// SPDX-License-Identifier: MITpragmasolidity ^0.8.4;/// @notice Contract for EIP-712 typed structured data hashing and signing./// @author Solady (https://github.com/vectorized/solady/blob/main/src/utils/EIP712.sol)/// @author Modified from Solbase (https://github.com/Sol-DAO/solbase/blob/main/src/utils/EIP712.sol)/// @author Modified from OpenZeppelin (https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/utils/cryptography/EIP712.sol)////// @dev Note, this implementation:/// - Uses `address(this)` for the `verifyingContract` field./// - Does NOT use the optional EIP-712 salt./// - Does NOT use any EIP-712 extensions./// This is for simplicity and to save gas./// If you need to customize, please fork / modify accordingly.abstractcontractEIP712{
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* CONSTANTS AND IMMUTABLES *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev `keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)")`.bytes32internalconstant _DOMAIN_TYPEHASH =0x8b73c3c69bb8fe3d512ecc4cf759cc79239f7b179b0ffacaa9a75d522b39400f;
uint256privateimmutable _cachedThis;
uint256privateimmutable _cachedChainId;
bytes32privateimmutable _cachedNameHash;
bytes32privateimmutable _cachedVersionHash;
bytes32privateimmutable _cachedDomainSeparator;
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* CONSTRUCTOR *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev Cache the hashes for cheaper runtime gas costs./// In the case of upgradeable contracts (i.e. proxies),/// or if the chain id changes due to a hard fork,/// the domain separator will be seamlessly calculated on-the-fly.constructor() {
_cachedThis =uint256(uint160(address(this)));
_cachedChainId =block.chainid;
stringmemory name;
stringmemory version;
if (!_domainNameAndVersionMayChange()) (name, version) = _domainNameAndVersion();
bytes32 nameHash = _domainNameAndVersionMayChange() ? bytes32(0) : keccak256(bytes(name));
bytes32 versionHash =
_domainNameAndVersionMayChange() ? bytes32(0) : keccak256(bytes(version));
_cachedNameHash = nameHash;
_cachedVersionHash = versionHash;
bytes32 separator;
if (!_domainNameAndVersionMayChange()) {
/// @solidity memory-safe-assemblyassembly {
let m :=mload(0x40) // Load the free memory pointer.mstore(m, _DOMAIN_TYPEHASH)
mstore(add(m, 0x20), nameHash)
mstore(add(m, 0x40), versionHash)
mstore(add(m, 0x60), chainid())
mstore(add(m, 0x80), address())
separator :=keccak256(m, 0xa0)
}
}
_cachedDomainSeparator = separator;
}
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* FUNCTIONS TO OVERRIDE *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev Please override this function to return the domain name and version./// ```/// function _domainNameAndVersion()/// internal/// pure/// virtual/// returns (string memory name, string memory version)/// {/// name = "Solady";/// version = "1";/// }/// ```////// Note: If the returned result may change after the contract has been deployed,/// you must override `_domainNameAndVersionMayChange()` to return true.function_domainNameAndVersion()
internalviewvirtualreturns (stringmemory name, stringmemory version);
/// @dev Returns if `_domainNameAndVersion()` may change/// after the contract has been deployed (i.e. after the constructor)./// Default: false.function_domainNameAndVersionMayChange() internalpurevirtualreturns (bool result) {}
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* HASHING OPERATIONS *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev Returns the EIP-712 domain separator.function_domainSeparator() internalviewvirtualreturns (bytes32 separator) {
if (_domainNameAndVersionMayChange()) {
separator = _buildDomainSeparator();
} else {
separator = _cachedDomainSeparator;
if (_cachedDomainSeparatorInvalidated()) separator = _buildDomainSeparator();
}
}
/// @dev Returns the hash of the fully encoded EIP-712 message for this domain,/// given `structHash`, as defined in/// https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct.////// The hash can be used together with {ECDSA-recover} to obtain the signer of a message:/// ```/// bytes32 digest = _hashTypedData(keccak256(abi.encode(/// keccak256("Mail(address to,string contents)"),/// mailTo,/// keccak256(bytes(mailContents))/// )));/// address signer = ECDSA.recover(digest, signature);/// ```function_hashTypedData(bytes32 structHash) internalviewvirtualreturns (bytes32 digest) {
// We will use `digest` to store the domain separator to save a bit of gas.if (_domainNameAndVersionMayChange()) {
digest = _buildDomainSeparator();
} else {
digest = _cachedDomainSeparator;
if (_cachedDomainSeparatorInvalidated()) digest = _buildDomainSeparator();
}
/// @solidity memory-safe-assemblyassembly {
// Compute the digest.mstore(0x00, 0x1901000000000000) // Store "\x19\x01".mstore(0x1a, digest) // Store the domain separator.mstore(0x3a, structHash) // Store the struct hash.
digest :=keccak256(0x18, 0x42)
// Restore the part of the free memory slot that was overwritten.mstore(0x3a, 0)
}
}
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* EIP-5267 OPERATIONS *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev See: https://eips.ethereum.org/EIPS/eip-5267functioneip712Domain()
publicviewvirtualreturns (bytes1 fields,
stringmemory name,
stringmemory version,
uint256 chainId,
address verifyingContract,
bytes32 salt,
uint256[] memory extensions
)
{
fields =hex"0f"; // `0b01111`.
(name, version) = _domainNameAndVersion();
chainId =block.chainid;
verifyingContract =address(this);
salt = salt; // `bytes32(0)`.
extensions = extensions; // `new uint256[](0)`.
}
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* PRIVATE HELPERS *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev Returns the EIP-712 domain separator.function_buildDomainSeparator() privateviewreturns (bytes32 separator) {
// We will use `separator` to store the name hash to save a bit of gas.bytes32 versionHash;
if (_domainNameAndVersionMayChange()) {
(stringmemory name, stringmemory version) = _domainNameAndVersion();
separator =keccak256(bytes(name));
versionHash =keccak256(bytes(version));
} else {
separator = _cachedNameHash;
versionHash = _cachedVersionHash;
}
/// @solidity memory-safe-assemblyassembly {
let m :=mload(0x40) // Load the free memory pointer.mstore(m, _DOMAIN_TYPEHASH)
mstore(add(m, 0x20), separator) // Name hash.mstore(add(m, 0x40), versionHash)
mstore(add(m, 0x60), chainid())
mstore(add(m, 0x80), address())
separator :=keccak256(m, 0xa0)
}
}
/// @dev Returns if the cached domain separator has been invalidated.function_cachedDomainSeparatorInvalidated() privateviewreturns (bool result) {
uint256 cachedChainId = _cachedChainId;
uint256 cachedThis = _cachedThis;
/// @solidity memory-safe-assemblyassembly {
result :=iszero(and(eq(chainid(), cachedChainId), eq(address(), cachedThis)))
}
}
}
Contract Source Code
File 3 of 16: ERC1155.sol
// SPDX-License-Identifier: MITpragmasolidity ^0.8.4;/// @notice Simple ERC1155 implementation./// @author Solady (https://github.com/vectorized/solady/blob/main/src/tokens/ERC1155.sol)/// @author Modified from Solmate (https://github.com/transmissions11/solmate/blob/main/src/tokens/ERC1155.sol)/// @author Modified from OpenZeppelin (https://github.com/OpenZeppelin/openzeppelin-contracts/tree/master/contracts/token/ERC1155/ERC1155.sol)////// @dev Note:/// - The ERC1155 standard allows for self-approvals./// For performance, this implementation WILL NOT revert for such actions./// Please add any checks with overrides if desired./// - The transfer functions use the identity precompile (0x4)/// to copy memory internally.////// If you are overriding:/// - Make sure all variables written to storage are properly cleaned// (e.g. the bool value for `isApprovedForAll` MUST be either 1 or 0 under the hood)./// - Check that the overridden function is actually used in the function you want to/// change the behavior of. Much of the code has been manually inlined for performance.abstractcontractERC1155{
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* CUSTOM ERRORS *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev The lengths of the input arrays are not the same.errorArrayLengthsMismatch();
/// @dev Cannot mint or transfer to the zero address.errorTransferToZeroAddress();
/// @dev The recipient's balance has overflowed.errorAccountBalanceOverflow();
/// @dev Insufficient balance.errorInsufficientBalance();
/// @dev Only the token owner or an approved account can manage the tokens.errorNotOwnerNorApproved();
/// @dev Cannot safely transfer to a contract that does not implement/// the ERC1155Receiver interface.errorTransferToNonERC1155ReceiverImplementer();
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* EVENTS *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev Emitted when `amount` of token `id` is transferred/// from `from` to `to` by `operator`.eventTransferSingle(addressindexed operator,
addressindexedfrom,
addressindexed to,
uint256 id,
uint256 amount
);
/// @dev Emitted when `amounts` of token `ids` are transferred/// from `from` to `to` by `operator`.eventTransferBatch(addressindexed operator,
addressindexedfrom,
addressindexed to,
uint256[] ids,
uint256[] amounts
);
/// @dev Emitted when `owner` enables or disables `operator` to manage all of their tokens.eventApprovalForAll(addressindexed owner, addressindexed operator, bool isApproved);
/// @dev Emitted when the Uniform Resource Identifier (URI) for token `id`/// is updated to `value`. This event is not used in the base contract./// You may need to emit this event depending on your URI logic.////// See: https://eips.ethereum.org/EIPS/eip-1155#metadataeventURI(string value, uint256indexed id);
/// @dev `keccak256(bytes("TransferSingle(address,address,address,uint256,uint256)"))`.uint256privateconstant _TRANSFER_SINGLE_EVENT_SIGNATURE =0xc3d58168c5ae7397731d063d5bbf3d657854427343f4c083240f7aacaa2d0f62;
/// @dev `keccak256(bytes("TransferBatch(address,address,address,uint256[],uint256[])"))`.uint256privateconstant _TRANSFER_BATCH_EVENT_SIGNATURE =0x4a39dc06d4c0dbc64b70af90fd698a233a518aa5d07e595d983b8c0526c8f7fb;
/// @dev `keccak256(bytes("ApprovalForAll(address,address,bool)"))`.uint256privateconstant _APPROVAL_FOR_ALL_EVENT_SIGNATURE =0x17307eab39ab6107e8899845ad3d59bd9653f200f220920489ca2b5937696c31;
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* STORAGE *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev The `ownerSlotSeed` of a given owner is given by./// ```/// let ownerSlotSeed := or(_ERC1155_MASTER_SLOT_SEED, shl(96, owner))/// ```////// The balance slot of `owner` is given by./// ```/// mstore(0x20, ownerSlotSeed)/// mstore(0x00, id)/// let balanceSlot := keccak256(0x00, 0x40)/// ```////// The operator approval slot of `owner` is given by./// ```/// mstore(0x20, ownerSlotSeed)/// mstore(0x00, operator)/// let operatorApprovalSlot := keccak256(0x0c, 0x34)/// ```uint256privateconstant _ERC1155_MASTER_SLOT_SEED =0x9a31110384e0b0c9;
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* ERC1155 METADATA *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev Returns the URI for token `id`.////// You can either return the same templated URI for all token IDs,/// (e.g. "https://example.com/api/{id}.json"),/// or return a unique URI for each `id`.////// See: https://eips.ethereum.org/EIPS/eip-1155#metadatafunctionuri(uint256 id) publicviewvirtualreturns (stringmemory);
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* ERC1155 *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev Returns the amount of `id` owned by `owner`.functionbalanceOf(address owner, uint256 id) publicviewvirtualreturns (uint256 result) {
/// @solidity memory-safe-assemblyassembly {
mstore(0x20, _ERC1155_MASTER_SLOT_SEED)
mstore(0x14, owner)
mstore(0x00, id)
result :=sload(keccak256(0x00, 0x40))
}
}
/// @dev Returns whether `operator` is approved to manage the tokens of `owner`.functionisApprovedForAll(address owner, address operator)
publicviewvirtualreturns (bool result)
{
/// @solidity memory-safe-assemblyassembly {
mstore(0x20, _ERC1155_MASTER_SLOT_SEED)
mstore(0x14, owner)
mstore(0x00, operator)
result :=sload(keccak256(0x0c, 0x34))
}
}
/// @dev Sets whether `operator` is approved to manage the tokens of the caller.////// Emits a {ApprovalForAll} event.functionsetApprovalForAll(address operator, bool isApproved) publicvirtual{
/// @solidity memory-safe-assemblyassembly {
// Convert to 0 or 1.
isApproved :=iszero(iszero(isApproved))
// Update the `isApproved` for (`msg.sender`, `operator`).mstore(0x20, _ERC1155_MASTER_SLOT_SEED)
mstore(0x14, caller())
mstore(0x00, operator)
sstore(keccak256(0x0c, 0x34), isApproved)
// Emit the {ApprovalForAll} event.mstore(0x00, isApproved)
// forgefmt: disable-next-linelog3(0x00, 0x20, _APPROVAL_FOR_ALL_EVENT_SIGNATURE, caller(), shr(96, shl(96, operator)))
}
}
/// @dev Transfers `amount` of `id` from `from` to `to`.////// Requirements:/// - `to` cannot be the zero address./// - `from` must have at least `amount` of `id`./// - If the caller is not `from`,/// it must be approved to manage the tokens of `from`./// - If `to` refers to a smart contract, it must implement/// {ERC1155-onERC1155Reveived}, which is called upon a batch transfer.////// Emits a {Transfer} event.functionsafeTransferFrom(addressfrom,
address to,
uint256 id,
uint256 amount,
bytescalldata data
) publicvirtual{
if (_useBeforeTokenTransfer()) {
_beforeTokenTransfer(from, to, _single(id), _single(amount), data);
}
/// @solidity memory-safe-assemblyassembly {
let fromSlotSeed :=or(_ERC1155_MASTER_SLOT_SEED, shl(96, from))
let toSlotSeed :=or(_ERC1155_MASTER_SLOT_SEED, shl(96, to))
mstore(0x20, fromSlotSeed)
// Clear the upper 96 bits.
from :=shr(96, fromSlotSeed)
to :=shr(96, toSlotSeed)
// Revert if `to` is the zero address.ifiszero(to) {
mstore(0x00, 0xea553b34) // `TransferToZeroAddress()`.revert(0x1c, 0x04)
}
// If the caller is not `from`, do the authorization check.ifiszero(eq(caller(), from)) {
mstore(0x00, caller())
ifiszero(sload(keccak256(0x0c, 0x34))) {
mstore(0x00, 0x4b6e7f18) // `NotOwnerNorApproved()`.revert(0x1c, 0x04)
}
}
// Subtract and store the updated balance of `from`.
{
mstore(0x00, id)
let fromBalanceSlot :=keccak256(0x00, 0x40)
let fromBalance :=sload(fromBalanceSlot)
ifgt(amount, fromBalance) {
mstore(0x00, 0xf4d678b8) // `InsufficientBalance()`.revert(0x1c, 0x04)
}
sstore(fromBalanceSlot, sub(fromBalance, amount))
}
// Increase and store the updated balance of `to`.
{
mstore(0x20, toSlotSeed)
let toBalanceSlot :=keccak256(0x00, 0x40)
let toBalanceBefore :=sload(toBalanceSlot)
let toBalanceAfter :=add(toBalanceBefore, amount)
iflt(toBalanceAfter, toBalanceBefore) {
mstore(0x00, 0x01336cea) // `AccountBalanceOverflow()`.revert(0x1c, 0x04)
}
sstore(toBalanceSlot, toBalanceAfter)
}
// Emit a {TransferSingle} event.mstore(0x20, amount)
log4(0x00, 0x40, _TRANSFER_SINGLE_EVENT_SIGNATURE, caller(), from, to)
}
if (_useAfterTokenTransfer()) {
_afterTokenTransfer(from, to, _single(id), _single(amount), data);
}
/// @solidity memory-safe-assemblyassembly {
// Do the {onERC1155Received} check if `to` is a smart contract.ifextcodesize(to) {
// Prepare the calldata.let m :=mload(0x40)
// `onERC1155Received(address,address,uint256,uint256,bytes)`.mstore(m, 0xf23a6e61)
mstore(add(m, 0x20), caller())
mstore(add(m, 0x40), from)
mstore(add(m, 0x60), id)
mstore(add(m, 0x80), amount)
mstore(add(m, 0xa0), 0xa0)
calldatacopy(add(m, 0xc0), sub(data.offset, 0x20), add(0x20, data.length))
// Revert if the call reverts.ifiszero(call(gas(), to, 0, add(m, 0x1c), add(0xc4, data.length), m, 0x20)) {
ifreturndatasize() {
// Bubble up the revert if the call reverts.returndatacopy(m, 0x00, returndatasize())
revert(m, returndatasize())
}
}
// Load the returndata and compare it with the function selector.ifiszero(eq(mload(m), shl(224, 0xf23a6e61))) {
mstore(0x00, 0x9c05499b) // `TransferToNonERC1155ReceiverImplementer()`.revert(0x1c, 0x04)
}
}
}
}
/// @dev Transfers `amounts` of `ids` from `from` to `to`.////// Requirements:/// - `to` cannot be the zero address./// - `from` must have at least `amount` of `id`./// - `ids` and `amounts` must have the same length./// - If the caller is not `from`,/// it must be approved to manage the tokens of `from`./// - If `to` refers to a smart contract, it must implement/// {ERC1155-onERC1155BatchReveived}, which is called upon a batch transfer.////// Emits a {TransferBatch} event.functionsafeBatchTransferFrom(addressfrom,
address to,
uint256[] calldata ids,
uint256[] calldata amounts,
bytescalldata data
) publicvirtual{
if (_useBeforeTokenTransfer()) {
_beforeTokenTransfer(from, to, ids, amounts, data);
}
/// @solidity memory-safe-assemblyassembly {
ifiszero(eq(ids.length, amounts.length)) {
mstore(0x00, 0x3b800a46) // `ArrayLengthsMismatch()`.revert(0x1c, 0x04)
}
let fromSlotSeed :=or(_ERC1155_MASTER_SLOT_SEED, shl(96, from))
let toSlotSeed :=or(_ERC1155_MASTER_SLOT_SEED, shl(96, to))
mstore(0x20, fromSlotSeed)
// Clear the upper 96 bits.
from :=shr(96, fromSlotSeed)
to :=shr(96, toSlotSeed)
// Revert if `to` is the zero address.ifiszero(to) {
mstore(0x00, 0xea553b34) // `TransferToZeroAddress()`.revert(0x1c, 0x04)
}
// If the caller is not `from`, do the authorization check.ifiszero(eq(caller(), from)) {
mstore(0x00, caller())
ifiszero(sload(keccak256(0x0c, 0x34))) {
mstore(0x00, 0x4b6e7f18) // `NotOwnerNorApproved()`.revert(0x1c, 0x04)
}
}
// Loop through all the `ids` and update the balances.
{
for { let i :=shl(5, ids.length) } i {} {
i :=sub(i, 0x20)
let amount :=calldataload(add(amounts.offset, i))
// Subtract and store the updated balance of `from`.
{
mstore(0x20, fromSlotSeed)
mstore(0x00, calldataload(add(ids.offset, i)))
let fromBalanceSlot :=keccak256(0x00, 0x40)
let fromBalance :=sload(fromBalanceSlot)
ifgt(amount, fromBalance) {
mstore(0x00, 0xf4d678b8) // `InsufficientBalance()`.revert(0x1c, 0x04)
}
sstore(fromBalanceSlot, sub(fromBalance, amount))
}
// Increase and store the updated balance of `to`.
{
mstore(0x20, toSlotSeed)
let toBalanceSlot :=keccak256(0x00, 0x40)
let toBalanceBefore :=sload(toBalanceSlot)
let toBalanceAfter :=add(toBalanceBefore, amount)
iflt(toBalanceAfter, toBalanceBefore) {
mstore(0x00, 0x01336cea) // `AccountBalanceOverflow()`.revert(0x1c, 0x04)
}
sstore(toBalanceSlot, toBalanceAfter)
}
}
}
// Emit a {TransferBatch} event.
{
let m :=mload(0x40)
// Copy the `ids`.mstore(m, 0x40)
let n :=add(0x20, shl(5, ids.length))
let o :=add(m, 0x40)
calldatacopy(o, sub(ids.offset, 0x20), n)
// Copy the `amounts`.mstore(add(m, 0x20), add(0x40, n))
calldatacopy(add(o, n), sub(amounts.offset, 0x20), n)
// Do the emit.log4(m, add(add(n, n), 0x40), _TRANSFER_BATCH_EVENT_SIGNATURE, caller(), from, to)
}
}
if (_useAfterTokenTransfer()) {
_afterTokenTransferCalldata(from, to, ids, amounts, data);
}
/// @solidity memory-safe-assemblyassembly {
// Do the {onERC1155BatchReceived} check if `to` is a smart contract.ifextcodesize(to) {
mstore(0x00, to) // Cache `to` to prevent stack too deep.let m :=mload(0x40)
// Prepare the calldata.// `onERC1155BatchReceived(address,address,uint256[],uint256[],bytes)`.mstore(m, 0xbc197c81)
mstore(add(m, 0x20), caller())
mstore(add(m, 0x40), from)
// Copy the `ids`.mstore(add(m, 0x60), 0xa0)
let n :=add(0x20, shl(5, ids.length))
let o :=add(m, 0xc0)
calldatacopy(o, sub(ids.offset, 0x20), n)
// Copy the `amounts`.let s :=add(0xa0, n)
mstore(add(m, 0x80), s)
calldatacopy(add(o, n), sub(amounts.offset, 0x20), n)
// Copy the `data`.mstore(add(m, 0xa0), add(s, n))
calldatacopy(add(o, add(n, n)), sub(data.offset, 0x20), add(0x20, data.length))
let nAll :=add(0xc4, add(data.length, add(n, n)))
// Revert if the call reverts.ifiszero(call(gas(), mload(0x00), 0, add(m, 0x1c), nAll, m, 0x20)) {
ifreturndatasize() {
// Bubble up the revert if the call reverts.returndatacopy(m, 0x00, returndatasize())
revert(m, returndatasize())
}
}
// Load the returndata and compare it with the function selector.ifiszero(eq(mload(m), shl(224, 0xbc197c81))) {
mstore(0x00, 0x9c05499b) // `TransferToNonERC1155ReceiverImplementer()`.revert(0x1c, 0x04)
}
}
}
}
/// @dev Returns the amounts of `ids` for `owners.////// Requirements:/// - `owners` and `ids` must have the same length.functionbalanceOfBatch(address[] calldata owners, uint256[] calldata ids)
publicviewvirtualreturns (uint256[] memory balances)
{
/// @solidity memory-safe-assemblyassembly {
ifiszero(eq(ids.length, owners.length)) {
mstore(0x00, 0x3b800a46) // `ArrayLengthsMismatch()`.revert(0x1c, 0x04)
}
balances :=mload(0x40)
mstore(balances, ids.length)
let o :=add(balances, 0x20)
let i :=shl(5, ids.length)
mstore(0x40, add(i, o))
// Loop through all the `ids` and load the balances.for {} i {} {
i :=sub(i, 0x20)
let owner :=calldataload(add(owners.offset, i))
mstore(0x20, or(_ERC1155_MASTER_SLOT_SEED, shl(96, owner)))
mstore(0x00, calldataload(add(ids.offset, i)))
mstore(add(o, i), sload(keccak256(0x00, 0x40)))
}
}
}
/// @dev Returns true if this contract implements the interface defined by `interfaceId`./// See: https://eips.ethereum.org/EIPS/eip-165/// This function call must use less than 30000 gas.functionsupportsInterface(bytes4 interfaceId) publicviewvirtualreturns (bool result) {
/// @solidity memory-safe-assemblyassembly {
let s :=shr(224, interfaceId)
// ERC165: 0x01ffc9a7, ERC1155: 0xd9b67a26, ERC1155MetadataURI: 0x0e89341c.
result :=or(or(eq(s, 0x01ffc9a7), eq(s, 0xd9b67a26)), eq(s, 0x0e89341c))
}
}
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* INTERNAL MINT FUNCTIONS *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev Mints `amount` of `id` to `to`.////// Requirements:/// - `to` cannot be the zero address./// - If `to` refers to a smart contract, it must implement/// {ERC1155-onERC1155Reveived}, which is called upon a batch transfer.////// Emits a {Transfer} event.function_mint(address to, uint256 id, uint256 amount, bytesmemory data) internalvirtual{
if (_useBeforeTokenTransfer()) {
_beforeTokenTransfer(address(0), to, _single(id), _single(amount), data);
}
/// @solidity memory-safe-assemblyassembly {
let to_ :=shl(96, to)
// Revert if `to` is the zero address.ifiszero(to_) {
mstore(0x00, 0xea553b34) // `TransferToZeroAddress()`.revert(0x1c, 0x04)
}
// Increase and store the updated balance of `to`.
{
mstore(0x20, _ERC1155_MASTER_SLOT_SEED)
mstore(0x14, to)
mstore(0x00, id)
let toBalanceSlot :=keccak256(0x00, 0x40)
let toBalanceBefore :=sload(toBalanceSlot)
let toBalanceAfter :=add(toBalanceBefore, amount)
iflt(toBalanceAfter, toBalanceBefore) {
mstore(0x00, 0x01336cea) // `AccountBalanceOverflow()`.revert(0x1c, 0x04)
}
sstore(toBalanceSlot, toBalanceAfter)
}
// Emit a {TransferSingle} event.mstore(0x20, amount)
log4(0x00, 0x40, _TRANSFER_SINGLE_EVENT_SIGNATURE, caller(), 0, shr(96, to_))
}
if (_useAfterTokenTransfer()) {
_afterTokenTransfer(address(0), to, _single(id), _single(amount), data);
}
if (_hasCode(to)) _checkOnERC1155Received(address(0), to, id, amount, data);
}
/// @dev Mints `amounts` of `ids` to `to`.////// Requirements:/// - `to` cannot be the zero address./// - `ids` and `amounts` must have the same length./// - If `to` refers to a smart contract, it must implement/// {ERC1155-onERC1155BatchReveived}, which is called upon a batch transfer.////// Emits a {TransferBatch} event.function_batchMint(address to,
uint256[] memory ids,
uint256[] memory amounts,
bytesmemory data
) internalvirtual{
if (_useBeforeTokenTransfer()) {
_beforeTokenTransfer(address(0), to, ids, amounts, data);
}
/// @solidity memory-safe-assemblyassembly {
ifiszero(eq(mload(ids), mload(amounts))) {
mstore(0x00, 0x3b800a46) // `ArrayLengthsMismatch()`.revert(0x1c, 0x04)
}
let to_ :=shl(96, to)
// Revert if `to` is the zero address.ifiszero(to_) {
mstore(0x00, 0xea553b34) // `TransferToZeroAddress()`.revert(0x1c, 0x04)
}
// Loop through all the `ids` and update the balances.
{
mstore(0x20, or(_ERC1155_MASTER_SLOT_SEED, to_))
for { let i :=shl(5, mload(ids)) } i { i :=sub(i, 0x20) } {
let amount :=mload(add(amounts, i))
// Increase and store the updated balance of `to`.
{
mstore(0x00, mload(add(ids, i)))
let toBalanceSlot :=keccak256(0x00, 0x40)
let toBalanceBefore :=sload(toBalanceSlot)
let toBalanceAfter :=add(toBalanceBefore, amount)
iflt(toBalanceAfter, toBalanceBefore) {
mstore(0x00, 0x01336cea) // `AccountBalanceOverflow()`.revert(0x1c, 0x04)
}
sstore(toBalanceSlot, toBalanceAfter)
}
}
}
// Emit a {TransferBatch} event.
{
let m :=mload(0x40)
// Copy the `ids`.mstore(m, 0x40)
let n :=add(0x20, shl(5, mload(ids)))
let o :=add(m, 0x40)
pop(staticcall(gas(), 4, ids, n, o, n))
// Copy the `amounts`.mstore(add(m, 0x20), add(0x40, returndatasize()))
o :=add(o, returndatasize())
n :=add(0x20, shl(5, mload(amounts)))
pop(staticcall(gas(), 4, amounts, n, o, n))
n :=sub(add(o, returndatasize()), m)
// Do the emit.log4(m, n, _TRANSFER_BATCH_EVENT_SIGNATURE, caller(), 0, shr(96, to_))
}
}
if (_useAfterTokenTransfer()) {
_afterTokenTransfer(address(0), to, ids, amounts, data);
}
if (_hasCode(to)) _checkOnERC1155BatchReceived(address(0), to, ids, amounts, data);
}
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* INTERNAL BURN FUNCTIONS *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev Equivalent to `_burn(address(0), from, id, amount)`.function_burn(addressfrom, uint256 id, uint256 amount) internalvirtual{
_burn(address(0), from, id, amount);
}
/// @dev Destroys `amount` of `id` from `from`.////// Requirements:/// - `from` must have at least `amount` of `id`./// - If `by` is not the zero address, it must be either `from`,/// or approved to manage the tokens of `from`.////// Emits a {Transfer} event.function_burn(address by, addressfrom, uint256 id, uint256 amount) internalvirtual{
if (_useBeforeTokenTransfer()) {
_beforeTokenTransfer(from, address(0), _single(id), _single(amount), "");
}
/// @solidity memory-safe-assemblyassembly {
let from_ :=shl(96, from)
mstore(0x20, or(_ERC1155_MASTER_SLOT_SEED, from_))
// If `by` is not the zero address, and not equal to `from`,// check if it is approved to manage all the tokens of `from`.ifiszero(or(iszero(shl(96, by)), eq(shl(96, by), from_))) {
mstore(0x00, by)
ifiszero(sload(keccak256(0x0c, 0x34))) {
mstore(0x00, 0x4b6e7f18) // `NotOwnerNorApproved()`.revert(0x1c, 0x04)
}
}
// Decrease and store the updated balance of `from`.
{
mstore(0x00, id)
let fromBalanceSlot :=keccak256(0x00, 0x40)
let fromBalance :=sload(fromBalanceSlot)
ifgt(amount, fromBalance) {
mstore(0x00, 0xf4d678b8) // `InsufficientBalance()`.revert(0x1c, 0x04)
}
sstore(fromBalanceSlot, sub(fromBalance, amount))
}
// Emit a {TransferSingle} event.mstore(0x20, amount)
log4(0x00, 0x40, _TRANSFER_SINGLE_EVENT_SIGNATURE, caller(), shr(96, from_), 0)
}
if (_useAfterTokenTransfer()) {
_afterTokenTransfer(from, address(0), _single(id), _single(amount), "");
}
}
/// @dev Equivalent to `_batchBurn(address(0), from, ids, amounts)`.function_batchBurn(addressfrom, uint256[] memory ids, uint256[] memory amounts)
internalvirtual{
_batchBurn(address(0), from, ids, amounts);
}
/// @dev Destroys `amounts` of `ids` from `from`.////// Requirements:/// - `ids` and `amounts` must have the same length./// - `from` must have at least `amounts` of `ids`./// - If `by` is not the zero address, it must be either `from`,/// or approved to manage the tokens of `from`.////// Emits a {TransferBatch} event.function_batchBurn(address by, addressfrom, uint256[] memory ids, uint256[] memory amounts)
internalvirtual{
if (_useBeforeTokenTransfer()) {
_beforeTokenTransfer(from, address(0), ids, amounts, "");
}
/// @solidity memory-safe-assemblyassembly {
ifiszero(eq(mload(ids), mload(amounts))) {
mstore(0x00, 0x3b800a46) // `ArrayLengthsMismatch()`.revert(0x1c, 0x04)
}
let from_ :=shl(96, from)
mstore(0x20, or(_ERC1155_MASTER_SLOT_SEED, from_))
// If `by` is not the zero address, and not equal to `from`,// check if it is approved to manage all the tokens of `from`.let by_ :=shl(96, by)
ifiszero(or(iszero(by_), eq(by_, from_))) {
mstore(0x00, by)
ifiszero(sload(keccak256(0x0c, 0x34))) {
mstore(0x00, 0x4b6e7f18) // `NotOwnerNorApproved()`.revert(0x1c, 0x04)
}
}
// Loop through all the `ids` and update the balances.
{
for { let i :=shl(5, mload(ids)) } i { i :=sub(i, 0x20) } {
let amount :=mload(add(amounts, i))
// Decrease and store the updated balance of `from`.
{
mstore(0x00, mload(add(ids, i)))
let fromBalanceSlot :=keccak256(0x00, 0x40)
let fromBalance :=sload(fromBalanceSlot)
ifgt(amount, fromBalance) {
mstore(0x00, 0xf4d678b8) // `InsufficientBalance()`.revert(0x1c, 0x04)
}
sstore(fromBalanceSlot, sub(fromBalance, amount))
}
}
}
// Emit a {TransferBatch} event.
{
let m :=mload(0x40)
// Copy the `ids`.mstore(m, 0x40)
let n :=add(0x20, shl(5, mload(ids)))
let o :=add(m, 0x40)
pop(staticcall(gas(), 4, ids, n, o, n))
// Copy the `amounts`.mstore(add(m, 0x20), add(0x40, returndatasize()))
o :=add(o, returndatasize())
n :=add(0x20, shl(5, mload(amounts)))
pop(staticcall(gas(), 4, amounts, n, o, n))
n :=sub(add(o, returndatasize()), m)
// Do the emit.log4(m, n, _TRANSFER_BATCH_EVENT_SIGNATURE, caller(), shr(96, from_), 0)
}
}
if (_useAfterTokenTransfer()) {
_afterTokenTransfer(from, address(0), ids, amounts, "");
}
}
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* INTERNAL APPROVAL FUNCTIONS *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev Approve or remove the `operator` as an operator for `by`,/// without authorization checks.////// Emits a {ApprovalForAll} event.function_setApprovalForAll(address by, address operator, bool isApproved) internalvirtual{
/// @solidity memory-safe-assemblyassembly {
// Convert to 0 or 1.
isApproved :=iszero(iszero(isApproved))
// Update the `isApproved` for (`by`, `operator`).mstore(0x20, _ERC1155_MASTER_SLOT_SEED)
mstore(0x14, by)
mstore(0x00, operator)
sstore(keccak256(0x0c, 0x34), isApproved)
// Emit the {ApprovalForAll} event.mstore(0x00, isApproved)
let m :=shr(96, not(0))
log3(0x00, 0x20, _APPROVAL_FOR_ALL_EVENT_SIGNATURE, and(m, by), and(m, operator))
}
}
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* INTERNAL TRANSFER FUNCTIONS *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev Equivalent to `_safeTransfer(address(0), from, to, id, amount, data)`.function_safeTransfer(addressfrom, address to, uint256 id, uint256 amount, bytesmemory data)
internalvirtual{
_safeTransfer(address(0), from, to, id, amount, data);
}
/// @dev Transfers `amount` of `id` from `from` to `to`.////// Requirements:/// - `to` cannot be the zero address./// - `from` must have at least `amount` of `id`./// - If `by` is not the zero address, it must be either `from`,/// or approved to manage the tokens of `from`./// - If `to` refers to a smart contract, it must implement/// {ERC1155-onERC1155Reveived}, which is called upon a batch transfer.////// Emits a {Transfer} event.function_safeTransfer(address by,
addressfrom,
address to,
uint256 id,
uint256 amount,
bytesmemory data
) internalvirtual{
if (_useBeforeTokenTransfer()) {
_beforeTokenTransfer(from, to, _single(id), _single(amount), data);
}
/// @solidity memory-safe-assemblyassembly {
let from_ :=shl(96, from)
let to_ :=shl(96, to)
// Revert if `to` is the zero address.ifiszero(to_) {
mstore(0x00, 0xea553b34) // `TransferToZeroAddress()`.revert(0x1c, 0x04)
}
mstore(0x20, or(_ERC1155_MASTER_SLOT_SEED, from_))
// If `by` is not the zero address, and not equal to `from`,// check if it is approved to manage all the tokens of `from`.let by_ :=shl(96, by)
ifiszero(or(iszero(by_), eq(by_, from_))) {
mstore(0x00, by)
ifiszero(sload(keccak256(0x0c, 0x34))) {
mstore(0x00, 0x4b6e7f18) // `NotOwnerNorApproved()`.revert(0x1c, 0x04)
}
}
// Subtract and store the updated balance of `from`.
{
mstore(0x00, id)
let fromBalanceSlot :=keccak256(0x00, 0x40)
let fromBalance :=sload(fromBalanceSlot)
ifgt(amount, fromBalance) {
mstore(0x00, 0xf4d678b8) // `InsufficientBalance()`.revert(0x1c, 0x04)
}
sstore(fromBalanceSlot, sub(fromBalance, amount))
}
// Increase and store the updated balance of `to`.
{
mstore(0x20, or(_ERC1155_MASTER_SLOT_SEED, to_))
let toBalanceSlot :=keccak256(0x00, 0x40)
let toBalanceBefore :=sload(toBalanceSlot)
let toBalanceAfter :=add(toBalanceBefore, amount)
iflt(toBalanceAfter, toBalanceBefore) {
mstore(0x00, 0x01336cea) // `AccountBalanceOverflow()`.revert(0x1c, 0x04)
}
sstore(toBalanceSlot, toBalanceAfter)
}
// Emit a {TransferSingle} event.mstore(0x20, amount)
// forgefmt: disable-next-linelog4(0x00, 0x40, _TRANSFER_SINGLE_EVENT_SIGNATURE, caller(), shr(96, from_), shr(96, to_))
}
if (_useAfterTokenTransfer()) {
_afterTokenTransfer(from, to, _single(id), _single(amount), data);
}
if (_hasCode(to)) _checkOnERC1155Received(from, to, id, amount, data);
}
/// @dev Equivalent to `_safeBatchTransfer(address(0), from, to, ids, amounts, data)`.function_safeBatchTransfer(addressfrom,
address to,
uint256[] memory ids,
uint256[] memory amounts,
bytesmemory data
) internalvirtual{
_safeBatchTransfer(address(0), from, to, ids, amounts, data);
}
/// @dev Transfers `amounts` of `ids` from `from` to `to`.////// Requirements:/// - `to` cannot be the zero address./// - `ids` and `amounts` must have the same length./// - `from` must have at least `amounts` of `ids`./// - If `by` is not the zero address, it must be either `from`,/// or approved to manage the tokens of `from`./// - If `to` refers to a smart contract, it must implement/// {ERC1155-onERC1155BatchReveived}, which is called upon a batch transfer.////// Emits a {TransferBatch} event.function_safeBatchTransfer(address by,
addressfrom,
address to,
uint256[] memory ids,
uint256[] memory amounts,
bytesmemory data
) internalvirtual{
if (_useBeforeTokenTransfer()) {
_beforeTokenTransfer(from, to, ids, amounts, data);
}
/// @solidity memory-safe-assemblyassembly {
ifiszero(eq(mload(ids), mload(amounts))) {
mstore(0x00, 0x3b800a46) // `ArrayLengthsMismatch()`.revert(0x1c, 0x04)
}
let from_ :=shl(96, from)
let to_ :=shl(96, to)
// Revert if `to` is the zero address.ifiszero(to_) {
mstore(0x00, 0xea553b34) // `TransferToZeroAddress()`.revert(0x1c, 0x04)
}
let fromSlotSeed :=or(_ERC1155_MASTER_SLOT_SEED, from_)
let toSlotSeed :=or(_ERC1155_MASTER_SLOT_SEED, to_)
mstore(0x20, fromSlotSeed)
// If `by` is not the zero address, and not equal to `from`,// check if it is approved to manage all the tokens of `from`.let by_ :=shl(96, by)
ifiszero(or(iszero(by_), eq(by_, from_))) {
mstore(0x00, by)
ifiszero(sload(keccak256(0x0c, 0x34))) {
mstore(0x00, 0x4b6e7f18) // `NotOwnerNorApproved()`.revert(0x1c, 0x04)
}
}
// Loop through all the `ids` and update the balances.
{
for { let i :=shl(5, mload(ids)) } i { i :=sub(i, 0x20) } {
let amount :=mload(add(amounts, i))
// Subtract and store the updated balance of `from`.
{
mstore(0x20, fromSlotSeed)
mstore(0x00, mload(add(ids, i)))
let fromBalanceSlot :=keccak256(0x00, 0x40)
let fromBalance :=sload(fromBalanceSlot)
ifgt(amount, fromBalance) {
mstore(0x00, 0xf4d678b8) // `InsufficientBalance()`.revert(0x1c, 0x04)
}
sstore(fromBalanceSlot, sub(fromBalance, amount))
}
// Increase and store the updated balance of `to`.
{
mstore(0x20, toSlotSeed)
let toBalanceSlot :=keccak256(0x00, 0x40)
let toBalanceBefore :=sload(toBalanceSlot)
let toBalanceAfter :=add(toBalanceBefore, amount)
iflt(toBalanceAfter, toBalanceBefore) {
mstore(0x00, 0x01336cea) // `AccountBalanceOverflow()`.revert(0x1c, 0x04)
}
sstore(toBalanceSlot, toBalanceAfter)
}
}
}
// Emit a {TransferBatch} event.
{
let m :=mload(0x40)
// Copy the `ids`.mstore(m, 0x40)
let n :=add(0x20, shl(5, mload(ids)))
let o :=add(m, 0x40)
pop(staticcall(gas(), 4, ids, n, o, n))
// Copy the `amounts`.mstore(add(m, 0x20), add(0x40, returndatasize()))
o :=add(o, returndatasize())
n :=add(0x20, shl(5, mload(amounts)))
pop(staticcall(gas(), 4, amounts, n, o, n))
n :=sub(add(o, returndatasize()), m)
// Do the emit.log4(m, n, _TRANSFER_BATCH_EVENT_SIGNATURE, caller(), shr(96, from_), shr(96, to_))
}
}
if (_useAfterTokenTransfer()) {
_afterTokenTransfer(from, to, ids, amounts, data);
}
if (_hasCode(to)) _checkOnERC1155BatchReceived(from, to, ids, amounts, data);
}
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* HOOKS FOR OVERRIDING *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev Override this function to return true if `_beforeTokenTransfer` is used./// This is to help the compiler avoid producing dead bytecode.function_useBeforeTokenTransfer() internalviewvirtualreturns (bool) {
returnfalse;
}
/// @dev Hook that is called before any token transfer./// This includes minting and burning, as well as batched variants.////// The same hook is called on both single and batched variants./// For single transfers, the length of the `id` and `amount` arrays are 1.function_beforeTokenTransfer(addressfrom,
address to,
uint256[] memory ids,
uint256[] memory amounts,
bytesmemory data
) internalvirtual{}
/// @dev Override this function to return true if `_afterTokenTransfer` is used./// This is to help the compiler avoid producing dead bytecode.function_useAfterTokenTransfer() internalviewvirtualreturns (bool) {
returnfalse;
}
/// @dev Hook that is called after any token transfer./// This includes minting and burning, as well as batched variants.////// The same hook is called on both single and batched variants./// For single transfers, the length of the `id` and `amount` arrays are 1.function_afterTokenTransfer(addressfrom,
address to,
uint256[] memory ids,
uint256[] memory amounts,
bytesmemory data
) internalvirtual{}
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* PRIVATE HELPERS *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev Helper for calling the `_afterTokenTransfer` hook./// This is to help the compiler avoid producing dead bytecode.function_afterTokenTransferCalldata(addressfrom,
address to,
uint256[] calldata ids,
uint256[] calldata amounts,
bytescalldata data
) private{
if (_useAfterTokenTransfer()) {
_afterTokenTransfer(from, to, ids, amounts, data);
}
}
/// @dev Returns if `a` has bytecode of non-zero length.function_hasCode(address a) privateviewreturns (bool result) {
/// @solidity memory-safe-assemblyassembly {
result :=extcodesize(a) // Can handle dirty upper bits.
}
}
/// @dev Perform a call to invoke {IERC1155Receiver-onERC1155Received} on `to`./// Reverts if the target does not support the function correctly.function_checkOnERC1155Received(addressfrom,
address to,
uint256 id,
uint256 amount,
bytesmemory data
) private{
/// @solidity memory-safe-assemblyassembly {
// Prepare the calldata.let m :=mload(0x40)
// `onERC1155Received(address,address,uint256,uint256,bytes)`.mstore(m, 0xf23a6e61)
mstore(add(m, 0x20), caller())
mstore(add(m, 0x40), shr(96, shl(96, from)))
mstore(add(m, 0x60), id)
mstore(add(m, 0x80), amount)
mstore(add(m, 0xa0), 0xa0)
let n :=mload(data)
mstore(add(m, 0xc0), n)
if n { pop(staticcall(gas(), 4, add(data, 0x20), n, add(m, 0xe0), n)) }
// Revert if the call reverts.ifiszero(call(gas(), to, 0, add(m, 0x1c), add(0xc4, n), m, 0x20)) {
ifreturndatasize() {
// Bubble up the revert if the call reverts.returndatacopy(m, 0x00, returndatasize())
revert(m, returndatasize())
}
}
// Load the returndata and compare it with the function selector.ifiszero(eq(mload(m), shl(224, 0xf23a6e61))) {
mstore(0x00, 0x9c05499b) // `TransferToNonERC1155ReceiverImplementer()`.revert(0x1c, 0x04)
}
}
}
/// @dev Perform a call to invoke {IERC1155Receiver-onERC1155BatchReceived} on `to`./// Reverts if the target does not support the function correctly.function_checkOnERC1155BatchReceived(addressfrom,
address to,
uint256[] memory ids,
uint256[] memory amounts,
bytesmemory data
) private{
/// @solidity memory-safe-assemblyassembly {
// Prepare the calldata.let m :=mload(0x40)
// `onERC1155BatchReceived(address,address,uint256[],uint256[],bytes)`.mstore(m, 0xbc197c81)
mstore(add(m, 0x20), caller())
mstore(add(m, 0x40), shr(96, shl(96, from)))
// Copy the `ids`.mstore(add(m, 0x60), 0xa0)
let n :=add(0x20, shl(5, mload(ids)))
let o :=add(m, 0xc0)
pop(staticcall(gas(), 4, ids, n, o, n))
// Copy the `amounts`.let s :=add(0xa0, returndatasize())
mstore(add(m, 0x80), s)
o :=add(o, returndatasize())
n :=add(0x20, shl(5, mload(amounts)))
pop(staticcall(gas(), 4, amounts, n, o, n))
// Copy the `data`.mstore(add(m, 0xa0), add(s, returndatasize()))
o :=add(o, returndatasize())
n :=add(0x20, mload(data))
pop(staticcall(gas(), 4, data, n, o, n))
n :=sub(add(o, returndatasize()), add(m, 0x1c))
// Revert if the call reverts.ifiszero(call(gas(), to, 0, add(m, 0x1c), n, m, 0x20)) {
ifreturndatasize() {
// Bubble up the revert if the call reverts.returndatacopy(m, 0x00, returndatasize())
revert(m, returndatasize())
}
}
// Load the returndata and compare it with the function selector.ifiszero(eq(mload(m), shl(224, 0xbc197c81))) {
mstore(0x00, 0x9c05499b) // `TransferToNonERC1155ReceiverImplementer()`.revert(0x1c, 0x04)
}
}
}
/// @dev Returns `x` in an array with a single element.function_single(uint256 x) privatepurereturns (uint256[] memory result) {
/// @solidity memory-safe-assemblyassembly {
result :=mload(0x40)
mstore(0x40, add(result, 0x40))
mstore(result, 1)
mstore(add(result, 0x20), x)
}
}
}
Contract Source Code
File 4 of 16: ERC20.sol
// SPDX-License-Identifier: MITpragmasolidity ^0.8.4;/// @notice Simple ERC20 + EIP-2612 implementation./// @author Solady (https://github.com/vectorized/solady/blob/main/src/tokens/ERC20.sol)/// @author Modified from Solmate (https://github.com/transmissions11/solmate/blob/main/src/tokens/ERC20.sol)/// @author Modified from OpenZeppelin (https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/ERC20.sol)////// @dev Note:/// - The ERC20 standard allows minting and transferring to and from the zero address,/// minting and transferring zero tokens, as well as self-approvals./// For performance, this implementation WILL NOT revert for such actions./// Please add any checks with overrides if desired./// - The `permit` function uses the ecrecover precompile (0x1).////// If you are overriding:/// - NEVER violate the ERC20 invariant:/// the total sum of all balances must be equal to `totalSupply()`./// - Check that the overridden function is actually used in the function you want to/// change the behavior of. Much of the code has been manually inlined for performance.abstractcontractERC20{
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* CUSTOM ERRORS *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev The total supply has overflowed.errorTotalSupplyOverflow();
/// @dev The allowance has overflowed.errorAllowanceOverflow();
/// @dev The allowance has underflowed.errorAllowanceUnderflow();
/// @dev Insufficient balance.errorInsufficientBalance();
/// @dev Insufficient allowance.errorInsufficientAllowance();
/// @dev The permit is invalid.errorInvalidPermit();
/// @dev The permit has expired.errorPermitExpired();
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* EVENTS *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev Emitted when `amount` tokens is transferred from `from` to `to`.eventTransfer(addressindexedfrom, addressindexed to, uint256 amount);
/// @dev Emitted when `amount` tokens is approved by `owner` to be used by `spender`.eventApproval(addressindexed owner, addressindexed spender, uint256 amount);
/// @dev `keccak256(bytes("Transfer(address,address,uint256)"))`.uint256privateconstant _TRANSFER_EVENT_SIGNATURE =0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef;
/// @dev `keccak256(bytes("Approval(address,address,uint256)"))`.uint256privateconstant _APPROVAL_EVENT_SIGNATURE =0x8c5be1e5ebec7d5bd14f71427d1e84f3dd0314c0f7b2291e5b200ac8c7c3b925;
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* STORAGE *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev The storage slot for the total supply.uint256privateconstant _TOTAL_SUPPLY_SLOT =0x05345cdf77eb68f44c;
/// @dev The balance slot of `owner` is given by:/// ```/// mstore(0x0c, _BALANCE_SLOT_SEED)/// mstore(0x00, owner)/// let balanceSlot := keccak256(0x0c, 0x20)/// ```uint256privateconstant _BALANCE_SLOT_SEED =0x87a211a2;
/// @dev The allowance slot of (`owner`, `spender`) is given by:/// ```/// mstore(0x20, spender)/// mstore(0x0c, _ALLOWANCE_SLOT_SEED)/// mstore(0x00, owner)/// let allowanceSlot := keccak256(0x0c, 0x34)/// ```uint256privateconstant _ALLOWANCE_SLOT_SEED =0x7f5e9f20;
/// @dev The nonce slot of `owner` is given by:/// ```/// mstore(0x0c, _NONCES_SLOT_SEED)/// mstore(0x00, owner)/// let nonceSlot := keccak256(0x0c, 0x20)/// ```uint256privateconstant _NONCES_SLOT_SEED =0x38377508;
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* CONSTANTS *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev `(_NONCES_SLOT_SEED << 16) | 0x1901`.uint256privateconstant _NONCES_SLOT_SEED_WITH_SIGNATURE_PREFIX =0x383775081901;
/// @dev `keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)")`.bytes32privateconstant _DOMAIN_TYPEHASH =0x8b73c3c69bb8fe3d512ecc4cf759cc79239f7b179b0ffacaa9a75d522b39400f;
/// @dev `keccak256("1")`.bytes32privateconstant _VERSION_HASH =0xc89efdaa54c0f20c7adf612882df0950f5a951637e0307cdcb4c672f298b8bc6;
/// @dev `keccak256("Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)")`.bytes32privateconstant _PERMIT_TYPEHASH =0x6e71edae12b1b97f4d1f60370fef10105fa2faae0126114a169c64845d6126c9;
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* ERC20 METADATA *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev Returns the name of the token.functionname() publicviewvirtualreturns (stringmemory);
/// @dev Returns the symbol of the token.functionsymbol() publicviewvirtualreturns (stringmemory);
/// @dev Returns the decimals places of the token.functiondecimals() publicviewvirtualreturns (uint8) {
return18;
}
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* ERC20 *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev Returns the amount of tokens in existence.functiontotalSupply() publicviewvirtualreturns (uint256 result) {
/// @solidity memory-safe-assemblyassembly {
result :=sload(_TOTAL_SUPPLY_SLOT)
}
}
/// @dev Returns the amount of tokens owned by `owner`.functionbalanceOf(address owner) publicviewvirtualreturns (uint256 result) {
/// @solidity memory-safe-assemblyassembly {
mstore(0x0c, _BALANCE_SLOT_SEED)
mstore(0x00, owner)
result :=sload(keccak256(0x0c, 0x20))
}
}
/// @dev Returns the amount of tokens that `spender` can spend on behalf of `owner`.functionallowance(address owner, address spender)
publicviewvirtualreturns (uint256 result)
{
/// @solidity memory-safe-assemblyassembly {
mstore(0x20, spender)
mstore(0x0c, _ALLOWANCE_SLOT_SEED)
mstore(0x00, owner)
result :=sload(keccak256(0x0c, 0x34))
}
}
/// @dev Sets `amount` as the allowance of `spender` over the caller's tokens.////// Emits a {Approval} event.functionapprove(address spender, uint256 amount) publicvirtualreturns (bool) {
/// @solidity memory-safe-assemblyassembly {
// Compute the allowance slot and store the amount.mstore(0x20, spender)
mstore(0x0c, _ALLOWANCE_SLOT_SEED)
mstore(0x00, caller())
sstore(keccak256(0x0c, 0x34), amount)
// Emit the {Approval} event.mstore(0x00, amount)
log3(0x00, 0x20, _APPROVAL_EVENT_SIGNATURE, caller(), shr(96, mload(0x2c)))
}
returntrue;
}
/// @dev Transfer `amount` tokens from the caller to `to`.////// Requirements:/// - `from` must at least have `amount`.////// Emits a {Transfer} event.functiontransfer(address to, uint256 amount) publicvirtualreturns (bool) {
_beforeTokenTransfer(msg.sender, to, amount);
/// @solidity memory-safe-assemblyassembly {
// Compute the balance slot and load its value.mstore(0x0c, _BALANCE_SLOT_SEED)
mstore(0x00, caller())
let fromBalanceSlot :=keccak256(0x0c, 0x20)
let fromBalance :=sload(fromBalanceSlot)
// Revert if insufficient balance.ifgt(amount, fromBalance) {
mstore(0x00, 0xf4d678b8) // `InsufficientBalance()`.revert(0x1c, 0x04)
}
// Subtract and store the updated balance.sstore(fromBalanceSlot, sub(fromBalance, amount))
// Compute the balance slot of `to`.mstore(0x00, to)
let toBalanceSlot :=keccak256(0x0c, 0x20)
// Add and store the updated balance of `to`.// Will not overflow because the sum of all user balances// cannot exceed the maximum uint256 value.sstore(toBalanceSlot, add(sload(toBalanceSlot), amount))
// Emit the {Transfer} event.mstore(0x20, amount)
log3(0x20, 0x20, _TRANSFER_EVENT_SIGNATURE, caller(), shr(96, mload(0x0c)))
}
_afterTokenTransfer(msg.sender, to, amount);
returntrue;
}
/// @dev Transfers `amount` tokens from `from` to `to`.////// Note: Does not update the allowance if it is the maximum uint256 value.////// Requirements:/// - `from` must at least have `amount`./// - The caller must have at least `amount` of allowance to transfer the tokens of `from`.////// Emits a {Transfer} event.functiontransferFrom(addressfrom, address to, uint256 amount) publicvirtualreturns (bool) {
_beforeTokenTransfer(from, to, amount);
/// @solidity memory-safe-assemblyassembly {
let from_ :=shl(96, from)
// Compute the allowance slot and load its value.mstore(0x20, caller())
mstore(0x0c, or(from_, _ALLOWANCE_SLOT_SEED))
let allowanceSlot :=keccak256(0x0c, 0x34)
let allowance_ :=sload(allowanceSlot)
// If the allowance is not the maximum uint256 value.ifadd(allowance_, 1) {
// Revert if the amount to be transferred exceeds the allowance.ifgt(amount, allowance_) {
mstore(0x00, 0x13be252b) // `InsufficientAllowance()`.revert(0x1c, 0x04)
}
// Subtract and store the updated allowance.sstore(allowanceSlot, sub(allowance_, amount))
}
// Compute the balance slot and load its value.mstore(0x0c, or(from_, _BALANCE_SLOT_SEED))
let fromBalanceSlot :=keccak256(0x0c, 0x20)
let fromBalance :=sload(fromBalanceSlot)
// Revert if insufficient balance.ifgt(amount, fromBalance) {
mstore(0x00, 0xf4d678b8) // `InsufficientBalance()`.revert(0x1c, 0x04)
}
// Subtract and store the updated balance.sstore(fromBalanceSlot, sub(fromBalance, amount))
// Compute the balance slot of `to`.mstore(0x00, to)
let toBalanceSlot :=keccak256(0x0c, 0x20)
// Add and store the updated balance of `to`.// Will not overflow because the sum of all user balances// cannot exceed the maximum uint256 value.sstore(toBalanceSlot, add(sload(toBalanceSlot), amount))
// Emit the {Transfer} event.mstore(0x20, amount)
log3(0x20, 0x20, _TRANSFER_EVENT_SIGNATURE, shr(96, from_), shr(96, mload(0x0c)))
}
_afterTokenTransfer(from, to, amount);
returntrue;
}
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* EIP-2612 *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev For more performance, override to return the constant value/// of `keccak256(bytes(name()))` if `name()` will never change.function_constantNameHash() internalviewvirtualreturns (bytes32 result) {}
/// @dev Returns the current nonce for `owner`./// This value is used to compute the signature for EIP-2612 permit.functionnonces(address owner) publicviewvirtualreturns (uint256 result) {
/// @solidity memory-safe-assemblyassembly {
// Compute the nonce slot and load its value.mstore(0x0c, _NONCES_SLOT_SEED)
mstore(0x00, owner)
result :=sload(keccak256(0x0c, 0x20))
}
}
/// @dev Sets `value` as the allowance of `spender` over the tokens of `owner`,/// authorized by a signed approval by `owner`.////// Emits a {Approval} event.functionpermit(address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) publicvirtual{
bytes32 nameHash = _constantNameHash();
// We simply calculate it on-the-fly to allow for cases where the `name` may change.if (nameHash ==bytes32(0)) nameHash =keccak256(bytes(name()));
/// @solidity memory-safe-assemblyassembly {
// Revert if the block timestamp is greater than `deadline`.ifgt(timestamp(), deadline) {
mstore(0x00, 0x1a15a3cc) // `PermitExpired()`.revert(0x1c, 0x04)
}
let m :=mload(0x40) // Grab the free memory pointer.// Clean the upper 96 bits.
owner :=shr(96, shl(96, owner))
spender :=shr(96, shl(96, spender))
// Compute the nonce slot and load its value.mstore(0x0e, _NONCES_SLOT_SEED_WITH_SIGNATURE_PREFIX)
mstore(0x00, owner)
let nonceSlot :=keccak256(0x0c, 0x20)
let nonceValue :=sload(nonceSlot)
// Prepare the domain separator.mstore(m, _DOMAIN_TYPEHASH)
mstore(add(m, 0x20), nameHash)
mstore(add(m, 0x40), _VERSION_HASH)
mstore(add(m, 0x60), chainid())
mstore(add(m, 0x80), address())
mstore(0x2e, keccak256(m, 0xa0))
// Prepare the struct hash.mstore(m, _PERMIT_TYPEHASH)
mstore(add(m, 0x20), owner)
mstore(add(m, 0x40), spender)
mstore(add(m, 0x60), value)
mstore(add(m, 0x80), nonceValue)
mstore(add(m, 0xa0), deadline)
mstore(0x4e, keccak256(m, 0xc0))
// Prepare the ecrecover calldata.mstore(0x00, keccak256(0x2c, 0x42))
mstore(0x20, and(0xff, v))
mstore(0x40, r)
mstore(0x60, s)
let t :=staticcall(gas(), 1, 0, 0x80, 0x20, 0x20)
// If the ecrecover fails, the returndatasize will be 0x00,// `owner` will be checked if it equals the hash at 0x00,// which evaluates to false (i.e. 0), and we will revert.// If the ecrecover succeeds, the returndatasize will be 0x20,// `owner` will be compared against the returned address at 0x20.ifiszero(eq(mload(returndatasize()), owner)) {
mstore(0x00, 0xddafbaef) // `InvalidPermit()`.revert(0x1c, 0x04)
}
// Increment and store the updated nonce.sstore(nonceSlot, add(nonceValue, t)) // `t` is 1 if ecrecover succeeds.// Compute the allowance slot and store the value.// The `owner` is already at slot 0x20.mstore(0x40, or(shl(160, _ALLOWANCE_SLOT_SEED), spender))
sstore(keccak256(0x2c, 0x34), value)
// Emit the {Approval} event.log3(add(m, 0x60), 0x20, _APPROVAL_EVENT_SIGNATURE, owner, spender)
mstore(0x40, m) // Restore the free memory pointer.mstore(0x60, 0) // Restore the zero pointer.
}
}
/// @dev Returns the EIP-712 domain separator for the EIP-2612 permit.functionDOMAIN_SEPARATOR() publicviewvirtualreturns (bytes32 result) {
bytes32 nameHash = _constantNameHash();
// We simply calculate it on-the-fly to allow for cases where the `name` may change.if (nameHash ==bytes32(0)) nameHash =keccak256(bytes(name()));
/// @solidity memory-safe-assemblyassembly {
let m :=mload(0x40) // Grab the free memory pointer.mstore(m, _DOMAIN_TYPEHASH)
mstore(add(m, 0x20), nameHash)
mstore(add(m, 0x40), _VERSION_HASH)
mstore(add(m, 0x60), chainid())
mstore(add(m, 0x80), address())
result :=keccak256(m, 0xa0)
}
}
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* INTERNAL MINT FUNCTIONS *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev Mints `amount` tokens to `to`, increasing the total supply.////// Emits a {Transfer} event.function_mint(address to, uint256 amount) internalvirtual{
_beforeTokenTransfer(address(0), to, amount);
/// @solidity memory-safe-assemblyassembly {
let totalSupplyBefore :=sload(_TOTAL_SUPPLY_SLOT)
let totalSupplyAfter :=add(totalSupplyBefore, amount)
// Revert if the total supply overflows.iflt(totalSupplyAfter, totalSupplyBefore) {
mstore(0x00, 0xe5cfe957) // `TotalSupplyOverflow()`.revert(0x1c, 0x04)
}
// Store the updated total supply.sstore(_TOTAL_SUPPLY_SLOT, totalSupplyAfter)
// Compute the balance slot and load its value.mstore(0x0c, _BALANCE_SLOT_SEED)
mstore(0x00, to)
let toBalanceSlot :=keccak256(0x0c, 0x20)
// Add and store the updated balance.sstore(toBalanceSlot, add(sload(toBalanceSlot), amount))
// Emit the {Transfer} event.mstore(0x20, amount)
log3(0x20, 0x20, _TRANSFER_EVENT_SIGNATURE, 0, shr(96, mload(0x0c)))
}
_afterTokenTransfer(address(0), to, amount);
}
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* INTERNAL BURN FUNCTIONS *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev Burns `amount` tokens from `from`, reducing the total supply.////// Emits a {Transfer} event.function_burn(addressfrom, uint256 amount) internalvirtual{
_beforeTokenTransfer(from, address(0), amount);
/// @solidity memory-safe-assemblyassembly {
// Compute the balance slot and load its value.mstore(0x0c, _BALANCE_SLOT_SEED)
mstore(0x00, from)
let fromBalanceSlot :=keccak256(0x0c, 0x20)
let fromBalance :=sload(fromBalanceSlot)
// Revert if insufficient balance.ifgt(amount, fromBalance) {
mstore(0x00, 0xf4d678b8) // `InsufficientBalance()`.revert(0x1c, 0x04)
}
// Subtract and store the updated balance.sstore(fromBalanceSlot, sub(fromBalance, amount))
// Subtract and store the updated total supply.sstore(_TOTAL_SUPPLY_SLOT, sub(sload(_TOTAL_SUPPLY_SLOT), amount))
// Emit the {Transfer} event.mstore(0x00, amount)
log3(0x00, 0x20, _TRANSFER_EVENT_SIGNATURE, shr(96, shl(96, from)), 0)
}
_afterTokenTransfer(from, address(0), amount);
}
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* INTERNAL TRANSFER FUNCTIONS *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev Moves `amount` of tokens from `from` to `to`.function_transfer(addressfrom, address to, uint256 amount) internalvirtual{
_beforeTokenTransfer(from, to, amount);
/// @solidity memory-safe-assemblyassembly {
let from_ :=shl(96, from)
// Compute the balance slot and load its value.mstore(0x0c, or(from_, _BALANCE_SLOT_SEED))
let fromBalanceSlot :=keccak256(0x0c, 0x20)
let fromBalance :=sload(fromBalanceSlot)
// Revert if insufficient balance.ifgt(amount, fromBalance) {
mstore(0x00, 0xf4d678b8) // `InsufficientBalance()`.revert(0x1c, 0x04)
}
// Subtract and store the updated balance.sstore(fromBalanceSlot, sub(fromBalance, amount))
// Compute the balance slot of `to`.mstore(0x00, to)
let toBalanceSlot :=keccak256(0x0c, 0x20)
// Add and store the updated balance of `to`.// Will not overflow because the sum of all user balances// cannot exceed the maximum uint256 value.sstore(toBalanceSlot, add(sload(toBalanceSlot), amount))
// Emit the {Transfer} event.mstore(0x20, amount)
log3(0x20, 0x20, _TRANSFER_EVENT_SIGNATURE, shr(96, from_), shr(96, mload(0x0c)))
}
_afterTokenTransfer(from, to, amount);
}
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* INTERNAL ALLOWANCE FUNCTIONS *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev Updates the allowance of `owner` for `spender` based on spent `amount`.function_spendAllowance(address owner, address spender, uint256 amount) internalvirtual{
/// @solidity memory-safe-assemblyassembly {
// Compute the allowance slot and load its value.mstore(0x20, spender)
mstore(0x0c, _ALLOWANCE_SLOT_SEED)
mstore(0x00, owner)
let allowanceSlot :=keccak256(0x0c, 0x34)
let allowance_ :=sload(allowanceSlot)
// If the allowance is not the maximum uint256 value.ifadd(allowance_, 1) {
// Revert if the amount to be transferred exceeds the allowance.ifgt(amount, allowance_) {
mstore(0x00, 0x13be252b) // `InsufficientAllowance()`.revert(0x1c, 0x04)
}
// Subtract and store the updated allowance.sstore(allowanceSlot, sub(allowance_, amount))
}
}
}
/// @dev Sets `amount` as the allowance of `spender` over the tokens of `owner`.////// Emits a {Approval} event.function_approve(address owner, address spender, uint256 amount) internalvirtual{
/// @solidity memory-safe-assemblyassembly {
let owner_ :=shl(96, owner)
// Compute the allowance slot and store the amount.mstore(0x20, spender)
mstore(0x0c, or(owner_, _ALLOWANCE_SLOT_SEED))
sstore(keccak256(0x0c, 0x34), amount)
// Emit the {Approval} event.mstore(0x00, amount)
log3(0x00, 0x20, _APPROVAL_EVENT_SIGNATURE, shr(96, owner_), shr(96, mload(0x2c)))
}
}
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* HOOKS TO OVERRIDE *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev Hook that is called before any transfer of tokens./// This includes minting and burning.function_beforeTokenTransfer(addressfrom, address to, uint256 amount) internalvirtual{}
/// @dev Hook that is called after any transfer of tokens./// This includes minting and burning.function_afterTokenTransfer(addressfrom, address to, uint256 amount) internalvirtual{}
}
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.0) (utils/math/Math.sol)pragmasolidity ^0.8.20;/**
* @dev Standard math utilities missing in the Solidity language.
*/libraryMath{
/**
* @dev Muldiv operation overflow.
*/errorMathOverflowedMulDiv();
enumRounding {
Floor, // Toward negative infinity
Ceil, // Toward positive infinity
Trunc, // Toward zero
Expand // Away from zero
}
/**
* @dev Returns the addition of two unsigned integers, with an overflow flag.
*/functiontryAdd(uint256 a, uint256 b) internalpurereturns (bool, uint256) {
unchecked {
uint256 c = a + b;
if (c < a) return (false, 0);
return (true, c);
}
}
/**
* @dev Returns the subtraction of two unsigned integers, with an overflow flag.
*/functiontrySub(uint256 a, uint256 b) internalpurereturns (bool, uint256) {
unchecked {
if (b > a) return (false, 0);
return (true, a - b);
}
}
/**
* @dev Returns the multiplication of two unsigned integers, with an overflow flag.
*/functiontryMul(uint256 a, uint256 b) internalpurereturns (bool, uint256) {
unchecked {
// Gas optimization: this is cheaper than requiring 'a' not being zero, but the// benefit is lost if 'b' is also tested.// See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522if (a ==0) return (true, 0);
uint256 c = a * b;
if (c / a != b) return (false, 0);
return (true, c);
}
}
/**
* @dev Returns the division of two unsigned integers, with a division by zero flag.
*/functiontryDiv(uint256 a, uint256 b) internalpurereturns (bool, uint256) {
unchecked {
if (b ==0) return (false, 0);
return (true, a / b);
}
}
/**
* @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag.
*/functiontryMod(uint256 a, uint256 b) internalpurereturns (bool, uint256) {
unchecked {
if (b ==0) return (false, 0);
return (true, a % b);
}
}
/**
* @dev Returns the largest of two numbers.
*/functionmax(uint256 a, uint256 b) internalpurereturns (uint256) {
return a > b ? a : b;
}
/**
* @dev Returns the smallest of two numbers.
*/functionmin(uint256 a, uint256 b) internalpurereturns (uint256) {
return a < b ? a : b;
}
/**
* @dev Returns the average of two numbers. The result is rounded towards
* zero.
*/functionaverage(uint256 a, uint256 b) internalpurereturns (uint256) {
// (a + b) / 2 can overflow.return (a & b) + (a ^ b) /2;
}
/**
* @dev Returns the ceiling of the division of two numbers.
*
* This differs from standard division with `/` in that it rounds towards infinity instead
* of rounding towards zero.
*/functionceilDiv(uint256 a, uint256 b) internalpurereturns (uint256) {
if (b ==0) {
// Guarantee the same behavior as in a regular Solidity division.return a / b;
}
// (a + b - 1) / b can overflow on addition, so we distribute.return a ==0 ? 0 : (a -1) / b +1;
}
/**
* @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or
* denominator == 0.
* @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv) with further edits by
* Uniswap Labs also under MIT license.
*/functionmulDiv(uint256 x, uint256 y, uint256 denominator) internalpurereturns (uint256 result) {
unchecked {
// 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use// use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256// variables such that product = prod1 * 2^256 + prod0.uint256 prod0 = x * y; // Least significant 256 bits of the productuint256 prod1; // Most significant 256 bits of the productassembly {
let mm :=mulmod(x, y, not(0))
prod1 :=sub(sub(mm, prod0), lt(mm, prod0))
}
// Handle non-overflow cases, 256 by 256 division.if (prod1 ==0) {
// Solidity will revert if denominator == 0, unlike the div opcode on its own.// The surrounding unchecked block does not change this fact.// See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.return prod0 / denominator;
}
// Make sure the result is less than 2^256. Also prevents denominator == 0.if (denominator <= prod1) {
revert MathOverflowedMulDiv();
}
///////////////////////////////////////////////// 512 by 256 division.///////////////////////////////////////////////// Make division exact by subtracting the remainder from [prod1 prod0].uint256 remainder;
assembly {
// Compute remainder using mulmod.
remainder :=mulmod(x, y, denominator)
// Subtract 256 bit number from 512 bit number.
prod1 :=sub(prod1, gt(remainder, prod0))
prod0 :=sub(prod0, remainder)
}
// Factor powers of two out of denominator and compute largest power of two divisor of denominator.// Always >= 1. See https://cs.stackexchange.com/q/138556/92363.uint256 twos = denominator & (0- denominator);
assembly {
// Divide denominator by twos.
denominator :=div(denominator, twos)
// Divide [prod1 prod0] by twos.
prod0 :=div(prod0, twos)
// Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.
twos :=add(div(sub(0, twos), twos), 1)
}
// Shift in bits from prod1 into prod0.
prod0 |= prod1 * twos;
// Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such// that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for// four bits. That is, denominator * inv = 1 mod 2^4.uint256 inverse = (3* denominator) ^2;
// Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also// works in modular arithmetic, doubling the correct bits in each step.
inverse *=2- denominator * inverse; // inverse mod 2^8
inverse *=2- denominator * inverse; // inverse mod 2^16
inverse *=2- denominator * inverse; // inverse mod 2^32
inverse *=2- denominator * inverse; // inverse mod 2^64
inverse *=2- denominator * inverse; // inverse mod 2^128
inverse *=2- denominator * inverse; // inverse mod 2^256// Because the division is now exact we can divide by multiplying with the modular inverse of denominator.// This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is// less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1// is no longer required.
result = prod0 * inverse;
return result;
}
}
/**
* @notice Calculates x * y / denominator with full precision, following the selected rounding direction.
*/functionmulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internalpurereturns (uint256) {
uint256 result = mulDiv(x, y, denominator);
if (unsignedRoundsUp(rounding) &&mulmod(x, y, denominator) >0) {
result +=1;
}
return result;
}
/**
* @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded
* towards zero.
*
* Inspired by Henry S. Warren, Jr.'s "Hacker's Delight" (Chapter 11).
*/functionsqrt(uint256 a) internalpurereturns (uint256) {
if (a ==0) {
return0;
}
// For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.//// We know that the "msb" (most significant bit) of our target number `a` is a power of 2 such that we have// `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.//// This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`// โ `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`// โ `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`//// Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.uint256 result =1<< (log2(a) >>1);
// At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,// since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at// every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision// into the expected uint128 result.unchecked {
result = (result + a / result) >>1;
result = (result + a / result) >>1;
result = (result + a / result) >>1;
result = (result + a / result) >>1;
result = (result + a / result) >>1;
result = (result + a / result) >>1;
result = (result + a / result) >>1;
return min(result, a / result);
}
}
/**
* @notice Calculates sqrt(a), following the selected rounding direction.
*/functionsqrt(uint256 a, Rounding rounding) internalpurereturns (uint256) {
unchecked {
uint256 result = sqrt(a);
return result + (unsignedRoundsUp(rounding) && result * result < a ? 1 : 0);
}
}
/**
* @dev Return the log in base 2 of a positive value rounded towards zero.
* Returns 0 if given 0.
*/functionlog2(uint256 value) internalpurereturns (uint256) {
uint256 result =0;
unchecked {
if (value >>128>0) {
value >>=128;
result +=128;
}
if (value >>64>0) {
value >>=64;
result +=64;
}
if (value >>32>0) {
value >>=32;
result +=32;
}
if (value >>16>0) {
value >>=16;
result +=16;
}
if (value >>8>0) {
value >>=8;
result +=8;
}
if (value >>4>0) {
value >>=4;
result +=4;
}
if (value >>2>0) {
value >>=2;
result +=2;
}
if (value >>1>0) {
result +=1;
}
}
return result;
}
/**
* @dev Return the log in base 2, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/functionlog2(uint256 value, Rounding rounding) internalpurereturns (uint256) {
unchecked {
uint256 result =log2(value);
return result + (unsignedRoundsUp(rounding) &&1<< result < value ? 1 : 0);
}
}
/**
* @dev Return the log in base 10 of a positive value rounded towards zero.
* Returns 0 if given 0.
*/functionlog10(uint256 value) internalpurereturns (uint256) {
uint256 result =0;
unchecked {
if (value >=10**64) {
value /=10**64;
result +=64;
}
if (value >=10**32) {
value /=10**32;
result +=32;
}
if (value >=10**16) {
value /=10**16;
result +=16;
}
if (value >=10**8) {
value /=10**8;
result +=8;
}
if (value >=10**4) {
value /=10**4;
result +=4;
}
if (value >=10**2) {
value /=10**2;
result +=2;
}
if (value >=10**1) {
result +=1;
}
}
return result;
}
/**
* @dev Return the log in base 10, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/functionlog10(uint256 value, Rounding rounding) internalpurereturns (uint256) {
unchecked {
uint256 result = log10(value);
return result + (unsignedRoundsUp(rounding) &&10** result < value ? 1 : 0);
}
}
/**
* @dev Return the log in base 256 of a positive value rounded towards zero.
* Returns 0 if given 0.
*
* Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.
*/functionlog256(uint256 value) internalpurereturns (uint256) {
uint256 result =0;
unchecked {
if (value >>128>0) {
value >>=128;
result +=16;
}
if (value >>64>0) {
value >>=64;
result +=8;
}
if (value >>32>0) {
value >>=32;
result +=4;
}
if (value >>16>0) {
value >>=16;
result +=2;
}
if (value >>8>0) {
result +=1;
}
}
return result;
}
/**
* @dev Return the log in base 256, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/functionlog256(uint256 value, Rounding rounding) internalpurereturns (uint256) {
unchecked {
uint256 result = log256(value);
return result + (unsignedRoundsUp(rounding) &&1<< (result <<3) < value ? 1 : 0);
}
}
/**
* @dev Returns whether a provided rounding mode is considered rounding up for unsigned integers.
*/functionunsignedRoundsUp(Rounding rounding) internalpurereturns (bool) {
returnuint8(rounding) %2==1;
}
}
// SPDX-License-Identifier: MITpragmasolidity ^0.8.4;/// @notice Simple single owner authorization mixin./// @author Solady (https://github.com/vectorized/solady/blob/main/src/auth/Ownable.sol)////// @dev Note:/// This implementation does NOT auto-initialize the owner to `msg.sender`./// You MUST call the `_initializeOwner` in the constructor / initializer.////// While the ownable portion follows/// [EIP-173](https://eips.ethereum.org/EIPS/eip-173) for compatibility,/// the nomenclature for the 2-step ownership handover may be unique to this codebase.abstractcontractOwnable{
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* CUSTOM ERRORS *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev The caller is not authorized to call the function.errorUnauthorized();
/// @dev The `newOwner` cannot be the zero address.errorNewOwnerIsZeroAddress();
/// @dev The `pendingOwner` does not have a valid handover request.errorNoHandoverRequest();
/// @dev Cannot double-initialize.errorAlreadyInitialized();
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* EVENTS *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev The ownership is transferred from `oldOwner` to `newOwner`./// This event is intentionally kept the same as OpenZeppelin's Ownable to be/// compatible with indexers and [EIP-173](https://eips.ethereum.org/EIPS/eip-173),/// despite it not being as lightweight as a single argument event.eventOwnershipTransferred(addressindexed oldOwner, addressindexed newOwner);
/// @dev An ownership handover to `pendingOwner` has been requested.eventOwnershipHandoverRequested(addressindexed pendingOwner);
/// @dev The ownership handover to `pendingOwner` has been canceled.eventOwnershipHandoverCanceled(addressindexed pendingOwner);
/// @dev `keccak256(bytes("OwnershipTransferred(address,address)"))`.uint256privateconstant _OWNERSHIP_TRANSFERRED_EVENT_SIGNATURE =0x8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e0;
/// @dev `keccak256(bytes("OwnershipHandoverRequested(address)"))`.uint256privateconstant _OWNERSHIP_HANDOVER_REQUESTED_EVENT_SIGNATURE =0xdbf36a107da19e49527a7176a1babf963b4b0ff8cde35ee35d6cd8f1f9ac7e1d;
/// @dev `keccak256(bytes("OwnershipHandoverCanceled(address)"))`.uint256privateconstant _OWNERSHIP_HANDOVER_CANCELED_EVENT_SIGNATURE =0xfa7b8eab7da67f412cc9575ed43464468f9bfbae89d1675917346ca6d8fe3c92;
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* STORAGE *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev The owner slot is given by:/// `bytes32(~uint256(uint32(bytes4(keccak256("_OWNER_SLOT_NOT")))))`./// It is intentionally chosen to be a high value/// to avoid collision with lower slots./// The choice of manual storage layout is to enable compatibility/// with both regular and upgradeable contracts.bytes32internalconstant _OWNER_SLOT =0xffffffffffffffffffffffffffffffffffffffffffffffffffffffff74873927;
/// The ownership handover slot of `newOwner` is given by:/// ```/// mstore(0x00, or(shl(96, user), _HANDOVER_SLOT_SEED))/// let handoverSlot := keccak256(0x00, 0x20)/// ```/// It stores the expiry timestamp of the two-step ownership handover.uint256privateconstant _HANDOVER_SLOT_SEED =0x389a75e1;
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* INTERNAL FUNCTIONS *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev Override to return true to make `_initializeOwner` prevent double-initialization.function_guardInitializeOwner() internalpurevirtualreturns (bool guard) {}
/// @dev Initializes the owner directly without authorization guard./// This function must be called upon initialization,/// regardless of whether the contract is upgradeable or not./// This is to enable generalization to both regular and upgradeable contracts,/// and to save gas in case the initial owner is not the caller./// For performance reasons, this function will not check if there/// is an existing owner.function_initializeOwner(address newOwner) internalvirtual{
if (_guardInitializeOwner()) {
/// @solidity memory-safe-assemblyassembly {
let ownerSlot := _OWNER_SLOT
ifsload(ownerSlot) {
mstore(0x00, 0x0dc149f0) // `AlreadyInitialized()`.revert(0x1c, 0x04)
}
// Clean the upper 96 bits.
newOwner :=shr(96, shl(96, newOwner))
// Store the new value.sstore(ownerSlot, or(newOwner, shl(255, iszero(newOwner))))
// Emit the {OwnershipTransferred} event.log3(0, 0, _OWNERSHIP_TRANSFERRED_EVENT_SIGNATURE, 0, newOwner)
}
} else {
/// @solidity memory-safe-assemblyassembly {
// Clean the upper 96 bits.
newOwner :=shr(96, shl(96, newOwner))
// Store the new value.sstore(_OWNER_SLOT, newOwner)
// Emit the {OwnershipTransferred} event.log3(0, 0, _OWNERSHIP_TRANSFERRED_EVENT_SIGNATURE, 0, newOwner)
}
}
}
/// @dev Sets the owner directly without authorization guard.function_setOwner(address newOwner) internalvirtual{
if (_guardInitializeOwner()) {
/// @solidity memory-safe-assemblyassembly {
let ownerSlot := _OWNER_SLOT
// Clean the upper 96 bits.
newOwner :=shr(96, shl(96, newOwner))
// Emit the {OwnershipTransferred} event.log3(0, 0, _OWNERSHIP_TRANSFERRED_EVENT_SIGNATURE, sload(ownerSlot), newOwner)
// Store the new value.sstore(ownerSlot, or(newOwner, shl(255, iszero(newOwner))))
}
} else {
/// @solidity memory-safe-assemblyassembly {
let ownerSlot := _OWNER_SLOT
// Clean the upper 96 bits.
newOwner :=shr(96, shl(96, newOwner))
// Emit the {OwnershipTransferred} event.log3(0, 0, _OWNERSHIP_TRANSFERRED_EVENT_SIGNATURE, sload(ownerSlot), newOwner)
// Store the new value.sstore(ownerSlot, newOwner)
}
}
}
/// @dev Throws if the sender is not the owner.function_checkOwner() internalviewvirtual{
/// @solidity memory-safe-assemblyassembly {
// If the caller is not the stored owner, revert.ifiszero(eq(caller(), sload(_OWNER_SLOT))) {
mstore(0x00, 0x82b42900) // `Unauthorized()`.revert(0x1c, 0x04)
}
}
}
/// @dev Returns how long a two-step ownership handover is valid for in seconds./// Override to return a different value if needed./// Made internal to conserve bytecode. Wrap it in a public function if needed.function_ownershipHandoverValidFor() internalviewvirtualreturns (uint64) {
return48*3600;
}
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* PUBLIC UPDATE FUNCTIONS *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev Allows the owner to transfer the ownership to `newOwner`.functiontransferOwnership(address newOwner) publicpayablevirtualonlyOwner{
/// @solidity memory-safe-assemblyassembly {
ifiszero(shl(96, newOwner)) {
mstore(0x00, 0x7448fbae) // `NewOwnerIsZeroAddress()`.revert(0x1c, 0x04)
}
}
_setOwner(newOwner);
}
/// @dev Allows the owner to renounce their ownership.functionrenounceOwnership() publicpayablevirtualonlyOwner{
_setOwner(address(0));
}
/// @dev Request a two-step ownership handover to the caller./// The request will automatically expire in 48 hours (172800 seconds) by default.functionrequestOwnershipHandover() publicpayablevirtual{
unchecked {
uint256 expires =block.timestamp+ _ownershipHandoverValidFor();
/// @solidity memory-safe-assemblyassembly {
// Compute and set the handover slot to `expires`.mstore(0x0c, _HANDOVER_SLOT_SEED)
mstore(0x00, caller())
sstore(keccak256(0x0c, 0x20), expires)
// Emit the {OwnershipHandoverRequested} event.log2(0, 0, _OWNERSHIP_HANDOVER_REQUESTED_EVENT_SIGNATURE, caller())
}
}
}
/// @dev Cancels the two-step ownership handover to the caller, if any.functioncancelOwnershipHandover() publicpayablevirtual{
/// @solidity memory-safe-assemblyassembly {
// Compute and set the handover slot to 0.mstore(0x0c, _HANDOVER_SLOT_SEED)
mstore(0x00, caller())
sstore(keccak256(0x0c, 0x20), 0)
// Emit the {OwnershipHandoverCanceled} event.log2(0, 0, _OWNERSHIP_HANDOVER_CANCELED_EVENT_SIGNATURE, caller())
}
}
/// @dev Allows the owner to complete the two-step ownership handover to `pendingOwner`./// Reverts if there is no existing ownership handover requested by `pendingOwner`.functioncompleteOwnershipHandover(address pendingOwner) publicpayablevirtualonlyOwner{
/// @solidity memory-safe-assemblyassembly {
// Compute and set the handover slot to 0.mstore(0x0c, _HANDOVER_SLOT_SEED)
mstore(0x00, pendingOwner)
let handoverSlot :=keccak256(0x0c, 0x20)
// If the handover does not exist, or has expired.ifgt(timestamp(), sload(handoverSlot)) {
mstore(0x00, 0x6f5e8818) // `NoHandoverRequest()`.revert(0x1c, 0x04)
}
// Set the handover slot to 0.sstore(handoverSlot, 0)
}
_setOwner(pendingOwner);
}
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* PUBLIC READ FUNCTIONS *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev Returns the owner of the contract.functionowner() publicviewvirtualreturns (address result) {
/// @solidity memory-safe-assemblyassembly {
result :=sload(_OWNER_SLOT)
}
}
/// @dev Returns the expiry timestamp for the two-step ownership handover to `pendingOwner`.functionownershipHandoverExpiresAt(address pendingOwner)
publicviewvirtualreturns (uint256 result)
{
/// @solidity memory-safe-assemblyassembly {
// Compute the handover slot.mstore(0x0c, _HANDOVER_SLOT_SEED)
mstore(0x00, pendingOwner)
// Load the handover slot.
result :=sload(keccak256(0x0c, 0x20))
}
}
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* MODIFIERS *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev Marks a function as only callable by the owner.modifieronlyOwner() virtual{
_checkOwner();
_;
}
}
// SPDX-License-Identifier: MITpragmasolidity ^0.8.4;/// @notice Safe ETH and ERC20 transfer library that gracefully handles missing return values./// @author Solady (https://github.com/vectorized/solady/blob/main/src/utils/SafeTransferLib.sol)/// @author Modified from Solmate (https://github.com/transmissions11/solmate/blob/main/src/utils/SafeTransferLib.sol)////// @dev Note:/// - For ETH transfers, please use `forceSafeTransferETH` for DoS protection./// - For ERC20s, this implementation won't check that a token has code,/// responsibility is delegated to the caller.librarySafeTransferLib{
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* CUSTOM ERRORS *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev The ETH transfer has failed.errorETHTransferFailed();
/// @dev The ERC20 `transferFrom` has failed.errorTransferFromFailed();
/// @dev The ERC20 `transfer` has failed.errorTransferFailed();
/// @dev The ERC20 `approve` has failed.errorApproveFailed();
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* CONSTANTS *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev Suggested gas stipend for contract receiving ETH that disallows any storage writes.uint256internalconstant GAS_STIPEND_NO_STORAGE_WRITES =2300;
/// @dev Suggested gas stipend for contract receiving ETH to perform a few/// storage reads and writes, but low enough to prevent griefing.uint256internalconstant GAS_STIPEND_NO_GRIEF =100000;
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* ETH OPERATIONS *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*/// If the ETH transfer MUST succeed with a reasonable gas budget, use the force variants.//// The regular variants:// - Forwards all remaining gas to the target.// - Reverts if the target reverts.// - Reverts if the current contract has insufficient balance.//// The force variants:// - Forwards with an optional gas stipend// (defaults to `GAS_STIPEND_NO_GRIEF`, which is sufficient for most cases).// - If the target reverts, or if the gas stipend is exhausted,// creates a temporary contract to force send the ETH via `SELFDESTRUCT`.// Future compatible with `SENDALL`: https://eips.ethereum.org/EIPS/eip-4758.// - Reverts if the current contract has insufficient balance.//// The try variants:// - Forwards with a mandatory gas stipend.// - Instead of reverting, returns whether the transfer succeeded./// @dev Sends `amount` (in wei) ETH to `to`.functionsafeTransferETH(address to, uint256 amount) internal{
/// @solidity memory-safe-assemblyassembly {
ifiszero(call(gas(), to, amount, codesize(), 0x00, codesize(), 0x00)) {
mstore(0x00, 0xb12d13eb) // `ETHTransferFailed()`.revert(0x1c, 0x04)
}
}
}
/// @dev Sends all the ETH in the current contract to `to`.functionsafeTransferAllETH(address to) internal{
/// @solidity memory-safe-assemblyassembly {
// Transfer all the ETH and check if it succeeded or not.ifiszero(call(gas(), to, selfbalance(), codesize(), 0x00, codesize(), 0x00)) {
mstore(0x00, 0xb12d13eb) // `ETHTransferFailed()`.revert(0x1c, 0x04)
}
}
}
/// @dev Force sends `amount` (in wei) ETH to `to`, with a `gasStipend`.functionforceSafeTransferETH(address to, uint256 amount, uint256 gasStipend) internal{
/// @solidity memory-safe-assemblyassembly {
iflt(selfbalance(), amount) {
mstore(0x00, 0xb12d13eb) // `ETHTransferFailed()`.revert(0x1c, 0x04)
}
ifiszero(call(gasStipend, to, amount, codesize(), 0x00, codesize(), 0x00)) {
mstore(0x00, to) // Store the address in scratch space.mstore8(0x0b, 0x73) // Opcode `PUSH20`.mstore8(0x20, 0xff) // Opcode `SELFDESTRUCT`.ifiszero(create(amount, 0x0b, 0x16)) { revert(codesize(), codesize()) } // For gas estimation.
}
}
}
/// @dev Force sends all the ETH in the current contract to `to`, with a `gasStipend`.functionforceSafeTransferAllETH(address to, uint256 gasStipend) internal{
/// @solidity memory-safe-assemblyassembly {
ifiszero(call(gasStipend, to, selfbalance(), codesize(), 0x00, codesize(), 0x00)) {
mstore(0x00, to) // Store the address in scratch space.mstore8(0x0b, 0x73) // Opcode `PUSH20`.mstore8(0x20, 0xff) // Opcode `SELFDESTRUCT`.ifiszero(create(selfbalance(), 0x0b, 0x16)) { revert(codesize(), codesize()) } // For gas estimation.
}
}
}
/// @dev Force sends `amount` (in wei) ETH to `to`, with `GAS_STIPEND_NO_GRIEF`.functionforceSafeTransferETH(address to, uint256 amount) internal{
/// @solidity memory-safe-assemblyassembly {
iflt(selfbalance(), amount) {
mstore(0x00, 0xb12d13eb) // `ETHTransferFailed()`.revert(0x1c, 0x04)
}
ifiszero(call(GAS_STIPEND_NO_GRIEF, to, amount, codesize(), 0x00, codesize(), 0x00)) {
mstore(0x00, to) // Store the address in scratch space.mstore8(0x0b, 0x73) // Opcode `PUSH20`.mstore8(0x20, 0xff) // Opcode `SELFDESTRUCT`.ifiszero(create(amount, 0x0b, 0x16)) { revert(codesize(), codesize()) } // For gas estimation.
}
}
}
/// @dev Force sends all the ETH in the current contract to `to`, with `GAS_STIPEND_NO_GRIEF`.functionforceSafeTransferAllETH(address to) internal{
/// @solidity memory-safe-assemblyassembly {
// forgefmt: disable-next-itemifiszero(call(GAS_STIPEND_NO_GRIEF, to, selfbalance(), codesize(), 0x00, codesize(), 0x00)) {
mstore(0x00, to) // Store the address in scratch space.mstore8(0x0b, 0x73) // Opcode `PUSH20`.mstore8(0x20, 0xff) // Opcode `SELFDESTRUCT`.ifiszero(create(selfbalance(), 0x0b, 0x16)) { revert(codesize(), codesize()) } // For gas estimation.
}
}
}
/// @dev Sends `amount` (in wei) ETH to `to`, with a `gasStipend`.functiontrySafeTransferETH(address to, uint256 amount, uint256 gasStipend)
internalreturns (bool success)
{
/// @solidity memory-safe-assemblyassembly {
success :=call(gasStipend, to, amount, codesize(), 0x00, codesize(), 0x00)
}
}
/// @dev Sends all the ETH in the current contract to `to`, with a `gasStipend`.functiontrySafeTransferAllETH(address to, uint256 gasStipend)
internalreturns (bool success)
{
/// @solidity memory-safe-assemblyassembly {
success :=call(gasStipend, to, selfbalance(), codesize(), 0x00, codesize(), 0x00)
}
}
/*ยด:ยฐโข.ยฐ+.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐโข.*โขยด.*:ห.ยฐ*.หโขยด.ยฐ:ยฐโข.ยฐ+.*โขยด.*:*//* ERC20 OPERATIONS *//*.โขยฐ:ยฐ.ยด+ห.*ยฐ.ห:*.ยดโข*.+ยฐ.โขยฐ:ยด*.ยดโข*.โขยฐ.โขยฐ:ยฐ.ยด:โขหยฐ.*ยฐ.ห:*.ยด+ยฐ.โข*//// @dev Sends `amount` of ERC20 `token` from `from` to `to`./// Reverts upon failure.////// The `from` account must have at least `amount` approved for/// the current contract to manage.functionsafeTransferFrom(address token, addressfrom, address to, uint256 amount) internal{
/// @solidity memory-safe-assemblyassembly {
let m :=mload(0x40) // Cache the free memory pointer.mstore(0x60, amount) // Store the `amount` argument.mstore(0x40, to) // Store the `to` argument.mstore(0x2c, shl(96, from)) // Store the `from` argument.mstore(0x0c, 0x23b872dd000000000000000000000000) // `transferFrom(address,address,uint256)`.// Perform the transfer, reverting upon failure.ifiszero(
and( // The arguments of `and` are evaluated from right to left.or(eq(mload(0x00), 1), iszero(returndatasize())), // Returned 1 or nothing.call(gas(), token, 0, 0x1c, 0x64, 0x00, 0x20)
)
) {
mstore(0x00, 0x7939f424) // `TransferFromFailed()`.revert(0x1c, 0x04)
}
mstore(0x60, 0) // Restore the zero slot to zero.mstore(0x40, m) // Restore the free memory pointer.
}
}
/// @dev Sends all of ERC20 `token` from `from` to `to`./// Reverts upon failure.////// The `from` account must have their entire balance approved for/// the current contract to manage.functionsafeTransferAllFrom(address token, addressfrom, address to)
internalreturns (uint256 amount)
{
/// @solidity memory-safe-assemblyassembly {
let m :=mload(0x40) // Cache the free memory pointer.mstore(0x40, to) // Store the `to` argument.mstore(0x2c, shl(96, from)) // Store the `from` argument.mstore(0x0c, 0x70a08231000000000000000000000000) // `balanceOf(address)`.// Read the balance, reverting upon failure.ifiszero(
and( // The arguments of `and` are evaluated from right to left.gt(returndatasize(), 0x1f), // At least 32 bytes returned.staticcall(gas(), token, 0x1c, 0x24, 0x60, 0x20)
)
) {
mstore(0x00, 0x7939f424) // `TransferFromFailed()`.revert(0x1c, 0x04)
}
mstore(0x00, 0x23b872dd) // `transferFrom(address,address,uint256)`.
amount :=mload(0x60) // The `amount` is already at 0x60. We'll need to return it.// Perform the transfer, reverting upon failure.ifiszero(
and( // The arguments of `and` are evaluated from right to left.or(eq(mload(0x00), 1), iszero(returndatasize())), // Returned 1 or nothing.call(gas(), token, 0, 0x1c, 0x64, 0x00, 0x20)
)
) {
mstore(0x00, 0x7939f424) // `TransferFromFailed()`.revert(0x1c, 0x04)
}
mstore(0x60, 0) // Restore the zero slot to zero.mstore(0x40, m) // Restore the free memory pointer.
}
}
/// @dev Sends `amount` of ERC20 `token` from the current contract to `to`./// Reverts upon failure.functionsafeTransfer(address token, address to, uint256 amount) internal{
/// @solidity memory-safe-assemblyassembly {
mstore(0x14, to) // Store the `to` argument.mstore(0x34, amount) // Store the `amount` argument.mstore(0x00, 0xa9059cbb000000000000000000000000) // `transfer(address,uint256)`.// Perform the transfer, reverting upon failure.ifiszero(
and( // The arguments of `and` are evaluated from right to left.or(eq(mload(0x00), 1), iszero(returndatasize())), // Returned 1 or nothing.call(gas(), token, 0, 0x10, 0x44, 0x00, 0x20)
)
) {
mstore(0x00, 0x90b8ec18) // `TransferFailed()`.revert(0x1c, 0x04)
}
mstore(0x34, 0) // Restore the part of the free memory pointer that was overwritten.
}
}
/// @dev Sends all of ERC20 `token` from the current contract to `to`./// Reverts upon failure.functionsafeTransferAll(address token, address to) internalreturns (uint256 amount) {
/// @solidity memory-safe-assemblyassembly {
mstore(0x00, 0x70a08231) // Store the function selector of `balanceOf(address)`.mstore(0x20, address()) // Store the address of the current contract.// Read the balance, reverting upon failure.ifiszero(
and( // The arguments of `and` are evaluated from right to left.gt(returndatasize(), 0x1f), // At least 32 bytes returned.staticcall(gas(), token, 0x1c, 0x24, 0x34, 0x20)
)
) {
mstore(0x00, 0x90b8ec18) // `TransferFailed()`.revert(0x1c, 0x04)
}
mstore(0x14, to) // Store the `to` argument.
amount :=mload(0x34) // The `amount` is already at 0x34. We'll need to return it.mstore(0x00, 0xa9059cbb000000000000000000000000) // `transfer(address,uint256)`.// Perform the transfer, reverting upon failure.ifiszero(
and( // The arguments of `and` are evaluated from right to left.or(eq(mload(0x00), 1), iszero(returndatasize())), // Returned 1 or nothing.call(gas(), token, 0, 0x10, 0x44, 0x00, 0x20)
)
) {
mstore(0x00, 0x90b8ec18) // `TransferFailed()`.revert(0x1c, 0x04)
}
mstore(0x34, 0) // Restore the part of the free memory pointer that was overwritten.
}
}
/// @dev Sets `amount` of ERC20 `token` for `to` to manage on behalf of the current contract./// Reverts upon failure.functionsafeApprove(address token, address to, uint256 amount) internal{
/// @solidity memory-safe-assemblyassembly {
mstore(0x14, to) // Store the `to` argument.mstore(0x34, amount) // Store the `amount` argument.mstore(0x00, 0x095ea7b3000000000000000000000000) // `approve(address,uint256)`.// Perform the approval, reverting upon failure.ifiszero(
and( // The arguments of `and` are evaluated from right to left.or(eq(mload(0x00), 1), iszero(returndatasize())), // Returned 1 or nothing.call(gas(), token, 0, 0x10, 0x44, 0x00, 0x20)
)
) {
mstore(0x00, 0x3e3f8f73) // `ApproveFailed()`.revert(0x1c, 0x04)
}
mstore(0x34, 0) // Restore the part of the free memory pointer that was overwritten.
}
}
/// @dev Sets `amount` of ERC20 `token` for `to` to manage on behalf of the current contract./// If the initial attempt to approve fails, attempts to reset the approved amount to zero,/// then retries the approval again (some tokens, e.g. USDT, requires this)./// Reverts upon failure.functionsafeApproveWithRetry(address token, address to, uint256 amount) internal{
/// @solidity memory-safe-assemblyassembly {
mstore(0x14, to) // Store the `to` argument.mstore(0x34, amount) // Store the `amount` argument.mstore(0x00, 0x095ea7b3000000000000000000000000) // `approve(address,uint256)`.// Perform the approval, retrying upon failure.ifiszero(
and( // The arguments of `and` are evaluated from right to left.or(eq(mload(0x00), 1), iszero(returndatasize())), // Returned 1 or nothing.call(gas(), token, 0, 0x10, 0x44, 0x00, 0x20)
)
) {
mstore(0x34, 0) // Store 0 for the `amount`.mstore(0x00, 0x095ea7b3000000000000000000000000) // `approve(address,uint256)`.pop(call(gas(), token, 0, 0x10, 0x44, codesize(), 0x00)) // Reset the approval.mstore(0x34, amount) // Store back the original `amount`.// Retry the approval, reverting upon failure.ifiszero(
and(
or(eq(mload(0x00), 1), iszero(returndatasize())), // Returned 1 or nothing.call(gas(), token, 0, 0x10, 0x44, 0x00, 0x20)
)
) {
mstore(0x00, 0x3e3f8f73) // `ApproveFailed()`.revert(0x1c, 0x04)
}
}
mstore(0x34, 0) // Restore the part of the free memory pointer that was overwritten.
}
}
/// @dev Returns the amount of ERC20 `token` owned by `account`./// Returns zero if the `token` does not exist.functionbalanceOf(address token, address account) internalviewreturns (uint256 amount) {
/// @solidity memory-safe-assemblyassembly {
mstore(0x14, account) // Store the `account` argument.mstore(0x00, 0x70a08231000000000000000000000000) // `balanceOf(address)`.
amount :=mul(
mload(0x20),
and( // The arguments of `and` are evaluated from right to left.gt(returndatasize(), 0x1f), // At least 32 bytes returned.staticcall(gas(), token, 0x10, 0x24, 0x20, 0x20)
)
)
}
}
}
Contract Source Code
File 15 of 16: SignedMath.sol
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.0) (utils/math/SignedMath.sol)pragmasolidity ^0.8.20;/**
* @dev Standard signed math utilities missing in the Solidity language.
*/librarySignedMath{
/**
* @dev Returns the largest of two signed numbers.
*/functionmax(int256 a, int256 b) internalpurereturns (int256) {
return a > b ? a : b;
}
/**
* @dev Returns the smallest of two signed numbers.
*/functionmin(int256 a, int256 b) internalpurereturns (int256) {
return a < b ? a : b;
}
/**
* @dev Returns the average of two signed numbers without overflow.
* The result is rounded towards zero.
*/functionaverage(int256 a, int256 b) internalpurereturns (int256) {
// Formula from the book "Hacker's Delight"int256 x = (a & b) + ((a ^ b) >>1);
return x + (int256(uint256(x) >>255) & (a ^ b));
}
/**
* @dev Returns the absolute unsigned value of a signed value.
*/functionabs(int256 n) internalpurereturns (uint256) {
unchecked {
// must be unchecked in order to support `n = type(int256).min`returnuint256(n >=0 ? n : -n);
}
}
}
Contract Source Code
File 16 of 16: Strings.sol
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.0) (utils/Strings.sol)pragmasolidity ^0.8.20;import {Math} from"./math/Math.sol";
import {SignedMath} from"./math/SignedMath.sol";
/**
* @dev String operations.
*/libraryStrings{
bytes16privateconstant HEX_DIGITS ="0123456789abcdef";
uint8privateconstant ADDRESS_LENGTH =20;
/**
* @dev The `value` string doesn't fit in the specified `length`.
*/errorStringsInsufficientHexLength(uint256 value, uint256 length);
/**
* @dev Converts a `uint256` to its ASCII `string` decimal representation.
*/functiontoString(uint256 value) internalpurereturns (stringmemory) {
unchecked {
uint256 length = Math.log10(value) +1;
stringmemory buffer =newstring(length);
uint256 ptr;
/// @solidity memory-safe-assemblyassembly {
ptr :=add(buffer, add(32, length))
}
while (true) {
ptr--;
/// @solidity memory-safe-assemblyassembly {
mstore8(ptr, byte(mod(value, 10), HEX_DIGITS))
}
value /=10;
if (value ==0) break;
}
return buffer;
}
}
/**
* @dev Converts a `int256` to its ASCII `string` decimal representation.
*/functiontoStringSigned(int256 value) internalpurereturns (stringmemory) {
returnstring.concat(value <0 ? "-" : "", toString(SignedMath.abs(value)));
}
/**
* @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.
*/functiontoHexString(uint256 value) internalpurereturns (stringmemory) {
unchecked {
return toHexString(value, Math.log256(value) +1);
}
}
/**
* @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.
*/functiontoHexString(uint256 value, uint256 length) internalpurereturns (stringmemory) {
uint256 localValue = value;
bytesmemory buffer =newbytes(2* length +2);
buffer[0] ="0";
buffer[1] ="x";
for (uint256 i =2* length +1; i >1; --i) {
buffer[i] = HEX_DIGITS[localValue &0xf];
localValue >>=4;
}
if (localValue !=0) {
revert StringsInsufficientHexLength(value, length);
}
returnstring(buffer);
}
/**
* @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal
* representation.
*/functiontoHexString(address addr) internalpurereturns (stringmemory) {
return toHexString(uint256(uint160(addr)), ADDRESS_LENGTH);
}
/**
* @dev Returns true if the two strings are equal.
*/functionequal(stringmemory a, stringmemory b) internalpurereturns (bool) {
returnbytes(a).length==bytes(b).length&&keccak256(bytes(a)) ==keccak256(bytes(b));
}
}
