Network
All
MEGA Testnet
Solana
Movement
Aptos
Base
Arbitrum One
Zora
Celo
Scroll
Ethereum
Scroll Sepolia
Xai
World Chain
Rari
Forma
Mode
Palm Testnet
Palm
Celestia
coming soon
Eclipse
coming soon
Metal L2
coming soon
Xai Testnet
coming soon
Astria Devnet
coming soon
LUKSO
coming soon
Arbitrum Nova
coming soon
Astria
coming soon
Polygon ZKEVM
coming soon
Optimism
coming soon
zkSync Era
coming soon
Binance Smart Chain
coming soon
Polygon
coming soon
Scroll Goerli
coming soon
Mantle
coming soon
账户
0xaf...f6c1
0xAf...F6c1
$500
此合同的源代码已经过验证!
合同元数据
编译器
0.8.9+commit.e5eed63a
语言
Solidity
合同源代码
文件 1 的 19:AccessControl.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (access/AccessControl.sol)
pragma solidity ^0.8.0;
import "./IAccessControl.sol";
import "../utils/Context.sol";
import "../utils/Strings.sol";
import "../utils/introspection/ERC165.sol";
/**
* @dev Contract module that allows children to implement role-based access
* control mechanisms. This is a lightweight version that doesn't allow enumerating role
* members except through off-chain means by accessing the contract event logs. Some
* applications may benefit from on-chain enumerability, for those cases see
* {AccessControlEnumerable}.
*
* Roles are referred to by their `bytes32` identifier. These should be exposed
* in the external API and be unique. The best way to achieve this is by
* using `public constant` hash digests:
*
* ```solidity
* bytes32 public constant MY_ROLE = keccak256("MY_ROLE");
* ```
*
* Roles can be used to represent a set of permissions. To restrict access to a
* function call, use {hasRole}:
*
* ```solidity
* function foo() public {
* require(hasRole(MY_ROLE, msg.sender));
* ...
* }
* ```
*
* Roles can be granted and revoked dynamically via the {grantRole} and
* {revokeRole} functions. Each role has an associated admin role, and only
* accounts that have a role's admin role can call {grantRole} and {revokeRole}.
*
* By default, the admin role for all roles is `DEFAULT_ADMIN_ROLE`, which means
* that only accounts with this role will be able to grant or revoke other
* roles. More complex role relationships can be created by using
* {_setRoleAdmin}.
*
* WARNING: The `DEFAULT_ADMIN_ROLE` is also its own admin: it has permission to
* grant and revoke this role. Extra precautions should be taken to secure
* accounts that have been granted it. We recommend using {AccessControlDefaultAdminRules}
* to enforce additional security measures for this role.
*/
abstract contract AccessControl is Context, IAccessControl, ERC165 {
struct RoleData {
mapping(address => bool) members;
bytes32 adminRole;
}
mapping(bytes32 => RoleData) private _roles;
bytes32 public constant DEFAULT_ADMIN_ROLE = 0x00;
/**
* @dev Modifier that checks that an account has a specific role. Reverts
* with a standardized message including the required role.
*
* The format of the revert reason is given by the following regular expression:
*
* /^AccessControl: account (0x[0-9a-f]{40}) is missing role (0x[0-9a-f]{64})$/
*
* _Available since v4.1._
*/
modifier onlyRole(bytes32 role) {
_checkRole(role);
_;
}
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return interfaceId == type(IAccessControl).interfaceId || super.supportsInterface(interfaceId);
}
/**
* @dev Returns `true` if `account` has been granted `role`.
*/
function hasRole(bytes32 role, address account) public view virtual override returns (bool) {
return _roles[role].members[account];
}
/**
* @dev Revert with a standard message if `_msgSender()` is missing `role`.
* Overriding this function changes the behavior of the {onlyRole} modifier.
*
* Format of the revert message is described in {_checkRole}.
*
* _Available since v4.6._
*/
function _checkRole(bytes32 role) internal view virtual {
_checkRole(role, _msgSender());
}
/**
* @dev Revert with a standard message if `account` is missing `role`.
*
* The format of the revert reason is given by the following regular expression:
*
* /^AccessControl: account (0x[0-9a-f]{40}) is missing role (0x[0-9a-f]{64})$/
*/
function _checkRole(bytes32 role, address account) internal view virtual {
if (!hasRole(role, account)) {
revert(
string(
abi.encodePacked(
"AccessControl: account ",
Strings.toHexString(account),
" is missing role ",
Strings.toHexString(uint256(role), 32)
)
)
);
}
}
/**
* @dev Returns the admin role that controls `role`. See {grantRole} and
* {revokeRole}.
*
* To change a role's admin, use {_setRoleAdmin}.
*/
function getRoleAdmin(bytes32 role) public view virtual override returns (bytes32) {
return _roles[role].adminRole;
}
/**
* @dev Grants `role` to `account`.
*
* If `account` had not been already granted `role`, emits a {RoleGranted}
* event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*
* May emit a {RoleGranted} event.
*/
function grantRole(bytes32 role, address account) public virtual override onlyRole(getRoleAdmin(role)) {
_grantRole(role, account);
}
/**
* @dev Revokes `role` from `account`.
*
* If `account` had been granted `role`, emits a {RoleRevoked} event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*
* May emit a {RoleRevoked} event.
*/
function revokeRole(bytes32 role, address account) public virtual override onlyRole(getRoleAdmin(role)) {
_revokeRole(role, account);
}
/**
* @dev Revokes `role` from the calling account.
*
* Roles are often managed via {grantRole} and {revokeRole}: this function's
* purpose is to provide a mechanism for accounts to lose their privileges
* if they are compromised (such as when a trusted device is misplaced).
*
* If the calling account had been revoked `role`, emits a {RoleRevoked}
* event.
*
* Requirements:
*
* - the caller must be `account`.
*
* May emit a {RoleRevoked} event.
*/
function renounceRole(bytes32 role, address account) public virtual override {
require(account == _msgSender(), "AccessControl: can only renounce roles for self");
_revokeRole(role, account);
}
/**
* @dev Grants `role` to `account`.
*
* If `account` had not been already granted `role`, emits a {RoleGranted}
* event. Note that unlike {grantRole}, this function doesn't perform any
* checks on the calling account.
*
* May emit a {RoleGranted} event.
*
* [WARNING]
* ====
* This function should only be called from the constructor when setting
* up the initial roles for the system.
*
* Using this function in any other way is effectively circumventing the admin
* system imposed by {AccessControl}.
* ====
*
* NOTE: This function is deprecated in favor of {_grantRole}.
*/
function _setupRole(bytes32 role, address account) internal virtual {
_grantRole(role, account);
}
/**
* @dev Sets `adminRole` as ``role``'s admin role.
*
* Emits a {RoleAdminChanged} event.
*/
function _setRoleAdmin(bytes32 role, bytes32 adminRole) internal virtual {
bytes32 previousAdminRole = getRoleAdmin(role);
_roles[role].adminRole = adminRole;
emit RoleAdminChanged(role, previousAdminRole, adminRole);
}
/**
* @dev Grants `role` to `account`.
*
* Internal function without access restriction.
*
* May emit a {RoleGranted} event.
*/
function _grantRole(bytes32 role, address account) internal virtual {
if (!hasRole(role, account)) {
_roles[role].members[account] = true;
emit RoleGranted(role, account, _msgSender());
}
}
/**
* @dev Revokes `role` from `account`.
*
* Internal function without access restriction.
*
* May emit a {RoleRevoked} event.
*/
function _revokeRole(bytes32 role, address account) internal virtual {
if (hasRole(role, account)) {
_roles[role].members[account] = false;
emit RoleRevoked(role, account, _msgSender());
}
}
}
合同源代码
文件 2 的 19:AccessControlEnumerable.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (access/AccessControlEnumerable.sol)
pragma solidity ^0.8.0;
import "./IAccessControlEnumerable.sol";
import "./AccessControl.sol";
import "../utils/structs/EnumerableSet.sol";
/**
* @dev Extension of {AccessControl} that allows enumerating the members of each role.
*/
abstract contract AccessControlEnumerable is IAccessControlEnumerable, AccessControl {
using EnumerableSet for EnumerableSet.AddressSet;
mapping(bytes32 => EnumerableSet.AddressSet) private _roleMembers;
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return interfaceId == type(IAccessControlEnumerable).interfaceId || super.supportsInterface(interfaceId);
}
/**
* @dev Returns one of the accounts that have `role`. `index` must be a
* value between 0 and {getRoleMemberCount}, non-inclusive.
*
* Role bearers are not sorted in any particular way, and their ordering may
* change at any point.
*
* WARNING: When using {getRoleMember} and {getRoleMemberCount}, make sure
* you perform all queries on the same block. See the following
* https://forum.openzeppelin.com/t/iterating-over-elements-on-enumerableset-in-openzeppelin-contracts/2296[forum post]
* for more information.
*/
function getRoleMember(bytes32 role, uint256 index) public view virtual override returns (address) {
return _roleMembers[role].at(index);
}
/**
* @dev Returns the number of accounts that have `role`. Can be used
* together with {getRoleMember} to enumerate all bearers of a role.
*/
function getRoleMemberCount(bytes32 role) public view virtual override returns (uint256) {
return _roleMembers[role].length();
}
/**
* @dev Overload {_grantRole} to track enumerable memberships
*/
function _grantRole(bytes32 role, address account) internal virtual override {
super._grantRole(role, account);
_roleMembers[role].add(account);
}
/**
* @dev Overload {_revokeRole} to track enumerable memberships
*/
function _revokeRole(bytes32 role, address account) internal virtual override {
super._revokeRole(role, account);
_roleMembers[role].remove(account);
}
}
合同源代码
文件 3 的 19:Address.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)
pragma solidity ^0.8.1;
/**
* @dev Collection of functions related to the address type
*/
library Address {
/**
* @dev Returns true if `account` is a contract.
*
* [IMPORTANT]
* ====
* It is unsafe to assume that an address for which this function returns
* false is an externally-owned account (EOA) and not a contract.
*
* Among others, `isContract` will return false for the following
* types of addresses:
*
* - an externally-owned account
* - a contract in construction
* - an address where a contract will be created
* - an address where a contract lived, but was destroyed
*
* Furthermore, `isContract` will also return true if the target contract within
* the same transaction is already scheduled for destruction by `SELFDESTRUCT`,
* which only has an effect at the end of a transaction.
* ====
*
* [IMPORTANT]
* ====
* You shouldn't rely on `isContract` to protect against flash loan attacks!
*
* Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
* like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
* constructor.
* ====
*/
function isContract(address account) internal view returns (bool) {
// This method relies on extcodesize/address.code.length, which returns 0
// for contracts in construction, since the code is only stored at the end
// of the constructor execution.
return account.code.length > 0;
}
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
require(address(this).balance >= amount, "Address: insufficient balance");
(bool success, ) = recipient.call{value: amount}("");
require(success, "Address: unable to send value, recipient may have reverted");
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason, it is bubbled up by this
* function (like regular Solidity function calls).
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*
* _Available since v3.1._
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, "Address: low-level call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
* `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*
* _Available since v3.1._
*/
function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
}
/**
* @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
* with `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value,
string memory errorMessage
) internal returns (bytes memory) {
require(address(this).balance >= value, "Address: insufficient balance for call");
(bool success, bytes memory returndata) = target.call{value: value}(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
return functionStaticCall(target, data, "Address: low-level static call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(
address target,
bytes memory data,
string memory errorMessage
) internal view returns (bytes memory) {
(bool success, bytes memory returndata) = target.staticcall(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
return functionDelegateCall(target, data, "Address: low-level delegate call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
(bool success, bytes memory returndata) = target.delegatecall(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling
* the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.
*
* _Available since v4.8._
*/
function verifyCallResultFromTarget(
address target,
bool success,
bytes memory returndata,
string memory errorMessage
) internal view returns (bytes memory) {
if (success) {
if (returndata.length == 0) {
// only check isContract if the call was successful and the return data is empty
// otherwise we already know that it was a contract
require(isContract(target), "Address: call to non-contract");
}
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
/**
* @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the
* revert reason or using the provided one.
*
* _Available since v4.3._
*/
function verifyCallResult(
bool success,
bytes memory returndata,
string memory errorMessage
) internal pure returns (bytes memory) {
if (success) {
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
function _revert(bytes memory returndata, string memory errorMessage) private pure {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly
/// @solidity memory-safe-assembly
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert(errorMessage);
}
}
}
合同源代码
文件 4 的 19:Context.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)
pragma solidity ^0.8.0;
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract Context {
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
}
合同源代码
文件 5 的 19:ECDSA.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/ECDSA.sol)
pragma solidity ^0.8.0;
import "../Strings.sol";
/**
* @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.
*
* These functions can be used to verify that a message was signed by the holder
* of the private keys of a given address.
*/
library ECDSA {
enum RecoverError {
NoError,
InvalidSignature,
InvalidSignatureLength,
InvalidSignatureS,
InvalidSignatureV // Deprecated in v4.8
}
function _throwError(RecoverError error) private pure {
if (error == RecoverError.NoError) {
return; // no error: do nothing
} else if (error == RecoverError.InvalidSignature) {
revert("ECDSA: invalid signature");
} else if (error == RecoverError.InvalidSignatureLength) {
revert("ECDSA: invalid signature length");
} else if (error == RecoverError.InvalidSignatureS) {
revert("ECDSA: invalid signature 's' value");
}
}
/**
* @dev Returns the address that signed a hashed message (`hash`) with
* `signature` or error string. This address can then be used for verification purposes.
*
* The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:
* this function rejects them by requiring the `s` value to be in the lower
* half order, and the `v` value to be either 27 or 28.
*
* IMPORTANT: `hash` _must_ be the result of a hash operation for the
* verification to be secure: it is possible to craft signatures that
* recover to arbitrary addresses for non-hashed data. A safe way to ensure
* this is by receiving a hash of the original message (which may otherwise
* be too long), and then calling {toEthSignedMessageHash} on it.
*
* Documentation for signature generation:
* - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]
* - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]
*
* _Available since v4.3._
*/
function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError) {
if (signature.length == 65) {
bytes32 r;
bytes32 s;
uint8 v;
// ecrecover takes the signature parameters, and the only way to get them
// currently is to use assembly.
/// @solidity memory-safe-assembly
assembly {
r := mload(add(signature, 0x20))
s := mload(add(signature, 0x40))
v := byte(0, mload(add(signature, 0x60)))
}
return tryRecover(hash, v, r, s);
} else {
return (address(0), RecoverError.InvalidSignatureLength);
}
}
/**
* @dev Returns the address that signed a hashed message (`hash`) with
* `signature`. This address can then be used for verification purposes.
*
* The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:
* this function rejects them by requiring the `s` value to be in the lower
* half order, and the `v` value to be either 27 or 28.
*
* IMPORTANT: `hash` _must_ be the result of a hash operation for the
* verification to be secure: it is possible to craft signatures that
* recover to arbitrary addresses for non-hashed data. A safe way to ensure
* this is by receiving a hash of the original message (which may otherwise
* be too long), and then calling {toEthSignedMessageHash} on it.
*/
function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {
(address recovered, RecoverError error) = tryRecover(hash, signature);
_throwError(error);
return recovered;
}
/**
* @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.
*
* See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures]
*
* _Available since v4.3._
*/
function tryRecover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address, RecoverError) {
bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);
uint8 v = uint8((uint256(vs) >> 255) + 27);
return tryRecover(hash, v, r, s);
}
/**
* @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.
*
* _Available since v4.2._
*/
function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {
(address recovered, RecoverError error) = tryRecover(hash, r, vs);
_throwError(error);
return recovered;
}
/**
* @dev Overload of {ECDSA-tryRecover} that receives the `v`,
* `r` and `s` signature fields separately.
*
* _Available since v4.3._
*/
function tryRecover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address, RecoverError) {
// EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature
// unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
// the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most
// signatures from current libraries generate a unique signature with an s-value in the lower half order.
//
// If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value
// with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or
// vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept
// these malleable signatures as well.
if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
return (address(0), RecoverError.InvalidSignatureS);
}
// If the signature is valid (and not malleable), return the signer address
address signer = ecrecover(hash, v, r, s);
if (signer == address(0)) {
return (address(0), RecoverError.InvalidSignature);
}
return (signer, RecoverError.NoError);
}
/**
* @dev Overload of {ECDSA-recover} that receives the `v`,
* `r` and `s` signature fields separately.
*/
function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {
(address recovered, RecoverError error) = tryRecover(hash, v, r, s);
_throwError(error);
return recovered;
}
/**
* @dev Returns an Ethereum Signed Message, created from a `hash`. This
* produces hash corresponding to the one signed with the
* https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]
* JSON-RPC method as part of EIP-191.
*
* See {recover}.
*/
function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32 message) {
// 32 is the length in bytes of hash,
// enforced by the type signature above
/// @solidity memory-safe-assembly
assembly {
mstore(0x00, "\x19Ethereum Signed Message:\n32")
mstore(0x1c, hash)
message := keccak256(0x00, 0x3c)
}
}
/**
* @dev Returns an Ethereum Signed Message, created from `s`. This
* produces hash corresponding to the one signed with the
* https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]
* JSON-RPC method as part of EIP-191.
*
* See {recover}.
*/
function toEthSignedMessageHash(bytes memory s) internal pure returns (bytes32) {
return keccak256(abi.encodePacked("\x19Ethereum Signed Message:\n", Strings.toString(s.length), s));
}
/**
* @dev Returns an Ethereum Signed Typed Data, created from a
* `domainSeparator` and a `structHash`. This produces hash corresponding
* to the one signed with the
* https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`]
* JSON-RPC method as part of EIP-712.
*
* See {recover}.
*/
function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 data) {
/// @solidity memory-safe-assembly
assembly {
let ptr := mload(0x40)
mstore(ptr, "\x19\x01")
mstore(add(ptr, 0x02), domainSeparator)
mstore(add(ptr, 0x22), structHash)
data := keccak256(ptr, 0x42)
}
}
/**
* @dev Returns an Ethereum Signed Data with intended validator, created from a
* `validator` and `data` according to the version 0 of EIP-191.
*
* See {recover}.
*/
function toDataWithIntendedValidatorHash(address validator, bytes memory data) internal pure returns (bytes32) {
return keccak256(abi.encodePacked("\x19\x00", validator, data));
}
}
合同源代码
文件 6 的 19:ERC165.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/introspection/ERC165.sol)
pragma solidity ^0.8.0;
import "./IERC165.sol";
/**
* @dev Implementation of the {IERC165} interface.
*
* Contracts that want to implement ERC165 should inherit from this contract and override {supportsInterface} to check
* for the additional interface id that will be supported. For example:
*
* ```solidity
* function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
* return interfaceId == type(MyInterface).interfaceId || super.supportsInterface(interfaceId);
* }
* ```
*
* Alternatively, {ERC165Storage} provides an easier to use but more expensive implementation.
*/
abstract contract ERC165 is IERC165 {
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return interfaceId == type(IERC165).interfaceId;
}
}
合同源代码
文件 7 的 19:EnumerableSet.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/structs/EnumerableSet.sol)
// This file was procedurally generated from scripts/generate/templates/EnumerableSet.js.
pragma solidity ^0.8.0;
/**
* @dev Library for managing
* https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive
* types.
*
* Sets have the following properties:
*
* - Elements are added, removed, and checked for existence in constant time
* (O(1)).
* - Elements are enumerated in O(n). No guarantees are made on the ordering.
*
* ```solidity
* contract Example {
* // Add the library methods
* using EnumerableSet for EnumerableSet.AddressSet;
*
* // Declare a set state variable
* EnumerableSet.AddressSet private mySet;
* }
* ```
*
* As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`)
* and `uint256` (`UintSet`) are supported.
*
* [WARNING]
* ====
* Trying to delete such a structure from storage will likely result in data corruption, rendering the structure
* unusable.
* See https://github.com/ethereum/solidity/pull/11843[ethereum/solidity#11843] for more info.
*
* In order to clean an EnumerableSet, you can either remove all elements one by one or create a fresh instance using an
* array of EnumerableSet.
* ====
*/
library EnumerableSet {
// To implement this library for multiple types with as little code
// repetition as possible, we write it in terms of a generic Set type with
// bytes32 values.
// The Set implementation uses private functions, and user-facing
// implementations (such as AddressSet) are just wrappers around the
// underlying Set.
// This means that we can only create new EnumerableSets for types that fit
// in bytes32.
struct Set {
// Storage of set values
bytes32[] _values;
// Position of the value in the `values` array, plus 1 because index 0
// means a value is not in the set.
mapping(bytes32 => uint256) _indexes;
}
/**
* @dev Add a value to a set. O(1).
*
* Returns true if the value was added to the set, that is if it was not
* already present.
*/
function _add(Set storage set, bytes32 value) private returns (bool) {
if (!_contains(set, value)) {
set._values.push(value);
// The value is stored at length-1, but we add 1 to all indexes
// and use 0 as a sentinel value
set._indexes[value] = set._values.length;
return true;
} else {
return false;
}
}
/**
* @dev Removes a value from a set. O(1).
*
* Returns true if the value was removed from the set, that is if it was
* present.
*/
function _remove(Set storage set, bytes32 value) private returns (bool) {
// We read and store the value's index to prevent multiple reads from the same storage slot
uint256 valueIndex = set._indexes[value];
if (valueIndex != 0) {
// Equivalent to contains(set, value)
// To delete an element from the _values array in O(1), we swap the element to delete with the last one in
// the array, and then remove the last element (sometimes called as 'swap and pop').
// This modifies the order of the array, as noted in {at}.
uint256 toDeleteIndex = valueIndex - 1;
uint256 lastIndex = set._values.length - 1;
if (lastIndex != toDeleteIndex) {
bytes32 lastValue = set._values[lastIndex];
// Move the last value to the index where the value to delete is
set._values[toDeleteIndex] = lastValue;
// Update the index for the moved value
set._indexes[lastValue] = valueIndex; // Replace lastValue's index to valueIndex
}
// Delete the slot where the moved value was stored
set._values.pop();
// Delete the index for the deleted slot
delete set._indexes[value];
return true;
} else {
return false;
}
}
/**
* @dev Returns true if the value is in the set. O(1).
*/
function _contains(Set storage set, bytes32 value) private view returns (bool) {
return set._indexes[value] != 0;
}
/**
* @dev Returns the number of values on the set. O(1).
*/
function _length(Set storage set) private view returns (uint256) {
return set._values.length;
}
/**
* @dev Returns the value stored at position `index` in the set. O(1).
*
* Note that there are no guarantees on the ordering of values inside the
* array, and it may change when more values are added or removed.
*
* Requirements:
*
* - `index` must be strictly less than {length}.
*/
function _at(Set storage set, uint256 index) private view returns (bytes32) {
return set._values[index];
}
/**
* @dev Return the entire set in an array
*
* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
* this function has an unbounded cost, and using it as part of a state-changing function may render the function
* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
*/
function _values(Set storage set) private view returns (bytes32[] memory) {
return set._values;
}
// Bytes32Set
struct Bytes32Set {
Set _inner;
}
/**
* @dev Add a value to a set. O(1).
*
* Returns true if the value was added to the set, that is if it was not
* already present.
*/
function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {
return _add(set._inner, value);
}
/**
* @dev Removes a value from a set. O(1).
*
* Returns true if the value was removed from the set, that is if it was
* present.
*/
function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) {
return _remove(set._inner, value);
}
/**
* @dev Returns true if the value is in the set. O(1).
*/
function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) {
return _contains(set._inner, value);
}
/**
* @dev Returns the number of values in the set. O(1).
*/
function length(Bytes32Set storage set) internal view returns (uint256) {
return _length(set._inner);
}
/**
* @dev Returns the value stored at position `index` in the set. O(1).
*
* Note that there are no guarantees on the ordering of values inside the
* array, and it may change when more values are added or removed.
*
* Requirements:
*
* - `index` must be strictly less than {length}.
*/
function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) {
return _at(set._inner, index);
}
/**
* @dev Return the entire set in an array
*
* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
* this function has an unbounded cost, and using it as part of a state-changing function may render the function
* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
*/
function values(Bytes32Set storage set) internal view returns (bytes32[] memory) {
bytes32[] memory store = _values(set._inner);
bytes32[] memory result;
/// @solidity memory-safe-assembly
assembly {
result := store
}
return result;
}
// AddressSet
struct AddressSet {
Set _inner;
}
/**
* @dev Add a value to a set. O(1).
*
* Returns true if the value was added to the set, that is if it was not
* already present.
*/
function add(AddressSet storage set, address value) internal returns (bool) {
return _add(set._inner, bytes32(uint256(uint160(value))));
}
/**
* @dev Removes a value from a set. O(1).
*
* Returns true if the value was removed from the set, that is if it was
* present.
*/
function remove(AddressSet storage set, address value) internal returns (bool) {
return _remove(set._inner, bytes32(uint256(uint160(value))));
}
/**
* @dev Returns true if the value is in the set. O(1).
*/
function contains(AddressSet storage set, address value) internal view returns (bool) {
return _contains(set._inner, bytes32(uint256(uint160(value))));
}
/**
* @dev Returns the number of values in the set. O(1).
*/
function length(AddressSet storage set) internal view returns (uint256) {
return _length(set._inner);
}
/**
* @dev Returns the value stored at position `index` in the set. O(1).
*
* Note that there are no guarantees on the ordering of values inside the
* array, and it may change when more values are added or removed.
*
* Requirements:
*
* - `index` must be strictly less than {length}.
*/
function at(AddressSet storage set, uint256 index) internal view returns (address) {
return address(uint160(uint256(_at(set._inner, index))));
}
/**
* @dev Return the entire set in an array
*
* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
* this function has an unbounded cost, and using it as part of a state-changing function may render the function
* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
*/
function values(AddressSet storage set) internal view returns (address[] memory) {
bytes32[] memory store = _values(set._inner);
address[] memory result;
/// @solidity memory-safe-assembly
assembly {
result := store
}
return result;
}
// UintSet
struct UintSet {
Set _inner;
}
/**
* @dev Add a value to a set. O(1).
*
* Returns true if the value was added to the set, that is if it was not
* already present.
*/
function add(UintSet storage set, uint256 value) internal returns (bool) {
return _add(set._inner, bytes32(value));
}
/**
* @dev Removes a value from a set. O(1).
*
* Returns true if the value was removed from the set, that is if it was
* present.
*/
function remove(UintSet storage set, uint256 value) internal returns (bool) {
return _remove(set._inner, bytes32(value));
}
/**
* @dev Returns true if the value is in the set. O(1).
*/
function contains(UintSet storage set, uint256 value) internal view returns (bool) {
return _contains(set._inner, bytes32(value));
}
/**
* @dev Returns the number of values in the set. O(1).
*/
function length(UintSet storage set) internal view returns (uint256) {
return _length(set._inner);
}
/**
* @dev Returns the value stored at position `index` in the set. O(1).
*
* Note that there are no guarantees on the ordering of values inside the
* array, and it may change when more values are added or removed.
*
* Requirements:
*
* - `index` must be strictly less than {length}.
*/
function at(UintSet storage set, uint256 index) internal view returns (uint256) {
return uint256(_at(set._inner, index));
}
/**
* @dev Return the entire set in an array
*
* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
* this function has an unbounded cost, and using it as part of a state-changing function may render the function
* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
*/
function values(UintSet storage set) internal view returns (uint256[] memory) {
bytes32[] memory store = _values(set._inner);
uint256[] memory result;
/// @solidity memory-safe-assembly
assembly {
result := store
}
return result;
}
}
合同源代码
文件 8 的 19:IAccessControl.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (access/IAccessControl.sol)
pragma solidity ^0.8.0;
/**
* @dev External interface of AccessControl declared to support ERC165 detection.
*/
interface IAccessControl {
/**
* @dev Emitted when `newAdminRole` is set as ``role``'s admin role, replacing `previousAdminRole`
*
* `DEFAULT_ADMIN_ROLE` is the starting admin for all roles, despite
* {RoleAdminChanged} not being emitted signaling this.
*
* _Available since v3.1._
*/
event RoleAdminChanged(bytes32 indexed role, bytes32 indexed previousAdminRole, bytes32 indexed newAdminRole);
/**
* @dev Emitted when `account` is granted `role`.
*
* `sender` is the account that originated the contract call, an admin role
* bearer except when using {AccessControl-_setupRole}.
*/
event RoleGranted(bytes32 indexed role, address indexed account, address indexed sender);
/**
* @dev Emitted when `account` is revoked `role`.
*
* `sender` is the account that originated the contract call:
* - if using `revokeRole`, it is the admin role bearer
* - if using `renounceRole`, it is the role bearer (i.e. `account`)
*/
event RoleRevoked(bytes32 indexed role, address indexed account, address indexed sender);
/**
* @dev Returns `true` if `account` has been granted `role`.
*/
function hasRole(bytes32 role, address account) external view returns (bool);
/**
* @dev Returns the admin role that controls `role`. See {grantRole} and
* {revokeRole}.
*
* To change a role's admin, use {AccessControl-_setRoleAdmin}.
*/
function getRoleAdmin(bytes32 role) external view returns (bytes32);
/**
* @dev Grants `role` to `account`.
*
* If `account` had not been already granted `role`, emits a {RoleGranted}
* event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*/
function grantRole(bytes32 role, address account) external;
/**
* @dev Revokes `role` from `account`.
*
* If `account` had been granted `role`, emits a {RoleRevoked} event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*/
function revokeRole(bytes32 role, address account) external;
/**
* @dev Revokes `role` from the calling account.
*
* Roles are often managed via {grantRole} and {revokeRole}: this function's
* purpose is to provide a mechanism for accounts to lose their privileges
* if they are compromised (such as when a trusted device is misplaced).
*
* If the calling account had been granted `role`, emits a {RoleRevoked}
* event.
*
* Requirements:
*
* - the caller must be `account`.
*/
function renounceRole(bytes32 role, address account) external;
}
合同源代码
文件 9 的 19:IAccessControlEnumerable.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (access/IAccessControlEnumerable.sol)
pragma solidity ^0.8.0;
import "./IAccessControl.sol";
/**
* @dev External interface of AccessControlEnumerable declared to support ERC165 detection.
*/
interface IAccessControlEnumerable is IAccessControl {
/**
* @dev Returns one of the accounts that have `role`. `index` must be a
* value between 0 and {getRoleMemberCount}, non-inclusive.
*
* Role bearers are not sorted in any particular way, and their ordering may
* change at any point.
*
* WARNING: When using {getRoleMember} and {getRoleMemberCount}, make sure
* you perform all queries on the same block. See the following
* https://forum.openzeppelin.com/t/iterating-over-elements-on-enumerableset-in-openzeppelin-contracts/2296[forum post]
* for more information.
*/
function getRoleMember(bytes32 role, uint256 index) external view returns (address);
/**
* @dev Returns the number of accounts that have `role`. Can be used
* together with {getRoleMember} to enumerate all bearers of a role.
*/
function getRoleMemberCount(bytes32 role) external view returns (uint256);
}
合同源代码
文件 10 的 19:IERC165.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/introspection/IERC165.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC165 standard, as defined in the
* https://eips.ethereum.org/EIPS/eip-165[EIP].
*
* Implementers can declare support of contract interfaces, which can then be
* queried by others ({ERC165Checker}).
*
* For an implementation, see {ERC165}.
*/
interface IERC165 {
/**
* @dev Returns true if this contract implements the interface defined by
* `interfaceId`. See the corresponding
* https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[EIP section]
* to learn more about how these ids are created.
*
* This function call must use less than 30 000 gas.
*/
function supportsInterface(bytes4 interfaceId) external view returns (bool);
}
合同源代码
文件 11 的 19:IERC20.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/IERC20.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/
interface IERC20 {
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
/**
* @dev Returns the amount of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the amount of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves `amount` tokens from the caller's account to `to`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address to, uint256 amount) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 amount) external returns (bool);
/**
* @dev Moves `amount` tokens from `from` to `to` using the
* allowance mechanism. `amount` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(address from, address to, uint256 amount) external returns (bool);
}
合同源代码
文件 12 的 19:IERC20Permit.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/extensions/IERC20Permit.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
* https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
*
* Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
* presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't
* need to send a transaction, and thus is not required to hold Ether at all.
*/
interface IERC20Permit {
/**
* @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,
* given ``owner``'s signed approval.
*
* IMPORTANT: The same issues {IERC20-approve} has related to transaction
* ordering also apply here.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `spender` cannot be the zero address.
* - `deadline` must be a timestamp in the future.
* - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`
* over the EIP712-formatted function arguments.
* - the signature must use ``owner``'s current nonce (see {nonces}).
*
* For more information on the signature format, see the
* https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP
* section].
*/
function permit(
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) external;
/**
* @dev Returns the current nonce for `owner`. This value must be
* included whenever a signature is generated for {permit}.
*
* Every successful call to {permit} increases ``owner``'s nonce by one. This
* prevents a signature from being used multiple times.
*/
function nonces(address owner) external view returns (uint256);
/**
* @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.
*/
// solhint-disable-next-line func-name-mixedcase
function DOMAIN_SEPARATOR() external view returns (bytes32);
}
合同源代码
文件 13 的 19:Math.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/math/Math.sol)
pragma solidity ^0.8.0;
/**
* @dev Standard math utilities missing in the Solidity language.
*/
library Math {
enum Rounding {
Down, // Toward negative infinity
Up, // Toward infinity
Zero // Toward zero
}
/**
* @dev Returns the largest of two numbers.
*/
function max(uint256 a, uint256 b) internal pure returns (uint256) {
return a > b ? a : b;
}
/**
* @dev Returns the smallest of two numbers.
*/
function min(uint256 a, uint256 b) internal pure returns (uint256) {
return a < b ? a : b;
}
/**
* @dev Returns the average of two numbers. The result is rounded towards
* zero.
*/
function average(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b) / 2 can overflow.
return (a & b) + (a ^ b) / 2;
}
/**
* @dev Returns the ceiling of the division of two numbers.
*
* This differs from standard division with `/` in that it rounds up instead
* of rounding down.
*/
function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b - 1) / b can overflow on addition, so we distribute.
return a == 0 ? 0 : (a - 1) / b + 1;
}
/**
* @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or denominator == 0
* @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv)
* with further edits by Uniswap Labs also under MIT license.
*/
function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {
unchecked {
// 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use
// use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256
// variables such that product = prod1 * 2^256 + prod0.
uint256 prod0; // Least significant 256 bits of the product
uint256 prod1; // Most significant 256 bits of the product
assembly {
let mm := mulmod(x, y, not(0))
prod0 := mul(x, y)
prod1 := sub(sub(mm, prod0), lt(mm, prod0))
}
// Handle non-overflow cases, 256 by 256 division.
if (prod1 == 0) {
// Solidity will revert if denominator == 0, unlike the div opcode on its own.
// The surrounding unchecked block does not change this fact.
// See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.
return prod0 / denominator;
}
// Make sure the result is less than 2^256. Also prevents denominator == 0.
require(denominator > prod1, "Math: mulDiv overflow");
///////////////////////////////////////////////
// 512 by 256 division.
///////////////////////////////////////////////
// Make division exact by subtracting the remainder from [prod1 prod0].
uint256 remainder;
assembly {
// Compute remainder using mulmod.
remainder := mulmod(x, y, denominator)
// Subtract 256 bit number from 512 bit number.
prod1 := sub(prod1, gt(remainder, prod0))
prod0 := sub(prod0, remainder)
}
// Factor powers of two out of denominator and compute largest power of two divisor of denominator. Always >= 1.
// See https://cs.stackexchange.com/q/138556/92363.
// Does not overflow because the denominator cannot be zero at this stage in the function.
uint256 twos = denominator & (~denominator + 1);
assembly {
// Divide denominator by twos.
denominator := div(denominator, twos)
// Divide [prod1 prod0] by twos.
prod0 := div(prod0, twos)
// Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.
twos := add(div(sub(0, twos), twos), 1)
}
// Shift in bits from prod1 into prod0.
prod0 |= prod1 * twos;
// Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such
// that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for
// four bits. That is, denominator * inv = 1 mod 2^4.
uint256 inverse = (3 * denominator) ^ 2;
// Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also works
// in modular arithmetic, doubling the correct bits in each step.
inverse *= 2 - denominator * inverse; // inverse mod 2^8
inverse *= 2 - denominator * inverse; // inverse mod 2^16
inverse *= 2 - denominator * inverse; // inverse mod 2^32
inverse *= 2 - denominator * inverse; // inverse mod 2^64
inverse *= 2 - denominator * inverse; // inverse mod 2^128
inverse *= 2 - denominator * inverse; // inverse mod 2^256
// Because the division is now exact we can divide by multiplying with the modular inverse of denominator.
// This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is
// less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1
// is no longer required.
result = prod0 * inverse;
return result;
}
}
/**
* @notice Calculates x * y / denominator with full precision, following the selected rounding direction.
*/
function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {
uint256 result = mulDiv(x, y, denominator);
if (rounding == Rounding.Up && mulmod(x, y, denominator) > 0) {
result += 1;
}
return result;
}
/**
* @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded down.
*
* Inspired by Henry S. Warren, Jr.'s "Hacker's Delight" (Chapter 11).
*/
function sqrt(uint256 a) internal pure returns (uint256) {
if (a == 0) {
return 0;
}
// For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.
//
// We know that the "msb" (most significant bit) of our target number `a` is a power of 2 such that we have
// `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.
//
// This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`
// → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`
// → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`
//
// Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.
uint256 result = 1 << (log2(a) >> 1);
// At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,
// since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at
// every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision
// into the expected uint128 result.
unchecked {
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
return min(result, a / result);
}
}
/**
* @notice Calculates sqrt(a), following the selected rounding direction.
*/
function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = sqrt(a);
return result + (rounding == Rounding.Up && result * result < a ? 1 : 0);
}
}
/**
* @dev Return the log in base 2, rounded down, of a positive value.
* Returns 0 if given 0.
*/
function log2(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >> 128 > 0) {
value >>= 128;
result += 128;
}
if (value >> 64 > 0) {
value >>= 64;
result += 64;
}
if (value >> 32 > 0) {
value >>= 32;
result += 32;
}
if (value >> 16 > 0) {
value >>= 16;
result += 16;
}
if (value >> 8 > 0) {
value >>= 8;
result += 8;
}
if (value >> 4 > 0) {
value >>= 4;
result += 4;
}
if (value >> 2 > 0) {
value >>= 2;
result += 2;
}
if (value >> 1 > 0) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 2, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log2(value);
return result + (rounding == Rounding.Up && 1 << result < value ? 1 : 0);
}
}
/**
* @dev Return the log in base 10, rounded down, of a positive value.
* Returns 0 if given 0.
*/
function log10(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >= 10 ** 64) {
value /= 10 ** 64;
result += 64;
}
if (value >= 10 ** 32) {
value /= 10 ** 32;
result += 32;
}
if (value >= 10 ** 16) {
value /= 10 ** 16;
result += 16;
}
if (value >= 10 ** 8) {
value /= 10 ** 8;
result += 8;
}
if (value >= 10 ** 4) {
value /= 10 ** 4;
result += 4;
}
if (value >= 10 ** 2) {
value /= 10 ** 2;
result += 2;
}
if (value >= 10 ** 1) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 10, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log10(value);
return result + (rounding == Rounding.Up && 10 ** result < value ? 1 : 0);
}
}
/**
* @dev Return the log in base 256, rounded down, of a positive value.
* Returns 0 if given 0.
*
* Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.
*/
function log256(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >> 128 > 0) {
value >>= 128;
result += 16;
}
if (value >> 64 > 0) {
value >>= 64;
result += 8;
}
if (value >> 32 > 0) {
value >>= 32;
result += 4;
}
if (value >> 16 > 0) {
value >>= 16;
result += 2;
}
if (value >> 8 > 0) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 256, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log256(value);
return result + (rounding == Rounding.Up && 1 << (result << 3) < value ? 1 : 0);
}
}
}
合同源代码
文件 14 的 19:OperatorRecoverable.sol
// SPDX-License-Identifier: LGPL-3.0-or-later
pragma solidity 0.8.9;
/*
*@#+:-*== .:. : =#*=. .. :=**- :+%@@@@@#*+-.......... .-.-@@
*%%*.. +*: =%.-- :+***+=++**=. .+%@@@@@*- . . . . -+=
* -==+++. :#: .. .=#@@@@@*- .:=*#%@@@@%#*=. ...:::::
* .:-======+=--%@*. .*@@@@@@+ .=#@@@@@@##*#%@@@@@*-
*-:::-===-::------+#@@@*. :*@@@@@@= :*@@@%*==------=--+@@@@@#=: .-=
*=++==::: .:=+=:.-=. .-**+++#**#@@@+ -#@@%=-::== :*+--*@@@@@@@@@@@@
*.....-=*+***+-. .+#*- +@@@@@@@@@+. -%@@%-::. .- .::-@@@%- -#@@@@@@@@@
* :*=@@@@@@@@@@#=. -*@%#%@@@@@@@@*. :#@@%-:: := =*%@@@@@@@%++*+*%@@@@@
* .+*%@#+-:-=+*##*#@#=. -*%@@@@@#=. -#@@%-:: -: :+@@@@@@@@*: ..
*@@@%= .-. :*@@#=. ... .=%@@#-:- :-=++#####+=: -#@@@@@@@@%*+++
*@*: :-=+::.. -#@@%+==--=+#@@%=.:+*= :=*%@@@@%@@@@@@@@@*- .+%@@@@ SMG @
*. .+%@@=%%%##=.... :+*%%@@%#+-. =%@@@@@@%@@@@@@@@@@@%%%%@@@@@#=:-+%@@@@@@@
*/
import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
import "./OperatorRole.sol";
/**
* @title OperatorRecoverable
* @notice Copyright (c) 2023 Special Mechanisms Group
*
* @author SMG <dev@mechanism.org>
*
* @dev The OperatorRecoverable contract is designed to allow a contract's
* operator to recover tokens which were accidentally transferred to
* it, but which the contract does not otherwise support. This prevents
* users having their tokens "bricked", and also allows the operator to
* clean out any spurious tokens that may have been transferred to it
* on purpose.
*/
abstract contract OperatorRecoverable is OperatorRole {
using SafeERC20 for IERC20;
/**
* @notice Maps token addresses to whether they are unrecoverable.
*/
mapping(address => bool) private isTokenUnrecoverable;
event SetUnrecoverable(address indexed token);
event Recovered(address indexed token, address indexed operator);
/**
* @notice Marks a token address as unrecoverable by the operator.
*
* @dev Only the operator may call this function.
* @dev Once a token is marked as unrecoverable there is no way for
* anyone, operator included, to mark it as recoverable again.
*
* @param _token Address of the token that will be unrecoverable.
*/
function setTokenUnrecoverable(
address _token
)
public
onlyOperator
{
isTokenUnrecoverable[_token] = true;
emit SetUnrecoverable(_token);
}
/**
* @notice Recovers recoverable tokens.
*
* @dev Only the operator may call this function.
* @dev The purpose of this function is to allow the operator to assist
* users who accidentally transferred the wrong kind of tokens to
* the smart contract.
* @dev If the token being recovered is ETH (which is not an ERC20 and
* hence does not have a token address), the caller should provide
* `0x0` as the value of `_token`.
*
* @param _token Address of the token that the operator will recover.
*/
function recoverToken(
address _token
)
external
onlyOperator
{
require(
!isTokenUnrecoverable[_token],
"OperatorRecoverable: cannot recover, token marked as unrecoverable."
);
if (_token == address(0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE)) {
/* ETH */
(bool success,) = msg.sender.call{ value: address(this).balance }("");
require(success, "OperatorRecoverable: ETH transfer failed.");
} else {
/* ERC20 */
IERC20(_token).safeTransfer(
msg.sender,
IERC20(_token).balanceOf(address(this))
);
}
emit Recovered(_token, msg.sender);
}
}
合同源代码
文件 15 的 19:OperatorRole.sol
// SPDX-License-Identifier: LGPL-3.0-or-later
pragma solidity 0.8.9;
/*
*@#+:-*== .:. : =#*=. .. :=**- :+%@@@@@#*+-.......... .-.-@@
*%%*.. +*: =%.-- :+***+=++**=. .+%@@@@@*- . . . . -+=
* -==+++. :#: .. .=#@@@@@*- .:=*#%@@@@%#*=. ...:::::
* .:-======+=--%@*. .*@@@@@@+ .=#@@@@@@##*#%@@@@@*-
*-:::-===-::------+#@@@*. :*@@@@@@= :*@@@%*==------=--+@@@@@#=: .-=
*=++==::: .:=+=:.-=. .-**+++#**#@@@+ -#@@%=-::== :*+--*@@@@@@@@@@@@
*.....-=*+***+-. .+#*- +@@@@@@@@@+. -%@@%-::. .- .::-@@@%- -#@@@@@@@@@
* :*=@@@@@@@@@@#=. -*@%#%@@@@@@@@*. :#@@%-:: := =*%@@@@@@@%++*+*%@@@@@
* .+*%@#+-:-=+*##*#@#=. -*%@@@@@#=. -#@@%-:: -: :+@@@@@@@@*: ..
*@@@%= .-. :*@@#=. ... .=%@@#-:- :-=++#####+=: -#@@@@@@@@%*+++
*@*: :-=+::.. -#@@%+==--=+#@@%=.:+*= :=*%@@@@%@@@@@@@@@*- .+%@@@@ SMG @
*. .+%@@=%%%##=.... :+*%%@@%#+-. =%@@@@@@%@@@@@@@@@@@%%%%@@@@@#=:-+%@@@@@@@
*/
import "@openzeppelin/contracts/access/AccessControlEnumerable.sol";
/**
* @title OperatorRole
* @notice Copyright (c) 2023 Special Mechanisms Group
*
* @author SMG <dev@mechanism.org>
*
* @dev The OperatorRole contract defines a role called OPERATOR_ROLE which can
* be assigned to certain addresses, and which can be used to control
* access to certain functions on the smart contract. In addition, this
* contract sets up the DEFAULT_ADMIN_ROLE.
*/
abstract contract OperatorRole is AccessControlEnumerable {
bytes32 public constant OPERATOR_ROLE = keccak256("OPERATOR_ROLE");
event AddedOperator(address indexed _address);
event RemovedOperator(address indexed _address);
/**
* @notice Constructor
*
* @dev The deployer will be set as the first address with the roles
* DEFAULT_ADMIN_ROLE and OPERATOR_ROLE. DEFAULT_ADMIN_ROLE is set
* as the administrator of OPERATOR_ROLE, which means that only a
* caller with the DEFAULT_ADMIN_ROLE can call the `grantRole` or
* `renounceRole` functions for OPERATOR_ROLE.
*/
constructor()
{
_grantRole(DEFAULT_ADMIN_ROLE, _msgSender());
_grantRole(OPERATOR_ROLE, _msgSender());
}
/**
* @notice Allows only the Operator role to call certain functions.
*/
modifier onlyOperator()
{
require(isOperator(_msgSender()), "OperatorRole: caller does not have the Operator role.");
_;
}
/**
* @notice Checks whether an address has been granted OPERATOR_ROLE.
*
* @param _address Address to check.
* @return bool 'true' if the address has the role, otherwise 'false'.
*/
function isOperator(
address _address
)
public
view
returns (bool)
{
return hasRole(OPERATOR_ROLE, _address);
}
/**
* @notice Give an address OPERATOR_ROLE.
*
* @dev Caller must have DEFAULT_ADMIN_ROLE.
*
* @param _address Address to be granted OPERATOR_ROLE.
*/
function addOperator(
address _address
)
public
{
_addOperator(_address);
}
/**
* @notice Remove OPERATOR_ROLE from msg.sender.
*
* @dev Caller must have OPERATOR_ROLE.
*/
function renounceOperator()
public
virtual
{
_removeOperator(msg.sender);
}
/**
* @notice Add OPERATOR_ROLE to an address.
*
* @dev Caller must have DEFAULT_ADMIN_ROLE.
*
* @param _address Address to have OPERATOR_ROLE granted.
*/
function _addOperator(
address _address
)
internal
{
grantRole(OPERATOR_ROLE, _address);
emit AddedOperator(_address);
}
/**
* @notice Remove OPERATOR_ROLE from an address.
*
* @dev Caller must have DEFAULT_ADMIN_ROLE.
*
* @param _address Address to have OPERATOR_ROLE renounced.
*/
function _removeOperator(
address _address
)
internal
{
renounceRole(OPERATOR_ROLE, _address);
emit RemovedOperator(_address);
}
/**
* @dev Overload {AccessControlEnumerable-_revokeRole} to ensure at least one operator/admin remains
*/
function _revokeRole(bytes32 role, address account) internal virtual override {
super._revokeRole(role, account);
uint256 roleMemberCount = getRoleMemberCount(role);
require (roleMemberCount > 0, "OperatorRole: contract must have at least one operator");
}
/**
* @dev Overload {AccessControl-_renounceRole} to ensure at least one operator/admin remains
*/
function renounceRole(bytes32 role, address account) public virtual override {
require(account == _msgSender(), "AccessControl: can only renounce roles for self");
_revokeRole(role, account);
}
}
合同源代码
文件 16 的 19:PaymentChannels.sol
// SPDX-License-Identifier: MIT
pragma solidity 0.8.9;
/*
*@#+:-*== .:. : =#*=. .. :=**- :+%@@@@@#*+-.......... .-.-@@
*%%*.. +*: =%.-- :+***+=++**=. .+%@@@@@*- . . . . -+=
* -==+++. :#: .. .=#@@@@@*- .:=*#%@@@@%#*=. ...:::::
* .:-======+=--%@*. .*@@@@@@+ .=#@@@@@@##*#%@@@@@*-
*-:::-===-::------+#@@@*. :*@@@@@@= :*@@@%*==------=--+@@@@@#=: .-=
*=++==::: .:=+=:.-=. .-**+++#**#@@@+ -#@@%=-::== :*+--*@@@@@@@@@@@@
*.....-=*+***+-. .+#*- +@@@@@@@@@+. -%@@%-::. .- .::-@@@%- -#@@@@@@@@@
* :*=@@@@@@@@@@#=. -*@%#%@@@@@@@@*. :#@@%-:: := =*%@@@@@@@%++*+*%@@@@@
* .+*%@#+-:-=+*##*#@#=. -*%@@@@@#=. -#@@%-:: -: :+@@@@@@@@*: ..
*@@@%= .-. :*@@#=. ... .=%@@#-:- :-=++#####+=: -#@@@@@@@@%*+++
*@*: :-=+::.. -#@@%+==--=+#@@%=.:+*= :=*%@@@@%@@@@@@@@@*- .+%@@@@ SMG @
*. .+%@@=%%%##=.... :+*%%@@%#+-. =%@@@@@@%@@@@@@@@@@@%%%%@@@@@#=:-+%@@@@@@@
*/
import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
import "./OperatorRecoverable.sol";
interface IWETH {
function withdraw(uint wad) external;
}
/**
* @title PaymentChannels
* @notice Copyright (c) 2023 Special Mechanisms Group
*
* @author SMG <dev@mechanism.org>
*
* @notice The PaymentChannels contract implements the on-chain portion of a
* payment channel system.
*
* A payment channel allows for two parties to conduct a series of
* transactions of the main blockchain, then record the final result
* onto the main blockchain in one transaction.
*
* Their efficiency makes them ideally suited for high-performance
* micropayments.
*
* A payment channel is created by locking funds in a smart contract,
* then exchanging of-chain commitments with the channel's counterparty.
* The channel can be "settled" at any time by providing a more recent
* commitment, and "closed" when both parties agree on the final state.
*
* Closing a channel is done either by providing a special commitment
* that both parties agree is the last, or by providing a commitment
* and waiting for a challenge period where the counterparty is free to
* provide a more recent commitment if one exists.
*/
contract PaymentChannels is OperatorRecoverable {
using SafeERC20 for IERC20;
/*//////////////////////////////////////////////////////////////
CONSTANTS
//////////////////////////////////////////////////////////////*/
IERC20 constant WETH = IERC20(0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2);
bytes constant public INSTANT_UNSTAKE_COMMITMENT_DATA = bytes("INSTANT");
// EIP-712 constants
string private constant CONTRACT_NAME = "PaymentChannels";
string private constant CONTRACT_VERSION = "1.0";
bytes32 private constant TYPEHASH_DOMAIN = keccak256(
"EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"
);
bytes32 private constant TYPEHASH_STAKE_COMMITMENT = keccak256(
"StakeCommitment(address stakerAddress,uint256 stakeSpentAmount,uint256 stakeCommitmentNonce,uint256 stakeChannelNonce,bytes data)"
);
bytes32 private constant TYPEHASH_CLAIM_COMMITMENT = keccak256(
"ClaimCommitment(address claimerAddress,uint256 claimsEarnedAmount)"
);
bytes32 private immutable DOMAIN_SEPARATOR;
/*//////////////////////////////////////////////////////////////
ADDRESSES
//////////////////////////////////////////////////////////////*/
/**
* @notice Address of the stakeNotary
* @dev The stakeNotary is an Ethereum account which co-signs commitments
* made by the stakerAddress on the stake payment channels.
*/
address public stakeNotaryAddress;
/**
* @notice Address of the claimNotary
* @dev The claimNotary is an Ethereum account which co-signs commitments
* made by the claimerAddress on the claim payment channels.
*/
address public claimNotaryAddress;
/*//////////////////////////////////////////////////////////////
PAYMENT CHANNEL STATE (STAKE)
//////////////////////////////////////////////////////////////*/
/**
* @notice Amount of WETH staked by a stakerAddress.
*
* @dev This value is only changed after calling the functions `stake`,
* `unstake`, or `safeUnstake`, the latter who of which reset its
* value to 0.
*/
mapping (address => uint256) public stakedAmount;
/**
* @notice Nonce used to order StakeCommitments.
*
* @dev This nonce increments each time a StakeCommitment is made on the
* payment channel, but will only increment on this contract when
* those StakeCommitments are brought on-chain using the functions
* `settleStakeCommitments`, `unstake`, or `startTimelockedUnstake`.
* Its value is reset to 0 when the payment channel is closed.
*/
mapping (address => uint256) public stakeCommitmentNonce;
/**
* @notice Amount of WETH spent since the payment channel was opened.
*
* @dev Cannot exceed `stakedAmount`. Resets to 0 when the payment channel
* is closed.
*/
mapping (address => uint256) public stakeSpentAmount;
/**
* @notice Nonce used to order each time the payment channel is opened.
*
* @dev This nonce increments each time the payment channel is closed,
* so that if the same address opens a new payment channel after
* having closed one, it will be unique. This prevents certain
* channel re-use attacks.
*/
mapping (address => uint256) public stakeChannelNonce;
/**
* @notice Timestamp used to measure the timelock for unstaking.
*
* @dev When this value is non-zero, it means the payment channel is in
* its timelocked unstaking period, limiting certain operations.
* @dev Unlike the other mappings, this one is indexed by a hash of a
* StakeCommitment rather than an address. This is to prevent the need
* for another write to zero out the timestamp each time a channel is
* closed. By using a StakeCommitment hash instead (which is unique
* due to the `stakeCommitmentNonce` and `stakeChannelNonce`), we
* avoid the need for that additional write, saving gas.
*/
mapping (bytes32 => uint256) public timelockedUnstakeTimestamp;
/*//////////////////////////////////////////////////////////////
PAYMENT CHANNEL STATE (CLAIMS)
//////////////////////////////////////////////////////////////*/
/**
* @notice Amount of WETH each claimerAddress has claimed.
*
* @dev Note that this value never decreases and persists for the lifetime
* of the claimerAddress.
*/
mapping (address => uint256) public claimedAmount;
/**
* @notice Total amount of claimable WETH.
*
* @dev Updated when the functions `adjustTotalClaimableAmount`,
* `addToTotalClaimableAmount` or `settleClaim` are called.
*/
uint256 public totalClaimableAmount;
/*//////////////////////////////////////////////////////////////
EVENTS
//////////////////////////////////////////////////////////////*/
event Staked(address indexed _stakerAddress, uint256 _stakeChannelNonce, uint256 _amount);
event Claimed(address indexed _claimerAddress, uint256 _amount);
event SetStakeNotaryAddress(address indexed _oldStakeNotaryAddress, address indexed _newStakeNotaryAddress);
event SetClaimNotaryAddress(address indexed _oldClaimNotaryAddress, address indexed _newClaimNotaryAddress);
event Unstaked(address indexed _stakerAddress, uint256 _stakeChannelNonce, uint256 _amount);
event StartedTimelockedUnstake(
address indexed _stakerAddress,
uint256 _stakeSpentAmount,
uint256 _stakeCommitmentNonce,
uint256 _stakeChannelNonce,
uint256 _timelockedUnstakeTimestamp);
event AddedToTotalClaimableAmount(uint256 _amount);
event SettledStakeCommitments(uint256 _totalNewStakeRefundedAmount, uint256 _totalNewStakeSpentAmount);
/*//////////////////////////////////////////////////////////////
DATA STRUCTURES
//////////////////////////////////////////////////////////////*/
/**
* @notice A commitment on the stake payment channel.
*
* @dev The data in the StakeCommitment is how we represent a distinct
* state transition on the payment channel, such as a "spend," a
* "refund," or an "unstake". This data is periodically written
* on-chain using `settleStakeCommitments`, or when calling `unstake`
* or `startTimelockedUnstake` to begin the process of closing a
* payment channel.
*/
struct StakeCommitment {
/**
* @dev Address of the owner of the stake and the payment channel
*/
address stakerAddress;
/**
* @dev Amount of WETH that the owner has spent since opening the
* payment channel.
*/
uint256 stakeSpentAmount;
/**
* @dev The nonce of the commitment.
*/
uint256 stakeCommitmentNonce;
/**
* @dev The nonce of the channel.
*/
uint256 stakeChannelNonce;
/**
* @dev Reserved for off-chain use. Typically holds the hash of the
* previous commitment in a chain to ensure that the state remains
* consistent. However it is also used in `unstake` to signal a
* special StakeCommitment.
*/
bytes data;
/**
* @dev The signature of the staker on the output of the function
* `getStakeCommitmentHash` or a locally-computed equivalent.
*/
bytes stakerSignature;
/**
* @dev The signature of the stakeNotary on the output of the function
* `getStakeCommitmentHash` or a locally-computed equivalent.
*/
bytes stakeNotarySignature;
}
/*//////////////////////////////////////////////////////////////
UTILITY METHODS
//////////////////////////////////////////////////////////////*/
/**
* @notice Fetch the most recent settled state of a payment channel.
*
* @dev Remember that the actual most recent state of the payment channel
* may be running ahead of the one on-chain, if there are new
* off-chain StakeCommitments that have yet to be settled.
*
* @param _stakerAddress The staker address.
* @return _stakedAmount The amount of WETH staked.
* @return _stakeCommitmentNonce The stake commitment nonce.
* @return _stakeSpentAmount The amount of WETH the staker has spent.
* @return _stakeChannelNonce The stake channel nonce.
* @return _timelockedUnstakeTimestamp The timestamp when startTimelockedUnstake was called.
*/
function getStakeChannelState(
address _stakerAddress
)
external
view
returns (
uint256 _stakedAmount,
uint256 _stakeCommitmentNonce,
uint256 _stakeSpentAmount,
uint256 _stakeChannelNonce,
uint256 _timelockedUnstakeTimestamp
)
{
return (
stakedAmount[_stakerAddress],
stakeCommitmentNonce[_stakerAddress],
stakeSpentAmount[_stakerAddress],
stakeChannelNonce[_stakerAddress],
getTimelockedUnstakeTimestamp(_stakerAddress));
}
/**
* @notice Compute the commitment hash used for stake signatures.
*
* @dev Convenience function that can be used by a staker or stakeNotary
* to generate the message they will sign to create a valid
* stakerSignature or stakeNotarySignature.
*
* @param _stakerAddress A staker address.
* @param _stakeSpentAmount The amount of WETH the staker has spent.
* @param _stakeCommitmentNonce The stake commitment nonce.
* @param _stakeChannelNonce The stake channel nonce.
* @return bytes32 Keccak256 hash of the given StakeCommitment properties.
*/
function getStakeCommitmentHash(
address _stakerAddress,
uint256 _stakeSpentAmount,
uint256 _stakeCommitmentNonce,
uint256 _stakeChannelNonce,
bytes memory _data
)
public
view
returns (bytes32)
{
return keccak256(
abi.encodePacked(
"\x19\x01",
DOMAIN_SEPARATOR,
keccak256(
abi.encode(
TYPEHASH_STAKE_COMMITMENT,
_stakerAddress,
_stakeSpentAmount,
_stakeCommitmentNonce,
_stakeChannelNonce,
keccak256(abi.encodePacked(_data))
)
)
)
);
}
/**
* @notice Compute the commitment hash used for stake signatures.
*
* @dev Convenience function that can be used by a staker or stakeNotary
* to generate the message they will sign to create a valid
* stakerSignature or stakeNotarySignature.
*
* @param _commitment A StakeCommitment.
* @return bytes32 Keccak256 hash of the given StakeCommitment properties.
*/
function getStakeCommitmentHash(
StakeCommitment memory _commitment
)
internal
view
returns (bytes32)
{
return getStakeCommitmentHash(
_commitment.stakerAddress,
_commitment.stakeSpentAmount,
_commitment.stakeCommitmentNonce,
_commitment.stakeChannelNonce,
_commitment.data);
}
/**
* @notice Compute the commitment hash used for claim signatures.
*
* @dev Convenience function that can be used by a claimer or claimNotary
* to generate the message they will sign to create a valid
* claimerSignature or claimNotarySignature.
*
* @param _claimerAddress Address of the claimer.
* @param _claimsEarnedAmount Amount of WETH earned to date by the claimer.
* @return bytes32 Keccak256 hash of the given claim properties.
*/
function getClaimCommitmentHash(
address _claimerAddress,
uint256 _claimsEarnedAmount
)
public
view
returns (bytes32)
{
return keccak256(
abi.encodePacked(
"\x19\x01",
DOMAIN_SEPARATOR,
keccak256(
abi.encode(
TYPEHASH_CLAIM_COMMITMENT,
_claimerAddress,
_claimsEarnedAmount
)
)
)
);
}
/**
* @notice Get the key to look up the timelocked unstake timestamp.
*
* @dev Timestamps are stored by hashing the data from the StakeCommitment
* a caller provides to startTimelockedUnstake. Because this hash will
* be unique for unique StakeCommitments, we never need to zero out
* timestamp, saving gas.
*
* @param _stakerAddress Address of the staker.
* @param _stakeSpentAmount The amount of WETH the staker has spent.
* @param _stakeCommitmentNonce The stake commitment nonce.
* @param _stakeChannelNonce The stake channel nonce.
* @return bytes32 Index into `timelockedUnstakeTimestamp` mapping.
*/
function getTimelockedUnstakeTimestampKey(
address _stakerAddress,
uint256 _stakeSpentAmount,
uint256 _stakeCommitmentNonce,
uint256 _stakeChannelNonce
)
public
pure
returns (bytes32)
{
return keccak256(abi.encode(_stakerAddress, _stakeSpentAmount, _stakeCommitmentNonce, _stakeChannelNonce));
}
/**
* @notice Get the timelocked unstake timestamp for a payment channel.
*
* @dev When the return value is non-zero, it means the associated payment
* channel is in its timelocked unstake mode, limiting certain
* functionality.
*
* @param _stakerAddress The staker address that owns the payment channel.
* @return uint256 The timestamp when startTimelockedUnstake was called.
*/
function getTimelockedUnstakeTimestamp(
address _stakerAddress
)
public
view
returns (uint256)
{
return timelockedUnstakeTimestamp[
getTimelockedUnstakeTimestampKey(
_stakerAddress,
stakeSpentAmount[_stakerAddress],
stakeCommitmentNonce[_stakerAddress],
stakeChannelNonce[_stakerAddress])];
}
/*//////////////////////////////////////////////////////////////
CONSTRUCTOR
//////////////////////////////////////////////////////////////*/
/**
* @notice constructor
*
* @param _stakeNotaryAddress Initial stakeNotaryAddress
* @param _claimNotaryAddress Initial claimNotaryAddress
*/
constructor(address _stakeNotaryAddress, address _claimNotaryAddress) {
/* Set initial stakeNotary and claimNotary addresses. */
stakeNotaryAddress = _stakeNotaryAddress;
claimNotaryAddress = _claimNotaryAddress;
/*
* We want the smart contract operator to have the ability to recover
* non-WETH ERC20 tokens transferred to it accidentally. The inherited
* OperatorRecoverable contract allows this for any ERC20, and we use
* `setTokenUnrecoverable` to permanently exclude WETH.
* For more, see `OperatorRecoverable.sol`.
*/
setTokenUnrecoverable(address(WETH));
/* Initialize EIP-712 Domain Separator */
DOMAIN_SEPARATOR = keccak256(
abi.encode(
TYPEHASH_DOMAIN,
keccak256(bytes(CONTRACT_NAME)),
keccak256(bytes(CONTRACT_VERSION)),
block.chainid,
address(this)
)
);
/* Emit events */
emit SetStakeNotaryAddress(address(0), _stakeNotaryAddress);
emit SetClaimNotaryAddress(address(0), _claimNotaryAddress);
}
fallback() external payable {}
receive() external payable {}
/*//////////////////////////////////////////////////////////////
ADDRESS MANAGEMENT
//////////////////////////////////////////////////////////////*/
/**
* @notice Update the stakeNotaryAddress.
*
* @dev Only the contract operator can call this function.
* @dev Any unsettled commitments co-signed by the old stakeNotaryAddress
* will not be able to be settled once this change is made. Therefore
* the caller must either ensure that these are re-signed by the new
* stakeNotaryAddress, or abandoned.
*
* @param _newStakeNotaryAddress Address of the new stakeNotary.
*/
function setStakeNotaryAddress(
address _newStakeNotaryAddress
)
external
onlyOperator
{
emit SetStakeNotaryAddress(stakeNotaryAddress, _newStakeNotaryAddress);
stakeNotaryAddress = _newStakeNotaryAddress;
}
/**
* @notice Update the claimNotaryAddress.
*
* @dev Only the contract operator can call this function.
* @dev Any unsettled commitments co-signed by the old claimNotaryAddress
* will not be able to be settled once this change is made. Therefore
* the caller must either ensure that these are re-signed by the new
* claimNotaryAddress, or abandoned.
*
* @param _newClaimNotaryAddress Address of the new claimNotary.
*/
function setClaimNotaryAddress(
address _newClaimNotaryAddress
)
external
onlyOperator
{
emit SetClaimNotaryAddress(claimNotaryAddress, _newClaimNotaryAddress);
claimNotaryAddress = _newClaimNotaryAddress;
}
/*//////////////////////////////////////////////////////////////
STAKE LOGIC
//////////////////////////////////////////////////////////////*/
/**
* @notice Stake WETH for use in a payment channel.
*
* @dev This opens a payment channel, if one is not yet open already,
* with msg.sender as the stakerAddress. Whether or not there is
* already an open payment channel, this function adds stake to it.
* @dev Cannot be called when the payment channel is in its timelocked
* unstake mode.
*
* @param _amount Amount of WETH to stake (in wei).
*/
function stake(
uint256 _amount
)
external
{
require(getTimelockedUnstakeTimestamp(msg.sender) == 0, "Invalid channel state: cannot stake after startTimelockedUnstake has been called.");
stakedAmount[msg.sender] += _amount;
WETH.safeTransferFrom(msg.sender, address(this), _amount);
emit Staked(msg.sender, stakeChannelNonce[msg.sender], stakedAmount[msg.sender]);
}
/**
* @notice Donate claimable WETH to the contract.
*
* @dev In normal operation, claimable WETH accrues on settlement or
* unstaking. This function can be used to create a buffer of
* immediaetly claimable WETH so that claimers do not need to wait
* for these periodic activities. It can also be used to amend any
* shortfalls.
*
* @param _amount Amount of WETH to donate (in wei).
*/
function addToTotalClaimableAmount(
uint256 _amount
)
external
{
totalClaimableAmount += _amount;
WETH.safeTransferFrom(msg.sender, address(this), _amount);
emit AddedToTotalClaimableAmount(_amount);
}
/**
* @notice Adjusts staked WETH to claimable WETH and vice versa.
*
* @param _stakeRefundedAmount Amount of WETH no longer claimable (in wei).
* @param _stakeSpentAmount Amount of WETH newly claimable (in wei).
*/
function adjustTotalClaimableAmount(
uint256 _stakeRefundedAmount,
uint256 _stakeSpentAmount
)
internal
{
if (_stakeSpentAmount < _stakeRefundedAmount) {
/* Overall, stake was refunded. */
uint256 refundAmount = _stakeRefundedAmount - _stakeSpentAmount;
require(totalClaimableAmount >= refundAmount, "Invalid refund: refundAmount cannot exceed totalClaimableAmount.");
totalClaimableAmount -= refundAmount;
} else {
/* Overall, stake was spent. */
totalClaimableAmount += _stakeSpentAmount - _stakeRefundedAmount;
}
}
/**
* @notice Settles off-chain commitments on-chain.
*
* @dev Any address may call this function since the StakeCommitments
* are secured by signatures of both the staker and the stakeNotary.
* In practice, the stakeNotary will likely be the caller.
* @dev It is sufficient to provide only the most recent unsettled
* StakeCommitment for each payment channel. But this is not a
* requirement, and the function will behave the same if there are
* past commitments for the same channel also being provided.
*
* @param _commitments Array of StakeCommitments to be settled.
*/
function settleStakeCommitments(
StakeCommitment[] memory _commitments
)
external
{
/* Tracks cumulative spending and refunding. */
uint256 totalNewStakeSpentAmount = 0;
uint256 totalNewStakeRefundedAmount = 0;
for (uint i=0; i< _commitments.length; i++) {
StakeCommitment memory commitment = _commitments[i];
/* Validate commitment data*/
require(getTimelockedUnstakeTimestamp(commitment.stakerAddress) == 0, "Invalid channel state: cannot settle new StakeCommitments after startTimelockedUnstake has been called.");
require(commitment.stakeSpentAmount <= stakedAmount[commitment.stakerAddress], "Invalid StakeCommitment: provided stakeSpentAmount cannot exceed stakedAmount.");
require(commitment.stakeCommitmentNonce >= stakeCommitmentNonce[commitment.stakerAddress], "Invalid StakeCommitment: provided stakeCommitmentNonce must be no older than stakeCommitmentNonce.");
require(commitment.stakeChannelNonce == stakeChannelNonce[commitment.stakerAddress], "Invalid StakeCommitment: provided stakeChannelNonce must match stakeChannelNonce.");
/*
* If a commitment in the batch has already been settled in a previous call to settleStakeCommitments,
* skip it instead of reverting the entire batch. This is to prevent a malicious actor from DOS-ing
* a batched call by frontrunning it with a single commitment from the batch.
*/
if(commitment.stakeCommitmentNonce == stakeCommitmentNonce[commitment.stakerAddress]) {
continue;
}
/* Validate signatures */
address recoveredStakerAddress = ECDSA.recover(
getStakeCommitmentHash(commitment),
commitment.stakerSignature
);
require(recoveredStakerAddress == commitment.stakerAddress, "Invalid StakeCommitment: stakerAddress does not match the signer of stakerSignature.");
address recoveredStakeNotaryAddress = ECDSA.recover(
getStakeCommitmentHash(commitment),
commitment.stakeNotarySignature
);
require(recoveredStakeNotaryAddress == stakeNotaryAddress, "Invalid StakeCommitment: stakeNotaryAddress does not match the signer of stakeNotarySignature.");
if (commitment.stakeSpentAmount < stakeSpentAmount[commitment.stakerAddress]) {
/* Stake was refunded to the staker. */
totalNewStakeRefundedAmount += stakeSpentAmount[commitment.stakerAddress] - commitment.stakeSpentAmount;
} else {
/* Stake was spent by the staker. */
totalNewStakeSpentAmount += commitment.stakeSpentAmount - stakeSpentAmount[commitment.stakerAddress];
}
/* Update the channel state */
stakeCommitmentNonce[commitment.stakerAddress] = commitment.stakeCommitmentNonce;
stakeSpentAmount[commitment.stakerAddress] = commitment.stakeSpentAmount;
}
/* Adjust the total claimable amount all at once */
adjustTotalClaimableAmount(totalNewStakeRefundedAmount, totalNewStakeSpentAmount);
/* Emit event */
emit SettledStakeCommitments(totalNewStakeRefundedAmount, totalNewStakeSpentAmount);
}
/**
* @notice Start or challenge a timelocked unstake procedure.
*
* @dev The timelocked unstake procedure is a fail-safe mode that allows
* a staker to unstake even in the presence of a faulty stakeNotary.
* Once the function is called, the associated payment channel is
* settled up to the provided StakeCommitment, and no further
* commitments can be settled, except through this function.
* @dev The unstaking can be completed after expiry of a 7 day timelock,
* by calling the `executeTimelockedUnstake` function.
* @dev If the stakeNotary believes that the staker is being malicious
* and providing an old but unsettled StakeCommitment, they can
* challenge the unstake by calling this function with a more
* recent StakeCommitment, which also extends the timelock. The
* stakeNotary can challenge repeatedly, until the matter is resolved.
* @dev A compromised stakeNotary could withhold more recent commitments
* from the staker and use these to indefinitely reset the timelock.
* In this event, the operator can call `setStakeNotaryAddress` to
* change the `stakeNotaryAddress` to an uncompromised one.
* @dev This function does not close the payment channel, but it does
* put it into a timelocked state where its functionality is reduced.
* To close the payment channel and actually unstake, the caller needs
* to call `executeTimelockedUnstake`.
*
* @param _commitment A StakeCommitment at least as recent as the last
* one settled on-chain.
*/
function startTimelockedUnstake(
StakeCommitment memory _commitment
)
external
{
/* Validate */
if (getTimelockedUnstakeTimestamp(_commitment.stakerAddress) == 0) {
require(msg.sender == _commitment.stakerAddress, "Invalid caller: only stakerAddress can call startTimelockedUnstake for the first time.");
}
require(_commitment.stakeSpentAmount <= stakedAmount[_commitment.stakerAddress], "Invalid StakeCommitment: provided stakeSpentAmount cannot exceed stakedAmount.");
require(_commitment.stakeCommitmentNonce >= stakeCommitmentNonce[_commitment.stakerAddress], "Invalid StakeCommitment: provided stakeCommitmentNonce must be no older than stakeCommitmentNonce.");
require(_commitment.stakeChannelNonce == stakeChannelNonce[_commitment.stakerAddress], "Invalid StakeCommitment: provided stakeChannelNonce must match stakeChannelNonce.");
require(msg.sender == _commitment.stakerAddress || msg.sender == stakeNotaryAddress, "Invalid caller: only stakerAddress or stakeNotaryAddress can call startTimelockedUnstake.");
/* Validate signatures */
address recoveredStakerAddress = ECDSA.recover(
getStakeCommitmentHash(_commitment),
_commitment.stakerSignature
);
require(recoveredStakerAddress == _commitment.stakerAddress, "Invalid StakeCommitment: stakerAddress does not match the signer of stakerSignature.");
address recoveredStakeNotaryAddress = ECDSA.recover(
getStakeCommitmentHash(_commitment),
_commitment.stakeNotarySignature
);
require(recoveredStakeNotaryAddress == stakeNotaryAddress, "Invalid StakeCommitment: stakeNotaryAddress does not match the signer of stakeNotarySignature.");
/* Settle the payment channel up to the provided StakeCommitment. */
adjustTotalClaimableAmount(stakeSpentAmount[_commitment.stakerAddress], _commitment.stakeSpentAmount);
stakeCommitmentNonce[_commitment.stakerAddress] = _commitment.stakeCommitmentNonce;
stakeSpentAmount[_commitment.stakerAddress] = _commitment.stakeSpentAmount;
/* Set the timelock */
timelockedUnstakeTimestamp[
getTimelockedUnstakeTimestampKey(
_commitment.stakerAddress,
_commitment.stakeSpentAmount,
_commitment.stakeCommitmentNonce,
_commitment.stakeChannelNonce
)] = block.timestamp + 7 days;
/* Emit event */
emit StartedTimelockedUnstake(
_commitment.stakerAddress,
_commitment.stakeSpentAmount,
_commitment.stakeCommitmentNonce,
_commitment.stakeChannelNonce,
block.timestamp + 7 days);
}
/**
* @notice After timelock, unstake the stakerAddress's unspent WETH.
*
* @dev When successful, this function closes the payment channel.
* @dev Requires the `startTimelockedUnstake` function to have been last
* called at least 7 days prior.
*
* @param _stakerAddress Address of the staker.
*/
function executeTimelockedUnstake(
address _stakerAddress
)
external
{
/* Cache for event */
uint256 _stakeChannelNonce = stakeChannelNonce[_stakerAddress];
/* Validate */
require(getTimelockedUnstakeTimestamp(_stakerAddress) > 0, "Invalid timelock: must call startTimelockedUnstake first.");
require(block.timestamp > getTimelockedUnstakeTimestamp(_stakerAddress), "Invalid timelock: timelock has not yet expired.");
/* Cache for event */
uint256 unstakeAmount = stakedAmount[_stakerAddress] - stakeSpentAmount[_stakerAddress];
require(unstakeAmount > 0, "Nothing to unstake");
/* Close the payment channel */
stakeCommitmentNonce[_stakerAddress] = 0;
stakeSpentAmount[_stakerAddress] = 0;
stakedAmount[_stakerAddress] = 0;
stakeChannelNonce[_stakerAddress] += 1;
/* Send the WETH */
WETH.safeTransfer(_stakerAddress, unstakeAmount);
/* Emit event */
emit Unstaked(_stakerAddress, _stakeChannelNonce, unstakeAmount);
}
/**
* @notice Instantly unstake the stakerAddress's unspent WETH.
*
* @dev The caller must provide a special StakeCommitment co-signed by
* the stakeNotary proving that the payment channel has been settled
* and the stakeNotary has authorized the staker to unstake. This
* special StakeCommitment can be requested using the off-chain API
* associated with the stakeNotary. If the off-chain API is not
* available for any reason, use startTimelockedUnstake instead.
* @dev The special StakeCommitment is required in order to prevent either
* a compromised stakeNotary or a malicious staker from unstaking
* using an old or unsettled commitment.
* @dev Unstaking closes the payment channel, which means zeroing out all
* payment channel state associated with the `stakerAddress`, except
* for `stakeChannelNonce`, which is incremented. A `stakerAddress`
* which has unstaked can open a new payment channel by calling the
* `stake` function.
*
* @param _commitment A special StakeCommitment used to prove that the
* stakerAddress is authorized to unstake.
*/
function unstake(
StakeCommitment memory _commitment
)
external
{
/* Validate */
require(msg.sender == _commitment.stakerAddress, "Invalid caller: only stakerAddress can call unstake.");
require(_commitment.stakeSpentAmount <= stakedAmount[_commitment.stakerAddress], "Invalid StakeCommitment: provided stakeSpentAmount cannot exceed stakedAmount.");
require(_commitment.stakeCommitmentNonce >= stakeCommitmentNonce[_commitment.stakerAddress], "Invalid StakeCommitment: provided stakeCommitmentNonce must be no older than stakeCommitmentNonce.");
require(_commitment.stakeChannelNonce == stakeChannelNonce[_commitment.stakerAddress], "Invalid StakeCommitment: provided stakeChannelNonce must match stakeChannelNonce.");
require(keccak256(_commitment.data) == keccak256(INSTANT_UNSTAKE_COMMITMENT_DATA), "Invalid StakeCommitment: provided data must match INSTANT_UNSTAKE_COMMITMENT_DATA.");
/* Validate signatures */
address recoveredStakerAddress = ECDSA.recover(
getStakeCommitmentHash(_commitment),
_commitment.stakerSignature
);
require(recoveredStakerAddress == _commitment.stakerAddress, "Invalid StakeCommitment: stakerAddress does not match the signer of stakerSignature.");
address recoveredStakeNotaryAddress = ECDSA.recover(
getStakeCommitmentHash(_commitment),
_commitment.stakeNotarySignature
);
require(recoveredStakeNotaryAddress == stakeNotaryAddress, "Invalid StakeCommitment: stakeNotaryAddress does not match the signer of stakeNotarySignature.");
/* Settle the payment channel up to the provided StakeCommitment. */
adjustTotalClaimableAmount(stakeSpentAmount[_commitment.stakerAddress], _commitment.stakeSpentAmount);
/* Cache for event */
uint256 unstakeAmount = stakedAmount[_commitment.stakerAddress] - _commitment.stakeSpentAmount;
require(unstakeAmount > 0, "Nothing to unstake");
/* Close the payment channel */
stakeCommitmentNonce[_commitment.stakerAddress] = 0;
stakeSpentAmount[_commitment.stakerAddress] = 0;
stakedAmount[_commitment.stakerAddress] = 0;
stakeChannelNonce[_commitment.stakerAddress] += 1;
/* Send the WETH */
WETH.safeTransfer(_commitment.stakerAddress, unstakeAmount);
/* Emit event */
emit Unstaked(_commitment.stakerAddress, _commitment.stakeChannelNonce, unstakeAmount);
}
/*//////////////////////////////////////////////////////////////
CLAIM LOGIC
//////////////////////////////////////////////////////////////*/
/**
* @notice Claim any WETH owed to the provided address.
*
* @dev Can be called by anyone, not only the claimer. This allows claims
* to be securely processed by a third party, saving claimers gas.
* @dev The caller must request that the claimNotary provide both an amount
* of WETH that the claimerAddress has earned over its lifetime (the
* _claimsEarnedAmount), and a signature (_claimNotarySignature),
* witnessing the fact that the claimNotary agrees with that amount.
* @dev The message that results in _claimNotarySignature is the output of
* the `getClaimCommitmentHash` function, or a locally-computed
* equivalent.
*
* @param _claimerAddress Address of the claimer.
* @param _claimsEarnedAmount Amount of WETH claimer has earned to date.
* @param _claimNotarySignature Signature of claimNotary endorsing above.
*/
function claim(
address _claimerAddress,
uint256 _claimsEarnedAmount,
bytes memory _claimNotarySignature
)
external
{
settleClaim(
_claimerAddress,
_claimsEarnedAmount,
_claimNotarySignature,
false
);
}
/**
* @notice Claim any WETH owed to the provided address, as ETH.
*
* @param _claimerAddress Address of the claimer.
* @param _claimsEarnedAmount Amount of WETH claimer has earned to date.
* @param _claimNotarySignature Signature of claimNotary endorsing above.
*/
function claimAndUnwrap(
address _claimerAddress,
uint256 _claimsEarnedAmount,
bytes memory _claimNotarySignature
)
external
{
settleClaim(
_claimerAddress,
_claimsEarnedAmount,
_claimNotarySignature,
true
);
}
/**
* @notice Settle a claim of WETH or ETH.
*
* @param _claimerAddress Address of the claimer.
* @param _claimsEarnedAmount Amount of WETH claimer has earned to date.
* @param _claimNotarySignature Signature of claimNotary endorsing above.
*/
function settleClaim(
address _claimerAddress,
uint256 _claimsEarnedAmount,
bytes memory _claimNotarySignature,
bool unwrap
)
internal
{
/* Validate that there is something to claim at all. */
require(_claimsEarnedAmount > claimedAmount[_claimerAddress], "Invalid claim: there is nothing for the claimer to claim.");
/* Recover signature signer and validate */
address recoveredClaimNotaryAddress = ECDSA.recover(
getClaimCommitmentHash(_claimerAddress, _claimsEarnedAmount),
_claimNotarySignature
);
require(recoveredClaimNotaryAddress == claimNotaryAddress, "Invalid claim: claimNotaryAddress is not the signer of claimNotarySignature.");
/* Compute and validate the amount to be claimed */
uint256 claimAmount = _claimsEarnedAmount - claimedAmount[_claimerAddress];
require(claimAmount <= totalClaimableAmount, "Invalid claim: provided claimAmount cannot exceed totalClaimableAmount.");
/* Settle the claim on-chain. */
claimedAmount[_claimerAddress] = _claimsEarnedAmount;
totalClaimableAmount -= claimAmount;
/* Transfer the ETH or WETH to the claimer. */
if (unwrap) {
IWETH(address(WETH)).withdraw(claimAmount);
(bool sent,) = _claimerAddress.call{value: claimAmount}("");
require(sent, "Claim error: Failed to send ETH.");
} else {
WETH.safeTransfer(_claimerAddress, claimAmount);
}
/* Emit event */
emit Claimed(_claimerAddress, claimAmount);
}
}
合同源代码
文件 17 的 19:SafeERC20.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.3) (token/ERC20/utils/SafeERC20.sol)
pragma solidity ^0.8.0;
import "../IERC20.sol";
import "../extensions/IERC20Permit.sol";
import "../../../utils/Address.sol";
/**
* @title SafeERC20
* @dev Wrappers around ERC20 operations that throw on failure (when the token
* contract returns false). Tokens that return no value (and instead revert or
* throw on failure) are also supported, non-reverting calls are assumed to be
* successful.
* To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
* which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
*/
library SafeERC20 {
using Address for address;
/**
* @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeTransfer(IERC20 token, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));
}
/**
* @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the
* calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.
*/
function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));
}
/**
* @dev Deprecated. This function has issues similar to the ones found in
* {IERC20-approve}, and its usage is discouraged.
*
* Whenever possible, use {safeIncreaseAllowance} and
* {safeDecreaseAllowance} instead.
*/
function safeApprove(IERC20 token, address spender, uint256 value) internal {
// safeApprove should only be called when setting an initial allowance,
// or when resetting it to zero. To increase and decrease it, use
// 'safeIncreaseAllowance' and 'safeDecreaseAllowance'
require(
(value == 0) || (token.allowance(address(this), spender) == 0),
"SafeERC20: approve from non-zero to non-zero allowance"
);
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));
}
/**
* @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {
uint256 oldAllowance = token.allowance(address(this), spender);
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance + value));
}
/**
* @dev Decrease the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {
unchecked {
uint256 oldAllowance = token.allowance(address(this), spender);
require(oldAllowance >= value, "SafeERC20: decreased allowance below zero");
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance - value));
}
}
/**
* @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval
* to be set to zero before setting it to a non-zero value, such as USDT.
*/
function forceApprove(IERC20 token, address spender, uint256 value) internal {
bytes memory approvalCall = abi.encodeWithSelector(token.approve.selector, spender, value);
if (!_callOptionalReturnBool(token, approvalCall)) {
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, 0));
_callOptionalReturn(token, approvalCall);
}
}
/**
* @dev Use a ERC-2612 signature to set the `owner` approval toward `spender` on `token`.
* Revert on invalid signature.
*/
function safePermit(
IERC20Permit token,
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) internal {
uint256 nonceBefore = token.nonces(owner);
token.permit(owner, spender, value, deadline, v, r, s);
uint256 nonceAfter = token.nonces(owner);
require(nonceAfter == nonceBefore + 1, "SafeERC20: permit did not succeed");
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*/
function _callOptionalReturn(IERC20 token, bytes memory data) private {
// We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
// we're implementing it ourselves. We use {Address-functionCall} to perform this call, which verifies that
// the target address contains contract code and also asserts for success in the low-level call.
bytes memory returndata = address(token).functionCall(data, "SafeERC20: low-level call failed");
require(returndata.length == 0 || abi.decode(returndata, (bool)), "SafeERC20: ERC20 operation did not succeed");
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*
* This is a variant of {_callOptionalReturn} that silents catches all reverts and returns a bool instead.
*/
function _callOptionalReturnBool(IERC20 token, bytes memory data) private returns (bool) {
// We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
// we're implementing it ourselves. We cannot use {Address-functionCall} here since this should return false
// and not revert is the subcall reverts.
(bool success, bytes memory returndata) = address(token).call(data);
return
success && (returndata.length == 0 || abi.decode(returndata, (bool))) && Address.isContract(address(token));
}
}
合同源代码
文件 18 的 19:SignedMath.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (utils/math/SignedMath.sol)
pragma solidity ^0.8.0;
/**
* @dev Standard signed math utilities missing in the Solidity language.
*/
library SignedMath {
/**
* @dev Returns the largest of two signed numbers.
*/
function max(int256 a, int256 b) internal pure returns (int256) {
return a > b ? a : b;
}
/**
* @dev Returns the smallest of two signed numbers.
*/
function min(int256 a, int256 b) internal pure returns (int256) {
return a < b ? a : b;
}
/**
* @dev Returns the average of two signed numbers without overflow.
* The result is rounded towards zero.
*/
function average(int256 a, int256 b) internal pure returns (int256) {
// Formula from the book "Hacker's Delight"
int256 x = (a & b) + ((a ^ b) >> 1);
return x + (int256(uint256(x) >> 255) & (a ^ b));
}
/**
* @dev Returns the absolute unsigned value of a signed value.
*/
function abs(int256 n) internal pure returns (uint256) {
unchecked {
// must be unchecked in order to support `n = type(int256).min`
return uint256(n >= 0 ? n : -n);
}
}
}
合同源代码
文件 19 的 19:Strings.sol
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/Strings.sol)
pragma solidity ^0.8.0;
import "./math/Math.sol";
import "./math/SignedMath.sol";
/**
* @dev String operations.
*/
library Strings {
bytes16 private constant _SYMBOLS = "0123456789abcdef";
uint8 private constant _ADDRESS_LENGTH = 20;
/**
* @dev Converts a `uint256` to its ASCII `string` decimal representation.
*/
function toString(uint256 value) internal pure returns (string memory) {
unchecked {
uint256 length = Math.log10(value) + 1;
string memory buffer = new string(length);
uint256 ptr;
/// @solidity memory-safe-assembly
assembly {
ptr := add(buffer, add(32, length))
}
while (true) {
ptr--;
/// @solidity memory-safe-assembly
assembly {
mstore8(ptr, byte(mod(value, 10), _SYMBOLS))
}
value /= 10;
if (value == 0) break;
}
return buffer;
}
}
/**
* @dev Converts a `int256` to its ASCII `string` decimal representation.
*/
function toString(int256 value) internal pure returns (string memory) {
return string(abi.encodePacked(value < 0 ? "-" : "", toString(SignedMath.abs(value))));
}
/**
* @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.
*/
function toHexString(uint256 value) internal pure returns (string memory) {
unchecked {
return toHexString(value, Math.log256(value) + 1);
}
}
/**
* @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.
*/
function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {
bytes memory buffer = new bytes(2 * length + 2);
buffer[0] = "0";
buffer[1] = "x";
for (uint256 i = 2 * length + 1; i > 1; --i) {
buffer[i] = _SYMBOLS[value & 0xf];
value >>= 4;
}
require(value == 0, "Strings: hex length insufficient");
return string(buffer);
}
/**
* @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation.
*/
function toHexString(address addr) internal pure returns (string memory) {
return toHexString(uint256(uint160(addr)), _ADDRESS_LENGTH);
}
/**
* @dev Returns true if the two strings are equal.
*/
function equal(string memory a, string memory b) internal pure returns (bool) {
return keccak256(bytes(a)) == keccak256(bytes(b));
}
}
设置
{
"compilationTarget": {
"contracts/PaymentChannels.sol": "PaymentChannels"
},
"evmVersion": "london",
"libraries": {},
"metadata": {
"bytecodeHash": "ipfs"
},
"optimizer": {
"enabled": true,
"runs": 200
},
"remappings": []
}ABI
[{"inputs":[{"internalType":"address","name":"_stakeNotaryAddress","type":"address"},{"internalType":"address","name":"_claimNotaryAddress","type":"address"}],"stateMutability":"nonpayable","type":"constructor"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"_address","type":"address"}],"name":"AddedOperator","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"uint256","name":"_amount","type":"uint256"}],"name":"AddedToTotalClaimableAmount","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"_claimerAddress","type":"address"},{"indexed":false,"internalType":"uint256","name":"_amount","type":"uint256"}],"name":"Claimed","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"token","type":"address"},{"indexed":true,"internalType":"address","name":"operator","type":"address"}],"name":"Recovered","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"_address","type":"address"}],"name":"RemovedOperator","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"bytes32","name":"role","type":"bytes32"},{"indexed":true,"internalType":"bytes32","name":"previousAdminRole","type":"bytes32"},{"indexed":true,"internalType":"bytes32","name":"newAdminRole","type":"bytes32"}],"name":"RoleAdminChanged","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"bytes32","name":"role","type":"bytes32"},{"indexed":true,"internalType":"address","name":"account","type":"address"},{"indexed":true,"internalType":"address","name":"sender","type":"address"}],"name":"RoleGranted","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"bytes32","name":"role","type":"bytes32"},{"indexed":true,"internalType":"address","name":"account","type":"address"},{"indexed":true,"internalType":"address","name":"sender","type":"address"}],"name":"RoleRevoked","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"_oldClaimNotaryAddress","type":"address"},{"indexed":true,"internalType":"address","name":"_newClaimNotaryAddress","type":"address"}],"name":"SetClaimNotaryAddress","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"_oldStakeNotaryAddress","type":"address"},{"indexed":true,"internalType":"address","name":"_newStakeNotaryAddress","type":"address"}],"name":"SetStakeNotaryAddress","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"token","type":"address"}],"name":"SetUnrecoverable","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"uint256","name":"_totalNewStakeRefundedAmount","type":"uint256"},{"indexed":false,"internalType":"uint256","name":"_totalNewStakeSpentAmount","type":"uint256"}],"name":"SettledStakeCommitments","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"_stakerAddress","type":"address"},{"indexed":false,"internalType":"uint256","name":"_stakeChannelNonce","type":"uint256"},{"indexed":false,"internalType":"uint256","name":"_amount","type":"uint256"}],"name":"Staked","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"_stakerAddress","type":"address"},{"indexed":false,"internalType":"uint256","name":"_stakeSpentAmount","type":"uint256"},{"indexed":false,"internalType":"uint256","name":"_stakeCommitmentNonce","type":"uint256"},{"indexed":false,"internalType":"uint256","name":"_stakeChannelNonce","type":"uint256"},{"indexed":false,"internalType":"uint256","name":"_timelockedUnstakeTimestamp","type":"uint256"}],"name":"StartedTimelockedUnstake","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"_stakerAddress","type":"address"},{"indexed":false,"internalType":"uint256","name":"_stakeChannelNonce","type":"uint256"},{"indexed":false,"internalType":"uint256","name":"_amount","type":"uint256"}],"name":"Unstaked","type":"event"},{"stateMutability":"payable","type":"fallback"},{"inputs":[],"name":"DEFAULT_ADMIN_ROLE","outputs":[{"internalType":"bytes32","name":"","type":"bytes32"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"INSTANT_UNSTAKE_COMMITMENT_DATA","outputs":[{"internalType":"bytes","name":"","type":"bytes"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"OPERATOR_ROLE","outputs":[{"internalType":"bytes32","name":"","type":"bytes32"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"_address","type":"address"}],"name":"addOperator","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"uint256","name":"_amount","type":"uint256"}],"name":"addToTotalClaimableAmount","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"_claimerAddress","type":"address"},{"internalType":"uint256","name":"_claimsEarnedAmount","type":"uint256"},{"internalType":"bytes","name":"_claimNotarySignature","type":"bytes"}],"name":"claim","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"_claimerAddress","type":"address"},{"internalType":"uint256","name":"_claimsEarnedAmount","type":"uint256"},{"internalType":"bytes","name":"_claimNotarySignature","type":"bytes"}],"name":"claimAndUnwrap","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"claimNotaryAddress","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"","type":"address"}],"name":"claimedAmount","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"_stakerAddress","type":"address"}],"name":"executeTimelockedUnstake","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"_claimerAddress","type":"address"},{"internalType":"uint256","name":"_claimsEarnedAmount","type":"uint256"}],"name":"getClaimCommitmentHash","outputs":[{"internalType":"bytes32","name":"","type":"bytes32"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"bytes32","name":"role","type":"bytes32"}],"name":"getRoleAdmin","outputs":[{"internalType":"bytes32","name":"","type":"bytes32"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"bytes32","name":"role","type":"bytes32"},{"internalType":"uint256","name":"index","type":"uint256"}],"name":"getRoleMember","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"bytes32","name":"role","type":"bytes32"}],"name":"getRoleMemberCount","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"_stakerAddress","type":"address"}],"name":"getStakeChannelState","outputs":[{"internalType":"uint256","name":"_stakedAmount","type":"uint256"},{"internalType":"uint256","name":"_stakeCommitmentNonce","type":"uint256"},{"internalType":"uint256","name":"_stakeSpentAmount","type":"uint256"},{"internalType":"uint256","name":"_stakeChannelNonce","type":"uint256"},{"internalType":"uint256","name":"_timelockedUnstakeTimestamp","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"_stakerAddress","type":"address"},{"internalType":"uint256","name":"_stakeSpentAmount","type":"uint256"},{"internalType":"uint256","name":"_stakeCommitmentNonce","type":"uint256"},{"internalType":"uint256","name":"_stakeChannelNonce","type":"uint256"},{"internalType":"bytes","name":"_data","type":"bytes"}],"name":"getStakeCommitmentHash","outputs":[{"internalType":"bytes32","name":"","type":"bytes32"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"_stakerAddress","type":"address"}],"name":"getTimelockedUnstakeTimestamp","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"_stakerAddress","type":"address"},{"internalType":"uint256","name":"_stakeSpentAmount","type":"uint256"},{"internalType":"uint256","name":"_stakeCommitmentNonce","type":"uint256"},{"internalType":"uint256","name":"_stakeChannelNonce","type":"uint256"}],"name":"getTimelockedUnstakeTimestampKey","outputs":[{"internalType":"bytes32","name":"","type":"bytes32"}],"stateMutability":"pure","type":"function"},{"inputs":[{"internalType":"bytes32","name":"role","type":"bytes32"},{"internalType":"address","name":"account","type":"address"}],"name":"grantRole","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"bytes32","name":"role","type":"bytes32"},{"internalType":"address","name":"account","type":"address"}],"name":"hasRole","outputs":[{"internalType":"bool","name":"","type":"bool"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"_address","type":"address"}],"name":"isOperator","outputs":[{"internalType":"bool","name":"","type":"bool"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"_token","type":"address"}],"name":"recoverToken","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"renounceOperator","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"bytes32","name":"role","type":"bytes32"},{"internalType":"address","name":"account","type":"address"}],"name":"renounceRole","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"bytes32","name":"role","type":"bytes32"},{"internalType":"address","name":"account","type":"address"}],"name":"revokeRole","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"_newClaimNotaryAddress","type":"address"}],"name":"setClaimNotaryAddress","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"_newStakeNotaryAddress","type":"address"}],"name":"setStakeNotaryAddress","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"_token","type":"address"}],"name":"setTokenUnrecoverable","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"components":[{"internalType":"address","name":"stakerAddress","type":"address"},{"internalType":"uint256","name":"stakeSpentAmount","type":"uint256"},{"internalType":"uint256","name":"stakeCommitmentNonce","type":"uint256"},{"internalType":"uint256","name":"stakeChannelNonce","type":"uint256"},{"internalType":"bytes","name":"data","type":"bytes"},{"internalType":"bytes","name":"stakerSignature","type":"bytes"},{"internalType":"bytes","name":"stakeNotarySignature","type":"bytes"}],"internalType":"struct PaymentChannels.StakeCommitment[]","name":"_commitments","type":"tuple[]"}],"name":"settleStakeCommitments","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"uint256","name":"_amount","type":"uint256"}],"name":"stake","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"","type":"address"}],"name":"stakeChannelNonce","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"","type":"address"}],"name":"stakeCommitmentNonce","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"stakeNotaryAddress","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"","type":"address"}],"name":"stakeSpentAmount","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"","type":"address"}],"name":"stakedAmount","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[{"components":[{"internalType":"address","name":"stakerAddress","type":"address"},{"internalType":"uint256","name":"stakeSpentAmount","type":"uint256"},{"internalType":"uint256","name":"stakeCommitmentNonce","type":"uint256"},{"internalType":"uint256","name":"stakeChannelNonce","type":"uint256"},{"internalType":"bytes","name":"data","type":"bytes"},{"internalType":"bytes","name":"stakerSignature","type":"bytes"},{"internalType":"bytes","name":"stakeNotarySignature","type":"bytes"}],"internalType":"struct PaymentChannels.StakeCommitment","name":"_commitment","type":"tuple"}],"name":"startTimelockedUnstake","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"bytes4","name":"interfaceId","type":"bytes4"}],"name":"supportsInterface","outputs":[{"internalType":"bool","name":"","type":"bool"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"bytes32","name":"","type":"bytes32"}],"name":"timelockedUnstakeTimestamp","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"totalClaimableAmount","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[{"components":[{"internalType":"address","name":"stakerAddress","type":"address"},{"internalType":"uint256","name":"stakeSpentAmount","type":"uint256"},{"internalType":"uint256","name":"stakeCommitmentNonce","type":"uint256"},{"internalType":"uint256","name":"stakeChannelNonce","type":"uint256"},{"internalType":"bytes","name":"data","type":"bytes"},{"internalType":"bytes","name":"stakerSignature","type":"bytes"},{"internalType":"bytes","name":"stakeNotarySignature","type":"bytes"}],"internalType":"struct PaymentChannels.StakeCommitment","name":"_commitment","type":"tuple"}],"name":"unstake","outputs":[],"stateMutability":"nonpayable","type":"function"},{"stateMutability":"payable","type":"receive"}]