// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;import"@balancer-labs/v2-interfaces/contracts/solidity-utils/helpers/BalancerErrors.sol";
import"@balancer-labs/v2-interfaces/contracts/solidity-utils/helpers/IAuthentication.sol";
/**
* @dev Building block for performing access control on external functions.
*
* This contract is used via the `authenticate` modifier (or the `_authenticateCaller` function), which can be applied
* to external functions to only make them callable by authorized accounts.
*
* Derived contracts must implement the `_canPerform` function, which holds the actual access control logic.
*/abstractcontractAuthenticationisIAuthentication{
bytes32privateimmutable _actionIdDisambiguator;
/**
* @dev The main purpose of the `actionIdDisambiguator` is to prevent accidental function selector collisions in
* multi contract systems.
*
* There are two main uses for it:
* - if the contract is a singleton, any unique identifier can be used to make the associated action identifiers
* unique. The contract's own address is a good option.
* - if the contract belongs to a family that shares action identifiers for the same functions, an identifier
* shared by the entire family (and no other contract) should be used instead.
*/constructor(bytes32 actionIdDisambiguator) {
_actionIdDisambiguator = actionIdDisambiguator;
}
/**
* @dev Reverts unless the caller is allowed to call this function. Should only be applied to external functions.
*/modifierauthenticate() {
_authenticateCaller();
_;
}
/**
* @dev Reverts unless the caller is allowed to call the entry point function.
*/function_authenticateCaller() internalview{
bytes32 actionId = getActionId(msg.sig);
_require(_canPerform(actionId, msg.sender), Errors.SENDER_NOT_ALLOWED);
}
functiongetActionId(bytes4 selector) publicviewoverridereturns (bytes32) {
// Each external function is dynamically assigned an action identifier as the hash of the disambiguator and the// function selector. Disambiguation is necessary to avoid potential collisions in the function selectors of// multiple contracts.returnkeccak256(abi.encodePacked(_actionIdDisambiguator, selector));
}
function_canPerform(bytes32 actionId, address user) internalviewvirtualreturns (bool);
}
Contract Source Code
File 2 of 52: BalancerErrors.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;// solhint-disable/**
* @dev Reverts if `condition` is false, with a revert reason containing `errorCode`. Only codes up to 999 are
* supported.
* Uses the default 'BAL' prefix for the error code
*/function_require(bool condition, uint256 errorCode) pure{
if (!condition) _revert(errorCode);
}
/**
* @dev Reverts if `condition` is false, with a revert reason containing `errorCode`. Only codes up to 999 are
* supported.
*/function_require(bool condition, uint256 errorCode, bytes3 prefix) pure{
if (!condition) _revert(errorCode, prefix);
}
/**
* @dev Reverts with a revert reason containing `errorCode`. Only codes up to 999 are supported.
* Uses the default 'BAL' prefix for the error code
*/function_revert(uint256 errorCode) pure{
_revert(errorCode, 0x42414c); // This is the raw byte representation of "BAL"
}
/**
* @dev Reverts with a revert reason containing `errorCode`. Only codes up to 999 are supported.
*/function_revert(uint256 errorCode, bytes3 prefix) pure{
uint256 prefixUint =uint256(uint24(prefix));
// We're going to dynamically create a revert string based on the error code, with the following format:// 'BAL#{errorCode}'// where the code is left-padded with zeroes to three digits (so they range from 000 to 999).//// We don't have revert strings embedded in the contract to save bytecode size: it takes much less space to store a// number (8 to 16 bits) than the individual string characters.//// The dynamic string creation algorithm that follows could be implemented in Solidity, but assembly allows for a// much denser implementation, again saving bytecode size. Given this function unconditionally reverts, this is a// safe place to rely on it without worrying about how its usage might affect e.g. memory contents.assembly {
// First, we need to compute the ASCII representation of the error code. We assume that it is in the 0-999// range, so we only need to convert three digits. To convert the digits to ASCII, we add 0x30, the value for// the '0' character.let units :=add(mod(errorCode, 10), 0x30)
errorCode :=div(errorCode, 10)
let tenths :=add(mod(errorCode, 10), 0x30)
errorCode :=div(errorCode, 10)
let hundreds :=add(mod(errorCode, 10), 0x30)
// With the individual characters, we can now construct the full string.// We first append the '#' character (0x23) to the prefix. In the case of 'BAL', it results in 0x42414c23 ('BAL#')// Then, we shift this by 24 (to provide space for the 3 bytes of the error code), and add the// characters to it, each shifted by a multiple of 8.// The revert reason is then shifted left by 200 bits (256 minus the length of the string, 7 characters * 8 bits// per character = 56) to locate it in the most significant part of the 256 slot (the beginning of a byte// array).let formattedPrefix :=shl(24, add(0x23, shl(8, prefixUint)))
let revertReason :=shl(200, add(formattedPrefix, add(add(units, shl(8, tenths)), shl(16, hundreds))))
// We can now encode the reason in memory, which can be safely overwritten as we're about to revert. The encoded// message will have the following layout:// [ revert reason identifier ] [ string location offset ] [ string length ] [ string contents ]// The Solidity revert reason identifier is 0x08c739a0, the function selector of the Error(string) function. We// also write zeroes to the next 28 bytes of memory, but those are about to be overwritten.mstore(0x0, 0x08c379a000000000000000000000000000000000000000000000000000000000)
// Next is the offset to the location of the string, which will be placed immediately after (20 bytes away).mstore(0x04, 0x0000000000000000000000000000000000000000000000000000000000000020)
// The string length is fixed: 7 characters.mstore(0x24, 7)
// Finally, the string itself is stored.mstore(0x44, revertReason)
// Even if the string is only 7 bytes long, we need to return a full 32 byte slot containing it. The length of// the encoded message is therefore 4 + 32 + 32 + 32 = 100.revert(0, 100)
}
}
libraryErrors{
// Mathuint256internalconstant ADD_OVERFLOW =0;
uint256internalconstant SUB_OVERFLOW =1;
uint256internalconstant SUB_UNDERFLOW =2;
uint256internalconstant MUL_OVERFLOW =3;
uint256internalconstant ZERO_DIVISION =4;
uint256internalconstant DIV_INTERNAL =5;
uint256internalconstant X_OUT_OF_BOUNDS =6;
uint256internalconstant Y_OUT_OF_BOUNDS =7;
uint256internalconstant PRODUCT_OUT_OF_BOUNDS =8;
uint256internalconstant INVALID_EXPONENT =9;
// Inputuint256internalconstant OUT_OF_BOUNDS =100;
uint256internalconstant UNSORTED_ARRAY =101;
uint256internalconstant UNSORTED_TOKENS =102;
uint256internalconstant INPUT_LENGTH_MISMATCH =103;
uint256internalconstant ZERO_TOKEN =104;
// Shared poolsuint256internalconstant MIN_TOKENS =200;
uint256internalconstant MAX_TOKENS =201;
uint256internalconstant MAX_SWAP_FEE_PERCENTAGE =202;
uint256internalconstant MIN_SWAP_FEE_PERCENTAGE =203;
uint256internalconstant MINIMUM_BPT =204;
uint256internalconstant CALLER_NOT_VAULT =205;
uint256internalconstant UNINITIALIZED =206;
uint256internalconstant BPT_IN_MAX_AMOUNT =207;
uint256internalconstant BPT_OUT_MIN_AMOUNT =208;
uint256internalconstant EXPIRED_PERMIT =209;
uint256internalconstant NOT_TWO_TOKENS =210;
uint256internalconstant DISABLED =211;
// Poolsuint256internalconstant MIN_AMP =300;
uint256internalconstant MAX_AMP =301;
uint256internalconstant MIN_WEIGHT =302;
uint256internalconstant MAX_STABLE_TOKENS =303;
uint256internalconstant MAX_IN_RATIO =304;
uint256internalconstant MAX_OUT_RATIO =305;
uint256internalconstant MIN_BPT_IN_FOR_TOKEN_OUT =306;
uint256internalconstant MAX_OUT_BPT_FOR_TOKEN_IN =307;
uint256internalconstant NORMALIZED_WEIGHT_INVARIANT =308;
uint256internalconstant INVALID_TOKEN =309;
uint256internalconstant UNHANDLED_JOIN_KIND =310;
uint256internalconstant ZERO_INVARIANT =311;
uint256internalconstant ORACLE_INVALID_SECONDS_QUERY =312;
uint256internalconstant ORACLE_NOT_INITIALIZED =313;
uint256internalconstant ORACLE_QUERY_TOO_OLD =314;
uint256internalconstant ORACLE_INVALID_INDEX =315;
uint256internalconstant ORACLE_BAD_SECS =316;
uint256internalconstant AMP_END_TIME_TOO_CLOSE =317;
uint256internalconstant AMP_ONGOING_UPDATE =318;
uint256internalconstant AMP_RATE_TOO_HIGH =319;
uint256internalconstant AMP_NO_ONGOING_UPDATE =320;
uint256internalconstant STABLE_INVARIANT_DIDNT_CONVERGE =321;
uint256internalconstant STABLE_GET_BALANCE_DIDNT_CONVERGE =322;
uint256internalconstant RELAYER_NOT_CONTRACT =323;
uint256internalconstant BASE_POOL_RELAYER_NOT_CALLED =324;
uint256internalconstant REBALANCING_RELAYER_REENTERED =325;
uint256internalconstant GRADUAL_UPDATE_TIME_TRAVEL =326;
uint256internalconstant SWAPS_DISABLED =327;
uint256internalconstant CALLER_IS_NOT_LBP_OWNER =328;
uint256internalconstant PRICE_RATE_OVERFLOW =329;
uint256internalconstant INVALID_JOIN_EXIT_KIND_WHILE_SWAPS_DISABLED =330;
uint256internalconstant WEIGHT_CHANGE_TOO_FAST =331;
uint256internalconstant LOWER_GREATER_THAN_UPPER_TARGET =332;
uint256internalconstant UPPER_TARGET_TOO_HIGH =333;
uint256internalconstant UNHANDLED_BY_LINEAR_POOL =334;
uint256internalconstant OUT_OF_TARGET_RANGE =335;
uint256internalconstant UNHANDLED_EXIT_KIND =336;
uint256internalconstant UNAUTHORIZED_EXIT =337;
uint256internalconstant MAX_MANAGEMENT_SWAP_FEE_PERCENTAGE =338;
uint256internalconstant UNHANDLED_BY_MANAGED_POOL =339;
uint256internalconstant UNHANDLED_BY_PHANTOM_POOL =340;
uint256internalconstant TOKEN_DOES_NOT_HAVE_RATE_PROVIDER =341;
uint256internalconstant INVALID_INITIALIZATION =342;
uint256internalconstant OUT_OF_NEW_TARGET_RANGE =343;
uint256internalconstant FEATURE_DISABLED =344;
uint256internalconstant UNINITIALIZED_POOL_CONTROLLER =345;
uint256internalconstant SET_SWAP_FEE_DURING_FEE_CHANGE =346;
uint256internalconstant SET_SWAP_FEE_PENDING_FEE_CHANGE =347;
uint256internalconstant CHANGE_TOKENS_DURING_WEIGHT_CHANGE =348;
uint256internalconstant CHANGE_TOKENS_PENDING_WEIGHT_CHANGE =349;
uint256internalconstant MAX_WEIGHT =350;
uint256internalconstant UNAUTHORIZED_JOIN =351;
uint256internalconstant MAX_MANAGEMENT_AUM_FEE_PERCENTAGE =352;
uint256internalconstant FRACTIONAL_TARGET =353;
// Libuint256internalconstant REENTRANCY =400;
uint256internalconstant SENDER_NOT_ALLOWED =401;
uint256internalconstant PAUSED =402;
uint256internalconstant PAUSE_WINDOW_EXPIRED =403;
uint256internalconstant MAX_PAUSE_WINDOW_DURATION =404;
uint256internalconstant MAX_BUFFER_PERIOD_DURATION =405;
uint256internalconstant INSUFFICIENT_BALANCE =406;
uint256internalconstant INSUFFICIENT_ALLOWANCE =407;
uint256internalconstant ERC20_TRANSFER_FROM_ZERO_ADDRESS =408;
uint256internalconstant ERC20_TRANSFER_TO_ZERO_ADDRESS =409;
uint256internalconstant ERC20_MINT_TO_ZERO_ADDRESS =410;
uint256internalconstant ERC20_BURN_FROM_ZERO_ADDRESS =411;
uint256internalconstant ERC20_APPROVE_FROM_ZERO_ADDRESS =412;
uint256internalconstant ERC20_APPROVE_TO_ZERO_ADDRESS =413;
uint256internalconstant ERC20_TRANSFER_EXCEEDS_ALLOWANCE =414;
uint256internalconstant ERC20_DECREASED_ALLOWANCE_BELOW_ZERO =415;
uint256internalconstant ERC20_TRANSFER_EXCEEDS_BALANCE =416;
uint256internalconstant ERC20_BURN_EXCEEDS_ALLOWANCE =417;
uint256internalconstant SAFE_ERC20_CALL_FAILED =418;
uint256internalconstant ADDRESS_INSUFFICIENT_BALANCE =419;
uint256internalconstant ADDRESS_CANNOT_SEND_VALUE =420;
uint256internalconstant SAFE_CAST_VALUE_CANT_FIT_INT256 =421;
uint256internalconstant GRANT_SENDER_NOT_ADMIN =422;
uint256internalconstant REVOKE_SENDER_NOT_ADMIN =423;
uint256internalconstant RENOUNCE_SENDER_NOT_ALLOWED =424;
uint256internalconstant BUFFER_PERIOD_EXPIRED =425;
uint256internalconstant CALLER_IS_NOT_OWNER =426;
uint256internalconstant NEW_OWNER_IS_ZERO =427;
uint256internalconstant CODE_DEPLOYMENT_FAILED =428;
uint256internalconstant CALL_TO_NON_CONTRACT =429;
uint256internalconstant LOW_LEVEL_CALL_FAILED =430;
uint256internalconstant NOT_PAUSED =431;
uint256internalconstant ADDRESS_ALREADY_ALLOWLISTED =432;
uint256internalconstant ADDRESS_NOT_ALLOWLISTED =433;
uint256internalconstant ERC20_BURN_EXCEEDS_BALANCE =434;
uint256internalconstant INVALID_OPERATION =435;
uint256internalconstant CODEC_OVERFLOW =436;
uint256internalconstant IN_RECOVERY_MODE =437;
uint256internalconstant NOT_IN_RECOVERY_MODE =438;
uint256internalconstant INDUCED_FAILURE =439;
uint256internalconstant EXPIRED_SIGNATURE =440;
uint256internalconstant MALFORMED_SIGNATURE =441;
uint256internalconstant SAFE_CAST_VALUE_CANT_FIT_UINT64 =442;
uint256internalconstant UNHANDLED_FEE_TYPE =443;
// Vaultuint256internalconstant INVALID_POOL_ID =500;
uint256internalconstant CALLER_NOT_POOL =501;
uint256internalconstant SENDER_NOT_ASSET_MANAGER =502;
uint256internalconstant USER_DOESNT_ALLOW_RELAYER =503;
uint256internalconstant INVALID_SIGNATURE =504;
uint256internalconstant EXIT_BELOW_MIN =505;
uint256internalconstant JOIN_ABOVE_MAX =506;
uint256internalconstant SWAP_LIMIT =507;
uint256internalconstant SWAP_DEADLINE =508;
uint256internalconstant CANNOT_SWAP_SAME_TOKEN =509;
uint256internalconstant UNKNOWN_AMOUNT_IN_FIRST_SWAP =510;
uint256internalconstant MALCONSTRUCTED_MULTIHOP_SWAP =511;
uint256internalconstant INTERNAL_BALANCE_OVERFLOW =512;
uint256internalconstant INSUFFICIENT_INTERNAL_BALANCE =513;
uint256internalconstant INVALID_ETH_INTERNAL_BALANCE =514;
uint256internalconstant INVALID_POST_LOAN_BALANCE =515;
uint256internalconstant INSUFFICIENT_ETH =516;
uint256internalconstant UNALLOCATED_ETH =517;
uint256internalconstant ETH_TRANSFER =518;
uint256internalconstant CANNOT_USE_ETH_SENTINEL =519;
uint256internalconstant TOKENS_MISMATCH =520;
uint256internalconstant TOKEN_NOT_REGISTERED =521;
uint256internalconstant TOKEN_ALREADY_REGISTERED =522;
uint256internalconstant TOKENS_ALREADY_SET =523;
uint256internalconstant TOKENS_LENGTH_MUST_BE_2 =524;
uint256internalconstant NONZERO_TOKEN_BALANCE =525;
uint256internalconstant BALANCE_TOTAL_OVERFLOW =526;
uint256internalconstant POOL_NO_TOKENS =527;
uint256internalconstant INSUFFICIENT_FLASH_LOAN_BALANCE =528;
// Feesuint256internalconstant SWAP_FEE_PERCENTAGE_TOO_HIGH =600;
uint256internalconstant FLASH_LOAN_FEE_PERCENTAGE_TOO_HIGH =601;
uint256internalconstant INSUFFICIENT_FLASH_LOAN_FEE_AMOUNT =602;
uint256internalconstant AUM_FEE_PERCENTAGE_TOO_HIGH =603;
// Miscuint256internalconstant UNIMPLEMENTED =998;
uint256internalconstant SHOULD_NOT_HAPPEN =999;
}
Contract Source Code
File 3 of 52: BalancerPoolToken.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;import"@balancer-labs/v2-interfaces/contracts/vault/IVault.sol";
import"@balancer-labs/v2-solidity-utils/contracts/openzeppelin/ERC20Permit.sol";
/**
* @title Highly opinionated token implementation
* @author Balancer Labs
* @dev
* - Includes functions to increase and decrease allowance as a workaround
* for the well-known issue with `approve`:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
* - Allows for 'infinite allowance', where an allowance of 0xff..ff is not
* decreased by calls to transferFrom
* - Lets a token holder use `transferFrom` to send their own tokens,
* without first setting allowance
* - Emits 'Approval' events whenever allowance is changed by `transferFrom`
* - Assigns infinite allowance for all token holders to the Vault
*/contractBalancerPoolTokenisERC20Permit{
IVault privateimmutable _vault;
constructor(stringmemory tokenName,
stringmemory tokenSymbol,
IVault vault
) ERC20(tokenName, tokenSymbol) ERC20Permit(tokenName) {
_vault = vault;
}
functiongetVault() publicviewreturns (IVault) {
return _vault;
}
// Overrides/**
* @dev Override to grant the Vault infinite allowance, causing for Pool Tokens to not require approval.
*
* This is sound as the Vault already provides authorization mechanisms when initiation token transfers, which this
* contract inherits.
*/functionallowance(address owner, address spender) publicviewoverridereturns (uint256) {
if (spender ==address(getVault())) {
returnuint256(-1);
} else {
returnsuper.allowance(owner, spender);
}
}
/**
* @dev Override to allow for 'infinite allowance' and let the token owner use `transferFrom` with no self-allowance
*/functiontransferFrom(address sender,
address recipient,
uint256 amount
) publicoverridereturns (bool) {
uint256 currentAllowance = allowance(sender, msg.sender);
_require(msg.sender== sender || currentAllowance >= amount, Errors.ERC20_TRANSFER_EXCEEDS_ALLOWANCE);
_transfer(sender, recipient, amount);
if (msg.sender!= sender && currentAllowance !=uint256(-1)) {
// Because of the previous require, we know that if msg.sender != sender then currentAllowance >= amount
_approve(sender, msg.sender, currentAllowance - amount);
}
returntrue;
}
/**
* @dev Override to allow decreasing allowance by more than the current amount (setting it to zero)
*/functiondecreaseAllowance(address spender, uint256 amount) publicoverridereturns (bool) {
uint256 currentAllowance = allowance(msg.sender, spender);
if (amount >= currentAllowance) {
_approve(msg.sender, spender, 0);
} else {
// No risk of underflow due to if condition
_approve(msg.sender, spender, currentAllowance - amount);
}
returntrue;
}
// Internal functionsfunction_mintPoolTokens(address recipient, uint256 amount) internal{
_mint(recipient, amount);
}
function_burnPoolTokens(address sender, uint256 amount) internal{
_burn(sender, amount);
}
}
Contract Source Code
File 4 of 52: BaseGeneralPool.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;pragmaexperimentalABIEncoderV2;import"@balancer-labs/v2-interfaces/contracts/vault/IGeneralPool.sol";
import"./BasePool.sol";
/**
* @dev Extension of `BasePool`, adding a handler for `IGeneralPool.onSwap`.
*
* Derived contracts must call `BasePool`'s constructor, and implement `_onSwapGivenIn` and `_onSwapGivenOut` along with
* `BasePool`'s virtual functions. Inheriting from this contract lets derived contracts choose the General
* specialization setting.
*/abstractcontractBaseGeneralPoolisIGeneralPool, BasePool{
// Swap HooksfunctiononSwap(
SwapRequest memory swapRequest,
uint256[] memory balances,
uint256 indexIn,
uint256 indexOut
) externaloverrideonlyVault(swapRequest.poolId) returns (uint256) {
_beforeSwapJoinExit();
_validateIndexes(indexIn, indexOut, _getTotalTokens());
uint256[] memory scalingFactors = _scalingFactors();
return
swapRequest.kind == IVault.SwapKind.GIVEN_IN
? _swapGivenIn(swapRequest, balances, indexIn, indexOut, scalingFactors)
: _swapGivenOut(swapRequest, balances, indexIn, indexOut, scalingFactors);
}
function_swapGivenIn(
SwapRequest memory swapRequest,
uint256[] memory balances,
uint256 indexIn,
uint256 indexOut,
uint256[] memory scalingFactors
) internalvirtualreturns (uint256) {
// Fees are subtracted before scaling, to reduce the complexity of the rounding direction analysis.
swapRequest.amount = _subtractSwapFeeAmount(swapRequest.amount);
_upscaleArray(balances, scalingFactors);
swapRequest.amount = _upscale(swapRequest.amount, scalingFactors[indexIn]);
uint256 amountOut = _onSwapGivenIn(swapRequest, balances, indexIn, indexOut);
// amountOut tokens are exiting the Pool, so we round down.return _downscaleDown(amountOut, scalingFactors[indexOut]);
}
function_swapGivenOut(
SwapRequest memory swapRequest,
uint256[] memory balances,
uint256 indexIn,
uint256 indexOut,
uint256[] memory scalingFactors
) internalvirtualreturns (uint256) {
_upscaleArray(balances, scalingFactors);
swapRequest.amount = _upscale(swapRequest.amount, scalingFactors[indexOut]);
uint256 amountIn = _onSwapGivenOut(swapRequest, balances, indexIn, indexOut);
// amountIn tokens are entering the Pool, so we round up.
amountIn = _downscaleUp(amountIn, scalingFactors[indexIn]);
// Fees are added after scaling happens, to reduce the complexity of the rounding direction analysis.return _addSwapFeeAmount(amountIn);
}
/*
* @dev Called when a swap with the Pool occurs, where the amount of tokens entering the Pool is known.
*
* Returns the amount of tokens that will be taken from the Pool in return.
*
* All amounts inside `swapRequest` and `balances` are upscaled. The swap fee has already been deducted from
* `swapRequest.amount`.
*
* The return value is also considered upscaled, and will be downscaled (rounding down) before returning it to the
* Vault.
*/function_onSwapGivenIn(
SwapRequest memory swapRequest,
uint256[] memory balances,
uint256 indexIn,
uint256 indexOut
) internalvirtualreturns (uint256);
/*
* @dev Called when a swap with the Pool occurs, where the amount of tokens exiting the Pool is known.
*
* Returns the amount of tokens that will be granted to the Pool in return.
*
* All amounts inside `swapRequest` and `balances` are upscaled.
*
* The return value is also considered upscaled, and will be downscaled (rounding up) before applying the swap fee
* and returning it to the Vault.
*/function_onSwapGivenOut(
SwapRequest memory swapRequest,
uint256[] memory balances,
uint256 indexIn,
uint256 indexOut
) internalvirtualreturns (uint256);
function_validateIndexes(uint256 indexIn,
uint256 indexOut,
uint256 limit
) privatepure{
_require(indexIn < limit && indexOut < limit, Errors.OUT_OF_BOUNDS);
}
}
Contract Source Code
File 5 of 52: BasePool.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;pragmaexperimentalABIEncoderV2;import"@balancer-labs/v2-interfaces/contracts/pool-utils/IAssetManager.sol";
import"@balancer-labs/v2-interfaces/contracts/pool-utils/IControlledPool.sol";
import"@balancer-labs/v2-interfaces/contracts/vault/IVault.sol";
import"@balancer-labs/v2-interfaces/contracts/vault/IBasePool.sol";
import"@balancer-labs/v2-solidity-utils/contracts/helpers/InputHelpers.sol";
import"@balancer-labs/v2-solidity-utils/contracts/helpers/WordCodec.sol";
import"@balancer-labs/v2-solidity-utils/contracts/helpers/TemporarilyPausable.sol";
import"@balancer-labs/v2-solidity-utils/contracts/openzeppelin/ERC20.sol";
import"@balancer-labs/v2-solidity-utils/contracts/math/FixedPoint.sol";
import"@balancer-labs/v2-solidity-utils/contracts/math/Math.sol";
import"./BalancerPoolToken.sol";
import"./BasePoolAuthorization.sol";
import"./RecoveryMode.sol";
// solhint-disable max-states-count/**
* @notice Reference implementation for the base layer of a Pool contract.
* @dev Reference implementation for the base layer of a Pool contract that manages a single Pool with optional
* Asset Managers, an admin-controlled swap fee percentage, and an emergency pause mechanism.
*
* This Pool pays protocol fees by minting BPT directly to the ProtocolFeeCollector instead of using the
* `dueProtocolFees` return value. This results in the underlying tokens continuing to provide liquidity
* for traders, while still keeping gas usage to a minimum since only a single token (the BPT) is transferred.
*
* Note that neither swap fees nor the pause mechanism are used by this contract. They are passed through so that
* derived contracts can use them via the `_addSwapFeeAmount` and `_subtractSwapFeeAmount` functions, and the
* `whenNotPaused` modifier.
*
* No admin permissions are checked here: instead, this contract delegates that to the Vault's own Authorizer.
*
* Because this contract doesn't implement the swap hooks, derived contracts should generally inherit from
* BaseGeneralPool or BaseMinimalSwapInfoPool. Otherwise, subclasses must inherit from the corresponding interfaces
* and implement the swap callbacks themselves.
*/abstractcontractBasePoolisIBasePool,
IControlledPool,
BasePoolAuthorization,
BalancerPoolToken,
TemporarilyPausable,
RecoveryMode{
usingWordCodecforbytes32;
usingFixedPointforuint256;
usingBasePoolUserDataforbytes;
uint256privateconstant _MIN_TOKENS =2;
uint256privateconstant _DEFAULT_MINIMUM_BPT =1e6;
// 1e18 corresponds to 1.0, or a 100% feeuint256privateconstant _MIN_SWAP_FEE_PERCENTAGE =1e12; // 0.0001%uint256privateconstant _MAX_SWAP_FEE_PERCENTAGE =1e17; // 10% - this fits in 64 bits// `_miscData` is a storage slot that can be used to store unrelated pieces of information. All pools store the// recovery mode flag and swap fee percentage, but `miscData` can be extended to store more pieces of information.// The most signficant bit is reserved for the recovery mode flag, and the swap fee percentage is stored in// the next most significant 63 bits, leaving the remaining 192 bits free to store any other information derived// pools might need.//// This slot is preferred for gas-sensitive operations as it is read in all joins, swaps and exits,// and therefore warm.// [ recovery | swap fee | available ]// [ 1 bit | 63 bits | 192 bits ]// [ MSB LSB ]bytes32private _miscData;
uint256privateconstant _SWAP_FEE_PERCENTAGE_OFFSET =192;
uint256privateconstant _RECOVERY_MODE_BIT_OFFSET =255;
// A fee can never be larger than FixedPoint.ONE, which fits in 60 bits, so 63 is more than enough.uint256privateconstant _SWAP_FEE_PERCENTAGE_BIT_LENGTH =63;
bytes32privateimmutable _poolId;
// Note that this value is immutable in the Vault, so we can make it immutable here and save gas
IProtocolFeesCollector privateimmutable _protocolFeesCollector;
eventSwapFeePercentageChanged(uint256 swapFeePercentage);
constructor(
IVault vault,
IVault.PoolSpecialization specialization,
stringmemory name,
stringmemory symbol,
IERC20[] memory tokens,
address[] memory assetManagers,
uint256 swapFeePercentage,
uint256 pauseWindowDuration,
uint256 bufferPeriodDuration,
address owner
)
// Base Pools are expected to be deployed using factories. By using the factory address as the action// disambiguator, we make all Pools deployed by the same factory share action identifiers. This allows for// simpler management of permissions (such as being able to manage granting the 'set fee percentage' action in// any Pool created by the same factory), while still making action identifiers unique among different factories// if the selectors match, preventing accidental errors.Authentication(bytes32(uint256(msg.sender)))
BalancerPoolToken(name, symbol, vault)
BasePoolAuthorization(owner)
TemporarilyPausable(pauseWindowDuration, bufferPeriodDuration)
{
_require(tokens.length>= _MIN_TOKENS, Errors.MIN_TOKENS);
_require(tokens.length<= _getMaxTokens(), Errors.MAX_TOKENS);
// The Vault only requires the token list to be ordered for the Two Token Pools specialization. However,// to make the developer experience consistent, we are requiring this condition for all the native pools.// Also, since these Pools will register tokens only once, we can ensure the Pool tokens will follow the same// order. We rely on this property to make Pools simpler to write, as it lets us assume that the// order of token-specific parameters (such as token weights) will not change.
InputHelpers.ensureArrayIsSorted(tokens);
_setSwapFeePercentage(swapFeePercentage);
bytes32 poolId = vault.registerPool(specialization);
vault.registerTokens(poolId, tokens, assetManagers);
// Set immutable state variables - these cannot be read from during construction
_poolId = poolId;
_protocolFeesCollector = vault.getProtocolFeesCollector();
}
// Getters / Setters/**
* @notice Return the pool id.
*/functiongetPoolId() publicviewoverridereturns (bytes32) {
return _poolId;
}
function_getTotalTokens() internalviewvirtualreturns (uint256);
function_getMaxTokens() internalpurevirtualreturns (uint256);
/**
* @dev Returns the minimum BPT supply. This amount is minted to the zero address during initialization, effectively
* locking it.
*
* This is useful to make sure Pool initialization happens only once, but derived Pools can change this value (even
* to zero) by overriding this function.
*/function_getMinimumBpt() internalpurevirtualreturns (uint256) {
return _DEFAULT_MINIMUM_BPT;
}
/**
* @notice Return the current value of the swap fee percentage.
* @dev This is stored in `_miscData`.
*/functiongetSwapFeePercentage() publicviewvirtualoverridereturns (uint256) {
return _miscData.decodeUint(_SWAP_FEE_PERCENTAGE_OFFSET, _SWAP_FEE_PERCENTAGE_BIT_LENGTH);
}
/**
* @notice Return the ProtocolFeesCollector contract.
* @dev This is immutable, and retrieved from the Vault on construction. (It is also immutable in the Vault.)
*/functiongetProtocolFeesCollector() publicviewreturns (IProtocolFeesCollector) {
return _protocolFeesCollector;
}
/**
* @notice Set the swap fee percentage.
* @dev This is a permissioned function, and disabled if the pool is paused. The swap fee must be within the
* bounds set by MIN_SWAP_FEE_PERCENTAGE/MAX_SWAP_FEE_PERCENTAGE. Emits the SwapFeePercentageChanged event.
*/functionsetSwapFeePercentage(uint256 swapFeePercentage) publicvirtualoverrideauthenticatewhenNotPaused{
_setSwapFeePercentage(swapFeePercentage);
}
function_setSwapFeePercentage(uint256 swapFeePercentage) internalvirtual{
_require(swapFeePercentage >= _getMinSwapFeePercentage(), Errors.MIN_SWAP_FEE_PERCENTAGE);
_require(swapFeePercentage <= _getMaxSwapFeePercentage(), Errors.MAX_SWAP_FEE_PERCENTAGE);
_miscData = _miscData.insertUint(
swapFeePercentage,
_SWAP_FEE_PERCENTAGE_OFFSET,
_SWAP_FEE_PERCENTAGE_BIT_LENGTH
);
emit SwapFeePercentageChanged(swapFeePercentage);
}
function_getMinSwapFeePercentage() internalpurevirtualreturns (uint256) {
return _MIN_SWAP_FEE_PERCENTAGE;
}
function_getMaxSwapFeePercentage() internalpurevirtualreturns (uint256) {
return _MAX_SWAP_FEE_PERCENTAGE;
}
/**
* @notice Returns whether the pool is in Recovery Mode.
*/functioninRecoveryMode() publicviewoverridereturns (bool) {
return _miscData.decodeBool(_RECOVERY_MODE_BIT_OFFSET);
}
/**
* @dev Sets the recoveryMode state, and emits the corresponding event.
*/function_setRecoveryMode(bool enabled) internalvirtualoverride{
_miscData = _miscData.insertBool(enabled, _RECOVERY_MODE_BIT_OFFSET);
emit RecoveryModeStateChanged(enabled);
// Some pools need to update their state when leaving recovery mode to ensure proper functioning of the Pool.// We do not allow an `_onEnableRecoveryMode()` hook as this may jeopardize the ability to enable Recovery mode.if (!enabled) _onDisableRecoveryMode();
}
/**
* @dev Performs any necessary actions on the disabling of Recovery Mode.
* This is usually to reset any fee collection mechanisms to ensure that they operate correctly going forward.
*/function_onDisableRecoveryMode() internalvirtual{}
/**
* @notice Set the asset manager parameters for the given token.
* @dev This is a permissioned function, unavailable when the pool is paused.
* The details of the configuration data are set by each Asset Manager. (For an example, see
* `RewardsAssetManager`.)
*/functionsetAssetManagerPoolConfig(IERC20 token, bytesmemory poolConfig)
publicvirtualoverrideauthenticatewhenNotPaused{
_setAssetManagerPoolConfig(token, poolConfig);
}
function_setAssetManagerPoolConfig(IERC20 token, bytesmemory poolConfig) private{
bytes32 poolId = getPoolId();
(, , , address assetManager) = getVault().getPoolTokenInfo(poolId, token);
IAssetManager(assetManager).setConfig(poolId, poolConfig);
}
/**
* @notice Pause the pool: an emergency action which disables all pool functions.
* @dev This is a permissioned function that will only work during the Pause Window set during pool factory
* deployment (see `TemporarilyPausable`).
*/functionpause() externalauthenticate{
_setPaused(true);
}
/**
* @notice Reverse a `pause` operation, and restore a pool to normal functionality.
* @dev This is a permissioned function that will only work on a paused pool within the Buffer Period set during
* pool factory deployment (see `TemporarilyPausable`). Note that any paused pools will automatically unpause
* after the Buffer Period expires.
*/functionunpause() externalauthenticate{
_setPaused(false);
}
function_isOwnerOnlyAction(bytes32 actionId) internalviewvirtualoverridereturns (bool) {
return
(actionId == getActionId(this.setSwapFeePercentage.selector)) ||
(actionId == getActionId(this.setAssetManagerPoolConfig.selector)) ||super._isOwnerOnlyAction(actionId);
}
function_getMiscData() internalviewreturns (bytes32) {
return _miscData;
}
/**
* @dev Inserts data into the least-significant 192 bits of the misc data storage slot.
* Note that the remaining 64 bits are used for the swap fee percentage and cannot be overloaded.
*/function_setMiscData(bytes32 newData) internal{
_miscData = _miscData.insertBits192(newData, 0);
}
// Join / Exit HooksmodifieronlyVault(bytes32 poolId) {
_require(msg.sender==address(getVault()), Errors.CALLER_NOT_VAULT);
_require(poolId == getPoolId(), Errors.INVALID_POOL_ID);
_;
}
/**
* @notice Vault hook for adding liquidity to a pool (including the first time, "initializing" the pool).
* @dev This function can only be called from the Vault, from `joinPool`.
*/functiononJoinPool(bytes32 poolId,
address sender,
address recipient,
uint256[] memory balances,
uint256 lastChangeBlock,
uint256 protocolSwapFeePercentage,
bytesmemory userData
) externaloverrideonlyVault(poolId) returns (uint256[] memory, uint256[] memory) {
_beforeSwapJoinExit();
uint256[] memory scalingFactors = _scalingFactors();
if (totalSupply() ==0) {
(uint256 bptAmountOut, uint256[] memory amountsIn) = _onInitializePool(
poolId,
sender,
recipient,
scalingFactors,
userData
);
// On initialization, we lock _getMinimumBpt() by minting it for the zero address. This BPT acts as a// minimum as it will never be burned, which reduces potential issues with rounding, and also prevents the// Pool from ever being fully drained.
_require(bptAmountOut >= _getMinimumBpt(), Errors.MINIMUM_BPT);
_mintPoolTokens(address(0), _getMinimumBpt());
_mintPoolTokens(recipient, bptAmountOut - _getMinimumBpt());
// amountsIn are amounts entering the Pool, so we round up.
_downscaleUpArray(amountsIn, scalingFactors);
return (amountsIn, newuint256[](balances.length));
} else {
_upscaleArray(balances, scalingFactors);
(uint256 bptAmountOut, uint256[] memory amountsIn) = _onJoinPool(
poolId,
sender,
recipient,
balances,
lastChangeBlock,
inRecoveryMode() ? 0 : protocolSwapFeePercentage, // Protocol fees are disabled while in recovery mode
scalingFactors,
userData
);
// Note we no longer use `balances` after calling `_onJoinPool`, which may mutate it.
_mintPoolTokens(recipient, bptAmountOut);
// amountsIn are amounts entering the Pool, so we round up.
_downscaleUpArray(amountsIn, scalingFactors);
// This Pool ignores the `dueProtocolFees` return value, so we simply return a zeroed-out array.return (amountsIn, newuint256[](balances.length));
}
}
/**
* @notice Vault hook for removing liquidity from a pool.
* @dev This function can only be called from the Vault, from `exitPool`.
*/functiononExitPool(bytes32 poolId,
address sender,
address recipient,
uint256[] memory balances,
uint256 lastChangeBlock,
uint256 protocolSwapFeePercentage,
bytesmemory userData
) externaloverrideonlyVault(poolId) returns (uint256[] memory, uint256[] memory) {
uint256[] memory amountsOut;
uint256 bptAmountIn;
// When a user calls `exitPool`, this is the first point of entry from the Vault.// We first check whether this is a Recovery Mode exit - if so, we proceed using this special lightweight exit// mechanism which avoids computing any complex values, interacting with external contracts, etc., and generally// should always work, even if the Pool's mathematics or a dependency break down.if (userData.isRecoveryModeExitKind()) {
// This exit kind is only available in Recovery Mode.
_ensureInRecoveryMode();
// Note that we don't upscale balances nor downscale amountsOut - we don't care about scaling factors during// a recovery mode exit.
(bptAmountIn, amountsOut) = _doRecoveryModeExit(balances, totalSupply(), userData);
} else {
// Note that we only call this if we're not in a recovery mode exit.
_beforeSwapJoinExit();
uint256[] memory scalingFactors = _scalingFactors();
_upscaleArray(balances, scalingFactors);
(bptAmountIn, amountsOut) = _onExitPool(
poolId,
sender,
recipient,
balances,
lastChangeBlock,
inRecoveryMode() ? 0 : protocolSwapFeePercentage, // Protocol fees are disabled while in recovery mode
scalingFactors,
userData
);
// amountsOut are amounts exiting the Pool, so we round down.
_downscaleDownArray(amountsOut, scalingFactors);
}
// Note we no longer use `balances` after calling `_onExitPool`, which may mutate it.
_burnPoolTokens(sender, bptAmountIn);
// This Pool ignores the `dueProtocolFees` return value, so we simply return a zeroed-out array.return (amountsOut, newuint256[](balances.length));
}
// Query functions/**
* @notice "Dry run" `onJoinPool`.
* @dev Returns the amount of BPT that would be granted to `recipient` if the `onJoinPool` hook were called by the
* Vault with the same arguments, along with the number of tokens `sender` would have to supply.
*
* This function is not meant to be called directly, but rather from a helper contract that fetches current Vault
* data, such as the protocol swap fee percentage and Pool balances.
*
* Like `IVault.queryBatchSwap`, this function is not view due to internal implementation details: the caller must
* explicitly use eth_call instead of eth_sendTransaction.
*/functionqueryJoin(bytes32 poolId,
address sender,
address recipient,
uint256[] memory balances,
uint256 lastChangeBlock,
uint256 protocolSwapFeePercentage,
bytesmemory userData
) externaloverridereturns (uint256 bptOut, uint256[] memory amountsIn) {
InputHelpers.ensureInputLengthMatch(balances.length, _getTotalTokens());
_queryAction(
poolId,
sender,
recipient,
balances,
lastChangeBlock,
protocolSwapFeePercentage,
userData,
_onJoinPool,
_downscaleUpArray
);
// The `return` opcode is executed directly inside `_queryAction`, so execution never reaches this statement,// and we don't need to return anything here - it just silences compiler warnings.return (bptOut, amountsIn);
}
/**
* @notice "Dry run" `onExitPool`.
* @dev Returns the amount of BPT that would be burned from `sender` if the `onExitPool` hook were called by the
* Vault with the same arguments, along with the number of tokens `recipient` would receive.
*
* This function is not meant to be called directly, but rather from a helper contract that fetches current Vault
* data, such as the protocol swap fee percentage and Pool balances.
*
* Like `IVault.queryBatchSwap`, this function is not view due to internal implementation details: the caller must
* explicitly use eth_call instead of eth_sendTransaction.
*/functionqueryExit(bytes32 poolId,
address sender,
address recipient,
uint256[] memory balances,
uint256 lastChangeBlock,
uint256 protocolSwapFeePercentage,
bytesmemory userData
) externaloverridereturns (uint256 bptIn, uint256[] memory amountsOut) {
InputHelpers.ensureInputLengthMatch(balances.length, _getTotalTokens());
_queryAction(
poolId,
sender,
recipient,
balances,
lastChangeBlock,
protocolSwapFeePercentage,
userData,
_onExitPool,
_downscaleDownArray
);
// The `return` opcode is executed directly inside `_queryAction`, so execution never reaches this statement,// and we don't need to return anything here - it just silences compiler warnings.return (bptIn, amountsOut);
}
// Internal hooks to be overridden by derived contracts - all token amounts (except BPT) in these interfaces are// upscaled./**
* @dev Called when the Pool is joined for the first time; that is, when the BPT total supply is zero.
*
* Returns the amount of BPT to mint, and the token amounts the Pool will receive in return.
*
* Minted BPT will be sent to `recipient`, except for _getMinimumBpt(), which will be deducted from this amount and
* sent to the zero address instead. This will cause that BPT to remain forever locked there, preventing total BTP
* from ever dropping below that value, and ensuring `_onInitializePool` can only be called once in the entire
* Pool's lifetime.
*
* The tokens granted to the Pool will be transferred from `sender`. These amounts are considered upscaled and will
* be downscaled (rounding up) before being returned to the Vault.
*/function_onInitializePool(bytes32 poolId,
address sender,
address recipient,
uint256[] memory scalingFactors,
bytesmemory userData
) internalvirtualreturns (uint256 bptAmountOut, uint256[] memory amountsIn);
/**
* @dev Called whenever the Pool is joined after the first initialization join (see `_onInitializePool`).
*
* Returns the amount of BPT to mint, the token amounts that the Pool will receive in return, and the number of
* tokens to pay in protocol swap fees.
*
* Implementations of this function might choose to mutate the `balances` array to save gas (e.g. when
* performing intermediate calculations, such as subtraction of due protocol fees). This can be done safely.
*
* Minted BPT will be sent to `recipient`.
*
* The tokens granted to the Pool will be transferred from `sender`. These amounts are considered upscaled and will
* be downscaled (rounding up) before being returned to the Vault.
*
* Due protocol swap fees will be taken from the Pool's balance in the Vault (see `IBasePool.onJoinPool`). These
* amounts are considered upscaled and will be downscaled (rounding down) before being returned to the Vault.
*/function_onJoinPool(bytes32 poolId,
address sender,
address recipient,
uint256[] memory balances,
uint256 lastChangeBlock,
uint256 protocolSwapFeePercentage,
uint256[] memory scalingFactors,
bytesmemory userData
) internalvirtualreturns (uint256 bptAmountOut, uint256[] memory amountsIn);
/**
* @dev Called whenever the Pool is exited.
*
* Returns the amount of BPT to burn, the token amounts for each Pool token that the Pool will grant in return, and
* the number of tokens to pay in protocol swap fees.
*
* Implementations of this function might choose to mutate the `balances` array to save gas (e.g. when
* performing intermediate calculations, such as subtraction of due protocol fees). This can be done safely.
*
* BPT will be burnt from `sender`.
*
* The Pool will grant tokens to `recipient`. These amounts are considered upscaled and will be downscaled
* (rounding down) before being returned to the Vault.
*
* Due protocol swap fees will be taken from the Pool's balance in the Vault (see `IBasePool.onExitPool`). These
* amounts are considered upscaled and will be downscaled (rounding down) before being returned to the Vault.
*/function_onExitPool(bytes32 poolId,
address sender,
address recipient,
uint256[] memory balances,
uint256 lastChangeBlock,
uint256 protocolSwapFeePercentage,
uint256[] memory scalingFactors,
bytesmemory userData
) internalvirtualreturns (uint256 bptAmountIn, uint256[] memory amountsOut);
/**
* @dev Called at the very beginning of swaps, joins and exits, even before the scaling factors are read. Derived
* contracts can extend this implementation to perform any state-changing operations they might need (including e.g.
* updating the scaling factors),
*
* The only scenario in which this function is not called is during a recovery mode exit. This makes it safe to
* perform non-trivial computations or interact with external dependencies here, as recovery mode will not be
* affected.
*
* Since this contract does not implement swaps, derived contracts must also make sure this function is called on
* swap handlers.
*/function_beforeSwapJoinExit() internalvirtual{
// All joins, exits and swaps are disabled (except recovery mode exits).
_ensureNotPaused();
}
// Internal functions/**
* @dev Pays protocol fees by minting `bptAmount` to the Protocol Fee Collector.
*/function_payProtocolFees(uint256 bptAmount) internal{
_mintPoolTokens(address(getProtocolFeesCollector()), bptAmount);
}
/**
* @dev Adds swap fee amount to `amount`, returning a higher value.
*/function_addSwapFeeAmount(uint256 amount) internalviewreturns (uint256) {
// This returns amount + fee amount, so we round up (favoring a higher fee amount).return amount.divUp(getSwapFeePercentage().complement());
}
/**
* @dev Subtracts swap fee amount from `amount`, returning a lower value.
*/function_subtractSwapFeeAmount(uint256 amount) internalviewreturns (uint256) {
// This returns amount - fee amount, so we round up (favoring a higher fee amount).uint256 feeAmount = amount.mulUp(getSwapFeePercentage());
return amount.sub(feeAmount);
}
// Scaling/**
* @dev Returns a scaling factor that, when multiplied to a token amount for `token`, normalizes its balance as if
* it had 18 decimals.
*/function_computeScalingFactor(IERC20 token) internalviewreturns (uint256) {
if (address(token) ==address(this)) {
return FixedPoint.ONE;
}
// Tokens that don't implement the `decimals` method are not supported.uint256 tokenDecimals = ERC20(address(token)).decimals();
// Tokens with more than 18 decimals are not supported.uint256 decimalsDifference = Math.sub(18, tokenDecimals);
return FixedPoint.ONE *10**decimalsDifference;
}
/**
* @dev Returns the scaling factor for one of the Pool's tokens. Reverts if `token` is not a token registered by the
* Pool.
*
* All scaling factors are fixed-point values with 18 decimals, to allow for this function to be overridden by
* derived contracts that need to apply further scaling, making these factors potentially non-integer.
*
* The largest 'base' scaling factor (i.e. in tokens with less than 18 decimals) is 10**18, which in fixed-point is
* 10**36. This value can be multiplied with a 112 bit Vault balance with no overflow by a factor of ~1e7, making
* even relatively 'large' factors safe to use.
*
* The 1e7 figure is the result of 2**256 / (1e18 * 1e18 * 2**112).
*/function_scalingFactor(IERC20 token) internalviewvirtualreturns (uint256);
/**
* @dev Same as `_scalingFactor()`, except for all registered tokens (in the same order as registered). The Vault
* will always pass balances in this order when calling any of the Pool hooks.
*/function_scalingFactors() internalviewvirtualreturns (uint256[] memory);
functiongetScalingFactors() externalviewoverridereturns (uint256[] memory) {
return _scalingFactors();
}
/**
* @dev Applies `scalingFactor` to `amount`, resulting in a larger or equal value depending on whether it needed
* scaling or not.
*/function_upscale(uint256 amount, uint256 scalingFactor) internalpurereturns (uint256) {
// Upscale rounding wouldn't necessarily always go in the same direction: in a swap for example the balance of// token in should be rounded up, and that of token out rounded down. This is the only place where we round in// the same direction for all amounts, as the impact of this rounding is expected to be minimal (and there's no// rounding error unless `_scalingFactor()` is overriden).return FixedPoint.mulDown(amount, scalingFactor);
}
/**
* @dev Same as `_upscale`, but for an entire array. This function does not return anything, but instead *mutates*
* the `amounts` array.
*/function_upscaleArray(uint256[] memory amounts, uint256[] memory scalingFactors) internalpure{
uint256 length = amounts.length;
InputHelpers.ensureInputLengthMatch(length, scalingFactors.length);
for (uint256 i =0; i < length; ++i) {
amounts[i] = FixedPoint.mulDown(amounts[i], scalingFactors[i]);
}
}
/**
* @dev Reverses the `scalingFactor` applied to `amount`, resulting in a smaller or equal value depending on
* whether it needed scaling or not. The result is rounded down.
*/function_downscaleDown(uint256 amount, uint256 scalingFactor) internalpurereturns (uint256) {
return FixedPoint.divDown(amount, scalingFactor);
}
/**
* @dev Same as `_downscaleDown`, but for an entire array. This function does not return anything, but instead
* *mutates* the `amounts` array.
*/function_downscaleDownArray(uint256[] memory amounts, uint256[] memory scalingFactors) internalpure{
uint256 length = amounts.length;
InputHelpers.ensureInputLengthMatch(length, scalingFactors.length);
for (uint256 i =0; i < length; ++i) {
amounts[i] = FixedPoint.divDown(amounts[i], scalingFactors[i]);
}
}
/**
* @dev Reverses the `scalingFactor` applied to `amount`, resulting in a smaller or equal value depending on
* whether it needed scaling or not. The result is rounded up.
*/function_downscaleUp(uint256 amount, uint256 scalingFactor) internalpurereturns (uint256) {
return FixedPoint.divUp(amount, scalingFactor);
}
/**
* @dev Same as `_downscaleUp`, but for an entire array. This function does not return anything, but instead
* *mutates* the `amounts` array.
*/function_downscaleUpArray(uint256[] memory amounts, uint256[] memory scalingFactors) internalpure{
uint256 length = amounts.length;
InputHelpers.ensureInputLengthMatch(length, scalingFactors.length);
for (uint256 i =0; i < length; ++i) {
amounts[i] = FixedPoint.divUp(amounts[i], scalingFactors[i]);
}
}
function_getAuthorizer() internalviewoverridereturns (IAuthorizer) {
// Access control management is delegated to the Vault's Authorizer. This lets Balancer Governance manage which// accounts can call permissioned functions: for example, to perform emergency pauses.// If the owner is delegated, then *all* permissioned functions, including `setSwapFeePercentage`, will be under// Governance control.return getVault().getAuthorizer();
}
function_queryAction(bytes32 poolId,
address sender,
address recipient,
uint256[] memory balances,
uint256 lastChangeBlock,
uint256 protocolSwapFeePercentage,
bytesmemory userData,
function(bytes32, address, address, uint256[] memory, uint256, uint256, uint256[] memory, bytesmemory)
internalreturns (uint256, uint256[] memory) _action,
function(uint256[] memory, uint256[] memory) internalview _downscaleArray
) private{
// This uses the same technique used by the Vault in queryBatchSwap. Refer to that function for a detailed// explanation.if (msg.sender!=address(this)) {
// We perform an external call to ourselves, forwarding the same calldata. In this call, the else clause of// the preceding if statement will be executed instead.// solhint-disable-next-line avoid-low-level-calls
(bool success, ) =address(this).call(msg.data);
// solhint-disable-next-line no-inline-assemblyassembly {
// This call should always revert to decode the bpt and token amounts from the revert reasonswitch success
case0 {
// Note we are manually writing the memory slot 0. We can safely overwrite whatever is// stored there as we take full control of the execution and then immediately return.// We copy the first 4 bytes to check if it matches with the expected signature, otherwise// there was another revert reason and we should forward it.returndatacopy(0, 0, 0x04)
let error :=and(mload(0), 0xffffffff00000000000000000000000000000000000000000000000000000000)
// If the first 4 bytes don't match with the expected signature, we forward the revert reason.ifeq(eq(error, 0x43adbafb00000000000000000000000000000000000000000000000000000000), 0) {
returndatacopy(0, 0, returndatasize())
revert(0, returndatasize())
}
// The returndata contains the signature, followed by the raw memory representation of the// `bptAmount` and `tokenAmounts` (array: length + data). We need to return an ABI-encoded// representation of these.// An ABI-encoded response will include one additional field to indicate the starting offset of// the `tokenAmounts` array. The `bptAmount` will be laid out in the first word of the// returndata.//// In returndata:// [ signature ][ bptAmount ][ tokenAmounts length ][ tokenAmounts values ]// [ 4 bytes ][ 32 bytes ][ 32 bytes ][ (32 * length) bytes ]//// We now need to return (ABI-encoded values):// [ bptAmount ][ tokeAmounts offset ][ tokenAmounts length ][ tokenAmounts values ]// [ 32 bytes ][ 32 bytes ][ 32 bytes ][ (32 * length) bytes ]// We copy 32 bytes for the `bptAmount` from returndata into memory.// Note that we skip the first 4 bytes for the error signaturereturndatacopy(0, 0x04, 32)
// The offsets are 32-bytes long, so the array of `tokenAmounts` will start after// the initial 64 bytes.mstore(0x20, 64)
// We now copy the raw memory array for the `tokenAmounts` from returndata into memory.// Since bpt amount and offset take up 64 bytes, we start copying at address 0x40. We also// skip the first 36 bytes from returndata, which correspond to the signature plus bpt amount.returndatacopy(0x40, 0x24, sub(returndatasize(), 36))
// We finally return the ABI-encoded uint256 and the array, which has a total length equal to// the size of returndata, plus the 32 bytes of the offset but without the 4 bytes of the// error signature.return(0, add(returndatasize(), 28))
}
default {
// This call should always revert, but we fail nonetheless if that didn't happeninvalid()
}
}
} else {
// This imitates the relevant parts of the bodies of onJoin and onExit. Since they're not virtual, we know// that their implementations will match this regardless of what derived contracts might do.
_beforeSwapJoinExit();
uint256[] memory scalingFactors = _scalingFactors();
_upscaleArray(balances, scalingFactors);
(uint256 bptAmount, uint256[] memory tokenAmounts) = _action(
poolId,
sender,
recipient,
balances,
lastChangeBlock,
protocolSwapFeePercentage,
scalingFactors,
userData
);
_downscaleArray(tokenAmounts, scalingFactors);
// solhint-disable-next-line no-inline-assemblyassembly {
// We will return a raw representation of `bptAmount` and `tokenAmounts` in memory, which is composed of// a 32-byte uint256, followed by a 32-byte for the array length, and finally the 32-byte uint256 values// Because revert expects a size in bytes, we multiply the array length (stored at `tokenAmounts`) by 32let size :=mul(mload(tokenAmounts), 32)
// We store the `bptAmount` in the previous slot to the `tokenAmounts` array. We can make sure there// will be at least one available slot due to how the memory scratch space works.// We can safely overwrite whatever is stored in this slot as we will revert immediately after that.let start :=sub(tokenAmounts, 0x20)
mstore(start, bptAmount)
// We send one extra value for the error signature "QueryError(uint256,uint256[])" which is 0x43adbafb// We use the previous slot to `bptAmount`.mstore(sub(start, 0x20), 0x0000000000000000000000000000000000000000000000000000000043adbafb)
start :=sub(start, 0x04)
// When copying from `tokenAmounts` into returndata, we copy the additional 68 bytes to also return// the `bptAmount`, the array 's length, and the error signature.revert(start, add(size, 68))
}
}
}
}
Contract Source Code
File 6 of 52: BasePoolAuthorization.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;import"@balancer-labs/v2-interfaces/contracts/vault/IAuthorizer.sol";
import"@balancer-labs/v2-solidity-utils/contracts/helpers/Authentication.sol";
/**
* @dev Base authorization layer implementation for Pools.
*
* The owner account can call some of the permissioned functions - access control of the rest is delegated to the
* Authorizer. Note that this owner is immutable: more sophisticated permission schemes, such as multiple ownership,
* granular roles, etc., could be built on top of this by making the owner a smart contract.
*
* Access control of all other permissioned functions is delegated to an Authorizer. It is also possible to delegate
* control of *all* permissioned functions to the Authorizer by setting the owner address to `_DELEGATE_OWNER`.
*/abstractcontractBasePoolAuthorizationisAuthentication{
addressprivateimmutable _owner;
addressprivateconstant _DELEGATE_OWNER =0xBA1BA1ba1BA1bA1bA1Ba1BA1ba1BA1bA1ba1ba1B;
constructor(address owner) {
_owner = owner;
}
functiongetOwner() publicviewreturns (address) {
return _owner;
}
functiongetAuthorizer() externalviewreturns (IAuthorizer) {
return _getAuthorizer();
}
function_canPerform(bytes32 actionId, address account) internalviewoverridereturns (bool) {
if ((getOwner() != _DELEGATE_OWNER) && _isOwnerOnlyAction(actionId)) {
// Only the owner can perform "owner only" actions, unless the owner is delegated.returnmsg.sender== getOwner();
} else {
// Non-owner actions are always processed via the Authorizer, as "owner only" ones are when delegated.return _getAuthorizer().canPerform(actionId, account, address(this));
}
}
function_isOwnerOnlyAction(bytes32) internalviewvirtualreturns (bool) {
returnfalse;
}
function_getAuthorizer() internalviewvirtualreturns (IAuthorizer);
}
Contract Source Code
File 7 of 52: BasePoolUserData.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;libraryBasePoolUserData{
// Special ExitKind for all pools, used in Recovery Mode. Use the max 8-bit value to prevent conflicts// with future additions to the ExitKind enums (or any front-end code that maps to existing values)uint8publicconstant RECOVERY_MODE_EXIT_KIND =255;
// Return true if this is the special exit kind.functionisRecoveryModeExitKind(bytesmemoryself) internalpurereturns (bool) {
// Check for the "no data" case, or abi.decode would revertreturnself.length>0&&abi.decode(self, (uint8)) == RECOVERY_MODE_EXIT_KIND;
}
// Parse the bptAmountIn out of the userDatafunctionrecoveryModeExit(bytesmemoryself) internalpurereturns (uint256 bptAmountIn) {
(, bptAmountIn) =abi.decode(self, (uint8, uint256));
}
}
Contract Source Code
File 8 of 52: ComposableStablePool.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;pragmaexperimentalABIEncoderV2;import"@balancer-labs/v2-interfaces/contracts/pool-stable/StablePoolUserData.sol";
import"@balancer-labs/v2-interfaces/contracts/solidity-utils/helpers/BalancerErrors.sol";
import"@balancer-labs/v2-interfaces/contracts/standalone-utils/IProtocolFeePercentagesProvider.sol";
import"@balancer-labs/v2-interfaces/contracts/pool-utils/IRateProvider.sol";
import"@balancer-labs/v2-interfaces/contracts/pool-utils/IVersion.sol";
import"@balancer-labs/v2-solidity-utils/contracts/math/FixedPoint.sol";
import"@balancer-labs/v2-solidity-utils/contracts/math/Math.sol";
import"@balancer-labs/v2-solidity-utils/contracts/helpers/ERC20Helpers.sol";
import"@balancer-labs/v2-solidity-utils/contracts/helpers/InputHelpers.sol";
import"@balancer-labs/v2-pool-utils/contracts/BaseGeneralPool.sol";
import"@balancer-labs/v2-pool-utils/contracts/rates/PriceRateCache.sol";
import"./ComposableStablePoolStorage.sol";
import"./ComposableStablePoolRates.sol";
import"./ComposableStablePoolStorage.sol";
import"./ComposableStablePoolRates.sol";
import"./ComposableStablePoolProtocolFees.sol";
import"./StablePoolAmplification.sol";
import"./StableMath.sol";
/**
* @dev StablePool with preminted BPT and rate providers for each token, allowing for e.g. wrapped tokens with a known
* price ratio, such as Compound's cTokens.
*
* BPT is preminted on Pool initialization and registered as one of the Pool's tokens, allowing for swaps to behave as
* single-token joins or exits (by swapping a token for BPT). We also support regular joins and exits, which can mint
* and burn BPT.
*
* Preminted BPT is deposited in the Vault as the initial balance of the Pool, and doesn't belong to any entity until
* transferred out of the Pool. The Pool's arithmetic behaves as if it didn't exist, and the BPT total supply is not
* a useful value: we rely on the 'virtual supply' (how much BPT is actually owned outside the Vault) instead.
*/contractComposableStablePoolisIRateProvider,
IVersion,
BaseGeneralPool,
StablePoolAmplification,
ComposableStablePoolRates,
ComposableStablePoolProtocolFees{
usingFixedPointforuint256;
usingPriceRateCacheforbytes32;
usingStablePoolUserDataforbytes;
usingBasePoolUserDataforbytes;
// The maximum imposed by the Vault, which stores balances in a packed format, is 2**(112) - 1.// We are preminting half of that value (rounded up).uint256privateconstant _PREMINTED_TOKEN_BALANCE =2**(111);
stringprivate _version;
// The constructor arguments are received in a struct to work around stack-too-deep issuesstructNewPoolParams {
IVault vault;
IProtocolFeePercentagesProvider protocolFeeProvider;
string name;
string symbol;
IERC20[] tokens;
IRateProvider[] rateProviders;
uint256[] tokenRateCacheDurations;
bool exemptFromYieldProtocolFeeFlag;
uint256 amplificationParameter;
uint256 swapFeePercentage;
uint256 pauseWindowDuration;
uint256 bufferPeriodDuration;
address owner;
string version;
}
constructor(NewPoolParams memory params)
BasePool(
params.vault,
IVault.PoolSpecialization.GENERAL,
params.name,
params.symbol,
_insertSorted(params.tokens, IERC20(this)),
newaddress[](params.tokens.length + 1),
params.swapFeePercentage,
params.pauseWindowDuration,
params.bufferPeriodDuration,
params.owner
)
StablePoolAmplification(params.amplificationParameter)
ComposableStablePoolStorage(_extractStorageParams(params))
ComposableStablePoolRates(_extractRatesParams(params))
ProtocolFeeCache(params.protocolFeeProvider, ProtocolFeeCache.DELEGATE_PROTOCOL_SWAP_FEES_SENTINEL)
{
_version = params.version;
}
// Translate parameters to avoid stack-too-deep issues in the constructorfunction_extractRatesParams(NewPoolParams memory params)
privatepurereturns (ComposableStablePoolRates.RatesParams memory)
{
return
ComposableStablePoolRates.RatesParams({
tokens: params.tokens,
rateProviders: params.rateProviders,
tokenRateCacheDurations: params.tokenRateCacheDurations
});
}
// Translate parameters to avoid stack-too-deep issues in the constructorfunction_extractStorageParams(NewPoolParams memory params)
privateviewreturns (ComposableStablePoolStorage.StorageParams memory)
{
return
ComposableStablePoolStorage.StorageParams({
registeredTokens: _insertSorted(params.tokens, IERC20(this)),
tokenRateProviders: params.rateProviders,
exemptFromYieldProtocolFeeFlag: params.exemptFromYieldProtocolFeeFlag
});
}
functionversion() externalviewoverridereturns (stringmemory) {
return _version;
}
/**
* @notice Return the minimum BPT balance, required to avoid minimum token balances.
* @dev This amount is minted and immediately burned on pool initialization, so that the total supply
* (and therefore post-exit token balances), can never be zero. This keeps the math well-behaved when
* liquidity is low. (It also provides an easy way to check whether a pool has been initialized, to
* ensure this is only done once.)
*/functiongetMinimumBpt() externalpurereturns (uint256) {
return _getMinimumBpt();
}
// BasePool hook/**
* @dev Override base pool hook invoked before any swap, join, or exit to ensure rates are updated before
* the operation.
*/function_beforeSwapJoinExit() internaloverride{
super._beforeSwapJoinExit();
// Before the scaling factors are read, we must update the cached rates, as those will be used to compute the// scaling factors.// Note that this is not done in a recovery mode exit (since _beforeSwapjoinExit() is not called under those// conditions), but this is fine as recovery mode exits are unaffected by scaling factors anyway.
_cacheTokenRatesIfNecessary();
}
// Swap Hooks/**
* @dev Override this hook called by the base class `onSwap`, to check whether we are doing a regular swap,
* or a swap involving BPT, which is equivalent to a single token join or exit. Since one of the Pool's
* tokens is the preminted BPT, we need to handle swaps where BPT is involved separately.
*
* At this point, the balances are unscaled. The indices are coming from the Vault, so they are indices into
* the array of registered tokens (including BPT).
*
* If this is a swap involving BPT, call `_swapWithBpt`, which computes the amountOut using the swapFeePercentage
* and charges protocol fees, in the same manner as single token join/exits. Otherwise, perform the default
* processing for a regular swap.
*/function_swapGivenIn(
SwapRequest memory swapRequest,
uint256[] memory registeredBalances,
uint256 registeredIndexIn,
uint256 registeredIndexOut,
uint256[] memory scalingFactors
) internalvirtualoverridereturns (uint256) {
return
(swapRequest.tokenIn == IERC20(this) || swapRequest.tokenOut == IERC20(this))
? _swapWithBpt(swapRequest, registeredBalances, registeredIndexIn, registeredIndexOut, scalingFactors)
: super._swapGivenIn(
swapRequest,
registeredBalances,
registeredIndexIn,
registeredIndexOut,
scalingFactors
);
}
/**
* @dev Override this hook called by the base class `onSwap`, to check whether we are doing a regular swap,
* or a swap involving BPT, which is equivalent to a single token join or exit. Since one of the Pool's
* tokens is the preminted BPT, we need to handle swaps where BPT is involved separately.
*
* At this point, the balances are unscaled. The indices and balances are coming from the Vault, so they
* refer to the full set of registered tokens (including BPT).
*
* If this is a swap involving BPT, call `_swapWithBpt`, which computes the amountOut using the swapFeePercentage
* and charges protocol fees, in the same manner as single token join/exits. Otherwise, perform the default
* processing for a regular swap.
*/function_swapGivenOut(
SwapRequest memory swapRequest,
uint256[] memory registeredBalances,
uint256 registeredIndexIn,
uint256 registeredIndexOut,
uint256[] memory scalingFactors
) internalvirtualoverridereturns (uint256) {
return
(swapRequest.tokenIn == IERC20(this) || swapRequest.tokenOut == IERC20(this))
? _swapWithBpt(swapRequest, registeredBalances, registeredIndexIn, registeredIndexOut, scalingFactors)
: super._swapGivenOut(
swapRequest,
registeredBalances,
registeredIndexIn,
registeredIndexOut,
scalingFactors
);
}
/**
* @dev This is called from the base class `_swapGivenIn`, so at this point the amount has been adjusted
* for swap fees, and balances have had scaling applied. This will only be called for regular (non-BPT) swaps,
* so forward to `onRegularSwap`.
*/function_onSwapGivenIn(
SwapRequest memory request,
uint256[] memory registeredBalances,
uint256 registeredIndexIn,
uint256 registeredIndexOut
) internalvirtualoverridereturns (uint256) {
return
_onRegularSwap(
true, // given in
request.amount,
registeredBalances,
registeredIndexIn,
registeredIndexOut
);
}
/**
* @dev This is called from the base class `_swapGivenOut`, so at this point the amount has been adjusted
* for swap fees, and balances have had scaling applied. This will only be called for regular (non-BPT) swaps,
* so forward to `onRegularSwap`.
*/function_onSwapGivenOut(
SwapRequest memory request,
uint256[] memory registeredBalances,
uint256 registeredIndexIn,
uint256 registeredIndexOut
) internalvirtualoverridereturns (uint256) {
return
_onRegularSwap(
false, // given out
request.amount,
registeredBalances,
registeredIndexIn,
registeredIndexOut
);
}
/**
* @dev Perform a swap between non-BPT tokens. Scaling and fee adjustments have been performed upstream, so
* all we need to do here is calculate the price quote, depending on the direction of the swap.
*/function_onRegularSwap(bool isGivenIn,
uint256 amountGiven,
uint256[] memory registeredBalances,
uint256 registeredIndexIn,
uint256 registeredIndexOut
) privateviewreturns (uint256) {
// Adjust indices and balances for BPT tokenuint256[] memory balances = _dropBptItem(registeredBalances);
uint256 indexIn = _skipBptIndex(registeredIndexIn);
uint256 indexOut = _skipBptIndex(registeredIndexOut);
(uint256 currentAmp, ) = _getAmplificationParameter();
uint256 invariant = StableMath._calculateInvariant(currentAmp, balances);
if (isGivenIn) {
return StableMath._calcOutGivenIn(currentAmp, balances, indexIn, indexOut, amountGiven, invariant);
} else {
return StableMath._calcInGivenOut(currentAmp, balances, indexIn, indexOut, amountGiven, invariant);
}
}
/**
* @dev Perform a swap involving the BPT token, equivalent to a single-token join or exit. As with the standard
* joins and swaps, we first pay any protocol fees pending from swaps that occurred since the previous join or
* exit, then perform the operation (joinSwap or exitSwap), and finally store the "post operation" invariant and
* amp, which establishes the new basis for protocol fees.
*
* At this point, the scaling factors (including rates) have been computed by the base class, but not yet applied
* to the balances.
*/function_swapWithBpt(
SwapRequest memory swapRequest,
uint256[] memory registeredBalances,
uint256 registeredIndexIn,
uint256 registeredIndexOut,
uint256[] memory scalingFactors
) privatereturns (uint256) {
bool isGivenIn = swapRequest.kind == IVault.SwapKind.GIVEN_IN;
_upscaleArray(registeredBalances, scalingFactors);
swapRequest.amount = _upscale(
swapRequest.amount,
scalingFactors[isGivenIn ? registeredIndexIn : registeredIndexOut]
);
(
uint256 preJoinExitSupply,
uint256[] memory balances,
uint256 currentAmp,
uint256 preJoinExitInvariant
) = _beforeJoinExit(registeredBalances);
// These calls mutate `balances` so that it holds the post join-exit balances.
(uint256 amountCalculated, uint256 postJoinExitSupply) = registeredIndexOut == getBptIndex()
? _doJoinSwap(
isGivenIn,
swapRequest.amount,
balances,
_skipBptIndex(registeredIndexIn),
currentAmp,
preJoinExitSupply,
preJoinExitInvariant
)
: _doExitSwap(
isGivenIn,
swapRequest.amount,
balances,
_skipBptIndex(registeredIndexOut),
currentAmp,
preJoinExitSupply,
preJoinExitInvariant
);
_updateInvariantAfterJoinExit(
currentAmp,
balances,
preJoinExitInvariant,
preJoinExitSupply,
postJoinExitSupply
);
return
isGivenIn
? _downscaleDown(amountCalculated, scalingFactors[registeredIndexOut]) // Amount out, round down
: _downscaleUp(amountCalculated, scalingFactors[registeredIndexIn]); // Amount in, round up
}
/**
* @dev This mutates `balances` so that they become the post-joinswap balances. The StableMath interfaces
* are different depending on the swap direction, so we forward to the appropriate low-level join function.
*/function_doJoinSwap(bool isGivenIn,
uint256 amount,
uint256[] memory balances,
uint256 indexIn,
uint256 currentAmp,
uint256 actualSupply,
uint256 preJoinExitInvariant
) internalviewreturns (uint256, uint256) {
return
isGivenIn
? _joinSwapExactTokenInForBptOut(
amount,
balances,
indexIn,
currentAmp,
actualSupply,
preJoinExitInvariant
)
: _joinSwapExactBptOutForTokenIn(
amount,
balances,
indexIn,
currentAmp,
actualSupply,
preJoinExitInvariant
);
}
/**
* @dev Since this is a join, we know the tokenOut is BPT. Since it is GivenIn, we know the tokenIn amount,
* and must calculate the BPT amount out.
* We are moving preminted BPT out of the Vault, which increases the virtual supply.
*/function_joinSwapExactTokenInForBptOut(uint256 amountIn,
uint256[] memory balances,
uint256 indexIn,
uint256 currentAmp,
uint256 actualSupply,
uint256 preJoinExitInvariant
) internalviewreturns (uint256, uint256) {
// The StableMath function was created with joins in mind, so it expects a full amounts array. We create an// empty one and only set the amount for the token involved.uint256[] memory amountsIn =newuint256[](balances.length);
amountsIn[indexIn] = amountIn;
uint256 bptOut = StableMath._calcBptOutGivenExactTokensIn(
currentAmp,
balances,
amountsIn,
actualSupply,
preJoinExitInvariant,
getSwapFeePercentage()
);
balances[indexIn] = balances[indexIn].add(amountIn);
uint256 postJoinExitSupply = actualSupply.add(bptOut);
return (bptOut, postJoinExitSupply);
}
/**
* @dev Since this is a join, we know the tokenOut is BPT. Since it is GivenOut, we know the BPT amount,
* and must calculate the token amount in.
* We are moving preminted BPT out of the Vault, which increases the virtual supply.
*/function_joinSwapExactBptOutForTokenIn(uint256 bptOut,
uint256[] memory balances,
uint256 indexIn,
uint256 currentAmp,
uint256 actualSupply,
uint256 preJoinExitInvariant
) internalviewreturns (uint256, uint256) {
uint256 amountIn = StableMath._calcTokenInGivenExactBptOut(
currentAmp,
balances,
indexIn,
bptOut,
actualSupply,
preJoinExitInvariant,
getSwapFeePercentage()
);
balances[indexIn] = balances[indexIn].add(amountIn);
uint256 postJoinExitSupply = actualSupply.add(bptOut);
return (amountIn, postJoinExitSupply);
}
/**
* @dev This mutates balances so that they become the post-exitswap balances. The StableMath interfaces are
* different depending on the swap direction, so we forward to the appropriate low-level exit function.
*/function_doExitSwap(bool isGivenIn,
uint256 amount,
uint256[] memory balances,
uint256 indexOut,
uint256 currentAmp,
uint256 actualSupply,
uint256 preJoinExitInvariant
) internalviewreturns (uint256, uint256) {
return
isGivenIn
? _exitSwapExactBptInForTokenOut(
amount,
balances,
indexOut,
currentAmp,
actualSupply,
preJoinExitInvariant
)
: _exitSwapExactTokenOutForBptIn(
amount,
balances,
indexOut,
currentAmp,
actualSupply,
preJoinExitInvariant
);
}
/**
* @dev Since this is an exit, we know the tokenIn is BPT. Since it is GivenIn, we know the BPT amount,
* and must calculate the token amount out.
* We are moving BPT out of circulation and into the Vault, which decreases the virtual supply.
*/function_exitSwapExactBptInForTokenOut(uint256 bptAmount,
uint256[] memory balances,
uint256 indexOut,
uint256 currentAmp,
uint256 actualSupply,
uint256 preJoinExitInvariant
) internalviewreturns (uint256, uint256) {
uint256 amountOut = StableMath._calcTokenOutGivenExactBptIn(
currentAmp,
balances,
indexOut,
bptAmount,
actualSupply,
preJoinExitInvariant,
getSwapFeePercentage()
);
balances[indexOut] = balances[indexOut].sub(amountOut);
uint256 postJoinExitSupply = actualSupply.sub(bptAmount);
return (amountOut, postJoinExitSupply);
}
/**
* @dev Since this is an exit, we know the tokenIn is BPT. Since it is GivenOut, we know the token amount out,
* and must calculate the BPT amount in.
* We are moving BPT out of circulation and into the Vault, which decreases the virtual supply.
*/function_exitSwapExactTokenOutForBptIn(uint256 amountOut,
uint256[] memory balances,
uint256 indexOut,
uint256 currentAmp,
uint256 actualSupply,
uint256 preJoinExitInvariant
) internalviewreturns (uint256, uint256) {
// The StableMath function was created with exits in mind, so it expects a full amounts array. We create an// empty one and only set the amount for the token involved.uint256[] memory amountsOut =newuint256[](balances.length);
amountsOut[indexOut] = amountOut;
uint256 bptAmount = StableMath._calcBptInGivenExactTokensOut(
currentAmp,
balances,
amountsOut,
actualSupply,
preJoinExitInvariant,
getSwapFeePercentage()
);
balances[indexOut] = balances[indexOut].sub(amountOut);
uint256 postJoinExitSupply = actualSupply.sub(bptAmount);
return (bptAmount, postJoinExitSupply);
}
// Join Hooks/**
* Since this Pool has preminted BPT which is stored in the Vault, it cannot simply be minted at construction.
*
* We take advantage of the fact that StablePools have an initialization step where BPT is minted to the first
* account joining them, and perform both actions at once. By minting the entire BPT supply for the initial joiner
* and then pulling all tokens except those due the joiner, we arrive at the desired state of the Pool holding all
* BPT except the joiner's.
*/function_onInitializePool(bytes32,
address sender,
address,
uint256[] memory scalingFactors,
bytesmemory userData
) internaloverridereturns (uint256, uint256[] memory) {
StablePoolUserData.JoinKind kind = userData.joinKind();
_require(kind == StablePoolUserData.JoinKind.INIT, Errors.UNINITIALIZED);
// AmountsIn usually does not include the BPT token; initialization is the one time it has to.uint256[] memory amountsInIncludingBpt = userData.initialAmountsIn();
InputHelpers.ensureInputLengthMatch(amountsInIncludingBpt.length, scalingFactors.length);
_upscaleArray(amountsInIncludingBpt, scalingFactors);
(uint256 amp, ) = _getAmplificationParameter();
uint256[] memory amountsIn = _dropBptItem(amountsInIncludingBpt);
uint256 invariantAfterJoin = StableMath._calculateInvariant(amp, amountsIn);
// Set the initial BPT to the value of the invariantuint256 bptAmountOut = invariantAfterJoin;
// BasePool will mint bptAmountOut for the sender: we then also mint the remaining BPT to make up the total// supply, and have the Vault pull those tokens from the sender as part of the join.// We are only minting half of the maximum value - already an amount many orders of magnitude greater than any// conceivable real liquidity - to allow for minting new BPT as a result of regular joins.//// Note that the sender need not approve BPT for the Vault as the Vault already has infinite BPT allowance for// all accounts.uint256 initialBpt = _PREMINTED_TOKEN_BALANCE.sub(bptAmountOut);
_mintPoolTokens(sender, initialBpt);
amountsInIncludingBpt[getBptIndex()] = initialBpt;
// Initialization is still a join, so we need to do post-join work.
_updatePostJoinExit(amp, invariantAfterJoin);
return (bptAmountOut, amountsInIncludingBpt);
}
/**
* @dev Base pool hook called from `onJoinPool`. Forward to `onJoinExitPool` with `isJoin` set to true.
*/function_onJoinPool(bytes32,
address,
address,
uint256[] memory registeredBalances,
uint256,
uint256,
uint256[] memory scalingFactors,
bytesmemory userData
) internaloverridereturns (uint256, uint256[] memory) {
return _onJoinExitPool(true, registeredBalances, scalingFactors, userData);
}
/**
* @dev Base pool hook called from `onExitPool`. Forward to `onJoinExitPool` with `isJoin` set to false.
* Note that recovery mode exits do not call `_onExitPool`.
*/function_onExitPool(bytes32,
address,
address,
uint256[] memory registeredBalances,
uint256,
uint256,
uint256[] memory scalingFactors,
bytesmemory userData
) internaloverridereturns (uint256, uint256[] memory) {
return _onJoinExitPool(false, registeredBalances, scalingFactors, userData);
}
/**
* @dev Pay protocol fees before the operation, and call `_updateInvariantAfterJoinExit` afterward, to establish
* the new basis for protocol fees.
*/function_onJoinExitPool(bool isJoin,
uint256[] memory registeredBalances,
uint256[] memory scalingFactors,
bytesmemory userData
) internalreturns (uint256, uint256[] memory) {
(
uint256 preJoinExitSupply,
uint256[] memory balances,
uint256 currentAmp,
uint256 preJoinExitInvariant
) = _beforeJoinExit(registeredBalances);
function(uint256[] memory, uint256, uint256, uint256, uint256[] memory, bytesmemory)
internalviewreturns (uint256, uint256[] memory) _doJoinOrExit
= (isJoin ? _doJoin : _doExit);
(uint256 bptAmount, uint256[] memory amountsDelta) = _doJoinOrExit(
balances,
currentAmp,
preJoinExitSupply,
preJoinExitInvariant,
scalingFactors,
userData
);
// Unlike joinswaps, explicit joins do not mutate balances into the post join-exit balances so we must perform// this mutation here.function(uint256, uint256) internalpurereturns (uint256) _addOrSub = isJoin ? FixedPoint.add : FixedPoint.sub;
_mutateAmounts(balances, amountsDelta, _addOrSub);
uint256 postJoinExitSupply = _addOrSub(preJoinExitSupply, bptAmount);
// Pass in the post-join balances to reset the protocol fee basis.// We are minting bptAmount, increasing the total (and virtual) supply post-join
_updateInvariantAfterJoinExit(
currentAmp,
balances,
preJoinExitInvariant,
preJoinExitSupply,
postJoinExitSupply
);
// For clarity and simplicity, arrays used and computed in lower level functions do not include BPT.// But the amountsIn array passed back to the Vault must include BPT, so we add it back in here.return (bptAmount, _addBptItem(amountsDelta, 0));
}
/**
* @dev Pay any due protocol fees and calculate values necessary for performing the join/exit.
*/function_beforeJoinExit(uint256[] memory registeredBalances)
internalreturns (uint256,
uint256[] memory,
uint256,
uint256)
{
(uint256 lastJoinExitAmp, uint256 lastPostJoinExitInvariant) = getLastJoinExitData();
(
uint256 preJoinExitSupply,
uint256[] memory balances,
uint256 oldAmpPreJoinExitInvariant
) = _payProtocolFeesBeforeJoinExit(registeredBalances, lastJoinExitAmp, lastPostJoinExitInvariant);
// If the amplification factor is the same as it was during the last join/exit then we can reuse the// value calculated using the "old" amplification factor. If not, then we have to calculate this now.
(uint256 currentAmp, ) = _getAmplificationParameter();
uint256 preJoinExitInvariant = currentAmp == lastJoinExitAmp
? oldAmpPreJoinExitInvariant
: StableMath._calculateInvariant(currentAmp, balances);
return (preJoinExitSupply, balances, currentAmp, preJoinExitInvariant);
}
/**
* @dev Support single- and multi-token joins, plus explicit proportional joins.
*/function_doJoin(uint256[] memory balances,
uint256 currentAmp,
uint256 preJoinExitSupply,
uint256 preJoinExitInvariant,
uint256[] memory scalingFactors,
bytesmemory userData
) internalviewreturns (uint256, uint256[] memory) {
StablePoolUserData.JoinKind kind = userData.joinKind();
if (kind == StablePoolUserData.JoinKind.EXACT_TOKENS_IN_FOR_BPT_OUT) {
return
_joinExactTokensInForBPTOut(
preJoinExitSupply,
preJoinExitInvariant,
currentAmp,
balances,
scalingFactors,
userData
);
} elseif (kind == StablePoolUserData.JoinKind.ALL_TOKENS_IN_FOR_EXACT_BPT_OUT) {
return _joinAllTokensInForExactBptOut(preJoinExitSupply, balances, userData);
} elseif (kind == StablePoolUserData.JoinKind.TOKEN_IN_FOR_EXACT_BPT_OUT) {
return _joinTokenInForExactBPTOut(preJoinExitSupply, preJoinExitInvariant, currentAmp, balances, userData);
} else {
_revert(Errors.UNHANDLED_JOIN_KIND);
}
}
/**
* @dev Proportional join. Pays no swap fees.
*/function_joinAllTokensInForExactBptOut(uint256 actualSupply,
uint256[] memory balances,
bytesmemory userData
) privatepurereturns (uint256, uint256[] memory) {
uint256 bptAmountOut = userData.allTokensInForExactBptOut();
uint256[] memory amountsIn = StableMath._computeProportionalAmountsIn(balances, bptAmountOut, actualSupply);
return (bptAmountOut, amountsIn);
}
/**
* @dev Multi-token join. Joins with proportional amounts will pay no protocol fees.
*/function_joinExactTokensInForBPTOut(uint256 actualSupply,
uint256 preJoinExitInvariant,
uint256 currentAmp,
uint256[] memory balances,
uint256[] memory scalingFactors,
bytesmemory userData
) privateviewreturns (uint256, uint256[] memory) {
(uint256[] memory amountsIn, uint256 minBPTAmountOut) = userData.exactTokensInForBptOut();
InputHelpers.ensureInputLengthMatch(balances.length, amountsIn.length);
// The user-provided amountsIn is unscaled, so we address that.
_upscaleArray(amountsIn, _dropBptItem(scalingFactors));
uint256 bptAmountOut = StableMath._calcBptOutGivenExactTokensIn(
currentAmp,
balances,
amountsIn,
actualSupply,
preJoinExitInvariant,
getSwapFeePercentage()
);
_require(bptAmountOut >= minBPTAmountOut, Errors.BPT_OUT_MIN_AMOUNT);
return (bptAmountOut, amountsIn);
}
/**
* @dev Single-token join, equivalent to swapping a pool token for BPT.
*/function_joinTokenInForExactBPTOut(uint256 actualSupply,
uint256 preJoinExitInvariant,
uint256 currentAmp,
uint256[] memory balances,
bytesmemory userData
) privateviewreturns (uint256, uint256[] memory) {
// Since this index is sent in from the user, we interpret it as NOT including the BPT token.
(uint256 bptAmountOut, uint256 tokenIndex) = userData.tokenInForExactBptOut();
// Note that there is no maximum amountIn parameter: this is handled by `IVault.joinPool`.// Balances are passed through from the Vault hook, and include BPT
_require(tokenIndex < balances.length, Errors.OUT_OF_BOUNDS);
// We join with a single token, so initialize amountsIn with zeros.uint256[] memory amountsIn =newuint256[](balances.length);
// And then assign the result to the selected token.
amountsIn[tokenIndex] = StableMath._calcTokenInGivenExactBptOut(
currentAmp,
balances,
tokenIndex,
bptAmountOut,
actualSupply,
preJoinExitInvariant,
getSwapFeePercentage()
);
return (bptAmountOut, amountsIn);
}
// Exit Hooks/**
* @dev Support single- and multi-token exits, plus explicit proportional exits (in addition to the
* recovery mode exit).
*/function_doExit(uint256[] memory balances,
uint256 currentAmp,
uint256 preJoinExitSupply,
uint256 preJoinExitInvariant,
uint256[] memory scalingFactors,
bytesmemory userData
) internalviewreturns (uint256, uint256[] memory) {
StablePoolUserData.ExitKind kind = userData.exitKind();
if (kind == StablePoolUserData.ExitKind.BPT_IN_FOR_EXACT_TOKENS_OUT) {
return
_exitBPTInForExactTokensOut(
preJoinExitSupply,
preJoinExitInvariant,
currentAmp,
balances,
scalingFactors,
userData
);
} elseif (kind == StablePoolUserData.ExitKind.EXACT_BPT_IN_FOR_ALL_TOKENS_OUT) {
return _exitExactBPTInForTokensOut(preJoinExitSupply, balances, userData);
} elseif (kind == StablePoolUserData.ExitKind.EXACT_BPT_IN_FOR_ONE_TOKEN_OUT) {
return _exitExactBPTInForTokenOut(preJoinExitSupply, preJoinExitInvariant, currentAmp, balances, userData);
} else {
_revert(Errors.UNHANDLED_EXIT_KIND);
}
}
/**
* @dev Proportional exit. Pays no swap fees. This is functionally equivalent to the recovery mode exit,
* except this doesn't skip protocol fee collection, calling rate providers, etc., and doesn't require
* recovery mode to be enabled.
*/function_exitExactBPTInForTokensOut(uint256 actualSupply,
uint256[] memory balances,
bytesmemory userData
) privatepurereturns (uint256, uint256[] memory) {
uint256 bptAmountIn = userData.exactBptInForTokensOut();
uint256[] memory amountsOut = _computeProportionalAmountsOut(balances, actualSupply, bptAmountIn);
return (bptAmountIn, amountsOut);
}
/**
* @dev Multi-token exit. Proportional exits will pay no protocol fees.
*/function_exitBPTInForExactTokensOut(uint256 actualSupply,
uint256 preJoinExitInvariant,
uint256 currentAmp,
uint256[] memory balances,
uint256[] memory scalingFactors,
bytesmemory userData
) privateviewreturns (uint256, uint256[] memory) {
(uint256[] memory amountsOut, uint256 maxBPTAmountIn) = userData.bptInForExactTokensOut();
InputHelpers.ensureInputLengthMatch(amountsOut.length, balances.length);
// The user-provided amountsIn is unscaled, so we address that.
_upscaleArray(amountsOut, _dropBptItem(scalingFactors));
uint256 bptAmountIn = StableMath._calcBptInGivenExactTokensOut(
currentAmp,
balances,
amountsOut,
actualSupply,
preJoinExitInvariant,
getSwapFeePercentage()
);
_require(bptAmountIn <= maxBPTAmountIn, Errors.BPT_IN_MAX_AMOUNT);
return (bptAmountIn, amountsOut);
}
/**
* @dev Single-token exit, equivalent to swapping BPT for a pool token.
*/function_exitExactBPTInForTokenOut(uint256 actualSupply,
uint256 preJoinExitInvariant,
uint256 currentAmp,
uint256[] memory balances,
bytesmemory userData
) privateviewreturns (uint256, uint256[] memory) {
// Since this index is sent in from the user, we interpret it as NOT including the BPT token
(uint256 bptAmountIn, uint256 tokenIndex) = userData.exactBptInForTokenOut();
// Note that there is no minimum amountOut parameter: this is handled by `IVault.exitPool`.
_require(tokenIndex < balances.length, Errors.OUT_OF_BOUNDS);
// We exit in a single token, so initialize amountsOut with zerosuint256[] memory amountsOut =newuint256[](balances.length);
// And then assign the result to the selected token.
amountsOut[tokenIndex] = StableMath._calcTokenOutGivenExactBptIn(
currentAmp,
balances,
tokenIndex,
bptAmountIn,
actualSupply,
preJoinExitInvariant,
getSwapFeePercentage()
);
return (bptAmountIn, amountsOut);
}
/**
* @dev We cannot use the default RecoveryMode implementation here, since we need to account for the BPT token.
*/function_doRecoveryModeExit(uint256[] memory registeredBalances,
uint256,
bytesmemory userData
) internalvirtualoverridereturns (uint256, uint256[] memory) {
// Since this Pool uses preminted BPT, we need to replace the total supply with the virtual total supply, and// adjust the balances array by removing BPT from it.// Note that we don't compute the actual supply, which would require a lot of complex calculations and// interactions with external components. This is fine because virtual and actual supply are the same while// recovery mode is enabled (since all protocol fees are forfeit and the fee percentages zeroed out).
(uint256 virtualSupply, uint256[] memory balances) = _dropBptItemFromBalances(registeredBalances);
(uint256 bptAmountIn, uint256[] memory amountsOut) =super._doRecoveryModeExit(
balances,
virtualSupply,
userData
);
// The vault requires an array including BPT, so add it back in here.return (bptAmountIn, _addBptItem(amountsOut, 0));
}
// BPT rate/**
* Many functions require accessing multiple internal values that might at first seem unrelated, but are actually
* quite intertwined, and computed at the same time for optimal performance (since calculating some of them also
* yields intermediate results useful for other queries). This helper function returns many of these values,
* greatly reducing bytecode size.
*
* The return values are:
* @return balances - The current upscaled token balances (not including BPT)
* @return virtualSupply - The Pool's virtual supply
* @return protocolFeeAmount - The amount of unpaid protocol fees in BPT
* @return lastJoinExitAmp - The Pool's amplification factor at the last join or exit operation
* @return currentInvariantWithLastJoinExitAmp - The invariant of the current balances, calculated using the
* amplification factor at the last join or exit operation.
*/function_getSupplyAndFeesData()
privateviewreturns (uint256[] memory balances,
uint256 virtualSupply,
uint256 protocolFeeAmount,
uint256 lastJoinExitAmp,
uint256 currentInvariantWithLastJoinExitAmp
)
{
// First we query the Vault for current registered balances (which includes preminted BPT), to then calculate// the current scaled balances and virtual supply.
(, uint256[] memory registeredBalances, ) = getVault().getPoolTokens(getPoolId());
_upscaleArray(registeredBalances, _scalingFactors());
(virtualSupply, balances) = _dropBptItemFromBalances(registeredBalances);
// Now we need to calculate any BPT due in the form of protocol fees. This requires data from the last join or// exit operation. `lastJoinExitAmp` can be useful in the scenario in which the amplification factor has not// changed, meaning this old value is equal to the current value.uint256 lastPostJoinExitInvariant;
(lastJoinExitAmp, lastPostJoinExitInvariant) = getLastJoinExitData();
// Computing the protocol ownership percentage also yields the invariant using the old amplification factor. If// it has not changed, then this is also the current invariant.uint256 expectedProtocolOwnershipPercentage;
(
expectedProtocolOwnershipPercentage,
currentInvariantWithLastJoinExitAmp
) = _getProtocolPoolOwnershipPercentage(balances, lastJoinExitAmp, lastPostJoinExitInvariant);
protocolFeeAmount = ProtocolFees.bptForPoolOwnershipPercentage(
virtualSupply,
expectedProtocolOwnershipPercentage
);
}
/**
* @dev This function returns the appreciation of BPT relative to the underlying tokens, as an 18 decimal fixed
* point number. It is simply the ratio of the invariant to the BPT supply.
*
* The total supply is initialized to equal the invariant, so this value starts at one. During Pool operation the
* invariant always grows and shrinks either proportionally to the total supply (in scenarios with no price impact,
* e.g. proportional joins), or grows faster and shrinks more slowly than it (whenever swap fees are collected or
* the token rates increase). Therefore, the rate is a monotonically increasing function.
*
* WARNING: since this function reads balances directly from the Vault, it is potentially subject to manipulation
* via reentrancy if called within a Vault context (i.e. in the middle of a join or an exit). It is up to the
* caller to ensure that the function is safe to call.
*
* This may happen e.g. if one of the tokens in the Pool contains some form of callback behavior in the
* `transferFrom` function (like ERC777 tokens do). These tokens are strictly incompatible with the
* Vault and Pool design, and are not safe to be used.
*
* There are also other situations where calling this function is unsafe. See
* https://forum.balancer.fi/t/reentrancy-vulnerability-scope-expanded/4345 for reference.
*
* To call this function safely, attempt to trigger the reentrancy guard in the Vault by calling a non-reentrant
* function before calling `getRate`. That will make the transaction revert in an unsafe context.
* (See `whenNotInVaultContext` in `ComposableStablePoolRates`).
*/functiongetRate() externalviewvirtualoverridereturns (uint256) {
// We need to compute the current invariant and actual total supply. The latter includes protocol fees that have// accrued but are not yet minted: in calculating these we'll actually end up fetching most of the data we need// for the invariant.
(
uint256[] memory balances,
uint256 virtualSupply,
uint256 protocolFeeAmount,
uint256 lastJoinExitAmp,
uint256 currentInvariantWithLastJoinExitAmp
) = _getSupplyAndFeesData();
// Due protocol fees will be minted at the next join or exit, so we can simply add them to the current virtual// supply to get the actual supply.uint256 actualTotalSupply = virtualSupply.add(protocolFeeAmount);
// All that's missing now is the invariant. We have the balances required to calculate it already, but still// need the current amplification factor.
(uint256 currentAmp, ) = _getAmplificationParameter();
// It turns out that the process for due protocol fee calculation involves computing the current invariant,// except using the amplification factor at the last join or exit. This would typically not be terribly useful,// but since the amplification factor only changes rarely there is high probability of its current value being// the same as it was in the last join or exit. If that is the case, then we can skip the costly invariant// computation altogether.uint256 currentInvariant = (currentAmp == lastJoinExitAmp)
? currentInvariantWithLastJoinExitAmp
: StableMath._calculateInvariant(currentAmp, balances);
// With the current invariant and actual total supply, we can compute the rate as a fixed-point number.return currentInvariant.divDown(actualTotalSupply);
}
/**
* @dev Returns the effective BPT supply.
*
* In other pools, this would be the same as `totalSupply`, but there are two key differences here:
* - this pool pre-mints BPT and holds it in the Vault as a token, and as such we need to subtract the Vault's
* balance to get the total "circulating supply". This is called the 'virtualSupply'.
* - the Pool owes debt to the Protocol in the form of unminted BPT, which will be minted immediately before the
* next join or exit. We need to take these into account since, even if they don't yet exist, they will
* effectively be included in any Pool operation that involves BPT.
*
* In the vast majority of cases, this function should be used instead of `totalSupply()`.
*
* **IMPORTANT NOTE**: calling this function within a Vault context (i.e. in the middle of a join or an exit) is
* potentially unsafe, since the returned value is manipulable. It is up to the caller to ensure safety.
*
* This is because this function calculates the invariant, which requires the state of the pool to be in sync
* with the state of the Vault. That condition may not be true in the middle of a join or an exit.
*
* To call this function safely, attempt to trigger the reentrancy guard in the Vault by calling a non-reentrant
* function before calling `getActualSupply`. That will make the transaction revert in an unsafe context.
* (See `whenNotInVaultContext` in `ComposableStablePoolRates`).
*
* See https://forum.balancer.fi/t/reentrancy-vulnerability-scope-expanded/4345 for reference.
*/functiongetActualSupply() externalviewreturns (uint256) {
(, uint256 virtualSupply, uint256 protocolFeeAmount, , ) = _getSupplyAndFeesData();
return virtualSupply.add(protocolFeeAmount);
}
/**
* @dev This function will revert when called within a Vault context (i.e. in the middle of a join or an exit).
*
* This function depends on the invariant value, which may be calculated incorrectly in the middle of a join or
* an exit, because the state of the pool could be out of sync with the state of the Vault. The modifier
* `whenNotInVaultContext` prevents calling this function (and in turn, the external
* `updateProtocolFeePercentageCache`) in such a context.
*
* See https://forum.balancer.fi/t/reentrancy-vulnerability-scope-expanded/4345 for reference.
*/function_beforeProtocolFeeCacheUpdate() internaloverridewhenNotInVaultContext{
// The `getRate()` function depends on the actual supply, which in turn depends on the cached protocol fee// percentages. Changing these would therefore result in the rate changing, which is not acceptable as this is a// sensitive value.// Because of this, we pay any due protocol fees *before* updating the cache, making it so that the new// percentages only affect future operation of the Pool, and not past fees. As a result, `getRate()` is// unaffected by the cached protocol fee percentages changing.// Given that this operation is state-changing and relatively complex, we only allow it as long as the Pool is// not paused.
_ensureNotPaused();
// We need to calculate the amount of unminted BPT that represents protocol fees to then pay those. This yields// some auxiliary values that turn out to also be useful for the rest of the tasks we want to perform.
(
uint256[] memory balances,
,
uint256 protocolFeeAmount,
uint256 lastJoinExitAmp,
uint256 currentInvariantWithLastJoinExitAmp
) = _getSupplyAndFeesData();
if (protocolFeeAmount >0) {
_payProtocolFees(protocolFeeAmount);
}
// With the fees paid, we now need to calculate the current invariant so we can store it alongside the current// amplification factor, marking the Pool as free of protocol debt.
(uint256 currentAmp, ) = _getAmplificationParameter();
// It turns out that the process for due protocol fee calculation involves computing the current invariant,// except using the amplification factor at the last join or exit. This would typically not be terribly useful,// but since the amplification factor only changes rarely there is high probability of its current value being// the same as it was in the last join or exit. If that is the case, then we can skip the costly invariant// computation altogether.uint256 currentInvariant = (currentAmp == lastJoinExitAmp)
? currentInvariantWithLastJoinExitAmp
: StableMath._calculateInvariant(currentAmp, balances);
_updatePostJoinExit(currentAmp, currentInvariant);
}
/**
* @dev This function will revert when called within a Vault context (i.e. in the middle of a join or an exit).
*
* This function depends on the invariant value, which may be calculated incorrectly in the middle of a join or
* an exit, because the state of the pool could be out of sync with the state of the Vault.
*
* The modifier `whenNotInVaultContext` prevents calling this function (and in turn, the external
* `disableRecoveryMode`) in such a context.
*
* See https://forum.balancer.fi/t/reentrancy-vulnerability-scope-expanded/4345 for reference.
*/function_onDisableRecoveryMode() internaloverridewhenNotInVaultContext{
// Enabling recovery mode short-circuits protocol fee computations, forcefully returning a zero percentage,// increasing the return value of `getRate()` and effectively forfeiting due protocol fees.// Therefore, when exiting recovery mode we store the current invariant and the amplification factor used to// compute it, marking the Pool as free of protocol debt. Otherwise it'd be possible for debt to be// retroactively accrued, which would be incorrect and could lead to the value of `getRate` decreasing.
(, uint256[] memory registeredBalances, ) = getVault().getPoolTokens(getPoolId());
_upscaleArray(registeredBalances, _scalingFactors());
uint256[] memory balances = _dropBptItem(registeredBalances);
(uint256 currentAmp, ) = _getAmplificationParameter();
uint256 currentInvariant = StableMath._calculateInvariant(currentAmp, balances);
_updatePostJoinExit(currentAmp, currentInvariant);
}
// Helpers/**
* @dev Mutates `amounts` by applying `mutation` with each entry in `arguments`.
*
* Equivalent to `amounts = amounts.map(mutation)`.
*/function_mutateAmounts(uint256[] memory toMutate,
uint256[] memory arguments,
function(uint256, uint256) purereturns (uint256) mutation
) privatepure{
uint256 length = toMutate.length;
InputHelpers.ensureInputLengthMatch(length, arguments.length);
for (uint256 i =0; i < length; ++i) {
toMutate[i] = mutation(toMutate[i], arguments[i]);
}
}
// Permissioned functions/**
* @dev Inheritance rules still require us to override this in the most derived contract, even though
* it only calls super.
*/function_isOwnerOnlyAction(bytes32 actionId)
internalviewvirtualoverride(// Our inheritance pattern creates a small diamond that requires explicitly listing the parents here.// Each parent calls the `super` version, so linearization ensures all implementations are called.
BasePool,
ComposableStablePoolProtocolFees,
StablePoolAmplification,
ComposableStablePoolRates
)
returns (bool)
{
returnsuper._isOwnerOnlyAction(actionId);
}
}
Contract Source Code
File 9 of 52: ComposableStablePoolProtocolFees.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;pragmaexperimentalABIEncoderV2;import"@balancer-labs/v2-solidity-utils/contracts/math/FixedPoint.sol";
import"@balancer-labs/v2-solidity-utils/contracts/helpers/WordCodec.sol";
import"@balancer-labs/v2-pool-utils/contracts/protocol-fees/ProtocolFeeCache.sol";
import"@balancer-labs/v2-pool-utils/contracts/protocol-fees/InvariantGrowthProtocolSwapFees.sol";
import"./ComposableStablePoolStorage.sol";
import"./ComposableStablePoolRates.sol";
import"./StableMath.sol";
abstractcontractComposableStablePoolProtocolFeesisComposableStablePoolStorage,
ComposableStablePoolRates,
ProtocolFeeCache{
usingFixedPointforuint256;
usingWordCodecforbytes32;
// To track protocol fees, we measure and store the value of the invariant after every join and exit.// All invariant growth that happens between join and exit events is due to swap fees and yield.// For selected tokens, we exclude the yield portion from the computation.// Because the invariant depends on the amplification parameter, and this value may change over time, we should only// compare invariants that were computed using the same value. We therefore store both values together.//// These values reside in the same storage slot. The amplification factor is bound by _MAX_AMP * _AMP_PRECISION, or// 5e6, which fits in 23 bits. We use all remaining bits for the invariant: this is more than enough, as the// invariant is proportional to the total supply, which is capped at 112 bits.// The data structure is as follows://// [ last join-exit amplification | last post join-exit invariant ]// [ 23 bits | 233 bits ]bytes32private _lastJoinExitData;
uint256privateconstant _LAST_POST_JOIN_EXIT_INVARIANT_OFFSET =0;
uint256privateconstant _LAST_POST_JOIN_EXIT_INVARIANT_SIZE =233;
uint256privateconstant _LAST_JOIN_EXIT_AMPLIFICATION_OFFSET = _LAST_POST_JOIN_EXIT_INVARIANT_OFFSET +
_LAST_POST_JOIN_EXIT_INVARIANT_SIZE;
uint256privateconstant _LAST_JOIN_EXIT_AMPLIFICATION_SIZE =23;
/**
* @dev Calculates due protocol fees originating from accumulated swap fees and yield of non-exempt tokens, pays
* them by minting BPT, and returns the actual supply and current balances.
*
* We also return the current invariant computed using the amplification factor at the last join or exit, which can
* be useful to skip computations in scenarios where the amplification factor is not changing.
*/function_payProtocolFeesBeforeJoinExit(uint256[] memory registeredBalances,
uint256 lastJoinExitAmp,
uint256 lastPostJoinExitInvariant
)
internalreturns (uint256,
uint256[] memory,
uint256)
{
(uint256 virtualSupply, uint256[] memory balances) = _dropBptItemFromBalances(registeredBalances);
// First, we'll compute what percentage of the Pool the protocol should own due to charging protocol fees on// swap fees and yield.
(
uint256 expectedProtocolOwnershipPercentage,
uint256 currentInvariantWithLastJoinExitAmp
) = _getProtocolPoolOwnershipPercentage(balances, lastJoinExitAmp, lastPostJoinExitInvariant);
// Now that we know what percentage of the Pool's current value the protocol should own, we can compute how// much BPT we need to mint to get to this state. Since we're going to mint BPT for the protocol, the value// of each BPT is going to be reduced as all LPs get diluted.uint256 protocolFeeAmount = ProtocolFees.bptForPoolOwnershipPercentage(
virtualSupply,
expectedProtocolOwnershipPercentage
);
if (protocolFeeAmount >0) {
_payProtocolFees(protocolFeeAmount);
}
// We pay fees before a join or exit to ensure the pool is debt-free. This increases the virtual supply (making// it match the actual supply).//// For this addition to overflow, `totalSupply` would also have already overflowed.return (virtualSupply + protocolFeeAmount, balances, currentInvariantWithLastJoinExitAmp);
}
function_getProtocolPoolOwnershipPercentage(uint256[] memory balances,
uint256 lastJoinExitAmp,
uint256 lastPostJoinExitInvariant
) internalviewreturns (uint256, uint256) {
// We compute three invariants, adjusting the balances of tokens that have rate providers by undoing the current// rate adjustment and then applying the old rate. This is equivalent to multiplying by old rate / current rate.//// In all cases we compute invariants with the last join-exit amplification factor, so that changes to the// amplification are not translated into changes to the invariant. Since amplification factor changes are both// infrequent and slow, they should have little effect on the pool balances, making this a very good// approximation.//// With this technique we obtain an invariant that does not include yield at all, meaning any growth will be due// exclusively to swap fees. We call this the 'swap fee growth invariant'.// A second invariant will exclude the yield of exempt tokens, and therefore include both swap fees and// non-exempt yield. This is called the 'non exempt growth invariant'.// Finally, a third invariant includes the yield of all tokens by using only the current rates. We call this the// 'total growth invariant', since it includes both swap fee growth, non-exempt yield growth and exempt yield// growth. If the last join-exit amplification equals the current one, this invariant equals the current// invariant.
(
uint256 swapFeeGrowthInvariant,
uint256 totalNonExemptGrowthInvariant,
uint256 totalGrowthInvariant
) = _getGrowthInvariants(balances, lastJoinExitAmp, lastPostJoinExitInvariant);
// By comparing the invariant increase attributable to each source of growth to the total growth invariant,// we can calculate how much of the current Pool value originates from that source, and then apply the// corresponding protocol fee percentage to that amount.// We have two sources of growth: swap fees, and non-exempt yield. As we illustrate graphically below://// growth due to swap fees = (swap fee growth invariant - last post join-exit invariant)// growth due to non-exempt yield = (non-exempt growth invariant - swap fee growth invariant)//// These can be converted to additive percentages by normalizing against the total growth invariant value:// growth due to swap fees / total growth invariant = % pool ownership due from swap fees// growth due to non-exempt yield / total growth invariant = % pool ownership due from non-exempt yield//// ┌───────────────────────┐ ──┐// │ exempt yield │ │ total growth invariant// ├───────────────────────┤ │ ──┐// │ non-exempt yield │ │ │ non-exempt growth invariant// ├───────────────────────┤ │ │ ──┐// │ swap fees │ │ │ │ swap fee growth invariant// ├───────────────────────┤ │ │ │ ──┐// │ original value │ │ │ │ │ last post join-exit invariant// └───────────────────────┘ ──┘ ──┘ ──┘ ──┘//// Each invariant should be larger than its precedessor. In case any rounding error results in them being// smaller, we adjust the subtraction to equal 0.// Note: in the unexpected scenario where the rates of the tokens shrink over time instead of growing (i.e. if// the yield is negative), the non-exempt growth invariant might actually be *smaller* than the swap fee growth// invariant, and the total growth invariant might be *smaller* than the non-exempt growth invariant. Depending// on the order in which swaps, joins/exits and rate changes happen, as well as their relative magnitudes, it is// possible for the Pool to either pay more or less protocol fees than it should.// This patched version handles these edge cases gracefully, as it 1) forcibly bounds the swap fee growth// invariant between the total growth and last post join-exit invariant; 2) enforces "all or nothing" exempt// flags, which constrains the non-exempt growth invariant to be equal to either the total growth or swap// fee growth invariant.//// Furthermore, the protocol ownership percentage is hard-coded to zero (so protocol fees will be zero),// if the total growth invariant has gone *down* since the last join or exit, which is possible if rates// declined. Together, these measures ensure protocol fee amounts will be bound by the non-manipulable// swap fee growth, or zero in any pathological situations.// If the total invariant decreased or stayed the same, there is no growth to split between swap and yield fees.if (totalGrowthInvariant <= lastPostJoinExitInvariant) {
return (0, totalGrowthInvariant);
}
// By now, the following inequality applies:// totalGrowthInvariant >= totalNonExemptGrowthInvariant >= swapFeeGrowthInvariant >= lastPostJoinExitInvariant// So these differences are safe to execute; their lower bound is 0 and they will not overflow.uint256 swapFeeGrowthInvariantDelta = swapFeeGrowthInvariant - lastPostJoinExitInvariant;
uint256 nonExemptYieldGrowthInvariantDelta = totalNonExemptGrowthInvariant - swapFeeGrowthInvariant;
// We can now derive what percentage of the Pool's total value each invariant delta represents by dividing by// the total growth invariant. These values, multiplied by the protocol fee percentage for each growth type,// represent the percentage of Pool ownership the protocol should have due to each source.uint256 protocolSwapFeePercentage = swapFeeGrowthInvariantDelta.divDown(totalGrowthInvariant).mulDown(
getProtocolFeePercentageCache(ProtocolFeeType.SWAP)
);
uint256 protocolYieldPercentage = nonExemptYieldGrowthInvariantDelta.divDown(totalGrowthInvariant).mulDown(
getProtocolFeePercentageCache(ProtocolFeeType.YIELD)
);
// These percentages can then be simply added to compute the total protocol Pool ownership percentage.// This is naturally bounded above by FixedPoint.ONE so this addition cannot overflow.return (protocolSwapFeePercentage + protocolYieldPercentage, totalGrowthInvariant);
}
/**
* @dev Returns total growth invariant and swap / yield invariant approximations.
* The calculated invariants are bounded such that:
*
* - if totalGrowthInvariant <= lastPostJoinExitInvariant, the total value has decreased, so we can skip all
* other invariant calculations and just return `totalGrowthInvariant` for all. Protocol fees should be zero
* in this case, so callers using this to compute fees must also check for this, and return zero for the
* protocol ownership percentage.
*
* - Otherwise, totalGrowthInvariant >= totalNonExemptGrowthInvariant >=
* swapFeeGrowthInvariant >= lastPostJoinExitInvariant
* This was previously an assumption, but is now ensured by the logic in this function.
*/function_getGrowthInvariants(uint256[] memory balances,
uint256 lastJoinExitAmp,
uint256 lastPostJoinExitInvariant
)
internalviewreturns (uint256 swapFeeGrowthInvariant,
uint256 totalNonExemptGrowthInvariant,
uint256 totalGrowthInvariant
)
{
// Total growth invariant is always calculated with the current (scaled / unadjusted) balances.
totalGrowthInvariant = StableMath._calculateInvariant(lastJoinExitAmp, balances);
// If total invariant decreased, calculating the other approximations is unnecessary.if (totalGrowthInvariant <= lastPostJoinExitInvariant) {
return (totalGrowthInvariant, totalGrowthInvariant, totalGrowthInvariant);
}
// Swap fee invariant is calculated with adjusted balances, to discount the yield.
swapFeeGrowthInvariant = StableMath._calculateInvariant(
lastJoinExitAmp,
_getAdjustedBalances(balances) // Adjust all token balances with rate providers.
);
// The `swapFeeGrowthInvariant` cannot ever be outside the bounds:// totalGrowthInvariant >= swapFeeGrowthInvariant >= lastPostJoinExitInvariant
swapFeeGrowthInvariant = Math.min(totalGrowthInvariant, swapFeeGrowthInvariant); // Set upper bound.
swapFeeGrowthInvariant = Math.max(lastPostJoinExitInvariant, swapFeeGrowthInvariant); // Set lower bound.// The only two accepted possibilities are either all tokens exempt, or none tokens exempt.// totalNonExemptGrowthInvariant will either be totalGrowthInvariant or swapFeeGrowthInvariant.// At this point,// - totalGrowthInvariant > lastPostJoinExitInvariant// - totalGrowthInvariant >= swapFeeGrowthInvariant >= lastPostJoinExitInvariant// So the complete inequality will apply by the end of this function:// totalGrowthInvariant >= totalNonExemptGrowthInvariant >= swapFeeGrowthInvariant >= lastPostJoinExitInvariantif (isExemptFromYieldProtocolFee()) {
// If no tokens are charged fees on yield, then the non-exempt growth is equal to the swap fee growth - no// yield fees will be collected.
totalNonExemptGrowthInvariant = swapFeeGrowthInvariant;
} else {
// If there are no tokens with fee-exempt yield, then the total non-exempt growth will equal the total// growth: all yield growth is non-exempt. There's also no point in adjusting balances, since we// already know none are exempt.
totalNonExemptGrowthInvariant = totalGrowthInvariant;
}
}
/**
* @dev Store the latest invariant based on the adjusted balances after the join or exit, using current rates.
* Also cache the amp factor, so that the invariant is not affected by amp updates between joins and exits.
*
* Pay protocol fees due on any current join or exit swap.
*/function_updateInvariantAfterJoinExit(uint256 currentAmp,
uint256[] memory balances,
uint256 preJoinExitInvariant,
uint256 preJoinExitSupply,
uint256 postJoinExitSupply
) internal{
// `_payProtocolFeesBeforeJoinExit` paid protocol fees accumulated between the previous and current// join or exit, while this code pays any protocol fees due on the current join or exit.// The amp and rates are constant during a single transaction, so it doesn't matter if there// is an ongoing amp change, and we can ignore yield.// Compute the growth ratio between the pre- and post-join/exit balances.// Note that the pre-join/exit invariant is *not* the invariant from the last join,// but computed from the balances before this particular join/exit.uint256 postJoinExitInvariant = StableMath._calculateInvariant(currentAmp, balances);
// Compute the portion of the invariant increase due to feesuint256 supplyGrowthRatio = postJoinExitSupply.divDown(preJoinExitSupply);
uint256 feelessInvariant = preJoinExitInvariant.mulDown(supplyGrowthRatio);
// The postJoinExitInvariant should always be greater than the feelessInvariant (since the invariant and total// supply move proportionally outside of fees, which the postJoinInvariant includes and the feelessInvariant// does not). However, in the unexpected case in which due to rounding errors this is not true, we simply skip// further computation of protocol fees.if (postJoinExitInvariant > feelessInvariant) {
uint256 invariantDeltaFromFees = postJoinExitInvariant - feelessInvariant;
// To convert to a percentage of pool ownership, multiply by the rate,// then normalize against the final invariantuint256 protocolOwnershipPercentage = Math.divDown(
Math.mul(invariantDeltaFromFees, getProtocolFeePercentageCache(ProtocolFeeType.SWAP)),
postJoinExitInvariant
);
if (protocolOwnershipPercentage >0) {
uint256 protocolFeeAmount = ProtocolFees.bptForPoolOwnershipPercentage(
postJoinExitSupply,
protocolOwnershipPercentage
);
_payProtocolFees(protocolFeeAmount);
}
}
_updatePostJoinExit(currentAmp, postJoinExitInvariant);
}
/**
* @dev Update the stored values of the amp and final post-join/exit invariant, to reset the basis for protocol
* swap fees. Also copy the current rates to the old rates, to establish the new protocol yield basis for protocol
* yield fees.
*/function_updatePostJoinExit(uint256 currentAmp, uint256 postJoinExitInvariant) internal{
_lastJoinExitData =
WordCodec.encodeUint(currentAmp, _LAST_JOIN_EXIT_AMPLIFICATION_OFFSET, _LAST_JOIN_EXIT_AMPLIFICATION_SIZE) |
WordCodec.encodeUint(
postJoinExitInvariant,
_LAST_POST_JOIN_EXIT_INVARIANT_OFFSET,
_LAST_POST_JOIN_EXIT_INVARIANT_SIZE
);
_updateOldRates();
}
/**
* @notice Return the amplification factor and invariant as of the most recent join or exit (including BPT swaps)
*/functiongetLastJoinExitData()
publicviewreturns (uint256 lastJoinExitAmplification, uint256 lastPostJoinExitInvariant)
{
bytes32 rawData = _lastJoinExitData;
lastJoinExitAmplification = rawData.decodeUint(
_LAST_JOIN_EXIT_AMPLIFICATION_OFFSET,
_LAST_JOIN_EXIT_AMPLIFICATION_SIZE
);
lastPostJoinExitInvariant = rawData.decodeUint(
_LAST_POST_JOIN_EXIT_INVARIANT_OFFSET,
_LAST_POST_JOIN_EXIT_INVARIANT_SIZE
);
}
/**
* @dev Inheritance rules still require us to override this in the most derived contract, even though
* it only calls super.
*/function_isOwnerOnlyAction(bytes32 actionId)
internalviewvirtualoverride(// Our inheritance pattern creates a small diamond that requires explicitly listing the parents here.// Each parent calls the `super` version, so linearization ensures all implementations are called.
BasePool,
BasePoolAuthorization,
ComposableStablePoolRates
)
returns (bool)
{
returnsuper._isOwnerOnlyAction(actionId);
}
}
Contract Source Code
File 10 of 52: ComposableStablePoolRates.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;import"@balancer-labs/v2-interfaces/contracts/solidity-utils/openzeppelin/IERC20.sol";
import"@balancer-labs/v2-interfaces/contracts/pool-utils/IRateProvider.sol";
import"@balancer-labs/v2-solidity-utils/contracts/helpers/ERC20Helpers.sol";
import"@balancer-labs/v2-solidity-utils/contracts/helpers/InputHelpers.sol";
import"@balancer-labs/v2-pool-utils/contracts/rates/PriceRateCache.sol";
import"./ComposableStablePoolStorage.sol";
abstractcontractComposableStablePoolRatesisComposableStablePoolStorage{
usingPriceRateCacheforbytes32;
usingFixedPointforuint256;
structRatesParams {
IERC20[] tokens;
IRateProvider[] rateProviders;
uint256[] tokenRateCacheDurations;
}
// Token rate caches are used to avoid querying the price rate for a token every time we need to work with it.// The "old rate" field is used for precise protocol fee calculation, to ensure that token yield is only// "taxed" once. The data structure is as follows://// [ expires | duration | old rate | current rate ]// [ uint32 | uint32 | uint96 | uint96 ]// Since we never need just one cache but all of them at once, instead of making the mapping go from token address// to cache, we go from token index (including BPT), i.e. an array. We use a mapping however instead of a native// array to skip the extra read associated with the out-of-bounds check, as we have cheaper ways to guarantee the// indices are valid.mapping(uint256=>bytes32) internal _tokenRateCaches;
eventTokenRateCacheUpdated(uint256indexed tokenIndex, uint256 rate);
eventTokenRateProviderSet(uint256indexed tokenIndex, IRateProvider indexed provider, uint256 cacheDuration);
constructor(RatesParams memory rateParams) {
InputHelpers.ensureInputLengthMatch(
rateParams.tokens.length,
rateParams.rateProviders.length,
rateParams.tokenRateCacheDurations.length
);
IERC20[] memory registeredTokens = _insertSorted(rateParams.tokens, IERC20(this));
uint256 bptIndex;
for (
bptIndex = registeredTokens.length-1;
bptIndex >0&& registeredTokens[bptIndex] > IERC20(this);
bptIndex--
) {
// solhint-disable-previous-line no-empty-blocks
}
uint256 skipBpt =0;
for (uint256 i =0; i < rateParams.tokens.length; i++) {
if (i == bptIndex) {
skipBpt =1;
}
uint256 k = i + skipBpt;
if (rateParams.rateProviders[i] != IRateProvider(0)) {
_updateTokenRateCache(k, rateParams.rateProviders[i], rateParams.tokenRateCacheDurations[i]);
emit TokenRateProviderSet(k, rateParams.rateProviders[i], rateParams.tokenRateCacheDurations[i]);
// Initialize the old rates as well, in case they are referenced before the first join.
_updateOldRate(k);
}
}
}
/**
* @dev Ensure we are not in a Vault context when this function is called, by attempting a no-op internal
* balance operation. If we are already in a Vault transaction (e.g., a swap, join, or exit), the Vault's
* reentrancy protection will cause this function to revert.
*
* The exact function call doesn't really matter: we're just trying to trigger the Vault reentrancy check
* (and not hurt anything in case it works). An empty operation array with no specific operation at all works
* for that purpose, and is also the least expensive in terms of gas and bytecode size.
*
* Use this modifier with any function that can cause a state change in a pool and is either public itself,
* or called by a public function *outside* a Vault operation (e.g., join, exit, or swap).
* See https://forum.balancer.fi/t/reentrancy-vulnerability-scope-expanded/4345 for reference.
*/modifierwhenNotInVaultContext() {
_ensureNotInVaultContext();
_;
}
/**
* @dev Reverts if called in the middle of a Vault operation; has no effect otherwise.
*/function_ensureNotInVaultContext() private{
IVault.UserBalanceOp[] memory noop =new IVault.UserBalanceOp[](0);
getVault().manageUserBalance(noop);
}
/**
* @dev Updates the old rate for the token at `index` (including BPT). Assumes `index` is valid.
*/function_updateOldRate(uint256 index) internal{
bytes32 cache = _tokenRateCaches[index];
_tokenRateCaches[index] = cache.updateOldRate();
}
/**
* @dev Returns the rate for a given token. All token rates are fixed-point values with 18 decimals.
* If there is no rate provider for the provided token, it returns FixedPoint.ONE.
*/functiongetTokenRate(IERC20 token) externalviewreturns (uint256) {
return _getTokenRate(_getTokenIndex(token));
}
function_getTokenRate(uint256 index) internalviewvirtualreturns (uint256) {
// We optimize for the scenario where all tokens have rate providers, except the BPT (which never has a rate// provider). Therefore, we return early if `token` is the BPT, and otherwise optimistically read the cache// expecting that it will not be empty (instead of e.g. fetching the provider to avoid a cache read, since// we don't need the provider at all).if (index == getBptIndex()) {
return FixedPoint.ONE;
}
bytes32 tokenRateCache = _tokenRateCaches[index];
return tokenRateCache ==bytes32(0) ? FixedPoint.ONE : tokenRateCache.getCurrentRate();
}
/**
* @dev Returns the cached value for token's rate. Reverts if the token doesn't belong to the pool or has no rate
* provider.
*/functiongetTokenRateCache(IERC20 token)
externalviewreturns (uint256 rate,
uint256 oldRate,
uint256 duration,
uint256 expires
)
{
bytes32 cache = _tokenRateCaches[_getTokenIndex(token)];
// A zero cache indicates that the token doesn't have a rate provider associated with it.
_require(cache !=bytes32(0), Errors.TOKEN_DOES_NOT_HAVE_RATE_PROVIDER);
rate = cache.getCurrentRate();
oldRate = cache.getOldRate();
(duration, expires) = cache.getTimestamps();
}
/**
* @dev Sets a new duration for a token rate cache.
* Note this function also updates the current cached value.
*
* This function will revert when called within a Vault context (i.e. in the middle of a join or an exit).
*
* This function depends on `getRate` via the rate provider, which may be calculated incorrectly in the middle of a
* join or an exit because the state of the pool could be out of sync with the state of the Vault.
*
* It will also revert if there was no rate provider set initially.
*
* See https://forum.balancer.fi/t/reentrancy-vulnerability-scope-expanded/4345 for reference.
*
* @param duration Number of seconds until the current token rate is fetched again.
*/functionsetTokenRateCacheDuration(IERC20 token, uint256 duration) externalauthenticatewhenNotInVaultContext{
uint256 index = _getTokenIndex(token);
IRateProvider provider = _getRateProvider(index);
_require(address(provider) !=address(0), Errors.TOKEN_DOES_NOT_HAVE_RATE_PROVIDER);
_updateTokenRateCache(index, provider, duration);
emit TokenRateProviderSet(index, provider, duration);
}
/**
* @dev Forces a rate cache hit for a token.
*
* This function will revert when called within a Vault context (i.e. in the middle of a join or an exit).
*
* This function depends on `getRate` via the rate provider, which may be calculated incorrectly in the middle of a
* join or an exit because the state of the pool could be out of sync with the state of the Vault.
*
* It will also revert if the requested token does not have an associated rate provider.
*
* See https://forum.balancer.fi/t/reentrancy-vulnerability-scope-expanded/4345 for reference.
*/functionupdateTokenRateCache(IERC20 token) externalwhenNotInVaultContext{
uint256 index = _getTokenIndex(token);
IRateProvider provider = _getRateProvider(index);
_require(address(provider) !=address(0), Errors.TOKEN_DOES_NOT_HAVE_RATE_PROVIDER);
uint256 duration = _tokenRateCaches[index].getDuration();
_updateTokenRateCache(index, provider, duration);
}
/**
* @dev Internal function to update a token rate cache for a known provider and duration.
* It trusts the given values, and does not perform any checks.
*/function_updateTokenRateCache(uint256 index,
IRateProvider provider,
uint256 duration
) internalvirtual{
uint256 rate = provider.getRate();
bytes32 cache = _tokenRateCaches[index];
_tokenRateCaches[index] = cache.updateRateAndDuration(rate, duration);
emit TokenRateCacheUpdated(index, rate);
}
/**
* @dev Caches the rates of all tokens if necessary
*/function_cacheTokenRatesIfNecessary() internal{
uint256 totalTokens = _getTotalTokens();
for (uint256 i =0; i < totalTokens; ++i) {
_cacheTokenRateIfNecessary(i);
}
}
/**
* @dev Caches the rate for a token if necessary. It ignores the call if there is no provider set.
*/function_cacheTokenRateIfNecessary(uint256 index) internal{
// We optimize for the scenario where all tokens have rate providers, except the BPT (which never has a rate// provider). Therefore, we return early if token is BPT, and otherwise optimistically read the cache expecting// that it will not be empty (instead of e.g. fetching the provider to avoid a cache read in situations where// we might not need the provider if the cache is still valid).if (index == getBptIndex()) return;
bytes32 cache = _tokenRateCaches[index];
if (cache !=bytes32(0)) {
(uint256 duration, uint256 expires) = cache.getTimestamps();
if (block.timestamp> expires) {
// solhint-disable-previous-line not-rely-on-time
_updateTokenRateCache(index, _getRateProvider(index), duration);
}
}
}
// To compute the yield protocol fees, we need the oldRate for all tokens, even if the exempt flag is not set.// We do need to ensure the token has a rate provider before updating; otherwise it will not be in the cache.function_updateOldRates() internal{
uint256 totalTokens = _getTotalTokens();
for (uint256 i =0; i < totalTokens; ++i) {
if (_hasRateProvider(i)) _updateOldRate(i);
}
}
/**
* @dev Apply the token ratios to a set of balances, only if they have a rate provider.
* The `balances` array is assumed to not include BPT to ensure that token indices align.
*/function_getAdjustedBalances(uint256[] memory balances) internalviewreturns (uint256[] memory) {
uint256 totalTokensWithoutBpt = balances.length;
uint256[] memory adjustedBalances =newuint256[](totalTokensWithoutBpt);
for (uint256 i =0; i < totalTokensWithoutBpt; ++i) {
uint256 skipBptIndex = i >= getBptIndex() ? i +1 : i;
adjustedBalances[i] = _hasRateProvider(skipBptIndex)
? _adjustedBalance(balances[i], _tokenRateCaches[skipBptIndex])
: balances[i];
}
return adjustedBalances;
}
// Compute balance * oldRate/currentRate, doing division last to minimize rounding error.function_adjustedBalance(uint256 balance, bytes32 cache) privatepurereturns (uint256) {
return Math.divDown(Math.mul(balance, cache.getOldRate()), cache.getCurrentRate());
}
// Scaling Factors/**
* @dev Overrides scaling factor getter to compute the tokens' rates.
*/function_scalingFactors() internalviewvirtualoverridereturns (uint256[] memory) {
// There is no need to check the arrays length since both are based on `_getTotalTokens`uint256 totalTokens = _getTotalTokens();
uint256[] memory scalingFactors =newuint256[](totalTokens);
for (uint256 i =0; i < totalTokens; ++i) {
scalingFactors[i] = _getScalingFactor(i).mulDown(_getTokenRate(i));
}
return scalingFactors;
}
/**
* @dev Overrides only owner action to allow setting the cache duration for the token rates
*/function_isOwnerOnlyAction(bytes32 actionId) internalviewvirtualoverridereturns (bool) {
return (actionId == getActionId(this.setTokenRateCacheDuration.selector)) ||super._isOwnerOnlyAction(actionId);
}
}
Contract Source Code
File 11 of 52: ComposableStablePoolStorage.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;import"@balancer-labs/v2-interfaces/contracts/solidity-utils/helpers/BalancerErrors.sol";
import"@balancer-labs/v2-interfaces/contracts/solidity-utils/openzeppelin/IERC20.sol";
import"@balancer-labs/v2-interfaces/contracts/pool-utils/IRateProvider.sol";
import"@balancer-labs/v2-pool-utils/contracts/BasePool.sol";
import"./StableMath.sol";
abstractcontractComposableStablePoolStorageisBasePool{
usingFixedPointforuint256;
usingWordCodecforbytes32;
structStorageParams {
IERC20[] registeredTokens;
IRateProvider[] tokenRateProviders;
bool exemptFromYieldProtocolFeeFlag;
}
// This minimum refers not to the total tokens, but rather to the non-BPT tokens. The minimum value for _totalTokens// is therefore _MIN_NON_BPT_TOKENS + 1.uint256privateconstant _MIN_NON_BPT_TOKENS =2;
// The Pool will register n+1 tokens, where n are the actual tokens in the Pool, and the other one is the BPT// itself.uint256privateimmutable _totalTokens;
// The index of BPT in the tokens and balances arrays, i.e. its index when calling IVault.registerTokens().uint256privateimmutable _bptIndex;
// These are the registered tokens: one of them will be the BPT.
IERC20 privateimmutable _token0;
IERC20 privateimmutable _token1;
IERC20 privateimmutable _token2;
IERC20 privateimmutable _token3;
IERC20 privateimmutable _token4;
IERC20 privateimmutable _token5;
// All token balances are normalized to behave as if the token had 18 decimals. We assume a token's decimals will// not change throughout its lifetime, and store the corresponding scaling factor for each at construction time.// These factors are always greater than or equal to one: tokens with more than 18 decimals are not supported.uint256internalimmutable _scalingFactor0;
uint256internalimmutable _scalingFactor1;
uint256internalimmutable _scalingFactor2;
uint256internalimmutable _scalingFactor3;
uint256internalimmutable _scalingFactor4;
uint256internalimmutable _scalingFactor5;
// Rate Providers accommodate tokens with a known price ratio, such as Compound's cTokens.
IRateProvider internalimmutable _rateProvider0;
IRateProvider internalimmutable _rateProvider1;
IRateProvider internalimmutable _rateProvider2;
IRateProvider internalimmutable _rateProvider3;
IRateProvider internalimmutable _rateProvider4;
IRateProvider internalimmutable _rateProvider5;
// This is a bitmap which allows querying whether a token at a particular index:// - has a rate provider associated with it.// - is exempt from yield protocol fees.// This is required as the data stored in this bitmap is computed from values in immutable storage,// without this bitmap we would have to manually search through token by token to reach these values.// The data structure is as follows://// [ unused | rate provider flags | exemption flags ]// [ 244 bits | 6 bits | 6 bits ]bytes32privateimmutable _rateProviderInfoBitmap;
// Indicates whether all the tokens from the pool are exempt from yield protocol fee or not.boolprivateimmutable _exemptFromYieldProtocolFee;
uint256privateconstant _RATE_PROVIDER_FLAGS_OFFSET =6;
constructor(StorageParams memory params) {
// BasePool checks that the Pool has at least two tokens, but since one of them is the BPT (this contract), we// need to check ourselves that there are at least creator-supplied tokens (i.e. the minimum number of total// tokens for this contract is actually three, including the BPT).uint256 totalTokens = params.registeredTokens.length;
_require(totalTokens > _MIN_NON_BPT_TOKENS, Errors.MIN_TOKENS);
InputHelpers.ensureInputLengthMatch(totalTokens -1, params.tokenRateProviders.length);
_totalTokens = totalTokens;
// Immutable variables cannot be initialized inside an if statement, so we must do conditional assignments
_token0 = params.registeredTokens[0];
_token1 = params.registeredTokens[1];
_token2 = params.registeredTokens[2];
_token3 = totalTokens >3 ? params.registeredTokens[3] : IERC20(0);
_token4 = totalTokens >4 ? params.registeredTokens[4] : IERC20(0);
_token5 = totalTokens >5 ? params.registeredTokens[5] : IERC20(0);
_scalingFactor0 = _computeScalingFactor(params.registeredTokens[0]);
_scalingFactor1 = _computeScalingFactor(params.registeredTokens[1]);
_scalingFactor2 = _computeScalingFactor(params.registeredTokens[2]);
_scalingFactor3 = totalTokens >3 ? _computeScalingFactor(params.registeredTokens[3]) : 0;
_scalingFactor4 = totalTokens >4 ? _computeScalingFactor(params.registeredTokens[4]) : 0;
_scalingFactor5 = totalTokens >5 ? _computeScalingFactor(params.registeredTokens[5]) : 0;
// The Vault keeps track of all Pool tokens in a specific order: we need to know what the index of BPT is in// this ordering to be able to identify it when balances arrays are received. Since the tokens array is sorted,// we need to find the correct BPT index in the array returned by `_insertSorted()`.// See `IVault.getPoolTokens()` for more information regarding token ordering.uint256 bptIndex;
for (
bptIndex = params.registeredTokens.length-1;
bptIndex >0&& params.registeredTokens[bptIndex] > IERC20(this);
bptIndex--
) {
// solhint-disable-previous-line no-empty-blocks
}
_bptIndex = bptIndex;
// The rate providers are stored as immutable state variables, and for simplicity when accessing those we'll// reference them by token index in the full base tokens plus BPT set (i.e. the tokens the Pool registers). Due// to immutable variables requiring an explicit assignment instead of defaulting to an empty value, it is// simpler to create a new memory array with the values we want to assign to the immutable state variables.
IRateProvider[] memory rateProviders =new IRateProvider[](params.registeredTokens.length);
bytes32 rateProviderInfoBitmap;
// The exemptFromYieldFlag should never be set on a token without a rate provider.// This would cause division by zero errors downstream.for (uint256 i =0; i < params.registeredTokens.length; ++i) {
if (i < bptIndex) {
rateProviders[i] = params.tokenRateProviders[i];
} elseif (i != bptIndex) {
rateProviders[i] = params.tokenRateProviders[i -1];
} else {
// do nothing for i == bptIndexcontinue;
}
// Store whether token has rate provider
rateProviderInfoBitmap = rateProviderInfoBitmap.insertBool(
rateProviders[i] != IRateProvider(0),
_RATE_PROVIDER_FLAGS_OFFSET + i
);
// Store whether token is exempt from yield fees (only with rate providers).if (params.exemptFromYieldProtocolFeeFlag && rateProviders[i] != IRateProvider(0)) {
rateProviderInfoBitmap = rateProviderInfoBitmap.insertBool(true, i);
}
}
// Either all tokens are exempt, or none of them are. This is defined by the input parameter.
_exemptFromYieldProtocolFee = params.exemptFromYieldProtocolFeeFlag;
// Immutable variables cannot be initialized inside an if statement, so we must do conditional assignments
_rateProvider0 = rateProviders[0];
_rateProvider1 = rateProviders[1];
_rateProvider2 = rateProviders[2];
_rateProvider3 = (rateProviders.length>3) ? rateProviders[3] : IRateProvider(0);
_rateProvider4 = (rateProviders.length>4) ? rateProviders[4] : IRateProvider(0);
_rateProvider5 = (rateProviders.length>5) ? rateProviders[5] : IRateProvider(0);
_rateProviderInfoBitmap = rateProviderInfoBitmap;
}
// Tokensfunction_getTotalTokens() internalviewvirtualoverridereturns (uint256) {
return _totalTokens;
}
function_getMaxTokens() internalpureoverridereturns (uint256) {
// The BPT will be one of the Pool tokens, but it is unaffected by the Stable 5 token limit.return StableMath._MAX_STABLE_TOKENS +1;
}
functiongetBptIndex() publicviewreturns (uint256) {
return _bptIndex;
}
function_getTokenIndex(IERC20 token) internalviewreturns (uint256) {
if (token == _token0) return0;
if (token == _token1) return1;
if (token == _token2) return2;
if (token == _token3) return3;
if (token == _token4) return4;
if (token == _token5) return5;
_revert(Errors.INVALID_TOKEN);
}
function_scalingFactor(IERC20) internalviewvirtualoverridereturns (uint256) {
// We never use a single token's scaling factor by itself, we always process the entire array at once.// Therefore we don't bother providing an implementation for this.
_revert(Errors.UNIMPLEMENTED);
}
// Index helpers// Convert from an index into an array including BPT (the Vault's registered token list), to an index// into an array excluding BPT (usually from user input, such as amountsIn/Out).// `index` must not be the BPT token index itself.function_skipBptIndex(uint256 index) internalviewreturns (uint256) {
// Currently this is never called with an index passed in from user input, so this check// should not be necessary. Included for completion (and future proofing).
_require(index != getBptIndex(), Errors.OUT_OF_BOUNDS);
return index < getBptIndex() ? index : index.sub(1);
}
/**
* @dev Remove the item at `_bptIndex` from an arbitrary array (e.g., amountsIn).
*/function_dropBptItem(uint256[] memory amounts) internalviewreturns (uint256[] memory) {
uint256[] memory amountsWithoutBpt =newuint256[](amounts.length-1);
for (uint256 i =0; i < amountsWithoutBpt.length; i++) {
amountsWithoutBpt[i] = amounts[i < getBptIndex() ? i : i +1];
}
return amountsWithoutBpt;
}
/**
* @dev Same as `_dropBptItem`, except the virtual supply is also returned, and `balances` is assumed to be the
* current Pool balances (including BPT).
*/function_dropBptItemFromBalances(uint256[] memory registeredBalances)
internalviewreturns (uint256, uint256[] memory)
{
return (_getVirtualSupply(registeredBalances[getBptIndex()]), _dropBptItem(registeredBalances));
}
// Convert from an index into an array excluding BPT (usually from user input, such as amountsIn/Out),// to an index into an array including BPT (the Vault's registered token list).// `index` must not be the BPT token index itself, if it is the last element, and the result must be// in the range of registered tokens.function_addBptIndex(uint256 index) internalviewreturns (uint256 registeredIndex) {
// This can be called from an index passed in from user input.
registeredIndex = index < getBptIndex() ? index : index.add(1);
// TODO: `indexWithBpt != getBptIndex()` follows from above line and so can be removed.
_require(registeredIndex < _totalTokens && registeredIndex != getBptIndex(), Errors.OUT_OF_BOUNDS);
}
/**
* @dev Take an array of arbitrary values the size of the token set without BPT, and insert the given
* bptAmount at the bptIndex location.
*
* The caller is responsible for ensuring the `amounts` input array is sized properly; this function
* performs no checks.
*/function_addBptItem(uint256[] memory amounts, uint256 bptAmount)
internalviewreturns (uint256[] memory registeredTokenAmounts)
{
registeredTokenAmounts =newuint256[](amounts.length+1);
for (uint256 i =0; i < registeredTokenAmounts.length; i++) {
registeredTokenAmounts[i] = i == getBptIndex() ? bptAmount : amounts[i < getBptIndex() ? i : i -1];
}
}
// Rate Providersfunction_getScalingFactor(uint256 index) internalviewreturns (uint256) {
if (index ==0) return _scalingFactor0;
if (index ==1) return _scalingFactor1;
if (index ==2) return _scalingFactor2;
if (index ==3) return _scalingFactor3;
if (index ==4) return _scalingFactor4;
if (index ==5) return _scalingFactor5;
else {
_revert(Errors.INVALID_TOKEN);
}
}
/**
* @dev Returns the rate providers configured for each token (in the same order as registered).
*/functiongetRateProviders() externalviewreturns (IRateProvider[] memory) {
uint256 totalTokens = _getTotalTokens();
IRateProvider[] memory providers =new IRateProvider[](totalTokens);
for (uint256 i =0; i < totalTokens; ++i) {
providers[i] = _getRateProvider(i);
}
return providers;
}
function_getRateProvider(uint256 index) internalviewreturns (IRateProvider) {
if (index ==0) return _rateProvider0;
if (index ==1) return _rateProvider1;
if (index ==2) return _rateProvider2;
if (index ==3) return _rateProvider3;
if (index ==4) return _rateProvider4;
if (index ==5) return _rateProvider5;
else {
_revert(Errors.INVALID_TOKEN);
}
}
/**
* @notice Return true if the token at this index has a rate provider
*/function_hasRateProvider(uint256 tokenIndex) internalviewreturns (bool) {
return _rateProviderInfoBitmap.decodeBool(_RATE_PROVIDER_FLAGS_OFFSET + tokenIndex);
}
/**
* @notice Return true if all tokens are exempt from yield fees.
*/functionisExemptFromYieldProtocolFee() publicviewreturns (bool) {
return _exemptFromYieldProtocolFee;
}
/**
* @dev Returns whether the token is exempt from protocol fees on the yield.
* If the BPT token is passed in (which doesn't make much sense, but shouldn't fail,
* since it is a valid pool token), the corresponding flag will be false.
*/functionisTokenExemptFromYieldProtocolFee(IERC20 token) externalviewreturns (bool) {
return _exemptFromYieldProtocolFee && _hasRateProvider(_getTokenIndex(token));
}
// Virtual Supply/**
* @dev Returns the number of tokens in circulation.
*
* WARNING: in the vast majority of cases this is not a useful value, since it does not include the debt the Pool
* accrued in the form of unminted BPT for the ProtocolFeesCollector. Look into `getActualSupply()` and how that's
* different.
*
* In other pools, this would be the same as `totalSupply`, but since this pool pre-mints BPT and holds it in the
* Vault as a token, we need to subtract the Vault's balance to get the total "circulating supply". Both the
* totalSupply and Vault balance can change. If users join or exit using swaps, some of the preminted BPT are
* exchanged, so the Vault's balance increases after joins and decreases after exits. If users call the regular
* joins/exit functions, the totalSupply can change as BPT are minted for joins or burned for exits.
*/function_getVirtualSupply(uint256 bptBalance) internalviewreturns (uint256) {
// The initial amount of BPT pre-minted is _PREMINTED_TOKEN_BALANCE, and it goes entirely to the pool balance in// the vault. So the virtualSupply (the amount of BPT supply in circulation) is defined as:// virtualSupply = totalSupply() - _balances[_bptIndex]return totalSupply().sub(bptBalance);
}
}
Contract Source Code
File 12 of 52: EIP712.sol
// SPDX-License-Identifier: MITpragmasolidity ^0.7.0;/**
* @dev https://eips.ethereum.org/EIPS/eip-712[EIP 712] is a standard for hashing and signing of typed structured data.
*
* The encoding specified in the EIP is very generic, and such a generic implementation in Solidity is not feasible,
* thus this contract does not implement the encoding itself. Protocols need to implement the type-specific encoding
* they need in their contracts using a combination of `abi.encode` and `keccak256`.
*
* This contract implements the EIP 712 domain separator ({_domainSeparatorV4}) that is used as part of the encoding
* scheme, and the final step of the encoding to obtain the message digest that is then signed via ECDSA
* ({_hashTypedDataV4}).
*
* The implementation of the domain separator was designed to be as efficient as possible while still properly updating
* the chain id to protect against replay attacks on an eventual fork of the chain.
*
* NOTE: This contract implements the version of the encoding known as "v4", as implemented by the JSON RPC method
* https://docs.metamask.io/guide/signing-data.html[`eth_signTypedDataV4` in MetaMask].
*
* _Available since v3.4._
*/abstractcontractEIP712{
/* solhint-disable var-name-mixedcase */bytes32privateimmutable _HASHED_NAME;
bytes32privateimmutable _HASHED_VERSION;
bytes32privateimmutable _TYPE_HASH;
/* solhint-enable var-name-mixedcase *//**
* @dev Initializes the domain separator and parameter caches.
*
* The meaning of `name` and `version` is specified in
* https://eips.ethereum.org/EIPS/eip-712#definition-of-domainseparator[EIP 712]:
*
* - `name`: the user readable name of the signing domain, i.e. the name of the DApp or the protocol.
* - `version`: the current major version of the signing domain.
*
* NOTE: These parameters cannot be changed except through a xref:learn::upgrading-smart-contracts.adoc[smart
* contract upgrade].
*/constructor(stringmemory name, stringmemory version) {
_HASHED_NAME =keccak256(bytes(name));
_HASHED_VERSION =keccak256(bytes(version));
_TYPE_HASH =keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)");
}
/**
* @dev Returns the domain separator for the current chain.
*/function_domainSeparatorV4() internalviewvirtualreturns (bytes32) {
returnkeccak256(abi.encode(_TYPE_HASH, _HASHED_NAME, _HASHED_VERSION, _getChainId(), address(this)));
}
/**
* @dev Given an already https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct[hashed struct], this
* function returns the hash of the fully encoded EIP712 message for this domain.
*
* This hash can be used together with {ECDSA-recover} to obtain the signer of a message. For example:
*
* ```solidity
* bytes32 digest = _hashTypedDataV4(keccak256(abi.encode(
* keccak256("Mail(address to,string contents)"),
* mailTo,
* keccak256(bytes(mailContents))
* )));
* address signer = ECDSA.recover(digest, signature);
* ```
*/function_hashTypedDataV4(bytes32 structHash) internalviewvirtualreturns (bytes32) {
returnkeccak256(abi.encodePacked("\x19\x01", _domainSeparatorV4(), structHash));
}
function_getChainId() privateviewreturns (uint256 chainId) {
// Silence state mutability warning without generating bytecode.// See https://github.com/ethereum/solidity/issues/10090#issuecomment-741789128 and// https://github.com/ethereum/solidity/issues/2691this;
// solhint-disable-next-line no-inline-assemblyassembly {
chainId :=chainid()
}
}
}
Contract Source Code
File 13 of 52: EOASignaturesValidator.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;import"@balancer-labs/v2-interfaces/contracts/solidity-utils/helpers/BalancerErrors.sol";
import"@balancer-labs/v2-interfaces/contracts/solidity-utils/helpers/ISignaturesValidator.sol";
import"../openzeppelin/EIP712.sol";
/**
* @dev Utility for signing Solidity function calls.
*/abstractcontractEOASignaturesValidatorisISignaturesValidator, EIP712{
// Replay attack prevention for each account.mapping(address=>uint256) internal _nextNonce;
functiongetDomainSeparator() publicviewoverridereturns (bytes32) {
return _domainSeparatorV4();
}
functiongetNextNonce(address account) publicviewoverridereturns (uint256) {
return _nextNonce[account];
}
function_ensureValidSignature(address account,
bytes32 structHash,
bytesmemory signature,
uint256 errorCode
) internal{
return _ensureValidSignature(account, structHash, signature, type(uint256).max, errorCode);
}
function_ensureValidSignature(address account,
bytes32 structHash,
bytesmemory signature,
uint256 deadline,
uint256 errorCode
) internal{
bytes32 digest = _hashTypedDataV4(structHash);
_require(_isValidSignature(account, digest, signature), errorCode);
// We could check for the deadline before validating the signature, but this leads to saner error processing (as// we only care about expired deadlines if the signature is correct) and only affects the gas cost of the revert// scenario, which will only occur infrequently, if ever.// The deadline is timestamp-based: it should not be relied upon for sub-minute accuracy.// solhint-disable-next-line not-rely-on-time
_require(deadline >=block.timestamp, Errors.EXPIRED_SIGNATURE);
// We only advance the nonce after validating the signature. This is irrelevant for this module, but it can be// important in derived contracts that override _isValidSignature (e.g. SignaturesValidator), as we want for// the observable state to still have the current nonce as the next valid one.
_nextNonce[account] +=1;
}
function_isValidSignature(address account,
bytes32 digest,
bytesmemory signature
) internalviewvirtualreturns (bool) {
_require(signature.length==65, Errors.MALFORMED_SIGNATURE);
bytes32 r;
bytes32 s;
uint8 v;
// ecrecover takes the r, s and v signature parameters, and the only way to get them is to use assembly.// solhint-disable-next-line no-inline-assemblyassembly {
r :=mload(add(signature, 0x20))
s :=mload(add(signature, 0x40))
v :=byte(0, mload(add(signature, 0x60)))
}
address recoveredAddress =ecrecover(digest, v, r, s);
// ecrecover returns the zero address on recover failure, so we need to handle that explicitly.return (recoveredAddress !=address(0) && recoveredAddress == account);
}
function_toArraySignature(uint8 v,
bytes32 r,
bytes32 s
) internalpurereturns (bytesmemory) {
bytesmemory signature =newbytes(65);
// solhint-disable-next-line no-inline-assemblyassembly {
mstore(add(signature, 32), r)
mstore(add(signature, 64), s)
mstore8(add(signature, 96), v)
}
return signature;
}
}
Contract Source Code
File 14 of 52: ERC20.sol
// SPDX-License-Identifier: MITpragmasolidity ^0.7.0;import"@balancer-labs/v2-interfaces/contracts/solidity-utils/helpers/BalancerErrors.sol";
import"@balancer-labs/v2-interfaces/contracts/solidity-utils/openzeppelin/IERC20.sol";
import"./SafeMath.sol";
/**
* @dev Implementation of the {IERC20} interface.
*
* This implementation is agnostic to the way tokens are created. This means
* that a supply mechanism has to be added in a derived contract using {_mint}.
* For a generic mechanism see {ERC20PresetMinterPauser}.
*
* TIP: For a detailed writeup see our guide
* https://forum.zeppelin.solutions/t/how-to-implement-erc20-supply-mechanisms/226[How
* to implement supply mechanisms].
*
* We have followed general OpenZeppelin guidelines: functions revert instead
* of returning `false` on failure. This behavior is nonetheless conventional
* and does not conflict with the expectations of ERC20 applications.
*
* Additionally, an {Approval} event is emitted on calls to {transferFrom}.
* This allows applications to reconstruct the allowance for all accounts just
* by listening to said events. Other implementations of the EIP may not emit
* these events, as it isn't required by the specification.
*
* Finally, the non-standard {decreaseAllowance} and {increaseAllowance}
* functions have been added to mitigate the well-known issues around setting
* allowances. See {IERC20-approve}.
*/contractERC20isIERC20{
usingSafeMathforuint256;
mapping(address=>uint256) private _balances;
mapping(address=>mapping(address=>uint256)) private _allowances;
uint256private _totalSupply;
stringprivate _name;
stringprivate _symbol;
uint8private _decimals;
/**
* @dev Sets the values for {name} and {symbol}, initializes {decimals} with
* a default value of 18.
*
* To select a different value for {decimals}, use {_setupDecimals}.
*
* All three of these values are immutable: they can only be set once during
* construction.
*/constructor(stringmemory name_, stringmemory symbol_) {
_name = name_;
_symbol = symbol_;
_decimals =18;
}
/**
* @dev Returns the name of the token.
*/functionname() publicviewreturns (stringmemory) {
return _name;
}
/**
* @dev Returns the symbol of the token, usually a shorter version of the
* name.
*/functionsymbol() publicviewreturns (stringmemory) {
return _symbol;
}
/**
* @dev Returns the number of decimals used to get its user representation.
* For example, if `decimals` equals `2`, a balance of `505` tokens should
* be displayed to a user as `5,05` (`505 / 10 ** 2`).
*
* Tokens usually opt for a value of 18, imitating the relationship between
* Ether and Wei. This is the value {ERC20} uses, unless {_setupDecimals} is
* called.
*
* NOTE: This information is only used for _display_ purposes: it in
* no way affects any of the arithmetic of the contract, including
* {IERC20-balanceOf} and {IERC20-transfer}.
*/functiondecimals() publicviewreturns (uint8) {
return _decimals;
}
/**
* @dev See {IERC20-totalSupply}. The total supply should only be read using this function
*
* Can be overridden by derived contracts to store the total supply in a different way (e.g. packed with other
* storage values).
*/functiontotalSupply() publicviewvirtualoverridereturns (uint256) {
return _totalSupply;
}
/**
* @dev Sets a new value for the total supply. It should only be set using this function.
*
* * Can be overridden by derived contracts to store the total supply in a different way (e.g. packed with other
* storage values).
*/function_setTotalSupply(uint256 value) internalvirtual{
_totalSupply = value;
}
/**
* @dev See {IERC20-balanceOf}.
*/functionbalanceOf(address account) publicviewoverridereturns (uint256) {
return _balances[account];
}
/**
* @dev See {IERC20-transfer}.
*
* Requirements:
*
* - `recipient` cannot be the zero address.
* - the caller must have a balance of at least `amount`.
*/functiontransfer(address recipient, uint256 amount) publicvirtualoverridereturns (bool) {
_transfer(msg.sender, recipient, amount);
returntrue;
}
/**
* @dev See {IERC20-allowance}.
*/functionallowance(address owner, address spender) publicviewvirtualoverridereturns (uint256) {
return _allowances[owner][spender];
}
/**
* @dev See {IERC20-approve}.
*
* Requirements:
*
* - `spender` cannot be the zero address.
*/functionapprove(address spender, uint256 amount) publicvirtualoverridereturns (bool) {
_approve(msg.sender, spender, amount);
returntrue;
}
/**
* @dev See {IERC20-transferFrom}.
*
* Emits an {Approval} event indicating the updated allowance. This is not
* required by the EIP. See the note at the beginning of {ERC20}.
*
* Requirements:
*
* - `sender` and `recipient` cannot be the zero address.
* - `sender` must have a balance of at least `amount`.
* - the caller must have allowance for ``sender``'s tokens of at least
* `amount`.
*/functiontransferFrom(address sender,
address recipient,
uint256 amount
) publicvirtualoverridereturns (bool) {
_transfer(sender, recipient, amount);
_approve(
sender,
msg.sender,
_allowances[sender][msg.sender].sub(amount, Errors.ERC20_TRANSFER_EXCEEDS_ALLOWANCE)
);
returntrue;
}
/**
* @dev Atomically increases the allowance granted to `spender` by the caller.
*
* This is an alternative to {approve} that can be used as a mitigation for
* problems described in {IERC20-approve}.
*
* Emits an {Approval} event indicating the updated allowance.
*
* Requirements:
*
* - `spender` cannot be the zero address.
*/functionincreaseAllowance(address spender, uint256 addedValue) publicvirtualreturns (bool) {
_approve(msg.sender, spender, _allowances[msg.sender][spender].add(addedValue));
returntrue;
}
/**
* @dev Atomically decreases the allowance granted to `spender` by the caller.
*
* This is an alternative to {approve} that can be used as a mitigation for
* problems described in {IERC20-approve}.
*
* Emits an {Approval} event indicating the updated allowance.
*
* Requirements:
*
* - `spender` cannot be the zero address.
* - `spender` must have allowance for the caller of at least
* `subtractedValue`.
*/functiondecreaseAllowance(address spender, uint256 subtractedValue) publicvirtualreturns (bool) {
_approve(
msg.sender,
spender,
_allowances[msg.sender][spender].sub(subtractedValue, Errors.ERC20_DECREASED_ALLOWANCE_BELOW_ZERO)
);
returntrue;
}
/**
* @dev Moves tokens `amount` from `sender` to `recipient`.
*
* This is internal function is equivalent to {transfer}, and can be used to
* e.g. implement automatic token fees, slashing mechanisms, etc.
*
* Emits a {Transfer} event.
*
* Requirements:
*
* - `sender` cannot be the zero address.
* - `recipient` cannot be the zero address.
* - `sender` must have a balance of at least `amount`.
*/function_transfer(address sender,
address recipient,
uint256 amount
) internalvirtual{
_require(sender !=address(0), Errors.ERC20_TRANSFER_FROM_ZERO_ADDRESS);
_require(recipient !=address(0), Errors.ERC20_TRANSFER_TO_ZERO_ADDRESS);
_beforeTokenTransfer(sender, recipient, amount);
_balances[sender] = _balances[sender].sub(amount, Errors.ERC20_TRANSFER_EXCEEDS_BALANCE);
_balances[recipient] = _balances[recipient].add(amount);
emit Transfer(sender, recipient, amount);
}
/** @dev Creates `amount` tokens and assigns them to `account`, increasing
* the total supply.
*
* Emits a {Transfer} event with `from` set to the zero address.
*
* Requirements:
*
* - `to` cannot be the zero address.
*/function_mint(address account, uint256 amount) internalvirtual{
_beforeTokenTransfer(address(0), account, amount);
_setTotalSupply(totalSupply().add(amount));
_balances[account] = _balances[account].add(amount);
emit Transfer(address(0), account, amount);
}
/**
* @dev Destroys `amount` tokens from `account`, reducing the
* total supply.
*
* Emits a {Transfer} event with `to` set to the zero address.
*
* Requirements:
*
* - `account` cannot be the zero address.
* - `account` must have at least `amount` tokens.
*/function_burn(address account, uint256 amount) internalvirtual{
_require(account !=address(0), Errors.ERC20_BURN_FROM_ZERO_ADDRESS);
_beforeTokenTransfer(account, address(0), amount);
_balances[account] = _balances[account].sub(amount, Errors.ERC20_BURN_EXCEEDS_BALANCE);
_setTotalSupply(totalSupply().sub(amount));
emit Transfer(account, address(0), amount);
}
/**
* @dev Sets `amount` as the allowance of `spender` over the `owner` s tokens.
*
* This internal function is equivalent to `approve`, and can be used to
* e.g. set automatic allowances for certain subsystems, etc.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `owner` cannot be the zero address.
* - `spender` cannot be the zero address.
*/function_approve(address owner,
address spender,
uint256 amount
) internalvirtual{
_allowances[owner][spender] = amount;
emit Approval(owner, spender, amount);
}
/**
* @dev Sets {decimals} to a value other than the default one of 18.
*
* WARNING: This function should only be called from the constructor. Most
* applications that interact with token contracts will not expect
* {decimals} to ever change, and may work incorrectly if it does.
*/function_setupDecimals(uint8 decimals_) internal{
_decimals = decimals_;
}
/**
* @dev Hook that is called before any transfer of tokens. This includes
* minting and burning.
*
* Calling conditions:
*
* - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens
* will be to transferred to `to`.
* - when `from` is zero, `amount` tokens will be minted for `to`.
* - when `to` is zero, `amount` of ``from``'s tokens will be burned.
* - `from` and `to` are never both zero.
*
* To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks].
*/function_beforeTokenTransfer(addressfrom,
address to,
uint256 amount
) internalvirtual{
// solhint-disable-previous-line no-empty-blocks
}
}
Contract Source Code
File 15 of 52: ERC20Helpers.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;import"@balancer-labs/v2-interfaces/contracts/solidity-utils/helpers/BalancerErrors.sol";
import"@balancer-labs/v2-interfaces/contracts/solidity-utils/openzeppelin/IERC20.sol";
import"@balancer-labs/v2-interfaces/contracts/vault/IAsset.sol";
// solhint-disablefunction_asIAsset(IERC20[] memory tokens) purereturns (IAsset[] memory assets) {
// solhint-disable-next-line no-inline-assemblyassembly {
assets := tokens
}
}
function_sortTokens(
IERC20 tokenA,
IERC20 tokenB,
IERC20 tokenC
) purereturns (IERC20[] memory tokens) {
(uint256 indexTokenA, uint256 indexTokenB, uint256 indexTokenC) = _getSortedTokenIndexes(tokenA, tokenB, tokenC);
tokens =new IERC20[](3);
tokens[indexTokenA] = tokenA;
tokens[indexTokenB] = tokenB;
tokens[indexTokenC] = tokenC;
}
function_insertSorted(IERC20[] memory tokens, IERC20 token) purereturns (IERC20[] memory sorted) {
sorted =new IERC20[](tokens.length+1);
if (tokens.length==0) {
sorted[0] = token;
return sorted;
}
uint256 i;
for (i = tokens.length; i >0&& tokens[i -1] > token; i--) sorted[i] = tokens[i -1];
for (uint256 j =0; j < i; j++) sorted[j] = tokens[j];
sorted[i] = token;
}
function_appendToken(IERC20[] memory tokens, IERC20 newToken) purereturns (IERC20[] memory newTokens) {
uint256 numTokens = tokens.length;
newTokens =new IERC20[](numTokens +1);
for (uint256 i =0; i < numTokens; ++i) newTokens[i] = tokens[i];
newTokens[numTokens] = newToken;
}
function_findTokenIndex(IERC20[] memory tokens, IERC20 token) purereturns (uint256) {
// Note that while we know tokens are initially sorted, we cannot assume this will hold throughout// the pool's lifetime, as pools with mutable tokens can append and remove tokens in any order.uint256 tokensLength = tokens.length;
for (uint256 i =0; i < tokensLength; i++) {
if (tokens[i] == token) {
return i;
}
}
_revert(Errors.INVALID_TOKEN);
}
function_getSortedTokenIndexes(
IERC20 tokenA,
IERC20 tokenB,
IERC20 tokenC
)
purereturns (uint256 indexTokenA,
uint256 indexTokenB,
uint256 indexTokenC
)
{
if (tokenA < tokenB) {
if (tokenB < tokenC) {
// (tokenA, tokenB, tokenC)return (0, 1, 2);
} elseif (tokenA < tokenC) {
// (tokenA, tokenC, tokenB)return (0, 2, 1);
} else {
// (tokenC, tokenA, tokenB)return (1, 2, 0);
}
} else {
// tokenB < tokenAif (tokenC < tokenB) {
// (tokenC, tokenB, tokenA)return (2, 1, 0);
} elseif (tokenC < tokenA) {
// (tokenB, tokenC, tokenA)return (2, 0, 1);
} else {
// (tokenB, tokenA, tokenC)return (1, 0, 2);
}
}
}
Contract Source Code
File 16 of 52: ERC20Permit.sol
// SPDX-License-Identifier: MITpragmasolidity ^0.7.0;import"@balancer-labs/v2-interfaces/contracts/solidity-utils/openzeppelin/IERC20Permit.sol";
import"./ERC20.sol";
import"../helpers/EOASignaturesValidator.sol";
/**
* @dev Implementation of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
* https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
*
* Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
* presenting a message signed by the account. By not relying on `{IERC20-approve}`, the token holder account doesn't
* need to send a transaction, and thus is not required to hold Ether at all.
*
* _Available since v3.4._
*/abstractcontractERC20PermitisERC20, IERC20Permit, EOASignaturesValidator{
// solhint-disable-next-line var-name-mixedcasebytes32privateconstant _PERMIT_TYPEHASH =keccak256(
"Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)"
);
/**
* @dev Initializes the {EIP712} domain separator using the `name` parameter, and setting `version` to `"1"`.
*
* It's a good idea to use the same `name` that is defined as the ERC20 token name.
*/constructor(stringmemory name) EIP712(name, "1") {
// solhint-disable-previous-line no-empty-blocks
}
/**
* @dev See {IERC20Permit-permit}.
*/functionpermit(address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) publicvirtualoverride{
bytes32 structHash =keccak256(
abi.encode(_PERMIT_TYPEHASH, owner, spender, value, getNextNonce(owner), deadline)
);
_ensureValidSignature(owner, structHash, _toArraySignature(v, r, s), deadline, Errors.INVALID_SIGNATURE);
_approve(owner, spender, value);
}
/**
* @dev See {IERC20Permit-nonces}.
*/functionnonces(address owner) publicviewoverridereturns (uint256) {
return getNextNonce(owner);
}
/**
* @dev See {IERC20Permit-DOMAIN_SEPARATOR}.
*/// solhint-disable-next-line func-name-mixedcasefunctionDOMAIN_SEPARATOR() externalviewoverridereturns (bytes32) {
return getDomainSeparator();
}
}
Contract Source Code
File 17 of 52: FixedPoint.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;import"@balancer-labs/v2-interfaces/contracts/solidity-utils/helpers/BalancerErrors.sol";
import"./LogExpMath.sol";
/* solhint-disable private-vars-leading-underscore */libraryFixedPoint{
uint256internalconstant ONE =1e18; // 18 decimal placesuint256internalconstant TWO =2* ONE;
uint256internalconstant FOUR =4* ONE;
uint256internalconstant MAX_POW_RELATIVE_ERROR =10000; // 10^(-14)// Minimum base for the power function when the exponent is 'free' (larger than ONE).uint256internalconstant MIN_POW_BASE_FREE_EXPONENT =0.7e18;
functionadd(uint256 a, uint256 b) internalpurereturns (uint256) {
// Fixed Point addition is the same as regular checked additionuint256 c = a + b;
_require(c >= a, Errors.ADD_OVERFLOW);
return c;
}
functionsub(uint256 a, uint256 b) internalpurereturns (uint256) {
// Fixed Point addition is the same as regular checked addition
_require(b <= a, Errors.SUB_OVERFLOW);
uint256 c = a - b;
return c;
}
functionmulDown(uint256 a, uint256 b) internalpurereturns (uint256) {
uint256 product = a * b;
_require(a ==0|| product / a == b, Errors.MUL_OVERFLOW);
return product / ONE;
}
functionmulUp(uint256 a, uint256 b) internalpurereturns (uint256) {
uint256 product = a * b;
_require(a ==0|| product / a == b, Errors.MUL_OVERFLOW);
if (product ==0) {
return0;
} else {
// The traditional divUp formula is:// divUp(x, y) := (x + y - 1) / y// To avoid intermediate overflow in the addition, we distribute the division and get:// divUp(x, y) := (x - 1) / y + 1// Note that this requires x != 0, which we already tested for.return ((product -1) / ONE) +1;
}
}
functiondivDown(uint256 a, uint256 b) internalpurereturns (uint256) {
_require(b !=0, Errors.ZERO_DIVISION);
if (a ==0) {
return0;
} else {
uint256 aInflated = a * ONE;
_require(aInflated / a == ONE, Errors.DIV_INTERNAL); // mul overflowreturn aInflated / b;
}
}
functiondivUp(uint256 a, uint256 b) internalpurereturns (uint256) {
_require(b !=0, Errors.ZERO_DIVISION);
if (a ==0) {
return0;
} else {
uint256 aInflated = a * ONE;
_require(aInflated / a == ONE, Errors.DIV_INTERNAL); // mul overflow// The traditional divUp formula is:// divUp(x, y) := (x + y - 1) / y// To avoid intermediate overflow in the addition, we distribute the division and get:// divUp(x, y) := (x - 1) / y + 1// Note that this requires x != 0, which we already tested for.return ((aInflated -1) / b) +1;
}
}
/**
* @dev Returns x^y, assuming both are fixed point numbers, rounding down. The result is guaranteed to not be above
* the true value (that is, the error function expected - actual is always positive).
*/functionpowDown(uint256 x, uint256 y) internalpurereturns (uint256) {
// Optimize for when y equals 1.0, 2.0 or 4.0, as those are very simple to implement and occur often in 50/50// and 80/20 Weighted Poolsif (y == ONE) {
return x;
} elseif (y == TWO) {
return mulDown(x, x);
} elseif (y == FOUR) {
uint256 square = mulDown(x, x);
return mulDown(square, square);
} else {
uint256 raw = LogExpMath.pow(x, y);
uint256 maxError = add(mulUp(raw, MAX_POW_RELATIVE_ERROR), 1);
if (raw < maxError) {
return0;
} else {
return sub(raw, maxError);
}
}
}
/**
* @dev Returns x^y, assuming both are fixed point numbers, rounding up. The result is guaranteed to not be below
* the true value (that is, the error function expected - actual is always negative).
*/functionpowUp(uint256 x, uint256 y) internalpurereturns (uint256) {
// Optimize for when y equals 1.0, 2.0 or 4.0, as those are very simple to implement and occur often in 50/50// and 80/20 Weighted Poolsif (y == ONE) {
return x;
} elseif (y == TWO) {
return mulUp(x, x);
} elseif (y == FOUR) {
uint256 square = mulUp(x, x);
return mulUp(square, square);
} else {
uint256 raw = LogExpMath.pow(x, y);
uint256 maxError = add(mulUp(raw, MAX_POW_RELATIVE_ERROR), 1);
return add(raw, maxError);
}
}
/**
* @dev Returns the complement of a value (1 - x), capped to 0 if x is larger than 1.
*
* Useful when computing the complement for values with some level of relative error, as it strips this error and
* prevents intermediate negative values.
*/functioncomplement(uint256 x) internalpurereturns (uint256) {
return (x < ONE) ? (ONE - x) : 0;
}
}
Contract Source Code
File 18 of 52: IAsset.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;/**
* @dev This is an empty interface used to represent either ERC20-conforming token contracts or ETH (using the zero
* address sentinel value). We're just relying on the fact that `interface` can be used to declare new address-like
* types.
*
* This concept is unrelated to a Pool's Asset Managers.
*/interfaceIAsset{
// solhint-disable-previous-line no-empty-blocks
}
Contract Source Code
File 19 of 52: IAssetManager.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;pragmaexperimentalABIEncoderV2;import"../solidity-utils/openzeppelin/IERC20.sol";
interfaceIAssetManager{
/**
* @notice Emitted when asset manager is rebalanced
*/eventRebalance(bytes32 poolId);
/**
* @notice Sets the config
*/functionsetConfig(bytes32 poolId, bytescalldata config) external;
/**
* Note: No function to read the asset manager config is included in IAssetManager
* as the signature is expected to vary between asset manager implementations
*//**
* @notice Returns the asset manager's token
*/functiongetToken() externalviewreturns (IERC20);
/**
* @return the current assets under management of this asset manager
*/functiongetAUM(bytes32 poolId) externalviewreturns (uint256);
/**
* @return poolCash - The up-to-date cash balance of the pool
* @return poolManaged - The up-to-date managed balance of the pool
*/functiongetPoolBalances(bytes32 poolId) externalviewreturns (uint256 poolCash, uint256 poolManaged);
/**
* @return The difference in tokens between the target investment
* and the currently invested amount (i.e. the amount that can be invested)
*/functionmaxInvestableBalance(bytes32 poolId) externalviewreturns (int256);
/**
* @notice Updates the Vault on the value of the pool's investment returns
*/functionupdateBalanceOfPool(bytes32 poolId) external;
/**
* @notice Determines whether the pool should rebalance given the provided balances
*/functionshouldRebalance(uint256 cash, uint256 managed) externalviewreturns (bool);
/**
* @notice Rebalances funds between the pool and the asset manager to maintain target investment percentage.
* @param poolId - the poolId of the pool to be rebalanced
* @param force - a boolean representing whether a rebalance should be forced even when the pool is near balance
*/functionrebalance(bytes32 poolId, bool force) external;
/**
* @notice allows an authorized rebalancer to remove capital to facilitate large withdrawals
* @param poolId - the poolId of the pool to withdraw funds back to
* @param amount - the amount of tokens to withdraw back to the pool
*/functioncapitalOut(bytes32 poolId, uint256 amount) external;
}
Contract Source Code
File 20 of 52: IAuthentication.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;interfaceIAuthentication{
/**
* @dev Returns the action identifier associated with the external function described by `selector`.
*/functiongetActionId(bytes4 selector) externalviewreturns (bytes32);
}
Contract Source Code
File 21 of 52: IAuthorizer.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;interfaceIAuthorizer{
/**
* @dev Returns true if `account` can perform the action described by `actionId` in the contract `where`.
*/functioncanPerform(bytes32 actionId,
address account,
address where
) externalviewreturns (bool);
}
Contract Source Code
File 22 of 52: IBasePool.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;pragmaexperimentalABIEncoderV2;import"./IVault.sol";
import"./IPoolSwapStructs.sol";
/**
* @dev Interface for adding and removing liquidity that all Pool contracts should implement. Note that this is not
* the complete Pool contract interface, as it is missing the swap hooks. Pool contracts should also inherit from
* either IGeneralPool or IMinimalSwapInfoPool
*/interfaceIBasePoolisIPoolSwapStructs{
/**
* @dev Called by the Vault when a user calls `IVault.joinPool` to add liquidity to this Pool. Returns how many of
* each registered token the user should provide, as well as the amount of protocol fees the Pool owes to the Vault.
* The Vault will then take tokens from `sender` and add them to the Pool's balances, as well as collect
* the reported amount in protocol fees, which the pool should calculate based on `protocolSwapFeePercentage`.
*
* Protocol fees are reported and charged on join events so that the Pool is free of debt whenever new users join.
*
* `sender` is the account performing the join (from which tokens will be withdrawn), and `recipient` is the account
* designated to receive any benefits (typically pool shares). `balances` contains the total balances
* for each token the Pool registered in the Vault, in the same order that `IVault.getPoolTokens` would return.
*
* `lastChangeBlock` is the last block in which *any* of the Pool's registered tokens last changed its total
* balance.
*
* `userData` contains any pool-specific instructions needed to perform the calculations, such as the type of
* join (e.g., proportional given an amount of pool shares, single-asset, multi-asset, etc.)
*
* Contracts implementing this function should check that the caller is indeed the Vault before performing any
* state-changing operations, such as minting pool shares.
*/functiononJoinPool(bytes32 poolId,
address sender,
address recipient,
uint256[] memory balances,
uint256 lastChangeBlock,
uint256 protocolSwapFeePercentage,
bytesmemory userData
) externalreturns (uint256[] memory amountsIn, uint256[] memory dueProtocolFeeAmounts);
/**
* @dev Called by the Vault when a user calls `IVault.exitPool` to remove liquidity from this Pool. Returns how many
* tokens the Vault should deduct from the Pool's balances, as well as the amount of protocol fees the Pool owes
* to the Vault. The Vault will then take tokens from the Pool's balances and send them to `recipient`,
* as well as collect the reported amount in protocol fees, which the Pool should calculate based on
* `protocolSwapFeePercentage`.
*
* Protocol fees are charged on exit events to guarantee that users exiting the Pool have paid their share.
*
* `sender` is the account performing the exit (typically the pool shareholder), and `recipient` is the account
* to which the Vault will send the proceeds. `balances` contains the total token balances for each token
* the Pool registered in the Vault, in the same order that `IVault.getPoolTokens` would return.
*
* `lastChangeBlock` is the last block in which *any* of the Pool's registered tokens last changed its total
* balance.
*
* `userData` contains any pool-specific instructions needed to perform the calculations, such as the type of
* exit (e.g., proportional given an amount of pool shares, single-asset, multi-asset, etc.)
*
* Contracts implementing this function should check that the caller is indeed the Vault before performing any
* state-changing operations, such as burning pool shares.
*/functiononExitPool(bytes32 poolId,
address sender,
address recipient,
uint256[] memory balances,
uint256 lastChangeBlock,
uint256 protocolSwapFeePercentage,
bytesmemory userData
) externalreturns (uint256[] memory amountsOut, uint256[] memory dueProtocolFeeAmounts);
/**
* @dev Returns this Pool's ID, used when interacting with the Vault (to e.g. join the Pool or swap with it).
*/functiongetPoolId() externalviewreturns (bytes32);
/**
* @dev Returns the current swap fee percentage as a 18 decimal fixed point number, so e.g. 1e17 corresponds to a
* 10% swap fee.
*/functiongetSwapFeePercentage() externalviewreturns (uint256);
/**
* @dev Returns the scaling factors of each of the Pool's tokens. This is an implementation detail that is typically
* not relevant for outside parties, but which might be useful for some types of Pools.
*/functiongetScalingFactors() externalviewreturns (uint256[] memory);
functionqueryJoin(bytes32 poolId,
address sender,
address recipient,
uint256[] memory balances,
uint256 lastChangeBlock,
uint256 protocolSwapFeePercentage,
bytesmemory userData
) externalreturns (uint256 bptOut, uint256[] memory amountsIn);
functionqueryExit(bytes32 poolId,
address sender,
address recipient,
uint256[] memory balances,
uint256 lastChangeBlock,
uint256 protocolSwapFeePercentage,
bytesmemory userData
) externalreturns (uint256 bptIn, uint256[] memory amountsOut);
}
Contract Source Code
File 23 of 52: IControlledPool.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;import"../solidity-utils/openzeppelin/IERC20.sol";
interfaceIControlledPool{
functionsetSwapFeePercentage(uint256 swapFeePercentage) external;
functionsetAssetManagerPoolConfig(IERC20 token, bytesmemory poolConfig) external;
}
Contract Source Code
File 24 of 52: IERC20.sol
// SPDX-License-Identifier: MITpragmasolidity ^0.7.0;/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/interfaceIERC20{
/**
* @dev Returns the amount of tokens in existence.
*/functiontotalSupply() externalviewreturns (uint256);
/**
* @dev Returns the amount of tokens owned by `account`.
*/functionbalanceOf(address account) externalviewreturns (uint256);
/**
* @dev Moves `amount` tokens from the caller's account to `recipient`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/functiontransfer(address recipient, uint256 amount) externalreturns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/functionallowance(address owner, address spender) externalviewreturns (uint256);
/**
* @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/functionapprove(address spender, uint256 amount) externalreturns (bool);
/**
* @dev Moves `amount` tokens from `sender` to `recipient` using the
* allowance mechanism. `amount` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/functiontransferFrom(address sender,
address recipient,
uint256 amount
) externalreturns (bool);
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/eventTransfer(addressindexedfrom, addressindexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/eventApproval(addressindexed owner, addressindexed spender, uint256 value);
}
Contract Source Code
File 25 of 52: IERC20Permit.sol
// SPDX-License-Identifier: MITpragmasolidity ^0.7.0;/**
* @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
* https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
*
* Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
* presenting a message signed by the account. By not relying on `{IERC20-approve}`, the token holder account doesn't
* need to send a transaction, and thus is not required to hold Ether at all.
*/interfaceIERC20Permit{
/**
* @dev Sets `value` as the allowance of `spender` over `owner`'s tokens,
* given `owner`'s signed approval.
*
* IMPORTANT: The same issues {IERC20-approve} has related to transaction
* ordering also apply here.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `spender` cannot be the zero address.
* - `deadline` must be a timestamp in the future.
* - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`
* over the EIP712-formatted function arguments.
* - the signature must use ``owner``'s current nonce (see {nonces}).
*
* For more information on the signature format, see the
* https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP
* section].
*/functionpermit(address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) external;
/**
* @dev Returns the current nonce for `owner`. This value must be
* included whenever a signature is generated for {permit}.
*
* Every successful call to {permit} increases ``owner``'s nonce by one. This
* prevents a signature from being used multiple times.
*/functionnonces(address owner) externalviewreturns (uint256);
/**
* @dev Returns the domain separator used in the encoding of the signature for `permit`, as defined by {EIP712}.
*/// solhint-disable-next-line func-name-mixedcasefunctionDOMAIN_SEPARATOR() externalviewreturns (bytes32);
}
Contract Source Code
File 26 of 52: IFlashLoanRecipient.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;// Inspired by Aave Protocol's IFlashLoanReceiver.import"../solidity-utils/openzeppelin/IERC20.sol";
interfaceIFlashLoanRecipient{
/**
* @dev When `flashLoan` is called on the Vault, it invokes the `receiveFlashLoan` hook on the recipient.
*
* At the time of the call, the Vault will have transferred `amounts` for `tokens` to the recipient. Before this
* call returns, the recipient must have transferred `amounts` plus `feeAmounts` for each token back to the
* Vault, or else the entire flash loan will revert.
*
* `userData` is the same value passed in the `IVault.flashLoan` call.
*/functionreceiveFlashLoan(
IERC20[] memory tokens,
uint256[] memory amounts,
uint256[] memory feeAmounts,
bytesmemory userData
) external;
}
Contract Source Code
File 27 of 52: IGeneralPool.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;pragmaexperimentalABIEncoderV2;import"./IBasePool.sol";
/**
* @dev IPools with the General specialization setting should implement this interface.
*
* This is called by the Vault when a user calls `IVault.swap` or `IVault.batchSwap` to swap with this Pool.
* Returns the number of tokens the Pool will grant to the user in a 'given in' swap, or that the user will
* grant to the pool in a 'given out' swap.
*
* This can often be implemented by a `view` function, since many pricing algorithms don't need to track state
* changes in swaps. However, contracts implementing this in non-view functions should check that the caller is
* indeed the Vault.
*/interfaceIGeneralPoolisIBasePool{
functiononSwap(
SwapRequest memory swapRequest,
uint256[] memory balances,
uint256 indexIn,
uint256 indexOut
) externalreturns (uint256 amount);
}
Contract Source Code
File 28 of 52: IPoolSwapStructs.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;pragmaexperimentalABIEncoderV2;import"../solidity-utils/openzeppelin/IERC20.sol";
import"./IVault.sol";
interfaceIPoolSwapStructs{
// This is not really an interface - it just defines common structs used by other interfaces: IGeneralPool and// IMinimalSwapInfoPool.//// This data structure represents a request for a token swap, where `kind` indicates the swap type ('given in' or// 'given out') which indicates whether or not the amount sent by the pool is known.//// The pool receives `tokenIn` and sends `tokenOut`. `amount` is the number of `tokenIn` tokens the pool will take// in, or the number of `tokenOut` tokens the Pool will send out, depending on the given swap `kind`.//// All other fields are not strictly necessary for most swaps, but are provided to support advanced scenarios in// some Pools.//// `poolId` is the ID of the Pool involved in the swap - this is useful for Pool contracts that implement more than// one Pool.//// The meaning of `lastChangeBlock` depends on the Pool specialization:// - Two Token or Minimal Swap Info: the last block in which either `tokenIn` or `tokenOut` changed its total// balance.// - General: the last block in which *any* of the Pool's registered tokens changed its total balance.//// `from` is the origin address for the funds the Pool receives, and `to` is the destination address// where the Pool sends the outgoing tokens.//// `userData` is extra data provided by the caller - typically a signature from a trusted party.structSwapRequest {
IVault.SwapKind kind;
IERC20 tokenIn;
IERC20 tokenOut;
uint256 amount;
// Misc databytes32 poolId;
uint256 lastChangeBlock;
addressfrom;
address to;
bytes userData;
}
}
Contract Source Code
File 29 of 52: IProtocolFeePercentagesProvider.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;pragmaexperimentalABIEncoderV2;/**
* @dev Source of truth for all Protocol Fee percentages, that is, how much the protocol charges certain actions. Some
* of these values may also be retrievable from other places (such as the swap fee percentage), but this is the
* preferred source nonetheless.
*/interfaceIProtocolFeePercentagesProvider{
// All fee percentages are 18-decimal fixed point numbers, so e.g. 1e18 = 100% and 1e16 = 1%.// Emitted when a new fee type is registered.eventProtocolFeeTypeRegistered(uint256indexed feeType, string name, uint256 maximumPercentage);
// Emitted when the value of a fee type changes.// IMPORTANT: it is possible for a third party to modify the SWAP and FLASH_LOAN fee type values directly in the// ProtocolFeesCollector, which will result in this event not being emitted despite their value changing. Such usage// of the ProtocolFeesCollector is however discouraged: all state-changing interactions with it should originate in// this contract.eventProtocolFeePercentageChanged(uint256indexed feeType, uint256 percentage);
/**
* @dev Registers a new fee type in the system, making it queryable via `getFeeTypePercentage` and `getFeeTypeName`,
* as well as configurable via `setFeeTypePercentage`.
*
* `feeType` can be any arbitrary value (that is not in use).
*
* It is not possible to de-register fee types, nor change their name or maximum value.
*/functionregisterFeeType(uint256 feeType,
stringmemory name,
uint256 maximumValue,
uint256 initialValue
) external;
/**
* @dev Returns true if `feeType` has been registered and can be queried.
*/functionisValidFeeType(uint256 feeType) externalviewreturns (bool);
/**
* @dev Returns true if `value` is a valid percentage value for `feeType`.
*/functionisValidFeeTypePercentage(uint256 feeType, uint256 value) externalviewreturns (bool);
/**
* @dev Sets the percentage value for `feeType` to `newValue`.
*
* IMPORTANT: it is possible for a third party to modify the SWAP and FLASH_LOAN fee type values directly in the
* ProtocolFeesCollector, without invoking this function. This will result in the `ProtocolFeePercentageChanged`
* event not being emitted despite their value changing. Such usage of the ProtocolFeesCollector is however
* discouraged: only this contract should be granted permission to call `setSwapFeePercentage` and
* `setFlashLoanFeePercentage`.
*/functionsetFeeTypePercentage(uint256 feeType, uint256 newValue) external;
/**
* @dev Returns the current percentage value for `feeType`. This is the preferred mechanism for querying these -
* whenever possible, use this fucntion instead of e.g. querying the ProtocolFeesCollector.
*/functiongetFeeTypePercentage(uint256 feeType) externalviewreturns (uint256);
/**
* @dev Returns `feeType`'s maximum value.
*/functiongetFeeTypeMaximumPercentage(uint256 feeType) externalviewreturns (uint256);
/**
* @dev Returns `feeType`'s name.
*/functiongetFeeTypeName(uint256 feeType) externalviewreturns (stringmemory);
}
libraryProtocolFeeType{
// This list is not exhaustive - more fee types can be added to the system. It is expected for this list to be// extended with new fee types as they are registered, to keep them all in one place and reduce// likelihood of user error.// solhint-disable private-vars-leading-underscoreuint256internalconstant SWAP =0;
uint256internalconstant FLASH_LOAN =1;
uint256internalconstant YIELD =2;
uint256internalconstant AUM =3;
// solhint-enable private-vars-leading-underscore
}
Contract Source Code
File 30 of 52: IProtocolFeesCollector.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;pragmaexperimentalABIEncoderV2;import"../solidity-utils/openzeppelin/IERC20.sol";
import"./IVault.sol";
import"./IAuthorizer.sol";
interfaceIProtocolFeesCollector{
eventSwapFeePercentageChanged(uint256 newSwapFeePercentage);
eventFlashLoanFeePercentageChanged(uint256 newFlashLoanFeePercentage);
functionwithdrawCollectedFees(
IERC20[] calldata tokens,
uint256[] calldata amounts,
address recipient
) external;
functionsetSwapFeePercentage(uint256 newSwapFeePercentage) external;
functionsetFlashLoanFeePercentage(uint256 newFlashLoanFeePercentage) external;
functiongetSwapFeePercentage() externalviewreturns (uint256);
functiongetFlashLoanFeePercentage() externalviewreturns (uint256);
functiongetCollectedFeeAmounts(IERC20[] memory tokens) externalviewreturns (uint256[] memory feeAmounts);
functiongetAuthorizer() externalviewreturns (IAuthorizer);
functionvault() externalviewreturns (IVault);
}
Contract Source Code
File 31 of 52: IRateProvider.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;interfaceIRateProvider{
/**
* @dev Returns an 18 decimal fixed point number that is the exchange rate of the token to some other underlying
* token. The meaning of this rate depends on the context.
*/functiongetRate() externalviewreturns (uint256);
}
Contract Source Code
File 32 of 52: IRecoveryMode.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;/**
* @dev Interface for the RecoveryMode module.
*/interfaceIRecoveryMode{
/**
* @dev Emitted when the Recovery Mode status changes.
*/eventRecoveryModeStateChanged(bool enabled);
/**
* @notice Enables Recovery Mode in the Pool, disabling protocol fee collection and allowing for safe proportional
* exits with low computational complexity and no dependencies.
*/functionenableRecoveryMode() external;
/**
* @notice Disables Recovery Mode in the Pool, restoring protocol fee collection and disallowing proportional exits.
*/functiondisableRecoveryMode() external;
/**
* @notice Returns true if the Pool is in Recovery Mode.
*/functioninRecoveryMode() externalviewreturns (bool);
}
Contract Source Code
File 33 of 52: ISignaturesValidator.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;/**
* @dev Interface for the SignatureValidator helper, used to support meta-transactions.
*/interfaceISignaturesValidator{
/**
* @dev Returns the EIP712 domain separator.
*/functiongetDomainSeparator() externalviewreturns (bytes32);
/**
* @dev Returns the next nonce used by an address to sign messages.
*/functiongetNextNonce(address user) externalviewreturns (uint256);
}
Contract Source Code
File 34 of 52: ITemporarilyPausable.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;/**
* @dev Interface for the TemporarilyPausable helper.
*/interfaceITemporarilyPausable{
/**
* @dev Emitted every time the pause state changes by `_setPaused`.
*/eventPausedStateChanged(bool paused);
/**
* @dev Returns the current paused state.
*/functiongetPausedState()
externalviewreturns (bool paused,
uint256 pauseWindowEndTime,
uint256 bufferPeriodEndTime
);
}
Contract Source Code
File 35 of 52: IVault.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmaexperimentalABIEncoderV2;import"../solidity-utils/openzeppelin/IERC20.sol";
import"../solidity-utils/helpers/IAuthentication.sol";
import"../solidity-utils/helpers/ISignaturesValidator.sol";
import"../solidity-utils/helpers/ITemporarilyPausable.sol";
import"../solidity-utils/misc/IWETH.sol";
import"./IAsset.sol";
import"./IAuthorizer.sol";
import"./IFlashLoanRecipient.sol";
import"./IProtocolFeesCollector.sol";
pragmasolidity ^0.7.0;/**
* @dev Full external interface for the Vault core contract - no external or public methods exist in the contract that
* don't override one of these declarations.
*/interfaceIVaultisISignaturesValidator, ITemporarilyPausable, IAuthentication{
// Generalities about the Vault://// - Whenever documentation refers to 'tokens', it strictly refers to ERC20-compliant token contracts. Tokens are// transferred out of the Vault by calling the `IERC20.transfer` function, and transferred in by calling// `IERC20.transferFrom`. In these cases, the sender must have previously allowed the Vault to use their tokens by// calling `IERC20.approve`. The only deviation from the ERC20 standard that is supported is functions not returning// a boolean value: in these scenarios, a non-reverting call is assumed to be successful.//// - All non-view functions in the Vault are non-reentrant: calling them while another one is mid-execution (e.g.// while execution control is transferred to a token contract during a swap) will result in a revert. View// functions can be called in a re-reentrant way, but doing so might cause them to return inconsistent results.// Contracts calling view functions in the Vault must make sure the Vault has not already been entered.//// - View functions revert if referring to either unregistered Pools, or unregistered tokens for registered Pools.// Authorizer//// Some system actions are permissioned, like setting and collecting protocol fees. This permissioning system exists// outside of the Vault in the Authorizer contract: the Vault simply calls the Authorizer to check if the caller// can perform a given action./**
* @dev Returns the Vault's Authorizer.
*/functiongetAuthorizer() externalviewreturns (IAuthorizer);
/**
* @dev Sets a new Authorizer for the Vault. The caller must be allowed by the current Authorizer to do this.
*
* Emits an `AuthorizerChanged` event.
*/functionsetAuthorizer(IAuthorizer newAuthorizer) external;
/**
* @dev Emitted when a new authorizer is set by `setAuthorizer`.
*/eventAuthorizerChanged(IAuthorizer indexed newAuthorizer);
// Relayers//// Additionally, it is possible for an account to perform certain actions on behalf of another one, using their// Vault ERC20 allowance and Internal Balance. These accounts are said to be 'relayers' for these Vault functions,// and are expected to be smart contracts with sound authentication mechanisms. For an account to be able to wield// this power, two things must occur:// - The Authorizer must grant the account the permission to be a relayer for the relevant Vault function. This// means that Balancer governance must approve each individual contract to act as a relayer for the intended// functions.// - Each user must approve the relayer to act on their behalf.// This double protection means users cannot be tricked into approving malicious relayers (because they will not// have been allowed by the Authorizer via governance), nor can malicious relayers approved by a compromised// Authorizer or governance drain user funds, since they would also need to be approved by each individual user./**
* @dev Returns true if `user` has approved `relayer` to act as a relayer for them.
*/functionhasApprovedRelayer(address user, address relayer) externalviewreturns (bool);
/**
* @dev Allows `relayer` to act as a relayer for `sender` if `approved` is true, and disallows it otherwise.
*
* Emits a `RelayerApprovalChanged` event.
*/functionsetRelayerApproval(address sender,
address relayer,
bool approved
) external;
/**
* @dev Emitted every time a relayer is approved or disapproved by `setRelayerApproval`.
*/eventRelayerApprovalChanged(addressindexed relayer, addressindexed sender, bool approved);
// Internal Balance//// Users can deposit tokens into the Vault, where they are allocated to their Internal Balance, and later// transferred or withdrawn. It can also be used as a source of tokens when joining Pools, as a destination// when exiting them, and as either when performing swaps. This usage of Internal Balance results in greatly reduced// gas costs when compared to relying on plain ERC20 transfers, leading to large savings for frequent users.//// Internal Balance management features batching, which means a single contract call can be used to perform multiple// operations of different kinds, with different senders and recipients, at once./**
* @dev Returns `user`'s Internal Balance for a set of tokens.
*/functiongetInternalBalance(address user, IERC20[] memory tokens) externalviewreturns (uint256[] memory);
/**
* @dev Performs a set of user balance operations, which involve Internal Balance (deposit, withdraw or transfer)
* and plain ERC20 transfers using the Vault's allowance. This last feature is particularly useful for relayers, as
* it lets integrators reuse a user's Vault allowance.
*
* For each operation, if the caller is not `sender`, it must be an authorized relayer for them.
*/functionmanageUserBalance(UserBalanceOp[] memory ops) externalpayable;
/**
* @dev Data for `manageUserBalance` operations, which include the possibility for ETH to be sent and received
without manual WETH wrapping or unwrapping.
*/structUserBalanceOp {
UserBalanceOpKind kind;
IAsset asset;
uint256 amount;
address sender;
addresspayable recipient;
}
// There are four possible operations in `manageUserBalance`://// - DEPOSIT_INTERNAL// Increases the Internal Balance of the `recipient` account by transferring tokens from the corresponding// `sender`. The sender must have allowed the Vault to use their tokens via `IERC20.approve()`.//// ETH can be used by passing the ETH sentinel value as the asset and forwarding ETH in the call: it will be wrapped// and deposited as WETH. Any ETH amount remaining will be sent back to the caller (not the sender, which is// relevant for relayers).//// Emits an `InternalBalanceChanged` event.////// - WITHDRAW_INTERNAL// Decreases the Internal Balance of the `sender` account by transferring tokens to the `recipient`.//// ETH can be used by passing the ETH sentinel value as the asset. This will deduct WETH instead, unwrap it and send// it to the recipient as ETH.//// Emits an `InternalBalanceChanged` event.////// - TRANSFER_INTERNAL// Transfers tokens from the Internal Balance of the `sender` account to the Internal Balance of `recipient`.//// Reverts if the ETH sentinel value is passed.//// Emits an `InternalBalanceChanged` event.////// - TRANSFER_EXTERNAL// Transfers tokens from `sender` to `recipient`, using the Vault's ERC20 allowance. This is typically used by// relayers, as it lets them reuse a user's Vault allowance.//// Reverts if the ETH sentinel value is passed.//// Emits an `ExternalBalanceTransfer` event.enumUserBalanceOpKind { DEPOSIT_INTERNAL, WITHDRAW_INTERNAL, TRANSFER_INTERNAL, TRANSFER_EXTERNAL }
/**
* @dev Emitted when a user's Internal Balance changes, either from calls to `manageUserBalance`, or through
* interacting with Pools using Internal Balance.
*
* Because Internal Balance works exclusively with ERC20 tokens, ETH deposits and withdrawals will use the WETH
* address.
*/eventInternalBalanceChanged(addressindexed user, IERC20 indexed token, int256 delta);
/**
* @dev Emitted when a user's Vault ERC20 allowance is used by the Vault to transfer tokens to an external account.
*/eventExternalBalanceTransfer(IERC20 indexed token, addressindexed sender, address recipient, uint256 amount);
// Pools//// There are three specialization settings for Pools, which allow for cheaper swaps at the cost of reduced// functionality://// - General: no specialization, suited for all Pools. IGeneralPool is used for swap request callbacks, passing the// balance of all tokens in the Pool. These Pools have the largest swap costs (because of the extra storage reads),// which increase with the number of registered tokens.//// - Minimal Swap Info: IMinimalSwapInfoPool is used instead of IGeneralPool, which saves gas by only passing the// balance of the two tokens involved in the swap. This is suitable for some pricing algorithms, like the weighted// constant product one popularized by Balancer V1. Swap costs are smaller compared to general Pools, and are// independent of the number of registered tokens.//// - Two Token: only allows two tokens to be registered. This achieves the lowest possible swap gas cost. Like// minimal swap info Pools, these are called via IMinimalSwapInfoPool.enumPoolSpecialization { GENERAL, MINIMAL_SWAP_INFO, TWO_TOKEN }
/**
* @dev Registers the caller account as a Pool with a given specialization setting. Returns the Pool's ID, which
* is used in all Pool-related functions. Pools cannot be deregistered, nor can the Pool's specialization be
* changed.
*
* The caller is expected to be a smart contract that implements either `IGeneralPool` or `IMinimalSwapInfoPool`,
* depending on the chosen specialization setting. This contract is known as the Pool's contract.
*
* Note that the same contract may register itself as multiple Pools with unique Pool IDs, or in other words,
* multiple Pools may share the same contract.
*
* Emits a `PoolRegistered` event.
*/functionregisterPool(PoolSpecialization specialization) externalreturns (bytes32);
/**
* @dev Emitted when a Pool is registered by calling `registerPool`.
*/eventPoolRegistered(bytes32indexed poolId, addressindexed poolAddress, PoolSpecialization specialization);
/**
* @dev Returns a Pool's contract address and specialization setting.
*/functiongetPool(bytes32 poolId) externalviewreturns (address, PoolSpecialization);
/**
* @dev Registers `tokens` for the `poolId` Pool. Must be called by the Pool's contract.
*
* Pools can only interact with tokens they have registered. Users join a Pool by transferring registered tokens,
* exit by receiving registered tokens, and can only swap registered tokens.
*
* Each token can only be registered once. For Pools with the Two Token specialization, `tokens` must have a length
* of two, that is, both tokens must be registered in the same `registerTokens` call, and they must be sorted in
* ascending order.
*
* The `tokens` and `assetManagers` arrays must have the same length, and each entry in these indicates the Asset
* Manager for the corresponding token. Asset Managers can manage a Pool's tokens via `managePoolBalance`,
* depositing and withdrawing them directly, and can even set their balance to arbitrary amounts. They are therefore
* expected to be highly secured smart contracts with sound design principles, and the decision to register an
* Asset Manager should not be made lightly.
*
* Pools can choose not to assign an Asset Manager to a given token by passing in the zero address. Once an Asset
* Manager is set, it cannot be changed except by deregistering the associated token and registering again with a
* different Asset Manager.
*
* Emits a `TokensRegistered` event.
*/functionregisterTokens(bytes32 poolId,
IERC20[] memory tokens,
address[] memory assetManagers
) external;
/**
* @dev Emitted when a Pool registers tokens by calling `registerTokens`.
*/eventTokensRegistered(bytes32indexed poolId, IERC20[] tokens, address[] assetManagers);
/**
* @dev Deregisters `tokens` for the `poolId` Pool. Must be called by the Pool's contract.
*
* Only registered tokens (via `registerTokens`) can be deregistered. Additionally, they must have zero total
* balance. For Pools with the Two Token specialization, `tokens` must have a length of two, that is, both tokens
* must be deregistered in the same `deregisterTokens` call.
*
* A deregistered token can be re-registered later on, possibly with a different Asset Manager.
*
* Emits a `TokensDeregistered` event.
*/functionderegisterTokens(bytes32 poolId, IERC20[] memory tokens) external;
/**
* @dev Emitted when a Pool deregisters tokens by calling `deregisterTokens`.
*/eventTokensDeregistered(bytes32indexed poolId, IERC20[] tokens);
/**
* @dev Returns detailed information for a Pool's registered token.
*
* `cash` is the number of tokens the Vault currently holds for the Pool. `managed` is the number of tokens
* withdrawn and held outside the Vault by the Pool's token Asset Manager. The Pool's total balance for `token`
* equals the sum of `cash` and `managed`.
*
* Internally, `cash` and `managed` are stored using 112 bits. No action can ever cause a Pool's token `cash`,
* `managed` or `total` balance to be greater than 2^112 - 1.
*
* `lastChangeBlock` is the number of the block in which `token`'s total balance was last modified (via either a
* join, exit, swap, or Asset Manager update). This value is useful to avoid so-called 'sandwich attacks', for
* example when developing price oracles. A change of zero (e.g. caused by a swap with amount zero) is considered a
* change for this purpose, and will update `lastChangeBlock`.
*
* `assetManager` is the Pool's token Asset Manager.
*/functiongetPoolTokenInfo(bytes32 poolId, IERC20 token)
externalviewreturns (uint256 cash,
uint256 managed,
uint256 lastChangeBlock,
address assetManager
);
/**
* @dev Returns a Pool's registered tokens, the total balance for each, and the latest block when *any* of
* the tokens' `balances` changed.
*
* The order of the `tokens` array is the same order that will be used in `joinPool`, `exitPool`, as well as in all
* Pool hooks (where applicable). Calls to `registerTokens` and `deregisterTokens` may change this order.
*
* If a Pool only registers tokens once, and these are sorted in ascending order, they will be stored in the same
* order as passed to `registerTokens`.
*
* Total balances include both tokens held by the Vault and those withdrawn by the Pool's Asset Managers. These are
* the amounts used by joins, exits and swaps. For a detailed breakdown of token balances, use `getPoolTokenInfo`
* instead.
*/functiongetPoolTokens(bytes32 poolId)
externalviewreturns (
IERC20[] memory tokens,
uint256[] memory balances,
uint256 lastChangeBlock
);
/**
* @dev Called by users to join a Pool, which transfers tokens from `sender` into the Pool's balance. This will
* trigger custom Pool behavior, which will typically grant something in return to `recipient` - often tokenized
* Pool shares.
*
* If the caller is not `sender`, it must be an authorized relayer for them.
*
* The `assets` and `maxAmountsIn` arrays must have the same length, and each entry indicates the maximum amount
* to send for each asset. The amounts to send are decided by the Pool and not the Vault: it just enforces
* these maximums.
*
* If joining a Pool that holds WETH, it is possible to send ETH directly: the Vault will do the wrapping. To enable
* this mechanism, the IAsset sentinel value (the zero address) must be passed in the `assets` array instead of the
* WETH address. Note that it is not possible to combine ETH and WETH in the same join. Any excess ETH will be sent
* back to the caller (not the sender, which is important for relayers).
*
* `assets` must have the same length and order as the array returned by `getPoolTokens`. This prevents issues when
* interacting with Pools that register and deregister tokens frequently. If sending ETH however, the array must be
* sorted *before* replacing the WETH address with the ETH sentinel value (the zero address), which means the final
* `assets` array might not be sorted. Pools with no registered tokens cannot be joined.
*
* If `fromInternalBalance` is true, the caller's Internal Balance will be preferred: ERC20 transfers will only
* be made for the difference between the requested amount and Internal Balance (if any). Note that ETH cannot be
* withdrawn from Internal Balance: attempting to do so will trigger a revert.
*
* This causes the Vault to call the `IBasePool.onJoinPool` hook on the Pool's contract, where Pools implement
* their own custom logic. This typically requires additional information from the user (such as the expected number
* of Pool shares). This can be encoded in the `userData` argument, which is ignored by the Vault and passed
* directly to the Pool's contract, as is `recipient`.
*
* Emits a `PoolBalanceChanged` event.
*/functionjoinPool(bytes32 poolId,
address sender,
address recipient,
JoinPoolRequest memory request
) externalpayable;
structJoinPoolRequest {
IAsset[] assets;
uint256[] maxAmountsIn;
bytes userData;
bool fromInternalBalance;
}
/**
* @dev Called by users to exit a Pool, which transfers tokens from the Pool's balance to `recipient`. This will
* trigger custom Pool behavior, which will typically ask for something in return from `sender` - often tokenized
* Pool shares. The amount of tokens that can be withdrawn is limited by the Pool's `cash` balance (see
* `getPoolTokenInfo`).
*
* If the caller is not `sender`, it must be an authorized relayer for them.
*
* The `tokens` and `minAmountsOut` arrays must have the same length, and each entry in these indicates the minimum
* token amount to receive for each token contract. The amounts to send are decided by the Pool and not the Vault:
* it just enforces these minimums.
*
* If exiting a Pool that holds WETH, it is possible to receive ETH directly: the Vault will do the unwrapping. To
* enable this mechanism, the IAsset sentinel value (the zero address) must be passed in the `assets` array instead
* of the WETH address. Note that it is not possible to combine ETH and WETH in the same exit.
*
* `assets` must have the same length and order as the array returned by `getPoolTokens`. This prevents issues when
* interacting with Pools that register and deregister tokens frequently. If receiving ETH however, the array must
* be sorted *before* replacing the WETH address with the ETH sentinel value (the zero address), which means the
* final `assets` array might not be sorted. Pools with no registered tokens cannot be exited.
*
* If `toInternalBalance` is true, the tokens will be deposited to `recipient`'s Internal Balance. Otherwise,
* an ERC20 transfer will be performed. Note that ETH cannot be deposited to Internal Balance: attempting to
* do so will trigger a revert.
*
* `minAmountsOut` is the minimum amount of tokens the user expects to get out of the Pool, for each token in the
* `tokens` array. This array must match the Pool's registered tokens.
*
* This causes the Vault to call the `IBasePool.onExitPool` hook on the Pool's contract, where Pools implement
* their own custom logic. This typically requires additional information from the user (such as the expected number
* of Pool shares to return). This can be encoded in the `userData` argument, which is ignored by the Vault and
* passed directly to the Pool's contract.
*
* Emits a `PoolBalanceChanged` event.
*/functionexitPool(bytes32 poolId,
address sender,
addresspayable recipient,
ExitPoolRequest memory request
) external;
structExitPoolRequest {
IAsset[] assets;
uint256[] minAmountsOut;
bytes userData;
bool toInternalBalance;
}
/**
* @dev Emitted when a user joins or exits a Pool by calling `joinPool` or `exitPool`, respectively.
*/eventPoolBalanceChanged(bytes32indexed poolId,
addressindexed liquidityProvider,
IERC20[] tokens,
int256[] deltas,
uint256[] protocolFeeAmounts
);
enumPoolBalanceChangeKind { JOIN, EXIT }
// Swaps//// Users can swap tokens with Pools by calling the `swap` and `batchSwap` functions. To do this,// they need not trust Pool contracts in any way: all security checks are made by the Vault. They must however be// aware of the Pools' pricing algorithms in order to estimate the prices Pools will quote.//// The `swap` function executes a single swap, while `batchSwap` can perform multiple swaps in sequence.// In each individual swap, tokens of one kind are sent from the sender to the Pool (this is the 'token in'),// and tokens of another kind are sent from the Pool to the recipient in exchange (this is the 'token out').// More complex swaps, such as one token in to multiple tokens out can be achieved by batching together// individual swaps.//// There are two swap kinds:// - 'given in' swaps, where the amount of tokens in (sent to the Pool) is known, and the Pool determines (via the// `onSwap` hook) the amount of tokens out (to send to the recipient).// - 'given out' swaps, where the amount of tokens out (received from the Pool) is known, and the Pool determines// (via the `onSwap` hook) the amount of tokens in (to receive from the sender).//// Additionally, it is possible to chain swaps using a placeholder input amount, which the Vault replaces with// the calculated output of the previous swap. If the previous swap was 'given in', this will be the calculated// tokenOut amount. If the previous swap was 'given out', it will use the calculated tokenIn amount. These extended// swaps are known as 'multihop' swaps, since they 'hop' through a number of intermediate tokens before arriving at// the final intended token.//// In all cases, tokens are only transferred in and out of the Vault (or withdrawn from and deposited into Internal// Balance) after all individual swaps have been completed, and the net token balance change computed. This makes// certain swap patterns, such as multihops, or swaps that interact with the same token pair in multiple Pools, cost// much less gas than they would otherwise.//// It also means that under certain conditions it is possible to perform arbitrage by swapping with multiple// Pools in a way that results in net token movement out of the Vault (profit), with no tokens being sent in (only// updating the Pool's internal accounting).//// To protect users from front-running or the market changing rapidly, they supply a list of 'limits' for each token// involved in the swap, where either the maximum number of tokens to send (by passing a positive value) or the// minimum amount of tokens to receive (by passing a negative value) is specified.//// Additionally, a 'deadline' timestamp can also be provided, forcing the swap to fail if it occurs after// this point in time (e.g. if the transaction failed to be included in a block promptly).//// If interacting with Pools that hold WETH, it is possible to both send and receive ETH directly: the Vault will do// the wrapping and unwrapping. To enable this mechanism, the IAsset sentinel value (the zero address) must be// passed in the `assets` array instead of the WETH address. Note that it is possible to combine ETH and WETH in the// same swap. Any excess ETH will be sent back to the caller (not the sender, which is relevant for relayers).//// Finally, Internal Balance can be used when either sending or receiving tokens.enumSwapKind { GIVEN_IN, GIVEN_OUT }
/**
* @dev Performs a swap with a single Pool.
*
* If the swap is 'given in' (the number of tokens to send to the Pool is known), it returns the amount of tokens
* taken from the Pool, which must be greater than or equal to `limit`.
*
* If the swap is 'given out' (the number of tokens to take from the Pool is known), it returns the amount of tokens
* sent to the Pool, which must be less than or equal to `limit`.
*
* Internal Balance usage and the recipient are determined by the `funds` struct.
*
* Emits a `Swap` event.
*/functionswap(
SingleSwap memory singleSwap,
FundManagement memory funds,
uint256 limit,
uint256 deadline
) externalpayablereturns (uint256);
/**
* @dev Data for a single swap executed by `swap`. `amount` is either `amountIn` or `amountOut` depending on
* the `kind` value.
*
* `assetIn` and `assetOut` are either token addresses, or the IAsset sentinel value for ETH (the zero address).
* Note that Pools never interact with ETH directly: it will be wrapped to or unwrapped from WETH by the Vault.
*
* The `userData` field is ignored by the Vault, but forwarded to the Pool in the `onSwap` hook, and may be
* used to extend swap behavior.
*/structSingleSwap {
bytes32 poolId;
SwapKind kind;
IAsset assetIn;
IAsset assetOut;
uint256 amount;
bytes userData;
}
/**
* @dev Performs a series of swaps with one or multiple Pools. In each individual swap, the caller determines either
* the amount of tokens sent to or received from the Pool, depending on the `kind` value.
*
* Returns an array with the net Vault asset balance deltas. Positive amounts represent tokens (or ETH) sent to the
* Vault, and negative amounts represent tokens (or ETH) sent by the Vault. Each delta corresponds to the asset at
* the same index in the `assets` array.
*
* Swaps are executed sequentially, in the order specified by the `swaps` array. Each array element describes a
* Pool, the token to be sent to this Pool, the token to receive from it, and an amount that is either `amountIn` or
* `amountOut` depending on the swap kind.
*
* Multihop swaps can be executed by passing an `amount` value of zero for a swap. This will cause the amount in/out
* of the previous swap to be used as the amount in for the current one. In a 'given in' swap, 'tokenIn' must equal
* the previous swap's `tokenOut`. For a 'given out' swap, `tokenOut` must equal the previous swap's `tokenIn`.
*
* The `assets` array contains the addresses of all assets involved in the swaps. These are either token addresses,
* or the IAsset sentinel value for ETH (the zero address). Each entry in the `swaps` array specifies tokens in and
* out by referencing an index in `assets`. Note that Pools never interact with ETH directly: it will be wrapped to
* or unwrapped from WETH by the Vault.
*
* Internal Balance usage, sender, and recipient are determined by the `funds` struct. The `limits` array specifies
* the minimum or maximum amount of each token the vault is allowed to transfer.
*
* `batchSwap` can be used to make a single swap, like `swap` does, but doing so requires more gas than the
* equivalent `swap` call.
*
* Emits `Swap` events.
*/functionbatchSwap(
SwapKind kind,
BatchSwapStep[] memory swaps,
IAsset[] memory assets,
FundManagement memory funds,
int256[] memory limits,
uint256 deadline
) externalpayablereturns (int256[] memory);
/**
* @dev Data for each individual swap executed by `batchSwap`. The asset in and out fields are indexes into the
* `assets` array passed to that function, and ETH assets are converted to WETH.
*
* If `amount` is zero, the multihop mechanism is used to determine the actual amount based on the amount in/out
* from the previous swap, depending on the swap kind.
*
* The `userData` field is ignored by the Vault, but forwarded to the Pool in the `onSwap` hook, and may be
* used to extend swap behavior.
*/structBatchSwapStep {
bytes32 poolId;
uint256 assetInIndex;
uint256 assetOutIndex;
uint256 amount;
bytes userData;
}
/**
* @dev Emitted for each individual swap performed by `swap` or `batchSwap`.
*/eventSwap(bytes32indexed poolId,
IERC20 indexed tokenIn,
IERC20 indexed tokenOut,
uint256 amountIn,
uint256 amountOut
);
/**
* @dev All tokens in a swap are either sent from the `sender` account to the Vault, or from the Vault to the
* `recipient` account.
*
* If the caller is not `sender`, it must be an authorized relayer for them.
*
* If `fromInternalBalance` is true, the `sender`'s Internal Balance will be preferred, performing an ERC20
* transfer for the difference between the requested amount and the User's Internal Balance (if any). The `sender`
* must have allowed the Vault to use their tokens via `IERC20.approve()`. This matches the behavior of
* `joinPool`.
*
* If `toInternalBalance` is true, tokens will be deposited to `recipient`'s internal balance instead of
* transferred. This matches the behavior of `exitPool`.
*
* Note that ETH cannot be deposited to or withdrawn from Internal Balance: attempting to do so will trigger a
* revert.
*/structFundManagement {
address sender;
bool fromInternalBalance;
addresspayable recipient;
bool toInternalBalance;
}
/**
* @dev Simulates a call to `batchSwap`, returning an array of Vault asset deltas. Calls to `swap` cannot be
* simulated directly, but an equivalent `batchSwap` call can and will yield the exact same result.
*
* Each element in the array corresponds to the asset at the same index, and indicates the number of tokens (or ETH)
* the Vault would take from the sender (if positive) or send to the recipient (if negative). The arguments it
* receives are the same that an equivalent `batchSwap` call would receive.
*
* Unlike `batchSwap`, this function performs no checks on the sender or recipient field in the `funds` struct.
* This makes it suitable to be called by off-chain applications via eth_call without needing to hold tokens,
* approve them for the Vault, or even know a user's address.
*
* Note that this function is not 'view' (due to implementation details): the client code must explicitly execute
* eth_call instead of eth_sendTransaction.
*/functionqueryBatchSwap(
SwapKind kind,
BatchSwapStep[] memory swaps,
IAsset[] memory assets,
FundManagement memory funds
) externalreturns (int256[] memory assetDeltas);
// Flash Loans/**
* @dev Performs a 'flash loan', sending tokens to `recipient`, executing the `receiveFlashLoan` hook on it,
* and then reverting unless the tokens plus a proportional protocol fee have been returned.
*
* The `tokens` and `amounts` arrays must have the same length, and each entry in these indicates the loan amount
* for each token contract. `tokens` must be sorted in ascending order.
*
* The 'userData' field is ignored by the Vault, and forwarded as-is to `recipient` as part of the
* `receiveFlashLoan` call.
*
* Emits `FlashLoan` events.
*/functionflashLoan(
IFlashLoanRecipient recipient,
IERC20[] memory tokens,
uint256[] memory amounts,
bytesmemory userData
) external;
/**
* @dev Emitted for each individual flash loan performed by `flashLoan`.
*/eventFlashLoan(IFlashLoanRecipient indexed recipient, IERC20 indexed token, uint256 amount, uint256 feeAmount);
// Asset Management//// Each token registered for a Pool can be assigned an Asset Manager, which is able to freely withdraw the Pool's// tokens from the Vault, deposit them, or assign arbitrary values to its `managed` balance (see// `getPoolTokenInfo`). This makes them extremely powerful and dangerous. Even if an Asset Manager only directly// controls one of the tokens in a Pool, a malicious manager could set that token's balance to manipulate the// prices of the other tokens, and then drain the Pool with swaps. The risk of using Asset Managers is therefore// not constrained to the tokens they are managing, but extends to the entire Pool's holdings.//// However, a properly designed Asset Manager smart contract can be safely used for the Pool's benefit,// for example by lending unused tokens out for interest, or using them to participate in voting protocols.//// This concept is unrelated to the IAsset interface./**
* @dev Performs a set of Pool balance operations, which may be either withdrawals, deposits or updates.
*
* Pool Balance management features batching, which means a single contract call can be used to perform multiple
* operations of different kinds, with different Pools and tokens, at once.
*
* For each operation, the caller must be registered as the Asset Manager for `token` in `poolId`.
*/functionmanagePoolBalance(PoolBalanceOp[] memory ops) external;
structPoolBalanceOp {
PoolBalanceOpKind kind;
bytes32 poolId;
IERC20 token;
uint256 amount;
}
/**
* Withdrawals decrease the Pool's cash, but increase its managed balance, leaving the total balance unchanged.
*
* Deposits increase the Pool's cash, but decrease its managed balance, leaving the total balance unchanged.
*
* Updates don't affect the Pool's cash balance, but because the managed balance changes, it does alter the total.
* The external amount can be either increased or decreased by this call (i.e., reporting a gain or a loss).
*/enumPoolBalanceOpKind { WITHDRAW, DEPOSIT, UPDATE }
/**
* @dev Emitted when a Pool's token Asset Manager alters its balance via `managePoolBalance`.
*/eventPoolBalanceManaged(bytes32indexed poolId,
addressindexed assetManager,
IERC20 indexed token,
int256 cashDelta,
int256 managedDelta
);
// Protocol Fees//// Some operations cause the Vault to collect tokens in the form of protocol fees, which can then be withdrawn by// permissioned accounts.//// There are two kinds of protocol fees://// - flash loan fees: charged on all flash loans, as a percentage of the amounts lent.//// - swap fees: a percentage of the fees charged by Pools when performing swaps. For a number of reasons, including// swap gas costs and interface simplicity, protocol swap fees are not charged on each individual swap. Rather,// Pools are expected to keep track of how much they have charged in swap fees, and pay any outstanding debts to the// Vault when they are joined or exited. This prevents users from joining a Pool with unpaid debt, as well as// exiting a Pool in debt without first paying their share./**
* @dev Returns the current protocol fee module.
*/functiongetProtocolFeesCollector() externalviewreturns (IProtocolFeesCollector);
/**
* @dev Safety mechanism to pause most Vault operations in the event of an emergency - typically detection of an
* error in some part of the system.
*
* The Vault can only be paused during an initial time period, after which pausing is forever disabled.
*
* While the contract is paused, the following features are disabled:
* - depositing and transferring internal balance
* - transferring external balance (using the Vault's allowance)
* - swaps
* - joining Pools
* - Asset Manager interactions
*
* Internal Balance can still be withdrawn, and Pools exited.
*/functionsetPaused(bool paused) external;
/**
* @dev Returns the Vault's WETH instance.
*/functionWETH() externalviewreturns (IWETH);
// solhint-disable-previous-line func-name-mixedcase
}
Contract Source Code
File 36 of 52: IVersion.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity >=0.7.0 <0.9.0;/**
* @notice Simple interface to retrieve the version of a deployed contract.
*/interfaceIVersion{
/**
* @dev Returns a JSON representation of the contract version containing name, version number and task ID.
*/functionversion() externalviewreturns (stringmemory);
}
Contract Source Code
File 37 of 52: IWETH.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;import"../openzeppelin/IERC20.sol";
/**
* @dev Interface for WETH9.
* See https://github.com/gnosis/canonical-weth/blob/0dd1ea3e295eef916d0c6223ec63141137d22d67/contracts/WETH9.sol
*/interfaceIWETHisIERC20{
functiondeposit() externalpayable;
functionwithdraw(uint256 amount) external;
}
Contract Source Code
File 38 of 52: InputHelpers.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;import"@balancer-labs/v2-interfaces/contracts/solidity-utils/openzeppelin/IERC20.sol";
import"@balancer-labs/v2-interfaces/contracts/solidity-utils/helpers/BalancerErrors.sol";
libraryInputHelpers{
functionensureInputLengthMatch(uint256 a, uint256 b) internalpure{
_require(a == b, Errors.INPUT_LENGTH_MISMATCH);
}
functionensureInputLengthMatch(uint256 a,
uint256 b,
uint256 c
) internalpure{
_require(a == b && b == c, Errors.INPUT_LENGTH_MISMATCH);
}
functionensureArrayIsSorted(IERC20[] memory array) internalpure{
address[] memory addressArray;
// solhint-disable-next-line no-inline-assemblyassembly {
addressArray := array
}
ensureArrayIsSorted(addressArray);
}
functionensureArrayIsSorted(address[] memory array) internalpure{
if (array.length<2) {
return;
}
address previous = array[0];
for (uint256 i =1; i < array.length; ++i) {
address current = array[i];
_require(previous < current, Errors.UNSORTED_ARRAY);
previous = current;
}
}
}
Contract Source Code
File 39 of 52: InvariantGrowthProtocolSwapFees.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;import"@balancer-labs/v2-solidity-utils/contracts/math/FixedPoint.sol";
import"@balancer-labs/v2-solidity-utils/contracts/math/Math.sol";
import"./ProtocolFees.sol";
libraryInvariantGrowthProtocolSwapFees{
usingFixedPointforuint256;
functiongetProtocolOwnershipPercentage(uint256 invariantGrowthRatio,
uint256 supplyGrowthRatio,
uint256 protocolSwapFeePercentage
) internalpurereturns (uint256) {
// Joins and exits are symmetrical; for simplicity, we consider a join, where the invariant and supply// both increase.// |-------------------------|-- original invariant * invariantGrowthRatio// | increase from fees |// |-------------------------|-- original invariant * supply growth ratio (fee-less invariant)// | |// | increase from balances |// |-------------------------|-- original invariant// | |// | | |------------------|-- currentSupply// | | | BPT minted |// | | |------------------|-- previousSupply// | original invariant | | original supply |// |_________________________| |__________________|//// If the join is proportional, the invariant and supply will likewise increase proportionally,// so the growth ratios (invariantGrowthRatio / supplyGrowthRatio) will be equal. In this case, we do not charge// any protocol fees.// We also charge no protocol fees in the case where `invariantGrowthRatio < supplyGrowthRatio` to avoid// potential underflows, however this should only occur in extremely low volume actions due solely to rounding// error.if ((supplyGrowthRatio >= invariantGrowthRatio) || (protocolSwapFeePercentage ==0)) return0;
// If the join is non-proportional, the supply increase will be proportionally less than the invariant increase,// since the BPT minted will be based on fewer tokens (because swap fees are not included). So the supply growth// is due entirely to the balance changes, while the invariant growth also includes swap fees.//// To isolate the amount of increase by fees then, we multiply the original invariant by the supply growth// ratio to get the "feeless invariant". The difference between the final invariant and this value is then// the amount of the invariant due to fees, which we convert to a percentage by normalizing against the// final invariant. This is expressed as the expression below://// invariantGrowthFromFees = currentInvariant - supplyGrowthRatio * previousInvariant//// We then divide through by current invariant so the LHS can be identified as the fraction of the pool which// is made up of accumulated swap fees.//// swapFeesPercentage = 1 - supplyGrowthRatio * previousInvariant / currentInvariant//// We then define `invariantGrowthRatio` in a similar fashion to `supplyGrowthRatio` to give the result://// swapFeesPercentage = 1 - supplyGrowthRatio / invariantGrowthRatio//// Using this form allows us to consider only the ratios of the two invariants, rather than their absolute// values: a useful property, as this is sometimes easier than calculating the full invariant twice.// We've already checked that `supplyGrowthRatio` is smaller than `invariantGrowthRatio`, and hence their ratio// smaller than FixedPoint.ONE, allowing for unchecked arithmetic.uint256 swapFeesPercentage = FixedPoint.ONE - supplyGrowthRatio.divDown(invariantGrowthRatio);
// We then multiply by the protocol swap fee percentage to get the fraction of the pool which the protocol// should own once fees have been collected.return swapFeesPercentage.mulDown(protocolSwapFeePercentage);
}
functioncalcDueProtocolFees(uint256 invariantGrowthRatio,
uint256 previousSupply,
uint256 currentSupply,
uint256 protocolSwapFeePercentage
) internalpurereturns (uint256) {
uint256 protocolOwnershipPercentage = getProtocolOwnershipPercentage(
invariantGrowthRatio,
currentSupply.divDown(previousSupply),
protocolSwapFeePercentage
);
return ProtocolFees.bptForPoolOwnershipPercentage(currentSupply, protocolOwnershipPercentage);
}
}
Contract Source Code
File 40 of 52: LogExpMath.sol
// SPDX-License-Identifier: MIT// Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated// documentation files (the “Software”), to deal in the Software without restriction, including without limitation the// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to// permit persons to whom the Software is furnished to do so, subject to the following conditions:// The above copyright notice and this permission notice shall be included in all copies or substantial portions of the// Software.// THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE// WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.pragmasolidity ^0.7.0;import"@balancer-labs/v2-interfaces/contracts/solidity-utils/helpers/BalancerErrors.sol";
/* solhint-disable *//**
* @dev Exponentiation and logarithm functions for 18 decimal fixed point numbers (both base and exponent/argument).
*
* Exponentiation and logarithm with arbitrary bases (x^y and log_x(y)) are implemented by conversion to natural
* exponentiation and logarithm (where the base is Euler's number).
*
* @author Fernando Martinelli - @fernandomartinelli
* @author Sergio Yuhjtman - @sergioyuhjtman
* @author Daniel Fernandez - @dmf7z
*/libraryLogExpMath{
// All fixed point multiplications and divisions are inlined. This means we need to divide by ONE when multiplying// two numbers, and multiply by ONE when dividing them.// All arguments and return values are 18 decimal fixed point numbers.int256constant ONE_18 =1e18;
// Internally, intermediate values are computed with higher precision as 20 decimal fixed point numbers, and in the// case of ln36, 36 decimals.int256constant ONE_20 =1e20;
int256constant ONE_36 =1e36;
// The domain of natural exponentiation is bound by the word size and number of decimals used.//// Because internally the result will be stored using 20 decimals, the largest possible result is// (2^255 - 1) / 10^20, which makes the largest exponent ln((2^255 - 1) / 10^20) = 130.700829182905140221.// The smallest possible result is 10^(-18), which makes largest negative argument// ln(10^(-18)) = -41.446531673892822312.// We use 130.0 and -41.0 to have some safety margin.int256constant MAX_NATURAL_EXPONENT =130e18;
int256constant MIN_NATURAL_EXPONENT =-41e18;
// Bounds for ln_36's argument. Both ln(0.9) and ln(1.1) can be represented with 36 decimal places in a fixed point// 256 bit integer.int256constant LN_36_LOWER_BOUND = ONE_18 -1e17;
int256constant LN_36_UPPER_BOUND = ONE_18 +1e17;
uint256constant MILD_EXPONENT_BOUND =2**254/uint256(ONE_20);
// 18 decimal constantsint256constant x0 =128000000000000000000; // 2ˆ7int256constant a0 =38877084059945950922200000000000000000000000000000000000; // eˆ(x0) (no decimals)int256constant x1 =64000000000000000000; // 2ˆ6int256constant a1 =6235149080811616882910000000; // eˆ(x1) (no decimals)// 20 decimal constantsint256constant x2 =3200000000000000000000; // 2ˆ5int256constant a2 =7896296018268069516100000000000000; // eˆ(x2)int256constant x3 =1600000000000000000000; // 2ˆ4int256constant a3 =888611052050787263676000000; // eˆ(x3)int256constant x4 =800000000000000000000; // 2ˆ3int256constant a4 =298095798704172827474000; // eˆ(x4)int256constant x5 =400000000000000000000; // 2ˆ2int256constant a5 =5459815003314423907810; // eˆ(x5)int256constant x6 =200000000000000000000; // 2ˆ1int256constant a6 =738905609893065022723; // eˆ(x6)int256constant x7 =100000000000000000000; // 2ˆ0int256constant a7 =271828182845904523536; // eˆ(x7)int256constant x8 =50000000000000000000; // 2ˆ-1int256constant a8 =164872127070012814685; // eˆ(x8)int256constant x9 =25000000000000000000; // 2ˆ-2int256constant a9 =128402541668774148407; // eˆ(x9)int256constant x10 =12500000000000000000; // 2ˆ-3int256constant a10 =113314845306682631683; // eˆ(x10)int256constant x11 =6250000000000000000; // 2ˆ-4int256constant a11 =106449445891785942956; // eˆ(x11)/**
* @dev Exponentiation (x^y) with unsigned 18 decimal fixed point base and exponent.
*
* Reverts if ln(x) * y is smaller than `MIN_NATURAL_EXPONENT`, or larger than `MAX_NATURAL_EXPONENT`.
*/functionpow(uint256 x, uint256 y) internalpurereturns (uint256) {
if (y ==0) {
// We solve the 0^0 indetermination by making it equal one.returnuint256(ONE_18);
}
if (x ==0) {
return0;
}
// Instead of computing x^y directly, we instead rely on the properties of logarithms and exponentiation to// arrive at that result. In particular, exp(ln(x)) = x, and ln(x^y) = y * ln(x). This means// x^y = exp(y * ln(x)).// The ln function takes a signed value, so we need to make sure x fits in the signed 256 bit range.
_require(x >>255==0, Errors.X_OUT_OF_BOUNDS);
int256 x_int256 =int256(x);
// We will compute y * ln(x) in a single step. Depending on the value of x, we can either use ln or ln_36. In// both cases, we leave the division by ONE_18 (due to fixed point multiplication) to the end.// This prevents y * ln(x) from overflowing, and at the same time guarantees y fits in the signed 256 bit range.
_require(y < MILD_EXPONENT_BOUND, Errors.Y_OUT_OF_BOUNDS);
int256 y_int256 =int256(y);
int256 logx_times_y;
if (LN_36_LOWER_BOUND < x_int256 && x_int256 < LN_36_UPPER_BOUND) {
int256 ln_36_x = _ln_36(x_int256);
// ln_36_x has 36 decimal places, so multiplying by y_int256 isn't as straightforward, since we can't just// bring y_int256 to 36 decimal places, as it might overflow. Instead, we perform two 18 decimal// multiplications and add the results: one with the first 18 decimals of ln_36_x, and one with the// (downscaled) last 18 decimals.
logx_times_y = ((ln_36_x / ONE_18) * y_int256 + ((ln_36_x % ONE_18) * y_int256) / ONE_18);
} else {
logx_times_y = _ln(x_int256) * y_int256;
}
logx_times_y /= ONE_18;
// Finally, we compute exp(y * ln(x)) to arrive at x^y
_require(
MIN_NATURAL_EXPONENT <= logx_times_y && logx_times_y <= MAX_NATURAL_EXPONENT,
Errors.PRODUCT_OUT_OF_BOUNDS
);
returnuint256(exp(logx_times_y));
}
/**
* @dev Natural exponentiation (e^x) with signed 18 decimal fixed point exponent.
*
* Reverts if `x` is smaller than MIN_NATURAL_EXPONENT, or larger than `MAX_NATURAL_EXPONENT`.
*/functionexp(int256 x) internalpurereturns (int256) {
_require(x >= MIN_NATURAL_EXPONENT && x <= MAX_NATURAL_EXPONENT, Errors.INVALID_EXPONENT);
if (x <0) {
// We only handle positive exponents: e^(-x) is computed as 1 / e^x. We can safely make x positive since it// fits in the signed 256 bit range (as it is larger than MIN_NATURAL_EXPONENT).// Fixed point division requires multiplying by ONE_18.return ((ONE_18 * ONE_18) / exp(-x));
}
// First, we use the fact that e^(x+y) = e^x * e^y to decompose x into a sum of powers of two, which we call x_n,// where x_n == 2^(7 - n), and e^x_n = a_n has been precomputed. We choose the first x_n, x0, to equal 2^7// because all larger powers are larger than MAX_NATURAL_EXPONENT, and therefore not present in the// decomposition.// At the end of this process we will have the product of all e^x_n = a_n that apply, and the remainder of this// decomposition, which will be lower than the smallest x_n.// exp(x) = k_0 * a_0 * k_1 * a_1 * ... + k_n * a_n * exp(remainder), where each k_n equals either 0 or 1.// We mutate x by subtracting x_n, making it the remainder of the decomposition.// The first two a_n (e^(2^7) and e^(2^6)) are too large if stored as 18 decimal numbers, and could cause// intermediate overflows. Instead we store them as plain integers, with 0 decimals.// Additionally, x0 + x1 is larger than MAX_NATURAL_EXPONENT, which means they will not both be present in the// decomposition.// For each x_n, we test if that term is present in the decomposition (if x is larger than it), and if so deduct// it and compute the accumulated product.int256 firstAN;
if (x >= x0) {
x -= x0;
firstAN = a0;
} elseif (x >= x1) {
x -= x1;
firstAN = a1;
} else {
firstAN =1; // One with no decimal places
}
// We now transform x into a 20 decimal fixed point number, to have enhanced precision when computing the// smaller terms.
x *=100;
// `product` is the accumulated product of all a_n (except a0 and a1), which starts at 20 decimal fixed point// one. Recall that fixed point multiplication requires dividing by ONE_20.int256 product = ONE_20;
if (x >= x2) {
x -= x2;
product = (product * a2) / ONE_20;
}
if (x >= x3) {
x -= x3;
product = (product * a3) / ONE_20;
}
if (x >= x4) {
x -= x4;
product = (product * a4) / ONE_20;
}
if (x >= x5) {
x -= x5;
product = (product * a5) / ONE_20;
}
if (x >= x6) {
x -= x6;
product = (product * a6) / ONE_20;
}
if (x >= x7) {
x -= x7;
product = (product * a7) / ONE_20;
}
if (x >= x8) {
x -= x8;
product = (product * a8) / ONE_20;
}
if (x >= x9) {
x -= x9;
product = (product * a9) / ONE_20;
}
// x10 and x11 are unnecessary here since we have high enough precision already.// Now we need to compute e^x, where x is small (in particular, it is smaller than x9). We use the Taylor series// expansion for e^x: 1 + x + (x^2 / 2!) + (x^3 / 3!) + ... + (x^n / n!).int256 seriesSum = ONE_20; // The initial one in the sum, with 20 decimal places.int256 term; // Each term in the sum, where the nth term is (x^n / n!).// The first term is simply x.
term = x;
seriesSum += term;
// Each term (x^n / n!) equals the previous one times x, divided by n. Since x is a fixed point number,// multiplying by it requires dividing by ONE_20, but dividing by the non-fixed point n values does not.
term = ((term * x) / ONE_20) /2;
seriesSum += term;
term = ((term * x) / ONE_20) /3;
seriesSum += term;
term = ((term * x) / ONE_20) /4;
seriesSum += term;
term = ((term * x) / ONE_20) /5;
seriesSum += term;
term = ((term * x) / ONE_20) /6;
seriesSum += term;
term = ((term * x) / ONE_20) /7;
seriesSum += term;
term = ((term * x) / ONE_20) /8;
seriesSum += term;
term = ((term * x) / ONE_20) /9;
seriesSum += term;
term = ((term * x) / ONE_20) /10;
seriesSum += term;
term = ((term * x) / ONE_20) /11;
seriesSum += term;
term = ((term * x) / ONE_20) /12;
seriesSum += term;
// 12 Taylor terms are sufficient for 18 decimal precision.// We now have the first a_n (with no decimals), and the product of all other a_n present, and the Taylor// approximation of the exponentiation of the remainder (both with 20 decimals). All that remains is to multiply// all three (one 20 decimal fixed point multiplication, dividing by ONE_20, and one integer multiplication),// and then drop two digits to return an 18 decimal value.return (((product * seriesSum) / ONE_20) * firstAN) /100;
}
/**
* @dev Logarithm (log(arg, base), with signed 18 decimal fixed point base and argument.
*/functionlog(int256 arg, int256 base) internalpurereturns (int256) {
// This performs a simple base change: log(arg, base) = ln(arg) / ln(base).// Both logBase and logArg are computed as 36 decimal fixed point numbers, either by using ln_36, or by// upscaling.int256 logBase;
if (LN_36_LOWER_BOUND < base && base < LN_36_UPPER_BOUND) {
logBase = _ln_36(base);
} else {
logBase = _ln(base) * ONE_18;
}
int256 logArg;
if (LN_36_LOWER_BOUND < arg && arg < LN_36_UPPER_BOUND) {
logArg = _ln_36(arg);
} else {
logArg = _ln(arg) * ONE_18;
}
// When dividing, we multiply by ONE_18 to arrive at a result with 18 decimal placesreturn (logArg * ONE_18) / logBase;
}
/**
* @dev Natural logarithm (ln(a)) with signed 18 decimal fixed point argument.
*/functionln(int256 a) internalpurereturns (int256) {
// The real natural logarithm is not defined for negative numbers or zero.
_require(a >0, Errors.OUT_OF_BOUNDS);
if (LN_36_LOWER_BOUND < a && a < LN_36_UPPER_BOUND) {
return _ln_36(a) / ONE_18;
} else {
return _ln(a);
}
}
/**
* @dev Internal natural logarithm (ln(a)) with signed 18 decimal fixed point argument.
*/function_ln(int256 a) privatepurereturns (int256) {
if (a < ONE_18) {
// Since ln(a^k) = k * ln(a), we can compute ln(a) as ln(a) = ln((1/a)^(-1)) = - ln((1/a)). If a is less// than one, 1/a will be greater than one, and this if statement will not be entered in the recursive call.// Fixed point division requires multiplying by ONE_18.return (-_ln((ONE_18 * ONE_18) / a));
}
// First, we use the fact that ln^(a * b) = ln(a) + ln(b) to decompose ln(a) into a sum of powers of two, which// we call x_n, where x_n == 2^(7 - n), which are the natural logarithm of precomputed quantities a_n (that is,// ln(a_n) = x_n). We choose the first x_n, x0, to equal 2^7 because the exponential of all larger powers cannot// be represented as 18 fixed point decimal numbers in 256 bits, and are therefore larger than a.// At the end of this process we will have the sum of all x_n = ln(a_n) that apply, and the remainder of this// decomposition, which will be lower than the smallest a_n.// ln(a) = k_0 * x_0 + k_1 * x_1 + ... + k_n * x_n + ln(remainder), where each k_n equals either 0 or 1.// We mutate a by subtracting a_n, making it the remainder of the decomposition.// For reasons related to how `exp` works, the first two a_n (e^(2^7) and e^(2^6)) are not stored as fixed point// numbers with 18 decimals, but instead as plain integers with 0 decimals, so we need to multiply them by// ONE_18 to convert them to fixed point.// For each a_n, we test if that term is present in the decomposition (if a is larger than it), and if so divide// by it and compute the accumulated sum.int256 sum =0;
if (a >= a0 * ONE_18) {
a /= a0; // Integer, not fixed point division
sum += x0;
}
if (a >= a1 * ONE_18) {
a /= a1; // Integer, not fixed point division
sum += x1;
}
// All other a_n and x_n are stored as 20 digit fixed point numbers, so we convert the sum and a to this format.
sum *=100;
a *=100;
// Because further a_n are 20 digit fixed point numbers, we multiply by ONE_20 when dividing by them.if (a >= a2) {
a = (a * ONE_20) / a2;
sum += x2;
}
if (a >= a3) {
a = (a * ONE_20) / a3;
sum += x3;
}
if (a >= a4) {
a = (a * ONE_20) / a4;
sum += x4;
}
if (a >= a5) {
a = (a * ONE_20) / a5;
sum += x5;
}
if (a >= a6) {
a = (a * ONE_20) / a6;
sum += x6;
}
if (a >= a7) {
a = (a * ONE_20) / a7;
sum += x7;
}
if (a >= a8) {
a = (a * ONE_20) / a8;
sum += x8;
}
if (a >= a9) {
a = (a * ONE_20) / a9;
sum += x9;
}
if (a >= a10) {
a = (a * ONE_20) / a10;
sum += x10;
}
if (a >= a11) {
a = (a * ONE_20) / a11;
sum += x11;
}
// a is now a small number (smaller than a_11, which roughly equals 1.06). This means we can use a Taylor series// that converges rapidly for values of `a` close to one - the same one used in ln_36.// Let z = (a - 1) / (a + 1).// ln(a) = 2 * (z + z^3 / 3 + z^5 / 5 + z^7 / 7 + ... + z^(2 * n + 1) / (2 * n + 1))// Recall that 20 digit fixed point division requires multiplying by ONE_20, and multiplication requires// division by ONE_20.int256 z = ((a - ONE_20) * ONE_20) / (a + ONE_20);
int256 z_squared = (z * z) / ONE_20;
// num is the numerator of the series: the z^(2 * n + 1) termint256 num = z;
// seriesSum holds the accumulated sum of each term in the series, starting with the initial zint256 seriesSum = num;
// In each step, the numerator is multiplied by z^2
num = (num * z_squared) / ONE_20;
seriesSum += num /3;
num = (num * z_squared) / ONE_20;
seriesSum += num /5;
num = (num * z_squared) / ONE_20;
seriesSum += num /7;
num = (num * z_squared) / ONE_20;
seriesSum += num /9;
num = (num * z_squared) / ONE_20;
seriesSum += num /11;
// 6 Taylor terms are sufficient for 36 decimal precision.// Finally, we multiply by 2 (non fixed point) to compute ln(remainder)
seriesSum *=2;
// We now have the sum of all x_n present, and the Taylor approximation of the logarithm of the remainder (both// with 20 decimals). All that remains is to sum these two, and then drop two digits to return a 18 decimal// value.return (sum + seriesSum) /100;
}
/**
* @dev Intrnal high precision (36 decimal places) natural logarithm (ln(x)) with signed 18 decimal fixed point argument,
* for x close to one.
*
* Should only be used if x is between LN_36_LOWER_BOUND and LN_36_UPPER_BOUND.
*/function_ln_36(int256 x) privatepurereturns (int256) {
// Since ln(1) = 0, a value of x close to one will yield a very small result, which makes using 36 digits// worthwhile.// First, we transform x to a 36 digit fixed point value.
x *= ONE_18;
// We will use the following Taylor expansion, which converges very rapidly. Let z = (x - 1) / (x + 1).// ln(x) = 2 * (z + z^3 / 3 + z^5 / 5 + z^7 / 7 + ... + z^(2 * n + 1) / (2 * n + 1))// Recall that 36 digit fixed point division requires multiplying by ONE_36, and multiplication requires// division by ONE_36.int256 z = ((x - ONE_36) * ONE_36) / (x + ONE_36);
int256 z_squared = (z * z) / ONE_36;
// num is the numerator of the series: the z^(2 * n + 1) termint256 num = z;
// seriesSum holds the accumulated sum of each term in the series, starting with the initial zint256 seriesSum = num;
// In each step, the numerator is multiplied by z^2
num = (num * z_squared) / ONE_36;
seriesSum += num /3;
num = (num * z_squared) / ONE_36;
seriesSum += num /5;
num = (num * z_squared) / ONE_36;
seriesSum += num /7;
num = (num * z_squared) / ONE_36;
seriesSum += num /9;
num = (num * z_squared) / ONE_36;
seriesSum += num /11;
num = (num * z_squared) / ONE_36;
seriesSum += num /13;
num = (num * z_squared) / ONE_36;
seriesSum += num /15;
// 8 Taylor terms are sufficient for 36 decimal precision.// All that remains is multiplying by 2 (non fixed point).return seriesSum *2;
}
}
Contract Source Code
File 41 of 52: Math.sol
// SPDX-License-Identifier: MITpragmasolidity ^0.7.0;import"@balancer-labs/v2-interfaces/contracts/solidity-utils/helpers/BalancerErrors.sol";
/**
* @dev Wrappers over Solidity's arithmetic operations with added overflow checks.
* Adapted from OpenZeppelin's SafeMath library.
*/libraryMath{
/**
* @dev Returns the absolute value of a signed integer.
*/functionabs(int256 a) internalpurereturns (uint256) {
return a >0 ? uint256(a) : uint256(-a);
}
/**
* @dev Returns the addition of two unsigned integers of 256 bits, reverting on overflow.
*/functionadd(uint256 a, uint256 b) internalpurereturns (uint256) {
uint256 c = a + b;
_require(c >= a, Errors.ADD_OVERFLOW);
return c;
}
/**
* @dev Returns the addition of two signed integers, reverting on overflow.
*/functionadd(int256 a, int256 b) internalpurereturns (int256) {
int256 c = a + b;
_require((b >=0&& c >= a) || (b <0&& c < a), Errors.ADD_OVERFLOW);
return c;
}
/**
* @dev Returns the subtraction of two unsigned integers of 256 bits, reverting on overflow.
*/functionsub(uint256 a, uint256 b) internalpurereturns (uint256) {
_require(b <= a, Errors.SUB_OVERFLOW);
uint256 c = a - b;
return c;
}
/**
* @dev Returns the subtraction of two signed integers, reverting on overflow.
*/functionsub(int256 a, int256 b) internalpurereturns (int256) {
int256 c = a - b;
_require((b >=0&& c <= a) || (b <0&& c > a), Errors.SUB_OVERFLOW);
return c;
}
/**
* @dev Returns the largest of two numbers of 256 bits.
*/functionmax(uint256 a, uint256 b) internalpurereturns (uint256) {
return a >= b ? a : b;
}
/**
* @dev Returns the smallest of two numbers of 256 bits.
*/functionmin(uint256 a, uint256 b) internalpurereturns (uint256) {
return a < b ? a : b;
}
functionmul(uint256 a, uint256 b) internalpurereturns (uint256) {
uint256 c = a * b;
_require(a ==0|| c / a == b, Errors.MUL_OVERFLOW);
return c;
}
functiondiv(uint256 a,
uint256 b,
bool roundUp
) internalpurereturns (uint256) {
return roundUp ? divUp(a, b) : divDown(a, b);
}
functiondivDown(uint256 a, uint256 b) internalpurereturns (uint256) {
_require(b !=0, Errors.ZERO_DIVISION);
return a / b;
}
functiondivUp(uint256 a, uint256 b) internalpurereturns (uint256) {
_require(b !=0, Errors.ZERO_DIVISION);
if (a ==0) {
return0;
} else {
return1+ (a -1) / b;
}
}
}
Contract Source Code
File 42 of 52: PriceRateCache.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;import"@balancer-labs/v2-interfaces/contracts/solidity-utils/helpers/BalancerErrors.sol";
import"@balancer-labs/v2-solidity-utils/contracts/helpers/WordCodec.sol";
/**
* Price rate caches are used to avoid querying the price rate for a token every time we need to work with it. It is
* useful for slow changing rates, such as those that arise from interest-bearing tokens (e.g. waDAI into DAI).
*
* The cache data is packed into a single bytes32 value with the following structure:
* [ 32 bits | 32 bits | 96 bits | 96 bits ]
* [ expires | duration | old rate | current rate ]
* |MSB LSB|
*
* 'rate' is an 18 decimal fixed point number, supporting rates of up to ~3e10. 'expires' is a Unix timestamp, and
* 'duration' is expressed in seconds.
*/libraryPriceRateCache{
usingWordCodecforbytes32;
uint256privateconstant _CURRENT_PRICE_RATE_OFFSET =0;
uint256privateconstant _OLD_PRICE_RATE_OFFSET =96;
uint256privateconstant _PRICE_RATE_CACHE_DURATION_OFFSET =192;
uint256privateconstant _PRICE_RATE_CACHE_EXPIRES_OFFSET =224;
uint256privateconstant _RATE_BIT_LENGTH =96;
uint256privateconstant _DURATION_BIT_LENGTH =32;
/**
* @dev Returns the current rate in the price rate cache.
*/functiongetCurrentRate(bytes32 cache) internalpurereturns (uint256) {
return cache.decodeUint(_CURRENT_PRICE_RATE_OFFSET, _RATE_BIT_LENGTH);
}
/**
* @dev Returns the old rate in the price rate cache.
*/functiongetOldRate(bytes32 cache) internalpurereturns (uint256) {
return cache.decodeUint(_OLD_PRICE_RATE_OFFSET, _RATE_BIT_LENGTH);
}
/**
* @dev Copies the current rate to the old rate.
*/functionupdateOldRate(bytes32 cache) internalpurereturns (bytes32) {
return cache.insertUint(getCurrentRate(cache), _OLD_PRICE_RATE_OFFSET, _RATE_BIT_LENGTH);
}
/**
* @dev Returns the duration of a price rate cache.
*/functiongetDuration(bytes32 cache) internalpurereturns (uint256) {
return cache.decodeUint(_PRICE_RATE_CACHE_DURATION_OFFSET, _DURATION_BIT_LENGTH);
}
/**
* @dev Returns the duration and expiration time of a price rate cache.
*/functiongetTimestamps(bytes32 cache) internalpurereturns (uint256 duration, uint256 expires) {
duration = getDuration(cache);
expires = cache.decodeUint(_PRICE_RATE_CACHE_EXPIRES_OFFSET, _DURATION_BIT_LENGTH);
}
/**
* @dev Encodes rate and duration into a price rate cache. The expiration time is computed automatically, counting
* from the current time.
*/functionupdateRateAndDuration(bytes32 cache,
uint256 rate,
uint256 duration
) internalviewreturns (bytes32) {
_require(rate >> _RATE_BIT_LENGTH ==0, Errors.PRICE_RATE_OVERFLOW);
// solhint-disable not-rely-on-timereturn
cache
.insertUint(rate, _CURRENT_PRICE_RATE_OFFSET, _RATE_BIT_LENGTH)
.insertUint(duration, _PRICE_RATE_CACHE_DURATION_OFFSET, _DURATION_BIT_LENGTH)
.insertUint(block.timestamp+ duration, _PRICE_RATE_CACHE_EXPIRES_OFFSET, _DURATION_BIT_LENGTH);
}
/**
* @dev Update the current rate in a price rate cache.
*/functionupdateCurrentRate(bytes32 cache, uint256 rate) internalpurereturns (bytes32) {
_require(rate >> _RATE_BIT_LENGTH ==0, Errors.PRICE_RATE_OVERFLOW);
return cache.insertUint(rate, _CURRENT_PRICE_RATE_OFFSET, _RATE_BIT_LENGTH);
}
/**
* @dev Update the duration (and expiration) in a price rate cache.
*/functionupdateDuration(bytes32 cache, uint256 duration) internalviewreturns (bytes32) {
return
cache.insertUint(duration, _PRICE_RATE_CACHE_DURATION_OFFSET, _DURATION_BIT_LENGTH).insertUint(
block.timestamp+ duration,
_PRICE_RATE_CACHE_EXPIRES_OFFSET,
_DURATION_BIT_LENGTH
);
}
/**
* @dev Returns rate, duration and expiration time of a price rate cache.
*/functiondecode(bytes32 cache)
internalpurereturns (uint256 rate,
uint256 duration,
uint256 expires
)
{
rate = getCurrentRate(cache);
(duration, expires) = getTimestamps(cache);
}
}
Contract Source Code
File 43 of 52: ProtocolFeeCache.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;import"@balancer-labs/v2-interfaces/contracts/solidity-utils/helpers/BalancerErrors.sol";
import"@balancer-labs/v2-interfaces/contracts/standalone-utils/IProtocolFeePercentagesProvider.sol";
import"@balancer-labs/v2-solidity-utils/contracts/openzeppelin/SafeCast.sol";
import"../RecoveryMode.sol";
/**
* @dev The Vault does not provide the protocol swap fee percentage in swap hooks (as swaps don't typically need this
* value), so for swaps that need this value, we would have to to fetch it ourselves from the
* ProtocolFeePercentagesProvider. Additionally, other protocol fee types (such as Yield or AUM) can only be obtained
* by making said call.
*
* However, these values change so rarely that it doesn't make sense to perform the required calls to get the current
* values in every single user interaction. Instead, we keep a local copy that can be permissionlessly updated by anyone
* with the real value. We also pack these values together, performing a single storage read to get them all.
*
* When initialized with a special sentinel value, the swap fee is delegated, meaning the mutable protocol swap fee
* cache is set to the current value stored in the ProtocolFeePercentagesProvider, and can be updated by anyone with a
* call to `updateProtocolFeePercentageCache`. Any other value means the protocol swap fee is fixed, so it is instead
* stored in the immutable `_fixedProtocolSwapFeePercentage`.
*/abstractcontractProtocolFeeCacheisRecoveryMode{
usingSafeCastforuint256;
IProtocolFeePercentagesProvider privateimmutable _protocolFeeProvider;
// Protocol Fee Percentages can never be larger than 100% (1e18), which fits in ~59 bits, so using 64 for each type// is sufficient.structFeeTypeCache {
uint64 swapFee;
uint64 yieldFee;
uint64 aumFee;
}
FeeTypeCache private _cache;
eventProtocolFeePercentageCacheUpdated(uint256indexed feeType, uint256 protocolFeePercentage);
// Swap fees can be set to a fixed value at construction, or delegated to the ProtocolFeePercentagesProvider if// passing the special sentinel value.uint256publicconstant DELEGATE_PROTOCOL_SWAP_FEES_SENTINEL =type(uint256).max;
boolprivateimmutable _delegatedProtocolSwapFees;
// Only valid when `_delegatedProtocolSwapFees` is falseuint256privateimmutable _fixedProtocolSwapFeePercentage;
constructor(IProtocolFeePercentagesProvider protocolFeeProvider, uint256 protocolSwapFeePercentage) {
// Protocol swap fees are delegated to the value reported by the ProtocolFeePercentagesProvider if the sentinel// value is passed.bool delegatedProtocolSwapFees = protocolSwapFeePercentage == DELEGATE_PROTOCOL_SWAP_FEES_SENTINEL;
_delegatedProtocolSwapFees = delegatedProtocolSwapFees;
_protocolFeeProvider = protocolFeeProvider;
_updateProtocolFeeCache(protocolFeeProvider, ProtocolFeeType.YIELD);
_updateProtocolFeeCache(protocolFeeProvider, ProtocolFeeType.AUM);
if (delegatedProtocolSwapFees) {
_updateProtocolFeeCache(protocolFeeProvider, ProtocolFeeType.SWAP);
} else {
_require(
protocolSwapFeePercentage <= protocolFeeProvider.getFeeTypeMaximumPercentage(ProtocolFeeType.SWAP),
Errors.SWAP_FEE_PERCENTAGE_TOO_HIGH
);
// We cannot set `_fixedProtocolSwapFeePercentage` here due to it being immutable so instead we must set it// in the main function scope with a value based on whether protocol fees are delegated.// Emit an event as we do in `_updateProtocolFeeCache` to appear the same to offchain indexers.emit ProtocolFeePercentageCacheUpdated(ProtocolFeeType.SWAP, protocolSwapFeePercentage);
}
// As `_fixedProtocolSwapFeePercentage` is immutable we must set a value, but just set to zero if it's not used.
_fixedProtocolSwapFeePercentage = delegatedProtocolSwapFees ? 0 : protocolSwapFeePercentage;
}
/**
* @dev Returns the cached protocol fee percentage. If `getProtocolSwapFeeDelegation()` is false, this value is
* immutable for swap fee queries. Alternatively, it will track the global fee percentage set in the
* ProtocolFeePercentagesProvider.
*/functiongetProtocolFeePercentageCache(uint256 feeType) publicviewreturns (uint256) {
if (inRecoveryMode()) {
return0;
}
if (feeType == ProtocolFeeType.SWAP) {
return getProtocolSwapFeeDelegation() ? _cache.swapFee : _fixedProtocolSwapFeePercentage;
} elseif (feeType == ProtocolFeeType.YIELD) {
return _cache.yieldFee;
} elseif (feeType == ProtocolFeeType.AUM) {
return _cache.aumFee;
} else {
_revert(Errors.UNHANDLED_FEE_TYPE);
}
}
/**
* @dev Can be called by anyone to update the cached fee percentages (swap fee is only updated when delegated).
* Updates the cache to the latest value set by governance.
*
* This function will revert when called within a Vault context (i.e. in the middle of a join or an exit).
*
* This function depends on the invariant value, which may be calculated incorrectly in the middle of a join or
* an exit, because the state of the pool could be out of sync with the state of the Vault.
* `_beforeProtocolFeeCacheUpdate` will revert when called from such a context for composable stable pools,
* effectively protecting this function.
*
* See https://forum.balancer.fi/t/reentrancy-vulnerability-scope-expanded/4345 for reference.
*/functionupdateProtocolFeePercentageCache() external{
_beforeProtocolFeeCacheUpdate();
if (getProtocolSwapFeeDelegation()) {
_updateProtocolFeeCache(_protocolFeeProvider, ProtocolFeeType.SWAP);
}
_updateProtocolFeeCache(_protocolFeeProvider, ProtocolFeeType.YIELD);
_updateProtocolFeeCache(_protocolFeeProvider, ProtocolFeeType.AUM);
}
/**
* @dev Override in derived contracts to perform some action before the cache is updated. This is typically relevant
* to Pools that incur protocol debt between operations. To avoid altering the amount due retroactively, this debt
* needs to be paid before the fee percentages change.
*/function_beforeProtocolFeeCacheUpdate() internalvirtual{}
/**
* @dev Returns whether this Pool tracks protocol swap fee changes in the IProtocolFeePercentagesProvider.
*/functiongetProtocolSwapFeeDelegation() publicviewreturns (bool) {
return _delegatedProtocolSwapFees;
}
function_updateProtocolFeeCache(IProtocolFeePercentagesProvider protocolFeeProvider, uint256 feeType) private{
uint256 currentValue = protocolFeeProvider.getFeeTypePercentage(feeType);
if (feeType == ProtocolFeeType.SWAP) {
_cache.swapFee = currentValue.toUint64();
} elseif (feeType == ProtocolFeeType.YIELD) {
_cache.yieldFee = currentValue.toUint64();
} elseif (feeType == ProtocolFeeType.AUM) {
_cache.aumFee = currentValue.toUint64();
} else {
_revert(Errors.UNHANDLED_FEE_TYPE);
}
emit ProtocolFeePercentageCacheUpdated(feeType, currentValue);
}
}
Contract Source Code
File 44 of 52: ProtocolFees.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;import"@balancer-labs/v2-solidity-utils/contracts/math/FixedPoint.sol";
import"@balancer-labs/v2-solidity-utils/contracts/math/Math.sol";
libraryProtocolFees{
usingFixedPointforuint256;
/**
* @dev Calculates the amount of BPT necessary to give ownership of a given percentage of the Pool.
* Note that this function reverts if `poolPercentage` >= 100%, it's expected that the caller will enforce this.
* @param totalSupply - The total supply of the pool prior to minting BPT.
* @param poolOwnershipPercentage - The desired ownership percentage of the pool to have as a result of minting BPT.
* @return bptAmount - The amount of BPT to mint such that it is `poolPercentage` of the resultant total supply.
*/functionbptForPoolOwnershipPercentage(uint256 totalSupply, uint256 poolOwnershipPercentage)
internalpurereturns (uint256)
{
// If we mint some amount `bptAmount` of BPT then the percentage ownership of the pool this grants is given by:// `poolOwnershipPercentage = bptAmount / (totalSupply + bptAmount)`.// Solving for `bptAmount`, we arrive at:// `bptAmount = totalSupply * poolOwnershipPercentage / (1 - poolOwnershipPercentage)`.return Math.divDown(Math.mul(totalSupply, poolOwnershipPercentage), poolOwnershipPercentage.complement());
}
}
Contract Source Code
File 45 of 52: RecoveryMode.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;import"@balancer-labs/v2-interfaces/contracts/solidity-utils/helpers/BalancerErrors.sol";
import"@balancer-labs/v2-interfaces/contracts/pool-utils/BasePoolUserData.sol";
import"@balancer-labs/v2-interfaces/contracts/pool-utils/IRecoveryMode.sol";
import"@balancer-labs/v2-solidity-utils/contracts/math/FixedPoint.sol";
import"./BasePoolAuthorization.sol";
/**
* @notice Handle storage and state changes for pools that support "Recovery Mode".
*
* @dev This is intended to provide a safe way to exit any pool during some kind of emergency, to avoid locking funds
* in the event the pool enters a non-functional state (i.e., some code that normally runs during exits is causing
* them to revert).
*
* Recovery Mode is *not* the same as pausing the pool. The pause function is only available during a short window
* after factory deployment. Pausing can only be intentionally reversed during a buffer period, and the contract
* will permanently unpause itself thereafter. Paused pools are completely disabled, in a kind of suspended animation,
* until they are voluntarily or involuntarily unpaused.
*
* By contrast, a privileged account - typically a governance multisig - can place a pool in Recovery Mode at any
* time, and it is always reversible. The pool is *not* disabled while in this mode: though of course whatever
* condition prompted the transition to Recovery Mode has likely effectively disabled some functions. Rather,
* a special "clean" exit is enabled, which runs the absolute minimum code necessary to exit proportionally.
* In particular, stable pools do not attempt to compute the invariant (which is a complex, iterative calculation
* that can fail in extreme circumstances), and no protocol fees are collected.
*
* It is critical to ensure that turning on Recovery Mode would do no harm, if activated maliciously or in error.
*/abstractcontractRecoveryModeisIRecoveryMode, BasePoolAuthorization{
usingFixedPointforuint256;
usingBasePoolUserDataforbytes;
/**
* @dev Reverts if the contract is in Recovery Mode.
*/modifierwhenNotInRecoveryMode() {
_ensureNotInRecoveryMode();
_;
}
/**
* @notice Enable recovery mode, which enables a special safe exit path for LPs.
* @dev Does not otherwise affect pool operations (beyond deferring payment of protocol fees), though some pools may
* perform certain operations in a "safer" manner that is less likely to fail, in an attempt to keep the pool
* running, even in a pathological state. Unlike the Pause operation, which is only available during a short window
* after factory deployment, Recovery Mode can always be enabled.
*/functionenableRecoveryMode() externaloverrideauthenticate{
_setRecoveryMode(true);
}
/**
* @notice Disable recovery mode, which disables the special safe exit path for LPs.
* @dev Protocol fees are not paid while in Recovery Mode, so it should only remain active for as long as strictly
* necessary.
*
* This function will revert when called within a Vault context (i.e. in the middle of a join or an exit).
*
* This function depends on the invariant value, which may be calculated incorrectly in the middle of a join or
* an exit, because the state of the pool could be out of sync with the state of the Vault.
* `_onDisableRecoveryMode` will revert when called from such a context for composable stable pools, effectively
* protecting this function.
*
* See https://forum.balancer.fi/t/reentrancy-vulnerability-scope-expanded/4345 for reference.
*/functiondisableRecoveryMode() externaloverrideauthenticate{
_setRecoveryMode(false);
}
// Defer implementation for functions that require storage/**
* @notice Override to check storage and return whether the pool is in Recovery Mode
*/functioninRecoveryMode() publicviewvirtualoverridereturns (bool);
/**
* @dev Override to update storage and emit the event
*
* No complex code or external calls that could fail should be placed in the implementations,
* which could jeopardize the ability to enable and disable Recovery Mode.
*/function_setRecoveryMode(bool enabled) internalvirtual;
/**
* @dev Reverts if the contract is not in Recovery Mode.
*/function_ensureInRecoveryMode() internalview{
_require(inRecoveryMode(), Errors.NOT_IN_RECOVERY_MODE);
}
/**
* @dev Reverts if the contract is in Recovery Mode.
*/function_ensureNotInRecoveryMode() internalview{
_require(!inRecoveryMode(), Errors.IN_RECOVERY_MODE);
}
/**
* @dev A minimal proportional exit, suitable as is for most pools: though not for pools with preminted BPT
* or other special considerations. Designed to be overridden if a pool needs to do extra processing,
* such as scaling a stored invariant, or caching the new total supply.
*
* No complex code or external calls should be made in derived contracts that override this!
*/function_doRecoveryModeExit(uint256[] memory balances,
uint256 totalSupply,
bytesmemory userData
) internalvirtualreturns (uint256, uint256[] memory) {
uint256 bptAmountIn = userData.recoveryModeExit();
uint256[] memory amountsOut = _computeProportionalAmountsOut(balances, totalSupply, bptAmountIn);
return (bptAmountIn, amountsOut);
}
function_computeProportionalAmountsOut(uint256[] memory balances,
uint256 totalSupply,
uint256 bptAmountIn
) internalpurereturns (uint256[] memory amountsOut) {
/**********************************************************************************************
// exactBPTInForTokensOut //
// (per token) //
// aO = tokenAmountOut / bptIn \ //
// b = tokenBalance a0 = b * | --------------------- | //
// bptIn = bptAmountIn \ bptTotalSupply / //
// bpt = bptTotalSupply //
**********************************************************************************************/// Since we're computing an amount out, we round down overall. This means rounding down on both the// multiplication and division.uint256 bptRatio = bptAmountIn.divDown(totalSupply);
amountsOut =newuint256[](balances.length);
for (uint256 i =0; i < balances.length; i++) {
amountsOut[i] = balances[i].mulDown(bptRatio);
}
}
}
Contract Source Code
File 46 of 52: SafeCast.sol
// SPDX-License-Identifier: MITpragmasolidity ^0.7.0;import"@balancer-labs/v2-interfaces/contracts/solidity-utils/helpers/BalancerErrors.sol";
/**
* @dev Wrappers over Solidity's uintXX/intXX casting operators with added overflow
* checks.
*
* Downcasting from uint256/int256 in Solidity does not revert on overflow. This can
* easily result in undesired exploitation or bugs, since developers usually
* assume that overflows raise errors. `SafeCast` restores this intuition by
* reverting the transaction when such an operation overflows.
*
* Using this library instead of the unchecked operations eliminates an entire
* class of bugs, so it's recommended to use it always.
*
* Can be combined with {SafeMath} and {SignedSafeMath} to extend it to smaller types, by performing
* all math on `uint256` and `int256` and then downcasting.
*/librarySafeCast{
/**
* @dev Converts an unsigned uint256 into a signed int256.
*
* Requirements:
*
* - input must be less than or equal to maxInt256.
*/functiontoInt256(uint256 value) internalpurereturns (int256) {
_require(value >>255==0, Errors.SAFE_CAST_VALUE_CANT_FIT_INT256);
returnint256(value);
}
/**
* @dev Converts an unsigned uint256 into an unsigned uint64.
*
* Requirements:
*
* - input must be less than or equal to maxUint64.
*/functiontoUint64(uint256 value) internalpurereturns (uint64) {
_require(value <=type(uint64).max, Errors.SAFE_CAST_VALUE_CANT_FIT_UINT64);
returnuint64(value);
}
}
Contract Source Code
File 47 of 52: SafeMath.sol
// SPDX-License-Identifier: MITpragmasolidity ^0.7.0;import"@balancer-labs/v2-interfaces/contracts/solidity-utils/helpers/BalancerErrors.sol";
/**
* @dev Wrappers over Solidity's arithmetic operations with added overflow
* checks.
*
* Arithmetic operations in Solidity wrap on overflow. This can easily result
* in bugs, because programmers usually assume that an overflow raises an
* error, which is the standard behavior in high level programming languages.
* `SafeMath` restores this intuition by reverting the transaction when an
* operation overflows.
*
* Using this library instead of the unchecked operations eliminates an entire
* class of bugs, so it's recommended to use it always.
*/librarySafeMath{
/**
* @dev Returns the addition of two unsigned integers, reverting on
* overflow.
*
* Counterpart to Solidity's `+` operator.
*
* Requirements:
*
* - Addition cannot overflow.
*/functionadd(uint256 a, uint256 b) internalpurereturns (uint256) {
uint256 c = a + b;
_require(c >= a, Errors.ADD_OVERFLOW);
return c;
}
/**
* @dev Returns the subtraction of two unsigned integers, reverting on
* overflow (when the result is negative).
*
* Counterpart to Solidity's `-` operator.
*
* Requirements:
*
* - Subtraction cannot overflow.
*/functionsub(uint256 a, uint256 b) internalpurereturns (uint256) {
return sub(a, b, Errors.SUB_OVERFLOW);
}
/**
* @dev Returns the subtraction of two unsigned integers, reverting with custom message on
* overflow (when the result is negative).
*
* Counterpart to Solidity's `-` operator.
*
* Requirements:
*
* - Subtraction cannot overflow.
*/functionsub(uint256 a,
uint256 b,
uint256 errorCode
) internalpurereturns (uint256) {
_require(b <= a, errorCode);
uint256 c = a - b;
return c;
}
}
Contract Source Code
File 48 of 52: StableMath.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;import"@balancer-labs/v2-solidity-utils/contracts/math/FixedPoint.sol";
import"@balancer-labs/v2-solidity-utils/contracts/math/Math.sol";
// These functions start with an underscore, as if they were part of a contract and not a library. At some point this// should be fixed. Additionally, some variables have non mixed case names (e.g. P_D) that relate to the mathematical// derivations.// solhint-disable private-vars-leading-underscore, var-name-mixedcaselibraryStableMath{
usingFixedPointforuint256;
uint256internalconstant _MIN_AMP =1;
uint256internalconstant _MAX_AMP =5000;
uint256internalconstant _AMP_PRECISION =1e3;
uint256internalconstant _MAX_STABLE_TOKENS =5;
// Note on unchecked arithmetic:// This contract performs a large number of additions, subtractions, multiplications and divisions, often inside// loops. Since many of these operations are gas-sensitive (as they happen e.g. during a swap), it is important to// not make any unnecessary checks. We rely on a set of invariants to avoid having to use checked arithmetic (the// Math library), including:// - the number of tokens is bounded by _MAX_STABLE_TOKENS// - the amplification parameter is bounded by _MAX_AMP * _AMP_PRECISION, which fits in 23 bits// - the token balances are bounded by 2^112 (guaranteed by the Vault) times 1e18 (the maximum scaling factor),// which fits in 172 bits//// This means e.g. we can safely multiply a balance by the amplification parameter without worrying about overflow.// About swap fees on joins and exits:// Any join or exit that is not perfectly balanced (e.g. all single token joins or exits) is mathematically// equivalent to a perfectly balanced join or exit followed by a series of swaps. Since these swaps would charge// swap fees, it follows that (some) joins and exits should as well.// On these operations, we split the token amounts in 'taxable' and 'non-taxable' portions, where the 'taxable' part// is the one to which swap fees are applied.// Computes the invariant given the current balances, using the Newton-Raphson approximation.// The amplification parameter equals: A n^(n-1)// See: https://github.com/curvefi/curve-contract/blob/b0bbf77f8f93c9c5f4e415bce9cd71f0cdee960e/contracts/pool-templates/base/SwapTemplateBase.vy#L206// solhint-disable-previous-line max-line-lengthfunction_calculateInvariant(uint256 amplificationParameter, uint256[] memory balances)
internalpurereturns (uint256)
{
/**********************************************************************************************
// invariant //
// D = invariant D^(n+1) //
// A = amplification coefficient A n^n S + D = A D n^n + ----------- //
// S = sum of balances n^n P //
// P = product of balances //
// n = number of tokens //
**********************************************************************************************/// Always round down, to match Vyper's arithmetic (which always truncates).uint256 sum =0; // S in the Curve versionuint256 numTokens = balances.length;
for (uint256 i =0; i < numTokens; i++) {
sum = sum.add(balances[i]);
}
if (sum ==0) {
return0;
}
uint256 prevInvariant; // Dprev in the Curve versionuint256 invariant = sum; // D in the Curve versionuint256 ampTimesTotal = amplificationParameter * numTokens; // Ann in the Curve versionfor (uint256 i =0; i <255; i++) {
uint256 D_P = invariant;
for (uint256 j =0; j < numTokens; j++) {
// (D_P * invariant) / (balances[j] * numTokens)
D_P = Math.divDown(Math.mul(D_P, invariant), Math.mul(balances[j], numTokens));
}
prevInvariant = invariant;
invariant = Math.divDown(
Math.mul(
// (ampTimesTotal * sum) / AMP_PRECISION + D_P * numTokens
(Math.divDown(Math.mul(ampTimesTotal, sum), _AMP_PRECISION).add(Math.mul(D_P, numTokens))),
invariant
),
// ((ampTimesTotal - _AMP_PRECISION) * invariant) / _AMP_PRECISION + (numTokens + 1) * D_P
(
Math.divDown(Math.mul((ampTimesTotal - _AMP_PRECISION), invariant), _AMP_PRECISION).add(
Math.mul((numTokens +1), D_P)
)
)
);
if (invariant > prevInvariant) {
if (invariant - prevInvariant <=1) {
return invariant;
}
} elseif (prevInvariant - invariant <=1) {
return invariant;
}
}
_revert(Errors.STABLE_INVARIANT_DIDNT_CONVERGE);
}
// Computes how many tokens can be taken out of a pool if `tokenAmountIn` are sent, given the current balances.// The amplification parameter equals: A n^(n-1)function_calcOutGivenIn(uint256 amplificationParameter,
uint256[] memory balances,
uint256 tokenIndexIn,
uint256 tokenIndexOut,
uint256 tokenAmountIn,
uint256 invariant
) internalpurereturns (uint256) {
/**************************************************************************************************************
// outGivenIn token x for y - polynomial equation to solve //
// ay = amount out to calculate //
// by = balance token out //
// y = by - ay (finalBalanceOut) //
// D = invariant D D^(n+1) //
// A = amplification coefficient y^2 + ( S - ---------- - D) * y - ------------- = 0 //
// n = number of tokens (A * n^n) A * n^2n * P //
// S = sum of final balances but y //
// P = product of final balances but y //
**************************************************************************************************************/// Amount out, so we round down overall.
balances[tokenIndexIn] = balances[tokenIndexIn].add(tokenAmountIn);
uint256 finalBalanceOut = _getTokenBalanceGivenInvariantAndAllOtherBalances(
amplificationParameter,
balances,
invariant,
tokenIndexOut
);
// No need to use checked arithmetic since `tokenAmountIn` was actually added to the same balance right before// calling `_getTokenBalanceGivenInvariantAndAllOtherBalances` which doesn't alter the balances array.
balances[tokenIndexIn] = balances[tokenIndexIn] - tokenAmountIn;
return balances[tokenIndexOut].sub(finalBalanceOut).sub(1);
}
// Computes how many tokens must be sent to a pool if `tokenAmountOut` are sent given the// current balances, using the Newton-Raphson approximation.// The amplification parameter equals: A n^(n-1)function_calcInGivenOut(uint256 amplificationParameter,
uint256[] memory balances,
uint256 tokenIndexIn,
uint256 tokenIndexOut,
uint256 tokenAmountOut,
uint256 invariant
) internalpurereturns (uint256) {
/**************************************************************************************************************
// inGivenOut token x for y - polynomial equation to solve //
// ax = amount in to calculate //
// bx = balance token in //
// x = bx + ax (finalBalanceIn) //
// D = invariant D D^(n+1) //
// A = amplification coefficient x^2 + ( S - ---------- - D) * x - ------------- = 0 //
// n = number of tokens (A * n^n) A * n^2n * P //
// S = sum of final balances but x //
// P = product of final balances but x //
**************************************************************************************************************/// Amount in, so we round up overall.
balances[tokenIndexOut] = balances[tokenIndexOut].sub(tokenAmountOut);
uint256 finalBalanceIn = _getTokenBalanceGivenInvariantAndAllOtherBalances(
amplificationParameter,
balances,
invariant,
tokenIndexIn
);
// No need to use checked arithmetic since `tokenAmountOut` was actually subtracted from the same balance right// before calling `_getTokenBalanceGivenInvariantAndAllOtherBalances` which doesn't alter the balances array.
balances[tokenIndexOut] = balances[tokenIndexOut] + tokenAmountOut;
return finalBalanceIn.sub(balances[tokenIndexIn]).add(1);
}
function_calcBptOutGivenExactTokensIn(uint256 amp,
uint256[] memory balances,
uint256[] memory amountsIn,
uint256 bptTotalSupply,
uint256 currentInvariant,
uint256 swapFeePercentage
) internalpurereturns (uint256) {
// BPT out, so we round down overall.// First loop calculates the sum of all token balances, which will be used to calculate// the current weights of each token, relative to this sumuint256 sumBalances =0;
for (uint256 i =0; i < balances.length; i++) {
sumBalances = sumBalances.add(balances[i]);
}
// Calculate the weighted balance ratio without considering feesuint256[] memory balanceRatiosWithFee =newuint256[](amountsIn.length);
// The weighted sum of token balance ratios with feeuint256 invariantRatioWithFees =0;
for (uint256 i =0; i < balances.length; i++) {
uint256 currentWeight = balances[i].divDown(sumBalances);
balanceRatiosWithFee[i] = balances[i].add(amountsIn[i]).divDown(balances[i]);
invariantRatioWithFees = invariantRatioWithFees.add(balanceRatiosWithFee[i].mulDown(currentWeight));
}
// Second loop calculates new amounts in, taking into account the fee on the percentage excessuint256[] memory newBalances =newuint256[](balances.length);
for (uint256 i =0; i < balances.length; i++) {
uint256 amountInWithoutFee;
// Check if the balance ratio is greater than the ideal ratio to charge fees or notif (balanceRatiosWithFee[i] > invariantRatioWithFees) {
uint256 nonTaxableAmount = balances[i].mulDown(invariantRatioWithFees.sub(FixedPoint.ONE));
uint256 taxableAmount = amountsIn[i].sub(nonTaxableAmount);
// No need to use checked arithmetic for the swap fee, it is guaranteed to be lower than 50%
amountInWithoutFee = nonTaxableAmount.add(taxableAmount.mulDown(FixedPoint.ONE - swapFeePercentage));
} else {
amountInWithoutFee = amountsIn[i];
}
newBalances[i] = balances[i].add(amountInWithoutFee);
}
uint256 newInvariant = _calculateInvariant(amp, newBalances);
uint256 invariantRatio = newInvariant.divDown(currentInvariant);
// If the invariant didn't increase for any reason, we simply don't mint BPTif (invariantRatio > FixedPoint.ONE) {
return bptTotalSupply.mulDown(invariantRatio - FixedPoint.ONE);
} else {
return0;
}
}
function_calcTokenInGivenExactBptOut(uint256 amp,
uint256[] memory balances,
uint256 tokenIndex,
uint256 bptAmountOut,
uint256 bptTotalSupply,
uint256 currentInvariant,
uint256 swapFeePercentage
) internalpurereturns (uint256) {
// Token in, so we round up overall.uint256 newInvariant = bptTotalSupply.add(bptAmountOut).divUp(bptTotalSupply).mulUp(currentInvariant);
// Calculate amount in without fee.uint256 newBalanceTokenIndex = _getTokenBalanceGivenInvariantAndAllOtherBalances(
amp,
balances,
newInvariant,
tokenIndex
);
uint256 amountInWithoutFee = newBalanceTokenIndex.sub(balances[tokenIndex]);
// First calculate the sum of all token balances, which will be used to calculate// the current weight of each tokenuint256 sumBalances =0;
for (uint256 i =0; i < balances.length; i++) {
sumBalances = sumBalances.add(balances[i]);
}
// We can now compute how much extra balance is being deposited and used in virtual swaps, and charge swap fees// accordingly.uint256 currentWeight = balances[tokenIndex].divDown(sumBalances);
uint256 taxablePercentage = currentWeight.complement();
uint256 taxableAmount = amountInWithoutFee.mulUp(taxablePercentage);
uint256 nonTaxableAmount = amountInWithoutFee.sub(taxableAmount);
// No need to use checked arithmetic for the swap fee, it is guaranteed to be lower than 50%return nonTaxableAmount.add(taxableAmount.divUp(FixedPoint.ONE - swapFeePercentage));
}
/*
Flow of calculations:
amountsTokenOut -> amountsOutProportional ->
amountOutPercentageExcess -> amountOutBeforeFee -> newInvariant -> amountBPTIn
*/function_calcBptInGivenExactTokensOut(uint256 amp,
uint256[] memory balances,
uint256[] memory amountsOut,
uint256 bptTotalSupply,
uint256 currentInvariant,
uint256 swapFeePercentage
) internalpurereturns (uint256) {
// BPT in, so we round up overall.// First loop calculates the sum of all token balances, which will be used to calculate// the current weights of each token relative to this sumuint256 sumBalances =0;
for (uint256 i =0; i < balances.length; i++) {
sumBalances = sumBalances.add(balances[i]);
}
// Calculate the weighted balance ratio without considering feesuint256[] memory balanceRatiosWithoutFee =newuint256[](amountsOut.length);
uint256 invariantRatioWithoutFees =0;
for (uint256 i =0; i < balances.length; i++) {
uint256 currentWeight = balances[i].divUp(sumBalances);
balanceRatiosWithoutFee[i] = balances[i].sub(amountsOut[i]).divUp(balances[i]);
invariantRatioWithoutFees = invariantRatioWithoutFees.add(balanceRatiosWithoutFee[i].mulUp(currentWeight));
}
// Second loop calculates new amounts in, taking into account the fee on the percentage excessuint256[] memory newBalances =newuint256[](balances.length);
for (uint256 i =0; i < balances.length; i++) {
// Swap fees are typically charged on 'token in', but there is no 'token in' here, so we apply it to// 'token out'. This results in slightly larger price impact.uint256 amountOutWithFee;
if (invariantRatioWithoutFees > balanceRatiosWithoutFee[i]) {
uint256 nonTaxableAmount = balances[i].mulDown(invariantRatioWithoutFees.complement());
uint256 taxableAmount = amountsOut[i].sub(nonTaxableAmount);
// No need to use checked arithmetic for the swap fee, it is guaranteed to be lower than 50%
amountOutWithFee = nonTaxableAmount.add(taxableAmount.divUp(FixedPoint.ONE - swapFeePercentage));
} else {
amountOutWithFee = amountsOut[i];
}
newBalances[i] = balances[i].sub(amountOutWithFee);
}
uint256 newInvariant = _calculateInvariant(amp, newBalances);
uint256 invariantRatio = newInvariant.divDown(currentInvariant);
// return amountBPTInreturn bptTotalSupply.mulUp(invariantRatio.complement());
}
function_calcTokenOutGivenExactBptIn(uint256 amp,
uint256[] memory balances,
uint256 tokenIndex,
uint256 bptAmountIn,
uint256 bptTotalSupply,
uint256 currentInvariant,
uint256 swapFeePercentage
) internalpurereturns (uint256) {
// Token out, so we round down overall.uint256 newInvariant = bptTotalSupply.sub(bptAmountIn).divUp(bptTotalSupply).mulUp(currentInvariant);
// Calculate amount out without feeuint256 newBalanceTokenIndex = _getTokenBalanceGivenInvariantAndAllOtherBalances(
amp,
balances,
newInvariant,
tokenIndex
);
uint256 amountOutWithoutFee = balances[tokenIndex].sub(newBalanceTokenIndex);
// First calculate the sum of all token balances, which will be used to calculate// the current weight of each tokenuint256 sumBalances =0;
for (uint256 i =0; i < balances.length; i++) {
sumBalances = sumBalances.add(balances[i]);
}
// We can now compute how much excess balance is being withdrawn as a result of the virtual swaps, which result// in swap fees.uint256 currentWeight = balances[tokenIndex].divDown(sumBalances);
uint256 taxablePercentage = currentWeight.complement();
// Swap fees are typically charged on 'token in', but there is no 'token in' here, so we apply it// to 'token out'. This results in slightly larger price impact. Fees are rounded up.uint256 taxableAmount = amountOutWithoutFee.mulUp(taxablePercentage);
uint256 nonTaxableAmount = amountOutWithoutFee.sub(taxableAmount);
// No need to use checked arithmetic for the swap fee, it is guaranteed to be lower than 50%return nonTaxableAmount.add(taxableAmount.mulDown(FixedPoint.ONE - swapFeePercentage));
}
// This function calculates the balance of a given token (tokenIndex)// given all the other balances and the invariantfunction_getTokenBalanceGivenInvariantAndAllOtherBalances(uint256 amplificationParameter,
uint256[] memory balances,
uint256 invariant,
uint256 tokenIndex
) internalpurereturns (uint256) {
// Rounds result up overalluint256 ampTimesTotal = amplificationParameter * balances.length;
uint256 sum = balances[0];
uint256 P_D = balances[0] * balances.length;
for (uint256 j =1; j < balances.length; j++) {
P_D = Math.divDown(Math.mul(Math.mul(P_D, balances[j]), balances.length), invariant);
sum = sum.add(balances[j]);
}
// No need to use safe math, based on the loop above `sum` is greater than or equal to `balances[tokenIndex]`
sum = sum - balances[tokenIndex];
uint256 inv2 = Math.mul(invariant, invariant);
// We remove the balance from c by multiplying ituint256 c = Math.mul(
Math.mul(Math.divUp(inv2, Math.mul(ampTimesTotal, P_D)), _AMP_PRECISION),
balances[tokenIndex]
);
uint256 b = sum.add(Math.mul(Math.divDown(invariant, ampTimesTotal), _AMP_PRECISION));
// We iterate to find the balanceuint256 prevTokenBalance =0;
// We multiply the first iteration outside the loop with the invariant to set the value of the// initial approximation.uint256 tokenBalance = Math.divUp(inv2.add(c), invariant.add(b));
for (uint256 i =0; i <255; i++) {
prevTokenBalance = tokenBalance;
tokenBalance = Math.divUp(
Math.mul(tokenBalance, tokenBalance).add(c),
Math.mul(tokenBalance, 2).add(b).sub(invariant)
);
if (tokenBalance > prevTokenBalance) {
if (tokenBalance - prevTokenBalance <=1) {
return tokenBalance;
}
} elseif (prevTokenBalance - tokenBalance <=1) {
return tokenBalance;
}
}
_revert(Errors.STABLE_GET_BALANCE_DIDNT_CONVERGE);
}
function_computeProportionalAmountsIn(uint256[] memory balances,
uint256 bptAmountOut,
uint256 totalBPT
) internalpurereturns (uint256[] memory) {
/************************************************************************************
// tokensInForExactBptOut //
// (per token) //
// aI = amountIn / bptOut \ //
// b = balance aI = b * | ------------ | //
// bptOut = bptAmountOut \ totalBPT / //
// bpt = totalBPT //
************************************************************************************/// Tokens in, so we round up overall.uint256 bptRatio = bptAmountOut.divUp(totalBPT);
uint256[] memory amountsIn =newuint256[](balances.length);
for (uint256 i =0; i < balances.length; i++) {
amountsIn[i] = balances[i].mulUp(bptRatio);
}
return amountsIn;
}
}
Contract Source Code
File 49 of 52: StablePoolAmplification.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;import"@balancer-labs/v2-pool-utils/contracts/BasePoolAuthorization.sol";
import"@balancer-labs/v2-solidity-utils/contracts/helpers/WordCodec.sol";
import"./StableMath.sol";
abstractcontractStablePoolAmplificationisBasePoolAuthorization{
usingWordCodecforbytes32;
// This contract uses timestamps to slowly update its Amplification parameter over time. These changes must occur// over a minimum time period much larger than the blocktime, making timestamp manipulation a non-issue.// solhint-disable not-rely-on-time// Amplification factor changes must happen over a minimum period of one day, and can at most divide or multiply the// current value by 2 every day.// WARNING: this only limits *a single* amplification change to have a maximum rate of change of twice the original// value daily. It is possible to perform multiple amplification changes in sequence to increase this value more// rapidly: for example, by doubling the value every day it can increase by a factor of 8 over three days (2^3).uint256privateconstant _MIN_UPDATE_TIME =1days;
uint256privateconstant _MAX_AMP_UPDATE_DAILY_RATE =2;
// The amplification data structure is as follows:// [ 64 bits | 64 bits | 64 bits | 64 bits ]// [ end time | start time | end value | start value ]// |MSB LSB|uint256privateconstant _AMP_START_VALUE_OFFSET =0;
uint256privateconstant _AMP_END_VALUE_OFFSET =64;
uint256privateconstant _AMP_START_TIME_OFFSET =128;
uint256privateconstant _AMP_END_TIME_OFFSET =192;
uint256privateconstant _AMP_VALUE_BIT_LENGTH =64;
uint256privateconstant _AMP_TIMESTAMP_BIT_LENGTH =64;
bytes32private _packedAmplificationData;
eventAmpUpdateStarted(uint256 startValue, uint256 endValue, uint256 startTime, uint256 endTime);
eventAmpUpdateStopped(uint256 currentValue);
constructor(uint256 amplificationParameter) {
_require(amplificationParameter >= StableMath._MIN_AMP, Errors.MIN_AMP);
_require(amplificationParameter <= StableMath._MAX_AMP, Errors.MAX_AMP);
uint256 initialAmp = Math.mul(amplificationParameter, StableMath._AMP_PRECISION);
_setAmplificationData(initialAmp);
}
functiongetAmplificationParameter()
externalviewreturns (uint256 value,
bool isUpdating,
uint256 precision
)
{
(value, isUpdating) = _getAmplificationParameter();
precision = StableMath._AMP_PRECISION;
}
// Return the current amp value, which will be an interpolation if there is an ongoing amp update.// Also return a flag indicating whether there is an ongoing update.function_getAmplificationParameter() internalviewreturns (uint256 value, bool isUpdating) {
(uint256 startValue, uint256 endValue, uint256 startTime, uint256 endTime) = _getAmplificationData();
// Note that block.timestamp >= startTime, since startTime is set to the current time when an update startsif (block.timestamp< endTime) {
isUpdating =true;
// We can skip checked arithmetic as:// - block.timestamp is always larger or equal to startTime// - endTime is always larger than startTime// - the value delta is bounded by the largest amplification parameter, which never causes the// multiplication to overflow.// This also means that the following computation will never revert nor yield invalid results.if (endValue > startValue) {
value = startValue + ((endValue - startValue) * (block.timestamp- startTime)) / (endTime - startTime);
} else {
value = startValue - ((startValue - endValue) * (block.timestamp- startTime)) / (endTime - startTime);
}
} else {
isUpdating =false;
value = endValue;
}
}
// Unpack and return all amplification-related parameters.function_getAmplificationData()
privateviewreturns (uint256 startValue,
uint256 endValue,
uint256 startTime,
uint256 endTime
)
{
startValue = _packedAmplificationData.decodeUint(_AMP_START_VALUE_OFFSET, _AMP_VALUE_BIT_LENGTH);
endValue = _packedAmplificationData.decodeUint(_AMP_END_VALUE_OFFSET, _AMP_VALUE_BIT_LENGTH);
startTime = _packedAmplificationData.decodeUint(_AMP_START_TIME_OFFSET, _AMP_TIMESTAMP_BIT_LENGTH);
endTime = _packedAmplificationData.decodeUint(_AMP_END_TIME_OFFSET, _AMP_TIMESTAMP_BIT_LENGTH);
}
/**
* @dev Begin changing the amplification parameter to `rawEndValue` over time. The value will change linearly until
* `endTime` is reached, when it will be `rawEndValue`.
*
* NOTE: Internally, the amplification parameter is represented using higher precision. The values returned by
* `getAmplificationParameter` have to be corrected to account for this when comparing to `rawEndValue`.
*/functionstartAmplificationParameterUpdate(uint256 rawEndValue, uint256 endTime) externalauthenticate{
_require(rawEndValue >= StableMath._MIN_AMP, Errors.MIN_AMP);
_require(rawEndValue <= StableMath._MAX_AMP, Errors.MAX_AMP);
uint256 duration = Math.sub(endTime, block.timestamp);
_require(duration >= _MIN_UPDATE_TIME, Errors.AMP_END_TIME_TOO_CLOSE);
(uint256 currentValue, bool isUpdating) = _getAmplificationParameter();
_require(!isUpdating, Errors.AMP_ONGOING_UPDATE);
uint256 endValue = Math.mul(rawEndValue, StableMath._AMP_PRECISION);
// daily rate = (endValue / currentValue) / duration * 1 day// We perform all multiplications first to not reduce precision, and round the division up as we want to avoid// large rates. Note that these are regular integer multiplications and divisions, not fixed point.uint256 dailyRate = endValue > currentValue
? Math.divUp(Math.mul(1days, endValue), Math.mul(currentValue, duration))
: Math.divUp(Math.mul(1days, currentValue), Math.mul(endValue, duration));
_require(dailyRate <= _MAX_AMP_UPDATE_DAILY_RATE, Errors.AMP_RATE_TOO_HIGH);
_setAmplificationData(currentValue, endValue, block.timestamp, endTime);
}
/**
* @dev Stops the amplification parameter change process, keeping the current value.
*/functionstopAmplificationParameterUpdate() externalauthenticate{
(uint256 currentValue, bool isUpdating) = _getAmplificationParameter();
_require(isUpdating, Errors.AMP_NO_ONGOING_UPDATE);
_setAmplificationData(currentValue);
}
function_setAmplificationData(uint256 value) private{
_storeAmplificationData(value, value, block.timestamp, block.timestamp);
emit AmpUpdateStopped(value);
}
function_setAmplificationData(uint256 startValue,
uint256 endValue,
uint256 startTime,
uint256 endTime
) private{
_storeAmplificationData(startValue, endValue, startTime, endTime);
emit AmpUpdateStarted(startValue, endValue, startTime, endTime);
}
function_storeAmplificationData(uint256 startValue,
uint256 endValue,
uint256 startTime,
uint256 endTime
) private{
_packedAmplificationData =
WordCodec.encodeUint(startValue, _AMP_START_VALUE_OFFSET, _AMP_VALUE_BIT_LENGTH) |
WordCodec.encodeUint(endValue, _AMP_END_VALUE_OFFSET, _AMP_VALUE_BIT_LENGTH) |
WordCodec.encodeUint(startTime, _AMP_START_TIME_OFFSET, _AMP_TIMESTAMP_BIT_LENGTH) |
WordCodec.encodeUint(endTime, _AMP_END_TIME_OFFSET, _AMP_TIMESTAMP_BIT_LENGTH);
}
// Permissioned functions/**
* @dev Overrides only owner action to allow setting the cache duration for the token rates
*/function_isOwnerOnlyAction(bytes32 actionId) internalviewvirtualoverridereturns (bool) {
return
(actionId == getActionId(this.startAmplificationParameterUpdate.selector)) ||
(actionId == getActionId(this.stopAmplificationParameterUpdate.selector)) ||super._isOwnerOnlyAction(actionId);
}
}
Contract Source Code
File 50 of 52: StablePoolUserData.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;libraryStablePoolUserData{
enumJoinKind { INIT, EXACT_TOKENS_IN_FOR_BPT_OUT, TOKEN_IN_FOR_EXACT_BPT_OUT, ALL_TOKENS_IN_FOR_EXACT_BPT_OUT }
enumExitKind { EXACT_BPT_IN_FOR_ONE_TOKEN_OUT, BPT_IN_FOR_EXACT_TOKENS_OUT, EXACT_BPT_IN_FOR_ALL_TOKENS_OUT }
functionjoinKind(bytesmemoryself) internalpurereturns (JoinKind) {
returnabi.decode(self, (JoinKind));
}
functionexitKind(bytesmemoryself) internalpurereturns (ExitKind) {
returnabi.decode(self, (ExitKind));
}
// JoinsfunctioninitialAmountsIn(bytesmemoryself) internalpurereturns (uint256[] memory amountsIn) {
(, amountsIn) =abi.decode(self, (JoinKind, uint256[]));
}
functionexactTokensInForBptOut(bytesmemoryself)
internalpurereturns (uint256[] memory amountsIn, uint256 minBPTAmountOut)
{
(, amountsIn, minBPTAmountOut) =abi.decode(self, (JoinKind, uint256[], uint256));
}
functiontokenInForExactBptOut(bytesmemoryself) internalpurereturns (uint256 bptAmountOut, uint256 tokenIndex) {
(, bptAmountOut, tokenIndex) =abi.decode(self, (JoinKind, uint256, uint256));
}
functionallTokensInForExactBptOut(bytesmemoryself) internalpurereturns (uint256 bptAmountOut) {
(, bptAmountOut) =abi.decode(self, (JoinKind, uint256));
}
// ExitsfunctionexactBptInForTokenOut(bytesmemoryself) internalpurereturns (uint256 bptAmountIn, uint256 tokenIndex) {
(, bptAmountIn, tokenIndex) =abi.decode(self, (ExitKind, uint256, uint256));
}
functionexactBptInForTokensOut(bytesmemoryself) internalpurereturns (uint256 bptAmountIn) {
(, bptAmountIn) =abi.decode(self, (ExitKind, uint256));
}
functionbptInForExactTokensOut(bytesmemoryself)
internalpurereturns (uint256[] memory amountsOut, uint256 maxBPTAmountIn)
{
(, amountsOut, maxBPTAmountIn) =abi.decode(self, (ExitKind, uint256[], uint256));
}
}
Contract Source Code
File 51 of 52: TemporarilyPausable.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;import"@balancer-labs/v2-interfaces/contracts/solidity-utils/helpers/BalancerErrors.sol";
import"@balancer-labs/v2-interfaces/contracts/solidity-utils/helpers/ITemporarilyPausable.sol";
/**
* @dev Allows for a contract to be paused during an initial period after deployment, disabling functionality. Can be
* used as an emergency switch in case a security vulnerability or threat is identified.
*
* The contract can only be paused during the Pause Window, a period that starts at deployment. It can also be
* unpaused and repaused any number of times during this period. This is intended to serve as a safety measure: it lets
* system managers react quickly to potentially dangerous situations, knowing that this action is reversible if careful
* analysis later determines there was a false alarm.
*
* If the contract is paused when the Pause Window finishes, it will remain in the paused state through an additional
* Buffer Period, after which it will be automatically unpaused forever. This is to ensure there is always enough time
* to react to an emergency, even if the threat is discovered shortly before the Pause Window expires.
*
* Note that since the contract can only be paused within the Pause Window, unpausing during the Buffer Period is
* irreversible.
*/abstractcontractTemporarilyPausableisITemporarilyPausable{
// The Pause Window and Buffer Period are timestamp-based: they should not be relied upon for sub-minute accuracy.// solhint-disable not-rely-on-timeuint256privateconstant _MAX_PAUSE_WINDOW_DURATION =90days;
uint256privateconstant _MAX_BUFFER_PERIOD_DURATION =30days;
uint256privateimmutable _pauseWindowEndTime;
uint256privateimmutable _bufferPeriodEndTime;
boolprivate _paused;
constructor(uint256 pauseWindowDuration, uint256 bufferPeriodDuration) {
_require(pauseWindowDuration <= _MAX_PAUSE_WINDOW_DURATION, Errors.MAX_PAUSE_WINDOW_DURATION);
_require(bufferPeriodDuration <= _MAX_BUFFER_PERIOD_DURATION, Errors.MAX_BUFFER_PERIOD_DURATION);
uint256 pauseWindowEndTime =block.timestamp+ pauseWindowDuration;
_pauseWindowEndTime = pauseWindowEndTime;
_bufferPeriodEndTime = pauseWindowEndTime + bufferPeriodDuration;
}
/**
* @dev Reverts if the contract is paused.
*/modifierwhenNotPaused() {
_ensureNotPaused();
_;
}
/**
* @dev Returns the current contract pause status, as well as the end times of the Pause Window and Buffer
* Period.
*/functiongetPausedState()
externalviewoverridereturns (bool paused,
uint256 pauseWindowEndTime,
uint256 bufferPeriodEndTime
)
{
paused =!_isNotPaused();
pauseWindowEndTime = _getPauseWindowEndTime();
bufferPeriodEndTime = _getBufferPeriodEndTime();
}
/**
* @dev Sets the pause state to `paused`. The contract can only be paused until the end of the Pause Window, and
* unpaused until the end of the Buffer Period.
*
* Once the Buffer Period expires, this function reverts unconditionally.
*/function_setPaused(bool paused) internal{
if (paused) {
_require(block.timestamp< _getPauseWindowEndTime(), Errors.PAUSE_WINDOW_EXPIRED);
} else {
_require(block.timestamp< _getBufferPeriodEndTime(), Errors.BUFFER_PERIOD_EXPIRED);
}
_paused = paused;
emit PausedStateChanged(paused);
}
/**
* @dev Reverts if the contract is paused.
*/function_ensureNotPaused() internalview{
_require(_isNotPaused(), Errors.PAUSED);
}
/**
* @dev Reverts if the contract is not paused.
*/function_ensurePaused() internalview{
_require(!_isNotPaused(), Errors.NOT_PAUSED);
}
/**
* @dev Returns true if the contract is unpaused.
*
* Once the Buffer Period expires, the gas cost of calling this function is reduced dramatically, as storage is no
* longer accessed.
*/function_isNotPaused() internalviewreturns (bool) {
// After the Buffer Period, the (inexpensive) timestamp check short-circuits the storage access.returnblock.timestamp> _getBufferPeriodEndTime() ||!_paused;
}
// These getters lead to reduced bytecode size by inlining the immutable variables in a single place.function_getPauseWindowEndTime() privateviewreturns (uint256) {
return _pauseWindowEndTime;
}
function_getBufferPeriodEndTime() privateviewreturns (uint256) {
return _bufferPeriodEndTime;
}
}
Contract Source Code
File 52 of 52: WordCodec.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;import"@balancer-labs/v2-interfaces/contracts/solidity-utils/helpers/BalancerErrors.sol";
import"../math/Math.sol";
/**
* @dev Library for encoding and decoding values stored inside a 256 bit word. Typically used to pack multiple values in
* a single storage slot, saving gas by performing less storage accesses.
*
* Each value is defined by its size and the least significant bit in the word, also known as offset. For example, two
* 128 bit values may be encoded in a word by assigning one an offset of 0, and the other an offset of 128.
*
* We could use Solidity structs to pack values together in a single storage slot instead of relying on a custom and
* error-prone library, but unfortunately Solidity only allows for structs to live in either storage, calldata or
* memory. Because a memory struct uses not just memory but also a slot in the stack (to store its memory location),
* using memory for word-sized values (i.e. of 256 bits or less) is strictly less gas performant, and doesn't even
* prevent stack-too-deep issues. This is compounded by the fact that Balancer contracts typically are memory-intensive,
* and the cost of accesing memory increases quadratically with the number of allocated words. Manual packing and
* unpacking is therefore the preferred approach.
*/libraryWordCodec{
// Masks are values with the least significant N bits set. They can be used to extract an encoded value from a word,// or to insert a new one replacing the old.uint256privateconstant _MASK_1 =2**(1) -1;
uint256privateconstant _MASK_192 =2**(192) -1;
// In-place insertion/**
* @dev Inserts an unsigned integer of bitLength, shifted by an offset, into a 256 bit word,
* replacing the old value. Returns the new word.
*/functioninsertUint(bytes32 word,
uint256 value,
uint256 offset,
uint256 bitLength
) internalpurereturns (bytes32) {
_validateEncodingParams(value, offset, bitLength);
uint256 mask = (1<< bitLength) -1;
bytes32 clearedWord =bytes32(uint256(word) &~(mask << offset));
return clearedWord |bytes32(value << offset);
}
/**
* @dev Inserts a signed integer shifted by an offset into a 256 bit word, replacing the old value. Returns
* the new word.
*
* Assumes `value` can be represented using `bitLength` bits.
*/functioninsertInt(bytes32 word,
int256 value,
uint256 offset,
uint256 bitLength
) internalpurereturns (bytes32) {
_validateEncodingParams(value, offset, bitLength);
uint256 mask = (1<< bitLength) -1;
bytes32 clearedWord =bytes32(uint256(word) &~(mask << offset));
// Integer values need masking to remove the upper bits of negative values.return clearedWord |bytes32((uint256(value) & mask) << offset);
}
// Encoding/**
* @dev Encodes an unsigned integer shifted by an offset. Ensures value fits within
* `bitLength` bits.
*
* The return value can be ORed bitwise with other encoded values to form a 256 bit word.
*/functionencodeUint(uint256 value,
uint256 offset,
uint256 bitLength
) internalpurereturns (bytes32) {
_validateEncodingParams(value, offset, bitLength);
returnbytes32(value << offset);
}
/**
* @dev Encodes a signed integer shifted by an offset.
*
* The return value can be ORed bitwise with other encoded values to form a 256 bit word.
*/functionencodeInt(int256 value,
uint256 offset,
uint256 bitLength
) internalpurereturns (bytes32) {
_validateEncodingParams(value, offset, bitLength);
uint256 mask = (1<< bitLength) -1;
// Integer values need masking to remove the upper bits of negative values.returnbytes32((uint256(value) & mask) << offset);
}
// Decoding/**
* @dev Decodes and returns an unsigned integer with `bitLength` bits, shifted by an offset, from a 256 bit word.
*/functiondecodeUint(bytes32 word,
uint256 offset,
uint256 bitLength
) internalpurereturns (uint256) {
returnuint256(word >> offset) & ((1<< bitLength) -1);
}
/**
* @dev Decodes and returns a signed integer with `bitLength` bits, shifted by an offset, from a 256 bit word.
*/functiondecodeInt(bytes32 word,
uint256 offset,
uint256 bitLength
) internalpurereturns (int256) {
int256 maxInt =int256((1<< (bitLength -1)) -1);
uint256 mask = (1<< bitLength) -1;
int256 value =int256(uint256(word >> offset) & mask);
// In case the decoded value is greater than the max positive integer that can be represented with bitLength// bits, we know it was originally a negative integer. Therefore, we mask it to restore the sign in the 256 bit// representation.return value > maxInt ? (value |int256(~mask)) : value;
}
// Special cases/**
* @dev Decodes and returns a boolean shifted by an offset from a 256 bit word.
*/functiondecodeBool(bytes32 word, uint256 offset) internalpurereturns (bool) {
return (uint256(word >> offset) & _MASK_1) ==1;
}
/**
* @dev Inserts a 192 bit value shifted by an offset into a 256 bit word, replacing the old value.
* Returns the new word.
*
* Assumes `value` can be represented using 192 bits.
*/functioninsertBits192(bytes32 word,
bytes32 value,
uint256 offset
) internalpurereturns (bytes32) {
bytes32 clearedWord =bytes32(uint256(word) &~(_MASK_192 << offset));
return clearedWord |bytes32((uint256(value) & _MASK_192) << offset);
}
/**
* @dev Inserts a boolean value shifted by an offset into a 256 bit word, replacing the old value. Returns the new
* word.
*/functioninsertBool(bytes32 word,
bool value,
uint256 offset
) internalpurereturns (bytes32) {
bytes32 clearedWord =bytes32(uint256(word) &~(_MASK_1 << offset));
return clearedWord |bytes32(uint256(value ? 1 : 0) << offset);
}
// Helpersfunction_validateEncodingParams(uint256 value,
uint256 offset,
uint256 bitLength
) privatepure{
_require(offset <256, Errors.OUT_OF_BOUNDS);
// We never accept 256 bit values (which would make the codec pointless), and the larger the offset the smaller// the maximum bit length.
_require(bitLength >=1&& bitLength <= Math.min(255, 256- offset), Errors.OUT_OF_BOUNDS);
// Testing unsigned values for size is straightforward: their upper bits must be cleared.
_require(value >> bitLength ==0, Errors.CODEC_OVERFLOW);
}
function_validateEncodingParams(int256 value,
uint256 offset,
uint256 bitLength
) privatepure{
_require(offset <256, Errors.OUT_OF_BOUNDS);
// We never accept 256 bit values (which would make the codec pointless), and the larger the offset the smaller// the maximum bit length.
_require(bitLength >=1&& bitLength <= Math.min(255, 256- offset), Errors.OUT_OF_BOUNDS);
// Testing signed values for size is a bit more involved.if (value >=0) {
// For positive values, we can simply check that the upper bits are clear. Notice we remove one bit from the// length for the sign bit.
_require(value >> (bitLength -1) ==0, Errors.CODEC_OVERFLOW);
} else {
// Negative values can receive the same treatment by making them positive, with the caveat that the range// for negative values in two's complement supports one more value than for the positive case.
_require(Math.abs(value +1) >> (bitLength -1) ==0, Errors.CODEC_OVERFLOW);
}
}
}
