// SPDX-License-Identifier: MITpragmasolidity 0.8.21;import { FixedPointMathLib } from"@solmate/utils/FixedPointMathLib.sol";
import { IRateProvider } from"src/interfaces/IRateProvider.sol";
import { ERC20 } from"@solmate/tokens/ERC20.sol";
import { SafeTransferLib } from"@solmate/utils/SafeTransferLib.sol";
import { BoringVault } from"src/base/BoringVault.sol";
import { Auth, Authority } from"@solmate/auth/Auth.sol";
/**
* @title AccountantWithRateProviders
* @custom:security-contact security@molecularlabs.io
*/contractAccountantWithRateProvidersisAuth, IRateProvider{
usingFixedPointMathLibforuint256;
usingSafeTransferLibforERC20;
// ========================================= STRUCTS =========================================/**
* @param payoutAddress the address `claimFees` sends fees to
* @param feesOwedInBase total pending fees owed in terms of base
* @param totalSharesLastUpdate total amount of shares the last exchange rate update
* @param exchangeRate the current exchange rate in terms of base
* @param allowedExchangeRateChangeUpper the max allowed change to exchange rate from an update
* @param allowedExchangeRateChangeLower the min allowed change to exchange rate from an update
* @param lastUpdateTimestamp the block timestamp of the last exchange rate update
* @param isPaused whether or not this contract is paused
* @param minimumUpdateDelayInSeconds the minimum amount of time that must pass between
* exchange rate updates, such that the update won't trigger the contract to be paused
* @param managementFee the management fee
*/structAccountantState {
address payoutAddress;
uint128 feesOwedInBase;
uint128 totalSharesLastUpdate;
uint96 exchangeRate;
uint16 allowedExchangeRateChangeUpper;
uint16 allowedExchangeRateChangeLower;
uint64 lastUpdateTimestamp;
bool isPaused;
uint32 minimumUpdateDelayInSeconds;
uint16 managementFee;
}
/**
* @param isPeggedToBase whether or not the asset is 1:1 with the base asset
* @param rateProvider the rate provider for this asset if `isPeggedToBase` is false
*/structRateProviderData {
bool isPeggedToBase;
IRateProvider rateProvider;
}
// ========================================= STATE =========================================/**
* @notice Store the accountant state in 3 packed slots.
*/
AccountantState public accountantState;
/**
* @notice Maps ERC20s to their RateProviderData.
*/mapping(ERC20 => RateProviderData) public rateProviderData;
//============================== ERRORS ===============================errorAccountantWithRateProviders__UpperBoundTooSmall();
errorAccountantWithRateProviders__LowerBoundTooLarge();
errorAccountantWithRateProviders__ManagementFeeTooLarge();
errorAccountantWithRateProviders__Paused();
errorAccountantWithRateProviders__ZeroFeesOwed();
errorAccountantWithRateProviders__OnlyCallableByBoringVault();
errorAccountantWithRateProviders__UpdateDelayTooLarge();
//============================== EVENTS ===============================eventPaused();
eventUnpaused();
eventDelayInSecondsUpdated(uint32 oldDelay, uint32 newDelay);
eventUpperBoundUpdated(uint16 oldBound, uint16 newBound);
eventLowerBoundUpdated(uint16 oldBound, uint16 newBound);
eventManagementFeeUpdated(uint16 oldFee, uint16 newFee);
eventPayoutAddressUpdated(address oldPayout, address newPayout);
eventRateProviderUpdated(address asset, bool isPegged, address rateProvider);
eventExchangeRateUpdated(uint96 oldRate, uint96 newRate, uint64 currentTime);
eventFeesClaimed(addressindexed feeAsset, uint256 amount);
//============================== IMMUTABLES ===============================/**
* @notice The base asset rates are provided in.
*/
ERC20 publicimmutable base;
/**
* @notice The decimals rates are provided in.
*/uint8publicimmutable decimals;
/**
* @notice The BoringVault this accountant is working with.
* Used to determine share supply for fee calculation.
*/
BoringVault publicimmutable vault;
/**
* @notice One share of the BoringVault.
*/uint256internalimmutable ONE_SHARE;
constructor(address _owner,
address _vault,
address payoutAddress,
uint96 startingExchangeRate,
address _base,
uint16 allowedExchangeRateChangeUpper,
uint16 allowedExchangeRateChangeLower,
uint32 minimumUpdateDelayInSeconds,
uint16 managementFee
)
Auth(_owner, Authority(address(0)))
{
base = ERC20(_base);
decimals = ERC20(_base).decimals();
vault = BoringVault(payable(_vault));
ONE_SHARE =10** vault.decimals();
accountantState = AccountantState({
payoutAddress: payoutAddress,
feesOwedInBase: 0,
totalSharesLastUpdate: uint128(vault.totalSupply()),
exchangeRate: startingExchangeRate,
allowedExchangeRateChangeUpper: allowedExchangeRateChangeUpper,
allowedExchangeRateChangeLower: allowedExchangeRateChangeLower,
lastUpdateTimestamp: uint64(block.timestamp),
isPaused: false,
minimumUpdateDelayInSeconds: minimumUpdateDelayInSeconds,
managementFee: managementFee
});
}
// ========================================= ADMIN FUNCTIONS =========================================/**
* @notice Pause this contract, which prevents future calls to `updateExchangeRate`, and any safe rate
* calls will revert.
* @dev Callable by MULTISIG_ROLE.
*/functionpause() externalrequiresAuth{
accountantState.isPaused =true;
emit Paused();
}
/**
* @notice Unpause this contract, which allows future calls to `updateExchangeRate`, and any safe rate
* calls will stop reverting.
* @dev Callable by MULTISIG_ROLE.
*/functionunpause() externalrequiresAuth{
accountantState.isPaused =false;
emit Unpaused();
}
/**
* @notice Update the minimum time delay between `updateExchangeRate` calls.
* @dev There are no input requirements, as it is possible the admin would want
* the exchange rate updated as frequently as needed.
* @dev Callable by OWNER_ROLE.
*/functionupdateDelay(uint32 minimumUpdateDelayInSeconds) externalrequiresAuth{
if (minimumUpdateDelayInSeconds >14days) revert AccountantWithRateProviders__UpdateDelayTooLarge();
uint32 oldDelay = accountantState.minimumUpdateDelayInSeconds;
accountantState.minimumUpdateDelayInSeconds = minimumUpdateDelayInSeconds;
emit DelayInSecondsUpdated(oldDelay, minimumUpdateDelayInSeconds);
}
/**
* @notice Update the allowed upper bound change of exchange rate between `updateExchangeRateCalls`.
* @dev Callable by OWNER_ROLE.
*/functionupdateUpper(uint16 allowedExchangeRateChangeUpper) externalrequiresAuth{
if (allowedExchangeRateChangeUpper <1e4) revert AccountantWithRateProviders__UpperBoundTooSmall();
uint16 oldBound = accountantState.allowedExchangeRateChangeUpper;
accountantState.allowedExchangeRateChangeUpper = allowedExchangeRateChangeUpper;
emit UpperBoundUpdated(oldBound, allowedExchangeRateChangeUpper);
}
/**
* @notice Update the allowed lower bound change of exchange rate between `updateExchangeRateCalls`.
* @dev Callable by OWNER_ROLE.
*/functionupdateLower(uint16 allowedExchangeRateChangeLower) externalrequiresAuth{
if (allowedExchangeRateChangeLower >1e4) revert AccountantWithRateProviders__LowerBoundTooLarge();
uint16 oldBound = accountantState.allowedExchangeRateChangeLower;
accountantState.allowedExchangeRateChangeLower = allowedExchangeRateChangeLower;
emit LowerBoundUpdated(oldBound, allowedExchangeRateChangeLower);
}
/**
* @notice Update the management fee to a new value.
* @dev Callable by OWNER_ROLE.
*/functionupdateManagementFee(uint16 managementFee) externalrequiresAuth{
if (managementFee >0.2e4) revert AccountantWithRateProviders__ManagementFeeTooLarge();
uint16 oldFee = accountantState.managementFee;
accountantState.managementFee = managementFee;
emit ManagementFeeUpdated(oldFee, managementFee);
}
/**
* @notice Update the payout address fees are sent to.
* @dev Callable by OWNER_ROLE.
*/functionupdatePayoutAddress(address payoutAddress) externalrequiresAuth{
address oldPayout = accountantState.payoutAddress;
accountantState.payoutAddress = payoutAddress;
emit PayoutAddressUpdated(oldPayout, payoutAddress);
}
/**
* @notice Update the rate provider data for a specific `asset`.
* @dev Rate providers must return rates in terms of `base` or
* an asset pegged to base and they must use the same decimals
* as `asset`.
* @dev Callable by OWNER_ROLE.
*/functionsetRateProviderData(ERC20 asset, bool isPeggedToBase, address rateProvider) externalrequiresAuth{
rateProviderData[asset] =
RateProviderData({ isPeggedToBase: isPeggedToBase, rateProvider: IRateProvider(rateProvider) });
emit RateProviderUpdated(address(asset), isPeggedToBase, rateProvider);
}
// ========================================= UPDATE EXCHANGE RATE/FEES FUNCTIONS// =========================================/**
* @notice Updates this contract exchangeRate.
* @dev If new exchange rate is outside of accepted bounds, or if not enough time has passed, this
* will pause the contract, and this function will NOT calculate fees owed.
* @dev Callable by UPDATE_EXCHANGE_RATE_ROLE.
*/functionupdateExchangeRate(uint96 newExchangeRate) externalrequiresAuth{
AccountantState storage state = accountantState;
if (state.isPaused) revert AccountantWithRateProviders__Paused();
uint64 currentTime =uint64(block.timestamp);
uint256 currentExchangeRate = state.exchangeRate;
uint256 currentTotalShares = vault.totalSupply();
if (
currentTime < state.lastUpdateTimestamp + state.minimumUpdateDelayInSeconds
|| newExchangeRate > currentExchangeRate.mulDivDown(state.allowedExchangeRateChangeUpper, 1e4)
|| newExchangeRate < currentExchangeRate.mulDivDown(state.allowedExchangeRateChangeLower, 1e4)
) {
// Instead of reverting, pause the contract. This way the exchange rate updater is able to update the// exchange rate// to a better value, and pause it.
state.isPaused =true;
} else {
// Only update fees if we are not paused.// Update fee accounting.uint256 shareSupplyToUse = currentTotalShares;
// Use the minimum between current total supply and total supply for last update.if (state.totalSharesLastUpdate < shareSupplyToUse) {
shareSupplyToUse = state.totalSharesLastUpdate;
}
// Determine management fees owned.uint256 timeDelta = currentTime - state.lastUpdateTimestamp;
uint256 minimumAssets = newExchangeRate > currentExchangeRate
? shareSupplyToUse.mulDivDown(currentExchangeRate, ONE_SHARE)
: shareSupplyToUse.mulDivDown(newExchangeRate, ONE_SHARE);
uint256 managementFeesAnnual = minimumAssets.mulDivDown(state.managementFee, 1e4);
uint256 newFeesOwedInBase = managementFeesAnnual.mulDivDown(timeDelta, 365days);
state.feesOwedInBase +=uint128(newFeesOwedInBase);
}
state.exchangeRate = newExchangeRate;
state.totalSharesLastUpdate =uint128(currentTotalShares);
state.lastUpdateTimestamp = currentTime;
emit ExchangeRateUpdated(uint96(currentExchangeRate), newExchangeRate, currentTime);
}
/**
* @notice Claim pending fees.
* @dev This function must be called by the BoringVault.
* @dev This function will lose precision if the exchange rate
* decimals is greater than the feeAsset's decimals.
*/functionclaimFees(ERC20 feeAsset) external{
if (msg.sender!=address(vault)) revert AccountantWithRateProviders__OnlyCallableByBoringVault();
AccountantState storage state = accountantState;
if (state.isPaused) revert AccountantWithRateProviders__Paused();
if (state.feesOwedInBase ==0) revert AccountantWithRateProviders__ZeroFeesOwed();
// Determine amount of fees owed in feeAsset.uint256 feesOwedInFeeAsset;
RateProviderData memory data = rateProviderData[feeAsset];
if (address(feeAsset) ==address(base)) {
feesOwedInFeeAsset = state.feesOwedInBase;
} else {
uint8 feeAssetDecimals = ERC20(feeAsset).decimals();
uint256 feesOwedInBaseUsingFeeAssetDecimals =
changeDecimals(state.feesOwedInBase, decimals, feeAssetDecimals);
if (data.isPeggedToBase) {
feesOwedInFeeAsset = feesOwedInBaseUsingFeeAssetDecimals;
} else {
uint256 rate = data.rateProvider.getRate();
feesOwedInFeeAsset = feesOwedInBaseUsingFeeAssetDecimals.mulDivDown(10** feeAssetDecimals, rate);
}
}
// Zero out fees owed.
state.feesOwedInBase =0;
// Transfer fee asset to payout address.
feeAsset.safeTransferFrom(msg.sender, state.payoutAddress, feesOwedInFeeAsset);
emit FeesClaimed(address(feeAsset), feesOwedInFeeAsset);
}
// ========================================= RATE FUNCTIONS =========================================/**
* @notice Get this BoringVault's current rate in the base.
*/functiongetRate() publicviewreturns (uint256 rate) {
rate = accountantState.exchangeRate;
}
/**
* @notice Get this BoringVault's current rate in the base.
* @dev Revert if paused.
*/functiongetRateSafe() externalviewreturns (uint256 rate) {
if (accountantState.isPaused) revert AccountantWithRateProviders__Paused();
rate = getRate();
}
/**
* @notice Get this BoringVault's current rate in the provided quote.
* @dev `quote` must have its RateProviderData set, else this will revert.
* @dev This function will lose precision if the exchange rate
* decimals is greater than the quote's decimals.
*/functiongetRateInQuote(ERC20 quote) publicviewreturns (uint256 rateInQuote) {
if (address(quote) ==address(base)) {
rateInQuote = accountantState.exchangeRate;
} else {
RateProviderData memory data = rateProviderData[quote];
uint8 quoteDecimals = ERC20(quote).decimals();
uint256 exchangeRateInQuoteDecimals = changeDecimals(accountantState.exchangeRate, decimals, quoteDecimals);
if (data.isPeggedToBase) {
rateInQuote = exchangeRateInQuoteDecimals;
} else {
uint256 quoteRate = data.rateProvider.getRate();
uint256 oneQuote =10** quoteDecimals;
rateInQuote = oneQuote.mulDivDown(exchangeRateInQuoteDecimals, quoteRate);
}
}
}
/**
* @notice Get this BoringVault's current rate in the provided quote.
* @dev `quote` must have its RateProviderData set, else this will revert.
* @dev Revert if paused.
*/functiongetRateInQuoteSafe(ERC20 quote) externalviewreturns (uint256 rateInQuote) {
if (accountantState.isPaused) revert AccountantWithRateProviders__Paused();
rateInQuote = getRateInQuote(quote);
}
// ========================================= INTERNAL HELPER FUNCTIONS =========================================/**
* @notice Used to change the decimals of precision used for an amount.
*/functionchangeDecimals(uint256 amount, uint8 fromDecimals, uint8 toDecimals) internalpurereturns (uint256) {
if (fromDecimals == toDecimals) {
return amount;
} elseif (fromDecimals < toDecimals) {
return amount *10** (toDecimals - fromDecimals);
} else {
return amount /10** (fromDecimals - toDecimals);
}
}
}
Contract Source Code
File 2 of 20: Address.sol
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.0) (utils/Address.sol)pragmasolidity ^0.8.20;import {Errors} from"./Errors.sol";
/**
* @dev Collection of functions related to the address type
*/libraryAddress{
/**
* @dev There's no code at `target` (it is not a contract).
*/errorAddressEmptyCode(address target);
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.8.20/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/functionsendValue(addresspayable recipient, uint256 amount) internal{
if (address(this).balance< amount) {
revert Errors.InsufficientBalance(address(this).balance, amount);
}
(bool success, ) = recipient.call{value: amount}("");
if (!success) {
revert Errors.FailedCall();
}
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason or custom error, it is bubbled
* up by this function (like regular Solidity function calls). However, if
* the call reverted with no returned reason, this function reverts with a
* {Errors.FailedCall} error.
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*/functionfunctionCall(address target, bytesmemory data) internalreturns (bytesmemory) {
return functionCallWithValue(target, data, 0);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*/functionfunctionCallWithValue(address target, bytesmemory data, uint256 value) internalreturns (bytesmemory) {
if (address(this).balance< value) {
revert Errors.InsufficientBalance(address(this).balance, value);
}
(bool success, bytesmemory returndata) = target.call{value: value}(data);
return verifyCallResultFromTarget(target, success, returndata);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*/functionfunctionStaticCall(address target, bytesmemory data) internalviewreturns (bytesmemory) {
(bool success, bytesmemory returndata) = target.staticcall(data);
return verifyCallResultFromTarget(target, success, returndata);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a delegate call.
*/functionfunctionDelegateCall(address target, bytesmemory data) internalreturns (bytesmemory) {
(bool success, bytesmemory returndata) = target.delegatecall(data);
return verifyCallResultFromTarget(target, success, returndata);
}
/**
* @dev Tool to verify that a low level call to smart-contract was successful, and reverts if the target
* was not a contract or bubbling up the revert reason (falling back to {Errors.FailedCall}) in case
* of an unsuccessful call.
*/functionverifyCallResultFromTarget(address target,
bool success,
bytesmemory returndata
) internalviewreturns (bytesmemory) {
if (!success) {
_revert(returndata);
} else {
// only check if target is a contract if the call was successful and the return data is empty// otherwise we already know that it was a contractif (returndata.length==0&& target.code.length==0) {
revert AddressEmptyCode(target);
}
return returndata;
}
}
/**
* @dev Tool to verify that a low level call was successful, and reverts if it wasn't, either by bubbling the
* revert reason or with a default {Errors.FailedCall} error.
*/functionverifyCallResult(bool success, bytesmemory returndata) internalpurereturns (bytesmemory) {
if (!success) {
_revert(returndata);
} else {
return returndata;
}
}
/**
* @dev Reverts with returndata if present. Otherwise reverts with {Errors.FailedCall}.
*/function_revert(bytesmemory returndata) privatepure{
// Look for revert reason and bubble it up if presentif (returndata.length>0) {
// The easiest way to bubble the revert reason is using memory via assembly/// @solidity memory-safe-assemblyassembly {
let returndata_size :=mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert Errors.FailedCall();
}
}
}
Contract Source Code
File 3 of 20: Auth.sol
// SPDX-License-Identifier: AGPL-3.0-onlypragmasolidity >=0.8.0;/// @notice Provides a flexible and updatable auth pattern which is completely separate from application logic./// @author Solmate (https://github.com/transmissions11/solmate/blob/main/src/auth/Auth.sol)/// @author Modified from Dappsys (https://github.com/dapphub/ds-auth/blob/master/src/auth.sol)abstractcontractAuth{
eventOwnershipTransferred(addressindexed user, addressindexed newOwner);
eventAuthorityUpdated(addressindexed user, Authority indexed newAuthority);
addresspublic owner;
Authority public authority;
constructor(address _owner, Authority _authority) {
owner = _owner;
authority = _authority;
emit OwnershipTransferred(msg.sender, _owner);
emit AuthorityUpdated(msg.sender, _authority);
}
modifierrequiresAuth() virtual{
require(isAuthorized(msg.sender, msg.sig), "UNAUTHORIZED");
_;
}
functionisAuthorized(address user, bytes4 functionSig) internalviewvirtualreturns (bool) {
Authority auth = authority; // Memoizing authority saves us a warm SLOAD, around 100 gas.// Checking if the caller is the owner only after calling the authority saves gas in most cases, but be// aware that this makes protected functions uncallable even to the owner if the authority is out of order.return (address(auth) !=address(0) && auth.canCall(user, address(this), functionSig)) || user == owner;
}
functionsetAuthority(Authority newAuthority) publicvirtual{
// We check if the caller is the owner first because we want to ensure they can// always swap out the authority even if it's reverting or using up a lot of gas.require(msg.sender== owner || authority.canCall(msg.sender, address(this), msg.sig));
authority = newAuthority;
emit AuthorityUpdated(msg.sender, newAuthority);
}
functiontransferOwnership(address newOwner) publicvirtualrequiresAuth{
owner = newOwner;
emit OwnershipTransferred(msg.sender, newOwner);
}
}
/// @notice A generic interface for a contract which provides authorization data to an Auth instance./// @author Solmate (https://github.com/transmissions11/solmate/blob/main/src/auth/Auth.sol)/// @author Modified from Dappsys (https://github.com/dapphub/ds-auth/blob/master/src/auth.sol)interfaceAuthority{
functioncanCall(address user,
address target,
bytes4 functionSig
) externalviewreturns (bool);
}
// SPDX-License-Identifier: MITpragmasolidity 0.8.21;import { Address } from"@openzeppelin/contracts/utils/Address.sol";
import { ERC721Holder } from"@openzeppelin/contracts/token/ERC721/utils/ERC721Holder.sol";
import { ERC1155Holder } from"@openzeppelin/contracts/token/ERC1155/utils/ERC1155Holder.sol";
import { FixedPointMathLib } from"@solmate/utils/FixedPointMathLib.sol";
import { SafeTransferLib } from"@solmate/utils/SafeTransferLib.sol";
import { ERC20 } from"@solmate/tokens/ERC20.sol";
import { BeforeTransferHook } from"src/interfaces/BeforeTransferHook.sol";
import { Auth, Authority } from"@solmate/auth/Auth.sol";
/**
* @title BoringVault
* @custom:security-contact security@molecularlabs.io
*/contractBoringVaultisERC20, Auth, ERC721Holder, ERC1155Holder{
usingAddressforaddress;
usingSafeTransferLibforERC20;
usingFixedPointMathLibforuint256;
// ========================================= STATE =========================================/**
* @notice Contract responsible for implementing `beforeTransfer`.
*/
BeforeTransferHook public hook;
//============================== EVENTS ===============================eventEnter(addressindexedfrom, addressindexed asset, uint256 amount, addressindexed to, uint256 shares);
eventExit(addressindexed to, addressindexed asset, uint256 amount, addressindexedfrom, uint256 shares);
//============================== CONSTRUCTOR ===============================constructor(address _owner,
stringmemory _name,
stringmemory _symbol,
uint8 _decimals
)
ERC20(_name, _symbol, _decimals)
Auth(_owner, Authority(address(0)))
{ }
//============================== MANAGE ===============================/**
* @notice Allows manager to make an arbitrary function call from this contract.
* @dev Callable by MANAGER_ROLE.
*/functionmanage(address target,
bytescalldata data,
uint256 value
)
externalrequiresAuthreturns (bytesmemory result)
{
result = target.functionCallWithValue(data, value);
}
/**
* @notice Allows manager to make arbitrary function calls from this contract.
* @dev Callable by MANAGER_ROLE.
*/functionmanage(address[] calldata targets,
bytes[] calldata data,
uint256[] calldata values
)
externalrequiresAuthreturns (bytes[] memory results)
{
uint256 targetsLength = targets.length;
results =newbytes[](targetsLength);
for (uint256 i; i < targetsLength; ++i) {
results[i] = targets[i].functionCallWithValue(data[i], values[i]);
}
}
//============================== ENTER ===============================/**
* @notice Allows minter to mint shares, in exchange for assets.
* @dev If assetAmount is zero, no assets are transferred in.
* @dev Callable by MINTER_ROLE.
*/functionenter(addressfrom,
ERC20 asset,
uint256 assetAmount,
address to,
uint256 shareAmount
)
externalrequiresAuth{
// Transfer assets inif (assetAmount >0) asset.safeTransferFrom(from, address(this), assetAmount);
// Mint shares.
_mint(to, shareAmount);
emit Enter(from, address(asset), assetAmount, to, shareAmount);
}
//============================== EXIT ===============================/**
* @notice Allows burner to burn shares, in exchange for assets.
* @dev If assetAmount is zero, no assets are transferred out.
* @dev Callable by BURNER_ROLE.
*/functionexit(address to,
ERC20 asset,
uint256 assetAmount,
addressfrom,
uint256 shareAmount
)
externalrequiresAuth{
// Burn shares.
_burn(from, shareAmount);
// Transfer assets out.if (assetAmount >0) asset.safeTransfer(to, assetAmount);
emit Exit(to, address(asset), assetAmount, from, shareAmount);
}
//============================== BEFORE TRANSFER HOOK ===============================/**
* @notice Sets the share locker.
* @notice If set to zero address, the share locker logic is disabled.
* @dev Callable by OWNER_ROLE.
*/functionsetBeforeTransferHook(address _hook) externalrequiresAuth{
hook = BeforeTransferHook(_hook);
}
/**
* @notice Check if from addresses shares are locked, reverting if so.
*/function_callBeforeTransfer(addressfrom) internalview{
if (address(hook) !=address(0)) hook.beforeTransfer(from);
}
functiontransfer(address to, uint256 amount) publicoverridereturns (bool) {
_callBeforeTransfer(msg.sender);
returnsuper.transfer(to, amount);
}
functiontransferFrom(addressfrom, address to, uint256 amount) publicoverridereturns (bool) {
_callBeforeTransfer(from);
returnsuper.transferFrom(from, to, amount);
}
//============================== RECEIVE ===============================receive() externalpayable{ }
}
Contract Source Code
File 6 of 20: ERC1155Holder.sol
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC1155/utils/ERC1155Holder.sol)pragmasolidity ^0.8.20;import {IERC165, ERC165} from"../../../utils/introspection/ERC165.sol";
import {IERC1155Receiver} from"../IERC1155Receiver.sol";
/**
* @dev Simple implementation of `IERC1155Receiver` that will allow a contract to hold ERC-1155 tokens.
*
* IMPORTANT: When inheriting this contract, you must include a way to use the received tokens, otherwise they will be
* stuck.
*/abstractcontractERC1155HolderisERC165, IERC1155Receiver{
/**
* @dev See {IERC165-supportsInterface}.
*/functionsupportsInterface(bytes4 interfaceId) publicviewvirtualoverride(ERC165, IERC165) returns (bool) {
return interfaceId ==type(IERC1155Receiver).interfaceId||super.supportsInterface(interfaceId);
}
functiononERC1155Received(address,
address,
uint256,
uint256,
bytesmemory) publicvirtualoverridereturns (bytes4) {
returnthis.onERC1155Received.selector;
}
functiononERC1155BatchReceived(address,
address,
uint256[] memory,
uint256[] memory,
bytesmemory) publicvirtualoverridereturns (bytes4) {
returnthis.onERC1155BatchReceived.selector;
}
}
Contract Source Code
File 7 of 20: ERC165.sol
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.0) (utils/introspection/ERC165.sol)pragmasolidity ^0.8.20;import {IERC165} from"./IERC165.sol";
/**
* @dev Implementation of the {IERC165} interface.
*
* Contracts that want to implement ERC-165 should inherit from this contract and override {supportsInterface} to check
* for the additional interface id that will be supported. For example:
*
* ```solidity
* function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
* return interfaceId == type(MyInterface).interfaceId || super.supportsInterface(interfaceId);
* }
* ```
*/abstractcontractERC165isIERC165{
/**
* @dev See {IERC165-supportsInterface}.
*/functionsupportsInterface(bytes4 interfaceId) publicviewvirtualreturns (bool) {
return interfaceId ==type(IERC165).interfaceId;
}
}
Contract Source Code
File 8 of 20: ERC20.sol
// SPDX-License-Identifier: AGPL-3.0-onlypragmasolidity >=0.8.0;/// @notice Modern and gas efficient ERC20 + EIP-2612 implementation./// @author Solmate (https://github.com/transmissions11/solmate/blob/main/src/tokens/ERC20.sol)/// @author Modified from Uniswap (https://github.com/Uniswap/uniswap-v2-core/blob/master/contracts/UniswapV2ERC20.sol)/// @dev Do not manually set balances without updating totalSupply, as the sum of all user balances must not exceed it.abstractcontractERC20{
/*//////////////////////////////////////////////////////////////
EVENTS
//////////////////////////////////////////////////////////////*/eventTransfer(addressindexedfrom, addressindexed to, uint256 amount);
eventApproval(addressindexed owner, addressindexed spender, uint256 amount);
/*//////////////////////////////////////////////////////////////
METADATA STORAGE
//////////////////////////////////////////////////////////////*/stringpublic name;
stringpublic symbol;
uint8publicimmutable decimals;
/*//////////////////////////////////////////////////////////////
ERC20 STORAGE
//////////////////////////////////////////////////////////////*/uint256public totalSupply;
mapping(address=>uint256) public balanceOf;
mapping(address=>mapping(address=>uint256)) public allowance;
/*//////////////////////////////////////////////////////////////
EIP-2612 STORAGE
//////////////////////////////////////////////////////////////*/uint256internalimmutable INITIAL_CHAIN_ID;
bytes32internalimmutable INITIAL_DOMAIN_SEPARATOR;
mapping(address=>uint256) public nonces;
/*//////////////////////////////////////////////////////////////
CONSTRUCTOR
//////////////////////////////////////////////////////////////*/constructor(stringmemory _name,
stringmemory _symbol,
uint8 _decimals
) {
name = _name;
symbol = _symbol;
decimals = _decimals;
INITIAL_CHAIN_ID =block.chainid;
INITIAL_DOMAIN_SEPARATOR = computeDomainSeparator();
}
/*//////////////////////////////////////////////////////////////
ERC20 LOGIC
//////////////////////////////////////////////////////////////*/functionapprove(address spender, uint256 amount) publicvirtualreturns (bool) {
allowance[msg.sender][spender] = amount;
emit Approval(msg.sender, spender, amount);
returntrue;
}
functiontransfer(address to, uint256 amount) publicvirtualreturns (bool) {
balanceOf[msg.sender] -= amount;
// Cannot overflow because the sum of all user// balances can't exceed the max uint256 value.unchecked {
balanceOf[to] += amount;
}
emit Transfer(msg.sender, to, amount);
returntrue;
}
functiontransferFrom(addressfrom,
address to,
uint256 amount
) publicvirtualreturns (bool) {
uint256 allowed = allowance[from][msg.sender]; // Saves gas for limited approvals.if (allowed !=type(uint256).max) allowance[from][msg.sender] = allowed - amount;
balanceOf[from] -= amount;
// Cannot overflow because the sum of all user// balances can't exceed the max uint256 value.unchecked {
balanceOf[to] += amount;
}
emit Transfer(from, to, amount);
returntrue;
}
/*//////////////////////////////////////////////////////////////
EIP-2612 LOGIC
//////////////////////////////////////////////////////////////*/functionpermit(address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) publicvirtual{
require(deadline >=block.timestamp, "PERMIT_DEADLINE_EXPIRED");
// Unchecked because the only math done is incrementing// the owner's nonce which cannot realistically overflow.unchecked {
address recoveredAddress =ecrecover(
keccak256(
abi.encodePacked(
"\x19\x01",
DOMAIN_SEPARATOR(),
keccak256(
abi.encode(
keccak256(
"Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)"
),
owner,
spender,
value,
nonces[owner]++,
deadline
)
)
)
),
v,
r,
s
);
require(recoveredAddress !=address(0) && recoveredAddress == owner, "INVALID_SIGNER");
allowance[recoveredAddress][spender] = value;
}
emit Approval(owner, spender, value);
}
functionDOMAIN_SEPARATOR() publicviewvirtualreturns (bytes32) {
returnblock.chainid== INITIAL_CHAIN_ID ? INITIAL_DOMAIN_SEPARATOR : computeDomainSeparator();
}
functioncomputeDomainSeparator() internalviewvirtualreturns (bytes32) {
returnkeccak256(
abi.encode(
keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"),
keccak256(bytes(name)),
keccak256("1"),
block.chainid,
address(this)
)
);
}
/*//////////////////////////////////////////////////////////////
INTERNAL MINT/BURN LOGIC
//////////////////////////////////////////////////////////////*/function_mint(address to, uint256 amount) internalvirtual{
totalSupply += amount;
// Cannot overflow because the sum of all user// balances can't exceed the max uint256 value.unchecked {
balanceOf[to] += amount;
}
emit Transfer(address(0), to, amount);
}
function_burn(addressfrom, uint256 amount) internalvirtual{
balanceOf[from] -= amount;
// Cannot underflow because a user's balance// will never be larger than the total supply.unchecked {
totalSupply -= amount;
}
emit Transfer(from, address(0), amount);
}
}
Contract Source Code
File 9 of 20: ERC721Holder.sol
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC721/utils/ERC721Holder.sol)pragmasolidity ^0.8.20;import {IERC721Receiver} from"../IERC721Receiver.sol";
/**
* @dev Implementation of the {IERC721Receiver} interface.
*
* Accepts all token transfers.
* Make sure the contract is able to use its token with {IERC721-safeTransferFrom}, {IERC721-approve} or
* {IERC721-setApprovalForAll}.
*/abstractcontractERC721HolderisIERC721Receiver{
/**
* @dev See {IERC721Receiver-onERC721Received}.
*
* Always returns `IERC721Receiver.onERC721Received.selector`.
*/functiononERC721Received(address, address, uint256, bytesmemory) publicvirtualreturns (bytes4) {
returnthis.onERC721Received.selector;
}
}
Contract Source Code
File 10 of 20: Errors.sol
// SPDX-License-Identifier: MITpragmasolidity ^0.8.20;/**
* @dev Collection of common custom errors used in multiple contracts
*
* IMPORTANT: Backwards compatibility is not guaranteed in future versions of the library.
* It is recommended to avoid relying on the error API for critical functionality.
*/libraryErrors{
/**
* @dev The ETH balance of the account is not enough to perform the operation.
*/errorInsufficientBalance(uint256 balance, uint256 needed);
/**
* @dev A call to an address target failed. The target may have reverted.
*/errorFailedCall();
/**
* @dev The deployment failed.
*/errorFailedDeployment();
/**
* @dev A necessary precompile is missing.
*/errorMissingPrecompile(address);
}
Contract Source Code
File 11 of 20: FixedPointMathLib.sol
// SPDX-License-Identifier: AGPL-3.0-onlypragmasolidity >=0.8.0;/// @notice Arithmetic library with operations for fixed-point numbers./// @author Solmate (https://github.com/transmissions11/solmate/blob/main/src/utils/FixedPointMathLib.sol)/// @author Inspired by USM (https://github.com/usmfum/USM/blob/master/contracts/WadMath.sol)libraryFixedPointMathLib{
/*//////////////////////////////////////////////////////////////
SIMPLIFIED FIXED POINT OPERATIONS
//////////////////////////////////////////////////////////////*/uint256internalconstant MAX_UINT256 =2**256-1;
uint256internalconstant WAD =1e18; // The scalar of ETH and most ERC20s.functionmulWadDown(uint256 x, uint256 y) internalpurereturns (uint256) {
return mulDivDown(x, y, WAD); // Equivalent to (x * y) / WAD rounded down.
}
functionmulWadUp(uint256 x, uint256 y) internalpurereturns (uint256) {
return mulDivUp(x, y, WAD); // Equivalent to (x * y) / WAD rounded up.
}
functiondivWadDown(uint256 x, uint256 y) internalpurereturns (uint256) {
return mulDivDown(x, WAD, y); // Equivalent to (x * WAD) / y rounded down.
}
functiondivWadUp(uint256 x, uint256 y) internalpurereturns (uint256) {
return mulDivUp(x, WAD, y); // Equivalent to (x * WAD) / y rounded up.
}
/*//////////////////////////////////////////////////////////////
LOW LEVEL FIXED POINT OPERATIONS
//////////////////////////////////////////////////////////////*/functionmulDivDown(uint256 x,
uint256 y,
uint256 denominator
) internalpurereturns (uint256 z) {
/// @solidity memory-safe-assemblyassembly {
// Equivalent to require(denominator != 0 && (y == 0 || x <= type(uint256).max / y))ifiszero(mul(denominator, iszero(mul(y, gt(x, div(MAX_UINT256, y)))))) {
revert(0, 0)
}
// Divide x * y by the denominator.
z :=div(mul(x, y), denominator)
}
}
functionmulDivUp(uint256 x,
uint256 y,
uint256 denominator
) internalpurereturns (uint256 z) {
/// @solidity memory-safe-assemblyassembly {
// Equivalent to require(denominator != 0 && (y == 0 || x <= type(uint256).max / y))ifiszero(mul(denominator, iszero(mul(y, gt(x, div(MAX_UINT256, y)))))) {
revert(0, 0)
}
// If x * y modulo the denominator is strictly greater than 0,// 1 is added to round up the division of x * y by the denominator.
z :=add(gt(mod(mul(x, y), denominator), 0), div(mul(x, y), denominator))
}
}
functionrpow(uint256 x,
uint256 n,
uint256 scalar
) internalpurereturns (uint256 z) {
/// @solidity memory-safe-assemblyassembly {
switch x
case0 {
switch n
case0 {
// 0 ** 0 = 1
z := scalar
}
default {
// 0 ** n = 0
z :=0
}
}
default {
switchmod(n, 2)
case0 {
// If n is even, store scalar in z for now.
z := scalar
}
default {
// If n is odd, store x in z for now.
z := x
}
// Shifting right by 1 is like dividing by 2.let half :=shr(1, scalar)
for {
// Shift n right by 1 before looping to halve it.
n :=shr(1, n)
} n {
// Shift n right by 1 each iteration to halve it.
n :=shr(1, n)
} {
// Revert immediately if x ** 2 would overflow.// Equivalent to iszero(eq(div(xx, x), x)) here.ifshr(128, x) {
revert(0, 0)
}
// Store x squared.let xx :=mul(x, x)
// Round to the nearest number.let xxRound :=add(xx, half)
// Revert if xx + half overflowed.iflt(xxRound, xx) {
revert(0, 0)
}
// Set x to scaled xxRound.
x :=div(xxRound, scalar)
// If n is even:ifmod(n, 2) {
// Compute z * x.let zx :=mul(z, x)
// If z * x overflowed:ifiszero(eq(div(zx, x), z)) {
// Revert if x is non-zero.ifiszero(iszero(x)) {
revert(0, 0)
}
}
// Round to the nearest number.let zxRound :=add(zx, half)
// Revert if zx + half overflowed.iflt(zxRound, zx) {
revert(0, 0)
}
// Return properly scaled zxRound.
z :=div(zxRound, scalar)
}
}
}
}
}
/*//////////////////////////////////////////////////////////////
GENERAL NUMBER UTILITIES
//////////////////////////////////////////////////////////////*/functionsqrt(uint256 x) internalpurereturns (uint256 z) {
/// @solidity memory-safe-assemblyassembly {
let y := x // We start y at x, which will help us make our initial estimate.
z :=181// The "correct" value is 1, but this saves a multiplication later.// This segment is to get a reasonable initial estimate for the Babylonian method. With a bad// start, the correct # of bits increases ~linearly each iteration instead of ~quadratically.// We check y >= 2^(k + 8) but shift right by k bits// each branch to ensure that if x >= 256, then y >= 256.ifiszero(lt(y, 0x10000000000000000000000000000000000)) {
y :=shr(128, y)
z :=shl(64, z)
}
ifiszero(lt(y, 0x1000000000000000000)) {
y :=shr(64, y)
z :=shl(32, z)
}
ifiszero(lt(y, 0x10000000000)) {
y :=shr(32, y)
z :=shl(16, z)
}
ifiszero(lt(y, 0x1000000)) {
y :=shr(16, y)
z :=shl(8, z)
}
// Goal was to get z*z*y within a small factor of x. More iterations could// get y in a tighter range. Currently, we will have y in [256, 256*2^16).// We ensured y >= 256 so that the relative difference between y and y+1 is small.// That's not possible if x < 256 but we can just verify those cases exhaustively.// Now, z*z*y <= x < z*z*(y+1), and y <= 2^(16+8), and either y >= 256, or x < 256.// Correctness can be checked exhaustively for x < 256, so we assume y >= 256.// Then z*sqrt(y) is within sqrt(257)/sqrt(256) of sqrt(x), or about 20bps.// For s in the range [1/256, 256], the estimate f(s) = (181/1024) * (s+1) is in the range// (1/2.84 * sqrt(s), 2.84 * sqrt(s)), with largest error when s = 1 and when s = 256 or 1/256.// Since y is in [256, 256*2^16), let a = y/65536, so that a is in [1/256, 256). Then we can estimate// sqrt(y) using sqrt(65536) * 181/1024 * (a + 1) = 181/4 * (y + 65536)/65536 = 181 * (y + 65536)/2^18.// There is no overflow risk here since y < 2^136 after the first branch above.
z :=shr(18, mul(z, add(y, 65536))) // A mul() is saved from starting z at 181.// Given the worst case multiplicative error of 2.84 above, 7 iterations should be enough.
z :=shr(1, add(z, div(x, z)))
z :=shr(1, add(z, div(x, z)))
z :=shr(1, add(z, div(x, z)))
z :=shr(1, add(z, div(x, z)))
z :=shr(1, add(z, div(x, z)))
z :=shr(1, add(z, div(x, z)))
z :=shr(1, add(z, div(x, z)))
// If x+1 is a perfect square, the Babylonian method cycles between// floor(sqrt(x)) and ceil(sqrt(x)). This statement ensures we return floor.// See: https://en.wikipedia.org/wiki/Integer_square_root#Using_only_integer_division// Since the ceil is rare, we save gas on the assignment and repeat division in the rare case.// If you don't care whether the floor or ceil square root is returned, you can remove this statement.
z :=sub(z, lt(div(x, z), z))
}
}
functionunsafeMod(uint256 x, uint256 y) internalpurereturns (uint256 z) {
/// @solidity memory-safe-assemblyassembly {
// Mod x by y. Note this will return// 0 instead of reverting if y is zero.
z :=mod(x, y)
}
}
functionunsafeDiv(uint256 x, uint256 y) internalpurereturns (uint256 r) {
/// @solidity memory-safe-assemblyassembly {
// Divide x by y. Note this will return// 0 instead of reverting if y is zero.
r :=div(x, y)
}
}
functionunsafeDivUp(uint256 x, uint256 y) internalpurereturns (uint256 z) {
/// @solidity memory-safe-assemblyassembly {
// Add 1 to x * y if x % y > 0. Note this will// return 0 instead of reverting if y is zero.
z :=add(gt(mod(x, y), 0), div(x, y))
}
}
}
Contract Source Code
File 12 of 20: IERC1155Receiver.sol
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC1155/IERC1155Receiver.sol)pragmasolidity ^0.8.20;import {IERC165} from"../../utils/introspection/IERC165.sol";
/**
* @dev Interface that must be implemented by smart contracts in order to receive
* ERC-1155 token transfers.
*/interfaceIERC1155ReceiverisIERC165{
/**
* @dev Handles the receipt of a single ERC-1155 token type. This function is
* called at the end of a `safeTransferFrom` after the balance has been updated.
*
* NOTE: To accept the transfer, this must return
* `bytes4(keccak256("onERC1155Received(address,address,uint256,uint256,bytes)"))`
* (i.e. 0xf23a6e61, or its own function selector).
*
* @param operator The address which initiated the transfer (i.e. msg.sender)
* @param from The address which previously owned the token
* @param id The ID of the token being transferred
* @param value The amount of tokens being transferred
* @param data Additional data with no specified format
* @return `bytes4(keccak256("onERC1155Received(address,address,uint256,uint256,bytes)"))` if transfer is allowed
*/functiononERC1155Received(address operator,
addressfrom,
uint256 id,
uint256 value,
bytescalldata data
) externalreturns (bytes4);
/**
* @dev Handles the receipt of a multiple ERC-1155 token types. This function
* is called at the end of a `safeBatchTransferFrom` after the balances have
* been updated.
*
* NOTE: To accept the transfer(s), this must return
* `bytes4(keccak256("onERC1155BatchReceived(address,address,uint256[],uint256[],bytes)"))`
* (i.e. 0xbc197c81, or its own function selector).
*
* @param operator The address which initiated the batch transfer (i.e. msg.sender)
* @param from The address which previously owned the token
* @param ids An array containing ids of each token being transferred (order and length must match values array)
* @param values An array containing amounts of each token being transferred (order and length must match ids array)
* @param data Additional data with no specified format
* @return `bytes4(keccak256("onERC1155BatchReceived(address,address,uint256[],uint256[],bytes)"))` if transfer is allowed
*/functiononERC1155BatchReceived(address operator,
addressfrom,
uint256[] calldata ids,
uint256[] calldata values,
bytescalldata data
) externalreturns (bytes4);
}
Contract Source Code
File 13 of 20: IERC165.sol
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.0) (utils/introspection/IERC165.sol)pragmasolidity ^0.8.20;/**
* @dev Interface of the ERC-165 standard, as defined in the
* https://eips.ethereum.org/EIPS/eip-165[ERC].
*
* Implementers can declare support of contract interfaces, which can then be
* queried by others ({ERC165Checker}).
*
* For an implementation, see {ERC165}.
*/interfaceIERC165{
/**
* @dev Returns true if this contract implements the interface defined by
* `interfaceId`. See the corresponding
* https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[ERC section]
* to learn more about how these ids are created.
*
* This function call must use less than 30 000 gas.
*/functionsupportsInterface(bytes4 interfaceId) externalviewreturns (bool);
}
Contract Source Code
File 14 of 20: IERC721Receiver.sol
// SPDX-License-Identifier: MIT// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC721/IERC721Receiver.sol)pragmasolidity ^0.8.20;/**
* @title ERC-721 token receiver interface
* @dev Interface for any contract that wants to support safeTransfers
* from ERC-721 asset contracts.
*/interfaceIERC721Receiver{
/**
* @dev Whenever an {IERC721} `tokenId` token is transferred to this contract via {IERC721-safeTransferFrom}
* by `operator` from `from`, this function is called.
*
* It must return its Solidity selector to confirm the token transfer.
* If any other value is returned or the interface is not implemented by the recipient, the transfer will be
* reverted.
*
* The selector can be obtained in Solidity with `IERC721Receiver.onERC721Received.selector`.
*/functiononERC721Received(address operator,
addressfrom,
uint256 tokenId,
bytescalldata data
) externalreturns (bytes4);
}
Contract Source Code
File 15 of 20: IRateProvider.sol
// SPDX-License-Identifier: GPL-3.0-or-later// This program is free software: you can redistribute it and/or modify// it under the terms of the GNU General Public License as published by// the Free Software Foundation, either version 3 of the License, or// (at your option) any later version.// This program is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU General Public License for more details.// You should have received a copy of the GNU General Public License// along with this program. If not, see <http://www.gnu.org/licenses/>.pragmasolidity ^0.8.0;interfaceIRateProvider{
functiongetRate() externalviewreturns (uint256);
}
// SPDX-License-Identifier: AGPL-3.0-onlypragmasolidity >=0.8.0;import {ERC20} from"../tokens/ERC20.sol";
/// @notice Safe ETH and ERC20 transfer library that gracefully handles missing return values./// @author Solmate (https://github.com/transmissions11/solmate/blob/main/src/utils/SafeTransferLib.sol)/// @dev Use with caution! Some functions in this library knowingly create dirty bits at the destination of the free memory pointer./// @dev Note that none of the functions in this library check that a token has code at all! That responsibility is delegated to the caller.librarySafeTransferLib{
/*//////////////////////////////////////////////////////////////
ETH OPERATIONS
//////////////////////////////////////////////////////////////*/functionsafeTransferETH(address to, uint256 amount) internal{
bool success;
/// @solidity memory-safe-assemblyassembly {
// Transfer the ETH and store if it succeeded or not.
success :=call(gas(), to, amount, 0, 0, 0, 0)
}
require(success, "ETH_TRANSFER_FAILED");
}
/*//////////////////////////////////////////////////////////////
ERC20 OPERATIONS
//////////////////////////////////////////////////////////////*/functionsafeTransferFrom(
ERC20 token,
addressfrom,
address to,
uint256 amount
) internal{
bool success;
/// @solidity memory-safe-assemblyassembly {
// Get a pointer to some free memory.let freeMemoryPointer :=mload(0x40)
// Write the abi-encoded calldata into memory, beginning with the function selector.mstore(freeMemoryPointer, 0x23b872dd00000000000000000000000000000000000000000000000000000000)
mstore(add(freeMemoryPointer, 4), and(from, 0xffffffffffffffffffffffffffffffffffffffff)) // Append and mask the "from" argument.mstore(add(freeMemoryPointer, 36), and(to, 0xffffffffffffffffffffffffffffffffffffffff)) // Append and mask the "to" argument.mstore(add(freeMemoryPointer, 68), amount) // Append the "amount" argument. Masking not required as it's a full 32 byte type.
success :=and(
// Set success to whether the call reverted, if not we check it either// returned exactly 1 (can't just be non-zero data), or had no return data.or(and(eq(mload(0), 1), gt(returndatasize(), 31)), iszero(returndatasize())),
// We use 100 because the length of our calldata totals up like so: 4 + 32 * 3.// We use 0 and 32 to copy up to 32 bytes of return data into the scratch space.// Counterintuitively, this call must be positioned second to the or() call in the// surrounding and() call or else returndatasize() will be zero during the computation.call(gas(), token, 0, freeMemoryPointer, 100, 0, 32)
)
}
require(success, "TRANSFER_FROM_FAILED");
}
functionsafeTransfer(
ERC20 token,
address to,
uint256 amount
) internal{
bool success;
/// @solidity memory-safe-assemblyassembly {
// Get a pointer to some free memory.let freeMemoryPointer :=mload(0x40)
// Write the abi-encoded calldata into memory, beginning with the function selector.mstore(freeMemoryPointer, 0xa9059cbb00000000000000000000000000000000000000000000000000000000)
mstore(add(freeMemoryPointer, 4), and(to, 0xffffffffffffffffffffffffffffffffffffffff)) // Append and mask the "to" argument.mstore(add(freeMemoryPointer, 36), amount) // Append the "amount" argument. Masking not required as it's a full 32 byte type.
success :=and(
// Set success to whether the call reverted, if not we check it either// returned exactly 1 (can't just be non-zero data), or had no return data.or(and(eq(mload(0), 1), gt(returndatasize(), 31)), iszero(returndatasize())),
// We use 68 because the length of our calldata totals up like so: 4 + 32 * 2.// We use 0 and 32 to copy up to 32 bytes of return data into the scratch space.// Counterintuitively, this call must be positioned second to the or() call in the// surrounding and() call or else returndatasize() will be zero during the computation.call(gas(), token, 0, freeMemoryPointer, 68, 0, 32)
)
}
require(success, "TRANSFER_FAILED");
}
functionsafeApprove(
ERC20 token,
address to,
uint256 amount
) internal{
bool success;
/// @solidity memory-safe-assemblyassembly {
// Get a pointer to some free memory.let freeMemoryPointer :=mload(0x40)
// Write the abi-encoded calldata into memory, beginning with the function selector.mstore(freeMemoryPointer, 0x095ea7b300000000000000000000000000000000000000000000000000000000)
mstore(add(freeMemoryPointer, 4), and(to, 0xffffffffffffffffffffffffffffffffffffffff)) // Append and mask the "to" argument.mstore(add(freeMemoryPointer, 36), amount) // Append the "amount" argument. Masking not required as it's a full 32 byte type.
success :=and(
// Set success to whether the call reverted, if not we check it either// returned exactly 1 (can't just be non-zero data), or had no return data.or(and(eq(mload(0), 1), gt(returndatasize(), 31)), iszero(returndatasize())),
// We use 68 because the length of our calldata totals up like so: 4 + 32 * 2.// We use 0 and 32 to copy up to 32 bytes of return data into the scratch space.// Counterintuitively, this call must be positioned second to the or() call in the// surrounding and() call or else returndatasize() will be zero during the computation.call(gas(), token, 0, freeMemoryPointer, 68, 0, 32)
)
}
require(success, "APPROVE_FAILED");
}
}
Contract Source Code
File 18 of 20: TellerWithMultiAssetSupport.sol
// SPDX-License-Identifier: MITpragmasolidity 0.8.21;import { ERC20 } from"@solmate/tokens/ERC20.sol";
import { WETH } from"@solmate/tokens/WETH.sol";
import { BoringVault } from"src/base/BoringVault.sol";
import { AccountantWithRateProviders } from"src/base/Roles/AccountantWithRateProviders.sol";
import { FixedPointMathLib } from"@solmate/utils/FixedPointMathLib.sol";
import { SafeTransferLib } from"@solmate/utils/SafeTransferLib.sol";
import { BeforeTransferHook } from"src/interfaces/BeforeTransferHook.sol";
import { Auth, Authority } from"@solmate/auth/Auth.sol";
import { ReentrancyGuard } from"@solmate/utils/ReentrancyGuard.sol";
/**
* @title TellerWithMultiAssetSupport
* @custom:security-contact security@molecularlabs.io
*/contractTellerWithMultiAssetSupportisAuth, BeforeTransferHook, ReentrancyGuard{
usingFixedPointMathLibforuint256;
usingSafeTransferLibforERC20;
usingSafeTransferLibforWETH;
// ========================================= CONSTANTS =========================================/**
* @notice Native address used to tell the contract to handle native asset deposits.
*/addressinternalconstant NATIVE =0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE;
/**
* @notice The maximum possible share lock period.
*/uint256internalconstant MAX_SHARE_LOCK_PERIOD =3days;
// ========================================= STATE =========================================/**
* @notice Mapping ERC20s to an isSupported bool.
*/mapping(ERC20 =>bool) public isSupported;
/**
* @notice The deposit nonce used to map to a deposit hash.
*/uint96public depositNonce =1;
/**
* @notice After deposits, shares are locked to the msg.sender's address
* for `shareLockPeriod`.
* @dev During this time all transfers from msg.sender will revert, and
* deposits are refundable.
*/uint64public shareLockPeriod;
/**
* @notice Used to pause calls to `deposit` and `depositWithPermit`.
*/boolpublic isPaused;
/**
* @dev Maps deposit nonce to keccak256(address receiver, address depositAsset, uint256 depositAmount, uint256
* shareAmount, uint256 timestamp, uint256 shareLockPeriod).
*/mapping(uint256=>bytes32) public publicDepositHistory;
/**
* @notice Maps user address to the time their shares will be unlocked.
*/mapping(address=>uint256) public shareUnlockTime;
//============================== ERRORS ===============================errorTellerWithMultiAssetSupport__ShareLockPeriodTooLong();
errorTellerWithMultiAssetSupport__SharesAreLocked();
errorTellerWithMultiAssetSupport__SharesAreUnLocked();
errorTellerWithMultiAssetSupport__BadDepositHash();
errorTellerWithMultiAssetSupport__AssetNotSupported();
errorTellerWithMultiAssetSupport__ZeroAssets();
errorTellerWithMultiAssetSupport__MinimumMintNotMet();
errorTellerWithMultiAssetSupport__MinimumAssetsNotMet();
errorTellerWithMultiAssetSupport__PermitFailedAndAllowanceTooLow();
errorTellerWithMultiAssetSupport__ZeroShares();
errorTellerWithMultiAssetSupport__Paused();
//============================== EVENTS ===============================eventPaused();
eventUnpaused();
eventAssetAdded(addressindexed asset);
eventAssetRemoved(addressindexed asset);
eventDeposit(uint256indexed nonce,
addressindexed receiver,
addressindexed depositAsset,
uint256 depositAmount,
uint256 shareAmount,
uint256 depositTimestamp,
uint256 shareLockPeriodAtTimeOfDeposit
);
eventBulkDeposit(addressindexed asset, uint256 depositAmount);
eventBulkWithdraw(addressindexed asset, uint256 shareAmount);
eventDepositRefunded(uint256indexed nonce, bytes32 depositHash, addressindexed user);
//============================== IMMUTABLES ===============================/**
* @notice The BoringVault this contract is working with.
*/
BoringVault publicimmutable vault;
/**
* @notice The AccountantWithRateProviders this contract is working with.
*/
AccountantWithRateProviders publicimmutable accountant;
/**
* @notice One share of the BoringVault.
*/uint256internalimmutable ONE_SHARE;
constructor(address _owner, address _vault, address _accountant) Auth(_owner, Authority(address(0))) {
vault = BoringVault(payable(_vault));
ONE_SHARE =10** vault.decimals();
accountant = AccountantWithRateProviders(_accountant);
}
// ========================================= ADMIN FUNCTIONS =========================================/**
* @notice Pause this contract, which prevents future calls to `deposit` and `depositWithPermit`.
* @dev Callable by MULTISIG_ROLE.
*/functionpause() externalrequiresAuth{
isPaused =true;
emit Paused();
}
/**
* @notice Unpause this contract, which allows future calls to `deposit` and `depositWithPermit`.
* @dev Callable by MULTISIG_ROLE.
*/functionunpause() externalrequiresAuth{
isPaused =false;
emit Unpaused();
}
/**
* @notice Adds this asset as a deposit asset.
* @dev The accountant must also support pricing this asset, else the `deposit` call will revert.
* @dev Callable by OWNER_ROLE.
*/functionaddAsset(ERC20 asset) externalrequiresAuth{
isSupported[asset] =true;
emit AssetAdded(address(asset));
}
/**
* @notice Removes this asset as a deposit asset.
* @dev Callable by OWNER_ROLE.
*/functionremoveAsset(ERC20 asset) externalrequiresAuth{
isSupported[asset] =false;
emit AssetRemoved(address(asset));
}
/**
* @notice Sets the share lock period.
* @dev This not only locks shares to the user address, but also serves as the pending deposit period, where
* deposits can be reverted.
* @dev If a new shorter share lock period is set, users with pending share locks could make a new deposit to
* receive 1 wei shares,
* and have their shares unlock sooner than their original deposit allows. This state would allow for the user
* deposit to be refunded,
* but only if they have not transferred their shares out of there wallet. This is an accepted limitation, and
* should be known when decreasing
* the share lock period.
* @dev Callable by OWNER_ROLE.
*/functionsetShareLockPeriod(uint64 _shareLockPeriod) externalrequiresAuth{
if (_shareLockPeriod > MAX_SHARE_LOCK_PERIOD) revert TellerWithMultiAssetSupport__ShareLockPeriodTooLong();
shareLockPeriod = _shareLockPeriod;
}
// ========================================= BeforeTransferHook FUNCTIONS =========================================/**
* @notice Implement beforeTransfer hook to check if shares are locked.
*/functionbeforeTransfer(addressfrom) publicview{
if (shareUnlockTime[from] >block.timestamp) revert TellerWithMultiAssetSupport__SharesAreLocked();
}
// ========================================= REVERT DEPOSIT FUNCTIONS =========================================/**
* @notice Allows DEPOSIT_REFUNDER_ROLE to revert a pending deposit.
* @dev Once a deposit share lock period has passed, it can no longer be reverted.
* @dev It is possible the admin does not setup the BoringVault to call the transfer hook,
* but this contract can still be saving share lock state. In the event this happens
* deposits are still refundable if the user has not transferred their shares.
* But there is no guarantee that the user has not transferred their shares.
* @dev Callable by STRATEGIST_MULTISIG_ROLE.
*/functionrefundDeposit(uint256 nonce,
address receiver,
address depositAsset,
uint256 depositAmount,
uint256 shareAmount,
uint256 depositTimestamp,
uint256 shareLockUpPeriodAtTimeOfDeposit
)
externalrequiresAuth{
if ((block.timestamp- depositTimestamp) > shareLockUpPeriodAtTimeOfDeposit) {
// Shares are already unlocked, so we can not revert deposit.revert TellerWithMultiAssetSupport__SharesAreUnLocked();
}
bytes32 depositHash =keccak256(
abi.encode(
receiver, depositAsset, depositAmount, shareAmount, depositTimestamp, shareLockUpPeriodAtTimeOfDeposit
)
);
if (publicDepositHistory[nonce] != depositHash) revert TellerWithMultiAssetSupport__BadDepositHash();
// Delete hash to prevent refund gas.delete publicDepositHistory[nonce];
// Burn shares and refund assets to receiver.
vault.exit(receiver, ERC20(depositAsset), depositAmount, receiver, shareAmount);
emit DepositRefunded(nonce, depositHash, receiver);
}
// ========================================= USER FUNCTIONS =========================================/**
* @notice Allows users to deposit into the BoringVault, if this contract is not paused.
* @dev Publicly callable.
*/functiondeposit(
ERC20 depositAsset,
uint256 depositAmount,
uint256 minimumMint
)
externalrequiresAuthnonReentrantreturns (uint256 shares)
{
if (isPaused) revert TellerWithMultiAssetSupport__Paused();
if (!isSupported[depositAsset]) revert TellerWithMultiAssetSupport__AssetNotSupported();
shares = _erc20Deposit(depositAsset, depositAmount, minimumMint, msg.sender);
_afterPublicDeposit(msg.sender, depositAsset, depositAmount, shares, shareLockPeriod);
}
/**
* @notice Allows users to deposit into BoringVault using permit.
* @dev Publicly callable.
*/functiondepositWithPermit(
ERC20 depositAsset,
uint256 depositAmount,
uint256 minimumMint,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
)
externalrequiresAuthnonReentrantreturns (uint256 shares)
{
if (isPaused) revert TellerWithMultiAssetSupport__Paused();
if (!isSupported[depositAsset]) revert TellerWithMultiAssetSupport__AssetNotSupported();
// solhint-disable-next-line no-empty-blockstry depositAsset.permit(msg.sender, address(vault), depositAmount, deadline, v, r, s) { }
catch {
if (depositAsset.allowance(msg.sender, address(vault)) < depositAmount) {
revert TellerWithMultiAssetSupport__PermitFailedAndAllowanceTooLow();
}
}
shares = _erc20Deposit(depositAsset, depositAmount, minimumMint, msg.sender);
_afterPublicDeposit(msg.sender, depositAsset, depositAmount, shares, shareLockPeriod);
}
/**
* @notice Allows on ramp role to deposit into this contract.
* @dev Does NOT support native deposits.
* @dev Callable by SOLVER_ROLE.
*/functionbulkDeposit(
ERC20 depositAsset,
uint256 depositAmount,
uint256 minimumMint,
address to
)
externalrequiresAuthnonReentrantreturns (uint256 shares)
{
if (!isSupported[depositAsset]) revert TellerWithMultiAssetSupport__AssetNotSupported();
shares = _erc20Deposit(depositAsset, depositAmount, minimumMint, to);
emit BulkDeposit(address(depositAsset), depositAmount);
}
/**
* @notice Allows off ramp role to withdraw from this contract.
* @dev Callable by SOLVER_ROLE.
*/functionbulkWithdraw(
ERC20 withdrawAsset,
uint256 shareAmount,
uint256 minimumAssets,
address to
)
externalrequiresAuthreturns (uint256 assetsOut)
{
if (!isSupported[withdrawAsset]) revert TellerWithMultiAssetSupport__AssetNotSupported();
if (shareAmount ==0) revert TellerWithMultiAssetSupport__ZeroShares();
assetsOut = shareAmount.mulDivDown(accountant.getRateInQuoteSafe(withdrawAsset), ONE_SHARE);
if (assetsOut < minimumAssets) revert TellerWithMultiAssetSupport__MinimumAssetsNotMet();
vault.exit(to, withdrawAsset, assetsOut, msg.sender, shareAmount);
emit BulkWithdraw(address(withdrawAsset), shareAmount);
}
// ========================================= INTERNAL HELPER FUNCTIONS =========================================/**
* @notice Implements a common ERC20 deposit into BoringVault.
*/function_erc20Deposit(
ERC20 depositAsset,
uint256 depositAmount,
uint256 minimumMint,
address to
)
internalreturns (uint256 shares)
{
if (depositAmount ==0) revert TellerWithMultiAssetSupport__ZeroAssets();
shares = depositAmount.mulDivDown(ONE_SHARE, accountant.getRateInQuoteSafe(depositAsset));
if (shares < minimumMint) revert TellerWithMultiAssetSupport__MinimumMintNotMet();
vault.enter(msg.sender, depositAsset, depositAmount, to, shares);
}
/**
* @notice Handle share lock logic, and event.
*/function_afterPublicDeposit(address user,
ERC20 depositAsset,
uint256 depositAmount,
uint256 shares,
uint256 currentShareLockPeriod
)
internal{
shareUnlockTime[user] =block.timestamp+ currentShareLockPeriod;
uint256 nonce = depositNonce;
publicDepositHistory[nonce] =keccak256(abi.encode(user, depositAsset, depositAmount, shares, block.timestamp, currentShareLockPeriod));
depositNonce++;
emit Deposit(nonce, user, address(depositAsset), depositAmount, shares, block.timestamp, currentShareLockPeriod);
}
}
// SPDX-License-Identifier: MITpragmasolidity 0.8.21;import { ERC20 } from"@solmate/tokens/ERC20.sol";
import { SafeTransferLib } from"@solmate/utils/SafeTransferLib.sol";
import { BoringVault } from"../base/BoringVault.sol";
import { TellerWithMultiAssetSupport } from"../base/Roles/TellerWithMultiAssetSupport.sol";
interfaceWarpRoute{
functiontransferRemote(uint32 _destination, bytes32 _recipient, uint256 _amountOrId) externalpayablereturns (bytes32);
}
/**
* @notice A simple wrapper to call both `deposit` on a Teller and
* `transferRemote` on a WarpRoute in one transaction. This contract can only be
* used with a defined Teller. If a new Teller is deployed, a new Wrapper must
* be deployed.
*
* @custom:security-contact security@molecularlabs.io
*/contractWarpRouteWrapper{
usingSafeTransferLibforERC20;
errorInvalidDestination();
BoringVault publicimmutable boringVault;
TellerWithMultiAssetSupport publicimmutable teller;
WarpRoute publicimmutable warpRoute;
uint32publicimmutable destination;
constructor(TellerWithMultiAssetSupport _teller, WarpRoute _warpRoute, uint32 _destination) {
teller = _teller;
warpRoute = _warpRoute;
destination = _destination;
boringVault = _teller.vault();
// Infinite approvals to the warpRoute okay because this contract will// never hold any balance aside from donations.
boringVault.approve(address(warpRoute), type(uint256).max);
}
/**
* @dev There's two sets of approvals this contract needs to grant. It needs
* to approve the BoringVault to take its `depositAsset`, and it needs to
* approve the WarpRoute to take the BoringVault shares. The latter is done
* in the constructor.
*
* NOTE that the `depositAsset` can vary as the Teller can add new supported
* assets.
*/functiondepositAndBridge(
ERC20 depositAsset,
uint256 depositAmount,
uint256 minimumMint,
bytes32 recipient
)
externalpayablereturns (uint256 sharesMinted, bytes32 messageId)
{
depositAsset.safeTransferFrom(msg.sender, address(this), depositAmount);
if (depositAsset.allowance(address(this), address(boringVault)) < depositAmount) {
depositAsset.approve(address(boringVault), type(uint256).max);
}
sharesMinted = teller.deposit(depositAsset, depositAmount, minimumMint);
messageId = warpRoute.transferRemote{ value: msg.value }(destination, recipient, sharesMinted);
}
}
