Sponsored
MetaMask
Join MetaMask Rewards Try Now!
Trade perps and swap crypto to earn points that unlock exclusive perks and prizes.
eToro
A global broker built for crypto trading. Buy Now!
User-friendly interface. Trusted worldwide.
MoonPay
Buy Ethereum with 50% off MoonPay Fees, for your first 5 transactionsBuy Now!
T&C's apply, new users only and not for UK users.
Sponsored
Сoins.game
100 free spins for registration. Spin now!
Everyday giveaways up to 100 ETH, Lucky Spins. Deposit BONUS 300% and Cashbacks!
BC.GAME
The Best ETH Casino Claim Now!
5000+ Slots & Live Casino Games, 50+cryptos. Register with Etherscan and get 760% deposit bonus. Win Big$, withdraw it fast.
Stake
200% Bonus, Instant Withdrawals, 100K Daily Giveaways, BEST VIP Club Claim Bonus!
20+ Cryptos, 3000+ Slots, Daily & Monthly Bonuses, Exclusive Sports Promos - Provably Fair!
Sponsored
BC.GAME
- The Best ETH Casino Claim Now!
5000+ Slots & Live Casino Games, 50+cryptos. Register with Etherscan and get 760% deposit bonus. Win Big$, withdraw it fast.
CryptoSlots
Play & Get 25 Free Spins at CryptoSlots Play Now
Anonymous play on awesome games - sign up now for 25 free jackpot spins - worth $100s!
CryptoWins
200% More Funds to Play on Us up to 4 BTC! Claim Now!
100s of games, generous bonuses, 20+ years of trusted gaming. Join CryptoWins & start winning today!
Overview
ETH Balance
0 ETH
Eth Value
$0.00Token Holdings
| Transaction Hash |
Method
|
Block
|
From
|
To
|
|||||
|---|---|---|---|---|---|---|---|---|---|
| 0xb1221ad278d22aba4d8199f05a2774fe4b18b79d96888d158cfd163b8e269735 | Refund | (pending) | 1 hr ago | IN | 0 ETH | (Pending) | |||
| 0x1c236ce383a39c5db7498c54282a3df23ccdaa81d17a3ac1a7d29e6dd7588a37 | Refund | (pending) | 1 hr ago | IN | 0 ETH | (Pending) | |||
| 0x41d7a0f006d6fec12855561d11d325dc2b10ba87b348e68505a289450c7c7a12 | Refund | (pending) | 31 hrs ago | IN | 0 ETH | (Pending) | |||
| 0x654879007af464c1ef1cf848848220142821cd163571d09d038d3530791db1cb | Refund | (pending) | 31 hrs ago | IN | 0 ETH | (Pending) | |||
| 0xab9c704c672c95d4cf19e20bf585fb370e958e2c099bb0b781bb55ac7e67d381 | Refund | (pending) | 31 hrs ago | IN | 0 ETH | (Pending) | |||
| Withdraw Excess ... | 23761532 | 22 hrs ago | IN | 0 ETH | 0.00005822 | ||||
| Refund | 23761387 | 23 hrs ago | IN | 0 ETH | 0.00003084 | ||||
| Invest | 23761386 | 23 hrs ago | IN | 0 ETH | 0.00006081 | ||||
| Invest | 23761386 | 23 hrs ago | IN | 0 ETH | 0.00006081 | ||||
| Invest | 23761385 | 23 hrs ago | IN | 0 ETH | 0.0000034 | ||||
| Invest | 23761384 | 23 hrs ago | IN | 0 ETH | 0.00004159 | ||||
| Invest | 23761384 | 23 hrs ago | IN | 0 ETH | 0.00004159 | ||||
| Withdraw Excess ... | 23753444 | 2 days ago | IN | 0 ETH | 0.00001488 | ||||
| Withdraw Excess ... | 23751297 | 2 days ago | IN | 0 ETH | 0.00001732 | ||||
| Withdraw Excess ... | 23748269 | 2 days ago | IN | 0 ETH | 0.00023487 | ||||
| Withdraw Excess ... | 23748145 | 2 days ago | IN | 0 ETH | 0.00031621 | ||||
| Withdraw Excess ... | 23742290 | 3 days ago | IN | 0 ETH | 0.0002502 | ||||
| Refund | 23742214 | 3 days ago | IN | 0 ETH | 0.0000854 | ||||
| Withdraw Excess ... | 23740553 | 3 days ago | IN | 0 ETH | 0.00026886 | ||||
| Withdraw Excess ... | 23739874 | 3 days ago | IN | 0 ETH | 0.00015412 | ||||
| Withdraw Excess ... | 23739402 | 4 days ago | IN | 0 ETH | 0.00005935 | ||||
| Withdraw Excess ... | 23734880 | 4 days ago | IN | 0 ETH | 0.00007964 | ||||
| Withdraw Excess ... | 23733376 | 4 days ago | IN | 0 ETH | 0.00026067 | ||||
| Withdraw Excess ... | 23731725 | 5 days ago | IN | 0 ETH | 0.00022884 | ||||
| Withdraw Excess ... | 23725932 | 5 days ago | IN | 0 ETH | 0.00008064 |
Latest 1 internal transaction
Advanced mode:
| Parent Transaction Hash | Method | Block |
From
|
To
|
|||
|---|---|---|---|---|---|---|---|
| 0x602c3d81 | 23468846 | 41 days ago | Contract Creation | 0 ETH |
Loading...
Loading
Cross-Chain Transactions
Loading...
Loading
Minimal Proxy Contract for 0x11077eddfc6db5abfdb9e019a64172b5d8e81a3a
Contract Name:
LegionPreLiquidSaleV2
Compiler Version
v0.8.28+commit.7893614a
Optimization Enabled:
No with 200 runs
Other Settings:
cancun EvmVersion
Contract Source Code (Solidity Standard Json-Input format)
// SPDX-License-Identifier: MIT
pragma solidity 0.8.28;
// ___ ___ ___ ___ ___
// /\__\ /\ \ /\ \ ___ /\ \ /\__\
// /:/ / /::\ \ /::\ \ /\ \ /::\ \ /::| |
// /:/ / /:/\:\ \ /:/\:\ \ \:\ \ /:/\:\ \ /:|:| |
// /:/ / /::\~\:\ \ /:/ \:\ \ /::\__\ /:/ \:\ \ /:/|:| |__
// /:/__/ /:/\:\ \:\__\ /:/__/_\:\__\ __/:/\/__/ /:/__/ \:\__\ /:/ |:| /\__\
// \:\ \ \:\~\:\ \/__/ \:\ /\ \/__/ /\/:/ / \:\ \ /:/ / \/__|:|/:/ /
// \:\ \ \:\ \:\__\ \:\ \:\__\ \::/__/ \:\ /:/ / |:/:/ /
// \:\ \ \:\ \/__/ \:\/:/ / \:\__\ \:\/:/ / |::/ /
// \:\__\ \:\__\ \::/ / \/__/ \::/ / /:/ /
// \/__/ \/__/ \/__/ \/__/ \/__/
//
// If you find a bug, please contact security[at]legion.cc
// We will pay a fair bounty for any issue that puts users' funds at risk.
import { SafeTransferLib } from "@solady/src/utils/SafeTransferLib.sol";
import { Constants } from "./utils/Constants.sol";
import { Errors } from "./utils/Errors.sol";
import { ILegionPreLiquidSaleV2 } from "./interfaces/ILegionPreLiquidSaleV2.sol";
import { ILegionSale } from "./interfaces/ILegionSale.sol";
import { LegionSale } from "./LegionSale.sol";
/**
* @title Legion Pre-Liquid Sale V2
* @author Legion
* @notice A contract used to execute pre-liquid sales of ERC20 tokens before TGE
*/
contract LegionPreLiquidSaleV2 is LegionSale, ILegionPreLiquidSaleV2 {
/// @dev A struct describing the pre-liquid sale configuration
PreLiquidSaleConfiguration private preLiquidSaleConfig;
/**
* @notice Initializes the contract with correct parameters.
*
* @param saleInitParams The Legion sale initialization parameters.
* @param vestingInitParams The vesting initialization parameters.
*/
function initialize(
LegionSaleInitializationParams calldata saleInitParams,
LegionVestingInitializationParams calldata vestingInitParams
)
external
initializer
{
// Init and set the sale common params
_setLegionSaleConfig(saleInitParams, vestingInitParams);
// Set the sale start time
saleConfig.startTime = block.timestamp;
/// Set the refund period duration in seconds
preLiquidSaleConfig.refundPeriodSeconds = saleInitParams.refundPeriodSeconds;
/// Set the lockup period duration in seconds
preLiquidSaleConfig.lockupPeriodSeconds = saleInitParams.lockupPeriodSeconds;
}
/**
* @notice Invest capital to the pre-liquid sale.
*
* @param amount The amount of capital invested.
* @param signature The Legion signature for verification.
*/
function invest(uint256 amount, bytes memory signature) external whenNotPaused {
// Verify that the investor is allowed to pledge capital
_verifyLegionSignature(signature);
// Verify that the sale has not ended
_verifySaleHasNotEnded();
// Verify that the sale is not canceled
_verifySaleNotCanceled();
// Verify that the amount invested is more than the minimum required
_verifyMinimumInvestAmount(amount);
// Verify that the investor has not refunded
_verifyHasNotRefunded();
// Verify that the investor has not claimed excess capital
_verifyHasNotClaimedExcess();
// Increment total capital invested from investors
saleStatus.totalCapitalInvested += amount;
// Increment total invested capital for the investor
investorPositions[msg.sender].investedCapital += amount;
// Emit CapitalInvested
emit CapitalInvested(amount, msg.sender, block.timestamp);
// Transfer the invested capital to the contract
SafeTransferLib.safeTransferFrom(addressConfig.bidToken, msg.sender, address(this), amount);
}
/**
* @notice End sale by Legion or the Project and set the refund end time.
*/
function endSale() external onlyLegionOrProject whenNotPaused {
// Verify that the sale is not canceled
_verifySaleNotCanceled();
// Verify that the sale has not ended
_verifySaleHasNotEnded();
// Update the `hasEnded` status to true
preLiquidSaleConfig.hasEnded = true;
// Set the `endTime` of the sale
saleConfig.endTime = block.timestamp;
// Set the `refundEndTime` of the sale
saleConfig.refundEndTime = block.timestamp + preLiquidSaleConfig.refundPeriodSeconds;
// Check if lockupPeriodSeconds is less than refundPeriodSeconds
// lockupEndTime should be at least refundEndTime
if (preLiquidSaleConfig.lockupPeriodSeconds <= preLiquidSaleConfig.refundPeriodSeconds) {
// If yes, set lockupEndTime to be refundEndTime
saleConfig.lockupEndTime = saleConfig.refundEndTime;
} else {
// If no, calculate the lockupEndTime
saleConfig.lockupEndTime = saleConfig.endTime + preLiquidSaleConfig.lockupPeriodSeconds;
}
// Emit SaleEnded successfully
emit SaleEnded(block.timestamp);
}
/**
* @notice Publish the total capital raised by the project.
*
* @param capitalRaised The total capital raised by the project.
*/
function publishCapitalRaised(uint256 capitalRaised) external onlyLegion whenNotPaused {
// Verify that the sale is not canceled
_verifySaleNotCanceled();
// verify that the sale has ended
_verifySaleHasEnded();
// Verify that the refund period is over
_verifyRefundPeriodIsOver();
// Verify that capital raised can be published.
_verifyCanPublishCapitalRaised();
// Set the total capital raised to be withdrawn by the project
saleStatus.totalCapitalRaised = capitalRaised;
// Emit successfully CapitalRaisedPublished
emit CapitalRaisedPublished(capitalRaised);
}
/**
* @notice Publish sale results, once the sale has concluded.
*
* @dev Can be called only by the Legion admin address.
*
* @param claimMerkleRoot The Merkle root to verify token claims.
* @param tokensAllocated The total amount of tokens allocated for distribution among investors.
* @param askToken The address of the token distributed to investors.
* @param vestingStartTime The Unix timestamp (seconds) of the block when the vesting starts.
*/
function publishSaleResults(
bytes32 claimMerkleRoot,
uint256 tokensAllocated,
address askToken,
uint256 vestingStartTime
)
external
onlyLegion
whenNotPaused
{
// Verify that the sale is not canceled
_verifySaleNotCanceled();
// verify that the sale has ended
_verifySaleHasEnded();
// Verify that the refund period is over
_verifyRefundPeriodIsOver();
// Verify that sale results are not already published
_verifyCanPublishSaleResults();
// Set the merkle root for claiming tokens
saleStatus.claimTokensMerkleRoot = claimMerkleRoot;
// Set the total tokens to be allocated by the Project team
saleStatus.totalTokensAllocated = tokensAllocated;
/// Set the address of the token distributed to investors
addressConfig.askToken = askToken;
// Set the vesting start time block timestamp
vestingConfig.vestingStartTime = vestingStartTime;
// Emit successfully SaleResultsPublished
emit SaleResultsPublished(claimMerkleRoot, tokensAllocated, askToken, vestingStartTime);
}
/**
* @notice Withdraw raised capital from the sale contract.
*
* @dev Can be called only by the Project admin address.
*/
function withdrawRaisedCapital() external override(ILegionSale, LegionSale) onlyProject whenNotPaused {
// verify that the sale has ended
_verifySaleHasEnded();
// Verify that the refund period is over
_verifyRefundPeriodIsOver();
// Verify that the sale is not canceled
_verifySaleNotCanceled();
// Verify that the project can withdraw capital
_verifyCanWithdrawCapital();
// Flag that the capital has been withdrawn
saleStatus.capitalWithdrawn = true;
// Set the total capital that has been withdrawn
saleStatus.totalCapitalWithdrawn = saleStatus.totalCapitalRaised;
// Cache value in memory
uint256 _totalCapitalRaised = saleStatus.totalCapitalRaised;
// Calculate Legion Fee
uint256 _legionFee = (saleConfig.legionFeeOnCapitalRaisedBps * _totalCapitalRaised) / 10_000;
// Calculate Referrer Fee
uint256 _referrerFee = (saleConfig.referrerFeeOnCapitalRaisedBps * _totalCapitalRaised) / 10_000;
// Emit successfully CapitalWithdrawn
emit CapitalWithdrawn(_totalCapitalRaised, msg.sender);
// Transfer the raised capital to the project owner
SafeTransferLib.safeTransfer(
addressConfig.bidToken, msg.sender, (_totalCapitalRaised - _legionFee - _referrerFee)
);
// Transfer the Legion fee to the Legion fee receiver address
if (_legionFee != 0) {
SafeTransferLib.safeTransfer(addressConfig.bidToken, addressConfig.legionFeeReceiver, _legionFee);
}
// Transfer the Referrer fee to the Legion fee receiver address
if (_referrerFee != 0) {
SafeTransferLib.safeTransfer(addressConfig.bidToken, addressConfig.referrerFeeReceiver, _referrerFee);
}
}
/**
* @notice Cancels an ongoing sale.
*
* @dev Can be called only by the Project admin address.
*/
function cancelSale() public override(ILegionSale, LegionSale) onlyProject whenNotPaused {
// Verify sale has not already been canceled
_verifySaleNotCanceled();
/// Verify that no tokens have been supplied to the sale by the Project
_verifyTokensNotSupplied();
/// Cache the amount of funds to be returned to the sale
uint256 capitalToReturn = saleStatus.totalCapitalWithdrawn;
// Mark sale as canceled
saleStatus.isCanceled = true;
// Emit successfully SaleCanceled
emit SaleCanceled();
/// In case there's capital to return, transfer the funds back to the contract
if (capitalToReturn > 0) {
/// Set the totalCapitalWithdrawn to zero
saleStatus.totalCapitalWithdrawn = 0;
/// Transfer the allocated amount of tokens for distribution
SafeTransferLib.safeTransferFrom(addressConfig.bidToken, msg.sender, address(this), capitalToReturn);
}
}
/**
* @notice Returns the pre-liquid sale configuration.
*/
function preLiquidSaleConfiguration() external view returns (PreLiquidSaleConfiguration memory) {
return preLiquidSaleConfig;
}
/**
* @notice Verify that the sale has not ended.
*/
function _verifySaleHasNotEnded() internal view override {
if (preLiquidSaleConfig.hasEnded) revert Errors.SaleHasEnded();
}
/**
* @notice Verify that the sale has ended.
*/
function _verifySaleHasEnded() internal view {
if (!preLiquidSaleConfig.hasEnded) revert Errors.SaleHasNotEnded();
}
/**
* @notice Verify that capital raised can be published.
*/
function _verifyCanPublishCapitalRaised() internal view {
if (saleStatus.totalCapitalRaised != 0) revert Errors.CapitalRaisedAlreadyPublished();
}
/**
* @notice Verify that the project can withdraw capital.
*/
function _verifyCanWithdrawCapital() internal view override {
if (saleStatus.capitalWithdrawn) revert Errors.CapitalAlreadyWithdrawn();
if (saleStatus.totalCapitalRaised == 0) revert Errors.CapitalRaisedNotPublished();
}
/**
* @notice Verify that the refund period is over.
*/
function _verifyRefundPeriodIsOver() internal view override {
if (saleConfig.refundEndTime > 0 && block.timestamp < saleConfig.refundEndTime) {
revert Errors.RefundPeriodIsNotOver();
}
}
/**
* @notice Verify that the refund period is not over.
*/
function _verifyRefundPeriodIsNotOver() internal view override {
if (saleConfig.refundEndTime > 0 && block.timestamp >= saleConfig.refundEndTime) {
revert Errors.RefundPeriodIsOver();
}
}
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.4;
/// @notice Safe ETH and ERC20 transfer library that gracefully handles missing return values.
/// @author Solady (https://github.com/vectorized/solady/blob/main/src/utils/SafeTransferLib.sol)
/// @author Modified from Solmate (https://github.com/transmissions11/solmate/blob/main/src/utils/SafeTransferLib.sol)
/// @author Permit2 operations from (https://github.com/Uniswap/permit2/blob/main/src/libraries/Permit2Lib.sol)
///
/// @dev Note:
/// - For ETH transfers, please use `forceSafeTransferETH` for DoS protection.
library SafeTransferLib {
/*´:°•.°+.*•´.*:˚.°*.˚•´.°:°•.°•.*•´.*:˚.°*.˚•´.°:°•.°+.*•´.*:*/
/* CUSTOM ERRORS */
/*.•°:°.´+˚.*°.˚:*.´•*.+°.•°:´*.´•*.•°.•°:°.´:•˚°.*°.˚:*.´+°.•*/
/// @dev The ETH transfer has failed.
error ETHTransferFailed();
/// @dev The ERC20 `transferFrom` has failed.
error TransferFromFailed();
/// @dev The ERC20 `transfer` has failed.
error TransferFailed();
/// @dev The ERC20 `approve` has failed.
error ApproveFailed();
/// @dev The ERC20 `totalSupply` query has failed.
error TotalSupplyQueryFailed();
/// @dev The Permit2 operation has failed.
error Permit2Failed();
/// @dev The Permit2 amount must be less than `2**160 - 1`.
error Permit2AmountOverflow();
/// @dev The Permit2 approve operation has failed.
error Permit2ApproveFailed();
/// @dev The Permit2 lockdown operation has failed.
error Permit2LockdownFailed();
/*´:°•.°+.*•´.*:˚.°*.˚•´.°:°•.°•.*•´.*:˚.°*.˚•´.°:°•.°+.*•´.*:*/
/* CONSTANTS */
/*.•°:°.´+˚.*°.˚:*.´•*.+°.•°:´*.´•*.•°.•°:°.´:•˚°.*°.˚:*.´+°.•*/
/// @dev Suggested gas stipend for contract receiving ETH that disallows any storage writes.
uint256 internal constant GAS_STIPEND_NO_STORAGE_WRITES = 2300;
/// @dev Suggested gas stipend for contract receiving ETH to perform a few
/// storage reads and writes, but low enough to prevent griefing.
uint256 internal constant GAS_STIPEND_NO_GRIEF = 100000;
/// @dev The unique EIP-712 domain domain separator for the DAI token contract.
bytes32 internal constant DAI_DOMAIN_SEPARATOR =
0xdbb8cf42e1ecb028be3f3dbc922e1d878b963f411dc388ced501601c60f7c6f7;
/// @dev The address for the WETH9 contract on Ethereum mainnet.
address internal constant WETH9 = 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2;
/// @dev The canonical Permit2 address.
/// [Github](https://github.com/Uniswap/permit2)
/// [Etherscan](https://etherscan.io/address/0x000000000022D473030F116dDEE9F6B43aC78BA3)
address internal constant PERMIT2 = 0x000000000022D473030F116dDEE9F6B43aC78BA3;
/*´:°•.°+.*•´.*:˚.°*.˚•´.°:°•.°•.*•´.*:˚.°*.˚•´.°:°•.°+.*•´.*:*/
/* ETH OPERATIONS */
/*.•°:°.´+˚.*°.˚:*.´•*.+°.•°:´*.´•*.•°.•°:°.´:•˚°.*°.˚:*.´+°.•*/
// If the ETH transfer MUST succeed with a reasonable gas budget, use the force variants.
//
// The regular variants:
// - Forwards all remaining gas to the target.
// - Reverts if the target reverts.
// - Reverts if the current contract has insufficient balance.
//
// The force variants:
// - Forwards with an optional gas stipend
// (defaults to `GAS_STIPEND_NO_GRIEF`, which is sufficient for most cases).
// - If the target reverts, or if the gas stipend is exhausted,
// creates a temporary contract to force send the ETH via `SELFDESTRUCT`.
// Future compatible with `SENDALL`: https://eips.ethereum.org/EIPS/eip-4758.
// - Reverts if the current contract has insufficient balance.
//
// The try variants:
// - Forwards with a mandatory gas stipend.
// - Instead of reverting, returns whether the transfer succeeded.
/// @dev Sends `amount` (in wei) ETH to `to`.
function safeTransferETH(address to, uint256 amount) internal {
/// @solidity memory-safe-assembly
assembly {
if iszero(call(gas(), to, amount, codesize(), 0x00, codesize(), 0x00)) {
mstore(0x00, 0xb12d13eb) // `ETHTransferFailed()`.
revert(0x1c, 0x04)
}
}
}
/// @dev Sends all the ETH in the current contract to `to`.
function safeTransferAllETH(address to) internal {
/// @solidity memory-safe-assembly
assembly {
// Transfer all the ETH and check if it succeeded or not.
if iszero(call(gas(), to, selfbalance(), codesize(), 0x00, codesize(), 0x00)) {
mstore(0x00, 0xb12d13eb) // `ETHTransferFailed()`.
revert(0x1c, 0x04)
}
}
}
/// @dev Force sends `amount` (in wei) ETH to `to`, with a `gasStipend`.
function forceSafeTransferETH(address to, uint256 amount, uint256 gasStipend) internal {
/// @solidity memory-safe-assembly
assembly {
if lt(selfbalance(), amount) {
mstore(0x00, 0xb12d13eb) // `ETHTransferFailed()`.
revert(0x1c, 0x04)
}
if iszero(call(gasStipend, to, amount, codesize(), 0x00, codesize(), 0x00)) {
mstore(0x00, to) // Store the address in scratch space.
mstore8(0x0b, 0x73) // Opcode `PUSH20`.
mstore8(0x20, 0xff) // Opcode `SELFDESTRUCT`.
if iszero(create(amount, 0x0b, 0x16)) { revert(codesize(), codesize()) } // For gas estimation.
}
}
}
/// @dev Force sends all the ETH in the current contract to `to`, with a `gasStipend`.
function forceSafeTransferAllETH(address to, uint256 gasStipend) internal {
/// @solidity memory-safe-assembly
assembly {
if iszero(call(gasStipend, to, selfbalance(), codesize(), 0x00, codesize(), 0x00)) {
mstore(0x00, to) // Store the address in scratch space.
mstore8(0x0b, 0x73) // Opcode `PUSH20`.
mstore8(0x20, 0xff) // Opcode `SELFDESTRUCT`.
if iszero(create(selfbalance(), 0x0b, 0x16)) { revert(codesize(), codesize()) } // For gas estimation.
}
}
}
/// @dev Force sends `amount` (in wei) ETH to `to`, with `GAS_STIPEND_NO_GRIEF`.
function forceSafeTransferETH(address to, uint256 amount) internal {
/// @solidity memory-safe-assembly
assembly {
if lt(selfbalance(), amount) {
mstore(0x00, 0xb12d13eb) // `ETHTransferFailed()`.
revert(0x1c, 0x04)
}
if iszero(call(GAS_STIPEND_NO_GRIEF, to, amount, codesize(), 0x00, codesize(), 0x00)) {
mstore(0x00, to) // Store the address in scratch space.
mstore8(0x0b, 0x73) // Opcode `PUSH20`.
mstore8(0x20, 0xff) // Opcode `SELFDESTRUCT`.
if iszero(create(amount, 0x0b, 0x16)) { revert(codesize(), codesize()) } // For gas estimation.
}
}
}
/// @dev Force sends all the ETH in the current contract to `to`, with `GAS_STIPEND_NO_GRIEF`.
function forceSafeTransferAllETH(address to) internal {
/// @solidity memory-safe-assembly
assembly {
// forgefmt: disable-next-item
if iszero(call(GAS_STIPEND_NO_GRIEF, to, selfbalance(), codesize(), 0x00, codesize(), 0x00)) {
mstore(0x00, to) // Store the address in scratch space.
mstore8(0x0b, 0x73) // Opcode `PUSH20`.
mstore8(0x20, 0xff) // Opcode `SELFDESTRUCT`.
if iszero(create(selfbalance(), 0x0b, 0x16)) { revert(codesize(), codesize()) } // For gas estimation.
}
}
}
/// @dev Sends `amount` (in wei) ETH to `to`, with a `gasStipend`.
function trySafeTransferETH(address to, uint256 amount, uint256 gasStipend)
internal
returns (bool success)
{
/// @solidity memory-safe-assembly
assembly {
success := call(gasStipend, to, amount, codesize(), 0x00, codesize(), 0x00)
}
}
/// @dev Sends all the ETH in the current contract to `to`, with a `gasStipend`.
function trySafeTransferAllETH(address to, uint256 gasStipend)
internal
returns (bool success)
{
/// @solidity memory-safe-assembly
assembly {
success := call(gasStipend, to, selfbalance(), codesize(), 0x00, codesize(), 0x00)
}
}
/*´:°•.°+.*•´.*:˚.°*.˚•´.°:°•.°•.*•´.*:˚.°*.˚•´.°:°•.°+.*•´.*:*/
/* ERC20 OPERATIONS */
/*.•°:°.´+˚.*°.˚:*.´•*.+°.•°:´*.´•*.•°.•°:°.´:•˚°.*°.˚:*.´+°.•*/
/// @dev Sends `amount` of ERC20 `token` from `from` to `to`.
/// Reverts upon failure.
///
/// The `from` account must have at least `amount` approved for
/// the current contract to manage.
function safeTransferFrom(address token, address from, address to, uint256 amount) internal {
/// @solidity memory-safe-assembly
assembly {
let m := mload(0x40) // Cache the free memory pointer.
mstore(0x60, amount) // Store the `amount` argument.
mstore(0x40, to) // Store the `to` argument.
mstore(0x2c, shl(96, from)) // Store the `from` argument.
mstore(0x0c, 0x23b872dd000000000000000000000000) // `transferFrom(address,address,uint256)`.
let success := call(gas(), token, 0, 0x1c, 0x64, 0x00, 0x20)
if iszero(and(eq(mload(0x00), 1), success)) {
if iszero(lt(or(iszero(extcodesize(token)), returndatasize()), success)) {
mstore(0x00, 0x7939f424) // `TransferFromFailed()`.
revert(0x1c, 0x04)
}
}
mstore(0x60, 0) // Restore the zero slot to zero.
mstore(0x40, m) // Restore the free memory pointer.
}
}
/// @dev Sends `amount` of ERC20 `token` from `from` to `to`.
///
/// The `from` account must have at least `amount` approved for the current contract to manage.
function trySafeTransferFrom(address token, address from, address to, uint256 amount)
internal
returns (bool success)
{
/// @solidity memory-safe-assembly
assembly {
let m := mload(0x40) // Cache the free memory pointer.
mstore(0x60, amount) // Store the `amount` argument.
mstore(0x40, to) // Store the `to` argument.
mstore(0x2c, shl(96, from)) // Store the `from` argument.
mstore(0x0c, 0x23b872dd000000000000000000000000) // `transferFrom(address,address,uint256)`.
success := call(gas(), token, 0, 0x1c, 0x64, 0x00, 0x20)
if iszero(and(eq(mload(0x00), 1), success)) {
success := lt(or(iszero(extcodesize(token)), returndatasize()), success)
}
mstore(0x60, 0) // Restore the zero slot to zero.
mstore(0x40, m) // Restore the free memory pointer.
}
}
/// @dev Sends all of ERC20 `token` from `from` to `to`.
/// Reverts upon failure.
///
/// The `from` account must have their entire balance approved for the current contract to manage.
function safeTransferAllFrom(address token, address from, address to)
internal
returns (uint256 amount)
{
/// @solidity memory-safe-assembly
assembly {
let m := mload(0x40) // Cache the free memory pointer.
mstore(0x40, to) // Store the `to` argument.
mstore(0x2c, shl(96, from)) // Store the `from` argument.
mstore(0x0c, 0x70a08231000000000000000000000000) // `balanceOf(address)`.
// Read the balance, reverting upon failure.
if iszero(
and( // The arguments of `and` are evaluated from right to left.
gt(returndatasize(), 0x1f), // At least 32 bytes returned.
staticcall(gas(), token, 0x1c, 0x24, 0x60, 0x20)
)
) {
mstore(0x00, 0x7939f424) // `TransferFromFailed()`.
revert(0x1c, 0x04)
}
mstore(0x00, 0x23b872dd) // `transferFrom(address,address,uint256)`.
amount := mload(0x60) // The `amount` is already at 0x60. We'll need to return it.
// Perform the transfer, reverting upon failure.
let success := call(gas(), token, 0, 0x1c, 0x64, 0x00, 0x20)
if iszero(and(eq(mload(0x00), 1), success)) {
if iszero(lt(or(iszero(extcodesize(token)), returndatasize()), success)) {
mstore(0x00, 0x7939f424) // `TransferFromFailed()`.
revert(0x1c, 0x04)
}
}
mstore(0x60, 0) // Restore the zero slot to zero.
mstore(0x40, m) // Restore the free memory pointer.
}
}
/// @dev Sends `amount` of ERC20 `token` from the current contract to `to`.
/// Reverts upon failure.
function safeTransfer(address token, address to, uint256 amount) internal {
/// @solidity memory-safe-assembly
assembly {
mstore(0x14, to) // Store the `to` argument.
mstore(0x34, amount) // Store the `amount` argument.
mstore(0x00, 0xa9059cbb000000000000000000000000) // `transfer(address,uint256)`.
// Perform the transfer, reverting upon failure.
let success := call(gas(), token, 0, 0x10, 0x44, 0x00, 0x20)
if iszero(and(eq(mload(0x00), 1), success)) {
if iszero(lt(or(iszero(extcodesize(token)), returndatasize()), success)) {
mstore(0x00, 0x90b8ec18) // `TransferFailed()`.
revert(0x1c, 0x04)
}
}
mstore(0x34, 0) // Restore the part of the free memory pointer that was overwritten.
}
}
/// @dev Sends all of ERC20 `token` from the current contract to `to`.
/// Reverts upon failure.
function safeTransferAll(address token, address to) internal returns (uint256 amount) {
/// @solidity memory-safe-assembly
assembly {
mstore(0x00, 0x70a08231) // Store the function selector of `balanceOf(address)`.
mstore(0x20, address()) // Store the address of the current contract.
// Read the balance, reverting upon failure.
if iszero(
and( // The arguments of `and` are evaluated from right to left.
gt(returndatasize(), 0x1f), // At least 32 bytes returned.
staticcall(gas(), token, 0x1c, 0x24, 0x34, 0x20)
)
) {
mstore(0x00, 0x90b8ec18) // `TransferFailed()`.
revert(0x1c, 0x04)
}
mstore(0x14, to) // Store the `to` argument.
amount := mload(0x34) // The `amount` is already at 0x34. We'll need to return it.
mstore(0x00, 0xa9059cbb000000000000000000000000) // `transfer(address,uint256)`.
// Perform the transfer, reverting upon failure.
let success := call(gas(), token, 0, 0x10, 0x44, 0x00, 0x20)
if iszero(and(eq(mload(0x00), 1), success)) {
if iszero(lt(or(iszero(extcodesize(token)), returndatasize()), success)) {
mstore(0x00, 0x90b8ec18) // `TransferFailed()`.
revert(0x1c, 0x04)
}
}
mstore(0x34, 0) // Restore the part of the free memory pointer that was overwritten.
}
}
/// @dev Sets `amount` of ERC20 `token` for `to` to manage on behalf of the current contract.
/// Reverts upon failure.
function safeApprove(address token, address to, uint256 amount) internal {
/// @solidity memory-safe-assembly
assembly {
mstore(0x14, to) // Store the `to` argument.
mstore(0x34, amount) // Store the `amount` argument.
mstore(0x00, 0x095ea7b3000000000000000000000000) // `approve(address,uint256)`.
let success := call(gas(), token, 0, 0x10, 0x44, 0x00, 0x20)
if iszero(and(eq(mload(0x00), 1), success)) {
if iszero(lt(or(iszero(extcodesize(token)), returndatasize()), success)) {
mstore(0x00, 0x3e3f8f73) // `ApproveFailed()`.
revert(0x1c, 0x04)
}
}
mstore(0x34, 0) // Restore the part of the free memory pointer that was overwritten.
}
}
/// @dev Sets `amount` of ERC20 `token` for `to` to manage on behalf of the current contract.
/// If the initial attempt to approve fails, attempts to reset the approved amount to zero,
/// then retries the approval again (some tokens, e.g. USDT, requires this).
/// Reverts upon failure.
function safeApproveWithRetry(address token, address to, uint256 amount) internal {
/// @solidity memory-safe-assembly
assembly {
mstore(0x14, to) // Store the `to` argument.
mstore(0x34, amount) // Store the `amount` argument.
mstore(0x00, 0x095ea7b3000000000000000000000000) // `approve(address,uint256)`.
// Perform the approval, retrying upon failure.
let success := call(gas(), token, 0, 0x10, 0x44, 0x00, 0x20)
if iszero(and(eq(mload(0x00), 1), success)) {
if iszero(lt(or(iszero(extcodesize(token)), returndatasize()), success)) {
mstore(0x34, 0) // Store 0 for the `amount`.
mstore(0x00, 0x095ea7b3000000000000000000000000) // `approve(address,uint256)`.
pop(call(gas(), token, 0, 0x10, 0x44, codesize(), 0x00)) // Reset the approval.
mstore(0x34, amount) // Store back the original `amount`.
// Retry the approval, reverting upon failure.
success := call(gas(), token, 0, 0x10, 0x44, 0x00, 0x20)
if iszero(and(eq(mload(0x00), 1), success)) {
// Check the `extcodesize` again just in case the token selfdestructs lol.
if iszero(lt(or(iszero(extcodesize(token)), returndatasize()), success)) {
mstore(0x00, 0x3e3f8f73) // `ApproveFailed()`.
revert(0x1c, 0x04)
}
}
}
}
mstore(0x34, 0) // Restore the part of the free memory pointer that was overwritten.
}
}
/// @dev Returns the amount of ERC20 `token` owned by `account`.
/// Returns zero if the `token` does not exist.
function balanceOf(address token, address account) internal view returns (uint256 amount) {
/// @solidity memory-safe-assembly
assembly {
mstore(0x14, account) // Store the `account` argument.
mstore(0x00, 0x70a08231000000000000000000000000) // `balanceOf(address)`.
amount :=
mul( // The arguments of `mul` are evaluated from right to left.
mload(0x20),
and( // The arguments of `and` are evaluated from right to left.
gt(returndatasize(), 0x1f), // At least 32 bytes returned.
staticcall(gas(), token, 0x10, 0x24, 0x20, 0x20)
)
)
}
}
/// @dev Returns the total supply of the `token`.
/// Reverts if the token does not exist or does not implement `totalSupply()`.
function totalSupply(address token) internal view returns (uint256 result) {
/// @solidity memory-safe-assembly
assembly {
mstore(0x00, 0x18160ddd) // `totalSupply()`.
if iszero(
and(gt(returndatasize(), 0x1f), staticcall(gas(), token, 0x1c, 0x04, 0x00, 0x20))
) {
mstore(0x00, 0x54cd9435) // `TotalSupplyQueryFailed()`.
revert(0x1c, 0x04)
}
result := mload(0x00)
}
}
/// @dev Sends `amount` of ERC20 `token` from `from` to `to`.
/// If the initial attempt fails, try to use Permit2 to transfer the token.
/// Reverts upon failure.
///
/// The `from` account must have at least `amount` approved for the current contract to manage.
function safeTransferFrom2(address token, address from, address to, uint256 amount) internal {
if (!trySafeTransferFrom(token, from, to, amount)) {
permit2TransferFrom(token, from, to, amount);
}
}
/// @dev Sends `amount` of ERC20 `token` from `from` to `to` via Permit2.
/// Reverts upon failure.
function permit2TransferFrom(address token, address from, address to, uint256 amount)
internal
{
/// @solidity memory-safe-assembly
assembly {
let m := mload(0x40)
mstore(add(m, 0x74), shr(96, shl(96, token)))
mstore(add(m, 0x54), amount)
mstore(add(m, 0x34), to)
mstore(add(m, 0x20), shl(96, from))
// `transferFrom(address,address,uint160,address)`.
mstore(m, 0x36c78516000000000000000000000000)
let p := PERMIT2
let exists := eq(chainid(), 1)
if iszero(exists) { exists := iszero(iszero(extcodesize(p))) }
if iszero(
and(
call(gas(), p, 0, add(m, 0x10), 0x84, codesize(), 0x00),
lt(iszero(extcodesize(token)), exists) // Token has code and Permit2 exists.
)
) {
mstore(0x00, 0x7939f4248757f0fd) // `TransferFromFailed()` or `Permit2AmountOverflow()`.
revert(add(0x18, shl(2, iszero(iszero(shr(160, amount))))), 0x04)
}
}
}
/// @dev Permit a user to spend a given amount of
/// another user's tokens via native EIP-2612 permit if possible, falling
/// back to Permit2 if native permit fails or is not implemented on the token.
function permit2(
address token,
address owner,
address spender,
uint256 amount,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) internal {
bool success;
/// @solidity memory-safe-assembly
assembly {
for {} shl(96, xor(token, WETH9)) {} {
mstore(0x00, 0x3644e515) // `DOMAIN_SEPARATOR()`.
if iszero(
and( // The arguments of `and` are evaluated from right to left.
lt(iszero(mload(0x00)), eq(returndatasize(), 0x20)), // Returns 1 non-zero word.
// Gas stipend to limit gas burn for tokens that don't refund gas when
// an non-existing function is called. 5K should be enough for a SLOAD.
staticcall(5000, token, 0x1c, 0x04, 0x00, 0x20)
)
) { break }
// After here, we can be sure that token is a contract.
let m := mload(0x40)
mstore(add(m, 0x34), spender)
mstore(add(m, 0x20), shl(96, owner))
mstore(add(m, 0x74), deadline)
if eq(mload(0x00), DAI_DOMAIN_SEPARATOR) {
mstore(0x14, owner)
mstore(0x00, 0x7ecebe00000000000000000000000000) // `nonces(address)`.
mstore(
add(m, 0x94),
lt(iszero(amount), staticcall(gas(), token, 0x10, 0x24, add(m, 0x54), 0x20))
)
mstore(m, 0x8fcbaf0c000000000000000000000000) // `IDAIPermit.permit`.
// `nonces` is already at `add(m, 0x54)`.
// `amount != 0` is already stored at `add(m, 0x94)`.
mstore(add(m, 0xb4), and(0xff, v))
mstore(add(m, 0xd4), r)
mstore(add(m, 0xf4), s)
success := call(gas(), token, 0, add(m, 0x10), 0x104, codesize(), 0x00)
break
}
mstore(m, 0xd505accf000000000000000000000000) // `IERC20Permit.permit`.
mstore(add(m, 0x54), amount)
mstore(add(m, 0x94), and(0xff, v))
mstore(add(m, 0xb4), r)
mstore(add(m, 0xd4), s)
success := call(gas(), token, 0, add(m, 0x10), 0xe4, codesize(), 0x00)
break
}
}
if (!success) simplePermit2(token, owner, spender, amount, deadline, v, r, s);
}
/// @dev Simple permit on the Permit2 contract.
function simplePermit2(
address token,
address owner,
address spender,
uint256 amount,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) internal {
/// @solidity memory-safe-assembly
assembly {
let m := mload(0x40)
mstore(m, 0x927da105) // `allowance(address,address,address)`.
{
let addressMask := shr(96, not(0))
mstore(add(m, 0x20), and(addressMask, owner))
mstore(add(m, 0x40), and(addressMask, token))
mstore(add(m, 0x60), and(addressMask, spender))
mstore(add(m, 0xc0), and(addressMask, spender))
}
let p := mul(PERMIT2, iszero(shr(160, amount)))
if iszero(
and( // The arguments of `and` are evaluated from right to left.
gt(returndatasize(), 0x5f), // Returns 3 words: `amount`, `expiration`, `nonce`.
staticcall(gas(), p, add(m, 0x1c), 0x64, add(m, 0x60), 0x60)
)
) {
mstore(0x00, 0x6b836e6b8757f0fd) // `Permit2Failed()` or `Permit2AmountOverflow()`.
revert(add(0x18, shl(2, iszero(p))), 0x04)
}
mstore(m, 0x2b67b570) // `Permit2.permit` (PermitSingle variant).
// `owner` is already `add(m, 0x20)`.
// `token` is already at `add(m, 0x40)`.
mstore(add(m, 0x60), amount)
mstore(add(m, 0x80), 0xffffffffffff) // `expiration = type(uint48).max`.
// `nonce` is already at `add(m, 0xa0)`.
// `spender` is already at `add(m, 0xc0)`.
mstore(add(m, 0xe0), deadline)
mstore(add(m, 0x100), 0x100) // `signature` offset.
mstore(add(m, 0x120), 0x41) // `signature` length.
mstore(add(m, 0x140), r)
mstore(add(m, 0x160), s)
mstore(add(m, 0x180), shl(248, v))
if iszero( // Revert if token does not have code, or if the call fails.
mul(extcodesize(token), call(gas(), p, 0, add(m, 0x1c), 0x184, codesize(), 0x00))) {
mstore(0x00, 0x6b836e6b) // `Permit2Failed()`.
revert(0x1c, 0x04)
}
}
}
/// @dev Approves `spender` to spend `amount` of `token` for `address(this)`.
function permit2Approve(address token, address spender, uint160 amount, uint48 expiration)
internal
{
/// @solidity memory-safe-assembly
assembly {
let addressMask := shr(96, not(0))
let m := mload(0x40)
mstore(m, 0x87517c45) // `approve(address,address,uint160,uint48)`.
mstore(add(m, 0x20), and(addressMask, token))
mstore(add(m, 0x40), and(addressMask, spender))
mstore(add(m, 0x60), and(addressMask, amount))
mstore(add(m, 0x80), and(0xffffffffffff, expiration))
if iszero(call(gas(), PERMIT2, 0, add(m, 0x1c), 0xa0, codesize(), 0x00)) {
mstore(0x00, 0x324f14ae) // `Permit2ApproveFailed()`.
revert(0x1c, 0x04)
}
}
}
/// @dev Revokes an approval for `token` and `spender` for `address(this)`.
function permit2Lockdown(address token, address spender) internal {
/// @solidity memory-safe-assembly
assembly {
let m := mload(0x40)
mstore(m, 0xcc53287f) // `Permit2.lockdown`.
mstore(add(m, 0x20), 0x20) // Offset of the `approvals`.
mstore(add(m, 0x40), 1) // `approvals.length`.
mstore(add(m, 0x60), shr(96, shl(96, token)))
mstore(add(m, 0x80), shr(96, shl(96, spender)))
if iszero(call(gas(), PERMIT2, 0, add(m, 0x1c), 0xa0, codesize(), 0x00)) {
mstore(0x00, 0x96b3de23) // `Permit2LockdownFailed()`.
revert(0x1c, 0x04)
}
}
}
}// SPDX-License-Identifier: MIT
pragma solidity 0.8.28;
// ___ ___ ___ ___ ___
// /\__\ /\ \ /\ \ ___ /\ \ /\__\
// /:/ / /::\ \ /::\ \ /\ \ /::\ \ /::| |
// /:/ / /:/\:\ \ /:/\:\ \ \:\ \ /:/\:\ \ /:|:| |
// /:/ / /::\~\:\ \ /:/ \:\ \ /::\__\ /:/ \:\ \ /:/|:| |__
// /:/__/ /:/\:\ \:\__\ /:/__/_\:\__\ __/:/\/__/ /:/__/ \:\__\ /:/ |:| /\__\
// \:\ \ \:\~\:\ \/__/ \:\ /\ \/__/ /\/:/ / \:\ \ /:/ / \/__|:|/:/ /
// \:\ \ \:\ \:\__\ \:\ \:\__\ \::/__/ \:\ /:/ / |:/:/ /
// \:\ \ \:\ \/__/ \:\/:/ / \:\__\ \:\/:/ / |::/ /
// \:\__\ \:\__\ \::/ / \/__/ \::/ / /:/ /
// \/__/ \/__/ \/__/ \/__/ \/__/
//
// If you find a bug, please contact security[at]legion.cc
// We will pay a fair bounty for any issue that puts users' funds at risk.
/**
* @title Legion Constants Library
* @author Legion
* @notice A library used for storing constants shared across the Legion protocol.
*/
library Constants {
/// @dev Constant representing one hour in seconds
uint256 internal constant ONE_HOUR = 3600;
/// @dev Constant representing two weeks in seconds
uint256 internal constant TWO_WEEKS = 1_209_600;
/// @dev Constant representing forty days in seconds
uint256 internal constant FORTY_DAYS = 3_456_000;
/// @dev Constant representing 3 months in seconds.
uint256 internal constant THREE_MONTHS = 7_776_000;
/// @dev Constant representing 6 months in seconds.
uint256 internal constant SIX_MONTHS = 15_780_000;
/// @dev Constant representing 1 year in seconds.
uint256 internal constant ONE_YEAR = 31_536_000;
/// @dev Constant representing 10 years in seconds.
uint256 internal constant TEN_YEARS = 315_360_000;
/// @dev Constant representing the LEGION_BOUNCER unique ID
bytes32 internal constant LEGION_BOUNCER_ID = bytes32("LEGION_BOUNCER");
/// @dev Constant representing the LEGION_FEE_RECEIVER unique ID
bytes32 internal constant LEGION_FEE_RECEIVER_ID = bytes32("LEGION_FEE_RECEIVER");
/// @dev Constant representing the LEGION_SIGNER unique ID
bytes32 internal constant LEGION_SIGNER_ID = bytes32("LEGION_SIGNER");
/// @dev Constant representing the LEGION_VESTING_FACTORY unique ID
bytes32 internal constant LEGION_VESTING_FACTORY_ID = bytes32("LEGION_VESTING_FACTORY");
}// SPDX-License-Identifier: MIT
pragma solidity 0.8.28;
// ___ ___ ___ ___ ___
// /\__\ /\ \ /\ \ ___ /\ \ /\__\
// /:/ / /::\ \ /::\ \ /\ \ /::\ \ /::| |
// /:/ / /:/\:\ \ /:/\:\ \ \:\ \ /:/\:\ \ /:|:| |
// /:/ / /::\~\:\ \ /:/ \:\ \ /::\__\ /:/ \:\ \ /:/|:| |__
// /:/__/ /:/\:\ \:\__\ /:/__/_\:\__\ __/:/\/__/ /:/__/ \:\__\ /:/ |:| /\__\
// \:\ \ \:\~\:\ \/__/ \:\ /\ \/__/ /\/:/ / \:\ \ /:/ / \/__|:|/:/ /
// \:\ \ \:\ \:\__\ \:\ \:\__\ \::/__/ \:\ /:/ / |:/:/ /
// \:\ \ \:\ \/__/ \:\/:/ / \:\__\ \:\/:/ / |::/ /
// \:\__\ \:\__\ \::/ / \/__/ \::/ / /:/ /
// \/__/ \/__/ \/__/ \/__/ \/__/
//
// If you find a bug, please contact security[at]legion.cc
// We will pay a fair bounty for any issue that puts users' funds at risk.
/**
* @title Legion Errors Library
* @author Legion
* @notice A library used for storing errors shared across the Legion protocol
*/
library Errors {
/**
* @notice Throws when tokens already settled by investor.
*
* @param investor The address of the investor trying to claim.
*/
error AlreadySettled(address investor);
/**
* @notice Throws when excess capital has already been claimed by investor.
*
* @param investor The address of the investor trying to get excess capital back.
*/
error AlreadyClaimedExcess(address investor);
/**
* @notice Throws when the `askToken` is unavailable.
*/
error AskTokenUnavailable();
/**
* @notice Throws when the ask tokens have not been supplied by the project.
*/
error AskTokensNotSupplied();
/**
* @notice Throws when canceling is locked.
*/
error CancelLocked();
/**
* @notice Throws when canceling is not locked.
*/
error CancelNotLocked();
/**
* @notice Throws when an user tries to release tokens before the cliff period has ended.
*
* @param currentTimestamp The current block timestamp.
*/
error CliffNotEnded(uint256 currentTimestamp);
/**
* @notice Throws when capital has already been withdrawn by the Project.
*/
error CapitalAlreadyWithdrawn();
/**
* @notice Throws when no capital has been raised.
*/
error CapitalNotRaised();
/**
* @notice Throws when the investor is not flagged to have excess capital returned.
*
* @param investor The address of the investor.
*/
error CannotWithdrawExcessInvestedCapital(address investor);
/**
* @notice Throws when the claim amount is invalid.
*/
error InvalidClaimAmount();
/**
* @notice Throws when an invalid amount of tokens has been supplied by the project.
*
* @param amount The amount of tokens supplied.
*/
error InvalidTokenAmountSupplied(uint256 amount);
/**
* @notice Throws when the vesting configuration is invalid.
*/
error InvalidVestingConfig();
/**
* @notice Throws when an invalid amount of tokens has been claimed.
*/
error InvalidWithdrawAmount();
/**
* @notice Throws when an invalid amount has been requested for refund.
*/
error InvalidRefundAmount();
/**
* @notice Throws when an invalid amount has been requested for fee.
*/
error InvalidFeeAmount();
/**
* @notice Throws when an invalid time config has been provided.
*/
error InvalidPeriodConfig();
/**
* @notice Throws when an invalid pledge amount has been sent.
*
* @param amount The amount being pledged.
*/
error InvalidInvestAmount(uint256 amount);
/**
* @notice Throws when an invalid signature has been provided when pledging capital.
*
*/
error InvalidSignature();
/**
* @notice Throws when the invested capital amount is not equal to the SAFT amount.
*
* @param investor The address of the investor.
*/
error InvalidPositionAmount(address investor);
/**
* @notice Throws when the investor has refunded.
*
* @param investor The address of the investor.
*/
error InvestorHasRefunded(address investor);
/**
* @notice Throws when the investor has claimed excess capital invested.
*
* @param investor The address of the investor.
*/
error InvestorHasClaimedExcess(address investor);
/**
* @notice Throws when the salt used to encrypt the bid is invalid.
*/
error InvalidSalt();
/**
* @notice Throws when an invalid bid public key is used to encrypt a bid.
*/
error InvalidBidPublicKey();
/**
* @notice Throws when an invalid bid private key is provided to decrypt a bid.
*/
error InvalidBidPrivateKey();
/**
* @notice Throws when the lockup period is not over.
*/
error LockupPeriodIsNotOver();
/**
* @notice Throws when the investor is not in the claim whitelist for tokens.
*
* @param investor The address of the investor.
*/
error NotInClaimWhitelist(address investor);
/**
* @notice Throws when no capital has been pledged by an investor.
*
* @param investor The address of the investor.
*/
error NoCapitalInvested(address investor);
/**
* @notice Throws when not called by Legion.
*/
error NotCalledByLegion();
/**
* @notice Throws when not called by the Project.
*/
error NotCalledByProject();
/**
* @notice Throws when not called by Legion or the Project.
*/
error NotCalledByLegionOrProject();
/**
* @notice Throws when capital is pledged during the pre-fund allocation period.
*/
error PrefundAllocationPeriodNotEnded();
/**
* @notice Throws when the Project has withdrawn capital.
*/
error ProjectHasWithdrawnCapital();
/**
* @notice Throws when the private key has already been published by Legion.
*/
error PrivateKeyAlreadyPublished();
/**
* @notice Throws when the private key has not been published by Legion.
*/
error PrivateKeyNotPublished();
/**
* @notice Throws when the refund period is not over.
*/
error RefundPeriodIsNotOver();
/**
* @notice Throws when the refund period is over.
*/
error RefundPeriodIsOver();
/**
* @notice Throws when the sale has ended.
*/
error SaleHasEnded();
/**
* @notice Throws when the sale has not ended.
*/
error SaleHasNotEnded();
/**
* @notice Throws when the sale is canceled.
*/
error SaleIsCanceled();
/**
* @notice Throws when the sale is not canceled.
*/
error SaleIsNotCanceled();
/**
* @notice Throws when the sale results are not published.
*/
error SaleResultsNotPublished();
/**
* @notice Throws when the signature has already been used.
*
* @param signature The signature that has been used.
*/
error SignatureAlreadyUsed(bytes signature);
/**
* @notice Throws when the raised capital has not published.
*/
error CapitalRaisedNotPublished();
/**
* @notice Throws when the sale results have been already published.
*/
error SaleResultsAlreadyPublished();
/**
* @notice Throws when the raised capital have been already published.
*/
error CapitalRaisedAlreadyPublished();
/**
* @notice Throws when the tokens have already been allocated.
*/
error TokensAlreadyAllocated();
/**
* @notice Throws when tokens have not been allocated.
*/
error TokensNotAllocated();
/**
* @notice Throws when tokens have already been supplied.
*/
error TokensAlreadySupplied();
/**
* @notice Throws when tokens have not been supplied.
*/
error TokensNotSupplied();
/**
* @notice Throws when zero address has been provided.
*/
error ZeroAddressProvided();
/**
* @notice Throws when zero value has been provided.
*/
error ZeroValueProvided();
}// SPDX-License-Identifier: MIT
pragma solidity 0.8.28;
// ___ ___ ___ ___ ___
// /\__\ /\ \ /\ \ ___ /\ \ /\__\
// /:/ / /::\ \ /::\ \ /\ \ /::\ \ /::| |
// /:/ / /:/\:\ \ /:/\:\ \ \:\ \ /:/\:\ \ /:|:| |
// /:/ / /::\~\:\ \ /:/ \:\ \ /::\__\ /:/ \:\ \ /:/|:| |__
// /:/__/ /:/\:\ \:\__\ /:/__/_\:\__\ __/:/\/__/ /:/__/ \:\__\ /:/ |:| /\__\
// \:\ \ \:\~\:\ \/__/ \:\ /\ \/__/ /\/:/ / \:\ \ /:/ / \/__|:|/:/ /
// \:\ \ \:\ \:\__\ \:\ \:\__\ \::/__/ \:\ /:/ / |:/:/ /
// \:\ \ \:\ \/__/ \:\/:/ / \:\__\ \:\/:/ / |::/ /
// \:\__\ \:\__\ \::/ / \/__/ \::/ / /:/ /
// \/__/ \/__/ \/__/ \/__/ \/__/
//
// If you find a bug, please contact security[at]legion.cc
// We will pay a fair bounty for any issue that puts users' funds at risk.
import { ILegionSale } from "./ILegionSale.sol";
interface ILegionPreLiquidSaleV2 is ILegionSale {
/// @notice A struct describing the pre-liquid sale configuration.
struct PreLiquidSaleConfiguration {
/// @dev The refund period duration in seconds.
uint256 refundPeriodSeconds;
/// @dev The lockup period duration in seconds.
uint256 lockupPeriodSeconds;
/// @dev Flag indicating if the sale has ended.
bool hasEnded;
}
/**
* @notice This event is emitted when capital is successfully invested.
*
* @param amount The amount of capital invested.
* @param investor The address of the investor.
* @param investTimestamp The Unix timestamp (seconds) of the block when capital has been invested.
*/
event CapitalInvested(uint256 amount, address investor, uint256 investTimestamp);
/**
* @notice This event is emitted when sale results are successfully published by the Legion admin.
*
* @param claimMerkleRoot The merkle root to verify token claims.
* @param tokensAllocated The amount of tokens allocated from the sale.
* @param tokenAddress The address of the token distributed to investors.
* @param vestingStartTime The Unix timestamp (seconds) of the block when the vesting starts.
*/
event SaleResultsPublished(
bytes32 claimMerkleRoot, uint256 tokensAllocated, address tokenAddress, uint256 vestingStartTime
);
/**
* @notice This event is emitted when the capital raised is successfully published by the Legion admin.
*
* @param capitalRaised The total capital raised by the project.
*/
event CapitalRaisedPublished(uint256 capitalRaised);
/**
* @notice This event is emitted when the sale has been ended.
*
* @param endTime The unix timestamp (seconds) of the block when the sale has been ended.
*/
event SaleEnded(uint256 endTime);
/**
* @notice Initializes the contract with correct parameters.
*
* @param saleInitParams The Legion sale initialization parameters.
* @param vestingInitParams The vesting initialization parameters.
*/
function initialize(
LegionSaleInitializationParams calldata saleInitParams,
LegionVestingInitializationParams calldata vestingInitParams
)
external;
/**
* @notice Invest capital to the fixed price sale.
*
* @param amount The amount of capital invested.
* @param signature The Legion signature for verification.
*/
function invest(uint256 amount, bytes memory signature) external;
/**
* @notice Publish sale results, once the sale has concluded.
*
* @dev Can be called only by the Legion admin address.
*
* @param claimMerkleRoot The merkle root to verify token claims.
* @param tokensAllocated The total amount of tokens allocated for distribution among investors.
* @param askToken The address of the token distributed to investors.
* @param vestingStartTime The Unix timestamp (seconds) of the block when the vesting starts.
*/
function publishSaleResults(
bytes32 claimMerkleRoot,
uint256 tokensAllocated,
address askToken,
uint256 vestingStartTime
)
external;
/**
* @notice Publish the total capital raised by the project.
*
* @param capitalRaised The total capital raised by the project.
*/
function publishCapitalRaised(uint256 capitalRaised) external;
/**
* @notice End sale by Legion or the Project and set the refund end time.
*/
function endSale() external;
/**
* @notice Returns the pre-liquid sale configuration.
*/
function preLiquidSaleConfiguration() external view returns (PreLiquidSaleConfiguration memory);
}// SPDX-License-Identifier: MIT
pragma solidity 0.8.28;
// ___ ___ ___ ___ ___
// /\__\ /\ \ /\ \ ___ /\ \ /\__/
// /:/ / /::\ \ /::\ \ /\ \ /::\ \ /::| |
// /:/ / /:/\:\ \ /:/\:\ \ \:\ \ /:/\:\ \ /:|:| |
// /:/ / /::\~\:\ \ /:/ \:\ \ /::\__\ /:/ \:\ \ /:/|:| |__
// /:/__/ /:/\:\ \:\__\ /:/__/_\:\__\ __/:/\/__/ /:/__/ \:\__\ /:/ |:| /\__/
// \:\ \ \:\~\:\ \/__/ \:\ /\ \/__/ /\/:/ / \:\ \ /:/ / \/__|:|/:/ /
// \:\ \ \:\ \:\__\ \:\ \:\__\ \::/__/ \:\ /:/ / |:/:/ /
// \:\ \ \:\ \/__/ \:\/:/ / \:\__\ \:\/:/ / |::/ /
// \:\__\ \:\__\ \::/ / \/__/ \::/ / /:/ /
// \/__/ \/__/ \/__/ \/__/ \/__/
//
// If you find a bug, please contact security[at]legion.cc
// We will pay a fair bounty for any issue that puts users' funds at risk.
interface ILegionSale {
/// @notice A struct describing the Legion sale initialization params.
struct LegionSaleInitializationParams {
/// @dev The sale period duration in seconds.
uint256 salePeriodSeconds;
/// @dev The refund period duration in seconds.
uint256 refundPeriodSeconds;
/// @dev The lockup period duration in seconds.
uint256 lockupPeriodSeconds;
/// @dev Legion's fee on capital raised in BPS (Basis Points).
uint256 legionFeeOnCapitalRaisedBps;
/// @dev Legion's fee on tokens sold in BPS (Basis Points).
uint256 legionFeeOnTokensSoldBps;
/// @dev Referrer's fee on capital raised in BPS (Basis Points).
uint256 referrerFeeOnCapitalRaisedBps;
/// @dev Referrer's fee on tokens sold in BPS (Basis Points).
uint256 referrerFeeOnTokensSoldBps;
/// @dev The minimum invest amount denominated in the `bidToken`.
uint256 minimumInvestAmount;
/// @dev The address of the token used for raising capital.
address bidToken;
/// @dev The address of the token being sold to investors.
address askToken;
/// @dev The admin address of the project raising capital.
address projectAdmin;
/// @dev The address of Legion's Address Registry contract.
address addressRegistry;
/// @dev The address of the referrer.
address referrerFeeReceiver;
}
/// @notice A struct describing the Legion vesting initialization params.
struct LegionVestingInitializationParams {
/// @dev The vesting schedule duration for the token sold in seconds.
uint256 vestingDurationSeconds;
/// @dev The vesting cliff duration for the token sold in seconds.
uint256 vestingCliffDurationSeconds;
/// @dev The token allocation amount released to investors after TGE in BPS (Basis Points).
uint256 tokenAllocationOnTGERate;
}
/// @notice A struct describing the sale configuration.
struct LegionSaleConfiguration {
/// @dev The Unix timestamp (seconds) of the block when the sale starts.
uint256 startTime;
/// @dev The Unix timestamp (seconds) of the block when the sale ends.
uint256 endTime;
/// @dev The Unix timestamp (seconds) of the block when the refund period ends.
uint256 refundEndTime;
/// @dev The Unix timestamp (seconds) of the block when the lockup period ends.
uint256 lockupEndTime;
/// @dev Legion's fee on capital raised in BPS (Basis Points).
uint256 legionFeeOnCapitalRaisedBps;
/// @dev Legion's fee on tokens sold in BPS (Basis Points).
uint256 legionFeeOnTokensSoldBps;
/// @dev Referrer's fee on capital raised in BPS (Basis Points).
uint256 referrerFeeOnCapitalRaisedBps;
/// @dev Referrer's fee on tokens sold in BPS (Basis Points).
uint256 referrerFeeOnTokensSoldBps;
/// @dev The minimum invest amount denominated in the `bidToken`.
uint256 minimumInvestAmount;
}
/// @notice A struct describing the sale address configuration.
struct LegionSaleAddressConfiguration {
/// @dev The address of the token used for raising capital.
address bidToken;
/// @dev The address of the token being sold to investors.
address askToken;
/// @dev The admin address of the project raising capital.
address projectAdmin;
/// @dev The address of Legion's Address Registry contract.
address addressRegistry;
/// @dev The address of Legion's Bouncer contract.
address legionBouncer;
/// @dev The address of Legion's Signer contract.
address legionSigner;
/// @dev The address of Legion's Fee Receiver contract.
address legionFeeReceiver;
/// @dev The address of the referrer.
address referrerFeeReceiver;
}
/// @notice A struct describing the sale status.
struct LegionSaleStatus {
/// @dev The total capital invested.
uint256 totalCapitalInvested;
/// @dev The total amount of tokens allocated to investors.
uint256 totalTokensAllocated;
/// @dev The total capital raised from the sale.
uint256 totalCapitalRaised;
/// @dev The total capital withdrawn by the Project, from the sale.
uint256 totalCapitalWithdrawn;
/// @dev The merkle root for verification of token distribution amounts.
bytes32 claimTokensMerkleRoot;
/// @dev The merkle root for verification of accepted capital distribution amounts.
bytes32 acceptedCapitalMerkleRoot;
/// @dev Whether the sale has been canceled.
bool isCanceled;
/// @dev Whether tokens have been supplied by the project.
bool tokensSupplied;
/// @dev Whether raised capital has been withdrawn from the sale by the project.
bool capitalWithdrawn;
}
/// @notice A struct describing the vesting configuration.
struct LegionVestingConfiguration {
/// @dev The vesting schedule duration for the token sold in seconds.
uint256 vestingDurationSeconds;
/// @dev The vesting cliff duration for the token sold in seconds.
uint256 vestingCliffDurationSeconds;
/// @dev The token allocation amount released to investors after TGE in BPS (Basis Points).
uint256 tokenAllocationOnTGERate;
/// @dev The Unix timestamp (seconds) of the block when the vesting period starts.
uint256 vestingStartTime;
/// @dev The address of Legion's Vesting Factory contract.
address vestingFactory;
}
/// @notice A struct describing the investor position during the sale.
struct InvestorPosition {
/// @dev The total amount of capital invested by the investor.
uint256 investedCapital;
/// @dev Flag indicating if the investor has settled.
bool hasSettled;
/// @dev Flag indicating if the investor has claimed excess capital.
bool hasClaimedExcess;
/// @dev Flag indicating if the investor has refunded.
bool hasRefunded;
/// @dev The address of the investor's vesting contract.
address vestingAddress;
}
/**
* @notice This event is emitted when capital is successfully withdrawn by the project owner.
*
* @param amountToWithdraw The amount of capital withdrawn.
* @param projectOwner The address of the project owner.
*/
event CapitalWithdrawn(uint256 amountToWithdraw, address projectOwner);
/**
* @notice This event is emitted when capital is successfully refunded to the investor.
*
* @param amount The amount of capital refunded to the investor.
* @param investor The address of the investor who requested the refund.
*/
event CapitalRefunded(uint256 amount, address investor);
/**
* @notice This event is emitted when capital is successfully refunded to the investor after a sale has been
* canceled.
*
* @param amount The amount of capital refunded to the investor.
* @param investor The address of the investor who requested the refund.
*/
event CapitalRefundedAfterCancel(uint256 amount, address investor);
/**
* @notice This event is emitted when excess capital is successfully claimed by the investor after a sale has ended.
*
* @param amount The amount of capital refunded to the investor.
* @param investor The address of the investor who requested the refund.
*/
event ExcessCapitalWithdrawn(uint256 amount, address investor);
/**
* @notice This event is emitted when accepted capital has been successfully published by the Legion admin.
*
* @param merkleRoot The accepted capital merkle root published.
*/
event AcceptedCapitalSet(bytes32 merkleRoot);
/**
* @notice This event is emitted when an emergency withdrawal of funds is performed by Legion.
*
* @param receiver The address of the receiver.
* @param token The address of the token to be withdrawn.
* @param amount The amount to be withdrawn.
*/
event EmergencyWithdraw(address receiver, address token, uint256 amount);
/**
* @notice This event is emitted when Legion addresses are successfully synced.
*
* @param legionBouncer The updated Legion bouncer address.
* @param legionSigner The updated Legion signer address.
* @param legionFeeReceiver The updated fee receiver address of Legion.
* @param vestingFactory The updated vesting factory address.
*/
event LegionAddressesSynced(
address legionBouncer, address legionSigner, address legionFeeReceiver, address vestingFactory
);
/**
* @notice This event is emitted when a sale is successfully canceled.
*/
event SaleCanceled();
/**
* @notice This event is emitted when tokens are successfully supplied for distribution by the project admin.
*
* @param amount The amount of tokens supplied for distribution.
* @param legionFee The fee amount collected by Legion.
* @param referrerFee The fee amount collected by the referrer.
*/
event TokensSuppliedForDistribution(uint256 amount, uint256 legionFee, uint256 referrerFee);
/**
* @notice This event is emitted when tokens are successfully claimed by the investor.
*
* @param amount The amount of tokens distributed to the vesting contract.
* @param investor The address of the investor owning the vesting contract.
*/
event TokenAllocationClaimed(uint256 amount, address investor);
/**
* @notice Request a refund from the sale during the applicable time window.
*/
function refund() external;
/**
* @notice Withdraw raised capital from the sale contract.
*
* @dev Can be called only by the Project admin address.
*/
function withdrawRaisedCapital() external;
/**
* @notice Claims the investor token allocation.
*
* @param amount The amount to be distributed.
* @param proof The merkle proof verification for claiming.
*/
function claimTokenAllocation(uint256 amount, bytes32[] calldata proof) external;
/**
* @notice Withdraw excess capital back to the investor.
*
* @param amount The amount to be returned.
* @param proof The merkle proof verification for the return.
*/
function withdrawExcessInvestedCapital(uint256 amount, bytes32[] calldata proof) external;
/**
* @notice Releases tokens to the investor address.
*/
function releaseVestedTokens() external;
/**
* @notice Supply tokens once the sale results have been published.
*
* @dev Can be called only by the Project admin address.
*
* @param amount The token amount supplied by the project.
* @param legionFee The legion fee token amount supplied by the project.
* @param referrerFee The referrer fee token amount supplied by the project.
*/
function supplyTokens(uint256 amount, uint256 legionFee, uint256 referrerFee) external;
/**
* @notice Publish merkle root for accepted capital.
*
* @dev Can be called only by the Legion admin address.
*
* @param merkleRoot The merkle root to verify against.
*/
function setAcceptedCapital(bytes32 merkleRoot) external;
/**
* @notice Cancels an ongoing sale.
*
* @dev Can be called only by the Project admin address.
*/
function cancelSale() external;
/**
* @notice Claims back capital in case the sale has been canceled.
*/
function withdrawInvestedCapitalIfCanceled() external;
/**
* @notice Withdraw tokens from the contract in case of emergency.
*
* @dev Can be called only by the Legion admin address.
*
* @param receiver The address of the receiver.
* @param token The address of the token to be withdrawn.
* @param amount The amount to be withdrawn.
*/
function emergencyWithdraw(address receiver, address token, uint256 amount) external;
/**
* @notice Syncs active Legion addresses from `LegionAddressRegistry.sol`.
*/
function syncLegionAddresses() external;
/**
* @notice Pauses the sale.
*/
function pauseSale() external;
/**
* @notice Unpauses the sale.
*/
function unpauseSale() external;
/**
* @notice Returns the sale configuration.
*/
function saleConfiguration() external view returns (LegionSaleConfiguration memory);
/**
* @notice Returns the vesting configuration.
*/
function vestingConfiguration() external view returns (LegionVestingConfiguration memory);
/**
* @notice Returns the sale status details.
*/
function saleStatusDetails() external view returns (LegionSaleStatus memory);
/**
* @notice Returns an investor position.
*
* @param investorAddress The address of the investor.
*/
function investorPositionDetails(address investorAddress) external view returns (InvestorPosition memory);
}// SPDX-License-Identifier: MIT
pragma solidity 0.8.28;
// ___ ___ ___ ___ ___
// /\__\ /\ \ /\ \ ___ /\ \ /\__\
// /:/ / /::\ \ /::\ \ /\ \ /::\ \ /::| |
// /:/ / /:/\:\ \ /:/\:\ \ \:\ \ /:/\:\ \ /:|:| |
// /:/ / /::\~\:\ \ /:/ \:\ \ /::\__\ /:/ \:\ \ /:/|:| |__
// /:/__/ /:/\:\ \:\__\ /:/__/_\:\__\ __/:/\/__/ /:/__/ \:\__\ /:/ |:| /\__\
// \:\ \ \:\~\:\ \/__/ \:\ /\ \/__/ /\/:/ / \:\ \ /:/ / \/__|:|/:/ /
// \:\ \ \:\ \:\__\ \:\ \:\__\ \::/__/ \:\ /:/ / |:/:/ /
// \:\ \ \:\ \/__/ \:\/:/ / \:\__\ \:\/:/ / |::/ /
// \:\__\ \:\__\ \::/ / \/__/ \::/ / /:/ /
// \/__/ \/__/ \/__/ \/__/ \/__/
//
// If you find a bug, please contact security[at]legion.cc
// We will pay a fair bounty for any issue that puts users' funds at risk.
import { ECDSA } from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
import { Initializable } from "@solady/src/utils/Initializable.sol";
import { MerkleProofLib } from "@solady/src/utils/MerkleProofLib.sol";
import { MessageHashUtils } from "@openzeppelin/contracts/utils/cryptography/MessageHashUtils.sol";
import { Pausable } from "@openzeppelin/contracts/utils/Pausable.sol";
import { SafeTransferLib } from "@solady/src/utils/SafeTransferLib.sol";
import { Constants } from "./utils/Constants.sol";
import { Errors } from "./utils/Errors.sol";
import { ILegionAddressRegistry } from "./interfaces/ILegionAddressRegistry.sol";
import { ILegionSale } from "./interfaces/ILegionSale.sol";
import { ILegionLinearVesting } from "./interfaces/ILegionLinearVesting.sol";
import { ILegionVestingFactory } from "./interfaces/factories/ILegionVestingFactory.sol";
/**
* @title Legion Sale
* @author Legion
* @notice A contract used for managing token sales in the Legion Protocol
*/
abstract contract LegionSale is ILegionSale, Initializable, Pausable {
using ECDSA for bytes32;
using MessageHashUtils for bytes32;
/// @dev A struct describing the sale configuration.
LegionSaleConfiguration internal saleConfig;
/// @dev A struct describing the sale addresses configuration.
LegionSaleAddressConfiguration internal addressConfig;
/// @dev A struct describing the vesting configuration.
LegionVestingConfiguration internal vestingConfig;
/// @dev A struct describing the sale status.
LegionSaleStatus internal saleStatus;
/// @dev Mapping of investor address to investor position.
mapping(address investorAddress => InvestorPosition investorPosition) internal investorPositions;
/**
* @notice Throws if called by any account other than Legion.
*/
modifier onlyLegion() {
if (msg.sender != addressConfig.legionBouncer) revert Errors.NotCalledByLegion();
_;
}
/**
* @notice Throws if called by any account other than the Project.
*/
modifier onlyProject() {
if (msg.sender != addressConfig.projectAdmin) revert Errors.NotCalledByProject();
_;
}
/**
* @notice Throws if called by any account other than Legion or the Project.
*/
modifier onlyLegionOrProject() {
if (msg.sender != addressConfig.projectAdmin && msg.sender != addressConfig.legionBouncer) {
revert Errors.NotCalledByLegionOrProject();
}
_;
}
/**
* @notice Throws when method is called and the `askToken` is unavailable.
*/
modifier askTokenAvailable() {
if (addressConfig.askToken == address(0)) revert Errors.AskTokenUnavailable();
_;
}
/**
* @notice LegionSale constructor.
*/
constructor() {
// Disable initialization
_disableInitializers();
}
/**
* @notice Request a refund from the sale during the applicable time window.
*/
function refund() external virtual whenNotPaused {
// Verify that the refund period is not over
_verifyRefundPeriodIsNotOver();
// Verify that the sale is not canceled
_verifySaleNotCanceled();
// Verify that the investor has not refunded
_verifyHasNotRefunded();
// Cache the amount to refund in memory
uint256 amountToRefund = investorPositions[msg.sender].investedCapital;
// Revert in case there's nothing to refund
if (amountToRefund == 0) revert Errors.InvalidRefundAmount();
// Set the total invested capital for the investor to 0
investorPositions[msg.sender].investedCapital = 0;
// Flag that the investor has refunded
investorPositions[msg.sender].hasRefunded = true;
// Decrement total capital invested from investors
saleStatus.totalCapitalInvested -= amountToRefund;
// Emit CapitalRefunded
emit CapitalRefunded(amountToRefund, msg.sender);
// Transfer the refunded amount back to the investor
SafeTransferLib.safeTransfer(addressConfig.bidToken, msg.sender, amountToRefund);
}
/**
* @notice Withdraw raised capital from the sale contract.
*
* @dev Can be called only by the Project admin address.
*/
function withdrawRaisedCapital() external virtual onlyProject whenNotPaused {
// Verify that the refund period is over
_verifyRefundPeriodIsOver();
// Verify that the sale is not canceled
_verifySaleNotCanceled();
// Verify that sale results have been published
_verifySaleResultsArePublished();
// Verify that the project can withdraw capital
_verifyCanWithdrawCapital();
// Check if projects are withdrawing capital on the sale source chain
if (addressConfig.askToken != address(0)) {
// Allow projects to withdraw capital only in case they've supplied tokens
_verifyTokensSupplied();
}
// Flag that the capital has been withdrawn
saleStatus.capitalWithdrawn = true;
// Cache value in memory
uint256 _totalCapitalRaised = saleStatus.totalCapitalRaised;
// Calculate Legion Fee
uint256 _legionFee = (saleConfig.legionFeeOnCapitalRaisedBps * _totalCapitalRaised) / 10_000;
// Calculate Referrer Fee
uint256 _referrerFee = (saleConfig.referrerFeeOnCapitalRaisedBps * _totalCapitalRaised) / 10_000;
// Emit CapitalWithdrawn
emit CapitalWithdrawn(_totalCapitalRaised, msg.sender);
// Transfer the raised capital to the project owner
SafeTransferLib.safeTransfer(
addressConfig.bidToken, msg.sender, (_totalCapitalRaised - _legionFee - _referrerFee)
);
// Transfer the Legion fee to the Legion fee receiver address
if (_legionFee != 0) {
SafeTransferLib.safeTransfer(addressConfig.bidToken, addressConfig.legionFeeReceiver, _legionFee);
}
// Transfer the Referrer fee to the Referrer fee receiver address
if (_referrerFee != 0) {
SafeTransferLib.safeTransfer(addressConfig.bidToken, addressConfig.referrerFeeReceiver, _referrerFee);
}
}
/**
* @notice Claims the investor token allocation.
*
* @param amount The amount to be distributed.
* @param proof The merkle proof verification for claiming.
*/
function claimTokenAllocation(
uint256 amount,
bytes32[] calldata proof
)
external
virtual
askTokenAvailable
whenNotPaused
{
// Verify that sales results have been published
_verifySaleResultsArePublished();
// Verify that the investor is eligible to claim the requested amount
_verifyCanClaimTokenAllocation(msg.sender, amount, proof);
// Verify that the sale is not canceled
_verifySaleNotCanceled();
// Verify that the lockup period is over
_verifyLockupPeriodIsOver();
// Mark that the token amount has been settled
investorPositions[msg.sender].hasSettled = true;
// Calculate the amount to be distributed on claim
uint256 amountToDistributeOnClaim = amount * vestingConfig.tokenAllocationOnTGERate / 1e18;
// Calculate the remaining amount to be vested
uint256 amountToBeVested = amount - amountToDistributeOnClaim;
// Emit TokenAllocationClaimed
emit TokenAllocationClaimed(amount, msg.sender);
// Deploy vesting and distribute tokens only if there is anything to distribute
if (amountToBeVested != 0) {
// Deploy a linear vesting schedule contract
address payable vestingAddress = _createVesting(
msg.sender,
uint64(vestingConfig.vestingStartTime),
uint64(vestingConfig.vestingDurationSeconds),
uint64(vestingConfig.vestingCliffDurationSeconds)
);
// Save the vesting address for the investor
investorPositions[msg.sender].vestingAddress = vestingAddress;
// Transfer the allocated amount of tokens for distribution
SafeTransferLib.safeTransfer(addressConfig.askToken, vestingAddress, amountToBeVested);
}
if (amountToDistributeOnClaim != 0) {
// Transfer the allocated amount of tokens for distribution on claim
SafeTransferLib.safeTransfer(addressConfig.askToken, msg.sender, amountToDistributeOnClaim);
}
}
/**
* @notice Withdraw excess capital back to the investor.
*
* @param amount The amount to be returned.
* @param proof The merkle proof verification for the return.
*/
function withdrawExcessInvestedCapital(uint256 amount, bytes32[] calldata proof) external virtual whenNotPaused {
// Verify that the sale is not canceled
_verifySaleNotCanceled();
// Verify that the investor has not refunded
_verifyHasNotRefunded();
// Verify that the investor is eligible to get excess capital back
_verifyCanClaimExcessCapital(msg.sender, amount, proof);
// Mark that the excess capital has been returned
investorPositions[msg.sender].hasClaimedExcess = true;
if (amount != 0) {
// Decrement the total invested capital for the investor
investorPositions[msg.sender].investedCapital -= amount;
// Decrement total capital invested from investors
saleStatus.totalCapitalInvested -= amount;
// Emit ExcessCapitalWithdrawn
emit ExcessCapitalWithdrawn(amount, msg.sender);
// Transfer the excess capital back to the investor
SafeTransferLib.safeTransfer(addressConfig.bidToken, msg.sender, amount);
}
}
/**
* @notice Releases tokens to the investor address.
*/
function releaseVestedTokens() external virtual askTokenAvailable whenNotPaused {
// Get the investor position details
InvestorPosition memory position = investorPositions[msg.sender];
// Revert in case there's no vesting for the investor
if (position.vestingAddress == address(0)) revert Errors.ZeroAddressProvided();
// Release tokens to the investor account
ILegionLinearVesting(position.vestingAddress).release(addressConfig.askToken);
}
/**
* @notice Supply tokens once the sale results have been published.
*
* @dev Can be called only by the Project admin address.
*
* @param amount The token amount supplied by the project.
* @param legionFee The legion fee token amount supplied by the project.
* @param referrerFee The referrer fee token amount supplied by the project.
*/
function supplyTokens(
uint256 amount,
uint256 legionFee,
uint256 referrerFee
)
external
virtual
onlyProject
askTokenAvailable
whenNotPaused
{
// Verify that tokens can be supplied for distribution
_verifyCanSupplyTokens(amount);
// Verify that the sale is not canceled
_verifySaleNotCanceled();
// Verify that tokens have not been supplied
_verifyTokensNotSupplied();
// Flag that tokens have been supplied
saleStatus.tokensSupplied = true;
// Calculate and verify Legion Fee
if (legionFee != (saleConfig.legionFeeOnTokensSoldBps * amount) / 10_000) revert Errors.InvalidFeeAmount();
// Calculate and verify Legion Fee
if (referrerFee != (saleConfig.referrerFeeOnTokensSoldBps * amount) / 10_000) revert Errors.InvalidFeeAmount();
// Emit TokensSuppliedForDistribution
emit TokensSuppliedForDistribution(amount, legionFee, referrerFee);
// Transfer the allocated amount of tokens for distribution
SafeTransferLib.safeTransferFrom(addressConfig.askToken, msg.sender, address(this), amount);
// Transfer the Legion fee to the Legion fee receiver address
if (legionFee != 0) {
SafeTransferLib.safeTransferFrom(
addressConfig.askToken, msg.sender, addressConfig.legionFeeReceiver, legionFee
);
}
// Transfer the Referrer fee to the referrer fee receiver address
if (referrerFee != 0) {
SafeTransferLib.safeTransferFrom(
addressConfig.askToken, msg.sender, addressConfig.referrerFeeReceiver, referrerFee
);
}
}
/**
* @notice Publish merkle root for accepted capital.
*
* @dev Can be called only by the Legion admin address.
*
* @param merkleRoot The merkle root to verify against.
*/
function setAcceptedCapital(bytes32 merkleRoot) external virtual onlyLegion {
// Verify that the sale is not canceled
_verifySaleNotCanceled();
// Set the merkle root for accepted capital
saleStatus.acceptedCapitalMerkleRoot = merkleRoot;
// Emit AcceptedCapitalSet
emit AcceptedCapitalSet(merkleRoot);
}
/**
* @notice Cancels an ongoing sale.
*
* @dev Can be called only by the Project admin address.
*/
function cancelSale() public virtual onlyProject whenNotPaused {
// Allow the Project to cancel the sale at any time until results are published
// Results are published after the refund period is over
_verifySaleResultsNotPublished();
// Verify sale has not already been canceled
_verifySaleNotCanceled();
// Mark sale as canceled
saleStatus.isCanceled = true;
// Emit SaleCanceled
emit SaleCanceled();
}
/**
* @notice Withdraws back capital in case the sale has been canceled.
*/
function withdrawInvestedCapitalIfCanceled() external virtual whenNotPaused {
// Verify that the sale has been actually canceled
_verifySaleIsCanceled();
// Cache the amount to refund in memory
uint256 amountToWithdraw = investorPositions[msg.sender].investedCapital;
// Revert in case there's nothing to claim
if (amountToWithdraw == 0) revert Errors.InvalidWithdrawAmount();
// Set the total invested capital for the investor to 0
investorPositions[msg.sender].investedCapital = 0;
// Decrement total capital invested from investors
saleStatus.totalCapitalInvested -= amountToWithdraw;
// Emit CapitalRefundedAfterCancel
emit CapitalRefundedAfterCancel(amountToWithdraw, msg.sender);
// Transfer the refunded amount back to the investor
SafeTransferLib.safeTransfer(addressConfig.bidToken, msg.sender, amountToWithdraw);
}
/**
* @notice Withdraw tokens from the contract in case of emergency.
*
* @dev Can be called only by the Legion admin address.
*
* @param receiver The address of the receiver.
* @param token The address of the token to be withdrawn.
* @param amount The amount to be withdrawn.
*/
function emergencyWithdraw(address receiver, address token, uint256 amount) external virtual onlyLegion {
// Emit EmergencyWithdraw
emit EmergencyWithdraw(receiver, token, amount);
// Transfer the amount to Legion's address
SafeTransferLib.safeTransfer(token, receiver, amount);
}
/**
* @notice Syncs active Legion addresses from `LegionAddressRegistry.sol`.
*/
function syncLegionAddresses() external virtual onlyLegion {
// Sync the Legion addresses
_syncLegionAddresses();
}
/**
* @notice Pauses the sale.
*/
function pauseSale() external virtual onlyLegion {
// Pause the sale
_pause();
}
/**
* @notice Unpauses the sale.
*/
function unpauseSale() external virtual onlyLegion {
// Unpause the sale
_unpause();
}
/**
* @notice Returns the sale configuration.
*/
function saleConfiguration() external view virtual returns (LegionSaleConfiguration memory) {
return saleConfig;
}
/**
* @notice Returns the vesting configuration.
*/
function vestingConfiguration() external view virtual returns (LegionVestingConfiguration memory) {
return vestingConfig;
}
/**
* @notice Returns the sale status details.
*/
function saleStatusDetails() external view virtual returns (LegionSaleStatus memory) {
return saleStatus;
}
/**
* @notice Returns an investor position.
*
* @param investorAddress The address of the investor.
*/
function investorPositionDetails(address investorAddress) external view virtual returns (InvestorPosition memory) {
return investorPositions[investorAddress];
}
/**
* @notice Sets the sale and vesting params.
*/
function _setLegionSaleConfig(
LegionSaleInitializationParams calldata saleInitParams,
LegionVestingInitializationParams calldata vestingInitParams
)
internal
virtual
onlyInitializing
{
// Verify if the sale common configuration is valid
_verifyValidInitParams(saleInitParams);
// Set the sale configuration
saleConfig.legionFeeOnCapitalRaisedBps = saleInitParams.legionFeeOnCapitalRaisedBps;
saleConfig.legionFeeOnTokensSoldBps = saleInitParams.legionFeeOnTokensSoldBps;
saleConfig.referrerFeeOnCapitalRaisedBps = saleInitParams.referrerFeeOnCapitalRaisedBps;
saleConfig.referrerFeeOnTokensSoldBps = saleInitParams.referrerFeeOnTokensSoldBps;
saleConfig.minimumInvestAmount = saleInitParams.minimumInvestAmount;
// Set the address configuration
addressConfig.bidToken = saleInitParams.bidToken;
addressConfig.askToken = saleInitParams.askToken;
addressConfig.projectAdmin = saleInitParams.projectAdmin;
addressConfig.addressRegistry = saleInitParams.addressRegistry;
addressConfig.referrerFeeReceiver = saleInitParams.referrerFeeReceiver;
// Set the vesting configuration
vestingConfig.vestingDurationSeconds = vestingInitParams.vestingDurationSeconds;
vestingConfig.vestingCliffDurationSeconds = vestingInitParams.vestingCliffDurationSeconds;
vestingConfig.tokenAllocationOnTGERate = vestingInitParams.tokenAllocationOnTGERate;
/// Verify that the vesting configuration is valid
_verifyValidVestingConfig();
// Cache Legion addresses from `LegionAddressRegistry`
_syncLegionAddresses();
}
/**
* @notice Sync the Legion addresses from `LegionAddressRegistry`.
*/
function _syncLegionAddresses() internal virtual {
// Cache Legion addresses from `LegionAddressRegistry`
addressConfig.legionBouncer =
ILegionAddressRegistry(addressConfig.addressRegistry).getLegionAddress(Constants.LEGION_BOUNCER_ID);
addressConfig.legionSigner =
ILegionAddressRegistry(addressConfig.addressRegistry).getLegionAddress(Constants.LEGION_SIGNER_ID);
addressConfig.legionFeeReceiver =
ILegionAddressRegistry(addressConfig.addressRegistry).getLegionAddress(Constants.LEGION_FEE_RECEIVER_ID);
vestingConfig.vestingFactory =
ILegionAddressRegistry(addressConfig.addressRegistry).getLegionAddress(Constants.LEGION_VESTING_FACTORY_ID);
// Emit LegionAddressesSynced
emit LegionAddressesSynced(
addressConfig.legionBouncer,
addressConfig.legionSigner,
addressConfig.legionFeeReceiver,
vestingConfig.vestingFactory
);
}
/**
* @notice Create a vesting schedule contract.
*
* @param _beneficiary The beneficiary.
* @param _startTimestamp The Unix timestamp when the vesting starts.
* @param _durationSeconds The duration in seconds.
* @param _cliffDurationSeconds The cliff duration in seconds.
*
* @return vestingInstance The address of the deployed vesting instance.
*/
function _createVesting(
address _beneficiary,
uint64 _startTimestamp,
uint64 _durationSeconds,
uint64 _cliffDurationSeconds
)
internal
virtual
returns (address payable vestingInstance)
{
// Deploy a vesting schedule instance
vestingInstance = ILegionVestingFactory(vestingConfig.vestingFactory).createLinearVesting(
_beneficiary, _startTimestamp, _durationSeconds, _cliffDurationSeconds
);
}
/**
* @notice Verify if an investor is eligible to claim tokens allocated from the sale.
*
* @param _investor The address of the investor.
* @param _amount The amount to claim.
* @param _proof The Merkle proof that the investor is part of the whitelist.
*/
function _verifyCanClaimTokenAllocation(
address _investor,
uint256 _amount,
bytes32[] calldata _proof
)
internal
view
virtual
{
// Generate the merkle leaf
bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(_investor, _amount))));
// Load the investor position
InvestorPosition memory position = investorPositions[_investor];
// Verify the merkle proof
if (!MerkleProofLib.verify(_proof, saleStatus.claimTokensMerkleRoot, leaf)) {
revert Errors.NotInClaimWhitelist(_investor);
}
// Check if the investor has already settled their allocation
if (position.hasSettled) revert Errors.AlreadySettled(_investor);
}
/**
* @notice Verify if an investor is eligible to get excess capital back.
*
* @param _investor The address of the investor trying to participate.
* @param _amount The amount to claim.
* @param _proof The Merkle proof that the investor is part of the whitelist.
*/
function _verifyCanClaimExcessCapital(
address _investor,
uint256 _amount,
bytes32[] calldata _proof
)
internal
view
virtual
{
// Load the investor position
InvestorPosition memory position = investorPositions[_investor];
// Check if the investor has already settled their allocation
if (position.hasClaimedExcess) revert Errors.AlreadyClaimedExcess(_investor);
// Safeguard to check if the investor has invested capital
if (position.investedCapital == 0) revert Errors.NoCapitalInvested(_investor);
// Generate the merkle leaf and verify accepted capital
bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(_investor, (position.investedCapital - _amount)))));
// Verify the merkle proof
if (!MerkleProofLib.verify(_proof, saleStatus.acceptedCapitalMerkleRoot, leaf)) {
revert Errors.CannotWithdrawExcessInvestedCapital(_investor);
}
}
/**
* @notice Verify that the amount invested is more than the minimum required.
*
* @param _amount The amount being invested.
*/
function _verifyMinimumInvestAmount(uint256 _amount) internal view virtual {
if (_amount < saleConfig.minimumInvestAmount) revert Errors.InvalidInvestAmount(_amount);
}
/**
* @notice Verify that the sale has not ended.
*/
function _verifySaleHasNotEnded() internal view virtual {
if (block.timestamp >= saleConfig.endTime) revert Errors.SaleHasEnded();
}
/**
* @notice Verify that the refund period is over.
*/
function _verifyRefundPeriodIsOver() internal view virtual {
if (block.timestamp < saleConfig.refundEndTime) revert Errors.RefundPeriodIsNotOver();
}
/**
* @notice Verify that the refund period is not over.
*/
function _verifyRefundPeriodIsNotOver() internal view virtual {
if (block.timestamp >= saleConfig.refundEndTime) revert Errors.RefundPeriodIsOver();
}
/**
* @notice Verify that the lockup period is over.
*/
function _verifyLockupPeriodIsOver() internal view virtual {
if (block.timestamp < saleConfig.lockupEndTime) revert Errors.LockupPeriodIsNotOver();
}
/**
* @notice Verify if sale results are published.
*/
function _verifySaleResultsArePublished() internal view virtual {
if (saleStatus.totalTokensAllocated == 0) revert Errors.SaleResultsNotPublished();
}
/**
* @notice Verify if sale results are not published.
*/
function _verifySaleResultsNotPublished() internal view virtual {
if (saleStatus.totalTokensAllocated != 0) revert Errors.SaleResultsAlreadyPublished();
}
/**
* @notice Verify if the project can supply tokens for distribution.
*
* @param _amount The amount to supply.
*/
function _verifyCanSupplyTokens(uint256 _amount) internal view virtual {
// Revert if Legion has not set the total amount of tokens allocated for distribution
if (saleStatus.totalTokensAllocated == 0) revert Errors.TokensNotAllocated();
// Revert if the amount of tokens supplied is different than the amount set by Legion
if (_amount != saleStatus.totalTokensAllocated) revert Errors.InvalidTokenAmountSupplied(_amount);
}
/**
* @notice Verify if Legion can publish sale results.
*/
function _verifyCanPublishSaleResults() internal view virtual {
if (saleStatus.totalTokensAllocated != 0) revert Errors.TokensAlreadyAllocated();
}
/**
* @notice Verify that the sale is not canceled.
*/
function _verifySaleNotCanceled() internal view virtual {
if (saleStatus.isCanceled) revert Errors.SaleIsCanceled();
}
/**
* @notice Verify that the sale is canceled.
*/
function _verifySaleIsCanceled() internal view virtual {
if (!saleStatus.isCanceled) revert Errors.SaleIsNotCanceled();
}
/**
* @notice Verify that the project has not supplied tokens to the sale.
*/
function _verifyTokensNotSupplied() internal view virtual {
if (saleStatus.tokensSupplied) revert Errors.TokensAlreadySupplied();
}
/**
* @notice Verify that the project has supplied tokens to the sale.
*/
function _verifyTokensSupplied() internal view virtual {
if (!saleStatus.tokensSupplied) revert Errors.TokensNotSupplied();
}
/**
* @notice Verify that the signature provided is signed by Legion.
*
* @param _signature The signature to verify.
*/
function _verifyLegionSignature(bytes memory _signature) internal view virtual {
bytes32 _data = keccak256(abi.encodePacked(msg.sender, address(this), block.chainid)).toEthSignedMessageHash();
if (_data.recover(_signature) != addressConfig.legionSigner) revert Errors.InvalidSignature();
}
/**
* @notice Verify that the project can withdraw capital.
*/
function _verifyCanWithdrawCapital() internal view virtual {
if (saleStatus.capitalWithdrawn) revert Errors.CapitalAlreadyWithdrawn();
if (saleStatus.totalCapitalRaised == 0) revert Errors.CapitalNotRaised();
}
/**
* @notice Verify that the investor has not received a refund.
*/
function _verifyHasNotRefunded() internal view virtual {
if (investorPositions[msg.sender].hasRefunded) revert Errors.InvestorHasRefunded(msg.sender);
}
/**
* @notice Verify that the investor has not claimed excess capital.
*/
function _verifyHasNotClaimedExcess() internal view virtual {
if (investorPositions[msg.sender].hasClaimedExcess) revert Errors.InvestorHasClaimedExcess(msg.sender);
}
/**
* @notice Verify the common sale configuration is valid.
*/
function _verifyValidInitParams(LegionSaleInitializationParams memory saleInitParams) internal view virtual {
// Check for zero addresses provided
if (
saleInitParams.bidToken == address(0) || saleInitParams.projectAdmin == address(0)
|| saleInitParams.addressRegistry == address(0)
) {
revert Errors.ZeroAddressProvided();
}
// Check for zero values provided
if (
saleInitParams.salePeriodSeconds == 0 || saleInitParams.refundPeriodSeconds == 0
|| saleInitParams.lockupPeriodSeconds == 0
) revert Errors.ZeroValueProvided();
// Check if sale, refund and lockup periods are longer than allowed
if (
saleInitParams.salePeriodSeconds > Constants.THREE_MONTHS
|| saleInitParams.refundPeriodSeconds > Constants.TWO_WEEKS
|| saleInitParams.lockupPeriodSeconds > Constants.SIX_MONTHS
) {
revert Errors.InvalidPeriodConfig();
}
// Check if sale, refund and lockup periods are shorter than allowed
if (
saleInitParams.salePeriodSeconds < Constants.ONE_HOUR
|| saleInitParams.refundPeriodSeconds < Constants.ONE_HOUR
|| saleInitParams.lockupPeriodSeconds < Constants.ONE_HOUR
) {
revert Errors.InvalidPeriodConfig();
}
}
/**
* @notice Verify that the vesting configuration is valid.
*/
function _verifyValidVestingConfig() internal view virtual {
/// Check if vesting duration is no more than 10 years, if vesting cliff duration is not more than vesting
/// duration or the token allocation on TGE rate is no more than 100%
if (
vestingConfig.vestingDurationSeconds > Constants.TEN_YEARS
|| vestingConfig.vestingCliffDurationSeconds > vestingConfig.vestingDurationSeconds
|| vestingConfig.tokenAllocationOnTGERate > 1e18
) revert Errors.InvalidVestingConfig();
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/cryptography/ECDSA.sol)
pragma solidity ^0.8.20;
/**
* @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.
*
* These functions can be used to verify that a message was signed by the holder
* of the private keys of a given address.
*/
library ECDSA {
enum RecoverError {
NoError,
InvalidSignature,
InvalidSignatureLength,
InvalidSignatureS
}
/**
* @dev The signature derives the `address(0)`.
*/
error ECDSAInvalidSignature();
/**
* @dev The signature has an invalid length.
*/
error ECDSAInvalidSignatureLength(uint256 length);
/**
* @dev The signature has an S value that is in the upper half order.
*/
error ECDSAInvalidSignatureS(bytes32 s);
/**
* @dev Returns the address that signed a hashed message (`hash`) with `signature` or an error. This will not
* return address(0) without also returning an error description. Errors are documented using an enum (error type)
* and a bytes32 providing additional information about the error.
*
* If no error is returned, then the address can be used for verification purposes.
*
* The `ecrecover` EVM precompile allows for malleable (non-unique) signatures:
* this function rejects them by requiring the `s` value to be in the lower
* half order, and the `v` value to be either 27 or 28.
*
* IMPORTANT: `hash` _must_ be the result of a hash operation for the
* verification to be secure: it is possible to craft signatures that
* recover to arbitrary addresses for non-hashed data. A safe way to ensure
* this is by receiving a hash of the original message (which may otherwise
* be too long), and then calling {MessageHashUtils-toEthSignedMessageHash} on it.
*
* Documentation for signature generation:
* - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]
* - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]
*/
function tryRecover(
bytes32 hash,
bytes memory signature
) internal pure returns (address recovered, RecoverError err, bytes32 errArg) {
if (signature.length == 65) {
bytes32 r;
bytes32 s;
uint8 v;
// ecrecover takes the signature parameters, and the only way to get them
// currently is to use assembly.
assembly ("memory-safe") {
r := mload(add(signature, 0x20))
s := mload(add(signature, 0x40))
v := byte(0, mload(add(signature, 0x60)))
}
return tryRecover(hash, v, r, s);
} else {
return (address(0), RecoverError.InvalidSignatureLength, bytes32(signature.length));
}
}
/**
* @dev Returns the address that signed a hashed message (`hash`) with
* `signature`. This address can then be used for verification purposes.
*
* The `ecrecover` EVM precompile allows for malleable (non-unique) signatures:
* this function rejects them by requiring the `s` value to be in the lower
* half order, and the `v` value to be either 27 or 28.
*
* IMPORTANT: `hash` _must_ be the result of a hash operation for the
* verification to be secure: it is possible to craft signatures that
* recover to arbitrary addresses for non-hashed data. A safe way to ensure
* this is by receiving a hash of the original message (which may otherwise
* be too long), and then calling {MessageHashUtils-toEthSignedMessageHash} on it.
*/
function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {
(address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, signature);
_throwError(error, errorArg);
return recovered;
}
/**
* @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.
*
* See https://eips.ethereum.org/EIPS/eip-2098[ERC-2098 short signatures]
*/
function tryRecover(
bytes32 hash,
bytes32 r,
bytes32 vs
) internal pure returns (address recovered, RecoverError err, bytes32 errArg) {
unchecked {
bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);
// We do not check for an overflow here since the shift operation results in 0 or 1.
uint8 v = uint8((uint256(vs) >> 255) + 27);
return tryRecover(hash, v, r, s);
}
}
/**
* @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.
*/
function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {
(address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, r, vs);
_throwError(error, errorArg);
return recovered;
}
/**
* @dev Overload of {ECDSA-tryRecover} that receives the `v`,
* `r` and `s` signature fields separately.
*/
function tryRecover(
bytes32 hash,
uint8 v,
bytes32 r,
bytes32 s
) internal pure returns (address recovered, RecoverError err, bytes32 errArg) {
// EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature
// unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
// the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most
// signatures from current libraries generate a unique signature with an s-value in the lower half order.
//
// If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value
// with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or
// vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept
// these malleable signatures as well.
if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
return (address(0), RecoverError.InvalidSignatureS, s);
}
// If the signature is valid (and not malleable), return the signer address
address signer = ecrecover(hash, v, r, s);
if (signer == address(0)) {
return (address(0), RecoverError.InvalidSignature, bytes32(0));
}
return (signer, RecoverError.NoError, bytes32(0));
}
/**
* @dev Overload of {ECDSA-recover} that receives the `v`,
* `r` and `s` signature fields separately.
*/
function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {
(address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, v, r, s);
_throwError(error, errorArg);
return recovered;
}
/**
* @dev Optionally reverts with the corresponding custom error according to the `error` argument provided.
*/
function _throwError(RecoverError error, bytes32 errorArg) private pure {
if (error == RecoverError.NoError) {
return; // no error: do nothing
} else if (error == RecoverError.InvalidSignature) {
revert ECDSAInvalidSignature();
} else if (error == RecoverError.InvalidSignatureLength) {
revert ECDSAInvalidSignatureLength(uint256(errorArg));
} else if (error == RecoverError.InvalidSignatureS) {
revert ECDSAInvalidSignatureS(errorArg);
}
}
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.4;
/// @notice Initializable mixin for the upgradeable contracts.
/// @author Solady (https://github.com/vectorized/solady/blob/main/src/utils/Initializable.sol)
/// @author Modified from OpenZeppelin (https://github.com/OpenZeppelin/openzeppelin-contracts/tree/master/contracts/proxy/utils/Initializable.sol)
abstract contract Initializable {
/*´:°•.°+.*•´.*:˚.°*.˚•´.°:°•.°•.*•´.*:˚.°*.˚•´.°:°•.°+.*•´.*:*/
/* CUSTOM ERRORS */
/*.•°:°.´+˚.*°.˚:*.´•*.+°.•°:´*.´•*.•°.•°:°.´:•˚°.*°.˚:*.´+°.•*/
/// @dev The contract is already initialized.
error InvalidInitialization();
/// @dev The contract is not initializing.
error NotInitializing();
/*´:°•.°+.*•´.*:˚.°*.˚•´.°:°•.°•.*•´.*:˚.°*.˚•´.°:°•.°+.*•´.*:*/
/* EVENTS */
/*.•°:°.´+˚.*°.˚:*.´•*.+°.•°:´*.´•*.•°.•°:°.´:•˚°.*°.˚:*.´+°.•*/
/// @dev Triggered when the contract has been initialized.
event Initialized(uint64 version);
/// @dev `keccak256(bytes("Initialized(uint64)"))`.
bytes32 private constant _INTIALIZED_EVENT_SIGNATURE =
0xc7f505b2f371ae2175ee4913f4499e1f2633a7b5936321eed1cdaeb6115181d2;
/*´:°•.°+.*•´.*:˚.°*.˚•´.°:°•.°•.*•´.*:˚.°*.˚•´.°:°•.°+.*•´.*:*/
/* STORAGE */
/*.•°:°.´+˚.*°.˚:*.´•*.+°.•°:´*.´•*.•°.•°:°.´:•˚°.*°.˚:*.´+°.•*/
/// @dev The default initializable slot is given by:
/// `bytes32(~uint256(uint32(bytes4(keccak256("_INITIALIZABLE_SLOT")))))`.
///
/// Bits Layout:
/// - [0] `initializing`
/// - [1..64] `initializedVersion`
bytes32 private constant _INITIALIZABLE_SLOT =
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffbf601132;
/*´:°•.°+.*•´.*:˚.°*.˚•´.°:°•.°•.*•´.*:˚.°*.˚•´.°:°•.°+.*•´.*:*/
/* CONSTRUCTOR */
/*.•°:°.´+˚.*°.˚:*.´•*.+°.•°:´*.´•*.•°.•°:°.´:•˚°.*°.˚:*.´+°.•*/
constructor() {
// Construction time check to ensure that `_initializableSlot()` is not
// overridden to zero. Will be optimized away if there is no revert.
require(_initializableSlot() != bytes32(0));
}
/*´:°•.°+.*•´.*:˚.°*.˚•´.°:°•.°•.*•´.*:˚.°*.˚•´.°:°•.°+.*•´.*:*/
/* OPERATIONS */
/*.•°:°.´+˚.*°.˚:*.´•*.+°.•°:´*.´•*.•°.•°:°.´:•˚°.*°.˚:*.´+°.•*/
/// @dev Override to return a non-zero custom storage slot if required.
function _initializableSlot() internal pure virtual returns (bytes32) {
return _INITIALIZABLE_SLOT;
}
/// @dev Guards an initializer function so that it can be invoked at most once.
///
/// You can guard a function with `onlyInitializing` such that it can be called
/// through a function guarded with `initializer`.
///
/// This is similar to `reinitializer(1)`, except that in the context of a constructor,
/// an `initializer` guarded function can be invoked multiple times.
/// This can be useful during testing and is not expected to be used in production.
///
/// Emits an {Initialized} event.
modifier initializer() virtual {
bytes32 s = _initializableSlot();
/// @solidity memory-safe-assembly
assembly {
let i := sload(s)
// Set `initializing` to 1, `initializedVersion` to 1.
sstore(s, 3)
// If `!(initializing == 0 && initializedVersion == 0)`.
if i {
// If `!(address(this).code.length == 0 && initializedVersion == 1)`.
if iszero(lt(extcodesize(address()), eq(shr(1, i), 1))) {
mstore(0x00, 0xf92ee8a9) // `InvalidInitialization()`.
revert(0x1c, 0x04)
}
s := shl(shl(255, i), s) // Skip initializing if `initializing == 1`.
}
}
_;
/// @solidity memory-safe-assembly
assembly {
if s {
// Set `initializing` to 0, `initializedVersion` to 1.
sstore(s, 2)
// Emit the {Initialized} event.
mstore(0x20, 1)
log1(0x20, 0x20, _INTIALIZED_EVENT_SIGNATURE)
}
}
}
/// @dev Guards an reinitialzer function so that it can be invoked at most once.
///
/// You can guard a function with `onlyInitializing` such that it can be called
/// through a function guarded with `reinitializer`.
///
/// Emits an {Initialized} event.
modifier reinitializer(uint64 version) virtual {
bytes32 s = _initializableSlot();
/// @solidity memory-safe-assembly
assembly {
// Clean upper bits, and shift left by 1 to make space for the initializing bit.
version := shl(1, and(version, 0xffffffffffffffff))
let i := sload(s)
// If `initializing == 1 || initializedVersion >= version`.
if iszero(lt(and(i, 1), lt(i, version))) {
mstore(0x00, 0xf92ee8a9) // `InvalidInitialization()`.
revert(0x1c, 0x04)
}
// Set `initializing` to 1, `initializedVersion` to `version`.
sstore(s, or(1, version))
}
_;
/// @solidity memory-safe-assembly
assembly {
// Set `initializing` to 0, `initializedVersion` to `version`.
sstore(s, version)
// Emit the {Initialized} event.
mstore(0x20, shr(1, version))
log1(0x20, 0x20, _INTIALIZED_EVENT_SIGNATURE)
}
}
/// @dev Guards a function such that it can only be called in the scope
/// of a function guarded with `initializer` or `reinitializer`.
modifier onlyInitializing() virtual {
_checkInitializing();
_;
}
/// @dev Reverts if the contract is not initializing.
function _checkInitializing() internal view virtual {
bytes32 s = _initializableSlot();
/// @solidity memory-safe-assembly
assembly {
if iszero(and(1, sload(s))) {
mstore(0x00, 0xd7e6bcf8) // `NotInitializing()`.
revert(0x1c, 0x04)
}
}
}
/// @dev Locks any future initializations by setting the initialized version to `2**64 - 1`.
///
/// Calling this in the constructor will prevent the contract from being initialized
/// or reinitialized. It is recommended to use this to lock implementation contracts
/// that are designed to be called through proxies.
///
/// Emits an {Initialized} event the first time it is successfully called.
function _disableInitializers() internal virtual {
bytes32 s = _initializableSlot();
/// @solidity memory-safe-assembly
assembly {
let i := sload(s)
if and(i, 1) {
mstore(0x00, 0xf92ee8a9) // `InvalidInitialization()`.
revert(0x1c, 0x04)
}
let uint64max := 0xffffffffffffffff
if iszero(eq(shr(1, i), uint64max)) {
// Set `initializing` to 0, `initializedVersion` to `2**64 - 1`.
sstore(s, shl(1, uint64max))
// Emit the {Initialized} event.
mstore(0x20, uint64max)
log1(0x20, 0x20, _INTIALIZED_EVENT_SIGNATURE)
}
}
}
/// @dev Returns the highest version that has been initialized.
function _getInitializedVersion() internal view virtual returns (uint64 version) {
bytes32 s = _initializableSlot();
/// @solidity memory-safe-assembly
assembly {
version := shr(1, sload(s))
}
}
/// @dev Returns whether the contract is currently initializing.
function _isInitializing() internal view virtual returns (bool result) {
bytes32 s = _initializableSlot();
/// @solidity memory-safe-assembly
assembly {
result := and(1, sload(s))
}
}
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.4;
/// @notice Gas optimized verification of proof of inclusion for a leaf in a Merkle tree.
/// @author Solady (https://github.com/vectorized/solady/blob/main/src/utils/MerkleProofLib.sol)
/// @author Modified from Solmate (https://github.com/transmissions11/solmate/blob/main/src/utils/MerkleProofLib.sol)
/// @author Modified from OpenZeppelin (https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/utils/cryptography/MerkleProof.sol)
library MerkleProofLib {
/*´:°•.°+.*•´.*:˚.°*.˚•´.°:°•.°•.*•´.*:˚.°*.˚•´.°:°•.°+.*•´.*:*/
/* MERKLE PROOF VERIFICATION OPERATIONS */
/*.•°:°.´+˚.*°.˚:*.´•*.+°.•°:´*.´•*.•°.•°:°.´:•˚°.*°.˚:*.´+°.•*/
/// @dev Returns whether `leaf` exists in the Merkle tree with `root`, given `proof`.
function verify(bytes32[] memory proof, bytes32 root, bytes32 leaf)
internal
pure
returns (bool isValid)
{
/// @solidity memory-safe-assembly
assembly {
if mload(proof) {
// Initialize `offset` to the offset of `proof` elements in memory.
let offset := add(proof, 0x20)
// Left shift by 5 is equivalent to multiplying by 0x20.
let end := add(offset, shl(5, mload(proof)))
// Iterate over proof elements to compute root hash.
for {} 1 {} {
// Slot of `leaf` in scratch space.
// If the condition is true: 0x20, otherwise: 0x00.
let scratch := shl(5, gt(leaf, mload(offset)))
// Store elements to hash contiguously in scratch space.
// Scratch space is 64 bytes (0x00 - 0x3f) and both elements are 32 bytes.
mstore(scratch, leaf)
mstore(xor(scratch, 0x20), mload(offset))
// Reuse `leaf` to store the hash to reduce stack operations.
leaf := keccak256(0x00, 0x40)
offset := add(offset, 0x20)
if iszero(lt(offset, end)) { break }
}
}
isValid := eq(leaf, root)
}
}
/// @dev Returns whether `leaf` exists in the Merkle tree with `root`, given `proof`.
function verifyCalldata(bytes32[] calldata proof, bytes32 root, bytes32 leaf)
internal
pure
returns (bool isValid)
{
/// @solidity memory-safe-assembly
assembly {
if proof.length {
// Left shift by 5 is equivalent to multiplying by 0x20.
let end := add(proof.offset, shl(5, proof.length))
// Initialize `offset` to the offset of `proof` in the calldata.
let offset := proof.offset
// Iterate over proof elements to compute root hash.
for {} 1 {} {
// Slot of `leaf` in scratch space.
// If the condition is true: 0x20, otherwise: 0x00.
let scratch := shl(5, gt(leaf, calldataload(offset)))
// Store elements to hash contiguously in scratch space.
// Scratch space is 64 bytes (0x00 - 0x3f) and both elements are 32 bytes.
mstore(scratch, leaf)
mstore(xor(scratch, 0x20), calldataload(offset))
// Reuse `leaf` to store the hash to reduce stack operations.
leaf := keccak256(0x00, 0x40)
offset := add(offset, 0x20)
if iszero(lt(offset, end)) { break }
}
}
isValid := eq(leaf, root)
}
}
/// @dev Returns whether all `leaves` exist in the Merkle tree with `root`,
/// given `proof` and `flags`.
///
/// Note:
/// - Breaking the invariant `flags.length == (leaves.length - 1) + proof.length`
/// will always return false.
/// - The sum of the lengths of `proof` and `leaves` must never overflow.
/// - Any non-zero word in the `flags` array is treated as true.
/// - The memory offset of `proof` must be non-zero
/// (i.e. `proof` is not pointing to the scratch space).
function verifyMultiProof(
bytes32[] memory proof,
bytes32 root,
bytes32[] memory leaves,
bool[] memory flags
) internal pure returns (bool isValid) {
// Rebuilds the root by consuming and producing values on a queue.
// The queue starts with the `leaves` array, and goes into a `hashes` array.
// After the process, the last element on the queue is verified
// to be equal to the `root`.
//
// The `flags` array denotes whether the sibling
// should be popped from the queue (`flag == true`), or
// should be popped from the `proof` (`flag == false`).
/// @solidity memory-safe-assembly
assembly {
// Cache the lengths of the arrays.
let leavesLength := mload(leaves)
let proofLength := mload(proof)
let flagsLength := mload(flags)
// Advance the pointers of the arrays to point to the data.
leaves := add(0x20, leaves)
proof := add(0x20, proof)
flags := add(0x20, flags)
// If the number of flags is correct.
for {} eq(add(leavesLength, proofLength), add(flagsLength, 1)) {} {
// For the case where `proof.length + leaves.length == 1`.
if iszero(flagsLength) {
// `isValid = (proof.length == 1 ? proof[0] : leaves[0]) == root`.
isValid := eq(mload(xor(leaves, mul(xor(proof, leaves), proofLength))), root)
break
}
// The required final proof offset if `flagsLength` is not zero, otherwise zero.
let proofEnd := add(proof, shl(5, proofLength))
// We can use the free memory space for the queue.
// We don't need to allocate, since the queue is temporary.
let hashesFront := mload(0x40)
// Copy the leaves into the hashes.
// Sometimes, a little memory expansion costs less than branching.
// Should cost less, even with a high free memory offset of 0x7d00.
leavesLength := shl(5, leavesLength)
for { let i := 0 } iszero(eq(i, leavesLength)) { i := add(i, 0x20) } {
mstore(add(hashesFront, i), mload(add(leaves, i)))
}
// Compute the back of the hashes.
let hashesBack := add(hashesFront, leavesLength)
// This is the end of the memory for the queue.
// We recycle `flagsLength` to save on stack variables (sometimes save gas).
flagsLength := add(hashesBack, shl(5, flagsLength))
for {} 1 {} {
// Pop from `hashes`.
let a := mload(hashesFront)
// Pop from `hashes`.
let b := mload(add(hashesFront, 0x20))
hashesFront := add(hashesFront, 0x40)
// If the flag is false, load the next proof,
// else, pops from the queue.
if iszero(mload(flags)) {
// Loads the next proof.
b := mload(proof)
proof := add(proof, 0x20)
// Unpop from `hashes`.
hashesFront := sub(hashesFront, 0x20)
}
// Advance to the next flag.
flags := add(flags, 0x20)
// Slot of `a` in scratch space.
// If the condition is true: 0x20, otherwise: 0x00.
let scratch := shl(5, gt(a, b))
// Hash the scratch space and push the result onto the queue.
mstore(scratch, a)
mstore(xor(scratch, 0x20), b)
mstore(hashesBack, keccak256(0x00, 0x40))
hashesBack := add(hashesBack, 0x20)
if iszero(lt(hashesBack, flagsLength)) { break }
}
isValid :=
and(
// Checks if the last value in the queue is same as the root.
eq(mload(sub(hashesBack, 0x20)), root),
// And whether all the proofs are used, if required.
eq(proofEnd, proof)
)
break
}
}
}
/// @dev Returns whether all `leaves` exist in the Merkle tree with `root`,
/// given `proof` and `flags`.
///
/// Note:
/// - Breaking the invariant `flags.length == (leaves.length - 1) + proof.length`
/// will always return false.
/// - Any non-zero word in the `flags` array is treated as true.
/// - The calldata offset of `proof` must be non-zero
/// (i.e. `proof` is from a regular Solidity function with a 4-byte selector).
function verifyMultiProofCalldata(
bytes32[] calldata proof,
bytes32 root,
bytes32[] calldata leaves,
bool[] calldata flags
) internal pure returns (bool isValid) {
// Rebuilds the root by consuming and producing values on a queue.
// The queue starts with the `leaves` array, and goes into a `hashes` array.
// After the process, the last element on the queue is verified
// to be equal to the `root`.
//
// The `flags` array denotes whether the sibling
// should be popped from the queue (`flag == true`), or
// should be popped from the `proof` (`flag == false`).
/// @solidity memory-safe-assembly
assembly {
// If the number of flags is correct.
for {} eq(add(leaves.length, proof.length), add(flags.length, 1)) {} {
// For the case where `proof.length + leaves.length == 1`.
if iszero(flags.length) {
// `isValid = (proof.length == 1 ? proof[0] : leaves[0]) == root`.
// forgefmt: disable-next-item
isValid := eq(
calldataload(
xor(leaves.offset, mul(xor(proof.offset, leaves.offset), proof.length))
),
root
)
break
}
// The required final proof offset if `flagsLength` is not zero, otherwise zero.
let proofEnd := add(proof.offset, shl(5, proof.length))
// We can use the free memory space for the queue.
// We don't need to allocate, since the queue is temporary.
let hashesFront := mload(0x40)
// Copy the leaves into the hashes.
// Sometimes, a little memory expansion costs less than branching.
// Should cost less, even with a high free memory offset of 0x7d00.
calldatacopy(hashesFront, leaves.offset, shl(5, leaves.length))
// Compute the back of the hashes.
let hashesBack := add(hashesFront, shl(5, leaves.length))
// This is the end of the memory for the queue.
// We recycle `flagsLength` to save on stack variables (sometimes save gas).
flags.length := add(hashesBack, shl(5, flags.length))
// We don't need to make a copy of `proof.offset` or `flags.offset`,
// as they are pass-by-value (this trick may not always save gas).
for {} 1 {} {
// Pop from `hashes`.
let a := mload(hashesFront)
// Pop from `hashes`.
let b := mload(add(hashesFront, 0x20))
hashesFront := add(hashesFront, 0x40)
// If the flag is false, load the next proof,
// else, pops from the queue.
if iszero(calldataload(flags.offset)) {
// Loads the next proof.
b := calldataload(proof.offset)
proof.offset := add(proof.offset, 0x20)
// Unpop from `hashes`.
hashesFront := sub(hashesFront, 0x20)
}
// Advance to the next flag offset.
flags.offset := add(flags.offset, 0x20)
// Slot of `a` in scratch space.
// If the condition is true: 0x20, otherwise: 0x00.
let scratch := shl(5, gt(a, b))
// Hash the scratch space and push the result onto the queue.
mstore(scratch, a)
mstore(xor(scratch, 0x20), b)
mstore(hashesBack, keccak256(0x00, 0x40))
hashesBack := add(hashesBack, 0x20)
if iszero(lt(hashesBack, flags.length)) { break }
}
isValid :=
and(
// Checks if the last value in the queue is same as the root.
eq(mload(sub(hashesBack, 0x20)), root),
// And whether all the proofs are used, if required.
eq(proofEnd, proof.offset)
)
break
}
}
}
/*´:°•.°+.*•´.*:˚.°*.˚•´.°:°•.°•.*•´.*:˚.°*.˚•´.°:°•.°+.*•´.*:*/
/* EMPTY CALLDATA HELPERS */
/*.•°:°.´+˚.*°.˚:*.´•*.+°.•°:´*.´•*.•°.•°:°.´:•˚°.*°.˚:*.´+°.•*/
/// @dev Returns an empty calldata bytes32 array.
function emptyProof() internal pure returns (bytes32[] calldata proof) {
/// @solidity memory-safe-assembly
assembly {
proof.length := 0
}
}
/// @dev Returns an empty calldata bytes32 array.
function emptyLeaves() internal pure returns (bytes32[] calldata leaves) {
/// @solidity memory-safe-assembly
assembly {
leaves.length := 0
}
}
/// @dev Returns an empty calldata bool array.
function emptyFlags() internal pure returns (bool[] calldata flags) {
/// @solidity memory-safe-assembly
assembly {
flags.length := 0
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/cryptography/MessageHashUtils.sol)
pragma solidity ^0.8.20;
import {Strings} from "../Strings.sol";
/**
* @dev Signature message hash utilities for producing digests to be consumed by {ECDSA} recovery or signing.
*
* The library provides methods for generating a hash of a message that conforms to the
* https://eips.ethereum.org/EIPS/eip-191[ERC-191] and https://eips.ethereum.org/EIPS/eip-712[EIP 712]
* specifications.
*/
library MessageHashUtils {
/**
* @dev Returns the keccak256 digest of an ERC-191 signed data with version
* `0x45` (`personal_sign` messages).
*
* The digest is calculated by prefixing a bytes32 `messageHash` with
* `"\x19Ethereum Signed Message:\n32"` and hashing the result. It corresponds with the
* hash signed when using the https://ethereum.org/en/developers/docs/apis/json-rpc/#eth_sign[`eth_sign`] JSON-RPC method.
*
* NOTE: The `messageHash` parameter is intended to be the result of hashing a raw message with
* keccak256, although any bytes32 value can be safely used because the final digest will
* be re-hashed.
*
* See {ECDSA-recover}.
*/
function toEthSignedMessageHash(bytes32 messageHash) internal pure returns (bytes32 digest) {
assembly ("memory-safe") {
mstore(0x00, "\x19Ethereum Signed Message:\n32") // 32 is the bytes-length of messageHash
mstore(0x1c, messageHash) // 0x1c (28) is the length of the prefix
digest := keccak256(0x00, 0x3c) // 0x3c is the length of the prefix (0x1c) + messageHash (0x20)
}
}
/**
* @dev Returns the keccak256 digest of an ERC-191 signed data with version
* `0x45` (`personal_sign` messages).
*
* The digest is calculated by prefixing an arbitrary `message` with
* `"\x19Ethereum Signed Message:\n" + len(message)` and hashing the result. It corresponds with the
* hash signed when using the https://ethereum.org/en/developers/docs/apis/json-rpc/#eth_sign[`eth_sign`] JSON-RPC method.
*
* See {ECDSA-recover}.
*/
function toEthSignedMessageHash(bytes memory message) internal pure returns (bytes32) {
return
keccak256(bytes.concat("\x19Ethereum Signed Message:\n", bytes(Strings.toString(message.length)), message));
}
/**
* @dev Returns the keccak256 digest of an ERC-191 signed data with version
* `0x00` (data with intended validator).
*
* The digest is calculated by prefixing an arbitrary `data` with `"\x19\x00"` and the intended
* `validator` address. Then hashing the result.
*
* See {ECDSA-recover}.
*/
function toDataWithIntendedValidatorHash(address validator, bytes memory data) internal pure returns (bytes32) {
return keccak256(abi.encodePacked(hex"19_00", validator, data));
}
/**
* @dev Returns the keccak256 digest of an EIP-712 typed data (ERC-191 version `0x01`).
*
* The digest is calculated from a `domainSeparator` and a `structHash`, by prefixing them with
* `\x19\x01` and hashing the result. It corresponds to the hash signed by the
* https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`] JSON-RPC method as part of EIP-712.
*
* See {ECDSA-recover}.
*/
function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 digest) {
assembly ("memory-safe") {
let ptr := mload(0x40)
mstore(ptr, hex"19_01")
mstore(add(ptr, 0x02), domainSeparator)
mstore(add(ptr, 0x22), structHash)
digest := keccak256(ptr, 0x42)
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/Pausable.sol)
pragma solidity ^0.8.20;
import {Context} from "../utils/Context.sol";
/**
* @dev Contract module which allows children to implement an emergency stop
* mechanism that can be triggered by an authorized account.
*
* This module is used through inheritance. It will make available the
* modifiers `whenNotPaused` and `whenPaused`, which can be applied to
* the functions of your contract. Note that they will not be pausable by
* simply including this module, only once the modifiers are put in place.
*/
abstract contract Pausable is Context {
bool private _paused;
/**
* @dev Emitted when the pause is triggered by `account`.
*/
event Paused(address account);
/**
* @dev Emitted when the pause is lifted by `account`.
*/
event Unpaused(address account);
/**
* @dev The operation failed because the contract is paused.
*/
error EnforcedPause();
/**
* @dev The operation failed because the contract is not paused.
*/
error ExpectedPause();
/**
* @dev Modifier to make a function callable only when the contract is not paused.
*
* Requirements:
*
* - The contract must not be paused.
*/
modifier whenNotPaused() {
_requireNotPaused();
_;
}
/**
* @dev Modifier to make a function callable only when the contract is paused.
*
* Requirements:
*
* - The contract must be paused.
*/
modifier whenPaused() {
_requirePaused();
_;
}
/**
* @dev Returns true if the contract is paused, and false otherwise.
*/
function paused() public view virtual returns (bool) {
return _paused;
}
/**
* @dev Throws if the contract is paused.
*/
function _requireNotPaused() internal view virtual {
if (paused()) {
revert EnforcedPause();
}
}
/**
* @dev Throws if the contract is not paused.
*/
function _requirePaused() internal view virtual {
if (!paused()) {
revert ExpectedPause();
}
}
/**
* @dev Triggers stopped state.
*
* Requirements:
*
* - The contract must not be paused.
*/
function _pause() internal virtual whenNotPaused {
_paused = true;
emit Paused(_msgSender());
}
/**
* @dev Returns to normal state.
*
* Requirements:
*
* - The contract must be paused.
*/
function _unpause() internal virtual whenPaused {
_paused = false;
emit Unpaused(_msgSender());
}
}// SPDX-License-Identifier: MIT
pragma solidity 0.8.28;
// ___ ___ ___ ___ ___
// /\__\ /\ \ /\ \ ___ /\ \ /\__\
// /:/ / /::\ \ /::\ \ /\ \ /::\ \ /::| |
// /:/ / /:/\:\ \ /:/\:\ \ \:\ \ /:/\:\ \ /:|:| |
// /:/ / /::\~\:\ \ /:/ \:\ \ /::\__\ /:/ \:\ \ /:/|:| |__
// /:/__/ /:/\:\ \:\__\ /:/__/_\:\__\ __/:/\/__/ /:/__/ \:\__\ /:/ |:| /\__\
// \:\ \ \:\~\:\ \/__/ \:\ /\ \/__/ /\/:/ / \:\ \ /:/ / \/__|:|/:/ /
// \:\ \ \:\ \:\__\ \:\ \:\__\ \::/__/ \:\ /:/ / |:/:/ /
// \:\ \ \:\ \/__/ \:\/:/ / \:\__\ \:\/:/ / |::/ /
// \:\__\ \:\__\ \::/ / \/__/ \::/ / /:/ /
// \/__/ \/__/ \/__/ \/__/ \/__/
//
// If you find a bug, please contact security[at]legion.cc
// We will pay a fair bounty for any issue that puts users' funds at risk.
/**
* @title Legion Address Registry Interface
* @notice An interface for managing Legion Protocol addresses
*/
interface ILegionAddressRegistry {
/**
* @notice Emitted when a Legion address is set or updated
*
* @param id The unique identifier of the address
* @param previousAddress The previous address before the update
* @param updatedAddress The updated address
*/
event LegionAddressSet(bytes32 id, address previousAddress, address updatedAddress);
/**
* @notice Sets a Legion address
*
* @param id The unique identifier of the address
* @param updatedAddress The new address to set
*/
function setLegionAddress(bytes32 id, address updatedAddress) external;
/**
* @notice Gets a Legion address
*
* @param id The unique identifier of the address
* @return The registered Legion address
*/
function getLegionAddress(bytes32 id) external view returns (address);
}// SPDX-License-Identifier: MIT
pragma solidity 0.8.28;
// ___ ___ ___ ___ ___
// /\__\ /\ \ /\ \ ___ /\ \ /\__\
// /:/ / /::\ \ /::\ \ /\ \ /::\ \ /::| |
// /:/ / /:/\:\ \ /:/\:\ \ \:\ \ /:/\:\ \ /:|:| |
// /:/ / /::\~\:\ \ /:/ \:\ \ /::\__\ /:/ \:\ \ /:/|:| |__
// /:/__/ /:/\:\ \:\__\ /:/__/_\:\__\ __/:/\/__/ /:/__/ \:\__\ /:/ |:| /\__\
// \:\ \ \:\~\:\ \/__/ \:\ /\ \/__/ /\/:/ / \:\ \ /:/ / \/__|:|/:/ /
// \:\ \ \:\ \:\__\ \:\ \:\__\ \::/__/ \:\ /:/ / |:/:/ /
// \:\ \ \:\ \/__/ \:\/:/ / \:\__\ \:\/:/ / |::/ /
// \:\__\ \:\__\ \::/ / \/__/ \::/ / /:/ /
// \/__/ \/__/ \/__/ \/__/ \/__/
//
// If you find a bug, please contact security[at]legion.cc
// We will pay a fair bounty for any issue that puts users' funds at risk.
interface ILegionLinearVesting {
/**
* @notice See {VestingWalletUpgradeable-start}.
*/
function start() external view returns (uint256);
/**
* @notice See {VestingWalletUpgradeable-duration}.
*/
function duration() external view returns (uint256);
/**
* @notice See {VestingWalletUpgradeable-end}.
*/
function end() external view returns (uint256);
/**
* @notice See {VestingWalletUpgradeable-released}.
*/
function released() external view returns (uint256);
/**
* @notice See {VestingWalletUpgradeable-released}.
*/
function released(address token) external view returns (uint256);
/**
* @notice See {VestingWalletUpgradeable-releasable}.
*/
function releasable() external view returns (uint256);
/**
* @notice See {VestingWalletUpgradeable-releasable}.
*/
function releasable(address token) external view returns (uint256);
/**
* @notice See {VestingWalletUpgradeable-release}.
*/
function release() external;
/**
* @notice See {VestingWalletUpgradeable-release}.
*/
function release(address token) external;
/**
* @notice See {VestingWalletUpgradeable-vestedAmount}.
*/
function vestedAmount(uint64 timestamp) external view returns (uint256);
/**
* @notice See {VestingWalletUpgradeable-vestedAmount}.
*/
function vestedAmount(address token, uint64 timestamp) external view returns (uint256);
}// SPDX-License-Identifier: MIT
pragma solidity 0.8.28;
// ___ ___ ___ ___ ___
// /\__\ /\ \ /\ \ ___ /\ \ /\__\
// /:/ / /::\ \ /::\ \ /\ \ /::\ \ /::| |
// /:/ / /:/\:\ \ /:/\:\ \ \:\ \ /:/\:\ \ /:|:| |
// /:/ / /::\~\:\ \ /:/ \:\ \ /::\__\ /:/ \:\ \ /:/|:| |__
// /:/__/ /:/\:\ \:\__\ /:/__/_\:\__\ __/:/\/__/ /:/__/ \:\__\ /:/ |:| /\__\
// \:\ \ \:\~\:\ \/__/ \:\ /\ \/__/ /\/:/ / \:\ \ /:/ / \/__|:|/:/ /
// \:\ \ \:\ \:\__\ \:\ \:\__\ \::/__/ \:\ /:/ / |:/:/ /
// \:\ \ \:\ \/__/ \:\/:/ / \:\__\ \:\/:/ / |::/ /
// \:\__\ \:\__\ \::/ / \/__/ \::/ / /:/ /
// \/__/ \/__/ \/__/ \/__/ \/__/
//
// If you find a bug, please contact security[at]legion.cc
// We will pay a fair bounty for any issue that puts users' funds at risk.
interface ILegionVestingFactory {
/**
* @notice This event is emitted when a new linear vesting schedule contract is deployed for an investor.
*
* @param beneficiary The address of the beneficiary.
* @param startTimestamp The Unix timestamp (seconds) when the vesting period starts.
* @param durationSeconds The vesting duration in seconds.
* @param cliffDurationSeconds The vesting cliff duration in seconds.
*/
event NewLinearVestingCreated(
address beneficiary, uint64 startTimestamp, uint64 durationSeconds, uint64 cliffDurationSeconds
);
/**
* @notice Deploy a LegionLinearVesting contract.
*
* @param beneficiary The address of the beneficiary.
* @param startTimestamp The Unix timestamp (seconds) when the vesting starts.
* @param durationSeconds The total duration of the vesting period in seconds.
* @param cliffDurationSeconds The duration of the cliff period in seconds.
*
* @return linearVestingInstance The address of the deployed LegionLinearVesting instance.
*/
function createLinearVesting(
address beneficiary,
uint64 startTimestamp,
uint64 durationSeconds,
uint64 cliffDurationSeconds
)
external
returns (address payable linearVestingInstance);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.2.0) (utils/Strings.sol)
pragma solidity ^0.8.20;
import {Math} from "./math/Math.sol";
import {SafeCast} from "./math/SafeCast.sol";
import {SignedMath} from "./math/SignedMath.sol";
/**
* @dev String operations.
*/
library Strings {
using SafeCast for *;
bytes16 private constant HEX_DIGITS = "0123456789abcdef";
uint8 private constant ADDRESS_LENGTH = 20;
/**
* @dev The `value` string doesn't fit in the specified `length`.
*/
error StringsInsufficientHexLength(uint256 value, uint256 length);
/**
* @dev The string being parsed contains characters that are not in scope of the given base.
*/
error StringsInvalidChar();
/**
* @dev The string being parsed is not a properly formatted address.
*/
error StringsInvalidAddressFormat();
/**
* @dev Converts a `uint256` to its ASCII `string` decimal representation.
*/
function toString(uint256 value) internal pure returns (string memory) {
unchecked {
uint256 length = Math.log10(value) + 1;
string memory buffer = new string(length);
uint256 ptr;
assembly ("memory-safe") {
ptr := add(buffer, add(32, length))
}
while (true) {
ptr--;
assembly ("memory-safe") {
mstore8(ptr, byte(mod(value, 10), HEX_DIGITS))
}
value /= 10;
if (value == 0) break;
}
return buffer;
}
}
/**
* @dev Converts a `int256` to its ASCII `string` decimal representation.
*/
function toStringSigned(int256 value) internal pure returns (string memory) {
return string.concat(value < 0 ? "-" : "", toString(SignedMath.abs(value)));
}
/**
* @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.
*/
function toHexString(uint256 value) internal pure returns (string memory) {
unchecked {
return toHexString(value, Math.log256(value) + 1);
}
}
/**
* @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.
*/
function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {
uint256 localValue = value;
bytes memory buffer = new bytes(2 * length + 2);
buffer[0] = "0";
buffer[1] = "x";
for (uint256 i = 2 * length + 1; i > 1; --i) {
buffer[i] = HEX_DIGITS[localValue & 0xf];
localValue >>= 4;
}
if (localValue != 0) {
revert StringsInsufficientHexLength(value, length);
}
return string(buffer);
}
/**
* @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal
* representation.
*/
function toHexString(address addr) internal pure returns (string memory) {
return toHexString(uint256(uint160(addr)), ADDRESS_LENGTH);
}
/**
* @dev Converts an `address` with fixed length of 20 bytes to its checksummed ASCII `string` hexadecimal
* representation, according to EIP-55.
*/
function toChecksumHexString(address addr) internal pure returns (string memory) {
bytes memory buffer = bytes(toHexString(addr));
// hash the hex part of buffer (skip length + 2 bytes, length 40)
uint256 hashValue;
assembly ("memory-safe") {
hashValue := shr(96, keccak256(add(buffer, 0x22), 40))
}
for (uint256 i = 41; i > 1; --i) {
// possible values for buffer[i] are 48 (0) to 57 (9) and 97 (a) to 102 (f)
if (hashValue & 0xf > 7 && uint8(buffer[i]) > 96) {
// case shift by xoring with 0x20
buffer[i] ^= 0x20;
}
hashValue >>= 4;
}
return string(buffer);
}
/**
* @dev Returns true if the two strings are equal.
*/
function equal(string memory a, string memory b) internal pure returns (bool) {
return bytes(a).length == bytes(b).length && keccak256(bytes(a)) == keccak256(bytes(b));
}
/**
* @dev Parse a decimal string and returns the value as a `uint256`.
*
* Requirements:
* - The string must be formatted as `[0-9]*`
* - The result must fit into an `uint256` type
*/
function parseUint(string memory input) internal pure returns (uint256) {
return parseUint(input, 0, bytes(input).length);
}
/**
* @dev Variant of {parseUint-string} that parses a substring of `input` located between position `begin` (included) and
* `end` (excluded).
*
* Requirements:
* - The substring must be formatted as `[0-9]*`
* - The result must fit into an `uint256` type
*/
function parseUint(string memory input, uint256 begin, uint256 end) internal pure returns (uint256) {
(bool success, uint256 value) = tryParseUint(input, begin, end);
if (!success) revert StringsInvalidChar();
return value;
}
/**
* @dev Variant of {parseUint-string} that returns false if the parsing fails because of an invalid character.
*
* NOTE: This function will revert if the result does not fit in a `uint256`.
*/
function tryParseUint(string memory input) internal pure returns (bool success, uint256 value) {
return _tryParseUintUncheckedBounds(input, 0, bytes(input).length);
}
/**
* @dev Variant of {parseUint-string-uint256-uint256} that returns false if the parsing fails because of an invalid
* character.
*
* NOTE: This function will revert if the result does not fit in a `uint256`.
*/
function tryParseUint(
string memory input,
uint256 begin,
uint256 end
) internal pure returns (bool success, uint256 value) {
if (end > bytes(input).length || begin > end) return (false, 0);
return _tryParseUintUncheckedBounds(input, begin, end);
}
/**
* @dev Implementation of {tryParseUint-string-uint256-uint256} that does not check bounds. Caller should make sure that
* `begin <= end <= input.length`. Other inputs would result in undefined behavior.
*/
function _tryParseUintUncheckedBounds(
string memory input,
uint256 begin,
uint256 end
) private pure returns (bool success, uint256 value) {
bytes memory buffer = bytes(input);
uint256 result = 0;
for (uint256 i = begin; i < end; ++i) {
uint8 chr = _tryParseChr(bytes1(_unsafeReadBytesOffset(buffer, i)));
if (chr > 9) return (false, 0);
result *= 10;
result += chr;
}
return (true, result);
}
/**
* @dev Parse a decimal string and returns the value as a `int256`.
*
* Requirements:
* - The string must be formatted as `[-+]?[0-9]*`
* - The result must fit in an `int256` type.
*/
function parseInt(string memory input) internal pure returns (int256) {
return parseInt(input, 0, bytes(input).length);
}
/**
* @dev Variant of {parseInt-string} that parses a substring of `input` located between position `begin` (included) and
* `end` (excluded).
*
* Requirements:
* - The substring must be formatted as `[-+]?[0-9]*`
* - The result must fit in an `int256` type.
*/
function parseInt(string memory input, uint256 begin, uint256 end) internal pure returns (int256) {
(bool success, int256 value) = tryParseInt(input, begin, end);
if (!success) revert StringsInvalidChar();
return value;
}
/**
* @dev Variant of {parseInt-string} that returns false if the parsing fails because of an invalid character or if
* the result does not fit in a `int256`.
*
* NOTE: This function will revert if the absolute value of the result does not fit in a `uint256`.
*/
function tryParseInt(string memory input) internal pure returns (bool success, int256 value) {
return _tryParseIntUncheckedBounds(input, 0, bytes(input).length);
}
uint256 private constant ABS_MIN_INT256 = 2 ** 255;
/**
* @dev Variant of {parseInt-string-uint256-uint256} that returns false if the parsing fails because of an invalid
* character or if the result does not fit in a `int256`.
*
* NOTE: This function will revert if the absolute value of the result does not fit in a `uint256`.
*/
function tryParseInt(
string memory input,
uint256 begin,
uint256 end
) internal pure returns (bool success, int256 value) {
if (end > bytes(input).length || begin > end) return (false, 0);
return _tryParseIntUncheckedBounds(input, begin, end);
}
/**
* @dev Implementation of {tryParseInt-string-uint256-uint256} that does not check bounds. Caller should make sure that
* `begin <= end <= input.length`. Other inputs would result in undefined behavior.
*/
function _tryParseIntUncheckedBounds(
string memory input,
uint256 begin,
uint256 end
) private pure returns (bool success, int256 value) {
bytes memory buffer = bytes(input);
// Check presence of a negative sign.
bytes1 sign = begin == end ? bytes1(0) : bytes1(_unsafeReadBytesOffset(buffer, begin)); // don't do out-of-bound (possibly unsafe) read if sub-string is empty
bool positiveSign = sign == bytes1("+");
bool negativeSign = sign == bytes1("-");
uint256 offset = (positiveSign || negativeSign).toUint();
(bool absSuccess, uint256 absValue) = tryParseUint(input, begin + offset, end);
if (absSuccess && absValue < ABS_MIN_INT256) {
return (true, negativeSign ? -int256(absValue) : int256(absValue));
} else if (absSuccess && negativeSign && absValue == ABS_MIN_INT256) {
return (true, type(int256).min);
} else return (false, 0);
}
/**
* @dev Parse a hexadecimal string (with or without "0x" prefix), and returns the value as a `uint256`.
*
* Requirements:
* - The string must be formatted as `(0x)?[0-9a-fA-F]*`
* - The result must fit in an `uint256` type.
*/
function parseHexUint(string memory input) internal pure returns (uint256) {
return parseHexUint(input, 0, bytes(input).length);
}
/**
* @dev Variant of {parseHexUint-string} that parses a substring of `input` located between position `begin` (included) and
* `end` (excluded).
*
* Requirements:
* - The substring must be formatted as `(0x)?[0-9a-fA-F]*`
* - The result must fit in an `uint256` type.
*/
function parseHexUint(string memory input, uint256 begin, uint256 end) internal pure returns (uint256) {
(bool success, uint256 value) = tryParseHexUint(input, begin, end);
if (!success) revert StringsInvalidChar();
return value;
}
/**
* @dev Variant of {parseHexUint-string} that returns false if the parsing fails because of an invalid character.
*
* NOTE: This function will revert if the result does not fit in a `uint256`.
*/
function tryParseHexUint(string memory input) internal pure returns (bool success, uint256 value) {
return _tryParseHexUintUncheckedBounds(input, 0, bytes(input).length);
}
/**
* @dev Variant of {parseHexUint-string-uint256-uint256} that returns false if the parsing fails because of an
* invalid character.
*
* NOTE: This function will revert if the result does not fit in a `uint256`.
*/
function tryParseHexUint(
string memory input,
uint256 begin,
uint256 end
) internal pure returns (bool success, uint256 value) {
if (end > bytes(input).length || begin > end) return (false, 0);
return _tryParseHexUintUncheckedBounds(input, begin, end);
}
/**
* @dev Implementation of {tryParseHexUint-string-uint256-uint256} that does not check bounds. Caller should make sure that
* `begin <= end <= input.length`. Other inputs would result in undefined behavior.
*/
function _tryParseHexUintUncheckedBounds(
string memory input,
uint256 begin,
uint256 end
) private pure returns (bool success, uint256 value) {
bytes memory buffer = bytes(input);
// skip 0x prefix if present
bool hasPrefix = (end > begin + 1) && bytes2(_unsafeReadBytesOffset(buffer, begin)) == bytes2("0x"); // don't do out-of-bound (possibly unsafe) read if sub-string is empty
uint256 offset = hasPrefix.toUint() * 2;
uint256 result = 0;
for (uint256 i = begin + offset; i < end; ++i) {
uint8 chr = _tryParseChr(bytes1(_unsafeReadBytesOffset(buffer, i)));
if (chr > 15) return (false, 0);
result *= 16;
unchecked {
// Multiplying by 16 is equivalent to a shift of 4 bits (with additional overflow check).
// This guarantees that adding a value < 16 will not cause an overflow, hence the unchecked.
result += chr;
}
}
return (true, result);
}
/**
* @dev Parse a hexadecimal string (with or without "0x" prefix), and returns the value as an `address`.
*
* Requirements:
* - The string must be formatted as `(0x)?[0-9a-fA-F]{40}`
*/
function parseAddress(string memory input) internal pure returns (address) {
return parseAddress(input, 0, bytes(input).length);
}
/**
* @dev Variant of {parseAddress-string} that parses a substring of `input` located between position `begin` (included) and
* `end` (excluded).
*
* Requirements:
* - The substring must be formatted as `(0x)?[0-9a-fA-F]{40}`
*/
function parseAddress(string memory input, uint256 begin, uint256 end) internal pure returns (address) {
(bool success, address value) = tryParseAddress(input, begin, end);
if (!success) revert StringsInvalidAddressFormat();
return value;
}
/**
* @dev Variant of {parseAddress-string} that returns false if the parsing fails because the input is not a properly
* formatted address. See {parseAddress-string} requirements.
*/
function tryParseAddress(string memory input) internal pure returns (bool success, address value) {
return tryParseAddress(input, 0, bytes(input).length);
}
/**
* @dev Variant of {parseAddress-string-uint256-uint256} that returns false if the parsing fails because input is not a properly
* formatted address. See {parseAddress-string-uint256-uint256} requirements.
*/
function tryParseAddress(
string memory input,
uint256 begin,
uint256 end
) internal pure returns (bool success, address value) {
if (end > bytes(input).length || begin > end) return (false, address(0));
bool hasPrefix = (end > begin + 1) && bytes2(_unsafeReadBytesOffset(bytes(input), begin)) == bytes2("0x"); // don't do out-of-bound (possibly unsafe) read if sub-string is empty
uint256 expectedLength = 40 + hasPrefix.toUint() * 2;
// check that input is the correct length
if (end - begin == expectedLength) {
// length guarantees that this does not overflow, and value is at most type(uint160).max
(bool s, uint256 v) = _tryParseHexUintUncheckedBounds(input, begin, end);
return (s, address(uint160(v)));
} else {
return (false, address(0));
}
}
function _tryParseChr(bytes1 chr) private pure returns (uint8) {
uint8 value = uint8(chr);
// Try to parse `chr`:
// - Case 1: [0-9]
// - Case 2: [a-f]
// - Case 3: [A-F]
// - otherwise not supported
unchecked {
if (value > 47 && value < 58) value -= 48;
else if (value > 96 && value < 103) value -= 87;
else if (value > 64 && value < 71) value -= 55;
else return type(uint8).max;
}
return value;
}
/**
* @dev Reads a bytes32 from a bytes array without bounds checking.
*
* NOTE: making this function internal would mean it could be used with memory unsafe offset, and marking the
* assembly block as such would prevent some optimizations.
*/
function _unsafeReadBytesOffset(bytes memory buffer, uint256 offset) private pure returns (bytes32 value) {
// This is not memory safe in the general case, but all calls to this private function are within bounds.
assembly ("memory-safe") {
value := mload(add(buffer, add(0x20, offset)))
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)
pragma solidity ^0.8.20;
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract Context {
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
function _contextSuffixLength() internal view virtual returns (uint256) {
return 0;
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/math/Math.sol)
pragma solidity ^0.8.20;
import {Panic} from "../Panic.sol";
import {SafeCast} from "./SafeCast.sol";
/**
* @dev Standard math utilities missing in the Solidity language.
*/
library Math {
enum Rounding {
Floor, // Toward negative infinity
Ceil, // Toward positive infinity
Trunc, // Toward zero
Expand // Away from zero
}
/**
* @dev Returns the addition of two unsigned integers, with an success flag (no overflow).
*/
function tryAdd(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {
unchecked {
uint256 c = a + b;
if (c < a) return (false, 0);
return (true, c);
}
}
/**
* @dev Returns the subtraction of two unsigned integers, with an success flag (no overflow).
*/
function trySub(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {
unchecked {
if (b > a) return (false, 0);
return (true, a - b);
}
}
/**
* @dev Returns the multiplication of two unsigned integers, with an success flag (no overflow).
*/
function tryMul(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {
unchecked {
// Gas optimization: this is cheaper than requiring 'a' not being zero, but the
// benefit is lost if 'b' is also tested.
// See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522
if (a == 0) return (true, 0);
uint256 c = a * b;
if (c / a != b) return (false, 0);
return (true, c);
}
}
/**
* @dev Returns the division of two unsigned integers, with a success flag (no division by zero).
*/
function tryDiv(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {
unchecked {
if (b == 0) return (false, 0);
return (true, a / b);
}
}
/**
* @dev Returns the remainder of dividing two unsigned integers, with a success flag (no division by zero).
*/
function tryMod(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {
unchecked {
if (b == 0) return (false, 0);
return (true, a % b);
}
}
/**
* @dev Branchless ternary evaluation for `a ? b : c`. Gas costs are constant.
*
* IMPORTANT: This function may reduce bytecode size and consume less gas when used standalone.
* However, the compiler may optimize Solidity ternary operations (i.e. `a ? b : c`) to only compute
* one branch when needed, making this function more expensive.
*/
function ternary(bool condition, uint256 a, uint256 b) internal pure returns (uint256) {
unchecked {
// branchless ternary works because:
// b ^ (a ^ b) == a
// b ^ 0 == b
return b ^ ((a ^ b) * SafeCast.toUint(condition));
}
}
/**
* @dev Returns the largest of two numbers.
*/
function max(uint256 a, uint256 b) internal pure returns (uint256) {
return ternary(a > b, a, b);
}
/**
* @dev Returns the smallest of two numbers.
*/
function min(uint256 a, uint256 b) internal pure returns (uint256) {
return ternary(a < b, a, b);
}
/**
* @dev Returns the average of two numbers. The result is rounded towards
* zero.
*/
function average(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b) / 2 can overflow.
return (a & b) + (a ^ b) / 2;
}
/**
* @dev Returns the ceiling of the division of two numbers.
*
* This differs from standard division with `/` in that it rounds towards infinity instead
* of rounding towards zero.
*/
function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
if (b == 0) {
// Guarantee the same behavior as in a regular Solidity division.
Panic.panic(Panic.DIVISION_BY_ZERO);
}
// The following calculation ensures accurate ceiling division without overflow.
// Since a is non-zero, (a - 1) / b will not overflow.
// The largest possible result occurs when (a - 1) / b is type(uint256).max,
// but the largest value we can obtain is type(uint256).max - 1, which happens
// when a = type(uint256).max and b = 1.
unchecked {
return SafeCast.toUint(a > 0) * ((a - 1) / b + 1);
}
}
/**
* @dev Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or
* denominator == 0.
*
* Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv) with further edits by
* Uniswap Labs also under MIT license.
*/
function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {
unchecked {
// 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2²⁵⁶ and mod 2²⁵⁶ - 1, then use
// the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256
// variables such that product = prod1 * 2²⁵⁶ + prod0.
uint256 prod0 = x * y; // Least significant 256 bits of the product
uint256 prod1; // Most significant 256 bits of the product
assembly {
let mm := mulmod(x, y, not(0))
prod1 := sub(sub(mm, prod0), lt(mm, prod0))
}
// Handle non-overflow cases, 256 by 256 division.
if (prod1 == 0) {
// Solidity will revert if denominator == 0, unlike the div opcode on its own.
// The surrounding unchecked block does not change this fact.
// See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.
return prod0 / denominator;
}
// Make sure the result is less than 2²⁵⁶. Also prevents denominator == 0.
if (denominator <= prod1) {
Panic.panic(ternary(denominator == 0, Panic.DIVISION_BY_ZERO, Panic.UNDER_OVERFLOW));
}
///////////////////////////////////////////////
// 512 by 256 division.
///////////////////////////////////////////////
// Make division exact by subtracting the remainder from [prod1 prod0].
uint256 remainder;
assembly {
// Compute remainder using mulmod.
remainder := mulmod(x, y, denominator)
// Subtract 256 bit number from 512 bit number.
prod1 := sub(prod1, gt(remainder, prod0))
prod0 := sub(prod0, remainder)
}
// Factor powers of two out of denominator and compute largest power of two divisor of denominator.
// Always >= 1. See https://cs.stackexchange.com/q/138556/92363.
uint256 twos = denominator & (0 - denominator);
assembly {
// Divide denominator by twos.
denominator := div(denominator, twos)
// Divide [prod1 prod0] by twos.
prod0 := div(prod0, twos)
// Flip twos such that it is 2²⁵⁶ / twos. If twos is zero, then it becomes one.
twos := add(div(sub(0, twos), twos), 1)
}
// Shift in bits from prod1 into prod0.
prod0 |= prod1 * twos;
// Invert denominator mod 2²⁵⁶. Now that denominator is an odd number, it has an inverse modulo 2²⁵⁶ such
// that denominator * inv ≡ 1 mod 2²⁵⁶. Compute the inverse by starting with a seed that is correct for
// four bits. That is, denominator * inv ≡ 1 mod 2⁴.
uint256 inverse = (3 * denominator) ^ 2;
// Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also
// works in modular arithmetic, doubling the correct bits in each step.
inverse *= 2 - denominator * inverse; // inverse mod 2⁸
inverse *= 2 - denominator * inverse; // inverse mod 2¹⁶
inverse *= 2 - denominator * inverse; // inverse mod 2³²
inverse *= 2 - denominator * inverse; // inverse mod 2⁶⁴
inverse *= 2 - denominator * inverse; // inverse mod 2¹²⁸
inverse *= 2 - denominator * inverse; // inverse mod 2²⁵⁶
// Because the division is now exact we can divide by multiplying with the modular inverse of denominator.
// This will give us the correct result modulo 2²⁵⁶. Since the preconditions guarantee that the outcome is
// less than 2²⁵⁶, this is the final result. We don't need to compute the high bits of the result and prod1
// is no longer required.
result = prod0 * inverse;
return result;
}
}
/**
* @dev Calculates x * y / denominator with full precision, following the selected rounding direction.
*/
function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {
return mulDiv(x, y, denominator) + SafeCast.toUint(unsignedRoundsUp(rounding) && mulmod(x, y, denominator) > 0);
}
/**
* @dev Calculate the modular multiplicative inverse of a number in Z/nZ.
*
* If n is a prime, then Z/nZ is a field. In that case all elements are inversible, except 0.
* If n is not a prime, then Z/nZ is not a field, and some elements might not be inversible.
*
* If the input value is not inversible, 0 is returned.
*
* NOTE: If you know for sure that n is (big) a prime, it may be cheaper to use Fermat's little theorem and get the
* inverse using `Math.modExp(a, n - 2, n)`. See {invModPrime}.
*/
function invMod(uint256 a, uint256 n) internal pure returns (uint256) {
unchecked {
if (n == 0) return 0;
// The inverse modulo is calculated using the Extended Euclidean Algorithm (iterative version)
// Used to compute integers x and y such that: ax + ny = gcd(a, n).
// When the gcd is 1, then the inverse of a modulo n exists and it's x.
// ax + ny = 1
// ax = 1 + (-y)n
// ax ≡ 1 (mod n) # x is the inverse of a modulo n
// If the remainder is 0 the gcd is n right away.
uint256 remainder = a % n;
uint256 gcd = n;
// Therefore the initial coefficients are:
// ax + ny = gcd(a, n) = n
// 0a + 1n = n
int256 x = 0;
int256 y = 1;
while (remainder != 0) {
uint256 quotient = gcd / remainder;
(gcd, remainder) = (
// The old remainder is the next gcd to try.
remainder,
// Compute the next remainder.
// Can't overflow given that (a % gcd) * (gcd // (a % gcd)) <= gcd
// where gcd is at most n (capped to type(uint256).max)
gcd - remainder * quotient
);
(x, y) = (
// Increment the coefficient of a.
y,
// Decrement the coefficient of n.
// Can overflow, but the result is casted to uint256 so that the
// next value of y is "wrapped around" to a value between 0 and n - 1.
x - y * int256(quotient)
);
}
if (gcd != 1) return 0; // No inverse exists.
return ternary(x < 0, n - uint256(-x), uint256(x)); // Wrap the result if it's negative.
}
}
/**
* @dev Variant of {invMod}. More efficient, but only works if `p` is known to be a prime greater than `2`.
*
* From https://en.wikipedia.org/wiki/Fermat%27s_little_theorem[Fermat's little theorem], we know that if p is
* prime, then `a**(p-1) ≡ 1 mod p`. As a consequence, we have `a * a**(p-2) ≡ 1 mod p`, which means that
* `a**(p-2)` is the modular multiplicative inverse of a in Fp.
*
* NOTE: this function does NOT check that `p` is a prime greater than `2`.
*/
function invModPrime(uint256 a, uint256 p) internal view returns (uint256) {
unchecked {
return Math.modExp(a, p - 2, p);
}
}
/**
* @dev Returns the modular exponentiation of the specified base, exponent and modulus (b ** e % m)
*
* Requirements:
* - modulus can't be zero
* - underlying staticcall to precompile must succeed
*
* IMPORTANT: The result is only valid if the underlying call succeeds. When using this function, make
* sure the chain you're using it on supports the precompiled contract for modular exponentiation
* at address 0x05 as specified in https://eips.ethereum.org/EIPS/eip-198[EIP-198]. Otherwise,
* the underlying function will succeed given the lack of a revert, but the result may be incorrectly
* interpreted as 0.
*/
function modExp(uint256 b, uint256 e, uint256 m) internal view returns (uint256) {
(bool success, uint256 result) = tryModExp(b, e, m);
if (!success) {
Panic.panic(Panic.DIVISION_BY_ZERO);
}
return result;
}
/**
* @dev Returns the modular exponentiation of the specified base, exponent and modulus (b ** e % m).
* It includes a success flag indicating if the operation succeeded. Operation will be marked as failed if trying
* to operate modulo 0 or if the underlying precompile reverted.
*
* IMPORTANT: The result is only valid if the success flag is true. When using this function, make sure the chain
* you're using it on supports the precompiled contract for modular exponentiation at address 0x05 as specified in
* https://eips.ethereum.org/EIPS/eip-198[EIP-198]. Otherwise, the underlying function will succeed given the lack
* of a revert, but the result may be incorrectly interpreted as 0.
*/
function tryModExp(uint256 b, uint256 e, uint256 m) internal view returns (bool success, uint256 result) {
if (m == 0) return (false, 0);
assembly ("memory-safe") {
let ptr := mload(0x40)
// | Offset | Content | Content (Hex) |
// |-----------|------------|--------------------------------------------------------------------|
// | 0x00:0x1f | size of b | 0x0000000000000000000000000000000000000000000000000000000000000020 |
// | 0x20:0x3f | size of e | 0x0000000000000000000000000000000000000000000000000000000000000020 |
// | 0x40:0x5f | size of m | 0x0000000000000000000000000000000000000000000000000000000000000020 |
// | 0x60:0x7f | value of b | 0x<.............................................................b> |
// | 0x80:0x9f | value of e | 0x<.............................................................e> |
// | 0xa0:0xbf | value of m | 0x<.............................................................m> |
mstore(ptr, 0x20)
mstore(add(ptr, 0x20), 0x20)
mstore(add(ptr, 0x40), 0x20)
mstore(add(ptr, 0x60), b)
mstore(add(ptr, 0x80), e)
mstore(add(ptr, 0xa0), m)
// Given the result < m, it's guaranteed to fit in 32 bytes,
// so we can use the memory scratch space located at offset 0.
success := staticcall(gas(), 0x05, ptr, 0xc0, 0x00, 0x20)
result := mload(0x00)
}
}
/**
* @dev Variant of {modExp} that supports inputs of arbitrary length.
*/
function modExp(bytes memory b, bytes memory e, bytes memory m) internal view returns (bytes memory) {
(bool success, bytes memory result) = tryModExp(b, e, m);
if (!success) {
Panic.panic(Panic.DIVISION_BY_ZERO);
}
return result;
}
/**
* @dev Variant of {tryModExp} that supports inputs of arbitrary length.
*/
function tryModExp(
bytes memory b,
bytes memory e,
bytes memory m
) internal view returns (bool success, bytes memory result) {
if (_zeroBytes(m)) return (false, new bytes(0));
uint256 mLen = m.length;
// Encode call args in result and move the free memory pointer
result = abi.encodePacked(b.length, e.length, mLen, b, e, m);
assembly ("memory-safe") {
let dataPtr := add(result, 0x20)
// Write result on top of args to avoid allocating extra memory.
success := staticcall(gas(), 0x05, dataPtr, mload(result), dataPtr, mLen)
// Overwrite the length.
// result.length > returndatasize() is guaranteed because returndatasize() == m.length
mstore(result, mLen)
// Set the memory pointer after the returned data.
mstore(0x40, add(dataPtr, mLen))
}
}
/**
* @dev Returns whether the provided byte array is zero.
*/
function _zeroBytes(bytes memory byteArray) private pure returns (bool) {
for (uint256 i = 0; i < byteArray.length; ++i) {
if (byteArray[i] != 0) {
return false;
}
}
return true;
}
/**
* @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded
* towards zero.
*
* This method is based on Newton's method for computing square roots; the algorithm is restricted to only
* using integer operations.
*/
function sqrt(uint256 a) internal pure returns (uint256) {
unchecked {
// Take care of easy edge cases when a == 0 or a == 1
if (a <= 1) {
return a;
}
// In this function, we use Newton's method to get a root of `f(x) := x² - a`. It involves building a
// sequence x_n that converges toward sqrt(a). For each iteration x_n, we also define the error between
// the current value as `ε_n = | x_n - sqrt(a) |`.
//
// For our first estimation, we consider `e` the smallest power of 2 which is bigger than the square root
// of the target. (i.e. `2**(e-1) ≤ sqrt(a) < 2**e`). We know that `e ≤ 128` because `(2¹²⁸)² = 2²⁵⁶` is
// bigger than any uint256.
//
// By noticing that
// `2**(e-1) ≤ sqrt(a) < 2**e → (2**(e-1))² ≤ a < (2**e)² → 2**(2*e-2) ≤ a < 2**(2*e)`
// we can deduce that `e - 1` is `log2(a) / 2`. We can thus compute `x_n = 2**(e-1)` using a method similar
// to the msb function.
uint256 aa = a;
uint256 xn = 1;
if (aa >= (1 << 128)) {
aa >>= 128;
xn <<= 64;
}
if (aa >= (1 << 64)) {
aa >>= 64;
xn <<= 32;
}
if (aa >= (1 << 32)) {
aa >>= 32;
xn <<= 16;
}
if (aa >= (1 << 16)) {
aa >>= 16;
xn <<= 8;
}
if (aa >= (1 << 8)) {
aa >>= 8;
xn <<= 4;
}
if (aa >= (1 << 4)) {
aa >>= 4;
xn <<= 2;
}
if (aa >= (1 << 2)) {
xn <<= 1;
}
// We now have x_n such that `x_n = 2**(e-1) ≤ sqrt(a) < 2**e = 2 * x_n`. This implies ε_n ≤ 2**(e-1).
//
// We can refine our estimation by noticing that the middle of that interval minimizes the error.
// If we move x_n to equal 2**(e-1) + 2**(e-2), then we reduce the error to ε_n ≤ 2**(e-2).
// This is going to be our x_0 (and ε_0)
xn = (3 * xn) >> 1; // ε_0 := | x_0 - sqrt(a) | ≤ 2**(e-2)
// From here, Newton's method give us:
// x_{n+1} = (x_n + a / x_n) / 2
//
// One should note that:
// x_{n+1}² - a = ((x_n + a / x_n) / 2)² - a
// = ((x_n² + a) / (2 * x_n))² - a
// = (x_n⁴ + 2 * a * x_n² + a²) / (4 * x_n²) - a
// = (x_n⁴ + 2 * a * x_n² + a² - 4 * a * x_n²) / (4 * x_n²)
// = (x_n⁴ - 2 * a * x_n² + a²) / (4 * x_n²)
// = (x_n² - a)² / (2 * x_n)²
// = ((x_n² - a) / (2 * x_n))²
// ≥ 0
// Which proves that for all n ≥ 1, sqrt(a) ≤ x_n
//
// This gives us the proof of quadratic convergence of the sequence:
// ε_{n+1} = | x_{n+1} - sqrt(a) |
// = | (x_n + a / x_n) / 2 - sqrt(a) |
// = | (x_n² + a - 2*x_n*sqrt(a)) / (2 * x_n) |
// = | (x_n - sqrt(a))² / (2 * x_n) |
// = | ε_n² / (2 * x_n) |
// = ε_n² / | (2 * x_n) |
//
// For the first iteration, we have a special case where x_0 is known:
// ε_1 = ε_0² / | (2 * x_0) |
// ≤ (2**(e-2))² / (2 * (2**(e-1) + 2**(e-2)))
// ≤ 2**(2*e-4) / (3 * 2**(e-1))
// ≤ 2**(e-3) / 3
// ≤ 2**(e-3-log2(3))
// ≤ 2**(e-4.5)
//
// For the following iterations, we use the fact that, 2**(e-1) ≤ sqrt(a) ≤ x_n:
// ε_{n+1} = ε_n² / | (2 * x_n) |
// ≤ (2**(e-k))² / (2 * 2**(e-1))
// ≤ 2**(2*e-2*k) / 2**e
// ≤ 2**(e-2*k)
xn = (xn + a / xn) >> 1; // ε_1 := | x_1 - sqrt(a) | ≤ 2**(e-4.5) -- special case, see above
xn = (xn + a / xn) >> 1; // ε_2 := | x_2 - sqrt(a) | ≤ 2**(e-9) -- general case with k = 4.5
xn = (xn + a / xn) >> 1; // ε_3 := | x_3 - sqrt(a) | ≤ 2**(e-18) -- general case with k = 9
xn = (xn + a / xn) >> 1; // ε_4 := | x_4 - sqrt(a) | ≤ 2**(e-36) -- general case with k = 18
xn = (xn + a / xn) >> 1; // ε_5 := | x_5 - sqrt(a) | ≤ 2**(e-72) -- general case with k = 36
xn = (xn + a / xn) >> 1; // ε_6 := | x_6 - sqrt(a) | ≤ 2**(e-144) -- general case with k = 72
// Because e ≤ 128 (as discussed during the first estimation phase), we know have reached a precision
// ε_6 ≤ 2**(e-144) < 1. Given we're operating on integers, then we can ensure that xn is now either
// sqrt(a) or sqrt(a) + 1.
return xn - SafeCast.toUint(xn > a / xn);
}
}
/**
* @dev Calculates sqrt(a), following the selected rounding direction.
*/
function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = sqrt(a);
return result + SafeCast.toUint(unsignedRoundsUp(rounding) && result * result < a);
}
}
/**
* @dev Return the log in base 2 of a positive value rounded towards zero.
* Returns 0 if given 0.
*/
function log2(uint256 x) internal pure returns (uint256 r) {
// If value has upper 128 bits set, log2 result is at least 128
r = SafeCast.toUint(x > 0xffffffffffffffffffffffffffffffff) << 7;
// If upper 64 bits of 128-bit half set, add 64 to result
r |= SafeCast.toUint((x >> r) > 0xffffffffffffffff) << 6;
// If upper 32 bits of 64-bit half set, add 32 to result
r |= SafeCast.toUint((x >> r) > 0xffffffff) << 5;
// If upper 16 bits of 32-bit half set, add 16 to result
r |= SafeCast.toUint((x >> r) > 0xffff) << 4;
// If upper 8 bits of 16-bit half set, add 8 to result
r |= SafeCast.toUint((x >> r) > 0xff) << 3;
// If upper 4 bits of 8-bit half set, add 4 to result
r |= SafeCast.toUint((x >> r) > 0xf) << 2;
// Shifts value right by the current result and use it as an index into this lookup table:
//
// | x (4 bits) | index | table[index] = MSB position |
// |------------|---------|-----------------------------|
// | 0000 | 0 | table[0] = 0 |
// | 0001 | 1 | table[1] = 0 |
// | 0010 | 2 | table[2] = 1 |
// | 0011 | 3 | table[3] = 1 |
// | 0100 | 4 | table[4] = 2 |
// | 0101 | 5 | table[5] = 2 |
// | 0110 | 6 | table[6] = 2 |
// | 0111 | 7 | table[7] = 2 |
// | 1000 | 8 | table[8] = 3 |
// | 1001 | 9 | table[9] = 3 |
// | 1010 | 10 | table[10] = 3 |
// | 1011 | 11 | table[11] = 3 |
// | 1100 | 12 | table[12] = 3 |
// | 1101 | 13 | table[13] = 3 |
// | 1110 | 14 | table[14] = 3 |
// | 1111 | 15 | table[15] = 3 |
//
// The lookup table is represented as a 32-byte value with the MSB positions for 0-15 in the last 16 bytes.
assembly ("memory-safe") {
r := or(r, byte(shr(r, x), 0x0000010102020202030303030303030300000000000000000000000000000000))
}
}
/**
* @dev Return the log in base 2, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log2(value);
return result + SafeCast.toUint(unsignedRoundsUp(rounding) && 1 << result < value);
}
}
/**
* @dev Return the log in base 10 of a positive value rounded towards zero.
* Returns 0 if given 0.
*/
function log10(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >= 10 ** 64) {
value /= 10 ** 64;
result += 64;
}
if (value >= 10 ** 32) {
value /= 10 ** 32;
result += 32;
}
if (value >= 10 ** 16) {
value /= 10 ** 16;
result += 16;
}
if (value >= 10 ** 8) {
value /= 10 ** 8;
result += 8;
}
if (value >= 10 ** 4) {
value /= 10 ** 4;
result += 4;
}
if (value >= 10 ** 2) {
value /= 10 ** 2;
result += 2;
}
if (value >= 10 ** 1) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 10, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log10(value);
return result + SafeCast.toUint(unsignedRoundsUp(rounding) && 10 ** result < value);
}
}
/**
* @dev Return the log in base 256 of a positive value rounded towards zero.
* Returns 0 if given 0.
*
* Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.
*/
function log256(uint256 x) internal pure returns (uint256 r) {
// If value has upper 128 bits set, log2 result is at least 128
r = SafeCast.toUint(x > 0xffffffffffffffffffffffffffffffff) << 7;
// If upper 64 bits of 128-bit half set, add 64 to result
r |= SafeCast.toUint((x >> r) > 0xffffffffffffffff) << 6;
// If upper 32 bits of 64-bit half set, add 32 to result
r |= SafeCast.toUint((x >> r) > 0xffffffff) << 5;
// If upper 16 bits of 32-bit half set, add 16 to result
r |= SafeCast.toUint((x >> r) > 0xffff) << 4;
// Add 1 if upper 8 bits of 16-bit half set, and divide accumulated result by 8
return (r >> 3) | SafeCast.toUint((x >> r) > 0xff);
}
/**
* @dev Return the log in base 256, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log256(value);
return result + SafeCast.toUint(unsignedRoundsUp(rounding) && 1 << (result << 3) < value);
}
}
/**
* @dev Returns whether a provided rounding mode is considered rounding up for unsigned integers.
*/
function unsignedRoundsUp(Rounding rounding) internal pure returns (bool) {
return uint8(rounding) % 2 == 1;
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/math/SafeCast.sol)
// This file was procedurally generated from scripts/generate/templates/SafeCast.js.
pragma solidity ^0.8.20;
/**
* @dev Wrappers over Solidity's uintXX/intXX/bool casting operators with added overflow
* checks.
*
* Downcasting from uint256/int256 in Solidity does not revert on overflow. This can
* easily result in undesired exploitation or bugs, since developers usually
* assume that overflows raise errors. `SafeCast` restores this intuition by
* reverting the transaction when such an operation overflows.
*
* Using this library instead of the unchecked operations eliminates an entire
* class of bugs, so it's recommended to use it always.
*/
library SafeCast {
/**
* @dev Value doesn't fit in an uint of `bits` size.
*/
error SafeCastOverflowedUintDowncast(uint8 bits, uint256 value);
/**
* @dev An int value doesn't fit in an uint of `bits` size.
*/
error SafeCastOverflowedIntToUint(int256 value);
/**
* @dev Value doesn't fit in an int of `bits` size.
*/
error SafeCastOverflowedIntDowncast(uint8 bits, int256 value);
/**
* @dev An uint value doesn't fit in an int of `bits` size.
*/
error SafeCastOverflowedUintToInt(uint256 value);
/**
* @dev Returns the downcasted uint248 from uint256, reverting on
* overflow (when the input is greater than largest uint248).
*
* Counterpart to Solidity's `uint248` operator.
*
* Requirements:
*
* - input must fit into 248 bits
*/
function toUint248(uint256 value) internal pure returns (uint248) {
if (value > type(uint248).max) {
revert SafeCastOverflowedUintDowncast(248, value);
}
return uint248(value);
}
/**
* @dev Returns the downcasted uint240 from uint256, reverting on
* overflow (when the input is greater than largest uint240).
*
* Counterpart to Solidity's `uint240` operator.
*
* Requirements:
*
* - input must fit into 240 bits
*/
function toUint240(uint256 value) internal pure returns (uint240) {
if (value > type(uint240).max) {
revert SafeCastOverflowedUintDowncast(240, value);
}
return uint240(value);
}
/**
* @dev Returns the downcasted uint232 from uint256, reverting on
* overflow (when the input is greater than largest uint232).
*
* Counterpart to Solidity's `uint232` operator.
*
* Requirements:
*
* - input must fit into 232 bits
*/
function toUint232(uint256 value) internal pure returns (uint232) {
if (value > type(uint232).max) {
revert SafeCastOverflowedUintDowncast(232, value);
}
return uint232(value);
}
/**
* @dev Returns the downcasted uint224 from uint256, reverting on
* overflow (when the input is greater than largest uint224).
*
* Counterpart to Solidity's `uint224` operator.
*
* Requirements:
*
* - input must fit into 224 bits
*/
function toUint224(uint256 value) internal pure returns (uint224) {
if (value > type(uint224).max) {
revert SafeCastOverflowedUintDowncast(224, value);
}
return uint224(value);
}
/**
* @dev Returns the downcasted uint216 from uint256, reverting on
* overflow (when the input is greater than largest uint216).
*
* Counterpart to Solidity's `uint216` operator.
*
* Requirements:
*
* - input must fit into 216 bits
*/
function toUint216(uint256 value) internal pure returns (uint216) {
if (value > type(uint216).max) {
revert SafeCastOverflowedUintDowncast(216, value);
}
return uint216(value);
}
/**
* @dev Returns the downcasted uint208 from uint256, reverting on
* overflow (when the input is greater than largest uint208).
*
* Counterpart to Solidity's `uint208` operator.
*
* Requirements:
*
* - input must fit into 208 bits
*/
function toUint208(uint256 value) internal pure returns (uint208) {
if (value > type(uint208).max) {
revert SafeCastOverflowedUintDowncast(208, value);
}
return uint208(value);
}
/**
* @dev Returns the downcasted uint200 from uint256, reverting on
* overflow (when the input is greater than largest uint200).
*
* Counterpart to Solidity's `uint200` operator.
*
* Requirements:
*
* - input must fit into 200 bits
*/
function toUint200(uint256 value) internal pure returns (uint200) {
if (value > type(uint200).max) {
revert SafeCastOverflowedUintDowncast(200, value);
}
return uint200(value);
}
/**
* @dev Returns the downcasted uint192 from uint256, reverting on
* overflow (when the input is greater than largest uint192).
*
* Counterpart to Solidity's `uint192` operator.
*
* Requirements:
*
* - input must fit into 192 bits
*/
function toUint192(uint256 value) internal pure returns (uint192) {
if (value > type(uint192).max) {
revert SafeCastOverflowedUintDowncast(192, value);
}
return uint192(value);
}
/**
* @dev Returns the downcasted uint184 from uint256, reverting on
* overflow (when the input is greater than largest uint184).
*
* Counterpart to Solidity's `uint184` operator.
*
* Requirements:
*
* - input must fit into 184 bits
*/
function toUint184(uint256 value) internal pure returns (uint184) {
if (value > type(uint184).max) {
revert SafeCastOverflowedUintDowncast(184, value);
}
return uint184(value);
}
/**
* @dev Returns the downcasted uint176 from uint256, reverting on
* overflow (when the input is greater than largest uint176).
*
* Counterpart to Solidity's `uint176` operator.
*
* Requirements:
*
* - input must fit into 176 bits
*/
function toUint176(uint256 value) internal pure returns (uint176) {
if (value > type(uint176).max) {
revert SafeCastOverflowedUintDowncast(176, value);
}
return uint176(value);
}
/**
* @dev Returns the downcasted uint168 from uint256, reverting on
* overflow (when the input is greater than largest uint168).
*
* Counterpart to Solidity's `uint168` operator.
*
* Requirements:
*
* - input must fit into 168 bits
*/
function toUint168(uint256 value) internal pure returns (uint168) {
if (value > type(uint168).max) {
revert SafeCastOverflowedUintDowncast(168, value);
}
return uint168(value);
}
/**
* @dev Returns the downcasted uint160 from uint256, reverting on
* overflow (when the input is greater than largest uint160).
*
* Counterpart to Solidity's `uint160` operator.
*
* Requirements:
*
* - input must fit into 160 bits
*/
function toUint160(uint256 value) internal pure returns (uint160) {
if (value > type(uint160).max) {
revert SafeCastOverflowedUintDowncast(160, value);
}
return uint160(value);
}
/**
* @dev Returns the downcasted uint152 from uint256, reverting on
* overflow (when the input is greater than largest uint152).
*
* Counterpart to Solidity's `uint152` operator.
*
* Requirements:
*
* - input must fit into 152 bits
*/
function toUint152(uint256 value) internal pure returns (uint152) {
if (value > type(uint152).max) {
revert SafeCastOverflowedUintDowncast(152, value);
}
return uint152(value);
}
/**
* @dev Returns the downcasted uint144 from uint256, reverting on
* overflow (when the input is greater than largest uint144).
*
* Counterpart to Solidity's `uint144` operator.
*
* Requirements:
*
* - input must fit into 144 bits
*/
function toUint144(uint256 value) internal pure returns (uint144) {
if (value > type(uint144).max) {
revert SafeCastOverflowedUintDowncast(144, value);
}
return uint144(value);
}
/**
* @dev Returns the downcasted uint136 from uint256, reverting on
* overflow (when the input is greater than largest uint136).
*
* Counterpart to Solidity's `uint136` operator.
*
* Requirements:
*
* - input must fit into 136 bits
*/
function toUint136(uint256 value) internal pure returns (uint136) {
if (value > type(uint136).max) {
revert SafeCastOverflowedUintDowncast(136, value);
}
return uint136(value);
}
/**
* @dev Returns the downcasted uint128 from uint256, reverting on
* overflow (when the input is greater than largest uint128).
*
* Counterpart to Solidity's `uint128` operator.
*
* Requirements:
*
* - input must fit into 128 bits
*/
function toUint128(uint256 value) internal pure returns (uint128) {
if (value > type(uint128).max) {
revert SafeCastOverflowedUintDowncast(128, value);
}
return uint128(value);
}
/**
* @dev Returns the downcasted uint120 from uint256, reverting on
* overflow (when the input is greater than largest uint120).
*
* Counterpart to Solidity's `uint120` operator.
*
* Requirements:
*
* - input must fit into 120 bits
*/
function toUint120(uint256 value) internal pure returns (uint120) {
if (value > type(uint120).max) {
revert SafeCastOverflowedUintDowncast(120, value);
}
return uint120(value);
}
/**
* @dev Returns the downcasted uint112 from uint256, reverting on
* overflow (when the input is greater than largest uint112).
*
* Counterpart to Solidity's `uint112` operator.
*
* Requirements:
*
* - input must fit into 112 bits
*/
function toUint112(uint256 value) internal pure returns (uint112) {
if (value > type(uint112).max) {
revert SafeCastOverflowedUintDowncast(112, value);
}
return uint112(value);
}
/**
* @dev Returns the downcasted uint104 from uint256, reverting on
* overflow (when the input is greater than largest uint104).
*
* Counterpart to Solidity's `uint104` operator.
*
* Requirements:
*
* - input must fit into 104 bits
*/
function toUint104(uint256 value) internal pure returns (uint104) {
if (value > type(uint104).max) {
revert SafeCastOverflowedUintDowncast(104, value);
}
return uint104(value);
}
/**
* @dev Returns the downcasted uint96 from uint256, reverting on
* overflow (when the input is greater than largest uint96).
*
* Counterpart to Solidity's `uint96` operator.
*
* Requirements:
*
* - input must fit into 96 bits
*/
function toUint96(uint256 value) internal pure returns (uint96) {
if (value > type(uint96).max) {
revert SafeCastOverflowedUintDowncast(96, value);
}
return uint96(value);
}
/**
* @dev Returns the downcasted uint88 from uint256, reverting on
* overflow (when the input is greater than largest uint88).
*
* Counterpart to Solidity's `uint88` operator.
*
* Requirements:
*
* - input must fit into 88 bits
*/
function toUint88(uint256 value) internal pure returns (uint88) {
if (value > type(uint88).max) {
revert SafeCastOverflowedUintDowncast(88, value);
}
return uint88(value);
}
/**
* @dev Returns the downcasted uint80 from uint256, reverting on
* overflow (when the input is greater than largest uint80).
*
* Counterpart to Solidity's `uint80` operator.
*
* Requirements:
*
* - input must fit into 80 bits
*/
function toUint80(uint256 value) internal pure returns (uint80) {
if (value > type(uint80).max) {
revert SafeCastOverflowedUintDowncast(80, value);
}
return uint80(value);
}
/**
* @dev Returns the downcasted uint72 from uint256, reverting on
* overflow (when the input is greater than largest uint72).
*
* Counterpart to Solidity's `uint72` operator.
*
* Requirements:
*
* - input must fit into 72 bits
*/
function toUint72(uint256 value) internal pure returns (uint72) {
if (value > type(uint72).max) {
revert SafeCastOverflowedUintDowncast(72, value);
}
return uint72(value);
}
/**
* @dev Returns the downcasted uint64 from uint256, reverting on
* overflow (when the input is greater than largest uint64).
*
* Counterpart to Solidity's `uint64` operator.
*
* Requirements:
*
* - input must fit into 64 bits
*/
function toUint64(uint256 value) internal pure returns (uint64) {
if (value > type(uint64).max) {
revert SafeCastOverflowedUintDowncast(64, value);
}
return uint64(value);
}
/**
* @dev Returns the downcasted uint56 from uint256, reverting on
* overflow (when the input is greater than largest uint56).
*
* Counterpart to Solidity's `uint56` operator.
*
* Requirements:
*
* - input must fit into 56 bits
*/
function toUint56(uint256 value) internal pure returns (uint56) {
if (value > type(uint56).max) {
revert SafeCastOverflowedUintDowncast(56, value);
}
return uint56(value);
}
/**
* @dev Returns the downcasted uint48 from uint256, reverting on
* overflow (when the input is greater than largest uint48).
*
* Counterpart to Solidity's `uint48` operator.
*
* Requirements:
*
* - input must fit into 48 bits
*/
function toUint48(uint256 value) internal pure returns (uint48) {
if (value > type(uint48).max) {
revert SafeCastOverflowedUintDowncast(48, value);
}
return uint48(value);
}
/**
* @dev Returns the downcasted uint40 from uint256, reverting on
* overflow (when the input is greater than largest uint40).
*
* Counterpart to Solidity's `uint40` operator.
*
* Requirements:
*
* - input must fit into 40 bits
*/
function toUint40(uint256 value) internal pure returns (uint40) {
if (value > type(uint40).max) {
revert SafeCastOverflowedUintDowncast(40, value);
}
return uint40(value);
}
/**
* @dev Returns the downcasted uint32 from uint256, reverting on
* overflow (when the input is greater than largest uint32).
*
* Counterpart to Solidity's `uint32` operator.
*
* Requirements:
*
* - input must fit into 32 bits
*/
function toUint32(uint256 value) internal pure returns (uint32) {
if (value > type(uint32).max) {
revert SafeCastOverflowedUintDowncast(32, value);
}
return uint32(value);
}
/**
* @dev Returns the downcasted uint24 from uint256, reverting on
* overflow (when the input is greater than largest uint24).
*
* Counterpart to Solidity's `uint24` operator.
*
* Requirements:
*
* - input must fit into 24 bits
*/
function toUint24(uint256 value) internal pure returns (uint24) {
if (value > type(uint24).max) {
revert SafeCastOverflowedUintDowncast(24, value);
}
return uint24(value);
}
/**
* @dev Returns the downcasted uint16 from uint256, reverting on
* overflow (when the input is greater than largest uint16).
*
* Counterpart to Solidity's `uint16` operator.
*
* Requirements:
*
* - input must fit into 16 bits
*/
function toUint16(uint256 value) internal pure returns (uint16) {
if (value > type(uint16).max) {
revert SafeCastOverflowedUintDowncast(16, value);
}
return uint16(value);
}
/**
* @dev Returns the downcasted uint8 from uint256, reverting on
* overflow (when the input is greater than largest uint8).
*
* Counterpart to Solidity's `uint8` operator.
*
* Requirements:
*
* - input must fit into 8 bits
*/
function toUint8(uint256 value) internal pure returns (uint8) {
if (value > type(uint8).max) {
revert SafeCastOverflowedUintDowncast(8, value);
}
return uint8(value);
}
/**
* @dev Converts a signed int256 into an unsigned uint256.
*
* Requirements:
*
* - input must be greater than or equal to 0.
*/
function toUint256(int256 value) internal pure returns (uint256) {
if (value < 0) {
revert SafeCastOverflowedIntToUint(value);
}
return uint256(value);
}
/**
* @dev Returns the downcasted int248 from int256, reverting on
* overflow (when the input is less than smallest int248 or
* greater than largest int248).
*
* Counterpart to Solidity's `int248` operator.
*
* Requirements:
*
* - input must fit into 248 bits
*/
function toInt248(int256 value) internal pure returns (int248 downcasted) {
downcasted = int248(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(248, value);
}
}
/**
* @dev Returns the downcasted int240 from int256, reverting on
* overflow (when the input is less than smallest int240 or
* greater than largest int240).
*
* Counterpart to Solidity's `int240` operator.
*
* Requirements:
*
* - input must fit into 240 bits
*/
function toInt240(int256 value) internal pure returns (int240 downcasted) {
downcasted = int240(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(240, value);
}
}
/**
* @dev Returns the downcasted int232 from int256, reverting on
* overflow (when the input is less than smallest int232 or
* greater than largest int232).
*
* Counterpart to Solidity's `int232` operator.
*
* Requirements:
*
* - input must fit into 232 bits
*/
function toInt232(int256 value) internal pure returns (int232 downcasted) {
downcasted = int232(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(232, value);
}
}
/**
* @dev Returns the downcasted int224 from int256, reverting on
* overflow (when the input is less than smallest int224 or
* greater than largest int224).
*
* Counterpart to Solidity's `int224` operator.
*
* Requirements:
*
* - input must fit into 224 bits
*/
function toInt224(int256 value) internal pure returns (int224 downcasted) {
downcasted = int224(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(224, value);
}
}
/**
* @dev Returns the downcasted int216 from int256, reverting on
* overflow (when the input is less than smallest int216 or
* greater than largest int216).
*
* Counterpart to Solidity's `int216` operator.
*
* Requirements:
*
* - input must fit into 216 bits
*/
function toInt216(int256 value) internal pure returns (int216 downcasted) {
downcasted = int216(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(216, value);
}
}
/**
* @dev Returns the downcasted int208 from int256, reverting on
* overflow (when the input is less than smallest int208 or
* greater than largest int208).
*
* Counterpart to Solidity's `int208` operator.
*
* Requirements:
*
* - input must fit into 208 bits
*/
function toInt208(int256 value) internal pure returns (int208 downcasted) {
downcasted = int208(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(208, value);
}
}
/**
* @dev Returns the downcasted int200 from int256, reverting on
* overflow (when the input is less than smallest int200 or
* greater than largest int200).
*
* Counterpart to Solidity's `int200` operator.
*
* Requirements:
*
* - input must fit into 200 bits
*/
function toInt200(int256 value) internal pure returns (int200 downcasted) {
downcasted = int200(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(200, value);
}
}
/**
* @dev Returns the downcasted int192 from int256, reverting on
* overflow (when the input is less than smallest int192 or
* greater than largest int192).
*
* Counterpart to Solidity's `int192` operator.
*
* Requirements:
*
* - input must fit into 192 bits
*/
function toInt192(int256 value) internal pure returns (int192 downcasted) {
downcasted = int192(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(192, value);
}
}
/**
* @dev Returns the downcasted int184 from int256, reverting on
* overflow (when the input is less than smallest int184 or
* greater than largest int184).
*
* Counterpart to Solidity's `int184` operator.
*
* Requirements:
*
* - input must fit into 184 bits
*/
function toInt184(int256 value) internal pure returns (int184 downcasted) {
downcasted = int184(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(184, value);
}
}
/**
* @dev Returns the downcasted int176 from int256, reverting on
* overflow (when the input is less than smallest int176 or
* greater than largest int176).
*
* Counterpart to Solidity's `int176` operator.
*
* Requirements:
*
* - input must fit into 176 bits
*/
function toInt176(int256 value) internal pure returns (int176 downcasted) {
downcasted = int176(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(176, value);
}
}
/**
* @dev Returns the downcasted int168 from int256, reverting on
* overflow (when the input is less than smallest int168 or
* greater than largest int168).
*
* Counterpart to Solidity's `int168` operator.
*
* Requirements:
*
* - input must fit into 168 bits
*/
function toInt168(int256 value) internal pure returns (int168 downcasted) {
downcasted = int168(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(168, value);
}
}
/**
* @dev Returns the downcasted int160 from int256, reverting on
* overflow (when the input is less than smallest int160 or
* greater than largest int160).
*
* Counterpart to Solidity's `int160` operator.
*
* Requirements:
*
* - input must fit into 160 bits
*/
function toInt160(int256 value) internal pure returns (int160 downcasted) {
downcasted = int160(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(160, value);
}
}
/**
* @dev Returns the downcasted int152 from int256, reverting on
* overflow (when the input is less than smallest int152 or
* greater than largest int152).
*
* Counterpart to Solidity's `int152` operator.
*
* Requirements:
*
* - input must fit into 152 bits
*/
function toInt152(int256 value) internal pure returns (int152 downcasted) {
downcasted = int152(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(152, value);
}
}
/**
* @dev Returns the downcasted int144 from int256, reverting on
* overflow (when the input is less than smallest int144 or
* greater than largest int144).
*
* Counterpart to Solidity's `int144` operator.
*
* Requirements:
*
* - input must fit into 144 bits
*/
function toInt144(int256 value) internal pure returns (int144 downcasted) {
downcasted = int144(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(144, value);
}
}
/**
* @dev Returns the downcasted int136 from int256, reverting on
* overflow (when the input is less than smallest int136 or
* greater than largest int136).
*
* Counterpart to Solidity's `int136` operator.
*
* Requirements:
*
* - input must fit into 136 bits
*/
function toInt136(int256 value) internal pure returns (int136 downcasted) {
downcasted = int136(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(136, value);
}
}
/**
* @dev Returns the downcasted int128 from int256, reverting on
* overflow (when the input is less than smallest int128 or
* greater than largest int128).
*
* Counterpart to Solidity's `int128` operator.
*
* Requirements:
*
* - input must fit into 128 bits
*/
function toInt128(int256 value) internal pure returns (int128 downcasted) {
downcasted = int128(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(128, value);
}
}
/**
* @dev Returns the downcasted int120 from int256, reverting on
* overflow (when the input is less than smallest int120 or
* greater than largest int120).
*
* Counterpart to Solidity's `int120` operator.
*
* Requirements:
*
* - input must fit into 120 bits
*/
function toInt120(int256 value) internal pure returns (int120 downcasted) {
downcasted = int120(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(120, value);
}
}
/**
* @dev Returns the downcasted int112 from int256, reverting on
* overflow (when the input is less than smallest int112 or
* greater than largest int112).
*
* Counterpart to Solidity's `int112` operator.
*
* Requirements:
*
* - input must fit into 112 bits
*/
function toInt112(int256 value) internal pure returns (int112 downcasted) {
downcasted = int112(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(112, value);
}
}
/**
* @dev Returns the downcasted int104 from int256, reverting on
* overflow (when the input is less than smallest int104 or
* greater than largest int104).
*
* Counterpart to Solidity's `int104` operator.
*
* Requirements:
*
* - input must fit into 104 bits
*/
function toInt104(int256 value) internal pure returns (int104 downcasted) {
downcasted = int104(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(104, value);
}
}
/**
* @dev Returns the downcasted int96 from int256, reverting on
* overflow (when the input is less than smallest int96 or
* greater than largest int96).
*
* Counterpart to Solidity's `int96` operator.
*
* Requirements:
*
* - input must fit into 96 bits
*/
function toInt96(int256 value) internal pure returns (int96 downcasted) {
downcasted = int96(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(96, value);
}
}
/**
* @dev Returns the downcasted int88 from int256, reverting on
* overflow (when the input is less than smallest int88 or
* greater than largest int88).
*
* Counterpart to Solidity's `int88` operator.
*
* Requirements:
*
* - input must fit into 88 bits
*/
function toInt88(int256 value) internal pure returns (int88 downcasted) {
downcasted = int88(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(88, value);
}
}
/**
* @dev Returns the downcasted int80 from int256, reverting on
* overflow (when the input is less than smallest int80 or
* greater than largest int80).
*
* Counterpart to Solidity's `int80` operator.
*
* Requirements:
*
* - input must fit into 80 bits
*/
function toInt80(int256 value) internal pure returns (int80 downcasted) {
downcasted = int80(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(80, value);
}
}
/**
* @dev Returns the downcasted int72 from int256, reverting on
* overflow (when the input is less than smallest int72 or
* greater than largest int72).
*
* Counterpart to Solidity's `int72` operator.
*
* Requirements:
*
* - input must fit into 72 bits
*/
function toInt72(int256 value) internal pure returns (int72 downcasted) {
downcasted = int72(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(72, value);
}
}
/**
* @dev Returns the downcasted int64 from int256, reverting on
* overflow (when the input is less than smallest int64 or
* greater than largest int64).
*
* Counterpart to Solidity's `int64` operator.
*
* Requirements:
*
* - input must fit into 64 bits
*/
function toInt64(int256 value) internal pure returns (int64 downcasted) {
downcasted = int64(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(64, value);
}
}
/**
* @dev Returns the downcasted int56 from int256, reverting on
* overflow (when the input is less than smallest int56 or
* greater than largest int56).
*
* Counterpart to Solidity's `int56` operator.
*
* Requirements:
*
* - input must fit into 56 bits
*/
function toInt56(int256 value) internal pure returns (int56 downcasted) {
downcasted = int56(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(56, value);
}
}
/**
* @dev Returns the downcasted int48 from int256, reverting on
* overflow (when the input is less than smallest int48 or
* greater than largest int48).
*
* Counterpart to Solidity's `int48` operator.
*
* Requirements:
*
* - input must fit into 48 bits
*/
function toInt48(int256 value) internal pure returns (int48 downcasted) {
downcasted = int48(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(48, value);
}
}
/**
* @dev Returns the downcasted int40 from int256, reverting on
* overflow (when the input is less than smallest int40 or
* greater than largest int40).
*
* Counterpart to Solidity's `int40` operator.
*
* Requirements:
*
* - input must fit into 40 bits
*/
function toInt40(int256 value) internal pure returns (int40 downcasted) {
downcasted = int40(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(40, value);
}
}
/**
* @dev Returns the downcasted int32 from int256, reverting on
* overflow (when the input is less than smallest int32 or
* greater than largest int32).
*
* Counterpart to Solidity's `int32` operator.
*
* Requirements:
*
* - input must fit into 32 bits
*/
function toInt32(int256 value) internal pure returns (int32 downcasted) {
downcasted = int32(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(32, value);
}
}
/**
* @dev Returns the downcasted int24 from int256, reverting on
* overflow (when the input is less than smallest int24 or
* greater than largest int24).
*
* Counterpart to Solidity's `int24` operator.
*
* Requirements:
*
* - input must fit into 24 bits
*/
function toInt24(int256 value) internal pure returns (int24 downcasted) {
downcasted = int24(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(24, value);
}
}
/**
* @dev Returns the downcasted int16 from int256, reverting on
* overflow (when the input is less than smallest int16 or
* greater than largest int16).
*
* Counterpart to Solidity's `int16` operator.
*
* Requirements:
*
* - input must fit into 16 bits
*/
function toInt16(int256 value) internal pure returns (int16 downcasted) {
downcasted = int16(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(16, value);
}
}
/**
* @dev Returns the downcasted int8 from int256, reverting on
* overflow (when the input is less than smallest int8 or
* greater than largest int8).
*
* Counterpart to Solidity's `int8` operator.
*
* Requirements:
*
* - input must fit into 8 bits
*/
function toInt8(int256 value) internal pure returns (int8 downcasted) {
downcasted = int8(value);
if (downcasted != value) {
revert SafeCastOverflowedIntDowncast(8, value);
}
}
/**
* @dev Converts an unsigned uint256 into a signed int256.
*
* Requirements:
*
* - input must be less than or equal to maxInt256.
*/
function toInt256(uint256 value) internal pure returns (int256) {
// Note: Unsafe cast below is okay because `type(int256).max` is guaranteed to be positive
if (value > uint256(type(int256).max)) {
revert SafeCastOverflowedUintToInt(value);
}
return int256(value);
}
/**
* @dev Cast a boolean (false or true) to a uint256 (0 or 1) with no jump.
*/
function toUint(bool b) internal pure returns (uint256 u) {
assembly ("memory-safe") {
u := iszero(iszero(b))
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/math/SignedMath.sol)
pragma solidity ^0.8.20;
import {SafeCast} from "./SafeCast.sol";
/**
* @dev Standard signed math utilities missing in the Solidity language.
*/
library SignedMath {
/**
* @dev Branchless ternary evaluation for `a ? b : c`. Gas costs are constant.
*
* IMPORTANT: This function may reduce bytecode size and consume less gas when used standalone.
* However, the compiler may optimize Solidity ternary operations (i.e. `a ? b : c`) to only compute
* one branch when needed, making this function more expensive.
*/
function ternary(bool condition, int256 a, int256 b) internal pure returns (int256) {
unchecked {
// branchless ternary works because:
// b ^ (a ^ b) == a
// b ^ 0 == b
return b ^ ((a ^ b) * int256(SafeCast.toUint(condition)));
}
}
/**
* @dev Returns the largest of two signed numbers.
*/
function max(int256 a, int256 b) internal pure returns (int256) {
return ternary(a > b, a, b);
}
/**
* @dev Returns the smallest of two signed numbers.
*/
function min(int256 a, int256 b) internal pure returns (int256) {
return ternary(a < b, a, b);
}
/**
* @dev Returns the average of two signed numbers without overflow.
* The result is rounded towards zero.
*/
function average(int256 a, int256 b) internal pure returns (int256) {
// Formula from the book "Hacker's Delight"
int256 x = (a & b) + ((a ^ b) >> 1);
return x + (int256(uint256(x) >> 255) & (a ^ b));
}
/**
* @dev Returns the absolute unsigned value of a signed value.
*/
function abs(int256 n) internal pure returns (uint256) {
unchecked {
// Formula from the "Bit Twiddling Hacks" by Sean Eron Anderson.
// Since `n` is a signed integer, the generated bytecode will use the SAR opcode to perform the right shift,
// taking advantage of the most significant (or "sign" bit) in two's complement representation.
// This opcode adds new most significant bits set to the value of the previous most significant bit. As a result,
// the mask will either be `bytes32(0)` (if n is positive) or `~bytes32(0)` (if n is negative).
int256 mask = n >> 255;
// A `bytes32(0)` mask leaves the input unchanged, while a `~bytes32(0)` mask complements it.
return uint256((n + mask) ^ mask);
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/Panic.sol)
pragma solidity ^0.8.20;
/**
* @dev Helper library for emitting standardized panic codes.
*
* ```solidity
* contract Example {
* using Panic for uint256;
*
* // Use any of the declared internal constants
* function foo() { Panic.GENERIC.panic(); }
*
* // Alternatively
* function foo() { Panic.panic(Panic.GENERIC); }
* }
* ```
*
* Follows the list from https://github.com/ethereum/solidity/blob/v0.8.24/libsolutil/ErrorCodes.h[libsolutil].
*
* _Available since v5.1._
*/
// slither-disable-next-line unused-state
library Panic {
/// @dev generic / unspecified error
uint256 internal constant GENERIC = 0x00;
/// @dev used by the assert() builtin
uint256 internal constant ASSERT = 0x01;
/// @dev arithmetic underflow or overflow
uint256 internal constant UNDER_OVERFLOW = 0x11;
/// @dev division or modulo by zero
uint256 internal constant DIVISION_BY_ZERO = 0x12;
/// @dev enum conversion error
uint256 internal constant ENUM_CONVERSION_ERROR = 0x21;
/// @dev invalid encoding in storage
uint256 internal constant STORAGE_ENCODING_ERROR = 0x22;
/// @dev empty array pop
uint256 internal constant EMPTY_ARRAY_POP = 0x31;
/// @dev array out of bounds access
uint256 internal constant ARRAY_OUT_OF_BOUNDS = 0x32;
/// @dev resource error (too large allocation or too large array)
uint256 internal constant RESOURCE_ERROR = 0x41;
/// @dev calling invalid internal function
uint256 internal constant INVALID_INTERNAL_FUNCTION = 0x51;
/// @dev Reverts with a panic code. Recommended to use with
/// the internal constants with predefined codes.
function panic(uint256 code) internal pure {
assembly ("memory-safe") {
mstore(0x00, 0x4e487b71)
mstore(0x20, code)
revert(0x1c, 0x24)
}
}
}{
"remappings": [
"@openzeppelin/contracts/=lib/openzeppelin-contracts/contracts/",
"@openzeppelin/contracts-upgradeable/=lib/openzeppelin-contracts-upgradeable/contracts/",
"@solady/src/=lib/solady/src/",
"erc4626-tests/=lib/openzeppelin-contracts-upgradeable/lib/erc4626-tests/",
"forge-std/=lib/forge-std/src/",
"halmos-cheatcodes/=lib/openzeppelin-contracts-upgradeable/lib/halmos-cheatcodes/src/",
"openzeppelin-contracts-upgradeable/=lib/openzeppelin-contracts-upgradeable/",
"openzeppelin-contracts/=lib/openzeppelin-contracts/",
"solady/=lib/solady/src/"
],
"optimizer": {
"enabled": false,
"runs": 200
},
"metadata": {
"useLiteralContent": false,
"bytecodeHash": "ipfs",
"appendCBOR": true
},
"outputSelection": {
"*": {
"*": [
"evm.bytecode",
"evm.deployedBytecode",
"devdoc",
"userdoc",
"metadata",
"abi"
]
}
},
"evmVersion": "cancun",
"viaIR": false
}Contract ABI
API[{"inputs":[{"internalType":"address","name":"investor","type":"address"}],"name":"AlreadyClaimedExcess","type":"error"},{"inputs":[{"internalType":"address","name":"investor","type":"address"}],"name":"AlreadySettled","type":"error"},{"inputs":[],"name":"AskTokenUnavailable","type":"error"},{"inputs":[{"internalType":"address","name":"investor","type":"address"}],"name":"CannotWithdrawExcessInvestedCapital","type":"error"},{"inputs":[],"name":"CapitalAlreadyWithdrawn","type":"error"},{"inputs":[],"name":"CapitalRaisedAlreadyPublished","type":"error"},{"inputs":[],"name":"CapitalRaisedNotPublished","type":"error"},{"inputs":[],"name":"ECDSAInvalidSignature","type":"error"},{"inputs":[{"internalType":"uint256","name":"length","type":"uint256"}],"name":"ECDSAInvalidSignatureLength","type":"error"},{"inputs":[{"internalType":"bytes32","name":"s","type":"bytes32"}],"name":"ECDSAInvalidSignatureS","type":"error"},{"inputs":[],"name":"EnforcedPause","type":"error"},{"inputs":[],"name":"ExpectedPause","type":"error"},{"inputs":[],"name":"InvalidFeeAmount","type":"error"},{"inputs":[],"name":"InvalidInitialization","type":"error"},{"inputs":[{"internalType":"uint256","name":"amount","type":"uint256"}],"name":"InvalidInvestAmount","type":"error"},{"inputs":[],"name":"InvalidPeriodConfig","type":"error"},{"inputs":[],"name":"InvalidRefundAmount","type":"error"},{"inputs":[],"name":"InvalidSignature","type":"error"},{"inputs":[{"internalType":"uint256","name":"amount","type":"uint256"}],"name":"InvalidTokenAmountSupplied","type":"error"},{"inputs":[],"name":"InvalidVestingConfig","type":"error"},{"inputs":[],"name":"InvalidWithdrawAmount","type":"error"},{"inputs":[{"internalType":"address","name":"investor","type":"address"}],"name":"InvestorHasClaimedExcess","type":"error"},{"inputs":[{"internalType":"address","name":"investor","type":"address"}],"name":"InvestorHasRefunded","type":"error"},{"inputs":[],"name":"LockupPeriodIsNotOver","type":"error"},{"inputs":[{"internalType":"address","name":"investor","type":"address"}],"name":"NoCapitalInvested","type":"error"},{"inputs":[],"name":"NotCalledByLegion","type":"error"},{"inputs":[],"name":"NotCalledByLegionOrProject","type":"error"},{"inputs":[],"name":"NotCalledByProject","type":"error"},{"inputs":[{"internalType":"address","name":"investor","type":"address"}],"name":"NotInClaimWhitelist","type":"error"},{"inputs":[],"name":"NotInitializing","type":"error"},{"inputs":[],"name":"RefundPeriodIsNotOver","type":"error"},{"inputs":[],"name":"RefundPeriodIsOver","type":"error"},{"inputs":[],"name":"SaleHasEnded","type":"error"},{"inputs":[],"name":"SaleHasNotEnded","type":"error"},{"inputs":[],"name":"SaleIsCanceled","type":"error"},{"inputs":[],"name":"SaleIsNotCanceled","type":"error"},{"inputs":[],"name":"SaleResultsNotPublished","type":"error"},{"inputs":[],"name":"TokensAlreadyAllocated","type":"error"},{"inputs":[],"name":"TokensAlreadySupplied","type":"error"},{"inputs":[],"name":"TokensNotAllocated","type":"error"},{"inputs":[],"name":"ZeroAddressProvided","type":"error"},{"inputs":[],"name":"ZeroValueProvided","type":"error"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"bytes32","name":"merkleRoot","type":"bytes32"}],"name":"AcceptedCapitalSet","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"uint256","name":"amount","type":"uint256"},{"indexed":false,"internalType":"address","name":"investor","type":"address"},{"indexed":false,"internalType":"uint256","name":"investTimestamp","type":"uint256"}],"name":"CapitalInvested","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"uint256","name":"capitalRaised","type":"uint256"}],"name":"CapitalRaisedPublished","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"uint256","name":"amount","type":"uint256"},{"indexed":false,"internalType":"address","name":"investor","type":"address"}],"name":"CapitalRefunded","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"uint256","name":"amount","type":"uint256"},{"indexed":false,"internalType":"address","name":"investor","type":"address"}],"name":"CapitalRefundedAfterCancel","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"uint256","name":"amountToWithdraw","type":"uint256"},{"indexed":false,"internalType":"address","name":"projectOwner","type":"address"}],"name":"CapitalWithdrawn","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"address","name":"receiver","type":"address"},{"indexed":false,"internalType":"address","name":"token","type":"address"},{"indexed":false,"internalType":"uint256","name":"amount","type":"uint256"}],"name":"EmergencyWithdraw","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"uint256","name":"amount","type":"uint256"},{"indexed":false,"internalType":"address","name":"investor","type":"address"}],"name":"ExcessCapitalWithdrawn","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"uint64","name":"version","type":"uint64"}],"name":"Initialized","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"address","name":"legionBouncer","type":"address"},{"indexed":false,"internalType":"address","name":"legionSigner","type":"address"},{"indexed":false,"internalType":"address","name":"legionFeeReceiver","type":"address"},{"indexed":false,"internalType":"address","name":"vestingFactory","type":"address"}],"name":"LegionAddressesSynced","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"address","name":"account","type":"address"}],"name":"Paused","type":"event"},{"anonymous":false,"inputs":[],"name":"SaleCanceled","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"uint256","name":"endTime","type":"uint256"}],"name":"SaleEnded","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"bytes32","name":"claimMerkleRoot","type":"bytes32"},{"indexed":false,"internalType":"uint256","name":"tokensAllocated","type":"uint256"},{"indexed":false,"internalType":"address","name":"tokenAddress","type":"address"},{"indexed":false,"internalType":"uint256","name":"vestingStartTime","type":"uint256"}],"name":"SaleResultsPublished","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"uint256","name":"amount","type":"uint256"},{"indexed":false,"internalType":"address","name":"investor","type":"address"}],"name":"TokenAllocationClaimed","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"uint256","name":"amount","type":"uint256"},{"indexed":false,"internalType":"uint256","name":"legionFee","type":"uint256"},{"indexed":false,"internalType":"uint256","name":"referrerFee","type":"uint256"}],"name":"TokensSuppliedForDistribution","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"address","name":"account","type":"address"}],"name":"Unpaused","type":"event"},{"inputs":[],"name":"cancelSale","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"uint256","name":"amount","type":"uint256"},{"internalType":"bytes32[]","name":"proof","type":"bytes32[]"}],"name":"claimTokenAllocation","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"receiver","type":"address"},{"internalType":"address","name":"token","type":"address"},{"internalType":"uint256","name":"amount","type":"uint256"}],"name":"emergencyWithdraw","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"endSale","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"components":[{"internalType":"uint256","name":"salePeriodSeconds","type":"uint256"},{"internalType":"uint256","name":"refundPeriodSeconds","type":"uint256"},{"internalType":"uint256","name":"lockupPeriodSeconds","type":"uint256"},{"internalType":"uint256","name":"legionFeeOnCapitalRaisedBps","type":"uint256"},{"internalType":"uint256","name":"legionFeeOnTokensSoldBps","type":"uint256"},{"internalType":"uint256","name":"referrerFeeOnCapitalRaisedBps","type":"uint256"},{"internalType":"uint256","name":"referrerFeeOnTokensSoldBps","type":"uint256"},{"internalType":"uint256","name":"minimumInvestAmount","type":"uint256"},{"internalType":"address","name":"bidToken","type":"address"},{"internalType":"address","name":"askToken","type":"address"},{"internalType":"address","name":"projectAdmin","type":"address"},{"internalType":"address","name":"addressRegistry","type":"address"},{"internalType":"address","name":"referrerFeeReceiver","type":"address"}],"internalType":"struct ILegionSale.LegionSaleInitializationParams","name":"saleInitParams","type":"tuple"},{"components":[{"internalType":"uint256","name":"vestingDurationSeconds","type":"uint256"},{"internalType":"uint256","name":"vestingCliffDurationSeconds","type":"uint256"},{"internalType":"uint256","name":"tokenAllocationOnTGERate","type":"uint256"}],"internalType":"struct ILegionSale.LegionVestingInitializationParams","name":"vestingInitParams","type":"tuple"}],"name":"initialize","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"uint256","name":"amount","type":"uint256"},{"internalType":"bytes","name":"signature","type":"bytes"}],"name":"invest","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"investorAddress","type":"address"}],"name":"investorPositionDetails","outputs":[{"components":[{"internalType":"uint256","name":"investedCapital","type":"uint256"},{"internalType":"bool","name":"hasSettled","type":"bool"},{"internalType":"bool","name":"hasClaimedExcess","type":"bool"},{"internalType":"bool","name":"hasRefunded","type":"bool"},{"internalType":"address","name":"vestingAddress","type":"address"}],"internalType":"struct ILegionSale.InvestorPosition","name":"","type":"tuple"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"pauseSale","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"paused","outputs":[{"internalType":"bool","name":"","type":"bool"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"preLiquidSaleConfiguration","outputs":[{"components":[{"internalType":"uint256","name":"refundPeriodSeconds","type":"uint256"},{"internalType":"uint256","name":"lockupPeriodSeconds","type":"uint256"},{"internalType":"bool","name":"hasEnded","type":"bool"}],"internalType":"struct ILegionPreLiquidSaleV2.PreLiquidSaleConfiguration","name":"","type":"tuple"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"uint256","name":"capitalRaised","type":"uint256"}],"name":"publishCapitalRaised","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"bytes32","name":"claimMerkleRoot","type":"bytes32"},{"internalType":"uint256","name":"tokensAllocated","type":"uint256"},{"internalType":"address","name":"askToken","type":"address"},{"internalType":"uint256","name":"vestingStartTime","type":"uint256"}],"name":"publishSaleResults","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"refund","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"releaseVestedTokens","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"saleConfiguration","outputs":[{"components":[{"internalType":"uint256","name":"startTime","type":"uint256"},{"internalType":"uint256","name":"endTime","type":"uint256"},{"internalType":"uint256","name":"refundEndTime","type":"uint256"},{"internalType":"uint256","name":"lockupEndTime","type":"uint256"},{"internalType":"uint256","name":"legionFeeOnCapitalRaisedBps","type":"uint256"},{"internalType":"uint256","name":"legionFeeOnTokensSoldBps","type":"uint256"},{"internalType":"uint256","name":"referrerFeeOnCapitalRaisedBps","type":"uint256"},{"internalType":"uint256","name":"referrerFeeOnTokensSoldBps","type":"uint256"},{"internalType":"uint256","name":"minimumInvestAmount","type":"uint256"}],"internalType":"struct ILegionSale.LegionSaleConfiguration","name":"","type":"tuple"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"saleStatusDetails","outputs":[{"components":[{"internalType":"uint256","name":"totalCapitalInvested","type":"uint256"},{"internalType":"uint256","name":"totalTokensAllocated","type":"uint256"},{"internalType":"uint256","name":"totalCapitalRaised","type":"uint256"},{"internalType":"uint256","name":"totalCapitalWithdrawn","type":"uint256"},{"internalType":"bytes32","name":"claimTokensMerkleRoot","type":"bytes32"},{"internalType":"bytes32","name":"acceptedCapitalMerkleRoot","type":"bytes32"},{"internalType":"bool","name":"isCanceled","type":"bool"},{"internalType":"bool","name":"tokensSupplied","type":"bool"},{"internalType":"bool","name":"capitalWithdrawn","type":"bool"}],"internalType":"struct ILegionSale.LegionSaleStatus","name":"","type":"tuple"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"bytes32","name":"merkleRoot","type":"bytes32"}],"name":"setAcceptedCapital","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"uint256","name":"amount","type":"uint256"},{"internalType":"uint256","name":"legionFee","type":"uint256"},{"internalType":"uint256","name":"referrerFee","type":"uint256"}],"name":"supplyTokens","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"syncLegionAddresses","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"unpauseSale","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"vestingConfiguration","outputs":[{"components":[{"internalType":"uint256","name":"vestingDurationSeconds","type":"uint256"},{"internalType":"uint256","name":"vestingCliffDurationSeconds","type":"uint256"},{"internalType":"uint256","name":"tokenAllocationOnTGERate","type":"uint256"},{"internalType":"uint256","name":"vestingStartTime","type":"uint256"},{"internalType":"address","name":"vestingFactory","type":"address"}],"internalType":"struct ILegionSale.LegionVestingConfiguration","name":"","type":"tuple"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"uint256","name":"amount","type":"uint256"},{"internalType":"bytes32[]","name":"proof","type":"bytes32[]"}],"name":"withdrawExcessInvestedCapital","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"withdrawInvestedCapitalIfCanceled","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"withdrawRaisedCapital","outputs":[],"stateMutability":"nonpayable","type":"function"}]Loading...
Loading
Loading...
Loading
Loading...
Loading
[ Download: CSV Export ]
[ Download: CSV Export ]
A contract address hosts a smart contract, which is a set of code stored on the blockchain that runs when predetermined conditions are met. Learn more about addresses in our Knowledge Base.