Feature Tip: Add private address tag to any address under My Name Tag !
Overview
ETH Balance
0 ETH
Eth Value
$0.00More Info
Private Name Tags
ContractCreator
View more zero value Internal Transactions in Advanced View mode
Advanced mode:
Loading...
Loading
Contract Name:
SecurityCouncil
Compiler Version
v0.8.15+commit.e14f2714
Optimization Enabled:
Yes with 10000 runs
Other Settings:
london EvmVersion
Contract Source Code (Solidity Standard Json-Input format)
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { TokenMultiSigWallet } from "../universal/TokenMultiSigWallet.sol"; import { Semver } from "../universal/Semver.sol"; import { Colosseum } from "./Colosseum.sol"; /** * @custom:proxied * @title SecurityCouncil * @notice SecurityCouncil receives validation requests for specific output data, * and allows security council parties to validate & agree on transactions before execution. */ contract SecurityCouncil is TokenMultiSigWallet, Semver { /** * @notice The address of the colosseum contract. Can be updated via upgrade. */ address public immutable COLOSSEUM; /** * @notice A mapping of outputs requested to be deleted. */ mapping(uint256 => bool) public outputsDeleteRequested; /** * @notice Emitted when a validation request is submitted. * * @param transactionId Index of the submitted transaction. * @param outputRoot The L2 output of the checkpoint block to be validated. * @param l2BlockNumber The L2 block number to be validated. */ event ValidationRequested( uint256 indexed transactionId, bytes32 outputRoot, uint256 l2BlockNumber ); /** * @notice Emitted when an output is requested to be deleted. * * @param transactionId Index of the requested transaction. * @param outputIndex Index of output to be deleted. */ event DeletionRequested(uint256 indexed transactionId, uint256 indexed outputIndex); /** * @notice Disallow calls from anyone except Colosseum. */ modifier onlyColosseum() { require( msg.sender == COLOSSEUM, "SecurityCouncil: only the colosseum contract can be a sender" ); _; } /** * @custom:semver 1.1.0 * * @param _colosseum Address of the Colosseum contract. * @param _governor Address of Governor contract. */ constructor(address _colosseum, address payable _governor) TokenMultiSigWallet(_governor) Semver(1, 1, 0) { COLOSSEUM = _colosseum; } /** * @notice Allows the Colosseum to request for validate output data. * * @param _outputRoot The L2 output of the checkpoint block to be validated. * @param _l2BlockNumber The L2 block number to be validated. * @param _data Calldata for callback purpose. */ function requestValidation( bytes32 _outputRoot, uint256 _l2BlockNumber, bytes memory _data ) public onlyColosseum { uint256 transactionId = _submitTransaction(msg.sender, 0, _data); emit ValidationRequested(transactionId, _outputRoot, _l2BlockNumber); } /** * @notice Requests to delete an output to Colosseum forcefully. * This should only be called by one of the Security Council when undeniable bugs occur. * * @param _outputIndex Index of output to be deleted. * @param _force Option to forcibly make a request to delete the output. */ function requestDeletion(uint256 _outputIndex, bool _force) public onlyTokenOwner(msg.sender) { require( !outputsDeleteRequested[_outputIndex] || _force, "SecurityCouncil: the output has already been requested to be deleted" ); bytes memory message = abi.encodeWithSelector( Colosseum.forceDeleteOutput.selector, _outputIndex ); uint256 transactionId = submitTransaction(address(COLOSSEUM), 0, message); // auto-confirmed by requester confirmTransaction(transactionId); outputsDeleteRequested[_outputIndex] = true; emit DeletionRequested(transactionId, _outputIndex); } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import "@openzeppelin/contracts-upgradeable/interfaces/IERC5805Upgradeable.sol"; import "@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol"; import "@openzeppelin/contracts-upgradeable/utils/math/SafeCastUpgradeable.sol"; import { UpgradeGovernor } from "../governance/UpgradeGovernor.sol"; import { SafeCall } from "../libraries/SafeCall.sol"; import { Types } from "../libraries/Types.sol"; import { ITokenMultiSigWallet } from "./ITokenMultiSigWallet.sol"; /** * @custom:upgradeable * @title TokenMultiSigWallet * @notice This contract implements `ITokenMultiSigWallet`. * Allows multiple parties to agree on transactions before execution. */ abstract contract TokenMultiSigWallet is ITokenMultiSigWallet, ReentrancyGuardUpgradeable { /** * @notice The address of the governor contract. Can be updated via upgrade. */ UpgradeGovernor public immutable GOVERNOR; /** * @notice A mapping of transactions submitted. */ mapping(uint256 => Types.MultiSigTransaction) public transactions; /** * @notice A mapping of confirmations. */ mapping(uint256 => Types.MultiSigConfirmation) public confirmations; /** * @notice Spacer for backwards compatibility. */ uint256[3] private spacer_53_0_96; /** * @notice The number of transactions submitted. */ uint256 public transactionCount; /** * @notice Only allow the owner of governance token to call the functions. * This ensures that function is only executed by governance. */ modifier onlyTokenOwner(address _address) { require( getVotes(_address) > 0, "TokenMultiSigWallet: only allowed to governance token owner" ); _; } /** * @notice Ensure that the transaction exists. * * @param _transactionId The ID of submitted transaction requested. */ modifier transactionExists(uint256 _transactionId) { require( transactions[_transactionId].target != address(0), "TokenMultiSigWallet: transaction does not exist" ); _; } /** * @notice Ensure that the transaction not exceuted. * * @param _transactionId The ID of transaction to check. */ modifier transactionNotExcuted(uint256 _transactionId) { require(!transactions[_transactionId].executed, "TokenMultiSigWallet: already executed"); _; } /** * @notice Ensure that the address is not zero address. * * @param _address Address resource requested. */ modifier validAddress(address _address) { require(_address != address(0), "TokenMultiSigWallet: address is not valid"); _; } /** * @param _governor Address of the Governor contract. */ constructor(address payable _governor) { GOVERNOR = UpgradeGovernor(_governor); } /** * @inheritdoc ITokenMultiSigWallet */ function submitTransaction( address _target, uint256 _value, bytes memory _data ) public onlyTokenOwner(msg.sender) returns (uint256) { return _submitTransaction(_target, _value, _data); } function _submitTransaction( address _target, uint256 _value, bytes memory _data ) internal validAddress(_target) returns (uint256) { uint256 transactionId = generateTransactionId(_target, _value, _data); require( transactions[transactionId].target == address(0), "TokenMultiSigWallet: transaction already exists" ); transactions[transactionId] = Types.MultiSigTransaction({ target: _target, value: _value, data: _data, executed: false }); unchecked { ++transactionCount; } emit TransactionSubmitted(msg.sender, transactionId); return transactionId; } /** * @inheritdoc ITokenMultiSigWallet */ function confirmTransaction(uint256 _transactionId) public onlyTokenOwner(msg.sender) transactionExists(_transactionId) { Types.MultiSigConfirmation storage confirms = confirmations[_transactionId]; require(!confirms.confirmedBy[msg.sender], "TokenMultiSigWallet: already confirmed"); confirms.confirmedBy[msg.sender] = true; confirms.confirmationCount += getVotes(msg.sender); emit TransactionConfirmed(msg.sender, _transactionId); // execute transaction if condition is met. if (confirmations[_transactionId].confirmationCount >= quorum()) { executeTransaction(_transactionId); } } /** * @inheritdoc ITokenMultiSigWallet */ function revokeConfirmation(uint256 _transactionId) public onlyTokenOwner(msg.sender) transactionExists(_transactionId) transactionNotExcuted(_transactionId) { require( isConfirmedBy(_transactionId, msg.sender), "TokenMultiSigWallet: not confirmed yet" ); Types.MultiSigConfirmation storage confirms = confirmations[_transactionId]; confirms.confirmedBy[msg.sender] = false; confirms.confirmationCount -= getVotes(msg.sender); emit ConfirmationRevoked(msg.sender, _transactionId); } /** * @inheritdoc ITokenMultiSigWallet */ function executeTransaction(uint256 _transactionId) public nonReentrant transactionExists(_transactionId) transactionNotExcuted(_transactionId) { require(isConfirmed(_transactionId), "TokenMultiSigWallet: quorum not reached"); Types.MultiSigTransaction storage txn = transactions[_transactionId]; txn.executed = true; bool success = SafeCall.call(txn.target, gasleft(), txn.value, txn.data); require(success, "TokenMultiSigWallet: call transaction failed"); emit TransactionExecuted(msg.sender, _transactionId); } /** * @inheritdoc ITokenMultiSigWallet */ function isConfirmed(uint256 _transactionId) public view returns (bool) { return confirmations[_transactionId].confirmationCount >= quorum(); } /** * @inheritdoc ITokenMultiSigWallet */ function quorum() public view returns (uint256) { uint256 currentTimepoint = clock() - 1; return (IERC5805Upgradeable(address(GOVERNOR.token())).getPastTotalSupply(currentTimepoint) * GOVERNOR.quorumNumerator(currentTimepoint)) / GOVERNOR.quorumDenominator(); } /** * @inheritdoc ITokenMultiSigWallet */ function getVotes(address account) public view returns (uint256) { return IERC5805Upgradeable(address(GOVERNOR.token())).getVotes(account); } /** * @inheritdoc ITokenMultiSigWallet */ function isConfirmedBy(uint256 _transactionId, address _account) public view returns (bool) { return confirmations[_transactionId].confirmedBy[_account]; } /** * @inheritdoc ITokenMultiSigWallet */ function getConfirmationCount(uint256 _transactionId) public view returns (uint256) { return confirmations[_transactionId].confirmationCount; } /** * @notice Generate id of the transaction. * * @param _target Transaction target address. * @param _value Transaction ether value. * @param _data Transaction data payload. * * @return Generated transaction id. */ function generateTransactionId( address _target, uint256 _value, bytes memory _data ) public view validAddress(_target) returns (uint256) { return uint256(keccak256(abi.encode(_target, _value, _data, clock()))); } /** * @dev Clock (as specified in EIP-6372) is set to match the token's clock. * Fallback to block numbers if the token does not implement EIP-6372. */ function clock() public view returns (uint48) { try IERC5805Upgradeable(address(GOVERNOR.token())).clock() returns (uint48 timepoint) { return timepoint; } catch { return SafeCastUpgradeable.toUint48(block.number); } } }
// SPDX-License-Identifier: MIT pragma solidity ^0.8.15; import { Strings } from "@openzeppelin/contracts/utils/Strings.sol"; /** * @title Semver * @notice Semver is a simple contract for managing contract versions. */ contract Semver { /** * @notice Contract version number (major). */ uint256 private immutable MAJOR_VERSION; /** * @notice Contract version number (minor). */ uint256 private immutable MINOR_VERSION; /** * @notice Contract version number (patch). */ uint256 private immutable PATCH_VERSION; /** * @param _major Version number (major). * @param _minor Version number (minor). * @param _patch Version number (patch). */ constructor( uint256 _major, uint256 _minor, uint256 _patch ) { MAJOR_VERSION = _major; MINOR_VERSION = _minor; PATCH_VERSION = _patch; } /** * @notice Returns the full semver contract version. * * @return Semver contract version as a string. */ function version() public view virtual returns (string memory) { return string( abi.encodePacked( Strings.toString(MAJOR_VERSION), ".", Strings.toString(MINOR_VERSION), ".", Strings.toString(PATCH_VERSION) ) ); } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { Initializable } from "@openzeppelin/contracts/proxy/utils/Initializable.sol"; import { Math } from "@openzeppelin/contracts/utils/math/Math.sol"; import { Hashing } from "../libraries/Hashing.sol"; import { Predeploys } from "../libraries/Predeploys.sol"; import { Types } from "../libraries/Types.sol"; import { Semver } from "../universal/Semver.sol"; import { IZKMerkleTrie } from "./IZKMerkleTrie.sol"; import { L2OutputOracle } from "./L2OutputOracle.sol"; import { SecurityCouncil } from "./SecurityCouncil.sol"; import { ZKVerifier } from "./ZKVerifier.sol"; contract Colosseum is Initializable, Semver { /** * @notice The constant value for the first turn. */ uint8 internal constant TURN_INIT = 1; /** * @notice The constant value for the delete output root. */ bytes32 internal constant DELETED_OUTPUT_ROOT = bytes32(0); /** * @notice Enum of the challenge status. * * See the https://github.com/kroma-network/kroma/blob/dev/specs/challenge.md#state-diagram * for more details. * * Belows are possible state transitions at current implementation. * * 1) NONE → createChallenge() → ASSERTER_TURN * 2) ASSERTER_TURN → bisect() → CHALLENGER_TURN * 3) ASSERTER_TURN → on bisection timeout → ASSERTER_TIMEOUT * 4) CHALLENGER_TURN → bisect() → ASSERTER_TURN * 5) CHALLENGER_TURN → when isAbleToBisect() returns false → READY_TO_PROVE * 6) CHALLENGER_TURN → on bisection timeout → CHALLENGER_TIMEOUT * 7) ASSERTER_TIMEOUT → when proveFault() succeeds → NONE * 8) ASSERTER_TIMEOUT → on proving timeout → CHALLENGER_TIMEOUT * 9) READY_TO_PROVE → when proveFault() succeeds → NONE * 10) READY_TO_PROVE → on proving timeout → CHALLENGER_TIMEOUT * 11) CHALLENGER_TIMEOUT → challengerTimeout() → NONE */ enum ChallengeStatus { NONE, CHALLENGER_TURN, ASSERTER_TURN, CHALLENGER_TIMEOUT, ASSERTER_TIMEOUT, READY_TO_PROVE } /** * @notice Address of the L2OutputOracle. */ L2OutputOracle public immutable L2_ORACLE; /** * @notice Address of the ZKVerifier. */ ZKVerifier public immutable ZK_VERIFIER; /** * @notice The period seconds for which challenges can be created per each output. */ uint256 public immutable CREATION_PERIOD_SECONDS; /** * @notice Timeout seconds for the bisection. */ uint256 public immutable BISECTION_TIMEOUT; /** * @notice Timeout seconds for the proving. */ uint256 public immutable PROVING_TIMEOUT; /** * @notice The interval in L2 blocks at which checkpoints must be * submitted on L2OutputOracle contract. */ uint256 public immutable L2_ORACLE_SUBMISSION_INTERVAL; /** * @notice The dummy transaction hash. This is used to pad if the * number of transactions is less than MAX_TXS. This is same as: * unsignedTx = { * nonce: 0, * gasLimit: 0, * gasPrice: 0, * to: address(0), * value: 0, * data: '0x', * chainId: CHAIN_ID, * } * signature = sign(unsignedTx, 0x1) * dummyHash = keccak256(rlp({ * ...unsignedTx, * signature, * })) */ bytes32 public immutable DUMMY_HASH; /** * @notice The maximum number of transactions */ uint256 public immutable MAX_TXS; /** * @notice Address that has the ability to approve the challenge. */ address public immutable SECURITY_COUNCIL; /** * @notice Address that has the ability to verify the merkle proof. */ address public immutable ZK_MERKLE_TRIE; /** * @notice Length of segment array for each turn. */ mapping(uint256 => uint256) internal segmentsLengths; /** * @notice A mapping of the challenge. */ mapping(uint256 => mapping(address => Types.Challenge)) public challenges; /** * @notice A mapping indicating whether a public input is verified or not. */ mapping(bytes32 => bool) public verifiedPublicInputs; /** * @notice Emitted when the challenge is created. * * @param outputIndex Index of the L2 checkpoint output. * @param asserter Address of the asserter. * @param challenger Address of the challenger. * @param timestamp The timestamp when created. */ event ChallengeCreated( uint256 indexed outputIndex, address indexed asserter, address indexed challenger, uint256 timestamp ); /** * @notice Emitted when segments are bisected. * * @param outputIndex Index of the L2 checkpoint output. * @param challenger Address of the challenger. * @param turn The current turn. * @param timestamp The timestamp when bisected. */ event Bisected( uint256 indexed outputIndex, address indexed challenger, uint8 turn, uint256 timestamp ); /** * @notice Emitted when it is ready to be proved. * * @param outputIndex Index of the L2 checkpoint output. * @param challenger Address of the challenger. */ event ReadyToProve(uint256 indexed outputIndex, address indexed challenger); /** * @notice Emitted when proven fault. * * @param outputIndex Index of the L2 checkpoint output. * @param challenger Address of the challenger. * @param timestamp The timestamp when proven. */ event Proven(uint256 indexed outputIndex, address indexed challenger, uint256 timestamp); /** * @notice Emitted when challenge is dismissed. * * @param outputIndex Index of the L2 checkpoint output. * @param challenger Address of the challenger. * @param timestamp The timestamp when dismissed. */ event ChallengeDismissed( uint256 indexed outputIndex, address indexed challenger, uint256 timestamp ); /** * @notice Emitted when challenge is canceled. * * @param outputIndex Index of the L2 checkpoint output. * @param challenger Address of the challenger. * @param timestamp The timestamp when canceled. */ event ChallengeCanceled( uint256 indexed outputIndex, address indexed challenger, uint256 timestamp ); /** * @notice Emitted when challenger timed out. * * @param outputIndex Index of the L2 checkpoint output. * @param challenger Address of the challenger. * @param timestamp The timestamp when deleted. */ event ChallengerTimedOut( uint256 indexed outputIndex, address indexed challenger, uint256 timestamp ); /** * @notice A modifier that only allows the security council to call */ modifier onlySecurityCouncil() { require(msg.sender == SECURITY_COUNCIL, "Colosseum: sender is not the security council"); _; } /** * @notice Reverts if the output of given index is already finalized. * * @param _outputIndex Index of the L2 checkpoint output. */ modifier outputNotFinalized(uint256 _outputIndex) { require( !L2_ORACLE.isFinalized(_outputIndex), "Colosseum: cannot progress challenge process about already finalized output" ); _; } /** * @custom:semver 1.0.0 * * @param _l2Oracle Address of the L2OutputOracle contract. * @param _zkVerifier Address of the ZKVerifier contract. * @param _submissionInterval Interval in blocks at which checkpoints must be submitted. * @param _creationPeriodSeconds Seconds The period seconds for which challenges can be created per each output. * @param _bisectionTimeout Timeout seconds for the bisection. * @param _provingTimeout Timeout seconds for the proving. * @param _dummyHash Dummy hash. * @param _maxTxs Number of max transactions per block. * @param _segmentsLengths Lengths of segments. * @param _securityCouncil Address of security council. * @param _zkMerkleTrie Address of zk merkle trie. */ constructor( L2OutputOracle _l2Oracle, ZKVerifier _zkVerifier, uint256 _submissionInterval, uint256 _creationPeriodSeconds, uint256 _bisectionTimeout, uint256 _provingTimeout, bytes32 _dummyHash, uint256 _maxTxs, uint256[] memory _segmentsLengths, address _securityCouncil, address _zkMerkleTrie ) Semver(1, 0, 0) { L2_ORACLE = _l2Oracle; ZK_VERIFIER = _zkVerifier; CREATION_PERIOD_SECONDS = _creationPeriodSeconds; BISECTION_TIMEOUT = _bisectionTimeout; PROVING_TIMEOUT = _provingTimeout; L2_ORACLE_SUBMISSION_INTERVAL = _submissionInterval; DUMMY_HASH = _dummyHash; MAX_TXS = _maxTxs; SECURITY_COUNCIL = _securityCouncil; ZK_MERKLE_TRIE = _zkMerkleTrie; initialize(_segmentsLengths); } /** * @notice Initializer. */ function initialize(uint256[] memory _segmentsLengths) public initializer { _setSegmentsLengths(_segmentsLengths); } /** * @notice Creates a challenge against an invalid output. * * @param _outputIndex Index of the invalid L2 checkpoint output. * @param _l1BlockHash The block hash of L1 at the time the output L2 block was created. * @param _l1BlockNumber The block number of L1 with the specified L1 block hash. * @param _segments Array of the segment. A segment is the first output root of a specific range. */ function createChallenge( uint256 _outputIndex, bytes32 _l1BlockHash, uint256 _l1BlockNumber, bytes32[] calldata _segments ) external outputNotFinalized(_outputIndex) { require(_outputIndex > 0, "Colosseum: challenge for genesis output is not allowed"); Types.Challenge storage challenge = challenges[_outputIndex][msg.sender]; if (challenge.turn >= TURN_INIT) { ChallengeStatus status = _challengeStatus(challenge); require( status == ChallengeStatus.CHALLENGER_TIMEOUT, "Colosseum: the challenge for given output index is already in progress" ); _challengerTimeout(_outputIndex, msg.sender); } Types.CheckpointOutput memory targetOutput = L2_ORACLE.getL2Output(_outputIndex); require( targetOutput.timestamp + CREATION_PERIOD_SECONDS >= block.timestamp, "Colosseum: cannot create a challenge after the creation period" ); require( targetOutput.outputRoot != DELETED_OUTPUT_ROOT, "Colosseum: challenge for deleted output is not allowed" ); require( msg.sender != targetOutput.submitter, "Colosseum: the asserter and challenger must be different" ); if (_l1BlockHash != bytes32(0) && blockhash(_l1BlockNumber) != bytes32(0)) { // Like L2OutputOracle, it reverts transactions when L1 reorged. require( blockhash(_l1BlockNumber) == _l1BlockHash, "Colosseum: block hash does not match the hash at the expected height" ); } Types.CheckpointOutput memory prevOutput = L2_ORACLE.getL2Output(_outputIndex - 1); // If the previous output has been deleted, the first segment will not be compared with the previous output. if (prevOutput.outputRoot == DELETED_OUTPUT_ROOT) { _validateSegments(TURN_INIT, _segments[0], targetOutput.outputRoot, _segments); } else { _validateSegments(TURN_INIT, prevOutput.outputRoot, targetOutput.outputRoot, _segments); } L2_ORACLE.VALIDATOR_POOL().addPendingBond(_outputIndex, msg.sender); _updateSegments( challenge, _segments, targetOutput.l2BlockNumber - L2_ORACLE_SUBMISSION_INTERVAL, L2_ORACLE_SUBMISSION_INTERVAL ); challenge.turn = TURN_INIT; challenge.asserter = targetOutput.submitter; challenge.challenger = msg.sender; _updateTimeout(challenge); emit ChallengeCreated(_outputIndex, targetOutput.submitter, msg.sender, block.timestamp); } /** * @notice Selects an invalid section and submit segments of that section. * * @param _outputIndex Index of the L2 checkpoint output. * @param _challenger Address of the challenger. * @param _pos Position of the last valid segment. * @param _segments Array of the segment. A segment is the first output root of a specific range. */ function bisect( uint256 _outputIndex, address _challenger, uint256 _pos, bytes32[] calldata _segments ) external outputNotFinalized(_outputIndex) { Types.Challenge storage challenge = challenges[_outputIndex][_challenger]; ChallengeStatus status = _challengeStatus(challenge); if (_cancelIfOutputDeleted(_outputIndex, challenge.challenger, status)) { return; } address expectedSender; if (status == ChallengeStatus.CHALLENGER_TURN) { expectedSender = challenge.challenger; } else if (status == ChallengeStatus.ASSERTER_TURN) { expectedSender = challenge.asserter; } require(msg.sender == expectedSender, "Colosseum: not your turn"); uint8 newTurn = challenge.turn + 1; _validateSegments( newTurn, challenge.segments[_pos], challenge.segments[_pos + 1], _segments ); uint256 segSize = _nextSegSize(challenge); uint256 segStart = challenge.segStart + _pos * segSize; _updateSegments(challenge, _segments, segStart, segSize); challenge.turn = newTurn; _updateTimeout(challenge); emit Bisected(_outputIndex, _challenger, newTurn, block.timestamp); if (!_isAbleToBisect(challenge)) { emit ReadyToProve(_outputIndex, _challenger); } } /** * @notice Proves that a specific output is invalid using ZKP. * This function can only be called in the READY_TO_PROVE and ASSERTER_TIMEOUT states. * * @param _outputIndex Index of the L2 checkpoint output. * @param _pos Position of the last valid segment. * @param _proof Proof for public input validation. * @param _zkproof Halo2 proofs composed of points and scalars. * See https://zcash.github.io/halo2/design/implementation/proofs.html. * @param _pair Aggregated multi-opening proofs and public inputs. (Currently only 2 public inputs) */ function proveFault( uint256 _outputIndex, uint256 _pos, Types.PublicInputProof calldata _proof, uint256[] calldata _zkproof, uint256[] calldata _pair ) external outputNotFinalized(_outputIndex) { Types.Challenge storage challenge = challenges[_outputIndex][msg.sender]; ChallengeStatus status = _challengeStatus(challenge); if (_cancelIfOutputDeleted(_outputIndex, challenge.challenger, status)) { return; } require( status == ChallengeStatus.READY_TO_PROVE || status == ChallengeStatus.ASSERTER_TIMEOUT, "Colosseum: impossible to prove the fault in current status" ); bytes32 srcOutputRoot = Hashing.hashOutputRootProof(_proof.srcOutputRootProof); bytes32 dstOutputRoot = Hashing.hashOutputRootProof(_proof.dstOutputRootProof); _validateOutputRootProof( _pos, challenge, srcOutputRoot, dstOutputRoot, _proof.srcOutputRootProof, _proof.dstOutputRootProof ); _validatePublicInput( _proof.srcOutputRootProof, _proof.dstOutputRootProof, _proof.publicInput, _proof.rlps ); _validateWithdrawalStorageRoot( _proof.merkleProof, _proof.l2ToL1MessagePasserBalance, _proof.l2ToL1MessagePasserCodeHash, _proof.dstOutputRootProof.messagePasserStorageRoot, _proof.dstOutputRootProof.stateRoot ); bytes32 publicInputHash = _hashPublicInput( _proof.srcOutputRootProof.stateRoot, _proof.publicInput ); require( !verifiedPublicInputs[publicInputHash], "Colosseum: public input that has already been validated cannot be used again" ); require(ZK_VERIFIER.verify(_zkproof, _pair, publicInputHash), "Colosseum: invalid proof"); emit Proven(_outputIndex, msg.sender, block.timestamp); // Scope to call the security council, to avoid stack too deep. { Types.CheckpointOutput memory output = L2_ORACLE.getL2Output(_outputIndex); bytes memory callbackData = abi.encodeWithSelector( this.dismissChallenge.selector, _outputIndex, msg.sender, challenge.asserter, output.outputRoot, publicInputHash ); // Request outputRoot validation to security council SecurityCouncil(SECURITY_COUNCIL).requestValidation( output.outputRoot, output.l2BlockNumber, callbackData ); } verifiedPublicInputs[publicInputHash] = true; delete challenges[_outputIndex][msg.sender]; // Delete output root. L2_ORACLE.replaceL2Output(_outputIndex, DELETED_OUTPUT_ROOT, msg.sender); // The challenger's bond is also included in the bond for that output. L2_ORACLE.VALIDATOR_POOL().increaseBond(_outputIndex, msg.sender); } /** * @notice Calls a private function that deletes the challenge because the challenger has timed out. * Reverts if the challenger hasn't timed out. * * @param _outputIndex Index of the L2 checkpoint output. * @param _challenger Address of the challenger. */ function challengerTimeout(uint256 _outputIndex, address _challenger) external { Types.Challenge storage challenge = challenges[_outputIndex][_challenger]; ChallengeStatus status = _challengeStatus(challenge); require( status == ChallengeStatus.CHALLENGER_TIMEOUT, "Colosseum: can only be called if the challenger is in timout" ); _challengerTimeout(_outputIndex, _challenger); } /** * @notice Cancels the challenge. * Reverts if is not possible to cancel the sender's challenge for the given output index. * * @param _outputIndex Index of the L2 checkpoint output. */ function cancelChallenge(uint256 _outputIndex) external { Types.Challenge storage challenge = challenges[_outputIndex][msg.sender]; ChallengeStatus status = _challengeStatus(challenge); require(status != ChallengeStatus.NONE, "Colosseum: the challenge does not exist"); require( _cancelIfOutputDeleted(_outputIndex, challenge.challenger, status), "Colosseum: challenge cannot be cancelled" ); } /** * @notice Dismisses the challenge and rollback l2 output. * This function can only be called by Security Council contract. * * @param _outputIndex Index of the L2 checkpoint output. * @param _challenger Address of the challenger. * @param _asserter Address of the asserter. * @param _outputRoot The L2 output root to rollback. * @param _publicInputHash Hash of public input. */ function dismissChallenge( uint256 _outputIndex, address _challenger, address _asserter, bytes32 _outputRoot, bytes32 _publicInputHash ) external onlySecurityCouncil { require( _outputRoot != DELETED_OUTPUT_ROOT, "Colosseum: cannot rollback output to zero hash" ); require( L2_ORACLE.getL2Output(_outputIndex).outputRoot == DELETED_OUTPUT_ROOT, "Colosseum: only can rollback if the output has been deleted" ); verifiedPublicInputs[_publicInputHash] = false; // Rollback output root. L2_ORACLE.replaceL2Output(_outputIndex, _outputRoot, _asserter); emit ChallengeDismissed(_outputIndex, _challenger, block.timestamp); } /** * @notice Deletes the L2 output root forcefully by the Security Council * when zk-proving is not possible due to an undeniable bug. * * @param _outputIndex Index of the L2 checkpoint output. */ function forceDeleteOutput(uint256 _outputIndex) external onlySecurityCouncil outputNotFinalized(_outputIndex) { // Check if the output is deleted. Types.CheckpointOutput memory output = L2_ORACLE.getL2Output(_outputIndex); require( output.outputRoot != DELETED_OUTPUT_ROOT, "Colosseum: the output has already been deleted" ); // Delete output root. L2_ORACLE.replaceL2Output(_outputIndex, DELETED_OUTPUT_ROOT, SECURITY_COUNCIL); } /** * @notice Reverts if the given segments are invalid. * * @param _turn The current turn. * @param _prevFirst The first segment of previous turn. * @param _prevLast The last segment of previous turn. * @param _segments Array of the segment. */ function _validateSegments( uint8 _turn, bytes32 _prevFirst, bytes32 _prevLast, bytes32[] memory _segments ) private view { uint256 segLen = _segments.length; require(getSegmentsLength(_turn) == segLen, "Colosseum: invalid segments length"); require(_prevFirst == _segments[0], "Colosseum: the first segment must be matched"); require( _prevLast != _segments[segLen - 1], "Colosseum: the last segment must not be matched" ); } /** * @notice Updates the segment information for a given challenge. * * @param _challenge The challenge data. * @param _segments Array of the segment. * @param _segStart The L2 block number of the first segment. * @param _segSize The number of L2 blocks. */ function _updateSegments( Types.Challenge storage _challenge, bytes32[] memory _segments, uint256 _segStart, uint256 _segSize ) private { _challenge.segments = _segments; _challenge.segStart = _segStart; _challenge.segSize = _segSize; } /** * @notice Updates timestamp of the challenge timeout. * * @param _challenge The challenge data to update. */ function _updateTimeout(Types.Challenge storage _challenge) private { if (!_isAbleToBisect(_challenge)) { _challenge.timeoutAt = uint64(block.timestamp + PROVING_TIMEOUT); } else { _challenge.timeoutAt = uint64(block.timestamp + BISECTION_TIMEOUT); } } /** * @notice Validates and updates the lengths of segments. * * @param _segmentsLengths Lengths of segments. */ function _setSegmentsLengths(uint256[] memory _segmentsLengths) private { // _segmentsLengths length should be an even number in order to let challenger submit // invalidity proof at the last turn. require( _segmentsLengths.length % 2 == 0, "Colosseum: length of segments lengths cannot be odd number" ); uint256 sum = 1; for (uint256 i = 0; i < _segmentsLengths.length; ) { segmentsLengths[i] = _segmentsLengths[i]; sum = sum * (_segmentsLengths[i] - 1); unchecked { ++i; } } require(sum == L2_ORACLE_SUBMISSION_INTERVAL, "Colosseum: invalid segments lengths"); } /** * @notice Checks if the L2ToL1MesagePasser account is included in the given state root. * * @param _merkleProof Merkle proof of L2ToL1MessagePasser account against the state root. * @param _l2ToL1MessagePasserBalance Balance of the L2ToL1MessagePasser account. * @param _l2ToL1MessagePasserCodeHash Codehash of the L2ToL1MessagePasser account. * @param _messagePasserStorageRoot Storage root of the L2ToL1MessagePasser account. * @param _stateRoot State root. */ function _validateWithdrawalStorageRoot( bytes[] calldata _merkleProof, bytes32 _l2ToL1MessagePasserBalance, bytes32 _l2ToL1MessagePasserCodeHash, bytes32 _messagePasserStorageRoot, bytes32 _stateRoot ) private view { // TODO(chokobole): Can we fix the codeHash? bytes memory l2ToL1MessagePasserAccount = abi.encodePacked( uint256(0), // nonce _l2ToL1MessagePasserBalance, // balance, _l2ToL1MessagePasserCodeHash, // codeHash, _messagePasserStorageRoot // storage root ); require( IZKMerkleTrie(ZK_MERKLE_TRIE).verifyInclusionProof( bytes32(bytes20(Predeploys.L2_TO_L1_MESSAGE_PASSER)), l2ToL1MessagePasserAccount, _merkleProof, _stateRoot ), "Colosseum: invalid L2ToL1MessagePasser inclusion proof" ); } /** * @notice Validates the output root proofs. * * @param _pos Position of the last valid segment. * @param _challenge The challenge data. * @param _srcOutputRoot The source output root. * @param _dstOutputRoot The destination output root. * @param _srcOutputRootProof Proof of the source output root. * @param _dstOutputRootProof Proof of the destination output root. */ function _validateOutputRootProof( uint256 _pos, Types.Challenge storage _challenge, bytes32 _srcOutputRoot, bytes32 _dstOutputRoot, Types.OutputRootProof calldata _srcOutputRootProof, Types.OutputRootProof calldata _dstOutputRootProof ) private view { require( _challenge.segments[_pos] == _srcOutputRoot, "Colosseum: the source segment must be matched" ); // If asserter timeout, the bisection of segments may not have ended. // Therefore, segment validation only proceeds when bisection is not possible. if (!_isAbleToBisect(_challenge)) { require( _challenge.segments[_pos + 1] != _dstOutputRoot, "Colosseum: the destination segment must not be matched" ); } require( _srcOutputRootProof.nextBlockHash == _dstOutputRootProof.blockHash, "Colosseum: the block hash must be matched" ); } /** * @notice Checks if the public input is valid. * Reverts if public input is invalid. * * @param _srcOutputRootProof Proof of the source output root. * @param _dstOutputRootProof Proof of the destination output root. * @param _publicInput Ingredients to compute the public input used by ZK proof verification. * @param _rlps Pre-encoded RLPs to compute the next block hash of the source output root proof. */ function _validatePublicInput( Types.OutputRootProof calldata _srcOutputRootProof, Types.OutputRootProof calldata _dstOutputRootProof, Types.PublicInput calldata _publicInput, Types.BlockHeaderRLP calldata _rlps ) private pure { // TODO(chokobole): check withdrawal storage root of _dstOutputRootProof against state root of _dstOutputRootProof. require( _publicInput.stateRoot == _dstOutputRootProof.stateRoot, "Colosseum: the state root must be matched" ); bytes32 blockHash = Hashing.hashBlockHeader(_publicInput, _rlps); require( _srcOutputRootProof.nextBlockHash == blockHash, "Colosseum: the block hash must be matched" ); } /** * @notice Cancels the challenge if the output root to be challenged has already been deleted. * If the output root has been deleted, delete the challenge and refund the challenger's pending bond. * Reverts when challenger is timed out or called by non-challenger. * * @param _outputIndex Index of the L2 checkpoint output. * @param _challenger Address of the challenger. * @param _status Current status of the challenge. * * @return Whether the challenge was canceled. */ function _cancelIfOutputDeleted( uint256 _outputIndex, address _challenger, ChallengeStatus _status ) private returns (bool) { bytes32 outputRoot = L2_ORACLE.getL2Output(_outputIndex).outputRoot; if (outputRoot != DELETED_OUTPUT_ROOT) { return false; } // If the output is deleted, the asserter does not need to do anything further. require(msg.sender == _challenger, "Colosseum: sender is not a challenger"); require( _status != ChallengeStatus.CHALLENGER_TIMEOUT, "Colosseum: challenge cannot be cancelled if challenger timed out" ); delete challenges[_outputIndex][msg.sender]; emit ChallengeCanceled(_outputIndex, msg.sender, block.timestamp); L2_ORACLE.VALIDATOR_POOL().releasePendingBond(_outputIndex, msg.sender, msg.sender); return true; } /** * @notice Deletes the challenge because the challenger timed out. * The winner is the asserter, and challenger loses the bond. * * @param _outputIndex Index of the L2 checkpoint output. * @param _challenger Address of the challenger. */ function _challengerTimeout(uint256 _outputIndex, address _challenger) private { delete challenges[_outputIndex][_challenger]; emit ChallengerTimedOut(_outputIndex, _challenger, block.timestamp); // After output is finalized, the challenger's bond is included in the balance of output submitter. if (L2_ORACLE.isFinalized(_outputIndex)) { Types.CheckpointOutput memory targetOutput = L2_ORACLE.getL2Output(_outputIndex); L2_ORACLE.VALIDATOR_POOL().releasePendingBond( _outputIndex, _challenger, targetOutput.submitter ); } else { // Because the challenger lost, the challenger's bond is included in the bond for that output. L2_ORACLE.VALIDATOR_POOL().increaseBond(_outputIndex, _challenger); } } /** * @notice Hashes the public input with padding dummy transactions. * * @param _prevStateRoot Previous state root. * @param _publicInput Ingredients to compute the public input used by ZK proof verification. * * @return Hash of public input. */ function _hashPublicInput(bytes32 _prevStateRoot, Types.PublicInput calldata _publicInput) private view returns (bytes32) { bytes32[] memory dummyHashes; if (_publicInput.txHashes.length < MAX_TXS) { dummyHashes = Hashing.generateDummyHashes( DUMMY_HASH, MAX_TXS - _publicInput.txHashes.length ); } // NOTE(chokobole): We cannot calculate the Ethereum transaction root solely // based on transaction hashes. It is necessary to have access to the original // transactions. Considering the imposed constraints and the difficulty // of providing a preimage that would generate the desired public input hash // from an attacker's perspective, we have decided to omit the verification // using the transaction root. return Hashing.hashPublicInput(_prevStateRoot, _publicInput, dummyHashes); } /** * @notice Returns the number of L2 blocks for the next turn. * * @param _challenge The current challenge data. * * @return The number of L2 blocks for the next turn. */ function _nextSegSize(Types.Challenge storage _challenge) private view returns (uint256) { uint8 turn = _challenge.turn; return _challenge.segSize / (getSegmentsLength(turn) - 1); } /** * @notice Determines whether a given timestamp is past. * * @param _sec The timestamp to check. * * @return Whether it's in the past. */ function _isPast(uint256 _sec) private view returns (bool) { return block.timestamp > _sec; } /** * @notice Determines if bisection is possible. * * @param _challenge The current challenge data. * * @return Whether bisection is possible. */ function _isAbleToBisect(Types.Challenge storage _challenge) private view returns (bool) { return _nextSegSize(_challenge) > 1; } /** * @notice Determines if the next turn is the challenger's turn. * Note that challenger turns are odd numbers and asserter turns are even numbers. * * @param _turn The current turn. * * @return Whether the next turn is the challenger's turn. */ function _isNextForChallenger(uint8 _turn) private pure returns (bool) { // If the _turn value is even, it means that the asserter has completed its turn, // so the next turn will be the challenger's turn. return _turn % 2 == 0; } /** * @notice Returns status of a given challenge. * * @param _challenge The challenge data. * * @return The status of the challenge. */ function _challengeStatus(Types.Challenge storage _challenge) private view returns (ChallengeStatus) { if (_challenge.turn < TURN_INIT) { return ChallengeStatus.NONE; } bool isChallengerTurn = _isNextForChallenger(_challenge.turn); // Check if it's a timed out challenge. if (_isPast(_challenge.timeoutAt)) { // timeout on challenger turn if (isChallengerTurn) { return ChallengeStatus.CHALLENGER_TIMEOUT; } // If the asserter times out and the challenger does not prove fault, // the challenger is assumed to have timed out. if (_isPast(_challenge.timeoutAt + PROVING_TIMEOUT)) { return ChallengeStatus.CHALLENGER_TIMEOUT; } // timeout on asserter turn return ChallengeStatus.ASSERTER_TIMEOUT; } // If bisection is not possible, the Challenger must execute the fault proof. if (!_isAbleToBisect(_challenge)) { return ChallengeStatus.READY_TO_PROVE; } return isChallengerTurn ? ChallengeStatus.CHALLENGER_TURN : ChallengeStatus.ASSERTER_TURN; } /** * @notice Returns the challenge corresponding to the given L2 output index. * * @param _outputIndex Index of the L2 checkpoint output. * @param _challenger Address of the challenger. * * @return The challenge data. */ function getChallenge(uint256 _outputIndex, address _challenger) external view returns (Types.Challenge memory) { return challenges[_outputIndex][_challenger]; } /** * @notice Returns the challenge status corresponding to the given L2 output index. * * @param _outputIndex Index of the L2 checkpoint output. * @param _challenger Address of the challenger. * * @return The status of the challenge. */ function getStatus(uint256 _outputIndex, address _challenger) external view returns (ChallengeStatus) { Types.Challenge storage challenge = challenges[_outputIndex][_challenger]; return _challengeStatus(challenge); } /** * @notice Returns the segment length required for that turn. * * @param _turn The challenge turn. * * @return The segments length. */ function getSegmentsLength(uint8 _turn) public view returns (uint256) { require(_turn >= TURN_INIT, "Colosseum: invalid turn"); return segmentsLengths[_turn - 1]; } /** * @notice Determines whether bisection is possible in the challenge corresponding to the given * L2 output index. * * @param _outputIndex Index of the L2 checkpoint output. * @param _challenger Address of the challenger. * * @return Whether bisection is possible. */ function isAbleToBisect(uint256 _outputIndex, address _challenger) public view returns (bool) { Types.Challenge storage challenge = challenges[_outputIndex][_challenger]; return _isAbleToBisect(challenge); } /** * @notice Determines whether current timestamp is in challenge creation period corresponding to the given L2 output index. * * @param _outputIndex Index of the L2 checkpoint output. * * @return Whether current timestamp is in challenge creation period. */ function isInCreationPeriod(uint256 _outputIndex) external view returns (bool) { Types.CheckpointOutput memory targetOutput = L2_ORACLE.getL2Output(_outputIndex); return targetOutput.timestamp + CREATION_PERIOD_SECONDS >= block.timestamp; } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.9.0) (interfaces/IERC5805.sol) pragma solidity ^0.8.0; import "../governance/utils/IVotesUpgradeable.sol"; import "./IERC6372Upgradeable.sol"; interface IERC5805Upgradeable is IERC6372Upgradeable, IVotesUpgradeable {}
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.9.0) (security/ReentrancyGuard.sol) pragma solidity ^0.8.0; import "../proxy/utils/Initializable.sol"; /** * @dev Contract module that helps prevent reentrant calls to a function. * * Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier * available, which can be applied to functions to make sure there are no nested * (reentrant) calls to them. * * Note that because there is a single `nonReentrant` guard, functions marked as * `nonReentrant` may not call one another. This can be worked around by making * those functions `private`, and then adding `external` `nonReentrant` entry * points to them. * * TIP: If you would like to learn more about reentrancy and alternative ways * to protect against it, check out our blog post * https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul]. */ abstract contract ReentrancyGuardUpgradeable is Initializable { // Booleans are more expensive than uint256 or any type that takes up a full // word because each write operation emits an extra SLOAD to first read the // slot's contents, replace the bits taken up by the boolean, and then write // back. This is the compiler's defense against contract upgrades and // pointer aliasing, and it cannot be disabled. // The values being non-zero value makes deployment a bit more expensive, // but in exchange the refund on every call to nonReentrant will be lower in // amount. Since refunds are capped to a percentage of the total // transaction's gas, it is best to keep them low in cases like this one, to // increase the likelihood of the full refund coming into effect. uint256 private constant _NOT_ENTERED = 1; uint256 private constant _ENTERED = 2; uint256 private _status; function __ReentrancyGuard_init() internal onlyInitializing { __ReentrancyGuard_init_unchained(); } function __ReentrancyGuard_init_unchained() internal onlyInitializing { _status = _NOT_ENTERED; } /** * @dev Prevents a contract from calling itself, directly or indirectly. * Calling a `nonReentrant` function from another `nonReentrant` * function is not supported. It is possible to prevent this from happening * by making the `nonReentrant` function external, and making it call a * `private` function that does the actual work. */ modifier nonReentrant() { _nonReentrantBefore(); _; _nonReentrantAfter(); } function _nonReentrantBefore() private { // On the first call to nonReentrant, _status will be _NOT_ENTERED require(_status != _ENTERED, "ReentrancyGuard: reentrant call"); // Any calls to nonReentrant after this point will fail _status = _ENTERED; } function _nonReentrantAfter() private { // By storing the original value once again, a refund is triggered (see // https://eips.ethereum.org/EIPS/eip-2200) _status = _NOT_ENTERED; } /** * @dev Returns true if the reentrancy guard is currently set to "entered", which indicates there is a * `nonReentrant` function in the call stack. */ function _reentrancyGuardEntered() internal view returns (bool) { return _status == _ENTERED; } /** * @dev This empty reserved space is put in place to allow future versions to add new * variables without shifting down storage in the inheritance chain. * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps */ uint256[49] private __gap; }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.8.0) (utils/math/SafeCast.sol) // This file was procedurally generated from scripts/generate/templates/SafeCast.js. pragma solidity ^0.8.0; /** * @dev Wrappers over Solidity's uintXX/intXX casting operators with added overflow * checks. * * Downcasting from uint256/int256 in Solidity does not revert on overflow. This can * easily result in undesired exploitation or bugs, since developers usually * assume that overflows raise errors. `SafeCast` restores this intuition by * reverting the transaction when such an operation overflows. * * Using this library instead of the unchecked operations eliminates an entire * class of bugs, so it's recommended to use it always. * * Can be combined with {SafeMath} and {SignedSafeMath} to extend it to smaller types, by performing * all math on `uint256` and `int256` and then downcasting. */ library SafeCastUpgradeable { /** * @dev Returns the downcasted uint248 from uint256, reverting on * overflow (when the input is greater than largest uint248). * * Counterpart to Solidity's `uint248` operator. * * Requirements: * * - input must fit into 248 bits * * _Available since v4.7._ */ function toUint248(uint256 value) internal pure returns (uint248) { require(value <= type(uint248).max, "SafeCast: value doesn't fit in 248 bits"); return uint248(value); } /** * @dev Returns the downcasted uint240 from uint256, reverting on * overflow (when the input is greater than largest uint240). * * Counterpart to Solidity's `uint240` operator. * * Requirements: * * - input must fit into 240 bits * * _Available since v4.7._ */ function toUint240(uint256 value) internal pure returns (uint240) { require(value <= type(uint240).max, "SafeCast: value doesn't fit in 240 bits"); return uint240(value); } /** * @dev Returns the downcasted uint232 from uint256, reverting on * overflow (when the input is greater than largest uint232). * * Counterpart to Solidity's `uint232` operator. * * Requirements: * * - input must fit into 232 bits * * _Available since v4.7._ */ function toUint232(uint256 value) internal pure returns (uint232) { require(value <= type(uint232).max, "SafeCast: value doesn't fit in 232 bits"); return uint232(value); } /** * @dev Returns the downcasted uint224 from uint256, reverting on * overflow (when the input is greater than largest uint224). * * Counterpart to Solidity's `uint224` operator. * * Requirements: * * - input must fit into 224 bits * * _Available since v4.2._ */ function toUint224(uint256 value) internal pure returns (uint224) { require(value <= type(uint224).max, "SafeCast: value doesn't fit in 224 bits"); return uint224(value); } /** * @dev Returns the downcasted uint216 from uint256, reverting on * overflow (when the input is greater than largest uint216). * * Counterpart to Solidity's `uint216` operator. * * Requirements: * * - input must fit into 216 bits * * _Available since v4.7._ */ function toUint216(uint256 value) internal pure returns (uint216) { require(value <= type(uint216).max, "SafeCast: value doesn't fit in 216 bits"); return uint216(value); } /** * @dev Returns the downcasted uint208 from uint256, reverting on * overflow (when the input is greater than largest uint208). * * Counterpart to Solidity's `uint208` operator. * * Requirements: * * - input must fit into 208 bits * * _Available since v4.7._ */ function toUint208(uint256 value) internal pure returns (uint208) { require(value <= type(uint208).max, "SafeCast: value doesn't fit in 208 bits"); return uint208(value); } /** * @dev Returns the downcasted uint200 from uint256, reverting on * overflow (when the input is greater than largest uint200). * * Counterpart to Solidity's `uint200` operator. * * Requirements: * * - input must fit into 200 bits * * _Available since v4.7._ */ function toUint200(uint256 value) internal pure returns (uint200) { require(value <= type(uint200).max, "SafeCast: value doesn't fit in 200 bits"); return uint200(value); } /** * @dev Returns the downcasted uint192 from uint256, reverting on * overflow (when the input is greater than largest uint192). * * Counterpart to Solidity's `uint192` operator. * * Requirements: * * - input must fit into 192 bits * * _Available since v4.7._ */ function toUint192(uint256 value) internal pure returns (uint192) { require(value <= type(uint192).max, "SafeCast: value doesn't fit in 192 bits"); return uint192(value); } /** * @dev Returns the downcasted uint184 from uint256, reverting on * overflow (when the input is greater than largest uint184). * * Counterpart to Solidity's `uint184` operator. * * Requirements: * * - input must fit into 184 bits * * _Available since v4.7._ */ function toUint184(uint256 value) internal pure returns (uint184) { require(value <= type(uint184).max, "SafeCast: value doesn't fit in 184 bits"); return uint184(value); } /** * @dev Returns the downcasted uint176 from uint256, reverting on * overflow (when the input is greater than largest uint176). * * Counterpart to Solidity's `uint176` operator. * * Requirements: * * - input must fit into 176 bits * * _Available since v4.7._ */ function toUint176(uint256 value) internal pure returns (uint176) { require(value <= type(uint176).max, "SafeCast: value doesn't fit in 176 bits"); return uint176(value); } /** * @dev Returns the downcasted uint168 from uint256, reverting on * overflow (when the input is greater than largest uint168). * * Counterpart to Solidity's `uint168` operator. * * Requirements: * * - input must fit into 168 bits * * _Available since v4.7._ */ function toUint168(uint256 value) internal pure returns (uint168) { require(value <= type(uint168).max, "SafeCast: value doesn't fit in 168 bits"); return uint168(value); } /** * @dev Returns the downcasted uint160 from uint256, reverting on * overflow (when the input is greater than largest uint160). * * Counterpart to Solidity's `uint160` operator. * * Requirements: * * - input must fit into 160 bits * * _Available since v4.7._ */ function toUint160(uint256 value) internal pure returns (uint160) { require(value <= type(uint160).max, "SafeCast: value doesn't fit in 160 bits"); return uint160(value); } /** * @dev Returns the downcasted uint152 from uint256, reverting on * overflow (when the input is greater than largest uint152). * * Counterpart to Solidity's `uint152` operator. * * Requirements: * * - input must fit into 152 bits * * _Available since v4.7._ */ function toUint152(uint256 value) internal pure returns (uint152) { require(value <= type(uint152).max, "SafeCast: value doesn't fit in 152 bits"); return uint152(value); } /** * @dev Returns the downcasted uint144 from uint256, reverting on * overflow (when the input is greater than largest uint144). * * Counterpart to Solidity's `uint144` operator. * * Requirements: * * - input must fit into 144 bits * * _Available since v4.7._ */ function toUint144(uint256 value) internal pure returns (uint144) { require(value <= type(uint144).max, "SafeCast: value doesn't fit in 144 bits"); return uint144(value); } /** * @dev Returns the downcasted uint136 from uint256, reverting on * overflow (when the input is greater than largest uint136). * * Counterpart to Solidity's `uint136` operator. * * Requirements: * * - input must fit into 136 bits * * _Available since v4.7._ */ function toUint136(uint256 value) internal pure returns (uint136) { require(value <= type(uint136).max, "SafeCast: value doesn't fit in 136 bits"); return uint136(value); } /** * @dev Returns the downcasted uint128 from uint256, reverting on * overflow (when the input is greater than largest uint128). * * Counterpart to Solidity's `uint128` operator. * * Requirements: * * - input must fit into 128 bits * * _Available since v2.5._ */ function toUint128(uint256 value) internal pure returns (uint128) { require(value <= type(uint128).max, "SafeCast: value doesn't fit in 128 bits"); return uint128(value); } /** * @dev Returns the downcasted uint120 from uint256, reverting on * overflow (when the input is greater than largest uint120). * * Counterpart to Solidity's `uint120` operator. * * Requirements: * * - input must fit into 120 bits * * _Available since v4.7._ */ function toUint120(uint256 value) internal pure returns (uint120) { require(value <= type(uint120).max, "SafeCast: value doesn't fit in 120 bits"); return uint120(value); } /** * @dev Returns the downcasted uint112 from uint256, reverting on * overflow (when the input is greater than largest uint112). * * Counterpart to Solidity's `uint112` operator. * * Requirements: * * - input must fit into 112 bits * * _Available since v4.7._ */ function toUint112(uint256 value) internal pure returns (uint112) { require(value <= type(uint112).max, "SafeCast: value doesn't fit in 112 bits"); return uint112(value); } /** * @dev Returns the downcasted uint104 from uint256, reverting on * overflow (when the input is greater than largest uint104). * * Counterpart to Solidity's `uint104` operator. * * Requirements: * * - input must fit into 104 bits * * _Available since v4.7._ */ function toUint104(uint256 value) internal pure returns (uint104) { require(value <= type(uint104).max, "SafeCast: value doesn't fit in 104 bits"); return uint104(value); } /** * @dev Returns the downcasted uint96 from uint256, reverting on * overflow (when the input is greater than largest uint96). * * Counterpart to Solidity's `uint96` operator. * * Requirements: * * - input must fit into 96 bits * * _Available since v4.2._ */ function toUint96(uint256 value) internal pure returns (uint96) { require(value <= type(uint96).max, "SafeCast: value doesn't fit in 96 bits"); return uint96(value); } /** * @dev Returns the downcasted uint88 from uint256, reverting on * overflow (when the input is greater than largest uint88). * * Counterpart to Solidity's `uint88` operator. * * Requirements: * * - input must fit into 88 bits * * _Available since v4.7._ */ function toUint88(uint256 value) internal pure returns (uint88) { require(value <= type(uint88).max, "SafeCast: value doesn't fit in 88 bits"); return uint88(value); } /** * @dev Returns the downcasted uint80 from uint256, reverting on * overflow (when the input is greater than largest uint80). * * Counterpart to Solidity's `uint80` operator. * * Requirements: * * - input must fit into 80 bits * * _Available since v4.7._ */ function toUint80(uint256 value) internal pure returns (uint80) { require(value <= type(uint80).max, "SafeCast: value doesn't fit in 80 bits"); return uint80(value); } /** * @dev Returns the downcasted uint72 from uint256, reverting on * overflow (when the input is greater than largest uint72). * * Counterpart to Solidity's `uint72` operator. * * Requirements: * * - input must fit into 72 bits * * _Available since v4.7._ */ function toUint72(uint256 value) internal pure returns (uint72) { require(value <= type(uint72).max, "SafeCast: value doesn't fit in 72 bits"); return uint72(value); } /** * @dev Returns the downcasted uint64 from uint256, reverting on * overflow (when the input is greater than largest uint64). * * Counterpart to Solidity's `uint64` operator. * * Requirements: * * - input must fit into 64 bits * * _Available since v2.5._ */ function toUint64(uint256 value) internal pure returns (uint64) { require(value <= type(uint64).max, "SafeCast: value doesn't fit in 64 bits"); return uint64(value); } /** * @dev Returns the downcasted uint56 from uint256, reverting on * overflow (when the input is greater than largest uint56). * * Counterpart to Solidity's `uint56` operator. * * Requirements: * * - input must fit into 56 bits * * _Available since v4.7._ */ function toUint56(uint256 value) internal pure returns (uint56) { require(value <= type(uint56).max, "SafeCast: value doesn't fit in 56 bits"); return uint56(value); } /** * @dev Returns the downcasted uint48 from uint256, reverting on * overflow (when the input is greater than largest uint48). * * Counterpart to Solidity's `uint48` operator. * * Requirements: * * - input must fit into 48 bits * * _Available since v4.7._ */ function toUint48(uint256 value) internal pure returns (uint48) { require(value <= type(uint48).max, "SafeCast: value doesn't fit in 48 bits"); return uint48(value); } /** * @dev Returns the downcasted uint40 from uint256, reverting on * overflow (when the input is greater than largest uint40). * * Counterpart to Solidity's `uint40` operator. * * Requirements: * * - input must fit into 40 bits * * _Available since v4.7._ */ function toUint40(uint256 value) internal pure returns (uint40) { require(value <= type(uint40).max, "SafeCast: value doesn't fit in 40 bits"); return uint40(value); } /** * @dev Returns the downcasted uint32 from uint256, reverting on * overflow (when the input is greater than largest uint32). * * Counterpart to Solidity's `uint32` operator. * * Requirements: * * - input must fit into 32 bits * * _Available since v2.5._ */ function toUint32(uint256 value) internal pure returns (uint32) { require(value <= type(uint32).max, "SafeCast: value doesn't fit in 32 bits"); return uint32(value); } /** * @dev Returns the downcasted uint24 from uint256, reverting on * overflow (when the input is greater than largest uint24). * * Counterpart to Solidity's `uint24` operator. * * Requirements: * * - input must fit into 24 bits * * _Available since v4.7._ */ function toUint24(uint256 value) internal pure returns (uint24) { require(value <= type(uint24).max, "SafeCast: value doesn't fit in 24 bits"); return uint24(value); } /** * @dev Returns the downcasted uint16 from uint256, reverting on * overflow (when the input is greater than largest uint16). * * Counterpart to Solidity's `uint16` operator. * * Requirements: * * - input must fit into 16 bits * * _Available since v2.5._ */ function toUint16(uint256 value) internal pure returns (uint16) { require(value <= type(uint16).max, "SafeCast: value doesn't fit in 16 bits"); return uint16(value); } /** * @dev Returns the downcasted uint8 from uint256, reverting on * overflow (when the input is greater than largest uint8). * * Counterpart to Solidity's `uint8` operator. * * Requirements: * * - input must fit into 8 bits * * _Available since v2.5._ */ function toUint8(uint256 value) internal pure returns (uint8) { require(value <= type(uint8).max, "SafeCast: value doesn't fit in 8 bits"); return uint8(value); } /** * @dev Converts a signed int256 into an unsigned uint256. * * Requirements: * * - input must be greater than or equal to 0. * * _Available since v3.0._ */ function toUint256(int256 value) internal pure returns (uint256) { require(value >= 0, "SafeCast: value must be positive"); return uint256(value); } /** * @dev Returns the downcasted int248 from int256, reverting on * overflow (when the input is less than smallest int248 or * greater than largest int248). * * Counterpart to Solidity's `int248` operator. * * Requirements: * * - input must fit into 248 bits * * _Available since v4.7._ */ function toInt248(int256 value) internal pure returns (int248 downcasted) { downcasted = int248(value); require(downcasted == value, "SafeCast: value doesn't fit in 248 bits"); } /** * @dev Returns the downcasted int240 from int256, reverting on * overflow (when the input is less than smallest int240 or * greater than largest int240). * * Counterpart to Solidity's `int240` operator. * * Requirements: * * - input must fit into 240 bits * * _Available since v4.7._ */ function toInt240(int256 value) internal pure returns (int240 downcasted) { downcasted = int240(value); require(downcasted == value, "SafeCast: value doesn't fit in 240 bits"); } /** * @dev Returns the downcasted int232 from int256, reverting on * overflow (when the input is less than smallest int232 or * greater than largest int232). * * Counterpart to Solidity's `int232` operator. * * Requirements: * * - input must fit into 232 bits * * _Available since v4.7._ */ function toInt232(int256 value) internal pure returns (int232 downcasted) { downcasted = int232(value); require(downcasted == value, "SafeCast: value doesn't fit in 232 bits"); } /** * @dev Returns the downcasted int224 from int256, reverting on * overflow (when the input is less than smallest int224 or * greater than largest int224). * * Counterpart to Solidity's `int224` operator. * * Requirements: * * - input must fit into 224 bits * * _Available since v4.7._ */ function toInt224(int256 value) internal pure returns (int224 downcasted) { downcasted = int224(value); require(downcasted == value, "SafeCast: value doesn't fit in 224 bits"); } /** * @dev Returns the downcasted int216 from int256, reverting on * overflow (when the input is less than smallest int216 or * greater than largest int216). * * Counterpart to Solidity's `int216` operator. * * Requirements: * * - input must fit into 216 bits * * _Available since v4.7._ */ function toInt216(int256 value) internal pure returns (int216 downcasted) { downcasted = int216(value); require(downcasted == value, "SafeCast: value doesn't fit in 216 bits"); } /** * @dev Returns the downcasted int208 from int256, reverting on * overflow (when the input is less than smallest int208 or * greater than largest int208). * * Counterpart to Solidity's `int208` operator. * * Requirements: * * - input must fit into 208 bits * * _Available since v4.7._ */ function toInt208(int256 value) internal pure returns (int208 downcasted) { downcasted = int208(value); require(downcasted == value, "SafeCast: value doesn't fit in 208 bits"); } /** * @dev Returns the downcasted int200 from int256, reverting on * overflow (when the input is less than smallest int200 or * greater than largest int200). * * Counterpart to Solidity's `int200` operator. * * Requirements: * * - input must fit into 200 bits * * _Available since v4.7._ */ function toInt200(int256 value) internal pure returns (int200 downcasted) { downcasted = int200(value); require(downcasted == value, "SafeCast: value doesn't fit in 200 bits"); } /** * @dev Returns the downcasted int192 from int256, reverting on * overflow (when the input is less than smallest int192 or * greater than largest int192). * * Counterpart to Solidity's `int192` operator. * * Requirements: * * - input must fit into 192 bits * * _Available since v4.7._ */ function toInt192(int256 value) internal pure returns (int192 downcasted) { downcasted = int192(value); require(downcasted == value, "SafeCast: value doesn't fit in 192 bits"); } /** * @dev Returns the downcasted int184 from int256, reverting on * overflow (when the input is less than smallest int184 or * greater than largest int184). * * Counterpart to Solidity's `int184` operator. * * Requirements: * * - input must fit into 184 bits * * _Available since v4.7._ */ function toInt184(int256 value) internal pure returns (int184 downcasted) { downcasted = int184(value); require(downcasted == value, "SafeCast: value doesn't fit in 184 bits"); } /** * @dev Returns the downcasted int176 from int256, reverting on * overflow (when the input is less than smallest int176 or * greater than largest int176). * * Counterpart to Solidity's `int176` operator. * * Requirements: * * - input must fit into 176 bits * * _Available since v4.7._ */ function toInt176(int256 value) internal pure returns (int176 downcasted) { downcasted = int176(value); require(downcasted == value, "SafeCast: value doesn't fit in 176 bits"); } /** * @dev Returns the downcasted int168 from int256, reverting on * overflow (when the input is less than smallest int168 or * greater than largest int168). * * Counterpart to Solidity's `int168` operator. * * Requirements: * * - input must fit into 168 bits * * _Available since v4.7._ */ function toInt168(int256 value) internal pure returns (int168 downcasted) { downcasted = int168(value); require(downcasted == value, "SafeCast: value doesn't fit in 168 bits"); } /** * @dev Returns the downcasted int160 from int256, reverting on * overflow (when the input is less than smallest int160 or * greater than largest int160). * * Counterpart to Solidity's `int160` operator. * * Requirements: * * - input must fit into 160 bits * * _Available since v4.7._ */ function toInt160(int256 value) internal pure returns (int160 downcasted) { downcasted = int160(value); require(downcasted == value, "SafeCast: value doesn't fit in 160 bits"); } /** * @dev Returns the downcasted int152 from int256, reverting on * overflow (when the input is less than smallest int152 or * greater than largest int152). * * Counterpart to Solidity's `int152` operator. * * Requirements: * * - input must fit into 152 bits * * _Available since v4.7._ */ function toInt152(int256 value) internal pure returns (int152 downcasted) { downcasted = int152(value); require(downcasted == value, "SafeCast: value doesn't fit in 152 bits"); } /** * @dev Returns the downcasted int144 from int256, reverting on * overflow (when the input is less than smallest int144 or * greater than largest int144). * * Counterpart to Solidity's `int144` operator. * * Requirements: * * - input must fit into 144 bits * * _Available since v4.7._ */ function toInt144(int256 value) internal pure returns (int144 downcasted) { downcasted = int144(value); require(downcasted == value, "SafeCast: value doesn't fit in 144 bits"); } /** * @dev Returns the downcasted int136 from int256, reverting on * overflow (when the input is less than smallest int136 or * greater than largest int136). * * Counterpart to Solidity's `int136` operator. * * Requirements: * * - input must fit into 136 bits * * _Available since v4.7._ */ function toInt136(int256 value) internal pure returns (int136 downcasted) { downcasted = int136(value); require(downcasted == value, "SafeCast: value doesn't fit in 136 bits"); } /** * @dev Returns the downcasted int128 from int256, reverting on * overflow (when the input is less than smallest int128 or * greater than largest int128). * * Counterpart to Solidity's `int128` operator. * * Requirements: * * - input must fit into 128 bits * * _Available since v3.1._ */ function toInt128(int256 value) internal pure returns (int128 downcasted) { downcasted = int128(value); require(downcasted == value, "SafeCast: value doesn't fit in 128 bits"); } /** * @dev Returns the downcasted int120 from int256, reverting on * overflow (when the input is less than smallest int120 or * greater than largest int120). * * Counterpart to Solidity's `int120` operator. * * Requirements: * * - input must fit into 120 bits * * _Available since v4.7._ */ function toInt120(int256 value) internal pure returns (int120 downcasted) { downcasted = int120(value); require(downcasted == value, "SafeCast: value doesn't fit in 120 bits"); } /** * @dev Returns the downcasted int112 from int256, reverting on * overflow (when the input is less than smallest int112 or * greater than largest int112). * * Counterpart to Solidity's `int112` operator. * * Requirements: * * - input must fit into 112 bits * * _Available since v4.7._ */ function toInt112(int256 value) internal pure returns (int112 downcasted) { downcasted = int112(value); require(downcasted == value, "SafeCast: value doesn't fit in 112 bits"); } /** * @dev Returns the downcasted int104 from int256, reverting on * overflow (when the input is less than smallest int104 or * greater than largest int104). * * Counterpart to Solidity's `int104` operator. * * Requirements: * * - input must fit into 104 bits * * _Available since v4.7._ */ function toInt104(int256 value) internal pure returns (int104 downcasted) { downcasted = int104(value); require(downcasted == value, "SafeCast: value doesn't fit in 104 bits"); } /** * @dev Returns the downcasted int96 from int256, reverting on * overflow (when the input is less than smallest int96 or * greater than largest int96). * * Counterpart to Solidity's `int96` operator. * * Requirements: * * - input must fit into 96 bits * * _Available since v4.7._ */ function toInt96(int256 value) internal pure returns (int96 downcasted) { downcasted = int96(value); require(downcasted == value, "SafeCast: value doesn't fit in 96 bits"); } /** * @dev Returns the downcasted int88 from int256, reverting on * overflow (when the input is less than smallest int88 or * greater than largest int88). * * Counterpart to Solidity's `int88` operator. * * Requirements: * * - input must fit into 88 bits * * _Available since v4.7._ */ function toInt88(int256 value) internal pure returns (int88 downcasted) { downcasted = int88(value); require(downcasted == value, "SafeCast: value doesn't fit in 88 bits"); } /** * @dev Returns the downcasted int80 from int256, reverting on * overflow (when the input is less than smallest int80 or * greater than largest int80). * * Counterpart to Solidity's `int80` operator. * * Requirements: * * - input must fit into 80 bits * * _Available since v4.7._ */ function toInt80(int256 value) internal pure returns (int80 downcasted) { downcasted = int80(value); require(downcasted == value, "SafeCast: value doesn't fit in 80 bits"); } /** * @dev Returns the downcasted int72 from int256, reverting on * overflow (when the input is less than smallest int72 or * greater than largest int72). * * Counterpart to Solidity's `int72` operator. * * Requirements: * * - input must fit into 72 bits * * _Available since v4.7._ */ function toInt72(int256 value) internal pure returns (int72 downcasted) { downcasted = int72(value); require(downcasted == value, "SafeCast: value doesn't fit in 72 bits"); } /** * @dev Returns the downcasted int64 from int256, reverting on * overflow (when the input is less than smallest int64 or * greater than largest int64). * * Counterpart to Solidity's `int64` operator. * * Requirements: * * - input must fit into 64 bits * * _Available since v3.1._ */ function toInt64(int256 value) internal pure returns (int64 downcasted) { downcasted = int64(value); require(downcasted == value, "SafeCast: value doesn't fit in 64 bits"); } /** * @dev Returns the downcasted int56 from int256, reverting on * overflow (when the input is less than smallest int56 or * greater than largest int56). * * Counterpart to Solidity's `int56` operator. * * Requirements: * * - input must fit into 56 bits * * _Available since v4.7._ */ function toInt56(int256 value) internal pure returns (int56 downcasted) { downcasted = int56(value); require(downcasted == value, "SafeCast: value doesn't fit in 56 bits"); } /** * @dev Returns the downcasted int48 from int256, reverting on * overflow (when the input is less than smallest int48 or * greater than largest int48). * * Counterpart to Solidity's `int48` operator. * * Requirements: * * - input must fit into 48 bits * * _Available since v4.7._ */ function toInt48(int256 value) internal pure returns (int48 downcasted) { downcasted = int48(value); require(downcasted == value, "SafeCast: value doesn't fit in 48 bits"); } /** * @dev Returns the downcasted int40 from int256, reverting on * overflow (when the input is less than smallest int40 or * greater than largest int40). * * Counterpart to Solidity's `int40` operator. * * Requirements: * * - input must fit into 40 bits * * _Available since v4.7._ */ function toInt40(int256 value) internal pure returns (int40 downcasted) { downcasted = int40(value); require(downcasted == value, "SafeCast: value doesn't fit in 40 bits"); } /** * @dev Returns the downcasted int32 from int256, reverting on * overflow (when the input is less than smallest int32 or * greater than largest int32). * * Counterpart to Solidity's `int32` operator. * * Requirements: * * - input must fit into 32 bits * * _Available since v3.1._ */ function toInt32(int256 value) internal pure returns (int32 downcasted) { downcasted = int32(value); require(downcasted == value, "SafeCast: value doesn't fit in 32 bits"); } /** * @dev Returns the downcasted int24 from int256, reverting on * overflow (when the input is less than smallest int24 or * greater than largest int24). * * Counterpart to Solidity's `int24` operator. * * Requirements: * * - input must fit into 24 bits * * _Available since v4.7._ */ function toInt24(int256 value) internal pure returns (int24 downcasted) { downcasted = int24(value); require(downcasted == value, "SafeCast: value doesn't fit in 24 bits"); } /** * @dev Returns the downcasted int16 from int256, reverting on * overflow (when the input is less than smallest int16 or * greater than largest int16). * * Counterpart to Solidity's `int16` operator. * * Requirements: * * - input must fit into 16 bits * * _Available since v3.1._ */ function toInt16(int256 value) internal pure returns (int16 downcasted) { downcasted = int16(value); require(downcasted == value, "SafeCast: value doesn't fit in 16 bits"); } /** * @dev Returns the downcasted int8 from int256, reverting on * overflow (when the input is less than smallest int8 or * greater than largest int8). * * Counterpart to Solidity's `int8` operator. * * Requirements: * * - input must fit into 8 bits * * _Available since v3.1._ */ function toInt8(int256 value) internal pure returns (int8 downcasted) { downcasted = int8(value); require(downcasted == value, "SafeCast: value doesn't fit in 8 bits"); } /** * @dev Converts an unsigned uint256 into a signed int256. * * Requirements: * * - input must be less than or equal to maxInt256. * * _Available since v3.0._ */ function toInt256(uint256 value) internal pure returns (int256) { // Note: Unsafe cast below is okay because `type(int256).max` is guaranteed to be positive require(value <= uint256(type(int256).max), "SafeCast: value doesn't fit in an int256"); return int256(value); } }
// SPDX-License-Identifier: MIT pragma solidity ^0.8.15; import "@openzeppelin/contracts-upgradeable/governance/GovernorUpgradeable.sol"; import "@openzeppelin/contracts-upgradeable/governance/extensions/GovernorSettingsUpgradeable.sol"; import "@openzeppelin/contracts-upgradeable/governance/extensions/GovernorCountingSimpleUpgradeable.sol"; import "@openzeppelin/contracts-upgradeable/governance/extensions/GovernorVotesUpgradeable.sol"; import "@openzeppelin/contracts-upgradeable/governance/extensions/GovernorVotesQuorumFractionUpgradeable.sol"; import "@openzeppelin/contracts-upgradeable/governance/extensions/GovernorTimelockControlUpgradeable.sol"; import "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol"; import "@openzeppelin/contracts/utils/Strings.sol"; import { Semver } from "../universal/Semver.sol"; /** * @custom:proxied * @title UpgradeGovernor * @notice The UpgradeGovernor is a basic ERC20, ERC721 based DAO using OpenZeppelin Governor. */ contract UpgradeGovernor is Initializable, GovernorUpgradeable, GovernorSettingsUpgradeable, GovernorCountingSimpleUpgradeable, GovernorVotesUpgradeable, GovernorVotesQuorumFractionUpgradeable, GovernorTimelockControlUpgradeable, Semver { /** * @custom:semver 1.0.0 */ constructor() Semver(1, 0, 0) { _disableInitializers(); } /** * @notice Initializer. * * @param _token Address of the token(ERC20 or ERC721). * @param _timelock Address of the timelock controller. * @param _initialVotingDelay Voting delay.(unit: 1 block = 12 seconds on L1) * @param _initialVotingPeriod Voting period.(unit: 1 block = 12 seconds on L1) * @param _initialProposalThreshold Proposal threshold. * @param _votesQuorumFraction Quorum as a fraction of the token's total supply. */ function initialize( address _token, address payable _timelock, uint256 _initialVotingDelay, uint256 _initialVotingPeriod, uint256 _initialProposalThreshold, uint256 _votesQuorumFraction ) public initializer { __Governor_init("UpgradeGovernor"); __GovernorSettings_init( _initialVotingDelay, _initialVotingPeriod, _initialProposalThreshold ); __GovernorCountingSimple_init(); __GovernorVotes_init(IVotesUpgradeable(_token)); __GovernorVotesQuorumFraction_init(_votesQuorumFraction); __GovernorTimelockControl_init(TimelockControllerUpgradeable(_timelock)); } // The following functions are overridden cause required by Solidity. function votingDelay() public view override(IGovernorUpgradeable, GovernorSettingsUpgradeable) returns (uint256) { return super.votingDelay(); } function votingPeriod() public view override(IGovernorUpgradeable, GovernorSettingsUpgradeable) returns (uint256) { return super.votingPeriod(); } function quorum(uint256 blockNumber) public view override(IGovernorUpgradeable, GovernorVotesQuorumFractionUpgradeable) returns (uint256) { return super.quorum(blockNumber); } function state(uint256 proposalId) public view override(GovernorUpgradeable, GovernorTimelockControlUpgradeable) returns (ProposalState) { return super.state(proposalId); } function propose( address[] memory targets, uint256[] memory values, bytes[] memory calldatas, string memory description ) public override(GovernorUpgradeable, IGovernorUpgradeable) returns (uint256) { return super.propose(targets, values, calldatas, description); } function proposalThreshold() public view override(GovernorUpgradeable, GovernorSettingsUpgradeable) returns (uint256) { return super.proposalThreshold(); } /** * @notice Returns the full contract version. * * @return contract version as a string. */ function version() public view override(IGovernorUpgradeable, GovernorUpgradeable, Semver) returns (string memory) { return Semver.version(); } function _execute( uint256 proposalId, address[] memory targets, uint256[] memory values, bytes[] memory calldatas, bytes32 descriptionHash ) internal override(GovernorUpgradeable, GovernorTimelockControlUpgradeable) { super._execute(proposalId, targets, values, calldatas, descriptionHash); } function _cancel( address[] memory targets, uint256[] memory values, bytes[] memory calldatas, bytes32 descriptionHash ) internal override(GovernorUpgradeable, GovernorTimelockControlUpgradeable) returns (uint256) { return super._cancel(targets, values, calldatas, descriptionHash); } function _executor() internal view override(GovernorUpgradeable, GovernorTimelockControlUpgradeable) returns (address) { return super._executor(); } function supportsInterface(bytes4 interfaceId) public view override(GovernorUpgradeable, GovernorTimelockControlUpgradeable) returns (bool) { return super.supportsInterface(interfaceId); } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; /** * @title SafeCall * @notice Perform low level safe calls */ library SafeCall { /** * @notice Perform a low level call without copying any returndata * * @param _target Address to call * @param _gas Amount of gas to pass to the call * @param _value Amount of value to pass to the call * @param _calldata Calldata to pass to the call */ function call( address _target, uint256 _gas, uint256 _value, bytes memory _calldata ) internal returns (bool) { bool _success; assembly { _success := call( _gas, // gas _target, // recipient _value, // ether value add(_calldata, 32), // inloc mload(_calldata), // inlen 0, // outloc 0 // outlen ) } return _success; } /** * @notice Helper function to determine if there is sufficient gas remaining within the context * to guarantee that the minimum gas requirement for a call will be met as well as * optionally reserving a specified amount of gas for after the call has concluded. * * @param _minGas The minimum amount of gas that may be passed to the target context. * @param _reservedGas Optional amount of gas to reserve for the caller after the execution * of the target context. * * @return `true` if there is enough gas remaining to safely supply `_minGas` to the target * context as well as reserve `_reservedGas` for the caller after the execution of * the target context. * * @dev !!!!! FOOTGUN ALERT !!!!! * 1.) The 40_000 base buffer is to account for the worst case of the dynamic cost of the * `CALL` opcode's `address_access_cost`, `positive_value_cost`, and * `value_to_empty_account_cost` factors with an added buffer of 5,700 gas. It is * still possible to self-rekt by initiating a withdrawal with a minimum gas limit * that does not account for the `memory_expansion_cost` & `code_execution_cost` * factors of the dynamic cost of the `CALL` opcode. * 2.) This function should *directly* precede the external call if possible. There is an * added buffer to account for gas consumed between this check and the call, but it * is only 5,700 gas. * 3.) Because EIP-150 ensures that a maximum of 63/64ths of the remaining gas in the call * frame may be passed to a subcontext, we need to ensure that the gas will not be * truncated. * 4.) Use wisely. This function is not a silver bullet. */ function hasMinGas(uint256 _minGas, uint256 _reservedGas) internal view returns (bool) { bool _hasMinGas; assembly { // Equation: gas × 63 ≥ minGas × 64 + 63(40_000 + reservedGas) _hasMinGas := iszero( lt(mul(gas(), 63), add(mul(_minGas, 64), mul(add(40000, _reservedGas), 63))) ) } return _hasMinGas; } /** * @notice Perform a low level call without copying any returndata. This function * will revert if the call cannot be performed with the specified minimum * gas. * * @param _target Address to call * @param _minGas The minimum amount of gas that may be passed to the call * @param _value Amount of value to pass to the call * @param _calldata Calldata to pass to the call */ function callWithMinGas( address _target, uint256 _minGas, uint256 _value, bytes memory _calldata ) internal returns (bool) { bool _success; bool _hasMinGas = hasMinGas(_minGas, 0); assembly { // Assertion: gasleft() >= (_minGas * 64) / 63 + 40_000 if iszero(_hasMinGas) { // Store the "Error(string)" selector in scratch space. mstore(0, 0x08c379a0) // Store the pointer to the string length in scratch space. mstore(32, 32) // Store the string. // // SAFETY: // - We pad the beginning of the string with two zero bytes as well as the // length (24) to ensure that we override the free memory pointer at offset // 0x40. This is necessary because the free memory pointer is likely to // be greater than 1 byte when this function is called, but it is incredibly // unlikely that it will be greater than 3 bytes. As for the data within // 0x60, it is ensured that it is 0 due to 0x60 being the zero offset. // - It's fine to clobber the free memory pointer, we're reverting. mstore(88, 0x0000185361666543616c6c3a204e6f7420656e6f75676820676173) // Revert with 'Error("SafeCall: Not enough gas")' revert(28, 100) } // The call will be supplied at least ((_minGas * 64) / 63 + 40_000 - 49) gas due to the // above assertion. This ensures that, in all circumstances (except for when the // `_minGas` does not account for the `memory_expansion_cost` and `code_execution_cost` // factors of the dynamic cost of the `CALL` opcode), the call will receive at least // the minimum amount of gas specified. _success := call( gas(), // gas _target, // recipient _value, // ether value add(_calldata, 32), // inloc mload(_calldata), // inlen 0x00, // outloc 0x00 // outlen ) } return _success; } }
// SPDX-License-Identifier: MIT pragma solidity ^0.8.9; /** * @title Types * @notice Contains various types used throughout the Kroma contract system. */ library Types { /** * @notice CheckpointOutput represents a commitment to the state of L2 checkpoint. The timestamp * is the L1 timestamp that the output root is posted. This timestamp is used to verify * that the finalization period has passed since the output root was submitted. * * @custom:field submitter Address of the output submitter. * @custom:field outputRoot Hash of the L2 output. * @custom:field timestamp Timestamp of the L1 block that the output root was submitted in. * @custom:field l2BlockNumber L2 block number that the output corresponds to. */ struct CheckpointOutput { address submitter; bytes32 outputRoot; uint128 timestamp; uint128 l2BlockNumber; } /** * @notice Struct representing the elements that are hashed together to generate an output root * which itself represents a snapshot of the L2 state. * * @custom:field version Version of the output root. * @custom:field stateRoot Root of the state trie at the block of this output. * @custom:field messagePasserStorageRoot Root of the message passer storage trie. * @custom:field blockHash Hash of the block this output was generated from. * @custom:field nextBlockHash Hash of the next block. */ struct OutputRootProof { bytes32 version; bytes32 stateRoot; bytes32 messagePasserStorageRoot; bytes32 blockHash; bytes32 nextBlockHash; } /** * @notice Struct representing the elements that are hashed together to generate a public input. * * @custom:field blockHash The hash of the block. * @custom:field parentHash The hash of the previous block. * @custom:field timestamp The block time. * @custom:field number The block number. * @custom:field gasLimit Maximum gas allowed. * @custom:field baseFee The base fee per gas. * @custom:field transactionsRoot Root hash of the transactions. * @custom:field stateRoot Root hash of the state trie. * @custom:field withdrawalsRoot Root hash of the withdrawals. * @custom:field txHashes Array of hash of the transaction. */ struct PublicInput { bytes32 blockHash; bytes32 parentHash; uint64 timestamp; uint64 number; uint64 gasLimit; uint256 baseFee; bytes32 transactionsRoot; bytes32 stateRoot; bytes32 withdrawalsRoot; bytes32[] txHashes; } /** * @notice Struct representing the elements that are hashed together to generate a block hash. * Some of fields that are contained in PublicInput are omitted. * * @custom:field uncleHash RLP encoded uncle hash. * @custom:field coinbase RLP encoded coinbase. * @custom:field receiptsRoot RLP encoded receipts root. * @custom:field logsBloom RLP encoded logs bloom. * @custom:field difficulty RLP encoded difficulty. * @custom:field gasUsed RLP encoded gas used. * @custom:field extraData RLP encoded extra data. * @custom:field mixHash RLP encoded mix hash. * @custom:field nonce RLP encoded nonce. */ struct BlockHeaderRLP { bytes uncleHash; bytes coinbase; bytes receiptsRoot; bytes logsBloom; bytes difficulty; bytes gasUsed; bytes extraData; bytes mixHash; bytes nonce; } /** * @notice Struct representing a deposit transaction (L1 => L2 transaction) created by an end * user (as opposed to a system deposit transaction generated by the system). * * @custom:field from Address of the sender of the transaction. * @custom:field to Address of the recipient of the transaction. * @custom:field isCreation True if the transaction is a contract creation. * @custom:field value Value to send to the recipient. * @custom:field mint Amount of ETH to mint. * @custom:field gasLimit Gas limit of the transaction. * @custom:field data Data of the transaction. * @custom:field l1BlockHash Hash of the block the transaction was submitted in. * @custom:field logIndex Index of the log in the block the transaction was submitted in. */ struct UserDepositTransaction { address from; address to; bool isCreation; uint256 value; uint256 mint; uint64 gasLimit; bytes data; bytes32 l1BlockHash; uint64 logIndex; } /** * @notice Struct representing a withdrawal transaction. * * @custom:field nonce Nonce of the withdrawal transaction * @custom:field sender Address of the sender of the transaction. * @custom:field target Address of the recipient of the transaction. * @custom:field value Value to send to the recipient. * @custom:field gasLimit Gas limit of the transaction. * @custom:field data Data of the transaction. */ struct WithdrawalTransaction { uint256 nonce; address sender; address target; uint256 value; uint256 gasLimit; bytes data; } /** * @notice Struct representing a challenge. * * @custom:field turn The current turn. * @custom:field timeoutAt Timeout timestamp of the next turn. * @custom:field asserter Address of the asserter. * @custom:field challenger Address of the challenger. * @custom:field segments Array of the segment. * @custom:field segStart The L2 block number of the first segment. * @custom:field segSize The number of L2 blocks. */ struct Challenge { uint8 turn; uint64 timeoutAt; address asserter; address challenger; bytes32[] segments; uint256 segSize; uint256 segStart; } /** * @notice Struct representing a validator's bond. * * @custom:field amount Amount of the lock. * @custom:field expiresAt The expiration timestamp of bond. */ struct Bond { uint128 amount; uint128 expiresAt; } /** * @notice Struct representing multisig transaction data. * * @custom:field target The destination address to run the transaction. * @custom:field executed Record whether a transaction was executed or not. * @custom:field value The value passed in while executing the transaction. * @custom:field data Calldata for transaction. */ struct MultiSigTransaction { address target; bool executed; uint256 value; bytes data; } /** * @notice Struct representing multisig confirmation data. * * @custom:field confirmationCount The sum of confirmations. * @custom:field confirmedBy Map data that stores whether confirmation is performed by account. */ struct MultiSigConfirmation { uint256 confirmationCount; mapping(address => bool) confirmedBy; } /** * @notice Struct representing the data for verifying the public input. * * @custom:field srcOutputRootProof Proof of the source output root. * @custom:field dstOutputRootProof Proof of the destination output root. * @custom:field publicInput Ingredients to compute the public input used by ZK proof verification. * @custom:field rlps Pre-encoded RLPs to compute the next block hash * of the source output root proof. * @custom:field l2ToL1MessagePasserBalance Balance of the L2ToL1MessagePasser account. * @custom:field l2ToL1MessagePasserCodeHash Codehash of the L2ToL1MessagePasser account. * @custom:field merkleProof Merkle proof of L2ToL1MessagePasser account against the state root. */ struct PublicInputProof { OutputRootProof srcOutputRootProof; OutputRootProof dstOutputRootProof; PublicInput publicInput; BlockHeaderRLP rlps; bytes32 l2ToL1MessagePasserBalance; bytes32 l2ToL1MessagePasserCodeHash; bytes[] merkleProof; } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; /** * @title ITokenMultiSigWallet * @notice Interface for contracts of a token based multi-signature wallet. */ interface ITokenMultiSigWallet { /** * @notice Emitted when anyone submit a transaction. * * @param sender Address of submitter. * @param transactionId The ID of transaction submitted. */ event TransactionSubmitted(address indexed sender, uint256 indexed transactionId); /** * @notice Emitted when anyone confirm a transaction. * * @param sender Owner of address that confirm a transaction. * @param transactionId The ID of transaction confirmed. */ event TransactionConfirmed(address indexed sender, uint256 indexed transactionId); /** * @notice Emitted when transaction is executed. * * @param sender Owner of address that execute a transaction. * @param transactionId The ID of transaction executed. */ event TransactionExecuted(address indexed sender, uint256 indexed transactionId); /** * @notice Emitted when anyone revoke a confirmation. * * @param sender Owner of address that revoke a transaction. * @param transactionId The ID of transaction to revoke. */ event ConfirmationRevoked(address indexed sender, uint256 indexed transactionId); /** * @notice Allows an owner to submit and confirm a transaction. * * @param _target Transaction target address. * @param _value Transaction ether value. * @param _data Transaction data payload. * * @return Returns transaction ID. */ function submitTransaction( address _target, uint256 _value, bytes memory _data ) external returns (uint256); /** * @notice Allows an owner to confirm a transaction. * * @param _transactionId Transaction ID. */ function confirmTransaction(uint256 _transactionId) external; /** * @notice Allows an owner to revoke a transaction. * * @param _transactionId Transaction ID. */ function revokeConfirmation(uint256 _transactionId) external; /** * @notice Allows anyone to execute a confirmed transaction. * * @param _transactionId Transaction ID. */ function executeTransaction(uint256 _transactionId) external; /** * @notice Returns the confirmation status of a transaction. * * @param _transactionId Transaction ID. * * @return Confirmation status. */ function isConfirmed(uint256 _transactionId) external view returns (bool); /** * @notice Returns the current quorum, in terms of number of votes. * * @return Current quorum, in terms of number of votes: `supply * quorumNumerator / quorumDenominator`. */ function quorum() external view returns (uint256); /** * @notice Returns the number of votes. * * @param _account Account to check votes. * * @return Number of votes. */ function getVotes(address _account) external view returns (uint256); /** * @notice Returns the number of confirmations that account has confirmed. * * @param _transactionId Transaction id to check. * * @return The number of confirmations. */ function getConfirmationCount(uint256 _transactionId) external view returns (uint256); /** * @notice Returns whether the account has confirmed the transaction. * * @param _transactionId Transaction id to check. * @param _account Address to check. * * @return Confirmed status. */ function isConfirmedBy(uint256 _transactionId, address _account) external view returns (bool); }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.9.0) (utils/Strings.sol) pragma solidity ^0.8.0; import "./math/Math.sol"; import "./math/SignedMath.sol"; /** * @dev String operations. */ library Strings { bytes16 private constant _SYMBOLS = "0123456789abcdef"; uint8 private constant _ADDRESS_LENGTH = 20; /** * @dev Converts a `uint256` to its ASCII `string` decimal representation. */ function toString(uint256 value) internal pure returns (string memory) { unchecked { uint256 length = Math.log10(value) + 1; string memory buffer = new string(length); uint256 ptr; /// @solidity memory-safe-assembly assembly { ptr := add(buffer, add(32, length)) } while (true) { ptr--; /// @solidity memory-safe-assembly assembly { mstore8(ptr, byte(mod(value, 10), _SYMBOLS)) } value /= 10; if (value == 0) break; } return buffer; } } /** * @dev Converts a `int256` to its ASCII `string` decimal representation. */ function toString(int256 value) internal pure returns (string memory) { return string(abi.encodePacked(value < 0 ? "-" : "", toString(SignedMath.abs(value)))); } /** * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation. */ function toHexString(uint256 value) internal pure returns (string memory) { unchecked { return toHexString(value, Math.log256(value) + 1); } } /** * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length. */ function toHexString(uint256 value, uint256 length) internal pure returns (string memory) { bytes memory buffer = new bytes(2 * length + 2); buffer[0] = "0"; buffer[1] = "x"; for (uint256 i = 2 * length + 1; i > 1; --i) { buffer[i] = _SYMBOLS[value & 0xf]; value >>= 4; } require(value == 0, "Strings: hex length insufficient"); return string(buffer); } /** * @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation. */ function toHexString(address addr) internal pure returns (string memory) { return toHexString(uint256(uint160(addr)), _ADDRESS_LENGTH); } /** * @dev Returns true if the two strings are equal. */ function equal(string memory a, string memory b) internal pure returns (bool) { return keccak256(bytes(a)) == keccak256(bytes(b)); } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.9.0) (proxy/utils/Initializable.sol) pragma solidity ^0.8.2; import "../../utils/Address.sol"; /** * @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed * behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an * external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer * function so it can only be called once. The {initializer} modifier provided by this contract will have this effect. * * The initialization functions use a version number. Once a version number is used, it is consumed and cannot be * reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in * case an upgrade adds a module that needs to be initialized. * * For example: * * [.hljs-theme-light.nopadding] * ```solidity * contract MyToken is ERC20Upgradeable { * function initialize() initializer public { * __ERC20_init("MyToken", "MTK"); * } * } * * contract MyTokenV2 is MyToken, ERC20PermitUpgradeable { * function initializeV2() reinitializer(2) public { * __ERC20Permit_init("MyToken"); * } * } * ``` * * TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as * possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}. * * CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure * that all initializers are idempotent. This is not verified automatically as constructors are by Solidity. * * [CAUTION] * ==== * Avoid leaving a contract uninitialized. * * An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation * contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke * the {_disableInitializers} function in the constructor to automatically lock it when it is deployed: * * [.hljs-theme-light.nopadding] * ``` * /// @custom:oz-upgrades-unsafe-allow constructor * constructor() { * _disableInitializers(); * } * ``` * ==== */ abstract contract Initializable { /** * @dev Indicates that the contract has been initialized. * @custom:oz-retyped-from bool */ uint8 private _initialized; /** * @dev Indicates that the contract is in the process of being initialized. */ bool private _initializing; /** * @dev Triggered when the contract has been initialized or reinitialized. */ event Initialized(uint8 version); /** * @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope, * `onlyInitializing` functions can be used to initialize parent contracts. * * Similar to `reinitializer(1)`, except that functions marked with `initializer` can be nested in the context of a * constructor. * * Emits an {Initialized} event. */ modifier initializer() { bool isTopLevelCall = !_initializing; require( (isTopLevelCall && _initialized < 1) || (!Address.isContract(address(this)) && _initialized == 1), "Initializable: contract is already initialized" ); _initialized = 1; if (isTopLevelCall) { _initializing = true; } _; if (isTopLevelCall) { _initializing = false; emit Initialized(1); } } /** * @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the * contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be * used to initialize parent contracts. * * A reinitializer may be used after the original initialization step. This is essential to configure modules that * are added through upgrades and that require initialization. * * When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer` * cannot be nested. If one is invoked in the context of another, execution will revert. * * Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in * a contract, executing them in the right order is up to the developer or operator. * * WARNING: setting the version to 255 will prevent any future reinitialization. * * Emits an {Initialized} event. */ modifier reinitializer(uint8 version) { require(!_initializing && _initialized < version, "Initializable: contract is already initialized"); _initialized = version; _initializing = true; _; _initializing = false; emit Initialized(version); } /** * @dev Modifier to protect an initialization function so that it can only be invoked by functions with the * {initializer} and {reinitializer} modifiers, directly or indirectly. */ modifier onlyInitializing() { require(_initializing, "Initializable: contract is not initializing"); _; } /** * @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call. * Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized * to any version. It is recommended to use this to lock implementation contracts that are designed to be called * through proxies. * * Emits an {Initialized} event the first time it is successfully executed. */ function _disableInitializers() internal virtual { require(!_initializing, "Initializable: contract is initializing"); if (_initialized != type(uint8).max) { _initialized = type(uint8).max; emit Initialized(type(uint8).max); } } /** * @dev Returns the highest version that has been initialized. See {reinitializer}. */ function _getInitializedVersion() internal view returns (uint8) { return _initialized; } /** * @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}. */ function _isInitializing() internal view returns (bool) { return _initializing; } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.9.0) (utils/math/Math.sol) pragma solidity ^0.8.0; /** * @dev Standard math utilities missing in the Solidity language. */ library Math { enum Rounding { Down, // Toward negative infinity Up, // Toward infinity Zero // Toward zero } /** * @dev Returns the largest of two numbers. */ function max(uint256 a, uint256 b) internal pure returns (uint256) { return a > b ? a : b; } /** * @dev Returns the smallest of two numbers. */ function min(uint256 a, uint256 b) internal pure returns (uint256) { return a < b ? a : b; } /** * @dev Returns the average of two numbers. The result is rounded towards * zero. */ function average(uint256 a, uint256 b) internal pure returns (uint256) { // (a + b) / 2 can overflow. return (a & b) + (a ^ b) / 2; } /** * @dev Returns the ceiling of the division of two numbers. * * This differs from standard division with `/` in that it rounds up instead * of rounding down. */ function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) { // (a + b - 1) / b can overflow on addition, so we distribute. return a == 0 ? 0 : (a - 1) / b + 1; } /** * @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or denominator == 0 * @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv) * with further edits by Uniswap Labs also under MIT license. */ function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) { unchecked { // 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use // use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256 // variables such that product = prod1 * 2^256 + prod0. uint256 prod0; // Least significant 256 bits of the product uint256 prod1; // Most significant 256 bits of the product assembly { let mm := mulmod(x, y, not(0)) prod0 := mul(x, y) prod1 := sub(sub(mm, prod0), lt(mm, prod0)) } // Handle non-overflow cases, 256 by 256 division. if (prod1 == 0) { // Solidity will revert if denominator == 0, unlike the div opcode on its own. // The surrounding unchecked block does not change this fact. // See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic. return prod0 / denominator; } // Make sure the result is less than 2^256. Also prevents denominator == 0. require(denominator > prod1, "Math: mulDiv overflow"); /////////////////////////////////////////////// // 512 by 256 division. /////////////////////////////////////////////// // Make division exact by subtracting the remainder from [prod1 prod0]. uint256 remainder; assembly { // Compute remainder using mulmod. remainder := mulmod(x, y, denominator) // Subtract 256 bit number from 512 bit number. prod1 := sub(prod1, gt(remainder, prod0)) prod0 := sub(prod0, remainder) } // Factor powers of two out of denominator and compute largest power of two divisor of denominator. Always >= 1. // See https://cs.stackexchange.com/q/138556/92363. // Does not overflow because the denominator cannot be zero at this stage in the function. uint256 twos = denominator & (~denominator + 1); assembly { // Divide denominator by twos. denominator := div(denominator, twos) // Divide [prod1 prod0] by twos. prod0 := div(prod0, twos) // Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one. twos := add(div(sub(0, twos), twos), 1) } // Shift in bits from prod1 into prod0. prod0 |= prod1 * twos; // Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such // that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for // four bits. That is, denominator * inv = 1 mod 2^4. uint256 inverse = (3 * denominator) ^ 2; // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also works // in modular arithmetic, doubling the correct bits in each step. inverse *= 2 - denominator * inverse; // inverse mod 2^8 inverse *= 2 - denominator * inverse; // inverse mod 2^16 inverse *= 2 - denominator * inverse; // inverse mod 2^32 inverse *= 2 - denominator * inverse; // inverse mod 2^64 inverse *= 2 - denominator * inverse; // inverse mod 2^128 inverse *= 2 - denominator * inverse; // inverse mod 2^256 // Because the division is now exact we can divide by multiplying with the modular inverse of denominator. // This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is // less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1 // is no longer required. result = prod0 * inverse; return result; } } /** * @notice Calculates x * y / denominator with full precision, following the selected rounding direction. */ function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) { uint256 result = mulDiv(x, y, denominator); if (rounding == Rounding.Up && mulmod(x, y, denominator) > 0) { result += 1; } return result; } /** * @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded down. * * Inspired by Henry S. Warren, Jr.'s "Hacker's Delight" (Chapter 11). */ function sqrt(uint256 a) internal pure returns (uint256) { if (a == 0) { return 0; } // For our first guess, we get the biggest power of 2 which is smaller than the square root of the target. // // We know that the "msb" (most significant bit) of our target number `a` is a power of 2 such that we have // `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`. // // This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)` // → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))` // → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)` // // Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit. uint256 result = 1 << (log2(a) >> 1); // At this point `result` is an estimation with one bit of precision. We know the true value is a uint128, // since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at // every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision // into the expected uint128 result. unchecked { result = (result + a / result) >> 1; result = (result + a / result) >> 1; result = (result + a / result) >> 1; result = (result + a / result) >> 1; result = (result + a / result) >> 1; result = (result + a / result) >> 1; result = (result + a / result) >> 1; return min(result, a / result); } } /** * @notice Calculates sqrt(a), following the selected rounding direction. */ function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) { unchecked { uint256 result = sqrt(a); return result + (rounding == Rounding.Up && result * result < a ? 1 : 0); } } /** * @dev Return the log in base 2, rounded down, of a positive value. * Returns 0 if given 0. */ function log2(uint256 value) internal pure returns (uint256) { uint256 result = 0; unchecked { if (value >> 128 > 0) { value >>= 128; result += 128; } if (value >> 64 > 0) { value >>= 64; result += 64; } if (value >> 32 > 0) { value >>= 32; result += 32; } if (value >> 16 > 0) { value >>= 16; result += 16; } if (value >> 8 > 0) { value >>= 8; result += 8; } if (value >> 4 > 0) { value >>= 4; result += 4; } if (value >> 2 > 0) { value >>= 2; result += 2; } if (value >> 1 > 0) { result += 1; } } return result; } /** * @dev Return the log in base 2, following the selected rounding direction, of a positive value. * Returns 0 if given 0. */ function log2(uint256 value, Rounding rounding) internal pure returns (uint256) { unchecked { uint256 result = log2(value); return result + (rounding == Rounding.Up && 1 << result < value ? 1 : 0); } } /** * @dev Return the log in base 10, rounded down, of a positive value. * Returns 0 if given 0. */ function log10(uint256 value) internal pure returns (uint256) { uint256 result = 0; unchecked { if (value >= 10 ** 64) { value /= 10 ** 64; result += 64; } if (value >= 10 ** 32) { value /= 10 ** 32; result += 32; } if (value >= 10 ** 16) { value /= 10 ** 16; result += 16; } if (value >= 10 ** 8) { value /= 10 ** 8; result += 8; } if (value >= 10 ** 4) { value /= 10 ** 4; result += 4; } if (value >= 10 ** 2) { value /= 10 ** 2; result += 2; } if (value >= 10 ** 1) { result += 1; } } return result; } /** * @dev Return the log in base 10, following the selected rounding direction, of a positive value. * Returns 0 if given 0. */ function log10(uint256 value, Rounding rounding) internal pure returns (uint256) { unchecked { uint256 result = log10(value); return result + (rounding == Rounding.Up && 10 ** result < value ? 1 : 0); } } /** * @dev Return the log in base 256, rounded down, of a positive value. * Returns 0 if given 0. * * Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string. */ function log256(uint256 value) internal pure returns (uint256) { uint256 result = 0; unchecked { if (value >> 128 > 0) { value >>= 128; result += 16; } if (value >> 64 > 0) { value >>= 64; result += 8; } if (value >> 32 > 0) { value >>= 32; result += 4; } if (value >> 16 > 0) { value >>= 16; result += 2; } if (value >> 8 > 0) { result += 1; } } return result; } /** * @dev Return the log in base 256, following the selected rounding direction, of a positive value. * Returns 0 if given 0. */ function log256(uint256 value, Rounding rounding) internal pure returns (uint256) { unchecked { uint256 result = log256(value); return result + (rounding == Rounding.Up && 1 << (result << 3) < value ? 1 : 0); } } }
// SPDX-License-Identifier: MIT pragma solidity ^0.8.0; import { Encoding } from "./Encoding.sol"; import { RLPWriter } from "./rlp/RLPWriter.sol"; import { Types } from "./Types.sol"; /** * @title Hashing * @notice Hashing handles Kroma's various different hashing schemes. */ library Hashing { /** * @notice Computes the hash of the RLP encoded L2 transaction that would be generated when a * given deposit is sent to the L2 system. Useful for searching for a deposit in the L2 * system. * * @param _tx User deposit transaction to hash. * * @return Hash of the RLP encoded L2 deposit transaction. */ function hashDepositTransaction(Types.UserDepositTransaction memory _tx) internal pure returns (bytes32) { return keccak256(Encoding.encodeDepositTransaction(_tx)); } /** * @notice Computes the deposit transaction's "source hash", a value that guarantees the hash * of the L2 transaction that corresponds to a deposit is unique and is * deterministically generated from L1 transaction data. * * @param _l1BlockHash Hash of the L1 block where the deposit was included. * @param _logIndex The index of the log that created the deposit transaction. * * @return Hash of the deposit transaction's "source hash". */ function hashDepositSource(bytes32 _l1BlockHash, uint64 _logIndex) internal pure returns (bytes32) { bytes32 depositId = keccak256(abi.encode(_l1BlockHash, _logIndex)); return keccak256(abi.encode(bytes32(0), depositId)); } /** * @notice Hashes the cross domain message based on the version that is encoded into the * message nonce. * * @param _nonce Message nonce with version encoded into the first two bytes. * @param _sender Address of the sender of the message. * @param _target Address of the target of the message. * @param _value ETH value to send to the target. * @param _gasLimit Gas limit to use for the message. * @param _data Data to send with the message. * * @return Hashed cross domain message. */ function hashCrossDomainMessage( uint256 _nonce, address _sender, address _target, uint256 _value, uint256 _gasLimit, bytes memory _data ) internal pure returns (bytes32) { (, uint16 version) = Encoding.decodeVersionedNonce(_nonce); if (version == 0) { return hashCrossDomainMessageV0(_nonce, _sender, _target, _value, _gasLimit, _data); } else { revert("Hashing: unknown cross domain message version"); } } /** * @notice Hashes a cross domain message based on the V0 (current) encoding. * * @param _nonce Message nonce. * @param _sender Address of the sender of the message. * @param _target Address of the target of the message. * @param _value ETH value to send to the target. * @param _gasLimit Gas limit to use for the message. * @param _data Data to send with the message. * * @return Hashed cross domain message. */ function hashCrossDomainMessageV0( uint256 _nonce, address _sender, address _target, uint256 _value, uint256 _gasLimit, bytes memory _data ) internal pure returns (bytes32) { return keccak256( Encoding.encodeCrossDomainMessageV0( _nonce, _sender, _target, _value, _gasLimit, _data ) ); } /** * @notice Derives the withdrawal hash according to the encoding in the L2 Withdrawer contract * * @param _tx Withdrawal transaction to hash. * * @return Hashed withdrawal transaction. */ function hashWithdrawal(Types.WithdrawalTransaction memory _tx) internal pure returns (bytes32) { return keccak256( abi.encode(_tx.nonce, _tx.sender, _tx.target, _tx.value, _tx.gasLimit, _tx.data) ); } /** * @notice Hashes the various elements of an output root proof into an output root hash which * can be used to check if the proof is valid. * * @param _outputRootProof Output root proof which should be hashed to an output root. * * @return Hashed output root proof. */ function hashOutputRootProof(Types.OutputRootProof memory _outputRootProof) internal pure returns (bytes32) { if (_outputRootProof.version == bytes32(uint256(0))) { return hashOutputRootProofV0(_outputRootProof); } else { revert("Hashing: unknown output root proof version"); } } /** * @notice Hashes the various elements of an output root proof into an output root hash which * can be used to check if the proof is valid. (version 0) * * @param _outputRootProof Output root proof which should be hashed to an output root. * * @return Hashed output root proof. */ function hashOutputRootProofV0(Types.OutputRootProof memory _outputRootProof) internal pure returns (bytes32) { return keccak256( abi.encode( _outputRootProof.version, _outputRootProof.stateRoot, _outputRootProof.messagePasserStorageRoot, _outputRootProof.blockHash, _outputRootProof.nextBlockHash ) ); } /** * @notice Fills the values of the block hash fields to a given bytes. * * @param _publicInput Public input which should be hashed to a block hash. * @param _rlps Pre-RLP encoded data which should be hashed to a block hash. * @param _raw An array of bytes to be populated. */ function _fillBlockHashFieldsToBytes( Types.PublicInput memory _publicInput, Types.BlockHeaderRLP memory _rlps, bytes[] memory _raw ) private pure { _raw[0] = RLPWriter.writeBytes(abi.encodePacked(_publicInput.parentHash)); _raw[1] = _rlps.uncleHash; _raw[2] = _rlps.coinbase; _raw[3] = RLPWriter.writeBytes(abi.encodePacked(_publicInput.stateRoot)); _raw[4] = RLPWriter.writeBytes(abi.encodePacked(_publicInput.transactionsRoot)); _raw[5] = _rlps.receiptsRoot; _raw[6] = _rlps.logsBloom; _raw[7] = _rlps.difficulty; _raw[8] = RLPWriter.writeUint(_publicInput.number); _raw[9] = RLPWriter.writeUint(_publicInput.gasLimit); _raw[10] = _rlps.gasUsed; _raw[11] = RLPWriter.writeUint(_publicInput.timestamp); _raw[12] = _rlps.extraData; _raw[13] = _rlps.mixHash; _raw[14] = _rlps.nonce; _raw[15] = RLPWriter.writeUint(_publicInput.baseFee); } /** * @notice Hashes the various elements of a block header into a block hash(before shanghai). * * @param _publicInput Public input which should be hashed to a block hash. * @param _rlps Pre-RLP encoded data which should be hashed to a block hash. * * @return Hashed block header. */ function hashBlockHeader( Types.PublicInput memory _publicInput, Types.BlockHeaderRLP memory _rlps ) internal pure returns (bytes32) { bytes[] memory raw = new bytes[](16); _fillBlockHashFieldsToBytes(_publicInput, _rlps, raw); return keccak256(RLPWriter.writeList(raw)); } /** * @notice Hashes the various elements of a block header into a block hash(after shanghai). * * @param _publicInput Public input which should be hashed to a block hash. * @param _rlps Pre-RLP encoded data which should be hashed to a block hash. * * @return Hashed block header. */ function hashBlockHeaderShanghai( Types.PublicInput memory _publicInput, Types.BlockHeaderRLP memory _rlps ) internal pure returns (bytes32) { bytes[] memory raw = new bytes[](17); _fillBlockHashFieldsToBytes(_publicInput, _rlps, raw); raw[16] = RLPWriter.writeBytes(abi.encodePacked(_publicInput.withdrawalsRoot)); return keccak256(RLPWriter.writeList(raw)); } /** * @notice Hashes the various elements of a public input into a public input hash. * * @param _prevStateRoot Previous state root. * @param _publicInput Public input which should be hashed to a public input hash. * @param _dummyHashes Dummy hashes returned from generateDummyHashes(). * * @return Hashed block header. */ function hashPublicInput( bytes32 _prevStateRoot, Types.PublicInput memory _publicInput, bytes32[] memory _dummyHashes ) internal pure returns (bytes32) { return keccak256( abi.encodePacked( _prevStateRoot, _publicInput.stateRoot, _publicInput.withdrawalsRoot, _publicInput.blockHash, _publicInput.parentHash, _publicInput.number, _publicInput.timestamp, _publicInput.baseFee, _publicInput.gasLimit, uint16(_publicInput.txHashes.length), _publicInput.txHashes, _dummyHashes ) ); } /** * @notice Generates a bytes32 array filled with a dummy hash for the given length. * * @param _dummyHashes Dummy hash. * @param _length A length of the array. * * @return Bytes32 array filled with dummy hash. */ function generateDummyHashes(bytes32 _dummyHashes, uint256 _length) internal pure returns (bytes32[] memory) { bytes32[] memory hashes = new bytes32[](_length); for (uint256 i = 0; i < _length; i++) { hashes[i] = _dummyHashes; } return hashes; } }
// SPDX-License-Identifier: MIT pragma solidity ^0.8.0; /** * @title Predeploys * @notice Contains constant addresses for contracts that are pre-deployed to the L2 system. */ library Predeploys { /** * @notice Address of the ProxyAdmin predeploy. */ address internal constant PROXY_ADMIN = 0x4200000000000000000000000000000000000000; /** * @notice Address of the L1Block predeploy. */ address internal constant L1_BLOCK_ATTRIBUTES = 0x4200000000000000000000000000000000000002; /** * @notice Address of the L2ToL1MessagePasser predeploy. */ address internal constant L2_TO_L1_MESSAGE_PASSER = 0x4200000000000000000000000000000000000003; /** * @notice Address of the L2CrossDomainMessenger predeploy. */ address internal constant L2_CROSS_DOMAIN_MESSENGER = 0x4200000000000000000000000000000000000004; /** * @notice Address of the GasPriceOracle predeploy. Includes fee information * and helpers for computing the L1 portion of the transaction fee. */ address internal constant GAS_PRICE_ORACLE = 0x4200000000000000000000000000000000000005; /** * @notice Address of the ProtocolVault predeploy. */ address internal constant PROTOCOL_VAULT = 0x4200000000000000000000000000000000000006; /** * @notice Address of the ProposerRewardVault predeploy. */ address internal constant PROPOSER_REWARD_VAULT = 0x4200000000000000000000000000000000000007; /** * @notice Address of the ValidatorRewardVault predeploy. */ address internal constant VALIDATOR_REWARD_VAULT = 0x4200000000000000000000000000000000000008; /** * @notice Address of the L2StandardBridge predeploy. */ address internal constant L2_STANDARD_BRIDGE = 0x4200000000000000000000000000000000000009; /** * @notice Address of the L2ERC721Bridge predeploy. */ address internal constant L2_ERC721_BRIDGE = 0x420000000000000000000000000000000000000A; /** * @notice Address of the KromaMintableERC20Factory predeploy. */ address internal constant KROMA_MINTABLE_ERC20_FACTORY = 0x420000000000000000000000000000000000000B; /** * @notice Address of the KromaMintableERC721Factory predeploy. */ address internal constant KROMA_MINTABLE_ERC721_FACTORY = 0x420000000000000000000000000000000000000c; }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; /** * @title IZKMerkleTrie */ interface IZKMerkleTrie { /** * @notice Verifies a proof that a given key/value pair is present in the trie. * * @param _key Key of the node to search for, as a hex string. * @param _value Value of the node to search for, as a hex string. * @param _proofs Merkle trie inclusion proof for the desired node. * @param _root Known root of the Merkle trie. Used to verify that the included proof is * correctly constructed. * * @return Whether or not the proof is valid. */ function verifyInclusionProof( bytes32 _key, bytes memory _value, bytes[] memory _proofs, bytes32 _root ) external view returns (bool); }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { Initializable } from "@openzeppelin/contracts/proxy/utils/Initializable.sol"; import { Constants } from "../libraries/Constants.sol"; import { Types } from "../libraries/Types.sol"; import { Semver } from "../universal/Semver.sol"; import { ValidatorPool } from "./ValidatorPool.sol"; /** * @custom:proxied * @title L2OutputOracle * @notice The L2OutputOracle contains an array of L2 state outputs, where each output is a * commitment to the state of the L2 chain. Other contracts like the KromaPortal use * these outputs to verify information about the state of L2. */ contract L2OutputOracle is Initializable, Semver { /** * @notice The address of the validator pool contract. Can be updated via upgrade. */ ValidatorPool public immutable VALIDATOR_POOL; /** * @notice The address of the colosseum contract. Can be updated via upgrade. */ address public immutable COLOSSEUM; /** * @notice The interval in L2 blocks at which checkpoints must be submitted. Although this is * immutable, it can be modified by upgrading the implementation contract. * Note that nodes that fetch and use this value need to restart when it is modified. */ uint256 public immutable SUBMISSION_INTERVAL; /** * @notice The time between L2 blocks in seconds. Once set, this value MUST NOT be modified. */ uint256 public immutable L2_BLOCK_TIME; /** * @notice Minimum time (in seconds) that must elapse before a withdrawal can be finalized. */ uint256 public immutable FINALIZATION_PERIOD_SECONDS; /** * @notice The number of the first L2 block recorded in this contract. */ uint256 public startingBlockNumber; /** * @notice The timestamp of the first L2 block recorded in this contract. */ uint256 public startingTimestamp; /** * @notice Array of L2 checkpoint outputs. */ Types.CheckpointOutput[] internal l2Outputs; /** * @notice Emitted when an output is submitted. * * @param outputRoot The output root. * @param l2OutputIndex The index of the output in the l2Outputs array. * @param l2BlockNumber The L2 block number of the output root. * @param l1Timestamp The L1 timestamp when submitted. */ event OutputSubmitted( bytes32 indexed outputRoot, uint256 indexed l2OutputIndex, uint256 indexed l2BlockNumber, uint256 l1Timestamp ); /** * @notice Emitted when an output is replaced. * * @param outputIndex Replaced L2 output index. * @param newOutputRoot L2 output root after replacement. */ event OutputReplaced(uint256 indexed outputIndex, bytes32 newOutputRoot); /** * @custom:semver 1.0.0 * * @param _validatorPool The address of the ValidatorPool contract. * @param _colosseum The address of the Colosseum contract. * @param _submissionInterval Interval in blocks at which checkpoints must be submitted. * @param _l2BlockTime The time per L2 block, in seconds. * @param _startingBlockNumber The number of the first L2 block. * @param _startingTimestamp The timestamp of the first L2 block. * @param _finalizationPeriodSeconds Output finalization time in seconds. */ constructor( ValidatorPool _validatorPool, address _colosseum, uint256 _submissionInterval, uint256 _l2BlockTime, uint256 _startingBlockNumber, uint256 _startingTimestamp, uint256 _finalizationPeriodSeconds ) Semver(1, 0, 0) { require(_l2BlockTime > 0, "L2OutputOracle: L2 block time must be greater than 0"); require( _submissionInterval > 0, "L2OutputOracle: submission interval must be greater than 0" ); VALIDATOR_POOL = _validatorPool; COLOSSEUM = _colosseum; SUBMISSION_INTERVAL = _submissionInterval; L2_BLOCK_TIME = _l2BlockTime; FINALIZATION_PERIOD_SECONDS = _finalizationPeriodSeconds; initialize(_startingBlockNumber, _startingTimestamp); } /** * @notice Initializer. * * @param _startingBlockNumber Block number for the first recorded L2 block. * @param _startingTimestamp Timestamp for the first recorded L2 block. */ function initialize(uint256 _startingBlockNumber, uint256 _startingTimestamp) public initializer { require( _startingTimestamp <= block.timestamp, "L2OutputOracle: starting L2 timestamp must be less than current time" ); startingTimestamp = _startingTimestamp; startingBlockNumber = _startingBlockNumber; } /** * @notice Replaces the output that corresponds to the given output index. * Only the Colosseum contract can replace an output. * * @param _l2OutputIndex Index of the L2 output to be replaced. * @param _newOutputRoot The L2 output root to replace the existing one. * @param _submitter Address of the L2 output submitter. */ function replaceL2Output( uint256 _l2OutputIndex, bytes32 _newOutputRoot, address _submitter ) external { require( msg.sender == COLOSSEUM, "L2OutputOracle: only the colosseum contract can replace an output" ); require(_submitter != address(0), "L2OutputOracle: submitter address cannot be zero"); // Make sure we're not *increasing* the length of the array. require( _l2OutputIndex < l2Outputs.length, "L2OutputOracle: cannot replace an output after the latest output index" ); Types.CheckpointOutput storage output = l2Outputs[_l2OutputIndex]; // Do not allow replacing any outputs that have already been finalized. require( block.timestamp - output.timestamp < FINALIZATION_PERIOD_SECONDS, "L2OutputOracle: cannot replace an output that has already been finalized" ); output.outputRoot = _newOutputRoot; output.submitter = _submitter; emit OutputReplaced(_l2OutputIndex, _newOutputRoot); } /** * @notice Accepts an outputRoot and the block number of the corresponding L2 block. * The block number must be equal to the current value returned by `nextBlockNumber()` * in order to be accepted. This function may only be called by the validator. * * @param _outputRoot The L2 output of the checkpoint block. * @param _l2BlockNumber The L2 block number that resulted in _outputRoot. * @param _l1BlockHash A block hash which must be included in the current chain. * @param _l1BlockNumber The block number with the specified block hash. */ function submitL2Output( bytes32 _outputRoot, uint256 _l2BlockNumber, bytes32 _l1BlockHash, uint256 _l1BlockNumber ) external payable { address nextValidator = VALIDATOR_POOL.nextValidator(); // If it's not a public round, only selected validators can submit output. if (nextValidator != Constants.VALIDATOR_PUBLIC_ROUND_ADDRESS) { require( msg.sender == nextValidator, "L2OutputOracle: only the next selected validator can submit output" ); } require( _l2BlockNumber == nextBlockNumber(), "L2OutputOracle: block number must be equal to next expected block number" ); require( computeL2Timestamp(_l2BlockNumber) < block.timestamp, "L2OutputOracle: cannot submit L2 output in the future" ); require( _outputRoot != bytes32(0), "L2OutputOracle: L2 checkpoint output cannot be the zero hash" ); if (_l1BlockHash != bytes32(0) && blockhash(_l1BlockNumber) != bytes32(0)) { // This check allows the validator to submit an output based on a given L1 block, // without fear that it will be reorged out. // It will be skipped if the blockheight provided is more than 256 blocks behind the // chain tip (as the hash will return as zero). require( blockhash(_l1BlockNumber) == _l1BlockHash, "L2OutputOracle: block hash does not match the hash at the expected height" ); } uint256 outputIndex = nextOutputIndex(); l2Outputs.push( Types.CheckpointOutput({ submitter: msg.sender, outputRoot: _outputRoot, timestamp: uint128(block.timestamp), l2BlockNumber: uint128(_l2BlockNumber) }) ); emit OutputSubmitted(_outputRoot, outputIndex, _l2BlockNumber, block.timestamp); VALIDATOR_POOL.createBond( outputIndex, uint128(block.timestamp + FINALIZATION_PERIOD_SECONDS) ); } /** * @notice Returns an output by index. Reverts if output is not found at the given index. * * @param _l2OutputIndex Index of the output to return. * * @return The output at the given index. */ function getL2Output(uint256 _l2OutputIndex) external view returns (Types.CheckpointOutput memory) { return l2Outputs[_l2OutputIndex]; } /** * @notice Returns the index of the L2 output that checkpoints a given L2 block number. Uses a * binary search to find the first output greater than or equal to the given block. * * @param _l2BlockNumber L2 block number to find a checkpoint for. * * @return Index of the first checkpoint that commits to the given L2 block number. */ function getL2OutputIndexAfter(uint256 _l2BlockNumber) public view returns (uint256) { // Make sure an output for this block number has actually been submitted. require( _l2BlockNumber <= latestBlockNumber(), "L2OutputOracle: cannot get output for a block that has not been submitted" ); // Make sure there's at least one output submitted. require( l2Outputs.length > 0, "L2OutputOracle: cannot get output as no outputs have been submitted yet" ); // Find the output via binary search, guaranteed to exist. uint256 lo = 0; uint256 hi = l2Outputs.length; while (lo < hi) { uint256 mid = (lo + hi) / 2; if (l2Outputs[mid].l2BlockNumber < _l2BlockNumber) { lo = mid + 1; } else { hi = mid; } } return lo; } /** * @notice Returns the L2 checkpoint output that checkpoints a given L2 block number. * * @param _l2BlockNumber L2 block number to find a checkpoint for. * * @return First checkpoint that commits to the given L2 block number. */ function getL2OutputAfter(uint256 _l2BlockNumber) external view returns (Types.CheckpointOutput memory) { return l2Outputs[getL2OutputIndexAfter(_l2BlockNumber)]; } /** * @notice Returns the index of the latest submitted output. Will revert if no outputs * have been submitted yet. * * @return The index of the latest submitted output. */ function latestOutputIndex() external view returns (uint256) { return l2Outputs.length - 1; } /** * @notice Returns the index of the next output to be submitted. * * @return The index of the next output to be submitted. */ function nextOutputIndex() public view returns (uint256) { return l2Outputs.length; } /** * @notice Returns the block number of the latest submitted L2 checkpoint output. If no outputs * have been submitted yet then this function will return the starting block number. * * @return Latest submitted L2 block number. */ function latestBlockNumber() public view returns (uint256) { return l2Outputs.length == 0 ? startingBlockNumber : l2Outputs[l2Outputs.length - 1].l2BlockNumber; } /** * @notice Computes the block number of the next L2 block that needs to be checkpointed. If no * outputs have been submitted yet then this function will return the latest block * number, which is the starting block number. * * @return Next L2 block number. */ function nextBlockNumber() public view returns (uint256) { return l2Outputs.length == 0 ? latestBlockNumber() : latestBlockNumber() + SUBMISSION_INTERVAL; } /** * @notice Returns the L2 timestamp corresponding to a given L2 block number. * * @param _l2BlockNumber The L2 block number of the target block. * * @return L2 timestamp of the given block. */ function computeL2Timestamp(uint256 _l2BlockNumber) public view returns (uint256) { return startingTimestamp + ((_l2BlockNumber - startingBlockNumber) * L2_BLOCK_TIME); } /** * @notice Returns the address of the L2 output submitter. * * @param _outputIndex Index of an output. * * @return Address of the submitter. */ function getSubmitter(uint256 _outputIndex) external view returns (address) { return l2Outputs[_outputIndex].submitter; } /** * @notice Returns if the output of given index is finalized. * * @param _outputIndex Index of an output. * * @return If the given output is finalized or not. */ function isFinalized(uint256 _outputIndex) external view returns (bool) { return l2Outputs[_outputIndex].timestamp + FINALIZATION_PERIOD_SECONDS < block.timestamp; } /** * @notice Returns the finalization time of given output index. * * @param _outputIndex Index of an output. * * @return The finalization time of given output index. */ function finalizedAt(uint256 _outputIndex) external view returns (uint256) { return l2Outputs[_outputIndex].timestamp + FINALIZATION_PERIOD_SECONDS; } }
// SPDX-License-Identifier: GPL-3.0 pragma solidity 0.8.15; import { Semver } from "../universal/Semver.sol"; contract ZKVerifier is Semver { uint256 internal immutable HASH_SCALAR_VALUE; uint256 internal immutable M_56_PX_VALUE; uint256 internal immutable M_56_PY_VALUE; constructor( uint256 _hashScalar, uint256 _m56Px, uint256 _m56Py ) Semver(0, 1, 4) { HASH_SCALAR_VALUE = _hashScalar; M_56_PX_VALUE = _m56Px; M_56_PY_VALUE = _m56Py; } function pairing(G1Point[] memory p1, G2Point[] memory p2) internal view returns (bool) { uint256 length = p1.length * 6; uint256[] memory input = new uint256[](length); uint256[1] memory result; bool ret; require(p1.length == p2.length); for (uint256 i = 0; i < p1.length; i++) { input[0 + i * 6] = p1[i].x; input[1 + i * 6] = p1[i].y; input[2 + i * 6] = p2[i].x[0]; input[3 + i * 6] = p2[i].x[1]; input[4 + i * 6] = p2[i].y[0]; input[5 + i * 6] = p2[i].y[1]; } assembly { ret := staticcall(gas(), 8, add(input, 0x20), mul(length, 0x20), result, 0x20) } require(ret); return result[0] != 0; } uint256 constant q_mod = 21888242871839275222246405745257275088548364400416034343698204186575808495617; function fr_invert(uint256 a) internal view returns (uint256) { return fr_pow(a, q_mod - 2); } function fr_pow(uint256 a, uint256 power) internal view returns (uint256) { uint256[6] memory input; uint256[1] memory result; bool ret; input[0] = 32; input[1] = 32; input[2] = 32; input[3] = a; input[4] = power; input[5] = q_mod; assembly { ret := staticcall(gas(), 0x05, input, 0xc0, result, 0x20) } require(ret); return result[0]; } function fr_div(uint256 a, uint256 b) internal view returns (uint256) { require(b != 0); return mulmod(a, fr_invert(b), q_mod); } function fr_mul_add( uint256 a, uint256 b, uint256 c ) internal pure returns (uint256) { return addmod(mulmod(a, b, q_mod), c, q_mod); } function fr_mul_add_pm( uint256[84] memory m, uint256[] calldata proof, uint256 opcode, uint256 t ) internal pure returns (uint256) { for (uint256 i = 0; i < 32; i += 2) { uint256 a = opcode & 0xff; if (a != 0xff) { opcode >>= 8; uint256 b = opcode & 0xff; opcode >>= 8; t = addmod(mulmod(proof[a], m[b], q_mod), t, q_mod); } else { break; } } return t; } function fr_mul_add_mt( uint256[84] memory m, uint256 base, uint256 opcode, uint256 t ) internal pure returns (uint256) { for (uint256 i = 0; i < 32; i += 1) { uint256 a = opcode & 0xff; if (a != 0xff) { opcode >>= 8; t = addmod(mulmod(base, t, q_mod), m[a], q_mod); } else { break; } } return t; } function fr_reverse(uint256 input) internal pure returns (uint256 v) { v = input; // swap bytes v = ((v & 0xFF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00) >> 8) | ((v & 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) << 8); // swap 2-byte long pairs v = ((v & 0xFFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000) >> 16) | ((v & 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) << 16); // swap 4-byte long pairs v = ((v & 0xFFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000) >> 32) | ((v & 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) << 32); // swap 8-byte long pairs v = ((v & 0xFFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF0000000000000000) >> 64) | ((v & 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) << 64); // swap 16-byte long pairs v = (v >> 128) | (v << 128); } uint256 constant p_mod = 21888242871839275222246405745257275088696311157297823662689037894645226208583; struct G1Point { uint256 x; uint256 y; } struct G2Point { uint256[2] x; uint256[2] y; } function ecc_from(uint256 x, uint256 y) internal pure returns (G1Point memory r) { r.x = x; r.y = y; } function ecc_add( uint256 ax, uint256 ay, uint256 bx, uint256 by ) internal view returns (uint256, uint256) { bool ret = false; G1Point memory r; uint256[4] memory input_points; input_points[0] = ax; input_points[1] = ay; input_points[2] = bx; input_points[3] = by; assembly { ret := staticcall(gas(), 6, input_points, 0x80, r, 0x40) } require(ret); return (r.x, r.y); } function ecc_sub( uint256 ax, uint256 ay, uint256 bx, uint256 by ) internal view returns (uint256, uint256) { return ecc_add(ax, ay, bx, p_mod - by); } function ecc_mul( uint256 px, uint256 py, uint256 s ) internal view returns (uint256, uint256) { uint256[3] memory input; bool ret = false; G1Point memory r; input[0] = px; input[1] = py; input[2] = s; assembly { ret := staticcall(gas(), 7, input, 0x60, r, 0x40) } require(ret); return (r.x, r.y); } function _ecc_mul_add(uint256[5] memory input) internal view { bool ret = false; assembly { ret := staticcall(gas(), 7, input, 0x60, add(input, 0x20), 0x40) } require(ret); assembly { ret := staticcall(gas(), 6, add(input, 0x20), 0x80, add(input, 0x60), 0x40) } require(ret); } function ecc_mul_add( uint256 px, uint256 py, uint256 s, uint256 qx, uint256 qy ) internal view returns (uint256, uint256) { uint256[5] memory input; input[0] = px; input[1] = py; input[2] = s; input[3] = qx; input[4] = qy; _ecc_mul_add(input); return (input[3], input[4]); } function ecc_mul_add_pm( uint256[84] memory m, uint256[] calldata proof, uint256 opcode, uint256 t0, uint256 t1 ) internal view returns (uint256, uint256) { uint256[5] memory input; input[3] = t0; input[4] = t1; for (uint256 i = 0; i < 32; i += 2) { uint256 a = opcode & 0xff; if (a != 0xff) { opcode >>= 8; uint256 b = opcode & 0xff; opcode >>= 8; input[0] = proof[a]; input[1] = proof[a + 1]; input[2] = m[b]; _ecc_mul_add(input); } else { break; } } return (input[3], input[4]); } function update_hash_scalar( uint256 v, uint256[144] memory absorbing, uint256 pos ) internal pure { absorbing[pos++] = 0x02; absorbing[pos++] = v; } function update_hash_point( uint256 x, uint256 y, uint256[144] memory absorbing, uint256 pos ) internal pure { absorbing[pos++] = 0x01; absorbing[pos++] = x; absorbing[pos++] = y; } function to_scalar(bytes32 r) private pure returns (uint256 v) { uint256 tmp = uint256(r); tmp = fr_reverse(tmp); v = tmp % 0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001; } function hash(uint256[144] memory absorbing, uint256 length) private view returns (bytes32[1] memory v) { bool success; assembly { success := staticcall(sub(gas(), 2000), 2, absorbing, length, v, 32) switch success case 0 { invalid() } } assert(success); } function squeeze_challenge(uint256[144] memory absorbing, uint32 length) internal view returns (uint256 v) { absorbing[length] = 0; bytes32 res = hash(absorbing, length * 32 + 1)[0]; v = to_scalar(res); absorbing[0] = uint256(res); length = 1; } function get_verify_circuit_g2_s() internal pure returns (G2Point memory s) { s.x[0] = uint256( 11029560635643983818885738975758839003131865733814273016801144285524936684972 ); s.x[1] = uint256( 10665153487364924395451186075663597035495902496253353881119509267933768999122 ); s.y[0] = uint256( 18790173187318184075281544452912101572166071561689308149111466352378718492148 ); s.y[1] = uint256( 18755874088236213082062601512863221433227017725453112019151604716957419045549 ); } function get_verify_circuit_g2_n() internal pure returns (G2Point memory n) { n.x[0] = uint256( 11559732032986387107991004021392285783925812861821192530917403151452391805634 ); n.x[1] = uint256( 10857046999023057135944570762232829481370756359578518086990519993285655852781 ); n.y[0] = uint256( 17805874995975841540914202342111839520379459829704422454583296818431106115052 ); n.y[1] = uint256( 13392588948715843804641432497768002650278120570034223513918757245338268106653 ); } function get_target_circuit_g2_s() internal pure returns (G2Point memory s) { s.x[0] = uint256( 11029560635643983818885738975758839003131865733814273016801144285524936684972 ); s.x[1] = uint256( 10665153487364924395451186075663597035495902496253353881119509267933768999122 ); s.y[0] = uint256( 18790173187318184075281544452912101572166071561689308149111466352378718492148 ); s.y[1] = uint256( 18755874088236213082062601512863221433227017725453112019151604716957419045549 ); } function get_target_circuit_g2_n() internal pure returns (G2Point memory n) { n.x[0] = uint256( 11559732032986387107991004021392285783925812861821192530917403151452391805634 ); n.x[1] = uint256( 10857046999023057135944570762232829481370756359578518086990519993285655852781 ); n.y[0] = uint256( 17805874995975841540914202342111839520379459829704422454583296818431106115052 ); n.y[1] = uint256( 13392588948715843804641432497768002650278120570034223513918757245338268106653 ); } function get_wx_wg(uint256[] calldata proof, uint256[6] memory instances) internal view returns ( uint256, uint256, uint256, uint256 ) { uint256[84] memory m; uint256[144] memory absorbing; uint256 t0 = 0; uint256 t1 = 0; (t0, t1) = ( ecc_mul( 17789833092049612098151701936050358897264906311798010005527050942756852717298, 10895600437035740537762783734736154159991587515994553016519128117735745182853, instances[0] ) ); (t0, t1) = ( ecc_mul_add( 10543918255196573445400399528935519333175023389167175628125725368018220699826, 12766487347162664556283708113947771881161039794532633041152166890738441603652, instances[1], t0, t1 ) ); (t0, t1) = ( ecc_mul_add( 17008203783108743202559440655757700533653854901598142405028623347702668473277, 21814804208982435371780097106882418706885400711730256673026973858149650971299, instances[2], t0, t1 ) ); (t0, t1) = ( ecc_mul_add( 16811698451652309858363601322080891018704447409836823044944128338389236089077, 18899539994854832158038246139972325143494193687503547200838261777721006548399, instances[3], t0, t1 ) ); (t0, t1) = ( ecc_mul_add( 5494852631096636459288403096263717084869030781267238852252122493224146048270, 15370627062079108379015892130008397963684601860044622201721093508656326957966, instances[4], t0, t1 ) ); (m[0], m[1]) = ( ecc_mul_add( 15605904389647533645433956766425544672547314322654580577432084020959766066522, 2981854610112145395053419471185791838523574193883358734299031423326998004318, instances[5], t0, t1 ) ); update_hash_scalar(HASH_SCALAR_VALUE, absorbing, 0); update_hash_point(m[0], m[1], absorbing, 2); for (t0 = 0; t0 <= 4; t0++) { update_hash_point(proof[0 + t0 * 2], proof[1 + t0 * 2], absorbing, 5 + t0 * 3); } m[2] = (squeeze_challenge(absorbing, 20)); for (t0 = 0; t0 <= 13; t0++) { update_hash_point(proof[10 + t0 * 2], proof[11 + t0 * 2], absorbing, 1 + t0 * 3); } m[3] = (squeeze_challenge(absorbing, 43)); m[4] = (squeeze_challenge(absorbing, 1)); for (t0 = 0; t0 <= 9; t0++) { update_hash_point(proof[38 + t0 * 2], proof[39 + t0 * 2], absorbing, 1 + t0 * 3); } m[5] = (squeeze_challenge(absorbing, 31)); for (t0 = 0; t0 <= 3; t0++) { update_hash_point(proof[58 + t0 * 2], proof[59 + t0 * 2], absorbing, 1 + t0 * 3); } m[6] = (squeeze_challenge(absorbing, 13)); for (t0 = 0; t0 <= 70; t0++) { update_hash_scalar(proof[66 + t0 * 1], absorbing, 1 + t0 * 2); } m[7] = (squeeze_challenge(absorbing, 143)); for (t0 = 0; t0 <= 3; t0++) { update_hash_point(proof[137 + t0 * 2], proof[138 + t0 * 2], absorbing, 1 + t0 * 3); } m[8] = (squeeze_challenge(absorbing, 13)); m[9] = ( mulmod( m[6], 13446667982376394161563610564587413125564757801019538732601045199901075958935, q_mod ) ); m[10] = ( mulmod( m[6], 16569469942529664681363945218228869388192121720036659574609237682362097667612, q_mod ) ); m[11] = ( mulmod( m[6], 14803907026430593724305438564799066516271154714737734572920456128449769927233, q_mod ) ); m[12] = (fr_pow(m[6], 67108864)); m[13] = (addmod(m[12], q_mod - 1, q_mod)); m[14] = ( mulmod( 21888242545679039938882419398440172875981108180010270949818755658014750055173, m[13], q_mod ) ); t0 = (addmod(m[6], q_mod - 1, q_mod)); m[14] = (fr_div(m[14], t0)); m[15] = ( mulmod( 3495999257316610708652455694658595065970881061159015347599790211259094641512, m[13], q_mod ) ); t0 = ( addmod( m[6], q_mod - 14803907026430593724305438564799066516271154714737734572920456128449769927233, q_mod ) ); m[15] = (fr_div(m[15], t0)); m[16] = ( mulmod( 12851378806584061886934576302961450669946047974813165594039554733293326536714, m[13], q_mod ) ); t0 = ( addmod( m[6], q_mod - 11377606117859914088982205826922132024839443553408109299929510653283289974216, q_mod ) ); m[16] = (fr_div(m[16], t0)); m[17] = ( mulmod( 14638077285440018490948843142723135319134576188472316769433007423695824509066, m[13], q_mod ) ); t0 = ( addmod( m[6], q_mod - 3693565015985198455139889557180396682968596245011005461846595820698933079918, q_mod ) ); m[17] = (fr_div(m[17], t0)); m[18] = ( mulmod( 18027939092386982308810165776478549635922357517986691900813373197616541191289, m[13], q_mod ) ); t0 = ( addmod( m[6], q_mod - 17329448237240114492580865744088056414251735686965494637158808787419781175510, q_mod ) ); m[18] = (fr_div(m[18], t0)); m[19] = ( mulmod( 912591536032578604421866340844550116335029274442283291811906603256731601654, m[13], q_mod ) ); t0 = ( addmod( m[6], q_mod - 6047398202650739717314770882059679662647667807426525133977681644606291529311, q_mod ) ); m[19] = (fr_div(m[19], t0)); m[20] = ( mulmod( 17248638560015646562374089181598815896736916575459528793494921668169819478628, m[13], q_mod ) ); t0 = ( addmod( m[6], q_mod - 16569469942529664681363945218228869388192121720036659574609237682362097667612, q_mod ) ); m[20] = (fr_div(m[20], t0)); t0 = (addmod(m[15], m[16], q_mod)); t0 = (addmod(t0, m[17], q_mod)); t0 = (addmod(t0, m[18], q_mod)); m[15] = (addmod(t0, m[19], q_mod)); t0 = (fr_mul_add(proof[74], proof[72], proof[73])); t0 = (fr_mul_add(proof[75], proof[67], t0)); t0 = (fr_mul_add(proof[76], proof[68], t0)); t0 = (fr_mul_add(proof[77], proof[69], t0)); t0 = (fr_mul_add(proof[78], proof[70], t0)); m[16] = (fr_mul_add(proof[79], proof[71], t0)); t0 = (mulmod(proof[67], proof[68], q_mod)); m[16] = (fr_mul_add(proof[80], t0, m[16])); t0 = (mulmod(proof[69], proof[70], q_mod)); m[16] = (fr_mul_add(proof[81], t0, m[16])); t0 = (addmod(1, q_mod - proof[97], q_mod)); m[17] = (mulmod(m[14], t0, q_mod)); t0 = (mulmod(proof[100], proof[100], q_mod)); t0 = (addmod(t0, q_mod - proof[100], q_mod)); m[18] = (mulmod(m[20], t0, q_mod)); t0 = (addmod(proof[100], q_mod - proof[99], q_mod)); m[19] = (mulmod(t0, m[14], q_mod)); m[21] = (mulmod(m[3], m[6], q_mod)); t0 = (addmod(m[20], m[15], q_mod)); m[15] = (addmod(1, q_mod - t0, q_mod)); m[22] = (addmod(proof[67], m[4], q_mod)); t0 = (fr_mul_add(proof[91], m[3], m[22])); m[23] = (mulmod(t0, proof[98], q_mod)); t0 = (addmod(m[22], m[21], q_mod)); m[22] = (mulmod(t0, proof[97], q_mod)); m[24] = ( mulmod( 4131629893567559867359510883348571134090853742863529169391034518566172092834, m[21], q_mod ) ); m[25] = (addmod(proof[68], m[4], q_mod)); t0 = (fr_mul_add(proof[92], m[3], m[25])); m[23] = (mulmod(t0, m[23], q_mod)); t0 = (addmod(m[25], m[24], q_mod)); m[22] = (mulmod(t0, m[22], q_mod)); m[24] = ( mulmod( 4131629893567559867359510883348571134090853742863529169391034518566172092834, m[24], q_mod ) ); m[25] = (addmod(proof[69], m[4], q_mod)); t0 = (fr_mul_add(proof[93], m[3], m[25])); m[23] = (mulmod(t0, m[23], q_mod)); t0 = (addmod(m[25], m[24], q_mod)); m[22] = (mulmod(t0, m[22], q_mod)); m[24] = ( mulmod( 4131629893567559867359510883348571134090853742863529169391034518566172092834, m[24], q_mod ) ); t0 = (addmod(m[23], q_mod - m[22], q_mod)); m[22] = (mulmod(t0, m[15], q_mod)); m[21] = ( mulmod( m[21], 11166246659983828508719468090013646171463329086121580628794302409516816350802, q_mod ) ); m[23] = (addmod(proof[70], m[4], q_mod)); t0 = (fr_mul_add(proof[94], m[3], m[23])); m[24] = (mulmod(t0, proof[101], q_mod)); t0 = (addmod(m[23], m[21], q_mod)); m[23] = (mulmod(t0, proof[100], q_mod)); m[21] = ( mulmod( 4131629893567559867359510883348571134090853742863529169391034518566172092834, m[21], q_mod ) ); m[25] = (addmod(proof[71], m[4], q_mod)); t0 = (fr_mul_add(proof[95], m[3], m[25])); m[24] = (mulmod(t0, m[24], q_mod)); t0 = (addmod(m[25], m[21], q_mod)); m[23] = (mulmod(t0, m[23], q_mod)); m[21] = ( mulmod( 4131629893567559867359510883348571134090853742863529169391034518566172092834, m[21], q_mod ) ); m[25] = (addmod(proof[66], m[4], q_mod)); t0 = (fr_mul_add(proof[96], m[3], m[25])); m[24] = (mulmod(t0, m[24], q_mod)); t0 = (addmod(m[25], m[21], q_mod)); m[23] = (mulmod(t0, m[23], q_mod)); m[21] = ( mulmod( 4131629893567559867359510883348571134090853742863529169391034518566172092834, m[21], q_mod ) ); t0 = (addmod(m[24], q_mod - m[23], q_mod)); m[21] = (mulmod(t0, m[15], q_mod)); t0 = (addmod(proof[104], m[3], q_mod)); m[23] = (mulmod(proof[103], t0, q_mod)); t0 = (addmod(proof[106], m[4], q_mod)); m[23] = (mulmod(m[23], t0, q_mod)); m[24] = (mulmod(proof[67], proof[82], q_mod)); m[2] = (mulmod(0, m[2], q_mod)); m[24] = (addmod(m[2], m[24], q_mod)); m[25] = (addmod(m[2], proof[83], q_mod)); m[26] = (addmod(proof[104], q_mod - proof[106], q_mod)); t0 = (addmod(1, q_mod - proof[102], q_mod)); m[27] = (mulmod(m[14], t0, q_mod)); t0 = (mulmod(proof[102], proof[102], q_mod)); t0 = (addmod(t0, q_mod - proof[102], q_mod)); m[28] = (mulmod(m[20], t0, q_mod)); t0 = (addmod(m[24], m[3], q_mod)); m[24] = (mulmod(proof[102], t0, q_mod)); m[25] = (addmod(m[25], m[4], q_mod)); t0 = (mulmod(m[24], m[25], q_mod)); t0 = (addmod(m[23], q_mod - t0, q_mod)); m[23] = (mulmod(t0, m[15], q_mod)); m[24] = (mulmod(m[14], m[26], q_mod)); t0 = (addmod(proof[104], q_mod - proof[105], q_mod)); t0 = (mulmod(m[26], t0, q_mod)); m[26] = (mulmod(t0, m[15], q_mod)); t0 = (addmod(proof[109], m[3], q_mod)); m[29] = (mulmod(proof[108], t0, q_mod)); t0 = (addmod(proof[111], m[4], q_mod)); m[29] = (mulmod(m[29], t0, q_mod)); m[30] = (fr_mul_add(proof[82], proof[68], m[2])); m[31] = (addmod(proof[109], q_mod - proof[111], q_mod)); t0 = (addmod(1, q_mod - proof[107], q_mod)); m[32] = (mulmod(m[14], t0, q_mod)); t0 = (mulmod(proof[107], proof[107], q_mod)); t0 = (addmod(t0, q_mod - proof[107], q_mod)); m[33] = (mulmod(m[20], t0, q_mod)); t0 = (addmod(m[30], m[3], q_mod)); t0 = (mulmod(proof[107], t0, q_mod)); t0 = (mulmod(t0, m[25], q_mod)); t0 = (addmod(m[29], q_mod - t0, q_mod)); m[29] = (mulmod(t0, m[15], q_mod)); m[30] = (mulmod(m[14], m[31], q_mod)); t0 = (addmod(proof[109], q_mod - proof[110], q_mod)); t0 = (mulmod(m[31], t0, q_mod)); m[31] = (mulmod(t0, m[15], q_mod)); t0 = (addmod(proof[114], m[3], q_mod)); m[34] = (mulmod(proof[113], t0, q_mod)); t0 = (addmod(proof[116], m[4], q_mod)); m[34] = (mulmod(m[34], t0, q_mod)); m[35] = (fr_mul_add(proof[82], proof[69], m[2])); m[36] = (addmod(proof[114], q_mod - proof[116], q_mod)); t0 = (addmod(1, q_mod - proof[112], q_mod)); m[37] = (mulmod(m[14], t0, q_mod)); t0 = (mulmod(proof[112], proof[112], q_mod)); t0 = (addmod(t0, q_mod - proof[112], q_mod)); m[38] = (mulmod(m[20], t0, q_mod)); t0 = (addmod(m[35], m[3], q_mod)); t0 = (mulmod(proof[112], t0, q_mod)); t0 = (mulmod(t0, m[25], q_mod)); t0 = (addmod(m[34], q_mod - t0, q_mod)); m[34] = (mulmod(t0, m[15], q_mod)); m[35] = (mulmod(m[14], m[36], q_mod)); t0 = (addmod(proof[114], q_mod - proof[115], q_mod)); t0 = (mulmod(m[36], t0, q_mod)); m[36] = (mulmod(t0, m[15], q_mod)); t0 = (addmod(proof[119], m[3], q_mod)); m[39] = (mulmod(proof[118], t0, q_mod)); t0 = (addmod(proof[121], m[4], q_mod)); m[39] = (mulmod(m[39], t0, q_mod)); m[40] = (fr_mul_add(proof[82], proof[70], m[2])); m[41] = (addmod(proof[119], q_mod - proof[121], q_mod)); t0 = (addmod(1, q_mod - proof[117], q_mod)); m[42] = (mulmod(m[14], t0, q_mod)); t0 = (mulmod(proof[117], proof[117], q_mod)); t0 = (addmod(t0, q_mod - proof[117], q_mod)); m[43] = (mulmod(m[20], t0, q_mod)); t0 = (addmod(m[40], m[3], q_mod)); t0 = (mulmod(proof[117], t0, q_mod)); t0 = (mulmod(t0, m[25], q_mod)); t0 = (addmod(m[39], q_mod - t0, q_mod)); m[25] = (mulmod(t0, m[15], q_mod)); m[39] = (mulmod(m[14], m[41], q_mod)); t0 = (addmod(proof[119], q_mod - proof[120], q_mod)); t0 = (mulmod(m[41], t0, q_mod)); m[40] = (mulmod(t0, m[15], q_mod)); t0 = (addmod(proof[124], m[3], q_mod)); m[41] = (mulmod(proof[123], t0, q_mod)); t0 = (addmod(proof[126], m[4], q_mod)); m[41] = (mulmod(m[41], t0, q_mod)); m[44] = (fr_mul_add(proof[84], proof[67], m[2])); m[45] = (addmod(m[2], proof[85], q_mod)); m[46] = (addmod(proof[124], q_mod - proof[126], q_mod)); t0 = (addmod(1, q_mod - proof[122], q_mod)); m[47] = (mulmod(m[14], t0, q_mod)); t0 = (mulmod(proof[122], proof[122], q_mod)); t0 = (addmod(t0, q_mod - proof[122], q_mod)); m[48] = (mulmod(m[20], t0, q_mod)); t0 = (addmod(m[44], m[3], q_mod)); m[44] = (mulmod(proof[122], t0, q_mod)); t0 = (addmod(m[45], m[4], q_mod)); t0 = (mulmod(m[44], t0, q_mod)); t0 = (addmod(m[41], q_mod - t0, q_mod)); m[41] = (mulmod(t0, m[15], q_mod)); m[44] = (mulmod(m[14], m[46], q_mod)); t0 = (addmod(proof[124], q_mod - proof[125], q_mod)); t0 = (mulmod(m[46], t0, q_mod)); m[45] = (mulmod(t0, m[15], q_mod)); t0 = (addmod(proof[129], m[3], q_mod)); m[46] = (mulmod(proof[128], t0, q_mod)); t0 = (addmod(proof[131], m[4], q_mod)); m[46] = (mulmod(m[46], t0, q_mod)); m[49] = (fr_mul_add(proof[86], proof[67], m[2])); m[50] = (addmod(m[2], proof[87], q_mod)); m[51] = (addmod(proof[129], q_mod - proof[131], q_mod)); t0 = (addmod(1, q_mod - proof[127], q_mod)); m[52] = (mulmod(m[14], t0, q_mod)); t0 = (mulmod(proof[127], proof[127], q_mod)); t0 = (addmod(t0, q_mod - proof[127], q_mod)); m[53] = (mulmod(m[20], t0, q_mod)); t0 = (addmod(m[49], m[3], q_mod)); m[49] = (mulmod(proof[127], t0, q_mod)); t0 = (addmod(m[50], m[4], q_mod)); t0 = (mulmod(m[49], t0, q_mod)); t0 = (addmod(m[46], q_mod - t0, q_mod)); m[46] = (mulmod(t0, m[15], q_mod)); m[49] = (mulmod(m[14], m[51], q_mod)); t0 = (addmod(proof[129], q_mod - proof[130], q_mod)); t0 = (mulmod(m[51], t0, q_mod)); m[50] = (mulmod(t0, m[15], q_mod)); t0 = (addmod(proof[134], m[3], q_mod)); m[51] = (mulmod(proof[133], t0, q_mod)); t0 = (addmod(proof[136], m[4], q_mod)); m[51] = (mulmod(m[51], t0, q_mod)); m[54] = (fr_mul_add(proof[88], proof[67], m[2])); m[2] = (addmod(m[2], proof[89], q_mod)); m[55] = (addmod(proof[134], q_mod - proof[136], q_mod)); t0 = (addmod(1, q_mod - proof[132], q_mod)); m[56] = (mulmod(m[14], t0, q_mod)); t0 = (mulmod(proof[132], proof[132], q_mod)); t0 = (addmod(t0, q_mod - proof[132], q_mod)); m[20] = (mulmod(m[20], t0, q_mod)); t0 = (addmod(m[54], m[3], q_mod)); m[3] = (mulmod(proof[132], t0, q_mod)); t0 = (addmod(m[2], m[4], q_mod)); t0 = (mulmod(m[3], t0, q_mod)); t0 = (addmod(m[51], q_mod - t0, q_mod)); m[2] = (mulmod(t0, m[15], q_mod)); m[3] = (mulmod(m[14], m[55], q_mod)); t0 = (addmod(proof[134], q_mod - proof[135], q_mod)); t0 = (mulmod(m[55], t0, q_mod)); m[4] = (mulmod(t0, m[15], q_mod)); t0 = (fr_mul_add(m[5], 0, m[16])); t0 = ( fr_mul_add_mt( m, m[5], 24064768791442479290152634096194013545513974547709823832001394403118888981009, t0 ) ); t0 = (fr_mul_add_mt(m, m[5], 4704208815882882920750, t0)); m[2] = (fr_div(t0, m[13])); m[3] = (mulmod(m[8], m[8], q_mod)); m[4] = (mulmod(m[3], m[8], q_mod)); (t0, t1) = (ecc_mul(proof[143], proof[144], m[4])); (t0, t1) = (ecc_mul_add_pm(m, proof, 281470825071501, t0, t1)); (m[14], m[15]) = (ecc_add(t0, t1, proof[137], proof[138])); m[5] = (mulmod(m[4], m[11], q_mod)); m[11] = (mulmod(m[4], m[7], q_mod)); m[13] = (mulmod(m[11], m[7], q_mod)); m[16] = (mulmod(m[13], m[7], q_mod)); m[17] = (mulmod(m[16], m[7], q_mod)); m[18] = (mulmod(m[17], m[7], q_mod)); m[19] = (mulmod(m[18], m[7], q_mod)); t0 = (mulmod(m[19], proof[135], q_mod)); t0 = (fr_mul_add_pm(m, proof, 79227007564587019091207590530, t0)); m[20] = (fr_mul_add(proof[105], m[4], t0)); m[10] = (mulmod(m[3], m[10], q_mod)); m[20] = (fr_mul_add(proof[99], m[3], m[20])); m[9] = (mulmod(m[8], m[9], q_mod)); m[21] = (mulmod(m[8], m[7], q_mod)); for (t0 = 0; t0 < 8; t0++) { m[22 + t0 * 1] = (mulmod(m[21 + t0 * 1], m[7 + t0 * 0], q_mod)); } t0 = (mulmod(m[29], proof[133], q_mod)); t0 = (fr_mul_add_pm(m, proof, 1461480058012745347196003969984389955172320353408, t0)); m[20] = (addmod(m[20], t0, q_mod)); m[3] = (addmod(m[3], m[21], q_mod)); m[21] = (mulmod(m[7], m[7], q_mod)); m[30] = (mulmod(m[21], m[7], q_mod)); for (t0 = 0; t0 < 50; t0++) { m[31 + t0 * 1] = (mulmod(m[30 + t0 * 1], m[7 + t0 * 0], q_mod)); } m[81] = (mulmod(m[80], proof[90], q_mod)); m[82] = (mulmod(m[79], m[12], q_mod)); m[83] = (mulmod(m[82], m[12], q_mod)); m[12] = (mulmod(m[83], m[12], q_mod)); t0 = (fr_mul_add(m[79], m[2], m[81])); t0 = ( fr_mul_add_pm( m, proof, 28637501128329066231612878461967933875285131620580756137874852300330784214624, t0 ) ); t0 = ( fr_mul_add_pm( m, proof, 21474593857386732646168474467085622855647258609351047587832868301163767676495, t0 ) ); t0 = ( fr_mul_add_pm( m, proof, 14145600374170319983429588659751245017860232382696106927048396310641433325177, t0 ) ); t0 = (fr_mul_add_pm(m, proof, 18446470583433829957, t0)); t0 = (addmod(t0, proof[66], q_mod)); m[2] = (addmod(m[20], t0, q_mod)); m[19] = (addmod(m[19], m[54], q_mod)); m[20] = (addmod(m[29], m[53], q_mod)); m[18] = (addmod(m[18], m[51], q_mod)); m[28] = (addmod(m[28], m[50], q_mod)); m[17] = (addmod(m[17], m[48], q_mod)); m[27] = (addmod(m[27], m[47], q_mod)); m[16] = (addmod(m[16], m[45], q_mod)); m[26] = (addmod(m[26], m[44], q_mod)); m[13] = (addmod(m[13], m[42], q_mod)); m[25] = (addmod(m[25], m[41], q_mod)); m[11] = (addmod(m[11], m[39], q_mod)); m[24] = (addmod(m[24], m[38], q_mod)); m[4] = (addmod(m[4], m[36], q_mod)); m[23] = (addmod(m[23], m[35], q_mod)); m[22] = (addmod(m[22], m[34], q_mod)); m[3] = (addmod(m[3], m[33], q_mod)); m[8] = (addmod(m[8], m[32], q_mod)); (t0, t1) = (ecc_mul(proof[143], proof[144], m[5])); (t0, t1) = ( ecc_mul_add_pm( m, proof, 10933423423422768024429730621579321771439401845242250760130969989159573132066, t0, t1 ) ); (t0, t1) = ( ecc_mul_add_pm(m, proof, 1461486238301980199876269201563775120819706402602, t0, t1) ); (t0, t1) = ( ecc_mul_add( 5631304900279594708207577329069240426704954596482218502768352363602244010198, 3522708784500173063141023483902975800044899953785444835727269387293279274164, m[78], t0, t1 ) ); (t0, t1) = ( ecc_mul_add( 21802187684970109241607258147370295120854869223732255251756328570807304721847, 15237269163633931881258174620167924568373193514011004489179865433808206919535, m[77], t0, t1 ) ); (t0, t1) = ( ecc_mul_add( 7015312950853575733378202381101181138419420484691827111888836883656445873540, 13214451818073201746109373586139435072784087878230873580637116067409833253869, m[76], t0, t1 ) ); (t0, t1) = ( ecc_mul_add( 8875290982126581117169476014762185676959503094457222757180266633231098422655, 16658612061027315784709714701528999953885073192696800907733882175438727280488, m[75], t0, t1 ) ); (t0, t1) = ( ecc_mul_add( 14303253065828884214244962411774594394939730558481746554884501972871650777281, 20280172603254715089032054569666991389693871275337876447609795617260462684999, m[74], t0, t1 ) ); (t0, t1) = ( ecc_mul_add( 16422035665163677723702082823482432069720607684573585210415303920246506093315, 9793393098370529162991829973981347609939343033011950481395336563485709277554, m[73], t0, t1 ) ); (t0, t1) = ( ecc_mul_add( 19886509832083393598366465489701294384803664485460545523068306491024326504725, 3485984208124097149766319408505384162933092797198027169851040569744728509599, m[72], t0, t1 ) ); (t0, t1) = ( ecc_mul_add( 14568079492644817047677751551427098532431019595548498261375782030524138591067, 12502254616746968379936814454120981559238220208108783117821668421140888091912, m[71], t0, t1 ) ); (t0, t1) = ( ecc_mul_add( 17108853774466418779129374196319580280286578385405087585516556746536875115907, 19908760740801913322265695807368645417588084579607860033571444712857010186774, m[70], t0, t1 ) ); (t0, t1) = ( ecc_mul_add( 11691934824011527864744948250740538231773442820806051689004692986799416351463, 9666173287714138315600426908471006007081642390484687282425779441148942857178, m[69], t0, t1 ) ); (t0, t1) = ( ecc_mul_add( 19886509832083393598366465489701294384803664485460545523068306491024326504725, 3485984208124097149766319408505384162933092797198027169851040569744728509599, m[68], t0, t1 ) ); (t0, t1) = ( ecc_mul_add( 11404399605615092634676309725185307113649537305429435628605347712175932434590, 9922502566003738014881652170048397944295358276657521480420733572890676943869, m[67], t0, t1 ) ); (t0, t1) = ( ecc_mul_add( 21627166622184628562834675422084345034193467320009306763329316593023720936150, 2103102746100002335801212537254725041663108226492711350135413308275232360031, m[66], t0, t1 ) ); (t0, t1) = ( ecc_mul_add( 568462146324925334364777509199672146609025097965130219337894326417364148474, 9456720619750743439311951382388531487714800707396750882568165460640095082680, m[65], t0, t1 ) ); (t0, t1) = ( ecc_mul_add( 21099324456940388227241377016313463517927803983676171781194388707018806062914, 10584022555470528248553696389724318513725952278467058058413941607304873249933, m[64], t0, t1 ) ); (t0, t1) = ( ecc_mul_add( 8774533147672308325501456546754510530790571592717557081974138688131655464225, 4096202454427384571014982526038961216623335062582321937980880210743353116961, m[63], t0, t1 ) ); (t0, t1) = ( ecc_mul_add( 9146027543241505750404485909691156685716025315398864559563663480915468386646, 11319433823656605429226268420832981572537028778988368091983653592806568615385, m[62], t0, t1 ) ); (t0, t1) = ( ecc_mul_add( 18056938584379853827159803002321761943878530650811253236400635790684113168538, 20652554130222350781815293545352317626279032395744759345425764490019681709811, m[61], t0, t1 ) ); (t0, t1) = ( ecc_mul_add( 9300598433087894486351617302854566119493030210672820277878405455719667853156, 18918648064031626393135000647897848703191870898299288846506432677047666356245, m[60], t0, t1 ) ); (t0, t1) = ( ecc_mul_add( 13121094361229530562876703845037556024850884742094426137011404517198546098525, 5930172537651686544351746601150315597423637135299507288242652701476729181813, m[59], t0, t1 ) ); (t0, t1) = ( ecc_mul_add( 4708706208794466628682087247497451067863475998313450030914472901274160722864, 7969186399956530399844662649330402127389596934829186492004088041920259891200, m[58], t0, t1 ) ); (t0, t1) = ( ecc_mul_add( 11222474342246472762342984653360997340158616377674469557576288428879498390755, 6564479924915349288368971464378961986642703162010246756611090316728014770982, m[57], t0, t1 ) ); (t0, t1) = (ecc_mul_add(M_56_PX_VALUE, M_56_PY_VALUE, m[56], t0, t1)); (t0, t1) = ( ecc_mul_add_pm( m, proof, 6277008573546246765208814532330797927747086570010716419876, t0, t1 ) ); (m[0], m[1]) = (ecc_add(t0, t1, m[0], m[1])); (t0, t1) = (ecc_mul(1, 2, m[2])); (m[0], m[1]) = (ecc_sub(m[0], m[1], t0, t1)); return (m[14], m[15], m[0], m[1]); } function verify( uint256[] calldata proof, uint256[] calldata target_circuit_final_pair, bytes32 publicInputHash ) public view returns (bool) { uint256[6] memory instances; instances[0] = target_circuit_final_pair[0] & ((1 << 136) - 1); instances[1] = (target_circuit_final_pair[0] >> 136) + ((target_circuit_final_pair[1] & 1) << 136); instances[2] = target_circuit_final_pair[2] & ((1 << 136) - 1); instances[3] = (target_circuit_final_pair[2] >> 136) + ((target_circuit_final_pair[3] & 1) << 136); instances[4] = uint256(publicInputHash) >> (8 * 16); instances[5] = uint256(publicInputHash) & uint256(2**128 - 1); uint256 x0 = 0; uint256 x1 = 0; uint256 y0 = 0; uint256 y1 = 0; G1Point[] memory g1_points = new G1Point[](2); G2Point[] memory g2_points = new G2Point[](2); (x0, y0, x1, y1) = get_wx_wg(proof, instances); g1_points[0].x = x0; g1_points[0].y = y0; g1_points[1].x = x1; g1_points[1].y = y1; g2_points[0] = get_verify_circuit_g2_s(); g2_points[1] = get_verify_circuit_g2_n(); if (!pairing(g1_points, g2_points)) { return false; } g1_points[0].x = target_circuit_final_pair[0]; g1_points[0].y = target_circuit_final_pair[1]; g1_points[1].x = target_circuit_final_pair[2]; g1_points[1].y = target_circuit_final_pair[3]; g2_points[0] = get_target_circuit_g2_s(); g2_points[1] = get_target_circuit_g2_n(); if (!pairing(g1_points, g2_points)) { return false; } return true; } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.9.0) (governance/utils/IVotes.sol) pragma solidity ^0.8.0; /** * @dev Common interface for {ERC20Votes}, {ERC721Votes}, and other {Votes}-enabled contracts. * * _Available since v4.5._ */ interface IVotesUpgradeable { /** * @dev Emitted when an account changes their delegate. */ event DelegateChanged(address indexed delegator, address indexed fromDelegate, address indexed toDelegate); /** * @dev Emitted when a token transfer or delegate change results in changes to a delegate's number of votes. */ event DelegateVotesChanged(address indexed delegate, uint256 previousBalance, uint256 newBalance); /** * @dev Returns the current amount of votes that `account` has. */ function getVotes(address account) external view returns (uint256); /** * @dev Returns the amount of votes that `account` had at a specific moment in the past. If the `clock()` is * configured to use block numbers, this will return the value at the end of the corresponding block. */ function getPastVotes(address account, uint256 timepoint) external view returns (uint256); /** * @dev Returns the total supply of votes available at a specific moment in the past. If the `clock()` is * configured to use block numbers, this will return the value at the end of the corresponding block. * * NOTE: This value is the sum of all available votes, which is not necessarily the sum of all delegated votes. * Votes that have not been delegated are still part of total supply, even though they would not participate in a * vote. */ function getPastTotalSupply(uint256 timepoint) external view returns (uint256); /** * @dev Returns the delegate that `account` has chosen. */ function delegates(address account) external view returns (address); /** * @dev Delegates votes from the sender to `delegatee`. */ function delegate(address delegatee) external; /** * @dev Delegates votes from signer to `delegatee`. */ function delegateBySig(address delegatee, uint256 nonce, uint256 expiry, uint8 v, bytes32 r, bytes32 s) external; }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.9.0) (interfaces/IERC6372.sol) pragma solidity ^0.8.0; interface IERC6372Upgradeable { /** * @dev Clock used for flagging checkpoints. Can be overridden to implement timestamp based checkpoints (and voting). */ function clock() external view returns (uint48); /** * @dev Description of the clock */ // solhint-disable-next-line func-name-mixedcase function CLOCK_MODE() external view returns (string memory); }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.9.0) (proxy/utils/Initializable.sol) pragma solidity ^0.8.2; import "../../utils/AddressUpgradeable.sol"; /** * @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed * behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an * external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer * function so it can only be called once. The {initializer} modifier provided by this contract will have this effect. * * The initialization functions use a version number. Once a version number is used, it is consumed and cannot be * reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in * case an upgrade adds a module that needs to be initialized. * * For example: * * [.hljs-theme-light.nopadding] * ```solidity * contract MyToken is ERC20Upgradeable { * function initialize() initializer public { * __ERC20_init("MyToken", "MTK"); * } * } * * contract MyTokenV2 is MyToken, ERC20PermitUpgradeable { * function initializeV2() reinitializer(2) public { * __ERC20Permit_init("MyToken"); * } * } * ``` * * TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as * possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}. * * CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure * that all initializers are idempotent. This is not verified automatically as constructors are by Solidity. * * [CAUTION] * ==== * Avoid leaving a contract uninitialized. * * An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation * contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke * the {_disableInitializers} function in the constructor to automatically lock it when it is deployed: * * [.hljs-theme-light.nopadding] * ``` * /// @custom:oz-upgrades-unsafe-allow constructor * constructor() { * _disableInitializers(); * } * ``` * ==== */ abstract contract Initializable { /** * @dev Indicates that the contract has been initialized. * @custom:oz-retyped-from bool */ uint8 private _initialized; /** * @dev Indicates that the contract is in the process of being initialized. */ bool private _initializing; /** * @dev Triggered when the contract has been initialized or reinitialized. */ event Initialized(uint8 version); /** * @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope, * `onlyInitializing` functions can be used to initialize parent contracts. * * Similar to `reinitializer(1)`, except that functions marked with `initializer` can be nested in the context of a * constructor. * * Emits an {Initialized} event. */ modifier initializer() { bool isTopLevelCall = !_initializing; require( (isTopLevelCall && _initialized < 1) || (!AddressUpgradeable.isContract(address(this)) && _initialized == 1), "Initializable: contract is already initialized" ); _initialized = 1; if (isTopLevelCall) { _initializing = true; } _; if (isTopLevelCall) { _initializing = false; emit Initialized(1); } } /** * @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the * contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be * used to initialize parent contracts. * * A reinitializer may be used after the original initialization step. This is essential to configure modules that * are added through upgrades and that require initialization. * * When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer` * cannot be nested. If one is invoked in the context of another, execution will revert. * * Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in * a contract, executing them in the right order is up to the developer or operator. * * WARNING: setting the version to 255 will prevent any future reinitialization. * * Emits an {Initialized} event. */ modifier reinitializer(uint8 version) { require(!_initializing && _initialized < version, "Initializable: contract is already initialized"); _initialized = version; _initializing = true; _; _initializing = false; emit Initialized(version); } /** * @dev Modifier to protect an initialization function so that it can only be invoked by functions with the * {initializer} and {reinitializer} modifiers, directly or indirectly. */ modifier onlyInitializing() { require(_initializing, "Initializable: contract is not initializing"); _; } /** * @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call. * Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized * to any version. It is recommended to use this to lock implementation contracts that are designed to be called * through proxies. * * Emits an {Initialized} event the first time it is successfully executed. */ function _disableInitializers() internal virtual { require(!_initializing, "Initializable: contract is initializing"); if (_initialized != type(uint8).max) { _initialized = type(uint8).max; emit Initialized(type(uint8).max); } } /** * @dev Returns the highest version that has been initialized. See {reinitializer}. */ function _getInitializedVersion() internal view returns (uint8) { return _initialized; } /** * @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}. */ function _isInitializing() internal view returns (bool) { return _initializing; } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.9.1) (governance/Governor.sol) pragma solidity ^0.8.0; import "../token/ERC721/IERC721ReceiverUpgradeable.sol"; import "../token/ERC1155/IERC1155ReceiverUpgradeable.sol"; import "../utils/cryptography/ECDSAUpgradeable.sol"; import "../utils/cryptography/EIP712Upgradeable.sol"; import "../utils/introspection/ERC165Upgradeable.sol"; import "../utils/math/SafeCastUpgradeable.sol"; import "../utils/structs/DoubleEndedQueueUpgradeable.sol"; import "../utils/AddressUpgradeable.sol"; import "../utils/ContextUpgradeable.sol"; import "./IGovernorUpgradeable.sol"; import "../proxy/utils/Initializable.sol"; /** * @dev Core of the governance system, designed to be extended though various modules. * * This contract is abstract and requires several functions to be implemented in various modules: * * - A counting module must implement {quorum}, {_quorumReached}, {_voteSucceeded} and {_countVote} * - A voting module must implement {_getVotes} * - Additionally, {votingPeriod} must also be implemented * * _Available since v4.3._ */ abstract contract GovernorUpgradeable is Initializable, ContextUpgradeable, ERC165Upgradeable, EIP712Upgradeable, IGovernorUpgradeable, IERC721ReceiverUpgradeable, IERC1155ReceiverUpgradeable { using DoubleEndedQueueUpgradeable for DoubleEndedQueueUpgradeable.Bytes32Deque; bytes32 public constant BALLOT_TYPEHASH = keccak256("Ballot(uint256 proposalId,uint8 support)"); bytes32 public constant EXTENDED_BALLOT_TYPEHASH = keccak256("ExtendedBallot(uint256 proposalId,uint8 support,string reason,bytes params)"); // solhint-disable var-name-mixedcase struct ProposalCore { // --- start retyped from Timers.BlockNumber at offset 0x00 --- uint64 voteStart; address proposer; bytes4 __gap_unused0; // --- start retyped from Timers.BlockNumber at offset 0x20 --- uint64 voteEnd; bytes24 __gap_unused1; // --- Remaining fields starting at offset 0x40 --------------- bool executed; bool canceled; } // solhint-enable var-name-mixedcase string private _name; /// @custom:oz-retyped-from mapping(uint256 => Governor.ProposalCore) mapping(uint256 => ProposalCore) private _proposals; // This queue keeps track of the governor operating on itself. Calls to functions protected by the // {onlyGovernance} modifier needs to be whitelisted in this queue. Whitelisting is set in {_beforeExecute}, // consumed by the {onlyGovernance} modifier and eventually reset in {_afterExecute}. This ensures that the // execution of {onlyGovernance} protected calls can only be achieved through successful proposals. DoubleEndedQueueUpgradeable.Bytes32Deque private _governanceCall; /** * @dev Restricts a function so it can only be executed through governance proposals. For example, governance * parameter setters in {GovernorSettings} are protected using this modifier. * * The governance executing address may be different from the Governor's own address, for example it could be a * timelock. This can be customized by modules by overriding {_executor}. The executor is only able to invoke these * functions during the execution of the governor's {execute} function, and not under any other circumstances. Thus, * for example, additional timelock proposers are not able to change governance parameters without going through the * governance protocol (since v4.6). */ modifier onlyGovernance() { require(_msgSender() == _executor(), "Governor: onlyGovernance"); if (_executor() != address(this)) { bytes32 msgDataHash = keccak256(_msgData()); // loop until popping the expected operation - throw if deque is empty (operation not authorized) while (_governanceCall.popFront() != msgDataHash) {} } _; } /** * @dev Sets the value for {name} and {version} */ function __Governor_init(string memory name_) internal onlyInitializing { __EIP712_init_unchained(name_, version()); __Governor_init_unchained(name_); } function __Governor_init_unchained(string memory name_) internal onlyInitializing { _name = name_; } /** * @dev Function to receive ETH that will be handled by the governor (disabled if executor is a third party contract) */ receive() external payable virtual { require(_executor() == address(this), "Governor: must send to executor"); } /** * @dev See {IERC165-supportsInterface}. */ function supportsInterface(bytes4 interfaceId) public view virtual override(IERC165Upgradeable, ERC165Upgradeable) returns (bool) { bytes4 governorCancelId = this.cancel.selector ^ this.proposalProposer.selector; bytes4 governorParamsId = this.castVoteWithReasonAndParams.selector ^ this.castVoteWithReasonAndParamsBySig.selector ^ this.getVotesWithParams.selector; // The original interface id in v4.3. bytes4 governor43Id = type(IGovernorUpgradeable).interfaceId ^ type(IERC6372Upgradeable).interfaceId ^ governorCancelId ^ governorParamsId; // An updated interface id in v4.6, with params added. bytes4 governor46Id = type(IGovernorUpgradeable).interfaceId ^ type(IERC6372Upgradeable).interfaceId ^ governorCancelId; // For the updated interface id in v4.9, we use governorCancelId directly. return interfaceId == governor43Id || interfaceId == governor46Id || interfaceId == governorCancelId || interfaceId == type(IERC1155ReceiverUpgradeable).interfaceId || super.supportsInterface(interfaceId); } /** * @dev See {IGovernor-name}. */ function name() public view virtual override returns (string memory) { return _name; } /** * @dev See {IGovernor-version}. */ function version() public view virtual override returns (string memory) { return "1"; } /** * @dev See {IGovernor-hashProposal}. * * The proposal id is produced by hashing the ABI encoded `targets` array, the `values` array, the `calldatas` array * and the descriptionHash (bytes32 which itself is the keccak256 hash of the description string). This proposal id * can be produced from the proposal data which is part of the {ProposalCreated} event. It can even be computed in * advance, before the proposal is submitted. * * Note that the chainId and the governor address are not part of the proposal id computation. Consequently, the * same proposal (with same operation and same description) will have the same id if submitted on multiple governors * across multiple networks. This also means that in order to execute the same operation twice (on the same * governor) the proposer will have to change the description in order to avoid proposal id conflicts. */ function hashProposal( address[] memory targets, uint256[] memory values, bytes[] memory calldatas, bytes32 descriptionHash ) public pure virtual override returns (uint256) { return uint256(keccak256(abi.encode(targets, values, calldatas, descriptionHash))); } /** * @dev See {IGovernor-state}. */ function state(uint256 proposalId) public view virtual override returns (ProposalState) { ProposalCore storage proposal = _proposals[proposalId]; if (proposal.executed) { return ProposalState.Executed; } if (proposal.canceled) { return ProposalState.Canceled; } uint256 snapshot = proposalSnapshot(proposalId); if (snapshot == 0) { revert("Governor: unknown proposal id"); } uint256 currentTimepoint = clock(); if (snapshot >= currentTimepoint) { return ProposalState.Pending; } uint256 deadline = proposalDeadline(proposalId); if (deadline >= currentTimepoint) { return ProposalState.Active; } if (_quorumReached(proposalId) && _voteSucceeded(proposalId)) { return ProposalState.Succeeded; } else { return ProposalState.Defeated; } } /** * @dev Part of the Governor Bravo's interface: _"The number of votes required in order for a voter to become a proposer"_. */ function proposalThreshold() public view virtual returns (uint256) { return 0; } /** * @dev See {IGovernor-proposalSnapshot}. */ function proposalSnapshot(uint256 proposalId) public view virtual override returns (uint256) { return _proposals[proposalId].voteStart; } /** * @dev See {IGovernor-proposalDeadline}. */ function proposalDeadline(uint256 proposalId) public view virtual override returns (uint256) { return _proposals[proposalId].voteEnd; } /** * @dev Returns the account that created a given proposal. */ function proposalProposer(uint256 proposalId) public view virtual override returns (address) { return _proposals[proposalId].proposer; } /** * @dev Amount of votes already cast passes the threshold limit. */ function _quorumReached(uint256 proposalId) internal view virtual returns (bool); /** * @dev Is the proposal successful or not. */ function _voteSucceeded(uint256 proposalId) internal view virtual returns (bool); /** * @dev Get the voting weight of `account` at a specific `timepoint`, for a vote as described by `params`. */ function _getVotes(address account, uint256 timepoint, bytes memory params) internal view virtual returns (uint256); /** * @dev Register a vote for `proposalId` by `account` with a given `support`, voting `weight` and voting `params`. * * Note: Support is generic and can represent various things depending on the voting system used. */ function _countVote( uint256 proposalId, address account, uint8 support, uint256 weight, bytes memory params ) internal virtual; /** * @dev Default additional encoded parameters used by castVote methods that don't include them * * Note: Should be overridden by specific implementations to use an appropriate value, the * meaning of the additional params, in the context of that implementation */ function _defaultParams() internal view virtual returns (bytes memory) { return ""; } /** * @dev See {IGovernor-propose}. This function has opt-in frontrunning protection, described in {_isValidDescriptionForProposer}. */ function propose( address[] memory targets, uint256[] memory values, bytes[] memory calldatas, string memory description ) public virtual override returns (uint256) { address proposer = _msgSender(); require(_isValidDescriptionForProposer(proposer, description), "Governor: proposer restricted"); uint256 currentTimepoint = clock(); require( getVotes(proposer, currentTimepoint - 1) >= proposalThreshold(), "Governor: proposer votes below proposal threshold" ); uint256 proposalId = hashProposal(targets, values, calldatas, keccak256(bytes(description))); require(targets.length == values.length, "Governor: invalid proposal length"); require(targets.length == calldatas.length, "Governor: invalid proposal length"); require(targets.length > 0, "Governor: empty proposal"); require(_proposals[proposalId].voteStart == 0, "Governor: proposal already exists"); uint256 snapshot = currentTimepoint + votingDelay(); uint256 deadline = snapshot + votingPeriod(); _proposals[proposalId] = ProposalCore({ proposer: proposer, voteStart: SafeCastUpgradeable.toUint64(snapshot), voteEnd: SafeCastUpgradeable.toUint64(deadline), executed: false, canceled: false, __gap_unused0: 0, __gap_unused1: 0 }); emit ProposalCreated( proposalId, proposer, targets, values, new string[](targets.length), calldatas, snapshot, deadline, description ); return proposalId; } /** * @dev See {IGovernor-execute}. */ function execute( address[] memory targets, uint256[] memory values, bytes[] memory calldatas, bytes32 descriptionHash ) public payable virtual override returns (uint256) { uint256 proposalId = hashProposal(targets, values, calldatas, descriptionHash); ProposalState currentState = state(proposalId); require( currentState == ProposalState.Succeeded || currentState == ProposalState.Queued, "Governor: proposal not successful" ); _proposals[proposalId].executed = true; emit ProposalExecuted(proposalId); _beforeExecute(proposalId, targets, values, calldatas, descriptionHash); _execute(proposalId, targets, values, calldatas, descriptionHash); _afterExecute(proposalId, targets, values, calldatas, descriptionHash); return proposalId; } /** * @dev See {IGovernor-cancel}. */ function cancel( address[] memory targets, uint256[] memory values, bytes[] memory calldatas, bytes32 descriptionHash ) public virtual override returns (uint256) { uint256 proposalId = hashProposal(targets, values, calldatas, descriptionHash); require(state(proposalId) == ProposalState.Pending, "Governor: too late to cancel"); require(_msgSender() == _proposals[proposalId].proposer, "Governor: only proposer can cancel"); return _cancel(targets, values, calldatas, descriptionHash); } /** * @dev Internal execution mechanism. Can be overridden to implement different execution mechanism */ function _execute( uint256 /* proposalId */, address[] memory targets, uint256[] memory values, bytes[] memory calldatas, bytes32 /*descriptionHash*/ ) internal virtual { string memory errorMessage = "Governor: call reverted without message"; for (uint256 i = 0; i < targets.length; ++i) { (bool success, bytes memory returndata) = targets[i].call{value: values[i]}(calldatas[i]); AddressUpgradeable.verifyCallResult(success, returndata, errorMessage); } } /** * @dev Hook before execution is triggered. */ function _beforeExecute( uint256 /* proposalId */, address[] memory targets, uint256[] memory /* values */, bytes[] memory calldatas, bytes32 /*descriptionHash*/ ) internal virtual { if (_executor() != address(this)) { for (uint256 i = 0; i < targets.length; ++i) { if (targets[i] == address(this)) { _governanceCall.pushBack(keccak256(calldatas[i])); } } } } /** * @dev Hook after execution is triggered. */ function _afterExecute( uint256 /* proposalId */, address[] memory /* targets */, uint256[] memory /* values */, bytes[] memory /* calldatas */, bytes32 /*descriptionHash*/ ) internal virtual { if (_executor() != address(this)) { if (!_governanceCall.empty()) { _governanceCall.clear(); } } } /** * @dev Internal cancel mechanism: locks up the proposal timer, preventing it from being re-submitted. Marks it as * canceled to allow distinguishing it from executed proposals. * * Emits a {IGovernor-ProposalCanceled} event. */ function _cancel( address[] memory targets, uint256[] memory values, bytes[] memory calldatas, bytes32 descriptionHash ) internal virtual returns (uint256) { uint256 proposalId = hashProposal(targets, values, calldatas, descriptionHash); ProposalState currentState = state(proposalId); require( currentState != ProposalState.Canceled && currentState != ProposalState.Expired && currentState != ProposalState.Executed, "Governor: proposal not active" ); _proposals[proposalId].canceled = true; emit ProposalCanceled(proposalId); return proposalId; } /** * @dev See {IGovernor-getVotes}. */ function getVotes(address account, uint256 timepoint) public view virtual override returns (uint256) { return _getVotes(account, timepoint, _defaultParams()); } /** * @dev See {IGovernor-getVotesWithParams}. */ function getVotesWithParams( address account, uint256 timepoint, bytes memory params ) public view virtual override returns (uint256) { return _getVotes(account, timepoint, params); } /** * @dev See {IGovernor-castVote}. */ function castVote(uint256 proposalId, uint8 support) public virtual override returns (uint256) { address voter = _msgSender(); return _castVote(proposalId, voter, support, ""); } /** * @dev See {IGovernor-castVoteWithReason}. */ function castVoteWithReason( uint256 proposalId, uint8 support, string calldata reason ) public virtual override returns (uint256) { address voter = _msgSender(); return _castVote(proposalId, voter, support, reason); } /** * @dev See {IGovernor-castVoteWithReasonAndParams}. */ function castVoteWithReasonAndParams( uint256 proposalId, uint8 support, string calldata reason, bytes memory params ) public virtual override returns (uint256) { address voter = _msgSender(); return _castVote(proposalId, voter, support, reason, params); } /** * @dev See {IGovernor-castVoteBySig}. */ function castVoteBySig( uint256 proposalId, uint8 support, uint8 v, bytes32 r, bytes32 s ) public virtual override returns (uint256) { address voter = ECDSAUpgradeable.recover( _hashTypedDataV4(keccak256(abi.encode(BALLOT_TYPEHASH, proposalId, support))), v, r, s ); return _castVote(proposalId, voter, support, ""); } /** * @dev See {IGovernor-castVoteWithReasonAndParamsBySig}. */ function castVoteWithReasonAndParamsBySig( uint256 proposalId, uint8 support, string calldata reason, bytes memory params, uint8 v, bytes32 r, bytes32 s ) public virtual override returns (uint256) { address voter = ECDSAUpgradeable.recover( _hashTypedDataV4( keccak256( abi.encode( EXTENDED_BALLOT_TYPEHASH, proposalId, support, keccak256(bytes(reason)), keccak256(params) ) ) ), v, r, s ); return _castVote(proposalId, voter, support, reason, params); } /** * @dev Internal vote casting mechanism: Check that the vote is pending, that it has not been cast yet, retrieve * voting weight using {IGovernor-getVotes} and call the {_countVote} internal function. Uses the _defaultParams(). * * Emits a {IGovernor-VoteCast} event. */ function _castVote( uint256 proposalId, address account, uint8 support, string memory reason ) internal virtual returns (uint256) { return _castVote(proposalId, account, support, reason, _defaultParams()); } /** * @dev Internal vote casting mechanism: Check that the vote is pending, that it has not been cast yet, retrieve * voting weight using {IGovernor-getVotes} and call the {_countVote} internal function. * * Emits a {IGovernor-VoteCast} event. */ function _castVote( uint256 proposalId, address account, uint8 support, string memory reason, bytes memory params ) internal virtual returns (uint256) { ProposalCore storage proposal = _proposals[proposalId]; require(state(proposalId) == ProposalState.Active, "Governor: vote not currently active"); uint256 weight = _getVotes(account, proposal.voteStart, params); _countVote(proposalId, account, support, weight, params); if (params.length == 0) { emit VoteCast(account, proposalId, support, weight, reason); } else { emit VoteCastWithParams(account, proposalId, support, weight, reason, params); } return weight; } /** * @dev Relays a transaction or function call to an arbitrary target. In cases where the governance executor * is some contract other than the governor itself, like when using a timelock, this function can be invoked * in a governance proposal to recover tokens or Ether that was sent to the governor contract by mistake. * Note that if the executor is simply the governor itself, use of `relay` is redundant. */ function relay(address target, uint256 value, bytes calldata data) external payable virtual onlyGovernance { (bool success, bytes memory returndata) = target.call{value: value}(data); AddressUpgradeable.verifyCallResult(success, returndata, "Governor: relay reverted without message"); } /** * @dev Address through which the governor executes action. Will be overloaded by module that execute actions * through another contract such as a timelock. */ function _executor() internal view virtual returns (address) { return address(this); } /** * @dev See {IERC721Receiver-onERC721Received}. */ function onERC721Received(address, address, uint256, bytes memory) public virtual override returns (bytes4) { return this.onERC721Received.selector; } /** * @dev See {IERC1155Receiver-onERC1155Received}. */ function onERC1155Received( address, address, uint256, uint256, bytes memory ) public virtual override returns (bytes4) { return this.onERC1155Received.selector; } /** * @dev See {IERC1155Receiver-onERC1155BatchReceived}. */ function onERC1155BatchReceived( address, address, uint256[] memory, uint256[] memory, bytes memory ) public virtual override returns (bytes4) { return this.onERC1155BatchReceived.selector; } /** * @dev Check if the proposer is authorized to submit a proposal with the given description. * * If the proposal description ends with `#proposer=0x???`, where `0x???` is an address written as a hex string * (case insensitive), then the submission of this proposal will only be authorized to said address. * * This is used for frontrunning protection. By adding this pattern at the end of their proposal, one can ensure * that no other address can submit the same proposal. An attacker would have to either remove or change that part, * which would result in a different proposal id. * * If the description does not match this pattern, it is unrestricted and anyone can submit it. This includes: * - If the `0x???` part is not a valid hex string. * - If the `0x???` part is a valid hex string, but does not contain exactly 40 hex digits. * - If it ends with the expected suffix followed by newlines or other whitespace. * - If it ends with some other similar suffix, e.g. `#other=abc`. * - If it does not end with any such suffix. */ function _isValidDescriptionForProposer( address proposer, string memory description ) internal view virtual returns (bool) { uint256 len = bytes(description).length; // Length is too short to contain a valid proposer suffix if (len < 52) { return true; } // Extract what would be the `#proposer=0x` marker beginning the suffix bytes12 marker; assembly { // - Start of the string contents in memory = description + 32 // - First character of the marker = len - 52 // - Length of "#proposer=0x0000000000000000000000000000000000000000" = 52 // - We read the memory word starting at the first character of the marker: // - (description + 32) + (len - 52) = description + (len - 20) // - Note: Solidity will ignore anything past the first 12 bytes marker := mload(add(description, sub(len, 20))) } // If the marker is not found, there is no proposer suffix to check if (marker != bytes12("#proposer=0x")) { return true; } // Parse the 40 characters following the marker as uint160 uint160 recovered = 0; for (uint256 i = len - 40; i < len; ++i) { (bool isHex, uint8 value) = _tryHexToUint(bytes(description)[i]); // If any of the characters is not a hex digit, ignore the suffix entirely if (!isHex) { return true; } recovered = (recovered << 4) | value; } return recovered == uint160(proposer); } /** * @dev Try to parse a character from a string as a hex value. Returns `(true, value)` if the char is in * `[0-9a-fA-F]` and `(false, 0)` otherwise. Value is guaranteed to be in the range `0 <= value < 16` */ function _tryHexToUint(bytes1 char) private pure returns (bool, uint8) { uint8 c = uint8(char); unchecked { // Case 0-9 if (47 < c && c < 58) { return (true, c - 48); } // Case A-F else if (64 < c && c < 71) { return (true, c - 55); } // Case a-f else if (96 < c && c < 103) { return (true, c - 87); } // Else: not a hex char else { return (false, 0); } } } /** * @dev This empty reserved space is put in place to allow future versions to add new * variables without shifting down storage in the inheritance chain. * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps */ uint256[46] private __gap; }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.9.0) (governance/extensions/GovernorSettings.sol) pragma solidity ^0.8.0; import "../GovernorUpgradeable.sol"; import "../../proxy/utils/Initializable.sol"; /** * @dev Extension of {Governor} for settings updatable through governance. * * _Available since v4.4._ */ abstract contract GovernorSettingsUpgradeable is Initializable, GovernorUpgradeable { uint256 private _votingDelay; uint256 private _votingPeriod; uint256 private _proposalThreshold; event VotingDelaySet(uint256 oldVotingDelay, uint256 newVotingDelay); event VotingPeriodSet(uint256 oldVotingPeriod, uint256 newVotingPeriod); event ProposalThresholdSet(uint256 oldProposalThreshold, uint256 newProposalThreshold); /** * @dev Initialize the governance parameters. */ function __GovernorSettings_init(uint256 initialVotingDelay, uint256 initialVotingPeriod, uint256 initialProposalThreshold) internal onlyInitializing { __GovernorSettings_init_unchained(initialVotingDelay, initialVotingPeriod, initialProposalThreshold); } function __GovernorSettings_init_unchained(uint256 initialVotingDelay, uint256 initialVotingPeriod, uint256 initialProposalThreshold) internal onlyInitializing { _setVotingDelay(initialVotingDelay); _setVotingPeriod(initialVotingPeriod); _setProposalThreshold(initialProposalThreshold); } /** * @dev See {IGovernor-votingDelay}. */ function votingDelay() public view virtual override returns (uint256) { return _votingDelay; } /** * @dev See {IGovernor-votingPeriod}. */ function votingPeriod() public view virtual override returns (uint256) { return _votingPeriod; } /** * @dev See {Governor-proposalThreshold}. */ function proposalThreshold() public view virtual override returns (uint256) { return _proposalThreshold; } /** * @dev Update the voting delay. This operation can only be performed through a governance proposal. * * Emits a {VotingDelaySet} event. */ function setVotingDelay(uint256 newVotingDelay) public virtual onlyGovernance { _setVotingDelay(newVotingDelay); } /** * @dev Update the voting period. This operation can only be performed through a governance proposal. * * Emits a {VotingPeriodSet} event. */ function setVotingPeriod(uint256 newVotingPeriod) public virtual onlyGovernance { _setVotingPeriod(newVotingPeriod); } /** * @dev Update the proposal threshold. This operation can only be performed through a governance proposal. * * Emits a {ProposalThresholdSet} event. */ function setProposalThreshold(uint256 newProposalThreshold) public virtual onlyGovernance { _setProposalThreshold(newProposalThreshold); } /** * @dev Internal setter for the voting delay. * * Emits a {VotingDelaySet} event. */ function _setVotingDelay(uint256 newVotingDelay) internal virtual { emit VotingDelaySet(_votingDelay, newVotingDelay); _votingDelay = newVotingDelay; } /** * @dev Internal setter for the voting period. * * Emits a {VotingPeriodSet} event. */ function _setVotingPeriod(uint256 newVotingPeriod) internal virtual { // voting period must be at least one block long require(newVotingPeriod > 0, "GovernorSettings: voting period too low"); emit VotingPeriodSet(_votingPeriod, newVotingPeriod); _votingPeriod = newVotingPeriod; } /** * @dev Internal setter for the proposal threshold. * * Emits a {ProposalThresholdSet} event. */ function _setProposalThreshold(uint256 newProposalThreshold) internal virtual { emit ProposalThresholdSet(_proposalThreshold, newProposalThreshold); _proposalThreshold = newProposalThreshold; } /** * @dev This empty reserved space is put in place to allow future versions to add new * variables without shifting down storage in the inheritance chain. * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps */ uint256[47] private __gap; }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.9.0) (governance/extensions/GovernorCountingSimple.sol) pragma solidity ^0.8.0; import "../GovernorUpgradeable.sol"; import "../../proxy/utils/Initializable.sol"; /** * @dev Extension of {Governor} for simple, 3 options, vote counting. * * _Available since v4.3._ */ abstract contract GovernorCountingSimpleUpgradeable is Initializable, GovernorUpgradeable { function __GovernorCountingSimple_init() internal onlyInitializing { } function __GovernorCountingSimple_init_unchained() internal onlyInitializing { } /** * @dev Supported vote types. Matches Governor Bravo ordering. */ enum VoteType { Against, For, Abstain } struct ProposalVote { uint256 againstVotes; uint256 forVotes; uint256 abstainVotes; mapping(address => bool) hasVoted; } mapping(uint256 => ProposalVote) private _proposalVotes; /** * @dev See {IGovernor-COUNTING_MODE}. */ // solhint-disable-next-line func-name-mixedcase function COUNTING_MODE() public pure virtual override returns (string memory) { return "support=bravo&quorum=for,abstain"; } /** * @dev See {IGovernor-hasVoted}. */ function hasVoted(uint256 proposalId, address account) public view virtual override returns (bool) { return _proposalVotes[proposalId].hasVoted[account]; } /** * @dev Accessor to the internal vote counts. */ function proposalVotes( uint256 proposalId ) public view virtual returns (uint256 againstVotes, uint256 forVotes, uint256 abstainVotes) { ProposalVote storage proposalVote = _proposalVotes[proposalId]; return (proposalVote.againstVotes, proposalVote.forVotes, proposalVote.abstainVotes); } /** * @dev See {Governor-_quorumReached}. */ function _quorumReached(uint256 proposalId) internal view virtual override returns (bool) { ProposalVote storage proposalVote = _proposalVotes[proposalId]; return quorum(proposalSnapshot(proposalId)) <= proposalVote.forVotes + proposalVote.abstainVotes; } /** * @dev See {Governor-_voteSucceeded}. In this module, the forVotes must be strictly over the againstVotes. */ function _voteSucceeded(uint256 proposalId) internal view virtual override returns (bool) { ProposalVote storage proposalVote = _proposalVotes[proposalId]; return proposalVote.forVotes > proposalVote.againstVotes; } /** * @dev See {Governor-_countVote}. In this module, the support follows the `VoteType` enum (from Governor Bravo). */ function _countVote( uint256 proposalId, address account, uint8 support, uint256 weight, bytes memory // params ) internal virtual override { ProposalVote storage proposalVote = _proposalVotes[proposalId]; require(!proposalVote.hasVoted[account], "GovernorVotingSimple: vote already cast"); proposalVote.hasVoted[account] = true; if (support == uint8(VoteType.Against)) { proposalVote.againstVotes += weight; } else if (support == uint8(VoteType.For)) { proposalVote.forVotes += weight; } else if (support == uint8(VoteType.Abstain)) { proposalVote.abstainVotes += weight; } else { revert("GovernorVotingSimple: invalid value for enum VoteType"); } } /** * @dev This empty reserved space is put in place to allow future versions to add new * variables without shifting down storage in the inheritance chain. * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps */ uint256[49] private __gap; }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.9.0) (governance/extensions/GovernorVotes.sol) pragma solidity ^0.8.0; import "../GovernorUpgradeable.sol"; import "../../interfaces/IERC5805Upgradeable.sol"; import "../../proxy/utils/Initializable.sol"; /** * @dev Extension of {Governor} for voting weight extraction from an {ERC20Votes} token, or since v4.5 an {ERC721Votes} token. * * _Available since v4.3._ * * @custom:storage-size 51 */ abstract contract GovernorVotesUpgradeable is Initializable, GovernorUpgradeable { IERC5805Upgradeable public token; function __GovernorVotes_init(IVotesUpgradeable tokenAddress) internal onlyInitializing { __GovernorVotes_init_unchained(tokenAddress); } function __GovernorVotes_init_unchained(IVotesUpgradeable tokenAddress) internal onlyInitializing { token = IERC5805Upgradeable(address(tokenAddress)); } /** * @dev Clock (as specified in EIP-6372) is set to match the token's clock. Fallback to block numbers if the token * does not implement EIP-6372. */ function clock() public view virtual override returns (uint48) { try token.clock() returns (uint48 timepoint) { return timepoint; } catch { return SafeCastUpgradeable.toUint48(block.number); } } /** * @dev Machine-readable description of the clock as specified in EIP-6372. */ // solhint-disable-next-line func-name-mixedcase function CLOCK_MODE() public view virtual override returns (string memory) { try token.CLOCK_MODE() returns (string memory clockmode) { return clockmode; } catch { return "mode=blocknumber&from=default"; } } /** * Read the voting weight from the token's built in snapshot mechanism (see {Governor-_getVotes}). */ function _getVotes( address account, uint256 timepoint, bytes memory /*params*/ ) internal view virtual override returns (uint256) { return token.getPastVotes(account, timepoint); } /** * @dev This empty reserved space is put in place to allow future versions to add new * variables without shifting down storage in the inheritance chain. * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps */ uint256[50] private __gap; }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.9.0) (governance/extensions/GovernorVotesQuorumFraction.sol) pragma solidity ^0.8.0; import "./GovernorVotesUpgradeable.sol"; import "../../utils/CheckpointsUpgradeable.sol"; import "../../utils/math/SafeCastUpgradeable.sol"; import "../../proxy/utils/Initializable.sol"; /** * @dev Extension of {Governor} for voting weight extraction from an {ERC20Votes} token and a quorum expressed as a * fraction of the total supply. * * _Available since v4.3._ */ abstract contract GovernorVotesQuorumFractionUpgradeable is Initializable, GovernorVotesUpgradeable { using CheckpointsUpgradeable for CheckpointsUpgradeable.Trace224; uint256 private _quorumNumerator; // DEPRECATED in favor of _quorumNumeratorHistory /// @custom:oz-retyped-from Checkpoints.History CheckpointsUpgradeable.Trace224 private _quorumNumeratorHistory; event QuorumNumeratorUpdated(uint256 oldQuorumNumerator, uint256 newQuorumNumerator); /** * @dev Initialize quorum as a fraction of the token's total supply. * * The fraction is specified as `numerator / denominator`. By default the denominator is 100, so quorum is * specified as a percent: a numerator of 10 corresponds to quorum being 10% of total supply. The denominator can be * customized by overriding {quorumDenominator}. */ function __GovernorVotesQuorumFraction_init(uint256 quorumNumeratorValue) internal onlyInitializing { __GovernorVotesQuorumFraction_init_unchained(quorumNumeratorValue); } function __GovernorVotesQuorumFraction_init_unchained(uint256 quorumNumeratorValue) internal onlyInitializing { _updateQuorumNumerator(quorumNumeratorValue); } /** * @dev Returns the current quorum numerator. See {quorumDenominator}. */ function quorumNumerator() public view virtual returns (uint256) { return _quorumNumeratorHistory._checkpoints.length == 0 ? _quorumNumerator : _quorumNumeratorHistory.latest(); } /** * @dev Returns the quorum numerator at a specific timepoint. See {quorumDenominator}. */ function quorumNumerator(uint256 timepoint) public view virtual returns (uint256) { // If history is empty, fallback to old storage uint256 length = _quorumNumeratorHistory._checkpoints.length; if (length == 0) { return _quorumNumerator; } // Optimistic search, check the latest checkpoint CheckpointsUpgradeable.Checkpoint224 memory latest = _quorumNumeratorHistory._checkpoints[length - 1]; if (latest._key <= timepoint) { return latest._value; } // Otherwise, do the binary search return _quorumNumeratorHistory.upperLookupRecent(SafeCastUpgradeable.toUint32(timepoint)); } /** * @dev Returns the quorum denominator. Defaults to 100, but may be overridden. */ function quorumDenominator() public view virtual returns (uint256) { return 100; } /** * @dev Returns the quorum for a timepoint, in terms of number of votes: `supply * numerator / denominator`. */ function quorum(uint256 timepoint) public view virtual override returns (uint256) { return (token.getPastTotalSupply(timepoint) * quorumNumerator(timepoint)) / quorumDenominator(); } /** * @dev Changes the quorum numerator. * * Emits a {QuorumNumeratorUpdated} event. * * Requirements: * * - Must be called through a governance proposal. * - New numerator must be smaller or equal to the denominator. */ function updateQuorumNumerator(uint256 newQuorumNumerator) external virtual onlyGovernance { _updateQuorumNumerator(newQuorumNumerator); } /** * @dev Changes the quorum numerator. * * Emits a {QuorumNumeratorUpdated} event. * * Requirements: * * - New numerator must be smaller or equal to the denominator. */ function _updateQuorumNumerator(uint256 newQuorumNumerator) internal virtual { require( newQuorumNumerator <= quorumDenominator(), "GovernorVotesQuorumFraction: quorumNumerator over quorumDenominator" ); uint256 oldQuorumNumerator = quorumNumerator(); // Make sure we keep track of the original numerator in contracts upgraded from a version without checkpoints. if (oldQuorumNumerator != 0 && _quorumNumeratorHistory._checkpoints.length == 0) { _quorumNumeratorHistory._checkpoints.push( CheckpointsUpgradeable.Checkpoint224({_key: 0, _value: SafeCastUpgradeable.toUint224(oldQuorumNumerator)}) ); } // Set new quorum for future proposals _quorumNumeratorHistory.push(SafeCastUpgradeable.toUint32(clock()), SafeCastUpgradeable.toUint224(newQuorumNumerator)); emit QuorumNumeratorUpdated(oldQuorumNumerator, newQuorumNumerator); } /** * @dev This empty reserved space is put in place to allow future versions to add new * variables without shifting down storage in the inheritance chain. * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps */ uint256[48] private __gap; }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.9.0) (governance/extensions/GovernorTimelockControl.sol) pragma solidity ^0.8.0; import "./IGovernorTimelockUpgradeable.sol"; import "../GovernorUpgradeable.sol"; import "../TimelockControllerUpgradeable.sol"; import "../../proxy/utils/Initializable.sol"; /** * @dev Extension of {Governor} that binds the execution process to an instance of {TimelockController}. This adds a * delay, enforced by the {TimelockController} to all successful proposal (in addition to the voting duration). The * {Governor} needs the proposer (and ideally the executor) roles for the {Governor} to work properly. * * Using this model means the proposal will be operated by the {TimelockController} and not by the {Governor}. Thus, * the assets and permissions must be attached to the {TimelockController}. Any asset sent to the {Governor} will be * inaccessible. * * WARNING: Setting up the TimelockController to have additional proposers besides the governor is very risky, as it * grants them powers that they must be trusted or known not to use: 1) {onlyGovernance} functions like {relay} are * available to them through the timelock, and 2) approved governance proposals can be blocked by them, effectively * executing a Denial of Service attack. This risk will be mitigated in a future release. * * _Available since v4.3._ */ abstract contract GovernorTimelockControlUpgradeable is Initializable, IGovernorTimelockUpgradeable, GovernorUpgradeable { TimelockControllerUpgradeable private _timelock; mapping(uint256 => bytes32) private _timelockIds; /** * @dev Emitted when the timelock controller used for proposal execution is modified. */ event TimelockChange(address oldTimelock, address newTimelock); /** * @dev Set the timelock. */ function __GovernorTimelockControl_init(TimelockControllerUpgradeable timelockAddress) internal onlyInitializing { __GovernorTimelockControl_init_unchained(timelockAddress); } function __GovernorTimelockControl_init_unchained(TimelockControllerUpgradeable timelockAddress) internal onlyInitializing { _updateTimelock(timelockAddress); } /** * @dev See {IERC165-supportsInterface}. */ function supportsInterface(bytes4 interfaceId) public view virtual override(IERC165Upgradeable, GovernorUpgradeable) returns (bool) { return interfaceId == type(IGovernorTimelockUpgradeable).interfaceId || super.supportsInterface(interfaceId); } /** * @dev Overridden version of the {Governor-state} function with added support for the `Queued` state. */ function state(uint256 proposalId) public view virtual override(IGovernorUpgradeable, GovernorUpgradeable) returns (ProposalState) { ProposalState currentState = super.state(proposalId); if (currentState != ProposalState.Succeeded) { return currentState; } // core tracks execution, so we just have to check if successful proposal have been queued. bytes32 queueid = _timelockIds[proposalId]; if (queueid == bytes32(0)) { return currentState; } else if (_timelock.isOperationDone(queueid)) { return ProposalState.Executed; } else if (_timelock.isOperationPending(queueid)) { return ProposalState.Queued; } else { return ProposalState.Canceled; } } /** * @dev Public accessor to check the address of the timelock */ function timelock() public view virtual override returns (address) { return address(_timelock); } /** * @dev Public accessor to check the eta of a queued proposal */ function proposalEta(uint256 proposalId) public view virtual override returns (uint256) { uint256 eta = _timelock.getTimestamp(_timelockIds[proposalId]); return eta == 1 ? 0 : eta; // _DONE_TIMESTAMP (1) should be replaced with a 0 value } /** * @dev Function to queue a proposal to the timelock. */ function queue( address[] memory targets, uint256[] memory values, bytes[] memory calldatas, bytes32 descriptionHash ) public virtual override returns (uint256) { uint256 proposalId = hashProposal(targets, values, calldatas, descriptionHash); require(state(proposalId) == ProposalState.Succeeded, "Governor: proposal not successful"); uint256 delay = _timelock.getMinDelay(); _timelockIds[proposalId] = _timelock.hashOperationBatch(targets, values, calldatas, 0, descriptionHash); _timelock.scheduleBatch(targets, values, calldatas, 0, descriptionHash, delay); emit ProposalQueued(proposalId, block.timestamp + delay); return proposalId; } /** * @dev Overridden execute function that run the already queued proposal through the timelock. */ function _execute( uint256 /* proposalId */, address[] memory targets, uint256[] memory values, bytes[] memory calldatas, bytes32 descriptionHash ) internal virtual override { _timelock.executeBatch{value: msg.value}(targets, values, calldatas, 0, descriptionHash); } /** * @dev Overridden version of the {Governor-_cancel} function to cancel the timelocked proposal if it as already * been queued. */ // This function can reenter through the external call to the timelock, but we assume the timelock is trusted and // well behaved (according to TimelockController) and this will not happen. // slither-disable-next-line reentrancy-no-eth function _cancel( address[] memory targets, uint256[] memory values, bytes[] memory calldatas, bytes32 descriptionHash ) internal virtual override returns (uint256) { uint256 proposalId = super._cancel(targets, values, calldatas, descriptionHash); if (_timelockIds[proposalId] != 0) { _timelock.cancel(_timelockIds[proposalId]); delete _timelockIds[proposalId]; } return proposalId; } /** * @dev Address through which the governor executes action. In this case, the timelock. */ function _executor() internal view virtual override returns (address) { return address(_timelock); } /** * @dev Public endpoint to update the underlying timelock instance. Restricted to the timelock itself, so updates * must be proposed, scheduled, and executed through governance proposals. * * CAUTION: It is not recommended to change the timelock while there are other queued governance proposals. */ function updateTimelock(TimelockControllerUpgradeable newTimelock) external virtual onlyGovernance { _updateTimelock(newTimelock); } function _updateTimelock(TimelockControllerUpgradeable newTimelock) private { emit TimelockChange(address(_timelock), address(newTimelock)); _timelock = newTimelock; } /** * @dev This empty reserved space is put in place to allow future versions to add new * variables without shifting down storage in the inheritance chain. * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps */ uint256[48] private __gap; }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.8.0) (utils/math/SignedMath.sol) pragma solidity ^0.8.0; /** * @dev Standard signed math utilities missing in the Solidity language. */ library SignedMath { /** * @dev Returns the largest of two signed numbers. */ function max(int256 a, int256 b) internal pure returns (int256) { return a > b ? a : b; } /** * @dev Returns the smallest of two signed numbers. */ function min(int256 a, int256 b) internal pure returns (int256) { return a < b ? a : b; } /** * @dev Returns the average of two signed numbers without overflow. * The result is rounded towards zero. */ function average(int256 a, int256 b) internal pure returns (int256) { // Formula from the book "Hacker's Delight" int256 x = (a & b) + ((a ^ b) >> 1); return x + (int256(uint256(x) >> 255) & (a ^ b)); } /** * @dev Returns the absolute unsigned value of a signed value. */ function abs(int256 n) internal pure returns (uint256) { unchecked { // must be unchecked in order to support `n = type(int256).min` return uint256(n >= 0 ? n : -n); } } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol) pragma solidity ^0.8.1; /** * @dev Collection of functions related to the address type */ library Address { /** * @dev Returns true if `account` is a contract. * * [IMPORTANT] * ==== * It is unsafe to assume that an address for which this function returns * false is an externally-owned account (EOA) and not a contract. * * Among others, `isContract` will return false for the following * types of addresses: * * - an externally-owned account * - a contract in construction * - an address where a contract will be created * - an address where a contract lived, but was destroyed * * Furthermore, `isContract` will also return true if the target contract within * the same transaction is already scheduled for destruction by `SELFDESTRUCT`, * which only has an effect at the end of a transaction. * ==== * * [IMPORTANT] * ==== * You shouldn't rely on `isContract` to protect against flash loan attacks! * * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract * constructor. * ==== */ function isContract(address account) internal view returns (bool) { // This method relies on extcodesize/address.code.length, which returns 0 // for contracts in construction, since the code is only stored at the end // of the constructor execution. return account.code.length > 0; } /** * @dev Replacement for Solidity's `transfer`: sends `amount` wei to * `recipient`, forwarding all available gas and reverting on errors. * * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost * of certain opcodes, possibly making contracts go over the 2300 gas limit * imposed by `transfer`, making them unable to receive funds via * `transfer`. {sendValue} removes this limitation. * * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more]. * * IMPORTANT: because control is transferred to `recipient`, care must be * taken to not create reentrancy vulnerabilities. Consider using * {ReentrancyGuard} or the * https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern]. */ function sendValue(address payable recipient, uint256 amount) internal { require(address(this).balance >= amount, "Address: insufficient balance"); (bool success, ) = recipient.call{value: amount}(""); require(success, "Address: unable to send value, recipient may have reverted"); } /** * @dev Performs a Solidity function call using a low level `call`. A * plain `call` is an unsafe replacement for a function call: use this * function instead. * * If `target` reverts with a revert reason, it is bubbled up by this * function (like regular Solidity function calls). * * Returns the raw returned data. To convert to the expected return value, * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`]. * * Requirements: * * - `target` must be a contract. * - calling `target` with `data` must not revert. * * _Available since v3.1._ */ function functionCall(address target, bytes memory data) internal returns (bytes memory) { return functionCallWithValue(target, data, 0, "Address: low-level call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with * `errorMessage` as a fallback revert reason when `target` reverts. * * _Available since v3.1._ */ function functionCall( address target, bytes memory data, string memory errorMessage ) internal returns (bytes memory) { return functionCallWithValue(target, data, 0, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but also transferring `value` wei to `target`. * * Requirements: * * - the calling contract must have an ETH balance of at least `value`. * - the called Solidity function must be `payable`. * * _Available since v3.1._ */ function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) { return functionCallWithValue(target, data, value, "Address: low-level call with value failed"); } /** * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but * with `errorMessage` as a fallback revert reason when `target` reverts. * * _Available since v3.1._ */ function functionCallWithValue( address target, bytes memory data, uint256 value, string memory errorMessage ) internal returns (bytes memory) { require(address(this).balance >= value, "Address: insufficient balance for call"); (bool success, bytes memory returndata) = target.call{value: value}(data); return verifyCallResultFromTarget(target, success, returndata, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but performing a static call. * * _Available since v3.3._ */ function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) { return functionStaticCall(target, data, "Address: low-level static call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`], * but performing a static call. * * _Available since v3.3._ */ function functionStaticCall( address target, bytes memory data, string memory errorMessage ) internal view returns (bytes memory) { (bool success, bytes memory returndata) = target.staticcall(data); return verifyCallResultFromTarget(target, success, returndata, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but performing a delegate call. * * _Available since v3.4._ */ function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) { return functionDelegateCall(target, data, "Address: low-level delegate call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`], * but performing a delegate call. * * _Available since v3.4._ */ function functionDelegateCall( address target, bytes memory data, string memory errorMessage ) internal returns (bytes memory) { (bool success, bytes memory returndata) = target.delegatecall(data); return verifyCallResultFromTarget(target, success, returndata, errorMessage); } /** * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract. * * _Available since v4.8._ */ function verifyCallResultFromTarget( address target, bool success, bytes memory returndata, string memory errorMessage ) internal view returns (bytes memory) { if (success) { if (returndata.length == 0) { // only check isContract if the call was successful and the return data is empty // otherwise we already know that it was a contract require(isContract(target), "Address: call to non-contract"); } return returndata; } else { _revert(returndata, errorMessage); } } /** * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the * revert reason or using the provided one. * * _Available since v4.3._ */ function verifyCallResult( bool success, bytes memory returndata, string memory errorMessage ) internal pure returns (bytes memory) { if (success) { return returndata; } else { _revert(returndata, errorMessage); } } function _revert(bytes memory returndata, string memory errorMessage) private pure { // Look for revert reason and bubble it up if present if (returndata.length > 0) { // The easiest way to bubble the revert reason is using memory via assembly /// @solidity memory-safe-assembly assembly { let returndata_size := mload(returndata) revert(add(32, returndata), returndata_size) } } else { revert(errorMessage); } } }
// SPDX-License-Identifier: MIT pragma solidity ^0.8.0; import { Hashing } from "./Hashing.sol"; import { Types } from "./Types.sol"; import { RLPWriter } from "./rlp/RLPWriter.sol"; /** * @title Encoding * @notice Encoding handles Kroma's various different encoding schemes. */ library Encoding { /** * @notice RLP encodes the L2 transaction that would be generated when a given deposit is sent * to the L2 system. Useful for searching for a deposit in the L2 system. The * transaction is prefixed with 0x7e to identify its EIP-2718 type. * * @param _tx User deposit transaction to encode. * * @return RLP encoded L2 deposit transaction. */ function encodeDepositTransaction(Types.UserDepositTransaction memory _tx) internal pure returns (bytes memory) { bytes32 source = Hashing.hashDepositSource(_tx.l1BlockHash, _tx.logIndex); bytes[] memory raw = new bytes[](7); raw[0] = RLPWriter.writeBytes(abi.encodePacked(source)); raw[1] = RLPWriter.writeAddress(_tx.from); raw[2] = _tx.isCreation ? RLPWriter.writeBytes("") : RLPWriter.writeAddress(_tx.to); raw[3] = RLPWriter.writeUint(_tx.mint); raw[4] = RLPWriter.writeUint(_tx.value); raw[5] = RLPWriter.writeUint(uint256(_tx.gasLimit)); raw[6] = RLPWriter.writeBytes(_tx.data); return abi.encodePacked(uint8(0x7e), RLPWriter.writeList(raw)); } /** * @notice Encodes the cross domain message based on the version that is encoded into the * message nonce. * * @param _nonce Message nonce with version encoded into the first two bytes. * @param _sender Address of the sender of the message. * @param _target Address of the target of the message. * @param _value ETH value to send to the target. * @param _gasLimit Gas limit to use for the message. * @param _data Data to send with the message. * * @return Encoded cross domain message. */ function encodeCrossDomainMessage( uint256 _nonce, address _sender, address _target, uint256 _value, uint256 _gasLimit, bytes memory _data ) internal pure returns (bytes memory) { (, uint16 version) = decodeVersionedNonce(_nonce); if (version == 0) { return encodeCrossDomainMessageV0(_nonce, _sender, _target, _value, _gasLimit, _data); } else { revert("Encoding: unknown cross domain message version"); } } /** * @notice Encodes a cross domain message based on the V0 (current) encoding. * * @param _nonce Message nonce. * @param _sender Address of the sender of the message. * @param _target Address of the target of the message. * @param _value ETH value to send to the target. * @param _gasLimit Gas limit to use for the message. * @param _data Data to send with the message. * * @return Encoded cross domain message. */ function encodeCrossDomainMessageV0( uint256 _nonce, address _sender, address _target, uint256 _value, uint256 _gasLimit, bytes memory _data ) internal pure returns (bytes memory) { return abi.encodeWithSignature( "relayMessage(uint256,address,address,uint256,uint256,bytes)", _nonce, _sender, _target, _value, _gasLimit, _data ); } /** * @notice Adds a version number into the first two bytes of a message nonce. * * @param _nonce Message nonce to encode into. * @param _version Version number to encode into the message nonce. * * @return Message nonce with version encoded into the first two bytes. */ function encodeVersionedNonce(uint240 _nonce, uint16 _version) internal pure returns (uint256) { uint256 nonce; assembly { nonce := or(shl(240, _version), _nonce) } return nonce; } /** * @notice Pulls the version out of a version-encoded nonce. * * @param _nonce Message nonce with version encoded into the first two bytes. * * @return Nonce without encoded version. * @return Version of the message. */ function decodeVersionedNonce(uint256 _nonce) internal pure returns (uint240, uint16) { uint240 nonce; uint16 version; assembly { nonce := and(_nonce, 0x0000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff) version := shr(240, _nonce) } return (nonce, version); } }
// SPDX-License-Identifier: MIT pragma solidity ^0.8.0; /** * @custom:attribution https://github.com/bakaoh/solidity-rlp-encode * @title RLPWriter * @author RLPWriter is a library for encoding Solidity types to RLP bytes. Adapted from Bakaoh's * RLPEncode library (https://github.com/bakaoh/solidity-rlp-encode) with minor * modifications to improve legibility. */ library RLPWriter { /** * @notice RLP encodes a byte string. * * @param _in The byte string to encode. * * @return The RLP encoded string in bytes. */ function writeBytes(bytes memory _in) internal pure returns (bytes memory) { bytes memory encoded; if (_in.length == 1 && uint8(_in[0]) < 128) { encoded = _in; } else { encoded = abi.encodePacked(_writeLength(_in.length, 128), _in); } return encoded; } /** * @notice RLP encodes a list of RLP encoded byte byte strings. * * @param _in The list of RLP encoded byte strings. * * @return The RLP encoded list of items in bytes. */ function writeList(bytes[] memory _in) internal pure returns (bytes memory) { bytes memory list = _flatten(_in); return abi.encodePacked(_writeLength(list.length, 192), list); } /** * @notice RLP encodes a string. * * @param _in The string to encode. * * @return The RLP encoded string in bytes. */ function writeString(string memory _in) internal pure returns (bytes memory) { return writeBytes(bytes(_in)); } /** * @notice RLP encodes an address. * * @param _in The address to encode. * * @return The RLP encoded address in bytes. */ function writeAddress(address _in) internal pure returns (bytes memory) { return writeBytes(abi.encodePacked(_in)); } /** * @notice RLP encodes a uint. * * @param _in The uint256 to encode. * * @return The RLP encoded uint256 in bytes. */ function writeUint(uint256 _in) internal pure returns (bytes memory) { return writeBytes(_toBinary(_in)); } /** * @notice RLP encodes a bool. * * @param _in The bool to encode. * * @return The RLP encoded bool in bytes. */ function writeBool(bool _in) internal pure returns (bytes memory) { bytes memory encoded = new bytes(1); encoded[0] = (_in ? bytes1(0x01) : bytes1(0x80)); return encoded; } /** * @notice Encode the first byte and then the `len` in binary form if `length` is more than 55. * * @param _len The length of the string or the payload. * @param _offset 128 if item is string, 192 if item is list. * * @return RLP encoded bytes. */ function _writeLength(uint256 _len, uint256 _offset) private pure returns (bytes memory) { bytes memory encoded; if (_len < 56) { encoded = new bytes(1); encoded[0] = bytes1(uint8(_len) + uint8(_offset)); } else { uint256 lenLen; uint256 i = 1; while (_len / i != 0) { lenLen++; i *= 256; } encoded = new bytes(lenLen + 1); encoded[0] = bytes1(uint8(lenLen) + uint8(_offset) + 55); for (i = 1; i <= lenLen; i++) { encoded[i] = bytes1(uint8((_len / (256**(lenLen - i))) % 256)); } } return encoded; } /** * @notice Encode integer in big endian binary form with no leading zeroes. * * @param _x The integer to encode. * * @return RLP encoded bytes. */ function _toBinary(uint256 _x) private pure returns (bytes memory) { bytes memory b = abi.encodePacked(_x); uint256 i = 0; for (; i < 32; i++) { if (b[i] != 0) { break; } } bytes memory res = new bytes(32 - i); for (uint256 j = 0; j < res.length; j++) { res[j] = b[i++]; } return res; } /** * @custom:attribution https://github.com/Arachnid/solidity-stringutils * @notice Copies a piece of memory to another location. * * @param _dest Destination location. * @param _src Source location. * @param _len Length of memory to copy. */ function _memcpy( uint256 _dest, uint256 _src, uint256 _len ) private pure { uint256 dest = _dest; uint256 src = _src; uint256 len = _len; for (; len >= 32; len -= 32) { assembly { mstore(dest, mload(src)) } dest += 32; src += 32; } uint256 mask; unchecked { mask = 256**(32 - len) - 1; } assembly { let srcpart := and(mload(src), not(mask)) let destpart := and(mload(dest), mask) mstore(dest, or(destpart, srcpart)) } } /** * @custom:attribution https://github.com/sammayo/solidity-rlp-encoder * @notice Flattens a list of byte strings into one byte string. * * @param _list List of byte strings to flatten. * * @return The flattened byte string. */ function _flatten(bytes[] memory _list) private pure returns (bytes memory) { if (_list.length == 0) { return new bytes(0); } uint256 len; uint256 i = 0; for (; i < _list.length; i++) { len += _list[i].length; } bytes memory flattened = new bytes(len); uint256 flattenedPtr; assembly { flattenedPtr := add(flattened, 0x20) } for (i = 0; i < _list.length; i++) { bytes memory item = _list[i]; uint256 listPtr; assembly { listPtr := add(item, 0x20) } _memcpy(flattenedPtr, listPtr, item.length); flattenedPtr += _list[i].length; } return flattened; } }
// SPDX-License-Identifier: MIT pragma solidity ^0.8.0; import { ResourceMetering } from "../L1/ResourceMetering.sol"; /** * @title Constants * @notice Constants is a library for storing constants. Simple! Don't put everything in here, just * the stuff used in multiple contracts. Constants that only apply to a single contract * should be defined in that contract instead. */ library Constants { /** * @notice Special address to be used as the tx origin for gas estimation calls in the * KromaPortal and CrossDomainMessenger calls. You only need to use this address if * the minimum gas limit specified by the user is not actually enough to execute the * given message and you're attempting to estimate the actual necessary gas limit. We * use address(1) because it's the ecrecover precompile and therefore guaranteed to * never have any code on any EVM chain. */ address internal constant ESTIMATION_ADDRESS = address(1); /** * @notice Value used for the L2 sender storage slot in both the KromaPortal and the * CrossDomainMessenger contracts before an actual sender is set. This value is * non-zero to reduce the gas cost of message passing transactions. */ address internal constant DEFAULT_L2_SENDER = 0x000000000000000000000000000000000000dEaD; /** * @notice Returns the default values for the ResourceConfig. These are the recommended values * for a production network. */ function DEFAULT_RESOURCE_CONFIG() internal pure returns (ResourceMetering.ResourceConfig memory) { ResourceMetering.ResourceConfig memory config = ResourceMetering.ResourceConfig({ maxResourceLimit: 20_000_000, elasticityMultiplier: 10, baseFeeMaxChangeDenominator: 8, minimumBaseFee: 1 gwei, systemTxMaxGas: 1_000_000, maximumBaseFee: type(uint128).max }); return config; } /** * @notice The denominator of the validator reward. * DO NOT change this value if the L2 chain is already operational. */ uint256 internal constant VALIDATOR_REWARD_DENOMINATOR = 10000; /** * @notice An address that identifies that current submission round is a public round. */ address internal constant VALIDATOR_PUBLIC_ROUND_ADDRESS = address(type(uint160).max); }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { ReentrancyGuardUpgradeable } from "@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol"; import { Math } from "@openzeppelin/contracts/utils/math/Math.sol"; import { Constants } from "../libraries/Constants.sol"; import { Predeploys } from "../libraries/Predeploys.sol"; import { SafeCall } from "../libraries/SafeCall.sol"; import { Types } from "../libraries/Types.sol"; import { Semver } from "../universal/Semver.sol"; import { ValidatorRewardVault } from "../L2/ValidatorRewardVault.sol"; import { KromaPortal } from "./KromaPortal.sol"; import { L2OutputOracle } from "./L2OutputOracle.sol"; /** * @custom:proxied * @title ValidatorPool * @notice The ValidatorPool determines whether the validator is present and manages the validator's deposit. */ contract ValidatorPool is ReentrancyGuardUpgradeable, Semver { /** * @notice The gas limit to use when rewarding validator in the ValidatorRewardVault on L2. * This value is measured through simulation. */ uint64 public constant VAULT_REWARD_GAS_LIMIT = 100000; /** * @notice The numerator of the tax. */ uint128 public constant TAX_NUMERATOR = 20; /** * @notice The denominator of the tax. */ uint128 public constant TAX_DENOMINATOR = 100; /** * @notice The address of the L2OutputOracle contract. Can be updated via upgrade. */ L2OutputOracle public immutable L2_ORACLE; /** * @notice The address of the KromaPortal contract. Can be updated via upgrade. */ KromaPortal public immutable PORTAL; /** * @notice The address of the SecurityCouncil contract. Can be updated via upgrade. */ address public immutable SECURITY_COUNCIL; /** * @notice The address of the trusted validator. Can be updated via upgrade. */ address public immutable TRUSTED_VALIDATOR; /** * @notice The required bond amount. Can be updated via upgrade. */ uint128 public immutable REQUIRED_BOND_AMOUNT; /** * @notice The max number of unbonds when trying unbond. */ uint256 public immutable MAX_UNBOND; /** * @notice The duration of a submission round for one output (in seconds). * Note that there are two submission rounds for an output: PRIORITY ROUND and PUBLIC ROUND. */ uint256 public immutable ROUND_DURATION; /** * @notice A mapping of balances. */ mapping(address => uint256) internal balances; /** * @notice The bond corresponding to a specific output index. */ mapping(uint256 => Types.Bond) internal bonds; /** * @notice The output index to unbond next. */ uint256 internal nextUnbondOutputIndex; /** * @notice An array of validator addresses. */ address[] internal validators; /** * @notice The index of the specific address in the validator array. */ mapping(address => uint256) internal validatorIndexes; /** * @notice Address of the next validator with priority for submitting output. */ address internal nextPriorityValidator; /** * @notice A mapping of pending bonds that have not yet been included in a bond. */ mapping(uint256 => mapping(address => uint128)) internal pendingBonds; /** * @notice Emitted when a validator bonds. * * @param submitter Address of submitter. * @param outputIndex Index of the L2 checkpoint output index. * @param amount Amount of bonded. * @param expiresAt The expiration timestamp of bond. */ event Bonded( address indexed submitter, uint256 indexed outputIndex, uint128 amount, uint128 expiresAt ); /** * @notice Emitted when the pending bond is added. * * @param outputIndex Index of the L2 checkpoint output. * @param challenger Address of the challenger. * @param amount Amount of bond added. */ event PendingBondAdded(uint256 indexed outputIndex, address indexed challenger, uint128 amount); /** * @notice Emitted when the bond is increased. * * @param outputIndex Index of the L2 checkpoint output. * @param challenger Address of the challenger. * @param amount Amount of bond increased. */ event BondIncreased(uint256 indexed outputIndex, address indexed challenger, uint128 amount); /** * @notice Emitted when the pending bond is released(refunded). * * @param outputIndex Index of the L2 checkpoint output. * @param challenger Address of the challenger. * @param recipient Address to receive amount from a pending bond. * @param amount Amount of bond released. */ event PendingBondReleased( uint256 indexed outputIndex, address indexed challenger, address indexed recipient, uint128 amount ); /** * @notice Emitted when a validator unbonds. * * @param outputIndex Index of the L2 checkpoint output. * @param recipient Address of the recipient. * @param amount Amount of unbonded. */ event Unbonded(uint256 indexed outputIndex, address indexed recipient, uint128 amount); /** * @notice A modifier that only allows the Colosseum contract to call */ modifier onlyColosseum() { require(msg.sender == L2_ORACLE.COLOSSEUM(), "ValidatorPool: sender is not Colosseum"); _; } /** * @custom:semver 1.0.1 * * @param _l2OutputOracle Address of the L2OutputOracle. * @param _portal Address of the KromaPortal. * @param _securityCouncil Address of the security council. * @param _trustedValidator Address of the trusted validator. * @param _requiredBondAmount The required bond amount. * @param _maxUnbond The max number of unbonds when trying unbond. * @param _roundDuration The duration of one submission round in seconds. */ constructor( L2OutputOracle _l2OutputOracle, KromaPortal _portal, address _securityCouncil, address _trustedValidator, uint256 _requiredBondAmount, uint256 _maxUnbond, uint256 _roundDuration ) Semver(1, 0, 1) { L2_ORACLE = _l2OutputOracle; PORTAL = _portal; SECURITY_COUNCIL = _securityCouncil; TRUSTED_VALIDATOR = _trustedValidator; REQUIRED_BOND_AMOUNT = uint128(_requiredBondAmount); MAX_UNBOND = _maxUnbond; // Note that this value MUST be (SUBMISSION_INTERVAL * L2_BLOCK_TIME) / 2. ROUND_DURATION = _roundDuration; initialize(); } /** * @notice Initializer. */ function initialize() public initializer { __ReentrancyGuard_init_unchained(); } /** * @notice Deposit ETH to be used as bond. */ function deposit() external payable { _increaseBalance(msg.sender, msg.value); } /** * @notice Withdraw a given amount. * * @param _amount Amount to withdraw. */ function withdraw(uint256 _amount) external nonReentrant { _decreaseBalance(msg.sender, _amount); bool success = SafeCall.call(msg.sender, gasleft(), _amount, ""); require(success, "ValidatorPool: ETH transfer failed"); } /** * @notice Bond asset corresponding to the given output index. * This function is called when submitting output. * * @param _outputIndex Index of the L2 checkpoint output. * @param _expiresAt The expiration timestamp of bond. */ function createBond(uint256 _outputIndex, uint128 _expiresAt) external { require(msg.sender == address(L2_ORACLE), "ValidatorPool: sender is not L2OutputOracle"); Types.Bond storage bond = bonds[_outputIndex]; require( bond.expiresAt == 0, "ValidatorPool: bond of the given output index already exists" ); // Unbond the bond of nextUnbondOutputIndex if available. _tryUnbond(); address submitter = L2_ORACLE.getSubmitter(_outputIndex); _decreaseBalance(submitter, REQUIRED_BOND_AMOUNT); bond.amount = REQUIRED_BOND_AMOUNT; bond.expiresAt = _expiresAt; emit Bonded(submitter, _outputIndex, REQUIRED_BOND_AMOUNT, _expiresAt); // Select the next priority validator _updatePriorityValidator(); } /** * @notice Adds a pending bond to the challenge corresponding to the given output index and challenger address. * The pending bond is added to the bond when the challenge is proven or challenger is timed out, * or refunded when the challenge is canceled. * * @param _outputIndex Index of the L2 checkpoint output. * @param _challenger Address of the challenger. */ function addPendingBond(uint256 _outputIndex, address _challenger) external onlyColosseum { Types.Bond storage bond = bonds[_outputIndex]; require( bond.expiresAt >= block.timestamp, "ValidatorPool: the output is already finalized" ); _decreaseBalance(_challenger, REQUIRED_BOND_AMOUNT); pendingBonds[_outputIndex][_challenger] = REQUIRED_BOND_AMOUNT; emit PendingBondAdded(_outputIndex, _challenger, REQUIRED_BOND_AMOUNT); } /** * @notice Releases the corresponding pending bond to the given output index and challenger address * if a challenge is canceled. * * @param _outputIndex Index of the L2 checkpoint output. * @param _challenger Address of the challenger. * @param _recipient Address to receive amount from a pending bond. */ function releasePendingBond( uint256 _outputIndex, address _challenger, address _recipient ) external onlyColosseum { uint128 bonded = pendingBonds[_outputIndex][_challenger]; require(bonded > 0, "ValidatorPool: the pending bond does not exist"); delete pendingBonds[_outputIndex][_challenger]; _increaseBalance(_recipient, bonded); emit PendingBondReleased(_outputIndex, _challenger, _recipient, bonded); } /** * @notice Increases the bond amount corresponding to the given output index by the pending bond amount. * This is when taxes are charged, and note that taxes are a means of preventing collusive attacks by * the asserter and challenger. * * @param _outputIndex Index of the L2 checkpoint output. * @param _challenger Address of the challenger. */ function increaseBond(uint256 _outputIndex, address _challenger) external onlyColosseum { Types.Bond storage bond = bonds[_outputIndex]; require( bond.expiresAt >= block.timestamp, "ValidatorPool: the output is already finalized" ); uint128 pendingBond = pendingBonds[_outputIndex][_challenger]; require(pendingBond > 0, "ValidatorPool: the pending bond does not exist"); uint128 tax = (pendingBond * TAX_NUMERATOR) / TAX_DENOMINATOR; uint128 increased = pendingBond - tax; delete pendingBonds[_outputIndex][_challenger]; unchecked { bond.amount += increased; balances[SECURITY_COUNCIL] += tax; } emit BondIncreased(_outputIndex, _challenger, increased); } /** * @notice Attempt to unbond. Reverts if unbond is not possible. */ function unbond() external { bool released = _tryUnbond(); require(released, "ValidatorPool: no bond that can be unbond"); } /** * @notice Attempts to unbond starting from nextUnbondOutputIndex and returns whether at least * one unbond is executed. Tries unbond at most MAX_UNBOND number of bonds and sends * a reward message to L2 for each unbond. * * @return Whether at least one unbond is executed. */ function _tryUnbond() private returns (bool) { uint256 outputIndex = nextUnbondOutputIndex; uint128 bondAmount; Types.Bond storage bond; Types.CheckpointOutput memory output; uint256 unbondedNum = 0; for (; unbondedNum < MAX_UNBOND; ) { bond = bonds[outputIndex]; bondAmount = bond.amount; if (block.timestamp >= bond.expiresAt && bondAmount > 0) { delete bonds[outputIndex]; output = L2_ORACLE.getL2Output(outputIndex); _increaseBalance(output.submitter, bondAmount); emit Unbonded(outputIndex, output.submitter, bondAmount); // Send reward message to L2 ValidatorRewardVault. _sendRewardMessageToL2Vault(output); unchecked { ++unbondedNum; ++outputIndex; } } else { break; } } if (unbondedNum > 0) { unchecked { nextUnbondOutputIndex = outputIndex; } return true; } return false; } /** * @notice Updates next priority validator address. */ function _updatePriorityValidator() private { uint256 len = validators.length; if (len > 0 && nextUnbondOutputIndex > 0) { // TODO(pangssu): improve next validator selection Types.CheckpointOutput memory output = L2_ORACLE.getL2Output(nextUnbondOutputIndex - 1); uint256 validatorIndex = uint256( keccak256( abi.encodePacked( output.outputRoot, block.number, block.coinbase, block.difficulty, blockhash(block.number - 1) ) ) ) % len; nextPriorityValidator = validators[validatorIndex]; } else { nextPriorityValidator = address(0); } } /** * @notice Sends reward message to ValidatorRewardVault contract on L2 using Portal. * * @param _output The finalized output. */ function _sendRewardMessageToL2Vault(Types.CheckpointOutput memory _output) private { // Pay out rewards via L2 Vault now that the output is finalized. PORTAL.depositTransactionByValidatorPool( Predeploys.VALIDATOR_REWARD_VAULT, VAULT_REWARD_GAS_LIMIT, abi.encodeWithSelector( ValidatorRewardVault.reward.selector, _output.submitter, _output.l2BlockNumber ) ); } /** * @notice Increases the balance of the given address. If the balance is greater than the required bond amount, * add the given address to the validator set. * * @param _validator Address to increase the balance. * @param _amount Amount of balance increased. */ function _increaseBalance(address _validator, uint256 _amount) private { uint256 balance = balances[_validator] + _amount; if (balance >= REQUIRED_BOND_AMOUNT && !isValidator(_validator)) { if (_validator != SECURITY_COUNCIL) { validatorIndexes[_validator] = validators.length; validators.push(_validator); } } balances[_validator] = balance; } /** * @notice Deceases the balance of the given address. If the balance is less than the required bond amount, * remove the given address from the validator set. * * @param _validator Address to decrease the balance. * @param _amount Amount of balance decreased. */ function _decreaseBalance(address _validator, uint256 _amount) private { uint256 balance = balances[_validator]; require(balance >= _amount, "ValidatorPool: insufficient balances"); balance = balance - _amount; if (balance < REQUIRED_BOND_AMOUNT && isValidator(_validator)) { uint256 lastValidatorIndex = validators.length - 1; if (lastValidatorIndex > 0) { uint256 validatorIndex = validatorIndexes[_validator]; address lastValidator = validators[lastValidatorIndex]; validators[validatorIndex] = lastValidator; validatorIndexes[lastValidator] = validatorIndex; } delete validatorIndexes[_validator]; validators.pop(); } balances[_validator] = balance; } /** * @notice Returns the bond corresponding to the output index. Reverts if the bond does not exist. * * @param _outputIndex Index of the L2 checkpoint output. * * @return The bond data. */ function getBond(uint256 _outputIndex) external view returns (Types.Bond memory) { Types.Bond storage bond = bonds[_outputIndex]; require(bond.amount > 0 && bond.expiresAt > 0, "ValidatorPool: the bond does not exist"); return bond; } /** * @notice Returns the pending bond corresponding to the output index and challenger address. * Reverts if the pending bond does not exist. * * @param _outputIndex Index of the L2 checkpoint output. * @param _challenger Address of the challenger. * * @return Amount of the pending bond. */ function getPendingBond(uint256 _outputIndex, address _challenger) external view returns (uint128) { uint128 pendingBond = pendingBonds[_outputIndex][_challenger]; require(pendingBond > 0, "ValidatorPool: the pending bond does not exist"); return pendingBond; } /** * @notice Returns the balance of given address. * * @param _addr Address of validator. * * @return Balance of given address. */ function balanceOf(address _addr) external view returns (uint256) { return balances[_addr]; } /** * @notice Determines whether the given address is an active validator. * * @param _addr Address of validator. * * @return Whether the given address is an active validator. */ function isValidator(address _addr) public view returns (bool) { if (validators.length == 0) { return false; } else if (_addr == address(0)) { return false; } uint256 index = validatorIndexes[_addr]; return validators[index] == _addr; } /** * @notice Returns the number of validators. * * @return The number of validators. */ function validatorCount() external view returns (uint256) { return validators.length; } /** * @notice Determines who can submit the L2 output next. * * @return The address of the validator. */ function nextValidator() public view returns (address) { if (nextPriorityValidator != address(0)) { uint256 l2BlockNumber = L2_ORACLE.nextBlockNumber(); uint256 l2Timestamp = L2_ORACLE.computeL2Timestamp(l2BlockNumber + 1); if (block.timestamp >= l2Timestamp) { uint256 elapsed = block.timestamp - l2Timestamp; // If the current time exceeds one round time, it is a public round. if (elapsed > ROUND_DURATION) { return Constants.VALIDATOR_PUBLIC_ROUND_ADDRESS; } } return nextPriorityValidator; } else { return TRUSTED_VALIDATOR; } } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol) pragma solidity ^0.8.1; /** * @dev Collection of functions related to the address type */ library AddressUpgradeable { /** * @dev Returns true if `account` is a contract. * * [IMPORTANT] * ==== * It is unsafe to assume that an address for which this function returns * false is an externally-owned account (EOA) and not a contract. * * Among others, `isContract` will return false for the following * types of addresses: * * - an externally-owned account * - a contract in construction * - an address where a contract will be created * - an address where a contract lived, but was destroyed * * Furthermore, `isContract` will also return true if the target contract within * the same transaction is already scheduled for destruction by `SELFDESTRUCT`, * which only has an effect at the end of a transaction. * ==== * * [IMPORTANT] * ==== * You shouldn't rely on `isContract` to protect against flash loan attacks! * * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract * constructor. * ==== */ function isContract(address account) internal view returns (bool) { // This method relies on extcodesize/address.code.length, which returns 0 // for contracts in construction, since the code is only stored at the end // of the constructor execution. return account.code.length > 0; } /** * @dev Replacement for Solidity's `transfer`: sends `amount` wei to * `recipient`, forwarding all available gas and reverting on errors. * * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost * of certain opcodes, possibly making contracts go over the 2300 gas limit * imposed by `transfer`, making them unable to receive funds via * `transfer`. {sendValue} removes this limitation. * * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more]. * * IMPORTANT: because control is transferred to `recipient`, care must be * taken to not create reentrancy vulnerabilities. Consider using * {ReentrancyGuard} or the * https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern]. */ function sendValue(address payable recipient, uint256 amount) internal { require(address(this).balance >= amount, "Address: insufficient balance"); (bool success, ) = recipient.call{value: amount}(""); require(success, "Address: unable to send value, recipient may have reverted"); } /** * @dev Performs a Solidity function call using a low level `call`. A * plain `call` is an unsafe replacement for a function call: use this * function instead. * * If `target` reverts with a revert reason, it is bubbled up by this * function (like regular Solidity function calls). * * Returns the raw returned data. To convert to the expected return value, * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`]. * * Requirements: * * - `target` must be a contract. * - calling `target` with `data` must not revert. * * _Available since v3.1._ */ function functionCall(address target, bytes memory data) internal returns (bytes memory) { return functionCallWithValue(target, data, 0, "Address: low-level call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with * `errorMessage` as a fallback revert reason when `target` reverts. * * _Available since v3.1._ */ function functionCall( address target, bytes memory data, string memory errorMessage ) internal returns (bytes memory) { return functionCallWithValue(target, data, 0, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but also transferring `value` wei to `target`. * * Requirements: * * - the calling contract must have an ETH balance of at least `value`. * - the called Solidity function must be `payable`. * * _Available since v3.1._ */ function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) { return functionCallWithValue(target, data, value, "Address: low-level call with value failed"); } /** * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but * with `errorMessage` as a fallback revert reason when `target` reverts. * * _Available since v3.1._ */ function functionCallWithValue( address target, bytes memory data, uint256 value, string memory errorMessage ) internal returns (bytes memory) { require(address(this).balance >= value, "Address: insufficient balance for call"); (bool success, bytes memory returndata) = target.call{value: value}(data); return verifyCallResultFromTarget(target, success, returndata, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but performing a static call. * * _Available since v3.3._ */ function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) { return functionStaticCall(target, data, "Address: low-level static call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`], * but performing a static call. * * _Available since v3.3._ */ function functionStaticCall( address target, bytes memory data, string memory errorMessage ) internal view returns (bytes memory) { (bool success, bytes memory returndata) = target.staticcall(data); return verifyCallResultFromTarget(target, success, returndata, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but performing a delegate call. * * _Available since v3.4._ */ function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) { return functionDelegateCall(target, data, "Address: low-level delegate call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`], * but performing a delegate call. * * _Available since v3.4._ */ function functionDelegateCall( address target, bytes memory data, string memory errorMessage ) internal returns (bytes memory) { (bool success, bytes memory returndata) = target.delegatecall(data); return verifyCallResultFromTarget(target, success, returndata, errorMessage); } /** * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract. * * _Available since v4.8._ */ function verifyCallResultFromTarget( address target, bool success, bytes memory returndata, string memory errorMessage ) internal view returns (bytes memory) { if (success) { if (returndata.length == 0) { // only check isContract if the call was successful and the return data is empty // otherwise we already know that it was a contract require(isContract(target), "Address: call to non-contract"); } return returndata; } else { _revert(returndata, errorMessage); } } /** * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the * revert reason or using the provided one. * * _Available since v4.3._ */ function verifyCallResult( bool success, bytes memory returndata, string memory errorMessage ) internal pure returns (bytes memory) { if (success) { return returndata; } else { _revert(returndata, errorMessage); } } function _revert(bytes memory returndata, string memory errorMessage) private pure { // Look for revert reason and bubble it up if present if (returndata.length > 0) { // The easiest way to bubble the revert reason is using memory via assembly /// @solidity memory-safe-assembly assembly { let returndata_size := mload(returndata) revert(add(32, returndata), returndata_size) } } else { revert(errorMessage); } } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.6.0) (token/ERC721/IERC721Receiver.sol) pragma solidity ^0.8.0; /** * @title ERC721 token receiver interface * @dev Interface for any contract that wants to support safeTransfers * from ERC721 asset contracts. */ interface IERC721ReceiverUpgradeable { /** * @dev Whenever an {IERC721} `tokenId` token is transferred to this contract via {IERC721-safeTransferFrom} * by `operator` from `from`, this function is called. * * It must return its Solidity selector to confirm the token transfer. * If any other value is returned or the interface is not implemented by the recipient, the transfer will be reverted. * * The selector can be obtained in Solidity with `IERC721Receiver.onERC721Received.selector`. */ function onERC721Received( address operator, address from, uint256 tokenId, bytes calldata data ) external returns (bytes4); }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.5.0) (token/ERC1155/IERC1155Receiver.sol) pragma solidity ^0.8.0; import "../../utils/introspection/IERC165Upgradeable.sol"; /** * @dev _Available since v3.1._ */ interface IERC1155ReceiverUpgradeable is IERC165Upgradeable { /** * @dev Handles the receipt of a single ERC1155 token type. This function is * called at the end of a `safeTransferFrom` after the balance has been updated. * * NOTE: To accept the transfer, this must return * `bytes4(keccak256("onERC1155Received(address,address,uint256,uint256,bytes)"))` * (i.e. 0xf23a6e61, or its own function selector). * * @param operator The address which initiated the transfer (i.e. msg.sender) * @param from The address which previously owned the token * @param id The ID of the token being transferred * @param value The amount of tokens being transferred * @param data Additional data with no specified format * @return `bytes4(keccak256("onERC1155Received(address,address,uint256,uint256,bytes)"))` if transfer is allowed */ function onERC1155Received( address operator, address from, uint256 id, uint256 value, bytes calldata data ) external returns (bytes4); /** * @dev Handles the receipt of a multiple ERC1155 token types. This function * is called at the end of a `safeBatchTransferFrom` after the balances have * been updated. * * NOTE: To accept the transfer(s), this must return * `bytes4(keccak256("onERC1155BatchReceived(address,address,uint256[],uint256[],bytes)"))` * (i.e. 0xbc197c81, or its own function selector). * * @param operator The address which initiated the batch transfer (i.e. msg.sender) * @param from The address which previously owned the token * @param ids An array containing ids of each token being transferred (order and length must match values array) * @param values An array containing amounts of each token being transferred (order and length must match ids array) * @param data Additional data with no specified format * @return `bytes4(keccak256("onERC1155BatchReceived(address,address,uint256[],uint256[],bytes)"))` if transfer is allowed */ function onERC1155BatchReceived( address operator, address from, uint256[] calldata ids, uint256[] calldata values, bytes calldata data ) external returns (bytes4); }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/ECDSA.sol) pragma solidity ^0.8.0; import "../StringsUpgradeable.sol"; /** * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations. * * These functions can be used to verify that a message was signed by the holder * of the private keys of a given address. */ library ECDSAUpgradeable { enum RecoverError { NoError, InvalidSignature, InvalidSignatureLength, InvalidSignatureS, InvalidSignatureV // Deprecated in v4.8 } function _throwError(RecoverError error) private pure { if (error == RecoverError.NoError) { return; // no error: do nothing } else if (error == RecoverError.InvalidSignature) { revert("ECDSA: invalid signature"); } else if (error == RecoverError.InvalidSignatureLength) { revert("ECDSA: invalid signature length"); } else if (error == RecoverError.InvalidSignatureS) { revert("ECDSA: invalid signature 's' value"); } } /** * @dev Returns the address that signed a hashed message (`hash`) with * `signature` or error string. This address can then be used for verification purposes. * * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures: * this function rejects them by requiring the `s` value to be in the lower * half order, and the `v` value to be either 27 or 28. * * IMPORTANT: `hash` _must_ be the result of a hash operation for the * verification to be secure: it is possible to craft signatures that * recover to arbitrary addresses for non-hashed data. A safe way to ensure * this is by receiving a hash of the original message (which may otherwise * be too long), and then calling {toEthSignedMessageHash} on it. * * Documentation for signature generation: * - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js] * - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers] * * _Available since v4.3._ */ function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError) { if (signature.length == 65) { bytes32 r; bytes32 s; uint8 v; // ecrecover takes the signature parameters, and the only way to get them // currently is to use assembly. /// @solidity memory-safe-assembly assembly { r := mload(add(signature, 0x20)) s := mload(add(signature, 0x40)) v := byte(0, mload(add(signature, 0x60))) } return tryRecover(hash, v, r, s); } else { return (address(0), RecoverError.InvalidSignatureLength); } } /** * @dev Returns the address that signed a hashed message (`hash`) with * `signature`. This address can then be used for verification purposes. * * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures: * this function rejects them by requiring the `s` value to be in the lower * half order, and the `v` value to be either 27 or 28. * * IMPORTANT: `hash` _must_ be the result of a hash operation for the * verification to be secure: it is possible to craft signatures that * recover to arbitrary addresses for non-hashed data. A safe way to ensure * this is by receiving a hash of the original message (which may otherwise * be too long), and then calling {toEthSignedMessageHash} on it. */ function recover(bytes32 hash, bytes memory signature) internal pure returns (address) { (address recovered, RecoverError error) = tryRecover(hash, signature); _throwError(error); return recovered; } /** * @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately. * * See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures] * * _Available since v4.3._ */ function tryRecover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address, RecoverError) { bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff); uint8 v = uint8((uint256(vs) >> 255) + 27); return tryRecover(hash, v, r, s); } /** * @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately. * * _Available since v4.2._ */ function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) { (address recovered, RecoverError error) = tryRecover(hash, r, vs); _throwError(error); return recovered; } /** * @dev Overload of {ECDSA-tryRecover} that receives the `v`, * `r` and `s` signature fields separately. * * _Available since v4.3._ */ function tryRecover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address, RecoverError) { // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines // the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most // signatures from current libraries generate a unique signature with an s-value in the lower half order. // // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept // these malleable signatures as well. if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) { return (address(0), RecoverError.InvalidSignatureS); } // If the signature is valid (and not malleable), return the signer address address signer = ecrecover(hash, v, r, s); if (signer == address(0)) { return (address(0), RecoverError.InvalidSignature); } return (signer, RecoverError.NoError); } /** * @dev Overload of {ECDSA-recover} that receives the `v`, * `r` and `s` signature fields separately. */ function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) { (address recovered, RecoverError error) = tryRecover(hash, v, r, s); _throwError(error); return recovered; } /** * @dev Returns an Ethereum Signed Message, created from a `hash`. This * produces hash corresponding to the one signed with the * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`] * JSON-RPC method as part of EIP-191. * * See {recover}. */ function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32 message) { // 32 is the length in bytes of hash, // enforced by the type signature above /// @solidity memory-safe-assembly assembly { mstore(0x00, "\x19Ethereum Signed Message:\n32") mstore(0x1c, hash) message := keccak256(0x00, 0x3c) } } /** * @dev Returns an Ethereum Signed Message, created from `s`. This * produces hash corresponding to the one signed with the * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`] * JSON-RPC method as part of EIP-191. * * See {recover}. */ function toEthSignedMessageHash(bytes memory s) internal pure returns (bytes32) { return keccak256(abi.encodePacked("\x19Ethereum Signed Message:\n", StringsUpgradeable.toString(s.length), s)); } /** * @dev Returns an Ethereum Signed Typed Data, created from a * `domainSeparator` and a `structHash`. This produces hash corresponding * to the one signed with the * https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`] * JSON-RPC method as part of EIP-712. * * See {recover}. */ function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 data) { /// @solidity memory-safe-assembly assembly { let ptr := mload(0x40) mstore(ptr, "\x19\x01") mstore(add(ptr, 0x02), domainSeparator) mstore(add(ptr, 0x22), structHash) data := keccak256(ptr, 0x42) } } /** * @dev Returns an Ethereum Signed Data with intended validator, created from a * `validator` and `data` according to the version 0 of EIP-191. * * See {recover}. */ function toDataWithIntendedValidatorHash(address validator, bytes memory data) internal pure returns (bytes32) { return keccak256(abi.encodePacked("\x19\x00", validator, data)); } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/EIP712.sol) pragma solidity ^0.8.8; import "./ECDSAUpgradeable.sol"; import "../../interfaces/IERC5267Upgradeable.sol"; import "../../proxy/utils/Initializable.sol"; /** * @dev https://eips.ethereum.org/EIPS/eip-712[EIP 712] is a standard for hashing and signing of typed structured data. * * The encoding specified in the EIP is very generic, and such a generic implementation in Solidity is not feasible, * thus this contract does not implement the encoding itself. Protocols need to implement the type-specific encoding * they need in their contracts using a combination of `abi.encode` and `keccak256`. * * This contract implements the EIP 712 domain separator ({_domainSeparatorV4}) that is used as part of the encoding * scheme, and the final step of the encoding to obtain the message digest that is then signed via ECDSA * ({_hashTypedDataV4}). * * The implementation of the domain separator was designed to be as efficient as possible while still properly updating * the chain id to protect against replay attacks on an eventual fork of the chain. * * NOTE: This contract implements the version of the encoding known as "v4", as implemented by the JSON RPC method * https://docs.metamask.io/guide/signing-data.html[`eth_signTypedDataV4` in MetaMask]. * * NOTE: In the upgradeable version of this contract, the cached values will correspond to the address, and the domain * separator of the implementation contract. This will cause the `_domainSeparatorV4` function to always rebuild the * separator from the immutable values, which is cheaper than accessing a cached version in cold storage. * * _Available since v3.4._ * * @custom:storage-size 52 */ abstract contract EIP712Upgradeable is Initializable, IERC5267Upgradeable { bytes32 private constant _TYPE_HASH = keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"); /// @custom:oz-renamed-from _HASHED_NAME bytes32 private _hashedName; /// @custom:oz-renamed-from _HASHED_VERSION bytes32 private _hashedVersion; string private _name; string private _version; /** * @dev Initializes the domain separator and parameter caches. * * The meaning of `name` and `version` is specified in * https://eips.ethereum.org/EIPS/eip-712#definition-of-domainseparator[EIP 712]: * * - `name`: the user readable name of the signing domain, i.e. the name of the DApp or the protocol. * - `version`: the current major version of the signing domain. * * NOTE: These parameters cannot be changed except through a xref:learn::upgrading-smart-contracts.adoc[smart * contract upgrade]. */ function __EIP712_init(string memory name, string memory version) internal onlyInitializing { __EIP712_init_unchained(name, version); } function __EIP712_init_unchained(string memory name, string memory version) internal onlyInitializing { _name = name; _version = version; // Reset prior values in storage if upgrading _hashedName = 0; _hashedVersion = 0; } /** * @dev Returns the domain separator for the current chain. */ function _domainSeparatorV4() internal view returns (bytes32) { return _buildDomainSeparator(); } function _buildDomainSeparator() private view returns (bytes32) { return keccak256(abi.encode(_TYPE_HASH, _EIP712NameHash(), _EIP712VersionHash(), block.chainid, address(this))); } /** * @dev Given an already https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct[hashed struct], this * function returns the hash of the fully encoded EIP712 message for this domain. * * This hash can be used together with {ECDSA-recover} to obtain the signer of a message. For example: * * ```solidity * bytes32 digest = _hashTypedDataV4(keccak256(abi.encode( * keccak256("Mail(address to,string contents)"), * mailTo, * keccak256(bytes(mailContents)) * ))); * address signer = ECDSA.recover(digest, signature); * ``` */ function _hashTypedDataV4(bytes32 structHash) internal view virtual returns (bytes32) { return ECDSAUpgradeable.toTypedDataHash(_domainSeparatorV4(), structHash); } /** * @dev See {EIP-5267}. * * _Available since v4.9._ */ function eip712Domain() public view virtual override returns ( bytes1 fields, string memory name, string memory version, uint256 chainId, address verifyingContract, bytes32 salt, uint256[] memory extensions ) { // If the hashed name and version in storage are non-zero, the contract hasn't been properly initialized // and the EIP712 domain is not reliable, as it will be missing name and version. require(_hashedName == 0 && _hashedVersion == 0, "EIP712: Uninitialized"); return ( hex"0f", // 01111 _EIP712Name(), _EIP712Version(), block.chainid, address(this), bytes32(0), new uint256[](0) ); } /** * @dev The name parameter for the EIP712 domain. * * NOTE: This function reads from storage by default, but can be redefined to return a constant value if gas costs * are a concern. */ function _EIP712Name() internal virtual view returns (string memory) { return _name; } /** * @dev The version parameter for the EIP712 domain. * * NOTE: This function reads from storage by default, but can be redefined to return a constant value if gas costs * are a concern. */ function _EIP712Version() internal virtual view returns (string memory) { return _version; } /** * @dev The hash of the name parameter for the EIP712 domain. * * NOTE: In previous versions this function was virtual. In this version you should override `_EIP712Name` instead. */ function _EIP712NameHash() internal view returns (bytes32) { string memory name = _EIP712Name(); if (bytes(name).length > 0) { return keccak256(bytes(name)); } else { // If the name is empty, the contract may have been upgraded without initializing the new storage. // We return the name hash in storage if non-zero, otherwise we assume the name is empty by design. bytes32 hashedName = _hashedName; if (hashedName != 0) { return hashedName; } else { return keccak256(""); } } } /** * @dev The hash of the version parameter for the EIP712 domain. * * NOTE: In previous versions this function was virtual. In this version you should override `_EIP712Version` instead. */ function _EIP712VersionHash() internal view returns (bytes32) { string memory version = _EIP712Version(); if (bytes(version).length > 0) { return keccak256(bytes(version)); } else { // If the version is empty, the contract may have been upgraded without initializing the new storage. // We return the version hash in storage if non-zero, otherwise we assume the version is empty by design. bytes32 hashedVersion = _hashedVersion; if (hashedVersion != 0) { return hashedVersion; } else { return keccak256(""); } } } /** * @dev This empty reserved space is put in place to allow future versions to add new * variables without shifting down storage in the inheritance chain. * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps */ uint256[48] private __gap; }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts v4.4.1 (utils/introspection/ERC165.sol) pragma solidity ^0.8.0; import "./IERC165Upgradeable.sol"; import "../../proxy/utils/Initializable.sol"; /** * @dev Implementation of the {IERC165} interface. * * Contracts that want to implement ERC165 should inherit from this contract and override {supportsInterface} to check * for the additional interface id that will be supported. For example: * * ```solidity * function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) { * return interfaceId == type(MyInterface).interfaceId || super.supportsInterface(interfaceId); * } * ``` * * Alternatively, {ERC165Storage} provides an easier to use but more expensive implementation. */ abstract contract ERC165Upgradeable is Initializable, IERC165Upgradeable { function __ERC165_init() internal onlyInitializing { } function __ERC165_init_unchained() internal onlyInitializing { } /** * @dev See {IERC165-supportsInterface}. */ function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) { return interfaceId == type(IERC165Upgradeable).interfaceId; } /** * @dev This empty reserved space is put in place to allow future versions to add new * variables without shifting down storage in the inheritance chain. * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps */ uint256[50] private __gap; }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.9.0) (utils/structs/DoubleEndedQueue.sol) pragma solidity ^0.8.4; import "../math/SafeCastUpgradeable.sol"; /** * @dev A sequence of items with the ability to efficiently push and pop items (i.e. insert and remove) on both ends of * the sequence (called front and back). Among other access patterns, it can be used to implement efficient LIFO and * FIFO queues. Storage use is optimized, and all operations are O(1) constant time. This includes {clear}, given that * the existing queue contents are left in storage. * * The struct is called `Bytes32Deque`. Other types can be cast to and from `bytes32`. This data structure can only be * used in storage, and not in memory. * ```solidity * DoubleEndedQueue.Bytes32Deque queue; * ``` * * _Available since v4.6._ */ library DoubleEndedQueueUpgradeable { /** * @dev An operation (e.g. {front}) couldn't be completed due to the queue being empty. */ error Empty(); /** * @dev An operation (e.g. {at}) couldn't be completed due to an index being out of bounds. */ error OutOfBounds(); /** * @dev Indices are signed integers because the queue can grow in any direction. They are 128 bits so begin and end * are packed in a single storage slot for efficient access. Since the items are added one at a time we can safely * assume that these 128-bit indices will not overflow, and use unchecked arithmetic. * * Struct members have an underscore prefix indicating that they are "private" and should not be read or written to * directly. Use the functions provided below instead. Modifying the struct manually may violate assumptions and * lead to unexpected behavior. * * Indices are in the range [begin, end) which means the first item is at data[begin] and the last item is at * data[end - 1]. */ struct Bytes32Deque { int128 _begin; int128 _end; mapping(int128 => bytes32) _data; } /** * @dev Inserts an item at the end of the queue. */ function pushBack(Bytes32Deque storage deque, bytes32 value) internal { int128 backIndex = deque._end; deque._data[backIndex] = value; unchecked { deque._end = backIndex + 1; } } /** * @dev Removes the item at the end of the queue and returns it. * * Reverts with `Empty` if the queue is empty. */ function popBack(Bytes32Deque storage deque) internal returns (bytes32 value) { if (empty(deque)) revert Empty(); int128 backIndex; unchecked { backIndex = deque._end - 1; } value = deque._data[backIndex]; delete deque._data[backIndex]; deque._end = backIndex; } /** * @dev Inserts an item at the beginning of the queue. */ function pushFront(Bytes32Deque storage deque, bytes32 value) internal { int128 frontIndex; unchecked { frontIndex = deque._begin - 1; } deque._data[frontIndex] = value; deque._begin = frontIndex; } /** * @dev Removes the item at the beginning of the queue and returns it. * * Reverts with `Empty` if the queue is empty. */ function popFront(Bytes32Deque storage deque) internal returns (bytes32 value) { if (empty(deque)) revert Empty(); int128 frontIndex = deque._begin; value = deque._data[frontIndex]; delete deque._data[frontIndex]; unchecked { deque._begin = frontIndex + 1; } } /** * @dev Returns the item at the beginning of the queue. * * Reverts with `Empty` if the queue is empty. */ function front(Bytes32Deque storage deque) internal view returns (bytes32 value) { if (empty(deque)) revert Empty(); int128 frontIndex = deque._begin; return deque._data[frontIndex]; } /** * @dev Returns the item at the end of the queue. * * Reverts with `Empty` if the queue is empty. */ function back(Bytes32Deque storage deque) internal view returns (bytes32 value) { if (empty(deque)) revert Empty(); int128 backIndex; unchecked { backIndex = deque._end - 1; } return deque._data[backIndex]; } /** * @dev Return the item at a position in the queue given by `index`, with the first item at 0 and last item at * `length(deque) - 1`. * * Reverts with `OutOfBounds` if the index is out of bounds. */ function at(Bytes32Deque storage deque, uint256 index) internal view returns (bytes32 value) { // int256(deque._begin) is a safe upcast int128 idx = SafeCastUpgradeable.toInt128(int256(deque._begin) + SafeCastUpgradeable.toInt256(index)); if (idx >= deque._end) revert OutOfBounds(); return deque._data[idx]; } /** * @dev Resets the queue back to being empty. * * NOTE: The current items are left behind in storage. This does not affect the functioning of the queue, but misses * out on potential gas refunds. */ function clear(Bytes32Deque storage deque) internal { deque._begin = 0; deque._end = 0; } /** * @dev Returns the number of items in the queue. */ function length(Bytes32Deque storage deque) internal view returns (uint256) { // The interface preserves the invariant that begin <= end so we assume this will not overflow. // We also assume there are at most int256.max items in the queue. unchecked { return uint256(int256(deque._end) - int256(deque._begin)); } } /** * @dev Returns true if the queue is empty. */ function empty(Bytes32Deque storage deque) internal view returns (bool) { return deque._end <= deque._begin; } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts v4.4.1 (utils/Context.sol) pragma solidity ^0.8.0; import "../proxy/utils/Initializable.sol"; /** * @dev Provides information about the current execution context, including the * sender of the transaction and its data. While these are generally available * via msg.sender and msg.data, they should not be accessed in such a direct * manner, since when dealing with meta-transactions the account sending and * paying for execution may not be the actual sender (as far as an application * is concerned). * * This contract is only required for intermediate, library-like contracts. */ abstract contract ContextUpgradeable is Initializable { function __Context_init() internal onlyInitializing { } function __Context_init_unchained() internal onlyInitializing { } function _msgSender() internal view virtual returns (address) { return msg.sender; } function _msgData() internal view virtual returns (bytes calldata) { return msg.data; } /** * @dev This empty reserved space is put in place to allow future versions to add new * variables without shifting down storage in the inheritance chain. * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps */ uint256[50] private __gap; }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.9.0) (governance/IGovernor.sol) pragma solidity ^0.8.0; import "../interfaces/IERC165Upgradeable.sol"; import "../interfaces/IERC6372Upgradeable.sol"; import "../proxy/utils/Initializable.sol"; /** * @dev Interface of the {Governor} core. * * _Available since v4.3._ */ abstract contract IGovernorUpgradeable is Initializable, IERC165Upgradeable, IERC6372Upgradeable { function __IGovernor_init() internal onlyInitializing { } function __IGovernor_init_unchained() internal onlyInitializing { } enum ProposalState { Pending, Active, Canceled, Defeated, Succeeded, Queued, Expired, Executed } /** * @dev Emitted when a proposal is created. */ event ProposalCreated( uint256 proposalId, address proposer, address[] targets, uint256[] values, string[] signatures, bytes[] calldatas, uint256 voteStart, uint256 voteEnd, string description ); /** * @dev Emitted when a proposal is canceled. */ event ProposalCanceled(uint256 proposalId); /** * @dev Emitted when a proposal is executed. */ event ProposalExecuted(uint256 proposalId); /** * @dev Emitted when a vote is cast without params. * * Note: `support` values should be seen as buckets. Their interpretation depends on the voting module used. */ event VoteCast(address indexed voter, uint256 proposalId, uint8 support, uint256 weight, string reason); /** * @dev Emitted when a vote is cast with params. * * Note: `support` values should be seen as buckets. Their interpretation depends on the voting module used. * `params` are additional encoded parameters. Their interpepretation also depends on the voting module used. */ event VoteCastWithParams( address indexed voter, uint256 proposalId, uint8 support, uint256 weight, string reason, bytes params ); /** * @notice module:core * @dev Name of the governor instance (used in building the ERC712 domain separator). */ function name() public view virtual returns (string memory); /** * @notice module:core * @dev Version of the governor instance (used in building the ERC712 domain separator). Default: "1" */ function version() public view virtual returns (string memory); /** * @notice module:core * @dev See {IERC6372} */ function clock() public view virtual override returns (uint48); /** * @notice module:core * @dev See EIP-6372. */ // solhint-disable-next-line func-name-mixedcase function CLOCK_MODE() public view virtual override returns (string memory); /** * @notice module:voting * @dev A description of the possible `support` values for {castVote} and the way these votes are counted, meant to * be consumed by UIs to show correct vote options and interpret the results. The string is a URL-encoded sequence of * key-value pairs that each describe one aspect, for example `support=bravo&quorum=for,abstain`. * * There are 2 standard keys: `support` and `quorum`. * * - `support=bravo` refers to the vote options 0 = Against, 1 = For, 2 = Abstain, as in `GovernorBravo`. * - `quorum=bravo` means that only For votes are counted towards quorum. * - `quorum=for,abstain` means that both For and Abstain votes are counted towards quorum. * * If a counting module makes use of encoded `params`, it should include this under a `params` key with a unique * name that describes the behavior. For example: * * - `params=fractional` might refer to a scheme where votes are divided fractionally between for/against/abstain. * - `params=erc721` might refer to a scheme where specific NFTs are delegated to vote. * * NOTE: The string can be decoded by the standard * https://developer.mozilla.org/en-US/docs/Web/API/URLSearchParams[`URLSearchParams`] * JavaScript class. */ // solhint-disable-next-line func-name-mixedcase function COUNTING_MODE() public view virtual returns (string memory); /** * @notice module:core * @dev Hashing function used to (re)build the proposal id from the proposal details.. */ function hashProposal( address[] memory targets, uint256[] memory values, bytes[] memory calldatas, bytes32 descriptionHash ) public pure virtual returns (uint256); /** * @notice module:core * @dev Current state of a proposal, following Compound's convention */ function state(uint256 proposalId) public view virtual returns (ProposalState); /** * @notice module:core * @dev Timepoint used to retrieve user's votes and quorum. If using block number (as per Compound's Comp), the * snapshot is performed at the end of this block. Hence, voting for this proposal starts at the beginning of the * following block. */ function proposalSnapshot(uint256 proposalId) public view virtual returns (uint256); /** * @notice module:core * @dev Timepoint at which votes close. If using block number, votes close at the end of this block, so it is * possible to cast a vote during this block. */ function proposalDeadline(uint256 proposalId) public view virtual returns (uint256); /** * @notice module:core * @dev The account that created a proposal. */ function proposalProposer(uint256 proposalId) public view virtual returns (address); /** * @notice module:user-config * @dev Delay, between the proposal is created and the vote starts. The unit this duration is expressed in depends * on the clock (see EIP-6372) this contract uses. * * This can be increased to leave time for users to buy voting power, or delegate it, before the voting of a * proposal starts. */ function votingDelay() public view virtual returns (uint256); /** * @notice module:user-config * @dev Delay between the vote start and vote end. The unit this duration is expressed in depends on the clock * (see EIP-6372) this contract uses. * * NOTE: The {votingDelay} can delay the start of the vote. This must be considered when setting the voting * duration compared to the voting delay. */ function votingPeriod() public view virtual returns (uint256); /** * @notice module:user-config * @dev Minimum number of cast voted required for a proposal to be successful. * * NOTE: The `timepoint` parameter corresponds to the snapshot used for counting vote. This allows to scale the * quorum depending on values such as the totalSupply of a token at this timepoint (see {ERC20Votes}). */ function quorum(uint256 timepoint) public view virtual returns (uint256); /** * @notice module:reputation * @dev Voting power of an `account` at a specific `timepoint`. * * Note: this can be implemented in a number of ways, for example by reading the delegated balance from one (or * multiple), {ERC20Votes} tokens. */ function getVotes(address account, uint256 timepoint) public view virtual returns (uint256); /** * @notice module:reputation * @dev Voting power of an `account` at a specific `timepoint` given additional encoded parameters. */ function getVotesWithParams( address account, uint256 timepoint, bytes memory params ) public view virtual returns (uint256); /** * @notice module:voting * @dev Returns whether `account` has cast a vote on `proposalId`. */ function hasVoted(uint256 proposalId, address account) public view virtual returns (bool); /** * @dev Create a new proposal. Vote start after a delay specified by {IGovernor-votingDelay} and lasts for a * duration specified by {IGovernor-votingPeriod}. * * Emits a {ProposalCreated} event. */ function propose( address[] memory targets, uint256[] memory values, bytes[] memory calldatas, string memory description ) public virtual returns (uint256 proposalId); /** * @dev Execute a successful proposal. This requires the quorum to be reached, the vote to be successful, and the * deadline to be reached. * * Emits a {ProposalExecuted} event. * * Note: some module can modify the requirements for execution, for example by adding an additional timelock. */ function execute( address[] memory targets, uint256[] memory values, bytes[] memory calldatas, bytes32 descriptionHash ) public payable virtual returns (uint256 proposalId); /** * @dev Cancel a proposal. A proposal is cancellable by the proposer, but only while it is Pending state, i.e. * before the vote starts. * * Emits a {ProposalCanceled} event. */ function cancel( address[] memory targets, uint256[] memory values, bytes[] memory calldatas, bytes32 descriptionHash ) public virtual returns (uint256 proposalId); /** * @dev Cast a vote * * Emits a {VoteCast} event. */ function castVote(uint256 proposalId, uint8 support) public virtual returns (uint256 balance); /** * @dev Cast a vote with a reason * * Emits a {VoteCast} event. */ function castVoteWithReason( uint256 proposalId, uint8 support, string calldata reason ) public virtual returns (uint256 balance); /** * @dev Cast a vote with a reason and additional encoded parameters * * Emits a {VoteCast} or {VoteCastWithParams} event depending on the length of params. */ function castVoteWithReasonAndParams( uint256 proposalId, uint8 support, string calldata reason, bytes memory params ) public virtual returns (uint256 balance); /** * @dev Cast a vote using the user's cryptographic signature. * * Emits a {VoteCast} event. */ function castVoteBySig( uint256 proposalId, uint8 support, uint8 v, bytes32 r, bytes32 s ) public virtual returns (uint256 balance); /** * @dev Cast a vote with a reason and additional encoded parameters using the user's cryptographic signature. * * Emits a {VoteCast} or {VoteCastWithParams} event depending on the length of params. */ function castVoteWithReasonAndParamsBySig( uint256 proposalId, uint8 support, string calldata reason, bytes memory params, uint8 v, bytes32 r, bytes32 s ) public virtual returns (uint256 balance); /** * @dev This empty reserved space is put in place to allow future versions to add new * variables without shifting down storage in the inheritance chain. * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps */ uint256[50] private __gap; }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.9.0) (utils/Checkpoints.sol) // This file was procedurally generated from scripts/generate/templates/Checkpoints.js. pragma solidity ^0.8.0; import "./math/MathUpgradeable.sol"; import "./math/SafeCastUpgradeable.sol"; /** * @dev This library defines the `History` struct, for checkpointing values as they change at different points in * time, and later looking up past values by block number. See {Votes} as an example. * * To create a history of checkpoints define a variable type `Checkpoints.History` in your contract, and store a new * checkpoint for the current transaction block using the {push} function. * * _Available since v4.5._ */ library CheckpointsUpgradeable { struct History { Checkpoint[] _checkpoints; } struct Checkpoint { uint32 _blockNumber; uint224 _value; } /** * @dev Returns the value at a given block number. If a checkpoint is not available at that block, the closest one * before it is returned, or zero otherwise. Because the number returned corresponds to that at the end of the * block, the requested block number must be in the past, excluding the current block. */ function getAtBlock(History storage self, uint256 blockNumber) internal view returns (uint256) { require(blockNumber < block.number, "Checkpoints: block not yet mined"); uint32 key = SafeCastUpgradeable.toUint32(blockNumber); uint256 len = self._checkpoints.length; uint256 pos = _upperBinaryLookup(self._checkpoints, key, 0, len); return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value; } /** * @dev Returns the value at a given block number. If a checkpoint is not available at that block, the closest one * before it is returned, or zero otherwise. Similar to {upperLookup} but optimized for the case when the searched * checkpoint is probably "recent", defined as being among the last sqrt(N) checkpoints where N is the number of * checkpoints. */ function getAtProbablyRecentBlock(History storage self, uint256 blockNumber) internal view returns (uint256) { require(blockNumber < block.number, "Checkpoints: block not yet mined"); uint32 key = SafeCastUpgradeable.toUint32(blockNumber); uint256 len = self._checkpoints.length; uint256 low = 0; uint256 high = len; if (len > 5) { uint256 mid = len - MathUpgradeable.sqrt(len); if (key < _unsafeAccess(self._checkpoints, mid)._blockNumber) { high = mid; } else { low = mid + 1; } } uint256 pos = _upperBinaryLookup(self._checkpoints, key, low, high); return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value; } /** * @dev Pushes a value onto a History so that it is stored as the checkpoint for the current block. * * Returns previous value and new value. */ function push(History storage self, uint256 value) internal returns (uint256, uint256) { return _insert(self._checkpoints, SafeCastUpgradeable.toUint32(block.number), SafeCastUpgradeable.toUint224(value)); } /** * @dev Pushes a value onto a History, by updating the latest value using binary operation `op`. The new value will * be set to `op(latest, delta)`. * * Returns previous value and new value. */ function push( History storage self, function(uint256, uint256) view returns (uint256) op, uint256 delta ) internal returns (uint256, uint256) { return push(self, op(latest(self), delta)); } /** * @dev Returns the value in the most recent checkpoint, or zero if there are no checkpoints. */ function latest(History storage self) internal view returns (uint224) { uint256 pos = self._checkpoints.length; return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value; } /** * @dev Returns whether there is a checkpoint in the structure (i.e. it is not empty), and if so the key and value * in the most recent checkpoint. */ function latestCheckpoint( History storage self ) internal view returns (bool exists, uint32 _blockNumber, uint224 _value) { uint256 pos = self._checkpoints.length; if (pos == 0) { return (false, 0, 0); } else { Checkpoint memory ckpt = _unsafeAccess(self._checkpoints, pos - 1); return (true, ckpt._blockNumber, ckpt._value); } } /** * @dev Returns the number of checkpoint. */ function length(History storage self) internal view returns (uint256) { return self._checkpoints.length; } /** * @dev Pushes a (`key`, `value`) pair into an ordered list of checkpoints, either by inserting a new checkpoint, * or by updating the last one. */ function _insert(Checkpoint[] storage self, uint32 key, uint224 value) private returns (uint224, uint224) { uint256 pos = self.length; if (pos > 0) { // Copying to memory is important here. Checkpoint memory last = _unsafeAccess(self, pos - 1); // Checkpoint keys must be non-decreasing. require(last._blockNumber <= key, "Checkpoint: decreasing keys"); // Update or push new checkpoint if (last._blockNumber == key) { _unsafeAccess(self, pos - 1)._value = value; } else { self.push(Checkpoint({_blockNumber: key, _value: value})); } return (last._value, value); } else { self.push(Checkpoint({_blockNumber: key, _value: value})); return (0, value); } } /** * @dev Return the index of the last (most recent) checkpoint with key lower or equal than the search key, or `high` if there is none. * `low` and `high` define a section where to do the search, with inclusive `low` and exclusive `high`. * * WARNING: `high` should not be greater than the array's length. */ function _upperBinaryLookup( Checkpoint[] storage self, uint32 key, uint256 low, uint256 high ) private view returns (uint256) { while (low < high) { uint256 mid = MathUpgradeable.average(low, high); if (_unsafeAccess(self, mid)._blockNumber > key) { high = mid; } else { low = mid + 1; } } return high; } /** * @dev Return the index of the first (oldest) checkpoint with key is greater or equal than the search key, or `high` if there is none. * `low` and `high` define a section where to do the search, with inclusive `low` and exclusive `high`. * * WARNING: `high` should not be greater than the array's length. */ function _lowerBinaryLookup( Checkpoint[] storage self, uint32 key, uint256 low, uint256 high ) private view returns (uint256) { while (low < high) { uint256 mid = MathUpgradeable.average(low, high); if (_unsafeAccess(self, mid)._blockNumber < key) { low = mid + 1; } else { high = mid; } } return high; } /** * @dev Access an element of the array without performing bounds check. The position is assumed to be within bounds. */ function _unsafeAccess(Checkpoint[] storage self, uint256 pos) private pure returns (Checkpoint storage result) { assembly { mstore(0, self.slot) result.slot := add(keccak256(0, 0x20), pos) } } struct Trace224 { Checkpoint224[] _checkpoints; } struct Checkpoint224 { uint32 _key; uint224 _value; } /** * @dev Pushes a (`key`, `value`) pair into a Trace224 so that it is stored as the checkpoint. * * Returns previous value and new value. */ function push(Trace224 storage self, uint32 key, uint224 value) internal returns (uint224, uint224) { return _insert(self._checkpoints, key, value); } /** * @dev Returns the value in the first (oldest) checkpoint with key greater or equal than the search key, or zero if there is none. */ function lowerLookup(Trace224 storage self, uint32 key) internal view returns (uint224) { uint256 len = self._checkpoints.length; uint256 pos = _lowerBinaryLookup(self._checkpoints, key, 0, len); return pos == len ? 0 : _unsafeAccess(self._checkpoints, pos)._value; } /** * @dev Returns the value in the last (most recent) checkpoint with key lower or equal than the search key, or zero if there is none. */ function upperLookup(Trace224 storage self, uint32 key) internal view returns (uint224) { uint256 len = self._checkpoints.length; uint256 pos = _upperBinaryLookup(self._checkpoints, key, 0, len); return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value; } /** * @dev Returns the value in the last (most recent) checkpoint with key lower or equal than the search key, or zero if there is none. * * NOTE: This is a variant of {upperLookup} that is optimised to find "recent" checkpoint (checkpoints with high keys). */ function upperLookupRecent(Trace224 storage self, uint32 key) internal view returns (uint224) { uint256 len = self._checkpoints.length; uint256 low = 0; uint256 high = len; if (len > 5) { uint256 mid = len - MathUpgradeable.sqrt(len); if (key < _unsafeAccess(self._checkpoints, mid)._key) { high = mid; } else { low = mid + 1; } } uint256 pos = _upperBinaryLookup(self._checkpoints, key, low, high); return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value; } /** * @dev Returns the value in the most recent checkpoint, or zero if there are no checkpoints. */ function latest(Trace224 storage self) internal view returns (uint224) { uint256 pos = self._checkpoints.length; return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value; } /** * @dev Returns whether there is a checkpoint in the structure (i.e. it is not empty), and if so the key and value * in the most recent checkpoint. */ function latestCheckpoint(Trace224 storage self) internal view returns (bool exists, uint32 _key, uint224 _value) { uint256 pos = self._checkpoints.length; if (pos == 0) { return (false, 0, 0); } else { Checkpoint224 memory ckpt = _unsafeAccess(self._checkpoints, pos - 1); return (true, ckpt._key, ckpt._value); } } /** * @dev Returns the number of checkpoint. */ function length(Trace224 storage self) internal view returns (uint256) { return self._checkpoints.length; } /** * @dev Pushes a (`key`, `value`) pair into an ordered list of checkpoints, either by inserting a new checkpoint, * or by updating the last one. */ function _insert(Checkpoint224[] storage self, uint32 key, uint224 value) private returns (uint224, uint224) { uint256 pos = self.length; if (pos > 0) { // Copying to memory is important here. Checkpoint224 memory last = _unsafeAccess(self, pos - 1); // Checkpoint keys must be non-decreasing. require(last._key <= key, "Checkpoint: decreasing keys"); // Update or push new checkpoint if (last._key == key) { _unsafeAccess(self, pos - 1)._value = value; } else { self.push(Checkpoint224({_key: key, _value: value})); } return (last._value, value); } else { self.push(Checkpoint224({_key: key, _value: value})); return (0, value); } } /** * @dev Return the index of the last (most recent) checkpoint with key lower or equal than the search key, or `high` if there is none. * `low` and `high` define a section where to do the search, with inclusive `low` and exclusive `high`. * * WARNING: `high` should not be greater than the array's length. */ function _upperBinaryLookup( Checkpoint224[] storage self, uint32 key, uint256 low, uint256 high ) private view returns (uint256) { while (low < high) { uint256 mid = MathUpgradeable.average(low, high); if (_unsafeAccess(self, mid)._key > key) { high = mid; } else { low = mid + 1; } } return high; } /** * @dev Return the index of the first (oldest) checkpoint with key is greater or equal than the search key, or `high` if there is none. * `low` and `high` define a section where to do the search, with inclusive `low` and exclusive `high`. * * WARNING: `high` should not be greater than the array's length. */ function _lowerBinaryLookup( Checkpoint224[] storage self, uint32 key, uint256 low, uint256 high ) private view returns (uint256) { while (low < high) { uint256 mid = MathUpgradeable.average(low, high); if (_unsafeAccess(self, mid)._key < key) { low = mid + 1; } else { high = mid; } } return high; } /** * @dev Access an element of the array without performing bounds check. The position is assumed to be within bounds. */ function _unsafeAccess( Checkpoint224[] storage self, uint256 pos ) private pure returns (Checkpoint224 storage result) { assembly { mstore(0, self.slot) result.slot := add(keccak256(0, 0x20), pos) } } struct Trace160 { Checkpoint160[] _checkpoints; } struct Checkpoint160 { uint96 _key; uint160 _value; } /** * @dev Pushes a (`key`, `value`) pair into a Trace160 so that it is stored as the checkpoint. * * Returns previous value and new value. */ function push(Trace160 storage self, uint96 key, uint160 value) internal returns (uint160, uint160) { return _insert(self._checkpoints, key, value); } /** * @dev Returns the value in the first (oldest) checkpoint with key greater or equal than the search key, or zero if there is none. */ function lowerLookup(Trace160 storage self, uint96 key) internal view returns (uint160) { uint256 len = self._checkpoints.length; uint256 pos = _lowerBinaryLookup(self._checkpoints, key, 0, len); return pos == len ? 0 : _unsafeAccess(self._checkpoints, pos)._value; } /** * @dev Returns the value in the last (most recent) checkpoint with key lower or equal than the search key, or zero if there is none. */ function upperLookup(Trace160 storage self, uint96 key) internal view returns (uint160) { uint256 len = self._checkpoints.length; uint256 pos = _upperBinaryLookup(self._checkpoints, key, 0, len); return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value; } /** * @dev Returns the value in the last (most recent) checkpoint with key lower or equal than the search key, or zero if there is none. * * NOTE: This is a variant of {upperLookup} that is optimised to find "recent" checkpoint (checkpoints with high keys). */ function upperLookupRecent(Trace160 storage self, uint96 key) internal view returns (uint160) { uint256 len = self._checkpoints.length; uint256 low = 0; uint256 high = len; if (len > 5) { uint256 mid = len - MathUpgradeable.sqrt(len); if (key < _unsafeAccess(self._checkpoints, mid)._key) { high = mid; } else { low = mid + 1; } } uint256 pos = _upperBinaryLookup(self._checkpoints, key, low, high); return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value; } /** * @dev Returns the value in the most recent checkpoint, or zero if there are no checkpoints. */ function latest(Trace160 storage self) internal view returns (uint160) { uint256 pos = self._checkpoints.length; return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value; } /** * @dev Returns whether there is a checkpoint in the structure (i.e. it is not empty), and if so the key and value * in the most recent checkpoint. */ function latestCheckpoint(Trace160 storage self) internal view returns (bool exists, uint96 _key, uint160 _value) { uint256 pos = self._checkpoints.length; if (pos == 0) { return (false, 0, 0); } else { Checkpoint160 memory ckpt = _unsafeAccess(self._checkpoints, pos - 1); return (true, ckpt._key, ckpt._value); } } /** * @dev Returns the number of checkpoint. */ function length(Trace160 storage self) internal view returns (uint256) { return self._checkpoints.length; } /** * @dev Pushes a (`key`, `value`) pair into an ordered list of checkpoints, either by inserting a new checkpoint, * or by updating the last one. */ function _insert(Checkpoint160[] storage self, uint96 key, uint160 value) private returns (uint160, uint160) { uint256 pos = self.length; if (pos > 0) { // Copying to memory is important here. Checkpoint160 memory last = _unsafeAccess(self, pos - 1); // Checkpoint keys must be non-decreasing. require(last._key <= key, "Checkpoint: decreasing keys"); // Update or push new checkpoint if (last._key == key) { _unsafeAccess(self, pos - 1)._value = value; } else { self.push(Checkpoint160({_key: key, _value: value})); } return (last._value, value); } else { self.push(Checkpoint160({_key: key, _value: value})); return (0, value); } } /** * @dev Return the index of the last (most recent) checkpoint with key lower or equal than the search key, or `high` if there is none. * `low` and `high` define a section where to do the search, with inclusive `low` and exclusive `high`. * * WARNING: `high` should not be greater than the array's length. */ function _upperBinaryLookup( Checkpoint160[] storage self, uint96 key, uint256 low, uint256 high ) private view returns (uint256) { while (low < high) { uint256 mid = MathUpgradeable.average(low, high); if (_unsafeAccess(self, mid)._key > key) { high = mid; } else { low = mid + 1; } } return high; } /** * @dev Return the index of the first (oldest) checkpoint with key is greater or equal than the search key, or `high` if there is none. * `low` and `high` define a section where to do the search, with inclusive `low` and exclusive `high`. * * WARNING: `high` should not be greater than the array's length. */ function _lowerBinaryLookup( Checkpoint160[] storage self, uint96 key, uint256 low, uint256 high ) private view returns (uint256) { while (low < high) { uint256 mid = MathUpgradeable.average(low, high); if (_unsafeAccess(self, mid)._key < key) { low = mid + 1; } else { high = mid; } } return high; } /** * @dev Access an element of the array without performing bounds check. The position is assumed to be within bounds. */ function _unsafeAccess( Checkpoint160[] storage self, uint256 pos ) private pure returns (Checkpoint160 storage result) { assembly { mstore(0, self.slot) result.slot := add(keccak256(0, 0x20), pos) } } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts v4.4.1 (governance/extensions/IGovernorTimelock.sol) pragma solidity ^0.8.0; import "../IGovernorUpgradeable.sol"; import "../../proxy/utils/Initializable.sol"; /** * @dev Extension of the {IGovernor} for timelock supporting modules. * * _Available since v4.3._ */ abstract contract IGovernorTimelockUpgradeable is Initializable, IGovernorUpgradeable { function __IGovernorTimelock_init() internal onlyInitializing { } function __IGovernorTimelock_init_unchained() internal onlyInitializing { } event ProposalQueued(uint256 proposalId, uint256 eta); function timelock() public view virtual returns (address); function proposalEta(uint256 proposalId) public view virtual returns (uint256); function queue( address[] memory targets, uint256[] memory values, bytes[] memory calldatas, bytes32 descriptionHash ) public virtual returns (uint256 proposalId); /** * @dev This empty reserved space is put in place to allow future versions to add new * variables without shifting down storage in the inheritance chain. * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps */ uint256[50] private __gap; }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.9.0) (governance/TimelockController.sol) pragma solidity ^0.8.0; import "../access/AccessControlUpgradeable.sol"; import "../token/ERC721/IERC721ReceiverUpgradeable.sol"; import "../token/ERC1155/IERC1155ReceiverUpgradeable.sol"; import "../proxy/utils/Initializable.sol"; /** * @dev Contract module which acts as a timelocked controller. When set as the * owner of an `Ownable` smart contract, it enforces a timelock on all * `onlyOwner` maintenance operations. This gives time for users of the * controlled contract to exit before a potentially dangerous maintenance * operation is applied. * * By default, this contract is self administered, meaning administration tasks * have to go through the timelock process. The proposer (resp executor) role * is in charge of proposing (resp executing) operations. A common use case is * to position this {TimelockController} as the owner of a smart contract, with * a multisig or a DAO as the sole proposer. * * _Available since v3.3._ */ contract TimelockControllerUpgradeable is Initializable, AccessControlUpgradeable, IERC721ReceiverUpgradeable, IERC1155ReceiverUpgradeable { bytes32 public constant TIMELOCK_ADMIN_ROLE = keccak256("TIMELOCK_ADMIN_ROLE"); bytes32 public constant PROPOSER_ROLE = keccak256("PROPOSER_ROLE"); bytes32 public constant EXECUTOR_ROLE = keccak256("EXECUTOR_ROLE"); bytes32 public constant CANCELLER_ROLE = keccak256("CANCELLER_ROLE"); uint256 internal constant _DONE_TIMESTAMP = uint256(1); mapping(bytes32 => uint256) private _timestamps; uint256 private _minDelay; /** * @dev Emitted when a call is scheduled as part of operation `id`. */ event CallScheduled( bytes32 indexed id, uint256 indexed index, address target, uint256 value, bytes data, bytes32 predecessor, uint256 delay ); /** * @dev Emitted when a call is performed as part of operation `id`. */ event CallExecuted(bytes32 indexed id, uint256 indexed index, address target, uint256 value, bytes data); /** * @dev Emitted when new proposal is scheduled with non-zero salt. */ event CallSalt(bytes32 indexed id, bytes32 salt); /** * @dev Emitted when operation `id` is cancelled. */ event Cancelled(bytes32 indexed id); /** * @dev Emitted when the minimum delay for future operations is modified. */ event MinDelayChange(uint256 oldDuration, uint256 newDuration); /** * @dev Initializes the contract with the following parameters: * * - `minDelay`: initial minimum delay for operations * - `proposers`: accounts to be granted proposer and canceller roles * - `executors`: accounts to be granted executor role * - `admin`: optional account to be granted admin role; disable with zero address * * IMPORTANT: The optional admin can aid with initial configuration of roles after deployment * without being subject to delay, but this role should be subsequently renounced in favor of * administration through timelocked proposals. Previous versions of this contract would assign * this admin to the deployer automatically and should be renounced as well. */ function __TimelockController_init(uint256 minDelay, address[] memory proposers, address[] memory executors, address admin) internal onlyInitializing { __TimelockController_init_unchained(minDelay, proposers, executors, admin); } function __TimelockController_init_unchained(uint256 minDelay, address[] memory proposers, address[] memory executors, address admin) internal onlyInitializing { _setRoleAdmin(TIMELOCK_ADMIN_ROLE, TIMELOCK_ADMIN_ROLE); _setRoleAdmin(PROPOSER_ROLE, TIMELOCK_ADMIN_ROLE); _setRoleAdmin(EXECUTOR_ROLE, TIMELOCK_ADMIN_ROLE); _setRoleAdmin(CANCELLER_ROLE, TIMELOCK_ADMIN_ROLE); // self administration _setupRole(TIMELOCK_ADMIN_ROLE, address(this)); // optional admin if (admin != address(0)) { _setupRole(TIMELOCK_ADMIN_ROLE, admin); } // register proposers and cancellers for (uint256 i = 0; i < proposers.length; ++i) { _setupRole(PROPOSER_ROLE, proposers[i]); _setupRole(CANCELLER_ROLE, proposers[i]); } // register executors for (uint256 i = 0; i < executors.length; ++i) { _setupRole(EXECUTOR_ROLE, executors[i]); } _minDelay = minDelay; emit MinDelayChange(0, minDelay); } /** * @dev Modifier to make a function callable only by a certain role. In * addition to checking the sender's role, `address(0)` 's role is also * considered. Granting a role to `address(0)` is equivalent to enabling * this role for everyone. */ modifier onlyRoleOrOpenRole(bytes32 role) { if (!hasRole(role, address(0))) { _checkRole(role, _msgSender()); } _; } /** * @dev Contract might receive/hold ETH as part of the maintenance process. */ receive() external payable {} /** * @dev See {IERC165-supportsInterface}. */ function supportsInterface(bytes4 interfaceId) public view virtual override(IERC165Upgradeable, AccessControlUpgradeable) returns (bool) { return interfaceId == type(IERC1155ReceiverUpgradeable).interfaceId || super.supportsInterface(interfaceId); } /** * @dev Returns whether an id correspond to a registered operation. This * includes both Pending, Ready and Done operations. */ function isOperation(bytes32 id) public view virtual returns (bool) { return getTimestamp(id) > 0; } /** * @dev Returns whether an operation is pending or not. Note that a "pending" operation may also be "ready". */ function isOperationPending(bytes32 id) public view virtual returns (bool) { return getTimestamp(id) > _DONE_TIMESTAMP; } /** * @dev Returns whether an operation is ready for execution. Note that a "ready" operation is also "pending". */ function isOperationReady(bytes32 id) public view virtual returns (bool) { uint256 timestamp = getTimestamp(id); return timestamp > _DONE_TIMESTAMP && timestamp <= block.timestamp; } /** * @dev Returns whether an operation is done or not. */ function isOperationDone(bytes32 id) public view virtual returns (bool) { return getTimestamp(id) == _DONE_TIMESTAMP; } /** * @dev Returns the timestamp at which an operation becomes ready (0 for * unset operations, 1 for done operations). */ function getTimestamp(bytes32 id) public view virtual returns (uint256) { return _timestamps[id]; } /** * @dev Returns the minimum delay for an operation to become valid. * * This value can be changed by executing an operation that calls `updateDelay`. */ function getMinDelay() public view virtual returns (uint256) { return _minDelay; } /** * @dev Returns the identifier of an operation containing a single * transaction. */ function hashOperation( address target, uint256 value, bytes calldata data, bytes32 predecessor, bytes32 salt ) public pure virtual returns (bytes32) { return keccak256(abi.encode(target, value, data, predecessor, salt)); } /** * @dev Returns the identifier of an operation containing a batch of * transactions. */ function hashOperationBatch( address[] calldata targets, uint256[] calldata values, bytes[] calldata payloads, bytes32 predecessor, bytes32 salt ) public pure virtual returns (bytes32) { return keccak256(abi.encode(targets, values, payloads, predecessor, salt)); } /** * @dev Schedule an operation containing a single transaction. * * Emits {CallSalt} if salt is nonzero, and {CallScheduled}. * * Requirements: * * - the caller must have the 'proposer' role. */ function schedule( address target, uint256 value, bytes calldata data, bytes32 predecessor, bytes32 salt, uint256 delay ) public virtual onlyRole(PROPOSER_ROLE) { bytes32 id = hashOperation(target, value, data, predecessor, salt); _schedule(id, delay); emit CallScheduled(id, 0, target, value, data, predecessor, delay); if (salt != bytes32(0)) { emit CallSalt(id, salt); } } /** * @dev Schedule an operation containing a batch of transactions. * * Emits {CallSalt} if salt is nonzero, and one {CallScheduled} event per transaction in the batch. * * Requirements: * * - the caller must have the 'proposer' role. */ function scheduleBatch( address[] calldata targets, uint256[] calldata values, bytes[] calldata payloads, bytes32 predecessor, bytes32 salt, uint256 delay ) public virtual onlyRole(PROPOSER_ROLE) { require(targets.length == values.length, "TimelockController: length mismatch"); require(targets.length == payloads.length, "TimelockController: length mismatch"); bytes32 id = hashOperationBatch(targets, values, payloads, predecessor, salt); _schedule(id, delay); for (uint256 i = 0; i < targets.length; ++i) { emit CallScheduled(id, i, targets[i], values[i], payloads[i], predecessor, delay); } if (salt != bytes32(0)) { emit CallSalt(id, salt); } } /** * @dev Schedule an operation that is to become valid after a given delay. */ function _schedule(bytes32 id, uint256 delay) private { require(!isOperation(id), "TimelockController: operation already scheduled"); require(delay >= getMinDelay(), "TimelockController: insufficient delay"); _timestamps[id] = block.timestamp + delay; } /** * @dev Cancel an operation. * * Requirements: * * - the caller must have the 'canceller' role. */ function cancel(bytes32 id) public virtual onlyRole(CANCELLER_ROLE) { require(isOperationPending(id), "TimelockController: operation cannot be cancelled"); delete _timestamps[id]; emit Cancelled(id); } /** * @dev Execute an (ready) operation containing a single transaction. * * Emits a {CallExecuted} event. * * Requirements: * * - the caller must have the 'executor' role. */ // This function can reenter, but it doesn't pose a risk because _afterCall checks that the proposal is pending, // thus any modifications to the operation during reentrancy should be caught. // slither-disable-next-line reentrancy-eth function execute( address target, uint256 value, bytes calldata payload, bytes32 predecessor, bytes32 salt ) public payable virtual onlyRoleOrOpenRole(EXECUTOR_ROLE) { bytes32 id = hashOperation(target, value, payload, predecessor, salt); _beforeCall(id, predecessor); _execute(target, value, payload); emit CallExecuted(id, 0, target, value, payload); _afterCall(id); } /** * @dev Execute an (ready) operation containing a batch of transactions. * * Emits one {CallExecuted} event per transaction in the batch. * * Requirements: * * - the caller must have the 'executor' role. */ // This function can reenter, but it doesn't pose a risk because _afterCall checks that the proposal is pending, // thus any modifications to the operation during reentrancy should be caught. // slither-disable-next-line reentrancy-eth function executeBatch( address[] calldata targets, uint256[] calldata values, bytes[] calldata payloads, bytes32 predecessor, bytes32 salt ) public payable virtual onlyRoleOrOpenRole(EXECUTOR_ROLE) { require(targets.length == values.length, "TimelockController: length mismatch"); require(targets.length == payloads.length, "TimelockController: length mismatch"); bytes32 id = hashOperationBatch(targets, values, payloads, predecessor, salt); _beforeCall(id, predecessor); for (uint256 i = 0; i < targets.length; ++i) { address target = targets[i]; uint256 value = values[i]; bytes calldata payload = payloads[i]; _execute(target, value, payload); emit CallExecuted(id, i, target, value, payload); } _afterCall(id); } /** * @dev Execute an operation's call. */ function _execute(address target, uint256 value, bytes calldata data) internal virtual { (bool success, ) = target.call{value: value}(data); require(success, "TimelockController: underlying transaction reverted"); } /** * @dev Checks before execution of an operation's calls. */ function _beforeCall(bytes32 id, bytes32 predecessor) private view { require(isOperationReady(id), "TimelockController: operation is not ready"); require(predecessor == bytes32(0) || isOperationDone(predecessor), "TimelockController: missing dependency"); } /** * @dev Checks after execution of an operation's calls. */ function _afterCall(bytes32 id) private { require(isOperationReady(id), "TimelockController: operation is not ready"); _timestamps[id] = _DONE_TIMESTAMP; } /** * @dev Changes the minimum timelock duration for future operations. * * Emits a {MinDelayChange} event. * * Requirements: * * - the caller must be the timelock itself. This can only be achieved by scheduling and later executing * an operation where the timelock is the target and the data is the ABI-encoded call to this function. */ function updateDelay(uint256 newDelay) external virtual { require(msg.sender == address(this), "TimelockController: caller must be timelock"); emit MinDelayChange(_minDelay, newDelay); _minDelay = newDelay; } /** * @dev See {IERC721Receiver-onERC721Received}. */ function onERC721Received(address, address, uint256, bytes memory) public virtual override returns (bytes4) { return this.onERC721Received.selector; } /** * @dev See {IERC1155Receiver-onERC1155Received}. */ function onERC1155Received( address, address, uint256, uint256, bytes memory ) public virtual override returns (bytes4) { return this.onERC1155Received.selector; } /** * @dev See {IERC1155Receiver-onERC1155BatchReceived}. */ function onERC1155BatchReceived( address, address, uint256[] memory, uint256[] memory, bytes memory ) public virtual override returns (bytes4) { return this.onERC1155BatchReceived.selector; } /** * @dev This empty reserved space is put in place to allow future versions to add new * variables without shifting down storage in the inheritance chain. * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps */ uint256[48] private __gap; }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { Initializable } from "@openzeppelin/contracts/proxy/utils/Initializable.sol"; import { Math } from "@openzeppelin/contracts/utils/math/Math.sol"; import { Arithmetic } from "../libraries/Arithmetic.sol"; import { Burn } from "../libraries/Burn.sol"; /** * @custom:upgradeable * @title ResourceMetering * @notice ResourceMetering implements an EIP-1559 style resource metering system where pricing * updates automatically based on current demand. */ abstract contract ResourceMetering is Initializable { /** * @notice Represents the various parameters that control the way in which resources are * metered. Corresponds to the EIP-1559 resource metering system. * * @custom:field prevBaseFee Base fee from the previous block(s). * @custom:field prevBoughtGas Amount of gas bought so far in the current block. * @custom:field prevBlockNum Last block number that the base fee was updated. */ struct ResourceParams { uint128 prevBaseFee; uint64 prevBoughtGas; uint64 prevBlockNum; } /** * @notice Represents the configuration for the EIP-1559 based curve for the deposit gas * market. These values should be set with care as it is possible to set them in * a way that breaks the deposit gas market. The target resource limit is defined as * maxResourceLimit / elasticityMultiplier. This struct was designed to fit within a * single word. There is additional space for additions in the future. * * @custom:field maxResourceLimit Represents the maximum amount of deposit gas that * can be purchased per block. * @custom:field elasticityMultiplier Determines the target resource limit along with * the resource limit. * @custom:field baseFeeMaxChangeDenominator Determines max change on fee per block. * @custom:field minimumBaseFee The min deposit base fee, it is clamped to this * value. * @custom:field systemTxMaxGas The amount of gas supplied to the system * transaction. This should be set to the same number * that the kroma-node sets as the gas limit for the * system transaction. * @custom:field maximumBaseFee The max deposit base fee, it is clamped to this * value. */ struct ResourceConfig { uint32 maxResourceLimit; uint8 elasticityMultiplier; uint8 baseFeeMaxChangeDenominator; uint32 minimumBaseFee; uint32 systemTxMaxGas; uint128 maximumBaseFee; } /** * @notice EIP-1559 style gas parameters. */ ResourceParams public params; /** * @notice Reserve extra slots (to a total of 50) in the storage layout for future upgrades. */ uint256[48] private __gap; /** * @notice Meters access to a function based an amount of a requested resource. * * @param _amount Amount of the resource requested. */ modifier metered(uint64 _amount) { // Record initial gas amount so we can refund for it later. uint256 initialGas = gasleft(); // Run the underlying function. _; // Run the metering function. _metered(_amount, initialGas); } /** * @notice An internal function that holds all of the logic for metering a resource. * * @param _amount Amount of the resource requested. * @param _initialGas The amount of gas before any modifier execution. */ function _metered(uint64 _amount, uint256 _initialGas) internal { // Update block number and base fee if necessary. uint256 blockDiff = block.number - params.prevBlockNum; ResourceConfig memory config = _resourceConfig(); int256 targetResourceLimit = int256(uint256(config.maxResourceLimit)) / int256(uint256(config.elasticityMultiplier)); if (blockDiff > 0) { // Handle updating EIP-1559 style gas parameters. We use EIP-1559 to restrict the rate // at which deposits can be created and therefore limit the potential for deposits to // spam the L2 system. Fee scheme is very similar to EIP-1559 with minor changes. int256 gasUsedDelta = int256(uint256(params.prevBoughtGas)) - targetResourceLimit; int256 baseFeeDelta = (int256(uint256(params.prevBaseFee)) * gasUsedDelta) / (targetResourceLimit * int256(uint256(config.baseFeeMaxChangeDenominator))); // Update base fee by adding the base fee delta and clamp the resulting value between // min and max. int256 newBaseFee = Arithmetic.clamp({ _value: int256(uint256(params.prevBaseFee)) + baseFeeDelta, _min: int256(uint256(config.minimumBaseFee)), _max: int256(uint256(config.maximumBaseFee)) }); // If we skipped more than one block, we also need to account for every empty block. // Empty block means there was no demand for deposits in that block, so we should // reflect this lack of demand in the fee. if (blockDiff > 1) { // Update the base fee by repeatedly applying the exponent 1-(1/change_denominator) // blockDiff - 1 times. Simulates multiple empty blocks. Clamp the resulting value // between min and max. newBaseFee = Arithmetic.clamp({ _value: Arithmetic.cdexp({ _coefficient: newBaseFee, _denominator: int256(uint256(config.baseFeeMaxChangeDenominator)), _exponent: int256(blockDiff - 1) }), _min: int256(uint256(config.minimumBaseFee)), _max: int256(uint256(config.maximumBaseFee)) }); } // Update new base fee, reset bought gas, and update block number. params.prevBaseFee = uint128(uint256(newBaseFee)); params.prevBoughtGas = 0; params.prevBlockNum = uint64(block.number); } // Make sure we can actually buy the resource amount requested by the user. params.prevBoughtGas += _amount; require( int256(uint256(params.prevBoughtGas)) <= int256(uint256(config.maxResourceLimit)), "ResourceMetering: cannot buy more gas than available gas limit" ); // Determine the amount of ETH to be paid. uint256 resourceCost = uint256(_amount) * uint256(params.prevBaseFee); // We currently charge for this ETH amount as an L1 gas burn, so we convert the ETH amount // into gas by dividing by the L1 base fee. We assume a minimum base fee of 1 gwei to avoid // division by zero for L1s that don't support 1559 or to avoid excessive gas burns during // periods of extremely low L1 demand. One-day average gas fee hasn't dipped below 1 gwei // during any 1 day period in the last 5 years, so should be fine. uint256 gasCost = resourceCost / Math.max(block.basefee, 1 gwei); // Give the user a refund based on the amount of gas they used to do all of the work up to // this point. Since we're at the end of the modifier, this should be pretty accurate. Acts // effectively like a dynamic stipend (with a minimum value). uint256 usedGas = _initialGas - gasleft(); if (gasCost > usedGas) { Burn.gas(gasCost - usedGas); } } /** * @notice Virtual function that returns the resource config. Contracts that inherit this * contract must implement this function. * * @return ResourceConfig */ function _resourceConfig() internal virtual returns (ResourceConfig memory); /** * @notice Sets initial resource parameter values. This function must either be called by the * initializer function of an upgradeable child contract. */ // solhint-disable-next-line func-name-mixedcase function __ResourceMetering_init() internal onlyInitializing { params = ResourceParams({ prevBaseFee: 1 gwei, prevBoughtGas: 0, prevBlockNum: uint64(block.number) }); } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { L2StandardBridge } from "../L2/L2StandardBridge.sol"; import { Predeploys } from "../libraries/Predeploys.sol"; import { FeeVault } from "../universal/FeeVault.sol"; import { Semver } from "../universal/Semver.sol"; import { AddressAliasHelper } from "../vendor/AddressAliasHelper.sol"; /** * @custom:proxied * @custom:predeploy 0x4200000000000000000000000000000000000008 * @title ValidatorRewardVault * @notice The ValidatorRewardVault accumulates transaction fees and pays rewards to validators. */ contract ValidatorRewardVault is FeeVault, Semver { /** * @notice Address of the ValidatorPool contract on L1. */ address public immutable VALIDATOR_POOL; /** * @notice A value to divide the vault balance by when determining the reward amount. */ uint256 public immutable REWARD_DIVIDER; /** * @notice The reward balance that the validator is eligible to receive. */ mapping(address => uint256) internal rewards; /** * @notice A mapping of whether the reward corresponding to the L2 block number has been paid. */ mapping(uint256 => bool) internal isPaid; /** * @notice The amount of determined as rewards. */ uint256 public totalReserved; /** * @notice Emitted when the balance of a validator has increased. * * @param validator Address of the validator. * @param l2BlockNumber The L2 block number of the output root. * @param amount Amount of the reward. */ event Rewarded(address indexed validator, uint256 indexed l2BlockNumber, uint256 amount); /** * @custom:semver 1.0.0 * * @param _validatorPool Address of the ValidatorPool contract on L1. * @param _rewardDivider A value to divide the vault balance by when determining the reward amount. */ constructor(address _validatorPool, uint256 _rewardDivider) FeeVault(address(0), 0) Semver(1, 0, 0) { VALIDATOR_POOL = _validatorPool; REWARD_DIVIDER = _rewardDivider; } /** * @notice Rewards the validator for submitting the output. * ValidatorPool contract on L1 calls this function over the portal when output is finalized. * * @param _validator Address of the validator. * @param _l2BlockNumber The L2 block number of the output root. */ function reward(address _validator, uint256 _l2BlockNumber) external { require( AddressAliasHelper.undoL1ToL2Alias(msg.sender) == VALIDATOR_POOL, "ValidatorRewardVault: function can only be called from the ValidatorPool" ); require(_validator != address(0), "ValidatorRewardVault: validator address cannot be 0"); require( !isPaid[_l2BlockNumber], "ValidatorRewardVault: the reward has already been paid for the L2 block number" ); uint256 amount = _determineRewardAmount(); unchecked { totalReserved += amount; rewards[_validator] += amount; } isPaid[_l2BlockNumber] = true; emit Rewarded(_validator, _l2BlockNumber, amount); } /** * @notice Withdraws all of the sender's balance. * Reverts if the balance is less than the minimum withdrawal amount. */ function withdraw() external override { uint256 balance = rewards[msg.sender]; require( balance >= MIN_WITHDRAWAL_AMOUNT, "ValidatorRewardVault: withdrawal amount must be greater than minimum withdrawal amount" ); rewards[msg.sender] = 0; unchecked { totalReserved -= balance; totalProcessed += balance; } emit Withdrawal(balance, msg.sender, msg.sender); L2StandardBridge(payable(Predeploys.L2_STANDARD_BRIDGE)).bridgeETHTo{ value: balance }( msg.sender, WITHDRAWAL_MIN_GAS, bytes("") ); } /** * @notice Determines the reward amount. * * @return Amount of the reward. */ function _determineRewardAmount() internal view returns (uint256) { return (address(this).balance - totalReserved) / REWARD_DIVIDER; } /** * @notice Returns the reward balance of the given address. * * @param _addr Address to lookup. * * @return The reward balance of the given address. */ function balanceOf(address _addr) external view returns (uint256) { return rewards[_addr]; } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { Initializable } from "@openzeppelin/contracts/proxy/utils/Initializable.sol"; import { Constants } from "../libraries/Constants.sol"; import { Hashing } from "../libraries/Hashing.sol"; import { SafeCall } from "../libraries/SafeCall.sol"; import { Types } from "../libraries/Types.sol"; import { Semver } from "../universal/Semver.sol"; import { AddressAliasHelper } from "../vendor/AddressAliasHelper.sol"; import { L2OutputOracle } from "./L2OutputOracle.sol"; import { ResourceMetering } from "./ResourceMetering.sol"; import { SystemConfig } from "./SystemConfig.sol"; import { ZKMerkleTrie } from "./ZKMerkleTrie.sol"; /** * @custom:proxied * @title KromaPortal * @notice The KromaPortal is a low-level contract responsible for passing messages between L1 * and L2. Messages sent directly to the KromaPortal have no form of replayability. * Users are encouraged to use the L1CrossDomainMessenger for a higher-level interface. */ contract KromaPortal is Initializable, ResourceMetering, Semver { /** * @notice Represents a proven withdrawal. * * @custom:field outputRoot Root of the L2 output this was proven against. * @custom:field timestamp Timestamp at whcih the withdrawal was proven. * @custom:field l2OutputIndex Index of the output this was proven against. */ struct ProvenWithdrawal { bytes32 outputRoot; uint128 timestamp; uint128 l2OutputIndex; } /** * @notice Version of the deposit event. */ uint256 internal constant DEPOSIT_VERSION = 0; /** * @notice The L2 gas limit set when eth is deposited using the receive() function. */ uint64 internal constant RECEIVE_DEFAULT_GAS_LIMIT = 100_000; /** * @notice Address of the L2OutputOracle contract. */ L2OutputOracle public immutable L2_ORACLE; /** * @notice Address of the ValidatorPool contract. */ address public immutable VALIDATOR_POOL; /** /** * @notice Address of the SystemConfig contract. */ SystemConfig public immutable SYSTEM_CONFIG; /** * @notice MultiSig wallet address that has the ability to pause and unpause withdrawals. */ address public immutable GUARDIAN; /** * @notice Address of the ZKMerkleTrie. */ ZKMerkleTrie public immutable ZK_MERKLE_TRIE; /** * @notice Address of the L2 account which initiated a withdrawal in this transaction. If the * of this variable is the default L2 sender address, then we are NOT inside of a call * to finalizeWithdrawalTransaction. */ address public l2Sender; /** * @notice A list of withdrawal hashes which have been successfully finalized. */ mapping(bytes32 => bool) public finalizedWithdrawals; /** * @notice A mapping of withdrawal hashes to `ProvenWithdrawal` data. */ mapping(bytes32 => ProvenWithdrawal) public provenWithdrawals; /** * @notice Determines if cross domain messaging is paused. When set to true, * withdrawals are paused. This may be removed in the future. */ bool public paused; /** * @notice Emitted when a transaction is deposited from L1 to L2. The parameters of this event * are read by the rollup node and used to derive deposit transactions on L2. * * @param from Address that triggered the deposit transaction. * @param to Address that the deposit transaction is directed to. * @param version Version of this deposit transaction event. * @param opaqueData ABI encoded deposit data to be parsed off-chain. */ event TransactionDeposited( address indexed from, address indexed to, uint256 indexed version, bytes opaqueData ); /** * @notice Emitted when a withdrawal transaction is proven. * * @param withdrawalHash Hash of the withdrawal transaction. */ event WithdrawalProven( bytes32 indexed withdrawalHash, address indexed from, address indexed to ); /** * @notice Emitted when a withdrawal transaction is finalized. * * @param withdrawalHash Hash of the withdrawal transaction. * @param success Whether the withdrawal transaction was successful. */ event WithdrawalFinalized(bytes32 indexed withdrawalHash, bool success); /** * @notice Emitted when the pause is triggered. * * @param account Address of the account triggering the pause. */ event Paused(address account); /** * @notice Emitted when the pause is lifted. * * @param account Address of the account triggering the unpause. */ event Unpaused(address account); /** * @notice Reverts when paused. */ modifier whenNotPaused() { require(paused == false, "KromaPortal: paused"); _; } /** * @custom:semver 1.0.0 * * @param _l2Oracle Address of the L2OutputOracle contract. * @param _validatorPool Address of the ValidatorPool contract. * @param _guardian MultiSig wallet address that can pause deposits and withdrawals. * @param _paused Sets the contract's pausability state. * @param _config Address of the SystemConfig contract. * @param _zkMerkleTrie Address of the ZKMerkleTrie contract. */ constructor( L2OutputOracle _l2Oracle, address _validatorPool, address _guardian, bool _paused, SystemConfig _config, ZKMerkleTrie _zkMerkleTrie ) Semver(1, 0, 0) { L2_ORACLE = _l2Oracle; VALIDATOR_POOL = _validatorPool; GUARDIAN = _guardian; SYSTEM_CONFIG = _config; ZK_MERKLE_TRIE = _zkMerkleTrie; initialize(_paused); } /** * @notice Initializer. */ function initialize(bool _paused) public initializer { l2Sender = Constants.DEFAULT_L2_SENDER; paused = _paused; __ResourceMetering_init(); } /** * @notice Pause deposits and withdrawals. */ function pause() external { require(msg.sender == GUARDIAN, "KromaPortal: only guardian can pause"); paused = true; emit Paused(msg.sender); } /** * @notice Unpause deposits and withdrawals. */ function unpause() external { require(msg.sender == GUARDIAN, "KromaPortal: only guardian can unpause"); paused = false; emit Unpaused(msg.sender); } /** * @notice Accepts value so that users can send ETH directly to this contract and have the * funds be deposited to their address on L2. This is intended as a convenience * function for EOAs. Contracts should call the depositTransaction() function directly * otherwise any deposited funds will be lost due to address aliasing. */ // solhint-disable-next-line ordering receive() external payable { depositTransaction(msg.sender, msg.value, RECEIVE_DEFAULT_GAS_LIMIT, false, bytes("")); } /** * @notice Getter for the resource config. Used internally by the ResourceMetering * contract. The SystemConfig is the source of truth for the resource config. * * @return ResourceMetering.ResourceConfig */ function _resourceConfig() internal view override returns (ResourceMetering.ResourceConfig memory) { return SYSTEM_CONFIG.resourceConfig(); } /** * @notice Proves a withdrawal transaction. * * @param _tx Withdrawal transaction to finalize. * @param _l2OutputIndex L2 output index to prove against. * @param _outputRootProof Inclusion proof of the L2ToL1MessagePasser contract's storage root. * @param _withdrawalProof Inclusion proof of the withdrawal in L2ToL1MessagePasser contract. */ function proveWithdrawalTransaction( Types.WithdrawalTransaction memory _tx, uint256 _l2OutputIndex, Types.OutputRootProof calldata _outputRootProof, bytes[] calldata _withdrawalProof ) external whenNotPaused { // Prevent users from creating a deposit transaction where this address is the message // sender on L2. Because this is checked here, we do not need to check again in // `finalizeWithdrawalTransaction`. require( _tx.target != address(this), "KromaPortal: you cannot send messages to the portal contract" ); // Get the output root and load onto the stack to prevent multiple mloads. This will // revert if there is no output root for the given block number. bytes32 outputRoot = L2_ORACLE.getL2Output(_l2OutputIndex).outputRoot; // Verify that the output root can be generated with the elements in the proof. require( outputRoot == Hashing.hashOutputRootProof(_outputRootProof), "KromaPortal: invalid output root proof" ); // Load the ProvenWithdrawal into memory, using the withdrawal hash as a unique identifier. bytes32 withdrawalHash = Hashing.hashWithdrawal(_tx); ProvenWithdrawal memory provenWithdrawal = provenWithdrawals[withdrawalHash]; // We generally want to prevent users from proving the same withdrawal multiple times // because each successive proof will update the timestamp. A malicious user can take // advantage of this to prevent other users from finalizing their withdrawal. However, // since withdrawals are proven before an output root is finalized, we need to allow users // to re-prove their withdrawal only in the case that the output root for their specified // output index has been updated. require( provenWithdrawal.timestamp == 0 || L2_ORACLE.getL2Output(provenWithdrawal.l2OutputIndex).outputRoot != provenWithdrawal.outputRoot, "KromaPortal: withdrawal hash has already been proven" ); // Compute the storage slot of the withdrawal hash in the L2ToL1MessagePasser contract. // Refer to the Solidity documentation for more information on how storage layouts are // computed for mappings. bytes32 storageKey = keccak256( abi.encode( withdrawalHash, uint256(0) // The withdrawals mapping is at the first slot in the layout. ) ); // Verify that the hash of this withdrawal was stored in the L2toL1MessagePasser contract // on L2. If this is true, under the assumption that the ZKMerkleTrie contract does not have // bugs, then we know that this withdrawal was actually triggered on L2 and can therefore // be relayed on L1. require( ZK_MERKLE_TRIE.verifyInclusionProof( storageKey, hex"0000000000000000000000000000000000000000000000000000000000000001", _withdrawalProof, _outputRootProof.messagePasserStorageRoot ), "KromaPortal: invalid withdrawal inclusion proof" ); // Designate the withdrawalHash as proven by storing the `outputRoot`, `timestamp`, and // `l2OutputIndex` in the `provenWithdrawals` mapping. A `withdrawalHash` can only be // proven once unless it is submitted again with a different outputRoot. provenWithdrawals[withdrawalHash] = ProvenWithdrawal({ outputRoot: outputRoot, timestamp: uint128(block.timestamp), l2OutputIndex: uint128(_l2OutputIndex) }); // Emit a `WithdrawalProven` event. emit WithdrawalProven(withdrawalHash, _tx.sender, _tx.target); } /** * @notice Finalizes a withdrawal transaction. * * @param _tx Withdrawal transaction to finalize. */ function finalizeWithdrawalTransaction(Types.WithdrawalTransaction memory _tx) external whenNotPaused { // Make sure that the l2Sender has not yet been set. The l2Sender is set to a value other // than the default value when a withdrawal transaction is being finalized. This check is // a defacto reentrancy guard. require( l2Sender == Constants.DEFAULT_L2_SENDER, "KromaPortal: can only trigger one withdrawal per transaction" ); // Grab the proven withdrawal from the `provenWithdrawals` map. bytes32 withdrawalHash = Hashing.hashWithdrawal(_tx); ProvenWithdrawal memory provenWithdrawal = provenWithdrawals[withdrawalHash]; // A withdrawal can only be finalized if it has been proven. We know that a withdrawal has // been proven at least once when its timestamp is non-zero. Unproven withdrawals will have // a timestamp of zero. require(provenWithdrawal.timestamp != 0, "KromaPortal: withdrawal has not been proven yet"); // As a sanity check, we make sure that the proven withdrawal's timestamp is greater than // starting timestamp inside the L2OutputOracle. Not strictly necessary but extra layer of // safety against weird bugs in the proving step. require( provenWithdrawal.timestamp >= L2_ORACLE.startingTimestamp(), "KromaPortal: withdrawal timestamp less than L2 Oracle starting timestamp" ); // A proven withdrawal must wait at least the finalization period before it can be // finalized. This waiting period can elapse in parallel with the waiting period for the // output the withdrawal was proven against. In effect, this means that the minimum // withdrawal time is l2 output submission time + finalization period. require( _isFinalizationPeriodElapsed(provenWithdrawal.timestamp), "KromaPortal: proven withdrawal finalization period has not elapsed" ); // Grab the CheckpointOutput from the L2OutputOracle, will revert if the output that // corresponds to the given index has not been submitted yet. Types.CheckpointOutput memory checkpointOutput = L2_ORACLE.getL2Output( provenWithdrawal.l2OutputIndex ); // Check that the output root that was used to prove the withdrawal is the same as the // current output root for the given output index. An output root may change if it is // deleted by the challenger address and then re-submitted. require( checkpointOutput.outputRoot == provenWithdrawal.outputRoot, "KromaPortal: output root proven is not the same as current output root" ); // Check that the checkpoint output has also been finalized. require( _isFinalizationPeriodElapsed(checkpointOutput.timestamp), "KromaPortal: checkpoint output finalization period has not elapsed" ); // Check that this withdrawal has not already been finalized, this is replay protection. require( finalizedWithdrawals[withdrawalHash] == false, "KromaPortal: withdrawal has already been finalized" ); // Mark the withdrawal as finalized so it can't be replayed. finalizedWithdrawals[withdrawalHash] = true; // Set the l2Sender so contracts know who triggered this withdrawal on L2. l2Sender = _tx.sender; // Trigger the call to the target contract. We use a custom low level method // SafeCall.callWithMinGas to ensure two key properties // 1. Target contracts cannot force this call to run out of gas by returning a very large // amount of data (and this is OK because we don't care about the returndata here). // 2. The amount of gas provided to the execution context of the target is at least the // gas limit specified by the user. If there is not enough gas in the current context // to accomplish this, `callWithMinGas` will revert. bool success = SafeCall.callWithMinGas(_tx.target, _tx.gasLimit, _tx.value, _tx.data); // Reset the l2Sender back to the default value. l2Sender = Constants.DEFAULT_L2_SENDER; // All withdrawals are immediately finalized. Replayability can // be achieved through contracts built on top of this contract emit WithdrawalFinalized(withdrawalHash, success); // Reverting here is useful for determining the exact gas cost to successfully execute the // sub call to the target contract if the minimum gas limit specified by the user would not // be sufficient to execute the sub call. if (success == false && tx.origin == Constants.ESTIMATION_ADDRESS) { revert("KromaPortal: withdrawal failed"); } } /** * @notice Accepts deposits of ETH and data, and emits a TransactionDeposited event for use in * deriving deposit transactions. Note that if a deposit is made by a contract, its * address will be aliased when retrieved using `tx.origin` or `msg.sender`. Consider * using the CrossDomainMessenger contracts for a simpler developer experience. * * @param _to Target address on L2. * @param _value ETH value to send to the recipient. * @param _gasLimit Minimum L2 gas limit (can be greater than or equal to this value). * @param _isCreation Whether or not the transaction is a contract creation. * @param _data Data to trigger the recipient with. */ function depositTransaction( address _to, uint256 _value, uint64 _gasLimit, bool _isCreation, bytes memory _data ) public payable metered(_gasLimit) { // Just to be safe, make sure that people specify address(0) as the target when doing // contract creations. if (_isCreation) { require( _to == address(0), "KromaPortal: must send to address(0) when creating a contract" ); } // Prevent depositing transactions that have too small of a gas limit. require(_gasLimit >= 21_000, "KromaPortal: gas limit must cover instrinsic gas cost"); // Transform the from-address to its alias if the caller is a contract. address from = msg.sender; if (msg.sender != tx.origin) { from = AddressAliasHelper.applyL1ToL2Alias(msg.sender); } // Compute the opaque data that will be emitted as part of the TransactionDeposited event. // We use opaque data so that we can update the TransactionDeposited event in the future // without breaking the current interface. bytes memory opaqueData = abi.encodePacked( msg.value, _value, _gasLimit, _isCreation, _data ); // Emit a TransactionDeposited event so that the rollup node can derive a deposit // transaction for this deposit. emit TransactionDeposited(from, _to, DEPOSIT_VERSION, opaqueData); } /** * @notice Accepts deposits of data from ValidatorPool contract, and emits a TransactionDeposited event for use in * deriving deposit transactions on L2. * * @param _to Target address on L2. * @param _gasLimit Minimum L2 gas limit (can be greater than or equal to this value). * @param _data Data to trigger the recipient with. */ function depositTransactionByValidatorPool( address _to, uint64 _gasLimit, bytes memory _data ) public { require( msg.sender == VALIDATOR_POOL, "KromaPortal: function can only be called from the ValidatorPool" ); // Transform the from-address to its alias. address from = AddressAliasHelper.applyL1ToL2Alias(msg.sender); // Compute the opaque data that will be emitted as part of the TransactionDeposited event. bytes memory opaqueData = abi.encodePacked(uint256(0), uint256(0), _gasLimit, false, _data); // Emit a TransactionDeposited event so that the rollup node can derive a deposit // transaction for this deposit. emit TransactionDeposited(from, _to, DEPOSIT_VERSION, opaqueData); } /** * @notice Determines if the output at the given index is finalized. Reverts if the call to * L2_ORACLE.getL2Output reverts. Returns a boolean otherwise. * * @param _l2OutputIndex Index of the L2 output to check. * * @return Whether or not the output is finalized. */ function isOutputFinalized(uint256 _l2OutputIndex) external view returns (bool) { return _isFinalizationPeriodElapsed(L2_ORACLE.getL2Output(_l2OutputIndex).timestamp); } /** * @notice Determines whether the finalization period has elapsed w/r/t a given timestamp. * * @param _timestamp Timestamp to check. * * @return Whether or not the finalization period has elapsed. */ function _isFinalizationPeriodElapsed(uint256 _timestamp) internal view returns (bool) { return block.timestamp > _timestamp + L2_ORACLE.FINALIZATION_PERIOD_SECONDS(); } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts v4.4.1 (utils/introspection/IERC165.sol) pragma solidity ^0.8.0; /** * @dev Interface of the ERC165 standard, as defined in the * https://eips.ethereum.org/EIPS/eip-165[EIP]. * * Implementers can declare support of contract interfaces, which can then be * queried by others ({ERC165Checker}). * * For an implementation, see {ERC165}. */ interface IERC165Upgradeable { /** * @dev Returns true if this contract implements the interface defined by * `interfaceId`. See the corresponding * https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[EIP section] * to learn more about how these ids are created. * * This function call must use less than 30 000 gas. */ function supportsInterface(bytes4 interfaceId) external view returns (bool); }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.9.0) (utils/Strings.sol) pragma solidity ^0.8.0; import "./math/MathUpgradeable.sol"; import "./math/SignedMathUpgradeable.sol"; /** * @dev String operations. */ library StringsUpgradeable { bytes16 private constant _SYMBOLS = "0123456789abcdef"; uint8 private constant _ADDRESS_LENGTH = 20; /** * @dev Converts a `uint256` to its ASCII `string` decimal representation. */ function toString(uint256 value) internal pure returns (string memory) { unchecked { uint256 length = MathUpgradeable.log10(value) + 1; string memory buffer = new string(length); uint256 ptr; /// @solidity memory-safe-assembly assembly { ptr := add(buffer, add(32, length)) } while (true) { ptr--; /// @solidity memory-safe-assembly assembly { mstore8(ptr, byte(mod(value, 10), _SYMBOLS)) } value /= 10; if (value == 0) break; } return buffer; } } /** * @dev Converts a `int256` to its ASCII `string` decimal representation. */ function toString(int256 value) internal pure returns (string memory) { return string(abi.encodePacked(value < 0 ? "-" : "", toString(SignedMathUpgradeable.abs(value)))); } /** * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation. */ function toHexString(uint256 value) internal pure returns (string memory) { unchecked { return toHexString(value, MathUpgradeable.log256(value) + 1); } } /** * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length. */ function toHexString(uint256 value, uint256 length) internal pure returns (string memory) { bytes memory buffer = new bytes(2 * length + 2); buffer[0] = "0"; buffer[1] = "x"; for (uint256 i = 2 * length + 1; i > 1; --i) { buffer[i] = _SYMBOLS[value & 0xf]; value >>= 4; } require(value == 0, "Strings: hex length insufficient"); return string(buffer); } /** * @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation. */ function toHexString(address addr) internal pure returns (string memory) { return toHexString(uint256(uint160(addr)), _ADDRESS_LENGTH); } /** * @dev Returns true if the two strings are equal. */ function equal(string memory a, string memory b) internal pure returns (bool) { return keccak256(bytes(a)) == keccak256(bytes(b)); } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.9.0) (interfaces/IERC5267.sol) pragma solidity ^0.8.0; interface IERC5267Upgradeable { /** * @dev MAY be emitted to signal that the domain could have changed. */ event EIP712DomainChanged(); /** * @dev returns the fields and values that describe the domain separator used by this contract for EIP-712 * signature. */ function eip712Domain() external view returns ( bytes1 fields, string memory name, string memory version, uint256 chainId, address verifyingContract, bytes32 salt, uint256[] memory extensions ); }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts v4.4.1 (interfaces/IERC165.sol) pragma solidity ^0.8.0; import "../utils/introspection/IERC165Upgradeable.sol";
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.9.0) (utils/math/Math.sol) pragma solidity ^0.8.0; /** * @dev Standard math utilities missing in the Solidity language. */ library MathUpgradeable { enum Rounding { Down, // Toward negative infinity Up, // Toward infinity Zero // Toward zero } /** * @dev Returns the largest of two numbers. */ function max(uint256 a, uint256 b) internal pure returns (uint256) { return a > b ? a : b; } /** * @dev Returns the smallest of two numbers. */ function min(uint256 a, uint256 b) internal pure returns (uint256) { return a < b ? a : b; } /** * @dev Returns the average of two numbers. The result is rounded towards * zero. */ function average(uint256 a, uint256 b) internal pure returns (uint256) { // (a + b) / 2 can overflow. return (a & b) + (a ^ b) / 2; } /** * @dev Returns the ceiling of the division of two numbers. * * This differs from standard division with `/` in that it rounds up instead * of rounding down. */ function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) { // (a + b - 1) / b can overflow on addition, so we distribute. return a == 0 ? 0 : (a - 1) / b + 1; } /** * @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or denominator == 0 * @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv) * with further edits by Uniswap Labs also under MIT license. */ function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) { unchecked { // 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use // use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256 // variables such that product = prod1 * 2^256 + prod0. uint256 prod0; // Least significant 256 bits of the product uint256 prod1; // Most significant 256 bits of the product assembly { let mm := mulmod(x, y, not(0)) prod0 := mul(x, y) prod1 := sub(sub(mm, prod0), lt(mm, prod0)) } // Handle non-overflow cases, 256 by 256 division. if (prod1 == 0) { // Solidity will revert if denominator == 0, unlike the div opcode on its own. // The surrounding unchecked block does not change this fact. // See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic. return prod0 / denominator; } // Make sure the result is less than 2^256. Also prevents denominator == 0. require(denominator > prod1, "Math: mulDiv overflow"); /////////////////////////////////////////////// // 512 by 256 division. /////////////////////////////////////////////// // Make division exact by subtracting the remainder from [prod1 prod0]. uint256 remainder; assembly { // Compute remainder using mulmod. remainder := mulmod(x, y, denominator) // Subtract 256 bit number from 512 bit number. prod1 := sub(prod1, gt(remainder, prod0)) prod0 := sub(prod0, remainder) } // Factor powers of two out of denominator and compute largest power of two divisor of denominator. Always >= 1. // See https://cs.stackexchange.com/q/138556/92363. // Does not overflow because the denominator cannot be zero at this stage in the function. uint256 twos = denominator & (~denominator + 1); assembly { // Divide denominator by twos. denominator := div(denominator, twos) // Divide [prod1 prod0] by twos. prod0 := div(prod0, twos) // Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one. twos := add(div(sub(0, twos), twos), 1) } // Shift in bits from prod1 into prod0. prod0 |= prod1 * twos; // Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such // that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for // four bits. That is, denominator * inv = 1 mod 2^4. uint256 inverse = (3 * denominator) ^ 2; // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also works // in modular arithmetic, doubling the correct bits in each step. inverse *= 2 - denominator * inverse; // inverse mod 2^8 inverse *= 2 - denominator * inverse; // inverse mod 2^16 inverse *= 2 - denominator * inverse; // inverse mod 2^32 inverse *= 2 - denominator * inverse; // inverse mod 2^64 inverse *= 2 - denominator * inverse; // inverse mod 2^128 inverse *= 2 - denominator * inverse; // inverse mod 2^256 // Because the division is now exact we can divide by multiplying with the modular inverse of denominator. // This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is // less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1 // is no longer required. result = prod0 * inverse; return result; } } /** * @notice Calculates x * y / denominator with full precision, following the selected rounding direction. */ function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) { uint256 result = mulDiv(x, y, denominator); if (rounding == Rounding.Up && mulmod(x, y, denominator) > 0) { result += 1; } return result; } /** * @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded down. * * Inspired by Henry S. Warren, Jr.'s "Hacker's Delight" (Chapter 11). */ function sqrt(uint256 a) internal pure returns (uint256) { if (a == 0) { return 0; } // For our first guess, we get the biggest power of 2 which is smaller than the square root of the target. // // We know that the "msb" (most significant bit) of our target number `a` is a power of 2 such that we have // `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`. // // This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)` // → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))` // → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)` // // Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit. uint256 result = 1 << (log2(a) >> 1); // At this point `result` is an estimation with one bit of precision. We know the true value is a uint128, // since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at // every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision // into the expected uint128 result. unchecked { result = (result + a / result) >> 1; result = (result + a / result) >> 1; result = (result + a / result) >> 1; result = (result + a / result) >> 1; result = (result + a / result) >> 1; result = (result + a / result) >> 1; result = (result + a / result) >> 1; return min(result, a / result); } } /** * @notice Calculates sqrt(a), following the selected rounding direction. */ function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) { unchecked { uint256 result = sqrt(a); return result + (rounding == Rounding.Up && result * result < a ? 1 : 0); } } /** * @dev Return the log in base 2, rounded down, of a positive value. * Returns 0 if given 0. */ function log2(uint256 value) internal pure returns (uint256) { uint256 result = 0; unchecked { if (value >> 128 > 0) { value >>= 128; result += 128; } if (value >> 64 > 0) { value >>= 64; result += 64; } if (value >> 32 > 0) { value >>= 32; result += 32; } if (value >> 16 > 0) { value >>= 16; result += 16; } if (value >> 8 > 0) { value >>= 8; result += 8; } if (value >> 4 > 0) { value >>= 4; result += 4; } if (value >> 2 > 0) { value >>= 2; result += 2; } if (value >> 1 > 0) { result += 1; } } return result; } /** * @dev Return the log in base 2, following the selected rounding direction, of a positive value. * Returns 0 if given 0. */ function log2(uint256 value, Rounding rounding) internal pure returns (uint256) { unchecked { uint256 result = log2(value); return result + (rounding == Rounding.Up && 1 << result < value ? 1 : 0); } } /** * @dev Return the log in base 10, rounded down, of a positive value. * Returns 0 if given 0. */ function log10(uint256 value) internal pure returns (uint256) { uint256 result = 0; unchecked { if (value >= 10 ** 64) { value /= 10 ** 64; result += 64; } if (value >= 10 ** 32) { value /= 10 ** 32; result += 32; } if (value >= 10 ** 16) { value /= 10 ** 16; result += 16; } if (value >= 10 ** 8) { value /= 10 ** 8; result += 8; } if (value >= 10 ** 4) { value /= 10 ** 4; result += 4; } if (value >= 10 ** 2) { value /= 10 ** 2; result += 2; } if (value >= 10 ** 1) { result += 1; } } return result; } /** * @dev Return the log in base 10, following the selected rounding direction, of a positive value. * Returns 0 if given 0. */ function log10(uint256 value, Rounding rounding) internal pure returns (uint256) { unchecked { uint256 result = log10(value); return result + (rounding == Rounding.Up && 10 ** result < value ? 1 : 0); } } /** * @dev Return the log in base 256, rounded down, of a positive value. * Returns 0 if given 0. * * Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string. */ function log256(uint256 value) internal pure returns (uint256) { uint256 result = 0; unchecked { if (value >> 128 > 0) { value >>= 128; result += 16; } if (value >> 64 > 0) { value >>= 64; result += 8; } if (value >> 32 > 0) { value >>= 32; result += 4; } if (value >> 16 > 0) { value >>= 16; result += 2; } if (value >> 8 > 0) { result += 1; } } return result; } /** * @dev Return the log in base 256, following the selected rounding direction, of a positive value. * Returns 0 if given 0. */ function log256(uint256 value, Rounding rounding) internal pure returns (uint256) { unchecked { uint256 result = log256(value); return result + (rounding == Rounding.Up && 1 << (result << 3) < value ? 1 : 0); } } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.9.0) (access/AccessControl.sol) pragma solidity ^0.8.0; import "./IAccessControlUpgradeable.sol"; import "../utils/ContextUpgradeable.sol"; import "../utils/StringsUpgradeable.sol"; import "../utils/introspection/ERC165Upgradeable.sol"; import "../proxy/utils/Initializable.sol"; /** * @dev Contract module that allows children to implement role-based access * control mechanisms. This is a lightweight version that doesn't allow enumerating role * members except through off-chain means by accessing the contract event logs. Some * applications may benefit from on-chain enumerability, for those cases see * {AccessControlEnumerable}. * * Roles are referred to by their `bytes32` identifier. These should be exposed * in the external API and be unique. The best way to achieve this is by * using `public constant` hash digests: * * ```solidity * bytes32 public constant MY_ROLE = keccak256("MY_ROLE"); * ``` * * Roles can be used to represent a set of permissions. To restrict access to a * function call, use {hasRole}: * * ```solidity * function foo() public { * require(hasRole(MY_ROLE, msg.sender)); * ... * } * ``` * * Roles can be granted and revoked dynamically via the {grantRole} and * {revokeRole} functions. Each role has an associated admin role, and only * accounts that have a role's admin role can call {grantRole} and {revokeRole}. * * By default, the admin role for all roles is `DEFAULT_ADMIN_ROLE`, which means * that only accounts with this role will be able to grant or revoke other * roles. More complex role relationships can be created by using * {_setRoleAdmin}. * * WARNING: The `DEFAULT_ADMIN_ROLE` is also its own admin: it has permission to * grant and revoke this role. Extra precautions should be taken to secure * accounts that have been granted it. We recommend using {AccessControlDefaultAdminRules} * to enforce additional security measures for this role. */ abstract contract AccessControlUpgradeable is Initializable, ContextUpgradeable, IAccessControlUpgradeable, ERC165Upgradeable { function __AccessControl_init() internal onlyInitializing { } function __AccessControl_init_unchained() internal onlyInitializing { } struct RoleData { mapping(address => bool) members; bytes32 adminRole; } mapping(bytes32 => RoleData) private _roles; bytes32 public constant DEFAULT_ADMIN_ROLE = 0x00; /** * @dev Modifier that checks that an account has a specific role. Reverts * with a standardized message including the required role. * * The format of the revert reason is given by the following regular expression: * * /^AccessControl: account (0x[0-9a-f]{40}) is missing role (0x[0-9a-f]{64})$/ * * _Available since v4.1._ */ modifier onlyRole(bytes32 role) { _checkRole(role); _; } /** * @dev See {IERC165-supportsInterface}. */ function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) { return interfaceId == type(IAccessControlUpgradeable).interfaceId || super.supportsInterface(interfaceId); } /** * @dev Returns `true` if `account` has been granted `role`. */ function hasRole(bytes32 role, address account) public view virtual override returns (bool) { return _roles[role].members[account]; } /** * @dev Revert with a standard message if `_msgSender()` is missing `role`. * Overriding this function changes the behavior of the {onlyRole} modifier. * * Format of the revert message is described in {_checkRole}. * * _Available since v4.6._ */ function _checkRole(bytes32 role) internal view virtual { _checkRole(role, _msgSender()); } /** * @dev Revert with a standard message if `account` is missing `role`. * * The format of the revert reason is given by the following regular expression: * * /^AccessControl: account (0x[0-9a-f]{40}) is missing role (0x[0-9a-f]{64})$/ */ function _checkRole(bytes32 role, address account) internal view virtual { if (!hasRole(role, account)) { revert( string( abi.encodePacked( "AccessControl: account ", StringsUpgradeable.toHexString(account), " is missing role ", StringsUpgradeable.toHexString(uint256(role), 32) ) ) ); } } /** * @dev Returns the admin role that controls `role`. See {grantRole} and * {revokeRole}. * * To change a role's admin, use {_setRoleAdmin}. */ function getRoleAdmin(bytes32 role) public view virtual override returns (bytes32) { return _roles[role].adminRole; } /** * @dev Grants `role` to `account`. * * If `account` had not been already granted `role`, emits a {RoleGranted} * event. * * Requirements: * * - the caller must have ``role``'s admin role. * * May emit a {RoleGranted} event. */ function grantRole(bytes32 role, address account) public virtual override onlyRole(getRoleAdmin(role)) { _grantRole(role, account); } /** * @dev Revokes `role` from `account`. * * If `account` had been granted `role`, emits a {RoleRevoked} event. * * Requirements: * * - the caller must have ``role``'s admin role. * * May emit a {RoleRevoked} event. */ function revokeRole(bytes32 role, address account) public virtual override onlyRole(getRoleAdmin(role)) { _revokeRole(role, account); } /** * @dev Revokes `role` from the calling account. * * Roles are often managed via {grantRole} and {revokeRole}: this function's * purpose is to provide a mechanism for accounts to lose their privileges * if they are compromised (such as when a trusted device is misplaced). * * If the calling account had been revoked `role`, emits a {RoleRevoked} * event. * * Requirements: * * - the caller must be `account`. * * May emit a {RoleRevoked} event. */ function renounceRole(bytes32 role, address account) public virtual override { require(account == _msgSender(), "AccessControl: can only renounce roles for self"); _revokeRole(role, account); } /** * @dev Grants `role` to `account`. * * If `account` had not been already granted `role`, emits a {RoleGranted} * event. Note that unlike {grantRole}, this function doesn't perform any * checks on the calling account. * * May emit a {RoleGranted} event. * * [WARNING] * ==== * This function should only be called from the constructor when setting * up the initial roles for the system. * * Using this function in any other way is effectively circumventing the admin * system imposed by {AccessControl}. * ==== * * NOTE: This function is deprecated in favor of {_grantRole}. */ function _setupRole(bytes32 role, address account) internal virtual { _grantRole(role, account); } /** * @dev Sets `adminRole` as ``role``'s admin role. * * Emits a {RoleAdminChanged} event. */ function _setRoleAdmin(bytes32 role, bytes32 adminRole) internal virtual { bytes32 previousAdminRole = getRoleAdmin(role); _roles[role].adminRole = adminRole; emit RoleAdminChanged(role, previousAdminRole, adminRole); } /** * @dev Grants `role` to `account`. * * Internal function without access restriction. * * May emit a {RoleGranted} event. */ function _grantRole(bytes32 role, address account) internal virtual { if (!hasRole(role, account)) { _roles[role].members[account] = true; emit RoleGranted(role, account, _msgSender()); } } /** * @dev Revokes `role` from `account`. * * Internal function without access restriction. * * May emit a {RoleRevoked} event. */ function _revokeRole(bytes32 role, address account) internal virtual { if (hasRole(role, account)) { _roles[role].members[account] = false; emit RoleRevoked(role, account, _msgSender()); } } /** * @dev This empty reserved space is put in place to allow future versions to add new * variables without shifting down storage in the inheritance chain. * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps */ uint256[49] private __gap; }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { Math } from "@openzeppelin/contracts/utils/math/Math.sol"; import { SignedMath } from "@openzeppelin/contracts/utils/math/SignedMath.sol"; import { FixedPointMathLib } from "@rari-capital/solmate/src/utils/FixedPointMathLib.sol"; /** * @title Arithmetic * @notice Even more math than before. */ library Arithmetic { /** * @notice Clamps a value between a minimum and maximum. * * @param _value The value to clamp. * @param _min The minimum value. * @param _max The maximum value. * * @return The clamped value. */ function clamp( int256 _value, int256 _min, int256 _max ) internal pure returns (int256) { return SignedMath.min(SignedMath.max(_value, _min), _max); } /** * @notice Clamps a value between a minimum and maximum. * * @param _value The value to clamp. * @param _min The minimum value. * @param _max The maximum value. * * @return The clamped value. */ function clamp( uint256 _value, uint256 _min, uint256 _max ) internal pure returns (uint256) { return Math.min(Math.max(_value, _min), _max); } /** * @notice (c)oefficient (d)enominator (exp)onentiation function. * Returns the result of: c * (1 - 1/d)^exp. * * @param _coefficient Coefficient of the function. * @param _denominator Fractional denominator. * @param _exponent Power function exponent. * * @return Result of c * (1 - 1/d)^exp. */ function cdexp( int256 _coefficient, int256 _denominator, int256 _exponent ) internal pure returns (int256) { return (_coefficient * (FixedPointMathLib.powWad(1e18 - (1e18 / _denominator), _exponent * 1e18))) / 1e18; } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { SafeCall } from "./SafeCall.sol"; /** * @title Burn * @notice Utilities for burning stuff. */ library Burn { /** * Burns a given amount of ETH. * Note that execution engine of Kroma does not support SELFDESTRUCT opcode, so it sends ETH to zero address. * * @param _amount Amount of ETH to burn. */ function eth(uint256 _amount) internal { SafeCall.call(address(0), gasleft(), _amount, ""); } /** * Burns a given amount of gas. * * @param _amount Amount of gas to burn. */ function gas(uint256 _amount) internal view { uint256 i = 0; uint256 initialGas = gasleft(); while (initialGas - gasleft() < _amount) { ++i; } } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { Predeploys } from "../libraries/Predeploys.sol"; import { Semver } from "../universal/Semver.sol"; import { StandardBridge } from "../universal/StandardBridge.sol"; /** * @custom:proxied * @custom:predeploy 0x4200000000000000000000000000000000000009 * @title L2StandardBridge * @notice The L2StandardBridge is responsible for transfering ETH and ERC20 tokens between L1 and * L2. In the case that an ERC20 token is native to L2, it will be escrowed within this * contract. If the ERC20 token is native to L1, it will be burnt. * NOTE: this contract is not intended to support all variations of ERC20 tokens. Examples * of some token types that may not be properly supported by this contract include, but are * not limited to: tokens with transfer fees, rebasing tokens, and tokens with blocklists. */ contract L2StandardBridge is StandardBridge, Semver { /** * @custom:semver 1.0.0 * * @param _otherBridge Address of the L1StandardBridge. */ constructor(address payable _otherBridge) Semver(1, 0, 0) StandardBridge(payable(Predeploys.L2_CROSS_DOMAIN_MESSENGER), _otherBridge) {} /** * @notice Allows EOAs to bridge ETH by sending directly to the bridge. */ receive() external payable override onlyEOA { _initiateBridgeETH( msg.sender, msg.sender, msg.value, RECEIVE_DEFAULT_GAS_LIMIT, bytes("") ); } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { Predeploys } from "../libraries/Predeploys.sol"; import { L2StandardBridge } from "../L2/L2StandardBridge.sol"; /** * @title FeeVault * @notice The FeeVault contract contains the basic logic for the various different vault contracts * used to hold fee revenue generated by the L2 system. */ abstract contract FeeVault { /** * @notice Emits each time that a withdrawal occurs. * * @param value Amount that was withdrawn (in wei). * @param to Address that the funds were sent to. * @param from Address that triggered the withdrawal. */ event Withdrawal(uint256 value, address to, address from); /** * @notice Minimum balance before a withdrawal can be triggered. */ uint256 public immutable MIN_WITHDRAWAL_AMOUNT; /** * @notice Wallet that will receive the fees on L1. */ address public immutable RECIPIENT; /** * @notice The minimum gas limit for the FeeVault withdrawal transaction. */ uint32 internal constant WITHDRAWAL_MIN_GAS = 35_000; /** * @notice Total amount of wei processed by the contract. */ uint256 public totalProcessed; /** * @param _recipient Wallet that will receive the fees on L1. * @param _minWithdrawalAmount Minimum balance before a withdrawal can be triggered. */ constructor(address _recipient, uint256 _minWithdrawalAmount) { MIN_WITHDRAWAL_AMOUNT = _minWithdrawalAmount; RECIPIENT = _recipient; } /** * @notice Allow the contract to receive ETH. */ receive() external payable {} /** * @notice Triggers a withdrawal of funds to the L1 fee wallet. */ function withdraw() external virtual { require( address(this).balance >= MIN_WITHDRAWAL_AMOUNT, "FeeVault: withdrawal amount must be greater than minimum withdrawal amount" ); uint256 value = address(this).balance; totalProcessed += value; emit Withdrawal(value, RECIPIENT, msg.sender); L2StandardBridge(payable(Predeploys.L2_STANDARD_BRIDGE)).bridgeETHTo{ value: value }( RECIPIENT, WITHDRAWAL_MIN_GAS, bytes("") ); } }
// SPDX-License-Identifier: Apache-2.0 /* * Copyright 2019-2021, Offchain Labs, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity ^0.8.0; library AddressAliasHelper { uint160 constant offset = uint160(0x1111000000000000000000000000000000001111); /// @notice Utility function that converts the address in the L1 that submitted a tx to /// the inbox to the msg.sender viewed in the L2 /// @param l1Address the address in the L1 that triggered the tx to L2 /// @return l2Address L2 address as viewed in msg.sender function applyL1ToL2Alias(address l1Address) internal pure returns (address l2Address) { unchecked { l2Address = address(uint160(l1Address) + offset); } } /// @notice Utility function that converts the msg.sender viewed in the L2 to the /// address in the L1 that submitted a tx to the inbox /// @param l2Address L2 address as viewed in msg.sender /// @return l1Address the address in the L1 that triggered the tx to L2 function undoL1ToL2Alias(address l2Address) internal pure returns (address l1Address) { unchecked { l1Address = address(uint160(l2Address) - offset); } } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { OwnableUpgradeable } from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol"; import { Constants } from "../libraries/Constants.sol"; import { Semver } from "../universal/Semver.sol"; import { ResourceMetering } from "./ResourceMetering.sol"; /** * @title SystemConfig * @notice The SystemConfig contract is used to manage configuration of a Kroma network. All * configuration is stored on L1 and picked up by L2 as part of the derivation of the L2 * chain. */ contract SystemConfig is OwnableUpgradeable, Semver { /** * @notice Enum representing different types of updates. * * @custom:value BATCHER Represents an update to the batcher hash. * @custom:value GAS_CONFIG Represents an update to txn fee config on L2. * @custom:value GAS_LIMIT Represents an update to gas limit on L2. * @custom:value UNSAFE_BLOCK_SIGNER Represents an update to the signer key for unsafe * block distribution. * @custom:value VALIDATOR_REWARD_SCALAR Represents an update to validator reward scalar. */ enum UpdateType { BATCHER, GAS_CONFIG, GAS_LIMIT, UNSAFE_BLOCK_SIGNER, VALIDATOR_REWARD_SCALAR } /** * @notice Version identifier, used for upgrades. */ uint256 public constant VERSION = 0; /** * @notice Storage slot that the unsafe block signer is stored at. Storing it at this * deterministic storage slot allows for decoupling the storage layout from the way * that `solc` lays out storage. The `kroma-node` uses a storage proof to fetch this value. */ bytes32 public constant UNSAFE_BLOCK_SIGNER_SLOT = keccak256("systemconfig.unsafeblocksigner"); /** * @notice Fixed L2 gas overhead. Used as part of the L2 fee calculation. */ uint256 public overhead; /** * @notice Dynamic L2 gas overhead. Used as part of the L2 fee calculation. */ uint256 public scalar; /** * @notice Identifier for the batcher. For version 1 of this configuration, this is represented * as an address left-padded with zeros to 32 bytes. */ bytes32 public batcherHash; /** * @notice L2 block gas limit. */ uint64 public gasLimit; /** * @notice The configuration for the deposit fee market. Used by the KromaPortal * to meter the cost of buying L2 gas on L1. Set as internal and wrapped with a getter * so that the struct is returned instead of a tuple. */ ResourceMetering.ResourceConfig internal _resourceConfig; /** * @notice The scalar value to distribute transaction fees as validator reward. * The denominator is 10000, so the ratio is expressed in 4 decimal places. */ uint256 public validatorRewardScalar; /** * @notice Emitted when configuration is updated * * @param version SystemConfig version. * @param updateType Type of update. * @param data Encoded update data. */ event ConfigUpdate(uint256 indexed version, UpdateType indexed updateType, bytes data); /** * @custom:semver 1.0.0 * * @param _owner Initial owner of the contract. * @param _overhead Initial overhead value. * @param _scalar Initial scalar value. * @param _batcherHash Initial batcher hash. * @param _gasLimit Initial gas limit. * @param _unsafeBlockSigner Initial unsafe block signer address. * @param _config Initial resource config. * @param _validatorRewardScalar Initial validator reward scalar. */ constructor( address _owner, uint256 _overhead, uint256 _scalar, bytes32 _batcherHash, uint64 _gasLimit, address _unsafeBlockSigner, ResourceMetering.ResourceConfig memory _config, uint256 _validatorRewardScalar ) Semver(1, 0, 0) { initialize( _owner, _overhead, _scalar, _batcherHash, _gasLimit, _unsafeBlockSigner, _config, _validatorRewardScalar ); } /** * @notice Initializer. The resource config must be set before the * require check. * * @param _owner Initial owner of the contract. * @param _overhead Initial overhead value. * @param _scalar Initial scalar value. * @param _batcherHash Initial batcher hash. * @param _gasLimit Initial gas limit. * @param _unsafeBlockSigner Initial unsafe block signer address. * @param _config Initial ResourceConfig. * @param _validatorRewardScalar Initial validator reward scalar. */ function initialize( address _owner, uint256 _overhead, uint256 _scalar, bytes32 _batcherHash, uint64 _gasLimit, address _unsafeBlockSigner, ResourceMetering.ResourceConfig memory _config, uint256 _validatorRewardScalar ) public initializer { __Ownable_init(); transferOwnership(_owner); overhead = _overhead; scalar = _scalar; batcherHash = _batcherHash; gasLimit = _gasLimit; _setUnsafeBlockSigner(_unsafeBlockSigner); _setResourceConfig(_config); require(_gasLimit >= minimumGasLimit(), "SystemConfig: gas limit too low"); validatorRewardScalar = _validatorRewardScalar; } /** * @notice Returns the minimum L2 gas limit that can be safely set for the system to * operate. The L2 gas limit must be larger than or equal to the amount of * gas that is allocated for deposits per block plus the amount of gas that * is allocated for the system transaction. * This function is used to determine if changes to parameters are safe. * * @return uint64 */ function minimumGasLimit() public view returns (uint64) { return uint64(_resourceConfig.maxResourceLimit) + uint64(_resourceConfig.systemTxMaxGas); } /** * @notice High level getter for the unsafe block signer address. Unsafe blocks can be * propagated across the p2p network if they are signed by the key corresponding to * this address. * * @return Address of the unsafe block signer. */ // solhint-disable-next-line ordering function unsafeBlockSigner() external view returns (address) { address addr; bytes32 slot = UNSAFE_BLOCK_SIGNER_SLOT; assembly { addr := sload(slot) } return addr; } /** * @notice Updates the unsafe block signer address. * * @param _unsafeBlockSigner New unsafe block signer address. */ function setUnsafeBlockSigner(address _unsafeBlockSigner) external onlyOwner { _setUnsafeBlockSigner(_unsafeBlockSigner); bytes memory data = abi.encode(_unsafeBlockSigner); emit ConfigUpdate(VERSION, UpdateType.UNSAFE_BLOCK_SIGNER, data); } /** * @notice Updates the batcher hash. * * @param _batcherHash New batcher hash. */ function setBatcherHash(bytes32 _batcherHash) external onlyOwner { batcherHash = _batcherHash; bytes memory data = abi.encode(_batcherHash); emit ConfigUpdate(VERSION, UpdateType.BATCHER, data); } /** * @notice Updates gas config. * * @param _overhead New overhead value. * @param _scalar New scalar value. */ function setGasConfig(uint256 _overhead, uint256 _scalar) external onlyOwner { overhead = _overhead; scalar = _scalar; bytes memory data = abi.encode(_overhead, _scalar); emit ConfigUpdate(VERSION, UpdateType.GAS_CONFIG, data); } /** * @notice Updates the L2 gas limit. * * @param _gasLimit New gas limit. */ function setGasLimit(uint64 _gasLimit) external onlyOwner { require(_gasLimit >= minimumGasLimit(), "SystemConfig: gas limit too low"); gasLimit = _gasLimit; bytes memory data = abi.encode(_gasLimit); emit ConfigUpdate(VERSION, UpdateType.GAS_LIMIT, data); } /** * @notice Low level setter for the unsafe block signer address. This function exists to * deduplicate code around storing the unsafeBlockSigner address in storage. * * @param _unsafeBlockSigner New unsafeBlockSigner value. */ function _setUnsafeBlockSigner(address _unsafeBlockSigner) internal { bytes32 slot = UNSAFE_BLOCK_SIGNER_SLOT; assembly { sstore(slot, _unsafeBlockSigner) } } /** * @notice A getter for the resource config. Ensures that the struct is * returned instead of a tuple. * * @return ResourceConfig */ function resourceConfig() external view returns (ResourceMetering.ResourceConfig memory) { return _resourceConfig; } /** * @notice An external setter for the resource config. In the future, this * method may emit an event that the `kroma-node` picks up for when the * resource config is changed. * * @param _config The new resource config values. */ function setResourceConfig(ResourceMetering.ResourceConfig memory _config) external onlyOwner { _setResourceConfig(_config); } /** * @notice An internal setter for the resource config. Ensures that the * config is sane before storing it by checking for invariants. * * @param _config The new resource config. */ function _setResourceConfig(ResourceMetering.ResourceConfig memory _config) internal { // Min base fee must be less than or equal to max base fee. require( _config.minimumBaseFee <= _config.maximumBaseFee, "SystemConfig: min base fee must be less than max base" ); // Base fee change denominator must be greater than 1. require( _config.baseFeeMaxChangeDenominator > 1, "SystemConfig: denominator must be larger than 1" ); // Max resource limit plus system tx gas must be less than or equal to the L2 gas limit. // The gas limit must be increased before these values can be increased. require( _config.maxResourceLimit + _config.systemTxMaxGas <= gasLimit, "SystemConfig: gas limit too low" ); // Elasticity multiplier must be greater than 0. require( _config.elasticityMultiplier > 0, "SystemConfig: elasticity multiplier cannot be 0" ); // No precision loss when computing target resource limit. require( ((_config.maxResourceLimit / _config.elasticityMultiplier) * _config.elasticityMultiplier) == _config.maxResourceLimit, "SystemConfig: precision loss with target resource limit" ); _resourceConfig = _config; } /** * @notice Updates the validator reward scalar. * * @param _validatorRewardScalar New validator reward scalar. */ function setValidatorRewardScalar(uint256 _validatorRewardScalar) external onlyOwner { require( _validatorRewardScalar <= Constants.VALIDATOR_REWARD_DENOMINATOR, "SystemConfig: the max value of validator reward scalar has been exceeded" ); validatorRewardScalar = _validatorRewardScalar; bytes memory data = abi.encode(_validatorRewardScalar); emit ConfigUpdate(VERSION, UpdateType.VALIDATOR_REWARD_SCALAR, data); } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { Bytes } from "../libraries/Bytes.sol"; import { NodeReader } from "../libraries/NodeReader.sol"; import { IZKMerkleTrie } from "./IZKMerkleTrie.sol"; import { ZKTrieHasher } from "./ZKTrieHasher.sol"; /** * @custom:proxied * @title ZKMerkleTrie * @notice The ZKMerkleTrie is contract which can produce a hash according to ZKTrie. * This owns an interface of Poseidon2 that is required to compute hash used by ZKTrie. */ contract ZKMerkleTrie is IZKMerkleTrie, ZKTrieHasher { /** * @notice Struct representing a node in the trie. */ struct TrieNode { bytes encoded; NodeReader.Node decoded; } /** * @notice Magic hash which indicates * See https://github.com/kroma-network/zktrie/blob/main/trie/zk_trie_proof.go. */ bytes32 private constant MAGIC_SMT_BYTES_HASH = keccak256( hex"5448495320495320534f4d45204d4147494320425954455320464f5220534d54206d3172525867503278704449" ); /** * @param _poseidon2 The address of poseidon2 contract. */ constructor(address _poseidon2) ZKTrieHasher(_poseidon2) {} /** * @notice Checks if a given bytes is MAGIC_SMT_BYTES_HASH. * * @param _value Bytes to be compared. */ function isMagicSmtBytesHash(bytes memory _value) private pure returns (bool) { return keccak256(_value) == MAGIC_SMT_BYTES_HASH; } /** * @inheritdoc IZKMerkleTrie */ function verifyInclusionProof( bytes32 _key, bytes memory _value, bytes[] memory _proofs, bytes32 _root ) external view returns (bool) { (bool exists, bytes memory value) = this.get(_key, _proofs, _root); return (exists && Bytes.equal(_value, value)); } /** * @notice Retrieves the value associated with a given key. * * @param _key Key to search for, as hex bytes. * @param _proofs Merkle trie inclusion proof for the key. * @param _root Known root of the Merkle trie. * * @return Whether or not the key exists. * @return Value of the key if it exists. */ function get( bytes32 _key, bytes[] memory _proofs, bytes32 _root ) external view returns (bool, bytes memory) { require(_proofs.length >= 2, "ZKMerkleTrie: provided proof is too short"); require( isMagicSmtBytesHash(_proofs[_proofs.length - 1]), "ZKMerkleTrie: the last item is not magic hash" ); bytes32 key = _hashElem(_key); TrieNode[] memory nodes = _parseProofs(_proofs); NodeReader.Node memory currentNode; bytes32 computedKey = bytes32(0); bool exists = false; bool empty = false; bytes memory value = bytes(""); for (uint256 i = nodes.length - 2; i >= 0; ) { currentNode = nodes[i].decoded; if (currentNode.nodeType == NodeReader.NodeType.MIDDLE) { bool isLeft = _isLeft(key, i); if (isLeft) { require(computedKey == currentNode.childL, "ZKMerkleTrie: invalid key L"); } else { require(computedKey == currentNode.childR, "ZKMerkleTrie: invalid key R"); } computedKey = _hashFixed2Elems( currentNode.childL, currentNode.childR ); } else if (currentNode.nodeType == NodeReader.NodeType.LEAF) { require(!exists && !empty, "ZKMerkleTrie: duplicated terminal node"); exists = currentNode.nodeKey == key; if (!exists) { break; } computedKey = _hashFixed3Elems( bytes32(uint256(1)), currentNode.nodeKey, _valueHash(currentNode.compressedFlags, currentNode.valuePreimage) ); bytes32[] memory valuePreimage = currentNode.valuePreimage; uint256 len = valuePreimage.length; assembly { value := valuePreimage mstore(value, mul(len, 32)) } if (currentNode.keyPreimage != bytes32(0)) { // NOTE(chokobole): The comparison order is important, because in this setting, // first condition is mostly evaluted to be true. When we're sure about // database preimage, then we need to enable just one of check below! require( currentNode.keyPreimage == _key || currentNode.keyPreimage == key, "ZKMerkleTrie: invalid key preimage" ); } } else if (currentNode.nodeType == NodeReader.NodeType.EMPTY) { require(!exists && !empty, "ZKMerkleTrie: duplicated terminal node"); empty = true; } if (i == 0) { require(computedKey == _root, "ZKMerkeTrie: invalid root"); break; } unchecked { --i; } } return (exists, value); } /** * @notice Parses an array of proof elements into a new array that contains both the original * encoded element and the decoded element. * * @param _proofs Array of proof elements to parse. * * @return TrieNode parsed into easily accessible structs. */ function _parseProofs(bytes[] memory _proofs) private pure returns (TrieNode[] memory) { uint256 length = _proofs.length; TrieNode[] memory nodes = new TrieNode[](length); // NOTE(chokobole): Last proof is MAGIC_SMT_BYTES_HASH! for (uint256 i = 0; i < length - 1; ) { NodeReader.Node memory node = NodeReader.readNode(_proofs[i]); nodes[i] = TrieNode({ encoded: _proofs[i], decoded: node }); unchecked { ++i; } } return nodes; } /** * @notice Computes merkle path at index n based on a given keyPreimage. * * @param _keyPreimage Keypreimage. * @param _n Bit to mask. * * @return Whether merkle path is left or not. */ function _isLeft(bytes32 _keyPreimage, uint256 _n) private pure returns (bool) { require(_n < 256, "ZKMerkleTrie: too long depth"); return _keyPreimage & bytes32(1 << _n) == 0; } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.8.0) (utils/math/SignedMath.sol) pragma solidity ^0.8.0; /** * @dev Standard signed math utilities missing in the Solidity language. */ library SignedMathUpgradeable { /** * @dev Returns the largest of two signed numbers. */ function max(int256 a, int256 b) internal pure returns (int256) { return a > b ? a : b; } /** * @dev Returns the smallest of two signed numbers. */ function min(int256 a, int256 b) internal pure returns (int256) { return a < b ? a : b; } /** * @dev Returns the average of two signed numbers without overflow. * The result is rounded towards zero. */ function average(int256 a, int256 b) internal pure returns (int256) { // Formula from the book "Hacker's Delight" int256 x = (a & b) + ((a ^ b) >> 1); return x + (int256(uint256(x) >> 255) & (a ^ b)); } /** * @dev Returns the absolute unsigned value of a signed value. */ function abs(int256 n) internal pure returns (uint256) { unchecked { // must be unchecked in order to support `n = type(int256).min` return uint256(n >= 0 ? n : -n); } } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts v4.4.1 (access/IAccessControl.sol) pragma solidity ^0.8.0; /** * @dev External interface of AccessControl declared to support ERC165 detection. */ interface IAccessControlUpgradeable { /** * @dev Emitted when `newAdminRole` is set as ``role``'s admin role, replacing `previousAdminRole` * * `DEFAULT_ADMIN_ROLE` is the starting admin for all roles, despite * {RoleAdminChanged} not being emitted signaling this. * * _Available since v3.1._ */ event RoleAdminChanged(bytes32 indexed role, bytes32 indexed previousAdminRole, bytes32 indexed newAdminRole); /** * @dev Emitted when `account` is granted `role`. * * `sender` is the account that originated the contract call, an admin role * bearer except when using {AccessControl-_setupRole}. */ event RoleGranted(bytes32 indexed role, address indexed account, address indexed sender); /** * @dev Emitted when `account` is revoked `role`. * * `sender` is the account that originated the contract call: * - if using `revokeRole`, it is the admin role bearer * - if using `renounceRole`, it is the role bearer (i.e. `account`) */ event RoleRevoked(bytes32 indexed role, address indexed account, address indexed sender); /** * @dev Returns `true` if `account` has been granted `role`. */ function hasRole(bytes32 role, address account) external view returns (bool); /** * @dev Returns the admin role that controls `role`. See {grantRole} and * {revokeRole}. * * To change a role's admin, use {AccessControl-_setRoleAdmin}. */ function getRoleAdmin(bytes32 role) external view returns (bytes32); /** * @dev Grants `role` to `account`. * * If `account` had not been already granted `role`, emits a {RoleGranted} * event. * * Requirements: * * - the caller must have ``role``'s admin role. */ function grantRole(bytes32 role, address account) external; /** * @dev Revokes `role` from `account`. * * If `account` had been granted `role`, emits a {RoleRevoked} event. * * Requirements: * * - the caller must have ``role``'s admin role. */ function revokeRole(bytes32 role, address account) external; /** * @dev Revokes `role` from the calling account. * * Roles are often managed via {grantRole} and {revokeRole}: this function's * purpose is to provide a mechanism for accounts to lose their privileges * if they are compromised (such as when a trusted device is misplaced). * * If the calling account had been granted `role`, emits a {RoleRevoked} * event. * * Requirements: * * - the caller must be `account`. */ function renounceRole(bytes32 role, address account) external; }
// SPDX-License-Identifier: MIT pragma solidity >=0.8.0; /// @notice Arithmetic library with operations for fixed-point numbers. /// @author Solmate (https://github.com/Rari-Capital/solmate/blob/main/src/utils/FixedPointMathLib.sol) library FixedPointMathLib { /*////////////////////////////////////////////////////////////// SIMPLIFIED FIXED POINT OPERATIONS //////////////////////////////////////////////////////////////*/ uint256 internal constant WAD = 1e18; // The scalar of ETH and most ERC20s. function mulWadDown(uint256 x, uint256 y) internal pure returns (uint256) { return mulDivDown(x, y, WAD); // Equivalent to (x * y) / WAD rounded down. } function mulWadUp(uint256 x, uint256 y) internal pure returns (uint256) { return mulDivUp(x, y, WAD); // Equivalent to (x * y) / WAD rounded up. } function divWadDown(uint256 x, uint256 y) internal pure returns (uint256) { return mulDivDown(x, WAD, y); // Equivalent to (x * WAD) / y rounded down. } function divWadUp(uint256 x, uint256 y) internal pure returns (uint256) { return mulDivUp(x, WAD, y); // Equivalent to (x * WAD) / y rounded up. } function powWad(int256 x, int256 y) internal pure returns (int256) { // Equivalent to x to the power of y because x ** y = (e ** ln(x)) ** y = e ** (ln(x) * y) return expWad((lnWad(x) * y) / int256(WAD)); // Using ln(x) means x must be greater than 0. } function expWad(int256 x) internal pure returns (int256 r) { unchecked { // When the result is < 0.5 we return zero. This happens when // x <= floor(log(0.5e18) * 1e18) ~ -42e18 if (x <= -42139678854452767551) return 0; // When the result is > (2**255 - 1) / 1e18 we can not represent it as an // int. This happens when x >= floor(log((2**255 - 1) / 1e18) * 1e18) ~ 135. if (x >= 135305999368893231589) revert("EXP_OVERFLOW"); // x is now in the range (-42, 136) * 1e18. Convert to (-42, 136) * 2**96 // for more intermediate precision and a binary basis. This base conversion // is a multiplication by 1e18 / 2**96 = 5**18 / 2**78. x = (x << 78) / 5**18; // Reduce range of x to (-½ ln 2, ½ ln 2) * 2**96 by factoring out powers // of two such that exp(x) = exp(x') * 2**k, where k is an integer. // Solving this gives k = round(x / log(2)) and x' = x - k * log(2). int256 k = ((x << 96) / 54916777467707473351141471128 + 2**95) >> 96; x = x - k * 54916777467707473351141471128; // k is in the range [-61, 195]. // Evaluate using a (6, 7)-term rational approximation. // p is made monic, we'll multiply by a scale factor later. int256 y = x + 1346386616545796478920950773328; y = ((y * x) >> 96) + 57155421227552351082224309758442; int256 p = y + x - 94201549194550492254356042504812; p = ((p * y) >> 96) + 28719021644029726153956944680412240; p = p * x + (4385272521454847904659076985693276 << 96); // We leave p in 2**192 basis so we don't need to scale it back up for the division. int256 q = x - 2855989394907223263936484059900; q = ((q * x) >> 96) + 50020603652535783019961831881945; q = ((q * x) >> 96) - 533845033583426703283633433725380; q = ((q * x) >> 96) + 3604857256930695427073651918091429; q = ((q * x) >> 96) - 14423608567350463180887372962807573; q = ((q * x) >> 96) + 26449188498355588339934803723976023; assembly { // Div in assembly because solidity adds a zero check despite the unchecked. // The q polynomial won't have zeros in the domain as all its roots are complex. // No scaling is necessary because p is already 2**96 too large. r := sdiv(p, q) } // r should be in the range (0.09, 0.25) * 2**96. // We now need to multiply r by: // * the scale factor s = ~6.031367120. // * the 2**k factor from the range reduction. // * the 1e18 / 2**96 factor for base conversion. // We do this all at once, with an intermediate result in 2**213 // basis, so the final right shift is always by a positive amount. r = int256((uint256(r) * 3822833074963236453042738258902158003155416615667) >> uint256(195 - k)); } } function lnWad(int256 x) internal pure returns (int256 r) { unchecked { require(x > 0, "UNDEFINED"); // We want to convert x from 10**18 fixed point to 2**96 fixed point. // We do this by multiplying by 2**96 / 10**18. But since // ln(x * C) = ln(x) + ln(C), we can simply do nothing here // and add ln(2**96 / 10**18) at the end. // Reduce range of x to (1, 2) * 2**96 // ln(2^k * x) = k * ln(2) + ln(x) int256 k = int256(log2(uint256(x))) - 96; x <<= uint256(159 - k); x = int256(uint256(x) >> 159); // Evaluate using a (8, 8)-term rational approximation. // p is made monic, we will multiply by a scale factor later. int256 p = x + 3273285459638523848632254066296; p = ((p * x) >> 96) + 24828157081833163892658089445524; p = ((p * x) >> 96) + 43456485725739037958740375743393; p = ((p * x) >> 96) - 11111509109440967052023855526967; p = ((p * x) >> 96) - 45023709667254063763336534515857; p = ((p * x) >> 96) - 14706773417378608786704636184526; p = p * x - (795164235651350426258249787498 << 96); // We leave p in 2**192 basis so we don't need to scale it back up for the division. // q is monic by convention. int256 q = x + 5573035233440673466300451813936; q = ((q * x) >> 96) + 71694874799317883764090561454958; q = ((q * x) >> 96) + 283447036172924575727196451306956; q = ((q * x) >> 96) + 401686690394027663651624208769553; q = ((q * x) >> 96) + 204048457590392012362485061816622; q = ((q * x) >> 96) + 31853899698501571402653359427138; q = ((q * x) >> 96) + 909429971244387300277376558375; assembly { // Div in assembly because solidity adds a zero check despite the unchecked. // The q polynomial is known not to have zeros in the domain. // No scaling required because p is already 2**96 too large. r := sdiv(p, q) } // r is in the range (0, 0.125) * 2**96 // Finalization, we need to: // * multiply by the scale factor s = 5.549… // * add ln(2**96 / 10**18) // * add k * ln(2) // * multiply by 10**18 / 2**96 = 5**18 >> 78 // mul s * 5e18 * 2**96, base is now 5**18 * 2**192 r *= 1677202110996718588342820967067443963516166; // add ln(2) * k * 5e18 * 2**192 r += 16597577552685614221487285958193947469193820559219878177908093499208371 * k; // add ln(2**96 / 10**18) * 5e18 * 2**192 r += 600920179829731861736702779321621459595472258049074101567377883020018308; // base conversion: mul 2**18 / 2**192 r >>= 174; } } /*////////////////////////////////////////////////////////////// LOW LEVEL FIXED POINT OPERATIONS //////////////////////////////////////////////////////////////*/ function mulDivDown( uint256 x, uint256 y, uint256 denominator ) internal pure returns (uint256 z) { assembly { // Store x * y in z for now. z := mul(x, y) // Equivalent to require(denominator != 0 && (x == 0 || (x * y) / x == y)) if iszero(and(iszero(iszero(denominator)), or(iszero(x), eq(div(z, x), y)))) { revert(0, 0) } // Divide z by the denominator. z := div(z, denominator) } } function mulDivUp( uint256 x, uint256 y, uint256 denominator ) internal pure returns (uint256 z) { assembly { // Store x * y in z for now. z := mul(x, y) // Equivalent to require(denominator != 0 && (x == 0 || (x * y) / x == y)) if iszero(and(iszero(iszero(denominator)), or(iszero(x), eq(div(z, x), y)))) { revert(0, 0) } // First, divide z - 1 by the denominator and add 1. // We allow z - 1 to underflow if z is 0, because we multiply the // end result by 0 if z is zero, ensuring we return 0 if z is zero. z := mul(iszero(iszero(z)), add(div(sub(z, 1), denominator), 1)) } } function rpow( uint256 x, uint256 n, uint256 scalar ) internal pure returns (uint256 z) { assembly { switch x case 0 { switch n case 0 { // 0 ** 0 = 1 z := scalar } default { // 0 ** n = 0 z := 0 } } default { switch mod(n, 2) case 0 { // If n is even, store scalar in z for now. z := scalar } default { // If n is odd, store x in z for now. z := x } // Shifting right by 1 is like dividing by 2. let half := shr(1, scalar) for { // Shift n right by 1 before looping to halve it. n := shr(1, n) } n { // Shift n right by 1 each iteration to halve it. n := shr(1, n) } { // Revert immediately if x ** 2 would overflow. // Equivalent to iszero(eq(div(xx, x), x)) here. if shr(128, x) { revert(0, 0) } // Store x squared. let xx := mul(x, x) // Round to the nearest number. let xxRound := add(xx, half) // Revert if xx + half overflowed. if lt(xxRound, xx) { revert(0, 0) } // Set x to scaled xxRound. x := div(xxRound, scalar) // If n is even: if mod(n, 2) { // Compute z * x. let zx := mul(z, x) // If z * x overflowed: if iszero(eq(div(zx, x), z)) { // Revert if x is non-zero. if iszero(iszero(x)) { revert(0, 0) } } // Round to the nearest number. let zxRound := add(zx, half) // Revert if zx + half overflowed. if lt(zxRound, zx) { revert(0, 0) } // Return properly scaled zxRound. z := div(zxRound, scalar) } } } } } /*////////////////////////////////////////////////////////////// GENERAL NUMBER UTILITIES //////////////////////////////////////////////////////////////*/ function sqrt(uint256 x) internal pure returns (uint256 z) { assembly { let y := x // We start y at x, which will help us make our initial estimate. z := 181 // The "correct" value is 1, but this saves a multiplication later. // This segment is to get a reasonable initial estimate for the Babylonian method. With a bad // start, the correct # of bits increases ~linearly each iteration instead of ~quadratically. // We check y >= 2^(k + 8) but shift right by k bits // each branch to ensure that if x >= 256, then y >= 256. if iszero(lt(y, 0x10000000000000000000000000000000000)) { y := shr(128, y) z := shl(64, z) } if iszero(lt(y, 0x1000000000000000000)) { y := shr(64, y) z := shl(32, z) } if iszero(lt(y, 0x10000000000)) { y := shr(32, y) z := shl(16, z) } if iszero(lt(y, 0x1000000)) { y := shr(16, y) z := shl(8, z) } // Goal was to get z*z*y within a small factor of x. More iterations could // get y in a tighter range. Currently, we will have y in [256, 256*2^16). // We ensured y >= 256 so that the relative difference between y and y+1 is small. // That's not possible if x < 256 but we can just verify those cases exhaustively. // Now, z*z*y <= x < z*z*(y+1), and y <= 2^(16+8), and either y >= 256, or x < 256. // Correctness can be checked exhaustively for x < 256, so we assume y >= 256. // Then z*sqrt(y) is within sqrt(257)/sqrt(256) of sqrt(x), or about 20bps. // For s in the range [1/256, 256], the estimate f(s) = (181/1024) * (s+1) is in the range // (1/2.84 * sqrt(s), 2.84 * sqrt(s)), with largest error when s = 1 and when s = 256 or 1/256. // Since y is in [256, 256*2^16), let a = y/65536, so that a is in [1/256, 256). Then we can estimate // sqrt(y) using sqrt(65536) * 181/1024 * (a + 1) = 181/4 * (y + 65536)/65536 = 181 * (y + 65536)/2^18. // There is no overflow risk here since y < 2^136 after the first branch above. z := shr(18, mul(z, add(y, 65536))) // A mul() is saved from starting z at 181. // Given the worst case multiplicative error of 2.84 above, 7 iterations should be enough. z := shr(1, add(z, div(x, z))) z := shr(1, add(z, div(x, z))) z := shr(1, add(z, div(x, z))) z := shr(1, add(z, div(x, z))) z := shr(1, add(z, div(x, z))) z := shr(1, add(z, div(x, z))) z := shr(1, add(z, div(x, z))) // If x+1 is a perfect square, the Babylonian method cycles between // floor(sqrt(x)) and ceil(sqrt(x)). This statement ensures we return floor. // See: https://en.wikipedia.org/wiki/Integer_square_root#Using_only_integer_division // Since the ceil is rare, we save gas on the assignment and repeat division in the rare case. // If you don't care whether the floor or ceil square root is returned, you can remove this statement. z := sub(z, lt(div(x, z), z)) } } function log2(uint256 x) internal pure returns (uint256 r) { require(x > 0, "UNDEFINED"); assembly { r := shl(7, lt(0xffffffffffffffffffffffffffffffff, x)) r := or(r, shl(6, lt(0xffffffffffffffff, shr(r, x)))) r := or(r, shl(5, lt(0xffffffff, shr(r, x)))) r := or(r, shl(4, lt(0xffff, shr(r, x)))) r := or(r, shl(3, lt(0xff, shr(r, x)))) r := or(r, shl(2, lt(0xf, shr(r, x)))) r := or(r, shl(1, lt(0x3, shr(r, x)))) r := or(r, lt(0x1, shr(r, x))) } } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { Address } from "@openzeppelin/contracts/utils/Address.sol"; import { ERC165Checker } from "@openzeppelin/contracts/utils/introspection/ERC165Checker.sol"; import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol"; import { SafeERC20 } from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol"; import { SafeCall } from "../libraries/SafeCall.sol"; import { CrossDomainMessenger } from "./CrossDomainMessenger.sol"; import { IKromaMintableERC20 } from "./IKromaMintableERC20.sol"; import { KromaMintableERC20 } from "./KromaMintableERC20.sol"; /** * @custom:upgradeable * @title StandardBridge * @notice StandardBridge is a base contract for the L1 and L2 standard ERC20 bridges. It handles * the core bridging logic, including escrowing tokens that are native to the local chain * and minting/burning tokens that are native to the remote chain. */ abstract contract StandardBridge { using SafeERC20 for IERC20; /** * @notice The L2 gas limit set when eth is depoisited using the receive() function. */ uint32 internal constant RECEIVE_DEFAULT_GAS_LIMIT = 200_000; /** * @notice Messenger contract on this domain. */ CrossDomainMessenger public immutable MESSENGER; /** * @notice Corresponding bridge on the other domain. */ StandardBridge public immutable OTHER_BRIDGE; /** * @notice Mapping that stores deposits for a given pair of local and remote tokens. */ mapping(address => mapping(address => uint256)) public deposits; /** * @notice Reserve extra slots (to a total of 50) in the storage layout for future upgrades. * A gap size of 49 was chosen here, so that the first slot used in a child contract * would be a multiple of 50. */ uint256[49] private __gap; /** * @notice Emitted when an ETH bridge is initiated to the other chain. * * @param from Address of the sender. * @param to Address of the receiver. * @param amount Amount of ETH sent. * @param extraData Extra data sent with the transaction. */ event ETHBridgeInitiated( address indexed from, address indexed to, uint256 amount, bytes extraData ); /** * @notice Emitted when an ETH bridge is finalized on this chain. * * @param from Address of the sender. * @param to Address of the receiver. * @param amount Amount of ETH sent. * @param extraData Extra data sent with the transaction. */ event ETHBridgeFinalized( address indexed from, address indexed to, uint256 amount, bytes extraData ); /** * @notice Emitted when an ERC20 bridge is initiated to the other chain. * * @param localToken Address of the ERC20 on this chain. * @param remoteToken Address of the ERC20 on the remote chain. * @param from Address of the sender. * @param to Address of the receiver. * @param amount Amount of the ERC20 sent. * @param extraData Extra data sent with the transaction. */ event ERC20BridgeInitiated( address indexed localToken, address indexed remoteToken, address indexed from, address to, uint256 amount, bytes extraData ); /** * @notice Emitted when an ERC20 bridge is finalized on this chain. * * @param localToken Address of the ERC20 on this chain. * @param remoteToken Address of the ERC20 on the remote chain. * @param from Address of the sender. * @param to Address of the receiver. * @param amount Amount of the ERC20 sent. * @param extraData Extra data sent with the transaction. */ event ERC20BridgeFinalized( address indexed localToken, address indexed remoteToken, address indexed from, address to, uint256 amount, bytes extraData ); /** * @notice Only allow EOAs to call the functions. Note that this is not safe against contracts * calling code within their constructors, but also doesn't really matter since we're * just trying to prevent users accidentally depositing with smart contract wallets. */ modifier onlyEOA() { require( !Address.isContract(msg.sender), "StandardBridge: function can only be called from an EOA" ); _; } /** * @notice Ensures that the caller is a cross-chain message from the other bridge. */ modifier onlyOtherBridge() { require( msg.sender == address(MESSENGER) && MESSENGER.xDomainMessageSender() == address(OTHER_BRIDGE), "StandardBridge: function can only be called from the other bridge" ); _; } /** * @param _messenger Address of CrossDomainMessenger on this network. * @param _otherBridge Address of the other StandardBridge contract. */ constructor(address payable _messenger, address payable _otherBridge) { MESSENGER = CrossDomainMessenger(_messenger); OTHER_BRIDGE = StandardBridge(_otherBridge); } /** * @notice Allows EOAs to bridge ETH by sending directly to the bridge. * Must be implemented by contracts that inherit. */ receive() external payable virtual; /** * @notice Sends ETH to the sender's address on the other chain. * * @param _minGasLimit Minimum amount of gas that the bridge can be relayed with. * @param _extraData Extra data to be sent with the transaction. Note that the recipient will * not be triggered with this data, but it will be emitted and can be used * to identify the transaction. */ function bridgeETH(uint32 _minGasLimit, bytes calldata _extraData) public payable onlyEOA { _initiateBridgeETH(msg.sender, msg.sender, msg.value, _minGasLimit, _extraData); } /** * @notice Sends ETH to a receiver's address on the other chain. Note that if ETH is sent to a * smart contract and the call fails, the ETH will be temporarily locked in the * StandardBridge on the other chain until the call is replayed. If the call cannot be * replayed with any amount of gas (call always reverts), then the ETH will be * permanently locked in the StandardBridge on the other chain. ETH will also * be locked if the receiver is the other bridge, because finalizeBridgeETH will revert * in that case. * * @param _to Address of the receiver. * @param _minGasLimit Minimum amount of gas that the bridge can be relayed with. * @param _extraData Extra data to be sent with the transaction. Note that the recipient will * not be triggered with this data, but it will be emitted and can be used * to identify the transaction. */ function bridgeETHTo( address _to, uint32 _minGasLimit, bytes calldata _extraData ) public payable { _initiateBridgeETH(msg.sender, _to, msg.value, _minGasLimit, _extraData); } /** * @notice Sends ERC20 tokens to the sender's address on the other chain. Note that if the * ERC20 token on the other chain does not recognize the local token as the correct * pair token, the ERC20 bridge will fail and the tokens will be returned to sender on * this chain. * * @param _localToken Address of the ERC20 on this chain. * @param _remoteToken Address of the corresponding token on the remote chain. * @param _amount Amount of local tokens to deposit. * @param _minGasLimit Minimum amount of gas that the bridge can be relayed with. * @param _extraData Extra data to be sent with the transaction. Note that the recipient will * not be triggered with this data, but it will be emitted and can be used * to identify the transaction. */ function bridgeERC20( address _localToken, address _remoteToken, uint256 _amount, uint32 _minGasLimit, bytes calldata _extraData ) public onlyEOA { _initiateBridgeERC20( _localToken, _remoteToken, msg.sender, msg.sender, _amount, _minGasLimit, _extraData ); } /** * @notice Sends ERC20 tokens to a receiver's address on the other chain. Note that if the * ERC20 token on the other chain does not recognize the local token as the correct * pair token, the ERC20 bridge will fail and the tokens will be returned to sender on * this chain. * * @param _localToken Address of the ERC20 on this chain. * @param _remoteToken Address of the corresponding token on the remote chain. * @param _to Address of the receiver. * @param _amount Amount of local tokens to deposit. * @param _minGasLimit Minimum amount of gas that the bridge can be relayed with. * @param _extraData Extra data to be sent with the transaction. Note that the recipient will * not be triggered with this data, but it will be emitted and can be used * to identify the transaction. */ function bridgeERC20To( address _localToken, address _remoteToken, address _to, uint256 _amount, uint32 _minGasLimit, bytes calldata _extraData ) public { _initiateBridgeERC20( _localToken, _remoteToken, msg.sender, _to, _amount, _minGasLimit, _extraData ); } /** * @notice Finalizes an ETH bridge on this chain. Can only be triggered by the other * StandardBridge contract on the remote chain. * * @param _from Address of the sender. * @param _to Address of the receiver. * @param _amount Amount of ETH being bridged. * @param _extraData Extra data to be sent with the transaction. Note that the recipient will * not be triggered with this data, but it will be emitted and can be used * to identify the transaction. */ function finalizeBridgeETH( address _from, address _to, uint256 _amount, bytes calldata _extraData ) public payable onlyOtherBridge { require(msg.value == _amount, "StandardBridge: amount sent does not match amount required"); require(_to != address(this), "StandardBridge: cannot send to self"); require(_to != address(MESSENGER), "StandardBridge: cannot send to messenger"); emit ETHBridgeFinalized(_from, _to, _amount, _extraData); bool success = SafeCall.call(_to, gasleft(), _amount, hex""); require(success, "StandardBridge: ETH transfer failed"); } /** * @notice Finalizes an ERC20 bridge on this chain. Can only be triggered by the other * StandardBridge contract on the remote chain. * * @param _localToken Address of the ERC20 on this chain. * @param _remoteToken Address of the corresponding token on the remote chain. * @param _from Address of the sender. * @param _to Address of the receiver. * @param _amount Amount of the ERC20 being bridged. * @param _extraData Extra data to be sent with the transaction. Note that the recipient will * not be triggered with this data, but it will be emitted and can be used * to identify the transaction. */ function finalizeBridgeERC20( address _localToken, address _remoteToken, address _from, address _to, uint256 _amount, bytes calldata _extraData ) public onlyOtherBridge { if (_isKromaMintableERC20(_localToken)) { require( _isCorrectTokenPair(_localToken, _remoteToken), "StandardBridge: wrong remote token for Kroma Mintable ERC20 local token" ); KromaMintableERC20(_localToken).mint(_to, _amount); } else { deposits[_localToken][_remoteToken] = deposits[_localToken][_remoteToken] - _amount; IERC20(_localToken).safeTransfer(_to, _amount); } emit ERC20BridgeFinalized(_localToken, _remoteToken, _from, _to, _amount, _extraData); } /** * @notice Initiates a bridge of ETH through the CrossDomainMessenger. * * @param _from Address of the sender. * @param _to Address of the receiver. * @param _amount Amount of ETH being bridged. * @param _minGasLimit Minimum amount of gas that the bridge can be relayed with. * @param _extraData Extra data to be sent with the transaction. Note that the recipient will * not be triggered with this data, but it will be emitted and can be used * to identify the transaction. */ function _initiateBridgeETH( address _from, address _to, uint256 _amount, uint32 _minGasLimit, bytes memory _extraData ) internal { require( msg.value == _amount, "StandardBridge: bridging ETH must include sufficient ETH value" ); emit ETHBridgeInitiated(_from, _to, _amount, _extraData); MESSENGER.sendMessage{ value: _amount }( address(OTHER_BRIDGE), abi.encodeWithSelector( this.finalizeBridgeETH.selector, _from, _to, _amount, _extraData ), _minGasLimit ); } /** * @notice Sends ERC20 tokens to a receiver's address on the other chain. * * @param _localToken Address of the ERC20 on this chain. * @param _remoteToken Address of the corresponding token on the remote chain. * @param _to Address of the receiver. * @param _amount Amount of local tokens to deposit. * @param _minGasLimit Minimum amount of gas that the bridge can be relayed with. * @param _extraData Extra data to be sent with the transaction. Note that the recipient will * not be triggered with this data, but it will be emitted and can be used * to identify the transaction. */ function _initiateBridgeERC20( address _localToken, address _remoteToken, address _from, address _to, uint256 _amount, uint32 _minGasLimit, bytes memory _extraData ) internal { if (_isKromaMintableERC20(_localToken)) { require( _isCorrectTokenPair(_localToken, _remoteToken), "StandardBridge: wrong remote token for Kroma Mintable ERC20 local token" ); KromaMintableERC20(_localToken).burn(_from, _amount); } else { IERC20(_localToken).safeTransferFrom(_from, address(this), _amount); deposits[_localToken][_remoteToken] = deposits[_localToken][_remoteToken] + _amount; } emit ERC20BridgeInitiated(_localToken, _remoteToken, _from, _to, _amount, _extraData); MESSENGER.sendMessage( address(OTHER_BRIDGE), abi.encodeWithSelector( this.finalizeBridgeERC20.selector, // Because this call will be executed on the remote chain, we reverse the order of // the remote and local token addresses relative to their order in the // finalizeBridgeERC20 function. _remoteToken, _localToken, _from, _to, _amount, _extraData ), _minGasLimit ); } /** * @notice Checks if a given address is a KromaMintableERC20. Not perfect, but good enough. * Just the way we like it. * * @param _token Address of the token to check. * * @return True if the token is a KromaMintableERC20. */ function _isKromaMintableERC20(address _token) internal view returns (bool) { return ERC165Checker.supportsInterface(_token, type(IKromaMintableERC20).interfaceId); } /** * @notice Checks if the "other token" is the correct pair token for the KromaMintableERC20. * * @param _mintableToken KromaMintableERC20 to check against. * @param _otherToken Pair token to check. * * @return True if the other token is the correct pair token for the KromaMintableERC20. */ function _isCorrectTokenPair(address _mintableToken, address _otherToken) internal view returns (bool) { return _otherToken == KromaMintableERC20(_mintableToken).REMOTE_TOKEN(); } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.9.0) (access/Ownable.sol) pragma solidity ^0.8.0; import "../utils/ContextUpgradeable.sol"; import "../proxy/utils/Initializable.sol"; /** * @dev Contract module which provides a basic access control mechanism, where * there is an account (an owner) that can be granted exclusive access to * specific functions. * * By default, the owner account will be the one that deploys the contract. This * can later be changed with {transferOwnership}. * * This module is used through inheritance. It will make available the modifier * `onlyOwner`, which can be applied to your functions to restrict their use to * the owner. */ abstract contract OwnableUpgradeable is Initializable, ContextUpgradeable { address private _owner; event OwnershipTransferred(address indexed previousOwner, address indexed newOwner); /** * @dev Initializes the contract setting the deployer as the initial owner. */ function __Ownable_init() internal onlyInitializing { __Ownable_init_unchained(); } function __Ownable_init_unchained() internal onlyInitializing { _transferOwnership(_msgSender()); } /** * @dev Throws if called by any account other than the owner. */ modifier onlyOwner() { _checkOwner(); _; } /** * @dev Returns the address of the current owner. */ function owner() public view virtual returns (address) { return _owner; } /** * @dev Throws if the sender is not the owner. */ function _checkOwner() internal view virtual { require(owner() == _msgSender(), "Ownable: caller is not the owner"); } /** * @dev Leaves the contract without owner. It will not be possible to call * `onlyOwner` functions. Can only be called by the current owner. * * NOTE: Renouncing ownership will leave the contract without an owner, * thereby disabling any functionality that is only available to the owner. */ function renounceOwnership() public virtual onlyOwner { _transferOwnership(address(0)); } /** * @dev Transfers ownership of the contract to a new account (`newOwner`). * Can only be called by the current owner. */ function transferOwnership(address newOwner) public virtual onlyOwner { require(newOwner != address(0), "Ownable: new owner is the zero address"); _transferOwnership(newOwner); } /** * @dev Transfers ownership of the contract to a new account (`newOwner`). * Internal function without access restriction. */ function _transferOwnership(address newOwner) internal virtual { address oldOwner = _owner; _owner = newOwner; emit OwnershipTransferred(oldOwner, newOwner); } /** * @dev This empty reserved space is put in place to allow future versions to add new * variables without shifting down storage in the inheritance chain. * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps */ uint256[49] private __gap; }
// SPDX-License-Identifier: MIT pragma solidity ^0.8.0; /** * @title Bytes * @notice Bytes is a library for manipulating byte arrays. */ library Bytes { /** * @notice Compares two byte arrays by comparing their keccak256 hashes. * * @param _bytes First byte array to compare. * @param _other Second byte array to compare. * * @return True if the two byte arrays are equal, false otherwise. */ function equal(bytes memory _bytes, bytes memory _other) internal pure returns (bool) { return keccak256(_bytes) == keccak256(_other); } }
// SPDX-License-Identifier: MIT pragma solidity ^0.8.0; /** * @title NodeReader * @notice NodeReader is a library for reading ZKTrie Node. */ library NodeReader { /** * @notice Node types. * See https://github.com/kroma-network/zktrie/blob/main/types/README.md. * * @custom:value MIDDLE Represents a middle node. * @custom:value LEAF Represents a leaf node. * @custom:value EMPTY Represents a empty node. * @custom:value ROOT Represents a root node. */ enum NodeType { MIDDLE, LEAF, EMPTY, ROOT } /** * @notice Struct representing a Node. * See https://github.com/kroma-network/zktrie/blob/main/types/README.md. */ struct Node { NodeType nodeType; bytes32 childL; bytes32 childR; bytes32 nodeKey; bytes32[] valuePreimage; uint32 compressedFlags; bytes32 valueHash; bytes32 keyPreimage; } /** * @notice Struct representing an Item. */ struct Item { bytes ptr; uint256 len; } /** * @notice Converts bytes to Item. * * @param _bytes bytes to convert. * * @return Item referencing _bytes. */ function toItem(bytes memory _bytes) internal pure returns (Item memory) { bytes memory ptr; assembly { ptr := add(_bytes, 32) } return Item({ ptr: ptr, len: _bytes.length }); } /** * @notice Reads an Item into an uint8. * Internal ptr and length is updated automatically. * * @param _item Item to read. * * @return An uint8 value. */ function readUint8(Item memory _item) internal pure returns (uint8) { require(_item.len >= 1, "NodeReader: too short for uint8"); bytes memory newPtr; bytes memory ptr = _item.ptr; uint8 ret; assembly { ret := shr(248, mload(ptr)) newPtr := add(ptr, 1) } _item.ptr = newPtr; _item.len -= 1; return ret; } /** * @notice Reads an Item into compressed flags and length of values. * Internal ptr and length is updated automatically. * * @param _item Item to read. * * @return Compressed flags. * @return Length of values. */ function readCompressedFlags(Item memory _item) internal pure returns (uint32, uint8) { require(_item.len >= 4, "NodeReader: too short for uint32"); bytes memory newPtr; bytes memory ptr = _item.ptr; uint32 temp; uint8 flag; uint8 len; assembly { temp := mload(ptr) len := shr(248, temp) flag := shr(240, temp) newPtr := add(ptr, 4) } _item.ptr = newPtr; _item.len -= 4; return (flag, len); } /** * @notice Reads an Item into a bytes32. * Internal ptr and length is updated automatically. * * @param _item Item to read. * * @return A bytes32 value. */ function readBytes32(Item memory _item) internal pure returns (bytes32) { require(_item.len >= 32, "NodeReader: too short for bytes32"); bytes memory newPtr; bytes memory ptr = _item.ptr; bytes32 ret; assembly { ret := mload(ptr) newPtr := add(ptr, 32) } _item.ptr = newPtr; _item.len -= 32; return ret; } /** * @notice Reads an Item by n bytes into a bytes32. * Internal ptr and length is updated automatically. * * @param _item Item to read. * * @return A bytes32 value. */ function readBytesN(Item memory _item, uint256 _length) internal pure returns (bytes32) { require(_item.len >= _length, "NodeReader: too short for n bytes"); bytes memory newPtr; bytes memory ptr = _item.ptr; bytes32 ret; uint256 to = 256 - _length * 8; assembly { newPtr := add(ptr, _length) ret := shr(to, mload(ptr)) } _item.ptr = newPtr; _item.len -= _length; return ret; } /** * @notice Reads bytes into a Node. * * @param _proof Bytes to read. * * @return A decoded Node. */ function readNode(bytes memory _proof) internal pure returns (Node memory) { Node memory node; Item memory item = toItem(_proof); uint256 nodeType = readUint8(item); if (nodeType == uint256(NodeType.MIDDLE)) { // TODO(chokobole): Do the length check as much as possible at once and read the bytes. node.childL = readBytes32(item); node.childR = readBytes32(item); } else if (nodeType == uint256(NodeType.LEAF)) { // TODO(chokobole): Do the length check as much as possible at once and read the bytes. node.nodeKey = readBytes32(item); (uint32 compressedFlags, uint256 valuePreimageLen) = readCompressedFlags(item); require((compressedFlags == 1 && valuePreimageLen == 1) || (compressedFlags == 4 && valuePreimageLen == 4), "NodeReader: invalid compressedFlags"); node.compressedFlags = compressedFlags; node.valuePreimage = new bytes32[](valuePreimageLen); for (uint256 i = 0; i < valuePreimageLen; ) { node.valuePreimage[i] = readBytes32(item); unchecked { ++i; } } uint256 keyPreimageLen = readUint8(item); if (keyPreimageLen > 0) { node.keyPreimage = readBytesN(item, keyPreimageLen); } } else if (nodeType == uint256(NodeType.EMPTY)) { // Do nothing. } else if (nodeType == uint256(NodeType.ROOT)) { revert("NodeReader: unexpected root node type"); } else { revert("NodeReader: invalid node type"); } node.nodeType = NodeType(nodeType); return node; } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol"; import { Bytes32 } from "../libraries/Bytes32.sol"; /** * @title IPoseidon2 */ interface IPoseidon2 { function poseidon(bytes32[2] memory inputs) external pure returns (bytes32); } /** * @custom:proxied * @title ZKTrieHasher * @notice The ZKTrieHasher is contract which can produce a hash according to ZKTrie. * This owns an interface of Poseidon2 that is required to compute hash used by ZKTrie. */ contract ZKTrieHasher { /** * @notice Poseidon2 contract generated by circomlibjs. */ IPoseidon2 public immutable POSEIDON2; /** * @param _poseidon2 The address of poseidon2 contract. */ constructor(address _poseidon2) { POSEIDON2 = IPoseidon2(_poseidon2); } /** * @notice Computes a hash of values. * * @param _compressedFlags Compressed flags. * @param _values Values. * * @return A hash of values. */ function _valueHash(uint32 _compressedFlags, bytes32[] memory _values) internal view returns (bytes32) { require(_values.length >= 1, "ZKTrieHasher: too few values for _valueHash"); bytes32[] memory ret = new bytes32[](_values.length); for (uint256 i = 0; i < _values.length; ) { if ((_compressedFlags & (1 << i)) != 0) { ret[i] = _hashElem(_values[i]); } else { ret[i] = _values[i]; } unchecked { ++i; } } if (_values.length < 2) { return ret[0]; } return _hashElems(ret); } /** * @notice Computes a hash of an element. * * @param _elem Bytes32 to be hashed. * * @return A hash of an element. */ function _hashElem(bytes32 _elem) internal view returns (bytes32) { (bytes32 high, bytes32 low) = Bytes32.split(_elem); return POSEIDON2.poseidon([high, low]); } /** * @notice Computes a root hash of elements tree. * * @param _elems Bytes32 array to be hashed. * * @return A hash of elements tree. */ function _hashElems(bytes32[] memory _elems) internal view returns (bytes32) { require(_elems.length >= 4, "ZKTrieHasher: too few values for _hashElems"); IPoseidon2 iposeidon = POSEIDON2; uint256 idx; uint256 adjacent_idx; uint256 adjacent_offset = 1; uint256 jump = 2; uint256 length = _elems.length; for (; adjacent_offset < length;) { for (idx = 0; idx < length;) { unchecked { adjacent_idx = idx + adjacent_offset; } if (adjacent_idx < length) { _elems[idx] = iposeidon.poseidon( [_elems[idx], _elems[adjacent_idx]] ); } unchecked { idx += jump; } } adjacent_offset = jump; jump <<= 1; } return _elems[0]; } /** * @notice Computes a root hash of 2 elements. * * @param left_leaf Bytes32 left leaf to be hashed. * @param right_leaf Bytes32 right leaf to be hashed. * * @return A hash of 2 elements. */ function _hashFixed2Elems(bytes32 left_leaf, bytes32 right_leaf) internal view returns (bytes32) { return POSEIDON2.poseidon([left_leaf, right_leaf]); } /** * @notice Computes a root hash of 3 elements. * * @param left_leaf Bytes32 left leaf to be hashed. * @param right_leaf Bytes32 right leaf to be hashed. * @param up_leaf Bytes32 up leaf to be hashed with left||right hash. * * @return A hash of 3 elements. */ function _hashFixed3Elems(bytes32 left_leaf, bytes32 right_leaf, bytes32 up_leaf) internal view returns (bytes32) { IPoseidon2 iposeidon = POSEIDON2; left_leaf = iposeidon.poseidon([left_leaf, right_leaf]); return iposeidon.poseidon([left_leaf, up_leaf]); } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.9.0) (utils/introspection/ERC165Checker.sol) pragma solidity ^0.8.0; import "./IERC165.sol"; /** * @dev Library used to query support of an interface declared via {IERC165}. * * Note that these functions return the actual result of the query: they do not * `revert` if an interface is not supported. It is up to the caller to decide * what to do in these cases. */ library ERC165Checker { // As per the EIP-165 spec, no interface should ever match 0xffffffff bytes4 private constant _INTERFACE_ID_INVALID = 0xffffffff; /** * @dev Returns true if `account` supports the {IERC165} interface. */ function supportsERC165(address account) internal view returns (bool) { // Any contract that implements ERC165 must explicitly indicate support of // InterfaceId_ERC165 and explicitly indicate non-support of InterfaceId_Invalid return supportsERC165InterfaceUnchecked(account, type(IERC165).interfaceId) && !supportsERC165InterfaceUnchecked(account, _INTERFACE_ID_INVALID); } /** * @dev Returns true if `account` supports the interface defined by * `interfaceId`. Support for {IERC165} itself is queried automatically. * * See {IERC165-supportsInterface}. */ function supportsInterface(address account, bytes4 interfaceId) internal view returns (bool) { // query support of both ERC165 as per the spec and support of _interfaceId return supportsERC165(account) && supportsERC165InterfaceUnchecked(account, interfaceId); } /** * @dev Returns a boolean array where each value corresponds to the * interfaces passed in and whether they're supported or not. This allows * you to batch check interfaces for a contract where your expectation * is that some interfaces may not be supported. * * See {IERC165-supportsInterface}. * * _Available since v3.4._ */ function getSupportedInterfaces( address account, bytes4[] memory interfaceIds ) internal view returns (bool[] memory) { // an array of booleans corresponding to interfaceIds and whether they're supported or not bool[] memory interfaceIdsSupported = new bool[](interfaceIds.length); // query support of ERC165 itself if (supportsERC165(account)) { // query support of each interface in interfaceIds for (uint256 i = 0; i < interfaceIds.length; i++) { interfaceIdsSupported[i] = supportsERC165InterfaceUnchecked(account, interfaceIds[i]); } } return interfaceIdsSupported; } /** * @dev Returns true if `account` supports all the interfaces defined in * `interfaceIds`. Support for {IERC165} itself is queried automatically. * * Batch-querying can lead to gas savings by skipping repeated checks for * {IERC165} support. * * See {IERC165-supportsInterface}. */ function supportsAllInterfaces(address account, bytes4[] memory interfaceIds) internal view returns (bool) { // query support of ERC165 itself if (!supportsERC165(account)) { return false; } // query support of each interface in interfaceIds for (uint256 i = 0; i < interfaceIds.length; i++) { if (!supportsERC165InterfaceUnchecked(account, interfaceIds[i])) { return false; } } // all interfaces supported return true; } /** * @notice Query if a contract implements an interface, does not check ERC165 support * @param account The address of the contract to query for support of an interface * @param interfaceId The interface identifier, as specified in ERC-165 * @return true if the contract at account indicates support of the interface with * identifier interfaceId, false otherwise * @dev Assumes that account contains a contract that supports ERC165, otherwise * the behavior of this method is undefined. This precondition can be checked * with {supportsERC165}. * * Some precompiled contracts will falsely indicate support for a given interface, so caution * should be exercised when using this function. * * Interface identification is specified in ERC-165. */ function supportsERC165InterfaceUnchecked(address account, bytes4 interfaceId) internal view returns (bool) { // prepare call bytes memory encodedParams = abi.encodeWithSelector(IERC165.supportsInterface.selector, interfaceId); // perform static call bool success; uint256 returnSize; uint256 returnValue; assembly { success := staticcall(30000, account, add(encodedParams, 0x20), mload(encodedParams), 0x00, 0x20) returnSize := returndatasize() returnValue := mload(0x00) } return success && returnSize >= 0x20 && returnValue > 0; } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/IERC20.sol) pragma solidity ^0.8.0; /** * @dev Interface of the ERC20 standard as defined in the EIP. */ interface IERC20 { /** * @dev Emitted when `value` tokens are moved from one account (`from`) to * another (`to`). * * Note that `value` may be zero. */ event Transfer(address indexed from, address indexed to, uint256 value); /** * @dev Emitted when the allowance of a `spender` for an `owner` is set by * a call to {approve}. `value` is the new allowance. */ event Approval(address indexed owner, address indexed spender, uint256 value); /** * @dev Returns the amount of tokens in existence. */ function totalSupply() external view returns (uint256); /** * @dev Returns the amount of tokens owned by `account`. */ function balanceOf(address account) external view returns (uint256); /** * @dev Moves `amount` tokens from the caller's account to `to`. * * Returns a boolean value indicating whether the operation succeeded. * * Emits a {Transfer} event. */ function transfer(address to, uint256 amount) external returns (bool); /** * @dev Returns the remaining number of tokens that `spender` will be * allowed to spend on behalf of `owner` through {transferFrom}. This is * zero by default. * * This value changes when {approve} or {transferFrom} are called. */ function allowance(address owner, address spender) external view returns (uint256); /** * @dev Sets `amount` as the allowance of `spender` over the caller's tokens. * * Returns a boolean value indicating whether the operation succeeded. * * IMPORTANT: Beware that changing an allowance with this method brings the risk * that someone may use both the old and the new allowance by unfortunate * transaction ordering. One possible solution to mitigate this race * condition is to first reduce the spender's allowance to 0 and set the * desired value afterwards: * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 * * Emits an {Approval} event. */ function approve(address spender, uint256 amount) external returns (bool); /** * @dev Moves `amount` tokens from `from` to `to` using the * allowance mechanism. `amount` is then deducted from the caller's * allowance. * * Returns a boolean value indicating whether the operation succeeded. * * Emits a {Transfer} event. */ function transferFrom(address from, address to, uint256 amount) external returns (bool); }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.9.3) (token/ERC20/utils/SafeERC20.sol) pragma solidity ^0.8.0; import "../IERC20.sol"; import "../extensions/IERC20Permit.sol"; import "../../../utils/Address.sol"; /** * @title SafeERC20 * @dev Wrappers around ERC20 operations that throw on failure (when the token * contract returns false). Tokens that return no value (and instead revert or * throw on failure) are also supported, non-reverting calls are assumed to be * successful. * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract, * which allows you to call the safe operations as `token.safeTransfer(...)`, etc. */ library SafeERC20 { using Address for address; /** * @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value, * non-reverting calls are assumed to be successful. */ function safeTransfer(IERC20 token, address to, uint256 value) internal { _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value)); } /** * @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the * calling contract. If `token` returns no value, non-reverting calls are assumed to be successful. */ function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal { _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value)); } /** * @dev Deprecated. This function has issues similar to the ones found in * {IERC20-approve}, and its usage is discouraged. * * Whenever possible, use {safeIncreaseAllowance} and * {safeDecreaseAllowance} instead. */ function safeApprove(IERC20 token, address spender, uint256 value) internal { // safeApprove should only be called when setting an initial allowance, // or when resetting it to zero. To increase and decrease it, use // 'safeIncreaseAllowance' and 'safeDecreaseAllowance' require( (value == 0) || (token.allowance(address(this), spender) == 0), "SafeERC20: approve from non-zero to non-zero allowance" ); _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value)); } /** * @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value, * non-reverting calls are assumed to be successful. */ function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal { uint256 oldAllowance = token.allowance(address(this), spender); _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance + value)); } /** * @dev Decrease the calling contract's allowance toward `spender` by `value`. If `token` returns no value, * non-reverting calls are assumed to be successful. */ function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal { unchecked { uint256 oldAllowance = token.allowance(address(this), spender); require(oldAllowance >= value, "SafeERC20: decreased allowance below zero"); _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance - value)); } } /** * @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value, * non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval * to be set to zero before setting it to a non-zero value, such as USDT. */ function forceApprove(IERC20 token, address spender, uint256 value) internal { bytes memory approvalCall = abi.encodeWithSelector(token.approve.selector, spender, value); if (!_callOptionalReturnBool(token, approvalCall)) { _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, 0)); _callOptionalReturn(token, approvalCall); } } /** * @dev Use a ERC-2612 signature to set the `owner` approval toward `spender` on `token`. * Revert on invalid signature. */ function safePermit( IERC20Permit token, address owner, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s ) internal { uint256 nonceBefore = token.nonces(owner); token.permit(owner, spender, value, deadline, v, r, s); uint256 nonceAfter = token.nonces(owner); require(nonceAfter == nonceBefore + 1, "SafeERC20: permit did not succeed"); } /** * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement * on the return value: the return value is optional (but if data is returned, it must not be false). * @param token The token targeted by the call. * @param data The call data (encoded using abi.encode or one of its variants). */ function _callOptionalReturn(IERC20 token, bytes memory data) private { // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since // we're implementing it ourselves. We use {Address-functionCall} to perform this call, which verifies that // the target address contains contract code and also asserts for success in the low-level call. bytes memory returndata = address(token).functionCall(data, "SafeERC20: low-level call failed"); require(returndata.length == 0 || abi.decode(returndata, (bool)), "SafeERC20: ERC20 operation did not succeed"); } /** * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement * on the return value: the return value is optional (but if data is returned, it must not be false). * @param token The token targeted by the call. * @param data The call data (encoded using abi.encode or one of its variants). * * This is a variant of {_callOptionalReturn} that silents catches all reverts and returns a bool instead. */ function _callOptionalReturnBool(IERC20 token, bytes memory data) private returns (bool) { // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since // we're implementing it ourselves. We cannot use {Address-functionCall} here since this should return false // and not revert is the subcall reverts. (bool success, bytes memory returndata) = address(token).call(data); return success && (returndata.length == 0 || abi.decode(returndata, (bool))) && Address.isContract(address(token)); } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { PausableUpgradeable } from "@openzeppelin/contracts-upgradeable/security/PausableUpgradeable.sol"; import { Constants } from "../libraries/Constants.sol"; import { Encoding } from "../libraries/Encoding.sol"; import { Hashing } from "../libraries/Hashing.sol"; import { SafeCall } from "../libraries/SafeCall.sol"; /** * @custom:upgradeable * @title CrossDomainMessenger * @notice CrossDomainMessenger is a base contract that provides the core logic for the L1 and L2 * cross-chain messenger contracts. It's designed to be a universal interface that only * needs to be extended slightly to provide low-level message passing functionality on each * chain it's deployed on. Currently only designed for message passing between two paired * chains and does not support one-to-many interactions. * * Any changes to this contract MUST result in a semver bump for contracts that inherit it. */ abstract contract CrossDomainMessenger is PausableUpgradeable { /** * @notice Current message version identifier. */ uint16 public constant MESSAGE_VERSION = 0; /** * @notice Constant overhead added to the base gas for a message. */ uint64 public constant RELAY_CONSTANT_OVERHEAD = 200_000; /** * @notice Numerator for dynamic overhead added to the base gas for a message. */ uint64 public constant MIN_GAS_DYNAMIC_OVERHEAD_NUMERATOR = 64; /** * @notice Denominator for dynamic overhead added to the base gas for a message. */ uint64 public constant MIN_GAS_DYNAMIC_OVERHEAD_DENOMINATOR = 63; /** * @notice Extra gas added to base gas for each byte of calldata in a message. */ uint64 public constant MIN_GAS_CALLDATA_OVERHEAD = 16; /** * @notice Gas reserved for performing the external call in `relayMessage`. */ uint64 public constant RELAY_CALL_OVERHEAD = 40_000; /** * @notice Gas reserved for finalizing the execution of `relayMessage` after the safe call. */ uint64 public constant RELAY_RESERVED_GAS = 40_000; /** * @notice Gas reserved for the execution between the `hasMinGas` check and the external * call in `relayMessage`. */ uint64 public constant RELAY_GAS_CHECK_BUFFER = 5_000; /** * @notice Address of the paired CrossDomainMessenger contract on the other chain. */ address public immutable OTHER_MESSENGER; /** * @notice Mapping of message hashes to boolean receipt values. Note that a message will only * be present in this mapping if it has successfully been relayed on this chain, and * can therefore not be relayed again. */ mapping(bytes32 => bool) public successfulMessages; /** * @notice Address of the sender of the currently executing message on the other chain. If the * value of this variable is the default value (0x00000000...dead) then no message is * currently being executed. Use the xDomainMessageSender getter which will throw an * error if this is the case. */ address internal xDomainMsgSender; /** * @notice Nonce for the next message to be sent, without the message version applied. Use the * messageNonce getter which will insert the message version into the nonce to give you * the actual nonce to be used for the message. */ uint240 internal msgNonce; /** * @notice Mapping of message hashes to a boolean if and only if the message has failed to be * executed at least once. A message will not be present in this mapping if it * successfully executed on the first attempt. */ mapping(bytes32 => bool) public failedMessages; /** * @notice Reserve extra slots in the storage layout for future upgrades. * A gap size of 45 was chosen here, so that the first slot used in a child contract * would be a multiple of 50. */ uint256[45] private __gap; /** * @notice Emitted whenever a message is sent to the other chain. * * @param target Address of the recipient of the message. * @param sender Address of the sender of the message. * @param value ETH value sent along with the message to the recipient. * @param message Message to trigger the recipient address with. * @param messageNonce Unique nonce attached to the message. * @param gasLimit Minimum gas limit that the message can be executed with. */ event SentMessage( address indexed target, address indexed sender, uint256 value, bytes message, uint256 messageNonce, uint256 gasLimit ); /** * @notice Emitted whenever a message is successfully relayed on this chain. * * @param msgHash Hash of the message that was relayed. */ event RelayedMessage(bytes32 indexed msgHash); /** * @notice Emitted whenever a message fails to be relayed on this chain. * * @param msgHash Hash of the message that failed to be relayed. */ event FailedRelayedMessage(bytes32 indexed msgHash); /** * @param _otherMessenger Address of the messenger on the paired chain. */ constructor(address _otherMessenger) { OTHER_MESSENGER = _otherMessenger; } /** * @notice Sends a message to some target address on the other chain. Note that if the call * always reverts, then the message will be unrelayable, and any ETH sent will be * permanently locked. The same will occur if the target on the other chain is * considered unsafe (see the _isUnsafeTarget() function). * * @param _target Target contract or wallet address. * @param _message Message to trigger the target address with. * @param _minGasLimit Minimum gas limit that the message can be executed with. */ function sendMessage( address _target, bytes calldata _message, uint32 _minGasLimit ) external payable { // Triggers a message to the other messenger. Note that the amount of gas provided to the // message is the amount of gas requested by the user PLUS the base gas value. We want to // guarantee the property that the call to the target contract will always have at least // the minimum gas limit specified by the user. _sendMessage( OTHER_MESSENGER, baseGas(_message, _minGasLimit), msg.value, abi.encodeWithSelector( this.relayMessage.selector, messageNonce(), msg.sender, _target, msg.value, _minGasLimit, _message ) ); emit SentMessage(_target, msg.sender, msg.value, _message, messageNonce(), _minGasLimit); unchecked { ++msgNonce; } } /** * @notice Relays a message that was sent by the other CrossDomainMessenger contract. Can only * be executed via cross-chain call from the other messenger OR if the message was * already received once and is currently being replayed. * * @param _nonce Nonce of the message being relayed. * @param _sender Address of the user who sent the message. * @param _target Address that the message is targeted at. * @param _value ETH value to send with the message. * @param _minGasLimit Minimum amount of gas that the message can be executed with. * @param _message Message to send to the target. */ function relayMessage( uint256 _nonce, address _sender, address _target, uint256 _value, uint256 _minGasLimit, bytes calldata _message ) external payable { (, uint16 version) = Encoding.decodeVersionedNonce(_nonce); require( version < 1, "CrossDomainMessenger: only version 0 messages is supported at this time" ); // We use the v0 message hash as the unique identifier for the message because it commits // to the value and minimum gas limit of the message. bytes32 versionedHash = Hashing.hashCrossDomainMessageV0( _nonce, _sender, _target, _value, _minGasLimit, _message ); if (_isOtherMessenger()) { // These properties should always hold when the message is first submitted (as // opposed to being replayed). assert(msg.value == _value); assert(!failedMessages[versionedHash]); } else { require( msg.value == 0, "CrossDomainMessenger: value must be zero unless message is from a system address" ); require( failedMessages[versionedHash], "CrossDomainMessenger: message cannot be replayed" ); } require( _isUnsafeTarget(_target) == false, "CrossDomainMessenger: cannot send message to blocked system address" ); require( successfulMessages[versionedHash] == false, "CrossDomainMessenger: message has already been relayed" ); // If there is not enough gas left to perform the external call and finish the execution, // return early and assign the message to the failedMessages mapping. // We are asserting that we have enough gas to: // 1. Call the target contract (_minGasLimit + RELAY_CALL_OVERHEAD + RELAY_GAS_CHECK_BUFFER) // 1.a. The RELAY_CALL_OVERHEAD is included in `hasMinGas`. // 2. Finish the execution after the external call (RELAY_RESERVED_GAS). // // If `xDomainMsgSender` is not the default L2 sender, this function // is being re-entered. This marks the message as failed to allow it to be replayed. if ( !SafeCall.hasMinGas(_minGasLimit, RELAY_RESERVED_GAS + RELAY_GAS_CHECK_BUFFER) || xDomainMsgSender != Constants.DEFAULT_L2_SENDER ) { failedMessages[versionedHash] = true; emit FailedRelayedMessage(versionedHash); // Revert in this case if the transaction was triggered by the estimation address. This // should only be possible during gas estimation or we have bigger problems. Reverting // here will make the behavior of gas estimation change such that the gas limit // computed will be the amount required to relay the message, even if that amount is // greater than the minimum gas limit specified by the user. if (tx.origin == Constants.ESTIMATION_ADDRESS) { revert("CrossDomainMessenger: failed to relay message"); } return; } xDomainMsgSender = _sender; bool success = SafeCall.call(_target, gasleft() - RELAY_RESERVED_GAS, _value, _message); xDomainMsgSender = Constants.DEFAULT_L2_SENDER; if (success) { successfulMessages[versionedHash] = true; emit RelayedMessage(versionedHash); } else { failedMessages[versionedHash] = true; emit FailedRelayedMessage(versionedHash); // Revert in this case if the transaction was triggered by the estimation address. This // should only be possible during gas estimation or we have bigger problems. Reverting // here will make the behavior of gas estimation change such that the gas limit // computed will be the amount required to relay the message, even if that amount is // greater than the minimum gas limit specified by the user. if (tx.origin == Constants.ESTIMATION_ADDRESS) { revert("CrossDomainMessenger: failed to relay message"); } } } /** * @notice Retrieves the address of the contract or wallet that initiated the currently * executing message on the other chain. Will throw an error if there is no message * currently being executed. Allows the recipient of a call to see who triggered it. * * @return Address of the sender of the currently executing message on the other chain. */ function xDomainMessageSender() external view returns (address) { require( xDomainMsgSender != Constants.DEFAULT_L2_SENDER, "CrossDomainMessenger: xDomainMessageSender is not set" ); return xDomainMsgSender; } /** * @notice Retrieves the next message nonce. Message version will be added to the upper two * bytes of the message nonce. Message version allows us to treat messages as having * different structures. * * @return Nonce of the next message to be sent, with added message version. */ function messageNonce() public view returns (uint256) { return Encoding.encodeVersionedNonce(msgNonce, MESSAGE_VERSION); } /** * @notice Computes the amount of gas required to guarantee that a given message will be * received on the other chain without running out of gas. Guaranteeing that a message * will not run out of gas is important because this ensures that a message can always * be replayed on the other chain if it fails to execute completely. * * @param _message Message to compute the amount of required gas for. * @param _minGasLimit Minimum desired gas limit when message goes to target. * * @return Amount of gas required to guarantee message receipt. */ function baseGas(bytes calldata _message, uint32 _minGasLimit) public pure returns (uint64) { return // Constant overhead RELAY_CONSTANT_OVERHEAD + // Calldata overhead (uint64(_message.length) * MIN_GAS_CALLDATA_OVERHEAD) + // Dynamic overhead (EIP-150) ((_minGasLimit * MIN_GAS_DYNAMIC_OVERHEAD_NUMERATOR) / MIN_GAS_DYNAMIC_OVERHEAD_DENOMINATOR) + // Gas reserved for the worst-case cost of 3/5 of the `CALL` opcode's dynamic gas // factors. (Conservative) RELAY_CALL_OVERHEAD + // Relay reserved gas (to ensure execution of `relayMessage` completes after the // subcontext finishes executing) (Conservative) RELAY_RESERVED_GAS + // Gas reserved for the execution between the `hasMinGas` check and the `CALL` // opcode. (Conservative) RELAY_GAS_CHECK_BUFFER; } /** * @notice Intializer. */ // solhint-disable-next-line func-name-mixedcase function __CrossDomainMessenger_init() internal onlyInitializing { xDomainMsgSender = Constants.DEFAULT_L2_SENDER; } /** * @notice Sends a low-level message to the other messenger. Needs to be implemented by child * contracts because the logic for this depends on the network where the messenger is * being deployed. * * @param _to Recipient of the message on the other chain. * @param _gasLimit Minimum gas limit the message can be executed with. * @param _value Amount of ETH to send with the message. * @param _data Message data. */ function _sendMessage( address _to, uint64 _gasLimit, uint256 _value, bytes memory _data ) internal virtual; /** * @notice Checks whether the message is coming from the other messenger. Implemented by child * contracts because the logic for this depends on the network where the messenger is * being deployed. * * @return Whether the message is coming from the other messenger. */ function _isOtherMessenger() internal view virtual returns (bool); /** * @notice Checks whether a given call target is a system address that could cause the * messenger to peform an unsafe action. This is NOT a mechanism for blocking user * addresses. This is ONLY used to prevent the execution of messages to specific * system addresses that could cause security issues, e.g., having the * CrossDomainMessenger send messages to itself. * * @param _target Address of the contract to check. * * @return Whether or not the address is an unsafe system address. */ function _isUnsafeTarget(address _target) internal view virtual returns (bool); }
// SPDX-License-Identifier: MIT pragma solidity ^0.8.0; import { IERC165 } from "@openzeppelin/contracts/utils/introspection/IERC165.sol"; /** * @title IKromaMintableERC20 * @notice This interface is available on the KromaMintableERC20 contract. We declare it as a * separate interface so that it can be used in custom implementations of * KromaMintableERC20. */ interface IKromaMintableERC20 { function REMOTE_TOKEN() external view returns (address); function BRIDGE() external view returns (address); function mint(address _to, uint256 _amount) external; function burn(address _from, uint256 _amount) external; }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { ERC20 } from "@openzeppelin/contracts/token/ERC20/ERC20.sol"; import { IERC165 } from "@openzeppelin/contracts/utils/introspection/IERC165.sol"; import { Semver } from "../universal/Semver.sol"; import { IKromaMintableERC20 } from "./IKromaMintableERC20.sol"; /** * @title KromaMintableERC20 * @notice KromaMintableERC20 is a standard extension of the base ERC20 token contract designed * to allow the StandardBridge contracts to mint and burn tokens. This makes it possible to * use a KromaMintableRC20 as the L2 representation of an L1 token, or vice-versa. * Designed to be backwards compatible with the older StandardL2ERC20 token which was only * meant for use on L2. */ contract KromaMintableERC20 is IKromaMintableERC20, ERC20, Semver { /** * @notice Address of the corresponding version of this token on the remote chain. */ address public immutable REMOTE_TOKEN; /** * @notice Address of the StandardBridge on this network. */ address public immutable BRIDGE; /** * @notice Emitted whenever tokens are minted for an account. * * @param account Address of the account tokens are being minted for. * @param amount Amount of tokens minted. */ event Mint(address indexed account, uint256 amount); /** * @notice Emitted whenever tokens are burned from an account. * * @param account Address of the account tokens are being burned from. * @param amount Amount of tokens burned. */ event Burn(address indexed account, uint256 amount); /** * @notice A modifier that only allows the bridge to call */ modifier onlyBridge() { require(msg.sender == BRIDGE, "KromaMintableERC20: only bridge can mint and burn"); _; } /** * @custom:semver 1.0.0 * * @param _bridge Address of the L2 standard bridge. * @param _remoteToken Address of the corresponding L1 token. * @param _name ERC20 name. * @param _symbol ERC20 symbol. */ constructor( address _bridge, address _remoteToken, string memory _name, string memory _symbol ) ERC20(_name, _symbol) Semver(1, 0, 0) { REMOTE_TOKEN = _remoteToken; BRIDGE = _bridge; } /** * @notice Allows the StandardBridge on this network to mint tokens. * * @param _to Address to mint tokens to. * @param _amount Amount of tokens to mint. */ function mint(address _to, uint256 _amount) external virtual override(IKromaMintableERC20) onlyBridge { _mint(_to, _amount); emit Mint(_to, _amount); } /** * @notice Allows the StandardBridge on this network to burn tokens. * * @param _from Address to burn tokens from. * @param _amount Amount of tokens to burn. */ function burn(address _from, uint256 _amount) external virtual override(IKromaMintableERC20) onlyBridge { _burn(_from, _amount); emit Burn(_from, _amount); } /** * @notice ERC165 interface check function. * * @param _interfaceId Interface ID to check. * * @return Whether or not the interface is supported by this contract. */ function supportsInterface(bytes4 _interfaceId) external pure returns (bool) { bytes4 iface1 = type(IERC165).interfaceId; // Interface corresponding to the updated KromaMintableERC20 (this contract). bytes4 iface2 = type(IKromaMintableERC20).interfaceId; return _interfaceId == iface1 || _interfaceId == iface2; } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.9.0) (access/Ownable.sol) pragma solidity ^0.8.0; import "../utils/Context.sol"; /** * @dev Contract module which provides a basic access control mechanism, where * there is an account (an owner) that can be granted exclusive access to * specific functions. * * By default, the owner account will be the one that deploys the contract. This * can later be changed with {transferOwnership}. * * This module is used through inheritance. It will make available the modifier * `onlyOwner`, which can be applied to your functions to restrict their use to * the owner. */ abstract contract Ownable is Context { address private _owner; event OwnershipTransferred(address indexed previousOwner, address indexed newOwner); /** * @dev Initializes the contract setting the deployer as the initial owner. */ constructor() { _transferOwnership(_msgSender()); } /** * @dev Throws if called by any account other than the owner. */ modifier onlyOwner() { _checkOwner(); _; } /** * @dev Returns the address of the current owner. */ function owner() public view virtual returns (address) { return _owner; } /** * @dev Throws if the sender is not the owner. */ function _checkOwner() internal view virtual { require(owner() == _msgSender(), "Ownable: caller is not the owner"); } /** * @dev Leaves the contract without owner. It will not be possible to call * `onlyOwner` functions. Can only be called by the current owner. * * NOTE: Renouncing ownership will leave the contract without an owner, * thereby disabling any functionality that is only available to the owner. */ function renounceOwnership() public virtual onlyOwner { _transferOwnership(address(0)); } /** * @dev Transfers ownership of the contract to a new account (`newOwner`). * Can only be called by the current owner. */ function transferOwnership(address newOwner) public virtual onlyOwner { require(newOwner != address(0), "Ownable: new owner is the zero address"); _transferOwnership(newOwner); } /** * @dev Transfers ownership of the contract to a new account (`newOwner`). * Internal function without access restriction. */ function _transferOwnership(address newOwner) internal virtual { address oldOwner = _owner; _owner = newOwner; emit OwnershipTransferred(oldOwner, newOwner); } }
// SPDX-License-Identifier: MIT pragma solidity ^0.8.0; /** * @title Bytes32 * @notice Bytes32 is a library for manipulating byte32. */ library Bytes32 { /** * @notice Splits bytes32 to high and low parts. * * @param _bytes Bytes32 to split. * * @return High part of bytes32. * @return Low part of bytes32. */ function split(bytes32 _bytes) internal pure returns (bytes32, bytes32) { bytes16 high = bytes16(_bytes); bytes16 low = bytes16(uint128(uint256(_bytes))); return (fromBytes16(high), fromBytes16(low)); } /** * @notice Converts bytes16 to bytes32. * * @param _bytes Bytes to constrcut to bytes32. * * @return Bytes32 constructed from bytes16. */ function fromBytes16(bytes16 _bytes) internal pure returns (bytes32) { return bytes32(uint256(uint128(_bytes))); } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts v4.4.1 (utils/introspection/IERC165.sol) pragma solidity ^0.8.0; /** * @dev Interface of the ERC165 standard, as defined in the * https://eips.ethereum.org/EIPS/eip-165[EIP]. * * Implementers can declare support of contract interfaces, which can then be * queried by others ({ERC165Checker}). * * For an implementation, see {ERC165}. */ interface IERC165 { /** * @dev Returns true if this contract implements the interface defined by * `interfaceId`. See the corresponding * https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[EIP section] * to learn more about how these ids are created. * * This function call must use less than 30 000 gas. */ function supportsInterface(bytes4 interfaceId) external view returns (bool); }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/extensions/IERC20Permit.sol) pragma solidity ^0.8.0; /** * @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in * https://eips.ethereum.org/EIPS/eip-2612[EIP-2612]. * * Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by * presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't * need to send a transaction, and thus is not required to hold Ether at all. */ interface IERC20Permit { /** * @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens, * given ``owner``'s signed approval. * * IMPORTANT: The same issues {IERC20-approve} has related to transaction * ordering also apply here. * * Emits an {Approval} event. * * Requirements: * * - `spender` cannot be the zero address. * - `deadline` must be a timestamp in the future. * - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner` * over the EIP712-formatted function arguments. * - the signature must use ``owner``'s current nonce (see {nonces}). * * For more information on the signature format, see the * https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP * section]. */ function permit( address owner, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s ) external; /** * @dev Returns the current nonce for `owner`. This value must be * included whenever a signature is generated for {permit}. * * Every successful call to {permit} increases ``owner``'s nonce by one. This * prevents a signature from being used multiple times. */ function nonces(address owner) external view returns (uint256); /** * @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}. */ // solhint-disable-next-line func-name-mixedcase function DOMAIN_SEPARATOR() external view returns (bytes32); }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.7.0) (security/Pausable.sol) pragma solidity ^0.8.0; import "../utils/ContextUpgradeable.sol"; import "../proxy/utils/Initializable.sol"; /** * @dev Contract module which allows children to implement an emergency stop * mechanism that can be triggered by an authorized account. * * This module is used through inheritance. It will make available the * modifiers `whenNotPaused` and `whenPaused`, which can be applied to * the functions of your contract. Note that they will not be pausable by * simply including this module, only once the modifiers are put in place. */ abstract contract PausableUpgradeable is Initializable, ContextUpgradeable { /** * @dev Emitted when the pause is triggered by `account`. */ event Paused(address account); /** * @dev Emitted when the pause is lifted by `account`. */ event Unpaused(address account); bool private _paused; /** * @dev Initializes the contract in unpaused state. */ function __Pausable_init() internal onlyInitializing { __Pausable_init_unchained(); } function __Pausable_init_unchained() internal onlyInitializing { _paused = false; } /** * @dev Modifier to make a function callable only when the contract is not paused. * * Requirements: * * - The contract must not be paused. */ modifier whenNotPaused() { _requireNotPaused(); _; } /** * @dev Modifier to make a function callable only when the contract is paused. * * Requirements: * * - The contract must be paused. */ modifier whenPaused() { _requirePaused(); _; } /** * @dev Returns true if the contract is paused, and false otherwise. */ function paused() public view virtual returns (bool) { return _paused; } /** * @dev Throws if the contract is paused. */ function _requireNotPaused() internal view virtual { require(!paused(), "Pausable: paused"); } /** * @dev Throws if the contract is not paused. */ function _requirePaused() internal view virtual { require(paused(), "Pausable: not paused"); } /** * @dev Triggers stopped state. * * Requirements: * * - The contract must not be paused. */ function _pause() internal virtual whenNotPaused { _paused = true; emit Paused(_msgSender()); } /** * @dev Returns to normal state. * * Requirements: * * - The contract must be paused. */ function _unpause() internal virtual whenPaused { _paused = false; emit Unpaused(_msgSender()); } /** * @dev This empty reserved space is put in place to allow future versions to add new * variables without shifting down storage in the inheritance chain. * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps */ uint256[49] private __gap; }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/ERC20.sol) pragma solidity ^0.8.0; import "./IERC20.sol"; import "./extensions/IERC20Metadata.sol"; import "../../utils/Context.sol"; /** * @dev Implementation of the {IERC20} interface. * * This implementation is agnostic to the way tokens are created. This means * that a supply mechanism has to be added in a derived contract using {_mint}. * For a generic mechanism see {ERC20PresetMinterPauser}. * * TIP: For a detailed writeup see our guide * https://forum.openzeppelin.com/t/how-to-implement-erc20-supply-mechanisms/226[How * to implement supply mechanisms]. * * The default value of {decimals} is 18. To change this, you should override * this function so it returns a different value. * * We have followed general OpenZeppelin Contracts guidelines: functions revert * instead returning `false` on failure. This behavior is nonetheless * conventional and does not conflict with the expectations of ERC20 * applications. * * Additionally, an {Approval} event is emitted on calls to {transferFrom}. * This allows applications to reconstruct the allowance for all accounts just * by listening to said events. Other implementations of the EIP may not emit * these events, as it isn't required by the specification. * * Finally, the non-standard {decreaseAllowance} and {increaseAllowance} * functions have been added to mitigate the well-known issues around setting * allowances. See {IERC20-approve}. */ contract ERC20 is Context, IERC20, IERC20Metadata { mapping(address => uint256) private _balances; mapping(address => mapping(address => uint256)) private _allowances; uint256 private _totalSupply; string private _name; string private _symbol; /** * @dev Sets the values for {name} and {symbol}. * * All two of these values are immutable: they can only be set once during * construction. */ constructor(string memory name_, string memory symbol_) { _name = name_; _symbol = symbol_; } /** * @dev Returns the name of the token. */ function name() public view virtual override returns (string memory) { return _name; } /** * @dev Returns the symbol of the token, usually a shorter version of the * name. */ function symbol() public view virtual override returns (string memory) { return _symbol; } /** * @dev Returns the number of decimals used to get its user representation. * For example, if `decimals` equals `2`, a balance of `505` tokens should * be displayed to a user as `5.05` (`505 / 10 ** 2`). * * Tokens usually opt for a value of 18, imitating the relationship between * Ether and Wei. This is the default value returned by this function, unless * it's overridden. * * NOTE: This information is only used for _display_ purposes: it in * no way affects any of the arithmetic of the contract, including * {IERC20-balanceOf} and {IERC20-transfer}. */ function decimals() public view virtual override returns (uint8) { return 18; } /** * @dev See {IERC20-totalSupply}. */ function totalSupply() public view virtual override returns (uint256) { return _totalSupply; } /** * @dev See {IERC20-balanceOf}. */ function balanceOf(address account) public view virtual override returns (uint256) { return _balances[account]; } /** * @dev See {IERC20-transfer}. * * Requirements: * * - `to` cannot be the zero address. * - the caller must have a balance of at least `amount`. */ function transfer(address to, uint256 amount) public virtual override returns (bool) { address owner = _msgSender(); _transfer(owner, to, amount); return true; } /** * @dev See {IERC20-allowance}. */ function allowance(address owner, address spender) public view virtual override returns (uint256) { return _allowances[owner][spender]; } /** * @dev See {IERC20-approve}. * * NOTE: If `amount` is the maximum `uint256`, the allowance is not updated on * `transferFrom`. This is semantically equivalent to an infinite approval. * * Requirements: * * - `spender` cannot be the zero address. */ function approve(address spender, uint256 amount) public virtual override returns (bool) { address owner = _msgSender(); _approve(owner, spender, amount); return true; } /** * @dev See {IERC20-transferFrom}. * * Emits an {Approval} event indicating the updated allowance. This is not * required by the EIP. See the note at the beginning of {ERC20}. * * NOTE: Does not update the allowance if the current allowance * is the maximum `uint256`. * * Requirements: * * - `from` and `to` cannot be the zero address. * - `from` must have a balance of at least `amount`. * - the caller must have allowance for ``from``'s tokens of at least * `amount`. */ function transferFrom(address from, address to, uint256 amount) public virtual override returns (bool) { address spender = _msgSender(); _spendAllowance(from, spender, amount); _transfer(from, to, amount); return true; } /** * @dev Atomically increases the allowance granted to `spender` by the caller. * * This is an alternative to {approve} that can be used as a mitigation for * problems described in {IERC20-approve}. * * Emits an {Approval} event indicating the updated allowance. * * Requirements: * * - `spender` cannot be the zero address. */ function increaseAllowance(address spender, uint256 addedValue) public virtual returns (bool) { address owner = _msgSender(); _approve(owner, spender, allowance(owner, spender) + addedValue); return true; } /** * @dev Atomically decreases the allowance granted to `spender` by the caller. * * This is an alternative to {approve} that can be used as a mitigation for * problems described in {IERC20-approve}. * * Emits an {Approval} event indicating the updated allowance. * * Requirements: * * - `spender` cannot be the zero address. * - `spender` must have allowance for the caller of at least * `subtractedValue`. */ function decreaseAllowance(address spender, uint256 subtractedValue) public virtual returns (bool) { address owner = _msgSender(); uint256 currentAllowance = allowance(owner, spender); require(currentAllowance >= subtractedValue, "ERC20: decreased allowance below zero"); unchecked { _approve(owner, spender, currentAllowance - subtractedValue); } return true; } /** * @dev Moves `amount` of tokens from `from` to `to`. * * This internal function is equivalent to {transfer}, and can be used to * e.g. implement automatic token fees, slashing mechanisms, etc. * * Emits a {Transfer} event. * * Requirements: * * - `from` cannot be the zero address. * - `to` cannot be the zero address. * - `from` must have a balance of at least `amount`. */ function _transfer(address from, address to, uint256 amount) internal virtual { require(from != address(0), "ERC20: transfer from the zero address"); require(to != address(0), "ERC20: transfer to the zero address"); _beforeTokenTransfer(from, to, amount); uint256 fromBalance = _balances[from]; require(fromBalance >= amount, "ERC20: transfer amount exceeds balance"); unchecked { _balances[from] = fromBalance - amount; // Overflow not possible: the sum of all balances is capped by totalSupply, and the sum is preserved by // decrementing then incrementing. _balances[to] += amount; } emit Transfer(from, to, amount); _afterTokenTransfer(from, to, amount); } /** @dev Creates `amount` tokens and assigns them to `account`, increasing * the total supply. * * Emits a {Transfer} event with `from` set to the zero address. * * Requirements: * * - `account` cannot be the zero address. */ function _mint(address account, uint256 amount) internal virtual { require(account != address(0), "ERC20: mint to the zero address"); _beforeTokenTransfer(address(0), account, amount); _totalSupply += amount; unchecked { // Overflow not possible: balance + amount is at most totalSupply + amount, which is checked above. _balances[account] += amount; } emit Transfer(address(0), account, amount); _afterTokenTransfer(address(0), account, amount); } /** * @dev Destroys `amount` tokens from `account`, reducing the * total supply. * * Emits a {Transfer} event with `to` set to the zero address. * * Requirements: * * - `account` cannot be the zero address. * - `account` must have at least `amount` tokens. */ function _burn(address account, uint256 amount) internal virtual { require(account != address(0), "ERC20: burn from the zero address"); _beforeTokenTransfer(account, address(0), amount); uint256 accountBalance = _balances[account]; require(accountBalance >= amount, "ERC20: burn amount exceeds balance"); unchecked { _balances[account] = accountBalance - amount; // Overflow not possible: amount <= accountBalance <= totalSupply. _totalSupply -= amount; } emit Transfer(account, address(0), amount); _afterTokenTransfer(account, address(0), amount); } /** * @dev Sets `amount` as the allowance of `spender` over the `owner` s tokens. * * This internal function is equivalent to `approve`, and can be used to * e.g. set automatic allowances for certain subsystems, etc. * * Emits an {Approval} event. * * Requirements: * * - `owner` cannot be the zero address. * - `spender` cannot be the zero address. */ function _approve(address owner, address spender, uint256 amount) internal virtual { require(owner != address(0), "ERC20: approve from the zero address"); require(spender != address(0), "ERC20: approve to the zero address"); _allowances[owner][spender] = amount; emit Approval(owner, spender, amount); } /** * @dev Updates `owner` s allowance for `spender` based on spent `amount`. * * Does not update the allowance amount in case of infinite allowance. * Revert if not enough allowance is available. * * Might emit an {Approval} event. */ function _spendAllowance(address owner, address spender, uint256 amount) internal virtual { uint256 currentAllowance = allowance(owner, spender); if (currentAllowance != type(uint256).max) { require(currentAllowance >= amount, "ERC20: insufficient allowance"); unchecked { _approve(owner, spender, currentAllowance - amount); } } } /** * @dev Hook that is called before any transfer of tokens. This includes * minting and burning. * * Calling conditions: * * - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens * will be transferred to `to`. * - when `from` is zero, `amount` tokens will be minted for `to`. * - when `to` is zero, `amount` of ``from``'s tokens will be burned. * - `from` and `to` are never both zero. * * To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks]. */ function _beforeTokenTransfer(address from, address to, uint256 amount) internal virtual {} /** * @dev Hook that is called after any transfer of tokens. This includes * minting and burning. * * Calling conditions: * * - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens * has been transferred to `to`. * - when `from` is zero, `amount` tokens have been minted for `to`. * - when `to` is zero, `amount` of ``from``'s tokens have been burned. * - `from` and `to` are never both zero. * * To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks]. */ function _afterTokenTransfer(address from, address to, uint256 amount) internal virtual {} }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts v4.4.1 (utils/Context.sol) pragma solidity ^0.8.0; /** * @dev Provides information about the current execution context, including the * sender of the transaction and its data. While these are generally available * via msg.sender and msg.data, they should not be accessed in such a direct * manner, since when dealing with meta-transactions the account sending and * paying for execution may not be the actual sender (as far as an application * is concerned). * * This contract is only required for intermediate, library-like contracts. */ abstract contract Context { function _msgSender() internal view virtual returns (address) { return msg.sender; } function _msgData() internal view virtual returns (bytes calldata) { return msg.data; } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts v4.4.1 (token/ERC20/extensions/IERC20Metadata.sol) pragma solidity ^0.8.0; import "../IERC20.sol"; /** * @dev Interface for the optional metadata functions from the ERC20 standard. * * _Available since v4.1._ */ interface IERC20Metadata is IERC20 { /** * @dev Returns the name of the token. */ function name() external view returns (string memory); /** * @dev Returns the symbol of the token. */ function symbol() external view returns (string memory); /** * @dev Returns the decimals places of the token. */ function decimals() external view returns (uint8); }
{ "remappings": [ "@openzeppelin/=node_modules/@openzeppelin/", "@openzeppelin/contracts-upgradeable/=node_modules/@openzeppelin/contracts-upgradeable/", "@openzeppelin/contracts/=node_modules/@openzeppelin/contracts/", "@rari-capital/=node_modules/@rari-capital/", "@rari-capital/solmate/=node_modules/@rari-capital/solmate/", "ds-test/=node_modules/ds-test/src/", "forge-std/=node_modules/forge-std/src/" ], "optimizer": { "enabled": true, "runs": 10000 }, "metadata": { "bytecodeHash": "none" }, "outputSelection": { "*": { "*": [ "evm.bytecode", "evm.deployedBytecode", "devdoc", "userdoc", "metadata", "abi" ] } }, "evmVersion": "london", "libraries": {} }
Contract Security Audit
- No Contract Security Audit Submitted- Submit Audit Here
[{"inputs":[{"internalType":"address","name":"_colosseum","type":"address"},{"internalType":"address payable","name":"_governor","type":"address"}],"stateMutability":"nonpayable","type":"constructor"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"sender","type":"address"},{"indexed":true,"internalType":"uint256","name":"transactionId","type":"uint256"}],"name":"ConfirmationRevoked","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"uint256","name":"transactionId","type":"uint256"},{"indexed":true,"internalType":"uint256","name":"outputIndex","type":"uint256"}],"name":"DeletionRequested","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"uint8","name":"version","type":"uint8"}],"name":"Initialized","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"sender","type":"address"},{"indexed":true,"internalType":"uint256","name":"transactionId","type":"uint256"}],"name":"TransactionConfirmed","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"sender","type":"address"},{"indexed":true,"internalType":"uint256","name":"transactionId","type":"uint256"}],"name":"TransactionExecuted","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"sender","type":"address"},{"indexed":true,"internalType":"uint256","name":"transactionId","type":"uint256"}],"name":"TransactionSubmitted","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"uint256","name":"transactionId","type":"uint256"},{"indexed":false,"internalType":"bytes32","name":"outputRoot","type":"bytes32"},{"indexed":false,"internalType":"uint256","name":"l2BlockNumber","type":"uint256"}],"name":"ValidationRequested","type":"event"},{"inputs":[],"name":"COLOSSEUM","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"GOVERNOR","outputs":[{"internalType":"contract UpgradeGovernor","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"clock","outputs":[{"internalType":"uint48","name":"","type":"uint48"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"uint256","name":"_transactionId","type":"uint256"}],"name":"confirmTransaction","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"uint256","name":"","type":"uint256"}],"name":"confirmations","outputs":[{"internalType":"uint256","name":"confirmationCount","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"uint256","name":"_transactionId","type":"uint256"}],"name":"executeTransaction","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"_target","type":"address"},{"internalType":"uint256","name":"_value","type":"uint256"},{"internalType":"bytes","name":"_data","type":"bytes"}],"name":"generateTransactionId","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"uint256","name":"_transactionId","type":"uint256"}],"name":"getConfirmationCount","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"account","type":"address"}],"name":"getVotes","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"uint256","name":"_transactionId","type":"uint256"}],"name":"isConfirmed","outputs":[{"internalType":"bool","name":"","type":"bool"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"uint256","name":"_transactionId","type":"uint256"},{"internalType":"address","name":"_account","type":"address"}],"name":"isConfirmedBy","outputs":[{"internalType":"bool","name":"","type":"bool"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"uint256","name":"","type":"uint256"}],"name":"outputsDeleteRequested","outputs":[{"internalType":"bool","name":"","type":"bool"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"quorum","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"uint256","name":"_outputIndex","type":"uint256"},{"internalType":"bool","name":"_force","type":"bool"}],"name":"requestDeletion","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"bytes32","name":"_outputRoot","type":"bytes32"},{"internalType":"uint256","name":"_l2BlockNumber","type":"uint256"},{"internalType":"bytes","name":"_data","type":"bytes"}],"name":"requestValidation","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"uint256","name":"_transactionId","type":"uint256"}],"name":"revokeConfirmation","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"_target","type":"address"},{"internalType":"uint256","name":"_value","type":"uint256"},{"internalType":"bytes","name":"_data","type":"bytes"}],"name":"submitTransaction","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"transactionCount","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"uint256","name":"","type":"uint256"}],"name":"transactions","outputs":[{"internalType":"address","name":"target","type":"address"},{"internalType":"bool","name":"executed","type":"bool"},{"internalType":"uint256","name":"value","type":"uint256"},{"internalType":"bytes","name":"data","type":"bytes"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"version","outputs":[{"internalType":"string","name":"","type":"string"}],"stateMutability":"view","type":"function"}]
Contract Creation Code
6101206040523480156200001257600080fd5b506040516200247538038062002475833981016040819052620000359162000076565b6001600160a01b03908116608052600160a081905260c052600060e0521661010052620000b5565b6001600160a01b03811681146200007357600080fd5b50565b600080604083850312156200008a57600080fd5b825162000097816200005d565b6020840151909250620000aa816200005d565b809150509250929050565b60805160a05160c05160e0516101005161234a6200012b600039600081816103450152818161056e015261061f01526000610daa01526000610d8101526000610d5801526000818161022701528181610726015281816107e20152818161086401528181610e1c0152610f48015261234a6000f3fe608060405234801561001057600080fd5b506004361061016c5760003560e01c80638b51d13f116100cd578063b77bf60011610081578063c01a8c8411610066578063c01a8c8414610390578063c6427474146103a3578063ee22610b146103b657600080fd5b8063b77bf60014610367578063b9774f7b1461037057600080fd5b80639ab24eb0116100b25780639ab24eb01461030a5780639ace38c21461031d5780639e45e8f41461034057600080fd5b80638b51d13f146102cb57806391ddadf4146102eb57600080fd5b806349ae963d116101245780636dc0ae22116101095780636dc0ae2214610222578063784547a71461026e5780638a8e784c1461028157600080fd5b806349ae963d146101fa57806354fd4d501461020d57600080fd5b80631703a018116101555780631703a0181461019957806320ea8d86146101b45780632a758595146101c757600080fd5b80630192337114610171578063080b91ee14610186575b600080fd5b61018461017f366004611c6c565b6103c9565b005b610184610194366004611d7b565b610607565b6101a1610703565b6040519081526020015b60405180910390f35b6101846101c2366004611dcb565b610986565b6101ea6101d5366004611dcb565b60396020526000908152604090205460ff1681565b60405190151581526020016101ab565b6101a1610208366004611e06565b610c68565b610215610d51565b6040516101ab9190611ebf565b6102497f000000000000000000000000000000000000000000000000000000000000000081565b60405173ffffffffffffffffffffffffffffffffffffffff90911681526020016101ab565b6101ea61027c366004611dcb565b610df4565b6101ea61028f366004611ed9565b600082815260346020908152604080832073ffffffffffffffffffffffffffffffffffffffff8516845260010190915290205460ff1692915050565b6101a16102d9366004611dcb565b60009081526034602052604090205490565b6102f3610e18565b60405165ffffffffffff90911681526020016101ab565b6101a1610318366004611efe565b610f44565b61033061032b366004611dcb565b61106d565b6040516101ab9493929190611f1b565b6102497f000000000000000000000000000000000000000000000000000000000000000081565b6101a160385481565b6101a161037e366004611dcb565b60346020526000908152604090205481565b61018461039e366004611dcb565b61114b565b6101a16103b1366004611e06565b6113ad565b6101846103c4366004611dcb565b611442565b3360006103d582610f44565b1161044d5760405162461bcd60e51b815260206004820152603b60248201527f546f6b656e4d756c746953696757616c6c65743a206f6e6c7920616c6c6f776560448201527f6420746f20676f7665726e616e636520746f6b656e206f776e6572000000000060648201526084015b60405180910390fd5b60008381526039602052604090205460ff1615806104685750815b6105015760405162461bcd60e51b8152602060048201526044602482018190527f5365637572697479436f756e63696c3a20746865206f75747075742068617320908201527f616c7265616479206265656e2072657175657374656420746f2062652064656c60648201527f6574656400000000000000000000000000000000000000000000000000000000608482015260a401610444565b6040805160248082018690528251808303909101815260449091019091526020810180517bffffffffffffffffffffffffffffffffffffffffffffffffffffffff167fe39a219c0000000000000000000000000000000000000000000000000000000017905260006105947f000000000000000000000000000000000000000000000000000000000000000082846113ad565b905061059f8161114b565b60008581526039602052604080822080547fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0016600117905551869183917fc63c84660a471a970585c7cab9d0601af8e717ff0822a2ea049a3542fc5aa55a9190a35050505050565b3373ffffffffffffffffffffffffffffffffffffffff7f000000000000000000000000000000000000000000000000000000000000000016146106b25760405162461bcd60e51b815260206004820152603c60248201527f5365637572697479436f756e63696c3a206f6e6c792074686520636f6c6f737360448201527f65756d20636f6e74726163742063616e20626520612073656e646572000000006064820152608401610444565b60006106c0336000846117b0565b604080518681526020810186905291925082917eef5106e82a682c776fd7748be042f406a9ee0feaaea86ae9029477c2b91f2a910160405180910390a250505050565b6000806001610710610e18565b61071a9190611f91565b65ffffffffffff1690507f000000000000000000000000000000000000000000000000000000000000000073ffffffffffffffffffffffffffffffffffffffff166397c3d3346040518163ffffffff1660e01b8152600401602060405180830381865afa15801561078f573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906107b39190611fb8565b6040517f60c4247f000000000000000000000000000000000000000000000000000000008152600481018390527f000000000000000000000000000000000000000000000000000000000000000073ffffffffffffffffffffffffffffffffffffffff16906360c4247f90602401602060405180830381865afa15801561083e573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906108629190611fb8565b7f000000000000000000000000000000000000000000000000000000000000000073ffffffffffffffffffffffffffffffffffffffff1663fc0c546a6040518163ffffffff1660e01b8152600401602060405180830381865afa1580156108cd573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906108f19190611fd1565b73ffffffffffffffffffffffffffffffffffffffff16638e539e8c846040518263ffffffff1660e01b815260040161092b91815260200190565b602060405180830381865afa158015610948573d6000803e3d6000fd5b505050506040513d601f19601f8201168201806040525081019061096c9190611fb8565b6109769190611fee565b610980919061202b565b91505090565b33600061099282610f44565b11610a055760405162461bcd60e51b815260206004820152603b60248201527f546f6b656e4d756c746953696757616c6c65743a206f6e6c7920616c6c6f776560448201527f6420746f20676f7665726e616e636520746f6b656e206f776e657200000000006064820152608401610444565b600082815260336020526040902054829073ffffffffffffffffffffffffffffffffffffffff16610a9e5760405162461bcd60e51b815260206004820152602f60248201527f546f6b656e4d756c746953696757616c6c65743a207472616e73616374696f6e60448201527f20646f6573206e6f7420657869737400000000000000000000000000000000006064820152608401610444565b600083815260336020526040902054839074010000000000000000000000000000000000000000900460ff1615610b3d5760405162461bcd60e51b815260206004820152602560248201527f546f6b656e4d756c746953696757616c6c65743a20616c72656164792065786560448201527f63757465640000000000000000000000000000000000000000000000000000006064820152608401610444565b600084815260346020908152604080832033845260010190915290205460ff16610bcf5760405162461bcd60e51b815260206004820152602660248201527f546f6b656e4d756c746953696757616c6c65743a206e6f7420636f6e6669726d60448201527f65642079657400000000000000000000000000000000000000000000000000006064820152608401610444565b60008481526034602090815260408083203380855260018201909352922080547fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00169055610c1c90610f44565b816000016000828254610c2f9190612066565b9091555050604051859033907f795394da21278ca39d59bb3ca00efeebdc0679acc420916c7385c2c5d942656f90600090a35050505050565b60008373ffffffffffffffffffffffffffffffffffffffff8116610cf45760405162461bcd60e51b815260206004820152602960248201527f546f6b656e4d756c746953696757616c6c65743a20616464726573732069732060448201527f6e6f742076616c696400000000000000000000000000000000000000000000006064820152608401610444565b848484610cff610e18565b604051602001610d12949392919061207d565b604080517fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0818403018152919052805160209091012095945050505050565b6060610d7c7f00000000000000000000000000000000000000000000000000000000000000006119d7565b610da57f00000000000000000000000000000000000000000000000000000000000000006119d7565b610dce7f00000000000000000000000000000000000000000000000000000000000000006119d7565b604051602001610de0939291906120cb565b604051602081830303815290604052905090565b6000610dfe610703565b600092835260346020526040909220549190911015919050565b60007f000000000000000000000000000000000000000000000000000000000000000073ffffffffffffffffffffffffffffffffffffffff1663fc0c546a6040518163ffffffff1660e01b8152600401602060405180830381865afa158015610e85573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190610ea99190611fd1565b73ffffffffffffffffffffffffffffffffffffffff166391ddadf46040518163ffffffff1660e01b8152600401602060405180830381865afa925050508015610f2d575060408051601f3d9081017fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0168201909252610f2a91810190612141565b60015b610f3f57610f3a43611a95565b905090565b919050565b60007f000000000000000000000000000000000000000000000000000000000000000073ffffffffffffffffffffffffffffffffffffffff1663fc0c546a6040518163ffffffff1660e01b8152600401602060405180830381865afa158015610fb1573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190610fd59190611fd1565b6040517f9ab24eb000000000000000000000000000000000000000000000000000000000815273ffffffffffffffffffffffffffffffffffffffff84811660048301529190911690639ab24eb090602401602060405180830381865afa158015611043573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906110679190611fb8565b92915050565b60336020526000908152604090208054600182015460028301805473ffffffffffffffffffffffffffffffffffffffff8416947401000000000000000000000000000000000000000090940460ff169391906110c890612169565b80601f01602080910402602001604051908101604052809291908181526020018280546110f490612169565b80156111415780601f1061111657610100808354040283529160200191611141565b820191906000526020600020905b81548152906001019060200180831161112457829003601f168201915b5050505050905084565b33600061115782610f44565b116111ca5760405162461bcd60e51b815260206004820152603b60248201527f546f6b656e4d756c746953696757616c6c65743a206f6e6c7920616c6c6f776560448201527f6420746f20676f7665726e616e636520746f6b656e206f776e657200000000006064820152608401610444565b600082815260336020526040902054829073ffffffffffffffffffffffffffffffffffffffff166112635760405162461bcd60e51b815260206004820152602f60248201527f546f6b656e4d756c746953696757616c6c65743a207472616e73616374696f6e60448201527f20646f6573206e6f7420657869737400000000000000000000000000000000006064820152608401610444565b6000838152603460209081526040808320338452600181019092529091205460ff16156112f85760405162461bcd60e51b815260206004820152602660248201527f546f6b656e4d756c746953696757616c6c65743a20616c726561647920636f6e60448201527f6669726d656400000000000000000000000000000000000000000000000000006064820152608401610444565b3360008181526001838101602052604090912080547fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0016909117905561133d90610f44565b81600001600082825461135091906121bc565b9091555050604051849033907ff8a17c9136a3ae33364fac05eb088a3cbafee10c1889c88593e20ee2d8e4eb8890600090a361138a610703565b600085815260346020526040902054106113a7576113a784611442565b50505050565b60003360006113bb82610f44565b1161142e5760405162461bcd60e51b815260206004820152603b60248201527f546f6b656e4d756c746953696757616c6c65743a206f6e6c7920616c6c6f776560448201527f6420746f20676f7665726e616e636520746f6b656e206f776e657200000000006064820152608401610444565b6114398585856117b0565b95945050505050565b61144a611b17565b600081815260336020526040902054819073ffffffffffffffffffffffffffffffffffffffff166114e35760405162461bcd60e51b815260206004820152602f60248201527f546f6b656e4d756c746953696757616c6c65743a207472616e73616374696f6e60448201527f20646f6573206e6f7420657869737400000000000000000000000000000000006064820152608401610444565b600082815260336020526040902054829074010000000000000000000000000000000000000000900460ff16156115825760405162461bcd60e51b815260206004820152602560248201527f546f6b656e4d756c746953696757616c6c65743a20616c72656164792065786560448201527f63757465640000000000000000000000000000000000000000000000000000006064820152608401610444565b61158b83610df4565b6115fd5760405162461bcd60e51b815260206004820152602760248201527f546f6b656e4d756c746953696757616c6c65743a2071756f72756d206e6f742060448201527f72656163686564000000000000000000000000000000000000000000000000006064820152608401610444565b600083815260336020526040812080547fffffffffffffffffffffff00ffffffffffffffffffffffffffffffffffffffff8116740100000000000000000000000000000000000000001782559091906116fe9073ffffffffffffffffffffffffffffffffffffffff165a846001015485600201805461167b90612169565b80601f01602080910402602001604051908101604052809291908181526020018280546116a790612169565b80156116f45780601f106116c9576101008083540402835291602001916116f4565b820191906000526020600020905b8154815290600101906020018083116116d757829003601f168201915b5050505050611b70565b9050806117735760405162461bcd60e51b815260206004820152602c60248201527f546f6b656e4d756c746953696757616c6c65743a2063616c6c207472616e736160448201527f6374696f6e206661696c656400000000000000000000000000000000000000006064820152608401610444565b604051859033907f4e86ad0da28cbaaaa7e93e36c43b32696e970535225b316f1b84fbf30bdc04e890600090a3505050506117ad60018055565b50565b60008373ffffffffffffffffffffffffffffffffffffffff811661183c5760405162461bcd60e51b815260206004820152602960248201527f546f6b656e4d756c746953696757616c6c65743a20616464726573732069732060448201527f6e6f742076616c696400000000000000000000000000000000000000000000006064820152608401610444565b6000611849868686610c68565b60008181526033602052604090205490915073ffffffffffffffffffffffffffffffffffffffff16156118e45760405162461bcd60e51b815260206004820152602f60248201527f546f6b656e4d756c746953696757616c6c65743a207472616e73616374696f6e60448201527f20616c72656164792065786973747300000000000000000000000000000000006064820152608401610444565b6040805160808101825273ffffffffffffffffffffffffffffffffffffffff8089168252600060208084018281528486018b8152606086018b8152888552603390935295909220845181549351151574010000000000000000000000000000000000000000027fffffffffffffffffffffff00000000000000000000000000000000000000000090941694169390931791909117825592516001820155915190919060028201906119959082612223565b505060388054600101905550604051819033907f1f50cd00b6a6fe3928bf4a5f2f23829e9a1c9396573b828b5fa14d95aae7e77590600090a395945050505050565b606060006119e483611b8a565b600101905060008167ffffffffffffffff811115611a0457611a04611ca1565b6040519080825280601f01601f191660200182016040528015611a2e576020820181803683370190505b5090508181016020015b7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff017f3031323334353637383961626364656600000000000000000000000000000000600a86061a8153600a8504945084611a3857509392505050565b600065ffffffffffff821115611b135760405162461bcd60e51b815260206004820152602660248201527f53616665436173743a2076616c756520646f65736e27742066697420696e203460448201527f38206269747300000000000000000000000000000000000000000000000000006064820152608401610444565b5090565b600260015403611b695760405162461bcd60e51b815260206004820152601f60248201527f5265656e7472616e637947756172643a207265656e7472616e742063616c6c006044820152606401610444565b6002600155565b600080600080845160208601878a8af19695505050505050565b6000807a184f03e93ff9f4daa797ed6e38ed64bf6a1f0100000000000000008310611bd3577a184f03e93ff9f4daa797ed6e38ed64bf6a1f010000000000000000830492506040015b6d04ee2d6d415b85acef81000000008310611bff576d04ee2d6d415b85acef8100000000830492506020015b662386f26fc100008310611c1d57662386f26fc10000830492506010015b6305f5e1008310611c35576305f5e100830492506008015b6127108310611c4957612710830492506004015b60648310611c5b576064830492506002015b600a83106110675760010192915050565b60008060408385031215611c7f57600080fd5b8235915060208301358015158114611c9657600080fd5b809150509250929050565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052604160045260246000fd5b600082601f830112611ce157600080fd5b813567ffffffffffffffff80821115611cfc57611cfc611ca1565b604051601f83017fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0908116603f01168101908282118183101715611d4257611d42611ca1565b81604052838152866020858801011115611d5b57600080fd5b836020870160208301376000602085830101528094505050505092915050565b600080600060608486031215611d9057600080fd5b8335925060208401359150604084013567ffffffffffffffff811115611db557600080fd5b611dc186828701611cd0565b9150509250925092565b600060208284031215611ddd57600080fd5b5035919050565b73ffffffffffffffffffffffffffffffffffffffff811681146117ad57600080fd5b600080600060608486031215611e1b57600080fd5b8335611e2681611de4565b925060208401359150604084013567ffffffffffffffff811115611db557600080fd5b60005b83811015611e64578181015183820152602001611e4c565b838111156113a75750506000910152565b60008151808452611e8d816020860160208601611e49565b601f017fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0169290920160200192915050565b602081526000611ed26020830184611e75565b9392505050565b60008060408385031215611eec57600080fd5b823591506020830135611c9681611de4565b600060208284031215611f1057600080fd5b8135611ed281611de4565b73ffffffffffffffffffffffffffffffffffffffff851681528315156020820152826040820152608060608201526000611f586080830184611e75565b9695505050505050565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052601160045260246000fd5b600065ffffffffffff83811690831681811015611fb057611fb0611f62565b039392505050565b600060208284031215611fca57600080fd5b5051919050565b600060208284031215611fe357600080fd5b8151611ed281611de4565b6000817fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff048311821515161561202657612026611f62565b500290565b600082612061577f4e487b7100000000000000000000000000000000000000000000000000000000600052601260045260246000fd5b500490565b60008282101561207857612078611f62565b500390565b73ffffffffffffffffffffffffffffffffffffffff851681528360208201526080604082015260006120b26080830185611e75565b905065ffffffffffff8316606083015295945050505050565b600084516120dd818460208901611e49565b80830190507f2e000000000000000000000000000000000000000000000000000000000000008082528551612119816001850160208a01611e49565b60019201918201528351612134816002840160208801611e49565b0160020195945050505050565b60006020828403121561215357600080fd5b815165ffffffffffff81168114611ed257600080fd5b600181811c9082168061217d57607f821691505b6020821081036121b6577f4e487b7100000000000000000000000000000000000000000000000000000000600052602260045260246000fd5b50919050565b600082198211156121cf576121cf611f62565b500190565b601f82111561221e57600081815260208120601f850160051c810160208610156121fb5750805b601f850160051c820191505b8181101561221a57828155600101612207565b5050505b505050565b815167ffffffffffffffff81111561223d5761223d611ca1565b6122518161224b8454612169565b846121d4565b602080601f8311600181146122a4576000841561226e5750858301515b7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff600386901b1c1916600185901b17855561221a565b6000858152602081207fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe08616915b828110156122f1578886015182559484019460019091019084016122d2565b508582101561232d57878501517fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff600388901b60f8161c191681555b5050505050600190811b0190555056fea164736f6c634300080f000a000000000000000000000000713c2bed44eb45d490afb8d4d1aa6f12290b829a000000000000000000000000b3c415c2aad428d5570208e1772cb68e7d06a537
Deployed Bytecode
0x608060405234801561001057600080fd5b506004361061016c5760003560e01c80638b51d13f116100cd578063b77bf60011610081578063c01a8c8411610066578063c01a8c8414610390578063c6427474146103a3578063ee22610b146103b657600080fd5b8063b77bf60014610367578063b9774f7b1461037057600080fd5b80639ab24eb0116100b25780639ab24eb01461030a5780639ace38c21461031d5780639e45e8f41461034057600080fd5b80638b51d13f146102cb57806391ddadf4146102eb57600080fd5b806349ae963d116101245780636dc0ae22116101095780636dc0ae2214610222578063784547a71461026e5780638a8e784c1461028157600080fd5b806349ae963d146101fa57806354fd4d501461020d57600080fd5b80631703a018116101555780631703a0181461019957806320ea8d86146101b45780632a758595146101c757600080fd5b80630192337114610171578063080b91ee14610186575b600080fd5b61018461017f366004611c6c565b6103c9565b005b610184610194366004611d7b565b610607565b6101a1610703565b6040519081526020015b60405180910390f35b6101846101c2366004611dcb565b610986565b6101ea6101d5366004611dcb565b60396020526000908152604090205460ff1681565b60405190151581526020016101ab565b6101a1610208366004611e06565b610c68565b610215610d51565b6040516101ab9190611ebf565b6102497f000000000000000000000000b3c415c2aad428d5570208e1772cb68e7d06a53781565b60405173ffffffffffffffffffffffffffffffffffffffff90911681526020016101ab565b6101ea61027c366004611dcb565b610df4565b6101ea61028f366004611ed9565b600082815260346020908152604080832073ffffffffffffffffffffffffffffffffffffffff8516845260010190915290205460ff1692915050565b6101a16102d9366004611dcb565b60009081526034602052604090205490565b6102f3610e18565b60405165ffffffffffff90911681526020016101ab565b6101a1610318366004611efe565b610f44565b61033061032b366004611dcb565b61106d565b6040516101ab9493929190611f1b565b6102497f000000000000000000000000713c2bed44eb45d490afb8d4d1aa6f12290b829a81565b6101a160385481565b6101a161037e366004611dcb565b60346020526000908152604090205481565b61018461039e366004611dcb565b61114b565b6101a16103b1366004611e06565b6113ad565b6101846103c4366004611dcb565b611442565b3360006103d582610f44565b1161044d5760405162461bcd60e51b815260206004820152603b60248201527f546f6b656e4d756c746953696757616c6c65743a206f6e6c7920616c6c6f776560448201527f6420746f20676f7665726e616e636520746f6b656e206f776e6572000000000060648201526084015b60405180910390fd5b60008381526039602052604090205460ff1615806104685750815b6105015760405162461bcd60e51b8152602060048201526044602482018190527f5365637572697479436f756e63696c3a20746865206f75747075742068617320908201527f616c7265616479206265656e2072657175657374656420746f2062652064656c60648201527f6574656400000000000000000000000000000000000000000000000000000000608482015260a401610444565b6040805160248082018690528251808303909101815260449091019091526020810180517bffffffffffffffffffffffffffffffffffffffffffffffffffffffff167fe39a219c0000000000000000000000000000000000000000000000000000000017905260006105947f000000000000000000000000713c2bed44eb45d490afb8d4d1aa6f12290b829a82846113ad565b905061059f8161114b565b60008581526039602052604080822080547fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0016600117905551869183917fc63c84660a471a970585c7cab9d0601af8e717ff0822a2ea049a3542fc5aa55a9190a35050505050565b3373ffffffffffffffffffffffffffffffffffffffff7f000000000000000000000000713c2bed44eb45d490afb8d4d1aa6f12290b829a16146106b25760405162461bcd60e51b815260206004820152603c60248201527f5365637572697479436f756e63696c3a206f6e6c792074686520636f6c6f737360448201527f65756d20636f6e74726163742063616e20626520612073656e646572000000006064820152608401610444565b60006106c0336000846117b0565b604080518681526020810186905291925082917eef5106e82a682c776fd7748be042f406a9ee0feaaea86ae9029477c2b91f2a910160405180910390a250505050565b6000806001610710610e18565b61071a9190611f91565b65ffffffffffff1690507f000000000000000000000000b3c415c2aad428d5570208e1772cb68e7d06a53773ffffffffffffffffffffffffffffffffffffffff166397c3d3346040518163ffffffff1660e01b8152600401602060405180830381865afa15801561078f573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906107b39190611fb8565b6040517f60c4247f000000000000000000000000000000000000000000000000000000008152600481018390527f000000000000000000000000b3c415c2aad428d5570208e1772cb68e7d06a53773ffffffffffffffffffffffffffffffffffffffff16906360c4247f90602401602060405180830381865afa15801561083e573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906108629190611fb8565b7f000000000000000000000000b3c415c2aad428d5570208e1772cb68e7d06a53773ffffffffffffffffffffffffffffffffffffffff1663fc0c546a6040518163ffffffff1660e01b8152600401602060405180830381865afa1580156108cd573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906108f19190611fd1565b73ffffffffffffffffffffffffffffffffffffffff16638e539e8c846040518263ffffffff1660e01b815260040161092b91815260200190565b602060405180830381865afa158015610948573d6000803e3d6000fd5b505050506040513d601f19601f8201168201806040525081019061096c9190611fb8565b6109769190611fee565b610980919061202b565b91505090565b33600061099282610f44565b11610a055760405162461bcd60e51b815260206004820152603b60248201527f546f6b656e4d756c746953696757616c6c65743a206f6e6c7920616c6c6f776560448201527f6420746f20676f7665726e616e636520746f6b656e206f776e657200000000006064820152608401610444565b600082815260336020526040902054829073ffffffffffffffffffffffffffffffffffffffff16610a9e5760405162461bcd60e51b815260206004820152602f60248201527f546f6b656e4d756c746953696757616c6c65743a207472616e73616374696f6e60448201527f20646f6573206e6f7420657869737400000000000000000000000000000000006064820152608401610444565b600083815260336020526040902054839074010000000000000000000000000000000000000000900460ff1615610b3d5760405162461bcd60e51b815260206004820152602560248201527f546f6b656e4d756c746953696757616c6c65743a20616c72656164792065786560448201527f63757465640000000000000000000000000000000000000000000000000000006064820152608401610444565b600084815260346020908152604080832033845260010190915290205460ff16610bcf5760405162461bcd60e51b815260206004820152602660248201527f546f6b656e4d756c746953696757616c6c65743a206e6f7420636f6e6669726d60448201527f65642079657400000000000000000000000000000000000000000000000000006064820152608401610444565b60008481526034602090815260408083203380855260018201909352922080547fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00169055610c1c90610f44565b816000016000828254610c2f9190612066565b9091555050604051859033907f795394da21278ca39d59bb3ca00efeebdc0679acc420916c7385c2c5d942656f90600090a35050505050565b60008373ffffffffffffffffffffffffffffffffffffffff8116610cf45760405162461bcd60e51b815260206004820152602960248201527f546f6b656e4d756c746953696757616c6c65743a20616464726573732069732060448201527f6e6f742076616c696400000000000000000000000000000000000000000000006064820152608401610444565b848484610cff610e18565b604051602001610d12949392919061207d565b604080517fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0818403018152919052805160209091012095945050505050565b6060610d7c7f00000000000000000000000000000000000000000000000000000000000000016119d7565b610da57f00000000000000000000000000000000000000000000000000000000000000016119d7565b610dce7f00000000000000000000000000000000000000000000000000000000000000006119d7565b604051602001610de0939291906120cb565b604051602081830303815290604052905090565b6000610dfe610703565b600092835260346020526040909220549190911015919050565b60007f000000000000000000000000b3c415c2aad428d5570208e1772cb68e7d06a53773ffffffffffffffffffffffffffffffffffffffff1663fc0c546a6040518163ffffffff1660e01b8152600401602060405180830381865afa158015610e85573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190610ea99190611fd1565b73ffffffffffffffffffffffffffffffffffffffff166391ddadf46040518163ffffffff1660e01b8152600401602060405180830381865afa925050508015610f2d575060408051601f3d9081017fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0168201909252610f2a91810190612141565b60015b610f3f57610f3a43611a95565b905090565b919050565b60007f000000000000000000000000b3c415c2aad428d5570208e1772cb68e7d06a53773ffffffffffffffffffffffffffffffffffffffff1663fc0c546a6040518163ffffffff1660e01b8152600401602060405180830381865afa158015610fb1573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190610fd59190611fd1565b6040517f9ab24eb000000000000000000000000000000000000000000000000000000000815273ffffffffffffffffffffffffffffffffffffffff84811660048301529190911690639ab24eb090602401602060405180830381865afa158015611043573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906110679190611fb8565b92915050565b60336020526000908152604090208054600182015460028301805473ffffffffffffffffffffffffffffffffffffffff8416947401000000000000000000000000000000000000000090940460ff169391906110c890612169565b80601f01602080910402602001604051908101604052809291908181526020018280546110f490612169565b80156111415780601f1061111657610100808354040283529160200191611141565b820191906000526020600020905b81548152906001019060200180831161112457829003601f168201915b5050505050905084565b33600061115782610f44565b116111ca5760405162461bcd60e51b815260206004820152603b60248201527f546f6b656e4d756c746953696757616c6c65743a206f6e6c7920616c6c6f776560448201527f6420746f20676f7665726e616e636520746f6b656e206f776e657200000000006064820152608401610444565b600082815260336020526040902054829073ffffffffffffffffffffffffffffffffffffffff166112635760405162461bcd60e51b815260206004820152602f60248201527f546f6b656e4d756c746953696757616c6c65743a207472616e73616374696f6e60448201527f20646f6573206e6f7420657869737400000000000000000000000000000000006064820152608401610444565b6000838152603460209081526040808320338452600181019092529091205460ff16156112f85760405162461bcd60e51b815260206004820152602660248201527f546f6b656e4d756c746953696757616c6c65743a20616c726561647920636f6e60448201527f6669726d656400000000000000000000000000000000000000000000000000006064820152608401610444565b3360008181526001838101602052604090912080547fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0016909117905561133d90610f44565b81600001600082825461135091906121bc565b9091555050604051849033907ff8a17c9136a3ae33364fac05eb088a3cbafee10c1889c88593e20ee2d8e4eb8890600090a361138a610703565b600085815260346020526040902054106113a7576113a784611442565b50505050565b60003360006113bb82610f44565b1161142e5760405162461bcd60e51b815260206004820152603b60248201527f546f6b656e4d756c746953696757616c6c65743a206f6e6c7920616c6c6f776560448201527f6420746f20676f7665726e616e636520746f6b656e206f776e657200000000006064820152608401610444565b6114398585856117b0565b95945050505050565b61144a611b17565b600081815260336020526040902054819073ffffffffffffffffffffffffffffffffffffffff166114e35760405162461bcd60e51b815260206004820152602f60248201527f546f6b656e4d756c746953696757616c6c65743a207472616e73616374696f6e60448201527f20646f6573206e6f7420657869737400000000000000000000000000000000006064820152608401610444565b600082815260336020526040902054829074010000000000000000000000000000000000000000900460ff16156115825760405162461bcd60e51b815260206004820152602560248201527f546f6b656e4d756c746953696757616c6c65743a20616c72656164792065786560448201527f63757465640000000000000000000000000000000000000000000000000000006064820152608401610444565b61158b83610df4565b6115fd5760405162461bcd60e51b815260206004820152602760248201527f546f6b656e4d756c746953696757616c6c65743a2071756f72756d206e6f742060448201527f72656163686564000000000000000000000000000000000000000000000000006064820152608401610444565b600083815260336020526040812080547fffffffffffffffffffffff00ffffffffffffffffffffffffffffffffffffffff8116740100000000000000000000000000000000000000001782559091906116fe9073ffffffffffffffffffffffffffffffffffffffff165a846001015485600201805461167b90612169565b80601f01602080910402602001604051908101604052809291908181526020018280546116a790612169565b80156116f45780601f106116c9576101008083540402835291602001916116f4565b820191906000526020600020905b8154815290600101906020018083116116d757829003601f168201915b5050505050611b70565b9050806117735760405162461bcd60e51b815260206004820152602c60248201527f546f6b656e4d756c746953696757616c6c65743a2063616c6c207472616e736160448201527f6374696f6e206661696c656400000000000000000000000000000000000000006064820152608401610444565b604051859033907f4e86ad0da28cbaaaa7e93e36c43b32696e970535225b316f1b84fbf30bdc04e890600090a3505050506117ad60018055565b50565b60008373ffffffffffffffffffffffffffffffffffffffff811661183c5760405162461bcd60e51b815260206004820152602960248201527f546f6b656e4d756c746953696757616c6c65743a20616464726573732069732060448201527f6e6f742076616c696400000000000000000000000000000000000000000000006064820152608401610444565b6000611849868686610c68565b60008181526033602052604090205490915073ffffffffffffffffffffffffffffffffffffffff16156118e45760405162461bcd60e51b815260206004820152602f60248201527f546f6b656e4d756c746953696757616c6c65743a207472616e73616374696f6e60448201527f20616c72656164792065786973747300000000000000000000000000000000006064820152608401610444565b6040805160808101825273ffffffffffffffffffffffffffffffffffffffff8089168252600060208084018281528486018b8152606086018b8152888552603390935295909220845181549351151574010000000000000000000000000000000000000000027fffffffffffffffffffffff00000000000000000000000000000000000000000090941694169390931791909117825592516001820155915190919060028201906119959082612223565b505060388054600101905550604051819033907f1f50cd00b6a6fe3928bf4a5f2f23829e9a1c9396573b828b5fa14d95aae7e77590600090a395945050505050565b606060006119e483611b8a565b600101905060008167ffffffffffffffff811115611a0457611a04611ca1565b6040519080825280601f01601f191660200182016040528015611a2e576020820181803683370190505b5090508181016020015b7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff017f3031323334353637383961626364656600000000000000000000000000000000600a86061a8153600a8504945084611a3857509392505050565b600065ffffffffffff821115611b135760405162461bcd60e51b815260206004820152602660248201527f53616665436173743a2076616c756520646f65736e27742066697420696e203460448201527f38206269747300000000000000000000000000000000000000000000000000006064820152608401610444565b5090565b600260015403611b695760405162461bcd60e51b815260206004820152601f60248201527f5265656e7472616e637947756172643a207265656e7472616e742063616c6c006044820152606401610444565b6002600155565b600080600080845160208601878a8af19695505050505050565b6000807a184f03e93ff9f4daa797ed6e38ed64bf6a1f0100000000000000008310611bd3577a184f03e93ff9f4daa797ed6e38ed64bf6a1f010000000000000000830492506040015b6d04ee2d6d415b85acef81000000008310611bff576d04ee2d6d415b85acef8100000000830492506020015b662386f26fc100008310611c1d57662386f26fc10000830492506010015b6305f5e1008310611c35576305f5e100830492506008015b6127108310611c4957612710830492506004015b60648310611c5b576064830492506002015b600a83106110675760010192915050565b60008060408385031215611c7f57600080fd5b8235915060208301358015158114611c9657600080fd5b809150509250929050565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052604160045260246000fd5b600082601f830112611ce157600080fd5b813567ffffffffffffffff80821115611cfc57611cfc611ca1565b604051601f83017fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0908116603f01168101908282118183101715611d4257611d42611ca1565b81604052838152866020858801011115611d5b57600080fd5b836020870160208301376000602085830101528094505050505092915050565b600080600060608486031215611d9057600080fd5b8335925060208401359150604084013567ffffffffffffffff811115611db557600080fd5b611dc186828701611cd0565b9150509250925092565b600060208284031215611ddd57600080fd5b5035919050565b73ffffffffffffffffffffffffffffffffffffffff811681146117ad57600080fd5b600080600060608486031215611e1b57600080fd5b8335611e2681611de4565b925060208401359150604084013567ffffffffffffffff811115611db557600080fd5b60005b83811015611e64578181015183820152602001611e4c565b838111156113a75750506000910152565b60008151808452611e8d816020860160208601611e49565b601f017fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0169290920160200192915050565b602081526000611ed26020830184611e75565b9392505050565b60008060408385031215611eec57600080fd5b823591506020830135611c9681611de4565b600060208284031215611f1057600080fd5b8135611ed281611de4565b73ffffffffffffffffffffffffffffffffffffffff851681528315156020820152826040820152608060608201526000611f586080830184611e75565b9695505050505050565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052601160045260246000fd5b600065ffffffffffff83811690831681811015611fb057611fb0611f62565b039392505050565b600060208284031215611fca57600080fd5b5051919050565b600060208284031215611fe357600080fd5b8151611ed281611de4565b6000817fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff048311821515161561202657612026611f62565b500290565b600082612061577f4e487b7100000000000000000000000000000000000000000000000000000000600052601260045260246000fd5b500490565b60008282101561207857612078611f62565b500390565b73ffffffffffffffffffffffffffffffffffffffff851681528360208201526080604082015260006120b26080830185611e75565b905065ffffffffffff8316606083015295945050505050565b600084516120dd818460208901611e49565b80830190507f2e000000000000000000000000000000000000000000000000000000000000008082528551612119816001850160208a01611e49565b60019201918201528351612134816002840160208801611e49565b0160020195945050505050565b60006020828403121561215357600080fd5b815165ffffffffffff81168114611ed257600080fd5b600181811c9082168061217d57607f821691505b6020821081036121b6577f4e487b7100000000000000000000000000000000000000000000000000000000600052602260045260246000fd5b50919050565b600082198211156121cf576121cf611f62565b500190565b601f82111561221e57600081815260208120601f850160051c810160208610156121fb5750805b601f850160051c820191505b8181101561221a57828155600101612207565b5050505b505050565b815167ffffffffffffffff81111561223d5761223d611ca1565b6122518161224b8454612169565b846121d4565b602080601f8311600181146122a4576000841561226e5750858301515b7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff600386901b1c1916600185901b17855561221a565b6000858152602081207fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe08616915b828110156122f1578886015182559484019460019091019084016122d2565b508582101561232d57878501517fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff600388901b60f8161c191681555b5050505050600190811b0190555056fea164736f6c634300080f000a
Constructor Arguments (ABI-Encoded and is the last bytes of the Contract Creation Code above)
000000000000000000000000713c2bed44eb45d490afb8d4d1aa6f12290b829a000000000000000000000000b3c415c2aad428d5570208e1772cb68e7d06a537
-----Decoded View---------------
Arg [0] : _colosseum (address): 0x713C2BEd44eB45D490afB8D4d1aA6F12290B829a
Arg [1] : _governor (address): 0xb3c415c2Aad428D5570208e1772cb68e7D06a537
-----Encoded View---------------
2 Constructor Arguments found :
Arg [0] : 000000000000000000000000713c2bed44eb45d490afb8d4d1aa6f12290b829a
Arg [1] : 000000000000000000000000b3c415c2aad428d5570208e1772cb68e7d06a537
Loading...
Loading
Loading...
Loading
Multichain Portfolio | 29 Chains
Chain | Token | Portfolio % | Price | Amount | Value |
---|
Loading...
Loading
A contract address hosts a smart contract, which is a set of code stored on the blockchain that runs when predetermined conditions are met. Learn more about addresses in our Knowledge Base.