¡El código fuente de este contrato está verificado!
Metadatos del Contrato
Compilador
0.6.12+commit.27d51765
Idioma
Solidity
Código Fuente del Contrato
Archivo 1 de 19: Boostable.sol
// SPDX-License-Identifier: MITpragmasolidity 0.6.12;pragmaexperimentalABIEncoderV2;import"./ProtectedBoostable.sol";
/**
* @dev Purpose Boostable primitives using the EIP712 standard
*/abstractcontractBoostableisProtectedBoostable{
// "Purpose", "Dubi" and "Hodl" are all under the "Purpose" umbrellaconstructor(address optIn)
publicProtectedBoostable(
optIn,
keccak256(abi.encode(
EIP712_DOMAIN_TYPEHASH,
keccak256("Purpose"),
keccak256("1"),
_getChainId(),
address(this)
)
)
)
{}
// Fuel alias constants - used when fuel is burned from external contract callsuint8internalconstant TOKEN_FUEL_ALIAS_UNLOCKED_PRPS =0;
uint8internalconstant TOKEN_FUEL_ALIAS_LOCKED_PRPS =1;
uint8internalconstant TOKEN_FUEL_ALIAS_DUBI =2;
}
// SPDX-License-Identifier: MITpragmasolidity 0.6.12;pragmaexperimentalABIEncoderV2;structBoosterFuel {
uint96 dubi;
uint96 unlockedPrps;
uint96 lockedPrps;
uint96 intrinsicFuel;
}
structBoosterPayload {
address booster;
uint64 timestamp;
uint64 nonce;
// Fallback for 'personal_sign' when e.g. using hardware wallets that don't support// EIP712 signing (yet).bool isLegacySignature;
}
// Library for Boostable hash functions that are completely inlined.libraryBoostableLib{
bytes32privateconstant BOOSTER_PAYLOAD_TYPEHASH =keccak256(
"BoosterPayload(address booster,uint64 timestamp,uint64 nonce,bool isLegacySignature)"
);
bytes32internalconstant BOOSTER_FUEL_TYPEHASH =keccak256(
"BoosterFuel(uint96 dubi,uint96 unlockedPrps,uint96 lockedPrps,uint96 intrinsicFuel)"
);
/**
* @dev Returns the hash of the packed DOMAIN_SEPARATOR and `messageHash` and is used for verifying
* a signature.
*/functionhashWithDomainSeparator(bytes32 domainSeparator,
bytes32 messageHash
) internalpurereturns (bytes32) {
returnkeccak256(
abi.encodePacked("\x19\x01", domainSeparator, messageHash)
);
}
/**
* @dev Returns the hash of `payload` using the provided booster (i.e. `msg.sender`).
*/functionhashBoosterPayload(BoosterPayload memory payload, address booster)
internalpurereturns (bytes32)
{
returnkeccak256(
abi.encode(
BOOSTER_PAYLOAD_TYPEHASH,
booster,
payload.timestamp,
payload.nonce,
payload.isLegacySignature
)
);
}
functionhashBoosterFuel(BoosterFuel memory fuel)
internalpurereturns (bytes32)
{
returnkeccak256(
abi.encode(
BOOSTER_FUEL_TYPEHASH,
fuel.dubi,
fuel.unlockedPrps,
fuel.lockedPrps,
fuel.intrinsicFuel
)
);
}
/**
* @dev Returns the tag found in the given `boosterMessage`.
*/function_readBoosterTag(bytesmemory boosterMessage)
internalpurereturns (uint8)
{
// The tag is either the 32th byte or the 64th byte depending on whether// the booster message contains dynamic bytes or not.//// If it contains a dynamic byte array, then the first word points to the first// data location.//// Therefore, we read the 32th byte and check if it's >= 32 and if so,// simply read the (32 + first word)th byte to get the tag.//// This imposes a limit on the number of tags we can support (<32), but// given that it is very unlikely for so many tags to exist it is fine.//// Read the 32th byte to get the tag, because it is a uint8 padded to 32 bytes.// i.e.// -----------------------------------------------------------------v// 0x0000000000000000000000000000000000000000000000000000000000000001// ...//uint8 tag =uint8(boosterMessage[31]);
if (tag >=32) {
// Read the (32 + tag) byte. E.g. if tag is 32, then we read the 64th:// --------------------------------------------------------------------// 0x0000000000000000000000000000000000000000000000000000000000000020 |// 0000000000000000000000000000000000000000000000000000000000000001 <// ...//
tag =uint8(boosterMessage[31+ tag]);
}
return tag;
}
}
Código Fuente del Contrato
Archivo 4 de 19: Context.sol
// SPDX-License-Identifier: MITpragmasolidity ^0.6.0;/*
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with GSN meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/abstractcontractContext{
function_msgSender() internalviewvirtualreturns (addresspayable) {
returnmsg.sender;
}
function_msgData() internalviewvirtualreturns (bytesmemory) {
this; // silence state mutability warning without generating bytecode - see https://github.com/ethereum/solidity/issues/2691returnmsg.data;
}
}
Código Fuente del Contrato
Archivo 5 de 19: Dubi.sol
// SPDX-License-Identifier: MITpragmasolidity 0.6.12;pragmaexperimentalABIEncoderV2;import"./ERC20.sol";
import"./Purpose.sol";
contractDubiisERC20{
Purpose privateimmutable _prps;
constructor(uint256 initialSupply,
address optIn,
address purpose,
address hodl,
address externalAddress1,
address externalAddress2,
address externalAddress3
)
publicERC20("Decentralized Universal Basic Income",
"DUBI",
optIn,
hodl,
externalAddress1,
externalAddress2,
externalAddress3
)
{
_mintInitialSupply(msg.sender, initialSupply);
_prps = Purpose(purpose);
}
functionhodlMint(address to, uint256 amount) public{
require(msg.sender== _hodlAddress, "DUBI-2");
_mint(to, amount);
}
functionpurposeMint(address to, uint256 amount) public{
require(msg.sender==address(_prps), "DUBI-3");
_mint(to, amount);
}
function_callerIsDeployTimeKnownContract()
internaloverrideviewreturns (bool)
{
if (msg.sender==address(_prps)) {
returntrue;
}
returnsuper._callerIsDeployTimeKnownContract();
}
//---------------------------------------------------------------// Fuel//---------------------------------------------------------------/**
* @dev Burns `fuel` from `from`. Can only be called by one of the deploy-time known contracts.
*/functionburnFuel(addressfrom, TokenFuel memory fuel) publicoverride{
require(_callerIsDeployTimeKnownContract(), "DUBI-1");
_burnFuel(from, fuel);
}
function_burnFuel(addressfrom, TokenFuel memory fuel) private{
require(fuel.amount <= MAX_BOOSTER_FUEL, "DUBI-5");
require(from!=address(0) &&from!=msg.sender, "DUBI-6");
if (fuel.tokenAlias == TOKEN_FUEL_ALIAS_DUBI) {
// Burn fuel from DUBI
UnpackedData memory unpacked = _unpackPackedData(_packedData[from]);
require(unpacked.balance>= fuel.amount, "DUBI-7");
unpacked.balance-= fuel.amount;
_packedData[from] = _packUnpackedData(unpacked);
return;
}
revert("DUBI-8");
}
/**
*@dev Burn the fuel of a `boostedSend`
*/function_burnBoostedSendFuel(addressfrom,
BoosterFuel memory fuel,
UnpackedData memory unpacked
) internaloverridereturns (FuelBurn memory) {
FuelBurn memory fuelBurn;
if (fuel.dubi >0) {
require(fuel.dubi <= MAX_BOOSTER_FUEL, "DUBI-5");
// From uses his own DUBI to fuel the boostrequire(unpacked.balance>= fuelBurn.amount, "DUBI-7");
unpacked.balance-= fuel.dubi;
fuelBurn.amount = fuel.dubi;
fuelBurn.fuelType = FuelType.DUBI;
return fuelBurn;
}
// If the fuel is PRPS, then we have to reach out to the PRPS contract.if (fuel.unlockedPrps >0) {
// Reverts if the requested amount cannot be burned
_prps.burnFuel(
from,
TokenFuel({
tokenAlias: TOKEN_FUEL_ALIAS_UNLOCKED_PRPS,
amount: fuel.unlockedPrps
})
);
fuelBurn.amount = fuel.unlockedPrps;
fuelBurn.fuelType = FuelType.UNLOCKED_PRPS;
return fuelBurn;
}
if (fuel.lockedPrps >0) {
// Reverts if the requested amount cannot be burned
_prps.burnFuel(
from,
TokenFuel({
tokenAlias: TOKEN_FUEL_ALIAS_LOCKED_PRPS,
amount: fuel.lockedPrps
})
);
fuelBurn.amount = fuel.lockedPrps;
fuelBurn.fuelType = FuelType.LOCKED_PRPS;
return fuelBurn;
}
// No fuel at allreturn fuelBurn;
}
/**
*@dev Burn the fuel of a `boostedBurn`
*/function_burnBoostedBurnFuel(addressfrom,
BoosterFuel memory fuel,
UnpackedData memory unpacked
) internaloverridereturns (FuelBurn memory) {
FuelBurn memory fuelBurn;
// If the fuel is DUBI, then we can remove it directlyif (fuel.dubi >0) {
require(fuel.dubi <= MAX_BOOSTER_FUEL, "DUBI-5");
require(unpacked.balance>= fuel.dubi, "DUBI-7");
unpacked.balance-= fuel.dubi;
fuelBurn.amount = fuel.dubi;
fuelBurn.fuelType = FuelType.DUBI;
return fuelBurn;
}
// If the fuel is PRPS, then we have to reach out to the PRPS contract.if (fuel.unlockedPrps >0) {
// Reverts if the requested amount cannot be burned
_prps.burnFuel(
from,
TokenFuel({
tokenAlias: TOKEN_FUEL_ALIAS_UNLOCKED_PRPS,
amount: fuel.unlockedPrps
})
);
fuelBurn.amount = fuel.unlockedPrps;
fuelBurn.fuelType = FuelType.UNLOCKED_PRPS;
return fuelBurn;
}
if (fuel.lockedPrps >0) {
// Reverts if the requested amount cannot be burned
_prps.burnFuel(
from,
TokenFuel({
tokenAlias: TOKEN_FUEL_ALIAS_LOCKED_PRPS,
amount: fuel.lockedPrps
})
);
// No direct fuel, but we still return a indirect fuel so that it can be added// to the burn event.
fuelBurn.amount = fuel.lockedPrps;
fuelBurn.fuelType = FuelType.LOCKED_PRPS;
return fuelBurn;
}
// DUBI has no intrinsic fuelif (fuel.intrinsicFuel >0) {
revert("DUBI-8");
}
// No fuel at allreturn fuelBurn;
}
//---------------------------------------------------------------// Pending ops//---------------------------------------------------------------function_getHasherContracts()
internaloverridereturns (address[] memory)
{
address[] memory hashers =newaddress[](5);
hashers[0] =address(this);
hashers[1] =address(_prps);
hashers[2] = _hodlAddress;
hashers[3] = _externalAddress1;
hashers[4] = _externalAddress2;
return hashers;
}
}
Código Fuente del Contrato
Archivo 6 de 19: ECDSA.sol
// SPDX-License-Identifier: MITpragmasolidity ^0.6.0;/**
* @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.
*
* These functions can be used to verify that a message was signed by the holder
* of the private keys of a given address.
*/libraryECDSA{
/**
* @dev Returns the address that signed a hashed message (`hash`) with
* `signature`. This address can then be used for verification purposes.
*
* The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:
* this function rejects them by requiring the `s` value to be in the lower
* half order, and the `v` value to be either 27 or 28.
*
* IMPORTANT: `hash` _must_ be the result of a hash operation for the
* verification to be secure: it is possible to craft signatures that
* recover to arbitrary addresses for non-hashed data. A safe way to ensure
* this is by receiving a hash of the original message (which may otherwise
* be too long), and then calling {toEthSignedMessageHash} on it.
*/functionrecover(bytes32 hash, bytesmemory signature) internalpurereturns (address) {
// Check the signature lengthif (signature.length!=65) {
revert("ECDSA: invalid signature length");
}
// Divide the signature in r, s and v variablesbytes32 r;
bytes32 s;
uint8 v;
// ecrecover takes the signature parameters, and the only way to get them// currently is to use assembly.// solhint-disable-next-line no-inline-assemblyassembly {
r :=mload(add(signature, 0x20))
s :=mload(add(signature, 0x40))
v :=byte(0, mload(add(signature, 0x60)))
}
// EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature// unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines// the valid range for s in (281): 0 < s < secp256k1n ÷ 2 + 1, and for v in (282): v ∈ {27, 28}. Most// signatures from current libraries generate a unique signature with an s-value in the lower half order.//// If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value// with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or// vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept// these malleable signatures as well.if (uint256(s) >0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
revert("ECDSA: invalid signature 's' value");
}
if (v !=27&& v !=28) {
revert("ECDSA: invalid signature 'v' value");
}
// If the signature is valid (and not malleable), return the signer addressaddress signer =ecrecover(hash, v, r, s);
require(signer !=address(0), "ECDSA: invalid signature");
return signer;
}
/**
* @dev Returns an Ethereum Signed Message, created from a `hash`. This
* replicates the behavior of the
* https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_sign[`eth_sign`]
* JSON-RPC method.
*
* See {recover}.
*/functiontoEthSignedMessageHash(bytes32 hash) internalpurereturns (bytes32) {
// 32 is the length in bytes of hash,// enforced by the type signature abovereturnkeccak256(abi.encodePacked("\x19Ethereum Signed Message:\n32", hash));
}
}
Código Fuente del Contrato
Archivo 7 de 19: EIP712Boostable.sol
// SPDX-License-Identifier: MITpragmasolidity 0.6.12;pragmaexperimentalABIEncoderV2;import"@openzeppelin/contracts/cryptography/ECDSA.sol";
import"./IOptIn.sol";
import"./BoostableLib.sol";
import"./IBoostableERC20.sol";
/**
* @dev Boostable base contract
*
* All deriving contracts are expected to implement EIP712 for the message signing.
*
*/abstractcontractEIP712Boostable{
usingECDSAforbytes32;
// solhint-disable-next-line var-name-mixedcase
IOptIn internalimmutable _OPT_IN;
// solhint-disable-next-line var-name-mixedcasebytes32internalimmutable _DOMAIN_SEPARATOR;
bytes32internalconstant EIP712_DOMAIN_TYPEHASH =keccak256(
"EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"
);
bytes32privateconstant BOOSTER_PAYLOAD_TYPEHASH =keccak256(
"BoosterPayload(address booster,uint64 timestamp,uint64 nonce,bool isLegacySignature)"
);
bytes32internalconstant BOOSTER_FUEL_TYPEHASH =keccak256(
"BoosterFuel(uint96 dubi,uint96 unlockedPrps,uint96 lockedPrps,uint96 intrinsicFuel)"
);
// The boost fuel is capped to 10 of the respective token that will be used for payment.uint96internalconstant MAX_BOOSTER_FUEL =10ether;
// A magic booster permission prefixbytes6privateconstant MAGIC_BOOSTER_PERMISSION_PREFIX ="BOOST-";
constructor(address optIn, bytes32 domainSeparator) public{
_OPT_IN = IOptIn(optIn);
_DOMAIN_SEPARATOR = domainSeparator;
}
// A mapping of mappings to keep track of used nonces by address to// protect against replays. Each 'Boostable' contract maintains it's own// state for nonces.mapping(address=>uint64) private _nonces;
//---------------------------------------------------------------functiongetNonce(address account) externalvirtualviewreturns (uint64) {
return _nonces[account];
}
functiongetOptInStatus(address account)
internalviewreturns (IOptIn.OptInStatus memory)
{
return _OPT_IN.getOptInStatus(account);
}
/**
* @dev Called by every 'boosted'-function to ensure that `msg.sender` (i.e. a booster) is
* allowed to perform the call for `from` (the origin) by verifying that `messageHash`
* has been signed by `from`. Additionally, `from` provides a nonce to prevent
* replays. Boosts cannot be verified out of order.
*
* @param from the address that the boost is made for
* @param messageHash the reconstructed message hash based on the function input
* @param payload the booster payload
* @param signature the signature of `from`
*/functionverifyBoost(addressfrom,
bytes32 messageHash,
BoosterPayload memory payload,
Signature memory signature
) internal{
uint64 currentNonce = _nonces[from];
require(currentNonce == payload.nonce -1, "AB-1");
_nonces[from] = currentNonce +1;
_verifyBoostWithoutNonce(from, messageHash, payload, signature);
}
/**
* @dev Verify a boost without verifying the nonce.
*/function_verifyBoostWithoutNonce(addressfrom,
bytes32 messageHash,
BoosterPayload memory payload,
Signature memory signature
) internalview{
// The sender must be the booster specified in the payloadrequire(msg.sender== payload.booster, "AB-2");
(bool isOptedInToSender, uint256 optOutPeriod) = _OPT_IN.isOptedInBy(
msg.sender,
from
);
// `from` must be opted-in to boosterrequire(isOptedInToSender, "AB-3");
// The given timestamp must not be greater than `block.timestamp + 1 hour`// and at most `optOutPeriod(booster)` seconds old.uint64 _now =uint64(block.timestamp);
uint64 _optOutPeriod =uint64(optOutPeriod);
bool notTooFarInFuture = payload.timestamp <= _now +1hours;
bool belowMaxAge =true;
// Calculate the absolute difference. Because of the small tolerance, `payload.timestamp`// may be greater than `_now`:if (payload.timestamp <= _now) {
belowMaxAge = _now - payload.timestamp <= _optOutPeriod;
}
// Signature must not be expiredrequire(notTooFarInFuture && belowMaxAge, "AB-4");
// NOTE: Currently, hardware wallets (e.g. Ledger, Trezor) do not support EIP712 signing (specifically `signTypedData_v4`).// However, a user can still sign the EIP712 hash with the caveat that it's signed using `personal_sign` which prepends// the prefix '"\x19Ethereum Signed Message:\n" + len(message)'.//// To still support that, we add the prefix to the hash if `isLegacySignature` is true.if (payload.isLegacySignature) {
messageHash = messageHash.toEthSignedMessageHash();
}
// Valid, if the recovered address from `messageHash` with the given `signature` matches `from`.address signer =ecrecover(
messageHash,
signature.v,
signature.r,
signature.s
);
if (!payload.isLegacySignature && signer !=from) {
// As a last resort we try anyway, in case the caller simply forgot the `isLegacySignature` flag.
signer =ecrecover(
messageHash.toEthSignedMessageHash(),
signature.v,
signature.r,
signature.s
);
}
require(from== signer, "AB-5");
}
/**
* @dev Returns the hash of `payload` using the provided booster (i.e. `msg.sender`).
*/functionhashBoosterPayload(BoosterPayload memory payload, address booster)
internalpurereturns (bytes32)
{
returnkeccak256(
abi.encode(
BOOSTER_PAYLOAD_TYPEHASH,
booster,
payload.timestamp,
payload.nonce
)
);
}
function_getChainId() internalpurereturns (uint256) {
uint256 chainId;
assembly {
chainId :=chainid()
}
return chainId;
}
}
Código Fuente del Contrato
Archivo 8 de 19: ERC20.sol
// SPDX-License-Identifier: MITpragmasolidity 0.6.12;pragmaexperimentalABIEncoderV2;import"@openzeppelin/contracts/token/ERC20/IERC20.sol";
import"@openzeppelin/contracts/math/SafeMath.sol";
import"@openzeppelin/contracts/access/Ownable.sol";
import"@openzeppelin/contracts/introspection/IERC1820Registry.sol";
import"./IBoostableERC20.sol";
import"./BoostableERC20.sol";
/**
* @dev This is a heavily modified fork of @openzeppelin/contracts/token/ERC20/ERC20.sol (3.1.0)
*/abstractcontractERC20isIERC20, IBoostableERC20, BoostableERC20, Ownable{
usingSafeMathforuint256;
// NOTE: In contrary to the Transfer event, the Burned event always// emits the amount including the burned fuel if any.// The amount is stored in the lower 96 bits of `amountAndFuel`,// followed by 3 bits to encode the type of fuel used and finally// another 96 bits for the fuel amount.//// 0 96 99 195 256// amount fuelType fuelAmount padding//eventBurned(uint256 amountAndFuel, bytes data);
enumFuelType {NONE, UNLOCKED_PRPS, LOCKED_PRPS, DUBI, AUTO_MINTED_DUBI}
structFuelBurn {
FuelType fuelType;
uint96 amount;
}
uint256private _totalSupply;
stringprivate _name;
stringprivate _symbol;
addressinternalimmutable _hodlAddress;
addressinternalimmutable _externalAddress1;
addressinternalimmutable _externalAddress2;
addressinternalimmutable _externalAddress3;
IERC1820Registry internalconstant _ERC1820_REGISTRY = IERC1820Registry(
0x1820a4B7618BdE71Dce8cdc73aAB6C95905faD24
);
// Mapping of address to packed data.// For efficiency reasons the token balance is a packed uint96 alongside// other data. The packed data has the following layout://// MSB uint256 LSB// uint64 nonce | uint96 hodlBalance | uint96 balance//// balance: the balance of a token holder that can be transferred freely// hodlBalance: the balance of a token holder that is hodled// nonce: a sequential number used for booster replay protection//// Only PRPS utilizes `hodlBalance`. For DUBI it is always 0.//mapping(address=>uint256) internal _packedData;
structUnpackedData {
uint96 balance;
uint96 hodlBalance;
uint64 nonce;
}
function_unpackPackedData(uint256 packedData)
internalpurereturns (UnpackedData memory)
{
UnpackedData memory unpacked;
// 1) Read balance from the first 96 bits
unpacked.balance=uint96(packedData);
// 2) Read hodlBalance from the next 96 bits
unpacked.hodlBalance =uint96(packedData >>96);
// 3) Read nonce from the next 64 bits
unpacked.nonce =uint64(packedData >> (96+96));
return unpacked;
}
function_packUnpackedData(UnpackedData memory unpacked)
internalpurereturns (uint256)
{
uint256 packedData;
// 1) Write balance to the first 96 bits
packedData |= unpacked.balance;
// 2) Write hodlBalance to the the next 96 bits
packedData |=uint256(unpacked.hodlBalance) <<96;
// 3) Write nonce to the next 64 bits
packedData |=uint256(unpacked.nonce) << (96+96);
return packedData;
}
// ERC20-allowancesmapping(address=>mapping(address=>uint256)) private _allowances;
//---------------------------------------------------------------// Pending state for non-boosted operations while opted-in//---------------------------------------------------------------uint8internalconstant OP_TYPE_SEND = BOOST_TAG_SEND;
uint8internalconstant OP_TYPE_BURN = BOOST_TAG_BURN;
structPendingTransfer {
// NOTE: For efficiency reasons balances are stored in a uint96 which is sufficient// since we only use 18 decimals.//// Two amounts are associated with a pending transfer, to allow deriving contracts// to store extra information.//// E.g. PRPS makes use of this by encoding the pending locked PRPS in the// `occupiedAmount` field.//address spender;
uint96 transferAmount;
address to;
uint96 occupiedAmount;
bytes data;
}
// A mapping of hash(user, opId) to pending transfers. Pending burns are also considered regular transfers.mapping(bytes32=> PendingTransfer) private _pendingTransfers;
//---------------------------------------------------------------constructor(stringmemory name,
stringmemory symbol,
address optIn,
address hodl,
address externalAddress1,
address externalAddress2,
address externalAddress3
) publicOwnable() BoostableERC20(optIn) {
_name = name;
_symbol = symbol;
_hodlAddress = hodl;
_externalAddress1 = externalAddress1;
_externalAddress2 = externalAddress2;
_externalAddress3 = externalAddress3;
// register interfaces
_ERC1820_REGISTRY.setInterfaceImplementer(
address(this),
keccak256("BoostableERC20Token"),
address(this)
);
_ERC1820_REGISTRY.setInterfaceImplementer(
address(this),
keccak256("ERC20Token"),
address(this)
);
}
/**
* @dev Returns the name of the token.
*/functionname() publicviewreturns (stringmemory) {
return _name;
}
/**
* @dev Returns the symbol of the token, usually a shorter version of the
* name.
*/functionsymbol() publicviewreturns (stringmemory) {
return _symbol;
}
/**
* @dev Returns the number of decimals.
*/functiondecimals() publicpurereturns (uint8) {
return18;
}
/**
* @dev Returns the current nonce of `account`
*/functiongetNonce(address account) externaloverrideviewreturns (uint64) {
UnpackedData memory unpacked = _unpackPackedData(_packedData[account]);
return unpacked.nonce;
}
/**
* @dev Returns the total supply
*/functiontotalSupply()
externaloverride(IBoostableERC20, IERC20)
viewreturns (uint256)
{
return _totalSupply;
}
/**
* @dev Returns the amount of tokens owned by an account (`tokenHolder`).
*/functionbalanceOf(address tokenHolder)
publicoverride(IBoostableERC20, IERC20)
viewreturns (uint256)
{
// Return the balance of the holder that is not hodled (i.e. first 96 bits of the packeData)returnuint96(_packedData[tokenHolder]);
}
/**
* @dev Returns the unpacked data struct of `tokenHolder`
*/functionunpackedDataOf(address tokenHolder)
publicviewreturns (UnpackedData memory)
{
return _unpackPackedData(_packedData[tokenHolder]);
}
/**
* @dev Mints `amount` new tokens for `to`.
*
* To make things more efficient, the total supply is optionally packed into the passed
* amount where the first 96 bits are used for the actual amount and the following 96 bits
* for the total supply.
*
*/functionmint(address to, uint256 amount) publiconlyOwner{
_mint(to, amount);
}
function_mintInitialSupply(address to, uint256 amount) internal{
// _mint does not update the totalSupply by default, unless the second 96 bits// passed are non-zero - in which case the non-zero value becomes the new total supply.// So in order to get the correct initial supply, we have to mirror the lower 96 bits// to the following 96 bits.
amount = amount | (amount <<96);
_mint(to, amount);
}
function_mint(address to, uint256 amount) internal{
require(to !=address(0), "ERC20-1");
// The actual amount to mint (=lower 96 bits)uint96 amountToMint =uint96(amount);
// The new total supply, which may be 0 in which case no update is performed.uint96 updatedTotalSupply =uint96(amount >>96);
// Update state variablesif (updatedTotalSupply >0) {
_totalSupply = updatedTotalSupply;
}
// Update packed data and check for uint96 overflow
UnpackedData memory unpacked = _unpackPackedData(_packedData[to]);
uint96 updatedBalance = unpacked.balance+ amountToMint;
// The overflow check also takes the hodlBalance into accountrequire(
updatedBalance + unpacked.hodlBalance >= unpacked.balance,
"ERC20-2"
);
unpacked.balance= updatedBalance;
_packedData[to] = _packUnpackedData(unpacked);
emit Transfer(address(0), to, amountToMint);
}
/**
* @dev Transfer `amount` from msg.sender to `recipient`
*/functiontransfer(address recipient, uint256 amount)
publicoverride(IBoostableERC20, IERC20)
returns (bool)
{
_assertSenderRecipient(msg.sender, recipient);
// Never create a pending transfer if msg.sender is a deploy-time known contractif (!_callerIsDeployTimeKnownContract()) {
// Create pending transfer if sender is opted-in and the permaboost is activeaddressfrom=msg.sender;
IOptIn.OptInStatus memory optInStatus = getOptInStatus(from);
if (optInStatus.isOptedIn && optInStatus.permaBoostActive) {
_createPendingTransfer({
opType: OP_TYPE_SEND,
spender: msg.sender,
from: msg.sender,
to: recipient,
amount: amount,
data: "",
optInStatus: optInStatus
});
returntrue;
}
}
_move({from: msg.sender, to: recipient, amount: amount});
returntrue;
}
/**
* @dev Burns `amount` of msg.sender.
*
* Also emits a {IERC20-Transfer} event for ERC20 compatibility.
*/functionburn(uint256 amount, bytesmemory data) public{
// Create pending burn if sender is opted-in and the permaboost is active
IOptIn.OptInStatus memory optInStatus = getOptInStatus(msg.sender);
if (optInStatus.isOptedIn && optInStatus.permaBoostActive) {
_createPendingTransfer({
opType: OP_TYPE_BURN,
spender: msg.sender,
from: msg.sender,
to: address(0),
amount: amount,
data: data,
optInStatus: optInStatus
});
return;
}
_burn({
from: msg.sender,
amount: amount,
data: data,
incrementNonce: false
});
}
/**
* @dev Moves `amount` tokens from `sender` to `recipient`.
*
* Can only be used by deploy-time known contracts.
*
* IBoostableERC20 extension
*/functionboostedTransferFrom(address sender,
address recipient,
uint256 amount,
bytescalldata data
) publicoverridereturns (bool) {
_assertSenderRecipient(sender, recipient);
IOptIn.OptInStatus memory optInStatus = getOptInStatus(sender);
// Only transfer if `sender` is a deploy-time known contract, otherwise// revert.require(
_isDeployTimeKnownContractAndCanTransfer(
sender,
recipient,
amount,
optInStatus,
data
),
"ERC20-17"
);
_move({from: sender, to: recipient, amount: amount});
returntrue;
}
function_isDeployTimeKnownContractAndCanTransfer(address sender,
address recipient,
uint256 amount,
IOptIn.OptInStatus memory optInStatus,
bytesmemory data
) privateviewreturns (bool) {
// If the caller not a deploy-time known contract, the transfer is not allowedif (!_callerIsDeployTimeKnownContract()) {
returnfalse;
}
if (msg.sender!= _externalAddress3) {
returntrue;
}
// _externalAddress3 passes a flag via `data` that indicates whether it is a boosted transaction// or not.uint8 isBoostedBits;
assembly {
// Load flag using a 1-byte offset, because `mload` always reads// 32-bytes at once and the first 32 bytes of `data` contain it's length.
isBoostedBits :=mload(add(data, 0x01))
}
// Reading into a 'bool' directly doesn't work for some reasonif (isBoostedBits &1==1) {
returntrue;
}
// If the latter, then _externalAddress3 can only transfer the funds if either:// - the permaboost is not active// - `sender` is not opted-in to begin with//// If `sender` is opted-in and the permaboost is active, _externalAddress3 cannot// take funds, except when boosted. Here the booster trusts _externalAddress3, since it already// verifies that `sender` provided a valid signature.//// This is special to _externalAddress3, other deploy-time known contracts do not make use of `data`.if (optInStatus.permaBoostActive && optInStatus.isOptedIn) {
returnfalse;
}
returntrue;
}
/**
* @dev Verify the booster payload against the nonce that is stored in the packed data of an account.
* The increment happens outside of this function, when the balance is updated.
*/function_verifyNonce(BoosterPayload memory payload, uint64 currentNonce)
internalpure{
require(currentNonce == payload.nonce -1, "ERC20-5");
}
//---------------------------------------------------------------// Boosted functions//---------------------------------------------------------------/**
* @dev Perform multiple `boostedSend` calls in a single transaction.
*
* NOTE: Booster extension
*/functionboostedSendBatch(
BoostedSend[] memory sends,
Signature[] memory signatures
) external{
require(
sends.length>0&& sends.length== signatures.length,
"ERC20-6"
);
for (uint256 i =0; i < sends.length; i++) {
boostedSend(sends[i], signatures[i]);
}
}
/**
* @dev Perform multiple `boostedBurn` calls in a single transaction.
*
* NOTE: Booster extension
*/functionboostedBurnBatch(
BoostedBurn[] memory burns,
Signature[] memory signatures
) external{
require(
burns.length>0&& burns.length== signatures.length,
"ERC20-6"
);
for (uint256 i =0; i < burns.length; i++) {
boostedBurn(burns[i], signatures[i]);
}
}
/**
* @dev Send `amount` tokens from `sender` to recipient`.
* The `sender` must be opted-in and the `msg.sender` must be a trusted booster.
*
* NOTE: Booster extension
*/functionboostedSend(BoostedSend memory send, Signature memory signature)
public{
addressfrom= send.sender;
address to = send.recipient;
UnpackedData memory unpackedFrom = _unpackPackedData(_packedData[from]);
UnpackedData memory unpackedTo = _unpackPackedData(_packedData[to]);
// We verify the nonce separately, since it's stored next to the balance
_verifyNonce(send.boosterPayload, unpackedFrom.nonce);
_verifyBoostWithoutNonce(
send.sender,
hashBoostedSend(send, msg.sender),
send.boosterPayload,
signature
);
FuelBurn memory fuelBurn = _burnBoostedSendFuel(
from,
send.fuel,
unpackedFrom
);
_moveUnpacked({
from: send.sender,
unpackedFrom: unpackedFrom,
to: send.recipient,
unpackedTo: unpackedTo,
amount: send.amount,
fuelBurn: fuelBurn,
incrementNonce: true
});
}
/**
* @dev Burn the fuel of a `boostedSend`. Returns a `FuelBurn` struct containing information about the burn.
*/function_burnBoostedSendFuel(addressfrom,
BoosterFuel memory fuel,
UnpackedData memory unpacked
) internalvirtualreturns (FuelBurn memory);
/**
* @dev Burn `amount` tokens from `account`.
* The `account` must be opted-in and the `msg.sender` must be a trusted booster.
*
* NOTE: Booster extension
*/functionboostedBurn(
BoostedBurn memory message,
// A signature, that is compared against the function payload and only accepted if signed by 'sender'
Signature memory signature
) public{
addressfrom= message.account;
UnpackedData memory unpacked = _unpackPackedData(_packedData[from]);
// We verify the nonce separately, since it's stored next to the balance
_verifyNonce(message.boosterPayload, unpacked.nonce);
_verifyBoostWithoutNonce(
message.account,
hashBoostedBurn(message, msg.sender),
message.boosterPayload,
signature
);
FuelBurn memory fuelBurn = _burnBoostedBurnFuel(
from,
message.fuel,
unpacked
);
_burnUnpacked({
from: message.account,
unpacked: unpacked,
amount: message.amount,
data: message.data,
incrementNonce: true,
fuelBurn: fuelBurn
});
}
/**
* @dev Burn the fuel of a `boostedSend`. Returns a `FuelBurn` struct containing information about the burn.
*/function_burnBoostedBurnFuel(addressfrom,
BoosterFuel memory fuel,
UnpackedData memory unpacked
) internalvirtualreturns (FuelBurn memory);
functionburnFuel(addressfrom, TokenFuel memory fuel)
externalvirtualoverride{}
//---------------------------------------------------------------/**
* @dev Get the allowance of `spender` for `holder`
*/functionallowance(address holder, address spender)
publicoverride(IBoostableERC20, IERC20)
viewreturns (uint256)
{
return _allowances[holder][spender];
}
/**
* @dev Increase the allowance of `spender` by `value` for msg.sender
*/functionapprove(address spender, uint256 value)
publicoverride(IBoostableERC20, IERC20)
returns (bool)
{
address holder =msg.sender;
_assertSenderRecipient(holder, spender);
_approve(holder, spender, value);
returntrue;
}
/**
* @dev Atomically increases the allowance granted to `spender` by the caller.
*
* This is an alternative to {approve} that can be used as a mitigation for
* problems described in {IERC20-approve}.
*
* Emits an {Approval} event indicating the updated allowance.
*
* Requirements:
*
* - `spender` cannot be the zero address.
*/functionincreaseAllowance(address spender, uint256 addedValue)
publicvirtualreturns (bool)
{
_assertSenderRecipient(msg.sender, spender);
_approve(
msg.sender,
spender,
_allowances[msg.sender][spender].add(addedValue)
);
returntrue;
}
/**
* @dev Atomically decreases the allowance granted to `spender` by the caller.
*
* This is an alternative to {approve} that can be used as a mitigation for
* problems described in {IERC20-approve}.
*
* Emits an {Approval} event indicating the updated allowance.
*
* Requirements:
*
* - `spender` cannot be the zero address.
* - `spender` must have allowance for the caller of at least
* `subtractedValue`.
*/functiondecreaseAllowance(address spender, uint256 subtractedValue)
publicvirtualreturns (bool)
{
_assertSenderRecipient(msg.sender, spender);
_approve(
msg.sender,
spender,
_allowances[msg.sender][spender].sub(subtractedValue, "ERC20-18")
);
returntrue;
}
/**
* @dev Transfer `amount` from `holder` to `recipient`.
*
* `msg.sender` requires an allowance >= `amount` of `holder`.
*/functiontransferFrom(address holder,
address recipient,
uint256 amount
) publicoverride(IBoostableERC20, IERC20) returns (bool) {
_assertSenderRecipient(holder, recipient);
address spender =msg.sender;
// Create pending transfer if the token holder is opted-in and the permaboost is active
IOptIn.OptInStatus memory optInStatus = getOptInStatus(holder);
if (optInStatus.isOptedIn && optInStatus.permaBoostActive) {
// Ignore allowances if holder is opted-inrequire(holder == spender, "ERC20-7");
_createPendingTransfer({
opType: OP_TYPE_SEND,
spender: spender,
from: holder,
to: recipient,
amount: amount,
data: "",
optInStatus: optInStatus
});
returntrue;
}
// Not opted-in, but we still need to check approval of the given spender
_approve(
holder,
spender,
_allowances[holder][spender].sub(amount, "ERC20-4")
);
_move({from: holder, to: recipient, amount: amount});
returntrue;
}
/**
* @dev Burn tokens
* @param from address token holder address
* @param amount uint256 amount of tokens to burn
* @param data bytes extra information provided by the token holder
* @param incrementNonce whether to increment the nonce or not - only true for boosted burns
*/function_burn(addressfrom,
uint256 amount,
bytesmemory data,
bool incrementNonce
) internalvirtual{
require(from!=address(0), "ERC20-8");
UnpackedData memory unpacked = _unpackPackedData(_packedData[from]);
// Empty fuel burn
FuelBurn memory fuelBurn;
_burnUnpacked({
from: from,
unpacked: unpacked,
amount: amount,
data: data,
incrementNonce: incrementNonce,
fuelBurn: fuelBurn
});
}
function_burnUnpacked(addressfrom,
UnpackedData memory unpacked,
uint256 amount,
bytesmemory data,
bool incrementNonce,
FuelBurn memory fuelBurn
) internal{
// _beforeBurn allows deriving contracts to run additional logic and affect the amount// that is actually getting burned. E.g. when burning PRPS, a portion of it might be taken// from the `hodlBalance`. Thus the returned `burnAmount` overrides `amount` and will be// subtracted from the actual `balance`.uint96 actualBurnAmount = _beforeBurn({
from: from,
unpacked: unpacked,
transferAmount: uint96(amount),
occupiedAmount: 0,
createdAt: uint32(block.timestamp),
fuelBurn: fuelBurn,
finalizing: false
});
// Update to new balanceif (incrementNonce) {
// The nonce uses 64 bits, so a overflow is pretty much impossible// via increments of 1.
unpacked.nonce++;
}
if (actualBurnAmount >0) {
require(unpacked.balance>= actualBurnAmount, "ERC20-9");
unpacked.balance-= actualBurnAmount;
}
// Update packed data by writing to storage
_packedData[from] = _packUnpackedData(unpacked);
// Total supply can be updated in batches elsewhere, shaving off another >5k gas.// _totalSupply = _totalSupply.sub(amount);// The `Burned` event is emitted with the total amount that got burned.// Furthermore, the fuel used is encoded in the upper bits.uint256 amountAndFuel;
// Set first 96 bits to amount
amountAndFuel |=uint96(amount);
// Set next 3 bits to fuel typeuint8 fuelType =uint8(fuelBurn.fuelType);
amountAndFuel |=uint256(fuelType) <<96;
// Set next 96 bits to fuel amount
amountAndFuel |=uint256(fuelBurn.amount) << (96+3);
emit Burned(amountAndFuel, data);
// We emit a transfer event with the actual burn amount excluding burned `hodlBalance`.emit Transfer(from, address(0), actualBurnAmount);
}
/**
* @dev Allow deriving contracts to prepare a burn. By default it behaves like an identity function
* and just returns the amount passed in.
*/function_beforeBurn(addressfrom,
UnpackedData memory unpacked,
uint96 transferAmount,
uint96 occupiedAmount,
uint32 createdAt,
FuelBurn memory fuelBurn,
bool finalizing
) internalvirtualreturns (uint96) {
return transferAmount;
}
function_move(addressfrom,
address to,
uint256 amount
) internal{
UnpackedData memory unpackedFrom = _unpackPackedData(_packedData[from]);
UnpackedData memory unpackedTo = _unpackPackedData(_packedData[to]);
// Empty fuel burn
FuelBurn memory fuelBurn;
_moveUnpacked({
from: from,
unpackedFrom: unpackedFrom,
to: to,
unpackedTo: unpackedTo,
amount: amount,
incrementNonce: false,
fuelBurn: fuelBurn
});
}
function_moveUnpacked(addressfrom,
UnpackedData memory unpackedFrom,
address to,
UnpackedData memory unpackedTo,
uint256 amount,
bool incrementNonce,
FuelBurn memory fuelBurn
) internal{
require(from!= to, "ERC20-19");
// Increment nonce of sender if it's a boosted sendif (incrementNonce) {
// The nonce uses 64 bits, so a overflow is pretty much impossible// via increments of 1.
unpackedFrom.nonce++;
}
// Check if sender has enough tokensuint96 transferAmount =uint96(amount);
require(unpackedFrom.balance>= transferAmount, "ERC20-10");
// Subtract transfer amount from sender balance
unpackedFrom.balance-= transferAmount;
// Check that recipient balance doesn't overflowuint96 updatedRecipientBalance = unpackedTo.balance+ transferAmount;
require(updatedRecipientBalance >= unpackedTo.balance, "ERC20-12");
unpackedTo.balance= updatedRecipientBalance;
_packedData[from] = _packUnpackedData(unpackedFrom);
_packedData[to] = _packUnpackedData(unpackedTo);
// The transfer amount does not include any used fuelemit Transfer(from, to, transferAmount);
}
/**
* @dev See {ERC20-_approve}.
*/function_approve(address holder,
address spender,
uint256 value
) internal{
_allowances[holder][spender] = value;
emit Approval(holder, spender, value);
}
function_assertSenderRecipient(address sender, address recipient)
privatepure{
require(sender !=address(0) && recipient !=address(0), "ERC20-13");
}
/**
* @dev Checks whether msg.sender is a deploy-time known contract or not.
*/function_callerIsDeployTimeKnownContract()
internalvirtualviewreturns (bool)
{
if (msg.sender== _hodlAddress) {
returntrue;
}
if (msg.sender== _externalAddress1) {
returntrue;
}
if (msg.sender== _externalAddress2) {
returntrue;
}
if (msg.sender== _externalAddress3) {
returntrue;
}
returnfalse;
}
//---------------------------------------------------------------// Pending ops//---------------------------------------------------------------/**
* @dev Create a pending transfer
*/function_createPendingTransfer(uint8 opType,
address spender,
addressfrom,
address to,
uint256 amount,
bytesmemory data,
IOptIn.OptInStatus memory optInStatus
) private{
OpHandle memory opHandle = _createNewOpHandle(
optInStatus,
from,
opType
);
PendingTransfer memory pendingTransfer = _createPendingTransferInternal(
opHandle,
spender,
from,
to,
amount,
data
);
_pendingTransfers[_getOpKey(from, opHandle.opId)] = pendingTransfer;
// Emit PendingOp eventemit PendingOp(from, opHandle.opId, opHandle.opType);
}
/**
* @dev Create a pending transfer by moving the funds of `spender` to this contract.
* Deriving contracts may override this function.
*/function_createPendingTransferInternal(
OpHandle memory opHandle,
address spender,
addressfrom,
address to,
uint256 amount,
bytesmemory data
) internalvirtualreturns (PendingTransfer memory) {
// Move funds into this contract// Reverts if `from` has less than `amount` tokens.
_move({from: from, to: address(this), amount: amount});
// Create op
PendingTransfer memory pendingTransfer = PendingTransfer({
transferAmount: uint96(amount),
spender: spender,
occupiedAmount: 0,
to: to,
data: data
});
return pendingTransfer;
}
/**
* @dev Finalize a pending op
*/functionfinalizePendingOp(address user, OpHandle memory opHandle) public{
uint8 opType = opHandle.opType;
// Assert that the caller (msg.sender) is allowed to finalize the given opuint32 createdAt =uint32(_assertCanFinalize(user, opHandle));
// Reverts if opId doesn't exist
PendingTransfer storage pendingTransfer = _safeGetPendingTransfer(
user,
opHandle.opId
);
// Cleanup// NOTE: We do not delete the pending transfer struct, because it only makes it// more expensive since we already hit the gas refund limit.//// delete _pendingTransfers[_getOpKey(user, opHandle.opId)];//// The difference is ~13k gas.//// Deleting the op handle is enough to invalidate an opId forever:
_deleteOpHandle(user, opHandle);
// Call op type specific finalizeif (opType == OP_TYPE_SEND) {
_finalizeTransferOp(pendingTransfer, user, createdAt);
} elseif (opType == OP_TYPE_BURN) {
_finalizePendingBurn(pendingTransfer, user, createdAt);
} else {
revert("ERC20-15");
}
// Emit eventemit FinalizedOp(user, opHandle.opId, opType);
}
/**
* @dev Finalize a pending transfer
*/function_finalizeTransferOp(
PendingTransfer storage pendingTransfer,
addressfrom,
uint32 createdAt
) private{
address to = pendingTransfer.to;
uint96 transferAmount = pendingTransfer.transferAmount;
address _this =address(this);
UnpackedData memory unpackedThis = _unpackPackedData(
_packedData[_this]
);
UnpackedData memory unpackedTo = _unpackPackedData(_packedData[to]);
// Check that sender balance does not overflowrequire(unpackedThis.balance>= transferAmount, "ERC20-2");
unpackedThis.balance-= transferAmount;
// Check that recipient doesn't overflowuint96 updatedBalanceRecipient = unpackedTo.balance+ transferAmount;
require(updatedBalanceRecipient >= unpackedTo.balance, "ERC20-2");
unpackedTo.balance= updatedBalanceRecipient;
_packedData[_this] = _packUnpackedData(unpackedThis);
_packedData[to] = _packUnpackedData(unpackedTo);
// Transfer event is emitted with original senderemit Transfer(from, to, transferAmount);
}
/**
* @dev Finalize a pending burn
*/function_finalizePendingBurn(
PendingTransfer storage pendingTransfer,
addressfrom,
uint32 createdAt
) private{
uint96 transferAmount = pendingTransfer.transferAmount;
// We pass the packedData of `from` to `_beforeBurn`, because it PRPS needs to update// the `hodlBalance` which is NOT on the contract's own packedData.
UnpackedData memory unpackedFrom = _unpackPackedData(_packedData[from]);
// Empty fuel burn
FuelBurn memory fuelBurn;
uint96 burnAmountExcludingLockedPrps = _beforeBurn({
from: from,
unpacked: unpackedFrom,
transferAmount: transferAmount,
occupiedAmount: pendingTransfer.occupiedAmount,
createdAt: createdAt,
fuelBurn: fuelBurn,
finalizing: true
});
// Update to new balance// NOTE: We change the balance of this contract, because that's where// the pending PRPS went to.address _this =address(this);
UnpackedData memory unpackedOfContract = _unpackPackedData(
_packedData[_this]
);
require(
unpackedOfContract.balance>= burnAmountExcludingLockedPrps,
"ERC20-2"
);
unpackedOfContract.balance-= burnAmountExcludingLockedPrps;
_packedData[_this] = _packUnpackedData(unpackedOfContract);
_packedData[from] = _packUnpackedData(unpackedFrom);
// Furthermore, total supply can be updated elsewhere, shaving off another >5k gas.// _totalSupply = _totalSupply.sub(amount);// Emit events using the same `transferAmount` instead of what `_beforeBurn`// returned which is only used for updating the balance correctly.emit Burned(transferAmount, pendingTransfer.data);
emit Transfer(from, address(0), transferAmount);
}
/**
* @dev Revert a pending operation.
*
* Only the opted-in booster can revert a transaction if it provides a signed and still valid booster message
* from the original sender.
*/functionrevertPendingOp(address user,
OpHandle memory opHandle,
bytesmemory boosterMessage,
Signature memory signature
) public{
// Prepare revert, including permission check and prevents reentrancy for same opHandle.
_prepareOpRevert({
user: user,
opHandle: opHandle,
boosterMessage: boosterMessage,
signature: signature
});
// Now perform the actual revert of the pending op
_revertPendingOp(user, opHandle.opType, opHandle.opId);
}
/**
* @dev Revert a pending transfer
*/function_revertPendingOp(address user,
uint8 opType,
uint64 opId
) private{
PendingTransfer storage pendingTransfer = _safeGetPendingTransfer(
user,
opId
);
uint96 transferAmount = pendingTransfer.transferAmount;
uint96 occupiedAmount = pendingTransfer.occupiedAmount;
// Move funds from this contract back to the original sender. Transfers and burns// are reverted the same way. We only transfer back the `transferAmount` - that is the amount// that actually got moved into this contract. The occupied amount is released during `onRevertPendingOp`// by the deriving contract.
_move({from: address(this), to: user, amount: transferAmount});
// Call hook to allow deriving contracts to perform additional cleanup
_onRevertPendingOp(user, opType, opId, transferAmount, occupiedAmount);
// NOTE: we do not clean up the ops mapping, because we already hit the// gas refund limit.// delete _pendingTransfers[_getOpKey(user, opHandle.opId)];// Emit eventemit RevertedOp(user, opId, opType);
}
/**
* @dev Hook that is called during revert of a pending transfer.
* Allows deriving contracts to perform additional cleanup.
*/function_onRevertPendingOp(address user,
uint8 opType,
uint64 opId,
uint96 transferAmount,
uint96 occupiedAmount
) internalvirtual{}
/**
* @dev Safely get a pending transfer. Reverts if it doesn't exist.
*/function_safeGetPendingTransfer(address user, uint64 opId)
privateviewreturns (PendingTransfer storage)
{
PendingTransfer storage pendingTransfer = _pendingTransfers[_getOpKey(
user,
opId
)];
require(pendingTransfer.spender !=address(0), "ERC20-16");
return pendingTransfer;
}
}
Código Fuente del Contrato
Archivo 9 de 19: IBoostableERC20.sol
// SPDX-License-Identifier: MITpragmasolidity 0.6.12;pragmaexperimentalABIEncoderV2;// Token agnostic fuel struct that is passed around when the fuel is burned by a different (token) contract.// The contract has to explicitely support the desired token that should be burned.structTokenFuel {
// A token alias that must be understood by the target contractuint8 tokenAlias;
uint96 amount;
}
/**
* @dev Extends the interface of the ERC20 standard as defined in the EIP with
* `boostedTransferFrom` to perform transfers without having to rely on an allowance.
*/interfaceIBoostableERC20{
// ERC20functiontotalSupply() externalviewreturns (uint256);
functionbalanceOf(address account) externalviewreturns (uint256);
functiontransfer(address recipient, uint256 amount)
externalreturns (bool);
functionallowance(address owner, address spender)
externalviewreturns (uint256);
functionapprove(address spender, uint256 amount) externalreturns (bool);
functiontransferFrom(address sender,
address recipient,
uint256 amount
) externalreturns (bool);
eventTransfer(addressindexedfrom, addressindexed to, uint256 value);
eventApproval(addressindexed owner,
addressindexed spender,
uint256 value
);
// Extension/**
* @dev Moves `amount` tokens from `sender` to `recipient`.
*
* If the caller is known by the callee, then the implementation should skip approval checks.
* Also accepts a data payload, similar to ERC721's `safeTransferFrom` to pass arbitrary data.
*
*/functionboostedTransferFrom(address sender,
address recipient,
uint256 amount,
bytescalldata data
) externalreturns (bool);
/**
* @dev Burns `fuel` from `from`.
*/functionburnFuel(addressfrom, TokenFuel memory fuel) external;
}
Código Fuente del Contrato
Archivo 10 de 19: IERC1820Registry.sol
// SPDX-License-Identifier: MITpragmasolidity ^0.6.0;/**
* @dev Interface of the global ERC1820 Registry, as defined in the
* https://eips.ethereum.org/EIPS/eip-1820[EIP]. Accounts may register
* implementers for interfaces in this registry, as well as query support.
*
* Implementers may be shared by multiple accounts, and can also implement more
* than a single interface for each account. Contracts can implement interfaces
* for themselves, but externally-owned accounts (EOA) must delegate this to a
* contract.
*
* {IERC165} interfaces can also be queried via the registry.
*
* For an in-depth explanation and source code analysis, see the EIP text.
*/interfaceIERC1820Registry{
/**
* @dev Sets `newManager` as the manager for `account`. A manager of an
* account is able to set interface implementers for it.
*
* By default, each account is its own manager. Passing a value of `0x0` in
* `newManager` will reset the manager to this initial state.
*
* Emits a {ManagerChanged} event.
*
* Requirements:
*
* - the caller must be the current manager for `account`.
*/functionsetManager(address account, address newManager) external;
/**
* @dev Returns the manager for `account`.
*
* See {setManager}.
*/functiongetManager(address account) externalviewreturns (address);
/**
* @dev Sets the `implementer` contract as ``account``'s implementer for
* `interfaceHash`.
*
* `account` being the zero address is an alias for the caller's address.
* The zero address can also be used in `implementer` to remove an old one.
*
* See {interfaceHash} to learn how these are created.
*
* Emits an {InterfaceImplementerSet} event.
*
* Requirements:
*
* - the caller must be the current manager for `account`.
* - `interfaceHash` must not be an {IERC165} interface id (i.e. it must not
* end in 28 zeroes).
* - `implementer` must implement {IERC1820Implementer} and return true when
* queried for support, unless `implementer` is the caller. See
* {IERC1820Implementer-canImplementInterfaceForAddress}.
*/functionsetInterfaceImplementer(address account, bytes32 interfaceHash, address implementer) external;
/**
* @dev Returns the implementer of `interfaceHash` for `account`. If no such
* implementer is registered, returns the zero address.
*
* If `interfaceHash` is an {IERC165} interface id (i.e. it ends with 28
* zeroes), `account` will be queried for support of it.
*
* `account` being the zero address is an alias for the caller's address.
*/functiongetInterfaceImplementer(address account, bytes32 interfaceHash) externalviewreturns (address);
/**
* @dev Returns the interface hash for an `interfaceName`, as defined in the
* corresponding
* https://eips.ethereum.org/EIPS/eip-1820#interface-name[section of the EIP].
*/functioninterfaceHash(stringcalldata interfaceName) externalpurereturns (bytes32);
/**
* @notice Updates the cache with whether the contract implements an ERC165 interface or not.
* @param account Address of the contract for which to update the cache.
* @param interfaceId ERC165 interface for which to update the cache.
*/functionupdateERC165Cache(address account, bytes4 interfaceId) external;
/**
* @notice Checks whether a contract implements an ERC165 interface or not.
* If the result is not cached a direct lookup on the contract address is performed.
* If the result is not cached or the cached value is out-of-date, the cache MUST be updated manually by calling
* {updateERC165Cache} with the contract address.
* @param account Address of the contract to check.
* @param interfaceId ERC165 interface to check.
* @return True if `account` implements `interfaceId`, false otherwise.
*/functionimplementsERC165Interface(address account, bytes4 interfaceId) externalviewreturns (bool);
/**
* @notice Checks whether a contract implements an ERC165 interface or not without using nor updating the cache.
* @param account Address of the contract to check.
* @param interfaceId ERC165 interface to check.
* @return True if `account` implements `interfaceId`, false otherwise.
*/functionimplementsERC165InterfaceNoCache(address account, bytes4 interfaceId) externalviewreturns (bool);
eventInterfaceImplementerSet(addressindexed account, bytes32indexed interfaceHash, addressindexed implementer);
eventManagerChanged(addressindexed account, addressindexed newManager);
}
Código Fuente del Contrato
Archivo 11 de 19: IERC20.sol
// SPDX-License-Identifier: MITpragmasolidity ^0.6.0;/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/interfaceIERC20{
/**
* @dev Returns the amount of tokens in existence.
*/functiontotalSupply() externalviewreturns (uint256);
/**
* @dev Returns the amount of tokens owned by `account`.
*/functionbalanceOf(address account) externalviewreturns (uint256);
/**
* @dev Moves `amount` tokens from the caller's account to `recipient`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/functiontransfer(address recipient, uint256 amount) externalreturns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/functionallowance(address owner, address spender) externalviewreturns (uint256);
/**
* @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/functionapprove(address spender, uint256 amount) externalreturns (bool);
/**
* @dev Moves `amount` tokens from `sender` to `recipient` using the
* allowance mechanism. `amount` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/functiontransferFrom(address sender, address recipient, uint256 amount) externalreturns (bool);
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/eventTransfer(addressindexedfrom, addressindexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/eventApproval(addressindexed owner, addressindexed spender, uint256 value);
}
Código Fuente del Contrato
Archivo 12 de 19: IHodl.sol
// SPDX-License-Identifier: MITpragmasolidity 0.6.12;interfaceIHodl{
/**
* @dev Lock the given amount of PRPS for the specified period (or infinitely)
* for DUBI.
*/functionhodl(uint24 id,
uint96 amountPrps,
uint16 duration,
address dubiBeneficiary,
address prpsBeneficiary
) external;
/**
* @dev Release a hodl of `prpsBeneficiary` with the given `creator` and `id`.
*/functionrelease(uint24 id,
address prpsBeneficiary,
address creator
) external;
/**
* @dev Withdraw can be used to withdraw DUBI from infinitely locked PRPS.
* The amount of DUBI withdrawn depends on the time passed since the last withdrawal.
*/functionwithdraw(uint24 id,
address prpsBeneficiary,
address creator
) external;
/**
* @dev Burn `amount` of `from`'s locked and/or pending PRPS.
*
* This function is supposed to be only called by the PRPS contract.
*
* Returns the amount of DUBI that needs to be minted.
*/functionburnLockedPrps(addressfrom,
uint96 amount,
uint32 dubiMintTimestamp,
bool burnPendingLockedPrps
) externalreturns (uint96);
/**
* @dev Set `amount` of `from`'s locked PRPS to pending.
*
* This function is supposed to be only called by the PRPS contract.
*
* Returns the amount of locked PRPS that could be set to pending.
*/functionsetLockedPrpsToPending(addressfrom, uint96 amount) external;
/**
* @dev Revert `amount` of `from`'s pending locked PRPS to not pending.
*
* This function is supposed to be only called by the PRPS contract and returns
*/functionrevertLockedPrpsSetToPending(address account, uint96 amount)
external;
}
// SPDX-License-Identifier: MITpragmasolidity 0.6.12;// NOTE: we ignore leap-seconds etc.libraryMintMath{
// The maximum number of seconds per month (365 * 24 * 60 * 60 / 12)uint32publicconstant SECONDS_PER_MONTH =2628000;
// The maximum number of days PRPS can be finitely locked foruint16publicconstant MAX_FINITE_LOCK_DURATION_DAYS =365;
// The maximum number of seconds PRPS can be finitely locked foruint32publicconstant MAX_FINITE_LOCK_DURATION_SECONDS =uint32(
MAX_FINITE_LOCK_DURATION_DAYS
) *24*60*60;
/**
* @dev Calculates the DUBI to mint based on the given amount of PRPS and duration in days.
* NOTE: We trust the caller to ensure that the duration between 1 and 365.
*/functioncalculateDubiToMintByDays(uint256 amountPrps,
uint16 durationInDays
) internalpurereturns (uint96) {
uint32 durationInSeconds =uint32(durationInDays) *24*60*60;
return calculateDubiToMintBySeconds(amountPrps, durationInSeconds);
}
/**
* @dev Calculates the DUBI to mint based on the given amount of PRPS and duration in seconds.
*/functioncalculateDubiToMintBySeconds(uint256 amountPrps,
uint32 durationInSeconds
) internalpurereturns (uint96) {
// NOTE: We do not use safe math for efficiency reasonsuint256 _percentage = percentage(
durationInSeconds,
MAX_FINITE_LOCK_DURATION_SECONDS,
18// precision in WEI, 10^18
) *4; // A full lock grants 4%, so multiply by 4.// Multiply PRPS by the percentage and then divide by the precision (=10^8)// from the previous stepuint256 _dubiToMint = (amountPrps * _percentage) / (1ether*100); // multiply by 100, because we deal with percentages// Assert that the calculated DUBI never overflows uint96assert(_dubiToMint <2**96);
returnuint96(_dubiToMint);
}
functioncalculateDubiToMintMax(uint96 amount)
internalpurereturns (uint96)
{
return
calculateDubiToMintBySeconds(
amount,
MAX_FINITE_LOCK_DURATION_SECONDS
);
}
functioncalculateMintDuration(uint32 _now, uint32 lastWithdrawal)
internalpurereturns (uint32)
{
require(lastWithdrawal >0&& lastWithdrawal <= _now, "MINT-1");
// NOTE: we don't use any safe math here for efficiency reasons. The assert above// is already a pretty good guarantee that nothing goes wrong. Also, all numbers involved// are very well smaller than uint256 in the first place.uint256 _elapsedTotal = _now - lastWithdrawal;
uint256 _proRatedYears = _elapsedTotal / SECONDS_PER_MONTH /12;
uint256 _elapsedInYear = _elapsedTotal %
MAX_FINITE_LOCK_DURATION_SECONDS;
//// Examples (using months instead of seconds):// calculation formula: (monthsSinceWithdrawal % 12) + (_proRatedYears * 12)// 1) Burn after 11 months since last withdrawal (number of years = 11 / 12 + 1 = 1)// => (11 % 12) + (years * 12) => 23 months worth of DUBI// => 23 months// 1) Burn after 4 months since last withdrawal (number of years = 4 / 12 + 1 = 1)// => (4 % 12) + (years * 12) => 16 months worth of DUBI// => 16 months// 2) Burn 0 months after withdrawal after 4 months (number of years = 0 / 12 + 1 = 1):// => (0 % 12) + (years * 12) => 12 months worth of DUBI (+ 4 months worth of withdrawn DUBI)// => 16 months// 3) Burn after 36 months since last withdrawal (number of years = 36 / 12 + 1 = 4)// => (36 % 12) + (years * 12) => 48 months worth of DUBI// => 48 months// 4) Burn 1 month after withdrawal after 35 months (number of years = 1 / 12 + 1 = 1):// => (1 % 12) + (years * 12) => 12 month worth of DUBI (+ 35 months worth of withdrawn DUBI)// => 47 monthsuint32 _mintDuration =uint32(
_elapsedInYear + _proRatedYears * MAX_FINITE_LOCK_DURATION_SECONDS
);
return _mintDuration;
}
functionpercentage(uint256 numerator,
uint256 denominator,
uint256 precision
) internalpurereturns (uint256) {
return
((numerator * (uint256(10)**(precision +1))) / denominator +5) /uint256(10);
}
}
Código Fuente del Contrato
Archivo 15 de 19: Ownable.sol
// SPDX-License-Identifier: MITpragmasolidity ^0.6.0;import"../GSN/Context.sol";
/**
* @dev Contract module which provides a basic access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* By default, the owner account will be the one that deploys the contract. This
* can later be changed with {transferOwnership}.
*
* This module is used through inheritance. It will make available the modifier
* `onlyOwner`, which can be applied to your functions to restrict their use to
* the owner.
*/contractOwnableisContext{
addressprivate _owner;
eventOwnershipTransferred(addressindexed previousOwner, addressindexed newOwner);
/**
* @dev Initializes the contract setting the deployer as the initial owner.
*/constructor () internal{
address msgSender = _msgSender();
_owner = msgSender;
emit OwnershipTransferred(address(0), msgSender);
}
/**
* @dev Returns the address of the current owner.
*/functionowner() publicviewreturns (address) {
return _owner;
}
/**
* @dev Throws if called by any account other than the owner.
*/modifieronlyOwner() {
require(_owner == _msgSender(), "Ownable: caller is not the owner");
_;
}
/**
* @dev Leaves the contract without owner. It will not be possible to call
* `onlyOwner` functions anymore. Can only be called by the current owner.
*
* NOTE: Renouncing ownership will leave the contract without an owner,
* thereby removing any functionality that is only available to the owner.
*/functionrenounceOwnership() publicvirtualonlyOwner{
emit OwnershipTransferred(_owner, address(0));
_owner =address(0);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Can only be called by the current owner.
*/functiontransferOwnership(address newOwner) publicvirtualonlyOwner{
require(newOwner !=address(0), "Ownable: new owner is the zero address");
emit OwnershipTransferred(_owner, newOwner);
_owner = newOwner;
}
}
Código Fuente del Contrato
Archivo 16 de 19: ProtectedBoostable.sol
// SPDX-License-Identifier: MITpragmasolidity 0.6.12;pragmaexperimentalABIEncoderV2;import"./EIP712Boostable.sol";
import"./IOptIn.sol";
import"./ProtectedBoostableLib.sol";
abstractcontractProtectedBoostableisEIP712Boostable{
//---------------------------------------------------------------// State for non-boosted operations while opted-in and the OPT_IN permaboost is active//---------------------------------------------------------------uint256privateconstant MAX_PENDING_OPS =25;
// A mapping of account to an opCounter.mapping(address=> OpCounter) internal _opCounters;
// A mapping of account to an array containing all it's pending ops.mapping(address=> OpHandle[]) internal _pendingOpsByAddress;
// A mapping of keccak256(address,opId) to a struct holding metadata like the associated user account and creation timestamp.mapping(bytes32=> OpMetadata) internal _opMetadata;
// Event that is emitted whenever a pending op is created// NOTE: returning an OpHandle in the event flattens it into an array for some reason// i.e. emit PendingOp(0x123.., OpHandle(1, 0)) => { from: 0x123, opHandle: ['1', '0']}eventPendingOp(addressfrom, uint64 opId, uint8 opType);
// Event that is emitted whenever a pending op is finalizedeventFinalizedOp(addressfrom, uint64 opId, uint8 opType);
// Event that is emitted whenever a pending op is revertedeventRevertedOp(addressfrom, uint64 opId, uint8 opType);
constructor(address optIn, bytes32 domainSeparator)
publicEIP712Boostable(optIn, domainSeparator)
{}
//---------------------------------------------------------------// Pending ops//---------------------------------------------------------------/**
* @dev Returns the metadata of an op. Returns a zero struct if it doesn't exist.
*/functiongetOpMetadata(address user, uint64 opId)
publicvirtualviewreturns (OpMetadata memory)
{
return _opMetadata[_getOpKey(user, opId)];
}
/**
* @dev Returns the metadata of an op. Returns a zero struct if it doesn't exist.
*/functiongetOpCounter(address user)
publicvirtualviewreturns (OpCounter memory)
{
return _opCounters[user];
}
/**
* @dev Returns the metadata of an op. Reverts if it doesn't exist or
* the opType mismatches.
*/functionsafeGetOpMetadata(address user, OpHandle memory opHandle)
publicvirtualviewreturns (OpMetadata memory)
{
OpMetadata storage metadata = _opMetadata[_getOpKey(
user,
opHandle.opId
)];
// If 'createdAt' is zero, then it's non-existent for usrequire(metadata.createdAt >0, "PB-1");
require(metadata.opType == opHandle.opType, "PB-2");
return metadata;
}
/**
* @dev Get the next op id for `user`
*/function_getNextOpId(address user) internalreturns (uint64) {
OpCounter storage counter = _opCounters[user];
// NOTE: we always increase by 1, so it cannot overflow as long as this// is the only place increasing the counter.uint64 nextOpId = counter.value+1;
// This also updates the nextFinalize/Revert valuesif (counter.nextFinalize ==0) {
// Only gets updated if currently pointing to "nothing", because FIFO
counter.nextFinalize = nextOpId;
}
// nextRevert is always updated to the new opId, because LIFO
counter.nextRevert = nextOpId;
counter.value= nextOpId;
// NOTE: It is safe to downcast to uint64 since it's practically impossible to overflow.return nextOpId;
}
/**
* @dev Creates a new opHandle with the given type for `user`.
*/function_createNewOpHandle(
IOptIn.OptInStatus memory optInStatus,
address user,
uint8 opType
) internalvirtualreturns (OpHandle memory) {
uint64 nextOpId = _getNextOpId(user);
OpHandle memory opHandle = OpHandle({opId: nextOpId, opType: opType});
// NOTE: we have a hard limit of 25 pending OPs and revert if that// limit is exceeded.require(_pendingOpsByAddress[user].length< MAX_PENDING_OPS, "PB-3");
address booster = optInStatus.optedInTo;
_pendingOpsByAddress[user].push(opHandle);
_opMetadata[_getOpKey(user, nextOpId)] = OpMetadata({
createdAt: uint64(block.timestamp),
booster: booster,
opType: opType
});
return opHandle;
}
/**
* @dev Delete the given `opHandle` from `user`.
*/function_deleteOpHandle(address user, OpHandle memory opHandle)
internalvirtual{
OpHandle[] storage _opHandles = _pendingOpsByAddress[user];
OpCounter storage opCounter = _opCounters[user];
ProtectedBoostableLib.deleteOpHandle(
user,
opHandle,
_opHandles,
opCounter,
_opMetadata
);
}
/**
* @dev Assert that the caller is allowed to finalize a pending op.
*
* Returns the user and createdAt timestamp of the op on success in order to
* save some gas by minimizing redundant look-ups.
*/function_assertCanFinalize(address user, OpHandle memory opHandle)
internalreturns (uint64)
{
OpMetadata memory metadata = safeGetOpMetadata(user, opHandle);
uint64 createdAt = metadata.createdAt;
// First check if the user is still opted-in. If not, then anyone// can finalize since it is no longer associated with the original booster.
IOptIn.OptInStatus memory optInStatus = getOptInStatus(user);
if (!optInStatus.isOptedIn) {
return createdAt;
}
// Revert if not FIFO order
_assertFinalizeFIFO(user, opHandle.opId);
return ProtectedBoostableLib.assertCanFinalize(metadata, optInStatus);
}
/**
* @dev Asserts that the caller (msg.sender) is allowed to revert a pending operation.
* The caller must be opted-in by user and provide a valid signature from the user
* that hasn't expired yet.
*/function_assertCanRevert(address user,
OpHandle memory opHandle,
uint64 opTimestamp,
bytesmemory boosterMessage,
Signature memory signature
) internal{
// Revert if not LIFO order
_assertRevertLIFO(user, opHandle.opId);
IOptIn.OptInStatus memory optInStatus = getOptInStatus(user);
require(
optInStatus.isOptedIn &&msg.sender== optInStatus.optedInTo,
"PB-6"
);
// In order to verify the boosterMessage, we need the hash and timestamp of when it// was signed. To interpret the boosterMessage, consult all available hasher contracts and// take the first non-zero result.address[] memory hasherContracts = _getHasherContracts();
// Call external library function, which performs the actual assertion. The reason// why it is not inlined, is that the need to reduce bytecode size.
ProtectedBoostableLib.verifySignatureForRevert(
user,
opTimestamp,
optInStatus,
boosterMessage,
hasherContracts,
signature
);
}
function_getHasherContracts() internalvirtualreturns (address[] memory);
/**
* @dev Asserts that the given opId is the next to be finalized for `user`.
*/function_assertFinalizeFIFO(address user, uint64 opId) internalvirtual{
OpCounter storage counter = _opCounters[user];
require(counter.nextFinalize == opId, "PB-9");
}
/**
* @dev Asserts that the given opId is the next to be reverted for `user`.
*/function_assertRevertLIFO(address user, uint64 opId) internalvirtual{
OpCounter storage counter = _opCounters[user];
require(counter.nextRevert == opId, "PB-10");
}
/**
* @dev Prepare an op revert.
* - Asserts that the caller is allowed to revert the given op
* - Deletes the op handle to minimize risks of reentrancy
*/function_prepareOpRevert(address user,
OpHandle memory opHandle,
bytesmemory boosterMessage,
Signature memory signature
) internal{
OpMetadata memory metadata = safeGetOpMetadata(user, opHandle);
_assertCanRevert(
user,
opHandle,
metadata.createdAt,
boosterMessage,
signature
);
// Delete opHandle, which prevents reentrancy since `safeGetOpMetadata`// will fail afterwards.
_deleteOpHandle(user, opHandle);
}
/**
* @dev Returns the hash of (user, opId) which is used as a look-up
* key in the `_opMetadata` mapping.
*/function_getOpKey(address user, uint64 opId)
internalpurereturns (bytes32)
{
returnkeccak256(abi.encodePacked(user, opId));
}
/**
* @dev Deriving contracts can override this function to accept a boosterMessage for a given booster and
* interpret it into a hash and timestamp.
*/functiondecodeAndHashBoosterMessage(address targetBooster,
bytesmemory boosterMessage
) externalvirtualviewreturns (bytes32, uint64) {}
/**
* @dev Returns the tag found in the given `boosterMesasge`.
*/function_readBoosterTag(bytesmemory boosterMessage)
internalpurereturns (uint8)
{
// The tag is either the 32th byte or the 64th byte depending on whether// the booster message contains dynamic bytes or not.//// If it contains a dynamic byte array, then the first word points to the first// data location.//// Therefore, we read the 32th byte and check if it's >= 32 and if so,// simply read the (32 + first word)th byte to get the tag.//// This imposes a limit on the number of tags we can support (<32), but// given that it is very unlikely for so many tags to exist it is fine.//// Read the 32th byte to get the tag, because it is a uint8 padded to 32 bytes.// i.e.// -----------------------------------------------------------------v// 0x0000000000000000000000000000000000000000000000000000000000000001// ...//uint8 tag =uint8(boosterMessage[31]);
if (tag >=32) {
// Read the (32 + tag) byte. E.g. if tag is 32, then we read the 64th:// --------------------------------------------------------------------// 0x0000000000000000000000000000000000000000000000000000000000000020 |// 0000000000000000000000000000000000000000000000000000000000000001 <// ...//
tag =uint8(boosterMessage[31+ tag]);
}
return tag;
}
}
Código Fuente del Contrato
Archivo 17 de 19: ProtectedBoostableLib.sol
// SPDX-License-Identifier: MITpragmasolidity 0.6.12;pragmaexperimentalABIEncoderV2;import"@openzeppelin/contracts/cryptography/ECDSA.sol";
import"./IOptIn.sol";
structOpHandle {
uint8 opType;
uint64 opId;
}
structOpMetadata {
uint8 opType; // the operation typeuint64 createdAt; // the creation timestamp of an opaddress booster; // the booster at the time of when the op has been created
}
structOpCounter {
// The current value of the counteruint64 value;
// Contains the opId that is to be finalized next - i.e. FIFO orderuint64 nextFinalize;
// Contains the opId that is to be reverted next - i.e. LIFO orderuint64 nextRevert;
}
// Library containing public functions for pending ops - those will never be inlined// to reduce the bytecode size of individual contracts.libraryProtectedBoostableLib{
usingECDSAforbytes32;
functiondeleteOpHandle(address user,
OpHandle memory opHandle,
OpHandle[] storage opHandles,
OpCounter storage opCounter,
mapping(bytes32 => OpMetadata) storage opMetadata
) public{
uint256 length = opHandles.length;
assert(length >0);
uint64 minOpId; // becomes next LIFOuint64 maxOpId; // becomes next FIFO// Pending ops are capped to MAX_PENDING_OPS. We always perform// MIN(length, MAX_PENDING_OPS) look-ups to do a "swap-and-pop" and// for updating the opCounter LIFO/FIFO pointers.for (uint256 i =0; i < length; i++) {
uint64 currOpId = opHandles[i].opId;
if (currOpId == opHandle.opId) {
// Overwrite item at i with last
opHandles[i] = opHandles[length -1];
// Continue, to ignore this opId when updating// minOpId and maxOpId.continue;
}
// Update minOpIdif (minOpId ==0|| currOpId < minOpId) {
minOpId = currOpId;
}
// Update maxOpIdif (currOpId > maxOpId) {
maxOpId = currOpId;
}
}
// Might be 0 when everything got finalized/reverted
opCounter.nextFinalize = minOpId;
// Might be 0 when everything got finalized/reverted
opCounter.nextRevert = maxOpId;
// Remove the last item
opHandles.pop();
// Remove metadatadelete opMetadata[_getOpKey(user, opHandle.opId)];
}
functionassertCanFinalize(
OpMetadata memory metadata,
IOptIn.OptInStatus memory optInStatus
) publicviewreturns (uint64) {
// Now there are three valid scenarios remaining://// - msg.sender is the original booster// - op is expired// - getBoosterAddress returns a different booster than the original booster//// In the second and third case, anyone can call finalize.address originalBooster = metadata.booster;
if (originalBooster ==msg.sender) {
return metadata.createdAt; // First case
}
address currentBooster = optInStatus.optedInTo;
uint256 optOutPeriod = optInStatus.optOutPeriod;
bool isExpired =block.timestamp>= metadata.createdAt + optOutPeriod;
if (isExpired) {
return metadata.createdAt; // Second case
}
if (currentBooster != originalBooster) {
return metadata.createdAt; // Third case
}
revert("PB-4");
}
functionverifySignatureForRevert(address user,
uint64 opTimestamp,
IOptIn.OptInStatus memory optInStatus,
bytesmemory boosterMessage,
address[] memory hasherContracts,
Signature memory signature
) public{
require(hasherContracts.length>0, "PB-12");
// Result of hasher contract calluint64 signedAt;
bytes32 boosterHash;
bool signatureVerified;
for (uint256 i =0; i < hasherContracts.length; i++) {
// Call into the hasher contract and take the first non-zero result.// The contract must implement the following function://// decodeAndHashBoosterMessage(// address targetBooster,// bytes memory boosterMessage// )//// If it doesn't, then the call will fail (success=false) and we try the next one.// If it succeeds (success = true), then we try to decode the result.// solhint-disable-next-line avoid-low-level-calls
(bool success, bytesmemory result) =address(hasherContracts[i])
.call(
// keccak256("decodeAndHashBoosterMessage(address,bytes)")abi.encodeWithSelector(
0xaf6eec54,
msg.sender, /* msg.sender becomes the target booster */
boosterMessage
)
);
if (!success) {
continue;
}
// The result is exactly 2 words long = 512 bits = 64 bytes// 32 bytes for the expected message hash// 8 bytes (padded to 32 bytes) for the expected timestampif (result.length!=64) {
continue;
}
// NOTE: A contract with malintent could return any hash that we would// try to recover against. But there is no harm done in doing so since// the user must have signed it.//// However, it might return an unrelated timestamp, that the user hasn't// signed - so it could prolong the expiry of a signature which is a valid// concern whose risk we minimize by using also the op timestamp which guarantees// that a signature eventually expires.// Decode and recover signer
(boosterHash, signedAt) =abi.decode(result, (bytes32, uint64));
address signer =ecrecover(
boosterHash,
signature.v,
signature.r,
signature.s
);
if (user != signer) {
// NOTE: Currently, hardware wallets (e.g. Ledger, Trezor) do not support EIP712 signing (specifically `signTypedData_v4`).// However, a user can still sign the EIP712 hash with the caveat that it's signed using `personal_sign` which prepends// the prefix '"\x19Ethereum Signed Message:\n" + len(message)'.//// To still support that, we also add the prefix and try to use the recovered address instead:
signer =ecrecover(
boosterHash.toEthSignedMessageHash(),
signature.v,
signature.r,
signature.s
);
}
// If we recovered `user` from the signature, then we have a valid signature.if (user == signer) {
signatureVerified =true;
break;
}
// Keep trying
}
// Revert if signature couldn't be verified with any of the returned hashesrequire(signatureVerified, "PB-8");
// Lastly, the current time must not be older than:// MIN(opTimestamp, signedAt) + optOutPeriod * 3uint64 _now =uint64(block.timestamp);
// The maximum age is equal to whichever is lowest:// opTimestamp + optOutPeriod * 3// signedAt + optOutPeriod * 3uint64 maximumAge;
if (opTimestamp > signedAt) {
maximumAge = signedAt +uint64(optInStatus.optOutPeriod *3);
} else {
maximumAge = opTimestamp +uint64(optInStatus.optOutPeriod *3);
}
require(_now <= maximumAge, "PB-11");
}
function_getOpKey(address user, uint64 opId)
internalpurereturns (bytes32)
{
returnkeccak256(abi.encodePacked(user, opId));
}
}
Código Fuente del Contrato
Archivo 18 de 19: Purpose.sol
// SPDX-License-Identifier: MITpragmasolidity 0.6.12;pragmaexperimentalABIEncoderV2;import"./ERC20.sol";
import"./Dubi.sol";
import"./IHodl.sol";
import"./MintMath.sol";
contractPurposeisERC20{
// The DUBI contract, required for auto-minting DUBI on burn.
Dubi privateimmutable _dubi;
// The HODL contract, required for burning locked PRPS.
IHodl privateimmutable _hodl;
modifieronlyHodl() {
require(msg.sender== _hodlAddress, "PRPS-1");
_;
}
constructor(uint256 initialSupply,
address optIn,
address dubi,
address hodl,
address externalAddress1,
address externalAddress2,
address externalAddress3
)
publicERC20("Purpose",
"PRPS",
optIn,
hodl,
externalAddress1,
externalAddress2,
externalAddress3
)
{
_dubi = Dubi(dubi);
_hodl = IHodl(hodl);
_mintInitialSupply(msg.sender, initialSupply);
}
/**
* @dev Returns the address of the {HODL} contract used for burning locked PRPS.
*/functionhodl() externalviewreturns (address) {
returnaddress(_hodl);
}
/**
* @dev Returns the hodl balance of the given `tokenHolder`
*/functionhodlBalanceOf(address tokenHolder) publicviewreturns (uint256) {
// The hodl balance follows after the first 96 bits in the packed data.returnuint96(_packedData[tokenHolder] >>96);
}
/**
* @dev Transfer `amount` PRPS from `from` to the Hodl contract.
*
* This can only be called by the Hodl contract.
*/functionhodlTransfer(addressfrom, uint96 amount) externalonlyHodl{
_move(from, address(_hodl), amount);
}
/**
* @dev Increase the hodl balance of `account` by `hodlAmount`. This is
* only used as part of the migration.
*/functionmigrateHodlBalance(address account, uint96 hodlAmount)
externalonlyHodl{
UnpackedData memory unpacked = _unpackPackedData(_packedData[account]);
unpacked.hodlBalance += hodlAmount;
_packedData[account] = _packUnpackedData(unpacked);
}
/**
* @dev Increase the hodl balance of `to` by moving `amount` PRPS from `from`'s balance.
*
* This can only be called by the Hodl contract.
*/functionincreaseHodlBalance(addressfrom,
address to,
uint96 amount
) externalonlyHodl{
UnpackedData memory unpackedDataFrom = _unpackPackedData(
_packedData[from]
);
UnpackedData memory unpackedDataTo;
// We only need to unpack twice if from != toif (from!= to) {
unpackedDataTo = _unpackPackedData(_packedData[to]);
} else {
unpackedDataTo = unpackedDataFrom;
}
// `from` must have enough balancerequire(unpackedDataFrom.balance>= amount, "PRPS-3");
// Subtract balance from `from`
unpackedDataFrom.balance-= amount;
// Add to `hodlBalance` from `to`
unpackedDataTo.hodlBalance += amount;
// We only need to pack twice if from != toif (from!= to) {
_packedData[to] = _packUnpackedData(unpackedDataTo);
}
_packedData[from] = _packUnpackedData(unpackedDataFrom);
}
/**
* @dev Decrease the hodl balance of `from` by `hodlAmount` and increase
* the regular balance by `refundAmount.
*
* `refundAmount` might be less than `hodlAmount`.
*
* E.g. when burning fuel in locked PRPS
*
* This can only be called by the Hodl contract.
*/functiondecreaseHodlBalance(addressfrom,
uint96 hodlAmount,
uint96 refundAmount
) externalonlyHodl{
require(hodlAmount >= refundAmount, "PRPS-4");
UnpackedData memory unpackedDataFrom = _unpackPackedData(
_packedData[from]
);
// `from` must have enough balancerequire(unpackedDataFrom.hodlBalance >= hodlAmount, "PRPS-5");
// Subtract amount from hodl balance
unpackedDataFrom.hodlBalance -= hodlAmount;
if (refundAmount >0) {
// Add amount to balance
unpackedDataFrom.balance+= refundAmount;
}
// Write to storage
_packedData[from] = _packUnpackedData(unpackedDataFrom);
}
/**
* @dev Revert the hodl balance change caused by `from` on `to`.
*
* E.g. when reverting a pending hodl.
*
* This can only be called by the Hodl contract.
*/functionrevertHodlBalance(addressfrom,
address to,
uint96 amount
) externalonlyHodl{
UnpackedData memory unpackedDataFrom = _unpackPackedData(
_packedData[from]
);
UnpackedData memory unpackedDataTo;
// We only need to unpack twice if from != toif (from!= to) {
unpackedDataTo = _unpackPackedData(_packedData[to]);
} else {
unpackedDataTo = unpackedDataFrom;
}
// `to` must have enough hodl balancerequire(unpackedDataTo.hodlBalance >= amount, "PRPS-5");
// Subtract hodl balance from `to`
unpackedDataTo.hodlBalance -= amount;
// Add to `balance` from `from`
unpackedDataFrom.balance+= amount;
// We only need to pack twice if from != toif (from!= to) {
_packedData[to] = _packUnpackedData(unpackedDataTo);
}
_packedData[from] = _packUnpackedData(unpackedDataFrom);
}
/**
* @dev Mint DUBI when burning PRPS
* @param from address token holder address
* @param transferAmount amount of tokens to burn
* @param occupiedAmount amount of tokens that are occupied
* @param createdAt equal to block.timestamp if not finalizing a pending op, otherwise
* it corresponds to op.createdAt
* @param finalizing boolean indicating whether this is a finalizing transaction or not. Changes
* how the `amount` is interpreted.
*
* When burning PRPS, we first try to burn unlocked PRPS.
* If burning an amount that exceeds the unlocked PRPS of `from`, we attempt to burn the
* difference from locked PRPS.
*
* If the desired `amount` cannot be filled by taking locked and unlocked PRPS into account,
* this function reverts.
*
* Burning locked PRPS means reducing the `hodlBalance` while burning unlocked PRPS means reducing
* the regular `balance`.
*
* This function returns the actual unlocked PRPS that needs to be removed from `balance`.
*
*/function_beforeBurn(addressfrom,
UnpackedData memory unpacked,
uint96 transferAmount,
uint96 occupiedAmount,
uint32 createdAt,
FuelBurn memory fuelBurn,
bool finalizing
) internaloverridereturns (uint96) {
uint96 totalDubiToMint;
uint96 lockedPrpsToBurn;
uint96 burnableUnlockedPrps;
// Depending on whether this is a finalizing burn or not,// the amount of locked/unlocked PRPS is determined differently.if (finalizing) {
// For a finalizing burn, we use the occupied amount, since we already know how much// locked PRPS we are going to burn. This amount represents the `pendingLockedPrps`// on the hodl items.
lockedPrpsToBurn = occupiedAmount;
// Since `transferAmount` is the total amount of PRPS getting burned, we need to subtract// the `occupiedAmount` to get the actual amount of unlocked PRPS.// Sanity checkassert(transferAmount >= occupiedAmount);
transferAmount -= occupiedAmount;
// Set the unlocked PRPS to burn to the updated `transferAmount`
burnableUnlockedPrps = transferAmount;
} else {
// For a direct burn, we start off with the full amounts, since we don't know the exact// amounts initially.
lockedPrpsToBurn = transferAmount;
burnableUnlockedPrps = unpacked.balance;
}
// 1) Try to burn unlocked PRPSif (burnableUnlockedPrps >0) {
// Nice, we can burn unlocked PRPS// Catch underflow i.e. don't burn more than we need toif (burnableUnlockedPrps > transferAmount) {
burnableUnlockedPrps = transferAmount;
}
// Calculate DUBI to mint based on unlocked PRPS we can burn
totalDubiToMint = MintMath.calculateDubiToMintMax(
burnableUnlockedPrps
);
// Subtract the amount of burned unlocked PRPS from the locked PRPS we// need to burn if this is NOT a finalizing burn, because in that case we// already have the exact amount locked PRPS we want to burn.if (!finalizing) {
lockedPrpsToBurn -= burnableUnlockedPrps;
}
}
// 2) Burn locked PRPS if there's not enough unlocked PRPS// Burn an additional amount of locked PRPS equal to the fuel if anyif (fuelBurn.fuelType == FuelType.LOCKED_PRPS) {
// The `burnFromLockedPrps` call will fail, if not enough PRPS can be burned.
lockedPrpsToBurn += fuelBurn.amount;
}
if (lockedPrpsToBurn >0) {
uint96 dubiToMintFromLockedPrps = _burnFromLockedPrps({
from: from,
unpacked: unpacked,
lockedPrpsToBurn: lockedPrpsToBurn,
createdAt: createdAt,
finalizing: finalizing
});
// We check 'greater than or equal' because it's possible to mint 0 new DUBI// e.g. when called right after a hodl where not enough time passed to generate new DUBI.uint96 dubiToMint = totalDubiToMint + dubiToMintFromLockedPrps;
require(dubiToMint >= totalDubiToMint, "PRPS-6");
totalDubiToMint = dubiToMint;
} else {
// Sanity check for finalizes that don't touch locked PRPSassert(occupiedAmount ==0);
}
// Burn minted DUBI equal to the fuel if anyif (fuelBurn.fuelType == FuelType.AUTO_MINTED_DUBI) {
require(totalDubiToMint >= fuelBurn.amount, "PRPS-7");
totalDubiToMint -= fuelBurn.amount;
}
// Mint DUBI taking differences between burned locked/unlocked into accountif (totalDubiToMint >0) {
_dubi.purposeMint(from, totalDubiToMint);
}
return burnableUnlockedPrps;
}
function_burnFromLockedPrps(addressfrom,
UnpackedData memory unpacked,
uint96 lockedPrpsToBurn,
uint32 createdAt,
bool finalizing
) privatereturns (uint96) {
// Reverts if the exact amount needed cannot be burneduint96 dubiToMintFromLockedPrps = _hodl.burnLockedPrps({
from: from,
amount: lockedPrpsToBurn,
dubiMintTimestamp: createdAt,
burnPendingLockedPrps: finalizing
});
require(unpacked.hodlBalance >= lockedPrpsToBurn, "PRPS-8");
unpacked.hodlBalance -= lockedPrpsToBurn;
return dubiToMintFromLockedPrps;
}
function_callerIsDeployTimeKnownContract()
internaloverrideviewreturns (bool)
{
if (msg.sender==address(_dubi)) {
returntrue;
}
returnsuper._callerIsDeployTimeKnownContract();
}
//---------------------------------------------------------------// Fuel//---------------------------------------------------------------/**
* @dev Burns `fuel` from `from`. Can only be called by one of the deploy-time known contracts.
*/functionburnFuel(addressfrom, TokenFuel memory fuel) publicoverride{
require(_callerIsDeployTimeKnownContract(), "PRPS-2");
_burnFuel(from, fuel);
}
function_burnFuel(addressfrom, TokenFuel memory fuel) private{
require(fuel.amount <= MAX_BOOSTER_FUEL, "PRPS-10");
require(from!=address(0) &&from!=msg.sender, "PRPS-11");
if (fuel.tokenAlias == TOKEN_FUEL_ALIAS_UNLOCKED_PRPS) {
// Burn fuel from unlocked PRPS
UnpackedData memory unpacked = _unpackPackedData(_packedData[from]);
require(unpacked.balance>= fuel.amount, "PRPS-7");
unpacked.balance-= fuel.amount;
_packedData[from] = _packUnpackedData(unpacked);
return;
}
if (fuel.tokenAlias == TOKEN_FUEL_ALIAS_LOCKED_PRPS) {
// Burn fuel from locked PRPS
UnpackedData memory unpacked = _unpackPackedData(_packedData[from]);
require(unpacked.hodlBalance >= fuel.amount, "PRPS-7");
unpacked.hodlBalance -= fuel.amount;
// We pass a mint timestamp, but that doesn't mean that DUBI is minted.// The returned DUBI that should be minted is ignored.// Reverts if not enough locked PRPS can be burned.
_hodl.burnLockedPrps({
from: from,
amount: fuel.amount,
dubiMintTimestamp: uint32(block.timestamp),
burnPendingLockedPrps: false
});
_packedData[from] = _packUnpackedData(unpacked);
return;
}
revert("PRPS-12");
}
/**
*@dev Burn the fuel of a `boostedSend`
*/function_burnBoostedSendFuel(addressfrom,
BoosterFuel memory fuel,
UnpackedData memory unpacked
) internaloverridereturns (FuelBurn memory) {
FuelBurn memory fuelBurn;
if (fuel.unlockedPrps >0) {
require(fuel.unlockedPrps <= MAX_BOOSTER_FUEL, "PRPS-10");
require(unpacked.balance>= fuel.unlockedPrps, "PRPS-7");
unpacked.balance-= fuel.unlockedPrps;
fuelBurn.amount = fuel.unlockedPrps;
fuelBurn.fuelType = FuelType.UNLOCKED_PRPS;
return fuelBurn;
}
if (fuel.lockedPrps >0) {
require(fuel.lockedPrps <= MAX_BOOSTER_FUEL, "PRPS-10");
// We pass a mint timestamp, but that doesn't mean that DUBI is minted.// The returned DUBI that should be minted is ignored.// Reverts if not enough locked PRPS can be burned.
_hodl.burnLockedPrps({
from: from,
amount: fuel.lockedPrps,
dubiMintTimestamp: uint32(block.timestamp),
burnPendingLockedPrps: false
});
require(unpacked.hodlBalance >= fuel.lockedPrps, "PRPS-7");
unpacked.hodlBalance -= fuel.lockedPrps;
fuelBurn.amount = fuel.lockedPrps;
fuelBurn.fuelType = FuelType.LOCKED_PRPS;
return fuelBurn;
}
// If the fuel is DUBI, then we have to reach out to the DUBI contract.if (fuel.dubi >0) {
// Reverts if the requested amount cannot be burned
_dubi.burnFuel(
from,
TokenFuel({
tokenAlias: TOKEN_FUEL_ALIAS_DUBI,
amount: fuel.dubi
})
);
fuelBurn.amount = fuel.dubi;
fuelBurn.fuelType = FuelType.DUBI;
return fuelBurn;
}
return fuelBurn;
}
/**
*@dev Burn the fuel of a `boostedBurn`
*/function_burnBoostedBurnFuel(addressfrom,
BoosterFuel memory fuel,
UnpackedData memory unpacked
) internaloverridereturns (FuelBurn memory) {
FuelBurn memory fuelBurn;
if (fuel.unlockedPrps >0) {
require(fuel.unlockedPrps <= MAX_BOOSTER_FUEL, "PRPS-10");
require(unpacked.balance>= fuel.unlockedPrps, "PRPS-7");
unpacked.balance-= fuel.unlockedPrps;
fuelBurn.amount = fuel.unlockedPrps;
fuelBurn.fuelType = FuelType.UNLOCKED_PRPS;
return fuelBurn;
}
if (fuel.lockedPrps >0) {
require(fuel.lockedPrps <= MAX_BOOSTER_FUEL, "PRPS-10");
require(unpacked.hodlBalance >= fuel.lockedPrps, "PRPS-7");
// Fuel is taken from hodl balance in _beforeBurn// unpacked.hodlBalance -= fuel.lockedPrps;
fuelBurn.amount = fuel.lockedPrps;
fuelBurn.fuelType = FuelType.LOCKED_PRPS;
return fuelBurn;
}
if (fuel.intrinsicFuel >0) {
require(fuel.intrinsicFuel <= MAX_BOOSTER_FUEL, "PRPS-10");
fuelBurn.amount = fuel.intrinsicFuel;
fuelBurn.fuelType = FuelType.AUTO_MINTED_DUBI;
return fuelBurn;
}
// If the fuel is DUBI, then we have to reach out to the DUBI contract.if (fuel.dubi >0) {
// Reverts if the requested amount cannot be burned
_dubi.burnFuel(
from,
TokenFuel({
tokenAlias: TOKEN_FUEL_ALIAS_DUBI,
amount: fuel.dubi
})
);
fuelBurn.amount = fuel.dubi;
fuelBurn.fuelType = FuelType.DUBI;
return fuelBurn;
}
// No fuel at allreturn fuelBurn;
}
//---------------------------------------------------------------// Pending ops//---------------------------------------------------------------function_getHasherContracts()
internaloverridereturns (address[] memory)
{
address[] memory hashers =newaddress[](5);
hashers[0] =address(this);
hashers[1] =address(_dubi);
hashers[2] = _hodlAddress;
hashers[3] = _externalAddress1;
hashers[4] = _externalAddress2;
return hashers;
}
/**
* @dev Create a pending transfer by moving the funds of `spender` to this contract.
* Special behavior applies to pending burns to account for locked PRPS.
*/function_createPendingTransferInternal(
OpHandle memory opHandle,
address spender,
addressfrom,
address to,
uint256 amount,
bytesmemory data
) internaloverridereturns (PendingTransfer memory) {
if (opHandle.opType != OP_TYPE_BURN) {
return// Nothing special to do for non-burns so just call parent implementationsuper._createPendingTransferInternal(
opHandle,
spender,
from,
to,
amount,
data
);
}
// When burning, we first use unlocked PRPS and match the remaining amount with locked PRPS from the Hodl contract.// Sanity checkassert(amount <2**96);
uint96 transferAmount =uint96(amount);
uint96 lockedPrpsAmount = transferAmount;
UnpackedData memory unpacked = _unpackPackedData(_packedData[from]);
// First try to move as much unlocked PRPS as possible to the PRPS addressuint96 unlockedPrpsToMove = transferAmount;
if (unlockedPrpsToMove > unpacked.balance) {
unlockedPrpsToMove = unpacked.balance;
}
// Update the locked PRPS we have to use
lockedPrpsAmount -= unlockedPrpsToMove;
if (unlockedPrpsToMove >0) {
_move({from: from, to: address(this), amount: unlockedPrpsToMove});
}
// If we still need locked PRPS, call into the Hodl contract.// This will also take pending hodls into account, if `from` has// some.if (lockedPrpsAmount >0) {
// Reverts if not the exact amount can be set to pending
_hodl.setLockedPrpsToPending(from, lockedPrpsAmount);
}
// Create pending transferreturn
PendingTransfer({
spender: spender,
transferAmount: transferAmount,
to: to,
occupiedAmount: lockedPrpsAmount,
data: data
});
}
/**
* @dev Hook that is called during revert of a pending op.
* Reverts any changes to locked PRPS when 'opType' is burn.
*/function_onRevertPendingOp(address user,
uint8 opType,
uint64 opId,
uint96 transferAmount,
uint96 occupiedAmount
) internaloverride{
if (opType != OP_TYPE_BURN) {
return;
}
// Extract the pending locked PRPS from the amount.if (occupiedAmount >0) {
_hodl.revertLockedPrpsSetToPending(user, occupiedAmount);
}
}
//---------------------------------------------------------------// Shared pending ops for Hodl//---------------------------------------------------------------/**
* @dev Creates a new opHandle with the given type for `user`. Hodl and Prps share the same
* opCounter to enforce a consistent order in which pending ops are finalized/reverted
* across contracts. This function can only be called by Hodl.
*/functioncreateNewOpHandleShared(
IOptIn.OptInStatus memory optInStatus,
address user,
uint8 opType
) publiconlyHodlreturns (OpHandle memory) {
return _createNewOpHandle(optInStatus, user, opType);
}
/**
* @dev Delete the op handle with the given `opId` from `user`. Hodl and Prps share the same
* opCounter to enforce a consistent order in which pending ops are finalized/reverted
* across contracts. This function can only be called by Hodl.
*/functiondeleteOpHandleShared(address user, OpHandle memory opHandle)
publiconlyHodlreturns (bool)
{
_deleteOpHandle(user, opHandle);
returntrue;
}
/**
* @dev Get the next op id for `user`. Hodl and Prps share the same
* opCounter to enforce a consistent order in which pending ops are finalized/reverted
* across contracts. This function can only be called by Hodl.
*/functionassertFinalizeFIFOShared(address user, uint64 opId)
publiconlyHodlreturns (bool)
{
_assertFinalizeFIFO(user, opId);
returntrue;
}
/**
* @dev Get the next op id for `user`. Hodl and Prps share the same
* opCounter to enforce a consistent order in which pending ops are finalized/reverted
* across contracts. This function can only be called by Hodl.
*/functionassertRevertLIFOShared(address user, uint64 opId)
publiconlyHodlreturns (bool)
{
_assertRevertLIFO(user, opId);
returntrue;
}
}
Código Fuente del Contrato
Archivo 19 de 19: SafeMath.sol
// SPDX-License-Identifier: MITpragmasolidity ^0.6.0;/**
* @dev Wrappers over Solidity's arithmetic operations with added overflow
* checks.
*
* Arithmetic operations in Solidity wrap on overflow. This can easily result
* in bugs, because programmers usually assume that an overflow raises an
* error, which is the standard behavior in high level programming languages.
* `SafeMath` restores this intuition by reverting the transaction when an
* operation overflows.
*
* Using this library instead of the unchecked operations eliminates an entire
* class of bugs, so it's recommended to use it always.
*/librarySafeMath{
/**
* @dev Returns the addition of two unsigned integers, reverting on
* overflow.
*
* Counterpart to Solidity's `+` operator.
*
* Requirements:
*
* - Addition cannot overflow.
*/functionadd(uint256 a, uint256 b) internalpurereturns (uint256) {
uint256 c = a + b;
require(c >= a, "SafeMath: addition overflow");
return c;
}
/**
* @dev Returns the subtraction of two unsigned integers, reverting on
* overflow (when the result is negative).
*
* Counterpart to Solidity's `-` operator.
*
* Requirements:
*
* - Subtraction cannot overflow.
*/functionsub(uint256 a, uint256 b) internalpurereturns (uint256) {
return sub(a, b, "SafeMath: subtraction overflow");
}
/**
* @dev Returns the subtraction of two unsigned integers, reverting with custom message on
* overflow (when the result is negative).
*
* Counterpart to Solidity's `-` operator.
*
* Requirements:
*
* - Subtraction cannot overflow.
*/functionsub(uint256 a, uint256 b, stringmemory errorMessage) internalpurereturns (uint256) {
require(b <= a, errorMessage);
uint256 c = a - b;
return c;
}
/**
* @dev Returns the multiplication of two unsigned integers, reverting on
* overflow.
*
* Counterpart to Solidity's `*` operator.
*
* Requirements:
*
* - Multiplication cannot overflow.
*/functionmul(uint256 a, uint256 b) internalpurereturns (uint256) {
// Gas optimization: this is cheaper than requiring 'a' not being zero, but the// benefit is lost if 'b' is also tested.// See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522if (a ==0) {
return0;
}
uint256 c = a * b;
require(c / a == b, "SafeMath: multiplication overflow");
return c;
}
/**
* @dev Returns the integer division of two unsigned integers. Reverts on
* division by zero. The result is rounded towards zero.
*
* Counterpart to Solidity's `/` operator. Note: this function uses a
* `revert` opcode (which leaves remaining gas untouched) while Solidity
* uses an invalid opcode to revert (consuming all remaining gas).
*
* Requirements:
*
* - The divisor cannot be zero.
*/functiondiv(uint256 a, uint256 b) internalpurereturns (uint256) {
return div(a, b, "SafeMath: division by zero");
}
/**
* @dev Returns the integer division of two unsigned integers. Reverts with custom message on
* division by zero. The result is rounded towards zero.
*
* Counterpart to Solidity's `/` operator. Note: this function uses a
* `revert` opcode (which leaves remaining gas untouched) while Solidity
* uses an invalid opcode to revert (consuming all remaining gas).
*
* Requirements:
*
* - The divisor cannot be zero.
*/functiondiv(uint256 a, uint256 b, stringmemory errorMessage) internalpurereturns (uint256) {
require(b >0, errorMessage);
uint256 c = a / b;
// assert(a == b * c + a % b); // There is no case in which this doesn't holdreturn c;
}
/**
* @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),
* Reverts when dividing by zero.
*
* Counterpart to Solidity's `%` operator. This function uses a `revert`
* opcode (which leaves remaining gas untouched) while Solidity uses an
* invalid opcode to revert (consuming all remaining gas).
*
* Requirements:
*
* - The divisor cannot be zero.
*/functionmod(uint256 a, uint256 b) internalpurereturns (uint256) {
return mod(a, b, "SafeMath: modulo by zero");
}
/**
* @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),
* Reverts with custom message when dividing by zero.
*
* Counterpart to Solidity's `%` operator. This function uses a `revert`
* opcode (which leaves remaining gas untouched) while Solidity uses an
* invalid opcode to revert (consuming all remaining gas).
*
* Requirements:
*
* - The divisor cannot be zero.
*/functionmod(uint256 a, uint256 b, stringmemory errorMessage) internalpurereturns (uint256) {
require(b !=0, errorMessage);
return a % b;
}
}
