// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;import"./BalancerErrors.sol";
import"./IAuthentication.sol";
/**
* @dev Building block for performing access control on external functions.
*
* This contract is used via the `authenticate` modifier (or the `_authenticateCaller` function), which can be applied
* to external functions to only make them callable by authorized accounts.
*
* Derived contracts must implement the `_canPerform` function, which holds the actual access control logic.
*/abstractcontractAuthenticationisIAuthentication{
bytes32privateimmutable _actionIdDisambiguator;
/**
* @dev The main purpose of the `actionIdDisambiguator` is to prevent accidental function selector collisions in
* multi contract systems.
*
* There are two main uses for it:
* - if the contract is a singleton, any unique identifier can be used to make the associated action identifiers
* unique. The contract's own address is a good option.
* - if the contract belongs to a family that shares action identifiers for the same functions, an identifier
* shared by the entire family (and no other contract) should be used instead.
*/constructor(bytes32 actionIdDisambiguator) {
_actionIdDisambiguator = actionIdDisambiguator;
}
/**
* @dev Reverts unless the caller is allowed to call this function. Should only be applied to external functions.
*/modifierauthenticate() {
_authenticateCaller();
_;
}
/**
* @dev Reverts unless the caller is allowed to call the entry point function.
*/function_authenticateCaller() internalview{
bytes32 actionId = getActionId(msg.sig);
_require(_canPerform(actionId, msg.sender), Errors.SENDER_NOT_ALLOWED);
}
functiongetActionId(bytes4 selector) publicviewoverridereturns (bytes32) {
// Each external function is dynamically assigned an action identifier as the hash of the disambiguator and the// function selector. Disambiguation is necessary to avoid potential collisions in the function selectors of// multiple contracts.returnkeccak256(abi.encodePacked(_actionIdDisambiguator, selector));
}
function_canPerform(bytes32 actionId, address user) internalviewvirtualreturns (bool);
}
Contract Source Code
File 2 of 28: BalancerErrors.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;// solhint-disable/**
* @dev Reverts if `condition` is false, with a revert reason containing `errorCode`. Only codes up to 999 are
* supported.
*/function_require(bool condition, uint256 errorCode) pure{
if (!condition) _revert(errorCode);
}
/**
* @dev Reverts with a revert reason containing `errorCode`. Only codes up to 999 are supported.
*/function_revert(uint256 errorCode) pure{
// We're going to dynamically create a revert string based on the error code, with the following format:// 'BAL#{errorCode}'// where the code is left-padded with zeroes to three digits (so they range from 000 to 999).//// We don't have revert strings embedded in the contract to save bytecode size: it takes much less space to store a// number (8 to 16 bits) than the individual string characters.//// The dynamic string creation algorithm that follows could be implemented in Solidity, but assembly allows for a// much denser implementation, again saving bytecode size. Given this function unconditionally reverts, this is a// safe place to rely on it without worrying about how its usage might affect e.g. memory contents.assembly {
// First, we need to compute the ASCII representation of the error code. We assume that it is in the 0-999// range, so we only need to convert three digits. To convert the digits to ASCII, we add 0x30, the value for// the '0' character.let units :=add(mod(errorCode, 10), 0x30)
errorCode :=div(errorCode, 10)
let tenths :=add(mod(errorCode, 10), 0x30)
errorCode :=div(errorCode, 10)
let hundreds :=add(mod(errorCode, 10), 0x30)
// With the individual characters, we can now construct the full string. The "BAL#" part is a known constant// (0x42414c23): we simply shift this by 24 (to provide space for the 3 bytes of the error code), and add the// characters to it, each shifted by a multiple of 8.// The revert reason is then shifted left by 200 bits (256 minus the length of the string, 7 characters * 8 bits// per character = 56) to locate it in the most significant part of the 256 slot (the beginning of a byte// array).let revertReason :=shl(200, add(0x42414c23000000, add(add(units, shl(8, tenths)), shl(16, hundreds))))
// We can now encode the reason in memory, which can be safely overwritten as we're about to revert. The encoded// message will have the following layout:// [ revert reason identifier ] [ string location offset ] [ string length ] [ string contents ]// The Solidity revert reason identifier is 0x08c739a0, the function selector of the Error(string) function. We// also write zeroes to the next 28 bytes of memory, but those are about to be overwritten.mstore(0x0, 0x08c379a000000000000000000000000000000000000000000000000000000000)
// Next is the offset to the location of the string, which will be placed immediately after (20 bytes away).mstore(0x04, 0x0000000000000000000000000000000000000000000000000000000000000020)
// The string length is fixed: 7 characters.mstore(0x24, 7)
// Finally, the string itself is stored.mstore(0x44, revertReason)
// Even if the string is only 7 bytes long, we need to return a full 32 byte slot containing it. The length of// the encoded message is therefore 4 + 32 + 32 + 32 = 100.revert(0, 100)
}
}
libraryErrors{
// Mathuint256internalconstant ADD_OVERFLOW =0;
uint256internalconstant SUB_OVERFLOW =1;
uint256internalconstant SUB_UNDERFLOW =2;
uint256internalconstant MUL_OVERFLOW =3;
uint256internalconstant ZERO_DIVISION =4;
uint256internalconstant DIV_INTERNAL =5;
uint256internalconstant X_OUT_OF_BOUNDS =6;
uint256internalconstant Y_OUT_OF_BOUNDS =7;
uint256internalconstant PRODUCT_OUT_OF_BOUNDS =8;
uint256internalconstant INVALID_EXPONENT =9;
// Inputuint256internalconstant OUT_OF_BOUNDS =100;
uint256internalconstant UNSORTED_ARRAY =101;
uint256internalconstant UNSORTED_TOKENS =102;
uint256internalconstant INPUT_LENGTH_MISMATCH =103;
uint256internalconstant ZERO_TOKEN =104;
// Shared poolsuint256internalconstant MIN_TOKENS =200;
uint256internalconstant MAX_TOKENS =201;
uint256internalconstant MAX_SWAP_FEE_PERCENTAGE =202;
uint256internalconstant MIN_SWAP_FEE_PERCENTAGE =203;
uint256internalconstant MINIMUM_BPT =204;
uint256internalconstant CALLER_NOT_VAULT =205;
uint256internalconstant UNINITIALIZED =206;
uint256internalconstant BPT_IN_MAX_AMOUNT =207;
uint256internalconstant BPT_OUT_MIN_AMOUNT =208;
uint256internalconstant EXPIRED_PERMIT =209;
// Poolsuint256internalconstant MIN_AMP =300;
uint256internalconstant MAX_AMP =301;
uint256internalconstant MIN_WEIGHT =302;
uint256internalconstant MAX_STABLE_TOKENS =303;
uint256internalconstant MAX_IN_RATIO =304;
uint256internalconstant MAX_OUT_RATIO =305;
uint256internalconstant MIN_BPT_IN_FOR_TOKEN_OUT =306;
uint256internalconstant MAX_OUT_BPT_FOR_TOKEN_IN =307;
uint256internalconstant NORMALIZED_WEIGHT_INVARIANT =308;
uint256internalconstant INVALID_TOKEN =309;
uint256internalconstant UNHANDLED_JOIN_KIND =310;
uint256internalconstant ZERO_INVARIANT =311;
uint256internalconstant ORACLE_INVALID_SECONDS_QUERY =312;
uint256internalconstant ORACLE_NOT_INITIALIZED =313;
uint256internalconstant ORACLE_QUERY_TOO_OLD =314;
uint256internalconstant ORACLE_INVALID_INDEX =315;
uint256internalconstant ORACLE_BAD_SECS =316;
// Libuint256internalconstant REENTRANCY =400;
uint256internalconstant SENDER_NOT_ALLOWED =401;
uint256internalconstant PAUSED =402;
uint256internalconstant PAUSE_WINDOW_EXPIRED =403;
uint256internalconstant MAX_PAUSE_WINDOW_DURATION =404;
uint256internalconstant MAX_BUFFER_PERIOD_DURATION =405;
uint256internalconstant INSUFFICIENT_BALANCE =406;
uint256internalconstant INSUFFICIENT_ALLOWANCE =407;
uint256internalconstant ERC20_TRANSFER_FROM_ZERO_ADDRESS =408;
uint256internalconstant ERC20_TRANSFER_TO_ZERO_ADDRESS =409;
uint256internalconstant ERC20_MINT_TO_ZERO_ADDRESS =410;
uint256internalconstant ERC20_BURN_FROM_ZERO_ADDRESS =411;
uint256internalconstant ERC20_APPROVE_FROM_ZERO_ADDRESS =412;
uint256internalconstant ERC20_APPROVE_TO_ZERO_ADDRESS =413;
uint256internalconstant ERC20_TRANSFER_EXCEEDS_ALLOWANCE =414;
uint256internalconstant ERC20_DECREASED_ALLOWANCE_BELOW_ZERO =415;
uint256internalconstant ERC20_TRANSFER_EXCEEDS_BALANCE =416;
uint256internalconstant ERC20_BURN_EXCEEDS_ALLOWANCE =417;
uint256internalconstant SAFE_ERC20_CALL_FAILED =418;
uint256internalconstant ADDRESS_INSUFFICIENT_BALANCE =419;
uint256internalconstant ADDRESS_CANNOT_SEND_VALUE =420;
uint256internalconstant SAFE_CAST_VALUE_CANT_FIT_INT256 =421;
uint256internalconstant GRANT_SENDER_NOT_ADMIN =422;
uint256internalconstant REVOKE_SENDER_NOT_ADMIN =423;
uint256internalconstant RENOUNCE_SENDER_NOT_ALLOWED =424;
uint256internalconstant BUFFER_PERIOD_EXPIRED =425;
// Vaultuint256internalconstant INVALID_POOL_ID =500;
uint256internalconstant CALLER_NOT_POOL =501;
uint256internalconstant SENDER_NOT_ASSET_MANAGER =502;
uint256internalconstant USER_DOESNT_ALLOW_RELAYER =503;
uint256internalconstant INVALID_SIGNATURE =504;
uint256internalconstant EXIT_BELOW_MIN =505;
uint256internalconstant JOIN_ABOVE_MAX =506;
uint256internalconstant SWAP_LIMIT =507;
uint256internalconstant SWAP_DEADLINE =508;
uint256internalconstant CANNOT_SWAP_SAME_TOKEN =509;
uint256internalconstant UNKNOWN_AMOUNT_IN_FIRST_SWAP =510;
uint256internalconstant MALCONSTRUCTED_MULTIHOP_SWAP =511;
uint256internalconstant INTERNAL_BALANCE_OVERFLOW =512;
uint256internalconstant INSUFFICIENT_INTERNAL_BALANCE =513;
uint256internalconstant INVALID_ETH_INTERNAL_BALANCE =514;
uint256internalconstant INVALID_POST_LOAN_BALANCE =515;
uint256internalconstant INSUFFICIENT_ETH =516;
uint256internalconstant UNALLOCATED_ETH =517;
uint256internalconstant ETH_TRANSFER =518;
uint256internalconstant CANNOT_USE_ETH_SENTINEL =519;
uint256internalconstant TOKENS_MISMATCH =520;
uint256internalconstant TOKEN_NOT_REGISTERED =521;
uint256internalconstant TOKEN_ALREADY_REGISTERED =522;
uint256internalconstant TOKENS_ALREADY_SET =523;
uint256internalconstant TOKENS_LENGTH_MUST_BE_2 =524;
uint256internalconstant NONZERO_TOKEN_BALANCE =525;
uint256internalconstant BALANCE_TOTAL_OVERFLOW =526;
uint256internalconstant POOL_NO_TOKENS =527;
uint256internalconstant INSUFFICIENT_FLASH_LOAN_BALANCE =528;
// Feesuint256internalconstant SWAP_FEE_PERCENTAGE_TOO_HIGH =600;
uint256internalconstant FLASH_LOAN_FEE_PERCENTAGE_TOO_HIGH =601;
uint256internalconstant INSUFFICIENT_FLASH_LOAN_FEE_AMOUNT =602;
}
Contract Source Code
File 3 of 28: BalancerPoolToken.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;import"../lib/math/Math.sol";
import"../lib/openzeppelin/IERC20.sol";
import"../lib/openzeppelin/IERC20Permit.sol";
import"../lib/openzeppelin/EIP712.sol";
/**
* @title Highly opinionated token implementation
* @author Balancer Labs
* @dev
* - Includes functions to increase and decrease allowance as a workaround
* for the well-known issue with `approve`:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
* - Allows for 'infinite allowance', where an allowance of 0xff..ff is not
* decreased by calls to transferFrom
* - Lets a token holder use `transferFrom` to send their own tokens,
* without first setting allowance
* - Emits 'Approval' events whenever allowance is changed by `transferFrom`
*/contractBalancerPoolTokenisIERC20, IERC20Permit, EIP712{
usingMathforuint256;
// State variablesuint8privateconstant _DECIMALS =18;
mapping(address=>uint256) private _balance;
mapping(address=>mapping(address=>uint256)) private _allowance;
uint256private _totalSupply;
stringprivate _name;
stringprivate _symbol;
mapping(address=>uint256) private _nonces;
// solhint-disable-next-line var-name-mixedcasebytes32privateimmutable _PERMIT_TYPE_HASH =keccak256(
"Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)"
);
// Function declarationsconstructor(stringmemory tokenName, stringmemory tokenSymbol) EIP712(tokenName, "1") {
_name = tokenName;
_symbol = tokenSymbol;
}
// External functionsfunctionallowance(address owner, address spender) externalviewoverridereturns (uint256) {
return _allowance[owner][spender];
}
functionbalanceOf(address account) externalviewoverridereturns (uint256) {
return _balance[account];
}
functionapprove(address spender, uint256 amount) externaloverridereturns (bool) {
_setAllowance(msg.sender, spender, amount);
returntrue;
}
functionincreaseApproval(address spender, uint256 amount) externalreturns (bool) {
_setAllowance(msg.sender, spender, _allowance[msg.sender][spender].add(amount));
returntrue;
}
functiondecreaseApproval(address spender, uint256 amount) externalreturns (bool) {
uint256 currentAllowance = _allowance[msg.sender][spender];
if (amount >= currentAllowance) {
_setAllowance(msg.sender, spender, 0);
} else {
_setAllowance(msg.sender, spender, currentAllowance.sub(amount));
}
returntrue;
}
functiontransfer(address recipient, uint256 amount) externaloverridereturns (bool) {
_move(msg.sender, recipient, amount);
returntrue;
}
functiontransferFrom(address sender,
address recipient,
uint256 amount
) externaloverridereturns (bool) {
uint256 currentAllowance = _allowance[sender][msg.sender];
_require(msg.sender== sender || currentAllowance >= amount, Errors.INSUFFICIENT_ALLOWANCE);
_move(sender, recipient, amount);
if (msg.sender!= sender && currentAllowance !=uint256(-1)) {
// Because of the previous require, we know that if msg.sender != sender then currentAllowance >= amount
_setAllowance(sender, msg.sender, currentAllowance - amount);
}
returntrue;
}
functionpermit(address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) publicvirtualoverride{
// solhint-disable-next-line not-rely-on-time
_require(block.timestamp<= deadline, Errors.EXPIRED_PERMIT);
uint256 nonce = _nonces[owner];
bytes32 structHash =keccak256(abi.encode(_PERMIT_TYPE_HASH, owner, spender, value, nonce, deadline));
bytes32 hash = _hashTypedDataV4(structHash);
address signer =ecrecover(hash, v, r, s);
_require((signer !=address(0)) && (signer == owner), Errors.INVALID_SIGNATURE);
_nonces[owner] = nonce +1;
_setAllowance(owner, spender, value);
}
// Public functionsfunctionname() publicviewreturns (stringmemory) {
return _name;
}
functionsymbol() publicviewreturns (stringmemory) {
return _symbol;
}
functiondecimals() publicpurereturns (uint8) {
return _DECIMALS;
}
functiontotalSupply() publicviewoverridereturns (uint256) {
return _totalSupply;
}
functionnonces(address owner) externalviewoverridereturns (uint256) {
return _nonces[owner];
}
// solhint-disable-next-line func-name-mixedcasefunctionDOMAIN_SEPARATOR() externalviewoverridereturns (bytes32) {
return _domainSeparatorV4();
}
// Internal functionsfunction_mintPoolTokens(address recipient, uint256 amount) internal{
_balance[recipient] = _balance[recipient].add(amount);
_totalSupply = _totalSupply.add(amount);
emit Transfer(address(0), recipient, amount);
}
function_burnPoolTokens(address sender, uint256 amount) internal{
uint256 currentBalance = _balance[sender];
_require(currentBalance >= amount, Errors.INSUFFICIENT_BALANCE);
_balance[sender] = currentBalance - amount;
_totalSupply = _totalSupply.sub(amount);
emit Transfer(sender, address(0), amount);
}
function_move(address sender,
address recipient,
uint256 amount
) internal{
uint256 currentBalance = _balance[sender];
_require(currentBalance >= amount, Errors.INSUFFICIENT_BALANCE);
// Prohibit transfers to the zero address to avoid confusion with the// Transfer event emitted by `_burnPoolTokens`
_require(recipient !=address(0), Errors.ERC20_TRANSFER_TO_ZERO_ADDRESS);
_balance[sender] = currentBalance - amount;
_balance[recipient] = _balance[recipient].add(amount);
emit Transfer(sender, recipient, amount);
}
// Private functionsfunction_setAllowance(address owner,
address spender,
uint256 amount
) private{
_allowance[owner][spender] = amount;
emit Approval(owner, spender, amount);
}
}
Contract Source Code
File 4 of 28: ConvergentCurvePool.sol
// SPDX-License-Identifier: Apache-2.0pragmasolidity ^0.7.0;pragmaexperimentalABIEncoderV2;import"./interfaces/IERC20Decimals.sol";
import"./balancer-core-v2/lib/math/LogExpMath.sol";
import"./balancer-core-v2/lib/math/FixedPoint.sol";
import"./balancer-core-v2/vault/interfaces/IMinimalSwapInfoPool.sol";
import"./balancer-core-v2/vault/interfaces/IVault.sol";
import"./balancer-core-v2/pools/BalancerPoolToken.sol";
contractConvergentCurvePoolisIMinimalSwapInfoPool, BalancerPoolToken{
usingLogExpMathforuint256;
usingFixedPointforuint256;
// The token we expect to stay constant in value
IERC20 publicimmutable underlying;
uint8publicimmutable underlyingDecimals;
// The token we expect to appreciate to match underlying
IERC20 publicimmutable bond;
uint8publicimmutable bondDecimals;
// The expiration timeuint256publicimmutable expiration;
// The number of seconds in our timescaleuint256publicimmutable unitSeconds;
// The Balancer pool data// Note we change style to match Balancer's custom getter
IVault privateimmutable _vault;
bytes32privateimmutable _poolId;
// The fees recorded during swaps. These will be 18 point not token decimal encodeduint128public feesUnderlying;
uint128public feesBond;
// Stored records of governance tokensaddresspublicimmutable governance;
// The percent of each trade's implied yield to collect as LP feeuint256publicimmutable percentFee;
// The percent of LP fees that is payed to governanceuint256publicimmutable percentFeeGov;
// Store constant token indexes for ascending sorted order// In this case despite these being internal it's cleaner// to ignore linting rules that require _/* solhint-disable private-vars-leading-underscore */uint256internalimmutable baseIndex;
uint256internalimmutable bondIndex;
/* solhint-enable private-vars-leading-underscore */// The max percent fee for governance, immutable after compilationuint256publicconstant FEE_BOUND =3e17;
/// @notice This event allows the frontend to track the fees/// @param collectedBase the base asset tokens fees collected in this txn/// @param collectedBond the bond asset tokens fees collected in this txn/// @param remainingBase the amount of base asset fees have been charged but not collected/// @param remainingBond the amount of bond asset fees have been charged but not collected/// @dev All values emitted by this event are 18 point fixed not token native decimalseventFeeCollection(uint256 collectedBase,
uint256 collectedBond,
uint256 remainingBase,
uint256 remainingBond
);
/// @dev We need need to set the immutables on contract creation/// Note - We expect both 'bond' and 'underlying' to have 'decimals()'/// @param _underlying The asset which the second asset should appreciate to match/// @param _bond The asset which should be appreciating/// @param _expiration The time in unix seconds when the bond asset should equal the underlying asset/// @param _unitSeconds The number of seconds in a unit of time, for example 1 year in seconds/// @param vault The balancer vault/// @param _percentFee The percent each trade's yield to collect as fees/// @param _percentFeeGov The percent of collected that go to governance/// @param _governance The address which gets minted reward lp/// @param name The balancer pool token name/// @param symbol The balancer pool token symbolconstructor(
IERC20 _underlying,
IERC20 _bond,
uint256 _expiration,
uint256 _unitSeconds,
IVault vault,
uint256 _percentFee,
uint256 _percentFeeGov,
address _governance,
stringmemory name,
stringmemory symbol
) BalancerPoolToken(name, symbol) {
// Sanity Checkrequire(_expiration -block.timestamp< _unitSeconds);
// Initialization on the vaultbytes32 poolId = vault.registerPool(
IVault.PoolSpecialization.TWO_TOKEN
);
IERC20[] memory tokens =new IERC20[](2);
if (_underlying < _bond) {
tokens[0] = _underlying;
tokens[1] = _bond;
} else {
tokens[0] = _bond;
tokens[1] = _underlying;
}
// Pass in zero addresses for Asset Managers// Note - functions below assume this token order
vault.registerTokens(poolId, tokens, newaddress[](2));
// Set immutable state variables
_vault = vault;
_poolId = poolId;
percentFee = _percentFee;
// We check that the gov percent fee is less than boundrequire(_percentFeeGov < FEE_BOUND, "Fee too high");
percentFeeGov = _percentFeeGov;
underlying = _underlying;
underlyingDecimals = IERC20Decimals(address(_underlying)).decimals();
bond = _bond;
bondDecimals = IERC20Decimals(address(_bond)).decimals();
expiration = _expiration;
unitSeconds = _unitSeconds;
governance = _governance;
// Calculate the preset indexes for orderingbool underlyingFirst = _underlying < _bond;
baseIndex = underlyingFirst ? 0 : 1;
bondIndex = underlyingFirst ? 1 : 0;
}
// Balancer Interface required Getters/// @dev Returns the vault for this pool/// @return The vault for this poolfunctiongetVault() externalviewreturns (IVault) {
return _vault;
}
/// @dev Returns the poolId for this pool/// @return The poolId for this poolfunctiongetPoolId() externalviewreturns (bytes32) {
return _poolId;
}
// Trade Functionality/// @dev Called by the Vault on swaps to get a price quote/// @param swapRequest The request which contains the details of the swap/// @param currentBalanceTokenIn The input token balance/// @param currentBalanceTokenOut The output token balance/// @return the amount of the output or input token amount of for swapfunctiononSwap(
SwapRequest memory swapRequest,
uint256 currentBalanceTokenIn,
uint256 currentBalanceTokenOut
) publicoverridereturns (uint256) {
// Check that the sender is pool, we change state so must make// this check.require(msg.sender==address(_vault), "Non Vault caller");
// Tokens amounts are passed to us in decimal form of the tokens// But we want theme in 18 pointuint256 amount;
bool isOutputSwap = swapRequest.kind == IVault.SwapKind.GIVEN_IN;
if (isOutputSwap) {
amount = _tokenToFixed(swapRequest.amount, swapRequest.tokenIn);
} else {
amount = _tokenToFixed(swapRequest.amount, swapRequest.tokenOut);
}
currentBalanceTokenIn = _tokenToFixed(
currentBalanceTokenIn,
swapRequest.tokenIn
);
currentBalanceTokenOut = _tokenToFixed(
currentBalanceTokenOut,
swapRequest.tokenOut
);
// We apply the trick which is used in the paper and// double count the reserves because the curve provisions liquidity// for prices above one underlying per bond, which we don't want to be accessible
(uint256 tokenInReserve, uint256 tokenOutReserve) = _adjustedReserve(
currentBalanceTokenIn,
swapRequest.tokenIn,
currentBalanceTokenOut,
swapRequest.tokenOut
);
// We switch on if this is an input or output caseif (isOutputSwap) {
// We get quoteuint256 quote = solveTradeInvariant(
amount,
tokenInReserve,
tokenOutReserve,
isOutputSwap
);
// We assign the trade fee
quote = _assignTradeFee(amount, quote, swapRequest.tokenOut, false);
// We return the quotereturn _fixedToToken(quote, swapRequest.tokenOut);
} else {
// We get the quoteuint256 quote = solveTradeInvariant(
amount,
tokenOutReserve,
tokenInReserve,
isOutputSwap
);
// We assign the trade fee
quote = _assignTradeFee(quote, amount, swapRequest.tokenOut, true);
// We return the outputreturn _fixedToToken(quote, swapRequest.tokenIn);
}
}
/// @dev Hook for joining the pool that must be called from the vault./// It mints a proportional number of tokens compared to current LP pool,/// based on the maximum input the user indicates./// @param poolId The balancer pool id, checked to ensure non erroneous vault call// @param sender Unused by this pool but in interface/// @param recipient The address which will receive lp tokens./// @param currentBalances The current pool balances, sorted by address low to high. length 2// @param latestBlockNumberUsed last block number unused in this pool/// @param protocolSwapFee The percent of pool fees to be paid to the Balancer Protocol/// @param userData Abi encoded fixed length 2 array containing max inputs also sorted by/// address low to high/// @return amountsIn The actual amounts of token the vault should move to this pool/// @return dueProtocolFeeAmounts The amounts of each token to pay as protocol feesfunctiononJoinPool(bytes32 poolId,
address, // senderaddress recipient,
uint256[] memory currentBalances,
uint256,
uint256 protocolSwapFee,
bytescalldata userData
)
externaloverridereturns (uint256[] memory amountsIn,
uint256[] memory dueProtocolFeeAmounts
)
{
// Default checksrequire(msg.sender==address(_vault), "Non Vault caller");
require(poolId == _poolId, "Wrong pool id");
uint256[] memory maxAmountsIn =abi.decode(userData, (uint256[]));
require(
currentBalances.length==2&& maxAmountsIn.length==2,
"Invalid format"
);
// We must normalize the inputs to 18 point
_normalizeSortedArray(currentBalances);
_normalizeSortedArray(maxAmountsIn);
// Mint LP to the governance address.// The {} zoning here helps solidity figure out the stack
{
(
uint256 localFeeUnderlying,
uint256 localFeeBond
) = _mintGovernanceLP(currentBalances);
dueProtocolFeeAmounts =newuint256[](2);
dueProtocolFeeAmounts[baseIndex] = localFeeUnderlying.mulDown(
protocolSwapFee
);
dueProtocolFeeAmounts[bondIndex] = localFeeBond.mulDown(
protocolSwapFee
);
}
// Mint for the user
amountsIn = _mintLP(
maxAmountsIn[baseIndex],
maxAmountsIn[bondIndex],
currentBalances,
recipient
);
// We now have make the outputs have the correct decimals
_denormalizeSortedArray(amountsIn);
_denormalizeSortedArray(dueProtocolFeeAmounts);
}
/// @dev Hook for leaving the pool that must be called from the vault./// It burns a proportional number of tokens compared to current LP pool,/// based on the minium output the user wants./// @param poolId The balancer pool id, checked to ensure non erroneous vault call// @param sender Unused by this pool but in interface/// @param recipient The address which will receive the withdraw tokens./// @param currentBalances The current pool balances, sorted by address low to high. length 2// @param latestBlockNumberUsed last block number unused in this pool/// @param protocolSwapFee The percent of pool fees to be paid to the Balancer Protocol/// @param userData Abi encoded fixed length 2 array containing min outputs also sorted by/// address low to high/// @return amountsOut The number of each token to send to the caller/// @return dueProtocolFeeAmounts The amounts of each token to pay as protocol feesfunctiononExitPool(bytes32 poolId,
address,
address recipient,
uint256[] memory currentBalances,
uint256,
uint256 protocolSwapFee,
bytescalldata userData
)
externaloverridereturns (uint256[] memory amountsOut,
uint256[] memory dueProtocolFeeAmounts
)
{
// Default checksrequire(msg.sender==address(_vault), "Non Vault caller");
require(poolId == _poolId, "Wrong pool id");
uint256[] memory minAmountsOut =abi.decode(userData, (uint256[]));
require(
currentBalances.length==2&& minAmountsOut.length==2,
"Invalid format"
);
// We have to convert to 18 decimals
_normalizeSortedArray(currentBalances);
_normalizeSortedArray(minAmountsOut);
// Mint LP for the governance address.// {} zones to help solidity figure out the stack
{
(
uint256 localFeeUnderlying,
uint256 localFeeBond
) = _mintGovernanceLP(currentBalances);
// Calculate the amount of fees for balancer to collect
dueProtocolFeeAmounts =newuint256[](2);
dueProtocolFeeAmounts[baseIndex] = localFeeUnderlying.mulDown(
protocolSwapFee
);
dueProtocolFeeAmounts[bondIndex] = localFeeBond.mulDown(
protocolSwapFee
);
}
amountsOut = _burnLP(
minAmountsOut[baseIndex],
minAmountsOut[bondIndex],
currentBalances,
recipient
);
// We need to convert the balancer outputs to token decimals instead of 18
_denormalizeSortedArray(amountsOut);
_denormalizeSortedArray(dueProtocolFeeAmounts);
return (amountsOut, dueProtocolFeeAmounts);
}
/// @dev Returns the balances so that they'll be in the order [underlying, bond]./// @param currentBalances balances sorted low to high of address value.function_getSortedBalances(uint256[] memory currentBalances)
internalviewreturns (uint256 underlyingBalance, uint256 bondBalance)
{
return (currentBalances[baseIndex], currentBalances[bondIndex]);
}
/// @dev Turns an array of token amounts into an array of 18 point amounts/// @param data The data to normalizefunction_normalizeSortedArray(uint256[] memory data) internalview{
data[baseIndex] = _normalize(data[baseIndex], underlyingDecimals, 18);
data[bondIndex] = _normalize(data[bondIndex], bondDecimals, 18);
}
/// @dev Turns an array of 18 point amounts into token amounts/// @param data The data to turn in to token decimalsfunction_denormalizeSortedArray(uint256[] memory data) internalview{
data[baseIndex] = _normalize(data[baseIndex], 18, underlyingDecimals);
data[bondIndex] = _normalize(data[bondIndex], 18, bondDecimals);
}
// Math libraries and internal routing/// @dev Calculates how many tokens should be outputted given an input plus reserve variables/// Assumes all inputs are in 18 point fixed compatible with the balancer fixed math lib./// Since solving for an input is almost exactly the same as an output you can indicate/// if this is an input or output calculation in the call./// @param amountX The amount of token x sent in normalized to have 18 decimals/// @param reserveX The amount of the token x currently held by the pool normalized to 18 decimals/// @param reserveY The amount of the token y currently held by the pool normalized to 18 decimals/// @param out Is true if the pool will receive amountX and false if it is expected to produce it./// @return Either if 'out' is true the amount of Y token to send to the user or/// if 'out' is false the amount of Y Token to take from the userfunctionsolveTradeInvariant(uint256 amountX,
uint256 reserveX,
uint256 reserveY,
bool out
) publicviewreturns (uint256) {
// Gets 1 - tuint256 a = _getYieldExponent();
// calculate x before ^ auint256 xBeforePowA = LogExpMath.pow(reserveX, a);
// calculate y before ^ auint256 yBeforePowA = LogExpMath.pow(reserveY, a);
// calculate x after ^ auint256 xAfterPowA = out
? LogExpMath.pow(reserveX + amountX, a)
: LogExpMath.pow(reserveX.sub(amountX), a);
// Calculate y_after = ( x_before ^a + y_ before ^a - x_after^a)^(1/a)// Will revert with underflow here if the liquidity isn't enough for the tradeuint256 yAfter = (xBeforePowA + yBeforePowA).sub(xAfterPowA);
// Note that this call is to FixedPoint Div so works as intended
yAfter = LogExpMath.pow(yAfter, uint256(FixedPoint.ONE).divDown(a));
// The amount of Y token to send is (reserveY_before - reserveY_after)return out ? reserveY.sub(yAfter) : yAfter.sub(reserveY);
}
/// @dev Adds a fee equal to to 'feePercent' of remaining interest to each trade/// This function accepts both input and output trades, amd expects that all/// inputs are in fixed 18 point/// @param amountIn The trade's amountIn in fixed 18 point/// @param amountOut The trade's amountOut in fixed 18 point/// @param outputToken The output token/// @param isInputTrade True if the trader is requesting a quote for the amount of input/// they need to provide to get 'amountOut' false otherwise/// @return The updated output quote// Note - The safe math in this function implicitly prevents the price of 'bond' in underlying// from being higher than 1.function_assignTradeFee(uint256 amountIn,
uint256 amountOut,
IERC20 outputToken,
bool isInputTrade
) internalreturns (uint256) {
// The math splits on if this is input or outputif (isInputTrade) {
// Then it splits again on which token is the bondif (outputToken == bond) {
// If the output is bond the implied yield is out - inuint256 impliedYieldFee = percentFee.mulDown(
amountOut.sub(amountIn)
);
// we record that fee collected from the underlying
feesUnderlying +=uint128(impliedYieldFee);
// and return the adjusted input quotereturn amountIn.add(impliedYieldFee);
} else {
// If the input token is bond the implied yield is in - outuint256 impliedYieldFee = percentFee.mulDown(
amountIn.sub(amountOut)
);
// we record that collected fee from the input bond
feesBond +=uint128(impliedYieldFee);
// and return the updated input quotereturn amountIn.add(impliedYieldFee);
}
} else {
if (outputToken == bond) {
// If the output is bond the implied yield is out - inuint256 impliedYieldFee = percentFee.mulDown(
amountOut.sub(amountIn)
);
// we record that fee collected from the bond output
feesBond +=uint128(impliedYieldFee);
// and then return the updated outputreturn amountOut.sub(impliedYieldFee);
} else {
// If the output is underlying the implied yield is in - outuint256 impliedYieldFee = percentFee.mulDown(
amountIn.sub(amountOut)
);
// we record the collected underlying fee
feesUnderlying +=uint128(impliedYieldFee);
// and then return the updated output quotereturn amountOut.sub(impliedYieldFee);
}
}
}
/// @dev Mints the maximum possible LP given a set of max inputs/// @param inputUnderlying The max underlying to deposit/// @param inputBond The max bond to deposit/// @param currentBalances The current pool balances, sorted by address low to high. length 2/// @param recipient The person who receives the lp funds/// @return amountsIn The actual amounts of token deposited in token sorted orderfunction_mintLP(uint256 inputUnderlying,
uint256 inputBond,
uint256[] memory currentBalances,
address recipient
) internalreturns (uint256[] memory amountsIn) {
// Initialize the memory array with length
amountsIn =newuint256[](2);
// Passing in in memory array helps stack but we use locals for better names
(uint256 reserveUnderlying, uint256 reserveBond) = _getSortedBalances(
currentBalances
);
uint256 localTotalSupply = totalSupply();
// Check if the pool is initializedif (localTotalSupply ==0) {
// When uninitialized we mint exactly the underlying input// in LP tokens
_mintPoolTokens(recipient, inputUnderlying);
// Return the right data
amountsIn[baseIndex] = inputUnderlying;
amountsIn[bondIndex] =0;
return (amountsIn);
}
// Get the reserve ratio, the say how many underlying per bond in the reserve// (input underlying / reserve underlying) is the percent increase caused by deposituint256 underlyingPerBond = reserveUnderlying.divDown(reserveBond);
// Use the underlying per bond to get the needed number of input underlyinguint256 neededUnderlying = underlyingPerBond.mulDown(inputBond);
// If the user can't provide enough underlyingif (neededUnderlying > inputUnderlying) {
// The increase in total supply is the input underlying// as a ratio to reserveuint256 mintAmount = (inputUnderlying.mulDown(localTotalSupply))
.divDown(reserveUnderlying);
// We mint a new amount of as the the percent increase given// by the ratio of the input underlying to the reserve underlying
_mintPoolTokens(recipient, mintAmount);
// In this case we use the whole input of underlying// and consume (inputUnderlying/underlyingPerBond) bonds
amountsIn[baseIndex] = inputUnderlying;
amountsIn[bondIndex] = inputUnderlying.divDown(underlyingPerBond);
} else {
// We calculate the percent increase in the reserves from contributing// all of the bonduint256 mintAmount = (neededUnderlying.mulDown(localTotalSupply))
.divDown(reserveUnderlying);
// We then mint an amount of pool token which corresponds to that increase
_mintPoolTokens(recipient, mintAmount);
// The indicate we consumed the input bond and (inputBond*underlyingPerBond)
amountsIn[baseIndex] = neededUnderlying;
amountsIn[bondIndex] = inputBond;
}
}
/// @dev Burns at least enough LP tokens from the sender to produce/// as set of minium outputs./// @param minOutputUnderlying The minimum output in underlying/// @param minOutputBond The minimum output in the bond/// @param currentBalances The current pool balances, sorted by address low to high. length 2/// @param source The address to burn from./// @return amountsReleased in address sorted orderfunction_burnLP(uint256 minOutputUnderlying,
uint256 minOutputBond,
uint256[] memory currentBalances,
address source
) internalreturns (uint256[] memory amountsReleased) {
// Initialize the memory array with length
amountsReleased =newuint256[](2);
// We take in sorted token arrays to help the stack but// use local names to improve readability
(uint256 reserveUnderlying, uint256 reserveBond) = _getSortedBalances(
currentBalances
);
uint256 localTotalSupply = totalSupply();
// Calculate the ratio of the minOutputUnderlying to reserveuint256 underlyingPerBond = reserveUnderlying.divDown(reserveBond);
// If the ratio won't produce enough bondif (minOutputUnderlying > minOutputBond.mulDown(underlyingPerBond)) {
// In this case we burn enough tokens to output 'minOutputUnderlying'// which will be the total supply times the percent of the underlying// reserve which this amount of underlying is.uint256 burned = (minOutputUnderlying.mulDown(localTotalSupply))
.divDown(reserveUnderlying);
_burnPoolTokens(source, burned);
// We return that we released 'minOutputUnderlying' and the number of bonds that// preserves the reserve ratio
amountsReleased[baseIndex] = minOutputUnderlying;
amountsReleased[bondIndex] = minOutputUnderlying.divDown(
underlyingPerBond
);
} else {
// Then the amount burned is the ratio of the minOutputBond// to the reserve of bond times the total supplyuint256 burned = (minOutputBond.mulDown(localTotalSupply)).divDown(
reserveBond
);
_burnPoolTokens(source, burned);
// We return that we released all of the minOutputBond// and the number of underlying which preserves the reserve ratio
amountsReleased[baseIndex] = minOutputBond.mulDown(
underlyingPerBond
);
amountsReleased[bondIndex] = minOutputBond;
}
}
/// @dev Mints LP tokens from a percentage of the stored fees and then updates them/// @param currentBalances The current pool balances, sorted by address low to high. length 2/// expects the inputs to be 18 point fixed/// @return Returns the fee amounts as (feeUnderlying, feeBond) to avoid other sloadsfunction_mintGovernanceLP(uint256[] memory currentBalances)
internalreturns (uint256, uint256)
{
// Load and cast the stored fees// Note - Because of sizes should only be one sloaduint256 localFeeUnderlying =uint256(feesUnderlying);
uint256 localFeeBond =uint256(feesBond);
if (percentFeeGov ==0) {
// We reset this state because it is expected that this function// resets the amount to match what's consumed and in the zero fee case// that's everything.
(feesUnderlying, feesBond) = (0, 0);
// Emit a fee tracking eventemit FeeCollection(localFeeUnderlying, localFeeBond, 0, 0);
// Return the used feesreturn (localFeeUnderlying, localFeeBond);
}
// Calculate the gov fee which is the assigned fees times the// percentuint256 govFeeUnderlying = localFeeUnderlying.mulDown(percentFeeGov);
uint256 govFeeBond = localFeeBond.mulDown(percentFeeGov);
// Mint the actual LP for gov addressuint256[] memory consumed = _mintLP(
govFeeUnderlying,
govFeeBond,
currentBalances,
governance
);
// We calculate the actual fees useduint256 usedFeeUnderlying = (consumed[baseIndex]).divDown(
percentFeeGov
);
uint256 usedFeeBond = (consumed[bondIndex]).divDown(percentFeeGov);
// Calculate the remaining fees, note due to rounding errors they are likely to// be true that usedFees + remainingFees > originalFees by a very small rounding error// this is safe as with a bounded gov fee it never consumes LP funds.uint256 remainingUnderlying = govFeeUnderlying
.sub(consumed[baseIndex])
.divDown(percentFeeGov);
uint256 remainingBond = govFeeBond.sub(consumed[bondIndex]).divDown(
percentFeeGov
);
// Emit fee tracking eventemit FeeCollection(
usedFeeUnderlying,
usedFeeBond,
remainingUnderlying,
remainingBond
);
// Store the remaining fees
feesUnderlying =uint128(remainingUnderlying);
feesBond =uint128(remainingBond);
// We return the fees which were removed from storagereturn (usedFeeUnderlying, usedFeeBond);
}
/// @dev Calculates 1 - t/// @return Returns 1 - t, encoded as a fraction in 18 decimal fixed pointfunction_getYieldExponent() internalvirtualviewreturns (uint256) {
// The fractional timeuint256 timeTillExpiry =block.timestamp< expiration
? expiration -block.timestamp
: 0;
timeTillExpiry *=1e18;
// timeTillExpiry now contains the a fixed point of the years remaining
timeTillExpiry = timeTillExpiry.divDown(unitSeconds *1e18);
uint256 result =uint256(FixedPoint.ONE).sub(timeTillExpiry);
// Sanity Checkrequire(result !=0);
// Return resultreturn result;
}
/// @dev Applies the reserve adjustment from the paper and returns the reserves/// Note: The inputs should be in 18 point fixed to match the LP decimals/// @param reserveTokenIn The reserve of the input token/// @param tokenIn The address of the input token/// @param reserveTokenOut The reserve of the output token/// @return Returns (adjustedReserveIn, adjustedReserveOut)function_adjustedReserve(uint256 reserveTokenIn,
IERC20 tokenIn,
uint256 reserveTokenOut,
IERC20 tokenOut
) internalviewreturns (uint256, uint256) {
// We need to identify the bond asset and the underlying// This check is slightly redundant in most cases but more secureif (tokenIn == underlying && tokenOut == bond) {
// We return (underlyingReserve, bondReserve + totalLP)return (reserveTokenIn, reserveTokenOut + totalSupply());
} elseif (tokenIn == bond && tokenOut == underlying) {
// We return (bondReserve + totalLP, underlyingReserve)return (reserveTokenIn + totalSupply(), reserveTokenOut);
}
// This should never be hitrevert("Token request doesn't match stored");
}
/// @dev Turns a token which is either 'bond' or 'underlying' into 18 point decimal/// @param amount The amount of the token in native decimal encoding/// @param token The address of the token/// @return The amount of token encoded into 18 point fixed pointfunction_tokenToFixed(uint256 amount, IERC20 token)
internalviewreturns (uint256)
{
// In both cases we are targeting 18 pointif (token == underlying) {
return _normalize(amount, underlyingDecimals, 18);
} elseif (token == bond) {
return _normalize(amount, bondDecimals, 18);
}
// Should never happenrevert("Called with non pool token");
}
/// @dev Turns an 18 fixed point amount into a token amount/// Token must be either 'bond' or 'underlying'/// @param amount The amount of the token in 18 decimal fixed point/// @param token The address of the token/// @return The amount of token encoded in native decimal pointfunction_fixedToToken(uint256 amount, IERC20 token)
internalviewreturns (uint256)
{
if (token == underlying) {
// Recodes to 'underlyingDecimals' decimalsreturn _normalize(amount, 18, underlyingDecimals);
} elseif (token == bond) {
// Recodes to 'bondDecimals' decimalsreturn _normalize(amount, 18, bondDecimals);
}
// Should never happenrevert("Called with non pool token");
}
/// @dev Takes an 'amount' encoded with 'decimalsBefore' decimals and/// re encodes it with 'decimalsAfter' decimals/// @param amount The amount to normalize/// @param decimalsBefore The decimal encoding before/// @param decimalsAfter The decimal encoding afterfunction_normalize(uint256 amount,
uint8 decimalsBefore,
uint8 decimalsAfter
) internalpurereturns (uint256) {
// If we need to increase the decimalsif (decimalsBefore > decimalsAfter) {
// Then we shift right the amount by the number of decimals
amount = amount /10**(decimalsBefore - decimalsAfter);
// If we need to decrease the number
} elseif (decimalsBefore < decimalsAfter) {
// then we shift left by the difference
amount = amount *10**(decimalsAfter - decimalsBefore);
}
// If nothing changed this is a no-opreturn amount;
}
}
Contract Source Code
File 5 of 28: EIP712.sol
// SPDX-License-Identifier: MITpragmasolidity ^0.7.0;/**
* @dev https://eips.ethereum.org/EIPS/eip-712[EIP 712] is a standard for hashing and signing of typed structured data.
*
* The encoding specified in the EIP is very generic, and such a generic implementation in Solidity is not feasible,
* thus this contract does not implement the encoding itself. Protocols need to implement the type-specific encoding
* they need in their contracts using a combination of `abi.encode` and `keccak256`.
*
* This contract implements the EIP 712 domain separator ({_domainSeparatorV4}) that is used as part of the encoding
* scheme, and the final step of the encoding to obtain the message digest that is then signed via ECDSA
* ({_hashTypedDataV4}).
*
* The implementation of the domain separator was designed to be as efficient as possible while still properly updating
* the chain id to protect against replay attacks on an eventual fork of the chain.
*
* NOTE: This contract implements the version of the encoding known as "v4", as implemented by the JSON RPC method
* https://docs.metamask.io/guide/signing-data.html[`eth_signTypedDataV4` in MetaMask].
*
* _Available since v3.4._
*/abstractcontractEIP712{
/* solhint-disable var-name-mixedcase */bytes32privateimmutable _HASHED_NAME;
bytes32privateimmutable _HASHED_VERSION;
bytes32privateimmutable _TYPE_HASH;
/* solhint-enable var-name-mixedcase *//**
* @dev Initializes the domain separator and parameter caches.
*
* The meaning of `name` and `version` is specified in
* https://eips.ethereum.org/EIPS/eip-712#definition-of-domainseparator[EIP 712]:
*
* - `name`: the user readable name of the signing domain, i.e. the name of the DApp or the protocol.
* - `version`: the current major version of the signing domain.
*
* NOTE: These parameters cannot be changed except through a xref:learn::upgrading-smart-contracts.adoc[smart
* contract upgrade].
*/constructor(stringmemory name, stringmemory version) {
_HASHED_NAME =keccak256(bytes(name));
_HASHED_VERSION =keccak256(bytes(version));
_TYPE_HASH =keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)");
}
/**
* @dev Returns the domain separator for the current chain.
*/function_domainSeparatorV4() internalviewvirtualreturns (bytes32) {
returnkeccak256(abi.encode(_TYPE_HASH, _HASHED_NAME, _HASHED_VERSION, _getChainId(), address(this)));
}
/**
* @dev Given an already https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct[hashed struct], this
* function returns the hash of the fully encoded EIP712 message for this domain.
*
* This hash can be used together with {ECDSA-recover} to obtain the signer of a message. For example:
*
* ```solidity
* bytes32 digest = _hashTypedDataV4(keccak256(abi.encode(
* keccak256("Mail(address to,string contents)"),
* mailTo,
* keccak256(bytes(mailContents))
* )));
* address signer = ECDSA.recover(digest, signature);
* ```
*/function_hashTypedDataV4(bytes32 structHash) internalviewvirtualreturns (bytes32) {
returnkeccak256(abi.encodePacked("\x19\x01", _domainSeparatorV4(), structHash));
}
function_getChainId() privateviewreturns (uint256 chainId) {
// Silence state mutability warning without generating bytecode.// See https://github.com/ethereum/solidity/issues/10090#issuecomment-741789128 and// https://github.com/ethereum/solidity/issues/2691this;
// solhint-disable-next-line no-inline-assemblyassembly {
chainId :=chainid()
}
}
}
Contract Source Code
File 6 of 28: ERC20.sol
// SPDX-License-Identifier: MITpragmasolidity ^0.7.0;import"../helpers/BalancerErrors.sol";
import"./IERC20.sol";
import"./SafeMath.sol";
/**
* @dev Implementation of the {IERC20} interface.
*
* This implementation is agnostic to the way tokens are created. This means
* that a supply mechanism has to be added in a derived contract using {_mint}.
* For a generic mechanism see {ERC20PresetMinterPauser}.
*
* TIP: For a detailed writeup see our guide
* https://forum.zeppelin.solutions/t/how-to-implement-erc20-supply-mechanisms/226[How
* to implement supply mechanisms].
*
* We have followed general OpenZeppelin guidelines: functions revert instead
* of returning `false` on failure. This behavior is nonetheless conventional
* and does not conflict with the expectations of ERC20 applications.
*
* Additionally, an {Approval} event is emitted on calls to {transferFrom}.
* This allows applications to reconstruct the allowance for all accounts just
* by listening to said events. Other implementations of the EIP may not emit
* these events, as it isn't required by the specification.
*
* Finally, the non-standard {decreaseAllowance} and {increaseAllowance}
* functions have been added to mitigate the well-known issues around setting
* allowances. See {IERC20-approve}.
*/contractERC20isIERC20{
usingSafeMathforuint256;
mapping(address=>uint256) private _balances;
mapping(address=>mapping(address=>uint256)) private _allowances;
uint256private _totalSupply;
stringprivate _name;
stringprivate _symbol;
uint8private _decimals;
/**
* @dev Sets the values for {name} and {symbol}, initializes {decimals} with
* a default value of 18.
*
* To select a different value for {decimals}, use {_setupDecimals}.
*
* All three of these values are immutable: they can only be set once during
* construction.
*/constructor(stringmemory name_, stringmemory symbol_) {
_name = name_;
_symbol = symbol_;
_decimals =18;
}
/**
* @dev Returns the name of the token.
*/functionname() publicviewreturns (stringmemory) {
return _name;
}
/**
* @dev Returns the symbol of the token, usually a shorter version of the
* name.
*/functionsymbol() publicviewreturns (stringmemory) {
return _symbol;
}
/**
* @dev Returns the number of decimals used to get its user representation.
* For example, if `decimals` equals `2`, a balance of `505` tokens should
* be displayed to a user as `5,05` (`505 / 10 ** 2`).
*
* Tokens usually opt for a value of 18, imitating the relationship between
* Ether and Wei. This is the value {ERC20} uses, unless {_setupDecimals} is
* called.
*
* NOTE: This information is only used for _display_ purposes: it in
* no way affects any of the arithmetic of the contract, including
* {IERC20-balanceOf} and {IERC20-transfer}.
*/functiondecimals() publicviewreturns (uint8) {
return _decimals;
}
/**
* @dev See {IERC20-totalSupply}.
*/functiontotalSupply() publicviewoverridereturns (uint256) {
return _totalSupply;
}
/**
* @dev See {IERC20-balanceOf}.
*/functionbalanceOf(address account) publicviewoverridereturns (uint256) {
return _balances[account];
}
/**
* @dev See {IERC20-transfer}.
*
* Requirements:
*
* - `recipient` cannot be the zero address.
* - the caller must have a balance of at least `amount`.
*/functiontransfer(address recipient, uint256 amount) publicvirtualoverridereturns (bool) {
_transfer(msg.sender, recipient, amount);
returntrue;
}
/**
* @dev See {IERC20-allowance}.
*/functionallowance(address owner, address spender) publicviewvirtualoverridereturns (uint256) {
return _allowances[owner][spender];
}
/**
* @dev See {IERC20-approve}.
*
* Requirements:
*
* - `spender` cannot be the zero address.
*/functionapprove(address spender, uint256 amount) publicvirtualoverridereturns (bool) {
_approve(msg.sender, spender, amount);
returntrue;
}
/**
* @dev See {IERC20-transferFrom}.
*
* Emits an {Approval} event indicating the updated allowance. This is not
* required by the EIP. See the note at the beginning of {ERC20}.
*
* Requirements:
*
* - `sender` and `recipient` cannot be the zero address.
* - `sender` must have a balance of at least `amount`.
* - the caller must have allowance for ``sender``'s tokens of at least
* `amount`.
*/functiontransferFrom(address sender,
address recipient,
uint256 amount
) publicvirtualoverridereturns (bool) {
_transfer(sender, recipient, amount);
_approve(
sender,
msg.sender,
_allowances[sender][msg.sender].sub(amount, Errors.ERC20_TRANSFER_EXCEEDS_ALLOWANCE)
);
returntrue;
}
/**
* @dev Atomically increases the allowance granted to `spender` by the caller.
*
* This is an alternative to {approve} that can be used as a mitigation for
* problems described in {IERC20-approve}.
*
* Emits an {Approval} event indicating the updated allowance.
*
* Requirements:
*
* - `spender` cannot be the zero address.
*/functionincreaseAllowance(address spender, uint256 addedValue) publicvirtualreturns (bool) {
_approve(msg.sender, spender, _allowances[msg.sender][spender].add(addedValue));
returntrue;
}
/**
* @dev Atomically decreases the allowance granted to `spender` by the caller.
*
* This is an alternative to {approve} that can be used as a mitigation for
* problems described in {IERC20-approve}.
*
* Emits an {Approval} event indicating the updated allowance.
*
* Requirements:
*
* - `spender` cannot be the zero address.
* - `spender` must have allowance for the caller of at least
* `subtractedValue`.
*/functiondecreaseAllowance(address spender, uint256 subtractedValue) publicvirtualreturns (bool) {
_approve(
msg.sender,
spender,
_allowances[msg.sender][spender].sub(subtractedValue, Errors.ERC20_DECREASED_ALLOWANCE_BELOW_ZERO)
);
returntrue;
}
/**
* @dev Moves tokens `amount` from `sender` to `recipient`.
*
* This is internal function is equivalent to {transfer}, and can be used to
* e.g. implement automatic token fees, slashing mechanisms, etc.
*
* Emits a {Transfer} event.
*
* Requirements:
*
* - `sender` cannot be the zero address.
* - `recipient` cannot be the zero address.
* - `sender` must have a balance of at least `amount`.
*/function_transfer(address sender,
address recipient,
uint256 amount
) internalvirtual{
_require(sender !=address(0), Errors.ERC20_TRANSFER_FROM_ZERO_ADDRESS);
_require(recipient !=address(0), Errors.ERC20_TRANSFER_TO_ZERO_ADDRESS);
_beforeTokenTransfer(sender, recipient, amount);
_balances[sender] = _balances[sender].sub(amount, Errors.ERC20_TRANSFER_EXCEEDS_BALANCE);
_balances[recipient] = _balances[recipient].add(amount);
emit Transfer(sender, recipient, amount);
}
/** @dev Creates `amount` tokens and assigns them to `account`, increasing
* the total supply.
*
* Emits a {Transfer} event with `from` set to the zero address.
*
* Requirements:
*
* - `to` cannot be the zero address.
*/function_mint(address account, uint256 amount) internalvirtual{
_require(account !=address(0), Errors.ERC20_MINT_TO_ZERO_ADDRESS);
_beforeTokenTransfer(address(0), account, amount);
_totalSupply = _totalSupply.add(amount);
_balances[account] = _balances[account].add(amount);
emit Transfer(address(0), account, amount);
}
/**
* @dev Destroys `amount` tokens from `account`, reducing the
* total supply.
*
* Emits a {Transfer} event with `to` set to the zero address.
*
* Requirements:
*
* - `account` cannot be the zero address.
* - `account` must have at least `amount` tokens.
*/function_burn(address account, uint256 amount) internalvirtual{
_require(account !=address(0), Errors.ERC20_BURN_FROM_ZERO_ADDRESS);
_beforeTokenTransfer(account, address(0), amount);
_balances[account] = _balances[account].sub(amount, Errors.ERC20_BURN_EXCEEDS_ALLOWANCE);
_totalSupply = _totalSupply.sub(amount);
emit Transfer(account, address(0), amount);
}
/**
* @dev Sets `amount` as the allowance of `spender` over the `owner` s tokens.
*
* This internal function is equivalent to `approve`, and can be used to
* e.g. set automatic allowances for certain subsystems, etc.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `owner` cannot be the zero address.
* - `spender` cannot be the zero address.
*/function_approve(address owner,
address spender,
uint256 amount
) internalvirtual{
_require(owner !=address(0), Errors.ERC20_APPROVE_FROM_ZERO_ADDRESS);
_require(spender !=address(0), Errors.ERC20_APPROVE_TO_ZERO_ADDRESS);
_allowances[owner][spender] = amount;
emit Approval(owner, spender, amount);
}
/**
* @dev Sets {decimals} to a value other than the default one of 18.
*
* WARNING: This function should only be called from the constructor. Most
* applications that interact with token contracts will not expect
* {decimals} to ever change, and may work incorrectly if it does.
*/function_setupDecimals(uint8 decimals_) internal{
_decimals = decimals_;
}
/**
* @dev Hook that is called before any transfer of tokens. This includes
* minting and burning.
*
* Calling conditions:
*
* - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens
* will be to transferred to `to`.
* - when `from` is zero, `amount` tokens will be minted for `to`.
* - when `to` is zero, `amount` of ``from``'s tokens will be burned.
* - `from` and `to` are never both zero.
*
* To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks].
*/function_beforeTokenTransfer(addressfrom,
address to,
uint256 amount
) internalvirtual{}
}
Contract Source Code
File 7 of 28: FixedPoint.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;import"./LogExpMath.sol";
import"../helpers/BalancerErrors.sol";
/* solhint-disable private-vars-leading-underscore */libraryFixedPoint{
uint256internalconstant ONE =1e18; // 18 decimal placesuint256internalconstant MAX_POW_RELATIVE_ERROR =10000; // 10^(-14)// Minimum base for the power function when the exponent is 'free' (larger than ONE).uint256internalconstant MIN_POW_BASE_FREE_EXPONENT =0.7e18;
functionadd(uint256 a, uint256 b) internalpurereturns (uint256) {
// Fixed Point addition is the same as regular checked additionuint256 c = a + b;
_require(c >= a, Errors.ADD_OVERFLOW);
return c;
}
functionsub(uint256 a, uint256 b) internalpurereturns (uint256) {
// Fixed Point addition is the same as regular checked addition
_require(b <= a, Errors.SUB_OVERFLOW);
uint256 c = a - b;
return c;
}
functionmulDown(uint256 a, uint256 b) internalpurereturns (uint256) {
uint256 product = a * b;
_require(a ==0|| product / a == b, Errors.MUL_OVERFLOW);
return product / ONE;
}
functionmulUp(uint256 a, uint256 b) internalpurereturns (uint256) {
uint256 product = a * b;
_require(a ==0|| product / a == b, Errors.MUL_OVERFLOW);
if (product ==0) {
return0;
} else {
// The traditional divUp formula is:// divUp(x, y) := (x + y - 1) / y// To avoid intermediate overflow in the addition, we distribute the division and get:// divUp(x, y) := (x - 1) / y + 1// Note that this requires x != 0, which we already tested for.return ((product -1) / ONE) +1;
}
}
functiondivDown(uint256 a, uint256 b) internalpurereturns (uint256) {
_require(b !=0, Errors.ZERO_DIVISION);
if (a ==0) {
return0;
} else {
uint256 aInflated = a * ONE;
_require(aInflated / a == ONE, Errors.DIV_INTERNAL); // mul overflowreturn aInflated / b;
}
}
functiondivUp(uint256 a, uint256 b) internalpurereturns (uint256) {
_require(b !=0, Errors.ZERO_DIVISION);
if (a ==0) {
return0;
} else {
uint256 aInflated = a * ONE;
_require(aInflated / a == ONE, Errors.DIV_INTERNAL); // mul overflow// The traditional divUp formula is:// divUp(x, y) := (x + y - 1) / y// To avoid intermediate overflow in the addition, we distribute the division and get:// divUp(x, y) := (x - 1) / y + 1// Note that this requires x != 0, which we already tested for.return ((aInflated -1) / b) +1;
}
}
/**
* @dev Returns x^y, assuming both are fixed point numbers, rounding down. The result is guaranteed to not be above
* the true value (that is, the error function expected - actual is always positive).
*/functionpowDown(uint256 x, uint256 y) internalpurereturns (uint256) {
uint256 raw = LogExpMath.pow(x, y);
uint256 maxError = add(mulUp(raw, MAX_POW_RELATIVE_ERROR), 1);
if (raw < maxError) {
return0;
} else {
return sub(raw, maxError);
}
}
/**
* @dev Returns x^y, assuming both are fixed point numbers, rounding up. The result is guaranteed to not be below
* the true value (that is, the error function expected - actual is always negative).
*/functionpowUp(uint256 x, uint256 y) internalpurereturns (uint256) {
uint256 raw = LogExpMath.pow(x, y);
uint256 maxError = add(mulUp(raw, MAX_POW_RELATIVE_ERROR), 1);
return add(raw, maxError);
}
/**
* @dev Returns the complement of a value (1 - x), capped to 0 if x is larger than 1.
*
* Useful when computing the complement for values with some level of relative error, as it strips this error and
* prevents intermediate negative values.
*/functioncomplement(uint256 x) internalpurereturns (uint256) {
return (x < ONE) ? (ONE - x) : 0;
}
}
Contract Source Code
File 8 of 28: IAsset.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;/**
* @dev This is an empty interface used to represent either ERC20-conforming token contracts or ETH (using the zero
* address sentinel value). We're just relying on the fact that `interface` can be used to declare new address-like
* types.
*
* This concept is unrelated to a Pool's Asset Managers.
*/interfaceIAsset{
// solhint-disable-previous-line no-empty-blocks
}
Contract Source Code
File 9 of 28: IAuthentication.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;interfaceIAuthentication{
/**
* @dev Returns the action identifier associated with the external function described by `selector`.
*/functiongetActionId(bytes4 selector) externalviewreturns (bytes32);
}
Contract Source Code
File 10 of 28: IAuthorizer.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;interfaceIAuthorizer{
/**
* @dev Returns true if `account` can perform the action described by `actionId` in the contract `where`.
*/functioncanPerform(bytes32 actionId,
address account,
address where
) externalviewreturns (bool);
}
Contract Source Code
File 11 of 28: IBasePool.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;pragmaexperimentalABIEncoderV2;import"./IVault.sol";
import"./IPoolSwapStructs.sol";
/**
* @dev Interface for adding and removing liquidity that all Pool contracts should implement. Note that this is not
* the complete Pool contract interface, as it is missing the swap hooks. Pool contracts should also inherit from
* either IGeneralPool or IMinimalSwapInfoPool
*/interfaceIBasePoolisIPoolSwapStructs{
/**
* @dev Called by the Vault when a user calls `IVault.joinPool` to add liquidity to this Pool. Returns how many of
* each registered token the user should provide, as well as the amount of protocol fees the Pool owes to the Vault.
* The Vault will then take tokens from `sender` and add them to the Pool's balances, as well as collect
* the reported amount in protocol fees, which the pool should calculate based on `protocolSwapFeePercentage`.
*
* Protocol fees are reported and charged on join events so that the Pool is free of debt whenever new users join.
*
* `sender` is the account performing the join (from which tokens will be withdrawn), and `recipient` is the account
* designated to receive any benefits (typically pool shares). `currentBalances` contains the total balances
* for each token the Pool registered in the Vault, in the same order that `IVault.getPoolTokens` would return.
*
* `lastChangeBlock` is the last block in which *any* of the Pool's registered tokens last changed its total
* balance.
*
* `userData` contains any pool-specific instructions needed to perform the calculations, such as the type of
* join (e.g., proportional given an amount of pool shares, single-asset, multi-asset, etc.)
*
* Contracts implementing this function should check that the caller is indeed the Vault before performing any
* state-changing operations, such as minting pool shares.
*/functiononJoinPool(bytes32 poolId,
address sender,
address recipient,
uint256[] memory balances,
uint256 lastChangeBlock,
uint256 protocolSwapFeePercentage,
bytesmemory userData
) externalreturns (uint256[] memory amountsIn, uint256[] memory dueProtocolFeeAmounts);
/**
* @dev Called by the Vault when a user calls `IVault.exitPool` to remove liquidity from this Pool. Returns how many
* tokens the Vault should deduct from the Pool's balances, as well as the amount of protocol fees the Pool owes
* to the Vault. The Vault will then take tokens from the Pool's balances and send them to `recipient`,
* as well as collect the reported amount in protocol fees, which the Pool should calculate based on
* `protocolSwapFeePercentage`.
*
* Protocol fees are charged on exit events to guarantee that users exiting the Pool have paid their share.
*
* `sender` is the account performing the exit (typically the pool shareholder), and `recipient` is the account
* to which the Vault will send the proceeds. `currentBalances` contains the total token balances for each token
* the Pool registered in the Vault, in the same order that `IVault.getPoolTokens` would return.
*
* `lastChangeBlock` is the last block in which *any* of the Pool's registered tokens last changed its total
* balance.
*
* `userData` contains any pool-specific instructions needed to perform the calculations, such as the type of
* exit (e.g., proportional given an amount of pool shares, single-asset, multi-asset, etc.)
*
* Contracts implementing this function should check that the caller is indeed the Vault before performing any
* state-changing operations, such as burning pool shares.
*/functiononExitPool(bytes32 poolId,
address sender,
address recipient,
uint256[] memory balances,
uint256 lastChangeBlock,
uint256 protocolSwapFeePercentage,
bytesmemory userData
) externalreturns (uint256[] memory amountsOut, uint256[] memory dueProtocolFeeAmounts);
}
Contract Source Code
File 12 of 28: IERC20.sol
// SPDX-License-Identifier: MITpragmasolidity ^0.7.0;/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/interfaceIERC20{
/**
* @dev Returns the amount of tokens in existence.
*/functiontotalSupply() externalviewreturns (uint256);
/**
* @dev Returns the amount of tokens owned by `account`.
*/functionbalanceOf(address account) externalviewreturns (uint256);
/**
* @dev Moves `amount` tokens from the caller's account to `recipient`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/functiontransfer(address recipient, uint256 amount) externalreturns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/functionallowance(address owner, address spender) externalviewreturns (uint256);
/**
* @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/functionapprove(address spender, uint256 amount) externalreturns (bool);
/**
* @dev Moves `amount` tokens from `sender` to `recipient` using the
* allowance mechanism. `amount` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/functiontransferFrom(address sender,
address recipient,
uint256 amount
) externalreturns (bool);
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/eventTransfer(addressindexedfrom, addressindexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/eventApproval(addressindexed owner, addressindexed spender, uint256 value);
}
Contract Source Code
File 13 of 28: IERC20Decimals.sol
// SPDX-License-Identifier: Apache-2.0pragmasolidity >=0.7.0;import"../balancer-core-v2/lib/openzeppelin/ERC20.sol";
interfaceIERC20DecimalsisIERC20{
// Non standard but almost all erc20 have thisfunctiondecimals() externalviewreturns (uint8);
}
Contract Source Code
File 14 of 28: IERC20Permit.sol
// SPDX-License-Identifier: MITpragmasolidity ^0.7.0;/**
* @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
* https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
*
* Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
* presenting a message signed by the account. By not relying on `{IERC20-approve}`, the token holder account doesn't
* need to send a transaction, and thus is not required to hold Ether at all.
*/interfaceIERC20Permit{
/**
* @dev Sets `value` as the allowance of `spender` over `owner`'s tokens,
* given `owner`'s signed approval.
*
* IMPORTANT: The same issues {IERC20-approve} has related to transaction
* ordering also apply here.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `spender` cannot be the zero address.
* - `deadline` must be a timestamp in the future.
* - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`
* over the EIP712-formatted function arguments.
* - the signature must use ``owner``'s current nonce (see {nonces}).
*
* For more information on the signature format, see the
* https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP
* section].
*/functionpermit(address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) external;
/**
* @dev Returns the current nonce for `owner`. This value must be
* included whenever a signature is generated for {permit}.
*
* Every successful call to {permit} increases ``owner``'s nonce by one. This
* prevents a signature from being used multiple times.
*/functionnonces(address owner) externalviewreturns (uint256);
/**
* @dev Returns the domain separator used in the encoding of the signature for `permit`, as defined by {EIP712}.
*/// solhint-disable-next-line func-name-mixedcasefunctionDOMAIN_SEPARATOR() externalviewreturns (bytes32);
}
Contract Source Code
File 15 of 28: IFlashLoanRecipient.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;// Inspired by Aave Protocol's IFlashLoanReceiver.import"../../lib/openzeppelin/IERC20.sol";
interfaceIFlashLoanRecipient{
/**
* @dev When `flashLoan` is called on the Vault, it invokes the `receiveFlashLoan` hook on the recipient.
*
* At the time of the call, the Vault will have transferred `amounts` for `tokens` to the recipient. Before this
* call returns, the recipient must have transferred `amounts` plus `feeAmounts` for each token back to the
* Vault, or else the entire flash loan will revert.
*
* `userData` is the same value passed in the `IVault.flashLoan` call.
*/functionreceiveFlashLoan(
IERC20[] memory tokens,
uint256[] memory amounts,
uint256[] memory feeAmounts,
bytesmemory userData
) external;
}
Contract Source Code
File 16 of 28: IMinimalSwapInfoPool.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;pragmaexperimentalABIEncoderV2;import"./IBasePool.sol";
/**
* @dev Pool contracts with the MinimalSwapInfo or TwoToken specialization settings should implement this interface.
*
* This is called by the Vault when a user calls `IVault.swap` or `IVault.batchSwap` to swap with this Pool.
* Returns the number of tokens the Pool will grant to the user in a 'given in' swap, or that the user will grant
* to the pool in a 'given out' swap.
*
* This can often be implemented by a `view` function, since many pricing algorithms don't need to track state
* changes in swaps. However, contracts implementing this in non-view functions should check that the caller is
* indeed the Vault.
*/interfaceIMinimalSwapInfoPoolisIBasePool{
functiononSwap(
SwapRequest memory swapRequest,
uint256 currentBalanceTokenIn,
uint256 currentBalanceTokenOut
) externalreturns (uint256 amount);
}
Contract Source Code
File 17 of 28: IPoolSwapStructs.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;pragmaexperimentalABIEncoderV2;import"../../lib/openzeppelin/IERC20.sol";
import"./IVault.sol";
interfaceIPoolSwapStructs{
// This is not really an interface - it just defines common structs used by other interfaces: IGeneralPool and// IMinimalSwapInfoPool.//// This data structure represents a request for a token swap, where `kind` indicates the swap type ('given in' or// 'given out') which indicates whether or not the amount sent by the pool is known.//// The pool receives `tokenIn` and sends `tokenOut`. `amount` is the number of `tokenIn` tokens the pool will take// in, or the number of `tokenOut` tokens the Pool will send out, depending on the given swap `kind`.//// All other fields are not strictly necessary for most swaps, but are provided to support advanced scenarios in// some Pools.//// `poolId` is the ID of the Pool involved in the swap - this is useful for Pool contracts that implement more than// one Pool.//// The meaning of `lastChangeBlock` depends on the Pool specialization:// - Two Token or Minimal Swap Info: the last block in which either `tokenIn` or `tokenOut` changed its total// balance.// - General: the last block in which *any* of the Pool's registered tokens changed its total balance.//// `from` is the origin address for the funds the Pool receives, and `to` is the destination address// where the Pool sends the outgoing tokens.//// `userData` is extra data provided by the caller - typically a signature from a trusted party.structSwapRequest {
IVault.SwapKind kind;
IERC20 tokenIn;
IERC20 tokenOut;
uint256 amount;
// Misc databytes32 poolId;
uint256 lastChangeBlock;
addressfrom;
address to;
bytes userData;
}
}
Contract Source Code
File 18 of 28: ISignaturesValidator.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;/**
* @dev Interface for the SignatureValidator helper, used to support meta-transactions.
*/interfaceISignaturesValidator{
/**
* @dev Returns the EIP712 domain separator.
*/functiongetDomainSeparator() externalviewreturns (bytes32);
/**
* @dev Returns the next nonce used by an address to sign messages.
*/functiongetNextNonce(address user) externalviewreturns (uint256);
}
Contract Source Code
File 19 of 28: ITemporarilyPausable.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;/**
* @dev Interface for the TemporarilyPausable helper.
*/interfaceITemporarilyPausable{
/**
* @dev Emitted every time the pause state changes by `_setPaused`.
*/eventPausedStateChanged(bool paused);
/**
* @dev Returns the current paused state.
*/functiongetPausedState()
externalviewreturns (bool paused,
uint256 pauseWindowEndTime,
uint256 bufferPeriodEndTime
);
}
Contract Source Code
File 20 of 28: IVault.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmaexperimentalABIEncoderV2;import"../../lib/openzeppelin/IERC20.sol";
import"./IWETH.sol";
import"./IAsset.sol";
import"./IAuthorizer.sol";
import"./IFlashLoanRecipient.sol";
import"../ProtocolFeesCollector.sol";
import"../../lib/helpers/ISignaturesValidator.sol";
import"../../lib/helpers/ITemporarilyPausable.sol";
pragmasolidity ^0.7.0;/**
* @dev Full external interface for the Vault core contract - no external or public methods exist in the contract that
* don't override one of these declarations.
*/interfaceIVaultisISignaturesValidator, ITemporarilyPausable{
// Generalities about the Vault://// - Whenever documentation refers to 'tokens', it strictly refers to ERC20-compliant token contracts. Tokens are// transferred out of the Vault by calling the `IERC20.transfer` function, and transferred in by calling// `IERC20.transferFrom`. In these cases, the sender must have previously allowed the Vault to use their tokens by// calling `IERC20.approve`. The only deviation from the ERC20 standard that is supported is functions not returning// a boolean value: in these scenarios, a non-reverting call is assumed to be successful.//// - All non-view functions in the Vault are non-reentrant: calling them while another one is mid-execution (e.g.// while execution control is transferred to a token contract during a swap) will result in a revert. View// functions can be called in a re-reentrant way, but doing so might cause them to return inconsistent results.// Contracts calling view functions in the Vault must make sure the Vault has not already been entered.//// - View functions revert if referring to either unregistered Pools, or unregistered tokens for registered Pools.// Authorizer//// Some system actions are permissioned, like setting and collecting protocol fees. This permissioning system exists// outside of the Vault in the Authorizer contract: the Vault simply calls the Authorizer to check if the caller// can perform a given action./**
* @dev Returns the Vault's Authorizer.
*/functiongetAuthorizer() externalviewreturns (IAuthorizer);
/**
* @dev Sets a new Authorizer for the Vault. The caller must be allowed by the current Authorizer to do this.
*
* Emits an `AuthorizerChanged` event.
*/functionsetAuthorizer(IAuthorizer newAuthorizer) external;
/**
* @dev Emitted when a new authorizer is set by `setAuthorizer`.
*/eventAuthorizerChanged(IAuthorizer indexed newAuthorizer);
// Relayers//// Additionally, it is possible for an account to perform certain actions on behalf of another one, using their// Vault ERC20 allowance and Internal Balance. These accounts are said to be 'relayers' for these Vault functions,// and are expected to be smart contracts with sound authentication mechanisms. For an account to be able to wield// this power, two things must occur:// - The Authorizer must grant the account the permission to be a relayer for the relevant Vault function. This// means that Balancer governance must approve each individual contract to act as a relayer for the intended// functions.// - Each user must approve the relayer to act on their behalf.// This double protection means users cannot be tricked into approving malicious relayers (because they will not// have been allowed by the Authorizer via governance), nor can malicious relayers approved by a compromised// Authorizer or governance drain user funds, since they would also need to be approved by each individual user./**
* @dev Returns true if `user` has approved `relayer` to act as a relayer for them.
*/functionhasApprovedRelayer(address user, address relayer) externalviewreturns (bool);
/**
* @dev Allows `relayer` to act as a relayer for `sender` if `approved` is true, and disallows it otherwise.
*
* Emits a `RelayerApprovalChanged` event.
*/functionsetRelayerApproval(address sender,
address relayer,
bool approved
) external;
/**
* @dev Emitted every time a relayer is approved or disapproved by `setRelayerApproval`.
*/eventRelayerApprovalChanged(addressindexed relayer, addressindexed sender, bool approved);
// Internal Balance//// Users can deposit tokens into the Vault, where they are allocated to their Internal Balance, and later// transferred or withdrawn. It can also be used as a source of tokens when joining Pools, as a destination// when exiting them, and as either when performing swaps. This usage of Internal Balance results in greatly reduced// gas costs when compared to relying on plain ERC20 transfers, leading to large savings for frequent users.//// Internal Balance management features batching, which means a single contract call can be used to perform multiple// operations of different kinds, with different senders and recipients, at once./**
* @dev Returns `user`'s Internal Balance for a set of tokens.
*/functiongetInternalBalance(address user, IERC20[] memory tokens) externalviewreturns (uint256[] memory);
/**
* @dev Performs a set of user balance operations, which involve Internal Balance (deposit, withdraw or transfer)
* and plain ERC20 transfers using the Vault's allowance. This last feature is particularly useful for relayers, as
* it lets integrators reuse a user's Vault allowance.
*
* For each operation, if the caller is not `sender`, it must be an authorized relayer for them.
*/functionmanageUserBalance(UserBalanceOp[] memory ops) externalpayable;
/**
* @dev Data for `manageUserBalance` operations, which include the possibility for ETH to be sent and received
without manual WETH wrapping or unwrapping.
*/structUserBalanceOp {
UserBalanceOpKind kind;
IAsset asset;
uint256 amount;
address sender;
addresspayable recipient;
}
// There are four possible operations in `manageUserBalance`://// - DEPOSIT_INTERNAL// Increases the Internal Balance of the `recipient` account by transferring tokens from the corresponding// `sender`. The sender must have allowed the Vault to use their tokens via `IERC20.approve()`.//// ETH can be used by passing the ETH sentinel value as the asset and forwarding ETH in the call: it will be wrapped// and deposited as WETH. Any ETH amount remaining will be sent back to the caller (not the sender, which is// relevant for relayers).//// Emits an `InternalBalanceChanged` event.////// - WITHDRAW_INTERNAL// Decreases the Internal Balance of the `sender` account by transferring tokens to the `recipient`.//// ETH can be used by passing the ETH sentinel value as the asset. This will deduct WETH instead, unwrap it and send// it to the recipient as ETH.//// Emits an `InternalBalanceChanged` event.////// - TRANSFER_INTERNAL// Transfers tokens from the Internal Balance of the `sender` account to the Internal Balance of `recipient`.//// Reverts if the ETH sentinel value is passed.//// Emits an `InternalBalanceChanged` event.////// - TRANSFER_EXTERNAL// Transfers tokens from `sender` to `recipient`, using the Vault's ERC20 allowance. This is typically used by// relayers, as it lets them reuse a user's Vault allowance.//// Reverts if the ETH sentinel value is passed.//// Emits an `ExternalBalanceTransfer` event.enumUserBalanceOpKind { DEPOSIT_INTERNAL, WITHDRAW_INTERNAL, TRANSFER_INTERNAL, TRANSFER_EXTERNAL }
/**
* @dev Emitted when a user's Internal Balance changes, either from calls to `manageUserBalance`, or through
* interacting with Pools using Internal Balance.
*
* Because Internal Balance works exclusively with ERC20 tokens, ETH deposits and withdrawals will use the WETH
* address.
*/eventInternalBalanceChanged(addressindexed user, IERC20 indexed token, int256 delta);
/**
* @dev Emitted when a user's Vault ERC20 allowance is used by the Vault to transfer tokens to an external account.
*/eventExternalBalanceTransfer(IERC20 indexed token, addressindexed sender, address recipient, uint256 amount);
// Pools//// There are three specialization settings for Pools, which allow for cheaper swaps at the cost of reduced// functionality://// - General: no specialization, suited for all Pools. IGeneralPool is used for swap request callbacks, passing the// balance of all tokens in the Pool. These Pools have the largest swap costs (because of the extra storage reads),// which increase with the number of registered tokens.//// - Minimal Swap Info: IMinimalSwapInfoPool is used instead of IGeneralPool, which saves gas by only passing the// balance of the two tokens involved in the swap. This is suitable for some pricing algorithms, like the weighted// constant product one popularized by Balancer V1. Swap costs are smaller compared to general Pools, and are// independent of the number of registered tokens.//// - Two Token: only allows two tokens to be registered. This achieves the lowest possible swap gas cost. Like// minimal swap info Pools, these are called via IMinimalSwapInfoPool.enumPoolSpecialization { GENERAL, MINIMAL_SWAP_INFO, TWO_TOKEN }
/**
* @dev Registers the caller account as a Pool with a given specialization setting. Returns the Pool's ID, which
* is used in all Pool-related functions. Pools cannot be deregistered, nor can the Pool's specialization be
* changed.
*
* The caller is expected to be a smart contract that implements either `IGeneralPool` or `IMinimalSwapInfoPool`,
* depending on the chosen specialization setting. This contract is known as the Pool's contract.
*
* Note that the same contract may register itself as multiple Pools with unique Pool IDs, or in other words,
* multiple Pools may share the same contract.
*
* Emits a `PoolRegistered` event.
*/functionregisterPool(PoolSpecialization specialization) externalreturns (bytes32);
/**
* @dev Emitted when a Pool is registered by calling `registerPool`.
*/eventPoolRegistered(bytes32indexed poolId, addressindexed poolAddress, PoolSpecialization specialization);
/**
* @dev Returns a Pool's contract address and specialization setting.
*/functiongetPool(bytes32 poolId) externalviewreturns (address, PoolSpecialization);
/**
* @dev Registers `tokens` for the `poolId` Pool. Must be called by the Pool's contract.
*
* Pools can only interact with tokens they have registered. Users join a Pool by transferring registered tokens,
* exit by receiving registered tokens, and can only swap registered tokens.
*
* Each token can only be registered once. For Pools with the Two Token specialization, `tokens` must have a length
* of two, that is, both tokens must be registered in the same `registerTokens` call, and they must be sorted in
* ascending order.
*
* The `tokens` and `assetManagers` arrays must have the same length, and each entry in these indicates the Asset
* Manager for the corresponding token. Asset Managers can manage a Pool's tokens via `managePoolBalance`,
* depositing and withdrawing them directly, and can even set their balance to arbitrary amounts. They are therefore
* expected to be highly secured smart contracts with sound design principles, and the decision to register an
* Asset Manager should not be made lightly.
*
* Pools can choose not to assign an Asset Manager to a given token by passing in the zero address. Once an Asset
* Manager is set, it cannot be changed except by deregistering the associated token and registering again with a
* different Asset Manager.
*
* Emits a `TokensRegistered` event.
*/functionregisterTokens(bytes32 poolId,
IERC20[] memory tokens,
address[] memory assetManagers
) external;
/**
* @dev Emitted when a Pool registers tokens by calling `registerTokens`.
*/eventTokensRegistered(bytes32indexed poolId, IERC20[] tokens, address[] assetManagers);
/**
* @dev Deregisters `tokens` for the `poolId` Pool. Must be called by the Pool's contract.
*
* Only registered tokens (via `registerTokens`) can be deregistered. Additionally, they must have zero total
* balance. For Pools with the Two Token specialization, `tokens` must have a length of two, that is, both tokens
* must be deregistered in the same `deregisterTokens` call.
*
* A deregistered token can be re-registered later on, possibly with a different Asset Manager.
*
* Emits a `TokensDeregistered` event.
*/functionderegisterTokens(bytes32 poolId, IERC20[] memory tokens) external;
/**
* @dev Emitted when a Pool deregisters tokens by calling `deregisterTokens`.
*/eventTokensDeregistered(bytes32indexed poolId, IERC20[] tokens);
/**
* @dev Returns detailed information for a Pool's registered token.
*
* `cash` is the number of tokens the Vault currently holds for the Pool. `managed` is the number of tokens
* withdrawn and held outside the Vault by the Pool's token Asset Manager. The Pool's total balance for `token`
* equals the sum of `cash` and `managed`.
*
* Internally, `cash` and `managed` are stored using 112 bits. No action can ever cause a Pool's token `cash`,
* `managed` or `total` balance to be greater than 2^112 - 1.
*
* `lastChangeBlock` is the number of the block in which `token`'s total balance was last modified (via either a
* join, exit, swap, or Asset Manager update). This value is useful to avoid so-called 'sandwich attacks', for
* example when developing price oracles. A change of zero (e.g. caused by a swap with amount zero) is considered a
* change for this purpose, and will update `lastChangeBlock`.
*
* `assetManager` is the Pool's token Asset Manager.
*/functiongetPoolTokenInfo(bytes32 poolId, IERC20 token)
externalviewreturns (uint256 cash,
uint256 managed,
uint256 lastChangeBlock,
address assetManager
);
/**
* @dev Returns a Pool's registered tokens, the total balance for each, and the latest block when *any* of
* the tokens' `balances` changed.
*
* The order of the `tokens` array is the same order that will be used in `joinPool`, `exitPool`, as well as in all
* Pool hooks (where applicable). Calls to `registerTokens` and `deregisterTokens` may change this order.
*
* If a Pool only registers tokens once, and these are sorted in ascending order, they will be stored in the same
* order as passed to `registerTokens`.
*
* Total balances include both tokens held by the Vault and those withdrawn by the Pool's Asset Managers. These are
* the amounts used by joins, exits and swaps. For a detailed breakdown of token balances, use `getPoolTokenInfo`
* instead.
*/functiongetPoolTokens(bytes32 poolId)
externalviewreturns (
IERC20[] memory tokens,
uint256[] memory balances,
uint256 lastChangeBlock
);
/**
* @dev Called by users to join a Pool, which transfers tokens from `sender` into the Pool's balance. This will
* trigger custom Pool behavior, which will typically grant something in return to `recipient` - often tokenized
* Pool shares.
*
* If the caller is not `sender`, it must be an authorized relayer for them.
*
* The `assets` and `maxAmountsIn` arrays must have the same length, and each entry indicates the maximum amount
* to send for each asset. The amounts to send are decided by the Pool and not the Vault: it just enforces
* these maximums.
*
* If joining a Pool that holds WETH, it is possible to send ETH directly: the Vault will do the wrapping. To enable
* this mechanism, the IAsset sentinel value (the zero address) must be passed in the `assets` array instead of the
* WETH address. Note that it is not possible to combine ETH and WETH in the same join. Any excess ETH will be sent
* back to the caller (not the sender, which is important for relayers).
*
* `assets` must have the same length and order as the array returned by `getPoolTokens`. This prevents issues when
* interacting with Pools that register and deregister tokens frequently. If sending ETH however, the array must be
* sorted *before* replacing the WETH address with the ETH sentinel value (the zero address), which means the final
* `assets` array might not be sorted. Pools with no registered tokens cannot be joined.
*
* If `fromInternalBalance` is true, the caller's Internal Balance will be preferred: ERC20 transfers will only
* be made for the difference between the requested amount and Internal Balance (if any). Note that ETH cannot be
* withdrawn from Internal Balance: attempting to do so will trigger a revert.
*
* This causes the Vault to call the `IBasePool.onJoinPool` hook on the Pool's contract, where Pools implement
* their own custom logic. This typically requires additional information from the user (such as the expected number
* of Pool shares). This can be encoded in the `userData` argument, which is ignored by the Vault and passed
* directly to the Pool's contract, as is `recipient`.
*
* Emits a `PoolBalanceChanged` event.
*/functionjoinPool(bytes32 poolId,
address sender,
address recipient,
JoinPoolRequest memory request
) externalpayable;
structJoinPoolRequest {
IAsset[] assets;
uint256[] maxAmountsIn;
bytes userData;
bool fromInternalBalance;
}
/**
* @dev Called by users to exit a Pool, which transfers tokens from the Pool's balance to `recipient`. This will
* trigger custom Pool behavior, which will typically ask for something in return from `sender` - often tokenized
* Pool shares. The amount of tokens that can be withdrawn is limited by the Pool's `cash` balance (see
* `getPoolTokenInfo`).
*
* If the caller is not `sender`, it must be an authorized relayer for them.
*
* The `tokens` and `minAmountsOut` arrays must have the same length, and each entry in these indicates the minimum
* token amount to receive for each token contract. The amounts to send are decided by the Pool and not the Vault:
* it just enforces these minimums.
*
* If exiting a Pool that holds WETH, it is possible to receive ETH directly: the Vault will do the unwrapping. To
* enable this mechanism, the IAsset sentinel value (the zero address) must be passed in the `assets` array instead
* of the WETH address. Note that it is not possible to combine ETH and WETH in the same exit.
*
* `assets` must have the same length and order as the array returned by `getPoolTokens`. This prevents issues when
* interacting with Pools that register and deregister tokens frequently. If receiving ETH however, the array must
* be sorted *before* replacing the WETH address with the ETH sentinel value (the zero address), which means the
* final `assets` array might not be sorted. Pools with no registered tokens cannot be exited.
*
* If `toInternalBalance` is true, the tokens will be deposited to `recipient`'s Internal Balance. Otherwise,
* an ERC20 transfer will be performed. Note that ETH cannot be deposited to Internal Balance: attempting to
* do so will trigger a revert.
*
* `minAmountsOut` is the minimum amount of tokens the user expects to get out of the Pool, for each token in the
* `tokens` array. This array must match the Pool's registered tokens.
*
* This causes the Vault to call the `IBasePool.onExitPool` hook on the Pool's contract, where Pools implement
* their own custom logic. This typically requires additional information from the user (such as the expected number
* of Pool shares to return). This can be encoded in the `userData` argument, which is ignored by the Vault and
* passed directly to the Pool's contract.
*
* Emits a `PoolBalanceChanged` event.
*/functionexitPool(bytes32 poolId,
address sender,
addresspayable recipient,
ExitPoolRequest memory request
) external;
structExitPoolRequest {
IAsset[] assets;
uint256[] minAmountsOut;
bytes userData;
bool toInternalBalance;
}
/**
* @dev Emitted when a user joins or exits a Pool by calling `joinPool` or `exitPool`, respectively.
*/eventPoolBalanceChanged(bytes32indexed poolId,
addressindexed liquidityProvider,
IERC20[] tokens,
int256[] deltas,
uint256[] protocolFeeAmounts
);
enumPoolBalanceChangeKind { JOIN, EXIT }
// Swaps//// Users can swap tokens with Pools by calling the `swap` and `batchSwap` functions. To do this,// they need not trust Pool contracts in any way: all security checks are made by the Vault. They must however be// aware of the Pools' pricing algorithms in order to estimate the prices Pools will quote.//// The `swap` function executes a single swap, while `batchSwap` can perform multiple swaps in sequence.// In each individual swap, tokens of one kind are sent from the sender to the Pool (this is the 'token in'),// and tokens of another kind are sent from the Pool to the recipient in exchange (this is the 'token out').// More complex swaps, such as one token in to multiple tokens out can be achieved by batching together// individual swaps.//// There are two swap kinds:// - 'given in' swaps, where the amount of tokens in (sent to the Pool) is known, and the Pool determines (via the// `onSwap` hook) the amount of tokens out (to send to the recipient).// - 'given out' swaps, where the amount of tokens out (received from the Pool) is known, and the Pool determines// (via the `onSwap` hook) the amount of tokens in (to receive from the sender).//// Additionally, it is possible to chain swaps using a placeholder input amount, which the Vault replaces with// the calculated output of the previous swap. If the previous swap was 'given in', this will be the calculated// tokenOut amount. If the previous swap was 'given out', it will use the calculated tokenIn amount. These extended// swaps are known as 'multihop' swaps, since they 'hop' through a number of intermediate tokens before arriving at// the final intended token.//// In all cases, tokens are only transferred in and out of the Vault (or withdrawn from and deposited into Internal// Balance) after all individual swaps have been completed, and the net token balance change computed. This makes// certain swap patterns, such as multihops, or swaps that interact with the same token pair in multiple Pools, cost// much less gas than they would otherwise.//// It also means that under certain conditions it is possible to perform arbitrage by swapping with multiple// Pools in a way that results in net token movement out of the Vault (profit), with no tokens being sent in (only// updating the Pool's internal accounting).//// To protect users from front-running or the market changing rapidly, they supply a list of 'limits' for each token// involved in the swap, where either the maximum number of tokens to send (by passing a positive value) or the// minimum amount of tokens to receive (by passing a negative value) is specified.//// Additionally, a 'deadline' timestamp can also be provided, forcing the swap to fail if it occurs after// this point in time (e.g. if the transaction failed to be included in a block promptly).//// If interacting with Pools that hold WETH, it is possible to both send and receive ETH directly: the Vault will do// the wrapping and unwrapping. To enable this mechanism, the IAsset sentinel value (the zero address) must be// passed in the `assets` array instead of the WETH address. Note that it is possible to combine ETH and WETH in the// same swap. Any excess ETH will be sent back to the caller (not the sender, which is relevant for relayers).//// Finally, Internal Balance can be used when either sending or receiving tokens.enumSwapKind { GIVEN_IN, GIVEN_OUT }
/**
* @dev Performs a swap with a single Pool.
*
* If the swap is 'given in' (the number of tokens to send to the Pool is known), it returns the amount of tokens
* taken from the Pool, which must be greater than or equal to `limit`.
*
* If the swap is 'given out' (the number of tokens to take from the Pool is known), it returns the amount of tokens
* sent to the Pool, which must be less than or equal to `limit`.
*
* Internal Balance usage and the recipient are determined by the `funds` struct.
*
* Emits a `Swap` event.
*/functionswap(
SingleSwap memory singleSwap,
FundManagement memory funds,
uint256 limit,
uint256 deadline
) externalpayablereturns (uint256);
/**
* @dev Data for a single swap executed by `swap`. `amount` is either `amountIn` or `amountOut` depending on
* the `kind` value.
*
* `assetIn` and `assetOut` are either token addresses, or the IAsset sentinel value for ETH (the zero address).
* Note that Pools never interact with ETH directly: it will be wrapped to or unwrapped from WETH by the Vault.
*
* The `userData` field is ignored by the Vault, but forwarded to the Pool in the `onSwap` hook, and may be
* used to extend swap behavior.
*/structSingleSwap {
bytes32 poolId;
SwapKind kind;
IAsset assetIn;
IAsset assetOut;
uint256 amount;
bytes userData;
}
/**
* @dev Performs a series of swaps with one or multiple Pools. In each individual swap, the caller determines either
* the amount of tokens sent to or received from the Pool, depending on the `kind` value.
*
* Returns an array with the net Vault asset balance deltas. Positive amounts represent tokens (or ETH) sent to the
* Vault, and negative amounts represent tokens (or ETH) sent by the Vault. Each delta corresponds to the asset at
* the same index in the `assets` array.
*
* Swaps are executed sequentially, in the order specified by the `swaps` array. Each array element describes a
* Pool, the token to be sent to this Pool, the token to receive from it, and an amount that is either `amountIn` or
* `amountOut` depending on the swap kind.
*
* Multihop swaps can be executed by passing an `amount` value of zero for a swap. This will cause the amount in/out
* of the previous swap to be used as the amount in for the current one. In a 'given in' swap, 'tokenIn' must equal
* the previous swap's `tokenOut`. For a 'given out' swap, `tokenOut` must equal the previous swap's `tokenIn`.
*
* The `assets` array contains the addresses of all assets involved in the swaps. These are either token addresses,
* or the IAsset sentinel value for ETH (the zero address). Each entry in the `swaps` array specifies tokens in and
* out by referencing an index in `assets`. Note that Pools never interact with ETH directly: it will be wrapped to
* or unwrapped from WETH by the Vault.
*
* Internal Balance usage, sender, and recipient are determined by the `funds` struct. The `limits` array specifies
* the minimum or maximum amount of each token the vault is allowed to transfer.
*
* `batchSwap` can be used to make a single swap, like `swap` does, but doing so requires more gas than the
* equivalent `swap` call.
*
* Emits `Swap` events.
*/functionbatchSwap(
SwapKind kind,
BatchSwapStep[] memory swaps,
IAsset[] memory assets,
FundManagement memory funds,
int256[] memory limits,
uint256 deadline
) externalpayablereturns (int256[] memory);
/**
* @dev Data for each individual swap executed by `batchSwap`. The asset in and out fields are indexes into the
* `assets` array passed to that function, and ETH assets are converted to WETH.
*
* If `amount` is zero, the multihop mechanism is used to determine the actual amount based on the amount in/out
* from the previous swap, depending on the swap kind.
*
* The `userData` field is ignored by the Vault, but forwarded to the Pool in the `onSwap` hook, and may be
* used to extend swap behavior.
*/structBatchSwapStep {
bytes32 poolId;
uint256 assetInIndex;
uint256 assetOutIndex;
uint256 amount;
bytes userData;
}
/**
* @dev Emitted for each individual swap performed by `swap` or `batchSwap`.
*/eventSwap(bytes32indexed poolId,
IERC20 indexed tokenIn,
IERC20 indexed tokenOut,
uint256 amountIn,
uint256 amountOut
);
/**
* @dev All tokens in a swap are either sent from the `sender` account to the Vault, or from the Vault to the
* `recipient` account.
*
* If the caller is not `sender`, it must be an authorized relayer for them.
*
* If `fromInternalBalance` is true, the `sender`'s Internal Balance will be preferred, performing an ERC20
* transfer for the difference between the requested amount and the User's Internal Balance (if any). The `sender`
* must have allowed the Vault to use their tokens via `IERC20.approve()`. This matches the behavior of
* `joinPool`.
*
* If `toInternalBalance` is true, tokens will be deposited to `recipient`'s internal balance instead of
* transferred. This matches the behavior of `exitPool`.
*
* Note that ETH cannot be deposited to or withdrawn from Internal Balance: attempting to do so will trigger a
* revert.
*/structFundManagement {
address sender;
bool fromInternalBalance;
addresspayable recipient;
bool toInternalBalance;
}
/**
* @dev Simulates a call to `batchSwap`, returning an array of Vault asset deltas. Calls to `swap` cannot be
* simulated directly, but an equivalent `batchSwap` call can and will yield the exact same result.
*
* Each element in the array corresponds to the asset at the same index, and indicates the number of tokens (or ETH)
* the Vault would take from the sender (if positive) or send to the recipient (if negative). The arguments it
* receives are the same that an equivalent `batchSwap` call would receive.
*
* Unlike `batchSwap`, this function performs no checks on the sender or recipient field in the `funds` struct.
* This makes it suitable to be called by off-chain applications via eth_call without needing to hold tokens,
* approve them for the Vault, or even know a user's address.
*
* Note that this function is not 'view' (due to implementation details): the client code must explicitly execute
* eth_call instead of eth_sendTransaction.
*/functionqueryBatchSwap(
SwapKind kind,
BatchSwapStep[] memory swaps,
IAsset[] memory assets,
FundManagement memory funds
) externalreturns (int256[] memory assetDeltas);
// Flash Loans/**
* @dev Performs a 'flash loan', sending tokens to `recipient`, executing the `receiveFlashLoan` hook on it,
* and then reverting unless the tokens plus a proportional protocol fee have been returned.
*
* The `tokens` and `amounts` arrays must have the same length, and each entry in these indicates the loan amount
* for each token contract. `tokens` must be sorted in ascending order.
*
* The 'userData' field is ignored by the Vault, and forwarded as-is to `recipient` as part of the
* `receiveFlashLoan` call.
*
* Emits `FlashLoan` events.
*/functionflashLoan(
IFlashLoanRecipient recipient,
IERC20[] memory tokens,
uint256[] memory amounts,
bytesmemory userData
) external;
/**
* @dev Emitted for each individual flash loan performed by `flashLoan`.
*/eventFlashLoan(IFlashLoanRecipient indexed recipient, IERC20 indexed token, uint256 amount, uint256 feeAmount);
// Asset Management//// Each token registered for a Pool can be assigned an Asset Manager, which is able to freely withdraw the Pool's// tokens from the Vault, deposit them, or assign arbitrary values to its `managed` balance (see// `getPoolTokenInfo`). This makes them extremely powerful and dangerous. Even if an Asset Manager only directly// controls one of the tokens in a Pool, a malicious manager could set that token's balance to manipulate the// prices of the other tokens, and then drain the Pool with swaps. The risk of using Asset Managers is therefore// not constrained to the tokens they are managing, but extends to the entire Pool's holdings.//// However, a properly designed Asset Manager smart contract can be safely used for the Pool's benefit,// for example by lending unused tokens out for interest, or using them to participate in voting protocols.//// This concept is unrelated to the IAsset interface./**
* @dev Performs a set of Pool balance operations, which may be either withdrawals, deposits or updates.
*
* Pool Balance management features batching, which means a single contract call can be used to perform multiple
* operations of different kinds, with different Pools and tokens, at once.
*
* For each operation, the caller must be registered as the Asset Manager for `token` in `poolId`.
*/functionmanagePoolBalance(PoolBalanceOp[] memory ops) external;
structPoolBalanceOp {
PoolBalanceOpKind kind;
bytes32 poolId;
IERC20 token;
uint256 amount;
}
/**
* Withdrawals decrease the Pool's cash, but increase its managed balance, leaving the total balance unchanged.
*
* Deposits increase the Pool's cash, but decrease its managed balance, leaving the total balance unchanged.
*
* Updates don't affect the Pool's cash balance, but because the managed balance changes, it does alter the total.
* The external amount can be either increased or decreased by this call (i.e., reporting a gain or a loss).
*/enumPoolBalanceOpKind { WITHDRAW, DEPOSIT, UPDATE }
/**
* @dev Emitted when a Pool's token Asset Manager alters its balance via `managePoolBalance`.
*/eventPoolBalanceManaged(bytes32indexed poolId,
addressindexed assetManager,
IERC20 indexed token,
int256 cashDelta,
int256 managedDelta
);
// Protocol Fees//// Some operations cause the Vault to collect tokens in the form of protocol fees, which can then be withdrawn by// permissioned accounts.//// There are two kinds of protocol fees://// - flash loan fees: charged on all flash loans, as a percentage of the amounts lent.//// - swap fees: a percentage of the fees charged by Pools when performing swaps. For a number of reasons, including// swap gas costs and interface simplicity, protocol swap fees are not charged on each individual swap. Rather,// Pools are expected to keep track of how much they have charged in swap fees, and pay any outstanding debts to the// Vault when they are joined or exited. This prevents users from joining a Pool with unpaid debt, as well as// exiting a Pool in debt without first paying their share./**
* @dev Returns the current protocol fee module.
*/functiongetProtocolFeesCollector() externalviewreturns (ProtocolFeesCollector);
/**
* @dev Safety mechanism to pause most Vault operations in the event of an emergency - typically detection of an
* error in some part of the system.
*
* The Vault can only be paused during an initial time period, after which pausing is forever disabled.
*
* While the contract is paused, the following features are disabled:
* - depositing and transferring internal balance
* - transferring external balance (using the Vault's allowance)
* - swaps
* - joining Pools
* - Asset Manager interactions
*
* Internal Balance can still be withdrawn, and Pools exited.
*/functionsetPaused(bool paused) external;
/**
* @dev Returns the Vault's WETH instance.
*/functionWETH() externalviewreturns (IWETH);
// solhint-disable-previous-line func-name-mixedcase
}
Contract Source Code
File 21 of 28: IWETH.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;import"../../lib/openzeppelin/IERC20.sol";
/**
* @dev Interface for the WETH token contract used internally for wrapping and unwrapping, to support
* sending and receiving ETH in joins, swaps, and internal balance deposits and withdrawals.
*/interfaceIWETHisIERC20{
functiondeposit() externalpayable;
functionwithdraw(uint256 amount) external;
}
Contract Source Code
File 22 of 28: InputHelpers.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;import"../openzeppelin/IERC20.sol";
import"./BalancerErrors.sol";
import"../../vault/interfaces/IAsset.sol";
libraryInputHelpers{
functionensureInputLengthMatch(uint256 a, uint256 b) internalpure{
_require(a == b, Errors.INPUT_LENGTH_MISMATCH);
}
functionensureInputLengthMatch(uint256 a,
uint256 b,
uint256 c
) internalpure{
_require(a == b && b == c, Errors.INPUT_LENGTH_MISMATCH);
}
functionensureArrayIsSorted(IAsset[] memory array) internalpure{
address[] memory addressArray;
// solhint-disable-next-line no-inline-assemblyassembly {
addressArray := array
}
ensureArrayIsSorted(addressArray);
}
functionensureArrayIsSorted(IERC20[] memory array) internalpure{
address[] memory addressArray;
// solhint-disable-next-line no-inline-assemblyassembly {
addressArray := array
}
ensureArrayIsSorted(addressArray);
}
functionensureArrayIsSorted(address[] memory array) internalpure{
if (array.length<2) {
return;
}
address previous = array[0];
for (uint256 i =1; i < array.length; ++i) {
address current = array[i];
_require(previous < current, Errors.UNSORTED_ARRAY);
previous = current;
}
}
}
Contract Source Code
File 23 of 28: LogExpMath.sol
// SPDX-License-Identifier: MIT// Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated// documentation files (the “Software”), to deal in the Software without restriction, including without limitation the// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to// permit persons to whom the Software is furnished to do so, subject to the following conditions:// The above copyright notice and this permission notice shall be included in all copies or substantial portions of the// Software.// THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE// WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.pragmasolidity ^0.7.0;import"../helpers/BalancerErrors.sol";
/* solhint-disable *//**
* @dev Exponentiation and logarithm functions for 18 decimal fixed point numbers (both base and exponent/argument).
*
* Exponentiation and logarithm with arbitrary bases (x^y and log_x(y)) are implemented by conversion to natural
* exponentiation and logarithm (where the base is Euler's number).
*
* @author Fernando Martinelli - @fernandomartinelli
* @author Sergio Yuhjtman - @sergioyuhjtman
* @author Daniel Fernandez - @dmf7z
*/libraryLogExpMath{
// All fixed point multiplications and divisions are inlined. This means we need to divide by ONE when multiplying// two numbers, and multiply by ONE when dividing them.// All arguments and return values are 18 decimal fixed point numbers.int256constant ONE_18 =1e18;
// Internally, intermediate values are computed with higher precision as 20 decimal fixed point numbers, and in the// case of ln36, 36 decimals.int256constant ONE_20 =1e20;
int256constant ONE_36 =1e36;
// The domain of natural exponentiation is bound by the word size and number of decimals used.//// Because internally the result will be stored using 20 decimals, the largest possible result is// (2^255 - 1) / 10^20, which makes the largest exponent ln((2^255 - 1) / 10^20) = 130.700829182905140221.// The smallest possible result is 10^(-18), which makes largest negative argument// ln(10^(-18)) = -41.446531673892822312.// We use 130.0 and -41.0 to have some safety margin.int256constant MAX_NATURAL_EXPONENT =130e18;
int256constant MIN_NATURAL_EXPONENT =-41e18;
// Bounds for ln_36's argument. Both ln(0.9) and ln(1.1) can be represented with 36 decimal places in a fixed point// 256 bit integer.int256constant LN_36_LOWER_BOUND = ONE_18 -1e17;
int256constant LN_36_UPPER_BOUND = ONE_18 +1e17;
uint256constant MILD_EXPONENT_BOUND =2**254/uint256(ONE_20);
// 18 decimal constantsint256constant x0 =128000000000000000000; // 2ˆ7int256constant a0 =38877084059945950922200000000000000000000000000000000000; // eˆ(x0) (no decimals)int256constant x1 =64000000000000000000; // 2ˆ6int256constant a1 =6235149080811616882910000000; // eˆ(x1) (no decimals)// 20 decimal constantsint256constant x2 =3200000000000000000000; // 2ˆ5int256constant a2 =7896296018268069516100000000000000; // eˆ(x2)int256constant x3 =1600000000000000000000; // 2ˆ4int256constant a3 =888611052050787263676000000; // eˆ(x3)int256constant x4 =800000000000000000000; // 2ˆ3int256constant a4 =298095798704172827474000; // eˆ(x4)int256constant x5 =400000000000000000000; // 2ˆ2int256constant a5 =5459815003314423907810; // eˆ(x5)int256constant x6 =200000000000000000000; // 2ˆ1int256constant a6 =738905609893065022723; // eˆ(x6)int256constant x7 =100000000000000000000; // 2ˆ0int256constant a7 =271828182845904523536; // eˆ(x7)int256constant x8 =50000000000000000000; // 2ˆ-1int256constant a8 =164872127070012814685; // eˆ(x8)int256constant x9 =25000000000000000000; // 2ˆ-2int256constant a9 =128402541668774148407; // eˆ(x9)int256constant x10 =12500000000000000000; // 2ˆ-3int256constant a10 =113314845306682631683; // eˆ(x10)int256constant x11 =6250000000000000000; // 2ˆ-4int256constant a11 =106449445891785942956; // eˆ(x11)/**
* @dev Exponentiation (x^y) with unsigned 18 decimal fixed point base and exponent.
*
* Reverts if ln(x) * y is smaller than `MIN_NATURAL_EXPONENT`, or larger than `MAX_NATURAL_EXPONENT`.
*/functionpow(uint256 x, uint256 y) internalpurereturns (uint256) {
if (y ==0) {
// We solve the 0^0 indetermination by making it equal one.returnuint256(ONE_18);
}
if (x ==0) {
return0;
}
// Instead of computing x^y directly, we instead rely on the properties of logarithms and exponentiation to// arrive at that result. In particular, exp(ln(x)) = x, and ln(x^y) = y * ln(x). This means// x^y = exp(y * ln(x)).// The ln function takes a signed value, so we need to make sure x fits in the signed 256 bit range.
_require(x <2**255, Errors.X_OUT_OF_BOUNDS);
int256 x_int256 =int256(x);
// We will compute y * ln(x) in a single step. Depending on the value of x, we can either use ln or ln_36. In// both cases, we leave the division by ONE_18 (due to fixed point multiplication) to the end.// This prevents y * ln(x) from overflowing, and at the same time guarantees y fits in the signed 256 bit range.
_require(y < MILD_EXPONENT_BOUND, Errors.Y_OUT_OF_BOUNDS);
int256 y_int256 =int256(y);
int256 logx_times_y;
if (LN_36_LOWER_BOUND < x_int256 && x_int256 < LN_36_UPPER_BOUND) {
int256 ln_36_x = _ln_36(x_int256);
// ln_36_x has 36 decimal places, so multiplying by y_int256 isn't as straightforward, since we can't just// bring y_int256 to 36 decimal places, as it might overflow. Instead, we perform two 18 decimal// multiplications and add the results: one with the first 18 decimals of ln_36_x, and one with the// (downscaled) last 18 decimals.
logx_times_y = ((ln_36_x / ONE_18) * y_int256 + ((ln_36_x % ONE_18) * y_int256) / ONE_18);
} else {
logx_times_y = _ln(x_int256) * y_int256;
}
logx_times_y /= ONE_18;
// Finally, we compute exp(y * ln(x)) to arrive at x^y
_require(
MIN_NATURAL_EXPONENT <= logx_times_y && logx_times_y <= MAX_NATURAL_EXPONENT,
Errors.PRODUCT_OUT_OF_BOUNDS
);
returnuint256(exp(logx_times_y));
}
/**
* @dev Natural exponentiation (e^x) with signed 18 decimal fixed point exponent.
*
* Reverts if `x` is smaller than MIN_NATURAL_EXPONENT, or larger than `MAX_NATURAL_EXPONENT`.
*/functionexp(int256 x) internalpurereturns (int256) {
_require(x >= MIN_NATURAL_EXPONENT && x <= MAX_NATURAL_EXPONENT, Errors.INVALID_EXPONENT);
if (x <0) {
// We only handle positive exponents: e^(-x) is computed as 1 / e^x. We can safely make x positive since it// fits in the signed 256 bit range (as it is larger than MIN_NATURAL_EXPONENT).// Fixed point division requires multiplying by ONE_18.return ((ONE_18 * ONE_18) / exp(-x));
}
// First, we use the fact that e^(x+y) = e^x * e^y to decompose x into a sum of powers of two, which we call x_n,// where x_n == 2^(7 - n), and e^x_n = a_n has been precomputed. We choose the first x_n, x0, to equal 2^7// because all larger powers are larger than MAX_NATURAL_EXPONENT, and therefore not present in the// decomposition.// At the end of this process we will have the product of all e^x_n = a_n that apply, and the remainder of this// decomposition, which will be lower than the smallest x_n.// exp(x) = k_0 * a_0 * k_1 * a_1 * ... + k_n * a_n * exp(remainder), where each k_n equals either 0 or 1.// We mutate x by subtracting x_n, making it the remainder of the decomposition.// The first two a_n (e^(2^7) and e^(2^6)) are too large if stored as 18 decimal numbers, and could cause// intermediate overflows. Instead we store them as plain integers, with 0 decimals.// Additionally, x0 + x1 is larger than MAX_NATURAL_EXPONENT, which means they will not both be present in the// decomposition.// For each x_n, we test if that term is present in the decomposition (if x is larger than it), and if so deduct// it and compute the accumulated product.int256 firstAN;
if (x >= x0) {
x -= x0;
firstAN = a0;
} elseif (x >= x1) {
x -= x1;
firstAN = a1;
} else {
firstAN =1; // One with no decimal places
}
// We now transform x into a 20 decimal fixed point number, to have enhanced precision when computing the// smaller terms.
x *=100;
// `product` is the accumulated product of all a_n (except a0 and a1), which starts at 20 decimal fixed point// one. Recall that fixed point multiplication requires dividing by ONE_20.int256 product = ONE_20;
if (x >= x2) {
x -= x2;
product = (product * a2) / ONE_20;
}
if (x >= x3) {
x -= x3;
product = (product * a3) / ONE_20;
}
if (x >= x4) {
x -= x4;
product = (product * a4) / ONE_20;
}
if (x >= x5) {
x -= x5;
product = (product * a5) / ONE_20;
}
if (x >= x6) {
x -= x6;
product = (product * a6) / ONE_20;
}
if (x >= x7) {
x -= x7;
product = (product * a7) / ONE_20;
}
if (x >= x8) {
x -= x8;
product = (product * a8) / ONE_20;
}
if (x >= x9) {
x -= x9;
product = (product * a9) / ONE_20;
}
// x10 and x11 are unnecessary here since we have high enough precision already.// Now we need to compute e^x, where x is small (in particular, it is smaller than x9). We use the Taylor series// expansion for e^x: 1 + x + (x^2 / 2!) + (x^3 / 3!) + ... + (x^n / n!).int256 seriesSum = ONE_20; // The initial one in the sum, with 20 decimal places.int256 term; // Each term in the sum, where the nth term is (x^n / n!).// The first term is simply x.
term = x;
seriesSum += term;
// Each term (x^n / n!) equals the previous one times x, divided by n. Since x is a fixed point number,// multiplying by it requires dividing by ONE_20, but dividing by the non-fixed point n values does not.
term = ((term * x) / ONE_20) /2;
seriesSum += term;
term = ((term * x) / ONE_20) /3;
seriesSum += term;
term = ((term * x) / ONE_20) /4;
seriesSum += term;
term = ((term * x) / ONE_20) /5;
seriesSum += term;
term = ((term * x) / ONE_20) /6;
seriesSum += term;
term = ((term * x) / ONE_20) /7;
seriesSum += term;
term = ((term * x) / ONE_20) /8;
seriesSum += term;
term = ((term * x) / ONE_20) /9;
seriesSum += term;
term = ((term * x) / ONE_20) /10;
seriesSum += term;
term = ((term * x) / ONE_20) /11;
seriesSum += term;
term = ((term * x) / ONE_20) /12;
seriesSum += term;
// 12 Taylor terms are sufficient for 18 decimal precision.// We now have the first a_n (with no decimals), and the product of all other a_n present, and the Taylor// approximation of the exponentiation of the remainder (both with 20 decimals). All that remains is to multiply// all three (one 20 decimal fixed point multiplication, dividing by ONE_20, and one integer multiplication),// and then drop two digits to return an 18 decimal value.return (((product * seriesSum) / ONE_20) * firstAN) /100;
}
/**
* @dev Logarithm (log(arg, base), with signed 18 decimal fixed point base and argument.
*/functionlog(int256 arg, int256 base) internalpurereturns (int256) {
// This performs a simple base change: log(arg, base) = ln(arg) / ln(base).// Both logBase and logArg are computed as 36 decimal fixed point numbers, either by using ln_36, or by// upscaling.int256 logBase;
if (LN_36_LOWER_BOUND < base && base < LN_36_UPPER_BOUND) {
logBase = _ln_36(base);
} else {
logBase = _ln(base) * ONE_18;
}
int256 logArg;
if (LN_36_LOWER_BOUND < arg && arg < LN_36_UPPER_BOUND) {
logArg = _ln_36(arg);
} else {
logArg = _ln(arg) * ONE_18;
}
// When dividing, we multiply by ONE_18 to arrive at a result with 18 decimal placesreturn (logArg * ONE_18) / logBase;
}
/**
* @dev Natural logarithm (ln(a)) with signed 18 decimal fixed point argument.
*/functionln(int256 a) internalpurereturns (int256) {
// The real natural logarithm is not defined for negative numbers or zero.
_require(a >0, Errors.OUT_OF_BOUNDS);
if (LN_36_LOWER_BOUND < a && a < LN_36_UPPER_BOUND) {
return _ln_36(a) / ONE_18;
} else {
return _ln(a);
}
}
/**
* @dev Internal natural logarithm (ln(a)) with signed 18 decimal fixed point argument.
*/function_ln(int256 a) privatepurereturns (int256) {
if (a < ONE_18) {
// Since ln(a^k) = k * ln(a), we can compute ln(a) as ln(a) = ln((1/a)^(-1)) = - ln((1/a)). If a is less// than one, 1/a will be greater than one, and this if statement will not be entered in the recursive call.// Fixed point division requires multiplying by ONE_18.return (-_ln((ONE_18 * ONE_18) / a));
}
// First, we use the fact that ln^(a * b) = ln(a) + ln(b) to decompose ln(a) into a sum of powers of two, which// we call x_n, where x_n == 2^(7 - n), which are the natural logarithm of precomputed quantities a_n (that is,// ln(a_n) = x_n). We choose the first x_n, x0, to equal 2^7 because the exponential of all larger powers cannot// be represented as 18 fixed point decimal numbers in 256 bits, and are therefore larger than a.// At the end of this process we will have the sum of all x_n = ln(a_n) that apply, and the remainder of this// decomposition, which will be lower than the smallest a_n.// ln(a) = k_0 * x_0 + k_1 * x_1 + ... + k_n * x_n + ln(remainder), where each k_n equals either 0 or 1.// We mutate a by subtracting a_n, making it the remainder of the decomposition.// For reasons related to how `exp` works, the first two a_n (e^(2^7) and e^(2^6)) are not stored as fixed point// numbers with 18 decimals, but instead as plain integers with 0 decimals, so we need to multiply them by// ONE_18 to convert them to fixed point.// For each a_n, we test if that term is present in the decomposition (if a is larger than it), and if so divide// by it and compute the accumulated sum.int256 sum =0;
if (a >= a0 * ONE_18) {
a /= a0; // Integer, not fixed point division
sum += x0;
}
if (a >= a1 * ONE_18) {
a /= a1; // Integer, not fixed point division
sum += x1;
}
// All other a_n and x_n are stored as 20 digit fixed point numbers, so we convert the sum and a to this format.
sum *=100;
a *=100;
// Because further a_n are 20 digit fixed point numbers, we multiply by ONE_20 when dividing by them.if (a >= a2) {
a = (a * ONE_20) / a2;
sum += x2;
}
if (a >= a3) {
a = (a * ONE_20) / a3;
sum += x3;
}
if (a >= a4) {
a = (a * ONE_20) / a4;
sum += x4;
}
if (a >= a5) {
a = (a * ONE_20) / a5;
sum += x5;
}
if (a >= a6) {
a = (a * ONE_20) / a6;
sum += x6;
}
if (a >= a7) {
a = (a * ONE_20) / a7;
sum += x7;
}
if (a >= a8) {
a = (a * ONE_20) / a8;
sum += x8;
}
if (a >= a9) {
a = (a * ONE_20) / a9;
sum += x9;
}
if (a >= a10) {
a = (a * ONE_20) / a10;
sum += x10;
}
if (a >= a11) {
a = (a * ONE_20) / a11;
sum += x11;
}
// a is now a small number (smaller than a_11, which roughly equals 1.06). This means we can use a Taylor series// that converges rapidly for values of `a` close to one - the same one used in ln_36.// Let z = (a - 1) / (a + 1).// ln(a) = 2 * (z + z^3 / 3 + z^5 / 5 + z^7 / 7 + ... + z^(2 * n + 1) / (2 * n + 1))// Recall that 20 digit fixed point division requires multiplying by ONE_20, and multiplication requires// division by ONE_20.int256 z = ((a - ONE_20) * ONE_20) / (a + ONE_20);
int256 z_squared = (z * z) / ONE_20;
// num is the numerator of the series: the z^(2 * n + 1) termint256 num = z;
// seriesSum holds the accumulated sum of each term in the series, starting with the initial zint256 seriesSum = num;
// In each step, the numerator is multiplied by z^2
num = (num * z_squared) / ONE_20;
seriesSum += num /3;
num = (num * z_squared) / ONE_20;
seriesSum += num /5;
num = (num * z_squared) / ONE_20;
seriesSum += num /7;
num = (num * z_squared) / ONE_20;
seriesSum += num /9;
num = (num * z_squared) / ONE_20;
seriesSum += num /11;
// 6 Taylor terms are sufficient for 36 decimal precision.// Finally, we multiply by 2 (non fixed point) to compute ln(remainder)
seriesSum *=2;
// We now have the sum of all x_n present, and the Taylor approximation of the logarithm of the remainder (both// with 20 decimals). All that remains is to sum these two, and then drop two digits to return a 18 decimal// value.return (sum + seriesSum) /100;
}
/**
* @dev Intrnal high precision (36 decimal places) natural logarithm (ln(x)) with signed 18 decimal fixed point argument,
* for x close to one.
*
* Should only be used if x is between LN_36_LOWER_BOUND and LN_36_UPPER_BOUND.
*/function_ln_36(int256 x) privatepurereturns (int256) {
// Since ln(1) = 0, a value of x close to one will yield a very small result, which makes using 36 digits// worthwhile.// First, we transform x to a 36 digit fixed point value.
x *= ONE_18;
// We will use the following Taylor expansion, which converges very rapidly. Let z = (x - 1) / (x + 1).// ln(x) = 2 * (z + z^3 / 3 + z^5 / 5 + z^7 / 7 + ... + z^(2 * n + 1) / (2 * n + 1))// Recall that 36 digit fixed point division requires multiplying by ONE_36, and multiplication requires// division by ONE_36.int256 z = ((x - ONE_36) * ONE_36) / (x + ONE_36);
int256 z_squared = (z * z) / ONE_36;
// num is the numerator of the series: the z^(2 * n + 1) termint256 num = z;
// seriesSum holds the accumulated sum of each term in the series, starting with the initial zint256 seriesSum = num;
// In each step, the numerator is multiplied by z^2
num = (num * z_squared) / ONE_36;
seriesSum += num /3;
num = (num * z_squared) / ONE_36;
seriesSum += num /5;
num = (num * z_squared) / ONE_36;
seriesSum += num /7;
num = (num * z_squared) / ONE_36;
seriesSum += num /9;
num = (num * z_squared) / ONE_36;
seriesSum += num /11;
num = (num * z_squared) / ONE_36;
seriesSum += num /13;
num = (num * z_squared) / ONE_36;
seriesSum += num /15;
// 8 Taylor terms are sufficient for 36 decimal precision.// All that remains is multiplying by 2 (non fixed point).return seriesSum *2;
}
}
Contract Source Code
File 24 of 28: Math.sol
// SPDX-License-Identifier: MITpragmasolidity ^0.7.0;import"../helpers/BalancerErrors.sol";
/**
* @dev Wrappers over Solidity's arithmetic operations with added overflow checks.
* Adapted from OpenZeppelin's SafeMath library
*/libraryMath{
/**
* @dev Returns the addition of two unsigned integers of 256 bits, reverting on overflow.
*/functionadd(uint256 a, uint256 b) internalpurereturns (uint256) {
uint256 c = a + b;
_require(c >= a, Errors.ADD_OVERFLOW);
return c;
}
/**
* @dev Returns the addition of two signed integers, reverting on overflow.
*/functionadd(int256 a, int256 b) internalpurereturns (int256) {
int256 c = a + b;
_require((b >=0&& c >= a) || (b <0&& c < a), Errors.ADD_OVERFLOW);
return c;
}
/**
* @dev Returns the subtraction of two unsigned integers of 256 bits, reverting on overflow.
*/functionsub(uint256 a, uint256 b) internalpurereturns (uint256) {
_require(b <= a, Errors.SUB_OVERFLOW);
uint256 c = a - b;
return c;
}
/**
* @dev Returns the subtraction of two signed integers, reverting on overflow.
*/functionsub(int256 a, int256 b) internalpurereturns (int256) {
int256 c = a - b;
_require((b >=0&& c <= a) || (b <0&& c > a), Errors.SUB_OVERFLOW);
return c;
}
/**
* @dev Returns the largest of two numbers of 256 bits.
*/functionmax(uint256 a, uint256 b) internalpurereturns (uint256) {
return a >= b ? a : b;
}
/**
* @dev Returns the smallest of two numbers of 256 bits.
*/functionmin(uint256 a, uint256 b) internalpurereturns (uint256) {
return a < b ? a : b;
}
functionmul(uint256 a, uint256 b) internalpurereturns (uint256) {
uint256 c = a * b;
_require(a ==0|| c / a == b, Errors.MUL_OVERFLOW);
return c;
}
functiondivDown(uint256 a, uint256 b) internalpurereturns (uint256) {
_require(b !=0, Errors.ZERO_DIVISION);
return a / b;
}
functiondivUp(uint256 a, uint256 b) internalpurereturns (uint256) {
_require(b !=0, Errors.ZERO_DIVISION);
if (a ==0) {
return0;
} else {
return1+ (a -1) / b;
}
}
}
Contract Source Code
File 25 of 28: ProtocolFeesCollector.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.7.0;pragmaexperimentalABIEncoderV2;import"../lib/openzeppelin/IERC20.sol";
import"../lib/helpers/InputHelpers.sol";
import"../lib/helpers/Authentication.sol";
import"../lib/openzeppelin/ReentrancyGuard.sol";
import"../lib/openzeppelin/SafeERC20.sol";
import"./interfaces/IVault.sol";
import"./interfaces/IAuthorizer.sol";
/**
* @dev This an auxiliary contract to the Vault, deployed by it during construction. It offloads some of the tasks the
* Vault performs to reduce its overall bytecode size.
*
* The current values for all protocol fee percentages are stored here, and any tokens charged as protocol fees are
* sent to this contract, where they may be withdrawn by authorized entities. All authorization tasks are delegated
* to the Vault's own authorizer.
*/contractProtocolFeesCollectorisAuthentication, ReentrancyGuard{
usingSafeERC20forIERC20;
// Absolute maximum fee percentages (1e18 = 100%, 1e16 = 1%).uint256privateconstant _MAX_PROTOCOL_SWAP_FEE_PERCENTAGE =50e16; // 50%uint256privateconstant _MAX_PROTOCOL_FLASH_LOAN_FEE_PERCENTAGE =1e16; // 1%
IVault publicimmutable vault;
// All fee percentages are 18-decimal fixed point numbers.// The swap fee is charged whenever a swap occurs, as a percentage of the fee charged by the Pool. These are not// actually charged on each individual swap: the `Vault` relies on the Pools being honest and reporting fees due// when users join and exit them.uint256private _swapFeePercentage;
// The flash loan fee is charged whenever a flash loan occurs, as a percentage of the tokens lent.uint256private _flashLoanFeePercentage;
eventSwapFeePercentageChanged(uint256 newSwapFeePercentage);
eventFlashLoanFeePercentageChanged(uint256 newFlashLoanFeePercentage);
constructor(IVault _vault)
// The ProtocolFeesCollector is a singleton, so it simply uses its own address to disambiguate action// identifiers.Authentication(bytes32(uint256(address(this))))
{
vault = _vault;
}
functionwithdrawCollectedFees(
IERC20[] calldata tokens,
uint256[] calldata amounts,
address recipient
) externalnonReentrantauthenticate{
InputHelpers.ensureInputLengthMatch(tokens.length, amounts.length);
for (uint256 i =0; i < tokens.length; ++i) {
IERC20 token = tokens[i];
uint256 amount = amounts[i];
token.safeTransfer(recipient, amount);
}
}
functionsetSwapFeePercentage(uint256 newSwapFeePercentage) externalauthenticate{
_require(newSwapFeePercentage <= _MAX_PROTOCOL_SWAP_FEE_PERCENTAGE, Errors.SWAP_FEE_PERCENTAGE_TOO_HIGH);
_swapFeePercentage = newSwapFeePercentage;
emit SwapFeePercentageChanged(newSwapFeePercentage);
}
functionsetFlashLoanFeePercentage(uint256 newFlashLoanFeePercentage) externalauthenticate{
_require(
newFlashLoanFeePercentage <= _MAX_PROTOCOL_FLASH_LOAN_FEE_PERCENTAGE,
Errors.FLASH_LOAN_FEE_PERCENTAGE_TOO_HIGH
);
_flashLoanFeePercentage = newFlashLoanFeePercentage;
emit FlashLoanFeePercentageChanged(newFlashLoanFeePercentage);
}
functiongetSwapFeePercentage() externalviewreturns (uint256) {
return _swapFeePercentage;
}
functiongetFlashLoanFeePercentage() externalviewreturns (uint256) {
return _flashLoanFeePercentage;
}
functiongetCollectedFeeAmounts(IERC20[] memory tokens) externalviewreturns (uint256[] memory feeAmounts) {
feeAmounts =newuint256[](tokens.length);
for (uint256 i =0; i < tokens.length; ++i) {
feeAmounts[i] = tokens[i].balanceOf(address(this));
}
}
functiongetAuthorizer() externalviewreturns (IAuthorizer) {
return _getAuthorizer();
}
function_canPerform(bytes32 actionId, address account) internalviewoverridereturns (bool) {
return _getAuthorizer().canPerform(actionId, account, address(this));
}
function_getAuthorizer() internalviewreturns (IAuthorizer) {
return vault.getAuthorizer();
}
}
Contract Source Code
File 26 of 28: ReentrancyGuard.sol
// SPDX-License-Identifier: MIT// Based on the ReentrancyGuard library from OpenZeppelin Contracts, altered to reduce bytecode size.// Modifier code is inlined by the compiler, which causes its code to appear multiple times in the codebase. By using// private functions, we achieve the same end result with slightly higher runtime gas costs, but reduced bytecode size.pragmasolidity ^0.7.0;import"../helpers/BalancerErrors.sol";
/**
* @dev Contract module that helps prevent reentrant calls to a function.
*
* Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier
* available, which can be applied to functions to make sure there are no nested
* (reentrant) calls to them.
*
* Note that because there is a single `nonReentrant` guard, functions marked as
* `nonReentrant` may not call one another. This can be worked around by making
* those functions `private`, and then adding `external` `nonReentrant` entry
* points to them.
*
* TIP: If you would like to learn more about reentrancy and alternative ways
* to protect against it, check out our blog post
* https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul].
*/abstractcontractReentrancyGuard{
// Booleans are more expensive than uint256 or any type that takes up a full// word because each write operation emits an extra SLOAD to first read the// slot's contents, replace the bits taken up by the boolean, and then write// back. This is the compiler's defense against contract upgrades and// pointer aliasing, and it cannot be disabled.// The values being non-zero value makes deployment a bit more expensive,// but in exchange the refund on every call to nonReentrant will be lower in// amount. Since refunds are capped to a percentage of the total// transaction's gas, it is best to keep them low in cases like this one, to// increase the likelihood of the full refund coming into effect.uint256privateconstant _NOT_ENTERED =1;
uint256privateconstant _ENTERED =2;
uint256private _status;
constructor() {
_status = _NOT_ENTERED;
}
/**
* @dev Prevents a contract from calling itself, directly or indirectly.
* Calling a `nonReentrant` function from another `nonReentrant`
* function is not supported. It is possible to prevent this from happening
* by making the `nonReentrant` function external, and make it call a
* `private` function that does the actual work.
*/modifiernonReentrant() {
_enterNonReentrant();
_;
_exitNonReentrant();
}
function_enterNonReentrant() private{
// On the first call to nonReentrant, _status will be _NOT_ENTERED
_require(_status != _ENTERED, Errors.REENTRANCY);
// Any calls to nonReentrant after this point will fail
_status = _ENTERED;
}
function_exitNonReentrant() private{
// By storing the original value once again, a refund is triggered (see// https://eips.ethereum.org/EIPS/eip-2200)
_status = _NOT_ENTERED;
}
}
Contract Source Code
File 27 of 28: SafeERC20.sol
// SPDX-License-Identifier: MIT// Based on the ReentrancyGuard library from OpenZeppelin Contracts, altered to reduce gas costs.// The `safeTransfer` and `safeTransferFrom` functions assume that `token` is a contract (an account with code), and// work differently from the OpenZeppelin version if it is not.pragmasolidity ^0.7.0;import"../helpers/BalancerErrors.sol";
import"./IERC20.sol";
/**
* @title SafeERC20
* @dev Wrappers around ERC20 operations that throw on failure (when the token
* contract returns false). Tokens that return no value (and instead revert or
* throw on failure) are also supported, non-reverting calls are assumed to be
* successful.
* To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
* which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
*/librarySafeERC20{
functionsafeTransfer(
IERC20 token,
address to,
uint256 value
) internal{
_callOptionalReturn(address(token), abi.encodeWithSelector(token.transfer.selector, to, value));
}
functionsafeTransferFrom(
IERC20 token,
addressfrom,
address to,
uint256 value
) internal{
_callOptionalReturn(address(token), abi.encodeWithSelector(token.transferFrom.selector, from, to, value));
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
*
* WARNING: `token` is assumed to be a contract: calls to EOAs will *not* revert.
*/function_callOptionalReturn(address token, bytesmemory data) private{
// We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since// we're implementing it ourselves.
(bool success, bytesmemory returndata) = token.call(data);
// If the low-level call didn't succeed we return whatever was returned from it.assembly {
ifeq(success, 0) {
returndatacopy(0, 0, returndatasize())
revert(0, returndatasize())
}
}
// Finally we check the returndata size is either zero or true - note that this check will always pass for EOAs
_require(returndata.length==0||abi.decode(returndata, (bool)), Errors.SAFE_ERC20_CALL_FAILED);
}
}
Contract Source Code
File 28 of 28: SafeMath.sol
// SPDX-License-Identifier: MITpragmasolidity ^0.7.0;import"../helpers/BalancerErrors.sol";
/**
* @dev Wrappers over Solidity's arithmetic operations with added overflow
* checks.
*
* Arithmetic operations in Solidity wrap on overflow. This can easily result
* in bugs, because programmers usually assume that an overflow raises an
* error, which is the standard behavior in high level programming languages.
* `SafeMath` restores this intuition by reverting the transaction when an
* operation overflows.
*
* Using this library instead of the unchecked operations eliminates an entire
* class of bugs, so it's recommended to use it always.
*/librarySafeMath{
/**
* @dev Returns the addition of two unsigned integers, reverting on
* overflow.
*
* Counterpart to Solidity's `+` operator.
*
* Requirements:
*
* - Addition cannot overflow.
*/functionadd(uint256 a, uint256 b) internalpurereturns (uint256) {
uint256 c = a + b;
_require(c >= a, Errors.ADD_OVERFLOW);
return c;
}
/**
* @dev Returns the subtraction of two unsigned integers, reverting on
* overflow (when the result is negative).
*
* Counterpart to Solidity's `-` operator.
*
* Requirements:
*
* - Subtraction cannot overflow.
*/functionsub(uint256 a, uint256 b) internalpurereturns (uint256) {
return sub(a, b, Errors.SUB_OVERFLOW);
}
/**
* @dev Returns the subtraction of two unsigned integers, reverting with custom message on
* overflow (when the result is negative).
*
* Counterpart to Solidity's `-` operator.
*
* Requirements:
*
* - Subtraction cannot overflow.
*/functionsub(uint256 a, uint256 b, uint256 errorCode) internalpurereturns (uint256) {
_require(b <= a, errorCode);
uint256 c = a - b;
return c;
}
}
