// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.0) (access/manager/AccessManaged.sol)pragmasolidity ^0.8.20;import {IAuthority} from"./IAuthority.sol";
import {AuthorityUtils} from"./AuthorityUtils.sol";
import {IAccessManager} from"./IAccessManager.sol";
import {IAccessManaged} from"./IAccessManaged.sol";
import {Context} from"../../utils/Context.sol";
/**
* @dev This contract module makes available a {restricted} modifier. Functions decorated with this modifier will be
* permissioned according to an "authority": a contract like {AccessManager} that follows the {IAuthority} interface,
* implementing a policy that allows certain callers to access certain functions.
*
* IMPORTANT: The `restricted` modifier should never be used on `internal` functions, judiciously used in `public`
* functions, and ideally only used in `external` functions. See {restricted}.
*/abstractcontractAccessManagedisContext, IAccessManaged{
addressprivate _authority;
boolprivate _consumingSchedule;
/**
* @dev Initializes the contract connected to an initial authority.
*/constructor(address initialAuthority) {
_setAuthority(initialAuthority);
}
/**
* @dev Restricts access to a function as defined by the connected Authority for this contract and the
* caller and selector of the function that entered the contract.
*
* [IMPORTANT]
* ====
* In general, this modifier should only be used on `external` functions. It is okay to use it on `public`
* functions that are used as external entry points and are not called internally. Unless you know what you're
* doing, it should never be used on `internal` functions. Failure to follow these rules can have critical security
* implications! This is because the permissions are determined by the function that entered the contract, i.e. the
* function at the bottom of the call stack, and not the function where the modifier is visible in the source code.
* ====
*
* [WARNING]
* ====
* Avoid adding this modifier to the https://docs.soliditylang.org/en/v0.8.20/contracts.html#receive-ether-function[`receive()`]
* function or the https://docs.soliditylang.org/en/v0.8.20/contracts.html#fallback-function[`fallback()`]. These
* functions are the only execution paths where a function selector cannot be unambiguosly determined from the calldata
* since the selector defaults to `0x00000000` in the `receive()` function and similarly in the `fallback()` function
* if no calldata is provided. (See {_checkCanCall}).
*
* The `receive()` function will always panic whereas the `fallback()` may panic depending on the calldata length.
* ====
*/modifierrestricted() {
_checkCanCall(_msgSender(), _msgData());
_;
}
/// @inheritdoc IAccessManagedfunctionauthority() publicviewvirtualreturns (address) {
return _authority;
}
/// @inheritdoc IAccessManagedfunctionsetAuthority(address newAuthority) publicvirtual{
address caller = _msgSender();
if (caller != authority()) {
revert AccessManagedUnauthorized(caller);
}
if (newAuthority.code.length==0) {
revert AccessManagedInvalidAuthority(newAuthority);
}
_setAuthority(newAuthority);
}
/// @inheritdoc IAccessManagedfunctionisConsumingScheduledOp() publicviewreturns (bytes4) {
return _consumingSchedule ? this.isConsumingScheduledOp.selector : bytes4(0);
}
/**
* @dev Transfers control to a new authority. Internal function with no access restriction. Allows bypassing the
* permissions set by the current authority.
*/function_setAuthority(address newAuthority) internalvirtual{
_authority = newAuthority;
emit AuthorityUpdated(newAuthority);
}
/**
* @dev Reverts if the caller is not allowed to call the function identified by a selector. Panics if the calldata
* is less than 4 bytes long.
*/function_checkCanCall(address caller, bytescalldata data) internalvirtual{
(bool immediate, uint32 delay) = AuthorityUtils.canCallWithDelay(
authority(),
caller,
address(this),
bytes4(data[0:4])
);
if (!immediate) {
if (delay >0) {
_consumingSchedule =true;
IAccessManager(authority()).consumeScheduledOp(caller, data);
_consumingSchedule =false;
} else {
revert AccessManagedUnauthorized(caller);
}
}
}
}
Contract Source Code
File 2 of 54: AccessManagedUpgradeable.sol
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.0) (access/manager/AccessManaged.sol)pragmasolidity ^0.8.20;import {AuthorityUtils} from"@openzeppelin/contracts/access/manager/AuthorityUtils.sol";
import {IAccessManager} from"@openzeppelin/contracts/access/manager/IAccessManager.sol";
import {IAccessManaged} from"@openzeppelin/contracts/access/manager/IAccessManaged.sol";
import {ContextUpgradeable} from"@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol";
import {Initializable} from"@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
/**
* @dev This contract module makes available a {restricted} modifier. Functions decorated with this modifier will be
* permissioned according to an "authority": a contract like {AccessManager} that follows the {IAuthority} interface,
* implementing a policy that allows certain callers to access certain functions.
*
* IMPORTANT: The `restricted` modifier should never be used on `internal` functions, judiciously used in `public`
* functions, and ideally only used in `external` functions. See {restricted}.
*/abstractcontractAccessManagedUpgradeableisInitializable, ContextUpgradeable, IAccessManaged{
/// @custom:storage-location erc7201:openzeppelin.storage.AccessManagedstructAccessManagedStorage {
address _authority;
bool _consumingSchedule;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.AccessManaged")) - 1)) & ~bytes32(uint256(0xff))bytes32privateconstant ACCESS_MANAGED_STORAGE_LOCATION =0xf3177357ab46d8af007ab3fdb9af81da189e1068fefdc0073dca88a2cab40a00;
function_getAccessManagedStorage() internalpurereturns (AccessManagedStorage storage $) {
assembly {
$.slot:= ACCESS_MANAGED_STORAGE_LOCATION
}
}
/**
* @dev Initializes the contract connected to an initial authority.
*/function__AccessManaged_init(address initialAuthority) internalonlyInitializing{
// solhint-disable-previous-line func-name-mixedcase
__AccessManaged_init_unchained(initialAuthority);
}
function__AccessManaged_init_unchained(address initialAuthority) internalonlyInitializing{
// solhint-disable-previous-line func-name-mixedcase
_setAuthority(initialAuthority);
}
/**
* @dev Restricts access to a function as defined by the connected Authority for this contract and the
* caller and selector of the function that entered the contract.
*
* [IMPORTANT]
* ====
* In general, this modifier should only be used on `external` functions. It is okay to use it on `public`
* functions that are used as external entry points and are not called internally. Unless you know what you're
* doing, it should never be used on `internal` functions. Failure to follow these rules can have critical security
* implications! This is because the permissions are determined by the function that entered the contract, i.e. the
* function at the bottom of the call stack, and not the function where the modifier is visible in the source code.
* ====
*
* [WARNING]
* ====
* Avoid adding this modifier to the https://docs.soliditylang.org/en/v0.8.20/contracts.html#receive-ether-function[`receive()`]
* function or the https://docs.soliditylang.org/en/v0.8.20/contracts.html#fallback-function[`fallback()`]. These
* functions are the only execution paths where a function selector cannot be unambiguosly determined from the calldata
* since the selector defaults to `0x00000000` in the `receive()` function and similarly in the `fallback()` function
* if no calldata is provided. (See {_checkCanCall}).
*
* The `receive()` function will always panic whereas the `fallback()` may panic depending on the calldata length.
* ====
*/modifierrestricted() {
_checkCanCall(_msgSender(), _msgData());
_;
}
/// @inheritdoc IAccessManagedfunctionauthority() publicviewvirtualreturns (address) {
AccessManagedStorage storage $ = _getAccessManagedStorage();
return $._authority;
}
/// @inheritdoc IAccessManagedfunctionsetAuthority(address newAuthority) publicvirtual{
address caller = _msgSender();
if (caller != authority()) {
revert AccessManagedUnauthorized(caller);
}
if (newAuthority.code.length==0) {
revert AccessManagedInvalidAuthority(newAuthority);
}
_setAuthority(newAuthority);
}
/// @inheritdoc IAccessManagedfunctionisConsumingScheduledOp() publicviewvirtualreturns (bytes4) {
AccessManagedStorage storage $ = _getAccessManagedStorage();
return $._consumingSchedule ? this.isConsumingScheduledOp.selector : bytes4(0);
}
/**
* @dev Transfers control to a new authority. Internal function with no access restriction. Allows bypassing the
* permissions set by the current authority.
*/function_setAuthority(address newAuthority) internalvirtual{
AccessManagedStorage storage $ = _getAccessManagedStorage();
$._authority = newAuthority;
emit AuthorityUpdated(newAuthority);
}
/**
* @dev Reverts if the caller is not allowed to call the function identified by a selector. Panics if the calldata
* is less than 4 bytes long.
*/function_checkCanCall(address caller, bytescalldata data) internalvirtual{
AccessManagedStorage storage $ = _getAccessManagedStorage();
(bool immediate, uint32 delay) = AuthorityUtils.canCallWithDelay(
authority(),
caller,
address(this),
bytes4(data[0:4])
);
if (!immediate) {
if (delay >0) {
$._consumingSchedule =true;
IAccessManager(authority()).consumeScheduledOp(caller, data);
$._consumingSchedule =false;
} else {
revert AccessManagedUnauthorized(caller);
}
}
}
}
Contract Source Code
File 3 of 54: AccessManager.sol
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.0) (access/manager/AccessManager.sol)pragmasolidity ^0.8.20;import {IAccessManager} from"./IAccessManager.sol";
import {IAccessManaged} from"./IAccessManaged.sol";
import {Address} from"../../utils/Address.sol";
import {Context} from"../../utils/Context.sol";
import {Multicall} from"../../utils/Multicall.sol";
import {Math} from"../../utils/math/Math.sol";
import {Time} from"../../utils/types/Time.sol";
/**
* @dev AccessManager is a central contract to store the permissions of a system.
*
* A smart contract under the control of an AccessManager instance is known as a target, and will inherit from the
* {AccessManaged} contract, be connected to this contract as its manager and implement the {AccessManaged-restricted}
* modifier on a set of functions selected to be permissioned. Note that any function without this setup won't be
* effectively restricted.
*
* The restriction rules for such functions are defined in terms of "roles" identified by an `uint64` and scoped
* by target (`address`) and function selectors (`bytes4`). These roles are stored in this contract and can be
* configured by admins (`ADMIN_ROLE` members) after a delay (see {getTargetAdminDelay}).
*
* For each target contract, admins can configure the following without any delay:
*
* * The target's {AccessManaged-authority} via {updateAuthority}.
* * Close or open a target via {setTargetClosed} keeping the permissions intact.
* * The roles that are allowed (or disallowed) to call a given function (identified by its selector) through {setTargetFunctionRole}.
*
* By default every address is member of the `PUBLIC_ROLE` and every target function is restricted to the `ADMIN_ROLE` until configured otherwise.
* Additionally, each role has the following configuration options restricted to this manager's admins:
*
* * A role's admin role via {setRoleAdmin} who can grant or revoke roles.
* * A role's guardian role via {setRoleGuardian} who's allowed to cancel operations.
* * A delay in which a role takes effect after being granted through {setGrantDelay}.
* * A delay of any target's admin action via {setTargetAdminDelay}.
* * A role label for discoverability purposes with {labelRole}.
*
* Any account can be added and removed into any number of these roles by using the {grantRole} and {revokeRole} functions
* restricted to each role's admin (see {getRoleAdmin}).
*
* Since all the permissions of the managed system can be modified by the admins of this instance, it is expected that
* they will be highly secured (e.g., a multisig or a well-configured DAO).
*
* NOTE: This contract implements a form of the {IAuthority} interface, but {canCall} has additional return data so it
* doesn't inherit `IAuthority`. It is however compatible with the `IAuthority` interface since the first 32 bytes of
* the return data are a boolean as expected by that interface.
*
* NOTE: Systems that implement other access control mechanisms (for example using {Ownable}) can be paired with an
* {AccessManager} by transferring permissions (ownership in the case of {Ownable}) directly to the {AccessManager}.
* Users will be able to interact with these contracts through the {execute} function, following the access rules
* registered in the {AccessManager}. Keep in mind that in that context, the msg.sender seen by restricted functions
* will be {AccessManager} itself.
*
* WARNING: When granting permissions over an {Ownable} or {AccessControl} contract to an {AccessManager}, be very
* mindful of the danger associated with functions such as {{Ownable-renounceOwnership}} or
* {{AccessControl-renounceRole}}.
*/contractAccessManagerisContext, Multicall, IAccessManager{
usingTimefor*;
// Structure that stores the details for a target contract.structTargetConfig {
mapping(bytes4 selector =>uint64 roleId) allowedRoles;
Time.Delay adminDelay;
bool closed;
}
// Structure that stores the details for a role/account pair. This structures fit into a single slot.structAccess {
// Timepoint at which the user gets the permission.// If this is either 0 or in the future, then the role permission is not available.uint48 since;
// Delay for execution. Only applies to restricted() / execute() calls.
Time.Delay delay;
}
// Structure that stores the details of a role.structRole {
// Members of the role.mapping(address user => Access access) members;
// Admin who can grant or revoke permissions.uint64 admin;
// Guardian who can cancel operations targeting functions that need this role.uint64 guardian;
// Delay in which the role takes effect after being granted.
Time.Delay grantDelay;
}
// Structure that stores the details for a scheduled operation. This structure fits into a single slot.structSchedule {
// Moment at which the operation can be executed.uint48 timepoint;
// Operation nonce to allow third-party contracts to identify the operation.uint32 nonce;
}
uint64publicconstant ADMIN_ROLE =type(uint64).min; // 0uint64publicconstant PUBLIC_ROLE =type(uint64).max; // 2**64-1mapping(address target => TargetConfig mode) private _targets;
mapping(uint64 roleId => Role) private _roles;
mapping(bytes32 operationId => Schedule) private _schedules;
// Used to identify operations that are currently being executed via {execute}.// This should be transient storage when supported by the EVM.bytes32private _executionId;
/**
* @dev Check that the caller is authorized to perform the operation, following the restrictions encoded in
* {_getAdminRestrictions}.
*/modifieronlyAuthorized() {
_checkAuthorized();
_;
}
constructor(address initialAdmin) {
if (initialAdmin ==address(0)) {
revert AccessManagerInvalidInitialAdmin(address(0));
}
// admin is active immediately and without any execution delay.
_grantRole(ADMIN_ROLE, initialAdmin, 0, 0);
}
// =================================================== GETTERS ====================================================/// @inheritdoc IAccessManagerfunctioncanCall(address caller,
address target,
bytes4 selector
) publicviewvirtualreturns (bool immediate, uint32 delay) {
if (isTargetClosed(target)) {
return (false, 0);
} elseif (caller ==address(this)) {
// Caller is AccessManager, this means the call was sent through {execute} and it already checked// permissions. We verify that the call "identifier", which is set during {execute}, is correct.return (_isExecuting(target, selector), 0);
} else {
uint64 roleId = getTargetFunctionRole(target, selector);
(bool isMember, uint32 currentDelay) = hasRole(roleId, caller);
return isMember ? (currentDelay ==0, currentDelay) : (false, 0);
}
}
/// @inheritdoc IAccessManagerfunctionexpiration() publicviewvirtualreturns (uint32) {
return1weeks;
}
/// @inheritdoc IAccessManagerfunctionminSetback() publicviewvirtualreturns (uint32) {
return5days;
}
/// @inheritdoc IAccessManagerfunctionisTargetClosed(address target) publicviewvirtualreturns (bool) {
return _targets[target].closed;
}
/// @inheritdoc IAccessManagerfunctiongetTargetFunctionRole(address target, bytes4 selector) publicviewvirtualreturns (uint64) {
return _targets[target].allowedRoles[selector];
}
/// @inheritdoc IAccessManagerfunctiongetTargetAdminDelay(address target) publicviewvirtualreturns (uint32) {
return _targets[target].adminDelay.get();
}
/// @inheritdoc IAccessManagerfunctiongetRoleAdmin(uint64 roleId) publicviewvirtualreturns (uint64) {
return _roles[roleId].admin;
}
/// @inheritdoc IAccessManagerfunctiongetRoleGuardian(uint64 roleId) publicviewvirtualreturns (uint64) {
return _roles[roleId].guardian;
}
/// @inheritdoc IAccessManagerfunctiongetRoleGrantDelay(uint64 roleId) publicviewvirtualreturns (uint32) {
return _roles[roleId].grantDelay.get();
}
/// @inheritdoc IAccessManagerfunctiongetAccess(uint64 roleId,
address account
) publicviewvirtualreturns (uint48 since, uint32 currentDelay, uint32 pendingDelay, uint48 effect) {
Access storage access = _roles[roleId].members[account];
since = access.since;
(currentDelay, pendingDelay, effect) = access.delay.getFull();
return (since, currentDelay, pendingDelay, effect);
}
/// @inheritdoc IAccessManagerfunctionhasRole(uint64 roleId,
address account
) publicviewvirtualreturns (bool isMember, uint32 executionDelay) {
if (roleId == PUBLIC_ROLE) {
return (true, 0);
} else {
(uint48 hasRoleSince, uint32 currentDelay, , ) = getAccess(roleId, account);
return (hasRoleSince !=0&& hasRoleSince <= Time.timestamp(), currentDelay);
}
}
// =============================================== ROLE MANAGEMENT ===============================================/// @inheritdoc IAccessManagerfunctionlabelRole(uint64 roleId, stringcalldata label) publicvirtualonlyAuthorized{
if (roleId == ADMIN_ROLE || roleId == PUBLIC_ROLE) {
revert AccessManagerLockedRole(roleId);
}
emit RoleLabel(roleId, label);
}
/// @inheritdoc IAccessManagerfunctiongrantRole(uint64 roleId, address account, uint32 executionDelay) publicvirtualonlyAuthorized{
_grantRole(roleId, account, getRoleGrantDelay(roleId), executionDelay);
}
/// @inheritdoc IAccessManagerfunctionrevokeRole(uint64 roleId, address account) publicvirtualonlyAuthorized{
_revokeRole(roleId, account);
}
/// @inheritdoc IAccessManagerfunctionrenounceRole(uint64 roleId, address callerConfirmation) publicvirtual{
if (callerConfirmation != _msgSender()) {
revert AccessManagerBadConfirmation();
}
_revokeRole(roleId, callerConfirmation);
}
/// @inheritdoc IAccessManagerfunctionsetRoleAdmin(uint64 roleId, uint64 admin) publicvirtualonlyAuthorized{
_setRoleAdmin(roleId, admin);
}
/// @inheritdoc IAccessManagerfunctionsetRoleGuardian(uint64 roleId, uint64 guardian) publicvirtualonlyAuthorized{
_setRoleGuardian(roleId, guardian);
}
/// @inheritdoc IAccessManagerfunctionsetGrantDelay(uint64 roleId, uint32 newDelay) publicvirtualonlyAuthorized{
_setGrantDelay(roleId, newDelay);
}
/**
* @dev Internal version of {grantRole} without access control. Returns true if the role was newly granted.
*
* Emits a {RoleGranted} event.
*/function_grantRole(uint64 roleId,
address account,
uint32 grantDelay,
uint32 executionDelay
) internalvirtualreturns (bool) {
if (roleId == PUBLIC_ROLE) {
revert AccessManagerLockedRole(roleId);
}
bool newMember = _roles[roleId].members[account].since ==0;
uint48 since;
if (newMember) {
since = Time.timestamp() + grantDelay;
_roles[roleId].members[account] = Access({since: since, delay: executionDelay.toDelay()});
} else {
// No setback here. Value can be reset by doing revoke + grant, effectively allowing the admin to perform// any change to the execution delay within the duration of the role admin delay.
(_roles[roleId].members[account].delay, since) = _roles[roleId].members[account].delay.withUpdate(
executionDelay,
0
);
}
emit RoleGranted(roleId, account, executionDelay, since, newMember);
return newMember;
}
/**
* @dev Internal version of {revokeRole} without access control. This logic is also used by {renounceRole}.
* Returns true if the role was previously granted.
*
* Emits a {RoleRevoked} event if the account had the role.
*/function_revokeRole(uint64 roleId, address account) internalvirtualreturns (bool) {
if (roleId == PUBLIC_ROLE) {
revert AccessManagerLockedRole(roleId);
}
if (_roles[roleId].members[account].since ==0) {
returnfalse;
}
delete _roles[roleId].members[account];
emit RoleRevoked(roleId, account);
returntrue;
}
/**
* @dev Internal version of {setRoleAdmin} without access control.
*
* Emits a {RoleAdminChanged} event.
*
* NOTE: Setting the admin role as the `PUBLIC_ROLE` is allowed, but it will effectively allow
* anyone to set grant or revoke such role.
*/function_setRoleAdmin(uint64 roleId, uint64 admin) internalvirtual{
if (roleId == ADMIN_ROLE || roleId == PUBLIC_ROLE) {
revert AccessManagerLockedRole(roleId);
}
_roles[roleId].admin = admin;
emit RoleAdminChanged(roleId, admin);
}
/**
* @dev Internal version of {setRoleGuardian} without access control.
*
* Emits a {RoleGuardianChanged} event.
*
* NOTE: Setting the guardian role as the `PUBLIC_ROLE` is allowed, but it will effectively allow
* anyone to cancel any scheduled operation for such role.
*/function_setRoleGuardian(uint64 roleId, uint64 guardian) internalvirtual{
if (roleId == ADMIN_ROLE || roleId == PUBLIC_ROLE) {
revert AccessManagerLockedRole(roleId);
}
_roles[roleId].guardian = guardian;
emit RoleGuardianChanged(roleId, guardian);
}
/**
* @dev Internal version of {setGrantDelay} without access control.
*
* Emits a {RoleGrantDelayChanged} event.
*/function_setGrantDelay(uint64 roleId, uint32 newDelay) internalvirtual{
if (roleId == PUBLIC_ROLE) {
revert AccessManagerLockedRole(roleId);
}
uint48 effect;
(_roles[roleId].grantDelay, effect) = _roles[roleId].grantDelay.withUpdate(newDelay, minSetback());
emit RoleGrantDelayChanged(roleId, newDelay, effect);
}
// ============================================= FUNCTION MANAGEMENT ==============================================/// @inheritdoc IAccessManagerfunctionsetTargetFunctionRole(address target,
bytes4[] calldata selectors,
uint64 roleId
) publicvirtualonlyAuthorized{
for (uint256 i =0; i < selectors.length; ++i) {
_setTargetFunctionRole(target, selectors[i], roleId);
}
}
/**
* @dev Internal version of {setTargetFunctionRole} without access control.
*
* Emits a {TargetFunctionRoleUpdated} event.
*/function_setTargetFunctionRole(address target, bytes4 selector, uint64 roleId) internalvirtual{
_targets[target].allowedRoles[selector] = roleId;
emit TargetFunctionRoleUpdated(target, selector, roleId);
}
/// @inheritdoc IAccessManagerfunctionsetTargetAdminDelay(address target, uint32 newDelay) publicvirtualonlyAuthorized{
_setTargetAdminDelay(target, newDelay);
}
/**
* @dev Internal version of {setTargetAdminDelay} without access control.
*
* Emits a {TargetAdminDelayUpdated} event.
*/function_setTargetAdminDelay(address target, uint32 newDelay) internalvirtual{
uint48 effect;
(_targets[target].adminDelay, effect) = _targets[target].adminDelay.withUpdate(newDelay, minSetback());
emit TargetAdminDelayUpdated(target, newDelay, effect);
}
// =============================================== MODE MANAGEMENT ================================================/// @inheritdoc IAccessManagerfunctionsetTargetClosed(address target, bool closed) publicvirtualonlyAuthorized{
_setTargetClosed(target, closed);
}
/**
* @dev Set the closed flag for a contract. This is an internal setter with no access restrictions.
*
* Emits a {TargetClosed} event.
*/function_setTargetClosed(address target, bool closed) internalvirtual{
if (target ==address(this)) {
revert AccessManagerLockedAccount(target);
}
_targets[target].closed = closed;
emit TargetClosed(target, closed);
}
// ============================================== DELAYED OPERATIONS ==============================================/// @inheritdoc IAccessManagerfunctiongetSchedule(bytes32 id) publicviewvirtualreturns (uint48) {
uint48 timepoint = _schedules[id].timepoint;
return _isExpired(timepoint) ? 0 : timepoint;
}
/// @inheritdoc IAccessManagerfunctiongetNonce(bytes32 id) publicviewvirtualreturns (uint32) {
return _schedules[id].nonce;
}
/// @inheritdoc IAccessManagerfunctionschedule(address target,
bytescalldata data,
uint48 when
) publicvirtualreturns (bytes32 operationId, uint32 nonce) {
address caller = _msgSender();
// Fetch restrictions that apply to the caller on the targeted function
(, uint32 setback) = _canCallExtended(caller, target, data);
uint48 minWhen = Time.timestamp() + setback;
// if call with delay is not authorized, or if requested timing is too soonif (setback ==0|| (when >0&& when < minWhen)) {
revert AccessManagerUnauthorizedCall(caller, target, _checkSelector(data));
}
// Reuse variable due to stack too deep
when =uint48(Math.max(when, minWhen)); // cast is safe: both inputs are uint48// If caller is authorised, schedule operation
operationId = hashOperation(caller, target, data);
_checkNotScheduled(operationId);
unchecked {
// It's not feasible to overflow the nonce in less than 1000 years
nonce = _schedules[operationId].nonce +1;
}
_schedules[operationId].timepoint = when;
_schedules[operationId].nonce = nonce;
emit OperationScheduled(operationId, nonce, when, caller, target, data);
// Using named return values because otherwise we get stack too deep
}
/**
* @dev Reverts if the operation is currently scheduled and has not expired.
* (Note: This function was introduced due to stack too deep errors in schedule.)
*/function_checkNotScheduled(bytes32 operationId) privateview{
uint48 prevTimepoint = _schedules[operationId].timepoint;
if (prevTimepoint !=0&&!_isExpired(prevTimepoint)) {
revert AccessManagerAlreadyScheduled(operationId);
}
}
/// @inheritdoc IAccessManager// Reentrancy is not an issue because permissions are checked on msg.sender. Additionally,// _consumeScheduledOp guarantees a scheduled operation is only executed once.// slither-disable-next-line reentrancy-no-ethfunctionexecute(address target, bytescalldata data) publicpayablevirtualreturns (uint32) {
address caller = _msgSender();
// Fetch restrictions that apply to the caller on the targeted function
(bool immediate, uint32 setback) = _canCallExtended(caller, target, data);
// If caller is not authorised, revertif (!immediate && setback ==0) {
revert AccessManagerUnauthorizedCall(caller, target, _checkSelector(data));
}
bytes32 operationId = hashOperation(caller, target, data);
uint32 nonce;
// If caller is authorised, check operation was scheduled early enough// Consume an available schedule even if there is no currently enforced delayif (setback !=0|| getSchedule(operationId) !=0) {
nonce = _consumeScheduledOp(operationId);
}
// Mark the target and selector as authorisedbytes32 executionIdBefore = _executionId;
_executionId = _hashExecutionId(target, _checkSelector(data));
// Perform call
Address.functionCallWithValue(target, data, msg.value);
// Reset execute identifier
_executionId = executionIdBefore;
return nonce;
}
/// @inheritdoc IAccessManagerfunctioncancel(address caller, address target, bytescalldata data) publicvirtualreturns (uint32) {
address msgsender = _msgSender();
bytes4 selector = _checkSelector(data);
bytes32 operationId = hashOperation(caller, target, data);
if (_schedules[operationId].timepoint ==0) {
revert AccessManagerNotScheduled(operationId);
} elseif (caller != msgsender) {
// calls can only be canceled by the account that scheduled them, a global admin, or by a guardian of the required role.
(bool isAdmin, ) = hasRole(ADMIN_ROLE, msgsender);
(bool isGuardian, ) = hasRole(getRoleGuardian(getTargetFunctionRole(target, selector)), msgsender);
if (!isAdmin &&!isGuardian) {
revert AccessManagerUnauthorizedCancel(msgsender, caller, target, selector);
}
}
delete _schedules[operationId].timepoint; // reset the timepoint, keep the nonceuint32 nonce = _schedules[operationId].nonce;
emit OperationCanceled(operationId, nonce);
return nonce;
}
/// @inheritdoc IAccessManagerfunctionconsumeScheduledOp(address caller, bytescalldata data) publicvirtual{
address target = _msgSender();
if (IAccessManaged(target).isConsumingScheduledOp() != IAccessManaged.isConsumingScheduledOp.selector) {
revert AccessManagerUnauthorizedConsume(target);
}
_consumeScheduledOp(hashOperation(caller, target, data));
}
/**
* @dev Internal variant of {consumeScheduledOp} that operates on bytes32 operationId.
*
* Returns the nonce of the scheduled operation that is consumed.
*/function_consumeScheduledOp(bytes32 operationId) internalvirtualreturns (uint32) {
uint48 timepoint = _schedules[operationId].timepoint;
uint32 nonce = _schedules[operationId].nonce;
if (timepoint ==0) {
revert AccessManagerNotScheduled(operationId);
} elseif (timepoint > Time.timestamp()) {
revert AccessManagerNotReady(operationId);
} elseif (_isExpired(timepoint)) {
revert AccessManagerExpired(operationId);
}
delete _schedules[operationId].timepoint; // reset the timepoint, keep the nonceemit OperationExecuted(operationId, nonce);
return nonce;
}
/// @inheritdoc IAccessManagerfunctionhashOperation(address caller, address target, bytescalldata data) publicviewvirtualreturns (bytes32) {
returnkeccak256(abi.encode(caller, target, data));
}
// ==================================================== OTHERS ====================================================/// @inheritdoc IAccessManagerfunctionupdateAuthority(address target, address newAuthority) publicvirtualonlyAuthorized{
IAccessManaged(target).setAuthority(newAuthority);
}
// ================================================= ADMIN LOGIC ==================================================/**
* @dev Check if the current call is authorized according to admin logic.
*/function_checkAuthorized() private{
address caller = _msgSender();
(bool immediate, uint32 delay) = _canCallSelf(caller, _msgData());
if (!immediate) {
if (delay ==0) {
(, uint64 requiredRole, ) = _getAdminRestrictions(_msgData());
revert AccessManagerUnauthorizedAccount(caller, requiredRole);
} else {
_consumeScheduledOp(hashOperation(caller, address(this), _msgData()));
}
}
}
/**
* @dev Get the admin restrictions of a given function call based on the function and arguments involved.
*
* Returns:
* - bool restricted: does this data match a restricted operation
* - uint64: which role is this operation restricted to
* - uint32: minimum delay to enforce for that operation (max between operation's delay and admin's execution delay)
*/function_getAdminRestrictions(bytescalldata data
) privateviewreturns (bool restricted, uint64 roleAdminId, uint32 executionDelay) {
if (data.length<4) {
return (false, 0, 0);
}
bytes4 selector = _checkSelector(data);
// Restricted to ADMIN with no delay beside any execution delay the caller may haveif (
selector ==this.labelRole.selector||
selector ==this.setRoleAdmin.selector||
selector ==this.setRoleGuardian.selector||
selector ==this.setGrantDelay.selector||
selector ==this.setTargetAdminDelay.selector
) {
return (true, ADMIN_ROLE, 0);
}
// Restricted to ADMIN with the admin delay corresponding to the targetif (
selector ==this.updateAuthority.selector||
selector ==this.setTargetClosed.selector||
selector ==this.setTargetFunctionRole.selector
) {
// First argument is a target.address target =abi.decode(data[0x04:0x24], (address));
uint32 delay = getTargetAdminDelay(target);
return (true, ADMIN_ROLE, delay);
}
// Restricted to that role's admin with no delay beside any execution delay the caller may have.if (selector ==this.grantRole.selector|| selector ==this.revokeRole.selector) {
// First argument is a roleId.uint64 roleId =abi.decode(data[0x04:0x24], (uint64));
return (true, getRoleAdmin(roleId), 0);
}
return (false, 0, 0);
}
// =================================================== HELPERS ====================================================/**
* @dev An extended version of {canCall} for internal usage that checks {_canCallSelf}
* when the target is this contract.
*
* Returns:
* - bool immediate: whether the operation can be executed immediately (with no delay)
* - uint32 delay: the execution delay
*/function_canCallExtended(address caller,
address target,
bytescalldata data
) privateviewreturns (bool immediate, uint32 delay) {
if (target ==address(this)) {
return _canCallSelf(caller, data);
} else {
return data.length<4 ? (false, 0) : canCall(caller, target, _checkSelector(data));
}
}
/**
* @dev A version of {canCall} that checks for admin restrictions in this contract.
*/function_canCallSelf(address caller, bytescalldata data) privateviewreturns (bool immediate, uint32 delay) {
if (data.length<4) {
return (false, 0);
}
if (caller ==address(this)) {
// Caller is AccessManager, this means the call was sent through {execute} and it already checked// permissions. We verify that the call "identifier", which is set during {execute}, is correct.return (_isExecuting(address(this), _checkSelector(data)), 0);
}
(bool enabled, uint64 roleId, uint32 operationDelay) = _getAdminRestrictions(data);
if (!enabled) {
return (false, 0);
}
(bool inRole, uint32 executionDelay) = hasRole(roleId, caller);
if (!inRole) {
return (false, 0);
}
// downcast is safe because both options are uint32
delay =uint32(Math.max(operationDelay, executionDelay));
return (delay ==0, delay);
}
/**
* @dev Returns true if a call with `target` and `selector` is being executed via {executed}.
*/function_isExecuting(address target, bytes4 selector) privateviewreturns (bool) {
return _executionId == _hashExecutionId(target, selector);
}
/**
* @dev Returns true if a schedule timepoint is past its expiration deadline.
*/function_isExpired(uint48 timepoint) privateviewreturns (bool) {
return timepoint + expiration() <= Time.timestamp();
}
/**
* @dev Extracts the selector from calldata. Panics if data is not at least 4 bytes
*/function_checkSelector(bytescalldata data) privatepurereturns (bytes4) {
returnbytes4(data[0:4]);
}
/**
* @dev Hashing function for execute protection
*/function_hashExecutionId(address target, bytes4 selector) privatepurereturns (bytes32) {
returnkeccak256(abi.encode(target, selector));
}
}
Contract Source Code
File 4 of 54: Address.sol
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.0) (utils/Address.sol)pragmasolidity ^0.8.20;/**
* @dev Collection of functions related to the address type
*/libraryAddress{
/**
* @dev The ETH balance of the account is not enough to perform the operation.
*/errorAddressInsufficientBalance(address account);
/**
* @dev There's no code at `target` (it is not a contract).
*/errorAddressEmptyCode(address target);
/**
* @dev A call to an address target failed. The target may have reverted.
*/errorFailedInnerCall();
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.8.20/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/functionsendValue(addresspayable recipient, uint256 amount) internal{
if (address(this).balance< amount) {
revert AddressInsufficientBalance(address(this));
}
(bool success, ) = recipient.call{value: amount}("");
if (!success) {
revert FailedInnerCall();
}
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason or custom error, it is bubbled
* up by this function (like regular Solidity function calls). However, if
* the call reverted with no returned reason, this function reverts with a
* {FailedInnerCall} error.
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*/functionfunctionCall(address target, bytesmemory data) internalreturns (bytesmemory) {
return functionCallWithValue(target, data, 0);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*/functionfunctionCallWithValue(address target, bytesmemory data, uint256 value) internalreturns (bytesmemory) {
if (address(this).balance< value) {
revert AddressInsufficientBalance(address(this));
}
(bool success, bytesmemory returndata) = target.call{value: value}(data);
return verifyCallResultFromTarget(target, success, returndata);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*/functionfunctionStaticCall(address target, bytesmemory data) internalviewreturns (bytesmemory) {
(bool success, bytesmemory returndata) = target.staticcall(data);
return verifyCallResultFromTarget(target, success, returndata);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a delegate call.
*/functionfunctionDelegateCall(address target, bytesmemory data) internalreturns (bytesmemory) {
(bool success, bytesmemory returndata) = target.delegatecall(data);
return verifyCallResultFromTarget(target, success, returndata);
}
/**
* @dev Tool to verify that a low level call to smart-contract was successful, and reverts if the target
* was not a contract or bubbling up the revert reason (falling back to {FailedInnerCall}) in case of an
* unsuccessful call.
*/functionverifyCallResultFromTarget(address target,
bool success,
bytesmemory returndata
) internalviewreturns (bytesmemory) {
if (!success) {
_revert(returndata);
} else {
// only check if target is a contract if the call was successful and the return data is empty// otherwise we already know that it was a contractif (returndata.length==0&& target.code.length==0) {
revert AddressEmptyCode(target);
}
return returndata;
}
}
/**
* @dev Tool to verify that a low level call was successful, and reverts if it wasn't, either by bubbling the
* revert reason or with a default {FailedInnerCall} error.
*/functionverifyCallResult(bool success, bytesmemory returndata) internalpurereturns (bytesmemory) {
if (!success) {
_revert(returndata);
} else {
return returndata;
}
}
/**
* @dev Reverts with returndata if present. Otherwise reverts with {FailedInnerCall}.
*/function_revert(bytesmemory returndata) privatepure{
// Look for revert reason and bubble it up if presentif (returndata.length>0) {
// The easiest way to bubble the revert reason is using memory via assembly/// @solidity memory-safe-assemblyassembly {
let returndata_size :=mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert FailedInnerCall();
}
}
}
Contract Source Code
File 5 of 54: AssetDistributionProtectionLib.sol
// SPDX-License-Identifier: BUSL-1.1pragmasolidity 0.8.26;import {PlasmaVaultStorageLib} from"./PlasmaVaultStorageLib.sol";
import {Math} from"@openzeppelin/contracts/utils/math/Math.sol";
/// @notice MarketToCheck struct for the markets limits protectionstructMarketToCheck {
/// @param marketId The market iduint256 marketId;
/// @param balanceInMarket The balance in the market, represented in 18 decimalsuint256 balanceInMarket;
}
/// @notice DataToCheck struct for the markets limits protectionstructDataToCheck {
/// @param totalBalanceInVault The total balance in the Plasma Vault, represented in 18 decimalsuint256 totalBalanceInVault;
/// @param marketsToCheck The array of MarketToCheck structs
MarketToCheck[] marketsToCheck;
}
/// @notice Market limit structstructMarketLimit {
/// @dev MarketId: the same value as used in fuseuint256 marketId;
/// @dev Limit in percentage of the total balance in the vault, use 1e18 as 100%uint256 limitInPercentage;
}
/// @title Asset Distribution Protection Library responsible for the markets limits protection in the Plasma VaultlibraryAssetDistributionProtectionLib{
uint256privateconstant ONE_HUNDRED_PERCENT =1e18;
eventMarketsLimitsActivated();
eventMarketsLimitsDeactivated();
eventMarketLimitUpdated(uint256 marketId, uint256 newLimit);
errorMarketLimitExceeded(uint256 marketId, uint256 balanceInMarket, uint256 limit);
errorMarketLimitSetupInPercentageIsTooHigh(uint256 limit);
errorWrongMarketId(uint256 marketId);
/// @notice Activates the markets limits protection, by default it is deactivated. After activation the limits/// is setup for each market separately.functionactivateMarketsLimits() internal{
PlasmaVaultStorageLib.getMarketsLimits().limitInPercentage[0] =1;
emit MarketsLimitsActivated();
}
/// @notice Deactivates the markets limits protection.functiondeactivateMarketsLimits() internal{
PlasmaVaultStorageLib.getMarketsLimits().limitInPercentage[0] =0;
emit MarketsLimitsDeactivated();
}
/// @notice Sets up the limits for each market separately./// @param marketsLimits_ The array of MarketLimit structsfunctionsetupMarketsLimits(MarketLimit[] calldata marketsLimits_) internal{
uint256 len = marketsLimits_.length;
for (uint256 i; i < len; ++i) {
if (marketsLimits_[i].marketId ==0) {
revert WrongMarketId(marketsLimits_[i].marketId);
}
if (marketsLimits_[i].limitInPercentage > ONE_HUNDRED_PERCENT) {
revert MarketLimitSetupInPercentageIsTooHigh(marketsLimits_[i].limitInPercentage);
}
PlasmaVaultStorageLib.getMarketsLimits().limitInPercentage[marketsLimits_[i].marketId] = marketsLimits_[i]
.limitInPercentage;
emit MarketLimitUpdated(marketsLimits_[i].marketId, marketsLimits_[i].limitInPercentage);
}
}
/// @notice Checks if the limits are exceeded for the markets./// @param data_ The DataToCheck struct/// @dev revert if the limit is exceededfunctioncheckLimits(DataToCheck memory data_) internalview{
if (!isMarketsLimitsActivated()) {
return;
}
uint256 len = data_.marketsToCheck.length;
for (uint256 i; i < len; ++i) {
uint256 limit = Math.mulDiv(
PlasmaVaultStorageLib.getMarketsLimits().limitInPercentage[data_.marketsToCheck[i].marketId],
data_.totalBalanceInVault,
ONE_HUNDRED_PERCENT
);
if (limit < data_.marketsToCheck[i].balanceInMarket) {
revert MarketLimitExceeded(
data_.marketsToCheck[i].marketId,
data_.marketsToCheck[i].balanceInMarket,
limit
);
}
}
}
/// @notice Checks if the markets limits protection is activated./// @return bool true if the markets limits protection is activatedfunctionisMarketsLimitsActivated() internalviewreturns (bool) {
return PlasmaVaultStorageLib.getMarketsLimits().limitInPercentage[0] !=0;
}
}
Contract Source Code
File 6 of 54: AuthorityUtils.sol
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.0) (access/manager/AuthorityUtils.sol)pragmasolidity ^0.8.20;import {IAuthority} from"./IAuthority.sol";
libraryAuthorityUtils{
/**
* @dev Since `AccessManager` implements an extended IAuthority interface, invoking `canCall` with backwards compatibility
* for the preexisting `IAuthority` interface requires special care to avoid reverting on insufficient return data.
* This helper function takes care of invoking `canCall` in a backwards compatible way without reverting.
*/functioncanCallWithDelay(address authority,
address caller,
address target,
bytes4 selector
) internalviewreturns (bool immediate, uint32 delay) {
(bool success, bytesmemory data) = authority.staticcall(
abi.encodeCall(IAuthority.canCall, (caller, target, selector))
);
if (success) {
if (data.length>=0x40) {
(immediate, delay) =abi.decode(data, (bool, uint32));
} elseif (data.length>=0x20) {
immediate =abi.decode(data, (bool));
}
}
return (immediate, delay);
}
}
Contract Source Code
File 7 of 54: CallbackHandlerLib.sol
// SPDX-License-Identifier: BUSL-1.1pragmasolidity 0.8.26;import {Address} from"@openzeppelin/contracts/utils/Address.sol";
import {SafeERC20} from"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
import {FuseAction} from"../interfaces/IPlasmaVault.sol";
import {PlasmaVaultStorageLib} from"./PlasmaVaultStorageLib.sol";
import {PlasmaVault} from"../vaults/PlasmaVault.sol";
import {ERC20} from"@openzeppelin/contracts/token/ERC20/ERC20.sol";
structCallbackData {
address asset;
address addressToApprove;
uint256 amountToApprove;
bytes actionData;
}
/// @title Callback Handler Library responsible for handling callbacks in the Plasma VaultlibraryCallbackHandlerLib{
usingAddressforaddress;
usingSafeERC20forERC20;
eventCallbackHandlerUpdated(addressindexed handler, addressindexed sender, bytes4indexed sig);
errorHandlerNotFound();
/// @notice Handles the callback from the contractfunctionhandleCallback() internal{
address handler = PlasmaVaultStorageLib.getCallbackHandler().callbackHandler[
/// @dev msg.sender - is the address of a contract which execute callback, msg.sig - is the signature of the functionkeccak256(abi.encodePacked(msg.sender, msg.sig))
];
if (handler ==address(0)) {
revert HandlerNotFound();
}
bytesmemory data = handler.functionCall(msg.data);
if (data.length==0) {
return;
}
CallbackData memory calls =abi.decode(data, (CallbackData));
PlasmaVault(address(this)).executeInternal(abi.decode(calls.actionData, (FuseAction[])));
ERC20(calls.asset).forceApprove(calls.addressToApprove, calls.amountToApprove);
}
/// @notice Updates the callback handler for the contract/// @param handler_ The address of the handler/// @param sender_ The address of the sender/// @param sig_ The signature of the function which will be called from msg.senderfunctionupdateCallbackHandler(address handler_, address sender_, bytes4 sig_) internal{
PlasmaVaultStorageLib.getCallbackHandler().callbackHandler[
/// @dev msg.sender - is the address of a contract which execute callback, msg.sig - is the signature of the functionkeccak256(abi.encodePacked(sender_, sig_))
] = handler_;
emit CallbackHandlerUpdated(handler_, sender_, sig_);
}
}
Contract Source Code
File 8 of 54: Context.sol
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)pragmasolidity ^0.8.20;/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/abstractcontractContext{
function_msgSender() internalviewvirtualreturns (address) {
returnmsg.sender;
}
function_msgData() internalviewvirtualreturns (bytescalldata) {
returnmsg.data;
}
function_contextSuffixLength() internalviewvirtualreturns (uint256) {
return0;
}
}
Contract Source Code
File 9 of 54: ContextUpgradeable.sol
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)pragmasolidity ^0.8.20;import {Initializable} from"../proxy/utils/Initializable.sol";
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/abstractcontractContextUpgradeableisInitializable{
function__Context_init() internalonlyInitializing{
}
function__Context_init_unchained() internalonlyInitializing{
}
function_msgSender() internalviewvirtualreturns (address) {
returnmsg.sender;
}
function_msgData() internalviewvirtualreturns (bytescalldata) {
returnmsg.data;
}
function_contextSuffixLength() internalviewvirtualreturns (uint256) {
return0;
}
}
Contract Source Code
File 10 of 54: ERC20.sol
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/ERC20.sol)pragmasolidity ^0.8.20;import {IERC20} from"./IERC20.sol";
import {IERC20Metadata} from"./extensions/IERC20Metadata.sol";
import {Context} from"../../utils/Context.sol";
import {IERC20Errors} from"../../interfaces/draft-IERC6093.sol";
/**
* @dev Implementation of the {IERC20} interface.
*
* This implementation is agnostic to the way tokens are created. This means
* that a supply mechanism has to be added in a derived contract using {_mint}.
*
* TIP: For a detailed writeup see our guide
* https://forum.openzeppelin.com/t/how-to-implement-erc20-supply-mechanisms/226[How
* to implement supply mechanisms].
*
* The default value of {decimals} is 18. To change this, you should override
* this function so it returns a different value.
*
* We have followed general OpenZeppelin Contracts guidelines: functions revert
* instead returning `false` on failure. This behavior is nonetheless
* conventional and does not conflict with the expectations of ERC20
* applications.
*
* Additionally, an {Approval} event is emitted on calls to {transferFrom}.
* This allows applications to reconstruct the allowance for all accounts just
* by listening to said events. Other implementations of the EIP may not emit
* these events, as it isn't required by the specification.
*/abstractcontractERC20isContext, IERC20, IERC20Metadata, IERC20Errors{
mapping(address account =>uint256) private _balances;
mapping(address account =>mapping(address spender =>uint256)) private _allowances;
uint256private _totalSupply;
stringprivate _name;
stringprivate _symbol;
/**
* @dev Sets the values for {name} and {symbol}.
*
* All two of these values are immutable: they can only be set once during
* construction.
*/constructor(stringmemory name_, stringmemory symbol_) {
_name = name_;
_symbol = symbol_;
}
/**
* @dev Returns the name of the token.
*/functionname() publicviewvirtualreturns (stringmemory) {
return _name;
}
/**
* @dev Returns the symbol of the token, usually a shorter version of the
* name.
*/functionsymbol() publicviewvirtualreturns (stringmemory) {
return _symbol;
}
/**
* @dev Returns the number of decimals used to get its user representation.
* For example, if `decimals` equals `2`, a balance of `505` tokens should
* be displayed to a user as `5.05` (`505 / 10 ** 2`).
*
* Tokens usually opt for a value of 18, imitating the relationship between
* Ether and Wei. This is the default value returned by this function, unless
* it's overridden.
*
* NOTE: This information is only used for _display_ purposes: it in
* no way affects any of the arithmetic of the contract, including
* {IERC20-balanceOf} and {IERC20-transfer}.
*/functiondecimals() publicviewvirtualreturns (uint8) {
return18;
}
/**
* @dev See {IERC20-totalSupply}.
*/functiontotalSupply() publicviewvirtualreturns (uint256) {
return _totalSupply;
}
/**
* @dev See {IERC20-balanceOf}.
*/functionbalanceOf(address account) publicviewvirtualreturns (uint256) {
return _balances[account];
}
/**
* @dev See {IERC20-transfer}.
*
* Requirements:
*
* - `to` cannot be the zero address.
* - the caller must have a balance of at least `value`.
*/functiontransfer(address to, uint256 value) publicvirtualreturns (bool) {
address owner = _msgSender();
_transfer(owner, to, value);
returntrue;
}
/**
* @dev See {IERC20-allowance}.
*/functionallowance(address owner, address spender) publicviewvirtualreturns (uint256) {
return _allowances[owner][spender];
}
/**
* @dev See {IERC20-approve}.
*
* NOTE: If `value` is the maximum `uint256`, the allowance is not updated on
* `transferFrom`. This is semantically equivalent to an infinite approval.
*
* Requirements:
*
* - `spender` cannot be the zero address.
*/functionapprove(address spender, uint256 value) publicvirtualreturns (bool) {
address owner = _msgSender();
_approve(owner, spender, value);
returntrue;
}
/**
* @dev See {IERC20-transferFrom}.
*
* Emits an {Approval} event indicating the updated allowance. This is not
* required by the EIP. See the note at the beginning of {ERC20}.
*
* NOTE: Does not update the allowance if the current allowance
* is the maximum `uint256`.
*
* Requirements:
*
* - `from` and `to` cannot be the zero address.
* - `from` must have a balance of at least `value`.
* - the caller must have allowance for ``from``'s tokens of at least
* `value`.
*/functiontransferFrom(addressfrom, address to, uint256 value) publicvirtualreturns (bool) {
address spender = _msgSender();
_spendAllowance(from, spender, value);
_transfer(from, to, value);
returntrue;
}
/**
* @dev Moves a `value` amount of tokens from `from` to `to`.
*
* This internal function is equivalent to {transfer}, and can be used to
* e.g. implement automatic token fees, slashing mechanisms, etc.
*
* Emits a {Transfer} event.
*
* NOTE: This function is not virtual, {_update} should be overridden instead.
*/function_transfer(addressfrom, address to, uint256 value) internal{
if (from==address(0)) {
revert ERC20InvalidSender(address(0));
}
if (to ==address(0)) {
revert ERC20InvalidReceiver(address(0));
}
_update(from, to, value);
}
/**
* @dev Transfers a `value` amount of tokens from `from` to `to`, or alternatively mints (or burns) if `from`
* (or `to`) is the zero address. All customizations to transfers, mints, and burns should be done by overriding
* this function.
*
* Emits a {Transfer} event.
*/function_update(addressfrom, address to, uint256 value) internalvirtual{
if (from==address(0)) {
// Overflow check required: The rest of the code assumes that totalSupply never overflows
_totalSupply += value;
} else {
uint256 fromBalance = _balances[from];
if (fromBalance < value) {
revert ERC20InsufficientBalance(from, fromBalance, value);
}
unchecked {
// Overflow not possible: value <= fromBalance <= totalSupply.
_balances[from] = fromBalance - value;
}
}
if (to ==address(0)) {
unchecked {
// Overflow not possible: value <= totalSupply or value <= fromBalance <= totalSupply.
_totalSupply -= value;
}
} else {
unchecked {
// Overflow not possible: balance + value is at most totalSupply, which we know fits into a uint256.
_balances[to] += value;
}
}
emit Transfer(from, to, value);
}
/**
* @dev Creates a `value` amount of tokens and assigns them to `account`, by transferring it from address(0).
* Relies on the `_update` mechanism
*
* Emits a {Transfer} event with `from` set to the zero address.
*
* NOTE: This function is not virtual, {_update} should be overridden instead.
*/function_mint(address account, uint256 value) internal{
if (account ==address(0)) {
revert ERC20InvalidReceiver(address(0));
}
_update(address(0), account, value);
}
/**
* @dev Destroys a `value` amount of tokens from `account`, lowering the total supply.
* Relies on the `_update` mechanism.
*
* Emits a {Transfer} event with `to` set to the zero address.
*
* NOTE: This function is not virtual, {_update} should be overridden instead
*/function_burn(address account, uint256 value) internal{
if (account ==address(0)) {
revert ERC20InvalidSender(address(0));
}
_update(account, address(0), value);
}
/**
* @dev Sets `value` as the allowance of `spender` over the `owner` s tokens.
*
* This internal function is equivalent to `approve`, and can be used to
* e.g. set automatic allowances for certain subsystems, etc.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `owner` cannot be the zero address.
* - `spender` cannot be the zero address.
*
* Overrides to this logic should be done to the variant with an additional `bool emitEvent` argument.
*/function_approve(address owner, address spender, uint256 value) internal{
_approve(owner, spender, value, true);
}
/**
* @dev Variant of {_approve} with an optional flag to enable or disable the {Approval} event.
*
* By default (when calling {_approve}) the flag is set to true. On the other hand, approval changes made by
* `_spendAllowance` during the `transferFrom` operation set the flag to false. This saves gas by not emitting any
* `Approval` event during `transferFrom` operations.
*
* Anyone who wishes to continue emitting `Approval` events on the`transferFrom` operation can force the flag to
* true using the following override:
* ```
* function _approve(address owner, address spender, uint256 value, bool) internal virtual override {
* super._approve(owner, spender, value, true);
* }
* ```
*
* Requirements are the same as {_approve}.
*/function_approve(address owner, address spender, uint256 value, bool emitEvent) internalvirtual{
if (owner ==address(0)) {
revert ERC20InvalidApprover(address(0));
}
if (spender ==address(0)) {
revert ERC20InvalidSpender(address(0));
}
_allowances[owner][spender] = value;
if (emitEvent) {
emit Approval(owner, spender, value);
}
}
/**
* @dev Updates `owner` s allowance for `spender` based on spent `value`.
*
* Does not update the allowance value in case of infinite allowance.
* Revert if not enough allowance is available.
*
* Does not emit an {Approval} event.
*/function_spendAllowance(address owner, address spender, uint256 value) internalvirtual{
uint256 currentAllowance = allowance(owner, spender);
if (currentAllowance !=type(uint256).max) {
if (currentAllowance < value) {
revert ERC20InsufficientAllowance(spender, currentAllowance, value);
}
unchecked {
_approve(owner, spender, currentAllowance - value, false);
}
}
}
}
Contract Source Code
File 11 of 54: ERC20Upgradeable.sol
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/ERC20.sol)pragmasolidity ^0.8.20;import {IERC20} from"@openzeppelin/contracts/token/ERC20/IERC20.sol";
import {IERC20Metadata} from"@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol";
import {ContextUpgradeable} from"../../utils/ContextUpgradeable.sol";
import {IERC20Errors} from"@openzeppelin/contracts/interfaces/draft-IERC6093.sol";
import {Initializable} from"../../proxy/utils/Initializable.sol";
/**
* @dev Implementation of the {IERC20} interface.
*
* This implementation is agnostic to the way tokens are created. This means
* that a supply mechanism has to be added in a derived contract using {_mint}.
*
* TIP: For a detailed writeup see our guide
* https://forum.openzeppelin.com/t/how-to-implement-erc20-supply-mechanisms/226[How
* to implement supply mechanisms].
*
* The default value of {decimals} is 18. To change this, you should override
* this function so it returns a different value.
*
* We have followed general OpenZeppelin Contracts guidelines: functions revert
* instead returning `false` on failure. This behavior is nonetheless
* conventional and does not conflict with the expectations of ERC20
* applications.
*
* Additionally, an {Approval} event is emitted on calls to {transferFrom}.
* This allows applications to reconstruct the allowance for all accounts just
* by listening to said events. Other implementations of the EIP may not emit
* these events, as it isn't required by the specification.
*/abstractcontractERC20UpgradeableisInitializable, ContextUpgradeable, IERC20, IERC20Metadata, IERC20Errors{
/// @custom:storage-location erc7201:openzeppelin.storage.ERC20structERC20Storage {
mapping(address account =>uint256) _balances;
mapping(address account =>mapping(address spender =>uint256)) _allowances;
uint256 _totalSupply;
string _name;
string _symbol;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.ERC20")) - 1)) & ~bytes32(uint256(0xff))bytes32privateconstant ERC20StorageLocation =0x52c63247e1f47db19d5ce0460030c497f067ca4cebf71ba98eeadabe20bace00;
function_getERC20Storage() privatepurereturns (ERC20Storage storage $) {
assembly {
$.slot:= ERC20StorageLocation
}
}
/**
* @dev Sets the values for {name} and {symbol}.
*
* All two of these values are immutable: they can only be set once during
* construction.
*/function__ERC20_init(stringmemory name_, stringmemory symbol_) internalonlyInitializing{
__ERC20_init_unchained(name_, symbol_);
}
function__ERC20_init_unchained(stringmemory name_, stringmemory symbol_) internalonlyInitializing{
ERC20Storage storage $ = _getERC20Storage();
$._name = name_;
$._symbol = symbol_;
}
/**
* @dev Returns the name of the token.
*/functionname() publicviewvirtualreturns (stringmemory) {
ERC20Storage storage $ = _getERC20Storage();
return $._name;
}
/**
* @dev Returns the symbol of the token, usually a shorter version of the
* name.
*/functionsymbol() publicviewvirtualreturns (stringmemory) {
ERC20Storage storage $ = _getERC20Storage();
return $._symbol;
}
/**
* @dev Returns the number of decimals used to get its user representation.
* For example, if `decimals` equals `2`, a balance of `505` tokens should
* be displayed to a user as `5.05` (`505 / 10 ** 2`).
*
* Tokens usually opt for a value of 18, imitating the relationship between
* Ether and Wei. This is the default value returned by this function, unless
* it's overridden.
*
* NOTE: This information is only used for _display_ purposes: it in
* no way affects any of the arithmetic of the contract, including
* {IERC20-balanceOf} and {IERC20-transfer}.
*/functiondecimals() publicviewvirtualreturns (uint8) {
return18;
}
/**
* @dev See {IERC20-totalSupply}.
*/functiontotalSupply() publicviewvirtualreturns (uint256) {
ERC20Storage storage $ = _getERC20Storage();
return $._totalSupply;
}
/**
* @dev See {IERC20-balanceOf}.
*/functionbalanceOf(address account) publicviewvirtualreturns (uint256) {
ERC20Storage storage $ = _getERC20Storage();
return $._balances[account];
}
/**
* @dev See {IERC20-transfer}.
*
* Requirements:
*
* - `to` cannot be the zero address.
* - the caller must have a balance of at least `value`.
*/functiontransfer(address to, uint256 value) publicvirtualreturns (bool) {
address owner = _msgSender();
_transfer(owner, to, value);
returntrue;
}
/**
* @dev See {IERC20-allowance}.
*/functionallowance(address owner, address spender) publicviewvirtualreturns (uint256) {
ERC20Storage storage $ = _getERC20Storage();
return $._allowances[owner][spender];
}
/**
* @dev See {IERC20-approve}.
*
* NOTE: If `value` is the maximum `uint256`, the allowance is not updated on
* `transferFrom`. This is semantically equivalent to an infinite approval.
*
* Requirements:
*
* - `spender` cannot be the zero address.
*/functionapprove(address spender, uint256 value) publicvirtualreturns (bool) {
address owner = _msgSender();
_approve(owner, spender, value);
returntrue;
}
/**
* @dev See {IERC20-transferFrom}.
*
* Emits an {Approval} event indicating the updated allowance. This is not
* required by the EIP. See the note at the beginning of {ERC20}.
*
* NOTE: Does not update the allowance if the current allowance
* is the maximum `uint256`.
*
* Requirements:
*
* - `from` and `to` cannot be the zero address.
* - `from` must have a balance of at least `value`.
* - the caller must have allowance for ``from``'s tokens of at least
* `value`.
*/functiontransferFrom(addressfrom, address to, uint256 value) publicvirtualreturns (bool) {
address spender = _msgSender();
_spendAllowance(from, spender, value);
_transfer(from, to, value);
returntrue;
}
/**
* @dev Moves a `value` amount of tokens from `from` to `to`.
*
* This internal function is equivalent to {transfer}, and can be used to
* e.g. implement automatic token fees, slashing mechanisms, etc.
*
* Emits a {Transfer} event.
*
* NOTE: This function is not virtual, {_update} should be overridden instead.
*/function_transfer(addressfrom, address to, uint256 value) internal{
if (from==address(0)) {
revert ERC20InvalidSender(address(0));
}
if (to ==address(0)) {
revert ERC20InvalidReceiver(address(0));
}
_update(from, to, value);
}
/**
* @dev Transfers a `value` amount of tokens from `from` to `to`, or alternatively mints (or burns) if `from`
* (or `to`) is the zero address. All customizations to transfers, mints, and burns should be done by overriding
* this function.
*
* Emits a {Transfer} event.
*/function_update(addressfrom, address to, uint256 value) internalvirtual{
ERC20Storage storage $ = _getERC20Storage();
if (from==address(0)) {
// Overflow check required: The rest of the code assumes that totalSupply never overflows
$._totalSupply += value;
} else {
uint256 fromBalance = $._balances[from];
if (fromBalance < value) {
revert ERC20InsufficientBalance(from, fromBalance, value);
}
unchecked {
// Overflow not possible: value <= fromBalance <= totalSupply.
$._balances[from] = fromBalance - value;
}
}
if (to ==address(0)) {
unchecked {
// Overflow not possible: value <= totalSupply or value <= fromBalance <= totalSupply.
$._totalSupply -= value;
}
} else {
unchecked {
// Overflow not possible: balance + value is at most totalSupply, which we know fits into a uint256.
$._balances[to] += value;
}
}
emit Transfer(from, to, value);
}
/**
* @dev Creates a `value` amount of tokens and assigns them to `account`, by transferring it from address(0).
* Relies on the `_update` mechanism
*
* Emits a {Transfer} event with `from` set to the zero address.
*
* NOTE: This function is not virtual, {_update} should be overridden instead.
*/function_mint(address account, uint256 value) internal{
if (account ==address(0)) {
revert ERC20InvalidReceiver(address(0));
}
_update(address(0), account, value);
}
/**
* @dev Destroys a `value` amount of tokens from `account`, lowering the total supply.
* Relies on the `_update` mechanism.
*
* Emits a {Transfer} event with `to` set to the zero address.
*
* NOTE: This function is not virtual, {_update} should be overridden instead
*/function_burn(address account, uint256 value) internal{
if (account ==address(0)) {
revert ERC20InvalidSender(address(0));
}
_update(account, address(0), value);
}
/**
* @dev Sets `value` as the allowance of `spender` over the `owner` s tokens.
*
* This internal function is equivalent to `approve`, and can be used to
* e.g. set automatic allowances for certain subsystems, etc.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `owner` cannot be the zero address.
* - `spender` cannot be the zero address.
*
* Overrides to this logic should be done to the variant with an additional `bool emitEvent` argument.
*/function_approve(address owner, address spender, uint256 value) internal{
_approve(owner, spender, value, true);
}
/**
* @dev Variant of {_approve} with an optional flag to enable or disable the {Approval} event.
*
* By default (when calling {_approve}) the flag is set to true. On the other hand, approval changes made by
* `_spendAllowance` during the `transferFrom` operation set the flag to false. This saves gas by not emitting any
* `Approval` event during `transferFrom` operations.
*
* Anyone who wishes to continue emitting `Approval` events on the`transferFrom` operation can force the flag to
* true using the following override:
* ```
* function _approve(address owner, address spender, uint256 value, bool) internal virtual override {
* super._approve(owner, spender, value, true);
* }
* ```
*
* Requirements are the same as {_approve}.
*/function_approve(address owner, address spender, uint256 value, bool emitEvent) internalvirtual{
ERC20Storage storage $ = _getERC20Storage();
if (owner ==address(0)) {
revert ERC20InvalidApprover(address(0));
}
if (spender ==address(0)) {
revert ERC20InvalidSpender(address(0));
}
$._allowances[owner][spender] = value;
if (emitEvent) {
emit Approval(owner, spender, value);
}
}
/**
* @dev Updates `owner` s allowance for `spender` based on spent `value`.
*
* Does not update the allowance value in case of infinite allowance.
* Revert if not enough allowance is available.
*
* Does not emit an {Approval} event.
*/function_spendAllowance(address owner, address spender, uint256 value) internalvirtual{
uint256 currentAllowance = allowance(owner, spender);
if (currentAllowance !=type(uint256).max) {
if (currentAllowance < value) {
revert ERC20InsufficientAllowance(spender, currentAllowance, value);
}
unchecked {
_approve(owner, spender, currentAllowance - value, false);
}
}
}
}
Contract Source Code
File 12 of 54: ERC4626Upgradeable.sol
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/ERC4626.sol)pragmasolidity ^0.8.20;import {IERC20} from"@openzeppelin/contracts/token/ERC20/IERC20.sol";
import {IERC20Metadata} from"@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol";
import {ERC20Upgradeable} from"../ERC20Upgradeable.sol";
import {SafeERC20} from"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
import {IERC4626} from"@openzeppelin/contracts/interfaces/IERC4626.sol";
import {Math} from"@openzeppelin/contracts/utils/math/Math.sol";
import {Initializable} from"../../../proxy/utils/Initializable.sol";
/**
* @dev Implementation of the ERC4626 "Tokenized Vault Standard" as defined in
* https://eips.ethereum.org/EIPS/eip-4626[EIP-4626].
*
* This extension allows the minting and burning of "shares" (represented using the ERC20 inheritance) in exchange for
* underlying "assets" through standardized {deposit}, {mint}, {redeem} and {burn} workflows. This contract extends
* the ERC20 standard. Any additional extensions included along it would affect the "shares" token represented by this
* contract and not the "assets" token which is an independent contract.
*
* [CAUTION]
* ====
* In empty (or nearly empty) ERC-4626 vaults, deposits are at high risk of being stolen through frontrunning
* with a "donation" to the vault that inflates the price of a share. This is variously known as a donation or inflation
* attack and is essentially a problem of slippage. Vault deployers can protect against this attack by making an initial
* deposit of a non-trivial amount of the asset, such that price manipulation becomes infeasible. Withdrawals may
* similarly be affected by slippage. Users can protect against this attack as well as unexpected slippage in general by
* verifying the amount received is as expected, using a wrapper that performs these checks such as
* https://github.com/fei-protocol/ERC4626#erc4626router-and-base[ERC4626Router].
*
* Since v4.9, this implementation uses virtual assets and shares to mitigate that risk. The `_decimalsOffset()`
* corresponds to an offset in the decimal representation between the underlying asset's decimals and the vault
* decimals. This offset also determines the rate of virtual shares to virtual assets in the vault, which itself
* determines the initial exchange rate. While not fully preventing the attack, analysis shows that the default offset
* (0) makes it non-profitable, as a result of the value being captured by the virtual shares (out of the attacker's
* donation) matching the attacker's expected gains. With a larger offset, the attack becomes orders of magnitude more
* expensive than it is profitable. More details about the underlying math can be found
* xref:erc4626.adoc#inflation-attack[here].
*
* The drawback of this approach is that the virtual shares do capture (a very small) part of the value being accrued
* to the vault. Also, if the vault experiences losses, the users try to exit the vault, the virtual shares and assets
* will cause the first user to exit to experience reduced losses in detriment to the last users that will experience
* bigger losses. Developers willing to revert back to the pre-v4.9 behavior just need to override the
* `_convertToShares` and `_convertToAssets` functions.
*
* To learn more, check out our xref:ROOT:erc4626.adoc[ERC-4626 guide].
* ====
*/abstractcontractERC4626UpgradeableisInitializable, ERC20Upgradeable, IERC4626{
usingMathforuint256;
/// @custom:storage-location erc7201:openzeppelin.storage.ERC4626structERC4626Storage {
IERC20 _asset;
uint8 _underlyingDecimals;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.ERC4626")) - 1)) & ~bytes32(uint256(0xff))bytes32privateconstant ERC4626StorageLocation =0x0773e532dfede91f04b12a73d3d2acd361424f41f76b4fb79f090161e36b4e00;
function_getERC4626Storage() privatepurereturns (ERC4626Storage storage $) {
assembly {
$.slot:= ERC4626StorageLocation
}
}
/**
* @dev Attempted to deposit more assets than the max amount for `receiver`.
*/errorERC4626ExceededMaxDeposit(address receiver, uint256 assets, uint256 max);
/**
* @dev Attempted to mint more shares than the max amount for `receiver`.
*/errorERC4626ExceededMaxMint(address receiver, uint256 shares, uint256 max);
/**
* @dev Attempted to withdraw more assets than the max amount for `receiver`.
*/errorERC4626ExceededMaxWithdraw(address owner, uint256 assets, uint256 max);
/**
* @dev Attempted to redeem more shares than the max amount for `receiver`.
*/errorERC4626ExceededMaxRedeem(address owner, uint256 shares, uint256 max);
/**
* @dev Set the underlying asset contract. This must be an ERC20-compatible contract (ERC20 or ERC777).
*/function__ERC4626_init(IERC20 asset_) internalonlyInitializing{
__ERC4626_init_unchained(asset_);
}
function__ERC4626_init_unchained(IERC20 asset_) internalonlyInitializing{
ERC4626Storage storage $ = _getERC4626Storage();
(bool success, uint8 assetDecimals) = _tryGetAssetDecimals(asset_);
$._underlyingDecimals = success ? assetDecimals : 18;
$._asset = asset_;
}
/**
* @dev Attempts to fetch the asset decimals. A return value of false indicates that the attempt failed in some way.
*/function_tryGetAssetDecimals(IERC20 asset_) privateviewreturns (bool, uint8) {
(bool success, bytesmemory encodedDecimals) =address(asset_).staticcall(
abi.encodeCall(IERC20Metadata.decimals, ())
);
if (success && encodedDecimals.length>=32) {
uint256 returnedDecimals =abi.decode(encodedDecimals, (uint256));
if (returnedDecimals <=type(uint8).max) {
return (true, uint8(returnedDecimals));
}
}
return (false, 0);
}
/**
* @dev Decimals are computed by adding the decimal offset on top of the underlying asset's decimals. This
* "original" value is cached during construction of the vault contract. If this read operation fails (e.g., the
* asset has not been created yet), a default of 18 is used to represent the underlying asset's decimals.
*
* See {IERC20Metadata-decimals}.
*/functiondecimals() publicviewvirtualoverride(IERC20Metadata, ERC20Upgradeable) returns (uint8) {
ERC4626Storage storage $ = _getERC4626Storage();
return $._underlyingDecimals + _decimalsOffset();
}
/** @dev See {IERC4626-asset}. */functionasset() publicviewvirtualreturns (address) {
ERC4626Storage storage $ = _getERC4626Storage();
returnaddress($._asset);
}
/** @dev See {IERC4626-totalAssets}. */functiontotalAssets() publicviewvirtualreturns (uint256) {
ERC4626Storage storage $ = _getERC4626Storage();
return $._asset.balanceOf(address(this));
}
/** @dev See {IERC4626-convertToShares}. */functionconvertToShares(uint256 assets) publicviewvirtualreturns (uint256) {
return _convertToShares(assets, Math.Rounding.Floor);
}
/** @dev See {IERC4626-convertToAssets}. */functionconvertToAssets(uint256 shares) publicviewvirtualreturns (uint256) {
return _convertToAssets(shares, Math.Rounding.Floor);
}
/** @dev See {IERC4626-maxDeposit}. */functionmaxDeposit(address) publicviewvirtualreturns (uint256) {
returntype(uint256).max;
}
/** @dev See {IERC4626-maxMint}. */functionmaxMint(address) publicviewvirtualreturns (uint256) {
returntype(uint256).max;
}
/** @dev See {IERC4626-maxWithdraw}. */functionmaxWithdraw(address owner) publicviewvirtualreturns (uint256) {
return _convertToAssets(balanceOf(owner), Math.Rounding.Floor);
}
/** @dev See {IERC4626-maxRedeem}. */functionmaxRedeem(address owner) publicviewvirtualreturns (uint256) {
return balanceOf(owner);
}
/** @dev See {IERC4626-previewDeposit}. */functionpreviewDeposit(uint256 assets) publicviewvirtualreturns (uint256) {
return _convertToShares(assets, Math.Rounding.Floor);
}
/** @dev See {IERC4626-previewMint}. */functionpreviewMint(uint256 shares) publicviewvirtualreturns (uint256) {
return _convertToAssets(shares, Math.Rounding.Ceil);
}
/** @dev See {IERC4626-previewWithdraw}. */functionpreviewWithdraw(uint256 assets) publicviewvirtualreturns (uint256) {
return _convertToShares(assets, Math.Rounding.Ceil);
}
/** @dev See {IERC4626-previewRedeem}. */functionpreviewRedeem(uint256 shares) publicviewvirtualreturns (uint256) {
return _convertToAssets(shares, Math.Rounding.Floor);
}
/** @dev See {IERC4626-deposit}. */functiondeposit(uint256 assets, address receiver) publicvirtualreturns (uint256) {
uint256 maxAssets = maxDeposit(receiver);
if (assets > maxAssets) {
revert ERC4626ExceededMaxDeposit(receiver, assets, maxAssets);
}
uint256 shares = previewDeposit(assets);
_deposit(_msgSender(), receiver, assets, shares);
return shares;
}
/** @dev See {IERC4626-mint}.
*
* As opposed to {deposit}, minting is allowed even if the vault is in a state where the price of a share is zero.
* In this case, the shares will be minted without requiring any assets to be deposited.
*/functionmint(uint256 shares, address receiver) publicvirtualreturns (uint256) {
uint256 maxShares = maxMint(receiver);
if (shares > maxShares) {
revert ERC4626ExceededMaxMint(receiver, shares, maxShares);
}
uint256 assets = previewMint(shares);
_deposit(_msgSender(), receiver, assets, shares);
return assets;
}
/** @dev See {IERC4626-withdraw}. */functionwithdraw(uint256 assets, address receiver, address owner) publicvirtualreturns (uint256) {
uint256 maxAssets = maxWithdraw(owner);
if (assets > maxAssets) {
revert ERC4626ExceededMaxWithdraw(owner, assets, maxAssets);
}
uint256 shares = previewWithdraw(assets);
_withdraw(_msgSender(), receiver, owner, assets, shares);
return shares;
}
/** @dev See {IERC4626-redeem}. */functionredeem(uint256 shares, address receiver, address owner) publicvirtualreturns (uint256) {
uint256 maxShares = maxRedeem(owner);
if (shares > maxShares) {
revert ERC4626ExceededMaxRedeem(owner, shares, maxShares);
}
uint256 assets = previewRedeem(shares);
_withdraw(_msgSender(), receiver, owner, assets, shares);
return assets;
}
/**
* @dev Internal conversion function (from assets to shares) with support for rounding direction.
*/function_convertToShares(uint256 assets, Math.Rounding rounding) internalviewvirtualreturns (uint256) {
return assets.mulDiv(totalSupply() +10** _decimalsOffset(), totalAssets() +1, rounding);
}
/**
* @dev Internal conversion function (from shares to assets) with support for rounding direction.
*/function_convertToAssets(uint256 shares, Math.Rounding rounding) internalviewvirtualreturns (uint256) {
return shares.mulDiv(totalAssets() +1, totalSupply() +10** _decimalsOffset(), rounding);
}
/**
* @dev Deposit/mint common workflow.
*/function_deposit(address caller, address receiver, uint256 assets, uint256 shares) internalvirtual{
ERC4626Storage storage $ = _getERC4626Storage();
// If _asset is ERC777, `transferFrom` can trigger a reentrancy BEFORE the transfer happens through the// `tokensToSend` hook. On the other hand, the `tokenReceived` hook, that is triggered after the transfer,// calls the vault, which is assumed not malicious.//// Conclusion: we need to do the transfer before we mint so that any reentrancy would happen before the// assets are transferred and before the shares are minted, which is a valid state.// slither-disable-next-line reentrancy-no-eth
SafeERC20.safeTransferFrom($._asset, caller, address(this), assets);
_mint(receiver, shares);
emit Deposit(caller, receiver, assets, shares);
}
/**
* @dev Withdraw/redeem common workflow.
*/function_withdraw(address caller,
address receiver,
address owner,
uint256 assets,
uint256 shares
) internalvirtual{
ERC4626Storage storage $ = _getERC4626Storage();
if (caller != owner) {
_spendAllowance(owner, caller, shares);
}
// If _asset is ERC777, `transfer` can trigger a reentrancy AFTER the transfer happens through the// `tokensReceived` hook. On the other hand, the `tokensToSend` hook, that is triggered before the transfer,// calls the vault, which is assumed not malicious.//// Conclusion: we need to do the transfer after the burn so that any reentrancy would happen after the// shares are burned and after the assets are transferred, which is a valid state.
_burn(owner, shares);
SafeERC20.safeTransfer($._asset, receiver, assets);
emit Withdraw(caller, receiver, owner, assets, shares);
}
function_decimalsOffset() internalviewvirtualreturns (uint8) {
return0;
}
}
Contract Source Code
File 13 of 54: Errors.sol
// SPDX-License-Identifier: BUSL-1.1pragmasolidity 0.8.26;/// @title Errors in Ipor FusionlibraryErrors{
/// @notice Error when wrong address is usederrorWrongAddress();
/// @notice Error when wrong value is usederrorWrongValue();
/// @notice Error when wrong decimals are usederrorWrongDecimals();
/// @notice Error when wrong array length is usederrorWrongArrayLength();
/// @notice Error when wrong caller is usederrorWrongCaller(address caller);
/// @notice Error when wrong quote currency is usederrorUnsupportedQuoteCurrencyFromOracle();
/// @notice Error when unsupported price oracle middleware is usederrorUnsupportedPriceOracleMiddleware();
}
Contract Source Code
File 14 of 54: FeeAccount.sol
// SPDX-License-Identifier: BUSL-1.1pragmasolidity 0.8.26;import {SafeERC20} from"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
import {IERC20} from"@openzeppelin/contracts/token/ERC20/IERC20.sol";
/// @title FeeAccount/// @notice Contract responsible for managing fee approvals for the Ipor protocolcontractFeeAccount{
usingSafeERC20forIERC20;
/// @notice Error thrown when a non-fee manager tries to approveerrorOnlyFeeManagerCanApprove();
/// @notice Address of the Fee Manager contractaddresspublicimmutable FEE_MANAGER;
constructor(address feeManager_) {
FEE_MANAGER = feeManager_;
}
/// @notice Max approves the fee manager to spend tokens on behalf of the contract/// @param plasmaVault Address of the plasma vault tokenfunctionapproveMaxForFeeManager(address plasmaVault) external{
if (msg.sender!= FEE_MANAGER) {
revert OnlyFeeManagerCanApprove();
}
IERC20(plasmaVault).forceApprove(FEE_MANAGER, type(uint256).max);
}
}
Contract Source Code
File 15 of 54: FeeManager.sol
// SPDX-License-Identifier: BUSL-1.1pragmasolidity 0.8.26;import {AccessManaged} from"@openzeppelin/contracts/access/manager/AccessManaged.sol";
import {IERC4626} from"@openzeppelin/contracts/interfaces/IERC4626.sol";
import {Math} from"@openzeppelin/contracts/utils/math/Math.sol";
import {FeeAccount} from"./FeeAccount.sol";
import {PlasmaVaultGovernance} from"../../vaults/PlasmaVaultGovernance.sol";
import {Errors} from"../../libraries/errors/Errors.sol";
/// @notice Struct containing initialization data for the fee manager/// @param iporDaoManagementFee Management fee percentage for the DAO (in percentage with 2 decimals, example 10000 is 100%, 100 is 1%)/// @param iporDaoPerformanceFee Performance fee percentage for the DAO (in percentage with 2 decimals, example 10000 is 100%, 100 is 1%)/// @param atomistManagementFee Management fee percentage for the atomist (in percentage with 2 decimals, example 10000 is 100%, 100 is 1%)/// @param atomistPerformanceFee Performance fee percentage for the atomist (in percentage with 2 decimals, example 10000 is 100%, 100 is 1%)/// @param initialAuthority Address of the initial authority/// @param plasmaVault Address of the plasma vault/// @param feeRecipientAddress Address of the fee recipient/// @param iporDaoFeeRecipientAddress Address of the DAO fee recipientstructFeeManagerInitData {
uint256 iporDaoManagementFee;
uint256 iporDaoPerformanceFee;
uint256 atomistManagementFee;
uint256 atomistPerformanceFee;
address initialAuthority;
address plasmaVault;
address feeRecipientAddress;
address iporDaoFeeRecipientAddress;
}
/// @title FeeManager/// @notice Manages the fees for the IporFusion protocol, including management and performance fees./// @dev Inherits from AccessManaged for access control.contractFeeManagerisAccessManaged{
eventHarvestManagementFee(address receiver, uint256 amount);
eventHarvestPerformanceFee(address receiver, uint256 amount);
eventPerformanceFeeUpdated(uint256 newPerformanceFee);
eventManagementFeeUpdated(uint256 newManagementFee);
errorNotInitialized();
errorAlreadyInitialized();
errorInvalidFeeRecipientAddress();
addresspublicimmutable PERFORMANCE_FEE_ACCOUNT;
addresspublicimmutable MANAGEMENT_FEE_ACCOUNT;
/// @notice IPOR_DAO_MANAGEMENT_FEE is in percentage with 2 decimals, example 10000 is 100%, 100 is 1%uint256publicimmutable IPOR_DAO_MANAGEMENT_FEE;
/// @notice IPOR_DAO_PERFORMANCE_FEE is in percentage with 2 decimals, example 10000 is 100%, 100 is 1%uint256publicimmutable IPOR_DAO_PERFORMANCE_FEE;
addresspublicimmutable PLASMA_VAULT;
addresspublic feeRecipientAddress;
addresspublic iporDaoFeeRecipientAddress;
/// @notice plasmaVaultPerformanceFee is in percentage with 2 decimals, example 10000 is 100%, 100 is 1%uint256public plasmaVaultPerformanceFee;
/// @notice plasmaVaultManagementFee is in percentage with 2 decimals, example 10000 is 100%, 100 is 1%uint256public plasmaVaultManagementFee;
/// @notice The flag indicating whether the contract is initialized, if it is, the value is greater than 0uint256public initialized;
constructor(FeeManagerInitData memory initData_) AccessManaged(initData_.initialAuthority) {
PERFORMANCE_FEE_ACCOUNT =address(new FeeAccount(address(this)));
MANAGEMENT_FEE_ACCOUNT =address(new FeeAccount(address(this)));
IPOR_DAO_MANAGEMENT_FEE = initData_.iporDaoManagementFee;
IPOR_DAO_PERFORMANCE_FEE = initData_.iporDaoPerformanceFee;
plasmaVaultPerformanceFee = initData_.atomistPerformanceFee + IPOR_DAO_PERFORMANCE_FEE;
plasmaVaultManagementFee = initData_.atomistManagementFee + IPOR_DAO_MANAGEMENT_FEE;
feeRecipientAddress = initData_.feeRecipientAddress;
iporDaoFeeRecipientAddress = initData_.iporDaoFeeRecipientAddress;
PLASMA_VAULT = initData_.plasmaVault;
}
functioninitialize() external{
if (initialized !=0) {
revert AlreadyInitialized();
}
initialized =1;
FeeAccount(PERFORMANCE_FEE_ACCOUNT).approveMaxForFeeManager(PLASMA_VAULT);
FeeAccount(MANAGEMENT_FEE_ACCOUNT).approveMaxForFeeManager(PLASMA_VAULT);
}
/// @notice Harvests the management fee and transfers it to the respective recipient addresses./// @dev This function can only be called if the contract is initialized./// It checks if the fee recipient addresses are valid and then calculates the amount to be transferred to the DAO/// and the remaining amount to the fee recipient. The function emits events for each transfer./// @custom:modifier onlyInitialized Ensures the contract is initialized before executing the function.functionharvestManagementFee() publiconlyInitialized{
if (feeRecipientAddress ==address(0) || iporDaoFeeRecipientAddress ==address(0)) {
revert InvalidFeeRecipientAddress();
}
if (plasmaVaultManagementFee ==0) {
return;
}
uint256 balance = IERC4626(PLASMA_VAULT).balanceOf(MANAGEMENT_FEE_ACCOUNT);
if (balance ==0) {
return;
}
uint256 decimals = IERC4626(PLASMA_VAULT).decimals();
uint256 numberOfDecimals =10** (decimals);
uint256 percentageToTransferToDao = (IPOR_DAO_MANAGEMENT_FEE * numberOfDecimals) / plasmaVaultManagementFee;
uint256 transferAmountToDao = Math.mulDiv(balance, percentageToTransferToDao, numberOfDecimals);
IERC4626(PLASMA_VAULT).transferFrom(MANAGEMENT_FEE_ACCOUNT, iporDaoFeeRecipientAddress, transferAmountToDao);
emit HarvestManagementFee(iporDaoFeeRecipientAddress, transferAmountToDao);
if (balance <= transferAmountToDao) {
return;
}
uint256 transferAmount = balance - transferAmountToDao;
if (transferAmount ==0) {
return;
}
IERC4626(PLASMA_VAULT).transferFrom(MANAGEMENT_FEE_ACCOUNT, feeRecipientAddress, transferAmount);
emit HarvestManagementFee(feeRecipientAddress, balance - transferAmountToDao);
}
/// @notice Harvests the performance fee and transfers it to the respective recipient addresses./// @dev This function can only be called if the contract is initialized./// It checks if the fee recipient addresses are valid and then calculates the amount to be transferred to the DAO/// and the remaining amount to the fee recipient. The function emits events for each transfer./// @custom:modifier onlyInitialized Ensures the contract is initialized before executing the function.functionharvestPerformanceFee() publiconlyInitialized{
if (feeRecipientAddress ==address(0) || iporDaoFeeRecipientAddress ==address(0)) {
revert InvalidFeeRecipientAddress();
}
if (plasmaVaultPerformanceFee ==0) {
return;
}
uint256 balance = IERC4626(PLASMA_VAULT).balanceOf(PERFORMANCE_FEE_ACCOUNT);
if (balance ==0) {
return;
}
uint256 decimals = IERC4626(PLASMA_VAULT).decimals();
uint256 numberOfDecimals =10** (decimals);
uint256 percentToTransferToDao = (IPOR_DAO_PERFORMANCE_FEE * numberOfDecimals) / plasmaVaultPerformanceFee;
uint256 transferAmountToDao = Math.mulDiv(balance, percentToTransferToDao, numberOfDecimals);
IERC4626(PLASMA_VAULT).transferFrom(PERFORMANCE_FEE_ACCOUNT, iporDaoFeeRecipientAddress, transferAmountToDao);
emit HarvestPerformanceFee(iporDaoFeeRecipientAddress, transferAmountToDao);
if (balance <= transferAmountToDao) {
return;
}
uint256 transferAmount = balance - transferAmountToDao;
if (transferAmount ==0) {
return;
}
IERC4626(PLASMA_VAULT).transferFrom(
PERFORMANCE_FEE_ACCOUNT,
feeRecipientAddress,
balance - transferAmountToDao
);
emit HarvestPerformanceFee(feeRecipientAddress, balance - transferAmountToDao);
}
/**
* @notice Updates the performance fee and reconfigures it in the PlasmaVaultGovernance contract.
* @param performanceFee_ The new performance fee to be added to the DAO performance fee.
*/functionupdatePerformanceFee(uint256 performanceFee_) externalrestricted{
harvestPerformanceFee();
uint256 newPerformanceFee = performanceFee_ + IPOR_DAO_PERFORMANCE_FEE;
PlasmaVaultGovernance(PLASMA_VAULT).configurePerformanceFee(PERFORMANCE_FEE_ACCOUNT, newPerformanceFee);
plasmaVaultPerformanceFee = newPerformanceFee;
emit PerformanceFeeUpdated(newPerformanceFee);
}
/// @notice Updates the management fee and reconfigures it in the PlasmaVaultGovernance contract./// @param managementFee_ The new management fee to be added to the DAO management fee.functionupdateManagementFee(uint256 managementFee_) externalrestricted{
harvestManagementFee();
uint256 newManagementFee = managementFee_ + IPOR_DAO_MANAGEMENT_FEE;
PlasmaVaultGovernance(PLASMA_VAULT).configureManagementFee(MANAGEMENT_FEE_ACCOUNT, newManagementFee);
plasmaVaultManagementFee = newManagementFee;
emit ManagementFeeUpdated(newManagementFee);
}
/**
* @notice Sets the address of the fee recipient.
* @dev This function can only be called by an authorized account (ATOMIST_ROLE).
* @param feeRecipientAddress_ The address to set as the fee recipient.
* @custom:error WrongAddress Thrown if the provided address is the zero address.
*/functionsetFeeRecipientAddress(address feeRecipientAddress_) externalrestricted{
if (feeRecipientAddress_ ==address(0)) {
revert Errors.WrongAddress();
}
feeRecipientAddress = feeRecipientAddress_;
}
/**
* @notice Sets the address of the DAO fee recipient.
* @dev This function can only be called by an authorized account (TECH_IPOR_DAO_ROLE).
* @param iporDaoFeeRecipientAddress_ The address to set as the DAO fee recipient.
* @custom:error InvalidAddress Thrown if the provided address is the zero address.
*/functionsetIporDaoFeeRecipientAddress(address iporDaoFeeRecipientAddress_) externalrestricted{
if (iporDaoFeeRecipientAddress_ ==address(0)) {
revert Errors.WrongAddress();
}
iporDaoFeeRecipientAddress = iporDaoFeeRecipientAddress_;
}
modifieronlyInitialized() {
if (initialized ==0) {
revert NotInitialized();
}
_;
}
}
Contract Source Code
File 16 of 54: FeeManagerFactory.sol
// SPDX-License-Identifier: BUSL-1.1pragmasolidity 0.8.26;import {FeeManager, FeeManagerInitData} from"./FeeManager.sol";
/// @notice Struct containing data related to the fee manager/// @param feeManager Address of the fee manager/// @param plasmaVault Address of the plasma vault/// @param performanceFeeAccount Address of the performance fee account/// @param managementFeeAccount Address of the management fee account/// @param managementFee Management fee percentage (in percentage with 2 decimals, example 10000 is 100%, 100 is 1%)/// @param performanceFee Performance fee percentage (in percentage with 2 decimals, example 10000 is 100%, 100 is 1%)structFeeManagerData {
address feeManager;
address plasmaVault;
address performanceFeeAccount;
address managementFeeAccount;
uint256 managementFee;
uint256 performanceFee;
}
/// @title FeeManagerFactory/// @notice Factory contract for deploying FeeManager instancescontractFeeManagerFactory{
/// @notice Deploys a new FeeManager contract/// @param initData Initialization data for the fee manager/// @return FeeManagerData containing addresses and fee information of the deployed fee managerfunctiondeployFeeManager(FeeManagerInitData memory initData) externalreturns (FeeManagerData memory) {
FeeManager feeManager =new FeeManager(initData);
return
FeeManagerData({
feeManager: address(feeManager),
plasmaVault: feeManager.PLASMA_VAULT(),
performanceFeeAccount: feeManager.PERFORMANCE_FEE_ACCOUNT(),
managementFeeAccount: feeManager.MANAGEMENT_FEE_ACCOUNT(),
managementFee: feeManager.plasmaVaultManagementFee(),
performanceFee: feeManager.plasmaVaultPerformanceFee()
});
}
}
Contract Source Code
File 17 of 54: FuseStorageLib.sol
// SPDX-License-Identifier: BUSL-1.1pragmasolidity 0.8.26;/// @title Fuses storage library responsible for managing storage fuses in the Plasma VaultlibraryFuseStorageLib{
/// @dev keccak256(abi.encode(uint256(keccak256("io.ipor.CfgFuses")) - 1)) & ~bytes32(uint256(0xff));bytes32privateconstant CFG_FUSES =0x48932b860eb451ad240d4fe2b46522e5a0ac079d201fe50d4e0be078c75b5400;
/// @dev keccak256(abi.encode(uint256(keccak256("io.ipor.CfgFusesArray")) - 1)) & ~bytes32(uint256(0xff));bytes32privateconstant CFG_FUSES_ARRAY =0xad43e358bd6e59a5a0c80f6bf25fa771408af4d80f621cdc680c8dfbf607ab00;
/// @notice This memory is designed to use with Uniswap V3 fuses/// @dev keccak256(abi.encode(uint256(keccak256("io.ipor.UniswapV3TokenIds")) - 1)) & ~bytes32(uint256(0xff));bytes32privateconstant UNISWAP_V3_TOKEN_IDS =0x3651659bd419f7c37743f3e14a337c9f9d1cfc4d650d91508f44d1acbe960f00;
/// @notice This memory is designed to use with Ramses V2 fuses/// @dev keccak256(abi.encode(uint256(keccak256("io.ipor.RamsesV2TokenIds")) - 1)) & ~bytes32(uint256(0xff));bytes32privateconstant RAMSES_V2_TOKEN_IDS =0x1a3831a406f27d4d5d820158b29ce95a1e8e840bf416921917aa388e2461b700;
/// @custom:storage-location erc7201:io.ipor.CfgFusesstructFuses {
/// @dev fuse address => If index = 0 - is not granted, otherwise - grantedmapping(address fuse =>uint256 index) value;
}
/// @custom:storage-location erc7201:io.ipor.CfgFusesArraystructFusesArray {
/// @dev value is a fuse addressaddress[] value;
}
/// @custom:storage-location erc7201:io.ipor.UniswapV3TokenIdsstructUniswapV3TokenIds {
uint256[] tokenIds;
mapping(uint256 tokenId =>uint256 index) indexes;
}
/// @custom:storage-location erc7201:io.ipor.RamsesV2TokenIdsstructRamsesV2TokenIds {
uint256[] tokenIds;
mapping(uint256 tokenId =>uint256 index) indexes;
}
/// @notice Gets the fuses storage pointerfunctiongetFuses() internalpurereturns (Fuses storage fuses) {
assembly {
fuses.slot:= CFG_FUSES
}
}
/// @notice Gets the fuses array storage pointerfunctiongetFusesArray() internalpurereturns (FusesArray storage fusesArray) {
assembly {
fusesArray.slot:= CFG_FUSES_ARRAY
}
}
/// @notice Gets the UniswapV3TokenIds storage pointerfunctiongetUniswapV3TokenIds() internalpurereturns (UniswapV3TokenIds storage uniswapV3TokenIds) {
assembly {
uniswapV3TokenIds.slot:= UNISWAP_V3_TOKEN_IDS
}
}
/// @notice Gets the UniswapV3TokenIds storage pointerfunctiongetRamsesV2TokenIds() internalpurereturns (RamsesV2TokenIds storage ramsesV2TokenIds) {
assembly {
ramsesV2TokenIds.slot:= RAMSES_V2_TOKEN_IDS
}
}
}
Contract Source Code
File 18 of 54: FusesLib.sol
// SPDX-License-Identifier: BUSL-1.1pragmasolidity 0.8.26;import {Address} from"@openzeppelin/contracts/utils/Address.sol";
import {FuseStorageLib} from"./FuseStorageLib.sol";
import {PlasmaVaultStorageLib} from"./PlasmaVaultStorageLib.sol";
/// @title Fuses Library responsible for managing fuses in the Plasma VaultlibraryFusesLib{
usingAddressforaddress;
eventFuseAdded(address fuse);
eventFuseRemoved(address fuse);
eventBalanceFuseAdded(uint256 marketId, address fuse);
eventBalanceFuseRemoved(uint256 marketId, address fuse);
errorFuseAlreadyExists();
errorFuseDoesNotExist();
errorFuseUnsupported(address fuse);
errorBalanceFuseAlreadyExists(uint256 marketId, address fuse);
errorBalanceFuseDoesNotExist(uint256 marketId, address fuse);
errorBalanceFuseNotReadyToRemove(uint256 marketId, address fuse, uint256 currentBalance);
/// @notice Checks if the fuse is supported/// @param fuse_ The address of the fuse/// @return true if the fuse is supportedfunctionisFuseSupported(address fuse_) internalviewreturns (bool) {
return FuseStorageLib.getFuses().value[fuse_] !=0;
}
/// @notice Checks if the balance fuse is supported/// @param marketId_ The market id/// @param fuse_ The address of the fuse/// @return true if the balance fuse is supportedfunctionisBalanceFuseSupported(uint256 marketId_, address fuse_) internalviewreturns (bool) {
return PlasmaVaultStorageLib.getBalanceFuses().value[marketId_] == fuse_;
}
/// @notice Gets the balance fuse for the market/// @param marketId_ The market id/// @return The address of the balance fusefunctiongetBalanceFuse(uint256 marketId_) internalviewreturns (address) {
return PlasmaVaultStorageLib.getBalanceFuses().value[marketId_];
}
/// @notice Gets the array of stored and supported Fuses/// @return The array of FusesfunctiongetFusesArray() internalviewreturns (address[] memory) {
return FuseStorageLib.getFusesArray().value;
}
/// @notice Gets the index of the fuse in the fuses array/// @param fuse_ The address of the fuse/// @return The index of the fuse in the fuses array stored in Plasma VaultfunctiongetFuseArrayIndex(address fuse_) internalviewreturns (uint256) {
return FuseStorageLib.getFuses().value[fuse_];
}
/// @notice Adds a fuse to supported fuses/// @param fuse_ The address of the fusefunctionaddFuse(address fuse_) internal{
FuseStorageLib.Fuses storage fuses = FuseStorageLib.getFuses();
uint256 keyIndexValue = fuses.value[fuse_];
if (keyIndexValue !=0) {
revert FuseAlreadyExists();
}
uint256 newLastFuseId = FuseStorageLib.getFusesArray().value.length+1;
/// @dev for balance fuses, value is a index + 1 in the fusesArray
fuses.value[fuse_] = newLastFuseId;
FuseStorageLib.getFusesArray().value.push(fuse_);
emit FuseAdded(fuse_);
}
/// @notice Removes a fuse from supported fuses/// @param fuse_ The address of the fusefunctionremoveFuse(address fuse_) internal{
FuseStorageLib.Fuses storage fuses = FuseStorageLib.getFuses();
uint256 indexToRemove = fuses.value[fuse_];
if (indexToRemove ==0) {
revert FuseDoesNotExist();
}
address lastKeyInArray = FuseStorageLib.getFusesArray().value[FuseStorageLib.getFusesArray().value.length-1];
fuses.value[lastKeyInArray] = indexToRemove;
fuses.value[fuse_] =0;
/// @dev balanceFuses mapping contains values as index + 1
FuseStorageLib.getFusesArray().value[indexToRemove -1] = lastKeyInArray;
FuseStorageLib.getFusesArray().value.pop();
emit FuseRemoved(fuse_);
}
/// @notice Adds a balance fuse to the market/// @param marketId_ The market id/// @param fuse_ The address of the fuse/// @dev Every market can have one dedicated balance fusefunctionaddBalanceFuse(uint256 marketId_, address fuse_) internal{
address currentFuse = PlasmaVaultStorageLib.getBalanceFuses().value[marketId_];
if (currentFuse == fuse_) {
revert BalanceFuseAlreadyExists(marketId_, fuse_);
}
PlasmaVaultStorageLib.getBalanceFuses().value[marketId_] = fuse_;
emit BalanceFuseAdded(marketId_, fuse_);
}
/// @notice Removes a balance fuse from the market/// @param marketId_ The market id/// @param fuse_ The address of the fuse/// @dev Every market can have one dedicated balance fusefunctionremoveBalanceFuse(uint256 marketId_, address fuse_) internal{
address currentBalanceFuse = PlasmaVaultStorageLib.getBalanceFuses().value[marketId_];
if (currentBalanceFuse != fuse_) {
revert BalanceFuseDoesNotExist(marketId_, fuse_);
}
uint256 wadBalanceAmountInUSD =abi.decode(
currentBalanceFuse.functionDelegateCall(abi.encodeWithSignature("balanceOf()")),
(uint256)
);
if (wadBalanceAmountInUSD > calculateAllowedDustInBalanceFuse()) {
revert BalanceFuseNotReadyToRemove(marketId_, fuse_, wadBalanceAmountInUSD);
}
PlasmaVaultStorageLib.getBalanceFuses().value[marketId_] =address(0);
emit BalanceFuseRemoved(marketId_, fuse_);
}
functioncalculateAllowedDustInBalanceFuse() privateviewreturns (uint256) {
return10** (PlasmaVaultStorageLib.getERC4626Storage().underlyingDecimals /2);
}
}
Contract Source Code
File 19 of 54: IAccessManaged.sol
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.0) (access/manager/IAccessManaged.sol)pragmasolidity ^0.8.20;interfaceIAccessManaged{
/**
* @dev Authority that manages this contract was updated.
*/eventAuthorityUpdated(address authority);
errorAccessManagedUnauthorized(address caller);
errorAccessManagedRequiredDelay(address caller, uint32 delay);
errorAccessManagedInvalidAuthority(address authority);
/**
* @dev Returns the current authority.
*/functionauthority() externalviewreturns (address);
/**
* @dev Transfers control to a new authority. The caller must be the current authority.
*/functionsetAuthority(address) external;
/**
* @dev Returns true only in the context of a delayed restricted call, at the moment that the scheduled operation is
* being consumed. Prevents denial of service for delayed restricted calls in the case that the contract performs
* attacker controlled calls.
*/functionisConsumingScheduledOp() externalviewreturns (bytes4);
}
Contract Source Code
File 20 of 54: IAccessManager.sol
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.0) (access/manager/IAccessManager.sol)pragmasolidity ^0.8.20;import {IAccessManaged} from"./IAccessManaged.sol";
import {Time} from"../../utils/types/Time.sol";
interfaceIAccessManager{
/**
* @dev A delayed operation was scheduled.
*/eventOperationScheduled(bytes32indexed operationId,
uint32indexed nonce,
uint48 schedule,
address caller,
address target,
bytes data
);
/**
* @dev A scheduled operation was executed.
*/eventOperationExecuted(bytes32indexed operationId, uint32indexed nonce);
/**
* @dev A scheduled operation was canceled.
*/eventOperationCanceled(bytes32indexed operationId, uint32indexed nonce);
/**
* @dev Informational labelling for a roleId.
*/eventRoleLabel(uint64indexed roleId, string label);
/**
* @dev Emitted when `account` is granted `roleId`.
*
* NOTE: The meaning of the `since` argument depends on the `newMember` argument.
* If the role is granted to a new member, the `since` argument indicates when the account becomes a member of the role,
* otherwise it indicates the execution delay for this account and roleId is updated.
*/eventRoleGranted(uint64indexed roleId, addressindexed account, uint32 delay, uint48 since, bool newMember);
/**
* @dev Emitted when `account` membership or `roleId` is revoked. Unlike granting, revoking is instantaneous.
*/eventRoleRevoked(uint64indexed roleId, addressindexed account);
/**
* @dev Role acting as admin over a given `roleId` is updated.
*/eventRoleAdminChanged(uint64indexed roleId, uint64indexed admin);
/**
* @dev Role acting as guardian over a given `roleId` is updated.
*/eventRoleGuardianChanged(uint64indexed roleId, uint64indexed guardian);
/**
* @dev Grant delay for a given `roleId` will be updated to `delay` when `since` is reached.
*/eventRoleGrantDelayChanged(uint64indexed roleId, uint32 delay, uint48 since);
/**
* @dev Target mode is updated (true = closed, false = open).
*/eventTargetClosed(addressindexed target, bool closed);
/**
* @dev Role required to invoke `selector` on `target` is updated to `roleId`.
*/eventTargetFunctionRoleUpdated(addressindexed target, bytes4 selector, uint64indexed roleId);
/**
* @dev Admin delay for a given `target` will be updated to `delay` when `since` is reached.
*/eventTargetAdminDelayUpdated(addressindexed target, uint32 delay, uint48 since);
errorAccessManagerAlreadyScheduled(bytes32 operationId);
errorAccessManagerNotScheduled(bytes32 operationId);
errorAccessManagerNotReady(bytes32 operationId);
errorAccessManagerExpired(bytes32 operationId);
errorAccessManagerLockedAccount(address account);
errorAccessManagerLockedRole(uint64 roleId);
errorAccessManagerBadConfirmation();
errorAccessManagerUnauthorizedAccount(address msgsender, uint64 roleId);
errorAccessManagerUnauthorizedCall(address caller, address target, bytes4 selector);
errorAccessManagerUnauthorizedConsume(address target);
errorAccessManagerUnauthorizedCancel(address msgsender, address caller, address target, bytes4 selector);
errorAccessManagerInvalidInitialAdmin(address initialAdmin);
/**
* @dev Check if an address (`caller`) is authorised to call a given function on a given contract directly (with
* no restriction). Additionally, it returns the delay needed to perform the call indirectly through the {schedule}
* & {execute} workflow.
*
* This function is usually called by the targeted contract to control immediate execution of restricted functions.
* Therefore we only return true if the call can be performed without any delay. If the call is subject to a
* previously set delay (not zero), then the function should return false and the caller should schedule the operation
* for future execution.
*
* If `immediate` is true, the delay can be disregarded and the operation can be immediately executed, otherwise
* the operation can be executed if and only if delay is greater than 0.
*
* NOTE: The IAuthority interface does not include the `uint32` delay. This is an extension of that interface that
* is backward compatible. Some contracts may thus ignore the second return argument. In that case they will fail
* to identify the indirect workflow, and will consider calls that require a delay to be forbidden.
*
* NOTE: This function does not report the permissions of this manager itself. These are defined by the
* {_canCallSelf} function instead.
*/functioncanCall(address caller,
address target,
bytes4 selector
) externalviewreturns (bool allowed, uint32 delay);
/**
* @dev Expiration delay for scheduled proposals. Defaults to 1 week.
*
* IMPORTANT: Avoid overriding the expiration with 0. Otherwise every contract proposal will be expired immediately,
* disabling any scheduling usage.
*/functionexpiration() externalviewreturns (uint32);
/**
* @dev Minimum setback for all delay updates, with the exception of execution delays. It
* can be increased without setback (and reset via {revokeRole} in the case event of an
* accidental increase). Defaults to 5 days.
*/functionminSetback() externalviewreturns (uint32);
/**
* @dev Get whether the contract is closed disabling any access. Otherwise role permissions are applied.
*/functionisTargetClosed(address target) externalviewreturns (bool);
/**
* @dev Get the role required to call a function.
*/functiongetTargetFunctionRole(address target, bytes4 selector) externalviewreturns (uint64);
/**
* @dev Get the admin delay for a target contract. Changes to contract configuration are subject to this delay.
*/functiongetTargetAdminDelay(address target) externalviewreturns (uint32);
/**
* @dev Get the id of the role that acts as an admin for the given role.
*
* The admin permission is required to grant the role, revoke the role and update the execution delay to execute
* an operation that is restricted to this role.
*/functiongetRoleAdmin(uint64 roleId) externalviewreturns (uint64);
/**
* @dev Get the role that acts as a guardian for a given role.
*
* The guardian permission allows canceling operations that have been scheduled under the role.
*/functiongetRoleGuardian(uint64 roleId) externalviewreturns (uint64);
/**
* @dev Get the role current grant delay.
*
* Its value may change at any point without an event emitted following a call to {setGrantDelay}.
* Changes to this value, including effect timepoint are notified in advance by the {RoleGrantDelayChanged} event.
*/functiongetRoleGrantDelay(uint64 roleId) externalviewreturns (uint32);
/**
* @dev Get the access details for a given account for a given role. These details include the timepoint at which
* membership becomes active, and the delay applied to all operation by this user that requires this permission
* level.
*
* Returns:
* [0] Timestamp at which the account membership becomes valid. 0 means role is not granted.
* [1] Current execution delay for the account.
* [2] Pending execution delay for the account.
* [3] Timestamp at which the pending execution delay will become active. 0 means no delay update is scheduled.
*/functiongetAccess(uint64 roleId, address account) externalviewreturns (uint48, uint32, uint32, uint48);
/**
* @dev Check if a given account currently has the permission level corresponding to a given role. Note that this
* permission might be associated with an execution delay. {getAccess} can provide more details.
*/functionhasRole(uint64 roleId, address account) externalviewreturns (bool, uint32);
/**
* @dev Give a label to a role, for improved role discoverability by UIs.
*
* Requirements:
*
* - the caller must be a global admin
*
* Emits a {RoleLabel} event.
*/functionlabelRole(uint64 roleId, stringcalldata label) external;
/**
* @dev Add `account` to `roleId`, or change its execution delay.
*
* This gives the account the authorization to call any function that is restricted to this role. An optional
* execution delay (in seconds) can be set. If that delay is non 0, the user is required to schedule any operation
* that is restricted to members of this role. The user will only be able to execute the operation after the delay has
* passed, before it has expired. During this period, admin and guardians can cancel the operation (see {cancel}).
*
* If the account has already been granted this role, the execution delay will be updated. This update is not
* immediate and follows the delay rules. For example, if a user currently has a delay of 3 hours, and this is
* called to reduce that delay to 1 hour, the new delay will take some time to take effect, enforcing that any
* operation executed in the 3 hours that follows this update was indeed scheduled before this update.
*
* Requirements:
*
* - the caller must be an admin for the role (see {getRoleAdmin})
* - granted role must not be the `PUBLIC_ROLE`
*
* Emits a {RoleGranted} event.
*/functiongrantRole(uint64 roleId, address account, uint32 executionDelay) external;
/**
* @dev Remove an account from a role, with immediate effect. If the account does not have the role, this call has
* no effect.
*
* Requirements:
*
* - the caller must be an admin for the role (see {getRoleAdmin})
* - revoked role must not be the `PUBLIC_ROLE`
*
* Emits a {RoleRevoked} event if the account had the role.
*/functionrevokeRole(uint64 roleId, address account) external;
/**
* @dev Renounce role permissions for the calling account with immediate effect. If the sender is not in
* the role this call has no effect.
*
* Requirements:
*
* - the caller must be `callerConfirmation`.
*
* Emits a {RoleRevoked} event if the account had the role.
*/functionrenounceRole(uint64 roleId, address callerConfirmation) external;
/**
* @dev Change admin role for a given role.
*
* Requirements:
*
* - the caller must be a global admin
*
* Emits a {RoleAdminChanged} event
*/functionsetRoleAdmin(uint64 roleId, uint64 admin) external;
/**
* @dev Change guardian role for a given role.
*
* Requirements:
*
* - the caller must be a global admin
*
* Emits a {RoleGuardianChanged} event
*/functionsetRoleGuardian(uint64 roleId, uint64 guardian) external;
/**
* @dev Update the delay for granting a `roleId`.
*
* Requirements:
*
* - the caller must be a global admin
*
* Emits a {RoleGrantDelayChanged} event.
*/functionsetGrantDelay(uint64 roleId, uint32 newDelay) external;
/**
* @dev Set the role required to call functions identified by the `selectors` in the `target` contract.
*
* Requirements:
*
* - the caller must be a global admin
*
* Emits a {TargetFunctionRoleUpdated} event per selector.
*/functionsetTargetFunctionRole(address target, bytes4[] calldata selectors, uint64 roleId) external;
/**
* @dev Set the delay for changing the configuration of a given target contract.
*
* Requirements:
*
* - the caller must be a global admin
*
* Emits a {TargetAdminDelayUpdated} event.
*/functionsetTargetAdminDelay(address target, uint32 newDelay) external;
/**
* @dev Set the closed flag for a contract.
*
* Requirements:
*
* - the caller must be a global admin
*
* Emits a {TargetClosed} event.
*/functionsetTargetClosed(address target, bool closed) external;
/**
* @dev Return the timepoint at which a scheduled operation will be ready for execution. This returns 0 if the
* operation is not yet scheduled, has expired, was executed, or was canceled.
*/functiongetSchedule(bytes32 id) externalviewreturns (uint48);
/**
* @dev Return the nonce for the latest scheduled operation with a given id. Returns 0 if the operation has never
* been scheduled.
*/functiongetNonce(bytes32 id) externalviewreturns (uint32);
/**
* @dev Schedule a delayed operation for future execution, and return the operation identifier. It is possible to
* choose the timestamp at which the operation becomes executable as long as it satisfies the execution delays
* required for the caller. The special value zero will automatically set the earliest possible time.
*
* Returns the `operationId` that was scheduled. Since this value is a hash of the parameters, it can reoccur when
* the same parameters are used; if this is relevant, the returned `nonce` can be used to uniquely identify this
* scheduled operation from other occurrences of the same `operationId` in invocations of {execute} and {cancel}.
*
* Emits a {OperationScheduled} event.
*
* NOTE: It is not possible to concurrently schedule more than one operation with the same `target` and `data`. If
* this is necessary, a random byte can be appended to `data` to act as a salt that will be ignored by the target
* contract if it is using standard Solidity ABI encoding.
*/functionschedule(address target, bytescalldata data, uint48 when) externalreturns (bytes32, uint32);
/**
* @dev Execute a function that is delay restricted, provided it was properly scheduled beforehand, or the
* execution delay is 0.
*
* Returns the nonce that identifies the previously scheduled operation that is executed, or 0 if the
* operation wasn't previously scheduled (if the caller doesn't have an execution delay).
*
* Emits an {OperationExecuted} event only if the call was scheduled and delayed.
*/functionexecute(address target, bytescalldata data) externalpayablereturns (uint32);
/**
* @dev Cancel a scheduled (delayed) operation. Returns the nonce that identifies the previously scheduled
* operation that is cancelled.
*
* Requirements:
*
* - the caller must be the proposer, a guardian of the targeted function, or a global admin
*
* Emits a {OperationCanceled} event.
*/functioncancel(address caller, address target, bytescalldata data) externalreturns (uint32);
/**
* @dev Consume a scheduled operation targeting the caller. If such an operation exists, mark it as consumed
* (emit an {OperationExecuted} event and clean the state). Otherwise, throw an error.
*
* This is useful for contract that want to enforce that calls targeting them were scheduled on the manager,
* with all the verifications that it implies.
*
* Emit a {OperationExecuted} event.
*/functionconsumeScheduledOp(address caller, bytescalldata data) external;
/**
* @dev Hashing function for delayed operations.
*/functionhashOperation(address caller, address target, bytescalldata data) externalviewreturns (bytes32);
/**
* @dev Changes the authority of a target managed by this manager instance.
*
* Requirements:
*
* - the caller must be a global admin
*/functionupdateAuthority(address target, address newAuthority) external;
}
Contract Source Code
File 21 of 54: IAuthority.sol
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.0) (access/manager/IAuthority.sol)pragmasolidity ^0.8.20;/**
* @dev Standard interface for permissioning originally defined in Dappsys.
*/interfaceIAuthority{
/**
* @dev Returns true if the caller can invoke on a target the function identified by a function selector.
*/functioncanCall(address caller, address target, bytes4 selector) externalviewreturns (bool allowed);
}
Contract Source Code
File 22 of 54: IERC20.sol
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/IERC20.sol)pragmasolidity ^0.8.20;/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/interfaceIERC20{
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/eventTransfer(addressindexedfrom, addressindexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/eventApproval(addressindexed owner, addressindexed spender, uint256 value);
/**
* @dev Returns the value of tokens in existence.
*/functiontotalSupply() externalviewreturns (uint256);
/**
* @dev Returns the value of tokens owned by `account`.
*/functionbalanceOf(address account) externalviewreturns (uint256);
/**
* @dev Moves a `value` amount of tokens from the caller's account to `to`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/functiontransfer(address to, uint256 value) externalreturns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/functionallowance(address owner, address spender) externalviewreturns (uint256);
/**
* @dev Sets a `value` amount of tokens as the allowance of `spender` over the
* caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/functionapprove(address spender, uint256 value) externalreturns (bool);
/**
* @dev Moves a `value` amount of tokens from `from` to `to` using the
* allowance mechanism. `value` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/functiontransferFrom(addressfrom, address to, uint256 value) externalreturns (bool);
}
Contract Source Code
File 23 of 54: IERC20Metadata.sol
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/IERC20Metadata.sol)pragmasolidity ^0.8.20;import {IERC20} from"../IERC20.sol";
/**
* @dev Interface for the optional metadata functions from the ERC20 standard.
*/interfaceIERC20MetadataisIERC20{
/**
* @dev Returns the name of the token.
*/functionname() externalviewreturns (stringmemory);
/**
* @dev Returns the symbol of the token.
*/functionsymbol() externalviewreturns (stringmemory);
/**
* @dev Returns the decimals places of the token.
*/functiondecimals() externalviewreturns (uint8);
}
Contract Source Code
File 24 of 54: IERC20Permit.sol
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/IERC20Permit.sol)pragmasolidity ^0.8.20;/**
* @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
* https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
*
* Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
* presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't
* need to send a transaction, and thus is not required to hold Ether at all.
*
* ==== Security Considerations
*
* There are two important considerations concerning the use of `permit`. The first is that a valid permit signature
* expresses an allowance, and it should not be assumed to convey additional meaning. In particular, it should not be
* considered as an intention to spend the allowance in any specific way. The second is that because permits have
* built-in replay protection and can be submitted by anyone, they can be frontrun. A protocol that uses permits should
* take this into consideration and allow a `permit` call to fail. Combining these two aspects, a pattern that may be
* generally recommended is:
*
* ```solidity
* function doThingWithPermit(..., uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s) public {
* try token.permit(msg.sender, address(this), value, deadline, v, r, s) {} catch {}
* doThing(..., value);
* }
*
* function doThing(..., uint256 value) public {
* token.safeTransferFrom(msg.sender, address(this), value);
* ...
* }
* ```
*
* Observe that: 1) `msg.sender` is used as the owner, leaving no ambiguity as to the signer intent, and 2) the use of
* `try/catch` allows the permit to fail and makes the code tolerant to frontrunning. (See also
* {SafeERC20-safeTransferFrom}).
*
* Additionally, note that smart contract wallets (such as Argent or Safe) are not able to produce permit signatures, so
* contracts should have entry points that don't rely on permit.
*/interfaceIERC20Permit{
/**
* @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,
* given ``owner``'s signed approval.
*
* IMPORTANT: The same issues {IERC20-approve} has related to transaction
* ordering also apply here.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `spender` cannot be the zero address.
* - `deadline` must be a timestamp in the future.
* - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`
* over the EIP712-formatted function arguments.
* - the signature must use ``owner``'s current nonce (see {nonces}).
*
* For more information on the signature format, see the
* https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP
* section].
*
* CAUTION: See Security Considerations above.
*/functionpermit(address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) external;
/**
* @dev Returns the current nonce for `owner`. This value must be
* included whenever a signature is generated for {permit}.
*
* Every successful call to {permit} increases ``owner``'s nonce by one. This
* prevents a signature from being used multiple times.
*/functionnonces(address owner) externalviewreturns (uint256);
/**
* @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.
*/// solhint-disable-next-line func-name-mixedcasefunctionDOMAIN_SEPARATOR() externalviewreturns (bytes32);
}
Contract Source Code
File 25 of 54: IERC4626.sol
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC4626.sol)pragmasolidity ^0.8.20;import {IERC20} from"../token/ERC20/IERC20.sol";
import {IERC20Metadata} from"../token/ERC20/extensions/IERC20Metadata.sol";
/**
* @dev Interface of the ERC4626 "Tokenized Vault Standard", as defined in
* https://eips.ethereum.org/EIPS/eip-4626[ERC-4626].
*/interfaceIERC4626isIERC20, IERC20Metadata{
eventDeposit(addressindexed sender, addressindexed owner, uint256 assets, uint256 shares);
eventWithdraw(addressindexed sender,
addressindexed receiver,
addressindexed owner,
uint256 assets,
uint256 shares
);
/**
* @dev Returns the address of the underlying token used for the Vault for accounting, depositing, and withdrawing.
*
* - MUST be an ERC-20 token contract.
* - MUST NOT revert.
*/functionasset() externalviewreturns (address assetTokenAddress);
/**
* @dev Returns the total amount of the underlying asset that is “managed” by Vault.
*
* - SHOULD include any compounding that occurs from yield.
* - MUST be inclusive of any fees that are charged against assets in the Vault.
* - MUST NOT revert.
*/functiontotalAssets() externalviewreturns (uint256 totalManagedAssets);
/**
* @dev Returns the amount of shares that the Vault would exchange for the amount of assets provided, in an ideal
* scenario where all the conditions are met.
*
* - MUST NOT be inclusive of any fees that are charged against assets in the Vault.
* - MUST NOT show any variations depending on the caller.
* - MUST NOT reflect slippage or other on-chain conditions, when performing the actual exchange.
* - MUST NOT revert.
*
* NOTE: This calculation MAY NOT reflect the “per-user” price-per-share, and instead should reflect the
* “average-user’s” price-per-share, meaning what the average user should expect to see when exchanging to and
* from.
*/functionconvertToShares(uint256 assets) externalviewreturns (uint256 shares);
/**
* @dev Returns the amount of assets that the Vault would exchange for the amount of shares provided, in an ideal
* scenario where all the conditions are met.
*
* - MUST NOT be inclusive of any fees that are charged against assets in the Vault.
* - MUST NOT show any variations depending on the caller.
* - MUST NOT reflect slippage or other on-chain conditions, when performing the actual exchange.
* - MUST NOT revert.
*
* NOTE: This calculation MAY NOT reflect the “per-user” price-per-share, and instead should reflect the
* “average-user’s” price-per-share, meaning what the average user should expect to see when exchanging to and
* from.
*/functionconvertToAssets(uint256 shares) externalviewreturns (uint256 assets);
/**
* @dev Returns the maximum amount of the underlying asset that can be deposited into the Vault for the receiver,
* through a deposit call.
*
* - MUST return a limited value if receiver is subject to some deposit limit.
* - MUST return 2 ** 256 - 1 if there is no limit on the maximum amount of assets that may be deposited.
* - MUST NOT revert.
*/functionmaxDeposit(address receiver) externalviewreturns (uint256 maxAssets);
/**
* @dev Allows an on-chain or off-chain user to simulate the effects of their deposit at the current block, given
* current on-chain conditions.
*
* - MUST return as close to and no more than the exact amount of Vault shares that would be minted in a deposit
* call in the same transaction. I.e. deposit should return the same or more shares as previewDeposit if called
* in the same transaction.
* - MUST NOT account for deposit limits like those returned from maxDeposit and should always act as though the
* deposit would be accepted, regardless if the user has enough tokens approved, etc.
* - MUST be inclusive of deposit fees. Integrators should be aware of the existence of deposit fees.
* - MUST NOT revert.
*
* NOTE: any unfavorable discrepancy between convertToShares and previewDeposit SHOULD be considered slippage in
* share price or some other type of condition, meaning the depositor will lose assets by depositing.
*/functionpreviewDeposit(uint256 assets) externalviewreturns (uint256 shares);
/**
* @dev Mints shares Vault shares to receiver by depositing exactly amount of underlying tokens.
*
* - MUST emit the Deposit event.
* - MAY support an additional flow in which the underlying tokens are owned by the Vault contract before the
* deposit execution, and are accounted for during deposit.
* - MUST revert if all of assets cannot be deposited (due to deposit limit being reached, slippage, the user not
* approving enough underlying tokens to the Vault contract, etc).
*
* NOTE: most implementations will require pre-approval of the Vault with the Vault’s underlying asset token.
*/functiondeposit(uint256 assets, address receiver) externalreturns (uint256 shares);
/**
* @dev Returns the maximum amount of the Vault shares that can be minted for the receiver, through a mint call.
* - MUST return a limited value if receiver is subject to some mint limit.
* - MUST return 2 ** 256 - 1 if there is no limit on the maximum amount of shares that may be minted.
* - MUST NOT revert.
*/functionmaxMint(address receiver) externalviewreturns (uint256 maxShares);
/**
* @dev Allows an on-chain or off-chain user to simulate the effects of their mint at the current block, given
* current on-chain conditions.
*
* - MUST return as close to and no fewer than the exact amount of assets that would be deposited in a mint call
* in the same transaction. I.e. mint should return the same or fewer assets as previewMint if called in the
* same transaction.
* - MUST NOT account for mint limits like those returned from maxMint and should always act as though the mint
* would be accepted, regardless if the user has enough tokens approved, etc.
* - MUST be inclusive of deposit fees. Integrators should be aware of the existence of deposit fees.
* - MUST NOT revert.
*
* NOTE: any unfavorable discrepancy between convertToAssets and previewMint SHOULD be considered slippage in
* share price or some other type of condition, meaning the depositor will lose assets by minting.
*/functionpreviewMint(uint256 shares) externalviewreturns (uint256 assets);
/**
* @dev Mints exactly shares Vault shares to receiver by depositing amount of underlying tokens.
*
* - MUST emit the Deposit event.
* - MAY support an additional flow in which the underlying tokens are owned by the Vault contract before the mint
* execution, and are accounted for during mint.
* - MUST revert if all of shares cannot be minted (due to deposit limit being reached, slippage, the user not
* approving enough underlying tokens to the Vault contract, etc).
*
* NOTE: most implementations will require pre-approval of the Vault with the Vault’s underlying asset token.
*/functionmint(uint256 shares, address receiver) externalreturns (uint256 assets);
/**
* @dev Returns the maximum amount of the underlying asset that can be withdrawn from the owner balance in the
* Vault, through a withdraw call.
*
* - MUST return a limited value if owner is subject to some withdrawal limit or timelock.
* - MUST NOT revert.
*/functionmaxWithdraw(address owner) externalviewreturns (uint256 maxAssets);
/**
* @dev Allows an on-chain or off-chain user to simulate the effects of their withdrawal at the current block,
* given current on-chain conditions.
*
* - MUST return as close to and no fewer than the exact amount of Vault shares that would be burned in a withdraw
* call in the same transaction. I.e. withdraw should return the same or fewer shares as previewWithdraw if
* called
* in the same transaction.
* - MUST NOT account for withdrawal limits like those returned from maxWithdraw and should always act as though
* the withdrawal would be accepted, regardless if the user has enough shares, etc.
* - MUST be inclusive of withdrawal fees. Integrators should be aware of the existence of withdrawal fees.
* - MUST NOT revert.
*
* NOTE: any unfavorable discrepancy between convertToShares and previewWithdraw SHOULD be considered slippage in
* share price or some other type of condition, meaning the depositor will lose assets by depositing.
*/functionpreviewWithdraw(uint256 assets) externalviewreturns (uint256 shares);
/**
* @dev Burns shares from owner and sends exactly assets of underlying tokens to receiver.
*
* - MUST emit the Withdraw event.
* - MAY support an additional flow in which the underlying tokens are owned by the Vault contract before the
* withdraw execution, and are accounted for during withdraw.
* - MUST revert if all of assets cannot be withdrawn (due to withdrawal limit being reached, slippage, the owner
* not having enough shares, etc).
*
* Note that some implementations will require pre-requesting to the Vault before a withdrawal may be performed.
* Those methods should be performed separately.
*/functionwithdraw(uint256 assets, address receiver, address owner) externalreturns (uint256 shares);
/**
* @dev Returns the maximum amount of Vault shares that can be redeemed from the owner balance in the Vault,
* through a redeem call.
*
* - MUST return a limited value if owner is subject to some withdrawal limit or timelock.
* - MUST return balanceOf(owner) if owner is not subject to any withdrawal limit or timelock.
* - MUST NOT revert.
*/functionmaxRedeem(address owner) externalviewreturns (uint256 maxShares);
/**
* @dev Allows an on-chain or off-chain user to simulate the effects of their redeemption at the current block,
* given current on-chain conditions.
*
* - MUST return as close to and no more than the exact amount of assets that would be withdrawn in a redeem call
* in the same transaction. I.e. redeem should return the same or more assets as previewRedeem if called in the
* same transaction.
* - MUST NOT account for redemption limits like those returned from maxRedeem and should always act as though the
* redemption would be accepted, regardless if the user has enough shares, etc.
* - MUST be inclusive of withdrawal fees. Integrators should be aware of the existence of withdrawal fees.
* - MUST NOT revert.
*
* NOTE: any unfavorable discrepancy between convertToAssets and previewRedeem SHOULD be considered slippage in
* share price or some other type of condition, meaning the depositor will lose assets by redeeming.
*/functionpreviewRedeem(uint256 shares) externalviewreturns (uint256 assets);
/**
* @dev Burns exactly shares from owner and sends assets of underlying tokens to receiver.
*
* - MUST emit the Withdraw event.
* - MAY support an additional flow in which the underlying tokens are owned by the Vault contract before the
* redeem execution, and are accounted for during redeem.
* - MUST revert if all of shares cannot be redeemed (due to withdrawal limit being reached, slippage, the owner
* not having enough shares, etc).
*
* NOTE: some implementations will require pre-requesting to the Vault before a withdrawal may be performed.
* Those methods should be performed separately.
*/functionredeem(uint256 shares, address receiver, address owner) externalreturns (uint256 assets);
}
Contract Source Code
File 26 of 54: IFuseCommon.sol
// SPDX-License-Identifier: BUSL-1.1pragmasolidity 0.8.26;/// @title Interface for Fuses Common functionsinterfaceIFuseCommon{
/// @notice Market ID associated with the Fuse//solhint-disable-next-linefunctionMARKET_ID() externalviewreturns (uint256);
}
Contract Source Code
File 27 of 54: IIporFusionAccessManager.sol
// SPDX-License-Identifier: BUSL-1.1pragmasolidity 0.8.26;import {IAccessManager} from"@openzeppelin/contracts/access/manager/IAccessManager.sol";
/// @title Interface for the IporFusionAccessManager contract that manages access control for the IporFusion contract and its contract satellitesinterfaceIIporFusionAccessManagerisIAccessManager{
/// @notice The minimal delay required for the timelocked functions, value is set in the constructor, cannot be changed/// @return The minimal delay in seconds// solhint-disable-next-line func-name-mixedcasefunctionREDEMPTION_DELAY_IN_SECONDS() externalviewreturns (uint256);
/// @notice Check if the caller can call the target with the given selector. Update the account lock time./// @dev canCall cannot be a view function because it updates the account lock time.functioncanCallAndUpdate(address caller,
address target,
bytes4 selector
) externalreturns (bool immediate, uint32 delay);
/// @notice Close or open given target to interact with methods with restricted modifiers./// @dev In most cases when Vault is bootstrapping the ADMIN_ROLE is revoked so custom method is needed to grant roles for a GUARDIAN_ROLE.functionupdateTargetClosed(address target, bool closed) external;
/// @notice Converts the specified vault to a public vault - mint and deposit functions are allowed for everyone./// @dev Notice! Can convert to public but cannot convert back to private./// @param vault The address of the vaultfunctionconvertToPublicVault(address vault) external;
/// @notice Enables transfer shares, transfer and transferFrom functions are allowed for everyone./// @param vault The address of the vaultfunctionenableTransferShares(address vault) external;
/// @notice Sets the minimal execution delay required for the specified roles./// @param rolesIds The roles for which the minimal execution delay is set/// @param delays The minimal execution delays for the specified rolesfunctionsetMinimalExecutionDelaysForRoles(uint64[] calldata rolesIds, uint256[] calldata delays) external;
/// @notice Returns the minimal execution delay required for the specified role./// @param roleId The role for which the minimal execution delay is returned/// @return The minimal execution delay in secondsfunctiongetMinimalExecutionDelayForRole(uint64 roleId) externalviewreturns (uint256);
/// @notice Returns the account lock time for the specified account./// @param account The account for which the account lock time is returned/// @return The account lock time in secondsfunctiongetAccountLockTime(address account) externalviewreturns (uint256);
/// @notice Returns the function selector for the scheduled operation that is currently being consumed./// @return The function selectorfunctionisConsumingScheduledOp() externalviewreturns (bytes4);
}
Contract Source Code
File 28 of 54: IPlasmaVault.sol
// SPDX-License-Identifier: BUSL-1.1pragmasolidity 0.8.26;/// @notice FuseAction is a struct that represents a single action that can be executed by an AlphastructFuseAction {
/// @notice fuse is an address of the Fuse contractaddress fuse;
/// @notice data is a bytes data that is passed to the Fuse contractbytes data;
}
/// @title Plasma Vault interface with business methodsinterfaceIPlasmaVault{
/// @notice Returns the total assets in the market with the given marketId/// @param marketId_ The marketId of the market/// @return The total assets in the market represented in underlying token decimalsfunctiontotalAssetsInMarket(uint256 marketId_) externalviewreturns (uint256);
/**
* @notice Updates the balances of the specified markets.
* @param marketIds_ The array of market IDs to update balances for.
* @return The total assets in the Plasma Vault after updating the market balances.
* @dev If the `marketIds_` array is empty, it returns the total assets without updating any market balances.
* This function first records the total assets before updating the market balances, then updates the balances,
* adds the performance fee based on the assets before the update, and finally returns the new total assets.
*/functionupdateMarketsBalances(uint256[] calldata marketIds_) externalreturns (uint256);
/// @notice Gets unrealized management fee/// @return The unrealized management fee represented in underlying token decimalsfunctiongetUnrealizedManagementFee() externalviewreturns (uint256);
/// @notice Execute fuse actions on the Plasma Vault via Fuses, by Alpha to perform actions which improve the performance earnings of the Plasma Vault/// @param calls_ The array of FuseActions to execute/// @dev Method is granted only to the Alphafunctionexecute(FuseAction[] calldata calls_) external;
/// @notice Claim rewards from the Plasma Vault via Rewards Fuses to claim rewards from connected protocols with the Plasma Vault/// @param calls_ The array of FuseActions to claim rewards/// @dev Method is granted only to the RewardsManagerfunctionclaimRewards(FuseAction[] calldata calls_) external;
/// @notice Deposit assets to the Plasma Vault with permit function/// @param assets_ The amount of underlying assets to deposit/// @param owner_ The owner of the assets/// @param receiver_ The receiver of the assets/// @param deadline_ The deadline for the permit function/// @param v_ The v value of the signature/// @param r_ The r value of the signature/// @param s_ The s value of the signature/// @return The amount of shares mintedfunctiondepositWithPermit(uint256 assets_,
address owner_,
address receiver_,
uint256 deadline_,
uint8 v_,
bytes32 r_,
bytes32 s_
) externalreturns (uint256);
}
Contract Source Code
File 29 of 54: IPlasmaVaultBase.sol
// SPDX-License-Identifier: BUSL-1.1pragmasolidity 0.8.26;/// @title Plasma Vault Base interfaceinterfaceIPlasmaVaultBase{
/// @notice Initializes the Plasma Vault/// @dev Method is executed only once during the Plasma Vault construction in context of Plasma Vault (delegatecall used)/// @param assetName_ The name of the asset/// @param accessManager_ The address of the Ipor Fusion Access Manager/// @param totalSupplyCap_ The total supply cap of the sharesfunctioninit(stringmemory assetName_, address accessManager_, uint256 totalSupplyCap_) external;
/// @notice When token are transferring, updates data in storage required for functionalities included in PlasmaVaultBase but in context of Plasma Vault (delegatecall used)/// @param from_ The address from which the tokens are transferred/// @param to_ The address to which the tokens are transferred/// @param value_ The amount of tokens transferredfunctionupdateInternal(address from_, address to_, uint256 value_) external;
}
Contract Source Code
File 30 of 54: IPlasmaVaultGovernance.sol
// SPDX-License-Identifier: BUSL-1.1pragmasolidity 0.8.26;import {PlasmaVaultStorageLib} from"../libraries/PlasmaVaultStorageLib.sol";
import {InstantWithdrawalFusesParamsStruct} from"../libraries/PlasmaVaultLib.sol";
import {MarketLimit} from"../libraries/AssetDistributionProtectionLib.sol";
/// @title Plasma Vault Governance interfaceinterfaceIPlasmaVaultGovernance{
/// @notice Checks if the market has granted the substrate/// @param marketId_ The marketId of the market/// @param substrate_ The substrate to check/// @return True if the market has granted the substratefunctionisMarketSubstrateGranted(uint256 marketId_, bytes32 substrate_) externalviewreturns (bool);
/// @notice Checks if fuse is supported/// @param fuse_ The address of the fuse/// @return True if the fuse is supportedfunctionisFuseSupported(address fuse_) externalviewreturns (bool);
/// @notice Checks if balance fuse is supported in a given market/// @param marketId_ The marketId of the market/// @param fuse_ The address of the fuse/// @return True if the balance fuse is supportedfunctionisBalanceFuseSupported(uint256 marketId_, address fuse_) externalviewreturns (bool);
/// @notice Checks if the markets limits protection is activated/// @return True if the markets limits protection is activatedfunctionisMarketsLimitsActivated() externalviewreturns (bool);
/// @notice Returns the array of market substrates granted in the market/// @param marketId_ The marketId of the market/// @return The array of substrates granted in the market/// @dev Substrates can be assets, vault, markets or any other parameter specific for the market and associated with market external protocolfunctiongetMarketSubstrates(uint256 marketId_) externalviewreturns (bytes32[] memory);
/// @notice Returns the array of fuses supported by the Plasma Vault/// @return The array of fusesfunctiongetFuses() externalviewreturns (address[] memory);
/// @notice Returns the address of the Price Oracle Middleware/// @return The address of the Price Oracle MiddlewarefunctiongetPriceOracleMiddleware() externalviewreturns (address);
/// @notice Returns the performance fee configuration data of the Plasma Vault/// @return feeData The performance fee configuration data, see PerformanceFeeData structfunctiongetPerformanceFeeData() externalviewreturns (PlasmaVaultStorageLib.PerformanceFeeData memory feeData);
/// @notice Returns the management fee configuration data of the Plasma Vault/// @return feeData The management fee configuration data, see ManagementFeeData structfunctiongetManagementFeeData() externalviewreturns (PlasmaVaultStorageLib.ManagementFeeData memory feeData);
/// @notice Returns the address of the Ipor Fusion Access Manager/// @return The address of the Ipor Fusion Access ManagerfunctiongetAccessManagerAddress() externalviewreturns (address);
/// @notice Returns the address of the Rewards Claim Manager/// @return The address of the Rewards Claim ManagerfunctiongetRewardsClaimManagerAddress() externalviewreturns (address);
/// @notice Returns the array of fuses used during the instant withdrawal process, order of the fuses is important/// @return The array of fuses, the order of the fuses is importantfunctiongetInstantWithdrawalFuses() externalviewreturns (address[] memory);
/// @notice Returns the parameters used by the instant withdrawal fuses/// @param fuse_ The address of the fuse/// @param index_ The index of the fuse in the ordered array of fuses/// @return The array of parameters used by the fusefunctiongetInstantWithdrawalFusesParams(address fuse_, uint256 index_) externalviewreturns (bytes32[] memory);
/// @notice Returns the market limit for the given market in percentage represented in 1e18/// @param marketId_ The marketId of the market/// @return The market limit in percentage represented in 1e18/// @dev This is percentage of the total balance in the Plasma VaultfunctiongetMarketLimit(uint256 marketId_) externalviewreturns (uint256);
/// @notice Gets the dependency balance graph for the given market, meaning the markets that are dependent on the given market and should be considered in the balance calculation/// @param marketId_ The marketId of the market/// @return Dependency balance graph is required because exists external protocols where interaction with the market can affect the balance of other marketsfunctiongetDependencyBalanceGraph(uint256 marketId_) externalviewreturns (uint256[] memory);
/// @notice Returns the total supply cap/// @return The total supply cap, the values is represented in underlying decimalsfunctiongetTotalSupplyCap() externalviewreturns (uint256);
/// @notice Adds the balance fuse to the market/// @param marketId_ The marketId of the market/// @param fuse_ The address of the balance fusefunctionaddBalanceFuse(uint256 marketId_, address fuse_) external;
/// @notice Removes the balance fuse from the market/// @param marketId_ The marketId of the market/// @param fuse_ The address of the balance fusefunctionremoveBalanceFuse(uint256 marketId_, address fuse_) external;
/// @notice Grants the substrates to the market/// @param marketId_ The marketId of the market/// @param substrates_ The substrates to grant/// @dev Substrates can be assets, vault, markets or any other parameter specific for the market and associated with market external protocolfunctiongrantMarketSubstrates(uint256 marketId_, bytes32[] calldata substrates_) external;
/// @notice Updates the dependency balance graphs for the markets/// @param marketIds_ The array of marketIds/// @param dependencies_ dependency graph of marketsfunctionupdateDependencyBalanceGraphs(uint256[] memory marketIds_, uint256[][] memory dependencies_) external;
/// @notice Configures the instant withdrawal fuses. Order of the fuse is important, as it will be used in the same order during the instant withdrawal process/// @param fuses_ The array of InstantWithdrawalFusesParamsStruct to configure/// @dev Order of the fuses is important, the same fuse can be used multiple times with different parameters (for example different assets, markets or any other substrate specific for the fuse)functionconfigureInstantWithdrawalFuses(InstantWithdrawalFusesParamsStruct[] calldata fuses_) external;
/// @notice Adds the fuses supported by the Plasma Vault/// @param fuses_ The array of fuses to addfunctionaddFuses(address[] calldata fuses_) external;
/// @notice Removes the fuses supported by the Plasma Vault/// @param fuses_ The array of fuses to removefunctionremoveFuses(address[] calldata fuses_) external;
/// @notice Sets the Price Oracle Middleware address/// @param priceOracleMiddleware_ The address of the Price Oracle MiddlewarefunctionsetPriceOracleMiddleware(address priceOracleMiddleware_) external;
/// @notice Configures the performance fee/// @param feeAccount_ The address of the fee manager/// @param feeInPercentage_ The fee in percentage represented in 18 decimals, example 1e18 is 100%, 1e17 is 10% etc.functionconfigurePerformanceFee(address feeAccount_, uint256 feeInPercentage_) external;
/// @notice Configures the management fee/// @param feeAccount_ The address of the fee manager/// @param feeInPercentage_ The fee in percentage represented in 18 decimals, example 1e18 is 100%, 1e17 is 10% etc.functionconfigureManagementFee(address feeAccount_, uint256 feeInPercentage_) external;
/// @notice Sets the Rewards Claim Manager address/// @param rewardsClaimManagerAddress_ The address of the Rewards Claim ManagerfunctionsetRewardsClaimManagerAddress(address rewardsClaimManagerAddress_) external;
/// @notice Sets the market limit for the given market in percentage represented in 18 decimals/// @param marketsLimits_ The array of MarketLimit to setup, see MarketLimit structfunctionsetupMarketsLimits(MarketLimit[] calldata marketsLimits_) external;
/// @notice Activates the markets limits protection, by default it is deactivated. After activation the limits is setup for each market separately.functionactivateMarketsLimits() external;
/// @notice Deactivates the markets limits protection.functiondeactivateMarketsLimits() external;
/// @notice Updates the callback handler/// @param handler_ The address of the handler/// @param sender_ The address of the sender/// @param sig_ The signature of the functionfunctionupdateCallbackHandler(address handler_, address sender_, bytes4 sig_) external;
/// @notice Sets the total supply cap/// @param cap_ The total supply cap, the values is represented in underlying decimalsfunctionsetTotalSupplyCap(uint256 cap_) external;
/// @notice Converts the specified vault to a public vault - mint and deposit functions are allowed for everyone./// @dev Notice! Can convert to public but cannot convert back to private.functionconvertToPublicVault() external;
/// @notice Enables transfer shares, transfer and transferFrom functions are allowed for everyone.functionenableTransferShares() external;
/// @notice Sets the minimal execution delay required for the specified roles./// @param rolesIds_ The roles for which the minimal execution delay is set/// @param delays_ The minimal execution delays for the specified rolesfunctionsetMinimalExecutionDelaysForRoles(uint64[] calldata rolesIds_, uint256[] calldata delays_) external;
}
Contract Source Code
File 31 of 54: IPriceOracleMiddleware.sol
// SPDX-License-Identifier: BUSL-1.1pragmasolidity 0.8.26;/// @title Interface to an aggregator of price feeds for assets, responsible for providing the prices of assets in a given quote currencyinterfaceIPriceOracleMiddleware{
errorEmptyArrayNotSupported();
errorArrayLengthMismatch();
errorUnexpectedPriceResult();
errorUnsupportedAsset();
errorZeroAddress(string variableName);
errorWrongDecimals();
errorWrongDecimalsInPriceFeed();
/// @notice Returns the price of the given asset in given decimals/// @return assetPrice price in QUOTE_CURRENCY of the asset/// @return decimals number of decimals of the asset pricefunctiongetAssetPrice(address asset) externalviewreturns (uint256 assetPrice, uint256 decimals);
/// @notice Returns the prices of the given assets in given decimals/// @return assetPrices prices in QUOTE_CURRENCY of the assets represented in given decimals/// @return decimalsList number of decimals of the asset pricesfunctiongetAssetsPrices(address[] calldata assets
) externalviewreturns (uint256[] memory assetPrices, uint256[] memory decimalsList);
/// @notice Returns address of source of the asset price - it could be IPOR Price Feed or Chainlink Aggregator or any other source of price for a given asset/// @param asset address of the asset/// @return address of the source of the asset pricefunctiongetSourceOfAssetPrice(address asset) externalviewreturns (address);
/// @notice Sets the sources of the asset prices/// @param assets array of addresses of the assetsfunctionsetAssetsPricesSources(address[] calldata assets, address[] calldata sources) external;
/// @notice Returns the address of the quote currency to which all the prices are relative, in IPOR Fusion it is the USD//solhint-disable-next-linefunctionQUOTE_CURRENCY() externalviewreturns (address);
/// @notice Returns the number of decimals of the quote currency, by default it is 8 for USD, but can be different for other types of Price Oracles Middlewares//solhint-disable-next-linefunctionQUOTE_CURRENCY_DECIMALS() externalviewreturns (uint256);
}
Contract Source Code
File 32 of 54: IRewardsClaimManager.sol
// SPDX-License-Identifier: BUSL-1.1pragmasolidity 0.8.26;import {FuseAction} from"../interfaces/IPlasmaVault.sol";
/// @notice Vesting data struct/// @custom:storage-location erc7201:io.ipor.managers.rewards.VestingDatastructVestingData {
/// @notice vestingTime The time when the vesting is pendinguint32 vestingTime;
/// @notice updateBalanceTimestamp The timestamp of the last balance updateuint32 updateBalanceTimestamp;
/// @notice transferredTokens The number of tokens that have been transferred from RewardsClaimManager to the Plasma Vaultuint128 transferredTokens;
/// @notice lastUpdateBalance The balance of the last updateuint128 lastUpdateBalance;
}
/// @title Rewards Claim Manager interfaceinterfaceIRewardsClaimManager{
/// @notice Retrieves the balance of linear vested underlying tokens owned by RewardsClaimManager.sol contract/// @return balance The balance of the vesting data in uint256./// @dev This method calculates the current balance based on the vesting schedule./// If the `updateBalanceTimestamp` is zero, it returns zero. Otherwise, it calculates/// the ratio of the elapsed time to the total vesting time to determine the proportion/// of the balance that is currently available. The balance is adjusted by the number/// of tokens that have already been transferred. Thr result is in underlying token decimals.functionbalanceOf() externalviewreturns (uint256);
/// @notice Checks if the specified reward fuse is supported./// @param fuse The address of the fuse to be checked./// @return supported A boolean value indicating whether the reward fuse is supported./// @dev This method checks the internal configuration to determine if the provided fuse address/// is supported for reward management.functionisRewardFuseSupported(address fuse) externalviewreturns (bool);
/// @notice Retrieves the vesting data./// @return vestingData A struct containing the vesting data./// @dev This method returns the current state of the vesting data, including details such as/// the last update balance, the transferred tokens, and the timestamp of the last update.functiongetVestingData() externalviewreturns (VestingData memory);
/// @notice Transfers a specified amount of an asset to a given address./// @param asset The address of the asset to be transferred./// @param to The address of the recipient./// @param amount The amount of the asset to be transferred, represented in the asset's decimals./// @dev This method facilitates the transfer of a specified amount of the given asset from the contract to the recipient's address.functiontransfer(address asset, address to, uint256 amount) external;
/// @notice Adds multiple reward fuses./// @param fuses An array of addresses representing the fuses to be added./// @dev This method adds the provided list of fuse addresses to the contract's configuration./// It allows the inclusion of multiple fuses in a single transaction for reward management purposes.functionaddRewardFuses(address[] calldata fuses) external;
/// @notice Removes a specified reward fuse./// @param fuses The addresses of the fuse to be removed./// @dev This method removes the provided fuse address from the contract's configuration./// It is used to manage and update the list of supported reward fuses.functionremoveRewardFuses(address[] calldata fuses) external;
/// @notice Claims rewards based on the provided fuse actions./// @param calls An array of FuseAction structs representing the actions for claiming rewards./// @dev This method processes the provided fuse actions to claim the corresponding rewards./// Each FuseAction in the array is executed to facilitate the reward claim process.functionclaimRewards(FuseAction[] calldata calls) external;
/// @notice Sets up the vesting schedule with a specified delay for token release./// @param releaseTokensDelay The delay in seconds before the tokens are released./// @dev This method configures the vesting schedule by setting the delay time for token release./// The delay defines the period that must pass before the tokens can be released to the beneficiary.// @dev setting up this to zero will stopped vesting and freeze underling token on the contractfunctionsetupVestingTime(uint256 releaseTokensDelay) external;
/// @notice Updates the balance based on the current vesting schedule and transferred tokens./// @dev This method recalculates the balance considering the elapsed time, vesting schedule,/// and the number of tokens that have already been transferred. It updates the internal/// state to reflect the latest balance.functionupdateBalance() external;
/// @notice Transfers vested underlying tokens to the Plasma Vault./// @dev This method transfers the underlying tokens that have vested according to the vesting schedule/// to the designated Plasma Vault. It ensures that only the vested portion of the underlying tokens/// is transferred.functiontransferVestedTokensToVault() external;
/// @notice Retrieves the list of reward fuses./// @return An array of addresses representing the reward fuses.functiongetRewardsFuses() externalviewreturns (address[] memory);
}
Contract Source Code
File 33 of 54: Initializable.sol
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.0) (proxy/utils/Initializable.sol)pragmasolidity ^0.8.20;/**
* @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
* behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
* external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
* function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
*
* The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
* reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
* case an upgrade adds a module that needs to be initialized.
*
* For example:
*
* [.hljs-theme-light.nopadding]
* ```solidity
* contract MyToken is ERC20Upgradeable {
* function initialize() initializer public {
* __ERC20_init("MyToken", "MTK");
* }
* }
*
* contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
* function initializeV2() reinitializer(2) public {
* __ERC20Permit_init("MyToken");
* }
* }
* ```
*
* TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
* possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
*
* CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
* that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
*
* [CAUTION]
* ====
* Avoid leaving a contract uninitialized.
*
* An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
* contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
* the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
*
* [.hljs-theme-light.nopadding]
* ```
* /// @custom:oz-upgrades-unsafe-allow constructor
* constructor() {
* _disableInitializers();
* }
* ```
* ====
*/abstractcontractInitializable{
/**
* @dev Storage of the initializable contract.
*
* It's implemented on a custom ERC-7201 namespace to reduce the risk of storage collisions
* when using with upgradeable contracts.
*
* @custom:storage-location erc7201:openzeppelin.storage.Initializable
*/structInitializableStorage {
/**
* @dev Indicates that the contract has been initialized.
*/uint64 _initialized;
/**
* @dev Indicates that the contract is in the process of being initialized.
*/bool _initializing;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Initializable")) - 1)) & ~bytes32(uint256(0xff))bytes32privateconstant INITIALIZABLE_STORAGE =0xf0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a00;
/**
* @dev The contract is already initialized.
*/errorInvalidInitialization();
/**
* @dev The contract is not initializing.
*/errorNotInitializing();
/**
* @dev Triggered when the contract has been initialized or reinitialized.
*/eventInitialized(uint64 version);
/**
* @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
* `onlyInitializing` functions can be used to initialize parent contracts.
*
* Similar to `reinitializer(1)`, except that in the context of a constructor an `initializer` may be invoked any
* number of times. This behavior in the constructor can be useful during testing and is not expected to be used in
* production.
*
* Emits an {Initialized} event.
*/modifierinitializer() {
// solhint-disable-next-line var-name-mixedcase
InitializableStorage storage $ = _getInitializableStorage();
// Cache values to avoid duplicated sloadsbool isTopLevelCall =!$._initializing;
uint64 initialized = $._initialized;
// Allowed calls:// - initialSetup: the contract is not in the initializing state and no previous version was// initialized// - construction: the contract is initialized at version 1 (no reininitialization) and the// current contract is just being deployedbool initialSetup = initialized ==0&& isTopLevelCall;
bool construction = initialized ==1&&address(this).code.length==0;
if (!initialSetup &&!construction) {
revert InvalidInitialization();
}
$._initialized =1;
if (isTopLevelCall) {
$._initializing =true;
}
_;
if (isTopLevelCall) {
$._initializing =false;
emit Initialized(1);
}
}
/**
* @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
* contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
* used to initialize parent contracts.
*
* A reinitializer may be used after the original initialization step. This is essential to configure modules that
* are added through upgrades and that require initialization.
*
* When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`
* cannot be nested. If one is invoked in the context of another, execution will revert.
*
* Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
* a contract, executing them in the right order is up to the developer or operator.
*
* WARNING: Setting the version to 2**64 - 1 will prevent any future reinitialization.
*
* Emits an {Initialized} event.
*/modifierreinitializer(uint64 version) {
// solhint-disable-next-line var-name-mixedcase
InitializableStorage storage $ = _getInitializableStorage();
if ($._initializing || $._initialized >= version) {
revert InvalidInitialization();
}
$._initialized = version;
$._initializing =true;
_;
$._initializing =false;
emit Initialized(version);
}
/**
* @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
* {initializer} and {reinitializer} modifiers, directly or indirectly.
*/modifieronlyInitializing() {
_checkInitializing();
_;
}
/**
* @dev Reverts if the contract is not in an initializing state. See {onlyInitializing}.
*/function_checkInitializing() internalviewvirtual{
if (!_isInitializing()) {
revert NotInitializing();
}
}
/**
* @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
* Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
* to any version. It is recommended to use this to lock implementation contracts that are designed to be called
* through proxies.
*
* Emits an {Initialized} event the first time it is successfully executed.
*/function_disableInitializers() internalvirtual{
// solhint-disable-next-line var-name-mixedcase
InitializableStorage storage $ = _getInitializableStorage();
if ($._initializing) {
revert InvalidInitialization();
}
if ($._initialized !=type(uint64).max) {
$._initialized =type(uint64).max;
emit Initialized(type(uint64).max);
}
}
/**
* @dev Returns the highest version that has been initialized. See {reinitializer}.
*/function_getInitializedVersion() internalviewreturns (uint64) {
return _getInitializableStorage()._initialized;
}
/**
* @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.
*/function_isInitializing() internalviewreturns (bool) {
return _getInitializableStorage()._initializing;
}
/**
* @dev Returns a pointer to the storage namespace.
*/// solhint-disable-next-line var-name-mixedcasefunction_getInitializableStorage() privatepurereturns (InitializableStorage storage $) {
assembly {
$.slot:= INITIALIZABLE_STORAGE
}
}
}
Contract Source Code
File 34 of 54: IporFusionAccessManager.sol
// SPDX-License-Identifier: BUSL-1.1pragmasolidity 0.8.26;import {AccessManager} from"@openzeppelin/contracts/access/manager/AccessManager.sol";
import {IAccessManager} from"@openzeppelin/contracts/access/manager/IAccessManager.sol";
import {IIporFusionAccessManager} from"../../interfaces/IIporFusionAccessManager.sol";
import {RedemptionDelayLib} from"./RedemptionDelayLib.sol";
import {PlasmaVault} from"../../vaults/PlasmaVault.sol";
import {RoleExecutionTimelockLib} from"./RoleExecutionTimelockLib.sol";
import {IporFusionAccessManagerInitializationLib, InitializationData} from"./IporFusionAccessManagerInitializationLib.sol";
import {Roles} from"../../libraries/Roles.sol";
/// @title IporFusionAccessManager contract responsible for managing access control to the IporFusion contractcontractIporFusionAccessManagerisIIporFusionAccessManager, AccessManager{
errorAccessManagedUnauthorized(address caller);
errorTooShortExecutionDelayForRole(uint64 roleId, uint32 executionDelay);
errorTooLongRedemptionDelay(uint256 redemptionDelayInSeconds);
uint256publicconstant MAX_REDEMPTION_DELAY_IN_SECONDS =7days;
uint256publicimmutableoverride REDEMPTION_DELAY_IN_SECONDS;
boolprivate _customConsumingSchedule;
modifierrestricted() {
_checkCanCall(_msgSender(), _msgData());
_;
}
constructor(address initialAdmin_, uint256 redemptionDelayInSeconds_) AccessManager(initialAdmin_) {
if (redemptionDelayInSeconds_ > MAX_REDEMPTION_DELAY_IN_SECONDS) {
revert TooLongRedemptionDelay(redemptionDelayInSeconds_);
}
REDEMPTION_DELAY_IN_SECONDS = redemptionDelayInSeconds_;
}
/// @notice Initializes the IporFusionAccessManager with the specified initial data./// @param initialData_ A struct containing the initial configuration data, including role-to-function mappings and execution delays./// @dev This method sets up the initial roles, functions, and minimal execution delays. It uses the IporFusionAccessManagerInitializationLib/// to ensure that the contract is not already initialized, it can be done only once. The function is restricted to authorized callers.functioninitialize(InitializationData calldata initialData_) externalrestricted{
IporFusionAccessManagerInitializationLib.isInitialized();
_revokeRole(ADMIN_ROLE, msg.sender);
uint256 roleToFunctionsLength = initialData_.roleToFunctions.length;
uint64[] memory roleIds =newuint64[](roleToFunctionsLength);
uint256[] memory minimalDelays =newuint256[](roleToFunctionsLength);
if (roleToFunctionsLength >0) {
for (uint256 i; i < roleToFunctionsLength; ++i) {
_setTargetFunctionRole(
initialData_.roleToFunctions[i].target,
initialData_.roleToFunctions[i].functionSelector,
initialData_.roleToFunctions[i].roleId
);
roleIds[i] = initialData_.roleToFunctions[i].roleId;
minimalDelays[i] = initialData_.roleToFunctions[i].minimalExecutionDelay;
if (
initialData_.roleToFunctions[i].roleId != Roles.ADMIN_ROLE &&
initialData_.roleToFunctions[i].roleId != Roles.GUARDIAN_ROLE &&
initialData_.roleToFunctions[i].roleId != Roles.PUBLIC_ROLE
) {
_setRoleGuardian(initialData_.roleToFunctions[i].roleId, Roles.GUARDIAN_ROLE);
}
}
}
RoleExecutionTimelockLib.setMinimalExecutionDelaysForRoles(roleIds, minimalDelays);
uint256 adminRolesLength = initialData_.adminRoles.length;
if (adminRolesLength >0) {
for (uint256 i; i < adminRolesLength; ++i) {
_setRoleAdmin(initialData_.adminRoles[i].roleId, initialData_.adminRoles[i].adminRoleId);
}
}
uint256 accountToRolesLength = initialData_.accountToRoles.length;
if (accountToRolesLength >0) {
for (uint256 i; i < accountToRolesLength; ++i) {
_grantRoleInternal(
initialData_.accountToRoles[i].roleId,
initialData_.accountToRoles[i].account,
initialData_.accountToRoles[i].executionDelay
);
}
}
}
functioncanCallAndUpdate(address caller_,
address target_,
bytes4 selector_
) externaloverridereturns (bool immediate, uint32 delay) {
RedemptionDelayLib.lockChecks(caller_, selector_);
returnsuper.canCall(caller_, target_, selector_);
}
functionupdateTargetClosed(address target_, bool closed_) externaloverriderestricted{
_setTargetClosed(target_, closed_);
}
functionconvertToPublicVault(address vault_) externaloverriderestricted{
_setTargetFunctionRole(vault_, PlasmaVault.mint.selector, PUBLIC_ROLE);
_setTargetFunctionRole(vault_, PlasmaVault.deposit.selector, PUBLIC_ROLE);
_setTargetFunctionRole(vault_, PlasmaVault.depositWithPermit.selector, PUBLIC_ROLE);
}
functionenableTransferShares(address vault_) externaloverriderestricted{
_setTargetFunctionRole(vault_, PlasmaVault.transfer.selector, PUBLIC_ROLE);
_setTargetFunctionRole(vault_, PlasmaVault.transferFrom.selector, PUBLIC_ROLE);
}
functionsetMinimalExecutionDelaysForRoles(uint64[] calldata rolesIds_,
uint256[] calldata delays_
) externaloverriderestricted{
RoleExecutionTimelockLib.setMinimalExecutionDelaysForRoles(rolesIds_, delays_);
}
functiongrantRole(uint64 roleId_,
address account_,
uint32 executionDelay_
) publicoverride(IAccessManager, AccessManager) onlyAuthorized{
_grantRoleInternal(roleId_, account_, executionDelay_);
}
functiongetMinimalExecutionDelayForRole(uint64 roleId_) externalviewoverridereturns (uint256) {
return RoleExecutionTimelockLib.getMinimalExecutionDelayForRole(roleId_);
}
functiongetAccountLockTime(address account_) externalviewoverridereturns (uint256) {
return RedemptionDelayLib.getAccountLockTime(account_);
}
functionisConsumingScheduledOp() externalviewoverridereturns (bytes4) {
return _customConsumingSchedule ? this.isConsumingScheduledOp.selector : bytes4(0);
}
function_grantRoleInternal(uint64 roleId_, address account_, uint32 executionDelay_) internal{
if (executionDelay_ < RoleExecutionTimelockLib.getMinimalExecutionDelayForRole(roleId_)) {
revert TooShortExecutionDelayForRole(roleId_, executionDelay_);
}
_grantRole(roleId_, account_, getRoleGrantDelay(roleId_), executionDelay_);
}
function_checkCanCall(address caller_, bytescalldata data_) internalvirtual{
(bool immediate, uint32 delay) = canCall(caller_, address(this), bytes4(data_[0:4]));
if (!immediate) {
if (delay >0) {
_customConsumingSchedule =true;
IAccessManager(address(this)).consumeScheduledOp(caller_, data_);
_customConsumingSchedule =false;
} else {
revert AccessManagedUnauthorized(caller_);
}
}
}
}
Contract Source Code
File 35 of 54: IporFusionAccessManagerInitializationLib.sol
// SPDX-License-Identifier: BUSL-1.1pragmasolidity 0.8.26;import {IporFusionAccessManagersStorageLib, InitializationFlag} from"./IporFusionAccessManagersStorageLib.sol";
/// @notice Struct for the role-to-function mappingstructRoleToFunction {
/// @notice The target contract addressaddress target;
/// @notice The role IDuint64 roleId;
/// @notice The function selectorbytes4 functionSelector;
/// @notice The minimal execution delay, if greater than 0 then the function is timelockeduint256 minimalExecutionDelay;
}
/// @notice Struct for the admin role mappingstructAdminRole {
/// @notice The role IDuint64 roleId;
/// @notice The admin role IDuint64 adminRoleId;
}
/// @notice Struct for the account-to-role mappingstructAccountToRole {
/// @notice The role IDuint64 roleId;
/// @notice The account addressaddress account;
/// @notice The account lock time, if greater than 0 then the execution is timelocked for a given accountuint32 executionDelay;
}
/// @notice Struct for the initialization data for the IporFusionAccessManager contractstructInitializationData {
/// @notice The role-to-function mappings
RoleToFunction[] roleToFunctions;
/// @notice The account-to-role mappings
AccountToRole[] accountToRoles;
/// @notice The admin role mappings
AdminRole[] adminRoles;
}
/// @title Library for initializing the IporFusionAccessManager contract, initializing the contract can only be done oncelibraryIporFusionAccessManagerInitializationLib{
eventIporFusionAccessManagerInitialized();
errorAlreadyInitialized();
/// @notice Checks if the contract is already initialized/// @dev The function checks if the contract is already initialized, if it is, it reverts with an errorfunctionisInitialized() internal{
InitializationFlag storage initializationFlag = IporFusionAccessManagersStorageLib.getInitializationFlag();
if (initializationFlag.initialized >0) {
revert AlreadyInitialized();
}
initializationFlag.initialized =1;
emit IporFusionAccessManagerInitialized();
}
}
Contract Source Code
File 36 of 54: IporFusionAccessManagersStorageLib.sol
// SPDX-License-Identifier: BUSL-1.1pragmasolidity 0.8.26;import {SafeCast} from"@openzeppelin/contracts/utils/math/SafeCast.sol";
import {IIporFusionAccessManager} from"../../interfaces/IIporFusionAccessManager.sol";
/// @notice RedemptionLocks storage structure/// @custom:storage-location erc7201:io.ipor.managers.access.RedemptionLocksstructRedemptionLocks {
mapping(address acount =>uint256 depositTime) redemptionLock;
}
/// @custom:storage-location erc7201:io.ipor.managers.access.MinimalExecutionDelayForRolestructMinimalExecutionDelayForRole {
mapping(uint64 roleId =>uint256 delay) delays;
}
/// @custom:storage-location erc7201:io.ipor.managers.access.InitializationFlagstructInitializationFlag {
// @dev if greater than 0 then initializeduint256 initialized;
}
/// @title Storage library for Managers contractslibraryIporFusionAccessManagersStorageLib{
usingSafeCastforuint256;
/// @dev keccak256(abi.encode(uint256(keccak256("io.ipor.managers.access.RedemptionLocks")) - 1)) & ~bytes32(uint256(0xff));bytes32privateconstant REDEMPTION_LOCKS =0x5e07febb5bd598f6b55406c9bf939d497fd39a2dbc2b5891f20f6640c3f32500;
/// @dev keccak256(abi.encode(uint256(keccak256("io.ipor.managers.access.MinimalExecutionDelayForRole")) - 1)) & ~bytes32(uint256(0xff));bytes32privateconstant MINIMAL_EXECUTION_DELAY_FOR_ROLE =0x2e44a6c6f75b62bc581bae68fca3a6629eb7343eef230a6702d4acd6389fd600;
/// @dev keccak256(abi.encode(uint256(keccak256("io.ipor.managers.access.InitializationFlag")) - 1)) & ~bytes32(uint256(0xff));bytes32privateconstant INITIALIZATION_FLAG =0x25e922da7c41a5d012dbc2479dd6a7bd57760f359ea3a3be13608d287fc89400;
eventRedemptionDelayForAccountUpdated(address account, uint256 redemptionDelay);
/// @notice gets the Ipor Fusion Access Manager initialization flag storage pointer/// @return initializationFlag the storage pointer to the Ipor Fusion Access Manager initialization flagfunctiongetInitializationFlag() internalviewreturns (InitializationFlag storage initializationFlag) {
assembly {
initializationFlag.slot:= INITIALIZATION_FLAG
}
}
/// @notice gets the minimal execution delay for role storage pointer/// @return minimalExecutionDelayForRole the storage pointer to the minimal execution delay for rolefunctiongetMinimalExecutionDelayForRole()
internalpurereturns (MinimalExecutionDelayForRole storage minimalExecutionDelayForRole)
{
assembly {
minimalExecutionDelayForRole.slot:= MINIMAL_EXECUTION_DELAY_FOR_ROLE
}
}
/// @notice gets the redemption locks storage pointer/// @return redemptionLocks the storage pointer to the redemption locksfunctiongetRedemptionLocks() internalviewreturns (RedemptionLocks storage redemptionLocks) {
assembly {
redemptionLocks.slot:= REDEMPTION_LOCKS
}
}
/// @notice sets the redemption locks for an account/// @param account_ the account to set the redemption locks for/// @dev When deposit or mint functions are called, the account is locked for withdraw and redeem functions for a specific time defined by the redemption delayfunctionsetRedemptionLocks(address account_) internal{
uint256 redemptionDelay = IIporFusionAccessManager(address(this)).REDEMPTION_DELAY_IN_SECONDS();
if (redemptionDelay ==0) {
return;
}
RedemptionLocks storage redemptionLocks = getRedemptionLocks();
uint256 redemptionLock =uint256(block.timestamp) + redemptionDelay;
redemptionLocks.redemptionLock[account_] = redemptionLock;
emit RedemptionDelayForAccountUpdated(account_, redemptionLock);
}
}
Contract Source Code
File 37 of 54: IporMath.sol
// SPDX-License-Identifier: BUSL-1.1pragmasolidity 0.8.26;/// @title Ipor Math library with math functionslibraryIporMath{
uint256privateconstant WAD_DECIMALS =18;
uint256publicconstant BASIS_OF_POWER =10;
/// @dev The index of the most significant bit in a 256-bit signed integeruint256privateconstant MSB =255;
functionmin(uint256 a, uint256 b) internalpurereturns (uint256) {
return a < b ? a : b;
}
/// @notice Converts the value to WAD decimals, WAD decimals are 18/// @param value The value to convert/// @param assetDecimals The decimals of the asset/// @return The value in WAD decimalsfunctionconvertToWad(uint256 value, uint256 assetDecimals) internalpurereturns (uint256) {
if (value >0) {
if (assetDecimals == WAD_DECIMALS) {
return value;
} elseif (assetDecimals > WAD_DECIMALS) {
return division(value, BASIS_OF_POWER ** (assetDecimals - WAD_DECIMALS));
} else {
return value * BASIS_OF_POWER ** (WAD_DECIMALS - assetDecimals);
}
} else {
return value;
}
}
/// @notice Converts the value to WAD decimals, WAD decimals are 18/// @param value The value to convert/// @param assetDecimals The decimals of the asset/// @return The value in WAD decimalsfunctionconvertWadToAssetDecimals(uint256 value, uint256 assetDecimals) internalpurereturns (uint256) {
if (assetDecimals == WAD_DECIMALS) {
return value;
} elseif (assetDecimals > WAD_DECIMALS) {
return value * WAD_DECIMALS ** (assetDecimals - WAD_DECIMALS);
} else {
return division(value, BASIS_OF_POWER ** (WAD_DECIMALS - assetDecimals));
}
}
/// @notice Converts the int value to WAD decimals, WAD decimals are 18/// @param value The int value to convert/// @param assetDecimals The decimals of the asset/// @return The value in WAD decimals, intfunctionconvertToWadInt(int256 value, uint256 assetDecimals) internalpurereturns (int256) {
if (value ==0) {
return0;
}
if (assetDecimals == WAD_DECIMALS) {
return value;
} elseif (assetDecimals > WAD_DECIMALS) {
return divisionInt(value, int256(BASIS_OF_POWER ** (assetDecimals - WAD_DECIMALS)));
} else {
return value *int256(BASIS_OF_POWER ** (WAD_DECIMALS - assetDecimals));
}
}
/// @notice Divides two int256 numbers and rounds the result to the nearest integer/// @param x The numerator/// @param y The denominator/// @return z The result of the divisionfunctiondivisionInt(int256 x, int256 y) internalpurereturns (int256 z) {
uint256 absX =uint256(x <0 ? -x : x);
uint256 absY =uint256(y <0 ? -y : y);
// Use bitwise XOR to get the sign on MBS bit then shift to LSB// sign == 0x0000...0000 == 0 if the number is non-negative// sign == 0xFFFF...FFFF == -1 if the number is negativeint256 sign = (x ^ y) >> MSB;
uint256 divAbs;
uint256 remainder;
unchecked {
divAbs = absX / absY;
remainder = absX % absY;
}
// Check if we need to roundif (sign <0) {
// remainder << 1 left shift is equivalent to multiplying by 2if (remainder <<1> absY) {
++divAbs;
}
} else {
if (remainder <<1>= absY) {
++divAbs;
}
}
// (sign | 1) is cheaper than (sign < 0) ? -1 : 1;unchecked {
z =int256(divAbs) * (sign |1);
}
}
/// @notice Divides two uint256 numbers and rounds the result to the nearest integer/// @param x The numerator/// @param y The denominator/// @return z The result of the divisionfunctiondivision(uint256 x, uint256 y) internalpurereturns (uint256 z) {
z = x / y;
}
}
Contract Source Code
File 38 of 54: Math.sol
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.0) (utils/math/Math.sol)pragmasolidity ^0.8.20;/**
* @dev Standard math utilities missing in the Solidity language.
*/libraryMath{
/**
* @dev Muldiv operation overflow.
*/errorMathOverflowedMulDiv();
enumRounding {
Floor, // Toward negative infinity
Ceil, // Toward positive infinity
Trunc, // Toward zero
Expand // Away from zero
}
/**
* @dev Returns the addition of two unsigned integers, with an overflow flag.
*/functiontryAdd(uint256 a, uint256 b) internalpurereturns (bool, uint256) {
unchecked {
uint256 c = a + b;
if (c < a) return (false, 0);
return (true, c);
}
}
/**
* @dev Returns the subtraction of two unsigned integers, with an overflow flag.
*/functiontrySub(uint256 a, uint256 b) internalpurereturns (bool, uint256) {
unchecked {
if (b > a) return (false, 0);
return (true, a - b);
}
}
/**
* @dev Returns the multiplication of two unsigned integers, with an overflow flag.
*/functiontryMul(uint256 a, uint256 b) internalpurereturns (bool, uint256) {
unchecked {
// Gas optimization: this is cheaper than requiring 'a' not being zero, but the// benefit is lost if 'b' is also tested.// See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522if (a ==0) return (true, 0);
uint256 c = a * b;
if (c / a != b) return (false, 0);
return (true, c);
}
}
/**
* @dev Returns the division of two unsigned integers, with a division by zero flag.
*/functiontryDiv(uint256 a, uint256 b) internalpurereturns (bool, uint256) {
unchecked {
if (b ==0) return (false, 0);
return (true, a / b);
}
}
/**
* @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag.
*/functiontryMod(uint256 a, uint256 b) internalpurereturns (bool, uint256) {
unchecked {
if (b ==0) return (false, 0);
return (true, a % b);
}
}
/**
* @dev Returns the largest of two numbers.
*/functionmax(uint256 a, uint256 b) internalpurereturns (uint256) {
return a > b ? a : b;
}
/**
* @dev Returns the smallest of two numbers.
*/functionmin(uint256 a, uint256 b) internalpurereturns (uint256) {
return a < b ? a : b;
}
/**
* @dev Returns the average of two numbers. The result is rounded towards
* zero.
*/functionaverage(uint256 a, uint256 b) internalpurereturns (uint256) {
// (a + b) / 2 can overflow.return (a & b) + (a ^ b) /2;
}
/**
* @dev Returns the ceiling of the division of two numbers.
*
* This differs from standard division with `/` in that it rounds towards infinity instead
* of rounding towards zero.
*/functionceilDiv(uint256 a, uint256 b) internalpurereturns (uint256) {
if (b ==0) {
// Guarantee the same behavior as in a regular Solidity division.return a / b;
}
// (a + b - 1) / b can overflow on addition, so we distribute.return a ==0 ? 0 : (a -1) / b +1;
}
/**
* @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or
* denominator == 0.
* @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv) with further edits by
* Uniswap Labs also under MIT license.
*/functionmulDiv(uint256 x, uint256 y, uint256 denominator) internalpurereturns (uint256 result) {
unchecked {
// 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use// use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256// variables such that product = prod1 * 2^256 + prod0.uint256 prod0 = x * y; // Least significant 256 bits of the productuint256 prod1; // Most significant 256 bits of the productassembly {
let mm :=mulmod(x, y, not(0))
prod1 :=sub(sub(mm, prod0), lt(mm, prod0))
}
// Handle non-overflow cases, 256 by 256 division.if (prod1 ==0) {
// Solidity will revert if denominator == 0, unlike the div opcode on its own.// The surrounding unchecked block does not change this fact.// See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.return prod0 / denominator;
}
// Make sure the result is less than 2^256. Also prevents denominator == 0.if (denominator <= prod1) {
revert MathOverflowedMulDiv();
}
///////////////////////////////////////////////// 512 by 256 division.///////////////////////////////////////////////// Make division exact by subtracting the remainder from [prod1 prod0].uint256 remainder;
assembly {
// Compute remainder using mulmod.
remainder :=mulmod(x, y, denominator)
// Subtract 256 bit number from 512 bit number.
prod1 :=sub(prod1, gt(remainder, prod0))
prod0 :=sub(prod0, remainder)
}
// Factor powers of two out of denominator and compute largest power of two divisor of denominator.// Always >= 1. See https://cs.stackexchange.com/q/138556/92363.uint256 twos = denominator & (0- denominator);
assembly {
// Divide denominator by twos.
denominator :=div(denominator, twos)
// Divide [prod1 prod0] by twos.
prod0 :=div(prod0, twos)
// Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.
twos :=add(div(sub(0, twos), twos), 1)
}
// Shift in bits from prod1 into prod0.
prod0 |= prod1 * twos;
// Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such// that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for// four bits. That is, denominator * inv = 1 mod 2^4.uint256 inverse = (3* denominator) ^2;
// Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also// works in modular arithmetic, doubling the correct bits in each step.
inverse *=2- denominator * inverse; // inverse mod 2^8
inverse *=2- denominator * inverse; // inverse mod 2^16
inverse *=2- denominator * inverse; // inverse mod 2^32
inverse *=2- denominator * inverse; // inverse mod 2^64
inverse *=2- denominator * inverse; // inverse mod 2^128
inverse *=2- denominator * inverse; // inverse mod 2^256// Because the division is now exact we can divide by multiplying with the modular inverse of denominator.// This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is// less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1// is no longer required.
result = prod0 * inverse;
return result;
}
}
/**
* @notice Calculates x * y / denominator with full precision, following the selected rounding direction.
*/functionmulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internalpurereturns (uint256) {
uint256 result = mulDiv(x, y, denominator);
if (unsignedRoundsUp(rounding) &&mulmod(x, y, denominator) >0) {
result +=1;
}
return result;
}
/**
* @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded
* towards zero.
*
* Inspired by Henry S. Warren, Jr.'s "Hacker's Delight" (Chapter 11).
*/functionsqrt(uint256 a) internalpurereturns (uint256) {
if (a ==0) {
return0;
}
// For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.//// We know that the "msb" (most significant bit) of our target number `a` is a power of 2 such that we have// `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.//// This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`// → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`// → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`//// Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.uint256 result =1<< (log2(a) >>1);
// At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,// since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at// every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision// into the expected uint128 result.unchecked {
result = (result + a / result) >>1;
result = (result + a / result) >>1;
result = (result + a / result) >>1;
result = (result + a / result) >>1;
result = (result + a / result) >>1;
result = (result + a / result) >>1;
result = (result + a / result) >>1;
return min(result, a / result);
}
}
/**
* @notice Calculates sqrt(a), following the selected rounding direction.
*/functionsqrt(uint256 a, Rounding rounding) internalpurereturns (uint256) {
unchecked {
uint256 result = sqrt(a);
return result + (unsignedRoundsUp(rounding) && result * result < a ? 1 : 0);
}
}
/**
* @dev Return the log in base 2 of a positive value rounded towards zero.
* Returns 0 if given 0.
*/functionlog2(uint256 value) internalpurereturns (uint256) {
uint256 result =0;
unchecked {
if (value >>128>0) {
value >>=128;
result +=128;
}
if (value >>64>0) {
value >>=64;
result +=64;
}
if (value >>32>0) {
value >>=32;
result +=32;
}
if (value >>16>0) {
value >>=16;
result +=16;
}
if (value >>8>0) {
value >>=8;
result +=8;
}
if (value >>4>0) {
value >>=4;
result +=4;
}
if (value >>2>0) {
value >>=2;
result +=2;
}
if (value >>1>0) {
result +=1;
}
}
return result;
}
/**
* @dev Return the log in base 2, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/functionlog2(uint256 value, Rounding rounding) internalpurereturns (uint256) {
unchecked {
uint256 result =log2(value);
return result + (unsignedRoundsUp(rounding) &&1<< result < value ? 1 : 0);
}
}
/**
* @dev Return the log in base 10 of a positive value rounded towards zero.
* Returns 0 if given 0.
*/functionlog10(uint256 value) internalpurereturns (uint256) {
uint256 result =0;
unchecked {
if (value >=10**64) {
value /=10**64;
result +=64;
}
if (value >=10**32) {
value /=10**32;
result +=32;
}
if (value >=10**16) {
value /=10**16;
result +=16;
}
if (value >=10**8) {
value /=10**8;
result +=8;
}
if (value >=10**4) {
value /=10**4;
result +=4;
}
if (value >=10**2) {
value /=10**2;
result +=2;
}
if (value >=10**1) {
result +=1;
}
}
return result;
}
/**
* @dev Return the log in base 10, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/functionlog10(uint256 value, Rounding rounding) internalpurereturns (uint256) {
unchecked {
uint256 result = log10(value);
return result + (unsignedRoundsUp(rounding) &&10** result < value ? 1 : 0);
}
}
/**
* @dev Return the log in base 256 of a positive value rounded towards zero.
* Returns 0 if given 0.
*
* Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.
*/functionlog256(uint256 value) internalpurereturns (uint256) {
uint256 result =0;
unchecked {
if (value >>128>0) {
value >>=128;
result +=16;
}
if (value >>64>0) {
value >>=64;
result +=8;
}
if (value >>32>0) {
value >>=32;
result +=4;
}
if (value >>16>0) {
value >>=16;
result +=2;
}
if (value >>8>0) {
result +=1;
}
}
return result;
}
/**
* @dev Return the log in base 256, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/functionlog256(uint256 value, Rounding rounding) internalpurereturns (uint256) {
unchecked {
uint256 result = log256(value);
return result + (unsignedRoundsUp(rounding) &&1<< (result <<3) < value ? 1 : 0);
}
}
/**
* @dev Returns whether a provided rounding mode is considered rounding up for unsigned integers.
*/functionunsignedRoundsUp(Rounding rounding) internalpurereturns (bool) {
returnuint8(rounding) %2==1;
}
}
Contract Source Code
File 39 of 54: Multicall.sol
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.1) (utils/Multicall.sol)pragmasolidity ^0.8.20;import {Address} from"./Address.sol";
import {Context} from"./Context.sol";
/**
* @dev Provides a function to batch together multiple calls in a single external call.
*
* Consider any assumption about calldata validation performed by the sender may be violated if it's not especially
* careful about sending transactions invoking {multicall}. For example, a relay address that filters function
* selectors won't filter calls nested within a {multicall} operation.
*
* NOTE: Since 5.0.1 and 4.9.4, this contract identifies non-canonical contexts (i.e. `msg.sender` is not {_msgSender}).
* If a non-canonical context is identified, the following self `delegatecall` appends the last bytes of `msg.data`
* to the subcall. This makes it safe to use with {ERC2771Context}. Contexts that don't affect the resolution of
* {_msgSender} are not propagated to subcalls.
*/abstractcontractMulticallisContext{
/**
* @dev Receives and executes a batch of function calls on this contract.
* @custom:oz-upgrades-unsafe-allow-reachable delegatecall
*/functionmulticall(bytes[] calldata data) externalvirtualreturns (bytes[] memory results) {
bytesmemory context =msg.sender== _msgSender()
? newbytes(0)
: msg.data[msg.data.length - _contextSuffixLength():];
results =newbytes[](data.length);
for (uint256 i =0; i < data.length; i++) {
results[i] = Address.functionDelegateCall(address(this), bytes.concat(data[i], context));
}
return results;
}
}
Contract Source Code
File 40 of 54: PlasmaVault.sol
// SPDX-License-Identifier: BUSL-1.1pragmasolidity 0.8.26;import {Address} from"@openzeppelin/contracts/utils/Address.sol";
import {SafeCast} from"@openzeppelin/contracts/utils/math/SafeCast.sol";
import {Math} from"@openzeppelin/contracts/utils/math/Math.sol";
import {IERC20} from"@openzeppelin/contracts/token/ERC20/IERC20.sol";
import {IAccessManager} from"@openzeppelin/contracts/access/manager/IAccessManager.sol";
import {AuthorityUtils} from"@openzeppelin/contracts/access/manager/AuthorityUtils.sol";
import {ReentrancyGuardUpgradeable} from"@openzeppelin/contracts-upgradeable/utils/ReentrancyGuardUpgradeable.sol";
import {ERC20Upgradeable} from"@openzeppelin/contracts-upgradeable/token/ERC20/ERC20Upgradeable.sol";
import {ERC4626Upgradeable} from"@openzeppelin/contracts-upgradeable/token/ERC20/extensions/ERC4626Upgradeable.sol";
import {IERC20Permit} from"@openzeppelin/contracts/token/ERC20/extensions/IERC20Permit.sol";
import {Errors} from"../libraries/errors/Errors.sol";
import {IporMath} from"../libraries/math/IporMath.sol";
import {IPlasmaVault, FuseAction} from"../interfaces/IPlasmaVault.sol";
import {IFuseCommon} from"../fuses/IFuseCommon.sol";
import {IPlasmaVaultBase} from"../interfaces/IPlasmaVaultBase.sol";
import {IPlasmaVaultGovernance} from"../interfaces/IPlasmaVaultGovernance.sol";
import {IPriceOracleMiddleware} from"../price_oracle/IPriceOracleMiddleware.sol";
import {IRewardsClaimManager} from"../interfaces/IRewardsClaimManager.sol";
import {AccessManagedUpgradeable} from"../managers/access/AccessManagedUpgradeable.sol";
import {PlasmaVaultStorageLib} from"../libraries/PlasmaVaultStorageLib.sol";
import {PlasmaVaultConfigLib} from"../libraries/PlasmaVaultConfigLib.sol";
import {IporFusionAccessManager} from"../managers/access/IporFusionAccessManager.sol";
import {PlasmaVaultGovernance} from"./PlasmaVaultGovernance.sol";
import {AssetDistributionProtectionLib, DataToCheck, MarketToCheck} from"../libraries/AssetDistributionProtectionLib.sol";
import {CallbackHandlerLib} from"../libraries/CallbackHandlerLib.sol";
import {FusesLib} from"../libraries/FusesLib.sol";
import {PlasmaVaultLib} from"../libraries/PlasmaVaultLib.sol";
import {FeeManagerData, FeeManagerFactory} from"../managers/fee/FeeManagerFactory.sol";
import {FeeManagerInitData} from"../managers/fee/FeeManager.sol";
import {WithdrawManager} from"../managers/withdraw/WithdrawManager.sol";
/// @notice PlasmaVaultInitData is a struct that represents a configuration of a Plasma Vault during constructionstructPlasmaVaultInitData {
/// @notice assetName is a name of the asset shares in Plasma Vaultstring assetName;
/// @notice assetSymbol is a symbol of the asset shares in Plasma Vaultstring assetSymbol;
/// @notice underlyingToken is a address of the underlying token in Plasma Vaultaddress underlyingToken;
/// @notice priceOracleMiddleware is an address of the Price Oracle Middleware from Ipor Fusionaddress priceOracleMiddleware;
/// @notice marketSubstratesConfigs is a list of MarketSubstratesConfig structs, which define substrates for specific markets
MarketSubstratesConfig[] marketSubstratesConfigs;
/// @notice fuses is a list of addresses of the Fusesaddress[] fuses;
/// @notice balanceFuses is a list of MarketBalanceFuseConfig structs, which define balance fuses for specific markets
MarketBalanceFuseConfig[] balanceFuses;
/// @notice feeConfig is a FeeConfig struct, which defines performance, management fees and their managers
FeeConfig feeConfig;
/// @notice accessManager is a address of the Ipor Fusion Access Manageraddress accessManager;
/// @notice plasmaVaultBase is a address of the Plasma Vault Base - contract that is responsible for the common logic of the Plasma Vaultaddress plasmaVaultBase;
/// @notice totalSupplyCap is a initial total supply cap of the Plasma Vault, represented in underlying token decimalsuint256 totalSupplyCap;
// @notice Address of the Withdraw Manager contractaddress withdrawManager;
}
/// @notice MarketBalanceFuseConfig is a struct that represents a configuration of a balance fuse for a specific marketstructMarketBalanceFuseConfig {
/// @notice When marketId is 0, then fuse is independent to a market - example flashloan fuseuint256 marketId;
/// @notice address of the balance fuseaddress fuse;
}
/// @notice MarketSubstratesConfig is a struct that represents a configuration of substrates for a specific market/// @notice substrates are assets or sub markets in a specific protocol or any other ids required to calculate balance in the market (external protocol)structMarketSubstratesConfig {
/// @notice marketId is a id of the marketuint256 marketId;
/// @notice substrates is a list of substrates for the market/// @dev it could be list of assets or sub markets in a specific protocol or any other ids required to calculate balance in the market (external protocol)bytes32[] substrates;
}
/// @notice FeeConfig is a struct that represents the configuration of fees in the Plasma VaultstructFeeConfig {
/// @notice The management fee for the DAO (percentage with 2 decimals, e.g., 10000 is 100%, 100 is 1%)uint256 iporDaoManagementFee;
/// @notice The performance fee for the DAO (percentage with 2 decimals, e.g., 10000 is 100%, 100 is 1%)uint256 iporDaoPerformanceFee;
/// @notice The management fee for the Atomist (percentage with 2 decimals, e.g., 10000 is 100%, 100 is 1%)uint256 atomistManagementFee;
/// @notice The performance fee for the Atomist (percentage with 2 decimals, e.g., 10000 is 100%, 100 is 1%)uint256 atomistPerformanceFee;
/// @notice The address of the fee factoryaddress feeFactory;
/// @notice The address of the fee recipientaddress feeRecipientAddress;
/// @notice The address of the DAO fee recipientaddress iporDaoFeeRecipientAddress;
}
/// @title Main contract of the Plasma Vault in ERC4626 standard - responsible for managing assets and shares by the Alphas via Fuses.contractPlasmaVaultisERC20Upgradeable,
ERC4626Upgradeable,
ReentrancyGuardUpgradeable,
AccessManagedUpgradeable,
IPlasmaVault{
usingAddressforaddress;
usingSafeCastforint256;
addressprivateconstant USD =address(0x0000000000000000000000000000000000000348);
/// @dev Additional offset to withdraw from markets in case of rounding issuesuint256privateconstant WITHDRAW_FROM_MARKETS_OFFSET =10;
/// @dev 10 attempts to withdraw from markets in case of rounding issuesuint256privateconstant REDEEM_ATTEMPTS =10;
uint256publicconstant DEFAULT_SLIPPAGE_IN_PERCENTAGE =2;
errorNoSharesToRedeem();
errorNoSharesToMint();
errorNoAssetsToWithdraw();
errorNoAssetsToDeposit();
errorUnsupportedFuse();
errorUnsupportedMethod();
errorWithdrawIsNotAllowed(address caller, uint256 requested);
eventManagementFeeRealized(uint256 unrealizedFeeInUnderlying, uint256 unrealizedFeeInShares);
eventMarketBalancesUpdated(uint256[] marketIds, int256 deltaInUnderlying);
addresspublicimmutable PLASMA_VAULT_BASE;
constructor(PlasmaVaultInitData memory initData_) ERC20Upgradeable() ERC4626Upgradeable() initializer{
super.__ERC20_init(initData_.assetName, initData_.assetSymbol);
super.__ERC4626_init(IERC20(initData_.underlyingToken));
PLASMA_VAULT_BASE = initData_.plasmaVaultBase;
PLASMA_VAULT_BASE.functionDelegateCall(
abi.encodeWithSelector(
IPlasmaVaultBase.init.selector,
initData_.assetName,
initData_.accessManager,
initData_.totalSupplyCap
)
);
IPriceOracleMiddleware priceOracleMiddleware = IPriceOracleMiddleware(initData_.priceOracleMiddleware);
if (priceOracleMiddleware.QUOTE_CURRENCY() != USD) {
revert Errors.UnsupportedQuoteCurrencyFromOracle();
}
PlasmaVaultLib.setPriceOracleMiddleware(initData_.priceOracleMiddleware);
PLASMA_VAULT_BASE.functionDelegateCall(
abi.encodeWithSelector(PlasmaVaultGovernance.addFuses.selector, initData_.fuses)
);
for (uint256 i; i < initData_.balanceFuses.length; ++i) {
// @dev in the moment of construction deployer has rights to add balance fuses
PLASMA_VAULT_BASE.functionDelegateCall(
abi.encodeWithSelector(
IPlasmaVaultGovernance.addBalanceFuse.selector,
initData_.balanceFuses[i].marketId,
initData_.balanceFuses[i].fuse
)
);
}
for (uint256 i; i < initData_.marketSubstratesConfigs.length; ++i) {
PlasmaVaultConfigLib.grantMarketSubstrates(
initData_.marketSubstratesConfigs[i].marketId,
initData_.marketSubstratesConfigs[i].substrates
);
}
FeeManagerData memory feeManagerData = FeeManagerFactory(initData_.feeConfig.feeFactory).deployFeeManager(
FeeManagerInitData({
iporDaoManagementFee: initData_.feeConfig.iporDaoManagementFee,
iporDaoPerformanceFee: initData_.feeConfig.iporDaoPerformanceFee,
atomistManagementFee: initData_.feeConfig.atomistManagementFee,
atomistPerformanceFee: initData_.feeConfig.atomistPerformanceFee,
initialAuthority: initData_.accessManager,
plasmaVault: address(this),
feeRecipientAddress: initData_.feeConfig.feeRecipientAddress,
iporDaoFeeRecipientAddress: initData_.feeConfig.iporDaoFeeRecipientAddress
})
);
PlasmaVaultLib.configurePerformanceFee(feeManagerData.performanceFeeAccount, feeManagerData.performanceFee);
PlasmaVaultLib.configureManagementFee(feeManagerData.managementFeeAccount, feeManagerData.managementFee);
PlasmaVaultLib.updateManagementFeeData();
/// @dev If the address is zero, it means that scheduled withdrawals are turned off.
PlasmaVaultLib.updateWithdrawManager(initData_.withdrawManager);
}
fallback(bytescalldata) externalreturns (bytesmemory) {
if (PlasmaVaultLib.isExecutionStarted()) {
/// @dev Handle callback can be done only during the execution of the FuseActions by Alpha
CallbackHandlerLib.handleCallback();
return"";
} else {
return PLASMA_VAULT_BASE.functionDelegateCall(msg.data);
}
}
/// @notice Execute multiple FuseActions by a granted Alphas. Any FuseAction is moving funds between markets and vault. Fuse Action not consider deposit and withdraw from Vault.functionexecute(FuseAction[] calldata calls_) externaloverridenonReentrantrestricted{
uint256 callsCount = calls_.length;
uint256[] memory markets =newuint256[](callsCount);
uint256 marketIndex;
uint256 fuseMarketId;
uint256 totalAssetsBefore = totalAssets();
PlasmaVaultLib.executeStarted();
for (uint256 i; i < callsCount; ++i) {
if (!FusesLib.isFuseSupported(calls_[i].fuse)) {
revert UnsupportedFuse();
}
fuseMarketId = IFuseCommon(calls_[i].fuse).MARKET_ID();
if (_checkIfExistsMarket(markets, fuseMarketId) ==false) {
markets[marketIndex] = fuseMarketId;
marketIndex++;
}
calls_[i].fuse.functionDelegateCall(calls_[i].data);
}
PlasmaVaultLib.executeFinished();
_updateMarketsBalances(markets);
_addPerformanceFee(totalAssetsBefore);
}
functionupdateMarketsBalances(uint256[] calldata marketIds_) externalreturns (uint256) {
if (marketIds_.length==0) {
return totalAssets();
}
uint256 totalAssetsBefore = totalAssets();
_updateMarketsBalances(marketIds_);
_addPerformanceFee(totalAssetsBefore);
return totalAssets();
}
functiondecimals() publicviewvirtualoverride(ERC20Upgradeable, ERC4626Upgradeable) returns (uint8) {
returnsuper.decimals();
}
functiontransfer(address to_,
uint256 value_
) publicvirtualoverride(IERC20, ERC20Upgradeable) restrictedreturns (bool) {
returnsuper.transfer(to_, value_);
}
functiontransferFrom(address from_,
address to_,
uint256 value_
) publicvirtualoverride(IERC20, ERC20Upgradeable) restrictedreturns (bool) {
returnsuper.transferFrom(from_, to_, value_);
}
functiondeposit(uint256 assets_, address receiver_) publicoverridenonReentrantrestrictedreturns (uint256) {
return _deposit(assets_, receiver_);
}
functiondepositWithPermit(uint256 assets_,
address owner_,
address receiver_,
uint256 deadline_,
uint8 v_,
bytes32 r_,
bytes32 s_
) externaloverridenonReentrantrestrictedreturns (uint256) {
IERC20Permit(asset()).permit(owner_, address(this), assets_, deadline_, v_, r_, s_);
return _deposit(assets_, receiver_);
}
functionmint(uint256 shares_, address receiver_) publicoverridenonReentrantrestrictedreturns (uint256) {
if (shares_ ==0) {
revert NoSharesToMint();
}
if (receiver_ ==address(0)) {
revert Errors.WrongAddress();
}
_realizeManagementFee();
returnsuper.mint(shares_, receiver_);
}
functionwithdraw(uint256 assets_,
address receiver_,
address owner_
) publicoverridenonReentrantrestrictedreturns (uint256) {
if (assets_ ==0) {
revert NoAssetsToWithdraw();
}
if (receiver_ ==address(0)) {
revert Errors.WrongAddress();
}
/// @dev first realize management fee, then other actions
_realizeManagementFee();
uint256 totalAssetsBefore = totalAssets();
_withdrawFromMarkets(assets_ + WITHDRAW_FROM_MARKETS_OFFSET, IERC20(asset()).balanceOf(address(this)));
_addPerformanceFee(totalAssetsBefore);
returnsuper.withdraw(assets_, receiver_, owner_);
}
functionredeem(uint256 shares_,
address receiver_,
address owner_
) publicoverridenonReentrantrestrictedreturns (uint256) {
if (shares_ ==0) {
revert NoSharesToRedeem();
}
if (receiver_ ==address(0) || owner_ ==address(0)) {
revert Errors.WrongAddress();
}
/// @dev first realize management fee, then other actions
_realizeManagementFee();
uint256 assets;
uint256 vaultCurrentBalanceUnderlying;
uint256 totalAssetsBefore = totalAssets();
for (uint256 i; i < REDEEM_ATTEMPTS; ++i) {
assets = convertToAssets(shares_);
vaultCurrentBalanceUnderlying = IERC20(asset()).balanceOf(address(this));
if (vaultCurrentBalanceUnderlying >= assets) {
break;
}
_withdrawFromMarkets(_includeSlippage(assets), vaultCurrentBalanceUnderlying);
}
_addPerformanceFee(totalAssetsBefore);
returnsuper.redeem(shares_, receiver_, owner_);
}
functionmaxDeposit(address) publicviewvirtualoverridereturns (uint256) {
uint256 totalSupplyCap = PlasmaVaultLib.getTotalSupplyCap();
uint256 totalSupply = totalSupply();
if (totalSupply >= totalSupplyCap) {
return0;
}
return convertToAssets(totalSupplyCap - totalSupply);
}
functionmaxMint(address) publicviewvirtualoverridereturns (uint256) {
uint256 totalSupplyCap = PlasmaVaultLib.getTotalSupplyCap();
uint256 totalSupply = totalSupply();
if (totalSupply >= totalSupplyCap) {
return0;
}
return totalSupplyCap - totalSupply;
}
functionclaimRewards(FuseAction[] calldata calls_) externaloverridenonReentrantrestricted{
uint256 callsCount = calls_.length;
for (uint256 i; i < callsCount; ++i) {
calls_[i].fuse.functionDelegateCall(calls_[i].data);
}
}
/// @notice Returns the total assets in the vault/// @dev value not take into account runtime accrued interest in the markets, and NOT take into account runtime accrued performance fee/// @return total assets in the vault, represented in underlying token decimalsfunctiontotalAssets() publicviewvirtualoverridereturns (uint256) {
uint256 grossTotalAssets = _getGrossTotalAssets();
uint256 unrealizedManagementFee = _getUnrealizedManagementFee(grossTotalAssets);
if (unrealizedManagementFee >= grossTotalAssets) {
return0;
} else {
return grossTotalAssets - unrealizedManagementFee;
}
}
/// @notice Returns the total assets in the vault for a specific market/// @param marketId_ The market id/// @return total assets in the Plasma Vault for given market, represented in underlying token decimalsfunctiontotalAssetsInMarket(uint256 marketId_) publicviewvirtualreturns (uint256) {
return PlasmaVaultLib.getTotalAssetsInMarket(marketId_);
}
/// @notice Returns the unrealized management fee in underlying token decimals/// @dev Unrealized management fee is calculated based on the management fee in percentage and the time since the last update/// @return unrealized management fee, represented in underlying token decimalsfunctiongetUnrealizedManagementFee() publicviewreturns (uint256) {
return _getUnrealizedManagementFee(_getGrossTotalAssets());
}
/// @dev Mustn't use updateInternal, because is reserved for PlasmaVaultBase to call it as delegatecall in context of PlasmaVaultfunctionupdateInternal(address, address, uint256) public{
revert UnsupportedMethod();
}
functionexecuteInternal(FuseAction[] calldata calls_) external{
if (address(this) !=msg.sender) {
revert Errors.WrongCaller(msg.sender);
}
uint256 callsCount = calls_.length;
uint256[] memory markets =newuint256[](callsCount);
uint256 marketIndex;
uint256 fuseMarketId;
for (uint256 i; i < callsCount; ++i) {
if (!FusesLib.isFuseSupported(calls_[i].fuse)) {
revert UnsupportedFuse();
}
fuseMarketId = IFuseCommon(calls_[i].fuse).MARKET_ID();
if (_checkIfExistsMarket(markets, fuseMarketId) ==false) {
markets[marketIndex] = fuseMarketId;
marketIndex++;
}
calls_[i].fuse.functionDelegateCall(calls_[i].data);
}
_updateMarketsBalances(markets);
}
functiongetUniqueElements(uint256[] memory inputArray) privatepurereturns (uint256[] memory) {
uint256[] memory tempArray =newuint256[](inputArray.length);
uint256 count =0;
for (uint256 i =0; i < inputArray.length; i++) {
if (inputArray[i] !=0&&!contains(tempArray, inputArray[i], count)) {
tempArray[count] = inputArray[i];
count++;
}
}
uint256[] memory uniqueArray =newuint256[](count);
for (uint256 i =0; i < count; i++) {
uniqueArray[i] = tempArray[i];
}
return uniqueArray;
}
functioncontains(uint256[] memory array, uint256 element, uint256 count) privatepurereturns (bool) {
for (uint256 i =0; i < count; i++) {
if (array[i] == element) {
returntrue;
}
}
returnfalse;
}
function_deposit(uint256 assets_, address receiver_) internalreturns (uint256) {
if (assets_ ==0) {
revert NoAssetsToDeposit();
}
if (receiver_ ==address(0)) {
revert Errors.WrongAddress();
}
_realizeManagementFee();
returnsuper.deposit(assets_, receiver_);
}
function_addPerformanceFee(uint256 totalAssetsBefore_) internal{
uint256 totalAssetsAfter = totalAssets();
if (totalAssetsAfter < totalAssetsBefore_) {
return;
}
PlasmaVaultStorageLib.PerformanceFeeData memory feeData = PlasmaVaultLib.getPerformanceFeeData();
uint256 fee = Math.mulDiv(totalAssetsAfter - totalAssetsBefore_, feeData.feeInPercentage, 1e4);
/// @dev total supply cap validation is disabled for fee minting
PlasmaVaultLib.setTotalSupplyCapValidation(1);
_mint(feeData.feeAccount, convertToShares(fee));
/// @dev total supply cap validation is enabled when fee minting is finished
PlasmaVaultLib.setTotalSupplyCapValidation(0);
}
function_realizeManagementFee() internal{
PlasmaVaultStorageLib.ManagementFeeData memory feeData = PlasmaVaultLib.getManagementFeeData();
uint256 unrealizedFeeInUnderlying = getUnrealizedManagementFee();
PlasmaVaultLib.updateManagementFeeData();
uint256 unrealizedFeeInShares = convertToShares(unrealizedFeeInUnderlying);
if (unrealizedFeeInShares ==0) {
return;
}
/// @dev minting is an act of management fee realization/// @dev total supply cap validation is disabled for fee minting
PlasmaVaultLib.setTotalSupplyCapValidation(1);
_mint(feeData.feeAccount, unrealizedFeeInShares);
/// @dev total supply cap validation is enabled when fee minting is finished
PlasmaVaultLib.setTotalSupplyCapValidation(0);
emit ManagementFeeRealized(unrealizedFeeInUnderlying, unrealizedFeeInShares);
}
function_includeSlippage(uint256 value_) internalpurereturns (uint256) {
/// @dev increase value by DEFAULT_SLIPPAGE_IN_PERCENTAGE to cover potential slippagereturn value_ + IporMath.division(value_ * DEFAULT_SLIPPAGE_IN_PERCENTAGE, 100);
}
/// @notice Withdraw assets from the markets/// @param assets_ Amount of assets to withdraw/// @param vaultCurrentBalanceUnderlying_ Current balance of the vault in underlying tokenfunction_withdrawFromMarkets(uint256 assets_, uint256 vaultCurrentBalanceUnderlying_) internal{
if (assets_ ==0) {
return;
}
uint256 left;
if (assets_ >= vaultCurrentBalanceUnderlying_) {
uint256 marketIndex;
uint256 fuseMarketId;
bytes32[] memory params;
/// @dev assume that the same fuse can be used multiple times/// @dev assume that more than one fuse can be from the same marketaddress[] memory fuses = PlasmaVaultLib.getInstantWithdrawalFuses();
uint256[] memory markets =newuint256[](fuses.length);
left = assets_ - vaultCurrentBalanceUnderlying_;
uint256 i;
uint256 balanceOf;
uint256 fusesLength = fuses.length;
for (i; left !=0&& i < fusesLength; ++i) {
params = PlasmaVaultLib.getInstantWithdrawalFusesParams(fuses[i], i);
/// @dev always first param is amount, by default is 0 in storage, set to left
params[0] =bytes32(left);
fuses[i].functionDelegateCall(abi.encodeWithSignature("instantWithdraw(bytes32[])", params));
balanceOf = IERC20(asset()).balanceOf(address(this));
if (assets_ > balanceOf) {
left = assets_ - balanceOf;
} else {
left =0;
}
fuseMarketId = IFuseCommon(fuses[i]).MARKET_ID();
if (_checkIfExistsMarket(markets, fuseMarketId) ==false) {
markets[marketIndex] = fuseMarketId;
marketIndex++;
}
}
_updateMarketsBalances(markets);
}
}
/// @notice Update balances in the vault for markets touched by the fuses during the execution of all FuseActions/// @param markets_ Array of market ids touched by the fuses in the FuseActionsfunction_updateMarketsBalances(uint256[] memory markets_) internal{
uint256 wadBalanceAmountInUSD;
DataToCheck memory dataToCheck;
address balanceFuse;
int256 deltasInUnderlying;
uint256[] memory markets = _checkBalanceFusesDependencies(markets_);
uint256 marketsLength = markets.length;
/// @dev USD price is represented in 8 decimals
(uint256 underlyingAssetPrice, uint256 underlyingAssePriceDecimals) = IPriceOracleMiddleware(
PlasmaVaultLib.getPriceOracleMiddleware()
).getAssetPrice(asset());
dataToCheck.marketsToCheck =new MarketToCheck[](marketsLength);
for (uint256 i; i < marketsLength; ++i) {
if (markets[i] ==0) {
break;
}
balanceFuse = FusesLib.getBalanceFuse(markets[i]);
wadBalanceAmountInUSD =abi.decode(
balanceFuse.functionDelegateCall(abi.encodeWithSignature("balanceOf()")),
(uint256)
);
dataToCheck.marketsToCheck[i].marketId = markets[i];
dataToCheck.marketsToCheck[i].balanceInMarket = IporMath.convertWadToAssetDecimals(
IporMath.division(
wadBalanceAmountInUSD * IporMath.BASIS_OF_POWER ** underlyingAssePriceDecimals,
underlyingAssetPrice
),
(decimals() - _decimalsOffset())
);
deltasInUnderlying =
deltasInUnderlying +
PlasmaVaultLib.updateTotalAssetsInMarket(markets[i], dataToCheck.marketsToCheck[i].balanceInMarket);
}
if (deltasInUnderlying !=0) {
PlasmaVaultLib.addToTotalAssetsInAllMarkets(deltasInUnderlying);
}
dataToCheck.totalBalanceInVault = _getGrossTotalAssets();
AssetDistributionProtectionLib.checkLimits(dataToCheck);
emit MarketBalancesUpdated(markets, deltasInUnderlying);
}
function_checkBalanceFusesDependencies(uint256[] memory markets_) internalviewreturns (uint256[] memory) {
uint256 marketsLength = markets_.length;
if (marketsLength ==0) {
return markets_;
}
uint256[] memory marketsChecked =newuint256[](marketsLength *2);
uint256[] memory marketsToCheck = markets_;
uint256 index;
uint256[] memory tempMarketsToCheck;
while (marketsToCheck.length>0) {
tempMarketsToCheck =newuint256[](marketsLength *2);
uint256 tempIndex;
for (uint256 i; i < marketsToCheck.length; ++i) {
if (!_checkIfExistsMarket(marketsChecked, marketsToCheck[i])) {
if (marketsChecked.length== index) {
marketsChecked = _increaseArray(marketsChecked, marketsChecked.length*2);
}
marketsChecked[index] = marketsToCheck[i];
++index;
uint256 dependentMarketsLength = PlasmaVaultLib.getDependencyBalanceGraph(marketsToCheck[i]).length;
if (dependentMarketsLength >0) {
for (uint256 j; j < dependentMarketsLength; ++j) {
if (tempMarketsToCheck.length== tempIndex) {
tempMarketsToCheck = _increaseArray(tempMarketsToCheck, tempMarketsToCheck.length*2);
}
tempMarketsToCheck[tempIndex] = PlasmaVaultLib.getDependencyBalanceGraph(marketsToCheck[i])[
j
];
++tempIndex;
}
}
}
}
marketsToCheck = getUniqueElements(tempMarketsToCheck);
}
return getUniqueElements(marketsChecked);
}
function_increaseArray(uint256[] memory arr_, uint256 newSize_) internalpurereturns (uint256[] memory) {
uint256[] memory result =newuint256[](newSize_);
for (uint256 i; i < arr_.length; ++i) {
result[i] = arr_[i];
}
return result;
}
function_concatArrays(uint256[] memory arr1_,
uint256[] memory arr2_,
uint256 lengthOfNewArray_
) internalpurereturns (uint256[] memory) {
uint256[] memory result =newuint256[](lengthOfNewArray_);
uint256 i;
uint256 lengthOfArr1 = arr1_.length;
for (i; i < lengthOfArr1; ++i) {
result[i] = arr1_[i];
}
for (uint256 j; i < lengthOfNewArray_; ++j) {
result[i] = arr2_[j];
++i;
}
return result;
}
function_checkIfExistsMarket(uint256[] memory markets_, uint256 marketId_) internalpurereturns (bool exists) {
for (uint256 i; i < markets_.length; ++i) {
if (markets_[i] ==0) {
break;
}
if (markets_[i] == marketId_) {
exists =true;
break;
}
}
}
function_getGrossTotalAssets() internalviewreturns (uint256) {
address rewardsClaimManagerAddress = PlasmaVaultLib.getRewardsClaimManagerAddress();
if (rewardsClaimManagerAddress !=address(0)) {
return
IERC20(asset()).balanceOf(address(this)) +
PlasmaVaultLib.getTotalAssetsInAllMarkets() +
IRewardsClaimManager(rewardsClaimManagerAddress).balanceOf();
}
return IERC20(asset()).balanceOf(address(this)) + PlasmaVaultLib.getTotalAssetsInAllMarkets();
}
function_getUnrealizedManagementFee(uint256 totalAssets_) internalviewreturns (uint256) {
PlasmaVaultStorageLib.ManagementFeeData memory feeData = PlasmaVaultLib.getManagementFeeData();
uint256 blockTimestamp =block.timestamp;
if (
feeData.feeInPercentage ==0||
feeData.lastUpdateTimestamp ==0||
blockTimestamp <= feeData.lastUpdateTimestamp
) {
return0;
}
return
Math.mulDiv(
Math.mulDiv(totalAssets_, blockTimestamp - feeData.lastUpdateTimestamp, 365days),
feeData.feeInPercentage,
1e4/// @dev feeInPercentage is in percentage with 2 decimals, example 10000 is 100%
);
}
/**
* @dev Reverts if the caller is not allowed to call the function identified by a selector. Panics if the calldata
* is less than 4 bytes long.
*/function_checkCanCall(address caller_, bytescalldata data_) internalvirtualoverride{
bytes4 sig =bytes4(data_[0:4]);
bool immediate;
uint32 delay;
address withdrawManager = PlasmaVaultStorageLib.getWithdrawManager().manager;
if (withdrawManager !=address(0) &&this.withdraw.selector== sig) {
(immediate, delay) = IporFusionAccessManager(authority()).canCallAndUpdate(caller_, address(this), sig);
uint256 amount = _extractAmountFromWithdrawAndRedeem();
if (!WithdrawManager(withdrawManager).canWithdrawAndUpdate(caller_, amount)) {
revert WithdrawIsNotAllowed(caller_, amount);
}
} elseif (withdrawManager !=address(0) &&this.redeem.selector== sig) {
(immediate, delay) = IporFusionAccessManager(authority()).canCallAndUpdate(caller_, address(this), sig);
uint256 amount = convertToAssets(_extractAmountFromWithdrawAndRedeem());
if (!WithdrawManager(withdrawManager).canWithdrawAndUpdate(caller_, amount)) {
revert WithdrawIsNotAllowed(caller_, amount);
}
} elseif (
this.deposit.selector== sig ||this.mint.selector== sig ||this.depositWithPermit.selector== sig ||this.redeem.selector== sig ||this.withdraw.selector== sig
) {
(immediate, delay) = IporFusionAccessManager(authority()).canCallAndUpdate(caller_, address(this), sig);
} else {
(immediate, delay) = AuthorityUtils.canCallWithDelay(authority(), caller_, address(this), sig);
}
if (!immediate) {
if (delay >0) {
AccessManagedStorage storage $ = _getAccessManagedStorage();
$._consumingSchedule =true;
IAccessManager(authority()).consumeScheduledOp(caller_, data_);
$._consumingSchedule =false;
} else {
revert AccessManagedUnauthorized(caller_);
}
}
}
function_extractAmountFromWithdrawAndRedeem() privatereturns (uint256) {
(uint256 amount, , ) =abi.decode(_msgData()[4:], (uint256, address, address));
return amount;
}
function_update(address from_, address to_, uint256 value_) internalvirtualoverride{
PLASMA_VAULT_BASE.functionDelegateCall(
abi.encodeWithSelector(IPlasmaVaultBase.updateInternal.selector, from_, to_, value_)
);
}
function_decimalsOffset() internalviewvirtualoverridereturns (uint8) {
return PlasmaVaultLib.DECIMALS_OFFSET;
}
}
Contract Source Code
File 41 of 54: PlasmaVaultConfigLib.sol
// SPDX-License-Identifier: BUSL-1.1pragmasolidity 0.8.26;import {PlasmaVaultStorageLib} from"./PlasmaVaultStorageLib.sol";
/// @title Plasma Vault Configuration Library responsible for managing the configuration of the Plasma VaultlibraryPlasmaVaultConfigLib{
eventMarketSubstratesGranted(uint256 marketId, bytes32[] substrates);
/// @notice Checks if the substrate treated as an asset is granted for the market/// @param marketId_ The market id/// @param substrateAsAsset The address of the substrate treated as an asset/// @return true if the substrate is granted for the market/// @dev Substrates are stored as bytes32functionisSubstrateAsAssetGranted(uint256 marketId_, address substrateAsAsset) internalviewreturns (bool) {
PlasmaVaultStorageLib.MarketSubstratesStruct storage marketSubstrates = _getMarketSubstrates(marketId_);
return marketSubstrates.substrateAllowances[addressToBytes32(substrateAsAsset)] ==1;
}
/// @notice Checks if the substrate is granted for the market/// @param marketId_ The market id/// @param substrate_ The bytes32 of the substrate/// @return true if the substrate is granted for the market/// @dev Substrates can be asset, vault, or any other paramsfunctionisMarketSubstrateGranted(uint256 marketId_, bytes32 substrate_) internalviewreturns (bool) {
PlasmaVaultStorageLib.MarketSubstratesStruct storage marketSubstrates = _getMarketSubstrates(marketId_);
return marketSubstrates.substrateAllowances[substrate_] ==1;
}
/// @notice Gets the market substrates for the market/// @param marketId_ The market id/// @return The array of substratesfunctiongetMarketSubstrates(uint256 marketId_) internalviewreturns (bytes32[] memory) {
return _getMarketSubstrates(marketId_).substrates;
}
/// @notice Grants the substrates for the market/// @param marketId_ The market id/// @param substrates_ The array of substrates/// @dev Substrates can be asset, vault, or any other params, only granted substrates can be used by Fuses in interaction with a given market and external protocols.functiongrantMarketSubstrates(uint256 marketId_, bytes32[] memory substrates_) internal{
PlasmaVaultStorageLib.MarketSubstratesStruct storage marketSubstrates = _getMarketSubstrates(marketId_);
_revokeMarketSubstrates(marketSubstrates);
bytes32[] memory list =newbytes32[](substrates_.length);
for (uint256 i; i < substrates_.length; ++i) {
marketSubstrates.substrateAllowances[substrates_[i]] =1;
list[i] = substrates_[i];
}
marketSubstrates.substrates = list;
emit MarketSubstratesGranted(marketId_, substrates_);
}
/// @notice Grants the substrates treated as assets for the market/// @param marketId_ The market id/// @param substratesAsAssets_ The array of substrates treated as assets/// @dev Substrates are stored as bytes32, only granted substrates can be used by Fuses in interaction with a given market and external protocols.functiongrantSubstratesAsAssetsToMarket(uint256 marketId_, address[] calldata substratesAsAssets_) internal{
PlasmaVaultStorageLib.MarketSubstratesStruct storage marketSubstrates = _getMarketSubstrates(marketId_);
_revokeMarketSubstrates(marketSubstrates);
bytes32[] memory list =newbytes32[](substratesAsAssets_.length);
for (uint256 i; i < substratesAsAssets_.length; ++i) {
marketSubstrates.substrateAllowances[addressToBytes32(substratesAsAssets_[i])] =1;
list[i] = addressToBytes32(substratesAsAssets_[i]);
}
marketSubstrates.substrates = list;
emit MarketSubstratesGranted(marketId_, list);
}
function_revokeMarketSubstrates(PlasmaVaultStorageLib.MarketSubstratesStruct storage marketSubstrates) private{
uint256 length = marketSubstrates.substrates.length;
for (uint256 i; i < length; ++i) {
marketSubstrates.substrateAllowances[marketSubstrates.substrates[i]] =0;
}
}
/// @notice Converts the substrate as bytes32 to value address/// @param substrate_ The bytes32 of the substrate/// @return The address of the substratefunctionbytes32ToAddress(bytes32 substrate_) internalpurereturns (address) {
returnaddress(uint160(uint256(substrate_)));
}
/// @notice Converts the address to bytes32/// @param address_ The address of the substrate/// @return The bytes32 of the substratefunctionaddressToBytes32(address address_) internalpurereturns (bytes32) {
returnbytes32(uint256(uint160(address_)));
}
/// @notice Gets the market substrates configuration for a specific marketfunction_getMarketSubstrates(uint256 marketId_
) privateviewreturns (PlasmaVaultStorageLib.MarketSubstratesStruct storage) {
return PlasmaVaultStorageLib.getMarketSubstrates().value[marketId_];
}
}
Contract Source Code
File 42 of 54: PlasmaVaultGovernance.sol
// SPDX-License-Identifier: BUSL-1.1pragmasolidity 0.8.26;import {FusesLib} from"../libraries/FusesLib.sol";
import {PlasmaVaultConfigLib} from"../libraries/PlasmaVaultConfigLib.sol";
import {PlasmaVaultLib, InstantWithdrawalFusesParamsStruct} from"../libraries/PlasmaVaultLib.sol";
import {IPriceOracleMiddleware} from"../price_oracle/IPriceOracleMiddleware.sol";
import {Errors} from"../libraries/errors/Errors.sol";
import {PlasmaVaultStorageLib} from"../libraries/PlasmaVaultStorageLib.sol";
import {AssetDistributionProtectionLib, MarketLimit} from"../libraries/AssetDistributionProtectionLib.sol";
import {AccessManagedUpgradeable} from"../managers/access/AccessManagedUpgradeable.sol";
import {CallbackHandlerLib} from"../libraries/CallbackHandlerLib.sol";
import {IPlasmaVaultGovernance} from"../interfaces/IPlasmaVaultGovernance.sol";
import {IIporFusionAccessManager} from"../interfaces/IIporFusionAccessManager.sol";
/// @title Plasma Vault Governance part of the Plasma Vault including Access Manager. Allows to manage the vault configuration like fuses, price oracle, fees, etc.abstractcontractPlasmaVaultGovernanceisIPlasmaVaultGovernance, AccessManagedUpgradeable{
functionisMarketSubstrateGranted(uint256 marketId_, bytes32 substrate_) externalviewoverridereturns (bool) {
return PlasmaVaultConfigLib.isMarketSubstrateGranted(marketId_, substrate_);
}
functionisFuseSupported(address fuse_) externalviewoverridereturns (bool) {
return FusesLib.isFuseSupported(fuse_);
}
functionisBalanceFuseSupported(uint256 marketId_, address fuse_) externalviewoverridereturns (bool) {
return FusesLib.isBalanceFuseSupported(marketId_, fuse_);
}
functionisMarketsLimitsActivated() publicviewoverridereturns (bool) {
return AssetDistributionProtectionLib.isMarketsLimitsActivated();
}
functiongetMarketSubstrates(uint256 marketId_) externalviewoverridereturns (bytes32[] memory) {
return PlasmaVaultConfigLib.getMarketSubstrates(marketId_);
}
functiongetFuses() externalviewoverridereturns (address[] memory) {
return FusesLib.getFusesArray();
}
functiongetPriceOracleMiddleware() externalviewoverridereturns (address) {
return PlasmaVaultLib.getPriceOracleMiddleware();
}
functiongetPerformanceFeeData()
externalviewoverridereturns (PlasmaVaultStorageLib.PerformanceFeeData memory feeData)
{
feeData = PlasmaVaultLib.getPerformanceFeeData();
}
functiongetManagementFeeData()
externalviewoverridereturns (PlasmaVaultStorageLib.ManagementFeeData memory feeData)
{
feeData = PlasmaVaultLib.getManagementFeeData();
}
functiongetAccessManagerAddress() externalviewoverridereturns (address) {
return authority();
}
functiongetRewardsClaimManagerAddress() externalviewoverridereturns (address) {
return PlasmaVaultLib.getRewardsClaimManagerAddress();
}
functiongetInstantWithdrawalFuses() externalviewoverridereturns (address[] memory) {
return PlasmaVaultLib.getInstantWithdrawalFuses();
}
functiongetInstantWithdrawalFusesParams(address fuse_,
uint256 index_
) externalviewoverridereturns (bytes32[] memory) {
return PlasmaVaultLib.getInstantWithdrawalFusesParams(fuse_, index_);
}
functiongetMarketLimit(uint256 marketId_) externalviewoverridereturns (uint256) {
return PlasmaVaultStorageLib.getMarketsLimits().limitInPercentage[marketId_];
}
functiongetDependencyBalanceGraph(uint256 marketId_) externalviewoverridereturns (uint256[] memory) {
return PlasmaVaultStorageLib.getDependencyBalanceGraph().dependencyGraph[marketId_];
}
functiongetTotalSupplyCap() externalviewoverridereturns (uint256) {
return PlasmaVaultLib.getTotalSupplyCap();
}
functionaddBalanceFuse(uint256 marketId_, address fuse_) externaloverriderestricted{
_addBalanceFuse(marketId_, fuse_);
}
functionremoveBalanceFuse(uint256 marketId_, address fuse_) externaloverriderestricted{
FusesLib.removeBalanceFuse(marketId_, fuse_);
}
functiongrantMarketSubstrates(uint256 marketId_, bytes32[] calldata substrates_) externaloverriderestricted{
PlasmaVaultConfigLib.grantMarketSubstrates(marketId_, substrates_);
}
functionupdateDependencyBalanceGraphs(uint256[] memory marketIds_,
uint256[][] memory dependencies_
) externaloverriderestricted{
uint256 marketIdsLength = marketIds_.length;
if (marketIdsLength != dependencies_.length) {
revert Errors.WrongArrayLength();
}
for (uint256 i; i < marketIdsLength; ++i) {
PlasmaVaultStorageLib.getDependencyBalanceGraph().dependencyGraph[marketIds_[i]] = dependencies_[i];
}
}
/// @notice Configures the instant withdrawal fuses. Order of the fuse is important, as it will be used in the same order during the instant withdrawal process/// @dev Order of the fuses is important, the same fuse can be used multiple times with different parameters (for example different assets, markets or any other substrate specific for the fuse)functionconfigureInstantWithdrawalFuses(
InstantWithdrawalFusesParamsStruct[] calldata fuses_
) externaloverriderestricted{
PlasmaVaultLib.configureInstantWithdrawalFuses(fuses_);
}
functionaddFuses(address[] calldata fuses_) externaloverriderestricted{
for (uint256 i; i < fuses_.length; ++i) {
FusesLib.addFuse(fuses_[i]);
}
}
functionremoveFuses(address[] calldata fuses_) externaloverriderestricted{
for (uint256 i; i < fuses_.length; ++i) {
FusesLib.removeFuse(fuses_[i]);
}
}
functionsetPriceOracleMiddleware(address priceOracleMiddleware_) externaloverriderestricted{
IPriceOracleMiddleware oldPriceOracleMiddleware = IPriceOracleMiddleware(
PlasmaVaultLib.getPriceOracleMiddleware()
);
IPriceOracleMiddleware newPriceOracleMiddleware = IPriceOracleMiddleware(priceOracleMiddleware_);
if (
oldPriceOracleMiddleware.QUOTE_CURRENCY() != newPriceOracleMiddleware.QUOTE_CURRENCY() ||
oldPriceOracleMiddleware.QUOTE_CURRENCY_DECIMALS() != newPriceOracleMiddleware.QUOTE_CURRENCY_DECIMALS()
) {
revert Errors.UnsupportedPriceOracleMiddleware();
}
PlasmaVaultLib.setPriceOracleMiddleware(priceOracleMiddleware_);
}
functionconfigurePerformanceFee(address feeAccount_, uint256 feeInPercentage_) externaloverriderestricted{
PlasmaVaultLib.configurePerformanceFee(feeAccount_, feeInPercentage_);
}
functionconfigureManagementFee(address feeAccount_, uint256 feeInPercentage_) externaloverriderestricted{
PlasmaVaultLib.configureManagementFee(feeAccount_, feeInPercentage_);
}
functionsetRewardsClaimManagerAddress(address rewardsClaimManagerAddress_) publicoverriderestricted{
PlasmaVaultLib.setRewardsClaimManagerAddress(rewardsClaimManagerAddress_);
}
functionsetupMarketsLimits(MarketLimit[] calldata marketsLimits_) externaloverriderestricted{
AssetDistributionProtectionLib.setupMarketsLimits(marketsLimits_);
}
/// @notice Activates the markets limits protection, by default it is deactivated. After activation the limits/// is setup for each market separately.functionactivateMarketsLimits() publicoverriderestricted{
AssetDistributionProtectionLib.activateMarketsLimits();
}
/// @notice Deactivates the markets limits protection.functiondeactivateMarketsLimits() publicoverriderestricted{
AssetDistributionProtectionLib.deactivateMarketsLimits();
}
functionupdateCallbackHandler(address handler_, address sender_, bytes4 sig_) externaloverriderestricted{
CallbackHandlerLib.updateCallbackHandler(handler_, sender_, sig_);
}
functionsetTotalSupplyCap(uint256 cap_) externaloverriderestricted{
PlasmaVaultLib.setTotalSupplyCap(cap_);
}
functionconvertToPublicVault() externaloverriderestricted{
IIporFusionAccessManager(authority()).convertToPublicVault(address(this));
}
functionenableTransferShares() externaloverriderestricted{
IIporFusionAccessManager(authority()).enableTransferShares(address(this));
}
functionsetMinimalExecutionDelaysForRoles(uint64[] calldata rolesIds_,
uint256[] calldata delays_
) externaloverriderestricted{
IIporFusionAccessManager(authority()).setMinimalExecutionDelaysForRoles(rolesIds_, delays_);
}
function_addFuse(address fuse_) internal{
if (fuse_ ==address(0)) {
revert Errors.WrongAddress();
}
FusesLib.addFuse(fuse_);
}
function_addBalanceFuse(uint256 marketId_, address fuse_) internal{
if (fuse_ ==address(0)) {
revert Errors.WrongAddress();
}
FusesLib.addBalanceFuse(marketId_, fuse_);
}
}
Contract Source Code
File 43 of 54: PlasmaVaultLib.sol
// SPDX-License-Identifier: BUSL-1.1pragmasolidity 0.8.26;import {SafeCast} from"@openzeppelin/contracts/utils/math/SafeCast.sol";
import {Errors} from"./errors/Errors.sol";
import {PlasmaVaultStorageLib} from"./PlasmaVaultStorageLib.sol";
import {FusesLib} from"./FusesLib.sol";
/// @notice Technical struct used to pass parameters in the `updateInstantWithdrawalFuses` functionstructInstantWithdrawalFusesParamsStruct {
/// @notice The address of the fuseaddress fuse;
/// @notice The parameters of the fuse, first element is an amount, second element is an address of the asset or a market id or other substrate specific for the fuse/// @dev Notice! Always first param is the asset value in underlying, next params are specific for the Fusebytes32[] params;
}
/// @title Plasma Vault Library responsible for managing the Plasma VaultlibraryPlasmaVaultLib{
usingSafeCastforuint256;
usingSafeCastforint256;
/// @dev Hard CAP for the performance fee in percentage - 50%uint256publicconstant PERFORMANCE_MAX_FEE_IN_PERCENTAGE =5000;
/// @dev Hard CAP for the management fee in percentage - 5%uint256publicconstant MANAGEMENT_MAX_FEE_IN_PERCENTAGE =500;
/// @dev The offset for the underlying asset decimals in the Plasma Vaultuint8publicconstant DECIMALS_OFFSET =2;
errorInvalidPerformanceFee(uint256 feeInPercentage);
errorInvalidManagementFee(uint256 feeInPercentage);
eventInstantWithdrawalFusesConfigured(InstantWithdrawalFusesParamsStruct[] fuses);
eventPriceOracleMiddlewareChanged(address newPriceOracleMiddleware);
eventPerformanceFeeDataConfigured(address feeAccount, uint256 feeInPercentage);
eventManagementFeeDataConfigured(address feeAccount, uint256 feeInPercentage);
eventRewardsClaimManagerAddressChanged(address newRewardsClaimManagerAddress);
eventDependencyBalanceGraphChanged(uint256 marketId, uint256[] newDependenceGraph);
eventWithdrawManagerChanged(address newWithdrawManager);
/// @notice Gets the total assets in the vault for all markets/// @return The total assets in the vault for all markets, represented in decimals of the underlying asset//solhint-disable-next-linefunctiongetTotalAssetsInAllMarkets() internalviewreturns (uint256) {
return PlasmaVaultStorageLib.getTotalAssets().value;
}
/// @notice Gets the total assets in the vault for a specific market/// @param marketId_ The market id/// @return The total assets in the vault for the market, represented in decimals of the underlying asset//solhint-disable-next-linefunctiongetTotalAssetsInMarket(uint256 marketId_) internalviewreturns (uint256) {
return PlasmaVaultStorageLib.getMarketTotalAssets().value[marketId_];
}
/// @notice Gets the dependency balance graph for a specific market/// @param marketId_ The market id/// @return The dependency balance graph for the market/// @dev The dependency balance graph is used to update appropriate balance markets when Plasma Vault interact with a given marketId_functiongetDependencyBalanceGraph(uint256 marketId_) internalviewreturns (uint256[] memory) {
return PlasmaVaultStorageLib.getDependencyBalanceGraph().dependencyGraph[marketId_];
}
/// @notice Updates the dependency balance graph for a specific market/// @param marketId_ The market id/// @param newDependenceGraph_ The new dependency balance graph for the marketfunctionupdateDependencyBalanceGraph(uint256 marketId_, uint256[] memory newDependenceGraph_) internal{
PlasmaVaultStorageLib.getDependencyBalanceGraph().dependencyGraph[marketId_] = newDependenceGraph_;
emit DependencyBalanceGraphChanged(marketId_, newDependenceGraph_);
}
/// @notice Adds an amount to the total assets in the Plasma Vault for all markets/// @param amount_ The amount to add, represented in decimals of the underlying assetfunctionaddToTotalAssetsInAllMarkets(int256 amount_) internal{
if (amount_ <0) {
PlasmaVaultStorageLib.getTotalAssets().value-= (-amount_).toUint256();
} else {
PlasmaVaultStorageLib.getTotalAssets().value+= amount_.toUint256();
}
}
/// @notice Updates the total assets in the Plasma Vault for a specific market/// @param marketId_ The market id/// @param newTotalAssetsInUnderlying_ The new total assets in the vault for the market, represented in decimals of the underlying asset/// @return deltaInUnderlying The difference between the old and the new total assets in the vault for the marketfunctionupdateTotalAssetsInMarket(uint256 marketId_,
uint256 newTotalAssetsInUnderlying_
) internalreturns (int256 deltaInUnderlying) {
uint256 oldTotalAssetsInUnderlying = PlasmaVaultStorageLib.getMarketTotalAssets().value[marketId_];
PlasmaVaultStorageLib.getMarketTotalAssets().value[marketId_] = newTotalAssetsInUnderlying_;
deltaInUnderlying = newTotalAssetsInUnderlying_.toInt256() - oldTotalAssetsInUnderlying.toInt256();
}
/// @notice Gets the management fee data/// @return managementFeeData The management fee data, like the fee manager and the fee in percentage//solhint-disable-next-linefunctiongetManagementFeeData()
internalviewreturns (PlasmaVaultStorageLib.ManagementFeeData memory managementFeeData)
{
return PlasmaVaultStorageLib.getManagementFeeData();
}
/// @notice Configures the management fee data like the fee manager and the fee in percentage/// @param feeAccount_ The address of the fee manager responsible for managing the management fee/// @param feeInPercentage_ The fee in percentage, represented in 2 decimals, example: 100% = 10000, 1% = 100, 0.01% = 1functionconfigureManagementFee(address feeAccount_, uint256 feeInPercentage_) internal{
if (feeAccount_ ==address(0)) {
revert Errors.WrongAddress();
}
if (feeInPercentage_ > MANAGEMENT_MAX_FEE_IN_PERCENTAGE) {
revert InvalidManagementFee(feeInPercentage_);
}
PlasmaVaultStorageLib.ManagementFeeData storage managementFeeData = PlasmaVaultStorageLib
.getManagementFeeData();
managementFeeData.feeAccount = feeAccount_;
managementFeeData.feeInPercentage = feeInPercentage_.toUint16();
emit ManagementFeeDataConfigured(feeAccount_, feeInPercentage_);
}
/// @notice Gets the performance fee data/// @return performanceFeeData The performance fee data, like the fee manager and the fee in percentage//solhint-disable-next-linefunctiongetPerformanceFeeData()
internalviewreturns (PlasmaVaultStorageLib.PerformanceFeeData memory performanceFeeData)
{
return PlasmaVaultStorageLib.getPerformanceFeeData();
}
/// @notice Configures the performance fee data like the fee manager and the fee in percentage/// @param feeAccount_ The address of the fee manager responsible for managing the performance fee/// @param feeInPercentage_ The fee in percentage, represented in 2 decimals, example: 100% = 10000, 1% = 100, 0.01% = 1functionconfigurePerformanceFee(address feeAccount_, uint256 feeInPercentage_) internal{
if (feeAccount_ ==address(0)) {
revert Errors.WrongAddress();
}
if (feeInPercentage_ > PERFORMANCE_MAX_FEE_IN_PERCENTAGE) {
revert InvalidPerformanceFee(feeInPercentage_);
}
PlasmaVaultStorageLib.PerformanceFeeData storage performanceFeeData = PlasmaVaultStorageLib
.getPerformanceFeeData();
performanceFeeData.feeAccount = feeAccount_;
performanceFeeData.feeInPercentage = feeInPercentage_.toUint16();
emit PerformanceFeeDataConfigured(feeAccount_, feeInPercentage_);
}
/// @notice Updates the management fee data with the current timestamp/// @dev lastUpdateTimestamp is used to calculate unrealized management feesfunctionupdateManagementFeeData() internal{
PlasmaVaultStorageLib.ManagementFeeData storage feeData = PlasmaVaultStorageLib.getManagementFeeData();
feeData.lastUpdateTimestamp =block.timestamp.toUint32();
}
/// @notice Gets instant withdrawal fuses/// @return The instant withdrawal fuses, the order of the fuses is importantfunctiongetInstantWithdrawalFuses() internalviewreturns (address[] memory) {
return PlasmaVaultStorageLib.getInstantWithdrawalFusesArray().value;
}
/// @notice Gets the instant withdrawal fuses parameters for a specific fuse/// @param fuse_ The fuse address/// @param index_ The index of the Fuse in the fuses array/// @return The instant withdrawal fuses parametersfunctiongetInstantWithdrawalFusesParams(address fuse_, uint256 index_) internalviewreturns (bytes32[] memory) {
return
PlasmaVaultStorageLib.getInstantWithdrawalFusesParams().value[keccak256(abi.encodePacked(fuse_, index_))];
}
/// @notice Configures order of the instant withdrawal fuses. Order of the fuse is important, as it will be used in the same order during the instant withdrawal process/// @param fuses_ The fuses to configure/// @dev Order of the fuses is important, the same fuse can be used multiple times with different parameters (for example different assets, markets or any other substrate specific for the fuse)functionconfigureInstantWithdrawalFuses(InstantWithdrawalFusesParamsStruct[] calldata fuses_) internal{
address[] memory fusesList =newaddress[](fuses_.length);
PlasmaVaultStorageLib.InstantWithdrawalFusesParams storage instantWithdrawalFusesParams = PlasmaVaultStorageLib
.getInstantWithdrawalFusesParams();
bytes32 key;
for (uint256 i; i < fuses_.length; ++i) {
if (!FusesLib.isFuseSupported(fuses_[i].fuse)) {
revert FusesLib.FuseUnsupported(fuses_[i].fuse);
}
fusesList[i] = fuses_[i].fuse;
key =keccak256(abi.encodePacked(fuses_[i].fuse, i));
delete instantWithdrawalFusesParams.value[key];
for (uint256 j; j < fuses_[i].params.length; ++j) {
instantWithdrawalFusesParams.value[key].push(fuses_[i].params[j]);
}
}
delete PlasmaVaultStorageLib.getInstantWithdrawalFusesArray().value;
PlasmaVaultStorageLib.getInstantWithdrawalFusesArray().value= fusesList;
emit InstantWithdrawalFusesConfigured(fuses_);
}
/// @notice Gets the Price Oracle Middleware address/// @return The Price Oracle Middleware addressfunctiongetPriceOracleMiddleware() internalviewreturns (address) {
return PlasmaVaultStorageLib.getPriceOracleMiddleware().value;
}
/// @notice Sets the Price Oracle Middleware address/// @param priceOracleMiddleware_ The Price Oracle Middleware addressfunctionsetPriceOracleMiddleware(address priceOracleMiddleware_) internal{
PlasmaVaultStorageLib.getPriceOracleMiddleware().value= priceOracleMiddleware_;
emit PriceOracleMiddlewareChanged(priceOracleMiddleware_);
}
/// @notice Gets the Rewards Claim Manager address/// @return The Rewards Claim Manager addressfunctiongetRewardsClaimManagerAddress() internalviewreturns (address) {
return PlasmaVaultStorageLib.getRewardsClaimManagerAddress().value;
}
/// @notice Sets the Rewards Claim Manager address/// @param rewardsClaimManagerAddress_ The rewards claim manager addressfunctionsetRewardsClaimManagerAddress(address rewardsClaimManagerAddress_) internal{
PlasmaVaultStorageLib.getRewardsClaimManagerAddress().value= rewardsClaimManagerAddress_;
emit RewardsClaimManagerAddressChanged(rewardsClaimManagerAddress_);
}
/// @notice Gets the total supply cap/// @return The total supply cap, represented in decimals of the underlying assetfunctiongetTotalSupplyCap() internalviewreturns (uint256) {
return PlasmaVaultStorageLib.getERC20CappedStorage().cap;
}
/// @notice Sets the total supply cap/// @param cap_ The total supply cap, represented in decimals of the underlying assetfunctionsetTotalSupplyCap(uint256 cap_) internal{
if (cap_ ==0) {
revert Errors.WrongValue();
}
PlasmaVaultStorageLib.getERC20CappedStorage().cap = cap_;
}
/// @notice Sets the total supply cap validation/// @param flag_ The total supply cap validation flag/// @dev 1 - no validation, 0 - validation, total supply validation cap is disabled when performance fee or management fee is minted./// By default, the total supply cap validation is enabled (flag_ = 0)functionsetTotalSupplyCapValidation(uint256 flag_) internal{
PlasmaVaultStorageLib.getERC20CappedValidationFlag().value= flag_;
}
/// @notice Checks if the total supply cap validation is enabled/// @return true if the total supply cap validation is enabled, false otherwisefunctionisTotalSupplyCapValidationEnabled() internalviewreturns (bool) {
return PlasmaVaultStorageLib.getERC20CappedValidationFlag().value==0;
}
/// @notice Sets the execution state to started, used in the execute function called by Alpha/// @dev Alpha can do interaction with the Plasma Vault using more than one FuseActionfunctionexecuteStarted() internal{
PlasmaVaultStorageLib.getExecutionState().value=1;
}
/// @notice Sets the execution state to finished, used in the execute function called by Alpha/// @dev Alpha can do interaction with the Plasma Vault using more than one FuseActionfunctionexecuteFinished() internal{
PlasmaVaultStorageLib.getExecutionState().value=0;
}
/// @notice Checks if the execution is started/// @return true if the execution is startedfunctionisExecutionStarted() internalviewreturns (bool) {
return PlasmaVaultStorageLib.getExecutionState().value==1;
}
/// @notice Updates the Withdraw Manager address. If the address is zero, it means that scheduled withdrawals are turned off.functionupdateWithdrawManager(address newWithdrawManager_) internal{
PlasmaVaultStorageLib.getWithdrawManager().manager = newWithdrawManager_;
emit WithdrawManagerChanged(newWithdrawManager_);
}
}
Contract Source Code
File 44 of 54: PlasmaVaultStorageLib.sol
// SPDX-License-Identifier: BUSL-1.1pragmasolidity 0.8.26;/// @title Library responsible for managing access to the storage of the PlasmaVault contract using the ERC-7201 standardlibraryPlasmaVaultStorageLib{
/// @dev value taken from ERC4626 contract, don't change it!// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.ERC4626")) - 1)) & ~bytes32(uint256(0xff))bytes32privateconstant ERC4626_STORAGE_LOCATION =0x0773e532dfede91f04b12a73d3d2acd361424f41f76b4fb79f090161e36b4e00;
/// @dev value taken from ERC20CappedUpgradeable contract, don't change it!// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.ERC20Capped")) - 1)) & ~bytes32(uint256(0xff))bytes32privateconstant ERC20_CAPPED_STORAGE_LOCATION =0x0f070392f17d5f958cc1ac31867dabecfc5c9758b4a419a200803226d7155d00;
/// @dev storage pointer location for a flag which indicates if the Total Supply Cap validation is enabled// keccak256(abi.encode(uint256(keccak256("io.ipor.Erc20CappedValidationFlag")) - 1)) & ~bytes32(uint256(0xff))bytes32privateconstant ERC20_CAPPED_VALIDATION_FLAG =0xaef487a7a52e82ae7bbc470b42be72a1d3c066fb83773bf99cce7e6a7df2f900;
/// @dev keccak256(abi.encode(uint256(keccak256("io.ipor.PlasmaVaultTotalAssetsInAllMarkets")) - 1)) & ~bytes32(uint256(0xff));bytes32privateconstant PLASMA_VAULT_TOTAL_ASSETS_IN_ALL_MARKETS =0x24e02552e88772b8e8fd15f3e6699ba530635ffc6b52322da922b0b497a77300;
/// @dev keccak256(abi.encode(uint256(keccak256("io.ipor.PlasmaVaultTotalAssetsInMarket")) - 1)) & ~bytes32(uint256(0xff));bytes32privateconstant PLASMA_VAULT_TOTAL_ASSETS_IN_MARKET =0x656f5ca8c676f20b936e991a840e1130bdd664385322f33b6642ec86729ee600;
/// @dev keccak256(abi.encode(uint256(keccak256("io.ipor.CfgPlasmaVaultMarketSubstrates")) - 1)) & ~bytes32(uint256(0xff));bytes32privateconstant CFG_PLASMA_VAULT_MARKET_SUBSTRATES =0x78e40624004925a4ef6749756748b1deddc674477302d5b7fe18e5335cde3900;
/// @dev keccak256(abi.encode(uint256(keccak256("io.ipor.CfgPlasmaVaultBalanceFuses")) - 1)) & ~bytes32(uint256(0xff));bytes32privateconstant CFG_PLASMA_VAULT_BALANCE_FUSES =0x150144dd6af711bac4392499881ec6649090601bd196a5ece5174c1400b1f700;
/// @dev keccak256(abi.encode(uint256(keccak256("io.ipor.CfgPlasmaVaultInstantWithdrawalFusesArray")) - 1)) & ~bytes32(uint256(0xff));bytes32privateconstant CFG_PLASMA_VAULT_INSTANT_WITHDRAWAL_FUSES_ARRAY =0xd243afa3da07e6bdec20fdd573a17f99411aa8a62ae64ca2c426d3a86ae0ac00;
/// @dev keccak256(abi.encode(uint256(keccak256("io.ipor.PriceOracleMiddleware")) - 1)) & ~bytes32(uint256(0xff));bytes32privateconstant PRICE_ORACLE_MIDDLEWARE =0x0d761ae54d86fc3be4f1f2b44ade677efb1c84a85fc6bb1d087dc42f1e319a00;
/// @notice Every fuse has a list of parameters used for instant withdrawal/// @dev keccak256(abi.encode(uint256(keccak256("io.ipor.CfgPlasmaVaultInstantWithdrawalFusesParams")) - 1)) & ~bytes32(uint256(0xff));bytes32privateconstant CFG_PLASMA_VAULT_INSTANT_WITHDRAWAL_FUSES_PARAMS =0x45a704819a9dcb1bb5b8cff129eda642cf0e926a9ef104e27aa53f1d1fa47b00;
/// @dev keccak256(abi.encode(uint256(keccak256("io.ipor.CfgPlasmaVaultFeeConfig")) - 1)) & ~bytes32(uint256(0xff));bytes32privateconstant CFG_PLASMA_VAULT_FEE_CONFIG =0x78b5ce597bdb64d5aa30a201c7580beefe408ff13963b5d5f3dce2dc09e89c00;
/// @dev keccak256(abi.encode(uint256(keccak256("io.ipor.PlasmaVaultPerformanceFeeData")) - 1)) & ~bytes32(uint256(0xff));bytes32privateconstant PLASMA_VAULT_PERFORMANCE_FEE_DATA =0x9399757a27831a6cfb6cf4cd5c97a908a2f8f41e95a5952fbf83a04e05288400;
/// @dev keccak256(abi.encode(uint256(keccak256("io.ipor.PlasmaVaultManagementFeeData")) - 1)) & ~bytes32(uint256(0xff));bytes32privateconstant PLASMA_VAULT_MANAGEMENT_FEE_DATA =0x239dd7e43331d2af55e2a25a6908f3bcec2957025f1459db97dcdc37c0003f00;
/// @dev keccak256(abi.encode(uint256(keccak256("io.ipor.RewardsClaimManagerAddress")) - 1)) & ~bytes32(uint256(0xff));bytes32privateconstant REWARDS_CLAIM_MANAGER_ADDRESS =0x08c469289c3f85d9b575f3ae9be6831541ff770a06ea135aa343a4de7c962d00;
/// @dev keccak256(abi.encode(uint256(keccak256("io.ipor.MarketLimits")) - 1)) & ~bytes32(uint256(0xff));bytes32privateconstant MARKET_LIMITS =0xc2733c187287f795e2e6e84d35552a190e774125367241c3e99e955f4babf000;
/// @dev keccak256(abi.encode(uint256(keccak256("io.ipor.DependencyBalanceGraph")) - 1)) & ~bytes32(uint256(0xff));bytes32privateconstant DEPENDENCY_BALANCE_GRAPH =0x82411e549329f2815579116a6c5e60bff72686c93ab5dba4d06242cfaf968900;
/// @dev keccak256(abi.encode(uint256(keccak256("io.ipor.executeRunning")) - 1)) & ~bytes32(uint256(0xff));bytes32privateconstant EXECUTE_RUNNING =0x054644eb87255c1c6a2d10801735f52fa3b9d6e4477dbed74914d03844ab6600;
/// @dev keccak256(abi.encode(uint256(keccak256("io.ipor.callbackHandler")) - 1)) & ~bytes32(uint256(0xff));bytes32privateconstant CALLBACK_HANDLER =0xb37e8684757599da669b8aea811ee2b3693b2582d2c730fab3f4965fa2ec3e00;
/// @dev keccak256(abi.encode(uint256(keccak256("io.ipor.WithdrawManager")) - 1)) & ~bytes32(uint256(0xff));bytes32privateconstant WITHDRAW_MANAGER =0xb37e8684757599da669b8aea811ee2b3693b2582d2c730fab3f4965fa2ec3e11;
/// @dev Value taken from ERC20VotesUpgradeable contract, don't change it!/// @custom:storage-location erc7201:openzeppelin.storage.ERC4626structERC4626Storage {
/// @dev underlying asset in Plasma Vaultaddress asset;
/// @dev underlying asset decimals in Plasma Vaultuint8 underlyingDecimals;
}
/// @dev Value taken from ERC20VotesUpgradeable contract, don't change it!/// @custom:storage-location erc7201:openzeppelin.storage.ERC20CappedstructERC20CappedStorage {
uint256 cap;
}
/// @notice ERC20CappedValidationFlag is used to enable or disable the total supply cap validation during execution/// Required for situation when performance fee or management fee is minted for fee managers/// @custom:storage-location erc7201:io.ipor.Erc20CappedValidationFlagstructERC20CappedValidationFlag {
uint256 value;
}
/// @custom:storage-location erc7201:io.ipor.RewardsClaimManagerAddressstructRewardsClaimManagerAddress {
/// @dev total assets in the Plasma Vaultaddress value;
}
/// @custom:storage-location erc7201:io.ipor.PlasmaVaultTotalAssetsInAllMarketsstructTotalAssets {
/// @dev total assets in the Plasma Vaultuint256 value;
}
/// @custom:storage-location erc7201:io.ipor.PlasmaVaultTotalAssetsInMarketstructMarketTotalAssets {
/// @dev marketId => total assets in the vault in the marketmapping(uint256=>uint256) value;
}
/// @notice Market Substrates configuration/// @dev Substrate - abstract item in the market, could be asset or sub market in the external protocol, it could be any item required to calculate balance in the marketstructMarketSubstratesStruct {
/// @notice Define which substrates are allowed and supported in the market/// @dev key can be specific asset or sub market in a specific external protocol (market), value - 1 - granted, otherwise - not grantedmapping(bytes32=>uint256) substrateAllowances;
/// @dev it could be list of assets or sub markets in a specific protocol or any other ids required to calculate balance in the market (external protocol)bytes32[] substrates;
}
/// @custom:storage-location erc7201:io.ipor.CfgPlasmaVaultMarketSubstratesstructMarketSubstrates {
/// @dev marketId => MarketSubstratesStructmapping(uint256=> MarketSubstratesStruct) value;
}
/// @custom:storage-location erc7201:io.ipor.CfgPlasmaVaultBalanceFusesstructBalanceFuses {
/// @dev marketId => balance fuse addressmapping(uint256=>address) value;
}
/// @custom:storage-location erc7201:io.ipor.BalanceDependenceGraphstructDependencyBalanceGraph {
mapping(uint256 marketId =>uint256[] marketIds) dependencyGraph;
}
/// @custom:storage-location erc7201:io.ipor.callbackHandlerstructCallbackHandler {
/// @dev key: keccak256(abi.encodePacked(sender, sig)), value: handler addressmapping(bytes32 key =>address handler) callbackHandler;
}
/// @custom:storage-location erc7201:io.ipor.CfgPlasmaVaultInstantWithdrawalFusesArraystructInstantWithdrawalFuses {
/// @dev value is a Fuse address used for instant withdrawaladdress[] value;
}
/// @custom:storage-location erc7201:io.ipor.CfgPlasmaVaultInstantWithdrawalFusesParamsstructInstantWithdrawalFusesParams {
/// @dev key: fuse address and index in InstantWithdrawalFuses array, value: list of parameters used for instant withdrawal/// @dev first param always amount in underlying asset of PlasmaVault, second and next params are specific for the fuse and marketmapping(bytes32=>bytes32[]) value;
}
/// @custom:storage-location erc7201:io.ipor.PlasmaVaultPerformanceFeeDatastructPerformanceFeeData {
address feeAccount;
uint16 feeInPercentage;
}
/// @custom:storage-location erc7201:io.ipor.PlasmaVaultManagementFeeDatastructManagementFeeData {
address feeAccount;
uint16 feeInPercentage;
uint32 lastUpdateTimestamp;
}
/// @custom:storage-location erc7201:io.ipor.PriceOracleMiddlewarestructPriceOracleMiddleware {
address value;
}
/// @custom:storage-location erc7201:io.ipor.executeRunningstructExecuteState {
uint256 value;
}
/// @custom:storage-location erc7201:io.ipor.WithdrawManagerstructWithdrawManager {
address manager;
}
/// @dev limit is percentage of total assets in the market in 18 decimals, 1e18 is 100%/// @deb if limit for zero marketId is greater than 0, then limits are activated/// @custom:storage-location erc7201:io.ipor.MarketLimitsstructMarketLimits {
mapping(uint256 marketId =>uint256 limit) limitInPercentage;
}
functiongetERC4626Storage() internalpurereturns (ERC4626Storage storage $) {
assembly {
$.slot:= ERC4626_STORAGE_LOCATION
}
}
functiongetERC20CappedStorage() internalpurereturns (ERC20CappedStorage storage $) {
assembly {
$.slot:= ERC20_CAPPED_STORAGE_LOCATION
}
}
functiongetERC20CappedValidationFlag() internalpurereturns (ERC20CappedValidationFlag storage $) {
assembly {
$.slot:= ERC20_CAPPED_VALIDATION_FLAG
}
}
/// @notice Gets the total assets storage pointer/// @return totalAssets storage pointerfunctiongetTotalAssets() internalpurereturns (TotalAssets storage totalAssets) {
assembly {
totalAssets.slot:= PLASMA_VAULT_TOTAL_ASSETS_IN_ALL_MARKETS
}
}
/// @notice Gets execution state storage pointer/// @return executeRunning storage pointerfunctiongetExecutionState() internalpurereturns (ExecuteState storage executeRunning) {
assembly {
executeRunning.slot:= EXECUTE_RUNNING
}
}
/// @notice Gets the callback handler storage pointer/// @return handler storage pointerfunctiongetCallbackHandler() internalpurereturns (CallbackHandler storage handler) {
assembly {
handler.slot:= CALLBACK_HANDLER
}
}
/// @notice Gets the dependency balance graph storage pointer/// @return dependencyBalanceGraph storage pointerfunctiongetDependencyBalanceGraph() internalpurereturns (DependencyBalanceGraph storage dependencyBalanceGraph) {
assembly {
dependencyBalanceGraph.slot:= DEPENDENCY_BALANCE_GRAPH
}
}
/// @notice Gets the market total assets storage pointer/// @return marketTotalAssets storage pointerfunctiongetMarketTotalAssets() internalpurereturns (MarketTotalAssets storage marketTotalAssets) {
assembly {
marketTotalAssets.slot:= PLASMA_VAULT_TOTAL_ASSETS_IN_MARKET
}
}
/// @notice Gets the market substrates storage pointer/// @return marketSubstrates storage pointerfunctiongetMarketSubstrates() internalpurereturns (MarketSubstrates storage marketSubstrates) {
assembly {
marketSubstrates.slot:= CFG_PLASMA_VAULT_MARKET_SUBSTRATES
}
}
/// @notice Gets the balance fuses storage pointer/// @return balanceFuses storage pointerfunctiongetBalanceFuses() internalpurereturns (BalanceFuses storage balanceFuses) {
assembly {
balanceFuses.slot:= CFG_PLASMA_VAULT_BALANCE_FUSES
}
}
/// @notice Gets the instant withdrawal fuses storage pointer/// @return instantWithdrawalFuses storage pointerfunctiongetInstantWithdrawalFusesArray()
internalpurereturns (InstantWithdrawalFuses storage instantWithdrawalFuses)
{
assembly {
instantWithdrawalFuses.slot:= CFG_PLASMA_VAULT_INSTANT_WITHDRAWAL_FUSES_ARRAY
}
}
/// @notice Gets the instant withdrawal fuses params storage pointer/// @return instantWithdrawalFusesParams storage pointerfunctiongetInstantWithdrawalFusesParams()
internalpurereturns (InstantWithdrawalFusesParams storage instantWithdrawalFusesParams)
{
assembly {
instantWithdrawalFusesParams.slot:= CFG_PLASMA_VAULT_INSTANT_WITHDRAWAL_FUSES_PARAMS
}
}
/// @notice Gets the PriceOracleMiddleware storage pointer/// @return oracle storage pointerfunctiongetPriceOracleMiddleware() internalpurereturns (PriceOracleMiddleware storage oracle) {
assembly {
oracle.slot:= PRICE_ORACLE_MIDDLEWARE
}
}
/// @notice Gets performance fee config storage pointer/// @return performanceFeeData storage pointerfunctiongetPerformanceFeeData() internalpurereturns (PerformanceFeeData storage performanceFeeData) {
assembly {
performanceFeeData.slot:= PLASMA_VAULT_PERFORMANCE_FEE_DATA
}
}
/// @notice Gets management fee config storage pointer/// @return managementFeeData storage pointerfunctiongetManagementFeeData() internalpurereturns (ManagementFeeData storage managementFeeData) {
assembly {
managementFeeData.slot:= PLASMA_VAULT_MANAGEMENT_FEE_DATA
}
}
/// @notice Gets the Rewards Claim Manager address storage pointer/// @return rewardsClaimManagerAddress storage pointerfunctiongetRewardsClaimManagerAddress()
internalpurereturns (RewardsClaimManagerAddress storage rewardsClaimManagerAddress)
{
assembly {
rewardsClaimManagerAddress.slot:= REWARDS_CLAIM_MANAGER_ADDRESS
}
}
/// @notice Gets the MarketLimits storage pointer/// @return marketLimits storage pointerfunctiongetMarketsLimits() internalpurereturns (MarketLimits storage marketLimits) {
assembly {
marketLimits.slot:= MARKET_LIMITS
}
}
/// @notice Gets the WithdrawManager storage pointer/// @return withdrawManager storage pointerfunctiongetWithdrawManager() internalpurereturns (WithdrawManager storage withdrawManager) {
assembly {
withdrawManager.slot:= WITHDRAW_MANAGER
}
}
}
Contract Source Code
File 45 of 54: RedemptionDelayLib.sol
// SPDX-License-Identifier: BUSL-1.1pragmasolidity 0.8.26;import {PlasmaVault} from"../../vaults/PlasmaVault.sol";
import {IporFusionAccessManagersStorageLib} from"./IporFusionAccessManagersStorageLib.sol";
bytes4constant DEPOSIT_SELECTOR = PlasmaVault.deposit.selector;
bytes4constant DEPOSIT_WITH_PERMIT_SELECTOR = PlasmaVault.depositWithPermit.selector;
bytes4constant MINT_SELECTOR = PlasmaVault.mint.selector;
bytes4constant WITHDRAW_SELECTOR = PlasmaVault.withdraw.selector;
bytes4constant REDEEM_SELECTOR = PlasmaVault.redeem.selector;
/// @title Library for the redemption delay responsible for locking accounts for withdraw and redeem functions after deposit or mint functions.libraryRedemptionDelayLib{
errorAccountIsLocked(uint256 unlockTime);
/// @notice Get the account lock time for a redemption function (withdraw, redeem)/// @param account_ The account to check the lock time/// @return The lock time in seconds/// @dev The lock time is the time the account is locked for withdraw and redeem functions after deposit or mint functionsfunctiongetAccountLockTime(address account_) internalviewreturns (uint256) {
return IporFusionAccessManagersStorageLib.getRedemptionLocks().redemptionLock[account_];
}
/// @notice Check if account is locked for a specific function (correlation withdraw, redeem functions to deposit, mint functions)/// @dev When deposit or mint functions are called, the account is locked for withdraw and redeem functions for a specific time defined by the redemption delay.functionlockChecks(address account_, bytes4 sig_) internal{
if (sig_ == WITHDRAW_SELECTOR || sig_ == REDEEM_SELECTOR) {
uint256 unlockTime = IporFusionAccessManagersStorageLib.getRedemptionLocks().redemptionLock[account_];
if (unlockTime >block.timestamp) {
revert AccountIsLocked(unlockTime);
}
} elseif (sig_ == DEPOSIT_SELECTOR || sig_ == MINT_SELECTOR || sig_ == DEPOSIT_WITH_PERMIT_SELECTOR) {
IporFusionAccessManagersStorageLib.setRedemptionLocks(account_);
}
}
}
Contract Source Code
File 46 of 54: ReentrancyGuardUpgradeable.sol
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.0) (utils/ReentrancyGuard.sol)pragmasolidity ^0.8.20;import {Initializable} from"../proxy/utils/Initializable.sol";
/**
* @dev Contract module that helps prevent reentrant calls to a function.
*
* Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier
* available, which can be applied to functions to make sure there are no nested
* (reentrant) calls to them.
*
* Note that because there is a single `nonReentrant` guard, functions marked as
* `nonReentrant` may not call one another. This can be worked around by making
* those functions `private`, and then adding `external` `nonReentrant` entry
* points to them.
*
* TIP: If you would like to learn more about reentrancy and alternative ways
* to protect against it, check out our blog post
* https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul].
*/abstractcontractReentrancyGuardUpgradeableisInitializable{
// Booleans are more expensive than uint256 or any type that takes up a full// word because each write operation emits an extra SLOAD to first read the// slot's contents, replace the bits taken up by the boolean, and then write// back. This is the compiler's defense against contract upgrades and// pointer aliasing, and it cannot be disabled.// The values being non-zero value makes deployment a bit more expensive,// but in exchange the refund on every call to nonReentrant will be lower in// amount. Since refunds are capped to a percentage of the total// transaction's gas, it is best to keep them low in cases like this one, to// increase the likelihood of the full refund coming into effect.uint256privateconstant NOT_ENTERED =1;
uint256privateconstant ENTERED =2;
/// @custom:storage-location erc7201:openzeppelin.storage.ReentrancyGuardstructReentrancyGuardStorage {
uint256 _status;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.ReentrancyGuard")) - 1)) & ~bytes32(uint256(0xff))bytes32privateconstant ReentrancyGuardStorageLocation =0x9b779b17422d0df92223018b32b4d1fa46e071723d6817e2486d003becc55f00;
function_getReentrancyGuardStorage() privatepurereturns (ReentrancyGuardStorage storage $) {
assembly {
$.slot:= ReentrancyGuardStorageLocation
}
}
/**
* @dev Unauthorized reentrant call.
*/errorReentrancyGuardReentrantCall();
function__ReentrancyGuard_init() internalonlyInitializing{
__ReentrancyGuard_init_unchained();
}
function__ReentrancyGuard_init_unchained() internalonlyInitializing{
ReentrancyGuardStorage storage $ = _getReentrancyGuardStorage();
$._status = NOT_ENTERED;
}
/**
* @dev Prevents a contract from calling itself, directly or indirectly.
* Calling a `nonReentrant` function from another `nonReentrant`
* function is not supported. It is possible to prevent this from happening
* by making the `nonReentrant` function external, and making it call a
* `private` function that does the actual work.
*/modifiernonReentrant() {
_nonReentrantBefore();
_;
_nonReentrantAfter();
}
function_nonReentrantBefore() private{
ReentrancyGuardStorage storage $ = _getReentrancyGuardStorage();
// On the first call to nonReentrant, _status will be NOT_ENTEREDif ($._status == ENTERED) {
revert ReentrancyGuardReentrantCall();
}
// Any calls to nonReentrant after this point will fail
$._status = ENTERED;
}
function_nonReentrantAfter() private{
ReentrancyGuardStorage storage $ = _getReentrancyGuardStorage();
// By storing the original value once again, a refund is triggered (see// https://eips.ethereum.org/EIPS/eip-2200)
$._status = NOT_ENTERED;
}
/**
* @dev Returns true if the reentrancy guard is currently set to "entered", which indicates there is a
* `nonReentrant` function in the call stack.
*/function_reentrancyGuardEntered() internalviewreturns (bool) {
ReentrancyGuardStorage storage $ = _getReentrancyGuardStorage();
return $._status == ENTERED;
}
}
Contract Source Code
File 47 of 54: RoleExecutionTimelockLib.sol
// SPDX-License-Identifier: BUSL-1.1pragmasolidity 0.8.26;import {IporFusionAccessManagersStorageLib} from"./IporFusionAccessManagersStorageLib.sol";
/// @title Library for the role execution timelock responsible for timelocking actions for a given rolelibraryRoleExecutionTimelockLib{
eventMinimalExecutionDelayForRoleUpdated(uint64 roleId, uint256 delay);
/// @notice Gets the minimal execution delay for a role. When value is higher than 0, it means that actions for a given role have a timelock./// @param roleId_ The role ID/// @return The minimal execution delay in secondsfunctiongetMinimalExecutionDelayForRole(uint64 roleId_) internalviewreturns (uint256) {
return IporFusionAccessManagersStorageLib.getMinimalExecutionDelayForRole().delays[roleId_];
}
/// @notice Sets the minimal execution delays for roles. The delays are used to timelock actions for a given role./// @param roleIds_ The roles for which the minimal execution delay is set/// @param delays_ The minimal execution delays for the specified rolesfunctionsetMinimalExecutionDelaysForRoles(uint64[] memory roleIds_, uint256[] memory delays_) internal{
uint256 length = roleIds_.length;
for (uint256 i; i < length; ++i) {
IporFusionAccessManagersStorageLib.getMinimalExecutionDelayForRole().delays[roleIds_[i]] = delays_[i];
emit MinimalExecutionDelayForRoleUpdated(roleIds_[i], delays_[i]);
}
}
}
Contract Source Code
File 48 of 54: Roles.sol
// SPDX-License-Identifier: BUSL-1.1pragmasolidity 0.8.26;/// @title Predefined roles used in the IPOR Fusion protocol/// @notice For documentation purposes: When new roles are added by authorized property of PlasmaVault during runtime, they should be added and described here as well.libraryRoles{
/// @notice Account with this role has rights to manage the IporFusionAccessManager in general. The highest role, which could manage all roles including ADMIN_ROLE and OWNER_ROLE. It recommended to use MultiSig contract for this role./// @dev Managed by the Admin, the highest role from AccessManageruint64publicconstant ADMIN_ROLE =0;
/// @notice Account with this role has rights to manage Owners, Guardians, Atomists. It recommended to use MultiSig contract for this role./// @dev Managed by the Owner, if applicable managed by the Adminuint64publicconstant OWNER_ROLE =1;
/// @notice Account with this role has rights to cancel time-locked operations, pause restricted methods in PlasmaVault contracts in case of emergency/// @dev Managed by the Owneruint64publicconstant GUARDIAN_ROLE =2;
/// @notice Technical role to limited access to method only from the PlasmaVault contract/// @dev Managed only on bootstrap, this value could not be change after initializationuint64publicconstant TECH_PLASMA_VAULT_ROLE =3;
/// @notice Technical role to limited access to method only from the PlasmaVault contract/// @dev Managed only on bootstrap, this value could not be change after initializationuint64publicconstant IPOR_DAO_ROLE =4;
/// @notice Account with this role has rights to manage the PlasmaVault. It recommended to use MultiSig contract for this role./// @dev Managed by Owneruint64publicconstant ATOMIST_ROLE =100;
/// @notice Account with this role has rights to execute the alpha strategy on the PlasmaVault using execute method./// @dev Managed by the Atomistuint64publicconstant ALPHA_ROLE =200;
/// @notice Account with this role has rights to manage the FuseManager contract, add or remove fuses, balance fuses and reward fuses/// @dev Managed by the Atomistuint64publicconstant FUSE_MANAGER_ROLE =300;
/// @notice Technical role for the FeeManager. Account with this role has rights to manage the performance fee, define the performance fee rate and manage the performance fee recipient/// @dev Managed by itself the Performance Fee Manageruint64publicconstant TECH_PERFORMANCE_FEE_MANAGER_ROLE =400;
/// @notice Technical role for the FeeManager. Account with this role has rights to manage the management fee, define the management fee rate and manage the management fee recipient/// @dev Managed by itself the Management Fee Manageruint64publicconstant TECH_MANAGEMENT_FEE_MANAGER_ROLE =500;
/// @notice Account with this role has rights to claim rewards from the PlasmaVault using and interacting with the RewardsClaimManager contract/// @dev Managed by the Atomistuint64publicconstant CLAIM_REWARDS_ROLE =600;
/// @notice Technical role for the RewardsClaimManager contract. Account with this role has rights to claim rewards from the PlasmaVault/// @dev Could be assigned only on bootstrap, this value could not be change after initializationuint64publicconstant TECH_REWARDS_CLAIM_MANAGER_ROLE =601;
/// @notice Account with this role has rights to transfer rewards from the PlasmaVault to the RewardsClaimManager/// @dev Managed by the Atomistuint64publicconstant TRANSFER_REWARDS_ROLE =700;
/// @notice Account with this role has rights to deposit / mint and withdraw / redeem assets from the PlasmaVault/// @dev Managed by the Atomistuint64publicconstant WHITELIST_ROLE =800;
/// @notice Account with this role has rights to configure instant withdrawal fuses order./// @dev Managed by the Atomistuint64publicconstant CONFIG_INSTANT_WITHDRAWAL_FUSES_ROLE =900;
/// @notice Public role, no restrictionsuint64publicconstant PUBLIC_ROLE =type(uint64).max;
}
Contract Source Code
File 49 of 54: SafeCast.sol
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.0) (utils/math/SafeCast.sol)// This file was procedurally generated from scripts/generate/templates/SafeCast.js.pragmasolidity ^0.8.20;/**
* @dev Wrappers over Solidity's uintXX/intXX casting operators with added overflow
* checks.
*
* Downcasting from uint256/int256 in Solidity does not revert on overflow. This can
* easily result in undesired exploitation or bugs, since developers usually
* assume that overflows raise errors. `SafeCast` restores this intuition by
* reverting the transaction when such an operation overflows.
*
* Using this library instead of the unchecked operations eliminates an entire
* class of bugs, so it's recommended to use it always.
*/librarySafeCast{
/**
* @dev Value doesn't fit in an uint of `bits` size.
*/errorSafeCastOverflowedUintDowncast(uint8 bits, uint256 value);
/**
* @dev An int value doesn't fit in an uint of `bits` size.
*/errorSafeCastOverflowedIntToUint(int256 value);
/**
* @dev Value doesn't fit in an int of `bits` size.
*/errorSafeCastOverflowedIntDowncast(uint8 bits, int256 value);
/**
* @dev An uint value doesn't fit in an int of `bits` size.
*/errorSafeCastOverflowedUintToInt(uint256 value);
/**
* @dev Returns the downcasted uint248 from uint256, reverting on
* overflow (when the input is greater than largest uint248).
*
* Counterpart to Solidity's `uint248` operator.
*
* Requirements:
*
* - input must fit into 248 bits
*/functiontoUint248(uint256 value) internalpurereturns (uint248) {
if (value >type(uint248).max) {
revert SafeCastOverflowedUintDowncast(248, value);
}
returnuint248(value);
}
/**
* @dev Returns the downcasted uint240 from uint256, reverting on
* overflow (when the input is greater than largest uint240).
*
* Counterpart to Solidity's `uint240` operator.
*
* Requirements:
*
* - input must fit into 240 bits
*/functiontoUint240(uint256 value) internalpurereturns (uint240) {
if (value >type(uint240).max) {
revert SafeCastOverflowedUintDowncast(240, value);
}
returnuint240(value);
}
/**
* @dev Returns the downcasted uint232 from uint256, reverting on
* overflow (when the input is greater than largest uint232).
*
* Counterpart to Solidity's `uint232` operator.
*
* Requirements:
*
* - input must fit into 232 bits
*/functiontoUint232(uint256 value) internalpurereturns (uint232) {
if (value >type(uint232).max) {
revert SafeCastOverflowedUintDowncast(232, value);
}
returnuint232(value);
}
/**
* @dev Returns the downcasted uint224 from uint256, reverting on
* overflow (when the input is greater than largest uint224).
*
* Counterpart to Solidity's `uint224` operator.
*
* Requirements:
*
* - input must fit into 224 bits
*/functiontoUint224(uint256 value) internalpurereturns (uint224) {
if (value >type(uint224).max) {
revert SafeCastOverflowedUintDowncast(224, value);
}
returnuint224(value);
}
/**
* @dev Returns the downcasted uint216 from uint256, reverting on
* overflow (when the input is greater than largest uint216).
*
* Counterpart to Solidity's `uint216` operator.
*
* Requirements:
*
* - input must fit into 216 bits
*/functiontoUint216(uint256 value) internalpurereturns (uint216) {
if (value >type(uint216).max) {
revert SafeCastOverflowedUintDowncast(216, value);
}
returnuint216(value);
}
/**
* @dev Returns the downcasted uint208 from uint256, reverting on
* overflow (when the input is greater than largest uint208).
*
* Counterpart to Solidity's `uint208` operator.
*
* Requirements:
*
* - input must fit into 208 bits
*/functiontoUint208(uint256 value) internalpurereturns (uint208) {
if (value >type(uint208).max) {
revert SafeCastOverflowedUintDowncast(208, value);
}
returnuint208(value);
}
/**
* @dev Returns the downcasted uint200 from uint256, reverting on
* overflow (when the input is greater than largest uint200).
*
* Counterpart to Solidity's `uint200` operator.
*
* Requirements:
*
* - input must fit into 200 bits
*/functiontoUint200(uint256 value) internalpurereturns (uint200) {
if (value >type(uint200).max) {
revert SafeCastOverflowedUintDowncast(200, value);
}
returnuint200(value);
}
/**
* @dev Returns the downcasted uint192 from uint256, reverting on
* overflow (when the input is greater than largest uint192).
*
* Counterpart to Solidity's `uint192` operator.
*
* Requirements:
*
* - input must fit into 192 bits
*/functiontoUint192(uint256 value) internalpurereturns (uint192) {
if (value >type(uint192).max) {
revert SafeCastOverflowedUintDowncast(192, value);
}
returnuint192(value);
}
/**
* @dev Returns the downcasted uint184 from uint256, reverting on
* overflow (when the input is greater than largest uint184).
*
* Counterpart to Solidity's `uint184` operator.
*
* Requirements:
*
* - input must fit into 184 bits
*/functiontoUint184(uint256 value) internalpurereturns (uint184) {
if (value >type(uint184).max) {
revert SafeCastOverflowedUintDowncast(184, value);
}
returnuint184(value);
}
/**
* @dev Returns the downcasted uint176 from uint256, reverting on
* overflow (when the input is greater than largest uint176).
*
* Counterpart to Solidity's `uint176` operator.
*
* Requirements:
*
* - input must fit into 176 bits
*/functiontoUint176(uint256 value) internalpurereturns (uint176) {
if (value >type(uint176).max) {
revert SafeCastOverflowedUintDowncast(176, value);
}
returnuint176(value);
}
/**
* @dev Returns the downcasted uint168 from uint256, reverting on
* overflow (when the input is greater than largest uint168).
*
* Counterpart to Solidity's `uint168` operator.
*
* Requirements:
*
* - input must fit into 168 bits
*/functiontoUint168(uint256 value) internalpurereturns (uint168) {
if (value >type(uint168).max) {
revert SafeCastOverflowedUintDowncast(168, value);
}
returnuint168(value);
}
/**
* @dev Returns the downcasted uint160 from uint256, reverting on
* overflow (when the input is greater than largest uint160).
*
* Counterpart to Solidity's `uint160` operator.
*
* Requirements:
*
* - input must fit into 160 bits
*/functiontoUint160(uint256 value) internalpurereturns (uint160) {
if (value >type(uint160).max) {
revert SafeCastOverflowedUintDowncast(160, value);
}
returnuint160(value);
}
/**
* @dev Returns the downcasted uint152 from uint256, reverting on
* overflow (when the input is greater than largest uint152).
*
* Counterpart to Solidity's `uint152` operator.
*
* Requirements:
*
* - input must fit into 152 bits
*/functiontoUint152(uint256 value) internalpurereturns (uint152) {
if (value >type(uint152).max) {
revert SafeCastOverflowedUintDowncast(152, value);
}
returnuint152(value);
}
/**
* @dev Returns the downcasted uint144 from uint256, reverting on
* overflow (when the input is greater than largest uint144).
*
* Counterpart to Solidity's `uint144` operator.
*
* Requirements:
*
* - input must fit into 144 bits
*/functiontoUint144(uint256 value) internalpurereturns (uint144) {
if (value >type(uint144).max) {
revert SafeCastOverflowedUintDowncast(144, value);
}
returnuint144(value);
}
/**
* @dev Returns the downcasted uint136 from uint256, reverting on
* overflow (when the input is greater than largest uint136).
*
* Counterpart to Solidity's `uint136` operator.
*
* Requirements:
*
* - input must fit into 136 bits
*/functiontoUint136(uint256 value) internalpurereturns (uint136) {
if (value >type(uint136).max) {
revert SafeCastOverflowedUintDowncast(136, value);
}
returnuint136(value);
}
/**
* @dev Returns the downcasted uint128 from uint256, reverting on
* overflow (when the input is greater than largest uint128).
*
* Counterpart to Solidity's `uint128` operator.
*
* Requirements:
*
* - input must fit into 128 bits
*/functiontoUint128(uint256 value) internalpurereturns (uint128) {
if (value >type(uint128).max) {
revert SafeCastOverflowedUintDowncast(128, value);
}
returnuint128(value);
}
/**
* @dev Returns the downcasted uint120 from uint256, reverting on
* overflow (when the input is greater than largest uint120).
*
* Counterpart to Solidity's `uint120` operator.
*
* Requirements:
*
* - input must fit into 120 bits
*/functiontoUint120(uint256 value) internalpurereturns (uint120) {
if (value >type(uint120).max) {
revert SafeCastOverflowedUintDowncast(120, value);
}
returnuint120(value);
}
/**
* @dev Returns the downcasted uint112 from uint256, reverting on
* overflow (when the input is greater than largest uint112).
*
* Counterpart to Solidity's `uint112` operator.
*
* Requirements:
*
* - input must fit into 112 bits
*/functiontoUint112(uint256 value) internalpurereturns (uint112) {
if (value >type(uint112).max) {
revert SafeCastOverflowedUintDowncast(112, value);
}
returnuint112(value);
}
/**
* @dev Returns the downcasted uint104 from uint256, reverting on
* overflow (when the input is greater than largest uint104).
*
* Counterpart to Solidity's `uint104` operator.
*
* Requirements:
*
* - input must fit into 104 bits
*/functiontoUint104(uint256 value) internalpurereturns (uint104) {
if (value >type(uint104).max) {
revert SafeCastOverflowedUintDowncast(104, value);
}
returnuint104(value);
}
/**
* @dev Returns the downcasted uint96 from uint256, reverting on
* overflow (when the input is greater than largest uint96).
*
* Counterpart to Solidity's `uint96` operator.
*
* Requirements:
*
* - input must fit into 96 bits
*/functiontoUint96(uint256 value) internalpurereturns (uint96) {
if (value >type(uint96).max) {
revert SafeCastOverflowedUintDowncast(96, value);
}
returnuint96(value);
}
/**
* @dev Returns the downcasted uint88 from uint256, reverting on
* overflow (when the input is greater than largest uint88).
*
* Counterpart to Solidity's `uint88` operator.
*
* Requirements:
*
* - input must fit into 88 bits
*/functiontoUint88(uint256 value) internalpurereturns (uint88) {
if (value >type(uint88).max) {
revert SafeCastOverflowedUintDowncast(88, value);
}
returnuint88(value);
}
/**
* @dev Returns the downcasted uint80 from uint256, reverting on
* overflow (when the input is greater than largest uint80).
*
* Counterpart to Solidity's `uint80` operator.
*
* Requirements:
*
* - input must fit into 80 bits
*/functiontoUint80(uint256 value) internalpurereturns (uint80) {
if (value >type(uint80).max) {
revert SafeCastOverflowedUintDowncast(80, value);
}
returnuint80(value);
}
/**
* @dev Returns the downcasted uint72 from uint256, reverting on
* overflow (when the input is greater than largest uint72).
*
* Counterpart to Solidity's `uint72` operator.
*
* Requirements:
*
* - input must fit into 72 bits
*/functiontoUint72(uint256 value) internalpurereturns (uint72) {
if (value >type(uint72).max) {
revert SafeCastOverflowedUintDowncast(72, value);
}
returnuint72(value);
}
/**
* @dev Returns the downcasted uint64 from uint256, reverting on
* overflow (when the input is greater than largest uint64).
*
* Counterpart to Solidity's `uint64` operator.
*
* Requirements:
*
* - input must fit into 64 bits
*/functiontoUint64(uint256 value) internalpurereturns (uint64) {
if (value >type(uint64).max) {
revert SafeCastOverflowedUintDowncast(64, value);
}
returnuint64(value);
}
/**
* @dev Returns the downcasted uint56 from uint256, reverting on
* overflow (when the input is greater than largest uint56).
*
* Counterpart to Solidity's `uint56` operator.
*
* Requirements:
*
* - input must fit into 56 bits
*/functiontoUint56(uint256 value) internalpurereturns (uint56) {
if (value >type(uint56).max) {
revert SafeCastOverflowedUintDowncast(56, value);
}
returnuint56(value);
}
/**
* @dev Returns the downcasted uint48 from uint256, reverting on
* overflow (when the input is greater than largest uint48).
*
* Counterpart to Solidity's `uint48` operator.
*
* Requirements:
*
* - input must fit into 48 bits
*/functiontoUint48(uint256 value) internalpurereturns (uint48) {
if (value >type(uint48).max) {
revert SafeCastOverflowedUintDowncast(48, value);
}
returnuint48(value);
}
/**
* @dev Returns the downcasted uint40 from uint256, reverting on
* overflow (when the input is greater than largest uint40).
*
* Counterpart to Solidity's `uint40` operator.
*
* Requirements:
*
* - input must fit into 40 bits
*/functiontoUint40(uint256 value) internalpurereturns (uint40) {
if (value >type(uint40).max) {
revert SafeCastOverflowedUintDowncast(40, value);
}
returnuint40(value);
}
/**
* @dev Returns the downcasted uint32 from uint256, reverting on
* overflow (when the input is greater than largest uint32).
*
* Counterpart to Solidity's `uint32` operator.
*
* Requirements:
*
* - input must fit into 32 bits
*/functiontoUint32(uint256 value) internalpurereturns (uint32) {
if (value >type(uint32).max) {
revert SafeCastOverflowedUintDowncast(32, value);
}
returnuint32(value);
}
/**
* @dev Returns the downcasted uint24 from uint256, reverting on
* overflow (when the input is greater than largest uint24).
*
* Counterpart to Solidity's `uint24` operator.
*
* Requirements:
*
* - input must fit into 24 bits
*/functiontoUint24(uint256 value) internalpurereturns (uint24) {
if (value >type(uint24).max) {
revert SafeCastOverflowedUintDowncast(24, value);
}
returnuint24(value);
}
/**
* @dev Returns the downcasted uint16 from uint256, reverting on
* overflow (when the input is greater than largest uint16).
*
* Counterpart to Solidity's `uint16` operator.
*
* Requirements:
*
* - input must fit into 16 bits
*/functiontoUint16(uint256 value) internalpurereturns (uint16) {
if (value >type(uint16).max) {
revert SafeCastOverflowedUintDowncast(16, value);
}
returnuint16(value);
}
/**
* @dev Returns the downcasted uint8 from uint256, reverting on
* overflow (when the input is greater than largest uint8).
*
* Counterpart to Solidity's `uint8` operator.
*
* Requirements:
*
* - input must fit into 8 bits
*/functiontoUint8(uint256 value) internalpurereturns (uint8) {
if (value >type(uint8).max) {
revert SafeCastOverflowedUintDowncast(8, value);
}
returnuint8(value);
}
/**
* @dev Converts a signed int256 into an unsigned uint256.
*
* Requirements:
*
* - input must be greater than or equal to 0.
*/functiontoUint256(int256 value) internalpurereturns (uint256) {
if (value <0) {
revert SafeCastOverflowedIntToUint(value);
}
returnuint256(value);
}
/**
* @dev Returns the downcasted int248 from int256, reverting on
* overflow (when the input is less than smallest int248 or
* greater than largest int248).
*
* Counterpart to Solidity's `int248` operator.
*
* Requirements:
*
* - input must fit into 248 bits
*/functiontoInt248(int256 value) internalpurereturns (int248 downcasted) {
downcasted =int248(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(248, value);
}
}
/**
* @dev Returns the downcasted int240 from int256, reverting on
* overflow (when the input is less than smallest int240 or
* greater than largest int240).
*
* Counterpart to Solidity's `int240` operator.
*
* Requirements:
*
* - input must fit into 240 bits
*/functiontoInt240(int256 value) internalpurereturns (int240 downcasted) {
downcasted =int240(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(240, value);
}
}
/**
* @dev Returns the downcasted int232 from int256, reverting on
* overflow (when the input is less than smallest int232 or
* greater than largest int232).
*
* Counterpart to Solidity's `int232` operator.
*
* Requirements:
*
* - input must fit into 232 bits
*/functiontoInt232(int256 value) internalpurereturns (int232 downcasted) {
downcasted =int232(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(232, value);
}
}
/**
* @dev Returns the downcasted int224 from int256, reverting on
* overflow (when the input is less than smallest int224 or
* greater than largest int224).
*
* Counterpart to Solidity's `int224` operator.
*
* Requirements:
*
* - input must fit into 224 bits
*/functiontoInt224(int256 value) internalpurereturns (int224 downcasted) {
downcasted =int224(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(224, value);
}
}
/**
* @dev Returns the downcasted int216 from int256, reverting on
* overflow (when the input is less than smallest int216 or
* greater than largest int216).
*
* Counterpart to Solidity's `int216` operator.
*
* Requirements:
*
* - input must fit into 216 bits
*/functiontoInt216(int256 value) internalpurereturns (int216 downcasted) {
downcasted =int216(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(216, value);
}
}
/**
* @dev Returns the downcasted int208 from int256, reverting on
* overflow (when the input is less than smallest int208 or
* greater than largest int208).
*
* Counterpart to Solidity's `int208` operator.
*
* Requirements:
*
* - input must fit into 208 bits
*/functiontoInt208(int256 value) internalpurereturns (int208 downcasted) {
downcasted =int208(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(208, value);
}
}
/**
* @dev Returns the downcasted int200 from int256, reverting on
* overflow (when the input is less than smallest int200 or
* greater than largest int200).
*
* Counterpart to Solidity's `int200` operator.
*
* Requirements:
*
* - input must fit into 200 bits
*/functiontoInt200(int256 value) internalpurereturns (int200 downcasted) {
downcasted =int200(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(200, value);
}
}
/**
* @dev Returns the downcasted int192 from int256, reverting on
* overflow (when the input is less than smallest int192 or
* greater than largest int192).
*
* Counterpart to Solidity's `int192` operator.
*
* Requirements:
*
* - input must fit into 192 bits
*/functiontoInt192(int256 value) internalpurereturns (int192 downcasted) {
downcasted =int192(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(192, value);
}
}
/**
* @dev Returns the downcasted int184 from int256, reverting on
* overflow (when the input is less than smallest int184 or
* greater than largest int184).
*
* Counterpart to Solidity's `int184` operator.
*
* Requirements:
*
* - input must fit into 184 bits
*/functiontoInt184(int256 value) internalpurereturns (int184 downcasted) {
downcasted =int184(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(184, value);
}
}
/**
* @dev Returns the downcasted int176 from int256, reverting on
* overflow (when the input is less than smallest int176 or
* greater than largest int176).
*
* Counterpart to Solidity's `int176` operator.
*
* Requirements:
*
* - input must fit into 176 bits
*/functiontoInt176(int256 value) internalpurereturns (int176 downcasted) {
downcasted =int176(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(176, value);
}
}
/**
* @dev Returns the downcasted int168 from int256, reverting on
* overflow (when the input is less than smallest int168 or
* greater than largest int168).
*
* Counterpart to Solidity's `int168` operator.
*
* Requirements:
*
* - input must fit into 168 bits
*/functiontoInt168(int256 value) internalpurereturns (int168 downcasted) {
downcasted =int168(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(168, value);
}
}
/**
* @dev Returns the downcasted int160 from int256, reverting on
* overflow (when the input is less than smallest int160 or
* greater than largest int160).
*
* Counterpart to Solidity's `int160` operator.
*
* Requirements:
*
* - input must fit into 160 bits
*/functiontoInt160(int256 value) internalpurereturns (int160 downcasted) {
downcasted =int160(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(160, value);
}
}
/**
* @dev Returns the downcasted int152 from int256, reverting on
* overflow (when the input is less than smallest int152 or
* greater than largest int152).
*
* Counterpart to Solidity's `int152` operator.
*
* Requirements:
*
* - input must fit into 152 bits
*/functiontoInt152(int256 value) internalpurereturns (int152 downcasted) {
downcasted =int152(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(152, value);
}
}
/**
* @dev Returns the downcasted int144 from int256, reverting on
* overflow (when the input is less than smallest int144 or
* greater than largest int144).
*
* Counterpart to Solidity's `int144` operator.
*
* Requirements:
*
* - input must fit into 144 bits
*/functiontoInt144(int256 value) internalpurereturns (int144 downcasted) {
downcasted =int144(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(144, value);
}
}
/**
* @dev Returns the downcasted int136 from int256, reverting on
* overflow (when the input is less than smallest int136 or
* greater than largest int136).
*
* Counterpart to Solidity's `int136` operator.
*
* Requirements:
*
* - input must fit into 136 bits
*/functiontoInt136(int256 value) internalpurereturns (int136 downcasted) {
downcasted =int136(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(136, value);
}
}
/**
* @dev Returns the downcasted int128 from int256, reverting on
* overflow (when the input is less than smallest int128 or
* greater than largest int128).
*
* Counterpart to Solidity's `int128` operator.
*
* Requirements:
*
* - input must fit into 128 bits
*/functiontoInt128(int256 value) internalpurereturns (int128 downcasted) {
downcasted =int128(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(128, value);
}
}
/**
* @dev Returns the downcasted int120 from int256, reverting on
* overflow (when the input is less than smallest int120 or
* greater than largest int120).
*
* Counterpart to Solidity's `int120` operator.
*
* Requirements:
*
* - input must fit into 120 bits
*/functiontoInt120(int256 value) internalpurereturns (int120 downcasted) {
downcasted =int120(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(120, value);
}
}
/**
* @dev Returns the downcasted int112 from int256, reverting on
* overflow (when the input is less than smallest int112 or
* greater than largest int112).
*
* Counterpart to Solidity's `int112` operator.
*
* Requirements:
*
* - input must fit into 112 bits
*/functiontoInt112(int256 value) internalpurereturns (int112 downcasted) {
downcasted =int112(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(112, value);
}
}
/**
* @dev Returns the downcasted int104 from int256, reverting on
* overflow (when the input is less than smallest int104 or
* greater than largest int104).
*
* Counterpart to Solidity's `int104` operator.
*
* Requirements:
*
* - input must fit into 104 bits
*/functiontoInt104(int256 value) internalpurereturns (int104 downcasted) {
downcasted =int104(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(104, value);
}
}
/**
* @dev Returns the downcasted int96 from int256, reverting on
* overflow (when the input is less than smallest int96 or
* greater than largest int96).
*
* Counterpart to Solidity's `int96` operator.
*
* Requirements:
*
* - input must fit into 96 bits
*/functiontoInt96(int256 value) internalpurereturns (int96 downcasted) {
downcasted =int96(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(96, value);
}
}
/**
* @dev Returns the downcasted int88 from int256, reverting on
* overflow (when the input is less than smallest int88 or
* greater than largest int88).
*
* Counterpart to Solidity's `int88` operator.
*
* Requirements:
*
* - input must fit into 88 bits
*/functiontoInt88(int256 value) internalpurereturns (int88 downcasted) {
downcasted =int88(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(88, value);
}
}
/**
* @dev Returns the downcasted int80 from int256, reverting on
* overflow (when the input is less than smallest int80 or
* greater than largest int80).
*
* Counterpart to Solidity's `int80` operator.
*
* Requirements:
*
* - input must fit into 80 bits
*/functiontoInt80(int256 value) internalpurereturns (int80 downcasted) {
downcasted =int80(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(80, value);
}
}
/**
* @dev Returns the downcasted int72 from int256, reverting on
* overflow (when the input is less than smallest int72 or
* greater than largest int72).
*
* Counterpart to Solidity's `int72` operator.
*
* Requirements:
*
* - input must fit into 72 bits
*/functiontoInt72(int256 value) internalpurereturns (int72 downcasted) {
downcasted =int72(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(72, value);
}
}
/**
* @dev Returns the downcasted int64 from int256, reverting on
* overflow (when the input is less than smallest int64 or
* greater than largest int64).
*
* Counterpart to Solidity's `int64` operator.
*
* Requirements:
*
* - input must fit into 64 bits
*/functiontoInt64(int256 value) internalpurereturns (int64 downcasted) {
downcasted =int64(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(64, value);
}
}
/**
* @dev Returns the downcasted int56 from int256, reverting on
* overflow (when the input is less than smallest int56 or
* greater than largest int56).
*
* Counterpart to Solidity's `int56` operator.
*
* Requirements:
*
* - input must fit into 56 bits
*/functiontoInt56(int256 value) internalpurereturns (int56 downcasted) {
downcasted =int56(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(56, value);
}
}
/**
* @dev Returns the downcasted int48 from int256, reverting on
* overflow (when the input is less than smallest int48 or
* greater than largest int48).
*
* Counterpart to Solidity's `int48` operator.
*
* Requirements:
*
* - input must fit into 48 bits
*/functiontoInt48(int256 value) internalpurereturns (int48 downcasted) {
downcasted =int48(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(48, value);
}
}
/**
* @dev Returns the downcasted int40 from int256, reverting on
* overflow (when the input is less than smallest int40 or
* greater than largest int40).
*
* Counterpart to Solidity's `int40` operator.
*
* Requirements:
*
* - input must fit into 40 bits
*/functiontoInt40(int256 value) internalpurereturns (int40 downcasted) {
downcasted =int40(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(40, value);
}
}
/**
* @dev Returns the downcasted int32 from int256, reverting on
* overflow (when the input is less than smallest int32 or
* greater than largest int32).
*
* Counterpart to Solidity's `int32` operator.
*
* Requirements:
*
* - input must fit into 32 bits
*/functiontoInt32(int256 value) internalpurereturns (int32 downcasted) {
downcasted =int32(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(32, value);
}
}
/**
* @dev Returns the downcasted int24 from int256, reverting on
* overflow (when the input is less than smallest int24 or
* greater than largest int24).
*
* Counterpart to Solidity's `int24` operator.
*
* Requirements:
*
* - input must fit into 24 bits
*/functiontoInt24(int256 value) internalpurereturns (int24 downcasted) {
downcasted =int24(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(24, value);
}
}
/**
* @dev Returns the downcasted int16 from int256, reverting on
* overflow (when the input is less than smallest int16 or
* greater than largest int16).
*
* Counterpart to Solidity's `int16` operator.
*
* Requirements:
*
* - input must fit into 16 bits
*/functiontoInt16(int256 value) internalpurereturns (int16 downcasted) {
downcasted =int16(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(16, value);
}
}
/**
* @dev Returns the downcasted int8 from int256, reverting on
* overflow (when the input is less than smallest int8 or
* greater than largest int8).
*
* Counterpart to Solidity's `int8` operator.
*
* Requirements:
*
* - input must fit into 8 bits
*/functiontoInt8(int256 value) internalpurereturns (int8 downcasted) {
downcasted =int8(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(8, value);
}
}
/**
* @dev Converts an unsigned uint256 into a signed int256.
*
* Requirements:
*
* - input must be less than or equal to maxInt256.
*/functiontoInt256(uint256 value) internalpurereturns (int256) {
// Note: Unsafe cast below is okay because `type(int256).max` is guaranteed to be positiveif (value >uint256(type(int256).max)) {
revert SafeCastOverflowedUintToInt(value);
}
returnint256(value);
}
}
Contract Source Code
File 50 of 54: SafeERC20.sol
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/utils/SafeERC20.sol)pragmasolidity ^0.8.20;import {IERC20} from"../IERC20.sol";
import {IERC20Permit} from"../extensions/IERC20Permit.sol";
import {Address} from"../../../utils/Address.sol";
/**
* @title SafeERC20
* @dev Wrappers around ERC20 operations that throw on failure (when the token
* contract returns false). Tokens that return no value (and instead revert or
* throw on failure) are also supported, non-reverting calls are assumed to be
* successful.
* To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
* which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
*/librarySafeERC20{
usingAddressforaddress;
/**
* @dev An operation with an ERC20 token failed.
*/errorSafeERC20FailedOperation(address token);
/**
* @dev Indicates a failed `decreaseAllowance` request.
*/errorSafeERC20FailedDecreaseAllowance(address spender, uint256 currentAllowance, uint256 requestedDecrease);
/**
* @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/functionsafeTransfer(IERC20 token, address to, uint256 value) internal{
_callOptionalReturn(token, abi.encodeCall(token.transfer, (to, value)));
}
/**
* @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the
* calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.
*/functionsafeTransferFrom(IERC20 token, addressfrom, address to, uint256 value) internal{
_callOptionalReturn(token, abi.encodeCall(token.transferFrom, (from, to, value)));
}
/**
* @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/functionsafeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal{
uint256 oldAllowance = token.allowance(address(this), spender);
forceApprove(token, spender, oldAllowance + value);
}
/**
* @dev Decrease the calling contract's allowance toward `spender` by `requestedDecrease`. If `token` returns no
* value, non-reverting calls are assumed to be successful.
*/functionsafeDecreaseAllowance(IERC20 token, address spender, uint256 requestedDecrease) internal{
unchecked {
uint256 currentAllowance = token.allowance(address(this), spender);
if (currentAllowance < requestedDecrease) {
revert SafeERC20FailedDecreaseAllowance(spender, currentAllowance, requestedDecrease);
}
forceApprove(token, spender, currentAllowance - requestedDecrease);
}
}
/**
* @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval
* to be set to zero before setting it to a non-zero value, such as USDT.
*/functionforceApprove(IERC20 token, address spender, uint256 value) internal{
bytesmemory approvalCall =abi.encodeCall(token.approve, (spender, value));
if (!_callOptionalReturnBool(token, approvalCall)) {
_callOptionalReturn(token, abi.encodeCall(token.approve, (spender, 0)));
_callOptionalReturn(token, approvalCall);
}
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*/function_callOptionalReturn(IERC20 token, bytesmemory data) private{
// We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since// we're implementing it ourselves. We use {Address-functionCall} to perform this call, which verifies that// the target address contains contract code and also asserts for success in the low-level call.bytesmemory returndata =address(token).functionCall(data);
if (returndata.length!=0&&!abi.decode(returndata, (bool))) {
revert SafeERC20FailedOperation(address(token));
}
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*
* This is a variant of {_callOptionalReturn} that silents catches all reverts and returns a bool instead.
*/function_callOptionalReturnBool(IERC20 token, bytesmemory data) privatereturns (bool) {
// We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since// we're implementing it ourselves. We cannot use {Address-functionCall} here since this should return false// and not revert is the subcall reverts.
(bool success, bytesmemory returndata) =address(token).call(data);
return success && (returndata.length==0||abi.decode(returndata, (bool))) &&address(token).code.length>0;
}
}
Contract Source Code
File 51 of 54: Time.sol
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.0) (utils/types/Time.sol)pragmasolidity ^0.8.20;import {Math} from"../math/Math.sol";
import {SafeCast} from"../math/SafeCast.sol";
/**
* @dev This library provides helpers for manipulating time-related objects.
*
* It uses the following types:
* - `uint48` for timepoints
* - `uint32` for durations
*
* While the library doesn't provide specific types for timepoints and duration, it does provide:
* - a `Delay` type to represent duration that can be programmed to change value automatically at a given point
* - additional helper functions
*/libraryTime{
usingTimefor*;
/**
* @dev Get the block timestamp as a Timepoint.
*/functiontimestamp() internalviewreturns (uint48) {
return SafeCast.toUint48(block.timestamp);
}
/**
* @dev Get the block number as a Timepoint.
*/functionblockNumber() internalviewreturns (uint48) {
return SafeCast.toUint48(block.number);
}
// ==================================================== Delay =====================================================/**
* @dev A `Delay` is a uint32 duration that can be programmed to change value automatically at a given point in the
* future. The "effect" timepoint describes when the transitions happens from the "old" value to the "new" value.
* This allows updating the delay applied to some operation while keeping some guarantees.
*
* In particular, the {update} function guarantees that if the delay is reduced, the old delay still applies for
* some time. For example if the delay is currently 7 days to do an upgrade, the admin should not be able to set
* the delay to 0 and upgrade immediately. If the admin wants to reduce the delay, the old delay (7 days) should
* still apply for some time.
*
*
* The `Delay` type is 112 bits long, and packs the following:
*
* ```
* | [uint48]: effect date (timepoint)
* | | [uint32]: value before (duration)
* ↓ ↓ ↓ [uint32]: value after (duration)
* 0xAAAAAAAAAAAABBBBBBBBCCCCCCCC
* ```
*
* NOTE: The {get} and {withUpdate} functions operate using timestamps. Block number based delays are not currently
* supported.
*/type Delay isuint112;
/**
* @dev Wrap a duration into a Delay to add the one-step "update in the future" feature
*/functiontoDelay(uint32 duration) internalpurereturns (Delay) {
return Delay.wrap(duration);
}
/**
* @dev Get the value at a given timepoint plus the pending value and effect timepoint if there is a scheduled
* change after this timepoint. If the effect timepoint is 0, then the pending value should not be considered.
*/function_getFullAt(Delay self, uint48 timepoint) privatepurereturns (uint32, uint32, uint48) {
(uint32 valueBefore, uint32 valueAfter, uint48 effect) =self.unpack();
return effect <= timepoint ? (valueAfter, 0, 0) : (valueBefore, valueAfter, effect);
}
/**
* @dev Get the current value plus the pending value and effect timepoint if there is a scheduled change. If the
* effect timepoint is 0, then the pending value should not be considered.
*/functiongetFull(Delay self) internalviewreturns (uint32, uint32, uint48) {
return _getFullAt(self, timestamp());
}
/**
* @dev Get the current value.
*/functionget(Delay self) internalviewreturns (uint32) {
(uint32 delay, , ) =self.getFull();
return delay;
}
/**
* @dev Update a Delay object so that it takes a new duration after a timepoint that is automatically computed to
* enforce the old delay at the moment of the update. Returns the updated Delay object and the timestamp when the
* new delay becomes effective.
*/functionwithUpdate(
Delay self,
uint32 newValue,
uint32 minSetback
) internalviewreturns (Delay updatedDelay, uint48 effect) {
uint32 value =self.get();
uint32 setback =uint32(Math.max(minSetback, value > newValue ? value - newValue : 0));
effect = timestamp() + setback;
return (pack(value, newValue, effect), effect);
}
/**
* @dev Split a delay into its components: valueBefore, valueAfter and effect (transition timepoint).
*/functionunpack(Delay self) internalpurereturns (uint32 valueBefore, uint32 valueAfter, uint48 effect) {
uint112 raw = Delay.unwrap(self);
valueAfter =uint32(raw);
valueBefore =uint32(raw >>32);
effect =uint48(raw >>64);
return (valueBefore, valueAfter, effect);
}
/**
* @dev pack the components into a Delay object.
*/functionpack(uint32 valueBefore, uint32 valueAfter, uint48 effect) internalpurereturns (Delay) {
return Delay.wrap((uint112(effect) <<64) | (uint112(valueBefore) <<32) |uint112(valueAfter));
}
}
Contract Source Code
File 52 of 54: WithdrawManager.sol
// SPDX-License-Identifier: BUSL-1.1pragmasolidity 0.8.26;import {AccessManagedUpgradeable} from"../access/AccessManagedUpgradeable.sol";
import {WithdrawManagerStorageLib} from"./WithdrawManagerStorageLib.sol";
import {WithdrawRequest} from"./WithdrawManagerStorageLib.sol";
structWithdrawRequestInfo {
uint256 amount;
uint256 endWithdrawWindowTimestamp;
bool canWithdraw;
uint256 withdrawWindowInSeconds;
}
/**
* @title WithdrawManager
* @dev Manages withdrawal requests and their processing, ensuring that withdrawals are only allowed within specified windows and conditions.
*/contractWithdrawManagerisAccessManagedUpgradeable{
constructor(address accessManager_) {
initialize(accessManager_);
}
functioninitialize(address accessManager_) internalinitializer{
super.__AccessManaged_init(accessManager_);
}
/**
* @notice Checks if the account can withdraw the specified amount and updates the withdraw request.
* @dev This function can only be executed by `plasmaVault` with role TECH_PLASMA_VAULT_ROLE.
* @param account_ The address of the account to check.
* @param amount_ The amount to check for withdrawal.
* @return bool True if the account can withdraw the specified amount, false otherwise.
*/functioncanWithdrawAndUpdate(address account_, uint256 amount_) externalrestrictedreturns (bool) {
uint256 releaseFundsTimestamp = WithdrawManagerStorageLib.getLastReleaseFundsTimestamp();
WithdrawRequest memory request = WithdrawManagerStorageLib.getWithdrawRequest(account_);
if (request.endWithdrawWindowTimestamp ==0) {
returnfalse;
}
if (
_canWithdraw(
request.endWithdrawWindowTimestamp,
WithdrawManagerStorageLib.getWithdrawWindowInSeconds(),
releaseFundsTimestamp
) && request.amount >= amount_
) {
WithdrawManagerStorageLib.deleteWithdrawRequest(account_);
returntrue;
}
returnfalse;
}
functionrequest(uint256 amount_) external{
WithdrawManagerStorageLib.updateWithdrawRequest(msg.sender, amount_);
}
functionreleaseFunds() externalrestricted{
WithdrawManagerStorageLib.releaseFunds();
}
functionupdateWithdrawWindow(uint256 window_) externalrestricted{
WithdrawManagerStorageLib.updateWithdrawWindowLength(window_);
}
functiongetWithdrawWindow() externalviewreturns (uint256) {
return WithdrawManagerStorageLib.getWithdrawWindowInSeconds();
}
functionrequestInfo(address account_) externalviewreturns (WithdrawRequestInfo memory) {
uint256 withdrawWindow = WithdrawManagerStorageLib.getWithdrawWindowInSeconds();
uint256 releaseFundsTimestamp = WithdrawManagerStorageLib.getLastReleaseFundsTimestamp();
WithdrawRequest memory request = WithdrawManagerStorageLib.getWithdrawRequest(account_);
return
WithdrawRequestInfo({
amount: request.amount,
endWithdrawWindowTimestamp: request.endWithdrawWindowTimestamp,
canWithdraw: _canWithdraw(request.endWithdrawWindowTimestamp, withdrawWindow, releaseFundsTimestamp),
withdrawWindowInSeconds: withdrawWindow
});
}
function_canWithdraw(uint256 endWithdrawWindowTimestamp,
uint256 withdrawWindow,
uint256 releaseFundsTimestamp
) privateviewreturns (bool) {
/// @dev endWithdrawWindowTimestamp - withdrawWindow = moment when user did request for withdrawreturnblock.timestamp>= endWithdrawWindowTimestamp - withdrawWindow &&block.timestamp<= endWithdrawWindowTimestamp &&
endWithdrawWindowTimestamp - withdrawWindow < releaseFundsTimestamp;
}
}
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/draft-IERC6093.sol)pragmasolidity ^0.8.20;/**
* @dev Standard ERC20 Errors
* Interface of the https://eips.ethereum.org/EIPS/eip-6093[ERC-6093] custom errors for ERC20 tokens.
*/interfaceIERC20Errors{
/**
* @dev Indicates an error related to the current `balance` of a `sender`. Used in transfers.
* @param sender Address whose tokens are being transferred.
* @param balance Current balance for the interacting account.
* @param needed Minimum amount required to perform a transfer.
*/errorERC20InsufficientBalance(address sender, uint256 balance, uint256 needed);
/**
* @dev Indicates a failure with the token `sender`. Used in transfers.
* @param sender Address whose tokens are being transferred.
*/errorERC20InvalidSender(address sender);
/**
* @dev Indicates a failure with the token `receiver`. Used in transfers.
* @param receiver Address to which tokens are being transferred.
*/errorERC20InvalidReceiver(address receiver);
/**
* @dev Indicates a failure with the `spender`’s `allowance`. Used in transfers.
* @param spender Address that may be allowed to operate on tokens without being their owner.
* @param allowance Amount of tokens a `spender` is allowed to operate with.
* @param needed Minimum amount required to perform a transfer.
*/errorERC20InsufficientAllowance(address spender, uint256 allowance, uint256 needed);
/**
* @dev Indicates a failure with the `approver` of a token to be approved. Used in approvals.
* @param approver Address initiating an approval operation.
*/errorERC20InvalidApprover(address approver);
/**
* @dev Indicates a failure with the `spender` to be approved. Used in approvals.
* @param spender Address that may be allowed to operate on tokens without being their owner.
*/errorERC20InvalidSpender(address spender);
}
/**
* @dev Standard ERC721 Errors
* Interface of the https://eips.ethereum.org/EIPS/eip-6093[ERC-6093] custom errors for ERC721 tokens.
*/interfaceIERC721Errors{
/**
* @dev Indicates that an address can't be an owner. For example, `address(0)` is a forbidden owner in EIP-20.
* Used in balance queries.
* @param owner Address of the current owner of a token.
*/errorERC721InvalidOwner(address owner);
/**
* @dev Indicates a `tokenId` whose `owner` is the zero address.
* @param tokenId Identifier number of a token.
*/errorERC721NonexistentToken(uint256 tokenId);
/**
* @dev Indicates an error related to the ownership over a particular token. Used in transfers.
* @param sender Address whose tokens are being transferred.
* @param tokenId Identifier number of a token.
* @param owner Address of the current owner of a token.
*/errorERC721IncorrectOwner(address sender, uint256 tokenId, address owner);
/**
* @dev Indicates a failure with the token `sender`. Used in transfers.
* @param sender Address whose tokens are being transferred.
*/errorERC721InvalidSender(address sender);
/**
* @dev Indicates a failure with the token `receiver`. Used in transfers.
* @param receiver Address to which tokens are being transferred.
*/errorERC721InvalidReceiver(address receiver);
/**
* @dev Indicates a failure with the `operator`’s approval. Used in transfers.
* @param operator Address that may be allowed to operate on tokens without being their owner.
* @param tokenId Identifier number of a token.
*/errorERC721InsufficientApproval(address operator, uint256 tokenId);
/**
* @dev Indicates a failure with the `approver` of a token to be approved. Used in approvals.
* @param approver Address initiating an approval operation.
*/errorERC721InvalidApprover(address approver);
/**
* @dev Indicates a failure with the `operator` to be approved. Used in approvals.
* @param operator Address that may be allowed to operate on tokens without being their owner.
*/errorERC721InvalidOperator(address operator);
}
/**
* @dev Standard ERC1155 Errors
* Interface of the https://eips.ethereum.org/EIPS/eip-6093[ERC-6093] custom errors for ERC1155 tokens.
*/interfaceIERC1155Errors{
/**
* @dev Indicates an error related to the current `balance` of a `sender`. Used in transfers.
* @param sender Address whose tokens are being transferred.
* @param balance Current balance for the interacting account.
* @param needed Minimum amount required to perform a transfer.
* @param tokenId Identifier number of a token.
*/errorERC1155InsufficientBalance(address sender, uint256 balance, uint256 needed, uint256 tokenId);
/**
* @dev Indicates a failure with the token `sender`. Used in transfers.
* @param sender Address whose tokens are being transferred.
*/errorERC1155InvalidSender(address sender);
/**
* @dev Indicates a failure with the token `receiver`. Used in transfers.
* @param receiver Address to which tokens are being transferred.
*/errorERC1155InvalidReceiver(address receiver);
/**
* @dev Indicates a failure with the `operator`’s approval. Used in transfers.
* @param operator Address that may be allowed to operate on tokens without being their owner.
* @param owner Address of the current owner of a token.
*/errorERC1155MissingApprovalForAll(address operator, address owner);
/**
* @dev Indicates a failure with the `approver` of a token to be approved. Used in approvals.
* @param approver Address initiating an approval operation.
*/errorERC1155InvalidApprover(address approver);
/**
* @dev Indicates a failure with the `operator` to be approved. Used in approvals.
* @param operator Address that may be allowed to operate on tokens without being their owner.
*/errorERC1155InvalidOperator(address operator);
/**
* @dev Indicates an array length mismatch between ids and values in a safeBatchTransferFrom operation.
* Used in batch transfers.
* @param idsLength Length of the array of token identifiers
* @param valuesLength Length of the array of token amounts
*/errorERC1155InvalidArrayLength(uint256 idsLength, uint256 valuesLength);
}
