallWithValue( address target, bytes memory data, uint256 value, string memory errorMessage ) internal returns (bytes memory) { require(address(this).balance >= value, "Address: insufficient balance for call"); (bool success, bytes memory returndata) = target.call{value: value}(data); return verifyCallResultFromTarget(target, success, returndata, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but performing a static call. * * _Available since v3.3._ */ function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) { return functionStaticCall(target, data, "Address: low-level static call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`], * but performing a static call. * * _Available since v3.3._ */ function functionStaticCall( address target, bytes memory data, string memory errorMessage ) internal view returns (bytes memory) { (bool success, bytes memory returndata) = target.staticcall(data); return verifyCallResultFromTarget(target, success, returndata, errorMessage); } /** * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract. * * _Available since v4.8._ */ function verifyCallResultFromTarget( address target, bool success, bytes memory returndata, string memory errorMessage ) internal view returns (bytes memory) { if (success) { if (returndata.length == 0) { // only check isContract if the call was successful and the return data is empty // otherwise we already know that it was a contract require(isContract(target), "Address: call to non-contract"); } return returndata; } else { _revert(returndata, errorMessage); } } /** * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the * revert reason or using the provided one. * * _Available since v4.3._ */ function verifyCallResult( bool success, bytes memory returndata, string memory errorMessage ) internal pure returns (bytes memory) { if (success) { return returndata; } else { _revert(returndata, errorMessage); } } function _revert(bytes memory returndata, string memory errorMessage) private pure { // Look for revert reason and bubble it up if present if (returndata.length > 0) { // The easiest way to bubble the revert reason is using memory via assembly /// @solidity memory-safe-assembly assembly { let returndata_size := mload(returndata) revert(add(32, returndata), returndata_size) } } else { revert(errorMessage); } } } // SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.8.0) (token/ERC20/ERC20.sol) pragma solidity ^0.8.0; import "./IERC20.sol"; import "./extensions/IERC20Metadata.sol"; import "../../utils/Context.sol"; /** * @dev Implementation of the {IERC20} interface. * * This implementation is agnostic to the way tokens are created. This means * that a supply mechanism has to be added in a derived contract using {_mint}. * For a generic mechanism see {ERC20PresetMinterPauser}. * * TIP: For a detailed writeup see our guide * https://forum.openzeppelin.com/t/how-to-implement-erc20-supply-mechanisms/226[How * to implement supply mechanisms]. * * We have followed general OpenZeppelin Contracts guidelines: functions revert * instead returning `false` on failure. This behavior is nonetheless * conventional and does not conflict with the expectations of ERC20 * applications. * * Additionally, an {Approval} event is emitted on calls to {transferFrom}. * This allows applications to reconstruct the allowance for all accounts just * by listening to said events. Other implementations of the EIP may not emit * these events, as it isn't required by the specification. * * Finally, the non-standard {decreaseAllowance} and {increaseAllowance} * functions have been added to mitigate the well-known issues around setting * allowances. See {IERC20-approve}. */ contract ERC20 is Context, IERC20, IERC20Metadata { mapping(address => uint256) private _balances; mapping(address => mapping(address => uint256)) private _allowances; uint256 private _totalSupply; string private _name; string private _symbol; /** * @dev Sets the values for {name} and {symbol}. * * The default value of {decimals} is 18. To select a different value for * {decimals} you should overload it. * * All two of these values are immutable: they can only be set once during * construction. */ constructor(string memory name_, string memory symbol_) { _name = name_; _symbol = symbol_; } /** * @dev Returns the name of the token. */ function name() public view virtual override returns (string memory) { return _name; } /** * @dev Returns the symbol of the token, usually a shorter version of the * name. */ function symbol() public view virtual override returns (string memory) { return _symbol; } /** * @dev Returns the number of decimals used to get its user representation. * For example, if `decimals` equals `2`, a balance of `505` tokens should * be displayed to a user as `5.05` (`505 / 10 ** 2`). * * Tokens usually opt for a value of 18, imitating the relationship between * Ether and Wei. This is the value {ERC20} uses, unless this function is * overridden; * * NOTE: This information is only used for _display_ purposes: it in * no way affects any of the arithmetic of the contract, including * {IERC20-balanceOf} and {IERC20-transfer}. */ function decimals() public view virtual override returns (uint8) { return 18; } /** * @dev See {IERC20-totalSupply}. */ function totalSupply() public view virtual override returns (uint256) { return _totalSupply; } /** * @dev See {IERC20-balanceOf}. */ function balanceOf(address account) public view virtual override returns (uint256) { return _balances[account]; } /** * @dev See {IERC20-transfer}. * * Requirements: * * - `to` cannot be the zero address. * - the caller must have a balance of at least `amount`. */ function transfer(address to, uint256 amount) public virtual override returns (bool) { address owner = _msgSender(); _transfer(owner, to, amount); return true; } /** * @dev See {IERC20-allowance}. */ function allowance(address owner, address spender) public view virtual override returns (uint256) { return _allowances[owner][spender]; } /** * @dev See {IERC20-approve}. * * NOTE: If `amount` is the maximum `uint256`, the allowance is not updated on * `transferFrom`. This is semantically equivalent to an infinite approval. * * Requirements: * * - `spender` cannot be the zero address. */ function approve(address spender, uint256 amount) public virtual override returns (bool) { address owner = _msgSender(); _approve(owner, spender, amount); return true; } /** * @dev See {IERC20-transferFrom}. * * Emits an {Approval} event indicating the updated allowance. This is not * required by the EIP. See the note at the beginning of {ERC20}. * * NOTE: Does not update the allowance if the current allowance * is the maximum `uint256`. * * Requirements: * * - `from` and `to` cannot be the zero address. * - `from` must have a balance of at least `amount`. * - the caller must have allowance for ``from``'s tokens of at least * `amount`. */ function transferFrom( address from, address to, uint256 amount ) public virtual override returns (bool) { address spender = _msgSender(); _spendAllowance(from, spender, amount); _transfer(from, to, amount); return true; } /** * @dev Atomically increases the allowance granted to `spender` by the caller. * * This is an alternative to {approve} that can be used as a mitigation for * problems described in {IERC20-approve}. * * Emits an {Approval} event indicating the updated allowance. * * Requirements: * * - `spender` cannot be the zero address. */ function increaseAllowance(address spender, uint256 addedValue) public virtual returns (bool) { address owner = _msgSender(); _approve(owner, spender, allowance(owner, spender) + addedValue); return true; } /** * @dev Atomically decreases the allowance granted to `spender` by the caller. * * This is an alternative to {approve} that can be used as a mitigation for * problems described in {IERC20-approve}. * * Emits an {Approval} event indicating the updated allowance. * * Requirements: * * - `spender` cannot be the zero address. * - `spender` must have allowance for the caller of at least * `subtractedValue`. */ function decreaseAllowance(address spender, uint256 subtractedValue) public virtual returns (bool) { address owner = _msgSender(); uint256 currentAllowance = allowance(owner, spender); require(currentAllowance >= subtractedValue, "ERC20: decreased allowance below zero"); unchecked { _approve(owner, spender, currentAllowance - subtractedValue); } return true; } /** * @dev Moves `amount` of tokens from `from` to `to`. * * This internal function is equivalent to {transfer}, and can be used to * e.g. implement automatic token fees, slashing mechanisms, etc. * * Emits a {Transfer} event. * * Requirements: * * - `from` cannot be the zero address. * - `to` cannot be the zero address. * - `from` must have a balance of at least `amount`. */ function _transfer( address from, address to, uint256 amount ) internal virtual { require(from != address(0), "ERC20: transfer from the zero address"); require(to != address(0), "ERC20: transfer to the zero address"); _beforeTokenTransfer(from, to, amount); uint256 fromBalance = _balances[from]; require(fromBalance >= amount, "ERC20: transfer amount exceeds balance"); unchecked { _balances[from] = fromBalance - amount; // Overflow not possible: the sum of all balances is capped by totalSupply, and the sum is preserved by // decrementing then incrementing. _balances[to] += amount; } emit Transfer(from, to, amount); _afterTokenTransfer(from, to, amount); } /** @dev Creates `amount` tokens and assigns them to `account`, increasing * the total supply. * * Emits a {Transfer} event with `from` set to the zero address. * * Requirements: * * - `account` cannot be the zero address. */ function _mint(address account, uint256 amount) internal virtual { require(account != address(0), "ERC20: mint to the zero address"); _beforeTokenTransfer(address(0), account, amount); _totalSupply += amount; unchecked { // Overflow not possible: balance + amount is at most totalSupply + amount, which is checked above. _balances[account] += amount; } emit Transfer(address(0), account, amount); _afterTokenTransfer(address(0), account, amount); } /** * @dev Destroys `amount` tokens from `account`, reducing the * total supply. * * Emits a {Transfer} event with `to` set to the zero address. * * Requirements: * * - `account` cannot be the zero address. * - `account` must have at least `amount` tokens. */ function _burn(address account, uint256 amount) internal virtual { require(account != address(0), "ERC20: burn from the zero address"); _beforeTokenTransfer(account, address(0), amount); uint256 accountBalance = _balances[account]; require(accountBalance >= amount, "ERC20: burn amount exceeds balance"); unchecked { _balances[account] = accountBalance - amount; // Overflow not possible: amount <= accountBalance <= totalSupply. _totalSupply -= amount; } emit Transfer(account, address(0), amount); _afterTokenTransfer(account, address(0), amount); } /** * @dev Sets `amount` as the allowance of `spender` over the `owner` s tokens. * * This internal function is equivalent to `approve`, and can be used to * e.g. set automatic allowances for certain subsystems, etc. * * Emits an {Approval} event. * * Requirements: * * - `owner` cannot be the zero address. * - `spender` cannot be the zero address. */ function _approve( address owner, address spender, uint256 amount ) internal virtual { require(owner != address(0), "ERC20: approve from the zero address"); require(spender != address(0), "ERC20: approve to the zero address"); _allowances[owner][spender] = amount; emit Approval(owner, spender, amount); } /** * @dev Updates `owner` s allowance for `spender` based on spent `amount`. * * Does not update the allowance amount in case of infinite allowance. * Revert if not enough allowance is available. * * Might emit an {Approval} event. */ function _spendAllowance( address owner, address spender, uint256 amount ) internal virtual { uint256 currentAllowance = allowance(owner, spender); if (currentAllowance != type(uint256).max) { require(currentAllowance >= amount, "ERC20: insufficient allowance"); unchecked { _approve(owner, spender, currentAllowance - amount); } } } /** * @dev Hook that is called before any transfer of tokens. This includes * minting and burning. * * Calling conditions: * * - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens * will be transferred to `to`. * - when `from` is zero, `amount` tokens will be minted for `to`. * - when `to` is zero, `amount` of ``from``'s tokens will be burned. * - `from` and `to` are never both zero. * * To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks]. */ function _beforeTokenTransfer( address from, address to, uint256 amount ) internal virtual {} /** * @dev Hook that is called after any transfer of tokens. This includes * minting and burning. * * Calling conditions: * * - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens * has been transferred to `to`. * - when `from` is zero, `amount` tokens have been minted for `to`. * - when `to` is zero, `amount` of ``from``'s tokens have been burned. * - `from` and `to` are never both zero. * * To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks]. */ function _afterTokenTransfer( address from, address to, uint256 amount ) internal virtual {} } // SPDX-License-Identifier: MIT // OpenZeppelin Contracts v4.4.1 (token/ERC20/extensions/IERC20Metadata.sol) pragma solidity ^0.8.0; import "../IERC20.sol"; /** * @dev Interface for the optional metadata functions from the ERC20 standard. * * _Available since v4.1._ */ interface IERC20Metadata is IERC20 { /** * @dev Returns the name of the token. */ function name() external view returns (string memory); /** * @dev Returns the symbol of the token. */ function symbol() external view returns (string memory); /** * @dev Returns the decimals places of the token. */ function decimals() external view returns (uint8); } // SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.6.0) (token/ERC20/IERC20.sol) pragma solidity ^0.8.0; /** * @dev Interface of the ERC20 standard as defined in the EIP. */ interface IERC20 { /** * @dev Emitted when `value` tokens are moved from one account (`from`) to * another (`to`). * * Note that `value` may be zero. */ event Transfer(address indexed from, address indexed to, uint256 value); /** * @dev Emitted when the allowance of a `spender` for an `owner` is set by * a call to {approve}. `value` is the new allowance. */ event Approval(address indexed owner, address indexed spender, uint256 value); /** * @dev Returns the amount of tokens in existence. */ function totalSupply() external view returns (uint256); /** * @dev Returns the amount of tokens owned by `account`. */ function balanceOf(address account) external view returns (uint256); /** * @dev Moves `amount` tokens from the caller's account to `to`. * * Returns a boolean value indicating whether the operation succeeded. * * Emits a {Transfer} event. */ function transfer(address to, uint256 amount) external returns (bool); /** * @dev Returns the remaining number of tokens that `spender` will be * allowed to spend on behalf of `owner` through {transferFrom}. This is * zero by default. * * This value changes when {approve} or {transferFrom} are called. */ function allowance(address owner, address spender) external view returns (uint256); /** * @dev Sets `amount` as the allowance of `spender` over the caller's tokens. * * Returns a boolean value indicating whether the operation succeeded. * * IMPORTANT: Beware that changing an allowance with this method brings the risk * that someone may use both the old and the new allowance by unfortunate * transaction ordering. One possible solution to mitigate this race * condition is to first reduce the spender's allowance to 0 and set the * desired value afterwards: * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 * * Emits an {Approval} event. */ function approve(address spender, uint256 amount) external returns (bool); /** * @dev Moves `amount` tokens from `from` to `to` using the * allowance mechanism. `amount` is then deducted from the caller's * allowance. * * Returns a boolean value indicating whether the operation succeeded. * * Emits a {Transfer} event. */ function transferFrom( address from, address to, uint256 amount ) external returns (bool); } // SPDX-License-Identifier: MIT // OpenZeppelin Contracts v4.4.1 (utils/Context.sol) pragma solidity ^0.8.0; /** * @dev Provides information about the current execution context, including the * sender of the transaction and its data. While these are generally available * via msg.sender and msg.data, they should not be accessed in such a direct * manner, since when dealing with meta-transactions the account sending and * paying for execution may not be the actual sender (as far as an application * is concerned). * * This contract is only required for intermediate, library-like contracts. */ abstract contract Context { function _msgSender() internal view virtual returns (address) { return msg.sender; } function _msgData() internal view virtual returns (bytes calldata) { return msg.data; } } // SPDX-License-Identifier: AGPL-3.0 pragma solidity ^0.8.20; interface IBasePolygonZkEVMGlobalExitRoot { /** * @dev Thrown when the caller is not the allowed contracts */ error OnlyAllowedContracts(); function updateExitRoot(bytes32 newRollupExitRoot) external; function globalExitRootMap( bytes32 globalExitRootNum ) external returns (uint256); } // SPDX-License-Identifier: AGPL-3.0 pragma solidity ^0.8.20; /** * @dev Define interface for PolygonZkEVM Bridge message receiver */ interface IBridgeMessageReceiver { function onMessageReceived( address originAddress, uint32 originNetwork, bytes memory data ) external payable; } // SPDX-License-Identifier: AGPL-3.0 pragma solidity ^0.8.20; /** * @dev Contract helper responsible to manage the emergency state */ contract EmergencyManager { /** * @dev Thrown when emergency state is active, and the function requires otherwise */ error OnlyNotEmergencyState(); /** * @dev Thrown when emergency state is not active, and the function requires otherwise */ error OnlyEmergencyState(); /** * @dev This empty reserved space is put in place to allow future versions to add new * variables without shifting down storage in the inheritance chain. */ uint256[10] private _gap; // Indicates whether the emergency state is active or not bool public isEmergencyState; /** * @dev Emitted when emergency state is activated */ event EmergencyStateActivated(); /** * @dev Emitted when emergency state is deactivated */ event EmergencyStateDeactivated(); /** * @notice Only allows a function to be callable if emergency state is unactive */ modifier ifNotEmergencyState() { if (isEmergencyState) { revert OnlyNotEmergencyState(); } _; } /** * @notice Only allows a function to be callable if emergency state is active */ modifier ifEmergencyState() { if (!isEmergencyState) { revert OnlyEmergencyState(); } _; } /** * @notice Activate emergency state */ function _activateEmergencyState() internal virtual ifNotEmergencyState { isEmergencyState = true; emit EmergencyStateActivated(); } /** * @notice Deactivate emergency state */ function _deactivateEmergencyState() internal virtual ifEmergencyState { isEmergencyState = false; emit EmergencyStateDeactivated(); } } // SPDX-License-Identifier: AGPL-3.0 pragma solidity 0.8.20; /** * @dev A library that provides the necessary calculations to calculate the global exit root */ library GlobalExitRootLib { function calculateGlobalExitRoot( bytes32 mainnetExitRoot, bytes32 rollupExitRoot ) internal pure returns (bytes32) { return keccak256(abi.encodePacked(mainnetExitRoot, rollupExitRoot)); } } // SPDX-License-Identifier: GPL-3.0 // Implementation of permit based on https://github.com/WETH10/WETH10/blob/main/contracts/WETH10.sol pragma solidity 0.8.20; import "@openzeppelin/contracts/token/ERC20/ERC20.sol"; contract TokenWrapped is ERC20 { // Domain typehash bytes32 public constant DOMAIN_TYPEHASH = keccak256( "EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)" ); // Permit typehash bytes32 public constant PERMIT_TYPEHASH = keccak256( "Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)" ); // Version string public constant VERSION = "1"; // Chain id on deployment uint256 public immutable deploymentChainId; // Domain separator calculated on deployment bytes32 private immutable _DEPLOYMENT_DOMAIN_SEPARATOR; // PolygonZkEVM Bridge address address public immutable bridgeAddress; // Decimals uint8 private immutable _decimals; // Permit nonces mapping(address => uint256) public nonces; modifier onlyBridge() { require( msg.sender == bridgeAddress, "TokenWrapped::onlyBridge: Not PolygonZkEVMBridge" ); _; } constructor( string memory name, string memory symbol, uint8 __decimals ) ERC20(name, symbol) { bridgeAddress = msg.sender; _decimals = __decimals; deploymentChainId = block.chainid; _DEPLOYMENT_DOMAIN_SEPARATOR = _calculateDomainSeparator(block.chainid); } function mint(address to, uint256 value) external onlyBridge { _mint(to, value); } // Notice that is not require to approve wrapped tokens to use the bridge function burn(address account, uint256 value) external onlyBridge { _burn(account, value); } function decimals() public view virtual override returns (uint8) { return _decimals; } // Permit relative functions function permit( address owner, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s ) external { require( block.timestamp <= deadline, "TokenWrapped::permit: Expired permit" ); bytes32 hashStruct = keccak256( abi.encode( PERMIT_TYPEHASH, owner, spender, value, nonces[owner]++, deadline ) ); bytes32 digest = keccak256( abi.encodePacked("\\x19\\x01", DOMAIN_SEPARATOR(), hashStruct) ); address signer = ecrecover(digest, v, r, s); require( signer != address(0) && signer == owner, "TokenWrapped::permit: Invalid signature" ); _approve(owner, spender, value); } /** * @notice Calculate domain separator, given a chainID. * @param chainId Current chainID */ function _calculateDomainSeparator( uint256 chainId ) private view returns (bytes32) { return keccak256( abi.encode( DOMAIN_TYPEHASH, keccak256(bytes(name())), keccak256(bytes(VERSION)), chainId, address(this) ) ); } /// @dev Return the DOMAIN_SEPARATOR. function DOMAIN_SEPARATOR() public view returns (bytes32) { return block.chainid == deploymentChainId ? _DEPLOYMENT_DOMAIN_SEPARATOR : _calculateDomainSeparator(block.chainid); } } // SPDX-License-Identifier: AGPL-3.0 pragma solidity ^0.8.20; import "../../interfaces/IBasePolygonZkEVMGlobalExitRoot.sol"; interface IPolygonZkEVMBridgeV2 { /** * @dev Thrown when the destination network is invalid */ error DestinationNetworkInvalid(); /** * @dev Thrown when the amount does not match msg.value */ error AmountDoesNotMatchMsgValue(); /** * @dev Thrown when user is bridging tokens and is also sending a value */ error MsgValueNotZero(); /** * @dev Thrown when the Ether transfer on claimAsset fails */ error EtherTransferFailed(); /** * @dev Thrown when the message transaction on claimMessage fails */ error MessageFailed(); /** * @dev Thrown when the global exit root does not exist */ error GlobalExitRootInvalid(); /** * @dev Thrown when the smt proof does not match */ error InvalidSmtProof(); /** * @dev Thrown when an index is already claimed */ error AlreadyClaimed(); /** * @dev Thrown when the owner of permit does not match the sender */ error NotValidOwner(); /** * @dev Thrown when the spender of the permit does not match this contract address */ error NotValidSpender(); /** * @dev Thrown when the amount of the permit does not match */ error NotValidAmount(); /** * @dev Thrown when the permit data contains an invalid signature */ error NotValidSignature(); /** * @dev Thrown when sender is not the rollup manager */ error OnlyRollupManager(); /** * @dev Thrown when the permit data contains an invalid signature */ error NativeTokenIsEther(); /** * @dev Thrown when the permit data contains an invalid signature */ error NoValueInMessagesOnGasTokenNetworks(); /** * @dev Thrown when the permit data contains an invalid signature */ error GasTokenNetworkMustBeZeroOnEther(); /** * @dev Thrown when the wrapped token deployment fails */ error FailedTokenWrappedDeployment(); function wrappedTokenToTokenInfo( address destinationAddress ) external view returns (uint32, address); function updateGlobalExitRoot() external; function activateEmergencyState() external; function deactivateEmergencyState() external; function bridgeAsset( uint32 destinationNetwork, address destinationAddress, uint256 amount, address token, bool forceUpdateGlobalExitRoot, bytes calldata permitData ) external payable; function bridgeMessage( uint32 destinationNetwork, address destinationAddress, bool forceUpdateGlobalExitRoot, bytes calldata metadata ) external payable; function bridgeMessageWETH( uint32 destinationNetwork, address destinationAddress, uint256 amountWETH, bool forceUpdateGlobalExitRoot, bytes calldata metadata ) external; function claimAsset( bytes32[32] calldata smtProofLocalExitRoot, bytes32[32] calldata smtProofRollupExitRoot, uint256 globalIndex, bytes32 mainnetExitRoot, bytes32 rollupExitRoot, uint32 originNetwork, address originTokenAddress, uint32 destinationNetwork, address destinationAddress, uint256 amount, bytes calldata metadata ) external; function claimMessage( bytes32[32] calldata smtProofLocalExitRoot, bytes32[32] calldata smtProofRollupExitRoot, uint256 globalIndex, bytes32 mainnetExitRoot, bytes32 rollupExitRoot, uint32 originNetwork, address originAddress, uint32 destinationNetwork, address destinationAddress, uint256 amount, bytes calldata metadata ) external; function initialize( uint32 _networkID, address _gasTokenAddress, uint32 _gasTokenNetwork, IBasePolygonZkEVMGlobalExitRoot _globalExitRootManager, address _polygonRollupManager, bytes memory _gasTokenMetadata ) external; function getTokenMetadata( address token ) external view returns (bytes memory); } // SPDX-License-Identifier: AGPL-3.0 pragma solidity ^0.8.20; /** * This contract will be used as a helper for all the sparse merkle tree related functions * Based on the implementation of the deposit eth2.0 contract https://github.com/ethereum/consensus-specs/blob/dev/solidity_deposit_contract/deposit_contract.sol */ contract DepositContractBase { /** * @dev Thrown when the merkle tree is full */ error MerkleTreeFull(); // Merkle tree levels uint256 internal constant _DEPOSIT_CONTRACT_TREE_DEPTH = 32; // This ensures `depositCount` will fit into 32-bits uint256 internal constant _MAX_DEPOSIT_COUNT = 2 ** _DEPOSIT_CONTRACT_TREE_DEPTH - 1; // Branch array which contains the necessary sibilings to compute the next root when a new // leaf is inserted bytes32[_DEPOSIT_CONTRACT_TREE_DEPTH] internal _branch; // Counter of current deposits uint256 public depositCount; /** * @dev This empty reserved space is put in place to allow future versions to add new * variables without shifting down storage in the inheritance chain. */ uint256[10] private _gap; /** * @notice Computes and returns the merkle root */ function getRoot() public view virtual returns (bytes32) { bytes32 node; uint256 size = depositCount; bytes32 currentZeroHashHeight = 0; for ( uint256 height = 0; height < _DEPOSIT_CONTRACT_TREE_DEPTH; height++ ) { if (((size >> height) & 1) == 1) node = keccak256(abi.encodePacked(_branch[height], node)); else node = keccak256(abi.encodePacked(node, currentZeroHashHeight)); currentZeroHashHeight = keccak256( abi.encodePacked(currentZeroHashHeight, currentZeroHashHeight) ); } return node; } /** * @notice Add a new leaf to the merkle tree * @param leaf Leaf */ function _addLeaf(bytes32 leaf) internal { bytes32 node = leaf; // Avoid overflowing the Merkle tree (and prevent edge case in computing `_branch`) if (depositCount >= _MAX_DEPOSIT_COUNT) { revert MerkleTreeFull(); } // Add deposit data root to Merkle tree (update a single `_branch` node) uint256 size = ++depositCount; for ( uint256 height = 0; height < _DEPOSIT_CONTRACT_TREE_DEPTH; height++ ) { if (((size >> height) & 1) == 1) { _branch[height] = node; return; } node = keccak256(abi.encodePacked(_branch[height], node)); } // As the loop should always end prematurely with the `return` statement, // this code should be unreachable. We assert `false` just to be safe. assert(false); } /** * @notice Verify merkle proof * @param leafHash Leaf hash * @param smtProof Smt proof * @param index Index of the leaf * @param root Merkle root */ function verifyMerkleProof( bytes32 leafHash, bytes32[_DEPOSIT_CONTRACT_TREE_DEPTH] calldata smtProof, uint32 index, bytes32 root ) public pure returns (bool) { return calculateRoot(leafHash, smtProof, index) == root; } /** * @notice Calculate root from merkle proof * @param leafHash Leaf hash * @param smtProof Smt proof * @param index Index of the leaf */ function calculateRoot( bytes32 leafHash, bytes32[_DEPOSIT_CONTRACT_TREE_DEPTH] calldata smtProof, uint32 index ) public pure returns (bytes32) { bytes32 node = leafHash; // Compute root for ( uint256 height = 0; height < _DEPOSIT_CONTRACT_TREE_DEPTH; height++ ) { if (((index >> height) & 1) == 1) node = keccak256(abi.encodePacked(smtProof[height], node)); else node = keccak256(abi.encodePacked(node, smtProof[height])); } return node; } } // SPDX-License-Identifier: AGPL-3.0 pragma solidity ^0.8.20; import "@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol"; import "./DepositContractBase.sol"; /** * This contract will be used in the PolygonZkEVMBridge contract, it inherits the DepositContractBase and adds the logic * to calculate the leaf of the tree */ contract DepositContractV2 is ReentrancyGuardUpgradeable, DepositContractBase { /** * @notice Given the leaf data returns the leaf value * @param leafType Leaf type --> [0] transfer Ether / ERC20 tokens, [1] message * @param originNetwork Origin Network * @param originAddress [0] Origin token address, 0 address is reserved for ether, [1] msg.sender of the message * @param destinationNetwork Destination network * @param destinationAddress Destination address * @param amount [0] Amount of tokens/ether, [1] Amount of ether * @param metadataHash Hash of the metadata */ function getLeafValue( uint8 leafType, uint32 originNetwork, address originAddress, uint32 destinationNetwork, address destinationAddress, uint256 amount, bytes32 metadataHash ) public pure returns (bytes32) { return keccak256( abi.encodePacked( leafType, originNetwork, originAddress, destinationNetwork, destinationAddress, amount, metadataHash ) ); } } // SPDX-License-Identifier: AGPL-3.0 pragma solidity 0.8.20; import "./lib/DepositContractV2.sol"; import "@openzeppelin/contracts-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol"; import "@openzeppelin/contracts-upgradeable/token/ERC20/extensions/IERC20MetadataUpgradeable.sol"; import "../lib/TokenWrapped.sol"; import "../interfaces/IBasePolygonZkEVMGlobalExitRoot.sol"; import "../interfaces/IBridgeMessageReceiver.sol"; import "./interfaces/IPolygonZkEVMBridgeV2.sol"; import "../lib/EmergencyManager.sol"; import "../lib/GlobalExitRootLib.sol"; /** * PolygonZkEVMBridge that will be deployed on Ethereum and all Polygon rollups * Contract responsible to manage the token interactions with other networks */ contract PolygonZkEVMBridgeV2 is DepositContractV2, EmergencyManager, IPolygonZkEVMBridgeV2 { using SafeERC20Upgradeable for IERC20Upgradeable; // Wrapped Token information struct struct TokenInformation { uint32 originNetwork; address originTokenAddress; } // bytes4(keccak256(bytes("permit(address,address,uint256,uint256,uint8,bytes32,bytes32)"))); bytes4 private constant _PERMIT_SIGNATURE = 0xd505accf; // bytes4(keccak256(bytes("permit(address,address,uint256,uint256,bool,uint8,bytes32,bytes32)"))); bytes4 private constant _PERMIT_SIGNATURE_DAI = 0x8fcbaf0c; // Mainnet identifier uint32 private constant _MAINNET_NETWORK_ID = 0; // ZkEVM identifier uint32 private constant _ZKEVM_NETWORK_ID = 1; // Leaf type asset uint8 private constant _LEAF_TYPE_ASSET = 0; // Leaf type message uint8 private constant _LEAF_TYPE_MESSAGE = 1; // Nullifier offset uint256 private constant _MAX_LEAFS_PER_NETWORK = 2 ** 32; // Indicate where's the mainnet flag bit in the global index uint256 private constant _GLOBAL_INDEX_MAINNET_FLAG = 2 ** 64; // Init code of the erc20 wrapped token, to deploy a wrapped token the constructor parameters must be appended bytes public constant BASE_INIT_BYTECODE_WRAPPED_TOKEN = hex"6101006040523480156200001257600080fd5b5060405162001b6638038062001b6683398101604081905262000035916200028d565b82826003620000458382620003a1565b506004620000548282620003a1565b50503360c0525060ff811660e052466080819052620000739062000080565b60a052506200046d915050565b60007f8b73c3c69bb8fe3d512ecc4cf759cc79239f7b179b0ffacaa9a75d522b39400f620000ad6200012e565b805160209182012060408051808201825260018152603160f81b90840152805192830193909352918101919091527fc89efdaa54c0f20c7adf612882df0950f5a951637e0307cdcb4c672f298b8bc66060820152608081018390523060a082015260c001604051602081830303815290604052805190602001209050919050565b6060600380546200013f9062000312565b80601f01602080910402602001604051908101604052809291908181526020018280546200016d9062000312565b8015620001be5780601f106200019257610100808354040283529160200191620001be565b820191906000526020600020905b815481529060010190602001808311620001a057829003601f168201915b5050505050905090565b634e487b7160e01b600052604160045260246000fd5b600082601f830112620001f057600080fd5b81516001600160401b03808211156200020d576200020d620001c8565b604051601f8301601f19908116603f01168101908282118183101715620002385762000238620001c8565b816040528381526020925086838588010111156200025557600080fd5b600091505b838210156200027957858201830151818301840152908201906200025a565b600093810190920192909252949350505050565b600080600060608486031215620002a357600080fd5b83516001600160401b0380821115620002bb57600080fd5b620002c987838801620001de565b94506020860151915080821115620002e057600080fd5b50620002ef86828701620001de565b925050604084015160ff811681146200030757600080fd5b809150509250925092565b600181811c908216806200032757607f821691505b6020821081036200034857634e487b7160e01b600052602260045260246000fd5b50919050565b601f8211156200039c57600081815260208120601f850160051c81016020861015620003775750805b601f850160051c820191505b81811015620003985782815560010162000383565b5050505b505050565b81516001600160401b03811115620003bd57620003bd620001c8565b620003d581620003ce845462000312565b846200034e565b602080601f8311600181146200040d5760008415620003f45750858301515b600019600386901b1c1916600185901b17855562000398565b600085815260208120601f198616915b828110156200043e578886015182559484019460019091019084016200041d565b50858210156200045d5787850151600019600388901b60f8161c191681555b5050505050600190811b01905550565b60805160a05160c05160e0516116aa620004bc6000396000610237015260008181610307015281816105c001526106a70152600061053a015260008181610379015261050401526116aa6000f3fe608060405234801561001057600080fd5b50600436106101775760003560e01c806370a08231116100d8578063a457c2d71161008c578063d505accf11610066578063d505accf1461039b578063dd62ed3e146103ae578063ffa1ad74146103f457600080fd5b8063a457c2d71461034e578063a9059cbb14610361578063cd0d00961461037457600080fd5b806395d89b41116100bd57806395d89b41146102e75780639dc29fac146102ef578063a3c573eb1461030257600080fd5b806370a08231146102915780637ecebe00146102c757600080fd5b806330adf81f1161012f5780633644e515116101145780633644e51514610261578063395093511461026957806340c10f191461027c57600080fd5b806330adf81f14610209578063313ce5671461023057600080fd5b806318160ddd1161016057806318160ddd146101bd57806320606b70146101cf57806323b872dd146101f657600080fd5b806306fdde031461017c578063095ea7b31461019a575b600080fd5b610184610430565b60405161019191906113e4565b60405180910390f35b6101ad6101a8366004611479565b6104c2565b6040519015158152602001610191565b6002545b604051908152602001610191565b6101c17f8b73c3c69bb8fe3d512ecc4cf759cc79239f7b179b0ffacaa9a75d522b39400f81565b6101ad6102043660046114a3565b6104dc565b6101c17f6e71edae12b1b97f4d1f60370fef10105fa2faae0126114a169c64845d6126c981565b60405160ff7f0000000000000000000000000000000000000000000000000000000000000000168152602001610191565b6101c1610500565b6101ad610277366004611479565b61055c565b61028f61028a366004611479565b6105a8565b005b6101c161029f3660046114df565b73ffffffffffffffffffffffffffffffffffffffff1660009081526020819052604090205490565b6101c16102d53660046114df565b60056020526000908152604090205481565b610184610680565b61028f6102fd366004611479565b61068f565b6103297f000000000000000000000000000000000000000000000000000000000000000081565b60405173ffffffffffffffffffffffffffffffffffffffff9091168152602001610191565b6101ad61035c366004611479565b61075e565b6101ad61036f366004611479565b61082f565b6101c17f000000000000000000000000000000000000000000000000000000000000000081565b61028f6103a9366004611501565b61083d565b6101c16103bc366004611574565b73ffffffffffffffffffffffffffffffffffffffff918216600090815260016020908152604080832093909416825291909152205490565b6101846040518060400160405280600181526020017f310000000000000000000000000000000000000000000000000000000000000081525081565b60606003805461043f906115a7565b80601f016020809104026020016040519081016040528092919081815260200182805461046b906115a7565b80156104b85780601f1061048d576101008083540402835291602001916104b8565b820191906000526020600020905b81548152906001019060200180831161049b57829003601f168201915b5050505050905090565b6000336104d0818585610b73565b60019150505b92915050565b6000336104ea858285610d27565b6104f5858585610dfe565b506001949350505050565b60007f00000000000000000000000000000000000000000000000000000000000000004614610537576105324661106d565b905090565b507f000000000000000000000000000000000000000000000000000000000000000090565b33600081815260016020908152604080832073ffffffffffffffffffffffffffffffffffffffff871684529091528120549091906104d090829086906105a3908790611629565b610b73565b3373ffffffffffffffffffffffffffffffffffffffff7f00000000000000000000000000000000000000000000000000000000000000001614610672576040517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152603060248201527f546f6b656e577261707065643a3a6f6e6c794272696467653a204e6f7420506f60448201527f6c79676f6e5a6b45564d4272696467650000000000000000000000000000000060648201526084015b60405180910390fd5b61067c8282611135565b5050565b60606004805461043f906115a7565b3373ffffffffffffffffffffffffffffffffffffffff7f00000000000000000000000000000000000000000000000000000000000000001614610754576040517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152603060248201527f546f6b656e577261707065643a3a6f6e6c794272696467653a204e6f7420506f60448201527f6c79676f6e5a6b45564d427269646765000000000000000000000000000000006064820152608401610669565b61067c8282611228565b33600081815260016020908152604080832073ffffffffffffffffffffffffffffffffffffffff8716845290915281205490919083811015610822576040517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152602560248201527f45524332303a2064656372656173656420616c6c6f77616e63652062656c6f7760448201527f207a65726f0000000000000000000000000000000000000000000000000000006064820152608401610669565b6104f58286868403610b73565b6000336104d0818585610dfe565b834211156108cc576040517f08c379a0000000000000000000000000000000000000000000000000000000008152602060048201526024808201527f546f6b656e577261707065643a3a7065726d69743a204578706972656420706560448201527f726d6974000000000000000000000000000000000000000000000000000000006064820152608401610669565b73ffffffffffffffffffffffffffffffffffffffff8716600090815260056020526040812080547f6e71edae12b1b97f4d1f60370fef10105fa2faae0126114a169c64845d6126c9918a918a918a9190866109268361163c565b9091555060408051602081019690965273ffffffffffffffffffffffffffffffffffffffff94851690860152929091166060840152608083015260a082015260c0810186905260e0016040516020818303038152906040528051906020012090506000610991610500565b6040517f19010000000000000000000000000000000000000000000000000000000000006020820152602281019190915260428101839052606201604080517fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe08184030181528282528051602091820120600080855291840180845281905260ff89169284019290925260608301879052608083018690529092509060019060a0016020604051602081039080840390855afa158015610a55573d6000803e3d6000fd5b50506040517fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0015191505073ffffffffffffffffffffffffffffffffffffffff811615801590610ad057508973ffffffffffffffffffffffffffffffffffffffff168173ffffffffffffffffffffffffffffffffffffffff16145b610b5c576040517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152602760248201527f546f6b656e577261707065643a3a7065726d69743a20496e76616c696420736960448201527f676e6174757265000000000000000000000000000000000000000000000000006064820152608401610669565b610b678a8a8a610b73565b50505050505050505050565b73ffffffffffffffffffffffffffffffffffffffff8316610c15576040517f08c379a0000000000000000000000000000000000000000000000000000000008152602060048201526024808201527f45524332303a20617070726f76652066726f6d20746865207a65726f2061646460448201527f72657373000000000000000000000000000000000000000000000000000000006064820152608401610669565b73ffffffffffffffffffffffffffffffffffffffff8216610cb8576040517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152602260248201527f45524332303a20617070726f766520746f20746865207a65726f20616464726560448201527f73730000000000000000000000000000000000000000000000000000000000006064820152608401610669565b73ffffffffffffffffffffffffffffffffffffffff83811660008181526001602090815260408083209487168084529482529182902085905590518481527f8c5be1e5ebec7d5bd14f71427d1e84f3dd0314c0f7b2291e5b200ac8c7c3b92591015b60405180910390a3505050565b73ffffffffffffffffffffffffffffffffffffffff8381166000908152600160209081526040808320938616835292905220547fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff8114610df85781811015610deb576040517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601d60248201527f45524332303a20696e73756666696369656e7420616c6c6f77616e63650000006044820152606401610669565b610df88484848403610b73565b50505050565b73ffffffffffffffffffffffffffffffffffffffff8316610ea1576040517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152602560248201527f45524332303a207472616e736665722066726f6d20746865207a65726f20616460448201527f64726573730000000000000000000000000000000000000000000000000000006064820152608401610669565b73ffffffffffffffffffffffffffffffffffffffff8216610f44576040517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152602360248201527f45524332303a207472616e7366657220746f20746865207a65726f206164647260448201527f65737300000000000000000000000000000000000000000000000000000000006064820152608401610669565b73ffffffffffffffffffffffffffffffffffffffff831660009081526020819052604090205481811015610ffa576040517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152602660248201527f45524332303a207472616e7366657220616d6f756e742065786365656473206260448201527f616c616e636500000000000000000000000000000000000000000000000000006064820152608401610669565b73ffffffffffffffffffffffffffffffffffffffff848116600081815260208181526040808320878703905593871680835291849020805487019055925185815290927fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef910160405180910390a3610df8565b60007f8b73c3c69bb8fe3d512ecc4cf759cc79239f7b179b0ffacaa9a75d522b39400f611098610430565b8051602091820120604080518082018252600181527f310000000000000000000000000000000000000000000000000000000000000090840152805192830193909352918101919091527fc89efdaa54c0f20c7adf612882df0950f5a951637e0307cdcb4c672f298b8bc66060820152608081018390523060a082015260c001604051602081830303815290604052805190602001209050919050565b73ffffffffffffffffffffffffffffffffffffffff82166111b2576040517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601f60248201527f45524332303a206d696e7420746f20746865207a65726f2061646472657373006044820152606401610669565b80600260008282546111c49190611629565b909155505073ffffffffffffffffffffffffffffffffffffffff8216600081815260208181526040808320805486019055518481527fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef910160405180910390a35050565b73ffffffffffffffffffffffffffffffffffffffff82166112cb576040517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152602160248201527f45524332303a206275726e2066726f6d20746865207a65726f2061646472657360448201527f73000000000000000000000000000000000000000000000000000000000000006064820152608401610669565b73ffffffffffffffffffffffffffffffffffffffff821660009081526020819052604090205481811015611381576040517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152602260248201527f45524332303a206275726e20616d6f756e7420657863656564732062616c616e60448201527f63650000000000000000000000000000000000000000000000000000000000006064820152608401610669565b73ffffffffffffffffffffffffffffffffffffffff83166000818152602081815260408083208686039055600280548790039055518581529192917fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef9101610d1a565b600060208083528351808285015260005b81811015611411578581018301518582016040015282016113f5565b5060006040828601015260407fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0601f8301168501019250505092915050565b803573ffffffffffffffffffffffffffffffffffffffff8116811461147457600080fd5b919050565b6000806040838503121561148c57600080fd5b61149583611450565b946020939093013593505050565b6000806000606084860312156114b857600080fd5b6114c184611450565b92506114cf60208501611450565b9150604084013590509250925092565b6000602082840312156114f157600080fd5b6114fa82611450565b9392505050565b600080600080600080600060e0888a03121561151c57600080fd5b61152588611450565b965061153360208901611450565b95506040880135945060608801359350608088013560ff8116811461155757600080fd5b9699959850939692959460a0840135945060c09093013592915050565b6000806040838503121561158757600080fd5b61159083611450565b915061159e60208401611450565b90509250929050565b600181811c908216806115bb57607f821691505b6020821081036115f4577f4e487b7100000000000000000000000000000000000000000000000000000000600052602260045260246000fd5b50919050565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052601160045260246000fd5b808201808211156104d6576104d66115fa565b60007fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff820361166d5761166d6115fa565b506001019056fea26469706673582212208d88fee561cff7120d381c345cfc534cef8229a272dc5809d4bbb685ad67141164736f6c63430008110033"; // Network identifier uint32 public networkID; // Global Exit Root address IBasePolygonZkEVMGlobalExitRoot public globalExitRootManager; // Last updated deposit count to the global exit root manager uint32 public lastUpdatedDepositCount; // Leaf index --> claimed bit map mapping(uint256 => uint256) public claimedBitMap; // keccak256(OriginNetwork || tokenAddress) --> Wrapped token address mapping(bytes32 => address) public tokenInfoToWrappedToken; // Wrapped token Address --> Origin token information mapping(address => TokenInformation) public wrappedTokenToTokenInfo; // Rollup manager address, previously PolygonZkEVM /// @custom:oz-renamed-from polygonZkEVMaddress address public polygonRollupManager; // Native address address public gasTokenAddress; // Native address uint32 public gasTokenNetwork; // Gas token metadata bytes public gasTokenMetadata; // WETH address TokenWrapped public WETHToken; /** * @dev Emitted when bridge assets or messages to another network */ event BridgeEvent( uint8 leafType, uint32 originNetwork, address originAddress, uint32 destinationNetwork, address destinationAddress, uint256 amount, bytes metadata, uint32 depositCount ); /** * @dev Emitted when a claim is done from another network */ event ClaimEvent( uint256 globalIndex, uint32 originNetwork, address originAddress, address destinationAddress, uint256 amount ); /** * @dev Emitted when a new wrapped token is created */ event NewWrappedToken( uint32 originNetwork, address originTokenAddress, address wrappedTokenAddress, bytes metadata ); /** * Disable initalizers on the implementation following the best practices */ constructor() { _disableInitializers(); } /** * @param _networkID networkID * @param _gasTokenAddress gas token address * @param _gasTokenNetwork gas token network * @param _globalExitRootManager global exit root manager address * @param _polygonRollupManager polygonZkEVM address * @notice The value of `_polygonRollupManager` on the L2 deployment of the contract will be address(0), so * emergency state is not possible for the L2 deployment of the bridge, intentionally * @param _gasTokenMetadata Abi encoded gas token metadata */ function initialize( uint32 _networkID, address _gasTokenAddress, uint32 _gasTokenNetwork, IBasePolygonZkEVMGlobalExitRoot _globalExitRootManager, address _polygonRollupManager, bytes memory _gasTokenMetadata ) external virtual initializer { networkID = _networkID; globalExitRootManager = _globalExitRootManager; polygonRollupManager = _polygonRollupManager; // Set gas token if (_gasTokenAddress == address(0)) { // Gas token will be ether if (_gasTokenNetwork != 0) { revert GasTokenNetworkMustBeZeroOnEther(); } // WETHToken, gasTokenAddress and gasTokenNetwork will be 0 // gasTokenMetadata will be empty } else { // Gas token will be an erc20 gasTokenAddress = _gasTokenAddress; gasTokenNetwork = _gasTokenNetwork; gasTokenMetadata = _gasTokenMetadata; // Create a wrapped token for WETH, with salt == 0 WETHToken = _deployWrappedToken( 0, // salt abi.encode("Wrapped Ether", "WETH", 18) ); } // Initialize OZ contracts __ReentrancyGuard_init(); } modifier onlyRollupManager() { if (polygonRollupManager != msg.sender) { revert OnlyRollupManager(); } _; } /** * @notice Deposit add a new leaf to the merkle tree * note If this function is called with a reentrant token, it would be possible to `claimTokens` in the same call * Reducing the supply of tokens on this contract, and actually locking tokens in the contract. * Therefore we recommend to third parties bridges that if they do implement reentrant call of `beforeTransfer` of some reentrant tokens * do not call any external address in that case * note User/UI must be aware of the existing/available networks when choosing the destination network * @param destinationNetwork Network destination * @param destinationAddress Address destination * @param amount Amount of tokens * @param token Token address, 0 address is reserved for ether * @param forceUpdateGlobalExitRoot Indicates if the new global exit root is updated or not * @param permitData Raw data of the call `permit` of the token */ function bridgeAsset( uint32 destinationNetwork, address destinationAddress, uint256 amount, address token, bool forceUpdateGlobalExitRoot, bytes calldata permitData ) public payable virtual ifNotEmergencyState nonReentrant { if (destinationNetwork == networkID) { revert DestinationNetworkInvalid(); } address originTokenAddress; uint32 originNetwork; bytes memory metadata; uint256 leafAmount = amount; if (token == address(0)) { // Check gas token transfer if (msg.value != amount) { revert AmountDoesNotMatchMsgValue(); } // Set gas token parameters originNetwork = gasTokenNetwork; originTokenAddress = gasTokenAddress; metadata = gasTokenMetadata; } else { // Check msg.value is 0 if tokens are bridged if (msg.value != 0) { revert MsgValueNotZero(); } // Check if it's WETH, this only applies on L2 networks with gasTokens // In case ether is the native token, WETHToken will be 0, and the address 0 is already checked if (token == address(WETHToken)) { // Burn tokens TokenWrapped(token).burn(msg.sender, amount); // Both origin network and originTokenAddress will be 0 // Metadata will be empty } else { TokenInformation memory tokenInfo = wrappedTokenToTokenInfo[ token ]; if (tokenInfo.originTokenAddress != address(0)) { // The token is a wrapped token from another network // Burn tokens TokenWrapped(token).burn(msg.sender, amount); originTokenAddress = tokenInfo.originTokenAddress; originNetwork = tokenInfo.originNetwork; } else { // Use permit if any if (permitData.length != 0) { _permit(token, amount, permitData); } // In order to support fee tokens check the amount received, not the transferred uint256 balanceBefore = IERC20Upgradeable(token).balanceOf( address(this) ); IERC20Upgradeable(token).safeTransferFrom( msg.sender, address(this), amount ); uint256 balanceAfter = IERC20Upgradeable(token).balanceOf( address(this) ); // Override leafAmount with the received amount leafAmount = balanceAfter - balanceBefore; originTokenAddress = token; originNetwork = networkID; } // Encode metadata metadata = getTokenMetadata(token); } } emit BridgeEvent( _LEAF_TYPE_ASSET, originNetwork, originTokenAddress, destinationNetwork, destinationAddress, leafAmount, metadata, uint32(depositCount) ); _addLeaf( getLeafValue( _LEAF_TYPE_ASSET, originNetwork, originTokenAddress, destinationNetwork, destinationAddress, leafAmount, keccak256(metadata) ) ); // Update the new root to the global exit root manager if set by the user if (forceUpdateGlobalExitRoot) { _updateGlobalExitRoot(); } } /** * @notice Bridge message and send ETH value * note User/UI must be aware of the existing/available networks when choosing the destination network * @param destinationNetwork Network destination * @param destinationAddress Address destination * @param forceUpdateGlobalExitRoot Indicates if the new global exit root is updated or not * @param metadata Message metadata */ function bridgeMessage( uint32 destinationNetwork, address destinationAddress, bool forceUpdateGlobalExitRoot, bytes calldata metadata ) external payable ifNotEmergencyState { // If exist a gas token, only allow call this function without value if (msg.value != 0 && address(WETHToken) != address(0)) { revert NoValueInMessagesOnGasTokenNetworks(); } _bridgeMessage( destinationNetwork, destinationAddress, msg.value, forceUpdateGlobalExitRoot, metadata ); } /** * @notice Bridge message and send ETH value * note User/UI must be aware of the existing/available networks when choosing the destination network * @param destinationNetwork Network destination * @param destinationAddress Address destination * @param amountWETH Amount of WETH tokens * @param forceUpdateGlobalExitRoot Indicates if the new global exit root is updated or not * @param metadata Message metadata */ function bridgeMessageWETH( uint32 destinationNetwork, address destinationAddress, uint256 amountWETH, bool forceUpdateGlobalExitRoot, bytes calldata metadata ) external ifNotEmergencyState { // If native token is ether, disable this function if (address(WETHToken) == address(0)) { revert NativeTokenIsEther(); } // Burn wETH tokens WETHToken.burn(msg.sender, amountWETH); _bridgeMessage( destinationNetwork, destinationAddress, amountWETH, forceUpdateGlobalExitRoot, metadata ); } /** * @notice Bridge message and send ETH value * @param destinationNetwork Network destination * @param destinationAddress Address destination * @param amountEther Amount of ether along with the message * @param forceUpdateGlobalExitRoot Indicates if the new global exit root is updated or not * @param metadata Message metadata */ function _bridgeMessage( uint32 destinationNetwork, address destinationAddress, uint256 amountEther, bool forceUpdateGlobalExitRoot, bytes calldata metadata ) internal { if (destinationNetwork == networkID) { revert DestinationNetworkInvalid(); } emit BridgeEvent( _LEAF_TYPE_MESSAGE, networkID, msg.sender, destinationNetwork, destinationAddress, amountEther, metadata, uint32(depositCount) ); _addLeaf( getLeafValue( _LEAF_TYPE_MESSAGE, networkID, msg.sender, destinationNetwork, destinationAddress, amountEther, keccak256(metadata) ) ); // Update the new root to the global exit root manager if set by the user if (forceUpdateGlobalExitRoot) { _updateGlobalExitRoot(); } } /** * @notice Verify merkle proof and withdraw tokens/ether * @param smtProofLocalExitRoot Smt proof to proof the leaf against the network exit root * @param smtProofRollupExitRoot Smt proof to proof the rollupLocalExitRoot against the rollups exit root * @param globalIndex Global index is defined as: * | 191 bits | 1 bit | 32 bits | 32 bits | * | 0 | mainnetFlag | rollupIndex | localRootIndex | * note that only the rollup index will be used only in case the mainnet flag is 0 * note that global index do not assert the unused bits to 0. * This means that when synching the events, the globalIndex must be decoded the same way that in the Smart contract * to avoid possible synch attacks * @param mainnetExitRoot Mainnet exit root * @param rollupExitRoot Rollup exit root * @param originNetwork Origin network * @param originTokenAddress Origin token address, 0 address is reserved for ether * @param destinationNetwork Network destination * @param destinationAddress Address destination * @param amount Amount of tokens * @param metadata Abi encoded metadata if any, empty otherwise */ function claimAsset( bytes32[_DEPOSIT_CONTRACT_TREE_DEPTH] calldata smtProofLocalExitRoot, bytes32[_DEPOSIT_CONTRACT_TREE_DEPTH] calldata smtProofRollupExitRoot, uint256 globalIndex, bytes32 mainnetExitRoot, bytes32 rollupExitRoot, uint32 originNetwork, address originTokenAddress, uint32 destinationNetwork, address destinationAddress, uint256 amount, bytes calldata metadata ) external ifNotEmergencyState { // Destination network must be this networkID if (destinationNetwork != networkID) { revert DestinationNetworkInvalid(); } // Verify leaf exist and it does not have been claimed _verifyLeaf( smtProofLocalExitRoot, smtProofRollupExitRoot, globalIndex, mainnetExitRoot, rollupExitRoot, getLeafValue( _LEAF_TYPE_ASSET, originNetwork, originTokenAddress, destinationNetwork, destinationAddress, amount, keccak256(metadata) ) ); // Transfer funds if (originTokenAddress == address(0)) { if (address(WETHToken) == address(0)) { // Ether is the native token /* solhint-disable avoid-low-level-calls */ (bool success, ) = destinationAddress.call{value: amount}( new bytes(0) ); if (!success) { revert EtherTransferFailed(); } } else { // Claim wETH WETHToken.mint(destinationAddress, amount); } } else { // Check if it's gas token if ( originTokenAddress == gasTokenAddress && gasTokenNetwork == originNetwork ) { // Transfer gas token /* solhint-disable avoid-low-level-calls */ (bool success, ) = destinationAddress.call{value: amount}( new bytes(0) ); if (!success) { revert EtherTransferFailed(); } } else { // Transfer tokens if (originNetwork == networkID) { // The token is an ERC20 from this network IERC20Upgradeable(originTokenAddress).safeTransfer( destinationAddress, amount ); } else { // The tokens is not from this network // Create a wrapper for the token if not exist yet bytes32 tokenInfoHash = keccak256( abi.encodePacked(originNetwork, originTokenAddress) ); address wrappedToken = tokenInfoToWrappedToken[ tokenInfoHash ]; if (wrappedToken == address(0)) { // Get ERC20 metadata // Create a new wrapped erc20 using create2 TokenWrapped newWrappedToken = _deployWrappedToken( tokenInfoHash, metadata ); // Mint tokens for the destination address newWrappedToken.mint(destinationAddress, amount); // Create mappings tokenInfoToWrappedToken[tokenInfoHash] = address( newWrappedToken ); wrappedTokenToTokenInfo[ address(newWrappedToken) ] = TokenInformation(originNetwork, originTokenAddress); emit NewWrappedToken( originNetwork, originTokenAddress, address(newWrappedToken), metadata ); } else { // Use the existing wrapped erc20 TokenWrapped(wrappedToken).mint( destinationAddress, amount ); } } } } emit ClaimEvent( globalIndex, originNetwork, originTokenAddress, destinationAddress, amount ); } /** * @notice Verify merkle proof and execute message * If the receiving address is an EOA, the call will result as a success * Which means that the amount of ether will be transferred correctly, but the message * will not trigger any execution * @param smtProofLocalExitRoot Smt proof to proof the leaf against the exit root * @param smtProofRollupExitRoot Smt proof to proof the rollupLocalExitRoot against the rollups exit root * @param globalIndex Global index is defined as: * | 191 bits | 1 bit | 32 bits | 32 bits | * | 0 | mainnetFlag | rollupIndex | localRootIndex | * note that only the rollup index will be used only in case the mainnet flag is 0 * note that global index do not assert the unused bits to 0. * This means that when synching the events, the globalIndex must be decoded the same way that in the Smart contract * to avoid possible synch attacks * @param mainnetExitRoot Mainnet exit root * @param rollupExitRoot Rollup exit root * @param originNetwork Origin network * @param originAddress Origin address * @param destinationNetwork Network destination * @param destinationAddress Address destination * @param amount message value * @param metadata Abi encoded metadata if any, empty otherwise */ function claimMessage( bytes32[_DEPOSIT_CONTRACT_TREE_DEPTH] calldata smtProofLocalExitRoot, bytes32[_DEPOSIT_CONTRACT_TREE_DEPTH] calldata smtProofRollupExitRoot, uint256 globalIndex, bytes32 mainnetExitRoot, bytes32 rollupExitRoot, uint32 originNetwork, address originAddress, uint32 destinationNetwork, address destinationAddress, uint256 amount, bytes calldata metadata ) external ifNotEmergencyState { // Destination network must be this networkID if (destinationNetwork != networkID) { revert DestinationNetworkInvalid(); } // Verify leaf exist and it does not have been claimed _verifyLeaf( smtProofLocalExitRoot, smtProofRollupExitRoot, globalIndex, mainnetExitRoot, rollupExitRoot, getLeafValue( _LEAF_TYPE_MESSAGE, originNetwork, originAddress, destinationNetwork, destinationAddress, amount, keccak256(metadata) ) ); // Execute message bool success; if (address(WETHToken) == address(0)) { // Native token is ether // Transfer ether /* solhint-disable avoid-low-level-calls */ (success, ) = destinationAddress.call{value: amount}( abi.encodeCall( IBridgeMessageReceiver.onMessageReceived, (originAddress, originNetwork, metadata) ) ); } else { // Mint wETH tokens WETHToken.mint(destinationAddress, amount); // Execute message /* solhint-disable avoid-low-level-calls */ (success, ) = destinationAddress.call( abi.encodeCall( IBridgeMessageReceiver.onMessageReceived, (originAddress, originNetwork, metadata) ) ); } if (!success) { revert MessageFailed(); } emit ClaimEvent( globalIndex, originNetwork, originAddress, destinationAddress, amount ); } /** * @notice Returns the precalculated address of a wrapper using the token information * Note Updating the metadata of a token is not supported. * Since the metadata has relevance in the address deployed, this function will not return a valid * wrapped address if the metadata provided is not the original one. * @param originNetwork Origin network * @param originTokenAddress Origin token address, 0 address is reserved for ether * @param name Name of the token * @param symbol Symbol of the token * @param decimals Decimals of the token */ function precalculatedWrapperAddress( uint32 originNetwork, address originTokenAddress, string memory name, string memory symbol, uint8 decimals ) public view returns (address) { bytes32 salt = keccak256( abi.encodePacked(originNetwork, originTokenAddress) ); bytes32 hashCreate2 = keccak256( abi.encodePacked( bytes1(0xff), address(this), salt, keccak256( abi.encodePacked( BASE_INIT_BYTECODE_WRAPPED_TOKEN, abi.encode(name, symbol, decimals) ) ) ) ); // Last 20 bytes of hash to address return address(uint160(uint256(hashCreate2))); } /** * @notice Returns the address of a wrapper using the token information if already exist * @param originNetwork Origin network * @param originTokenAddress Origin token address, 0 address is reserved for ether */ function getTokenWrappedAddress( uint32 originNetwork, address originTokenAddress ) external view returns (address) { return tokenInfoToWrappedToken[ keccak256(abi.encodePacked(originNetwork, originTokenAddress)) ]; } /** * @notice Function to activate the emergency state " Only can be called by the Polygon ZK-EVM in extreme situations */ function activateEmergencyState() external onlyRollupManager { _activateEmergencyState(); } /** * @notice Function to deactivate the emergency state " Only can be called by the Polygon ZK-EVM */ function deactivateEmergencyState() external onlyRollupManager { _deactivateEmergencyState(); } /** * @notice Verify leaf and checks that it has not been claimed * @param smtProofLocalExitRoot Smt proof * @param smtProofRollupExitRoot Smt proof * @param globalIndex Index of the leaf * @param mainnetExitRoot Mainnet exit root * @param rollupExitRoot Rollup exit root * @param leafValue leaf value */ function _verifyLeaf( bytes32[_DEPOSIT_CONTRACT_TREE_DEPTH] calldata smtProofLocalExitRoot, bytes32[_DEPOSIT_CONTRACT_TREE_DEPTH] calldata smtProofRollupExitRoot, uint256 globalIndex, bytes32 mainnetExitRoot, bytes32 rollupExitRoot, bytes32 leafValue ) internal { // Check blockhash where the global exit root was set // Note that previusly timestamps were setted, since in only checked if != 0 it's ok uint256 blockHashGlobalExitRoot = globalExitRootManager .globalExitRootMap( GlobalExitRootLib.calculateGlobalExitRoot( mainnetExitRoot, rollupExitRoot ) ); // check that this global exit root exist if (blockHashGlobalExitRoot == 0) { revert GlobalExitRootInvalid(); } uint32 leafIndex; uint32 sourceBridgeNetwork; // Get origin network from global index if (globalIndex & _GLOBAL_INDEX_MAINNET_FLAG != 0) { // the network is mainnet, therefore sourceBridgeNetwork is 0 // Last 32 bits are leafIndex leafIndex = uint32(globalIndex); if ( !verifyMerkleProof( leafValue, smtProofLocalExitRoot, leafIndex, mainnetExitRoot ) ) { revert InvalidSmtProof(); } } else { // the network is a rollup, therefore sourceBridgeNetwork must be decoded uint32 indexRollup = uint32(globalIndex >> 32); sourceBridgeNetwork = indexRollup + 1; // Last 32 bits are leafIndex leafIndex = uint32(globalIndex); // Verify merkle proof agains rollup exit root if ( !verifyMerkleProof( calculateRoot(leafValue, smtProofLocalExitRoot, leafIndex), smtProofRollupExitRoot, indexRollup, rollupExitRoot ) ) { revert InvalidSmtProof(); } } // Set and check nullifier _setAndCheckClaimed(leafIndex, sourceBridgeNetwork); } /** * @notice Function to check if an index is claimed or not * @param leafIndex Index * @param sourceBridgeNetwork Origin network */ function isClaimed( uint32 leafIndex, uint32 sourceBridgeNetwork ) external view returns (bool) { uint256 globalIndex; // For consistency with the previous setted nullifiers if ( networkID == _MAINNET_NETWORK_ID && sourceBridgeNetwork == _ZKEVM_NETWORK_ID ) { globalIndex = uint256(leafIndex); } else { globalIndex = uint256(leafIndex) + uint256(sourceBridgeNetwork) * _MAX_LEAFS_PER_NETWORK; } (uint256 wordPos, uint256 bitPos) = _bitmapPositions(globalIndex); uint256 mask = (1 << bitPos); return (claimedBitMap[wordPos] & mask) == mask; } /** * @notice Function to check that an index is not claimed and set it as claimed * @param leafIndex Index * @param sourceBridgeNetwork Origin network */ function _setAndCheckClaimed( uint32 leafIndex, uint32 sourceBridgeNetwork ) private { uint256 globalIndex; // For consistency with the previous setted nullifiers if ( networkID == _MAINNET_NETWORK_ID && sourceBridgeNetwork == _ZKEVM_NETWORK_ID ) { globalIndex = uint256(leafIndex); } else { globalIndex = uint256(leafIndex) + uint256(sourceBridgeNetwork) * _MAX_LEAFS_PER_NETWORK; } (uint256 wordPos, uint256 bitPos) = _bitmapPositions(globalIndex); uint256 mask = 1 << bitPos; uint256 flipped = claimedBitMap[wordPos] ^= mask; if (flipped & mask == 0) { revert AlreadyClaimed(); } } /** * @notice Function to update the globalExitRoot if the last deposit is not submitted */ function updateGlobalExitRoot() external { if (lastUpdatedDepositCount < depositCount) { _updateGlobalExitRoot(); } } /** * @notice Function to update the globalExitRoot */ function _updateGlobalExitRoot() internal { lastUpdatedDepositCount = uint32(depositCount); globalExitRootManager.updateExitRoot(getRoot()); } /** * @notice Function decode an index into a wordPos and bitPos * @param index Index */ function _bitmapPositions( uint256 index ) private pure returns (uint256 wordPos, uint256 bitPos) { wordPos = uint248(index >> 8); bitPos = uint8(index); } /** * @notice Function to call token permit method of extended ERC20 + @param token ERC20 token address * @param amount Quantity that is expected to be allowed * @param permitData Raw data of the call `permit` of the token */ function _permit( address token, uint256 amount, bytes calldata permitData ) internal { bytes4 sig = bytes4(permitData[:4]); if (sig == _PERMIT_SIGNATURE) { ( address owner, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s ) = abi.decode( permitData[4:], ( address, address, uint256, uint256, uint8, bytes32, bytes32 ) ); if (owner != msg.sender) { revert NotValidOwner(); } if (spender != address(this)) { revert NotValidSpender(); } if (value != amount) { revert NotValidAmount(); } // we call without checking the result, in case it fails and he doesn't have enough balance // the following transferFrom should be fail. This prevents DoS attacks from using a signature // before the smartcontract call /* solhint-disable avoid-low-level-calls */ address(token).call( abi.encodeWithSelector( _PERMIT_SIGNATURE, owner, spender, value, deadline, v, r, s ) ); } else { if (sig != _PERMIT_SIGNATURE_DAI) { revert NotValidSignature(); } ( address holder, address spender, uint256 nonce, uint256 expiry, bool allowed, uint8 v, bytes32 r, bytes32 s ) = abi.decode( permitData[4:], ( address, address, uint256, uint256, bool, uint8, bytes32, bytes32 ) ); if (holder != msg.sender) { revert NotValidOwner(); } if (spender != address(this)) { revert NotValidSpender(); } // we call without checking the result, in case it fails and he doesn't have enough balance // the following transferFrom should be fail. This prevents DoS attacks from using a signature // before the smartcontract call /* solhint-disable avoid-low-level-calls */ address(token).call( abi.encodeWithSelector( _PERMIT_SIGNATURE_DAI, holder, spender, nonce, expiry, allowed, v, r, s ) ); } } /** * @notice Internal function that uses create2 to deploy the wrapped tokens * @param salt Salt used in create2 params, * tokenInfoHash will be used as salt for all wrappeds except for bridge native WETH, that will be bytes32(0) * @param constructorArgs Encoded constructor args for the wrapped token */ function _deployWrappedToken( bytes32 salt, bytes memory constructorArgs ) internal returns (TokenWrapped newWrappedToken) { bytes memory initBytecode = abi.encodePacked( BASE_INIT_BYTECODE_WRAPPED_TOKEN, constructorArgs ); /// @solidity memory-safe-assembly assembly { newWrappedToken := create2( 0, add(initBytecode, 0x20), mload(initBytecode), salt ) } if (address(newWrappedToken) == address(0)) revert FailedTokenWrappedDeployment(); } // Helpers to safely get the metadata from a token, inspired by https://github.com/traderjoe-xyz/joe-core/blob/main/contracts/MasterChefJoeV3.sol#L55-L95 /** * @notice Provides a safe ERC20.symbol version which returns 'NO_SYMBOL' as fallback string * @param token The address of the ERC-20 token contract */ function _safeSymbol(address token) internal view returns (string memory) { (bool success, bytes memory data) = address(token).staticcall( abi.encodeCall(IERC20MetadataUpgradeable.symbol, ()) ); return success ? _returnDataToString(data) : "NO_SYMBOL"; } /** * @notice Provides a safe ERC20.name version which returns 'NO_NAME' as fallback string. * @param token The address of the ERC-20 token contract. */ function _safeName(address token) internal view returns (string memory) { (bool success, bytes memory data) = address(token).staticcall( abi.encodeCall(IERC20MetadataUpgradeable.name, ()) ); return success ? _returnDataToString(data) : "NO_NAME"; } /** * @notice Provides a safe ERC20.decimals version which returns '18' as fallback value. * Note Tokens with (decimals > 255) are not supported * @param token The address of the ERC-20 token contract */ function _safeDecimals(address token) internal view returns (uint8) { (bool success, bytes memory data) = address(token).staticcall( abi.encodeCall(IERC20MetadataUpgradeable.decimals, ()) ); return success && data.length == 32 ? abi.decode(data, (uint8)) : 18; } /** * @notice Function to convert returned data to string * returns 'NOT_VALID_ENCODING' as fallback value. * @param data returned data */ function _returnDataToString( bytes memory data ) internal pure returns (string memory) { if (data.length >= 64) { return abi.decode(data, (string)); } else if (data.length == 32) { // Since the strings on bytes32 are encoded left-right, check the first zero in the data uint256 nonZeroBytes; while (nonZeroBytes < 32 && data[nonZeroBytes] != 0) { nonZeroBytes++; } // If the first one is 0, we do not handle the encoding if (nonZeroBytes == 0) { return "NOT_VALID_ENCODING"; } // Create a byte array with nonZeroBytes length bytes memory bytesArray = new bytes(nonZeroBytes); for (uint256 i = 0; i < nonZeroBytes; i++) { bytesArray[i] = data[i]; } return string(bytesArray); } else { return "NOT_VALID_ENCODING"; } } /** * @notice Returns the encoded token metadata * @param token Address of the token */ function getTokenMetadata( address token ) public view returns (bytes memory) { return abi.encode( _safeName(token), _safeSymbol(token), _safeDecimals(token) ); } /** * @notice Returns the precalculated address of a wrapper using the token address * Note Updating the metadata of a token is not supported. * Since the metadata has relevance in the address deployed, this function will not return a valid * wrapped address if the metadata provided is not the original one. * @param originNetwork Origin network * @param originTokenAddress Origin token address, 0 address is reserved for ether * @param token Address of the token to calculate the wrapper address */ function calculateTokenWrapperAddress( uint32 originNetwork, address originTokenAddress, address token ) external view returns (address) { return precalculatedWrapperAddress( originNetwork, originTokenAddress, _safeName(token), _safeSymbol(token), _safeDecimals(token) ); } }
File 4 of 8: TransparentUpgradeableProxy
// SPDX-License-Identifier: MIT pragma solidity ^0.8.0; import "@openzeppelin/contracts/proxy/beacon/BeaconProxy.sol"; import "@openzeppelin/contracts/proxy/beacon/UpgradeableBeacon.sol"; import "@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol"; import "@openzeppelin/contracts/proxy/transparent/TransparentUpgradeableProxy.sol"; import "@openzeppelin/contracts/proxy/transparent/ProxyAdmin.sol"; // Kept for backwards compatibility with older versions of Hardhat and Truffle plugins. contract AdminUpgradeabilityProxy is TransparentUpgradeableProxy { constructor(address logic, address admin, bytes memory data) payable TransparentUpgradeableProxy(logic, admin, data) {} } // SPDX-License-Identifier: MIT pragma solidity ^0.8.0; import "./IBeacon.sol"; import "../Proxy.sol"; import "../ERC1967/ERC1967Upgrade.sol"; /** * @dev This contract implements a proxy that gets the implementation address for each call from a {UpgradeableBeacon}. * * The beacon address is stored in storage slot `uint256(keccak256('eip1967.proxy.beacon')) - 1`, so that it doesn't * conflict with the storage layout of the implementation behind the proxy. * * _Available since v3.4._ */ contract BeaconProxy is Proxy, ERC1967Upgrade { /** * @dev Initializes the proxy with `beacon`. * * If `data` is nonempty, it's used as data in a delegate call to the implementation returned by the beacon. This * will typically be an encoded function call, and allows initializating the storage of the proxy like a Solidity * constructor. * * Requirements: * * - `beacon` must be a contract with the interface {IBeacon}. */ constructor(address beacon, bytes memory data) payable { assert(_BEACON_SLOT == bytes32(uint256(keccak256("eip1967.proxy.beacon")) - 1)); _upgradeBeaconToAndCall(beacon, data, false); } /** * @dev Returns the current beacon address. */ function _beacon() internal view virtual returns (address) { return _getBeacon(); } /** * @dev Returns the current implementation address of the associated beacon. */ function _implementation() internal view virtual override returns (address) { return IBeacon(_getBeacon()).implementation(); } /** * @dev Changes the proxy to use a new beacon. Deprecated: see {_upgradeBeaconToAndCall}. * * If `data` is nonempty, it's used as data in a delegate call to the implementation returned by the beacon. * * Requirements: * * - `beacon` must be a contract. * - The implementation returned by `beacon` must be a contract. */ function _setBeacon(address beacon, bytes memory data) internal virtual { _upgradeBeaconToAndCall(beacon, data, false); } } // SPDX-License-Identifier: MIT pragma solidity ^0.8.0; import "./IBeacon.sol"; import "../../access/Ownable.sol"; import "../../utils/Address.sol"; /** * @dev This contract is used in conjunction with one or more instances of {BeaconProxy} to determine their * implementation contract, which is where they will delegate all function calls. * * An owner is able to change the implementation the beacon points to, thus upgrading the proxies that use this beacon. */ contract UpgradeableBeacon is IBeacon, Ownable { address private _implementation; /** * @dev Emitted when the implementation returned by the beacon is changed. */ event Upgraded(address indexed implementation); /** * @dev Sets the address of the initial implementation, and the deployer account as the owner who can upgrade the * beacon. */ constructor(address implementation_) { _setImplementation(implementation_); } /** * @dev Returns the current implementation address. */ function implementation() public view virtual override returns (address) { return _implementation; } /** * @dev Upgrades the beacon to a new implementation. * * Emits an {Upgraded} event. * * Requirements: * * - msg.sender must be the owner of the contract. * - `newImplementation` must be a contract. */ function upgradeTo(address newImplementation) public virtual onlyOwner { _setImplementation(newImplementation); emit Upgraded(newImplementation); } /** * @dev Sets the implementation contract address for this beacon * * Requirements: * * - `newImplementation` must be a contract. */ function _setImplementation(address newImplementation) private { require(Address.isContract(newImplementation), "UpgradeableBeacon: implementation is not a contract"); _implementation = newImplementation; } } // SPDX-License-Identifier: MIT pragma solidity ^0.8.0; import "../Proxy.sol"; import "./ERC1967Upgrade.sol"; /** * @dev This contract implements an upgradeable proxy. It is upgradeable because calls are delegated to an * implementation address that can be changed. This address is stored in storage in the location specified by * https://eips.ethereum.org/EIPS/eip-1967[EIP1967], so that it doesn't conflict with the storage layout of the * implementation behind the proxy. */ contract ERC1967Proxy is Proxy, ERC1967Upgrade { /** * @dev Initializes the upgradeable proxy with an initial implementation specified by `_logic`. * * If `_data` is nonempty, it's used as data in a delegate call to `_logic`. This will typically be an encoded * function call, and allows initializating the storage of the proxy like a Solidity constructor. */ constructor(address _logic, bytes memory _data) payable { assert(_IMPLEMENTATION_SLOT == bytes32(uint256(keccak256("eip1967.proxy.implementation")) - 1)); _upgradeToAndCall(_logic, _data, false); } /** * @dev Returns the current implementation address. */ function _implementation() internal view virtual override returns (address impl) { return ERC1967Upgrade._getImplementation(); } } // SPDX-License-Identifier: MIT pragma solidity ^0.8.0; import "../ERC1967/ERC1967Proxy.sol"; /** * @dev This contract implements a proxy that is upgradeable by an admin. * * To avoid https://medium.com/nomic-labs-blog/malicious-backdoors-in-ethereum-proxies-62629adf3357[proxy selector * clashing], which can potentially be used in an attack, this contract uses the * https://blog.openzeppelin.com/the-transparent-proxy-pattern/[transparent proxy pattern]. This pattern implies two * things that go hand in hand: * * 1. If any account other than the admin calls the proxy, the call will be forwarded to the implementation, even if * that call matches one of the admin functions exposed by the proxy itself. * 2. If the admin calls the proxy, it can access the admin functions, but its calls will never be forwarded to the * implementation. If the admin tries to call a function on the implementation it will fail with an error that says * "admin cannot fallback to proxy target". * * These properties mean that the admin account can only be used for admin actions like upgrading the proxy or changing * the admin, so it's best if it's a dedicated account that is not used for anything else. This will avoid headaches due * to sudden errors when trying to call a function from the proxy implementation. * * Our recommendation is for the dedicated account to be an instance of the {ProxyAdmin} contract. If set up this way, * you should think of the `ProxyAdmin` instance as the real administrative interface of your proxy. */ contract TransparentUpgradeableProxy is ERC1967Proxy { /** * @dev Initializes an upgradeable proxy managed by `_admin`, backed by the implementation at `_logic`, and * optionally initialized with `_data` as explained in {ERC1967Proxy-constructor}. */ constructor(address _logic, address admin_, bytes memory _data) payable ERC1967Proxy(_logic, _data) { assert(_ADMIN_SLOT == bytes32(uint256(keccak256("eip1967.proxy.admin")) - 1)); _changeAdmin(admin_); } /** * @dev Modifier used internally that will delegate the call to the implementation unless the sender is the admin. */ modifier ifAdmin() { if (msg.sender == _getAdmin()) { _; } else { _fallback(); } } /** * @dev Returns the current admin. * * NOTE: Only the admin can call this function. See {ProxyAdmin-getProxyAdmin}. * * TIP: To get this value clients can read directly from the storage slot shown below (specified by EIP1967) using the * https://eth.wiki/json-rpc/API#eth_getstorageat[`eth_getStorageAt`] RPC call. * `0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103` */ function admin() external ifAdmin returns (address admin_) { admin_ = _getAdmin(); } /** * @dev Returns the current implementation. * * NOTE: Only the admin can call this function. See {ProxyAdmin-getProxyImplementation}. * * TIP: To get this value clients can read directly from the storage slot shown below (specified by EIP1967) using the * https://eth.wiki/json-rpc/API#eth_getstorageat[`eth_getStorageAt`] RPC call. * `0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc` */ function implementation() external ifAdmin returns (address implementation_) { implementation_ = _implementation(); } /** * @dev Changes the admin of the proxy. * * Emits an {AdminChanged} event. * * NOTE: Only the admin can call this function. See {ProxyAdmin-changeProxyAdmin}. */ function changeAdmin(address newAdmin) external virtual ifAdmin { _changeAdmin(newAdmin); } /** * @dev Upgrade the implementation of the proxy. * * NOTE: Only the admin can call this function. See {ProxyAdmin-upgrade}. */ function upgradeTo(address newImplementation) external ifAdmin { _upgradeToAndCall(newImplementation, bytes(""), false); } /** * @dev Upgrade the implementation of the proxy, and then call a function from the new implementation as specified * by `data`, which should be an encoded function call. This is useful to initialize new storage variables in the * proxied contract. * * NOTE: Only the admin can call this function. See {ProxyAdmin-upgradeAndCall}. */ function upgradeToAndCall(address newImplementation, bytes calldata data) external payable ifAdmin { _upgradeToAndCall(newImplementation, data, true); } /** * @dev Returns the current admin. */ function _admin() internal view virtual returns (address) { return _getAdmin(); } /** * @dev Makes sure the admin cannot access the fallback function. See {Proxy-_beforeFallback}. */ function _beforeFallback() internal virtual override { require(msg.sender != _getAdmin(), "TransparentUpgradeableProxy: admin cannot fallback to proxy target"); super._beforeFallback(); } } // SPDX-License-Identifier: MIT pragma solidity ^0.8.0; import "./TransparentUpgradeableProxy.sol"; import "../../access/Ownable.sol"; /** * @dev This is an auxiliary contract meant to be assigned as the admin of a {TransparentUpgradeableProxy}. For an * explanation of why you would want to use this see the documentation for {TransparentUpgradeableProxy}. */ contract ProxyAdmin is Ownable { /** * @dev Returns the current implementation of `proxy`. * * Requirements: * * - This contract must be the admin of `proxy`. */ function getProxyImplementation(TransparentUpgradeableProxy proxy) public view virtual returns (address) { // We need to manually run the static call since the getter cannot be flagged as view // bytes4(keccak256("implementation()")) == 0x5c60da1b (bool success, bytes memory returndata) = address(proxy).staticcall(hex"5c60da1b"); require(success); return abi.decode(returndata, (address)); } /** * @dev Returns the current admin of `proxy`. * * Requirements: * * - This contract must be the admin of `proxy`. */ function getProxyAdmin(TransparentUpgradeableProxy proxy) public view virtual returns (address) { // We need to manually run the static call since the getter cannot be flagged as view // bytes4(keccak256("admin()")) == 0xf851a440 (bool success, bytes memory returndata) = address(proxy).staticcall(hex"f851a440"); require(success); return abi.decode(returndata, (address)); } /** * @dev Changes the admin of `proxy` to `newAdmin`. * * Requirements: * * - This contract must be the current admin of `proxy`. */ function changeProxyAdmin(TransparentUpgradeableProxy proxy, address newAdmin) public virtual onlyOwner { proxy.changeAdmin(newAdmin); } /** * @dev Upgrades `proxy` to `implementation`. See {TransparentUpgradeableProxy-upgradeTo}. * * Requirements: * * - This contract must be the admin of `proxy`. */ function upgrade(TransparentUpgradeableProxy proxy, address implementation) public virtual onlyOwner { proxy.upgradeTo(implementation); } /** * @dev Upgrades `proxy` to `implementation` and calls a function on the new implementation. See * {TransparentUpgradeableProxy-upgradeToAndCall}. * * Requirements: * * - This contract must be the admin of `proxy`. */ function upgradeAndCall(TransparentUpgradeableProxy proxy, address implementation, bytes memory data) public payable virtual onlyOwner { proxy.upgradeToAndCall{value: msg.value}(implementation, data); } } // SPDX-License-Identifier: MIT pragma solidity ^0.8.0; /** * @dev This is the interface that {BeaconProxy} expects of its beacon. */ interface IBeacon { /** * @dev Must return an address that can be used as a delegate call target. * * {BeaconProxy} will check that this address is a contract. */ function implementation() external view returns (address); } // SPDX-License-Identifier: MIT pragma solidity ^0.8.0; /** * @dev This abstract contract provides a fallback function that delegates all calls to another contract using the EVM * instruction `delegatecall`. We refer to the second contract as the _implementation_ behind the proxy, and it has to * be specified by overriding the virtual {_implementation} function. * * Additionally, delegation to the implementation can be triggered manually through the {_fallback} function, or to a * different contract through the {_delegate} function. * * The success and return data of the delegated call will be returned back to the caller of the proxy. */ abstract contract Proxy { /** * @dev Delegates the current call to `implementation`. * * This function does not return to its internall call site, it will return directly to the external caller. */ function _delegate(address implementation) internal virtual { // solhint-disable-next-line no-inline-assembly assembly { // Copy msg.data. We take full control of memory in this inline assembly // block because it will not return to Solidity code. We overwrite the // Solidity scratch pad at memory position 0. calldatacopy(0, 0, calldatasize()) // Call the implementation. // out and outsize are 0 because we don't know the size yet. let result := delegatecall(gas(), implementation, 0, calldatasize(), 0, 0) // Copy the returned data. returndatacopy(0, 0, returndatasize()) switch result // delegatecall returns 0 on error. case 0 { revert(0, returndatasize()) } default { return(0, returndatasize()) } } } /** * @dev This is a virtual function that should be overriden so it returns the address to which the fallback function * and {_fallback} should delegate. */ function _implementation() internal view virtual returns (address); /** * @dev Delegates the current call to the address returned by `_implementation()`. * * This function does not return to its internall call site, it will return directly to the external caller. */ function _fallback() internal virtual { _beforeFallback(); _delegate(_implementation()); } /** * @dev Fallback function that delegates calls to the address returned by `_implementation()`. Will run if no other * function in the contract matches the call data. */ fallback () external payable virtual { _fallback(); } /** * @dev Fallback function that delegates calls to the address returned by `_implementation()`. Will run if call data * is empty. */ receive () external payable virtual { _fallback(); } /** * @dev Hook that is called before falling back to the implementation. Can happen as part of a manual `_fallback` * call, or as part of the Solidity `fallback` or `receive` functions. * * If overriden should call `super._beforeFallback()`. */ function _beforeFallback() internal virtual { } } // SPDX-License-Identifier: MIT pragma solidity ^0.8.2; import "../beacon/IBeacon.sol"; import "../../utils/Address.sol"; import "../../utils/StorageSlot.sol"; /** * @dev This abstract contract provides getters and event emitting update functions for * https://eips.ethereum.org/EIPS/eip-1967[EIP1967] slots. * * _Available since v4.1._ * * @custom:oz-upgrades-unsafe-allow delegatecall */ abstract contract ERC1967Upgrade { // This is the keccak-256 hash of "eip1967.proxy.rollback" subtracted by 1 bytes32 private constant _ROLLBACK_SLOT = 0x4910fdfa16fed3260ed0e7147f7cc6da11a60208b5b9406d12a635614ffd9143; /** * @dev Storage slot with the address of the current implementation. * This is the keccak-256 hash of "eip1967.proxy.implementation" subtracted by 1, and is * validated in the constructor. */ bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc; /** * @dev Emitted when the implementation is upgraded. */ event Upgraded(address indexed implementation); /** * @dev Returns the current implementation address. */ function _getImplementation() internal view returns (address) { return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value; } /** * @dev Stores a new address in the EIP1967 implementation slot. */ function _setImplementation(address newImplementation) private { require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract"); StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation; } /** * @dev Perform implementation upgrade * * Emits an {Upgraded} event. */ function _upgradeTo(address newImplementation) internal { _setImplementation(newImplementation); emit Upgraded(newImplementation); } /** * @dev Perform implementation upgrade with additional setup call. * * Emits an {Upgraded} event. */ function _upgradeToAndCall(address newImplementation, bytes memory data, bool forceCall) internal { _setImplementation(newImplementation); emit Upgraded(newImplementation); if (data.length > 0 || forceCall) { Address.functionDelegateCall(newImplementation, data); } } /** * @dev Perform implementation upgrade with security checks for UUPS proxies, and additional setup call. * * Emits an {Upgraded} event. */ function _upgradeToAndCallSecure(address newImplementation, bytes memory data, bool forceCall) internal { address oldImplementation = _getImplementation(); // Initial upgrade and setup call _setImplementation(newImplementation); if (data.length > 0 || forceCall) { Address.functionDelegateCall(newImplementation, data); } // Perform rollback test if not already in progress StorageSlot.BooleanSlot storage rollbackTesting = StorageSlot.getBooleanSlot(_ROLLBACK_SLOT); if (!rollbackTesting.value) { // Trigger rollback using upgradeTo from the new implementation rollbackTesting.value = true; Address.functionDelegateCall( newImplementation, abi.encodeWithSignature( "upgradeTo(address)", oldImplementation ) ); rollbackTesting.value = false; // Check rollback was effective require(oldImplementation == _getImplementation(), "ERC1967Upgrade: upgrade breaks further upgrades"); // Finally reset to the new implementation and log the upgrade _setImplementation(newImplementation); emit Upgraded(newImplementation); } } /** * @dev Perform beacon upgrade with additional setup call. Note: This upgrades the address of the beacon, it does * not upgrade the implementation contained in the beacon (see {UpgradeableBeacon-_setImplementation} for that). * * Emits a {BeaconUpgraded} event. */ function _upgradeBeaconToAndCall(address newBeacon, bytes memory data, bool forceCall) internal { _setBeacon(newBeacon); emit BeaconUpgraded(newBeacon); if (data.length > 0 || forceCall) { Address.functionDelegateCall(IBeacon(newBeacon).implementation(), data); } } /** * @dev Storage slot with the admin of the contract. * This is the keccak-256 hash of "eip1967.proxy.admin" subtracted by 1, and is * validated in the constructor. */ bytes32 internal constant _ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103; /** * @dev Emitted when the admin account has changed. */ event AdminChanged(address previousAdmin, address newAdmin); /** * @dev Returns the current admin. */ function _getAdmin() internal view returns (address) { return StorageSlot.getAddressSlot(_ADMIN_SLOT).value; } /** * @dev Stores a new address in the EIP1967 admin slot. */ function _setAdmin(address newAdmin) private { require(newAdmin != address(0), "ERC1967: new admin is the zero address"); StorageSlot.getAddressSlot(_ADMIN_SLOT).value = newAdmin; } /** * @dev Changes the admin of the proxy. * * Emits an {AdminChanged} event. */ function _changeAdmin(address newAdmin) internal { emit AdminChanged(_getAdmin(), newAdmin); _setAdmin(newAdmin); } /** * @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy. * This is bytes32(uint256(keccak256('eip1967.proxy.beacon')) - 1)) and is validated in the constructor. */ bytes32 internal constant _BEACON_SLOT = 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50; /** * @dev Emitted when the beacon is upgraded. */ event BeaconUpgraded(address indexed beacon); /** * @dev Returns the current beacon. */ function _getBeacon() internal view returns (address) { return StorageSlot.getAddressSlot(_BEACON_SLOT).value; } /** * @dev Stores a new beacon in the EIP1967 beacon slot. */ function _setBeacon(address newBeacon) private { require( Address.isContract(newBeacon), "ERC1967: new beacon is not a contract" ); require( Address.isContract(IBeacon(newBeacon).implementation()), "ERC1967: beacon implementation is not a contract" ); StorageSlot.getAddressSlot(_BEACON_SLOT).value = newBeacon; } } // SPDX-License-Identifier: MIT pragma solidity ^0.8.0; /** * @dev Collection of functions related to the address type */ library Address { /** * @dev Returns true if `account` is a contract. * * [IMPORTANT] * ==== * It is unsafe to assume that an address for which this function returns * false is an externally-owned account (EOA) and not a contract. * * Among others, `isContract` will return false for the following * types of addresses: * * - an externally-owned account * - a contract in construction * - an address where a contract will be created * - an address where a contract lived, but was destroyed * ==== */ function isContract(address account) internal view returns (bool) { // This method relies on extcodesize, which returns 0 for contracts in // construction, since the code is only stored at the end of the // constructor execution. uint256 size; // solhint-disable-next-line no-inline-assembly assembly { size := extcodesize(account) } return size > 0; } /** * @dev Replacement for Solidity's `transfer`: sends `amount` wei to * `recipient`, forwarding all available gas and reverting on errors. * * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost * of certain opcodes, possibly making contracts go over the 2300 gas limit * imposed by `transfer`, making them unable to receive funds via * `transfer`. {sendValue} removes this limitation. * * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more]. * * IMPORTANT: because control is transferred to `recipient`, care must be * taken to not create reentrancy vulnerabilities. Consider using * {ReentrancyGuard} or the * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern]. */ function sendValue(address payable recipient, uint256 amount) internal { require(address(this).balance >= amount, "Address: insufficient balance"); // solhint-disable-next-line avoid-low-level-calls, avoid-call-value (bool success, ) = recipient.call{ value: amount }(""); require(success, "Address: unable to send value, recipient may have reverted"); } /** * @dev Performs a Solidity function call using a low level `call`. A * plain`call` is an unsafe replacement for a function call: use this * function instead. * * If `target` reverts with a revert reason, it is bubbled up by this * function (like regular Solidity function calls). * * Returns the raw returned data. To convert to the expected return value, * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`]. * * Requirements: * * - `target` must be a contract. * - calling `target` with `data` must not revert. * * _Available since v3.1._ */ function functionCall(address target, bytes memory data) internal returns (bytes memory) { return functionCall(target, data, "Address: low-level call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with * `errorMessage` as a fallback revert reason when `target` reverts. * * _Available since v3.1._ */ function functionCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) { return functionCallWithValue(target, data, 0, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but also transferring `value` wei to `target`. * * Requirements: * * - the calling contract must have an ETH balance of at least `value`. * - the called Solidity function must be `payable`. * * _Available since v3.1._ */ function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) { return functionCallWithValue(target, data, value, "Address: low-level call with value failed"); } /** * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but * with `errorMessage` as a fallback revert reason when `target` reverts. * * _Available since v3.1._ */ function functionCallWithValue(address target, bytes memory data, uint256 value, string memory errorMessage) internal returns (bytes memory) { require(address(this).balance >= value, "Address: insufficient balance for call"); require(isContract(target), "Address: call to non-contract"); // solhint-disable-next-line avoid-low-level-calls (bool success, bytes memory returndata) = target.call{ value: value }(data); return _verifyCallResult(success, returndata, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but performing a static call. * * _Available since v3.3._ */ function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) { return functionStaticCall(target, data, "Address: low-level static call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`], * but performing a static call. * * _Available since v3.3._ */ function functionStaticCall(address target, bytes memory data, string memory errorMessage) internal view returns (bytes memory) { require(isContract(target), "Address: static call to non-contract"); // solhint-disable-next-line avoid-low-level-calls (bool success, bytes memory returndata) = target.staticcall(data); return _verifyCallResult(success, returndata, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but performing a delegate call. * * _Available since v3.4._ */ function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) { return functionDelegateCall(target, data, "Address: low-level delegate call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`], * but performing a delegate call. * * _Available since v3.4._ */ function functionDelegateCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) { require(isContract(target), "Address: delegate call to non-contract"); // solhint-disable-next-line avoid-low-level-calls (bool success, bytes memory returndata) = target.delegatecall(data); return _verifyCallResult(success, returndata, errorMessage); } function _verifyCallResult(bool success, bytes memory returndata, string memory errorMessage) private pure returns(bytes memory) { if (success) { return returndata; } else { // Look for revert reason and bubble it up if present if (returndata.length > 0) { // The easiest way to bubble the revert reason is using memory via assembly // solhint-disable-next-line no-inline-assembly assembly { let returndata_size := mload(returndata) revert(add(32, returndata), returndata_size) } } else { revert(errorMessage); } } } } // SPDX-License-Identifier: MIT pragma solidity ^0.8.0; /** * @dev Library for reading and writing primitive types to specific storage slots. * * Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts. * This library helps with reading and writing to such slots without the need for inline assembly. * * The functions in this library return Slot structs that contain a `value` member that can be used to read or write. * * Example usage to set ERC1967 implementation slot: * ``` * contract ERC1967 { * bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc; * * function _getImplementation() internal view returns (address) { * return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value; * } * * function _setImplementation(address newImplementation) internal { * require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract"); * StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation; * } * } * ``` * * _Available since v4.1 for `address`, `bool`, `bytes32`, and `uint256`._ */ library StorageSlot { struct AddressSlot { address value; } struct BooleanSlot { bool value; } struct Bytes32Slot { bytes32 value; } struct Uint256Slot { uint256 value; } /** * @dev Returns an `AddressSlot` with member `value` located at `slot`. */ function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) { assembly { r.slot := slot } } /** * @dev Returns an `BooleanSlot` with member `value` located at `slot`. */ function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) { assembly { r.slot := slot } } /** * @dev Returns an `Bytes32Slot` with member `value` located at `slot`. */ function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) { assembly { r.slot := slot } } /** * @dev Returns an `Uint256Slot` with member `value` located at `slot`. */ function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) { assembly { r.slot := slot } } } // SPDX-License-Identifier: MIT pragma solidity ^0.8.0; import "../utils/Context.sol"; /** * @dev Contract module which provides a basic access control mechanism, where * there is an account (an owner) that can be granted exclusive access to * specific functions. * * By default, the owner account will be the one that deploys the contract. This * can later be changed with {transferOwnership}. * * This module is used through inheritance. It will make available the modifier * `onlyOwner`, which can be applied to your functions to restrict their use to * the owner. */ abstract contract Ownable is Context { address private _owner; event OwnershipTransferred(address indexed previousOwner, address indexed newOwner); /** * @dev Initializes the contract setting the deployer as the initial owner. */ constructor () { address msgSender = _msgSender(); _owner = msgSender; emit OwnershipTransferred(address(0), msgSender); } /** * @dev Returns the address of the current owner. */ function owner() public view virtual returns (address) { return _owner; } /** * @dev Throws if called by any account other than the owner. */ modifier onlyOwner() { require(owner() == _msgSender(), "Ownable: caller is not the owner"); _; } /** * @dev Leaves the contract without owner. It will not be possible to call * `onlyOwner` functions anymore. Can only be called by the current owner. * * NOTE: Renouncing ownership will leave the contract without an owner, * thereby removing any functionality that is only available to the owner. */ function renounceOwnership() public virtual onlyOwner { emit OwnershipTransferred(_owner, address(0)); _owner = address(0); } /** * @dev Transfers ownership of the contract to a new account (`newOwner`). * Can only be called by the current owner. */ function transferOwnership(address newOwner) public virtual onlyOwner { require(newOwner != address(0), "Ownable: new owner is the zero address"); emit OwnershipTransferred(_owner, newOwner); _owner = newOwner; } } // SPDX-License-Identifier: MIT pragma solidity ^0.8.0; /* * @dev Provides information about the current execution context, including the * sender of the transaction and its data. While these are generally available * via msg.sender and msg.data, they should not be accessed in such a direct * manner, since when dealing with meta-transactions the account sending and * paying for execution may not be the actual sender (as far as an application * is concerned). * * This contract is only required for intermediate, library-like contracts. */ abstract contract Context { function _msgSender() internal view virtual returns (address) { return msg.sender; } function _msgData() internal view virtual returns (bytes calldata) { this; // silence state mutability warning without generating bytecode - see https://github.com/ethereum/solidity/issues/2691 return msg.data; } }
File 5 of 8: PolygonZkEVMGlobalExitRootV2
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.8.1) (proxy/utils/Initializable.sol) pragma solidity ^0.8.2; import "../../utils/AddressUpgradeable.sol"; /** * @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed * behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an * external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer * function so it can only be called once. The {initializer} modifier provided by this contract will have this effect. * * The initialization functions use a version number. Once a version number is used, it is consumed and cannot be * reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in * case an upgrade adds a module that needs to be initialized. * * For example: * * [.hljs-theme-light.nopadding] * ``` * contract MyToken is ERC20Upgradeable { * function initialize() initializer public { * __ERC20_init("MyToken", "MTK"); * } * } * contract MyTokenV2 is MyToken, ERC20PermitUpgradeable { * function initializeV2() reinitializer(2) public { * __ERC20Permit_init("MyToken"); * } * } * ``` * * TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as * possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}. * * CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure * that all initializers are idempotent. This is not verified automatically as constructors are by Solidity. * * [CAUTION] * ==== * Avoid leaving a contract uninitialized. * * An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation * contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke * the {_disableInitializers} function in the constructor to automatically lock it when it is deployed: * * [.hljs-theme-light.nopadding] * ``` * /// @custom:oz-upgrades-unsafe-allow constructor * constructor() { * _disableInitializers(); * } * ``` * ==== */ abstract contract Initializable { /** * @dev Indicates that the contract has been initialized. * @custom:oz-retyped-from bool */ uint8 private _initialized; /** * @dev Indicates that the contract is in the process of being initialized. */ bool private _initializing; /** * @dev Triggered when the contract has been initialized or reinitialized. */ event Initialized(uint8 version); /** * @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope, * `onlyInitializing` functions can be used to initialize parent contracts. * * Similar to `reinitializer(1)`, except that functions marked with `initializer` can be nested in the context of a * constructor. * * Emits an {Initialized} event. */ modifier initializer() { bool isTopLevelCall = !_initializing; require( (isTopLevelCall && _initialized < 1) || (!AddressUpgradeable.isContract(address(this)) && _initialized == 1), "Initializable: contract is already initialized" ); _initialized = 1; if (isTopLevelCall) { _initializing = true; } _; if (isTopLevelCall) { _initializing = false; emit Initialized(1); } } /** * @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the * contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be * used to initialize parent contracts. * * A reinitializer may be used after the original initialization step. This is essential to configure modules that * are added through upgrades and that require initialization. * * When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer` * cannot be nested. If one is invoked in the context of another, execution will revert. * * Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in * a contract, executing them in the right order is up to the developer or operator. * * WARNING: setting the version to 255 will prevent any future reinitialization. * * Emits an {Initialized} event. */ modifier reinitializer(uint8 version) { require(!_initializing && _initialized < version, "Initializable: contract is already initialized"); _initialized = version; _initializing = true; _; _initializing = false; emit Initialized(version); } /** * @dev Modifier to protect an initialization function so that it can only be invoked by functions with the * {initializer} and {reinitializer} modifiers, directly or indirectly. */ modifier onlyInitializing() { require(_initializing, "Initializable: contract is not initializing"); _; } /** * @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call. * Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized * to any version. It is recommended to use this to lock implementation contracts that are designed to be called * through proxies. * * Emits an {Initialized} event the first time it is successfully executed. */ function _disableInitializers() internal virtual { require(!_initializing, "Initializable: contract is initializing"); if (_initialized < type(uint8).max) { _initialized = type(uint8).max; emit Initialized(type(uint8).max); } } /** * @dev Returns the highest version that has been initialized. See {reinitializer}. */ function _getInitializedVersion() internal view returns (uint8) { return _initialized; } /** * @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}. */ function _isInitializing() internal view returns (bool) { return _initializing; } } // SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.8.0) (utils/Address.sol) pragma solidity ^0.8.1; /** * @dev Collection of functions related to the address type */ library AddressUpgradeable { /** * @dev Returns true if `account` is a contract. * * [IMPORTANT] * ==== * It is unsafe to assume that an address for which this function returns * false is an externally-owned account (EOA) and not a contract. * * Among others, `isContract` will return false for the following * types of addresses: * * - an externally-owned account * - a contract in construction * - an address where a contract will be created * - an address where a contract lived, but was destroyed * ==== * * [IMPORTANT] * ==== * You shouldn't rely on `isContract` to protect against flash loan attacks! * * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract * constructor. * ==== */ function isContract(address account) internal view returns (bool) { // This method relies on extcodesize/address.code.length, which returns 0 // for contracts in construction, since the code is only stored at the end // of the constructor execution. return account.code.length > 0; } /** * @dev Replacement for Solidity's `transfer`: sends `amount` wei to * `recipient`, forwarding all available gas and reverting on errors. * * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost * of certain opcodes, possibly making contracts go over the 2300 gas limit * imposed by `transfer`, making them unable to receive funds via * `transfer`. {sendValue} removes this limitation. * * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more]. * * IMPORTANT: because control is transferred to `recipient`, care must be * taken to not create reentrancy vulnerabilities. Consider using * {ReentrancyGuard} or the * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern]. */ function sendValue(address payable recipient, uint256 amount) internal { require(address(this).balance >= amount, "Address: insufficient balance"); (bool success, ) = recipient.call{value: amount}(""); require(success, "Address: unable to send value, recipient may have reverted"); } /** * @dev Performs a Solidity function call using a low level `call`. A * plain `call` is an unsafe replacement for a function call: use this * function instead. * * If `target` reverts with a revert reason, it is bubbled up by this * function (like regular Solidity function calls). * * Returns the raw returned data. To convert to the expected return value, * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`]. * * Requirements: * * - `target` must be a contract. * - calling `target` with `data` must not revert. * * _Available since v3.1._ */ function functionCall(address target, bytes memory data) internal returns (bytes memory) { return functionCallWithValue(target, data, 0, "Address: low-level call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with * `errorMessage` as a fallback revert reason when `target` reverts. * * _Available since v3.1._ */ function functionCall( address target, bytes memory data, string memory errorMessage ) internal returns (bytes memory) { return functionCallWithValue(target, data, 0, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but also transferring `value` wei to `target`. * * Requirements: * * - the calling contract must have an ETH balance of at least `value`. * - the called Solidity function must be `payable`. * * _Available since v3.1._ */ function functionCallWithValue( address target, bytes memory data, uint256 value ) internal returns (bytes memory) { return functionCallWithValue(target, data, value, "Address: low-level call with value failed"); } /** * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but * with `errorMessage` as a fallback revert reason when `target` reverts. * * _Available since v3.1._ */ function functionCallWithValue( address target, bytes memory data, uint256 value, string memory errorMessage ) internal returns (bytes memory) { require(address(this).balance >= value, "Address: insufficient balance for call"); (bool success, bytes memory returndata) = target.call{value: value}(data); return verifyCallResultFromTarget(target, success, returndata, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but performing a static call. * * _Available since v3.3._ */ function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) { return functionStaticCall(target, data, "Address: low-level static call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`], * but performing a static call. * * _Available since v3.3._ */ function functionStaticCall( address target, bytes memory data, string memory errorMessage ) internal view returns (bytes memory) { (bool success, bytes memory returndata) = target.staticcall(data); return verifyCallResultFromTarget(target, success, returndata, errorMessage); } /** * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract. * * _Available since v4.8._ */ function verifyCallResultFromTarget( address target, bool success, bytes memory returndata, string memory errorMessage ) internal view returns (bytes memory) { if (success) { if (returndata.length == 0) { // only check isContract if the call was successful and the return data is empty // otherwise we already know that it was a contract require(isContract(target), "Address: call to non-contract"); } return returndata; } else { _revert(returndata, errorMessage); } } /** * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the * revert reason or using the provided one. * * _Available since v4.3._ */ function verifyCallResult( bool success, bytes memory returndata, string memory errorMessage ) internal pure returns (bytes memory) { if (success) { return returndata; } else { _revert(returndata, errorMessage); } } function _revert(bytes memory returndata, string memory errorMessage) private pure { // Look for revert reason and bubble it up if present if (returndata.length > 0) { // The easiest way to bubble the revert reason is using memory via assembly /// @solidity memory-safe-assembly assembly { let returndata_size := mload(returndata) revert(add(32, returndata), returndata_size) } } else { revert(errorMessage); } } } // SPDX-License-Identifier: AGPL-3.0 pragma solidity ^0.8.20; interface IBasePolygonZkEVMGlobalExitRoot { /** * @dev Thrown when the caller is not the allowed contracts */ error OnlyAllowedContracts(); function updateExitRoot(bytes32 newRollupExitRoot) external; function globalExitRootMap( bytes32 globalExitRootNum ) external returns (uint256); } // SPDX-License-Identifier: AGPL-3.0 pragma solidity 0.8.20; /** * @dev A library that provides the necessary calculations to calculate the global exit root */ library GlobalExitRootLib { function calculateGlobalExitRoot( bytes32 mainnetExitRoot, bytes32 rollupExitRoot ) internal pure returns (bytes32) { return keccak256(abi.encodePacked(mainnetExitRoot, rollupExitRoot)); } } // SPDX-License-Identifier: AGPL-3.0 pragma solidity ^0.8.20; import "../../interfaces/IBasePolygonZkEVMGlobalExitRoot.sol"; interface IPolygonZkEVMGlobalExitRootV2 is IBasePolygonZkEVMGlobalExitRoot { function getLastGlobalExitRoot() external view returns (bytes32); function getRoot() external view returns (bytes32); function l1InfoRootMap( uint32 depositCount ) external view returns (bytes32); } // SPDX-License-Identifier: AGPL-3.0 pragma solidity ^0.8.20; /** * This contract will be used as a helper for all the sparse merkle tree related functions * Based on the implementation of the deposit eth2.0 contract https://github.com/ethereum/consensus-specs/blob/dev/solidity_deposit_contract/deposit_contract.sol */ contract DepositContractBase { /** * @dev Thrown when the merkle tree is full */ error MerkleTreeFull(); // Merkle tree levels uint256 internal constant _DEPOSIT_CONTRACT_TREE_DEPTH = 32; // This ensures `depositCount` will fit into 32-bits uint256 internal constant _MAX_DEPOSIT_COUNT = 2 ** _DEPOSIT_CONTRACT_TREE_DEPTH - 1; // Branch array which contains the necessary sibilings to compute the next root when a new // leaf is inserted bytes32[_DEPOSIT_CONTRACT_TREE_DEPTH] internal _branch; // Counter of current deposits uint256 public depositCount; /** * @dev This empty reserved space is put in place to allow future versions to add new * variables without shifting down storage in the inheritance chain. */ uint256[10] private _gap; /** * @notice Computes and returns the merkle root */ function getRoot() public view virtual returns (bytes32) { bytes32 node; uint256 size = depositCount; bytes32 currentZeroHashHeight = 0; for ( uint256 height = 0; height < _DEPOSIT_CONTRACT_TREE_DEPTH; height++ ) { if (((size >> height) & 1) == 1) node = keccak256(abi.encodePacked(_branch[height], node)); else node = keccak256(abi.encodePacked(node, currentZeroHashHeight)); currentZeroHashHeight = keccak256( abi.encodePacked(currentZeroHashHeight, currentZeroHashHeight) ); } return node; } /** * @notice Add a new leaf to the merkle tree * @param leaf Leaf */ function _addLeaf(bytes32 leaf) internal { bytes32 node = leaf; // Avoid overflowing the Merkle tree (and prevent edge case in computing `_branch`) if (depositCount >= _MAX_DEPOSIT_COUNT) { revert MerkleTreeFull(); } // Add deposit data root to Merkle tree (update a single `_branch` node) uint256 size = ++depositCount; for ( uint256 height = 0; height < _DEPOSIT_CONTRACT_TREE_DEPTH; height++ ) { if (((size >> height) & 1) == 1) { _branch[height] = node; return; } node = keccak256(abi.encodePacked(_branch[height], node)); } // As the loop should always end prematurely with the `return` statement, // this code should be unreachable. We assert `false` just to be safe. assert(false); } /** * @notice Verify merkle proof * @param leafHash Leaf hash * @param smtProof Smt proof * @param index Index of the leaf * @param root Merkle root */ function verifyMerkleProof( bytes32 leafHash, bytes32[_DEPOSIT_CONTRACT_TREE_DEPTH] calldata smtProof, uint32 index, bytes32 root ) public pure returns (bool) { return calculateRoot(leafHash, smtProof, index) == root; } /** * @notice Calculate root from merkle proof * @param leafHash Leaf hash * @param smtProof Smt proof * @param index Index of the leaf */ function calculateRoot( bytes32 leafHash, bytes32[_DEPOSIT_CONTRACT_TREE_DEPTH] calldata smtProof, uint32 index ) public pure returns (bytes32) { bytes32 node = leafHash; // Compute root for ( uint256 height = 0; height < _DEPOSIT_CONTRACT_TREE_DEPTH; height++ ) { if (((index >> height) & 1) == 1) node = keccak256(abi.encodePacked(smtProof[height], node)); else node = keccak256(abi.encodePacked(node, smtProof[height])); } return node; } } // SPDX-License-Identifier: AGPL-3.0 pragma solidity ^0.8.20; import "../interfaces/IPolygonZkEVMGlobalExitRootV2.sol"; /** * Since the current contract of PolygonZkEVMGlobalExitRoot will be upgraded to a PolygonZkEVMGlobalExitRootV2, and it will implement * the DepositContractBase, this base is needed to preserve the previous storage slots */ abstract contract PolygonZkEVMGlobalExitRootBaseStorage is IPolygonZkEVMGlobalExitRootV2 { // Rollup root, contains all exit roots of all rollups bytes32 public lastRollupExitRoot; // Mainnet exit root, this will be updated every time a deposit is made in mainnet bytes32 public lastMainnetExitRoot; // Store every global exit root: Root --> blockhash // Note that previously recoded global exit roots in previous versions, timestamp was recorded instead of blockhash mapping(bytes32 => uint256) public globalExitRootMap; } // SPDX-License-Identifier: AGPL-3.0 pragma solidity 0.8.20; import "./interfaces/IPolygonZkEVMGlobalExitRootV2.sol"; import "./lib/PolygonZkEVMGlobalExitRootBaseStorage.sol"; import "../lib/GlobalExitRootLib.sol"; import "./lib/DepositContractBase.sol"; import "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol"; /** * Contract responsible for managing the exit roots across multiple networks */ contract PolygonZkEVMGlobalExitRootV2 is PolygonZkEVMGlobalExitRootBaseStorage, DepositContractBase, Initializable { // PolygonZkEVMBridge address address public immutable bridgeAddress; // Rollup manager contract address address public immutable rollupManager; // Store every l1InfoLeaf mapping(uint32 leafCount => bytes32 l1InfoRoot) public l1InfoRootMap; /** * @dev Emitted when the global exit root is updated */ event UpdateL1InfoTree( bytes32 indexed mainnetExitRoot, bytes32 indexed rollupExitRoot ); /** * @dev Emitted when the global exit root is updated with the L1InfoTree leaf information */ event UpdateL1InfoTreeV2( bytes32 currentL1InfoRoot, uint32 indexed leafCount, uint256 blockhash, uint64 minTimestamp ); /** * @dev Emitted when the global exit root manager starts adding leafs to the L1InfoRootMap */ event InitL1InfoRootMap(uint32 leafCount, bytes32 currentL1InfoRoot); /** * @param _rollupManager Rollup manager contract address * @param _bridgeAddress PolygonZkEVMBridge contract address */ constructor(address _rollupManager, address _bridgeAddress) { rollupManager = _rollupManager; bridgeAddress = _bridgeAddress; // disable initializers _disableInitializers(); } /** * @notice Reset the deposit tree since will be replace by a recursive one */ function initialize() external virtual initializer { // Get the current historic root bytes32 currentL1InfoRoot = getRoot(); // Store L1InfoRoot l1InfoRootMap[uint32(depositCount)] = currentL1InfoRoot; emit InitL1InfoRootMap(uint32(depositCount), currentL1InfoRoot); } /** * @notice Update the exit root of one of the networks and the global exit root * @param newRoot new exit tree root */ function updateExitRoot(bytes32 newRoot) external { // Store storage variables into temporal variables since will be used multiple times bytes32 cacheLastRollupExitRoot; bytes32 cacheLastMainnetExitRoot; if (msg.sender == bridgeAddress) { lastMainnetExitRoot = newRoot; cacheLastMainnetExitRoot = newRoot; cacheLastRollupExitRoot = lastRollupExitRoot; } else if (msg.sender == rollupManager) { lastRollupExitRoot = newRoot; cacheLastRollupExitRoot = newRoot; cacheLastMainnetExitRoot = lastMainnetExitRoot; } else { revert OnlyAllowedContracts(); } bytes32 newGlobalExitRoot = GlobalExitRootLib.calculateGlobalExitRoot( cacheLastMainnetExitRoot, cacheLastRollupExitRoot ); // If it already exists, do not modify the blockhash if (globalExitRootMap[newGlobalExitRoot] == 0) { uint64 currentTimestmap = uint64(block.timestamp); uint256 lastBlockHash = uint256(blockhash(block.number - 1)); globalExitRootMap[newGlobalExitRoot] = lastBlockHash; // save new leaf in L1InfoTree _addLeaf( getLeafValue(newGlobalExitRoot, lastBlockHash, currentTimestmap) ); // Get the current historic root bytes32 currentL1InfoRoot = getRoot(); // Store L1InfoRoot l1InfoRootMap[uint32(depositCount)] = currentL1InfoRoot; emit UpdateL1InfoTree( cacheLastMainnetExitRoot, cacheLastRollupExitRoot ); emit UpdateL1InfoTreeV2( currentL1InfoRoot, uint32(depositCount), lastBlockHash, currentTimestmap ); } } /** * @notice Return last global exit root */ function getLastGlobalExitRoot() public view returns (bytes32) { return GlobalExitRootLib.calculateGlobalExitRoot( lastMainnetExitRoot, lastRollupExitRoot ); } /** * @notice Computes and returns the merkle root of the L1InfoTree */ function getRoot() public view override(DepositContractBase, IPolygonZkEVMGlobalExitRootV2) returns (bytes32) { return super.getRoot(); } /** * @notice Given the leaf data returns the leaf hash * @param newGlobalExitRoot Last global exit root * @param lastBlockHash Last accesible block hash * @param timestamp Ethereum timestamp in seconds */ function getLeafValue( bytes32 newGlobalExitRoot, uint256 lastBlockHash, uint64 timestamp ) public pure returns (bytes32) { return keccak256( abi.encodePacked(newGlobalExitRoot, lastBlockHash, timestamp) ); } }
File 6 of 8: L1EscrowProxy
// SPDX-License-Identifier: MIT pragma solidity ^0.8.17; // OpenZeppelin Contracts (last updated v4.7.0) (proxy/ERC1967/ERC1967Proxy.sol) // OpenZeppelin Contracts (last updated v4.6.0) (proxy/Proxy.sol) /** * @dev This abstract contract provides a fallback function that delegates all calls to another contract using the EVM * instruction `delegatecall`. We refer to the second contract as the _implementation_ behind the proxy, and it has to * be specified by overriding the virtual {_implementation} function. * * Additionally, delegation to the implementation can be triggered manually through the {_fallback} function, or to a * different contract through the {_delegate} function. * * The success and return data of the delegated call will be returned back to the caller of the proxy. */ abstract contract Proxy { /** * @dev Delegates the current call to `implementation`. * * This function does not return to its internal call site, it will return directly to the external caller. */ function _delegate(address implementation) internal virtual { assembly { // Copy msg.data. We take full control of memory in this inline assembly // block because it will not return to Solidity code. We overwrite the // Solidity scratch pad at memory position 0. calldatacopy(0, 0, calldatasize()) // Call the implementation. // out and outsize are 0 because we don't know the size yet. let result := delegatecall(gas(), implementation, 0, calldatasize(), 0, 0) // Copy the returned data. returndatacopy(0, 0, returndatasize()) switch result // delegatecall returns 0 on error. case 0 { revert(0, returndatasize()) } default { return(0, returndatasize()) } } } /** * @dev This is a virtual function that should be overridden so it returns the address to which the fallback function * and {_fallback} should delegate. */ function _implementation() internal view virtual returns (address); /** * @dev Delegates the current call to the address returned by `_implementation()`. * * This function does not return to its internal call site, it will return directly to the external caller. */ function _fallback() internal virtual { _beforeFallback(); _delegate(_implementation()); } /** * @dev Fallback function that delegates calls to the address returned by `_implementation()`. Will run if no other * function in the contract matches the call data. */ fallback() external payable virtual { _fallback(); } /** * @dev Fallback function that delegates calls to the address returned by `_implementation()`. Will run if call data * is empty. */ receive() external payable virtual { _fallback(); } /** * @dev Hook that is called before falling back to the implementation. Can happen as part of a manual `_fallback` * call, or as part of the Solidity `fallback` or `receive` functions. * * If overridden should call `super._beforeFallback()`. */ function _beforeFallback() internal virtual {} } // OpenZeppelin Contracts (last updated v4.9.0) (proxy/ERC1967/ERC1967Upgrade.sol) // OpenZeppelin Contracts v4.4.1 (proxy/beacon/IBeacon.sol) /** * @dev This is the interface that {BeaconProxy} expects of its beacon. */ interface IBeacon { /** * @dev Must return an address that can be used as a delegate call target. * * {BeaconProxy} will check that this address is a contract. */ function implementation() external view returns (address); } // OpenZeppelin Contracts (last updated v4.9.0) (interfaces/IERC1967.sol) /** * @dev ERC-1967: Proxy Storage Slots. This interface contains the events defined in the ERC. * * _Available since v4.8.3._ */ interface IERC1967 { /** * @dev Emitted when the implementation is upgraded. */ event Upgraded(address indexed implementation); /** * @dev Emitted when the admin account has changed. */ event AdminChanged(address previousAdmin, address newAdmin); /** * @dev Emitted when the beacon is changed. */ event BeaconUpgraded(address indexed beacon); } // OpenZeppelin Contracts (last updated v4.5.0) (interfaces/draft-IERC1822.sol) /** * @dev ERC1822: Universal Upgradeable Proxy Standard (UUPS) documents a method for upgradeability through a simplified * proxy whose upgrades are fully controlled by the current implementation. */ interface IERC1822Proxiable { /** * @dev Returns the storage slot that the proxiable contract assumes is being used to store the implementation * address. * * IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks * bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this * function revert if invoked through a proxy. */ function proxiableUUID() external view returns (bytes32); } // OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol) /** * @dev Collection of functions related to the address type */ library Address { /** * @dev Returns true if `account` is a contract. * * [IMPORTANT] * ==== * It is unsafe to assume that an address for which this function returns * false is an externally-owned account (EOA) and not a contract. * * Among others, `isContract` will return false for the following * types of addresses: * * - an externally-owned account * - a contract in construction * - an address where a contract will be created * - an address where a contract lived, but was destroyed * * Furthermore, `isContract` will also return true if the target contract within * the same transaction is already scheduled for destruction by `SELFDESTRUCT`, * which only has an effect at the end of a transaction. * ==== * * [IMPORTANT] * ==== * You shouldn't rely on `isContract` to protect against flash loan attacks! * * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract * constructor. * ==== */ function isContract(address account) internal view returns (bool) { // This method relies on extcodesize/address.code.length, which returns 0 // for contracts in construction, since the code is only stored at the end // of the constructor execution. return account.code.length > 0; } /** * @dev Replacement for Solidity's `transfer`: sends `amount` wei to * `recipient`, forwarding all available gas and reverting on errors. * * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost * of certain opcodes, possibly making contracts go over the 2300 gas limit * imposed by `transfer`, making them unable to receive funds via * `transfer`. {sendValue} removes this limitation. * * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more]. * * IMPORTANT: because control is transferred to `recipient`, care must be * taken to not create reentrancy vulnerabilities. Consider using * {ReentrancyGuard} or the * https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern]. */ function sendValue(address payable recipient, uint256 amount) internal { require(address(this).balance >= amount, "Address: insufficient balance"); (bool success, ) = recipient.call{value: amount}(""); require(success, "Address: unable to send value, recipient may have reverted"); } /** * @dev Performs a Solidity function call using a low level `call`. A * plain `call` is an unsafe replacement for a function call: use this * function instead. * * If `target` reverts with a revert reason, it is bubbled up by this * function (like regular Solidity function calls). * * Returns the raw returned data. To convert to the expected return value, * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`]. * * Requirements: * * - `target` must be a contract. * - calling `target` with `data` must not revert. * * _Available since v3.1._ */ function functionCall(address target, bytes memory data) internal returns (bytes memory) { return functionCallWithValue(target, data, 0, "Address: low-level call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with * `errorMessage` as a fallback revert reason when `target` reverts. * * _Available since v3.1._ */ function functionCall( address target, bytes memory data, string memory errorMessage ) internal returns (bytes memory) { return functionCallWithValue(target, data, 0, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but also transferring `value` wei to `target`. * * Requirements: * * - the calling contract must have an ETH balance of at least `value`. * - the called Solidity function must be `payable`. * * _Available since v3.1._ */ function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) { return functionCallWithValue(target, data, value, "Address: low-level call with value failed"); } /** * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but * with `errorMessage` as a fallback revert reason when `target` reverts. * * _Available since v3.1._ */ function functionCallWithValue( address target, bytes memory data, uint256 value, string memory errorMessage ) internal returns (bytes memory) { require(address(this).balance >= value, "Address: insufficient balance for call"); (bool success, bytes memory returndata) = target.call{value: value}(data); return verifyCallResultFromTarget(target, success, returndata, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but performing a static call. * * _Available since v3.3._ */ function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) { return functionStaticCall(target, data, "Address: low-level static call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`], * but performing a static call. * * _Available since v3.3._ */ function functionStaticCall( address target, bytes memory data, string memory errorMessage ) internal view returns (bytes memory) { (bool success, bytes memory returndata) = target.staticcall(data); return verifyCallResultFromTarget(target, success, returndata, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but performing a delegate call. * * _Available since v3.4._ */ function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) { return functionDelegateCall(target, data, "Address: low-level delegate call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`], * but performing a delegate call. * * _Available since v3.4._ */ function functionDelegateCall( address target, bytes memory data, string memory errorMessage ) internal returns (bytes memory) { (bool success, bytes memory returndata) = target.delegatecall(data); return verifyCallResultFromTarget(target, success, returndata, errorMessage); } /** * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract. * * _Available since v4.8._ */ function verifyCallResultFromTarget( address target, bool success, bytes memory returndata, string memory errorMessage ) internal view returns (bytes memory) { if (success) { if (returndata.length == 0) { // only check isContract if the call was successful and the return data is empty // otherwise we already know that it was a contract require(isContract(target), "Address: call to non-contract"); } return returndata; } else { _revert(returndata, errorMessage); } } /** * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the * revert reason or using the provided one. * * _Available since v4.3._ */ function verifyCallResult( bool success, bytes memory returndata, string memory errorMessage ) internal pure returns (bytes memory) { if (success) { return returndata; } else { _revert(returndata, errorMessage); } } function _revert(bytes memory returndata, string memory errorMessage) private pure { // Look for revert reason and bubble it up if present if (returndata.length > 0) { // The easiest way to bubble the revert reason is using memory via assembly /// @solidity memory-safe-assembly assembly { let returndata_size := mload(returndata) revert(add(32, returndata), returndata_size) } } else { revert(errorMessage); } } } // OpenZeppelin Contracts (last updated v4.9.0) (utils/StorageSlot.sol) // This file was procedurally generated from scripts/generate/templates/StorageSlot.js. /** * @dev Library for reading and writing primitive types to specific storage slots. * * Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts. * This library helps with reading and writing to such slots without the need for inline assembly. * * The functions in this library return Slot structs that contain a `value` member that can be used to read or write. * * Example usage to set ERC1967 implementation slot: * ```solidity * contract ERC1967 { * bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc; * * function _getImplementation() internal view returns (address) { * return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value; * } * * function _setImplementation(address newImplementation) internal { * require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract"); * StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation; * } * } * ``` * * _Available since v4.1 for `address`, `bool`, `bytes32`, `uint256`._ * _Available since v4.9 for `string`, `bytes`._ */ library StorageSlot { struct AddressSlot { address value; } struct BooleanSlot { bool value; } struct Bytes32Slot { bytes32 value; } struct Uint256Slot { uint256 value; } struct StringSlot { string value; } struct BytesSlot { bytes value; } /** * @dev Returns an `AddressSlot` with member `value` located at `slot`. */ function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) { /// @solidity memory-safe-assembly assembly { r.slot := slot } } /** * @dev Returns an `BooleanSlot` with member `value` located at `slot`. */ function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) { /// @solidity memory-safe-assembly assembly { r.slot := slot } } /** * @dev Returns an `Bytes32Slot` with member `value` located at `slot`. */ function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) { /// @solidity memory-safe-assembly assembly { r.slot := slot } } /** * @dev Returns an `Uint256Slot` with member `value` located at `slot`. */ function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) { /// @solidity memory-safe-assembly assembly { r.slot := slot } } /** * @dev Returns an `StringSlot` with member `value` located at `slot`. */ function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) { /// @solidity memory-safe-assembly assembly { r.slot := slot } } /** * @dev Returns an `StringSlot` representation of the string storage pointer `store`. */ function getStringSlot(string storage store) internal pure returns (StringSlot storage r) { /// @solidity memory-safe-assembly assembly { r.slot := store.slot } } /** * @dev Returns an `BytesSlot` with member `value` located at `slot`. */ function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) { /// @solidity memory-safe-assembly assembly { r.slot := slot } } /** * @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`. */ function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) { /// @solidity memory-safe-assembly assembly { r.slot := store.slot } } } /** * @dev This abstract contract provides getters and event emitting update functions for * https://eips.ethereum.org/EIPS/eip-1967[EIP1967] slots. * * _Available since v4.1._ */ abstract contract ERC1967Upgrade is IERC1967 { // This is the keccak-256 hash of "eip1967.proxy.rollback" subtracted by 1 bytes32 private constant _ROLLBACK_SLOT = 0x4910fdfa16fed3260ed0e7147f7cc6da11a60208b5b9406d12a635614ffd9143; /** * @dev Storage slot with the address of the current implementation. * This is the keccak-256 hash of "eip1967.proxy.implementation" subtracted by 1, and is * validated in the constructor. */ bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc; /** * @dev Returns the current implementation address. */ function _getImplementation() internal view returns (address) { return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value; } /** * @dev Stores a new address in the EIP1967 implementation slot. */ function _setImplementation(address newImplementation) private { require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract"); StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation; } /** * @dev Perform implementation upgrade * * Emits an {Upgraded} event. */ function _upgradeTo(address newImplementation) internal { _setImplementation(newImplementation); emit Upgraded(newImplementation); } /** * @dev Perform implementation upgrade with additional setup call. * * Emits an {Upgraded} event. */ function _upgradeToAndCall(address newImplementation, bytes memory data, bool forceCall) internal { _upgradeTo(newImplementation); if (data.length > 0 || forceCall) { Address.functionDelegateCall(newImplementation, data); } } /** * @dev Perform implementation upgrade with security checks for UUPS proxies, and additional setup call. * * Emits an {Upgraded} event. */ function _upgradeToAndCallUUPS(address newImplementation, bytes memory data, bool forceCall) internal { // Upgrades from old implementations will perform a rollback test. This test requires the new // implementation to upgrade back to the old, non-ERC1822 compliant, implementation. Removing // this special case will break upgrade paths from old UUPS implementation to new ones. if (StorageSlot.getBooleanSlot(_ROLLBACK_SLOT).value) { _setImplementation(newImplementation); } else { try IERC1822Proxiable(newImplementation).proxiableUUID() returns (bytes32 slot) { require(slot == _IMPLEMENTATION_SLOT, "ERC1967Upgrade: unsupported proxiableUUID"); } catch { revert("ERC1967Upgrade: new implementation is not UUPS"); } _upgradeToAndCall(newImplementation, data, forceCall); } } /** * @dev Storage slot with the admin of the contract. * This is the keccak-256 hash of "eip1967.proxy.admin" subtracted by 1, and is * validated in the constructor. */ bytes32 internal constant _ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103; /** * @dev Returns the current admin. */ function _getAdmin() internal view returns (address) { return StorageSlot.getAddressSlot(_ADMIN_SLOT).value; } /** * @dev Stores a new address in the EIP1967 admin slot. */ function _setAdmin(address newAdmin) private { require(newAdmin != address(0), "ERC1967: new admin is the zero address"); StorageSlot.getAddressSlot(_ADMIN_SLOT).value = newAdmin; } /** * @dev Changes the admin of the proxy. * * Emits an {AdminChanged} event. */ function _changeAdmin(address newAdmin) internal { emit AdminChanged(_getAdmin(), newAdmin); _setAdmin(newAdmin); } /** * @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy. * This is bytes32(uint256(keccak256('eip1967.proxy.beacon')) - 1)) and is validated in the constructor. */ bytes32 internal constant _BEACON_SLOT = 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50; /** * @dev Returns the current beacon. */ function _getBeacon() internal view returns (address) { return StorageSlot.getAddressSlot(_BEACON_SLOT).value; } /** * @dev Stores a new beacon in the EIP1967 beacon slot. */ function _setBeacon(address newBeacon) private { require(Address.isContract(newBeacon), "ERC1967: new beacon is not a contract"); require( Address.isContract(IBeacon(newBeacon).implementation()), "ERC1967: beacon implementation is not a contract" ); StorageSlot.getAddressSlot(_BEACON_SLOT).value = newBeacon; } /** * @dev Perform beacon upgrade with additional setup call. Note: This upgrades the address of the beacon, it does * not upgrade the implementation contained in the beacon (see {UpgradeableBeacon-_setImplementation} for that). * * Emits a {BeaconUpgraded} event. */ function _upgradeBeaconToAndCall(address newBeacon, bytes memory data, bool forceCall) internal { _setBeacon(newBeacon); emit BeaconUpgraded(newBeacon); if (data.length > 0 || forceCall) { Address.functionDelegateCall(IBeacon(newBeacon).implementation(), data); } } } /** * @dev This contract implements an upgradeable proxy. It is upgradeable because calls are delegated to an * implementation address that can be changed. This address is stored in storage in the location specified by * https://eips.ethereum.org/EIPS/eip-1967[EIP1967], so that it doesn't conflict with the storage layout of the * implementation behind the proxy. */ contract ERC1967Proxy is Proxy, ERC1967Upgrade { /** * @dev Initializes the upgradeable proxy with an initial implementation specified by `_logic`. * * If `_data` is nonempty, it's used as data in a delegate call to `_logic`. This will typically be an encoded * function call, and allows initializing the storage of the proxy like a Solidity constructor. */ constructor(address _logic, bytes memory _data) payable { _upgradeToAndCall(_logic, _data, false); } /** * @dev Returns the current implementation address. */ function _implementation() internal view virtual override returns (address impl) { return ERC1967Upgrade._getImplementation(); } } contract L1EscrowProxy is ERC1967Proxy { constructor( address impl_, bytes memory data_ ) payable ERC1967Proxy(impl_, data_) { // set admin=deployer, this is changed on the subsequent call to init _changeAdmin(msg.sender); } }
File 7 of 8: L1Escrow
// SPDX-License-Identifier: MIT pragma solidity ^0.8.17; // OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/utils/SafeERC20.sol) // OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/IERC20.sol) /** * @dev Interface of the ERC20 standard as defined in the EIP. */ interface IERC20Upgradeable { /** * @dev Emitted when `value` tokens are moved from one account (`from`) to * another (`to`). * * Note that `value` may be zero. */ event Transfer(address indexed from, address indexed to, uint256 value); /** * @dev Emitted when the allowance of a `spender` for an `owner` is set by * a call to {approve}. `value` is the new allowance. */ event Approval(address indexed owner, address indexed spender, uint256 value); /** * @dev Returns the amount of tokens in existence. */ function totalSupply() external view returns (uint256); /** * @dev Returns the amount of tokens owned by `account`. */ function balanceOf(address account) external view returns (uint256); /** * @dev Moves `amount` tokens from the caller's account to `to`. * * Returns a boolean value indicating whether the operation succeeded. * * Emits a {Transfer} event. */ function transfer(address to, uint256 amount) external returns (bool); /** * @dev Returns the remaining number of tokens that `spender` will be * allowed to spend on behalf of `owner` through {transferFrom}. This is * zero by default. * * This value changes when {approve} or {transferFrom} are called. */ function allowance(address owner, address spender) external view returns (uint256); /** * @dev Sets `amount` as the allowance of `spender` over the caller's tokens. * * Returns a boolean value indicating whether the operation succeeded. * * IMPORTANT: Beware that changing an allowance with this method brings the risk * that someone may use both the old and the new allowance by unfortunate * transaction ordering. One possible solution to mitigate this race * condition is to first reduce the spender's allowance to 0 and set the * desired value afterwards: * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 * * Emits an {Approval} event. */ function approve(address spender, uint256 amount) external returns (bool); /** * @dev Moves `amount` tokens from `from` to `to` using the * allowance mechanism. `amount` is then deducted from the caller's * allowance. * * Returns a boolean value indicating whether the operation succeeded. * * Emits a {Transfer} event. */ function transferFrom(address from, address to, uint256 amount) external returns (bool); } // OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/extensions/IERC20Permit.sol) /** * @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in * https://eips.ethereum.org/EIPS/eip-2612[EIP-2612]. * * Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by * presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't * need to send a transaction, and thus is not required to hold Ether at all. */ interface IERC20PermitUpgradeable { /** * @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens, * given ``owner``'s signed approval. * * IMPORTANT: The same issues {IERC20-approve} has related to transaction * ordering also apply here. * * Emits an {Approval} event. * * Requirements: * * - `spender` cannot be the zero address. * - `deadline` must be a timestamp in the future. * - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner` * over the EIP712-formatted function arguments. * - the signature must use ``owner``'s current nonce (see {nonces}). * * For more information on the signature format, see the * https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP * section]. */ function permit( address owner, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s ) external; /** * @dev Returns the current nonce for `owner`. This value must be * included whenever a signature is generated for {permit}. * * Every successful call to {permit} increases ``owner``'s nonce by one. This * prevents a signature from being used multiple times. */ function nonces(address owner) external view returns (uint256); /** * @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}. */ // solhint-disable-next-line func-name-mixedcase function DOMAIN_SEPARATOR() external view returns (bytes32); } // OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol) /** * @dev Collection of functions related to the address type */ library AddressUpgradeable { /** * @dev Returns true if `account` is a contract. * * [IMPORTANT] * ==== * It is unsafe to assume that an address for which this function returns * false is an externally-owned account (EOA) and not a contract. * * Among others, `isContract` will return false for the following * types of addresses: * * - an externally-owned account * - a contract in construction * - an address where a contract will be created * - an address where a contract lived, but was destroyed * * Furthermore, `isContract` will also return true if the target contract within * the same transaction is already scheduled for destruction by `SELFDESTRUCT`, * which only has an effect at the end of a transaction. * ==== * * [IMPORTANT] * ==== * You shouldn't rely on `isContract` to protect against flash loan attacks! * * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract * constructor. * ==== */ function isContract(address account) internal view returns (bool) { // This method relies on extcodesize/address.code.length, which returns 0 // for contracts in construction, since the code is only stored at the end // of the constructor execution. return account.code.length > 0; } /** * @dev Replacement for Solidity's `transfer`: sends `amount` wei to * `recipient`, forwarding all available gas and reverting on errors. * * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost * of certain opcodes, possibly making contracts go over the 2300 gas limit * imposed by `transfer`, making them unable to receive funds via * `transfer`. {sendValue} removes this limitation. * * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more]. * * IMPORTANT: because control is transferred to `recipient`, care must be * taken to not create reentrancy vulnerabilities. Consider using * {ReentrancyGuard} or the * https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern]. */ function sendValue(address payable recipient, uint256 amount) internal { require(address(this).balance >= amount, "Address: insufficient balance"); (bool success, ) = recipient.call{value: amount}(""); require(success, "Address: unable to send value, recipient may have reverted"); } /** * @dev Performs a Solidity function call using a low level `call`. A * plain `call` is an unsafe replacement for a function call: use this * function instead. * * If `target` reverts with a revert reason, it is bubbled up by this * function (like regular Solidity function calls). * * Returns the raw returned data. To convert to the expected return value, * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`]. * * Requirements: * * - `target` must be a contract. * - calling `target` with `data` must not revert. * * _Available since v3.1._ */ function functionCall(address target, bytes memory data) internal returns (bytes memory) { return functionCallWithValue(target, data, 0, "Address: low-level call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with * `errorMessage` as a fallback revert reason when `target` reverts. * * _Available since v3.1._ */ function functionCall( address target, bytes memory data, string memory errorMessage ) internal returns (bytes memory) { return functionCallWithValue(target, data, 0, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but also transferring `value` wei to `target`. * * Requirements: * * - the calling contract must have an ETH balance of at least `value`. * - the called Solidity function must be `payable`. * * _Available since v3.1._ */ function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) { return functionCallWithValue(target, data, value, "Address: low-level call with value failed"); } /** * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but * with `errorMessage` as a fallback revert reason when `target` reverts. * * _Available since v3.1._ */ function functionCallWithValue( address target, bytes memory data, uint256 value, string memory errorMessage ) internal returns (bytes memory) { require(address(this).balance >= value, "Address: insufficient balance for call"); (bool success, bytes memory returndata) = target.call{value: value}(data); return verifyCallResultFromTarget(target, success, returndata, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but performing a static call. * * _Available since v3.3._ */ function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) { return functionStaticCall(target, data, "Address: low-level static call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`], * but performing a static call. * * _Available since v3.3._ */ function functionStaticCall( address target, bytes memory data, string memory errorMessage ) internal view returns (bytes memory) { (bool success, bytes memory returndata) = target.staticcall(data); return verifyCallResultFromTarget(target, success, returndata, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but performing a delegate call. * * _Available since v3.4._ */ function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) { return functionDelegateCall(target, data, "Address: low-level delegate call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`], * but performing a delegate call. * * _Available since v3.4._ */ function functionDelegateCall( address target, bytes memory data, string memory errorMessage ) internal returns (bytes memory) { (bool success, bytes memory returndata) = target.delegatecall(data); return verifyCallResultFromTarget(target, success, returndata, errorMessage); } /** * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract. * * _Available since v4.8._ */ function verifyCallResultFromTarget( address target, bool success, bytes memory returndata, string memory errorMessage ) internal view returns (bytes memory) { if (success) { if (returndata.length == 0) { // only check isContract if the call was successful and the return data is empty // otherwise we already know that it was a contract require(isContract(target), "Address: call to non-contract"); } return returndata; } else { _revert(returndata, errorMessage); } } /** * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the * revert reason or using the provided one. * * _Available since v4.3._ */ function verifyCallResult( bool success, bytes memory returndata, string memory errorMessage ) internal pure returns (bytes memory) { if (success) { return returndata; } else { _revert(returndata, errorMessage); } } function _revert(bytes memory returndata, string memory errorMessage) private pure { // Look for revert reason and bubble it up if present if (returndata.length > 0) { // The easiest way to bubble the revert reason is using memory via assembly /// @solidity memory-safe-assembly assembly { let returndata_size := mload(returndata) revert(add(32, returndata), returndata_size) } } else { revert(errorMessage); } } } /** * @title SafeERC20 * @dev Wrappers around ERC20 operations that throw on failure (when the token * contract returns false). Tokens that return no value (and instead revert or * throw on failure) are also supported, non-reverting calls are assumed to be * successful. * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract, * which allows you to call the safe operations as `token.safeTransfer(...)`, etc. */ library SafeERC20Upgradeable { using AddressUpgradeable for address; /** * @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value, * non-reverting calls are assumed to be successful. */ function safeTransfer(IERC20Upgradeable token, address to, uint256 value) internal { _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value)); } /** * @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the * calling contract. If `token` returns no value, non-reverting calls are assumed to be successful. */ function safeTransferFrom(IERC20Upgradeable token, address from, address to, uint256 value) internal { _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value)); } /** * @dev Deprecated. This function has issues similar to the ones found in * {IERC20-approve}, and its usage is discouraged. * * Whenever possible, use {safeIncreaseAllowance} and * {safeDecreaseAllowance} instead. */ function safeApprove(IERC20Upgradeable token, address spender, uint256 value) internal { // safeApprove should only be called when setting an initial allowance, // or when resetting it to zero. To increase and decrease it, use // 'safeIncreaseAllowance' and 'safeDecreaseAllowance' require( (value == 0) || (token.allowance(address(this), spender) == 0), "SafeERC20: approve from non-zero to non-zero allowance" ); _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value)); } /** * @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value, * non-reverting calls are assumed to be successful. */ function safeIncreaseAllowance(IERC20Upgradeable token, address spender, uint256 value) internal { uint256 oldAllowance = token.allowance(address(this), spender); _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance + value)); } /** * @dev Decrease the calling contract's allowance toward `spender` by `value`. If `token` returns no value, * non-reverting calls are assumed to be successful. */ function safeDecreaseAllowance(IERC20Upgradeable token, address spender, uint256 value) internal { unchecked { uint256 oldAllowance = token.allowance(address(this), spender); require(oldAllowance >= value, "SafeERC20: decreased allowance below zero"); _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance - value)); } } /** * @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value, * non-reverting calls are assumed to be successful. Compatible with tokens that require the approval to be set to * 0 before setting it to a non-zero value. */ function forceApprove(IERC20Upgradeable token, address spender, uint256 value) internal { bytes memory approvalCall = abi.encodeWithSelector(token.approve.selector, spender, value); if (!_callOptionalReturnBool(token, approvalCall)) { _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, 0)); _callOptionalReturn(token, approvalCall); } } /** * @dev Use a ERC-2612 signature to set the `owner` approval toward `spender` on `token`. * Revert on invalid signature. */ function safePermit( IERC20PermitUpgradeable token, address owner, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s ) internal { uint256 nonceBefore = token.nonces(owner); token.permit(owner, spender, value, deadline, v, r, s); uint256 nonceAfter = token.nonces(owner); require(nonceAfter == nonceBefore + 1, "SafeERC20: permit did not succeed"); } /** * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement * on the return value: the return value is optional (but if data is returned, it must not be false). * @param token The token targeted by the call. * @param data The call data (encoded using abi.encode or one of its variants). */ function _callOptionalReturn(IERC20Upgradeable token, bytes memory data) private { // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since // we're implementing it ourselves. We use {Address-functionCall} to perform this call, which verifies that // the target address contains contract code and also asserts for success in the low-level call. bytes memory returndata = address(token).functionCall(data, "SafeERC20: low-level call failed"); require(returndata.length == 0 || abi.decode(returndata, (bool)), "SafeERC20: ERC20 operation did not succeed"); } /** * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement * on the return value: the return value is optional (but if data is returned, it must not be false). * @param token The token targeted by the call. * @param data The call data (encoded using abi.encode or one of its variants). * * This is a variant of {_callOptionalReturn} that silents catches all reverts and returns a bool instead. */ function _callOptionalReturnBool(IERC20Upgradeable token, bytes memory data) private returns (bool) { // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since // we're implementing it ourselves. We cannot use {Address-functionCall} here since this should return false // and not revert is the subcall reverts. (bool success, bytes memory returndata) = address(token).call(data); return success && (returndata.length == 0 || abi.decode(returndata, (bool))) && AddressUpgradeable.isContract(address(token)); } } /** * @dev Define interface for PolygonZkEVM Bridge message receiver */ interface IBridgeMessageReceiver { function onMessageReceived( address originAddress, uint32 originNetwork, bytes memory data ) external payable; } interface IPolygonZkEVMBridge { /** * @dev Thrown when sender is not the PolygonZkEVM address */ error OnlyPolygonZkEVM(); /** * @dev Thrown when the destination network is invalid */ error DestinationNetworkInvalid(); /** * @dev Thrown when the amount does not match msg.value */ error AmountDoesNotMatchMsgValue(); /** * @dev Thrown when user is bridging tokens and is also sending a value */ error MsgValueNotZero(); /** * @dev Thrown when the Ether transfer on claimAsset fails */ error EtherTransferFailed(); /** * @dev Thrown when the message transaction on claimMessage fails */ error MessageFailed(); /** * @dev Thrown when the global exit root does not exist */ error GlobalExitRootInvalid(); /** * @dev Thrown when the smt proof does not match */ error InvalidSmtProof(); /** * @dev Thrown when an index is already claimed */ error AlreadyClaimed(); /** * @dev Thrown when the owner of permit does not match the sender */ error NotValidOwner(); /** * @dev Thrown when the spender of the permit does not match this contract address */ error NotValidSpender(); /** * @dev Thrown when the amount of the permit does not match */ error NotValidAmount(); /** * @dev Thrown when the permit data contains an invalid signature */ error NotValidSignature(); function bridgeAsset( uint32 destinationNetwork, address destinationAddress, uint256 amount, address token, bool forceUpdateGlobalExitRoot, bytes calldata permitData ) external payable; function bridgeMessage( uint32 destinationNetwork, address destinationAddress, bool forceUpdateGlobalExitRoot, bytes calldata metadata ) external payable; function claimAsset( bytes32[32] calldata smtProof, uint32 index, bytes32 mainnetExitRoot, bytes32 rollupExitRoot, uint32 originNetwork, address originTokenAddress, uint32 destinationNetwork, address destinationAddress, uint256 amount, bytes calldata metadata ) external; function claimMessage( bytes32[32] calldata smtProof, uint32 index, bytes32 mainnetExitRoot, bytes32 rollupExitRoot, uint32 originNetwork, address originAddress, uint32 destinationNetwork, address destinationAddress, uint256 amount, bytes calldata metadata ) external; function updateGlobalExitRoot() external; function activateEmergencyState() external; function deactivateEmergencyState() external; } // OpenZeppelin Contracts (last updated v4.9.0) (access/Ownable.sol) // OpenZeppelin Contracts v4.4.1 (utils/Context.sol) // OpenZeppelin Contracts (last updated v4.9.0) (proxy/utils/Initializable.sol) /** * @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed * behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an * external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer * function so it can only be called once. The {initializer} modifier provided by this contract will have this effect. * * The initialization functions use a version number. Once a version number is used, it is consumed and cannot be * reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in * case an upgrade adds a module that needs to be initialized. * * For example: * * [.hljs-theme-light.nopadding] * ```solidity * contract MyToken is ERC20Upgradeable { * function initialize() initializer public { * __ERC20_init("MyToken", "MTK"); * } * } * * contract MyTokenV2 is MyToken, ERC20PermitUpgradeable { * function initializeV2() reinitializer(2) public { * __ERC20Permit_init("MyToken"); * } * } * ``` * * TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as * possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}. * * CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure * that all initializers are idempotent. This is not verified automatically as constructors are by Solidity. * * [CAUTION] * ==== * Avoid leaving a contract uninitialized. * * An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation * contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke * the {_disableInitializers} function in the constructor to automatically lock it when it is deployed: * * [.hljs-theme-light.nopadding] * ``` * /// @custom:oz-upgrades-unsafe-allow constructor * constructor() { * _disableInitializers(); * } * ``` * ==== */ abstract contract Initializable { /** * @dev Indicates that the contract has been initialized. * @custom:oz-retyped-from bool */ uint8 private _initialized; /** * @dev Indicates that the contract is in the process of being initialized. */ bool private _initializing; /** * @dev Triggered when the contract has been initialized or reinitialized. */ event Initialized(uint8 version); /** * @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope, * `onlyInitializing` functions can be used to initialize parent contracts. * * Similar to `reinitializer(1)`, except that functions marked with `initializer` can be nested in the context of a * constructor. * * Emits an {Initialized} event. */ modifier initializer() { bool isTopLevelCall = !_initializing; require( (isTopLevelCall && _initialized < 1) || (!AddressUpgradeable.isContract(address(this)) && _initialized == 1), "Initializable: contract is already initialized" ); _initialized = 1; if (isTopLevelCall) { _initializing = true; } _; if (isTopLevelCall) { _initializing = false; emit Initialized(1); } } /** * @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the * contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be * used to initialize parent contracts. * * A reinitializer may be used after the original initialization step. This is essential to configure modules that * are added through upgrades and that require initialization. * * When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer` * cannot be nested. If one is invoked in the context of another, execution will revert. * * Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in * a contract, executing them in the right order is up to the developer or operator. * * WARNING: setting the version to 255 will prevent any future reinitialization. * * Emits an {Initialized} event. */ modifier reinitializer(uint8 version) { require(!_initializing && _initialized < version, "Initializable: contract is already initialized"); _initialized = version; _initializing = true; _; _initializing = false; emit Initialized(version); } /** * @dev Modifier to protect an initialization function so that it can only be invoked by functions with the * {initializer} and {reinitializer} modifiers, directly or indirectly. */ modifier onlyInitializing() { require(_initializing, "Initializable: contract is not initializing"); _; } /** * @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call. * Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized * to any version. It is recommended to use this to lock implementation contracts that are designed to be called * through proxies. * * Emits an {Initialized} event the first time it is successfully executed. */ function _disableInitializers() internal virtual { require(!_initializing, "Initializable: contract is initializing"); if (_initialized != type(uint8).max) { _initialized = type(uint8).max; emit Initialized(type(uint8).max); } } /** * @dev Returns the highest version that has been initialized. See {reinitializer}. */ function _getInitializedVersion() internal view returns (uint8) { return _initialized; } /** * @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}. */ function _isInitializing() internal view returns (bool) { return _initializing; } } /** * @dev Provides information about the current execution context, including the * sender of the transaction and its data. While these are generally available * via msg.sender and msg.data, they should not be accessed in such a direct * manner, since when dealing with meta-transactions the account sending and * paying for execution may not be the actual sender (as far as an application * is concerned). * * This contract is only required for intermediate, library-like contracts. */ abstract contract ContextUpgradeable is Initializable { function __Context_init() internal onlyInitializing { } function __Context_init_unchained() internal onlyInitializing { } function _msgSender() internal view virtual returns (address) { return msg.sender; } function _msgData() internal view virtual returns (bytes calldata) { return msg.data; } /** * @dev This empty reserved space is put in place to allow future versions to add new * variables without shifting down storage in the inheritance chain. * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps */ uint256[50] private __gap; } /** * @dev Contract module which provides a basic access control mechanism, where * there is an account (an owner) that can be granted exclusive access to * specific functions. * * By default, the owner account will be the one that deploys the contract. This * can later be changed with {transferOwnership}. * * This module is used through inheritance. It will make available the modifier * `onlyOwner`, which can be applied to your functions to restrict their use to * the owner. */ abstract contract OwnableUpgradeable is Initializable, ContextUpgradeable { address private _owner; event OwnershipTransferred(address indexed previousOwner, address indexed newOwner); /** * @dev Initializes the contract setting the deployer as the initial owner. */ function __Ownable_init() internal onlyInitializing { __Ownable_init_unchained(); } function __Ownable_init_unchained() internal onlyInitializing { _transferOwnership(_msgSender()); } /** * @dev Throws if called by any account other than the owner. */ modifier onlyOwner() { _checkOwner(); _; } /** * @dev Returns the address of the current owner. */ function owner() public view virtual returns (address) { return _owner; } /** * @dev Throws if the sender is not the owner. */ function _checkOwner() internal view virtual { require(owner() == _msgSender(), "Ownable: caller is not the owner"); } /** * @dev Leaves the contract without owner. It will not be possible to call * `onlyOwner` functions. Can only be called by the current owner. * * NOTE: Renouncing ownership will leave the contract without an owner, * thereby disabling any functionality that is only available to the owner. */ function renounceOwnership() public virtual onlyOwner { _transferOwnership(address(0)); } /** * @dev Transfers ownership of the contract to a new account (`newOwner`). * Can only be called by the current owner. */ function transferOwnership(address newOwner) public virtual onlyOwner { require(newOwner != address(0), "Ownable: new owner is the zero address"); _transferOwnership(newOwner); } /** * @dev Transfers ownership of the contract to a new account (`newOwner`). * Internal function without access restriction. */ function _transferOwnership(address newOwner) internal virtual { address oldOwner = _owner; _owner = newOwner; emit OwnershipTransferred(oldOwner, newOwner); } /** * @dev This empty reserved space is put in place to allow future versions to add new * variables without shifting down storage in the inheritance chain. * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps */ uint256[49] private __gap; } // OpenZeppelin Contracts (last updated v4.9.0) (proxy/utils/UUPSUpgradeable.sol) // OpenZeppelin Contracts (last updated v4.5.0) (interfaces/draft-IERC1822.sol) /** * @dev ERC1822: Universal Upgradeable Proxy Standard (UUPS) documents a method for upgradeability through a simplified * proxy whose upgrades are fully controlled by the current implementation. */ interface IERC1822ProxiableUpgradeable { /** * @dev Returns the storage slot that the proxiable contract assumes is being used to store the implementation * address. * * IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks * bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this * function revert if invoked through a proxy. */ function proxiableUUID() external view returns (bytes32); } // OpenZeppelin Contracts (last updated v4.9.0) (proxy/ERC1967/ERC1967Upgrade.sol) // OpenZeppelin Contracts v4.4.1 (proxy/beacon/IBeacon.sol) /** * @dev This is the interface that {BeaconProxy} expects of its beacon. */ interface IBeaconUpgradeable { /** * @dev Must return an address that can be used as a delegate call target. * * {BeaconProxy} will check that this address is a contract. */ function implementation() external view returns (address); } // OpenZeppelin Contracts (last updated v4.9.0) (interfaces/IERC1967.sol) /** * @dev ERC-1967: Proxy Storage Slots. This interface contains the events defined in the ERC. * * _Available since v4.8.3._ */ interface IERC1967Upgradeable { /** * @dev Emitted when the implementation is upgraded. */ event Upgraded(address indexed implementation); /** * @dev Emitted when the admin account has changed. */ event AdminChanged(address previousAdmin, address newAdmin); /** * @dev Emitted when the beacon is changed. */ event BeaconUpgraded(address indexed beacon); } // OpenZeppelin Contracts (last updated v4.9.0) (utils/StorageSlot.sol) // This file was procedurally generated from scripts/generate/templates/StorageSlot.js. /** * @dev Library for reading and writing primitive types to specific storage slots. * * Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts. * This library helps with reading and writing to such slots without the need for inline assembly. * * The functions in this library return Slot structs that contain a `value` member that can be used to read or write. * * Example usage to set ERC1967 implementation slot: * ```solidity * contract ERC1967 { * bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc; * * function _getImplementation() internal view returns (address) { * return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value; * } * * function _setImplementation(address newImplementation) internal { * require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract"); * StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation; * } * } * ``` * * _Available since v4.1 for `address`, `bool`, `bytes32`, `uint256`._ * _Available since v4.9 for `string`, `bytes`._ */ library StorageSlotUpgradeable { struct AddressSlot { address value; } struct BooleanSlot { bool value; } struct Bytes32Slot { bytes32 value; } struct Uint256Slot { uint256 value; } struct StringSlot { string value; } struct BytesSlot { bytes value; } /** * @dev Returns an `AddressSlot` with member `value` located at `slot`. */ function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) { /// @solidity memory-safe-assembly assembly { r.slot := slot } } /** * @dev Returns an `BooleanSlot` with member `value` located at `slot`. */ function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) { /// @solidity memory-safe-assembly assembly { r.slot := slot } } /** * @dev Returns an `Bytes32Slot` with member `value` located at `slot`. */ function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) { /// @solidity memory-safe-assembly assembly { r.slot := slot } } /** * @dev Returns an `Uint256Slot` with member `value` located at `slot`. */ function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) { /// @solidity memory-safe-assembly assembly { r.slot := slot } } /** * @dev Returns an `StringSlot` with member `value` located at `slot`. */ function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) { /// @solidity memory-safe-assembly assembly { r.slot := slot } } /** * @dev Returns an `StringSlot` representation of the string storage pointer `store`. */ function getStringSlot(string storage store) internal pure returns (StringSlot storage r) { /// @solidity memory-safe-assembly assembly { r.slot := store.slot } } /** * @dev Returns an `BytesSlot` with member `value` located at `slot`. */ function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) { /// @solidity memory-safe-assembly assembly { r.slot := slot } } /** * @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`. */ function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) { /// @solidity memory-safe-assembly assembly { r.slot := store.slot } } } /** * @dev This abstract contract provides getters and event emitting update functions for * https://eips.ethereum.org/EIPS/eip-1967[EIP1967] slots. * * _Available since v4.1._ */ abstract contract ERC1967UpgradeUpgradeable is Initializable, IERC1967Upgradeable { function __ERC1967Upgrade_init() internal onlyInitializing { } function __ERC1967Upgrade_init_unchained() internal onlyInitializing { } // This is the keccak-256 hash of "eip1967.proxy.rollback" subtracted by 1 bytes32 private constant _ROLLBACK_SLOT = 0x4910fdfa16fed3260ed0e7147f7cc6da11a60208b5b9406d12a635614ffd9143; /** * @dev Storage slot with the address of the current implementation. * This is the keccak-256 hash of "eip1967.proxy.implementation" subtracted by 1, and is * validated in the constructor. */ bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc; /** * @dev Returns the current implementation address. */ function _getImplementation() internal view returns (address) { return StorageSlotUpgradeable.getAddressSlot(_IMPLEMENTATION_SLOT).value; } /** * @dev Stores a new address in the EIP1967 implementation slot. */ function _setImplementation(address newImplementation) private { require(AddressUpgradeable.isContract(newImplementation), "ERC1967: new implementation is not a contract"); StorageSlotUpgradeable.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation; } /** * @dev Perform implementation upgrade * * Emits an {Upgraded} event. */ function _upgradeTo(address newImplementation) internal { _setImplementation(newImplementation); emit Upgraded(newImplementation); } /** * @dev Perform implementation upgrade with additional setup call. * * Emits an {Upgraded} event. */ function _upgradeToAndCall(address newImplementation, bytes memory data, bool forceCall) internal { _upgradeTo(newImplementation); if (data.length > 0 || forceCall) { AddressUpgradeable.functionDelegateCall(newImplementation, data); } } /** * @dev Perform implementation upgrade with security checks for UUPS proxies, and additional setup call. * * Emits an {Upgraded} event. */ function _upgradeToAndCallUUPS(address newImplementation, bytes memory data, bool forceCall) internal { // Upgrades from old implementations will perform a rollback test. This test requires the new // implementation to upgrade back to the old, non-ERC1822 compliant, implementation. Removing // this special case will break upgrade paths from old UUPS implementation to new ones. if (StorageSlotUpgradeable.getBooleanSlot(_ROLLBACK_SLOT).value) { _setImplementation(newImplementation); } else { try IERC1822ProxiableUpgradeable(newImplementation).proxiableUUID() returns (bytes32 slot) { require(slot == _IMPLEMENTATION_SLOT, "ERC1967Upgrade: unsupported proxiableUUID"); } catch { revert("ERC1967Upgrade: new implementation is not UUPS"); } _upgradeToAndCall(newImplementation, data, forceCall); } } /** * @dev Storage slot with the admin of the contract. * This is the keccak-256 hash of "eip1967.proxy.admin" subtracted by 1, and is * validated in the constructor. */ bytes32 internal constant _ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103; /** * @dev Returns the current admin. */ function _getAdmin() internal view returns (address) { return StorageSlotUpgradeable.getAddressSlot(_ADMIN_SLOT).value; } /** * @dev Stores a new address in the EIP1967 admin slot. */ function _setAdmin(address newAdmin) private { require(newAdmin != address(0), "ERC1967: new admin is the zero address"); StorageSlotUpgradeable.getAddressSlot(_ADMIN_SLOT).value = newAdmin; } /** * @dev Changes the admin of the proxy. * * Emits an {AdminChanged} event. */ function _changeAdmin(address newAdmin) internal { emit AdminChanged(_getAdmin(), newAdmin); _setAdmin(newAdmin); } /** * @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy. * This is bytes32(uint256(keccak256('eip1967.proxy.beacon')) - 1)) and is validated in the constructor. */ bytes32 internal constant _BEACON_SLOT = 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50; /** * @dev Returns the current beacon. */ function _getBeacon() internal view returns (address) { return StorageSlotUpgradeable.getAddressSlot(_BEACON_SLOT).value; } /** * @dev Stores a new beacon in the EIP1967 beacon slot. */ function _setBeacon(address newBeacon) private { require(AddressUpgradeable.isContract(newBeacon), "ERC1967: new beacon is not a contract"); require( AddressUpgradeable.isContract(IBeaconUpgradeable(newBeacon).implementation()), "ERC1967: beacon implementation is not a contract" ); StorageSlotUpgradeable.getAddressSlot(_BEACON_SLOT).value = newBeacon; } /** * @dev Perform beacon upgrade with additional setup call. Note: This upgrades the address of the beacon, it does * not upgrade the implementation contained in the beacon (see {UpgradeableBeacon-_setImplementation} for that). * * Emits a {BeaconUpgraded} event. */ function _upgradeBeaconToAndCall(address newBeacon, bytes memory data, bool forceCall) internal { _setBeacon(newBeacon); emit BeaconUpgraded(newBeacon); if (data.length > 0 || forceCall) { AddressUpgradeable.functionDelegateCall(IBeaconUpgradeable(newBeacon).implementation(), data); } } /** * @dev This empty reserved space is put in place to allow future versions to add new * variables without shifting down storage in the inheritance chain. * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps */ uint256[50] private __gap; } /** * @dev An upgradeability mechanism designed for UUPS proxies. The functions included here can perform an upgrade of an * {ERC1967Proxy}, when this contract is set as the implementation behind such a proxy. * * A security mechanism ensures that an upgrade does not turn off upgradeability accidentally, although this risk is * reinstated if the upgrade retains upgradeability but removes the security mechanism, e.g. by replacing * `UUPSUpgradeable` with a custom implementation of upgrades. * * The {_authorizeUpgrade} function must be overridden to include access restriction to the upgrade mechanism. * * _Available since v4.1._ */ abstract contract UUPSUpgradeable is Initializable, IERC1822ProxiableUpgradeable, ERC1967UpgradeUpgradeable { function __UUPSUpgradeable_init() internal onlyInitializing { } function __UUPSUpgradeable_init_unchained() internal onlyInitializing { } /// @custom:oz-upgrades-unsafe-allow state-variable-immutable state-variable-assignment address private immutable __self = address(this); /** * @dev Check that the execution is being performed through a delegatecall call and that the execution context is * a proxy contract with an implementation (as defined in ERC1967) pointing to self. This should only be the case * for UUPS and transparent proxies that are using the current contract as their implementation. Execution of a * function through ERC1167 minimal proxies (clones) would not normally pass this test, but is not guaranteed to * fail. */ modifier onlyProxy() { require(address(this) != __self, "Function must be called through delegatecall"); require(_getImplementation() == __self, "Function must be called through active proxy"); _; } /** * @dev Check that the execution is not being performed through a delegate call. This allows a function to be * callable on the implementing contract but not through proxies. */ modifier notDelegated() { require(address(this) == __self, "UUPSUpgradeable: must not be called through delegatecall"); _; } /** * @dev Implementation of the ERC1822 {proxiableUUID} function. This returns the storage slot used by the * implementation. It is used to validate the implementation's compatibility when performing an upgrade. * * IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks * bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this * function revert if invoked through a proxy. This is guaranteed by the `notDelegated` modifier. */ function proxiableUUID() external view virtual override notDelegated returns (bytes32) { return _IMPLEMENTATION_SLOT; } /** * @dev Upgrade the implementation of the proxy to `newImplementation`. * * Calls {_authorizeUpgrade}. * * Emits an {Upgraded} event. * * @custom:oz-upgrades-unsafe-allow-reachable delegatecall */ function upgradeTo(address newImplementation) public virtual onlyProxy { _authorizeUpgrade(newImplementation); _upgradeToAndCallUUPS(newImplementation, new bytes(0), false); } /** * @dev Upgrade the implementation of the proxy to `newImplementation`, and subsequently execute the function call * encoded in `data`. * * Calls {_authorizeUpgrade}. * * Emits an {Upgraded} event. * * @custom:oz-upgrades-unsafe-allow-reachable delegatecall */ function upgradeToAndCall(address newImplementation, bytes memory data) public payable virtual onlyProxy { _authorizeUpgrade(newImplementation); _upgradeToAndCallUUPS(newImplementation, data, true); } /** * @dev Function that should revert when `msg.sender` is not authorized to upgrade the contract. Called by * {upgradeTo} and {upgradeToAndCall}. * * Normally, this function will use an xref:access.adoc[access control] modifier such as {Ownable-onlyOwner}. * * ```solidity * function _authorizeUpgrade(address) internal override onlyOwner {} * ``` */ function _authorizeUpgrade(address newImplementation) internal virtual; /** * @dev This empty reserved space is put in place to allow future versions to add new * variables without shifting down storage in the inheritance chain. * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps */ uint256[50] private __gap; } // OpenZeppelin Contracts (last updated v4.7.0) (security/Pausable.sol) /** * @dev Contract module which allows children to implement an emergency stop * mechanism that can be triggered by an authorized account. * * This module is used through inheritance. It will make available the * modifiers `whenNotPaused` and `whenPaused`, which can be applied to * the functions of your contract. Note that they will not be pausable by * simply including this module, only once the modifiers are put in place. */ abstract contract PausableUpgradeable is Initializable, ContextUpgradeable { /** * @dev Emitted when the pause is triggered by `account`. */ event Paused(address account); /** * @dev Emitted when the pause is lifted by `account`. */ event Unpaused(address account); bool private _paused; /** * @dev Initializes the contract in unpaused state. */ function __Pausable_init() internal onlyInitializing { __Pausable_init_unchained(); } function __Pausable_init_unchained() internal onlyInitializing { _paused = false; } /** * @dev Modifier to make a function callable only when the contract is not paused. * * Requirements: * * - The contract must not be paused. */ modifier whenNotPaused() { _requireNotPaused(); _; } /** * @dev Modifier to make a function callable only when the contract is paused. * * Requirements: * * - The contract must be paused. */ modifier whenPaused() { _requirePaused(); _; } /** * @dev Returns true if the contract is paused, and false otherwise. */ function paused() public view virtual returns (bool) { return _paused; } /** * @dev Throws if the contract is paused. */ function _requireNotPaused() internal view virtual { require(!paused(), "Pausable: paused"); } /** * @dev Throws if the contract is not paused. */ function _requirePaused() internal view virtual { require(paused(), "Pausable: not paused"); } /** * @dev Triggers stopped state. * * Requirements: * * - The contract must not be paused. */ function _pause() internal virtual whenNotPaused { _paused = true; emit Paused(_msgSender()); } /** * @dev Returns to normal state. * * Requirements: * * - The contract must be paused. */ function _unpause() internal virtual whenPaused { _paused = false; emit Unpaused(_msgSender()); } /** * @dev This empty reserved space is put in place to allow future versions to add new * variables without shifting down storage in the inheritance chain. * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps */ uint256[49] private __gap; } /// @title CommonAdminOwner /// @notice An upgradeable contract that, when inherited from, provides 4 functionalities: /// 1. The ability to pause and unpause functions with the `whenNotPaused` modifier /// 2. The ability to transfer ownership (which controls who can pause/unpause) /// 3. UUPS upgradeability, and the admin role which is allowed to upgrade /// the implementation contract /// 4. The ability to change the admin (which controls upgradeability) contract CommonAdminOwner is Initializable, OwnableUpgradeable, PausableUpgradeable, UUPSUpgradeable { /// @notice The initializer, which must be used instead of the constructor /// because this is a UUPS contract function __CommonAdminOwner_init() internal onlyInitializing { __Ownable_init(); __Pausable_init(); __UUPSUpgradeable_init(); } modifier onlyAdmin() { require(msg.sender == _getAdmin(), "NOT_ADMIN"); _; } function _authorizeUpgrade( address newImplementation ) internal override onlyAdmin { // NOOP, we just need the onlyAdmin modifier to execute } function changeAdmin(address newAdmin) external onlyAdmin { require(newAdmin != _getAdmin(), "SAME_ADMIN"); _changeAdmin(newAdmin); } /** * @dev called by the owner to pause, triggers stopped state */ function pause() external onlyOwner { _pause(); } /** * @dev called by the owner to unpause, returns to normal state */ function unpause() external onlyOwner { _unpause(); } } interface IUSDC is IERC20Upgradeable { function burn(uint256 _amount) external; function mint(address _to, uint256 _amount) external returns (bool); function DOMAIN_SEPARATOR() external view returns (bytes32); } /// @title LibPermit /// @notice Library to call the EIP-2612 permit method on a token library LibPermit { error NotValidSelector(); error NotValidOwner(); error NotValidSpender(); error NotValidAmount(); /// @dev bytes4(keccak256(bytes("permit(address,address,uint256,uint256,uint8,bytes32,bytes32)"))); bytes4 private constant _PERMIT_SIGNATURE = 0xd505accf; /// @notice Function to call token the EIP-2612 permit method on a token /// @dev Adapted from PolygonZKEVMBridge.sol's `_permit` /// @param token ERC20 token address /// @param amount Quantity that is expected to be allowed /// @param permitData Raw data of the call `permit` of the token function permit( address token, uint256 amount, bytes calldata permitData ) internal { if (bytes4(permitData[:4]) != _PERMIT_SIGNATURE) revert NotValidSelector(); ( address owner, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s ) = abi.decode( permitData[4:], (address, address, uint256, uint256, uint8, bytes32, bytes32) ); if (owner != msg.sender) { revert NotValidOwner(); } if (spender != address(this)) { revert NotValidSpender(); } if (value != amount) { revert NotValidAmount(); } // we call without checking the result, in case it fails and they don't have enough balance // the following transferFrom should be fail. This prevents DoS attacks from using a signature // before the smartcontract call /* solhint-disable avoid-low-level-calls */ address(token).call( abi.encodeWithSelector( _PERMIT_SIGNATURE, owner, spender, value, deadline, v, r, s ) ); } } /// @title L1Escrow /// @notice This upgradeable contract receives USDC from users on L1 and uses the PolygonZkEVMBridge /// to send a message to the ZkMinterBurner contract on the L2 (zkEVM) which /// then mints USDC-e for users /// @notice This contract is upgradeable using UUPS, and can have its important functions /// paused and unpaused contract L1Escrow is IBridgeMessageReceiver, CommonAdminOwner { using SafeERC20Upgradeable for IUSDC; event Deposit(address indexed from, address indexed to, uint256 amount); /// @notice The singleton bridge contract on both L1 and L2 (zkEVM) that faciliates /// bridging messages between L1 and L2. It also stores all of the L1 USDC /// backing the L2 BridgeWrappedUSDC IPolygonZkEVMBridge public bridge; /// @notice The ID used internally by the bridge to identify zkEVM messages. Initially /// set to be `1` uint32 public zkNetworkId; /// @notice Address of the L2 ZkMinterBurner, which receives messages from the L1Escrow address public zkMinterBurner; /// @notice Address of the L1 USDC token IUSDC public l1USDC; constructor() { // override default OZ behaviour that sets msg.sender as the owner // set the owner of the implementation to an address that can not change anything _transferOwnership(address(1)); } /// @notice Setup the state variables of the upgradeable L1Escrow contract /// @notice The owner is the address that is able to pause and unpause function calls /// @param owner_ the address that will be able to pause and unpause the contract, /// as well as transfer the ownership of the contract /// @param bridge_ the address of the PolygonZkEVMBridge deployed on the zkEVM /// @param zkNetworkId_ the ID used internally by the bridge to identify zkEVM messages /// @param zkMinterBurnerProxy_ the address of the ZkMinterBurnerProxy deployed on the L2 /// @param l1Usdc_ the address of the L1 USDC deployed on the L1 function initialize( address owner_, address admin_, address bridge_, uint32 zkNetworkId_, address zkMinterBurnerProxy_, address l1Usdc_ ) external onlyProxy onlyAdmin initializer { require(bridge_ != address(0), "INVALID_BRIDGE"); require(zkMinterBurnerProxy_ != address(0), "INVALID_MB"); require(l1Usdc_ != address(0), "INVALID_L1_USDC"); require(owner_ != address(0), "INVALID_OWNER"); require(admin_ != address(0), "INVALID_ADMIN"); __CommonAdminOwner_init(); _transferOwnership(owner_); _changeAdmin(admin_); bridge = IPolygonZkEVMBridge(bridge_); zkNetworkId = zkNetworkId_; zkMinterBurner = zkMinterBurnerProxy_; l1USDC = IUSDC(l1Usdc_); } /// @notice Bridges L1 USDC to L2 USDC-e /// @dev The L1Escrow transfers L1 USDC from the caller to itself and /// calls `bridge.bridgeMessage, which ultimately results in a message /// received on the L2 ZkMinterBurner which mints USDC-e for the destination /// address /// @dev Can be paused /// @param destinationAddress address that will receive USDC-e on the L2 /// @param amount amount of L1 USDC to bridge /// @param forceUpdateGlobalExitRoot whether or not to force the bridge to update. function bridgeToken( address destinationAddress, uint256 amount, bool forceUpdateGlobalExitRoot ) public whenNotPaused { // User calls `bridgeToken` on L1Escrow, L1_USDC is transferred to L1Escrow // message sent to PolygonZkEvmBridge targeted to L2's zkMinterBurner. require(destinationAddress != address(0), "INVALID_RECEIVER"); require(amount > 0, "INVALID_AMOUNT"); // move L1-USDC from the user to the escrow l1USDC.safeTransferFrom(msg.sender, address(this), amount); // tell our zkMinterBurner to mint zkUSDCe to the receiver bytes memory data = abi.encode(destinationAddress, amount); bridge.bridgeMessage( zkNetworkId, zkMinterBurner, forceUpdateGlobalExitRoot, data ); emit Deposit(msg.sender, destinationAddress, amount); } /// @notice Similar to other `bridgeToken` function, but saves an ERC20.approve call /// by using the EIP-2612 permit function function bridgeToken( address destinationAddress, uint256 amount, bool forceUpdateGlobalExitRoot, bytes calldata permitData ) external whenNotPaused { if (permitData.length > 0) LibPermit.permit(address(l1USDC), amount, permitData); bridgeToken(destinationAddress, amount, forceUpdateGlobalExitRoot); } /// @dev This function is triggered by the bridge to faciliate the L1 USDC withdrawal process. /// This function is called by the bridge when a message is sent by the L2 /// ZkMinterBurner communicating that it has burned USDC-e and wants to withdraw the L1 USDC /// that backs it. /// @dev This function can only be called by the bridge contract /// @dev Can be paused /// @param originAddress address that initiated the message on the L2 /// @param originNetwork network that initiated the message on the L2 /// @param data data that was sent with the message on the L2, includes the /// `l1Receiver` and `amount` of L1 USDC to send to the `l1Receiver` function onMessageReceived( address originAddress, uint32 originNetwork, bytes memory data ) external payable whenNotPaused { require(msg.sender == address(bridge), "NOT_BRIDGE"); require(zkMinterBurner == originAddress, "NOT_MINTER_BURNER"); require(zkNetworkId == originNetwork, "NOT_ZK_CHAIN"); // decode message data and call transfer (address l1Receiver, uint256 amount) = abi.decode( data, (address, uint256) ); // kinda redundant - these checks are being done by the caller require(l1Receiver != address(0), "INVALID_RECEIVER"); require(amount > 0, "INVALID_AMOUNT"); // send the locked L1_USDC to the receiver l1USDC.safeTransfer(l1Receiver, amount); } }
File 8 of 8: FiatTokenV2_2
/** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; import { EIP712Domain } from "./EIP712Domain.sol"; // solhint-disable-line no-unused-import import { Blacklistable } from "../v1/Blacklistable.sol"; // solhint-disable-line no-unused-import import { FiatTokenV1 } from "../v1/FiatTokenV1.sol"; // solhint-disable-line no-unused-import import { FiatTokenV2 } from "./FiatTokenV2.sol"; // solhint-disable-line no-unused-import import { FiatTokenV2_1 } from "./FiatTokenV2_1.sol"; import { EIP712 } from "../util/EIP712.sol"; // solhint-disable func-name-mixedcase /** * @title FiatToken V2.2 * @notice ERC20 Token backed by fiat reserves, version 2.2 */ contract FiatTokenV2_2 is FiatTokenV2_1 { /** * @notice Initialize v2.2 * @param accountsToBlacklist A list of accounts to migrate from the old blacklist * @param newSymbol New token symbol * data structure to the new blacklist data structure. */ function initializeV2_2( address[] calldata accountsToBlacklist, string calldata newSymbol ) external { // solhint-disable-next-line reason-string require(_initializedVersion == 2); // Update fiat token symbol symbol = newSymbol; // Add previously blacklisted accounts to the new blacklist data structure // and remove them from the old blacklist data structure. for (uint256 i = 0; i < accountsToBlacklist.length; i++) { require( _deprecatedBlacklisted[accountsToBlacklist[i]], "FiatTokenV2_2: Blacklisting previously unblacklisted account!" ); _blacklist(accountsToBlacklist[i]); delete _deprecatedBlacklisted[accountsToBlacklist[i]]; } _blacklist(address(this)); delete _deprecatedBlacklisted[address(this)]; _initializedVersion = 3; } /** * @dev Internal function to get the current chain id. * @return The current chain id. */ function _chainId() internal virtual view returns (uint256) { uint256 chainId; assembly { chainId := chainid() } return chainId; } /** * @inheritdoc EIP712Domain */ function _domainSeparator() internal override view returns (bytes32) { return EIP712.makeDomainSeparator(name, "2", _chainId()); } /** * @notice Update allowance with a signed permit * @dev EOA wallet signatures should be packed in the order of r, s, v. * @param owner Token owner's address (Authorizer) * @param spender Spender's address * @param value Amount of allowance * @param deadline The time at which the signature expires (unix time), or max uint256 value to signal no expiration * @param signature Signature bytes signed by an EOA wallet or a contract wallet */ function permit( address owner, address spender, uint256 value, uint256 deadline, bytes memory signature ) external whenNotPaused { _permit(owner, spender, value, deadline, signature); } /** * @notice Execute a transfer with a signed authorization * @dev EOA wallet signatures should be packed in the order of r, s, v. * @param from Payer's address (Authorizer) * @param to Payee's address * @param value Amount to be transferred * @param validAfter The time after which this is valid (unix time) * @param validBefore The time before which this is valid (unix time) * @param nonce Unique nonce * @param signature Signature bytes signed by an EOA wallet or a contract wallet */ function transferWithAuthorization( address from, address to, uint256 value, uint256 validAfter, uint256 validBefore, bytes32 nonce, bytes memory signature ) external whenNotPaused notBlacklisted(from) notBlacklisted(to) { _transferWithAuthorization( from, to, value, validAfter, validBefore, nonce, signature ); } /** * @notice Receive a transfer with a signed authorization from the payer * @dev This has an additional check to ensure that the payee's address * matches the caller of this function to prevent front-running attacks. * EOA wallet signatures should be packed in the order of r, s, v. * @param from Payer's address (Authorizer) * @param to Payee's address * @param value Amount to be transferred * @param validAfter The time after which this is valid (unix time) * @param validBefore The time before which this is valid (unix time) * @param nonce Unique nonce * @param signature Signature bytes signed by an EOA wallet or a contract wallet */ function receiveWithAuthorization( address from, address to, uint256 value, uint256 validAfter, uint256 validBefore, bytes32 nonce, bytes memory signature ) external whenNotPaused notBlacklisted(from) notBlacklisted(to) { _receiveWithAuthorization( from, to, value, validAfter, validBefore, nonce, signature ); } /** * @notice Attempt to cancel an authorization * @dev Works only if the authorization is not yet used. * EOA wallet signatures should be packed in the order of r, s, v. * @param authorizer Authorizer's address * @param nonce Nonce of the authorization * @param signature Signature bytes signed by an EOA wallet or a contract wallet */ function cancelAuthorization( address authorizer, bytes32 nonce, bytes memory signature ) external whenNotPaused { _cancelAuthorization(authorizer, nonce, signature); } /** * @dev Helper method that sets the blacklist state of an account on balanceAndBlacklistStates. * If _shouldBlacklist is true, we apply a (1 << 255) bitmask with an OR operation on the * account's balanceAndBlacklistState. This flips the high bit for the account to 1, * indicating that the account is blacklisted. * * If _shouldBlacklist if false, we reset the account's balanceAndBlacklistStates to their * balances. This clears the high bit for the account, indicating that the account is unblacklisted. * @param _account The address of the account. * @param _shouldBlacklist True if the account should be blacklisted, false if the account should be unblacklisted. */ function _setBlacklistState(address _account, bool _shouldBlacklist) internal override { balanceAndBlacklistStates[_account] = _shouldBlacklist ? balanceAndBlacklistStates[_account] | (1 << 255) : _balanceOf(_account); } /** * @dev Helper method that sets the balance of an account on balanceAndBlacklistStates. * Since balances are stored in the last 255 bits of the balanceAndBlacklistStates value, * we need to ensure that the updated balance does not exceed (2^255 - 1). * Since blacklisted accounts' balances cannot be updated, the method will also * revert if the account is blacklisted * @param _account The address of the account. * @param _balance The new fiat token balance of the account (max: (2^255 - 1)). */ function _setBalance(address _account, uint256 _balance) internal override { require( _balance <= ((1 << 255) - 1), "FiatTokenV2_2: Balance exceeds (2^255 - 1)" ); require( !_isBlacklisted(_account), "FiatTokenV2_2: Account is blacklisted" ); balanceAndBlacklistStates[_account] = _balance; } /** * @inheritdoc Blacklistable */ function _isBlacklisted(address _account) internal override view returns (bool) { return balanceAndBlacklistStates[_account] >> 255 == 1; } /** * @dev Helper method to obtain the balance of an account. Since balances * are stored in the last 255 bits of the balanceAndBlacklistStates value, * we apply a ((1 << 255) - 1) bit bitmask with an AND operation on the * balanceAndBlacklistState to obtain the balance. * @param _account The address of the account. * @return The fiat token balance of the account. */ function _balanceOf(address _account) internal override view returns (uint256) { return balanceAndBlacklistStates[_account] & ((1 << 255) - 1); } /** * @inheritdoc FiatTokenV1 */ function approve(address spender, uint256 value) external override whenNotPaused returns (bool) { _approve(msg.sender, spender, value); return true; } /** * @inheritdoc FiatTokenV2 */ function permit( address owner, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s ) external override whenNotPaused { _permit(owner, spender, value, deadline, v, r, s); } /** * @inheritdoc FiatTokenV2 */ function increaseAllowance(address spender, uint256 increment) external override whenNotPaused returns (bool) { _increaseAllowance(msg.sender, spender, increment); return true; } /** * @inheritdoc FiatTokenV2 */ function decreaseAllowance(address spender, uint256 decrement) external override whenNotPaused returns (bool) { _decreaseAllowance(msg.sender, spender, decrement); return true; } } // SPDX-License-Identifier: MIT pragma solidity >=0.6.2 <0.8.0; /** * @dev Collection of functions related to the address type */ library Address { /** * @dev Returns true if `account` is a contract. * * [IMPORTANT] * ==== * It is unsafe to assume that an address for which this function returns * false is an externally-owned account (EOA) and not a contract. * * Among others, `isContract` will return false for the following * types of addresses: * * - an externally-owned account * - a contract in construction * - an address where a contract will be created * - an address where a contract lived, but was destroyed * ==== */ function isContract(address account) internal view returns (bool) { // This method relies on extcodesize, which returns 0 for contracts in // construction, since the code is only stored at the end of the // constructor execution. uint256 size; // solhint-disable-next-line no-inline-assembly assembly { size := extcodesize(account) } return size > 0; } /** * @dev Replacement for Solidity's `transfer`: sends `amount` wei to * `recipient`, forwarding all available gas and reverting on errors. * * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost * of certain opcodes, possibly making contracts go over the 2300 gas limit * imposed by `transfer`, making them unable to receive funds via * `transfer`. {sendValue} removes this limitation. * * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more]. * * IMPORTANT: because control is transferred to `recipient`, care must be * taken to not create reentrancy vulnerabilities. Consider using * {ReentrancyGuard} or the * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern]. */ function sendValue(address payable recipient, uint256 amount) internal { require(address(this).balance >= amount, "Address: insufficient balance"); // solhint-disable-next-line avoid-low-level-calls, avoid-call-value (bool success, ) = recipient.call{ value: amount }(""); require(success, "Address: unable to send value, recipient may have reverted"); } /** * @dev Performs a Solidity function call using a low level `call`. A * plain`call` is an unsafe replacement for a function call: use this * function instead. * * If `target` reverts with a revert reason, it is bubbled up by this * function (like regular Solidity function calls). * * Returns the raw returned data. To convert to the expected return value, * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`]. * * Requirements: * * - `target` must be a contract. * - calling `target` with `data` must not revert. * * _Available since v3.1._ */ function functionCall(address target, bytes memory data) internal returns (bytes memory) { return functionCall(target, data, "Address: low-level call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with * `errorMessage` as a fallback revert reason when `target` reverts. * * _Available since v3.1._ */ function functionCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) { return functionCallWithValue(target, data, 0, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but also transferring `value` wei to `target`. * * Requirements: * * - the calling contract must have an ETH balance of at least `value`. * - the called Solidity function must be `payable`. * * _Available since v3.1._ */ function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) { return functionCallWithValue(target, data, value, "Address: low-level call with value failed"); } /** * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but * with `errorMessage` as a fallback revert reason when `target` reverts. * * _Available since v3.1._ */ function functionCallWithValue(address target, bytes memory data, uint256 value, string memory errorMessage) internal returns (bytes memory) { require(address(this).balance >= value, "Address: insufficient balance for call"); require(isContract(target), "Address: call to non-contract"); // solhint-disable-next-line avoid-low-level-calls (bool success, bytes memory returndata) = target.call{ value: value }(data); return _verifyCallResult(success, returndata, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but performing a static call. * * _Available since v3.3._ */ function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) { return functionStaticCall(target, data, "Address: low-level static call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`], * but performing a static call. * * _Available since v3.3._ */ function functionStaticCall(address target, bytes memory data, string memory errorMessage) internal view returns (bytes memory) { require(isContract(target), "Address: static call to non-contract"); // solhint-disable-next-line avoid-low-level-calls (bool success, bytes memory returndata) = target.staticcall(data); return _verifyCallResult(success, returndata, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but performing a delegate call. * * _Available since v3.4._ */ function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) { return functionDelegateCall(target, data, "Address: low-level delegate call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`], * but performing a delegate call. * * _Available since v3.4._ */ function functionDelegateCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) { require(isContract(target), "Address: delegate call to non-contract"); // solhint-disable-next-line avoid-low-level-calls (bool success, bytes memory returndata) = target.delegatecall(data); return _verifyCallResult(success, returndata, errorMessage); } function _verifyCallResult(bool success, bytes memory returndata, string memory errorMessage) private pure returns(bytes memory) { if (success) { return returndata; } else { // Look for revert reason and bubble it up if present if (returndata.length > 0) { // The easiest way to bubble the revert reason is using memory via assembly // solhint-disable-next-line no-inline-assembly assembly { let returndata_size := mload(returndata) revert(add(32, returndata), returndata_size) } } else { revert(errorMessage); } } } } // SPDX-License-Identifier: MIT pragma solidity >=0.6.0 <0.8.0; import "./IERC20.sol"; import "../../math/SafeMath.sol"; import "../../utils/Address.sol"; /** * @title SafeERC20 * @dev Wrappers around ERC20 operations that throw on failure (when the token * contract returns false). Tokens that return no value (and instead revert or * throw on failure) are also supported, non-reverting calls are assumed to be * successful. * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract, * which allows you to call the safe operations as `token.safeTransfer(...)`, etc. */ library SafeERC20 { using SafeMath for uint256; using Address for address; function safeTransfer(IERC20 token, address to, uint256 value) internal { _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value)); } function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal { _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value)); } /** * @dev Deprecated. This function has issues similar to the ones found in * {IERC20-approve}, and its usage is discouraged. * * Whenever possible, use {safeIncreaseAllowance} and * {safeDecreaseAllowance} instead. */ function safeApprove(IERC20 token, address spender, uint256 value) internal { // safeApprove should only be called when setting an initial allowance, // or when resetting it to zero. To increase and decrease it, use // 'safeIncreaseAllowance' and 'safeDecreaseAllowance' // solhint-disable-next-line max-line-length require((value == 0) || (token.allowance(address(this), spender) == 0), "SafeERC20: approve from non-zero to non-zero allowance" ); _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value)); } function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal { uint256 newAllowance = token.allowance(address(this), spender).add(value); _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance)); } function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal { uint256 newAllowance = token.allowance(address(this), spender).sub(value, "SafeERC20: decreased allowance below zero"); _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance)); } /** * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement * on the return value: the return value is optional (but if data is returned, it must not be false). * @param token The token targeted by the call. * @param data The call data (encoded using abi.encode or one of its variants). */ function _callOptionalReturn(IERC20 token, bytes memory data) private { // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since // we're implementing it ourselves. We use {Address.functionCall} to perform this call, which verifies that // the target address contains contract code and also asserts for success in the low-level call. bytes memory returndata = address(token).functionCall(data, "SafeERC20: low-level call failed"); if (returndata.length > 0) { // Return data is optional // solhint-disable-next-line max-line-length require(abi.decode(returndata, (bool)), "SafeERC20: ERC20 operation did not succeed"); } } } // SPDX-License-Identifier: MIT pragma solidity >=0.6.0 <0.8.0; /** * @dev Interface of the ERC20 standard as defined in the EIP. */ interface IERC20 { /** * @dev Returns the amount of tokens in existence. */ function totalSupply() external view returns (uint256); /** * @dev Returns the amount of tokens owned by `account`. */ function balanceOf(address account) external view returns (uint256); /** * @dev Moves `amount` tokens from the caller's account to `recipient`. * * Returns a boolean value indicating whether the operation succeeded. * * Emits a {Transfer} event. */ function transfer(address recipient, uint256 amount) external returns (bool); /** * @dev Returns the remaining number of tokens that `spender` will be * allowed to spend on behalf of `owner` through {transferFrom}. This is * zero by default. * * This value changes when {approve} or {transferFrom} are called. */ function allowance(address owner, address spender) external view returns (uint256); /** * @dev Sets `amount` as the allowance of `spender` over the caller's tokens. * * Returns a boolean value indicating whether the operation succeeded. * * IMPORTANT: Beware that changing an allowance with this method brings the risk * that someone may use both the old and the new allowance by unfortunate * transaction ordering. One possible solution to mitigate this race * condition is to first reduce the spender's allowance to 0 and set the * desired value afterwards: * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 * * Emits an {Approval} event. */ function approve(address spender, uint256 amount) external returns (bool); /** * @dev Moves `amount` tokens from `sender` to `recipient` using the * allowance mechanism. `amount` is then deducted from the caller's * allowance. * * Returns a boolean value indicating whether the operation succeeded. * * Emits a {Transfer} event. */ function transferFrom(address sender, address recipient, uint256 amount) external returns (bool); /** * @dev Emitted when `value` tokens are moved from one account (`from`) to * another (`to`). * * Note that `value` may be zero. */ event Transfer(address indexed from, address indexed to, uint256 value); /** * @dev Emitted when the allowance of a `spender` for an `owner` is set by * a call to {approve}. `value` is the new allowance. */ event Approval(address indexed owner, address indexed spender, uint256 value); } // SPDX-License-Identifier: MIT pragma solidity >=0.6.0 <0.8.0; /** * @dev Wrappers over Solidity's arithmetic operations with added overflow * checks. * * Arithmetic operations in Solidity wrap on overflow. This can easily result * in bugs, because programmers usually assume that an overflow raises an * error, which is the standard behavior in high level programming languages. * `SafeMath` restores this intuition by reverting the transaction when an * operation overflows. * * Using this library instead of the unchecked operations eliminates an entire * class of bugs, so it's recommended to use it always. */ library SafeMath { /** * @dev Returns the addition of two unsigned integers, with an overflow flag. * * _Available since v3.4._ */ function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) { uint256 c = a + b; if (c < a) return (false, 0); return (true, c); } /** * @dev Returns the substraction of two unsigned integers, with an overflow flag. * * _Available since v3.4._ */ function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) { if (b > a) return (false, 0); return (true, a - b); } /** * @dev Returns the multiplication of two unsigned integers, with an overflow flag. * * _Available since v3.4._ */ function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) { // Gas optimization: this is cheaper than requiring 'a' not being zero, but the // benefit is lost if 'b' is also tested. // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522 if (a == 0) return (true, 0); uint256 c = a * b; if (c / a != b) return (false, 0); return (true, c); } /** * @dev Returns the division of two unsigned integers, with a division by zero flag. * * _Available since v3.4._ */ function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) { if (b == 0) return (false, 0); return (true, a / b); } /** * @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag. * * _Available since v3.4._ */ function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) { if (b == 0) return (false, 0); return (true, a % b); } /** * @dev Returns the addition of two unsigned integers, reverting on * overflow. * * Counterpart to Solidity's `+` operator. * * Requirements: * * - Addition cannot overflow. */ function add(uint256 a, uint256 b) internal pure returns (uint256) { uint256 c = a + b; require(c >= a, "SafeMath: addition overflow"); return c; } /** * @dev Returns the subtraction of two unsigned integers, reverting on * overflow (when the result is negative). * * Counterpart to Solidity's `-` operator. * * Requirements: * * - Subtraction cannot overflow. */ function sub(uint256 a, uint256 b) internal pure returns (uint256) { require(b <= a, "SafeMath: subtraction overflow"); return a - b; } /** * @dev Returns the multiplication of two unsigned integers, reverting on * overflow. * * Counterpart to Solidity's `*` operator. * * Requirements: * * - Multiplication cannot overflow. */ function mul(uint256 a, uint256 b) internal pure returns (uint256) { if (a == 0) return 0; uint256 c = a * b; require(c / a == b, "SafeMath: multiplication overflow"); return c; } /** * @dev Returns the integer division of two unsigned integers, reverting on * division by zero. The result is rounded towards zero. * * Counterpart to Solidity's `/` operator. Note: this function uses a * `revert` opcode (which leaves remaining gas untouched) while Solidity * uses an invalid opcode to revert (consuming all remaining gas). * * Requirements: * * - The divisor cannot be zero. */ function div(uint256 a, uint256 b) internal pure returns (uint256) { require(b > 0, "SafeMath: division by zero"); return a / b; } /** * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo), * reverting when dividing by zero. * * Counterpart to Solidity's `%` operator. This function uses a `revert` * opcode (which leaves remaining gas untouched) while Solidity uses an * invalid opcode to revert (consuming all remaining gas). * * Requirements: * * - The divisor cannot be zero. */ function mod(uint256 a, uint256 b) internal pure returns (uint256) { require(b > 0, "SafeMath: modulo by zero"); return a % b; } /** * @dev Returns the subtraction of two unsigned integers, reverting with custom message on * overflow (when the result is negative). * * CAUTION: This function is deprecated because it requires allocating memory for the error * message unnecessarily. For custom revert reasons use {trySub}. * * Counterpart to Solidity's `-` operator. * * Requirements: * * - Subtraction cannot overflow. */ function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) { require(b <= a, errorMessage); return a - b; } /** * @dev Returns the integer division of two unsigned integers, reverting with custom message on * division by zero. The result is rounded towards zero. * * CAUTION: This function is deprecated because it requires allocating memory for the error * message unnecessarily. For custom revert reasons use {tryDiv}. * * Counterpart to Solidity's `/` operator. Note: this function uses a * `revert` opcode (which leaves remaining gas untouched) while Solidity * uses an invalid opcode to revert (consuming all remaining gas). * * Requirements: * * - The divisor cannot be zero. */ function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) { require(b > 0, errorMessage); return a / b; } /** * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo), * reverting with custom message when dividing by zero. * * CAUTION: This function is deprecated because it requires allocating memory for the error * message unnecessarily. For custom revert reasons use {tryMod}. * * Counterpart to Solidity's `%` operator. This function uses a `revert` * opcode (which leaves remaining gas untouched) while Solidity uses an * invalid opcode to revert (consuming all remaining gas). * * Requirements: * * - The divisor cannot be zero. */ function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) { require(b > 0, errorMessage); return a % b; } } /** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; import { FiatTokenV2 } from "./FiatTokenV2.sol"; // solhint-disable func-name-mixedcase /** * @title FiatToken V2.1 * @notice ERC20 Token backed by fiat reserves, version 2.1 */ contract FiatTokenV2_1 is FiatTokenV2 { /** * @notice Initialize v2.1 * @param lostAndFound The address to which the locked funds are sent */ function initializeV2_1(address lostAndFound) external { // solhint-disable-next-line reason-string require(_initializedVersion == 1); uint256 lockedAmount = _balanceOf(address(this)); if (lockedAmount > 0) { _transfer(address(this), lostAndFound, lockedAmount); } _blacklist(address(this)); _initializedVersion = 2; } /** * @notice Version string for the EIP712 domain separator * @return Version string */ function version() external pure returns (string memory) { return "2"; } } /** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; import { FiatTokenV1_1 } from "../v1.1/FiatTokenV1_1.sol"; import { EIP712 } from "../util/EIP712.sol"; import { EIP3009 } from "./EIP3009.sol"; import { EIP2612 } from "./EIP2612.sol"; /** * @title FiatToken V2 * @notice ERC20 Token backed by fiat reserves, version 2 */ contract FiatTokenV2 is FiatTokenV1_1, EIP3009, EIP2612 { uint8 internal _initializedVersion; /** * @notice Initialize v2 * @param newName New token name */ function initializeV2(string calldata newName) external { // solhint-disable-next-line reason-string require(initialized && _initializedVersion == 0); name = newName; _DEPRECATED_CACHED_DOMAIN_SEPARATOR = EIP712.makeDomainSeparator( newName, "2" ); _initializedVersion = 1; } /** * @notice Increase the allowance by a given increment * @param spender Spender's address * @param increment Amount of increase in allowance * @return True if successful */ function increaseAllowance(address spender, uint256 increment) external virtual whenNotPaused notBlacklisted(msg.sender) notBlacklisted(spender) returns (bool) { _increaseAllowance(msg.sender, spender, increment); return true; } /** * @notice Decrease the allowance by a given decrement * @param spender Spender's address * @param decrement Amount of decrease in allowance * @return True if successful */ function decreaseAllowance(address spender, uint256 decrement) external virtual whenNotPaused notBlacklisted(msg.sender) notBlacklisted(spender) returns (bool) { _decreaseAllowance(msg.sender, spender, decrement); return true; } /** * @notice Execute a transfer with a signed authorization * @param from Payer's address (Authorizer) * @param to Payee's address * @param value Amount to be transferred * @param validAfter The time after which this is valid (unix time) * @param validBefore The time before which this is valid (unix time) * @param nonce Unique nonce * @param v v of the signature * @param r r of the signature * @param s s of the signature */ function transferWithAuthorization( address from, address to, uint256 value, uint256 validAfter, uint256 validBefore, bytes32 nonce, uint8 v, bytes32 r, bytes32 s ) external whenNotPaused notBlacklisted(from) notBlacklisted(to) { _transferWithAuthorization( from, to, value, validAfter, validBefore, nonce, v, r, s ); } /** * @notice Receive a transfer with a signed authorization from the payer * @dev This has an additional check to ensure that the payee's address * matches the caller of this function to prevent front-running attacks. * @param from Payer's address (Authorizer) * @param to Payee's address * @param value Amount to be transferred * @param validAfter The time after which this is valid (unix time) * @param validBefore The time before which this is valid (unix time) * @param nonce Unique nonce * @param v v of the signature * @param r r of the signature * @param s s of the signature */ function receiveWithAuthorization( address from, address to, uint256 value, uint256 validAfter, uint256 validBefore, bytes32 nonce, uint8 v, bytes32 r, bytes32 s ) external whenNotPaused notBlacklisted(from) notBlacklisted(to) { _receiveWithAuthorization( from, to, value, validAfter, validBefore, nonce, v, r, s ); } /** * @notice Attempt to cancel an authorization * @dev Works only if the authorization is not yet used. * @param authorizer Authorizer's address * @param nonce Nonce of the authorization * @param v v of the signature * @param r r of the signature * @param s s of the signature */ function cancelAuthorization( address authorizer, bytes32 nonce, uint8 v, bytes32 r, bytes32 s ) external whenNotPaused { _cancelAuthorization(authorizer, nonce, v, r, s); } /** * @notice Update allowance with a signed permit * @param owner Token owner's address (Authorizer) * @param spender Spender's address * @param value Amount of allowance * @param deadline The time at which the signature expires (unix time), or max uint256 value to signal no expiration * @param v v of the signature * @param r r of the signature * @param s s of the signature */ function permit( address owner, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s ) external virtual whenNotPaused notBlacklisted(owner) notBlacklisted(spender) { _permit(owner, spender, value, deadline, v, r, s); } /** * @dev Internal function to increase the allowance by a given increment * @param owner Token owner's address * @param spender Spender's address * @param increment Amount of increase */ function _increaseAllowance( address owner, address spender, uint256 increment ) internal override { _approve(owner, spender, allowed[owner][spender].add(increment)); } /** * @dev Internal function to decrease the allowance by a given decrement * @param owner Token owner's address * @param spender Spender's address * @param decrement Amount of decrease */ function _decreaseAllowance( address owner, address spender, uint256 decrement ) internal override { _approve( owner, spender, allowed[owner][spender].sub( decrement, "ERC20: decreased allowance below zero" ) ); } } /** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; // solhint-disable func-name-mixedcase /** * @title EIP712 Domain */ contract EIP712Domain { // was originally DOMAIN_SEPARATOR // but that has been moved to a method so we can override it in V2_2+ bytes32 internal _DEPRECATED_CACHED_DOMAIN_SEPARATOR; /** * @notice Get the EIP712 Domain Separator. * @return The bytes32 EIP712 domain separator. */ function DOMAIN_SEPARATOR() external view returns (bytes32) { return _domainSeparator(); } /** * @dev Internal method to get the EIP712 Domain Separator. * @return The bytes32 EIP712 domain separator. */ function _domainSeparator() internal virtual view returns (bytes32) { return _DEPRECATED_CACHED_DOMAIN_SEPARATOR; } } /** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; import { AbstractFiatTokenV2 } from "./AbstractFiatTokenV2.sol"; import { EIP712Domain } from "./EIP712Domain.sol"; import { SignatureChecker } from "../util/SignatureChecker.sol"; import { MessageHashUtils } from "../util/MessageHashUtils.sol"; /** * @title EIP-3009 * @notice Provide internal implementation for gas-abstracted transfers * @dev Contracts that inherit from this must wrap these with publicly * accessible functions, optionally adding modifiers where necessary */ abstract contract EIP3009 is AbstractFiatTokenV2, EIP712Domain { // keccak256("TransferWithAuthorization(address from,address to,uint256 value,uint256 validAfter,uint256 validBefore,bytes32 nonce)") bytes32 public constant TRANSFER_WITH_AUTHORIZATION_TYPEHASH = 0x7c7c6cdb67a18743f49ec6fa9b35f50d52ed05cbed4cc592e13b44501c1a2267; // keccak256("ReceiveWithAuthorization(address from,address to,uint256 value,uint256 validAfter,uint256 validBefore,bytes32 nonce)") bytes32 public constant RECEIVE_WITH_AUTHORIZATION_TYPEHASH = 0xd099cc98ef71107a616c4f0f941f04c322d8e254fe26b3c6668db87aae413de8; // keccak256("CancelAuthorization(address authorizer,bytes32 nonce)") bytes32 public constant CANCEL_AUTHORIZATION_TYPEHASH = 0x158b0a9edf7a828aad02f63cd515c68ef2f50ba807396f6d12842833a1597429; /** * @dev authorizer address => nonce => bool (true if nonce is used) */ mapping(address => mapping(bytes32 => bool)) private _authorizationStates; event AuthorizationUsed(address indexed authorizer, bytes32 indexed nonce); event AuthorizationCanceled( address indexed authorizer, bytes32 indexed nonce ); /** * @notice Returns the state of an authorization * @dev Nonces are randomly generated 32-byte data unique to the * authorizer's address * @param authorizer Authorizer's address * @param nonce Nonce of the authorization * @return True if the nonce is used */ function authorizationState(address authorizer, bytes32 nonce) external view returns (bool) { return _authorizationStates[authorizer][nonce]; } /** * @notice Execute a transfer with a signed authorization * @param from Payer's address (Authorizer) * @param to Payee's address * @param value Amount to be transferred * @param validAfter The time after which this is valid (unix time) * @param validBefore The time before which this is valid (unix time) * @param nonce Unique nonce * @param v v of the signature * @param r r of the signature * @param s s of the signature */ function _transferWithAuthorization( address from, address to, uint256 value, uint256 validAfter, uint256 validBefore, bytes32 nonce, uint8 v, bytes32 r, bytes32 s ) internal { _transferWithAuthorization( from, to, value, validAfter, validBefore, nonce, abi.encodePacked(r, s, v) ); } /** * @notice Execute a transfer with a signed authorization * @dev EOA wallet signatures should be packed in the order of r, s, v. * @param from Payer's address (Authorizer) * @param to Payee's address * @param value Amount to be transferred * @param validAfter The time after which this is valid (unix time) * @param validBefore The time before which this is valid (unix time) * @param nonce Unique nonce * @param signature Signature byte array produced by an EOA wallet or a contract wallet */ function _transferWithAuthorization( address from, address to, uint256 value, uint256 validAfter, uint256 validBefore, bytes32 nonce, bytes memory signature ) internal { _requireValidAuthorization(from, nonce, validAfter, validBefore); _requireValidSignature( from, keccak256( abi.encode( TRANSFER_WITH_AUTHORIZATION_TYPEHASH, from, to, value, validAfter, validBefore, nonce ) ), signature ); _markAuthorizationAsUsed(from, nonce); _transfer(from, to, value); } /** * @notice Receive a transfer with a signed authorization from the payer * @dev This has an additional check to ensure that the payee's address * matches the caller of this function to prevent front-running attacks. * @param from Payer's address (Authorizer) * @param to Payee's address * @param value Amount to be transferred * @param validAfter The time after which this is valid (unix time) * @param validBefore The time before which this is valid (unix time) * @param nonce Unique nonce * @param v v of the signature * @param r r of the signature * @param s s of the signature */ function _receiveWithAuthorization( address from, address to, uint256 value, uint256 validAfter, uint256 validBefore, bytes32 nonce, uint8 v, bytes32 r, bytes32 s ) internal { _receiveWithAuthorization( from, to, value, validAfter, validBefore, nonce, abi.encodePacked(r, s, v) ); } /** * @notice Receive a transfer with a signed authorization from the payer * @dev This has an additional check to ensure that the payee's address * matches the caller of this function to prevent front-running attacks. * EOA wallet signatures should be packed in the order of r, s, v. * @param from Payer's address (Authorizer) * @param to Payee's address * @param value Amount to be transferred * @param validAfter The time after which this is valid (unix time) * @param validBefore The time before which this is valid (unix time) * @param nonce Unique nonce * @param signature Signature byte array produced by an EOA wallet or a contract wallet */ function _receiveWithAuthorization( address from, address to, uint256 value, uint256 validAfter, uint256 validBefore, bytes32 nonce, bytes memory signature ) internal { require(to == msg.sender, "FiatTokenV2: caller must be the payee"); _requireValidAuthorization(from, nonce, validAfter, validBefore); _requireValidSignature( from, keccak256( abi.encode( RECEIVE_WITH_AUTHORIZATION_TYPEHASH, from, to, value, validAfter, validBefore, nonce ) ), signature ); _markAuthorizationAsUsed(from, nonce); _transfer(from, to, value); } /** * @notice Attempt to cancel an authorization * @param authorizer Authorizer's address * @param nonce Nonce of the authorization * @param v v of the signature * @param r r of the signature * @param s s of the signature */ function _cancelAuthorization( address authorizer, bytes32 nonce, uint8 v, bytes32 r, bytes32 s ) internal { _cancelAuthorization(authorizer, nonce, abi.encodePacked(r, s, v)); } /** * @notice Attempt to cancel an authorization * @dev EOA wallet signatures should be packed in the order of r, s, v. * @param authorizer Authorizer's address * @param nonce Nonce of the authorization * @param signature Signature byte array produced by an EOA wallet or a contract wallet */ function _cancelAuthorization( address authorizer, bytes32 nonce, bytes memory signature ) internal { _requireUnusedAuthorization(authorizer, nonce); _requireValidSignature( authorizer, keccak256( abi.encode(CANCEL_AUTHORIZATION_TYPEHASH, authorizer, nonce) ), signature ); _authorizationStates[authorizer][nonce] = true; emit AuthorizationCanceled(authorizer, nonce); } /** * @notice Validates that signature against input data struct * @param signer Signer's address * @param dataHash Hash of encoded data struct * @param signature Signature byte array produced by an EOA wallet or a contract wallet */ function _requireValidSignature( address signer, bytes32 dataHash, bytes memory signature ) private view { require( SignatureChecker.isValidSignatureNow( signer, MessageHashUtils.toTypedDataHash(_domainSeparator(), dataHash), signature ), "FiatTokenV2: invalid signature" ); } /** * @notice Check that an authorization is unused * @param authorizer Authorizer's address * @param nonce Nonce of the authorization */ function _requireUnusedAuthorization(address authorizer, bytes32 nonce) private view { require( !_authorizationStates[authorizer][nonce], "FiatTokenV2: authorization is used or canceled" ); } /** * @notice Check that authorization is valid * @param authorizer Authorizer's address * @param nonce Nonce of the authorization * @param validAfter The time after which this is valid (unix time) * @param validBefore The time before which this is valid (unix time) */ function _requireValidAuthorization( address authorizer, bytes32 nonce, uint256 validAfter, uint256 validBefore ) private view { require( now > validAfter, "FiatTokenV2: authorization is not yet valid" ); require(now < validBefore, "FiatTokenV2: authorization is expired"); _requireUnusedAuthorization(authorizer, nonce); } /** * @notice Mark an authorization as used * @param authorizer Authorizer's address * @param nonce Nonce of the authorization */ function _markAuthorizationAsUsed(address authorizer, bytes32 nonce) private { _authorizationStates[authorizer][nonce] = true; emit AuthorizationUsed(authorizer, nonce); } } /** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; import { AbstractFiatTokenV2 } from "./AbstractFiatTokenV2.sol"; import { EIP712Domain } from "./EIP712Domain.sol"; import { MessageHashUtils } from "../util/MessageHashUtils.sol"; import { SignatureChecker } from "../util/SignatureChecker.sol"; /** * @title EIP-2612 * @notice Provide internal implementation for gas-abstracted approvals */ abstract contract EIP2612 is AbstractFiatTokenV2, EIP712Domain { // keccak256("Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)") bytes32 public constant PERMIT_TYPEHASH = 0x6e71edae12b1b97f4d1f60370fef10105fa2faae0126114a169c64845d6126c9; mapping(address => uint256) private _permitNonces; /** * @notice Nonces for permit * @param owner Token owner's address (Authorizer) * @return Next nonce */ function nonces(address owner) external view returns (uint256) { return _permitNonces[owner]; } /** * @notice Verify a signed approval permit and execute if valid * @param owner Token owner's address (Authorizer) * @param spender Spender's address * @param value Amount of allowance * @param deadline The time at which the signature expires (unix time), or max uint256 value to signal no expiration * @param v v of the signature * @param r r of the signature * @param s s of the signature */ function _permit( address owner, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s ) internal { _permit(owner, spender, value, deadline, abi.encodePacked(r, s, v)); } /** * @notice Verify a signed approval permit and execute if valid * @dev EOA wallet signatures should be packed in the order of r, s, v. * @param owner Token owner's address (Authorizer) * @param spender Spender's address * @param value Amount of allowance * @param deadline The time at which the signature expires (unix time), or max uint256 value to signal no expiration * @param signature Signature byte array signed by an EOA wallet or a contract wallet */ function _permit( address owner, address spender, uint256 value, uint256 deadline, bytes memory signature ) internal { require( deadline == type(uint256).max || deadline >= now, "FiatTokenV2: permit is expired" ); bytes32 typedDataHash = MessageHashUtils.toTypedDataHash( _domainSeparator(), keccak256( abi.encode( PERMIT_TYPEHASH, owner, spender, value, _permitNonces[owner]++, deadline ) ) ); require( SignatureChecker.isValidSignatureNow( owner, typedDataHash, signature ), "EIP2612: invalid signature" ); _approve(owner, spender, value); } } /** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; import { AbstractFiatTokenV1 } from "../v1/AbstractFiatTokenV1.sol"; abstract contract AbstractFiatTokenV2 is AbstractFiatTokenV1 { function _increaseAllowance( address owner, address spender, uint256 increment ) internal virtual; function _decreaseAllowance( address owner, address spender, uint256 decrement ) internal virtual; } /** * SPDX-License-Identifier: MIT * * Copyright (c) 2016 Smart Contract Solutions, Inc. * Copyright (c) 2018-2020 CENTRE SECZ * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ pragma solidity 0.6.12; import { Ownable } from "./Ownable.sol"; /** * @notice Base contract which allows children to implement an emergency stop * mechanism * @dev Forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/feb665136c0dae9912e08397c1a21c4af3651ef3/contracts/lifecycle/Pausable.sol * Modifications: * 1. Added pauser role, switched pause/unpause to be onlyPauser (6/14/2018) * 2. Removed whenNotPause/whenPaused from pause/unpause (6/14/2018) * 3. Removed whenPaused (6/14/2018) * 4. Switches ownable library to use ZeppelinOS (7/12/18) * 5. Remove constructor (7/13/18) * 6. Reformat, conform to Solidity 0.6 syntax and add error messages (5/13/20) * 7. Make public functions external (5/27/20) */ contract Pausable is Ownable { event Pause(); event Unpause(); event PauserChanged(address indexed newAddress); address public pauser; bool public paused = false; /** * @dev Modifier to make a function callable only when the contract is not paused. */ modifier whenNotPaused() { require(!paused, "Pausable: paused"); _; } /** * @dev throws if called by any account other than the pauser */ modifier onlyPauser() { require(msg.sender == pauser, "Pausable: caller is not the pauser"); _; } /** * @dev called by the owner to pause, triggers stopped state */ function pause() external onlyPauser { paused = true; emit Pause(); } /** * @dev called by the owner to unpause, returns to normal state */ function unpause() external onlyPauser { paused = false; emit Unpause(); } /** * @notice Updates the pauser address. * @param _newPauser The address of the new pauser. */ function updatePauser(address _newPauser) external onlyOwner { require( _newPauser != address(0), "Pausable: new pauser is the zero address" ); pauser = _newPauser; emit PauserChanged(pauser); } } /** * SPDX-License-Identifier: MIT * * Copyright (c) 2018 zOS Global Limited. * Copyright (c) 2018-2020 CENTRE SECZ * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ pragma solidity 0.6.12; /** * @notice The Ownable contract has an owner address, and provides basic * authorization control functions * @dev Forked from https://github.com/OpenZeppelin/openzeppelin-labs/blob/3887ab77b8adafba4a26ace002f3a684c1a3388b/upgradeability_ownership/contracts/ownership/Ownable.sol * Modifications: * 1. Consolidate OwnableStorage into this contract (7/13/18) * 2. Reformat, conform to Solidity 0.6 syntax, and add error messages (5/13/20) * 3. Make public functions external (5/27/20) */ contract Ownable { // Owner of the contract address private _owner; /** * @dev Event to show ownership has been transferred * @param previousOwner representing the address of the previous owner * @param newOwner representing the address of the new owner */ event OwnershipTransferred(address previousOwner, address newOwner); /** * @dev The constructor sets the original owner of the contract to the sender account. */ constructor() public { setOwner(msg.sender); } /** * @dev Tells the address of the owner * @return the address of the owner */ function owner() external view returns (address) { return _owner; } /** * @dev Sets a new owner address */ function setOwner(address newOwner) internal { _owner = newOwner; } /** * @dev Throws if called by any account other than the owner. */ modifier onlyOwner() { require(msg.sender == _owner, "Ownable: caller is not the owner"); _; } /** * @dev Allows the current owner to transfer control of the contract to a newOwner. * @param newOwner The address to transfer ownership to. */ function transferOwnership(address newOwner) external onlyOwner { require( newOwner != address(0), "Ownable: new owner is the zero address" ); emit OwnershipTransferred(_owner, newOwner); setOwner(newOwner); } } /** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; import { SafeMath } from "@openzeppelin/contracts/math/SafeMath.sol"; import { AbstractFiatTokenV1 } from "./AbstractFiatTokenV1.sol"; import { Ownable } from "./Ownable.sol"; import { Pausable } from "./Pausable.sol"; import { Blacklistable } from "./Blacklistable.sol"; /** * @title FiatToken * @dev ERC20 Token backed by fiat reserves */ contract FiatTokenV1 is AbstractFiatTokenV1, Ownable, Pausable, Blacklistable { using SafeMath for uint256; string public name; string public symbol; uint8 public decimals; string public currency; address public masterMinter; bool internal initialized; /// @dev A mapping that stores the balance and blacklist states for a given address. /// The first bit defines whether the address is blacklisted (1 if blacklisted, 0 otherwise). /// The last 255 bits define the balance for the address. mapping(address => uint256) internal balanceAndBlacklistStates; mapping(address => mapping(address => uint256)) internal allowed; uint256 internal totalSupply_ = 0; mapping(address => bool) internal minters; mapping(address => uint256) internal minterAllowed; event Mint(address indexed minter, address indexed to, uint256 amount); event Burn(address indexed burner, uint256 amount); event MinterConfigured(address indexed minter, uint256 minterAllowedAmount); event MinterRemoved(address indexed oldMinter); event MasterMinterChanged(address indexed newMasterMinter); /** * @notice Initializes the fiat token contract. * @param tokenName The name of the fiat token. * @param tokenSymbol The symbol of the fiat token. * @param tokenCurrency The fiat currency that the token represents. * @param tokenDecimals The number of decimals that the token uses. * @param newMasterMinter The masterMinter address for the fiat token. * @param newPauser The pauser address for the fiat token. * @param newBlacklister The blacklister address for the fiat token. * @param newOwner The owner of the fiat token. */ function initialize( string memory tokenName, string memory tokenSymbol, string memory tokenCurrency, uint8 tokenDecimals, address newMasterMinter, address newPauser, address newBlacklister, address newOwner ) public { require(!initialized, "FiatToken: contract is already initialized"); require( newMasterMinter != address(0), "FiatToken: new masterMinter is the zero address" ); require( newPauser != address(0), "FiatToken: new pauser is the zero address" ); require( newBlacklister != address(0), "FiatToken: new blacklister is the zero address" ); require( newOwner != address(0), "FiatToken: new owner is the zero address" ); name = tokenName; symbol = tokenSymbol; currency = tokenCurrency; decimals = tokenDecimals; masterMinter = newMasterMinter; pauser = newPauser; blacklister = newBlacklister; setOwner(newOwner); initialized = true; } /** * @dev Throws if called by any account other than a minter. */ modifier onlyMinters() { require(minters[msg.sender], "FiatToken: caller is not a minter"); _; } /** * @notice Mints fiat tokens to an address. * @param _to The address that will receive the minted tokens. * @param _amount The amount of tokens to mint. Must be less than or equal * to the minterAllowance of the caller. * @return True if the operation was successful. */ function mint(address _to, uint256 _amount) external whenNotPaused onlyMinters notBlacklisted(msg.sender) notBlacklisted(_to) returns (bool) { require(_to != address(0), "FiatToken: mint to the zero address"); require(_amount > 0, "FiatToken: mint amount not greater than 0"); uint256 mintingAllowedAmount = minterAllowed[msg.sender]; require( _amount <= mintingAllowedAmount, "FiatToken: mint amount exceeds minterAllowance" ); totalSupply_ = totalSupply_.add(_amount); _setBalance(_to, _balanceOf(_to).add(_amount)); minterAllowed[msg.sender] = mintingAllowedAmount.sub(_amount); emit Mint(msg.sender, _to, _amount); emit Transfer(address(0), _to, _amount); return true; } /** * @dev Throws if called by any account other than the masterMinter */ modifier onlyMasterMinter() { require( msg.sender == masterMinter, "FiatToken: caller is not the masterMinter" ); _; } /** * @notice Gets the minter allowance for an account. * @param minter The address to check. * @return The remaining minter allowance for the account. */ function minterAllowance(address minter) external view returns (uint256) { return minterAllowed[minter]; } /** * @notice Checks if an account is a minter. * @param account The address to check. * @return True if the account is a minter, false if the account is not a minter. */ function isMinter(address account) external view returns (bool) { return minters[account]; } /** * @notice Gets the remaining amount of fiat tokens a spender is allowed to transfer on * behalf of the token owner. * @param owner The token owner's address. * @param spender The spender's address. * @return The remaining allowance. */ function allowance(address owner, address spender) external override view returns (uint256) { return allowed[owner][spender]; } /** * @notice Gets the totalSupply of the fiat token. * @return The totalSupply of the fiat token. */ function totalSupply() external override view returns (uint256) { return totalSupply_; } /** * @notice Gets the fiat token balance of an account. * @param account The address to check. * @return balance The fiat token balance of the account. */ function balanceOf(address account) external override view returns (uint256) { return _balanceOf(account); } /** * @notice Sets a fiat token allowance for a spender to spend on behalf of the caller. * @param spender The spender's address. * @param value The allowance amount. * @return True if the operation was successful. */ function approve(address spender, uint256 value) external virtual override whenNotPaused notBlacklisted(msg.sender) notBlacklisted(spender) returns (bool) { _approve(msg.sender, spender, value); return true; } /** * @dev Internal function to set allowance. * @param owner Token owner's address. * @param spender Spender's address. * @param value Allowance amount. */ function _approve( address owner, address spender, uint256 value ) internal override { require(owner != address(0), "ERC20: approve from the zero address"); require(spender != address(0), "ERC20: approve to the zero address"); allowed[owner][spender] = value; emit Approval(owner, spender, value); } /** * @notice Transfers tokens from an address to another by spending the caller's allowance. * @dev The caller must have some fiat token allowance on the payer's tokens. * @param from Payer's address. * @param to Payee's address. * @param value Transfer amount. * @return True if the operation was successful. */ function transferFrom( address from, address to, uint256 value ) external override whenNotPaused notBlacklisted(msg.sender) notBlacklisted(from) notBlacklisted(to) returns (bool) { require( value <= allowed[from][msg.sender], "ERC20: transfer amount exceeds allowance" ); _transfer(from, to, value); allowed[from][msg.sender] = allowed[from][msg.sender].sub(value); return true; } /** * @notice Transfers tokens from the caller. * @param to Payee's address. * @param value Transfer amount. * @return True if the operation was successful. */ function transfer(address to, uint256 value) external override whenNotPaused notBlacklisted(msg.sender) notBlacklisted(to) returns (bool) { _transfer(msg.sender, to, value); return true; } /** * @dev Internal function to process transfers. * @param from Payer's address. * @param to Payee's address. * @param value Transfer amount. */ function _transfer( address from, address to, uint256 value ) internal override { require(from != address(0), "ERC20: transfer from the zero address"); require(to != address(0), "ERC20: transfer to the zero address"); require( value <= _balanceOf(from), "ERC20: transfer amount exceeds balance" ); _setBalance(from, _balanceOf(from).sub(value)); _setBalance(to, _balanceOf(to).add(value)); emit Transfer(from, to, value); } /** * @notice Adds or updates a new minter with a mint allowance. * @param minter The address of the minter. * @param minterAllowedAmount The minting amount allowed for the minter. * @return True if the operation was successful. */ function configureMinter(address minter, uint256 minterAllowedAmount) external whenNotPaused onlyMasterMinter returns (bool) { minters[minter] = true; minterAllowed[minter] = minterAllowedAmount; emit MinterConfigured(minter, minterAllowedAmount); return true; } /** * @notice Removes a minter. * @param minter The address of the minter to remove. * @return True if the operation was successful. */ function removeMinter(address minter) external onlyMasterMinter returns (bool) { minters[minter] = false; minterAllowed[minter] = 0; emit MinterRemoved(minter); return true; } /** * @notice Allows a minter to burn some of its own tokens. * @dev The caller must be a minter, must not be blacklisted, and the amount to burn * should be less than or equal to the account's balance. * @param _amount the amount of tokens to be burned. */ function burn(uint256 _amount) external whenNotPaused onlyMinters notBlacklisted(msg.sender) { uint256 balance = _balanceOf(msg.sender); require(_amount > 0, "FiatToken: burn amount not greater than 0"); require(balance >= _amount, "FiatToken: burn amount exceeds balance"); totalSupply_ = totalSupply_.sub(_amount); _setBalance(msg.sender, balance.sub(_amount)); emit Burn(msg.sender, _amount); emit Transfer(msg.sender, address(0), _amount); } /** * @notice Updates the master minter address. * @param _newMasterMinter The address of the new master minter. */ function updateMasterMinter(address _newMasterMinter) external onlyOwner { require( _newMasterMinter != address(0), "FiatToken: new masterMinter is the zero address" ); masterMinter = _newMasterMinter; emit MasterMinterChanged(masterMinter); } /** * @inheritdoc Blacklistable */ function _blacklist(address _account) internal override { _setBlacklistState(_account, true); } /** * @inheritdoc Blacklistable */ function _unBlacklist(address _account) internal override { _setBlacklistState(_account, false); } /** * @dev Helper method that sets the blacklist state of an account. * @param _account The address of the account. * @param _shouldBlacklist True if the account should be blacklisted, false if the account should be unblacklisted. */ function _setBlacklistState(address _account, bool _shouldBlacklist) internal virtual { _deprecatedBlacklisted[_account] = _shouldBlacklist; } /** * @dev Helper method that sets the balance of an account. * @param _account The address of the account. * @param _balance The new fiat token balance of the account. */ function _setBalance(address _account, uint256 _balance) internal virtual { balanceAndBlacklistStates[_account] = _balance; } /** * @inheritdoc Blacklistable */ function _isBlacklisted(address _account) internal virtual override view returns (bool) { return _deprecatedBlacklisted[_account]; } /** * @dev Helper method to obtain the balance of an account. * @param _account The address of the account. * @return The fiat token balance of the account. */ function _balanceOf(address _account) internal virtual view returns (uint256) { return balanceAndBlacklistStates[_account]; } } /** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; import { Ownable } from "./Ownable.sol"; /** * @title Blacklistable Token * @dev Allows accounts to be blacklisted by a "blacklister" role */ abstract contract Blacklistable is Ownable { address public blacklister; mapping(address => bool) internal _deprecatedBlacklisted; event Blacklisted(address indexed _account); event UnBlacklisted(address indexed _account); event BlacklisterChanged(address indexed newBlacklister); /** * @dev Throws if called by any account other than the blacklister. */ modifier onlyBlacklister() { require( msg.sender == blacklister, "Blacklistable: caller is not the blacklister" ); _; } /** * @dev Throws if argument account is blacklisted. * @param _account The address to check. */ modifier notBlacklisted(address _account) { require( !_isBlacklisted(_account), "Blacklistable: account is blacklisted" ); _; } /** * @notice Checks if account is blacklisted. * @param _account The address to check. * @return True if the account is blacklisted, false if the account is not blacklisted. */ function isBlacklisted(address _account) external view returns (bool) { return _isBlacklisted(_account); } /** * @notice Adds account to blacklist. * @param _account The address to blacklist. */ function blacklist(address _account) external onlyBlacklister { _blacklist(_account); emit Blacklisted(_account); } /** * @notice Removes account from blacklist. * @param _account The address to remove from the blacklist. */ function unBlacklist(address _account) external onlyBlacklister { _unBlacklist(_account); emit UnBlacklisted(_account); } /** * @notice Updates the blacklister address. * @param _newBlacklister The address of the new blacklister. */ function updateBlacklister(address _newBlacklister) external onlyOwner { require( _newBlacklister != address(0), "Blacklistable: new blacklister is the zero address" ); blacklister = _newBlacklister; emit BlacklisterChanged(blacklister); } /** * @dev Checks if account is blacklisted. * @param _account The address to check. * @return true if the account is blacklisted, false otherwise. */ function _isBlacklisted(address _account) internal virtual view returns (bool); /** * @dev Helper method that blacklists an account. * @param _account The address to blacklist. */ function _blacklist(address _account) internal virtual; /** * @dev Helper method that unblacklists an account. * @param _account The address to unblacklist. */ function _unBlacklist(address _account) internal virtual; } /** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol"; abstract contract AbstractFiatTokenV1 is IERC20 { function _approve( address owner, address spender, uint256 value ) internal virtual; function _transfer( address from, address to, uint256 value ) internal virtual; } /** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; import { Ownable } from "../v1/Ownable.sol"; import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol"; import { SafeERC20 } from "@openzeppelin/contracts/token/ERC20/SafeERC20.sol"; contract Rescuable is Ownable { using SafeERC20 for IERC20; address private _rescuer; event RescuerChanged(address indexed newRescuer); /** * @notice Returns current rescuer * @return Rescuer's address */ function rescuer() external view returns (address) { return _rescuer; } /** * @notice Revert if called by any account other than the rescuer. */ modifier onlyRescuer() { require(msg.sender == _rescuer, "Rescuable: caller is not the rescuer"); _; } /** * @notice Rescue ERC20 tokens locked up in this contract. * @param tokenContract ERC20 token contract address * @param to Recipient address * @param amount Amount to withdraw */ function rescueERC20( IERC20 tokenContract, address to, uint256 amount ) external onlyRescuer { tokenContract.safeTransfer(to, amount); } /** * @notice Updates the rescuer address. * @param newRescuer The address of the new rescuer. */ function updateRescuer(address newRescuer) external onlyOwner { require( newRescuer != address(0), "Rescuable: new rescuer is the zero address" ); _rescuer = newRescuer; emit RescuerChanged(newRescuer); } } /** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; import { FiatTokenV1 } from "../v1/FiatTokenV1.sol"; import { Rescuable } from "./Rescuable.sol"; /** * @title FiatTokenV1_1 * @dev ERC20 Token backed by fiat reserves */ contract FiatTokenV1_1 is FiatTokenV1, Rescuable { } /** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; import { ECRecover } from "./ECRecover.sol"; import { IERC1271 } from "../interface/IERC1271.sol"; /** * @dev Signature verification helper that can be used instead of `ECRecover.recover` to seamlessly support both ECDSA * signatures from externally owned accounts (EOAs) as well as ERC1271 signatures from smart contract wallets. * * Adapted from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/21bb89ef5bfc789b9333eb05e3ba2b7b284ac77c/contracts/utils/cryptography/SignatureChecker.sol */ library SignatureChecker { /** * @dev Checks if a signature is valid for a given signer and data hash. If the signer is a smart contract, the * signature is validated against that smart contract using ERC1271, otherwise it's validated using `ECRecover.recover`. * @param signer Address of the claimed signer * @param digest Keccak-256 hash digest of the signed message * @param signature Signature byte array associated with hash */ function isValidSignatureNow( address signer, bytes32 digest, bytes memory signature ) external view returns (bool) { if (!isContract(signer)) { return ECRecover.recover(digest, signature) == signer; } return isValidERC1271SignatureNow(signer, digest, signature); } /** * @dev Checks if a signature is valid for a given signer and data hash. The signature is validated * against the signer smart contract using ERC1271. * @param signer Address of the claimed signer * @param digest Keccak-256 hash digest of the signed message * @param signature Signature byte array associated with hash * * NOTE: Unlike ECDSA signatures, contract signatures are revocable, and the outcome of this function can thus * change through time. It could return true at block N and false at block N+1 (or the opposite). */ function isValidERC1271SignatureNow( address signer, bytes32 digest, bytes memory signature ) internal view returns (bool) { (bool success, bytes memory result) = signer.staticcall( abi.encodeWithSelector( IERC1271.isValidSignature.selector, digest, signature ) ); return (success && result.length >= 32 && abi.decode(result, (bytes32)) == bytes32(IERC1271.isValidSignature.selector)); } /** * @dev Checks if the input address is a smart contract. */ function isContract(address addr) internal view returns (bool) { uint256 size; assembly { size := extcodesize(addr) } return size > 0; } } /** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; /** * @dev Signature message hash utilities for producing digests to be consumed by {ECDSA} recovery or signing. * * The library provides methods for generating a hash of a message that conforms to the * https://eips.ethereum.org/EIPS/eip-191[EIP 191] and https://eips.ethereum.org/EIPS/eip-712[EIP 712] * specifications. */ library MessageHashUtils { /** * @dev Returns the keccak256 digest of an EIP-712 typed data (EIP-191 version `0x01`). * Adapted from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/21bb89ef5bfc789b9333eb05e3ba2b7b284ac77c/contracts/utils/cryptography/MessageHashUtils.sol * * The digest is calculated from a `domainSeparator` and a `structHash`, by prefixing them with * `\\x19\\x01` and hashing the result. It corresponds to the hash signed by the * https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`] JSON-RPC method as part of EIP-712. * * @param domainSeparator Domain separator * @param structHash Hashed EIP-712 data struct * @return digest The keccak256 digest of an EIP-712 typed data */ function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 digest) { assembly { let ptr := mload(0x40) mstore(ptr, "\\x19\\x01") mstore(add(ptr, 0x02), domainSeparator) mstore(add(ptr, 0x22), structHash) digest := keccak256(ptr, 0x42) } } } /** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; /** * @title EIP712 * @notice A library that provides EIP712 helper functions */ library EIP712 { /** * @notice Make EIP712 domain separator * @param name Contract name * @param version Contract version * @param chainId Blockchain ID * @return Domain separator */ function makeDomainSeparator( string memory name, string memory version, uint256 chainId ) internal view returns (bytes32) { return keccak256( abi.encode( // keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)") 0x8b73c3c69bb8fe3d512ecc4cf759cc79239f7b179b0ffacaa9a75d522b39400f, keccak256(bytes(name)), keccak256(bytes(version)), chainId, address(this) ) ); } /** * @notice Make EIP712 domain separator * @param name Contract name * @param version Contract version * @return Domain separator */ function makeDomainSeparator(string memory name, string memory version) internal view returns (bytes32) { uint256 chainId; assembly { chainId := chainid() } return makeDomainSeparator(name, version, chainId); } } /** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; /** * @title ECRecover * @notice A library that provides a safe ECDSA recovery function */ library ECRecover { /** * @notice Recover signer's address from a signed message * @dev Adapted from: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/65e4ffde586ec89af3b7e9140bdc9235d1254853/contracts/cryptography/ECDSA.sol * Modifications: Accept v, r, and s as separate arguments * @param digest Keccak-256 hash digest of the signed message * @param v v of the signature * @param r r of the signature * @param s s of the signature * @return Signer address */ function recover( bytes32 digest, uint8 v, bytes32 r, bytes32 s ) internal pure returns (address) { // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines // the valid range for s in (281): 0 < s < secp256k1n ÷ 2 + 1, and for v in (282): v ∈ {27, 28}. Most // signatures from current libraries generate a unique signature with an s-value in the lower half order. // // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept // these malleable signatures as well. if ( uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0 ) { revert("ECRecover: invalid signature 's' value"); } if (v != 27 && v != 28) { revert("ECRecover: invalid signature 'v' value"); } // If the signature is valid (and not malleable), return the signer address address signer = ecrecover(digest, v, r, s); require(signer != address(0), "ECRecover: invalid signature"); return signer; } /** * @notice Recover signer's address from a signed message * @dev Adapted from: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/0053ee040a7ff1dbc39691c9e67a69f564930a88/contracts/utils/cryptography/ECDSA.sol * @param digest Keccak-256 hash digest of the signed message * @param signature Signature byte array associated with hash * @return Signer address */ function recover(bytes32 digest, bytes memory signature) internal pure returns (address) { require(signature.length == 65, "ECRecover: invalid signature length"); bytes32 r; bytes32 s; uint8 v; // ecrecover takes the signature parameters, and the only way to get them // currently is to use assembly. /// @solidity memory-safe-assembly assembly { r := mload(add(signature, 0x20)) s := mload(add(signature, 0x40)) v := byte(0, mload(add(signature, 0x60))) } return recover(digest, v, r, s); } } /** * SPDX-License-Identifier: Apache-2.0 * * Copyright (c) 2023, Circle Internet Financial, LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity 0.6.12; /** * @dev Interface of the ERC1271 standard signature validation method for * contracts as defined in https://eips.ethereum.org/EIPS/eip-1271[ERC-1271]. */ interface IERC1271 { /** * @dev Should return whether the signature provided is valid for the provided data * @param hash Hash of the data to be signed * @param signature Signature byte array associated with the provided data hash * @return magicValue bytes4 magic value 0x1626ba7e when function passes */ function isValidSignature(bytes32 hash, bytes memory signature) external view returns (bytes4 magicValue); }