Overview
ETH Balance
0 ETH
ETH Value
$0.00More Info
Private Name Tags
ContractCreator
GENESIS at txn GENESIS_c0d3c0d3c0d3c0d3c0d3c0d3c0d3c0d3c0d30013
Latest 1 from a total of 1 transactions
Transaction Hash |
Method
|
Block
|
From
|
To
|
|||||
---|---|---|---|---|---|---|---|---|---|
GENESIS_c0d3c0d3c0d3c0d3c0d3c0d3c0d3c0d3c0d30013 | 0x60806040 | 0 | 1419 days ago | GENESIS | IN | 0 ETH | 0 |
Latest 25 internal transactions (View All)
Advanced mode:
Parent Transaction Hash | Block | From | To | |||
---|---|---|---|---|---|---|
107558134 | 492 days ago | 0 ETH | ||||
107558134 | 492 days ago | 0 ETH | ||||
107558134 | 492 days ago | 0 ETH | ||||
107558078 | 492 days ago | 0 ETH | ||||
107558078 | 492 days ago | 0 ETH | ||||
107558078 | 492 days ago | 0 ETH | ||||
107557458 | 492 days ago | 0 ETH | ||||
107557458 | 492 days ago | 0 ETH | ||||
107557458 | 492 days ago | 0 ETH | ||||
107554274 | 492 days ago | 0 ETH | ||||
107554274 | 492 days ago | 0 ETH | ||||
107554274 | 492 days ago | 0 ETH | ||||
107553758 | 492 days ago | 0 ETH | ||||
107553758 | 492 days ago | 0 ETH | ||||
107553758 | 492 days ago | 0 ETH | ||||
107553471 | 492 days ago | 0 ETH | ||||
107553471 | 492 days ago | 0 ETH | ||||
107553471 | 492 days ago | 0 ETH | ||||
107552784 | 492 days ago | 0 ETH | ||||
107552784 | 492 days ago | 0 ETH | ||||
107552784 | 492 days ago | 0 ETH | ||||
107552766 | 492 days ago | 0 ETH | ||||
107552766 | 492 days ago | 0 ETH | ||||
107552766 | 492 days ago | 0 ETH | ||||
107546637 | 492 days ago | 0 ETH |
Loading...
Loading
Contract Name:
L1BlockNumber
Compiler Version
v0.8.15+commit.e14f2714
Contract Source Code (Solidity Standard Json-Input format)
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { L1Block } from "../L2/L1Block.sol"; import { Predeploys } from "../libraries/Predeploys.sol"; import { Semver } from "../universal/Semver.sol"; /** * @custom:legacy * @custom:proxied * @custom:predeploy 0x4200000000000000000000000000000000000013 * @title L1BlockNumber * @notice L1BlockNumber is a legacy contract that fills the roll of the OVM_L1BlockNumber contract * in the old version of the Optimism system. Only necessary for backwards compatibility. * If you want to access the L1 block number going forward, you should use the L1Block * contract instead. */ contract L1BlockNumber is Semver { /** * @custom:semver 1.0.0 */ constructor() Semver(1, 0, 0) {} /** * @notice Returns the L1 block number. */ receive() external payable { uint256 l1BlockNumber = getL1BlockNumber(); assembly { mstore(0, l1BlockNumber) return(0, 32) } } /** * @notice Returns the L1 block number. */ // solhint-disable-next-line no-complex-fallback fallback() external payable { uint256 l1BlockNumber = getL1BlockNumber(); assembly { mstore(0, l1BlockNumber) return(0, 32) } } /** * @notice Retrieves the latest L1 block number. * * @return Latest L1 block number. */ function getL1BlockNumber() public view returns (uint256) { return L1Block(Predeploys.L1_BLOCK_ATTRIBUTES).number(); } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { Predeploys } from "../libraries/Predeploys.sol"; import { OptimismPortal } from "./OptimismPortal.sol"; import { CrossDomainMessenger } from "../universal/CrossDomainMessenger.sol"; import { Semver } from "../universal/Semver.sol"; /** * @custom:proxied * @title L1CrossDomainMessenger * @notice The L1CrossDomainMessenger is a message passing interface between L1 and L2 responsible * for sending and receiving data on the L1 side. Users are encouraged to use this * interface instead of interacting with lower-level contracts directly. */ contract L1CrossDomainMessenger is CrossDomainMessenger, Semver { /** * @notice Address of the OptimismPortal. */ OptimismPortal public immutable PORTAL; /** * @custom:semver 1.0.0 * * @param _portal Address of the OptimismPortal contract on this network. */ constructor(OptimismPortal _portal) Semver(1, 0, 0) CrossDomainMessenger(Predeploys.L2_CROSS_DOMAIN_MESSENGER) { PORTAL = _portal; initialize(address(0)); } /** * @notice Initializer. * * @param _owner Address of the initial owner of this contract. */ function initialize(address _owner) public initializer { __CrossDomainMessenger_init(); _transferOwnership(_owner); } /** * @inheritdoc CrossDomainMessenger */ function _sendMessage( address _to, uint64 _gasLimit, uint256 _value, bytes memory _data ) internal override { PORTAL.depositTransaction{ value: _value }(_to, _value, _gasLimit, false, _data); } /** * @inheritdoc CrossDomainMessenger */ function _isOtherMessenger() internal view override returns (bool) { return msg.sender == address(PORTAL) && PORTAL.l2Sender() == OTHER_MESSENGER; } /** * @inheritdoc CrossDomainMessenger */ function _isUnsafeTarget(address _target) internal view override returns (bool) { return _target == address(this) || _target == address(PORTAL); } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { ERC721Bridge } from "../universal/ERC721Bridge.sol"; import { IERC721 } from "@openzeppelin/contracts/token/ERC721/IERC721.sol"; import { L2ERC721Bridge } from "../L2/L2ERC721Bridge.sol"; import { Semver } from "../universal/Semver.sol"; /** * @title L1ERC721Bridge * @notice The L1 ERC721 bridge is a contract which works together with the L2 ERC721 bridge to * make it possible to transfer ERC721 tokens from Ethereum to Optimism. This contract * acts as an escrow for ERC721 tokens deposited into L2. */ contract L1ERC721Bridge is ERC721Bridge, Semver { /** * @notice Mapping of L1 token to L2 token to ID to boolean, indicating if the given L1 token * by ID was deposited for a given L2 token. */ mapping(address => mapping(address => mapping(uint256 => bool))) public deposits; /** * @custom:semver 1.0.0 * * @param _messenger Address of the CrossDomainMessenger on this network. * @param _otherBridge Address of the ERC721 bridge on the other network. */ constructor(address _messenger, address _otherBridge) Semver(1, 0, 0) ERC721Bridge(_messenger, _otherBridge) {} /** * @notice Completes an ERC721 bridge from the other domain and sends the ERC721 token to the * recipient on this domain. * * @param _localToken Address of the ERC721 token on this domain. * @param _remoteToken Address of the ERC721 token on the other domain. * @param _from Address that triggered the bridge on the other domain. * @param _to Address to receive the token on this domain. * @param _tokenId ID of the token being deposited. * @param _extraData Optional data to forward to L2. Data supplied here will not be used to * execute any code on L2 and is only emitted as extra data for the * convenience of off-chain tooling. */ function finalizeBridgeERC721( address _localToken, address _remoteToken, address _from, address _to, uint256 _tokenId, bytes calldata _extraData ) external onlyOtherBridge { require(_localToken != address(this), "L1ERC721Bridge: local token cannot be self"); // Checks that the L1/L2 NFT pair has a token ID that is escrowed in the L1 Bridge. require( deposits[_localToken][_remoteToken][_tokenId] == true, "L1ERC721Bridge: Token ID is not escrowed in the L1 Bridge" ); // Mark that the token ID for this L1/L2 token pair is no longer escrowed in the L1 // Bridge. deposits[_localToken][_remoteToken][_tokenId] = false; // When a withdrawal is finalized on L1, the L1 Bridge transfers the NFT to the // withdrawer. IERC721(_localToken).safeTransferFrom(address(this), _to, _tokenId); // slither-disable-next-line reentrancy-events emit ERC721BridgeFinalized(_localToken, _remoteToken, _from, _to, _tokenId, _extraData); } /** * @inheritdoc ERC721Bridge */ function _initiateBridgeERC721( address _localToken, address _remoteToken, address _from, address _to, uint256 _tokenId, uint32 _minGasLimit, bytes calldata _extraData ) internal override { require(_remoteToken != address(0), "ERC721Bridge: remote token cannot be address(0)"); // Construct calldata for _l2Token.finalizeBridgeERC721(_to, _tokenId) bytes memory message = abi.encodeWithSelector( L2ERC721Bridge.finalizeBridgeERC721.selector, _remoteToken, _localToken, _from, _to, _tokenId, _extraData ); // Lock token into bridge deposits[_localToken][_remoteToken][_tokenId] = true; IERC721(_localToken).transferFrom(_from, address(this), _tokenId); // Send calldata into L2 MESSENGER.sendMessage(OTHER_BRIDGE, message, _minGasLimit); emit ERC721BridgeInitiated(_localToken, _remoteToken, _from, _to, _tokenId, _extraData); } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { Predeploys } from "../libraries/Predeploys.sol"; import { StandardBridge } from "../universal/StandardBridge.sol"; import { Semver } from "../universal/Semver.sol"; /** * @custom:proxied * @title L1StandardBridge * @notice The L1StandardBridge is responsible for transfering ETH and ERC20 tokens between L1 and * L2. In the case that an ERC20 token is native to L1, it will be escrowed within this * contract. If the ERC20 token is native to L2, it will be burnt. Before Bedrock, ETH was * stored within this contract. After Bedrock, ETH is instead stored inside the * OptimismPortal contract. * NOTE: this contract is not intended to support all variations of ERC20 tokens. Examples * of some token types that may not be properly supported by this contract include, but are * not limited to: tokens with transfer fees, rebasing tokens, and tokens with blocklists. */ contract L1StandardBridge is StandardBridge, Semver { /** * @custom:legacy * @notice Emitted whenever a deposit of ETH from L1 into L2 is initiated. * * @param from Address of the depositor. * @param to Address of the recipient on L2. * @param amount Amount of ETH deposited. * @param extraData Extra data attached to the deposit. */ event ETHDepositInitiated( address indexed from, address indexed to, uint256 amount, bytes extraData ); /** * @custom:legacy * @notice Emitted whenever a withdrawal of ETH from L2 to L1 is finalized. * * @param from Address of the withdrawer. * @param to Address of the recipient on L1. * @param amount Amount of ETH withdrawn. * @param extraData Extra data attached to the withdrawal. */ event ETHWithdrawalFinalized( address indexed from, address indexed to, uint256 amount, bytes extraData ); /** * @custom:legacy * @notice Emitted whenever an ERC20 deposit is initiated. * * @param l1Token Address of the token on L1. * @param l2Token Address of the corresponding token on L2. * @param from Address of the depositor. * @param to Address of the recipient on L2. * @param amount Amount of the ERC20 deposited. * @param extraData Extra data attached to the deposit. */ event ERC20DepositInitiated( address indexed l1Token, address indexed l2Token, address indexed from, address to, uint256 amount, bytes extraData ); /** * @custom:legacy * @notice Emitted whenever an ERC20 withdrawal is finalized. * * @param l1Token Address of the token on L1. * @param l2Token Address of the corresponding token on L2. * @param from Address of the withdrawer. * @param to Address of the recipient on L1. * @param amount Amount of the ERC20 withdrawn. * @param extraData Extra data attached to the withdrawal. */ event ERC20WithdrawalFinalized( address indexed l1Token, address indexed l2Token, address indexed from, address to, uint256 amount, bytes extraData ); /** * @custom:semver 1.0.0 * * @param _messenger Address of the L1CrossDomainMessenger. */ constructor(address payable _messenger) Semver(1, 0, 0) StandardBridge(_messenger, payable(Predeploys.L2_STANDARD_BRIDGE)) {} /** * @custom:legacy * @notice Finalizes a withdrawal of ERC20 tokens from L2. * * @param _l1Token Address of the token on L1. * @param _l2Token Address of the corresponding token on L2. * @param _from Address of the withdrawer on L2. * @param _to Address of the recipient on L1. * @param _amount Amount of the ERC20 to withdraw. * @param _extraData Optional data forwarded from L2. */ function finalizeERC20Withdrawal( address _l1Token, address _l2Token, address _from, address _to, uint256 _amount, bytes calldata _extraData ) external onlyOtherBridge { emit ERC20WithdrawalFinalized(_l1Token, _l2Token, _from, _to, _amount, _extraData); finalizeBridgeERC20(_l1Token, _l2Token, _from, _to, _amount, _extraData); } /** * @custom:legacy * @notice Deposits some amount of ETH into the sender's account on L2. * * @param _minGasLimit Minimum gas limit for the deposit message on L2. * @param _extraData Optional data to forward to L2. Data supplied here will not be used to * execute any code on L2 and is only emitted as extra data for the * convenience of off-chain tooling. */ function depositETH(uint32 _minGasLimit, bytes calldata _extraData) external payable onlyEOA { _initiateETHDeposit(msg.sender, msg.sender, _minGasLimit, _extraData); } /** * @custom:legacy * @notice Deposits some amount of ETH into a target account on L2. * Note that if ETH is sent to a contract on L2 and the call fails, then that ETH will * be locked in the L2StandardBridge. ETH may be recoverable if the call can be * successfully replayed by increasing the amount of gas supplied to the call. If the * call will fail for any amount of gas, then the ETH will be locked permanently. * * @param _to Address of the recipient on L2. * @param _minGasLimit Minimum gas limit for the deposit message on L2. * @param _extraData Optional data to forward to L2. Data supplied here will not be used to * execute any code on L2 and is only emitted as extra data for the * convenience of off-chain tooling. */ function depositETHTo( address _to, uint32 _minGasLimit, bytes calldata _extraData ) external payable { _initiateETHDeposit(msg.sender, _to, _minGasLimit, _extraData); } /** * @custom:legacy * @notice Deposits some amount of ERC20 tokens into the sender's account on L2. * * @param _l1Token Address of the L1 token being deposited. * @param _l2Token Address of the corresponding token on L2. * @param _amount Amount of the ERC20 to deposit. * @param _minGasLimit Minimum gas limit for the deposit message on L2. * @param _extraData Optional data to forward to L2. Data supplied here will not be used to * execute any code on L2 and is only emitted as extra data for the * convenience of off-chain tooling. */ function depositERC20( address _l1Token, address _l2Token, uint256 _amount, uint32 _minGasLimit, bytes calldata _extraData ) external virtual onlyEOA { _initiateERC20Deposit( _l1Token, _l2Token, msg.sender, msg.sender, _amount, _minGasLimit, _extraData ); } /** * @custom:legacy * @notice Deposits some amount of ERC20 tokens into a target account on L2. * * @param _l1Token Address of the L1 token being deposited. * @param _l2Token Address of the corresponding token on L2. * @param _to Address of the recipient on L2. * @param _amount Amount of the ERC20 to deposit. * @param _minGasLimit Minimum gas limit for the deposit message on L2. * @param _extraData Optional data to forward to L2. Data supplied here will not be used to * execute any code on L2 and is only emitted as extra data for the * convenience of off-chain tooling. */ function depositERC20To( address _l1Token, address _l2Token, address _to, uint256 _amount, uint32 _minGasLimit, bytes calldata _extraData ) external virtual { _initiateERC20Deposit( _l1Token, _l2Token, msg.sender, _to, _amount, _minGasLimit, _extraData ); } /** * @custom:legacy * @notice Finalizes a withdrawal of ETH from L2. * * @param _from Address of the withdrawer on L2. * @param _to Address of the recipient on L1. * @param _amount Amount of ETH to withdraw. * @param _extraData Optional data forwarded from L2. */ function finalizeETHWithdrawal( address _from, address _to, uint256 _amount, bytes calldata _extraData ) external payable onlyOtherBridge { emit ETHWithdrawalFinalized(_from, _to, _amount, _extraData); finalizeBridgeETH(_from, _to, _amount, _extraData); } /** * @custom:legacy * @notice Retrieves the access of the corresponding L2 bridge contract. * * @return Address of the corresponding L2 bridge contract. */ function l2TokenBridge() external view returns (address) { return address(OTHER_BRIDGE); } /** * @notice Internal function for initiating an ETH deposit. * * @param _from Address of the sender on L1. * @param _to Address of the recipient on L2. * @param _minGasLimit Minimum gas limit for the deposit message on L2. * @param _extraData Optional data to forward to L2. */ function _initiateETHDeposit( address _from, address _to, uint32 _minGasLimit, bytes calldata _extraData ) internal { emit ETHDepositInitiated(_from, _to, msg.value, _extraData); _initiateBridgeETH(_from, _to, msg.value, _minGasLimit, _extraData); } /** * @notice Internal function for initiating an ERC20 deposit. * * @param _l1Token Address of the L1 token being deposited. * @param _l2Token Address of the corresponding token on L2. * @param _from Address of the sender on L1. * @param _to Address of the recipient on L2. * @param _amount Amount of the ERC20 to deposit. * @param _minGasLimit Minimum gas limit for the deposit message on L2. * @param _extraData Optional data to forward to L2. */ function _initiateERC20Deposit( address _l1Token, address _l2Token, address _from, address _to, uint256 _amount, uint32 _minGasLimit, bytes calldata _extraData ) internal { emit ERC20DepositInitiated(_l1Token, _l2Token, _from, _to, _amount, _extraData); _initiateBridgeERC20(_l1Token, _l2Token, _from, _to, _amount, _minGasLimit, _extraData); } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { Initializable } from "@openzeppelin/contracts/proxy/utils/Initializable.sol"; import { Semver } from "../universal/Semver.sol"; import { Types } from "../libraries/Types.sol"; /** * @custom:proxied * @title L2OutputOracle * @notice The L2OutputOracle contains an array of L2 state outputs, where each output is a * commitment to the state of the L2 chain. Other contracts like the OptimismPortal use * these outputs to verify information about the state of L2. */ contract L2OutputOracle is Initializable, Semver { /** * @notice The interval in L2 blocks at which checkpoints must be submitted. Although this is * immutable, it can safely be modified by upgrading the implementation contract. */ uint256 public immutable SUBMISSION_INTERVAL; /** * @notice The time between L2 blocks in seconds. Once set, this value MUST NOT be modified. */ uint256 public immutable L2_BLOCK_TIME; /** * @notice The address of the challenger. Can be updated via upgrade. */ address public immutable CHALLENGER; /** * @notice The address of the proposer. Can be updated via upgrade. */ address public immutable PROPOSER; /** * @notice The number of the first L2 block recorded in this contract. */ uint256 public startingBlockNumber; /** * @notice The timestamp of the first L2 block recorded in this contract. */ uint256 public startingTimestamp; /** * @notice Array of L2 output proposals. */ Types.OutputProposal[] internal l2Outputs; /** * @notice Emitted when an output is proposed. * * @param outputRoot The output root. * @param l2OutputIndex The index of the output in the l2Outputs array. * @param l2BlockNumber The L2 block number of the output root. * @param l1Timestamp The L1 timestamp when proposed. */ event OutputProposed( bytes32 indexed outputRoot, uint256 indexed l2OutputIndex, uint256 indexed l2BlockNumber, uint256 l1Timestamp ); /** * @notice Emitted when outputs are deleted. * * @param prevNextOutputIndex Next L2 output index before the deletion. * @param newNextOutputIndex Next L2 output index after the deletion. */ event OutputsDeleted(uint256 indexed prevNextOutputIndex, uint256 indexed newNextOutputIndex); /** * @custom:semver 1.0.0 * * @param _submissionInterval Interval in blocks at which checkpoints must be submitted. * @param _l2BlockTime The time per L2 block, in seconds. * @param _startingBlockNumber The number of the first L2 block. * @param _startingTimestamp The timestamp of the first L2 block. * @param _proposer The address of the proposer. * @param _challenger The address of the challenger. */ constructor( uint256 _submissionInterval, uint256 _l2BlockTime, uint256 _startingBlockNumber, uint256 _startingTimestamp, address _proposer, address _challenger ) Semver(1, 0, 0) { SUBMISSION_INTERVAL = _submissionInterval; L2_BLOCK_TIME = _l2BlockTime; PROPOSER = _proposer; CHALLENGER = _challenger; initialize(_startingBlockNumber, _startingTimestamp); } /** * @notice Initializer. * * @param _startingBlockNumber Block number for the first recoded L2 block. * @param _startingTimestamp Timestamp for the first recoded L2 block. */ function initialize(uint256 _startingBlockNumber, uint256 _startingTimestamp) public initializer { require( _startingTimestamp <= block.timestamp, "L2OutputOracle: starting L2 timestamp must be less than current time" ); startingTimestamp = _startingTimestamp; startingBlockNumber = _startingBlockNumber; } /** * @notice Deletes all output proposals after and including the proposal that corresponds to * the given output index. Only the challenger address can delete outputs. * * @param _l2OutputIndex Index of the first L2 output to be deleted. All outputs after this * output will also be deleted. */ // solhint-disable-next-line ordering function deleteL2Outputs(uint256 _l2OutputIndex) external { require( msg.sender == CHALLENGER, "L2OutputOracle: only the challenger address can delete outputs" ); // Make sure we're not *increasing* the length of the array. require( _l2OutputIndex < l2Outputs.length, "L2OutputOracle: cannot delete outputs after the latest output index" ); uint256 prevNextL2OutputIndex = nextOutputIndex(); // Use assembly to delete the array elements because Solidity doesn't allow it. assembly { sstore(l2Outputs.slot, _l2OutputIndex) } emit OutputsDeleted(prevNextL2OutputIndex, _l2OutputIndex); } /** * @notice Accepts an outputRoot and the timestamp of the corresponding L2 block. The timestamp * must be equal to the current value returned by `nextTimestamp()` in order to be * accepted. This function may only be called by the Proposer. * * @param _outputRoot The L2 output of the checkpoint block. * @param _l2BlockNumber The L2 block number that resulted in _outputRoot. * @param _l1BlockHash A block hash which must be included in the current chain. * @param _l1BlockNumber The block number with the specified block hash. */ function proposeL2Output( bytes32 _outputRoot, uint256 _l2BlockNumber, bytes32 _l1BlockHash, uint256 _l1BlockNumber ) external payable { require( msg.sender == PROPOSER, "L2OutputOracle: only the proposer address can propose new outputs" ); require( _l2BlockNumber == nextBlockNumber(), "L2OutputOracle: block number must be equal to next expected block number" ); require( computeL2Timestamp(_l2BlockNumber) < block.timestamp, "L2OutputOracle: cannot propose L2 output in the future" ); require( _outputRoot != bytes32(0), "L2OutputOracle: L2 output proposal cannot be the zero hash" ); if (_l1BlockHash != bytes32(0)) { // This check allows the proposer to propose an output based on a given L1 block, // without fear that it will be reorged out. // It will also revert if the blockheight provided is more than 256 blocks behind the // chain tip (as the hash will return as zero). This does open the door to a griefing // attack in which the proposer's submission is censored until the block is no longer // retrievable, if the proposer is experiencing this attack it can simply leave out the // blockhash value, and delay submission until it is confident that the L1 block is // finalized. require( blockhash(_l1BlockNumber) == _l1BlockHash, "L2OutputOracle: block hash does not match the hash at the expected height" ); } emit OutputProposed(_outputRoot, nextOutputIndex(), _l2BlockNumber, block.timestamp); l2Outputs.push( Types.OutputProposal({ outputRoot: _outputRoot, timestamp: uint128(block.timestamp), l2BlockNumber: uint128(_l2BlockNumber) }) ); } /** * @notice Returns an output by index. Exists because Solidity's array access will return a * tuple instead of a struct. * * @param _l2OutputIndex Index of the output to return. * * @return The output at the given index. */ function getL2Output(uint256 _l2OutputIndex) external view returns (Types.OutputProposal memory) { return l2Outputs[_l2OutputIndex]; } /** * @notice Returns the index of the L2 output that checkpoints a given L2 block number. Uses a * binary search to find the first output greater than or equal to the given block. * * @param _l2BlockNumber L2 block number to find a checkpoint for. * * @return Index of the first checkpoint that commits to the given L2 block number. */ function getL2OutputIndexAfter(uint256 _l2BlockNumber) public view returns (uint256) { // Make sure an output for this block number has actually been proposed. require( _l2BlockNumber <= latestBlockNumber(), "L2OutputOracle: cannot get output for a block that has not been proposed" ); // Make sure there's at least one output proposed. require( l2Outputs.length > 0, "L2OutputOracle: cannot get output as no outputs have been proposed yet" ); // Find the output via binary search, guaranteed to exist. uint256 lo = 0; uint256 hi = l2Outputs.length; while (lo < hi) { uint256 mid = (lo + hi) / 2; if (l2Outputs[mid].l2BlockNumber < _l2BlockNumber) { lo = mid + 1; } else { hi = mid; } } return lo; } /** * @notice Returns the L2 output proposal that checkpoints a given L2 block number. Uses a * binary search to find the first output greater than or equal to the given block. * * @param _l2BlockNumber L2 block number to find a checkpoint for. * * @return First checkpoint that commits to the given L2 block number. */ function getL2OutputAfter(uint256 _l2BlockNumber) external view returns (Types.OutputProposal memory) { return l2Outputs[getL2OutputIndexAfter(_l2BlockNumber)]; } /** * @notice Returns the number of outputs that have been proposed. Will revert if no outputs * have been proposed yet. * * @return The number of outputs that have been proposed. */ function latestOutputIndex() external view returns (uint256) { return l2Outputs.length - 1; } /** * @notice Returns the index of the next output to be proposed. * * @return The index of the next output to be proposed. */ function nextOutputIndex() public view returns (uint256) { return l2Outputs.length; } /** * @notice Returns the block number of the latest submitted L2 output proposal. If no proposals * been submitted yet then this function will return the starting block number. * * @return Latest submitted L2 block number. */ function latestBlockNumber() public view returns (uint256) { return l2Outputs.length == 0 ? startingBlockNumber : l2Outputs[l2Outputs.length - 1].l2BlockNumber; } /** * @notice Computes the block number of the next L2 block that needs to be checkpointed. * * @return Next L2 block number. */ function nextBlockNumber() public view returns (uint256) { return latestBlockNumber() + SUBMISSION_INTERVAL; } /** * @notice Returns the L2 timestamp corresponding to a given L2 block number. * * @param _l2BlockNumber The L2 block number of the target block. * * @return L2 timestamp of the given block. */ function computeL2Timestamp(uint256 _l2BlockNumber) public view returns (uint256) { return startingTimestamp + ((_l2BlockNumber - startingBlockNumber) * L2_BLOCK_TIME); } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { Initializable } from "@openzeppelin/contracts/proxy/utils/Initializable.sol"; import { SafeCall } from "../libraries/SafeCall.sol"; import { L2OutputOracle } from "./L2OutputOracle.sol"; import { Constants } from "../libraries/Constants.sol"; import { Types } from "../libraries/Types.sol"; import { Hashing } from "../libraries/Hashing.sol"; import { SecureMerkleTrie } from "../libraries/trie/SecureMerkleTrie.sol"; import { AddressAliasHelper } from "../vendor/AddressAliasHelper.sol"; import { ResourceMetering } from "./ResourceMetering.sol"; import { Semver } from "../universal/Semver.sol"; /** * @custom:proxied * @title OptimismPortal * @notice The OptimismPortal is a low-level contract responsible for passing messages between L1 * and L2. Messages sent directly to the OptimismPortal have no form of replayability. * Users are encouraged to use the L1CrossDomainMessenger for a higher-level interface. */ contract OptimismPortal is Initializable, ResourceMetering, Semver { /** * @notice Represents a proven withdrawal. * * @custom:field outputRoot Root of the L2 output this was proven against. * @custom:field timestamp Timestamp at whcih the withdrawal was proven. * @custom:field l2OutputIndex Index of the output this was proven against. */ struct ProvenWithdrawal { bytes32 outputRoot; uint128 timestamp; uint128 l2OutputIndex; } /** * @notice Version of the deposit event. */ uint256 internal constant DEPOSIT_VERSION = 0; /** * @notice The L2 gas limit set when eth is deposited using the receive() function. */ uint64 internal constant RECEIVE_DEFAULT_GAS_LIMIT = 100_000; /** * @notice Additional gas reserved for clean up after finalizing a transaction withdrawal. */ uint256 internal constant FINALIZE_GAS_BUFFER = 20_000; /** * @notice Minimum time (in seconds) that must elapse before a withdrawal can be finalized. */ uint256 public immutable FINALIZATION_PERIOD_SECONDS; /** * @notice Address of the L2OutputOracle. */ L2OutputOracle public immutable L2_ORACLE; /** * @notice Address of the L2 account which initiated a withdrawal in this transaction. If the * of this variable is the default L2 sender address, then we are NOT inside of a call * to finalizeWithdrawalTransaction. */ address public l2Sender; /** * @notice A list of withdrawal hashes which have been successfully finalized. */ mapping(bytes32 => bool) public finalizedWithdrawals; /** * @notice A mapping of withdrawal hashes to `ProvenWithdrawal` data. */ mapping(bytes32 => ProvenWithdrawal) public provenWithdrawals; /** * @notice Emitted when a transaction is deposited from L1 to L2. The parameters of this event * are read by the rollup node and used to derive deposit transactions on L2. * * @param from Address that triggered the deposit transaction. * @param to Address that the deposit transaction is directed to. * @param version Version of this deposit transaction event. * @param opaqueData ABI encoded deposit data to be parsed off-chain. */ event TransactionDeposited( address indexed from, address indexed to, uint256 indexed version, bytes opaqueData ); /** * @notice Emitted when a withdrawal transaction is proven. * * @param withdrawalHash Hash of the withdrawal transaction. */ event WithdrawalProven( bytes32 indexed withdrawalHash, address indexed from, address indexed to ); /** * @notice Emitted when a withdrawal transaction is finalized. * * @param withdrawalHash Hash of the withdrawal transaction. * @param success Whether the withdrawal transaction was successful. */ event WithdrawalFinalized(bytes32 indexed withdrawalHash, bool success); /** * @custom:semver 1.0.0 * * @param _l2Oracle Address of the L2OutputOracle contract. * @param _finalizationPeriodSeconds Output finalization time in seconds. */ constructor(L2OutputOracle _l2Oracle, uint256 _finalizationPeriodSeconds) Semver(1, 0, 0) { L2_ORACLE = _l2Oracle; FINALIZATION_PERIOD_SECONDS = _finalizationPeriodSeconds; initialize(); } /** * @notice Initializer. */ function initialize() public initializer { l2Sender = Constants.DEFAULT_L2_SENDER; __ResourceMetering_init(); } /** * @notice Accepts value so that users can send ETH directly to this contract and have the * funds be deposited to their address on L2. This is intended as a convenience * function for EOAs. Contracts should call the depositTransaction() function directly * otherwise any deposited funds will be lost due to address aliasing. */ // solhint-disable-next-line ordering receive() external payable { depositTransaction(msg.sender, msg.value, RECEIVE_DEFAULT_GAS_LIMIT, false, bytes("")); } /** * @notice Accepts ETH value without triggering a deposit to L2. This function mainly exists * for the sake of the migration between the legacy Optimism system and Bedrock. */ function donateETH() external payable { // Intentionally empty. } /** * @notice Proves a withdrawal transaction. * * @param _tx Withdrawal transaction to finalize. * @param _l2OutputIndex L2 output index to prove against. * @param _outputRootProof Inclusion proof of the L2ToL1MessagePasser contract's storage root. * @param _withdrawalProof Inclusion proof of the withdrawal in L2ToL1MessagePasser contract. */ function proveWithdrawalTransaction( Types.WithdrawalTransaction memory _tx, uint256 _l2OutputIndex, Types.OutputRootProof calldata _outputRootProof, bytes[] calldata _withdrawalProof ) external { // Prevent users from creating a deposit transaction where this address is the message // sender on L2. Because this is checked here, we do not need to check again in // `finalizeWithdrawalTransaction`. require( _tx.target != address(this), "OptimismPortal: you cannot send messages to the portal contract" ); // Get the output root and load onto the stack to prevent multiple mloads. This will // revert if there is no output root for the given block number. bytes32 outputRoot = L2_ORACLE.getL2Output(_l2OutputIndex).outputRoot; // Verify that the output root can be generated with the elements in the proof. require( outputRoot == Hashing.hashOutputRootProof(_outputRootProof), "OptimismPortal: invalid output root proof" ); // Load the ProvenWithdrawal into memory, using the withdrawal hash as a unique identifier. bytes32 withdrawalHash = Hashing.hashWithdrawal(_tx); ProvenWithdrawal memory provenWithdrawal = provenWithdrawals[withdrawalHash]; // We generally want to prevent users from proving the same withdrawal multiple times // because each successive proof will update the timestamp. A malicious user can take // advantage of this to prevent other users from finalizing their withdrawal. However, // since withdrawals are proven before an output root is finalized, we need to allow users // to re-prove their withdrawal only in the case that the output root for their specified // output index has been updated. require( provenWithdrawal.timestamp == 0 || (_l2OutputIndex == provenWithdrawal.l2OutputIndex && outputRoot != provenWithdrawal.outputRoot), "OptimismPortal: withdrawal hash has already been proven" ); // Compute the storage slot of the withdrawal hash in the L2ToL1MessagePasser contract. // Refer to the Solidity documentation for more information on how storage layouts are // computed for mappings. bytes32 storageKey = keccak256( abi.encode( withdrawalHash, uint256(0) // The withdrawals mapping is at the first slot in the layout. ) ); // Verify that the hash of this withdrawal was stored in the L2toL1MessagePasser contract // on L2. If this is true, under the assumption that the SecureMerkleTrie does not have // bugs, then we know that this withdrawal was actually triggered on L2 and can therefore // be relayed on L1. require( SecureMerkleTrie.verifyInclusionProof( abi.encode(storageKey), hex"01", _withdrawalProof, _outputRootProof.messagePasserStorageRoot ), "OptimismPortal: invalid withdrawal inclusion proof" ); // Designate the withdrawalHash as proven by storing the `outputRoot`, `timestamp`, and // `l2BlockNumber` in the `provenWithdrawals` mapping. A `withdrawalHash` can only be // proven once unless it is submitted again with a different outputRoot. provenWithdrawals[withdrawalHash] = ProvenWithdrawal({ outputRoot: outputRoot, timestamp: uint128(block.timestamp), l2OutputIndex: uint128(_l2OutputIndex) }); // Emit a `WithdrawalProven` event. emit WithdrawalProven(withdrawalHash, _tx.sender, _tx.target); } /** * @notice Finalizes a withdrawal transaction. * * @param _tx Withdrawal transaction to finalize. */ function finalizeWithdrawalTransaction(Types.WithdrawalTransaction memory _tx) external { // Make sure that the l2Sender has not yet been set. The l2Sender is set to a value other // than the default value when a withdrawal transaction is being finalized. This check is // a defacto reentrancy guard. require( l2Sender == Constants.DEFAULT_L2_SENDER, "OptimismPortal: can only trigger one withdrawal per transaction" ); // Grab the proven withdrawal from the `provenWithdrawals` map. bytes32 withdrawalHash = Hashing.hashWithdrawal(_tx); ProvenWithdrawal memory provenWithdrawal = provenWithdrawals[withdrawalHash]; // A withdrawal can only be finalized if it has been proven. We know that a withdrawal has // been proven at least once when its timestamp is non-zero. Unproven withdrawals will have // a timestamp of zero. require( provenWithdrawal.timestamp != 0, "OptimismPortal: withdrawal has not been proven yet" ); // As a sanity check, we make sure that the proven withdrawal's timestamp is greater than // starting timestamp inside the L2OutputOracle. Not strictly necessary but extra layer of // safety against weird bugs in the proving step. require( provenWithdrawal.timestamp >= L2_ORACLE.startingTimestamp(), "OptimismPortal: withdrawal timestamp less than L2 Oracle starting timestamp" ); // A proven withdrawal must wait at least the finalization period before it can be // finalized. This waiting period can elapse in parallel with the waiting period for the // output the withdrawal was proven against. In effect, this means that the minimum // withdrawal time is proposal submission time + finalization period. require( _isFinalizationPeriodElapsed(provenWithdrawal.timestamp), "OptimismPortal: proven withdrawal finalization period has not elapsed" ); // Grab the OutputProposal from the L2OutputOracle, will revert if the output that // corresponds to the given index has not been proposed yet. Types.OutputProposal memory proposal = L2_ORACLE.getL2Output( provenWithdrawal.l2OutputIndex ); // Check that the output root that was used to prove the withdrawal is the same as the // current output root for the given output index. An output root may change if it is // deleted by the challenger address and then re-proposed. require( proposal.outputRoot == provenWithdrawal.outputRoot, "OptimismPortal: output root proven is not the same as current output root" ); // Check that the output proposal has also been finalized. require( _isFinalizationPeriodElapsed(proposal.timestamp), "OptimismPortal: output proposal finalization period has not elapsed" ); // Check that this withdrawal has not already been finalized, this is replay protection. require( finalizedWithdrawals[withdrawalHash] == false, "OptimismPortal: withdrawal has already been finalized" ); // Mark the withdrawal as finalized so it can't be replayed. finalizedWithdrawals[withdrawalHash] = true; // We want to maintain the property that the amount of gas supplied to the call to the // target contract is at least the gas limit specified by the user. We can do this by // enforcing that, at this point in time, we still have gaslimit + buffer gas available. require( gasleft() >= _tx.gasLimit + FINALIZE_GAS_BUFFER, "OptimismPortal: insufficient gas to finalize withdrawal" ); // Set the l2Sender so contracts know who triggered this withdrawal on L2. l2Sender = _tx.sender; // Trigger the call to the target contract. We use SafeCall because we don't // care about the returndata and we don't want target contracts to be able to force this // call to run out of gas via a returndata bomb. bool success = SafeCall.call( _tx.target, gasleft() - FINALIZE_GAS_BUFFER, _tx.value, _tx.data ); // Reset the l2Sender back to the default value. l2Sender = Constants.DEFAULT_L2_SENDER; // All withdrawals are immediately finalized. Replayability can // be achieved through contracts built on top of this contract emit WithdrawalFinalized(withdrawalHash, success); // Reverting here is useful for determining the exact gas cost to successfully execute the // sub call to the target contract if the minimum gas limit specified by the user would not // be sufficient to execute the sub call. if (success == false && tx.origin == Constants.ESTIMATION_ADDRESS) { revert("OptimismPortal: withdrawal failed"); } } /** * @notice Accepts deposits of ETH and data, and emits a TransactionDeposited event for use in * deriving deposit transactions. Note that if a deposit is made by a contract, its * address will be aliased when retrieved using `tx.origin` or `msg.sender`. Consider * using the CrossDomainMessenger contracts for a simpler developer experience. * * @param _to Target address on L2. * @param _value ETH value to send to the recipient. * @param _gasLimit Minimum L2 gas limit (can be greater than or equal to this value). * @param _isCreation Whether or not the transaction is a contract creation. * @param _data Data to trigger the recipient with. */ function depositTransaction( address _to, uint256 _value, uint64 _gasLimit, bool _isCreation, bytes memory _data ) public payable metered(_gasLimit) { // Just to be safe, make sure that people specify address(0) as the target when doing // contract creations. if (_isCreation) { require( _to == address(0), "OptimismPortal: must send to address(0) when creating a contract" ); } // Transform the from-address to its alias if the caller is a contract. address from = msg.sender; if (msg.sender != tx.origin) { from = AddressAliasHelper.applyL1ToL2Alias(msg.sender); } // Compute the opaque data that will be emitted as part of the TransactionDeposited event. // We use opaque data so that we can update the TransactionDeposited event in the future // without breaking the current interface. bytes memory opaqueData = abi.encodePacked( msg.value, _value, _gasLimit, _isCreation, _data ); // Emit a TransactionDeposited event so that the rollup node can derive a deposit // transaction for this deposit. emit TransactionDeposited(from, _to, DEPOSIT_VERSION, opaqueData); } /** * @notice Determine if a given output is finalized. Reverts if the call to * L2_ORACLE.getL2Output reverts. Returns a boolean otherwise. * * @param _l2OutputIndex Index of the L2 output to check. * * @return Whether or not the output is finalized. */ function isOutputFinalized(uint256 _l2OutputIndex) external view returns (bool) { return _isFinalizationPeriodElapsed(L2_ORACLE.getL2Output(_l2OutputIndex).timestamp); } /** * @notice Determines whether the finalization period has elapsed w/r/t a given timestamp. * * @param _timestamp Timestamp to check. * * @return Whether or not the finalization period has elapsed. */ function _isFinalizationPeriodElapsed(uint256 _timestamp) internal view returns (bool) { return block.timestamp > _timestamp + FINALIZATION_PERIOD_SECONDS; } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { Initializable } from "@openzeppelin/contracts/proxy/utils/Initializable.sol"; import { Math } from "@openzeppelin/contracts/utils/math/Math.sol"; import { Burn } from "../libraries/Burn.sol"; import { Arithmetic } from "../libraries/Arithmetic.sol"; /** * @custom:upgradeable * @title ResourceMetering * @notice ResourceMetering implements an EIP-1559 style resource metering system where pricing * updates automatically based on current demand. */ abstract contract ResourceMetering is Initializable { /** * @notice Represents the various parameters that control the way in which resources are * metered. Corresponds to the EIP-1559 resource metering system. * * @custom:field prevBaseFee Base fee from the previous block(s). * @custom:field prevBoughtGas Amount of gas bought so far in the current block. * @custom:field prevBlockNum Last block number that the base fee was updated. */ struct ResourceParams { uint128 prevBaseFee; uint64 prevBoughtGas; uint64 prevBlockNum; } /** * @notice Maximum amount of the resource that can be used within this block. */ int256 public constant MAX_RESOURCE_LIMIT = 8_000_000; /** * @notice Along with the resource limit, determines the target resource limit. */ int256 public constant ELASTICITY_MULTIPLIER = 4; /** * @notice Target amount of the resource that should be used within this block. */ int256 public constant TARGET_RESOURCE_LIMIT = MAX_RESOURCE_LIMIT / ELASTICITY_MULTIPLIER; /** * @notice Denominator that determines max change on fee per block. */ int256 public constant BASE_FEE_MAX_CHANGE_DENOMINATOR = 8; /** * @notice Minimum base fee value, cannot go lower than this. */ int256 public constant MINIMUM_BASE_FEE = 10_000; /** * @notice Maximum base fee value, cannot go higher than this. */ int256 public constant MAXIMUM_BASE_FEE = int256(uint256(type(uint128).max)); /** * @notice Initial base fee value. */ uint128 public constant INITIAL_BASE_FEE = 1_000_000_000; /** * @notice EIP-1559 style gas parameters. */ ResourceParams public params; /** * @notice Reserve extra slots (to a total of 50) in the storage layout for future upgrades. */ uint256[48] private __gap; /** * @notice Meters access to a function based an amount of a requested resource. * * @param _amount Amount of the resource requested. */ modifier metered(uint64 _amount) { // Record initial gas amount so we can refund for it later. uint256 initialGas = gasleft(); // Run the underlying function. _; // Update block number and base fee if necessary. uint256 blockDiff = block.number - params.prevBlockNum; if (blockDiff > 0) { // Handle updating EIP-1559 style gas parameters. We use EIP-1559 to restrict the rate // at which deposits can be created and therefore limit the potential for deposits to // spam the L2 system. Fee scheme is very similar to EIP-1559 with minor changes. int256 gasUsedDelta = int256(uint256(params.prevBoughtGas)) - TARGET_RESOURCE_LIMIT; int256 baseFeeDelta = (int256(uint256(params.prevBaseFee)) * gasUsedDelta) / TARGET_RESOURCE_LIMIT / BASE_FEE_MAX_CHANGE_DENOMINATOR; // Update base fee by adding the base fee delta and clamp the resulting value between // min and max. int256 newBaseFee = Arithmetic.clamp( int256(uint256(params.prevBaseFee)) + baseFeeDelta, MINIMUM_BASE_FEE, MAXIMUM_BASE_FEE ); // If we skipped more than one block, we also need to account for every empty block. // Empty block means there was no demand for deposits in that block, so we should // reflect this lack of demand in the fee. if (blockDiff > 1) { // Update the base fee by repeatedly applying the exponent 1-(1/change_denominator) // blockDiff - 1 times. Simulates multiple empty blocks. Clamp the resulting value // between min and max. newBaseFee = Arithmetic.clamp( Arithmetic.cdexp( newBaseFee, BASE_FEE_MAX_CHANGE_DENOMINATOR, int256(blockDiff - 1) ), MINIMUM_BASE_FEE, MAXIMUM_BASE_FEE ); } // Update new base fee, reset bought gas, and update block number. params.prevBaseFee = uint128(uint256(newBaseFee)); params.prevBoughtGas = 0; params.prevBlockNum = uint64(block.number); } // Make sure we can actually buy the resource amount requested by the user. params.prevBoughtGas += _amount; require( int256(uint256(params.prevBoughtGas)) <= MAX_RESOURCE_LIMIT, "ResourceMetering: cannot buy more gas than available gas limit" ); // Determine the amount of ETH to be paid. uint256 resourceCost = _amount * params.prevBaseFee; // We currently charge for this ETH amount as an L1 gas burn, so we convert the ETH amount // into gas by dividing by the L1 base fee. We assume a minimum base fee of 1 gwei to avoid // division by zero for L1s that don't support 1559 or to avoid excessive gas burns during // periods of extremely low L1 demand. One-day average gas fee hasn't dipped below 1 gwei // during any 1 day period in the last 5 years, so should be fine. uint256 gasCost = resourceCost / Math.max(block.basefee, 1000000000); // Give the user a refund based on the amount of gas they used to do all of the work up to // this point. Since we're at the end of the modifier, this should be pretty accurate. Acts // effectively like a dynamic stipend (with a minimum value). uint256 usedGas = initialGas - gasleft(); if (gasCost > usedGas) { Burn.gas(gasCost - usedGas); } } /** * @notice Sets initial resource parameter values. This function must either be called by the * initializer function of an upgradeable child contract. */ // solhint-disable-next-line func-name-mixedcase function __ResourceMetering_init() internal onlyInitializing { params = ResourceParams({ prevBaseFee: INITIAL_BASE_FEE, prevBoughtGas: 0, prevBlockNum: uint64(block.number) }); } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { OwnableUpgradeable } from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol"; import { Semver } from "../universal/Semver.sol"; /** * @title SystemConfig * @notice The SystemConfig contract is used to manage configuration of an Optimism network. All * configuration is stored on L1 and picked up by L2 as part of the derviation of the L2 * chain. */ contract SystemConfig is OwnableUpgradeable, Semver { /** * @notice Enum representing different types of updates. * * @custom:value BATCHER Represents an update to the batcher hash. * @custom:value GAS_CONFIG Represents an update to txn fee config on L2. * @custom:value GAS_LIMIT Represents an update to gas limit on L2. * @custom:value UNSAFE_BLOCK_SIGNER Represents an update to the signer key for unsafe * block distrubution. */ enum UpdateType { BATCHER, GAS_CONFIG, GAS_LIMIT, UNSAFE_BLOCK_SIGNER } /** * @notice Version identifier, used for upgrades. */ uint256 public constant VERSION = 0; /** * @notice Storage slot that the unsafe block signer is stored at. Storing it at this * deterministic storage slot allows for decoupling the storage layout from the way * that `solc` lays out storage. The `op-node` uses a storage proof to fetch this value. */ bytes32 public constant UNSAFE_BLOCK_SIGNER_SLOT = keccak256("systemconfig.unsafeblocksigner"); /** * @notice Minimum gas limit. This should not be lower than the maximum deposit gas resource * limit in the ResourceMetering contract used by OptimismPortal, to ensure the L2 * block always has sufficient gas to process deposits. */ uint64 public constant MINIMUM_GAS_LIMIT = 8_000_000; /** * @notice Fixed L2 gas overhead. */ uint256 public overhead; /** * @notice Dynamic L2 gas overhead. */ uint256 public scalar; /** * @notice Identifier for the batcher. For version 1 of this configuration, this is represented * as an address left-padded with zeros to 32 bytes. */ bytes32 public batcherHash; /** * @notice L2 gas limit. */ uint64 public gasLimit; /** * @notice Emitted when configuration is updated * * @param version SystemConfig version. * @param updateType Type of update. * @param data Encoded update data. */ event ConfigUpdate(uint256 indexed version, UpdateType indexed updateType, bytes data); /** * @custom:semver 1.0.0 * * @param _owner Initial owner of the contract. * @param _overhead Initial overhead value. * @param _scalar Initial scalar value. * @param _batcherHash Initial batcher hash. * @param _gasLimit Initial gas limit. */ constructor( address _owner, uint256 _overhead, uint256 _scalar, bytes32 _batcherHash, uint64 _gasLimit, address _unsafeBlockSigner ) Semver(1, 0, 0) { initialize(_owner, _overhead, _scalar, _batcherHash, _gasLimit, _unsafeBlockSigner); } /** * @notice Initializer. * * @param _owner Initial owner of the contract. * @param _overhead Initial overhead value. * @param _scalar Initial scalar value. * @param _batcherHash Initial batcher hash. * @param _gasLimit Initial gas limit. */ function initialize( address _owner, uint256 _overhead, uint256 _scalar, bytes32 _batcherHash, uint64 _gasLimit, address _unsafeBlockSigner ) public initializer { require(_gasLimit >= MINIMUM_GAS_LIMIT, "SystemConfig: gas limit too low"); __Ownable_init(); transferOwnership(_owner); overhead = _overhead; scalar = _scalar; batcherHash = _batcherHash; gasLimit = _gasLimit; _setUnsafeBlockSigner(_unsafeBlockSigner); } /** * @notice High level getter for the unsafe block signer address. * Unsafe blocks can be propagated across the p2p network * if they are signed by the key corresponding to this address. */ function unsafeBlockSigner() public view returns (address) { address addr; bytes32 slot = UNSAFE_BLOCK_SIGNER_SLOT; assembly { addr := sload(slot) } return addr; } /** * @notice Updates the batcher hash. * * @param _batcherHash New batcher hash. */ // solhint-disable-next-line ordering function setBatcherHash(bytes32 _batcherHash) external onlyOwner { batcherHash = _batcherHash; bytes memory data = abi.encode(_batcherHash); emit ConfigUpdate(VERSION, UpdateType.BATCHER, data); } /** * @notice Updates gas config. * * @param _overhead New overhead value. * @param _scalar New scalar value. */ function setGasConfig(uint256 _overhead, uint256 _scalar) external onlyOwner { overhead = _overhead; scalar = _scalar; bytes memory data = abi.encode(_overhead, _scalar); emit ConfigUpdate(VERSION, UpdateType.GAS_CONFIG, data); } function setUnsafeBlockSigner(address _unsafeBlockSigner) external onlyOwner { _setUnsafeBlockSigner(_unsafeBlockSigner); bytes memory data = abi.encode(_unsafeBlockSigner); emit ConfigUpdate(VERSION, UpdateType.UNSAFE_BLOCK_SIGNER, data); } /** * @notice Low level setter for the unsafe block signer address. * This function exists to deduplicate code around storing * the unsafeBlockSigner address in storage. * * @param _unsafeBlockSigner New unsafeBlockSigner value */ function _setUnsafeBlockSigner(address _unsafeBlockSigner) internal { bytes32 slot = UNSAFE_BLOCK_SIGNER_SLOT; assembly { sstore(slot, _unsafeBlockSigner) } } /** * @notice Updates the L2 gas limit. * * @param _gasLimit New gas limit. */ function setGasLimit(uint64 _gasLimit) external onlyOwner { require(_gasLimit >= MINIMUM_GAS_LIMIT, "SystemConfig: gas limit too low"); gasLimit = _gasLimit; bytes memory data = abi.encode(_gasLimit); emit ConfigUpdate(VERSION, UpdateType.GAS_LIMIT, data); } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { Semver } from "../universal/Semver.sol"; import { FeeVault } from "../universal/FeeVault.sol"; /** * @custom:proxied * @custom:predeploy 0x4200000000000000000000000000000000000019 * @title BaseFeeVault * @notice The BaseFeeVault accumulates the base fee that is paid by transactions. */ contract BaseFeeVault is FeeVault, Semver { /** * @custom:semver 1.0.0 * * @param _recipient Address that will receive the accumulated fees. */ constructor(address _recipient) FeeVault(_recipient, 10 ether) Semver(1, 0, 0) {} }
// SPDX-License-Identifier: MIT pragma solidity ^0.8.0; import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol"; import { AddressAliasHelper } from "../vendor/AddressAliasHelper.sol"; /** * @title CrossDomainOwnable * @notice This contract extends the OpenZeppelin `Ownable` contract for L2 contracts to be owned * by contracts on L1. Note that this contract is only safe to be used if the * CrossDomainMessenger system is bypassed and the caller on L1 is calling the * OptimismPortal directly. */ abstract contract CrossDomainOwnable is Ownable { /** * @notice Overrides the implementation of the `onlyOwner` modifier to check that the unaliased * `msg.sender` is the owner of the contract. */ function _checkOwner() internal view override { require( owner() == AddressAliasHelper.undoL1ToL2Alias(msg.sender), "CrossDomainOwnable: caller is not the owner" ); } }
// SPDX-License-Identifier: MIT pragma solidity ^0.8.0; import { Predeploys } from "../libraries/Predeploys.sol"; import { L2CrossDomainMessenger } from "./L2CrossDomainMessenger.sol"; import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol"; /** * @title CrossDomainOwnable2 * @notice This contract extends the OpenZeppelin `Ownable` contract for L2 contracts to be owned * by contracts on L1. Note that this contract is meant to be used with systems that use * the CrossDomainMessenger system. It will not work if the OptimismPortal is used * directly. */ abstract contract CrossDomainOwnable2 is Ownable { /** * @notice Overrides the implementation of the `onlyOwner` modifier to check that the unaliased * `xDomainMessageSender` is the owner of the contract. This value is set to the caller * of the L1CrossDomainMessenger. */ function _checkOwner() internal view override { L2CrossDomainMessenger messenger = L2CrossDomainMessenger( Predeploys.L2_CROSS_DOMAIN_MESSENGER ); require( msg.sender == address(messenger), "CrossDomainOwnable2: caller is not the messenger" ); require( owner() == messenger.xDomainMessageSender(), "CrossDomainOwnable2: caller is not the owner" ); } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { Semver } from "../universal/Semver.sol"; import { Predeploys } from "../libraries/Predeploys.sol"; import { L1Block } from "../L2/L1Block.sol"; /** * @custom:proxied * @custom:predeploy 0x420000000000000000000000000000000000000F * @title GasPriceOracle * @notice This contract maintains the variables responsible for computing the L1 portion of the * total fee charged on L2. Before Bedrock, this contract held variables in state that were * read during the state transition function to compute the L1 portion of the transaction * fee. After Bedrock, this contract now simply proxies the L1Block contract, which has * the values used to compute the L1 portion of the fee in its state. * * The contract exposes an API that is useful for knowing how large the L1 portion of the * transaction fee will be. The following events were deprecated with Bedrock: * - event OverheadUpdated(uint256 overhead); * - event ScalarUpdated(uint256 scalar); * - event DecimalsUpdated(uint256 decimals); */ contract GasPriceOracle is Semver { /** * @notice Number of decimals used in the scalar. */ uint256 public constant DECIMALS = 6; /** * @custom:semver 1.0.0 */ constructor() Semver(1, 0, 0) {} /** * @notice Computes the L1 portion of the fee based on the size of the rlp encoded input * transaction, the current L1 base fee, and the various dynamic parameters. * * @param _data Unsigned fully RLP-encoded transaction to get the L1 fee for. * * @return L1 fee that should be paid for the tx */ function getL1Fee(bytes memory _data) external view returns (uint256) { uint256 l1GasUsed = getL1GasUsed(_data); uint256 l1Fee = l1GasUsed * l1BaseFee(); uint256 divisor = 10**DECIMALS; uint256 unscaled = l1Fee * scalar(); uint256 scaled = unscaled / divisor; return scaled; } /** * @notice Retrieves the current gas price (base fee). * * @return Current L2 gas price (base fee). */ function gasPrice() public view returns (uint256) { return block.basefee; } /** * @notice Retrieves the current base fee. * * @return Current L2 base fee. */ function baseFee() public view returns (uint256) { return block.basefee; } /** * @notice Retrieves the current fee overhead. * * @return Current fee overhead. */ function overhead() public view returns (uint256) { return L1Block(Predeploys.L1_BLOCK_ATTRIBUTES).l1FeeOverhead(); } /** * @notice Retrieves the current fee scalar. * * @return Current fee scalar. */ function scalar() public view returns (uint256) { return L1Block(Predeploys.L1_BLOCK_ATTRIBUTES).l1FeeScalar(); } /** * @notice Retrieves the latest known L1 base fee. * * @return Latest known L1 base fee. */ function l1BaseFee() public view returns (uint256) { return L1Block(Predeploys.L1_BLOCK_ATTRIBUTES).basefee(); } /** * @custom:legacy * @notice Retrieves the number of decimals used in the scalar. * * @return Number of decimals used in the scalar. */ function decimals() public pure returns (uint256) { return DECIMALS; } /** * @notice Computes the amount of L1 gas used for a transaction. Adds the overhead which * represents the per-transaction gas overhead of posting the transaction and state * roots to L1. Adds 68 bytes of padding to account for the fact that the input does * not have a signature. * * @param _data Unsigned fully RLP-encoded transaction to get the L1 gas for. * * @return Amount of L1 gas used to publish the transaction. */ function getL1GasUsed(bytes memory _data) public view returns (uint256) { uint256 total = 0; uint256 length = _data.length; for (uint256 i = 0; i < length; i++) { if (_data[i] == 0) { total += 4; } else { total += 16; } } uint256 unsigned = total + overhead(); return unsigned + (68 * 16); } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { Semver } from "../universal/Semver.sol"; /** * @custom:proxied * @custom:predeploy 0x4200000000000000000000000000000000000015 * @title L1Block * @notice The L1Block predeploy gives users access to information about the last known L1 block. * Values within this contract are updated once per epoch (every L1 block) and can only be * set by the "depositor" account, a special system address. Depositor account transactions * are created by the protocol whenever we move to a new epoch. */ contract L1Block is Semver { /** * @notice Address of the special depositor account. */ address public constant DEPOSITOR_ACCOUNT = 0xDeaDDEaDDeAdDeAdDEAdDEaddeAddEAdDEAd0001; /** * @notice The latest L1 block number known by the L2 system. */ uint64 public number; /** * @notice The latest L1 timestamp known by the L2 system. */ uint64 public timestamp; /** * @notice The latest L1 basefee. */ uint256 public basefee; /** * @notice The latest L1 blockhash. */ bytes32 public hash; /** * @notice The number of L2 blocks in the same epoch. */ uint64 public sequenceNumber; /** * @notice The versioned hash to authenticate the batcher by. */ bytes32 public batcherHash; /** * @notice The overhead value applied to the L1 portion of the transaction * fee. */ uint256 public l1FeeOverhead; /** * @notice The scalar value applied to the L1 portion of the transaction fee. */ uint256 public l1FeeScalar; /** * @custom:semver 1.0.0 */ constructor() Semver(1, 0, 0) {} /** * @notice Updates the L1 block values. * * @param _number L1 blocknumber. * @param _timestamp L1 timestamp. * @param _basefee L1 basefee. * @param _hash L1 blockhash. * @param _sequenceNumber Number of L2 blocks since epoch start. * @param _batcherHash Versioned hash to authenticate batcher by. * @param _l1FeeOverhead L1 fee overhead. * @param _l1FeeScalar L1 fee scalar. */ function setL1BlockValues( uint64 _number, uint64 _timestamp, uint256 _basefee, bytes32 _hash, uint64 _sequenceNumber, bytes32 _batcherHash, uint256 _l1FeeOverhead, uint256 _l1FeeScalar ) external { require( msg.sender == DEPOSITOR_ACCOUNT, "L1Block: only the depositor account can set L1 block values" ); number = _number; timestamp = _timestamp; basefee = _basefee; hash = _hash; sequenceNumber = _sequenceNumber; batcherHash = _batcherHash; l1FeeOverhead = _l1FeeOverhead; l1FeeScalar = _l1FeeScalar; } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { Semver } from "../universal/Semver.sol"; import { FeeVault } from "../universal/FeeVault.sol"; /** * @custom:proxied * @custom:predeploy 0x420000000000000000000000000000000000001A * @title L1FeeVault * @notice The L1FeeVault accumulates the L1 portion of the transaction fees. */ contract L1FeeVault is FeeVault, Semver { /** * @custom:semver 1.0.0 * * @param _recipient Address that will receive the accumulated fees. */ constructor(address _recipient) FeeVault(_recipient, 10 ether) Semver(1, 0, 0) {} }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { AddressAliasHelper } from "../vendor/AddressAliasHelper.sol"; import { Predeploys } from "../libraries/Predeploys.sol"; import { CrossDomainMessenger } from "../universal/CrossDomainMessenger.sol"; import { Semver } from "../universal/Semver.sol"; import { L2ToL1MessagePasser } from "./L2ToL1MessagePasser.sol"; /** * @custom:proxied * @custom:predeploy 0x4200000000000000000000000000000000000007 * @title L2CrossDomainMessenger * @notice The L2CrossDomainMessenger is a high-level interface for message passing between L1 and * L2 on the L2 side. Users are generally encouraged to use this contract instead of lower * level message passing contracts. */ contract L2CrossDomainMessenger is CrossDomainMessenger, Semver { /** * @custom:semver 1.0.0 * * @param _l1CrossDomainMessenger Address of the L1CrossDomainMessenger contract. */ constructor(address _l1CrossDomainMessenger) Semver(1, 0, 0) CrossDomainMessenger(_l1CrossDomainMessenger) { initialize(); } /** * @notice Initializer. */ function initialize() public initializer { __CrossDomainMessenger_init(); } /** * @custom:legacy * @notice Legacy getter for the remote messenger. Use otherMessenger going forward. * * @return Address of the L1CrossDomainMessenger contract. */ function l1CrossDomainMessenger() public view returns (address) { return OTHER_MESSENGER; } /** * @inheritdoc CrossDomainMessenger */ function _sendMessage( address _to, uint64 _gasLimit, uint256 _value, bytes memory _data ) internal override { L2ToL1MessagePasser(payable(Predeploys.L2_TO_L1_MESSAGE_PASSER)).initiateWithdrawal{ value: _value }(_to, _gasLimit, _data); } /** * @inheritdoc CrossDomainMessenger */ function _isOtherMessenger() internal view override returns (bool) { return AddressAliasHelper.undoL1ToL2Alias(msg.sender) == OTHER_MESSENGER; } /** * @inheritdoc CrossDomainMessenger */ function _isUnsafeTarget(address _target) internal view override returns (bool) { return _target == address(this) || _target == address(Predeploys.L2_TO_L1_MESSAGE_PASSER); } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { ERC721Bridge } from "../universal/ERC721Bridge.sol"; import { ERC165Checker } from "@openzeppelin/contracts/utils/introspection/ERC165Checker.sol"; import { L1ERC721Bridge } from "../L1/L1ERC721Bridge.sol"; import { IOptimismMintableERC721 } from "../universal/IOptimismMintableERC721.sol"; import { Semver } from "../universal/Semver.sol"; /** * @title L2ERC721Bridge * @notice The L2 ERC721 bridge is a contract which works together with the L1 ERC721 bridge to * make it possible to transfer ERC721 tokens from Ethereum to Optimism. This contract * acts as a minter for new tokens when it hears about deposits into the L1 ERC721 bridge. * This contract also acts as a burner for tokens being withdrawn. * **WARNING**: Do not bridge an ERC721 that was originally deployed on Optimism. This * bridge ONLY supports ERC721s originally deployed on Ethereum. Users will need to * wait for the one-week challenge period to elapse before their Optimism-native NFT * can be refunded on L2. */ contract L2ERC721Bridge is ERC721Bridge, Semver { /** * @custom:semver 1.0.0 * * @param _messenger Address of the CrossDomainMessenger on this network. * @param _otherBridge Address of the ERC721 bridge on the other network. */ constructor(address _messenger, address _otherBridge) Semver(1, 0, 0) ERC721Bridge(_messenger, _otherBridge) {} /** * @notice Completes an ERC721 bridge from the other domain and sends the ERC721 token to the * recipient on this domain. * * @param _localToken Address of the ERC721 token on this domain. * @param _remoteToken Address of the ERC721 token on the other domain. * @param _from Address that triggered the bridge on the other domain. * @param _to Address to receive the token on this domain. * @param _tokenId ID of the token being deposited. * @param _extraData Optional data to forward to L1. Data supplied here will not be used to * execute any code on L1 and is only emitted as extra data for the * convenience of off-chain tooling. */ function finalizeBridgeERC721( address _localToken, address _remoteToken, address _from, address _to, uint256 _tokenId, bytes calldata _extraData ) external onlyOtherBridge { require(_localToken != address(this), "L2ERC721Bridge: local token cannot be self"); // Note that supportsInterface makes a callback to the _localToken address which is user // provided. require( ERC165Checker.supportsInterface(_localToken, type(IOptimismMintableERC721).interfaceId), "L2ERC721Bridge: local token interface is not compliant" ); require( _remoteToken == IOptimismMintableERC721(_localToken).remoteToken(), "L2ERC721Bridge: wrong remote token for Optimism Mintable ERC721 local token" ); // When a deposit is finalized, we give the NFT with the same tokenId to the account // on L2. Note that safeMint makes a callback to the _to address which is user provided. IOptimismMintableERC721(_localToken).safeMint(_to, _tokenId); // slither-disable-next-line reentrancy-events emit ERC721BridgeFinalized(_localToken, _remoteToken, _from, _to, _tokenId, _extraData); } /** * @inheritdoc ERC721Bridge */ function _initiateBridgeERC721( address _localToken, address _remoteToken, address _from, address _to, uint256 _tokenId, uint32 _minGasLimit, bytes calldata _extraData ) internal override { require(_remoteToken != address(0), "ERC721Bridge: remote token cannot be address(0)"); // Check that the withdrawal is being initiated by the NFT owner require( _from == IOptimismMintableERC721(_localToken).ownerOf(_tokenId), "Withdrawal is not being initiated by NFT owner" ); // Construct calldata for l1ERC721Bridge.finalizeBridgeERC721(_to, _tokenId) // slither-disable-next-line reentrancy-events address remoteToken = IOptimismMintableERC721(_localToken).remoteToken(); require( remoteToken == _remoteToken, "L2ERC721Bridge: remote token does not match given value" ); // When a withdrawal is initiated, we burn the withdrawer's NFT to prevent subsequent L2 // usage // slither-disable-next-line reentrancy-events IOptimismMintableERC721(_localToken).burn(_from, _tokenId); bytes memory message = abi.encodeWithSelector( L1ERC721Bridge.finalizeBridgeERC721.selector, remoteToken, _localToken, _from, _to, _tokenId, _extraData ); // Send message to L1 bridge // slither-disable-next-line reentrancy-events MESSENGER.sendMessage(OTHER_BRIDGE, message, _minGasLimit); // slither-disable-next-line reentrancy-events emit ERC721BridgeInitiated(_localToken, remoteToken, _from, _to, _tokenId, _extraData); } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { Predeploys } from "../libraries/Predeploys.sol"; import { StandardBridge } from "../universal/StandardBridge.sol"; import { Semver } from "../universal/Semver.sol"; import { OptimismMintableERC20 } from "../universal/OptimismMintableERC20.sol"; /** * @custom:proxied * @custom:predeploy 0x4200000000000000000000000000000000000010 * @title L2StandardBridge * @notice The L2StandardBridge is responsible for transfering ETH and ERC20 tokens between L1 and * L2. In the case that an ERC20 token is native to L2, it will be escrowed within this * contract. If the ERC20 token is native to L1, it will be burnt. * NOTE: this contract is not intended to support all variations of ERC20 tokens. Examples * of some token types that may not be properly supported by this contract include, but are * not limited to: tokens with transfer fees, rebasing tokens, and tokens with blocklists. */ contract L2StandardBridge is StandardBridge, Semver { /** * @custom:legacy * @notice Emitted whenever a withdrawal from L2 to L1 is initiated. * * @param l1Token Address of the token on L1. * @param l2Token Address of the corresponding token on L2. * @param from Address of the withdrawer. * @param to Address of the recipient on L1. * @param amount Amount of the ERC20 withdrawn. * @param extraData Extra data attached to the withdrawal. */ event WithdrawalInitiated( address indexed l1Token, address indexed l2Token, address indexed from, address to, uint256 amount, bytes extraData ); /** * @custom:legacy * @notice Emitted whenever an ERC20 deposit is finalized. * * @param l1Token Address of the token on L1. * @param l2Token Address of the corresponding token on L2. * @param from Address of the depositor. * @param to Address of the recipient on L2. * @param amount Amount of the ERC20 deposited. * @param extraData Extra data attached to the deposit. */ event DepositFinalized( address indexed l1Token, address indexed l2Token, address indexed from, address to, uint256 amount, bytes extraData ); /** * @custom:semver 1.0.0 * * @param _otherBridge Address of the L1StandardBridge. */ constructor(address payable _otherBridge) Semver(1, 0, 0) StandardBridge(payable(Predeploys.L2_CROSS_DOMAIN_MESSENGER), _otherBridge) {} /** * @custom:legacy * @notice Initiates a withdrawal from L2 to L1. * * @param _l2Token Address of the L2 token to withdraw. * @param _amount Amount of the L2 token to withdraw. * @param _minGasLimit Minimum gas limit to use for the transaction. * @param _extraData Extra data attached to the withdrawal. */ function withdraw( address _l2Token, uint256 _amount, uint32 _minGasLimit, bytes calldata _extraData ) external payable virtual onlyEOA { _initiateWithdrawal(_l2Token, msg.sender, msg.sender, _amount, _minGasLimit, _extraData); } /** * @custom:legacy * @notice Initiates a withdrawal from L2 to L1 to a target account on L1. * Note that if ETH is sent to a contract on L1 and the call fails, then that ETH will * be locked in the L1StandardBridge. ETH may be recoverable if the call can be * successfully replayed by increasing the amount of gas supplied to the call. If the * call will fail for any amount of gas, then the ETH will be locked permanently. * * @param _l2Token Address of the L2 token to withdraw. * @param _to Recipient account on L1. * @param _amount Amount of the L2 token to withdraw. * @param _minGasLimit Minimum gas limit to use for the transaction. * @param _extraData Extra data attached to the withdrawal. */ function withdrawTo( address _l2Token, address _to, uint256 _amount, uint32 _minGasLimit, bytes calldata _extraData ) external payable virtual { _initiateWithdrawal(_l2Token, msg.sender, _to, _amount, _minGasLimit, _extraData); } /** * @custom:legacy * @notice Finalizes a deposit from L1 to L2. * * @param _l1Token Address of the L1 token to deposit. * @param _l2Token Address of the corresponding L2 token. * @param _from Address of the depositor. * @param _to Address of the recipient. * @param _amount Amount of the tokens being deposited. * @param _extraData Extra data attached to the deposit. */ function finalizeDeposit( address _l1Token, address _l2Token, address _from, address _to, uint256 _amount, bytes calldata _extraData ) external payable virtual { if (_l1Token == address(0) && _l2Token == Predeploys.LEGACY_ERC20_ETH) { finalizeBridgeETH(_from, _to, _amount, _extraData); } else { finalizeBridgeERC20(_l2Token, _l1Token, _from, _to, _amount, _extraData); } emit DepositFinalized(_l1Token, _l2Token, _from, _to, _amount, _extraData); } /** * @custom:legacy * @notice Retrieves the access of the corresponding L1 bridge contract. * * @return Address of the corresponding L1 bridge contract. */ function l1TokenBridge() external view returns (address) { return address(OTHER_BRIDGE); } /** * @custom:legacy * @notice Internal function to a withdrawal from L2 to L1 to a target account on L1. * * @param _l2Token Address of the L2 token to withdraw. * @param _from Address of the withdrawer. * @param _to Recipient account on L1. * @param _amount Amount of the L2 token to withdraw. * @param _minGasLimit Minimum gas limit to use for the transaction. * @param _extraData Extra data attached to the withdrawal. */ function _initiateWithdrawal( address _l2Token, address _from, address _to, uint256 _amount, uint32 _minGasLimit, bytes calldata _extraData ) internal { address l1Token = OptimismMintableERC20(_l2Token).l1Token(); if (_l2Token == Predeploys.LEGACY_ERC20_ETH) { _initiateBridgeETH(_from, _to, _amount, _minGasLimit, _extraData); } else { _initiateBridgeERC20(_l2Token, l1Token, _from, _to, _amount, _minGasLimit, _extraData); } emit WithdrawalInitiated(l1Token, _l2Token, _from, _to, _amount, _extraData); } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { Types } from "../libraries/Types.sol"; import { Hashing } from "../libraries/Hashing.sol"; import { Encoding } from "../libraries/Encoding.sol"; import { Burn } from "../libraries/Burn.sol"; import { Semver } from "../universal/Semver.sol"; /** * @custom:proxied * @custom:predeploy 0x4200000000000000000000000000000000000016 * @title L2ToL1MessagePasser * @notice The L2ToL1MessagePasser is a dedicated contract where messages that are being sent from * L2 to L1 can be stored. The storage root of this contract is pulled up to the top level * of the L2 output to reduce the cost of proving the existence of sent messages. */ contract L2ToL1MessagePasser is Semver { /** * @notice The L1 gas limit set when eth is withdrawn using the receive() function. */ uint256 internal constant RECEIVE_DEFAULT_GAS_LIMIT = 100_000; /** * @notice Current message version identifier. */ uint16 public constant MESSAGE_VERSION = 1; /** * @notice Includes the message hashes for all withdrawals */ mapping(bytes32 => bool) public sentMessages; /** * @notice A unique value hashed with each withdrawal. */ uint240 internal msgNonce; /** * @notice Emitted any time a withdrawal is initiated. * * @param nonce Unique value corresponding to each withdrawal. * @param sender The L2 account address which initiated the withdrawal. * @param target The L1 account address the call will be send to. * @param value The ETH value submitted for withdrawal, to be forwarded to the target. * @param gasLimit The minimum amount of gas that must be provided when withdrawing. * @param data The data to be forwarded to the target on L1. * @param withdrawalHash The hash of the withdrawal. */ event MessagePassed( uint256 indexed nonce, address indexed sender, address indexed target, uint256 value, uint256 gasLimit, bytes data, bytes32 withdrawalHash ); /** * @notice Emitted when the balance of this contract is burned. * * @param amount Amount of ETh that was burned. */ event WithdrawerBalanceBurnt(uint256 indexed amount); /** * @custom:semver 1.0.0 */ constructor() Semver(1, 0, 0) {} /** * @notice Allows users to withdraw ETH by sending directly to this contract. */ receive() external payable { initiateWithdrawal(msg.sender, RECEIVE_DEFAULT_GAS_LIMIT, bytes("")); } /** * @notice Removes all ETH held by this contract from the state. Used to prevent the amount of * ETH on L2 inflating when ETH is withdrawn. Currently only way to do this is to * create a contract and self-destruct it to itself. Anyone can call this function. Not * incentivized since this function is very cheap. */ function burn() external { uint256 balance = address(this).balance; Burn.eth(balance); emit WithdrawerBalanceBurnt(balance); } /** * @notice Sends a message from L2 to L1. * * @param _target Address to call on L1 execution. * @param _gasLimit Minimum gas limit for executing the message on L1. * @param _data Data to forward to L1 target. */ function initiateWithdrawal( address _target, uint256 _gasLimit, bytes memory _data ) public payable { bytes32 withdrawalHash = Hashing.hashWithdrawal( Types.WithdrawalTransaction({ nonce: messageNonce(), sender: msg.sender, target: _target, value: msg.value, gasLimit: _gasLimit, data: _data }) ); sentMessages[withdrawalHash] = true; emit MessagePassed( messageNonce(), msg.sender, _target, msg.value, _gasLimit, _data, withdrawalHash ); unchecked { ++msgNonce; } } /** * @notice Retrieves the next message nonce. Message version will be added to the upper two * bytes of the message nonce. Message version allows us to treat messages as having * different structures. * * @return Nonce of the next message to be sent, with added message version. */ function messageNonce() public view returns (uint256) { return Encoding.encodeVersionedNonce(msgNonce, MESSAGE_VERSION); } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { Semver } from "../universal/Semver.sol"; import { FeeVault } from "../universal/FeeVault.sol"; /** * @custom:proxied * @custom:predeploy 0x4200000000000000000000000000000000000011 * @title SequencerFeeVault * @notice The SequencerFeeVault is the contract that holds any fees paid to the Sequencer during * transaction processing and block production. */ contract SequencerFeeVault is FeeVault, Semver { /** * @custom:semver 1.0.0 * * @param _recipient Address that will receive the accumulated fees. */ constructor(address _recipient) FeeVault(_recipient, 10 ether) Semver(1, 0, 0) {} /** * @custom:legacy * @notice Legacy getter for the recipient address. * * @return The recipient address. */ function l1FeeWallet() public view returns (address) { return RECIPIENT; } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { OptimismPortal } from "../L1/OptimismPortal.sol"; /** * @title PortalSender * @notice The PortalSender is a simple intermediate contract that will transfer the balance of the * L1StandardBridge to the OptimismPortal during the Bedrock migration. */ contract PortalSender { /** * @notice Address of the OptimismPortal contract. */ OptimismPortal public immutable PORTAL; /** * @param _portal Address of the OptimismPortal contract. */ constructor(OptimismPortal _portal) { PORTAL = _portal; } /** * @notice Sends balance of this contract to the OptimismPortal. */ function donate() public { PORTAL.donateETH{ value: address(this).balance }(); } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { OwnableUpgradeable } from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol"; import { L2OutputOracle } from "../L1/L2OutputOracle.sol"; import { OptimismPortal } from "../L1/OptimismPortal.sol"; import { L1CrossDomainMessenger } from "../L1/L1CrossDomainMessenger.sol"; import { L1ERC721Bridge } from "../L1/L1ERC721Bridge.sol"; import { L1StandardBridge } from "../L1/L1StandardBridge.sol"; import { L1ChugSplashProxy } from "../legacy/L1ChugSplashProxy.sol"; import { AddressManager } from "../legacy/AddressManager.sol"; import { Proxy } from "../universal/Proxy.sol"; import { ProxyAdmin } from "../universal/ProxyAdmin.sol"; import { OptimismMintableERC20Factory } from "../universal/OptimismMintableERC20Factory.sol"; import { PortalSender } from "./PortalSender.sol"; import { SystemConfig } from "../L1/SystemConfig.sol"; /** * @title SystemDictator * @notice The SystemDictator is responsible for coordinating the deployment of a full Bedrock * system. The SystemDictator is designed to support both fresh network deployments and * upgrades to existing pre-Bedrock systems. */ contract SystemDictator is OwnableUpgradeable { /** * @notice Basic system configuration. */ struct GlobalConfig { AddressManager addressManager; ProxyAdmin proxyAdmin; address controller; address finalOwner; } /** * @notice Set of proxy addresses. */ struct ProxyAddressConfig { address l2OutputOracleProxy; address optimismPortalProxy; address l1CrossDomainMessengerProxy; address l1StandardBridgeProxy; address optimismMintableERC20FactoryProxy; address l1ERC721BridgeProxy; address systemConfigProxy; } /** * @notice Set of implementation addresses. */ struct ImplementationAddressConfig { L2OutputOracle l2OutputOracleImpl; OptimismPortal optimismPortalImpl; L1CrossDomainMessenger l1CrossDomainMessengerImpl; L1StandardBridge l1StandardBridgeImpl; OptimismMintableERC20Factory optimismMintableERC20FactoryImpl; L1ERC721Bridge l1ERC721BridgeImpl; PortalSender portalSenderImpl; SystemConfig systemConfigImpl; } /** * @notice Dynamic L2OutputOracle config. */ struct L2OutputOracleDynamicConfig { uint256 l2OutputOracleStartingBlockNumber; uint256 l2OutputOracleStartingTimestamp; } /** * @notice Values for the system config contract. */ struct SystemConfigConfig { address owner; uint256 overhead; uint256 scalar; bytes32 batcherHash; uint64 gasLimit; address unsafeBlockSigner; } /** * @notice Combined system configuration. */ struct DeployConfig { GlobalConfig globalConfig; ProxyAddressConfig proxyAddressConfig; ImplementationAddressConfig implementationAddressConfig; SystemConfigConfig systemConfigConfig; } /** * @notice Step after which exit 1 can no longer be used. */ uint8 public constant EXIT_1_NO_RETURN_STEP = 3; /** * @notice Step where proxy ownership is transferred. */ uint8 public constant PROXY_TRANSFER_STEP = 4; /** * @notice System configuration. */ DeployConfig public config; /** * @notice Dynamic configuration for the L2OutputOracle. */ L2OutputOracleDynamicConfig public l2OutputOracleDynamicConfig; /** * @notice Current step; */ uint8 public currentStep; /** * @notice Whether or not dynamic config has been set. */ bool public dynamicConfigSet; /** * @notice Whether or not the deployment is finalized. */ bool public finalized; /** * @notice Address of the old L1CrossDomainMessenger implementation. */ address public oldL1CrossDomainMessenger; /** * @notice Checks that the current step is the expected step, then bumps the current step. * * @param _step Current step. */ modifier step(uint8 _step) { require(currentStep == _step, "BaseSystemDictator: incorrect step"); _; currentStep++; } /** * @param _config System configuration. */ function initialize(DeployConfig memory _config) public initializer { config = _config; currentStep = 1; __Ownable_init(); _transferOwnership(config.globalConfig.controller); } /** * @notice Allows the owner to update dynamic L2OutputOracle config. * * @param _l2OutputOracleDynamicConfig Dynamic L2OutputOracle config. */ function updateL2OutputOracleDynamicConfig( L2OutputOracleDynamicConfig memory _l2OutputOracleDynamicConfig ) external onlyOwner { l2OutputOracleDynamicConfig = _l2OutputOracleDynamicConfig; dynamicConfigSet = true; } /** * @notice Configures the ProxyAdmin contract. */ function step1() external onlyOwner step(1) { // Set the AddressManager in the ProxyAdmin. config.globalConfig.proxyAdmin.setAddressManager(config.globalConfig.addressManager); // Set the L1CrossDomainMessenger to the RESOLVED proxy type. config.globalConfig.proxyAdmin.setProxyType( config.proxyAddressConfig.l1CrossDomainMessengerProxy, ProxyAdmin.ProxyType.RESOLVED ); // Set the implementation name for the L1CrossDomainMessenger. config.globalConfig.proxyAdmin.setImplementationName( config.proxyAddressConfig.l1CrossDomainMessengerProxy, "OVM_L1CrossDomainMessenger" ); // Set the L1StandardBridge to the CHUGSPLASH proxy type. config.globalConfig.proxyAdmin.setProxyType( config.proxyAddressConfig.l1StandardBridgeProxy, ProxyAdmin.ProxyType.CHUGSPLASH ); } /** * @notice Pauses the system by shutting down the L1CrossDomainMessenger and setting the * deposit halt flag to tell the Sequencer's DTL to stop accepting deposits. */ function step2() external onlyOwner step(2) { // Store the address of the old L1CrossDomainMessenger implementation. We will need this // address in the case that we have to exit early. oldL1CrossDomainMessenger = config.globalConfig.addressManager.getAddress( "OVM_L1CrossDomainMessenger" ); // Temporarily brick the L1CrossDomainMessenger by setting its implementation address to // address(0) which will cause the ResolvedDelegateProxy to revert. Better than pausing // the L1CrossDomainMessenger via pause() because it can be easily reverted. config.globalConfig.addressManager.setAddress("OVM_L1CrossDomainMessenger", address(0)); // Set the DTL shutoff block, which will tell the DTL to stop syncing new deposits from the // CanonicalTransactionChain. We do this by setting an address in the AddressManager // because the DTL already has a reference to the AddressManager and this way we don't also // need to give it a reference to the SystemDictator. config.globalConfig.addressManager.setAddress( "DTL_SHUTOFF_BLOCK", address(uint160(block.number)) ); } /** * @notice Removes deprecated addresses from the AddressManager. */ function step3() external onlyOwner step(EXIT_1_NO_RETURN_STEP) { // Remove all deprecated addresses from the AddressManager string[17] memory deprecated = [ "OVM_CanonicalTransactionChain", "OVM_L2CrossDomainMessenger", "OVM_DecompressionPrecompileAddress", "OVM_Sequencer", "OVM_Proposer", "OVM_ChainStorageContainer-CTC-batches", "OVM_ChainStorageContainer-CTC-queue", "OVM_CanonicalTransactionChain", "OVM_StateCommitmentChain", "OVM_BondManager", "OVM_ExecutionManager", "OVM_FraudVerifier", "OVM_StateManagerFactory", "OVM_StateTransitionerFactory", "OVM_SafetyChecker", "OVM_L1MultiMessageRelayer", "BondManager" ]; for (uint256 i = 0; i < deprecated.length; i++) { config.globalConfig.addressManager.setAddress(deprecated[i], address(0)); } } /** * @notice Transfers system ownership to the ProxyAdmin. */ function step4() external onlyOwner step(PROXY_TRANSFER_STEP) { // Transfer ownership of the AddressManager to the ProxyAdmin. config.globalConfig.addressManager.transferOwnership( address(config.globalConfig.proxyAdmin) ); // Transfer ownership of the L1StandardBridge to the ProxyAdmin. L1ChugSplashProxy(payable(config.proxyAddressConfig.l1StandardBridgeProxy)).setOwner( address(config.globalConfig.proxyAdmin) ); // Transfer ownership of the L1ERC721Bridge to the ProxyAdmin. Proxy(payable(config.proxyAddressConfig.l1ERC721BridgeProxy)).changeAdmin( address(config.globalConfig.proxyAdmin) ); } /** * @notice Upgrades and initializes proxy contracts. */ function step5() external onlyOwner step(5) { // Dynamic config must be set before we can initialize the L2OutputOracle. require(dynamicConfigSet, "SystemDictator: dynamic oracle config is not yet initialized"); // Upgrade and initialize the L2OutputOracle. config.globalConfig.proxyAdmin.upgradeAndCall( payable(config.proxyAddressConfig.l2OutputOracleProxy), address(config.implementationAddressConfig.l2OutputOracleImpl), abi.encodeCall( L2OutputOracle.initialize, ( l2OutputOracleDynamicConfig.l2OutputOracleStartingBlockNumber, l2OutputOracleDynamicConfig.l2OutputOracleStartingTimestamp ) ) ); // Upgrade and initialize the OptimismPortal. config.globalConfig.proxyAdmin.upgradeAndCall( payable(config.proxyAddressConfig.optimismPortalProxy), address(config.implementationAddressConfig.optimismPortalImpl), abi.encodeCall(OptimismPortal.initialize, ()) ); // Upgrade the L1CrossDomainMessenger. config.globalConfig.proxyAdmin.upgrade( payable(config.proxyAddressConfig.l1CrossDomainMessengerProxy), address(config.implementationAddressConfig.l1CrossDomainMessengerImpl) ); // Try to initialize the L1CrossDomainMessenger, only fail if it's already been initialized. try L1CrossDomainMessenger(config.proxyAddressConfig.l1CrossDomainMessengerProxy) .initialize(address(this)) { // L1CrossDomainMessenger is the one annoying edge case difference between existing // networks and fresh networks because in existing networks it'll already be // initialized but in fresh networks it won't be. Try/catch is the easiest and most // consistent way to handle this because initialized() is not exposed publicly. } catch Error(string memory reason) { require( keccak256(abi.encodePacked(reason)) == keccak256("Initializable: contract is already initialized"), string.concat("SystemDictator: unexpected error initializing L1XDM: ", reason) ); } catch { revert("SystemDictator: unexpected error initializing L1XDM (no reason)"); } // Transfer ETH from the L1StandardBridge to the OptimismPortal. config.globalConfig.proxyAdmin.upgradeAndCall( payable(config.proxyAddressConfig.l1StandardBridgeProxy), address(config.implementationAddressConfig.portalSenderImpl), abi.encodeCall(PortalSender.donate, ()) ); // Upgrade the L1StandardBridge (no initializer). config.globalConfig.proxyAdmin.upgrade( payable(config.proxyAddressConfig.l1StandardBridgeProxy), address(config.implementationAddressConfig.l1StandardBridgeImpl) ); // Upgrade the OptimismMintableERC20Factory (no initializer). config.globalConfig.proxyAdmin.upgrade( payable(config.proxyAddressConfig.optimismMintableERC20FactoryProxy), address(config.implementationAddressConfig.optimismMintableERC20FactoryImpl) ); // Upgrade the L1ERC721Bridge (no initializer). config.globalConfig.proxyAdmin.upgrade( payable(config.proxyAddressConfig.l1ERC721BridgeProxy), address(config.implementationAddressConfig.l1ERC721BridgeImpl) ); // Upgrade and initialize the SystemConfig. config.globalConfig.proxyAdmin.upgradeAndCall( payable(config.proxyAddressConfig.systemConfigProxy), address(config.implementationAddressConfig.systemConfigImpl), abi.encodeCall( SystemConfig.initialize, ( config.systemConfigConfig.owner, config.systemConfigConfig.overhead, config.systemConfigConfig.scalar, config.systemConfigConfig.batcherHash, config.systemConfigConfig.gasLimit, config.systemConfigConfig.unsafeBlockSigner ) ) ); // Pause the L1CrossDomainMessenger, chance to check that everything is OK. L1CrossDomainMessenger(config.proxyAddressConfig.l1CrossDomainMessengerProxy).pause(); } /** * @notice Unpauses the system at which point the system should be fully operational. */ function step6() external onlyOwner step(6) { // Unpause the L1CrossDomainMessenger. L1CrossDomainMessenger(config.proxyAddressConfig.l1CrossDomainMessengerProxy).unpause(); } /** * @notice Tranfers admin ownership to the final owner. */ function finalize() external onlyOwner { // Transfer ownership of the L1CrossDomainMessenger to the final owner. L1CrossDomainMessenger(config.proxyAddressConfig.l1CrossDomainMessengerProxy) .transferOwnership(config.globalConfig.finalOwner); // Transfer ownership of the ProxyAdmin to the final owner. config.globalConfig.proxyAdmin.transferOwnership(config.globalConfig.finalOwner); // Optionally also transfer AddressManager and L1StandardBridge if we still own it. Might // happen if we're exiting early. if (currentStep <= PROXY_TRANSFER_STEP) { // Transfer ownership of the AddressManager to the final owner. config.globalConfig.addressManager.transferOwnership( address(config.globalConfig.finalOwner) ); // Transfer ownership of the L1StandardBridge to the final owner. L1ChugSplashProxy(payable(config.proxyAddressConfig.l1StandardBridgeProxy)).setOwner( address(config.globalConfig.finalOwner) ); // Transfer ownership of the L1ERC721Bridge to the final owner. Proxy(payable(config.proxyAddressConfig.l1ERC721BridgeProxy)).changeAdmin( address(config.globalConfig.finalOwner) ); } finalized = true; } /** * @notice First exit point, can only be called before step 3 is executed. */ function exit1() external onlyOwner { require( currentStep == EXIT_1_NO_RETURN_STEP, "SystemDictator: can only exit1 before step 3 is executed" ); // Reset the L1CrossDomainMessenger to the old implementation. config.globalConfig.addressManager.setAddress( "OVM_L1CrossDomainMessenger", oldL1CrossDomainMessenger ); // Unset the DTL shutoff block which will allow the DTL to sync again. config.globalConfig.addressManager.setAddress("DTL_SHUTOFF_BLOCK", address(0)); } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol"; /** * @custom:legacy * @title AddressManager * @notice AddressManager is a legacy contract that was used in the old version of the Optimism * system to manage a registry of string names to addresses. We now use a more standard * proxy system instead, but this contract is still necessary for backwards compatibility * with several older contracts. */ contract AddressManager is Ownable { /** * @notice Mapping of the hashes of string names to addresses. */ mapping(bytes32 => address) private addresses; /** * @notice Emitted when an address is modified in the registry. * * @param name String name being set in the registry. * @param newAddress Address set for the given name. * @param oldAddress Address that was previously set for the given name. */ event AddressSet(string indexed name, address newAddress, address oldAddress); /** * @notice Changes the address associated with a particular name. * * @param _name String name to associate an address with. * @param _address Address to associate with the name. */ function setAddress(string memory _name, address _address) external onlyOwner { bytes32 nameHash = _getNameHash(_name); address oldAddress = addresses[nameHash]; addresses[nameHash] = _address; emit AddressSet(_name, _address, oldAddress); } /** * @notice Retrieves the address associated with a given name. * * @param _name Name to retrieve an address for. * * @return Address associated with the given name. */ function getAddress(string memory _name) external view returns (address) { return addresses[_getNameHash(_name)]; } /** * @notice Computes the hash of a name. * * @param _name Name to compute a hash for. * * @return Hash of the given name. */ function _getNameHash(string memory _name) internal pure returns (bytes32) { return keccak256(abi.encodePacked(_name)); } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { Semver } from "../universal/Semver.sol"; /** * @custom:legacy * @custom:proxied * @custom:predeployed 0x4200000000000000000000000000000000000002 * @title DeployerWhitelist * @notice DeployerWhitelist is a legacy contract that was originally used to act as a whitelist of * addresses allowed to the Optimism network. The DeployerWhitelist has since been * disabled, but the code is kept in state for the sake of full backwards compatibility. * As of the Bedrock upgrade, the DeployerWhitelist is completely unused by the Optimism * system and could, in theory, be removed entirely. */ contract DeployerWhitelist is Semver { /** * @notice Address of the owner of this contract. Note that when this address is set to * address(0), the whitelist is disabled. */ address public owner; /** * @notice Mapping of deployer addresses to boolean whitelist status. */ mapping(address => bool) public whitelist; /** * @notice Emitted when the owner of this contract changes. * * @param oldOwner Address of the previous owner. * @param newOwner Address of the new owner. */ event OwnerChanged(address oldOwner, address newOwner); /** * @notice Emitted when the whitelist status of a deployer changes. * * @param deployer Address of the deployer. * @param whitelisted Boolean indicating whether the deployer is whitelisted. */ event WhitelistStatusChanged(address deployer, bool whitelisted); /** * @notice Emitted when the whitelist is disabled. * * @param oldOwner Address of the final owner of the whitelist. */ event WhitelistDisabled(address oldOwner); /** * @notice Blocks functions to anyone except the contract owner. */ modifier onlyOwner() { require( msg.sender == owner, "DeployerWhitelist: function can only be called by the owner of this contract" ); _; } /** * @custom:semver 1.0.0 */ constructor() Semver(1, 0, 0) {} /** * @notice Adds or removes an address from the deployment whitelist. * * @param _deployer Address to update permissions for. * @param _isWhitelisted Whether or not the address is whitelisted. */ function setWhitelistedDeployer(address _deployer, bool _isWhitelisted) external onlyOwner { whitelist[_deployer] = _isWhitelisted; emit WhitelistStatusChanged(_deployer, _isWhitelisted); } /** * @notice Updates the owner of this contract. * * @param _owner Address of the new owner. */ function setOwner(address _owner) external onlyOwner { // Prevent users from setting the whitelist owner to address(0) except via // enableArbitraryContractDeployment. If you want to burn the whitelist owner, send it to // any other address that doesn't have a corresponding knowable private key. require( _owner != address(0), "DeployerWhitelist: can only be disabled via enableArbitraryContractDeployment" ); emit OwnerChanged(owner, _owner); owner = _owner; } /** * @notice Permanently enables arbitrary contract deployment and deletes the owner. */ function enableArbitraryContractDeployment() external onlyOwner { emit WhitelistDisabled(owner); owner = address(0); } /** * @notice Checks whether an address is allowed to deploy contracts. * * @param _deployer Address to check. * * @return Whether or not the address can deploy contracts. */ function isDeployerAllowed(address _deployer) external view returns (bool) { return (owner == address(0) || whitelist[_deployer]); } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; /** * @title IL1ChugSplashDeployer */ interface IL1ChugSplashDeployer { function isUpgrading() external view returns (bool); } /** * @custom:legacy * @title L1ChugSplashProxy * @notice Basic ChugSplash proxy contract for L1. Very close to being a normal proxy but has added * functions `setCode` and `setStorage` for changing the code or storage of the contract. * * Note for future developers: do NOT make anything in this contract 'public' unless you * know what you're doing. Anything public can potentially have a function signature that * conflicts with a signature attached to the implementation contract. Public functions * SHOULD always have the `proxyCallIfNotOwner` modifier unless there's some *really* good * reason not to have that modifier. And there almost certainly is not a good reason to not * have that modifier. Beware! */ contract L1ChugSplashProxy { /** * @notice "Magic" prefix. When prepended to some arbitrary bytecode and used to create a * contract, the appended bytecode will be deployed as given. */ bytes13 internal constant DEPLOY_CODE_PREFIX = 0x600D380380600D6000396000f3; /** * @notice bytes32(uint256(keccak256('eip1967.proxy.implementation')) - 1) */ bytes32 internal constant IMPLEMENTATION_KEY = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc; /** * @notice bytes32(uint256(keccak256('eip1967.proxy.admin')) - 1) */ bytes32 internal constant OWNER_KEY = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103; /** * @notice Blocks a function from being called when the parent signals that the system should * be paused via an isUpgrading function. */ modifier onlyWhenNotPaused() { address owner = _getOwner(); // We do a low-level call because there's no guarantee that the owner actually *is* an // L1ChugSplashDeployer contract and Solidity will throw errors if we do a normal call and // it turns out that it isn't the right type of contract. (bool success, bytes memory returndata) = owner.staticcall( abi.encodeWithSelector(IL1ChugSplashDeployer.isUpgrading.selector) ); // If the call was unsuccessful then we assume that there's no "isUpgrading" method and we // can just continue as normal. We also expect that the return value is exactly 32 bytes // long. If this isn't the case then we can safely ignore the result. if (success && returndata.length == 32) { // Although the expected value is a *boolean*, it's safer to decode as a uint256 in the // case that the isUpgrading function returned something other than 0 or 1. But we only // really care about the case where this value is 0 (= false). uint256 ret = abi.decode(returndata, (uint256)); require(ret == 0, "L1ChugSplashProxy: system is currently being upgraded"); } _; } /** * @notice Makes a proxy call instead of triggering the given function when the caller is * either the owner or the zero address. Caller can only ever be the zero address if * this function is being called off-chain via eth_call, which is totally fine and can * be convenient for client-side tooling. Avoids situations where the proxy and * implementation share a sighash and the proxy function ends up being called instead * of the implementation one. * * Note: msg.sender == address(0) can ONLY be triggered off-chain via eth_call. If * there's a way for someone to send a transaction with msg.sender == address(0) in any * real context then we have much bigger problems. Primary reason to include this * additional allowed sender is because the owner address can be changed dynamically * and we do not want clients to have to keep track of the current owner in order to * make an eth_call that doesn't trigger the proxied contract. */ // slither-disable-next-line incorrect-modifier modifier proxyCallIfNotOwner() { if (msg.sender == _getOwner() || msg.sender == address(0)) { _; } else { // This WILL halt the call frame on completion. _doProxyCall(); } } /** * @param _owner Address of the initial contract owner. */ constructor(address _owner) { _setOwner(_owner); } // slither-disable-next-line locked-ether receive() external payable { // Proxy call by default. _doProxyCall(); } // slither-disable-next-line locked-ether fallback() external payable { // Proxy call by default. _doProxyCall(); } /** * @notice Sets the code that should be running behind this proxy. * * Note: This scheme is a bit different from the standard proxy scheme where one would * typically deploy the code separately and then set the implementation address. We're * doing it this way because it gives us a lot more freedom on the client side. Can * only be triggered by the contract owner. * * @param _code New contract code to run inside this contract. */ function setCode(bytes memory _code) external proxyCallIfNotOwner { // Get the code hash of the current implementation. address implementation = _getImplementation(); // If the code hash matches the new implementation then we return early. if (keccak256(_code) == _getAccountCodeHash(implementation)) { return; } // Create the deploycode by appending the magic prefix. bytes memory deploycode = abi.encodePacked(DEPLOY_CODE_PREFIX, _code); // Deploy the code and set the new implementation address. address newImplementation; assembly { newImplementation := create(0x0, add(deploycode, 0x20), mload(deploycode)) } // Check that the code was actually deployed correctly. I'm not sure if you can ever // actually fail this check. Should only happen if the contract creation from above runs // out of gas but this parent execution thread does NOT run out of gas. Seems like we // should be doing this check anyway though. require( _getAccountCodeHash(newImplementation) == keccak256(_code), "L1ChugSplashProxy: code was not correctly deployed" ); _setImplementation(newImplementation); } /** * @notice Modifies some storage slot within the proxy contract. Gives us a lot of power to * perform upgrades in a more transparent way. Only callable by the owner. * * @param _key Storage key to modify. * @param _value New value for the storage key. */ function setStorage(bytes32 _key, bytes32 _value) external proxyCallIfNotOwner { assembly { sstore(_key, _value) } } /** * @notice Changes the owner of the proxy contract. Only callable by the owner. * * @param _owner New owner of the proxy contract. */ function setOwner(address _owner) external proxyCallIfNotOwner { _setOwner(_owner); } /** * @notice Queries the owner of the proxy contract. Can only be called by the owner OR by * making an eth_call and setting the "from" address to address(0). * * @return Owner address. */ function getOwner() external proxyCallIfNotOwner returns (address) { return _getOwner(); } /** * @notice Queries the implementation address. Can only be called by the owner OR by making an * eth_call and setting the "from" address to address(0). * * @return Implementation address. */ function getImplementation() external proxyCallIfNotOwner returns (address) { return _getImplementation(); } /** * @notice Sets the implementation address. * * @param _implementation New implementation address. */ function _setImplementation(address _implementation) internal { assembly { sstore(IMPLEMENTATION_KEY, _implementation) } } /** * @notice Changes the owner of the proxy contract. * * @param _owner New owner of the proxy contract. */ function _setOwner(address _owner) internal { assembly { sstore(OWNER_KEY, _owner) } } /** * @notice Performs the proxy call via a delegatecall. */ function _doProxyCall() internal onlyWhenNotPaused { address implementation = _getImplementation(); require(implementation != address(0), "L1ChugSplashProxy: implementation is not set yet"); assembly { // Copy calldata into memory at 0x0....calldatasize. calldatacopy(0x0, 0x0, calldatasize()) // Perform the delegatecall, make sure to pass all available gas. let success := delegatecall(gas(), implementation, 0x0, calldatasize(), 0x0, 0x0) // Copy returndata into memory at 0x0....returndatasize. Note that this *will* // overwrite the calldata that we just copied into memory but that doesn't really // matter because we'll be returning in a second anyway. returndatacopy(0x0, 0x0, returndatasize()) // Success == 0 means a revert. We'll revert too and pass the data up. if iszero(success) { revert(0x0, returndatasize()) } // Otherwise we'll just return and pass the data up. return(0x0, returndatasize()) } } /** * @notice Queries the implementation address. * * @return Implementation address. */ function _getImplementation() internal view returns (address) { address implementation; assembly { implementation := sload(IMPLEMENTATION_KEY) } return implementation; } /** * @notice Queries the owner of the proxy contract. * * @return Owner address. */ function _getOwner() internal view returns (address) { address owner; assembly { owner := sload(OWNER_KEY) } return owner; } /** * @notice Gets the code hash for a given account. * * @param _account Address of the account to get a code hash for. * * @return Code hash for the account. */ function _getAccountCodeHash(address _account) internal view returns (bytes32) { bytes32 codeHash; assembly { codeHash := extcodehash(_account) } return codeHash; } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { Predeploys } from "../libraries/Predeploys.sol"; import { OptimismMintableERC20 } from "../universal/OptimismMintableERC20.sol"; /** * @custom:legacy * @custom:proxied * @custom:predeploy 0xDeadDeAddeAddEAddeadDEaDDEAdDeaDDeAD0000 * @title LegacyERC20ETH * @notice LegacyERC20ETH is a legacy contract that held ETH balances before the Bedrock upgrade. * All ETH balances held within this contract were migrated to the state trie as part of * the Bedrock upgrade. Functions within this contract that mutate state were already * disabled as part of the EVM equivalence upgrade. */ contract LegacyERC20ETH is OptimismMintableERC20 { /** * @notice Initializes the contract as an Optimism Mintable ERC20. */ constructor() OptimismMintableERC20(Predeploys.L2_STANDARD_BRIDGE, address(0), "Ether", "ETH") {} /** * @notice Returns the ETH balance of the target account. Overrides the base behavior of the * contract to preserve the invariant that the balance within this contract always * matches the balance in the state trie. * * @param _who Address of the account to query. * * @return The ETH balance of the target account. */ function balanceOf(address _who) public view virtual override returns (uint256) { return address(_who).balance; } /** * @custom:blocked * @notice Mints some amount of ETH. */ function mint(address, uint256) public virtual override { revert("LegacyERC20ETH: mint is disabled"); } /** * @custom:blocked * @notice Burns some amount of ETH. */ function burn(address, uint256) public virtual override { revert("LegacyERC20ETH: burn is disabled"); } /** * @custom:blocked * @notice Transfers some amount of ETH. */ function transfer(address, uint256) public virtual override returns (bool) { revert("LegacyERC20ETH: transfer is disabled"); } /** * @custom:blocked * @notice Approves a spender to spend some amount of ETH. */ function approve(address, uint256) public virtual override returns (bool) { revert("LegacyERC20ETH: approve is disabled"); } /** * @custom:blocked * @notice Transfers funds from some sender account. */ function transferFrom( address, address, uint256 ) public virtual override returns (bool) { revert("LegacyERC20ETH: transferFrom is disabled"); } /** * @custom:blocked * @notice Increases the allowance of a spender. */ function increaseAllowance(address, uint256) public virtual override returns (bool) { revert("LegacyERC20ETH: increaseAllowance is disabled"); } /** * @custom:blocked * @notice Decreases the allowance of a spender. */ function decreaseAllowance(address, uint256) public virtual override returns (bool) { revert("LegacyERC20ETH: decreaseAllowance is disabled"); } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { Semver } from "../universal/Semver.sol"; /** * @custom:legacy * @custom:proxied * @custom:predeploy 0x4200000000000000000000000000000000000000 * @title LegacyMessagePasser * @notice The LegacyMessagePasser was the low-level mechanism used to send messages from L2 to L1 * before the Bedrock upgrade. It is now deprecated in favor of the new MessagePasser. */ contract LegacyMessagePasser is Semver { /** * @notice Mapping of sent message hashes to boolean status. */ mapping(bytes32 => bool) public sentMessages; /** * @custom:semver 1.0.0 */ constructor() Semver(1, 0, 0) {} /** * @notice Passes a message to L1. * * @param _message Message to pass to L1. */ function passMessageToL1(bytes memory _message) external { sentMessages[keccak256(abi.encodePacked(_message, msg.sender))] = true; } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { AddressManager } from "./AddressManager.sol"; /** * @custom:legacy * @title ResolvedDelegateProxy * @notice ResolvedDelegateProxy is a legacy proxy contract that makes use of the AddressManager to * resolve the implementation address. We're maintaining this contract for backwards * compatibility so we can manage all legacy proxies where necessary. */ contract ResolvedDelegateProxy { /** * @notice Mapping used to store the implementation name that corresponds to this contract. A * mapping was originally used as a way to bypass the same issue normally solved by * storing the implementation address in a specific storage slot that does not conflict * with any other storage slot. Generally NOT a safe solution but works as long as the * implementation does not also keep a mapping in the first storage slot. */ mapping(address => string) private implementationName; /** * @notice Mapping used to store the address of the AddressManager contract where the * implementation address will be resolved from. Same concept here as with the above * mapping. Also generally unsafe but fine if the implementation doesn't keep a mapping * in the second storage slot. */ mapping(address => AddressManager) private addressManager; /** * @param _addressManager Address of the AddressManager. * @param _implementationName implementationName of the contract to proxy to. */ constructor(AddressManager _addressManager, string memory _implementationName) { addressManager[address(this)] = _addressManager; implementationName[address(this)] = _implementationName; } /** * @notice Fallback, performs a delegatecall to the resolved implementation address. */ // solhint-disable-next-line no-complex-fallback fallback() external payable { address target = addressManager[address(this)].getAddress( (implementationName[address(this)]) ); require(target != address(0), "ResolvedDelegateProxy: target address must be initialized"); // slither-disable-next-line controlled-delegatecall (bool success, bytes memory returndata) = target.delegatecall(msg.data); if (success == true) { assembly { return(add(returndata, 0x20), mload(returndata)) } } else { assembly { revert(add(returndata, 0x20), mload(returndata)) } } } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { SignedMath } from "@openzeppelin/contracts/utils/math/SignedMath.sol"; import { FixedPointMathLib } from "@rari-capital/solmate/src/utils/FixedPointMathLib.sol"; /** * @title Arithmetic * @notice Even more math than before. */ library Arithmetic { /** * @notice Clamps a value between a minimum and maximum. * * @param _value The value to clamp. * @param _min The minimum value. * @param _max The maximum value. * * @return The clamped value. */ function clamp( int256 _value, int256 _min, int256 _max ) internal pure returns (int256) { return SignedMath.min(SignedMath.max(_value, _min), _max); } /** * @notice (c)oefficient (d)enominator (exp)onentiation function. * Returns the result of: c * (1 - 1/d)^exp. * * @param _coefficient Coefficient of the function. * @param _denominator Fractional denominator. * @param _exponent Power function exponent. * * @return Result of c * (1 - 1/d)^exp. */ function cdexp( int256 _coefficient, int256 _denominator, int256 _exponent ) internal pure returns (int256) { return (_coefficient * (FixedPointMathLib.powWad(1e18 - (1e18 / _denominator), _exponent * 1e18))) / 1e18; } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; /** * @title Burn * @notice Utilities for burning stuff. */ library Burn { /** * Burns a given amount of ETH. * * @param _amount Amount of ETH to burn. */ function eth(uint256 _amount) internal { new Burner{ value: _amount }(); } /** * Burns a given amount of gas. * * @param _amount Amount of gas to burn. */ function gas(uint256 _amount) internal view { uint256 i = 0; uint256 initialGas = gasleft(); while (initialGas - gasleft() < _amount) { ++i; } } } /** * @title Burner * @notice Burner self-destructs on creation and sends all ETH to itself, removing all ETH given to * the contract from the circulating supply. Self-destructing is the only way to remove ETH * from the circulating supply. */ contract Burner { constructor() payable { selfdestruct(payable(address(this))); } }
// SPDX-License-Identifier: MIT pragma solidity ^0.8.0; /** * @title Bytes * @notice Bytes is a library for manipulating byte arrays. */ library Bytes { /** * @custom:attribution https://github.com/GNSPS/solidity-bytes-utils * @notice Slices a byte array with a given starting index and length. Returns a new byte array * as opposed to a pointer to the original array. Will throw if trying to slice more * bytes than exist in the array. * * @param _bytes Byte array to slice. * @param _start Starting index of the slice. * @param _length Length of the slice. * * @return Slice of the input byte array. */ function slice( bytes memory _bytes, uint256 _start, uint256 _length ) internal pure returns (bytes memory) { unchecked { require(_length + 31 >= _length, "slice_overflow"); require(_start + _length >= _start, "slice_overflow"); require(_bytes.length >= _start + _length, "slice_outOfBounds"); } bytes memory tempBytes; assembly { switch iszero(_length) case 0 { // Get a location of some free memory and store it in tempBytes as // Solidity does for memory variables. tempBytes := mload(0x40) // The first word of the slice result is potentially a partial // word read from the original array. To read it, we calculate // the length of that partial word and start copying that many // bytes into the array. The first word we copy will start with // data we don't care about, but the last `lengthmod` bytes will // land at the beginning of the contents of the new array. When // we're done copying, we overwrite the full first word with // the actual length of the slice. let lengthmod := and(_length, 31) // The multiplication in the next line is necessary // because when slicing multiples of 32 bytes (lengthmod == 0) // the following copy loop was copying the origin's length // and then ending prematurely not copying everything it should. let mc := add(add(tempBytes, lengthmod), mul(0x20, iszero(lengthmod))) let end := add(mc, _length) for { // The multiplication in the next line has the same exact purpose // as the one above. let cc := add(add(add(_bytes, lengthmod), mul(0x20, iszero(lengthmod))), _start) } lt(mc, end) { mc := add(mc, 0x20) cc := add(cc, 0x20) } { mstore(mc, mload(cc)) } mstore(tempBytes, _length) //update free-memory pointer //allocating the array padded to 32 bytes like the compiler does now mstore(0x40, and(add(mc, 31), not(31))) } //if we want a zero-length slice let's just return a zero-length array default { tempBytes := mload(0x40) //zero out the 32 bytes slice we are about to return //we need to do it because Solidity does not garbage collect mstore(tempBytes, 0) mstore(0x40, add(tempBytes, 0x20)) } } return tempBytes; } /** * @notice Slices a byte array with a given starting index up to the end of the original byte * array. Returns a new array rathern than a pointer to the original. * * @param _bytes Byte array to slice. * @param _start Starting index of the slice. * * @return Slice of the input byte array. */ function slice(bytes memory _bytes, uint256 _start) internal pure returns (bytes memory) { if (_start >= _bytes.length) { return bytes(""); } return slice(_bytes, _start, _bytes.length - _start); } /** * @notice Converts a byte array into a nibble array by splitting each byte into two nibbles. * Resulting nibble array will be exactly twice as long as the input byte array. * * @param _bytes Input byte array to convert. * * @return Resulting nibble array. */ function toNibbles(bytes memory _bytes) internal pure returns (bytes memory) { uint256 bytesLength = _bytes.length; bytes memory nibbles = new bytes(bytesLength * 2); bytes1 b; for (uint256 i = 0; i < bytesLength; ) { b = _bytes[i]; nibbles[i * 2] = b >> 4; nibbles[i * 2 + 1] = b & 0x0f; unchecked { ++i; } } return nibbles; } /** * @notice Compares two byte arrays by comparing their keccak256 hashes. * * @param _bytes First byte array to compare. * @param _other Second byte array to compare. * * @return True if the two byte arrays are equal, false otherwise. */ function equal(bytes memory _bytes, bytes memory _other) internal pure returns (bool) { return keccak256(_bytes) == keccak256(_other); } }
// SPDX-License-Identifier: MIT pragma solidity ^0.8.0; /** * @title Constants * @notice Constants is a library for storing constants. Simple! Don't put everything in here, just * the stuff used in multiple contracts. Constants that only apply to a single contract * should be defined in that contract instead. */ library Constants { /** * @notice Special address to be used as the tx origin for gas estimation calls in the * OptimismPortal and CrossDomainMessenger calls. You only need to use this address if * the minimum gas limit specified by the user is not actually enough to execute the * given message and you're attempting to estimate the actual necessary gas limit. We * use address(1) because it's the ecrecover precompile and therefore guaranteed to * never have any code on any EVM chain. */ address internal constant ESTIMATION_ADDRESS = address(1); /** * @notice Value used for the L2 sender storage slot in both the OptimismPortal and the * CrossDomainMessenger contracts before an actual sender is set. This value is * non-zero to reduce the gas cost of message passing transactions. */ address internal constant DEFAULT_L2_SENDER = 0x000000000000000000000000000000000000dEaD; }
// SPDX-License-Identifier: MIT pragma solidity ^0.8.0; import { Types } from "./Types.sol"; import { Hashing } from "./Hashing.sol"; import { RLPWriter } from "./rlp/RLPWriter.sol"; /** * @title Encoding * @notice Encoding handles Optimism's various different encoding schemes. */ library Encoding { /** * @notice RLP encodes the L2 transaction that would be generated when a given deposit is sent * to the L2 system. Useful for searching for a deposit in the L2 system. The * transaction is prefixed with 0x7e to identify its EIP-2718 type. * * @param _tx User deposit transaction to encode. * * @return RLP encoded L2 deposit transaction. */ function encodeDepositTransaction(Types.UserDepositTransaction memory _tx) internal pure returns (bytes memory) { bytes32 source = Hashing.hashDepositSource(_tx.l1BlockHash, _tx.logIndex); bytes[] memory raw = new bytes[](8); raw[0] = RLPWriter.writeBytes(abi.encodePacked(source)); raw[1] = RLPWriter.writeAddress(_tx.from); raw[2] = _tx.isCreation ? RLPWriter.writeBytes("") : RLPWriter.writeAddress(_tx.to); raw[3] = RLPWriter.writeUint(_tx.mint); raw[4] = RLPWriter.writeUint(_tx.value); raw[5] = RLPWriter.writeUint(uint256(_tx.gasLimit)); raw[6] = RLPWriter.writeBool(false); raw[7] = RLPWriter.writeBytes(_tx.data); return abi.encodePacked(uint8(0x7e), RLPWriter.writeList(raw)); } /** * @notice Encodes the cross domain message based on the version that is encoded into the * message nonce. * * @param _nonce Message nonce with version encoded into the first two bytes. * @param _sender Address of the sender of the message. * @param _target Address of the target of the message. * @param _value ETH value to send to the target. * @param _gasLimit Gas limit to use for the message. * @param _data Data to send with the message. * * @return Encoded cross domain message. */ function encodeCrossDomainMessage( uint256 _nonce, address _sender, address _target, uint256 _value, uint256 _gasLimit, bytes memory _data ) internal pure returns (bytes memory) { (, uint16 version) = decodeVersionedNonce(_nonce); if (version == 0) { return encodeCrossDomainMessageV0(_target, _sender, _data, _nonce); } else if (version == 1) { return encodeCrossDomainMessageV1(_nonce, _sender, _target, _value, _gasLimit, _data); } else { revert("Encoding: unknown cross domain message version"); } } /** * @notice Encodes a cross domain message based on the V0 (legacy) encoding. * * @param _target Address of the target of the message. * @param _sender Address of the sender of the message. * @param _data Data to send with the message. * @param _nonce Message nonce. * * @return Encoded cross domain message. */ function encodeCrossDomainMessageV0( address _target, address _sender, bytes memory _data, uint256 _nonce ) internal pure returns (bytes memory) { return abi.encodeWithSignature( "relayMessage(address,address,bytes,uint256)", _target, _sender, _data, _nonce ); } /** * @notice Encodes a cross domain message based on the V1 (current) encoding. * * @param _nonce Message nonce. * @param _sender Address of the sender of the message. * @param _target Address of the target of the message. * @param _value ETH value to send to the target. * @param _gasLimit Gas limit to use for the message. * @param _data Data to send with the message. * * @return Encoded cross domain message. */ function encodeCrossDomainMessageV1( uint256 _nonce, address _sender, address _target, uint256 _value, uint256 _gasLimit, bytes memory _data ) internal pure returns (bytes memory) { return abi.encodeWithSignature( "relayMessage(uint256,address,address,uint256,uint256,bytes)", _nonce, _sender, _target, _value, _gasLimit, _data ); } /** * @notice Adds a version number into the first two bytes of a message nonce. * * @param _nonce Message nonce to encode into. * @param _version Version number to encode into the message nonce. * * @return Message nonce with version encoded into the first two bytes. */ function encodeVersionedNonce(uint240 _nonce, uint16 _version) internal pure returns (uint256) { uint256 nonce; assembly { nonce := or(shl(240, _version), _nonce) } return nonce; } /** * @notice Pulls the version out of a version-encoded nonce. * * @param _nonce Message nonce with version encoded into the first two bytes. * * @return Nonce without encoded version. * @return Version of the message. */ function decodeVersionedNonce(uint256 _nonce) internal pure returns (uint240, uint16) { uint240 nonce; uint16 version; assembly { nonce := and(_nonce, 0x0000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff) version := shr(240, _nonce) } return (nonce, version); } }
// SPDX-License-Identifier: MIT pragma solidity ^0.8.0; import { Types } from "./Types.sol"; import { Encoding } from "./Encoding.sol"; /** * @title Hashing * @notice Hashing handles Optimism's various different hashing schemes. */ library Hashing { /** * @notice Computes the hash of the RLP encoded L2 transaction that would be generated when a * given deposit is sent to the L2 system. Useful for searching for a deposit in the L2 * system. * * @param _tx User deposit transaction to hash. * * @return Hash of the RLP encoded L2 deposit transaction. */ function hashDepositTransaction(Types.UserDepositTransaction memory _tx) internal pure returns (bytes32) { return keccak256(Encoding.encodeDepositTransaction(_tx)); } /** * @notice Computes the deposit transaction's "source hash", a value that guarantees the hash * of the L2 transaction that corresponds to a deposit is unique and is * deterministically generated from L1 transaction data. * * @param _l1BlockHash Hash of the L1 block where the deposit was included. * @param _logIndex The index of the log that created the deposit transaction. * * @return Hash of the deposit transaction's "source hash". */ function hashDepositSource(bytes32 _l1BlockHash, uint256 _logIndex) internal pure returns (bytes32) { bytes32 depositId = keccak256(abi.encode(_l1BlockHash, _logIndex)); return keccak256(abi.encode(bytes32(0), depositId)); } /** * @notice Hashes the cross domain message based on the version that is encoded into the * message nonce. * * @param _nonce Message nonce with version encoded into the first two bytes. * @param _sender Address of the sender of the message. * @param _target Address of the target of the message. * @param _value ETH value to send to the target. * @param _gasLimit Gas limit to use for the message. * @param _data Data to send with the message. * * @return Hashed cross domain message. */ function hashCrossDomainMessage( uint256 _nonce, address _sender, address _target, uint256 _value, uint256 _gasLimit, bytes memory _data ) internal pure returns (bytes32) { (, uint16 version) = Encoding.decodeVersionedNonce(_nonce); if (version == 0) { return hashCrossDomainMessageV0(_target, _sender, _data, _nonce); } else if (version == 1) { return hashCrossDomainMessageV1(_nonce, _sender, _target, _value, _gasLimit, _data); } else { revert("Hashing: unknown cross domain message version"); } } /** * @notice Hashes a cross domain message based on the V0 (legacy) encoding. * * @param _target Address of the target of the message. * @param _sender Address of the sender of the message. * @param _data Data to send with the message. * @param _nonce Message nonce. * * @return Hashed cross domain message. */ function hashCrossDomainMessageV0( address _target, address _sender, bytes memory _data, uint256 _nonce ) internal pure returns (bytes32) { return keccak256(Encoding.encodeCrossDomainMessageV0(_target, _sender, _data, _nonce)); } /** * @notice Hashes a cross domain message based on the V1 (current) encoding. * * @param _nonce Message nonce. * @param _sender Address of the sender of the message. * @param _target Address of the target of the message. * @param _value ETH value to send to the target. * @param _gasLimit Gas limit to use for the message. * @param _data Data to send with the message. * * @return Hashed cross domain message. */ function hashCrossDomainMessageV1( uint256 _nonce, address _sender, address _target, uint256 _value, uint256 _gasLimit, bytes memory _data ) internal pure returns (bytes32) { return keccak256( Encoding.encodeCrossDomainMessageV1( _nonce, _sender, _target, _value, _gasLimit, _data ) ); } /** * @notice Derives the withdrawal hash according to the encoding in the L2 Withdrawer contract * * @param _tx Withdrawal transaction to hash. * * @return Hashed withdrawal transaction. */ function hashWithdrawal(Types.WithdrawalTransaction memory _tx) internal pure returns (bytes32) { return keccak256( abi.encode(_tx.nonce, _tx.sender, _tx.target, _tx.value, _tx.gasLimit, _tx.data) ); } /** * @notice Hashes the various elements of an output root proof into an output root hash which * can be used to check if the proof is valid. * * @param _outputRootProof Output root proof which should hash to an output root. * * @return Hashed output root proof. */ function hashOutputRootProof(Types.OutputRootProof memory _outputRootProof) internal pure returns (bytes32) { return keccak256( abi.encode( _outputRootProof.version, _outputRootProof.stateRoot, _outputRootProof.messagePasserStorageRoot, _outputRootProof.latestBlockhash ) ); } }
// SPDX-License-Identifier: MIT pragma solidity ^0.8.0; /** * @title Predeploys * @notice Contains constant addresses for contracts that are pre-deployed to the L2 system. */ library Predeploys { /** * @notice Address of the L2ToL1MessagePasser predeploy. */ address internal constant L2_TO_L1_MESSAGE_PASSER = 0x4200000000000000000000000000000000000016; /** * @notice Address of the L2CrossDomainMessenger predeploy. */ address internal constant L2_CROSS_DOMAIN_MESSENGER = 0x4200000000000000000000000000000000000007; /** * @notice Address of the L2StandardBridge predeploy. */ address internal constant L2_STANDARD_BRIDGE = 0x4200000000000000000000000000000000000010; /** * @notice Address of the L2ERC721Bridge predeploy. */ address internal constant L2_ERC721_BRIDGE = 0x4200000000000000000000000000000000000014; /** * @notice Address of the SequencerFeeWallet predeploy. */ address internal constant SEQUENCER_FEE_WALLET = 0x4200000000000000000000000000000000000011; /** * @notice Address of the OptimismMintableERC20Factory predeploy. */ address internal constant OPTIMISM_MINTABLE_ERC20_FACTORY = 0x4200000000000000000000000000000000000012; /** * @notice Address of the OptimismMintableERC721Factory predeploy. */ address internal constant OPTIMISM_MINTABLE_ERC721_FACTORY = 0x4200000000000000000000000000000000000017; /** * @notice Address of the L1Block predeploy. */ address internal constant L1_BLOCK_ATTRIBUTES = 0x4200000000000000000000000000000000000015; /** * @notice Address of the GasPriceOracle predeploy. Includes fee information * and helpers for computing the L1 portion of the transaction fee. */ address internal constant GAS_PRICE_ORACLE = 0x420000000000000000000000000000000000000F; /** * @custom:legacy * @notice Address of the L1MessageSender predeploy. Deprecated. Use L2CrossDomainMessenger * or access tx.origin (or msg.sender) in a L1 to L2 transaction instead. */ address internal constant L1_MESSAGE_SENDER = 0x4200000000000000000000000000000000000001; /** * @custom:legacy * @notice Address of the DeployerWhitelist predeploy. No longer active. */ address internal constant DEPLOYER_WHITELIST = 0x4200000000000000000000000000000000000002; /** * @custom:legacy * @notice Address of the LegacyERC20ETH predeploy. Deprecated. Balances are migrated to the * state trie as of the Bedrock upgrade. Contract has been locked and write functions * can no longer be accessed. */ address internal constant LEGACY_ERC20_ETH = 0xDeadDeAddeAddEAddeadDEaDDEAdDeaDDeAD0000; /** * @custom:legacy * @notice Address of the L1BlockNumber predeploy. Deprecated. Use the L1Block predeploy * instead, which exposes more information about the L1 state. */ address internal constant L1_BLOCK_NUMBER = 0x4200000000000000000000000000000000000013; /** * @custom:legacy * @notice Address of the LegacyMessagePasser predeploy. Deprecate. Use the updated * L2ToL1MessagePasser contract instead. */ address internal constant LEGACY_MESSAGE_PASSER = 0x4200000000000000000000000000000000000000; /** * @notice Address of the ProxyAdmin predeploy. */ address internal constant PROXY_ADMIN = 0x4200000000000000000000000000000000000018; /** * @notice Address of the BaseFeeVault predeploy. */ address internal constant BASE_FEE_VAULT = 0x4200000000000000000000000000000000000019; /** * @notice Address of the L1FeeVault predeploy. */ address internal constant L1_FEE_VAULT = 0x420000000000000000000000000000000000001A; }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; /** * @title SafeCall * @notice Perform low level safe calls */ library SafeCall { /** * @notice Perform a low level call without copying any returndata * * @param _target Address to call * @param _gas Amount of gas to pass to the call * @param _value Amount of value to pass to the call * @param _calldata Calldata to pass to the call */ function call( address _target, uint256 _gas, uint256 _value, bytes memory _calldata ) internal returns (bool) { bool _success; assembly { _success := call( _gas, // gas _target, // recipient _value, // ether value add(_calldata, 0x20), // inloc mload(_calldata), // inlen 0, // outloc 0 // outlen ) } return _success; } }
// SPDX-License-Identifier: MIT pragma solidity ^0.8.9; /** * @title Types * @notice Contains various types used throughout the Optimism contract system. */ library Types { /** * @notice OutputProposal represents a commitment to the L2 state. The timestamp is the L1 * timestamp that the output root is posted. This timestamp is used to verify that the * finalization period has passed since the output root was submitted. * * @custom:field outputRoot Hash of the L2 output. * @custom:field timestamp Timestamp of the L1 block that the output root was submitted in. * @custom:field l2BlockNumber L2 block number that the output corresponds to. */ struct OutputProposal { bytes32 outputRoot; uint128 timestamp; uint128 l2BlockNumber; } /** * @notice Struct representing the elements that are hashed together to generate an output root * which itself represents a snapshot of the L2 state. * * @custom:field version Version of the output root. * @custom:field stateRoot Root of the state trie at the block of this output. * @custom:field messagePasserStorageRoot Root of the message passer storage trie. * @custom:field latestBlockhash Hash of the block this output was generated from. */ struct OutputRootProof { bytes32 version; bytes32 stateRoot; bytes32 messagePasserStorageRoot; bytes32 latestBlockhash; } /** * @notice Struct representing a deposit transaction (L1 => L2 transaction) created by an end * user (as opposed to a system deposit transaction generated by the system). * * @custom:field from Address of the sender of the transaction. * @custom:field to Address of the recipient of the transaction. * @custom:field isCreation True if the transaction is a contract creation. * @custom:field value Value to send to the recipient. * @custom:field mint Amount of ETH to mint. * @custom:field gasLimit Gas limit of the transaction. * @custom:field data Data of the transaction. * @custom:field l1BlockHash Hash of the block the transaction was submitted in. * @custom:field logIndex Index of the log in the block the transaction was submitted in. */ struct UserDepositTransaction { address from; address to; bool isCreation; uint256 value; uint256 mint; uint64 gasLimit; bytes data; bytes32 l1BlockHash; uint256 logIndex; } /** * @notice Struct representing a withdrawal transaction. * * @custom:field nonce Nonce of the withdrawal transaction * @custom:field sender Address of the sender of the transaction. * @custom:field target Address of the recipient of the transaction. * @custom:field value Value to send to the recipient. * @custom:field gasLimit Gas limit of the transaction. * @custom:field data Data of the transaction. */ struct WithdrawalTransaction { uint256 nonce; address sender; address target; uint256 value; uint256 gasLimit; bytes data; } }
// SPDX-License-Identifier: MIT pragma solidity ^0.8.8; /** * @custom:attribution https://github.com/hamdiallam/Solidity-RLP * @title RLPReader * @notice RLPReader is a library for parsing RLP-encoded byte arrays into Solidity types. Adapted * from Solidity-RLP (https://github.com/hamdiallam/Solidity-RLP) by Hamdi Allam with * various tweaks to improve readability. */ library RLPReader { /** * Custom pointer type to avoid confusion between pointers and uint256s. */ type MemoryPointer is uint256; /** * @notice RLP item types. * * @custom:value DATA_ITEM Represents an RLP data item (NOT a list). * @custom:value LIST_ITEM Represents an RLP list item. */ enum RLPItemType { DATA_ITEM, LIST_ITEM } /** * @notice Struct representing an RLP item. * * @custom:field length Length of the RLP item. * @custom:field ptr Pointer to the RLP item in memory. */ struct RLPItem { uint256 length; MemoryPointer ptr; } /** * @notice Max list length that this library will accept. */ uint256 internal constant MAX_LIST_LENGTH = 32; /** * @notice Converts bytes to a reference to memory position and length. * * @param _in Input bytes to convert. * * @return Output memory reference. */ function toRLPItem(bytes memory _in) internal pure returns (RLPItem memory) { // Empty arrays are not RLP items. require( _in.length > 0, "RLPReader: length of an RLP item must be greater than zero to be decodable" ); MemoryPointer ptr; assembly { ptr := add(_in, 32) } return RLPItem({ length: _in.length, ptr: ptr }); } /** * @notice Reads an RLP list value into a list of RLP items. * * @param _in RLP list value. * * @return Decoded RLP list items. */ function readList(RLPItem memory _in) internal pure returns (RLPItem[] memory) { (uint256 listOffset, uint256 listLength, RLPItemType itemType) = _decodeLength(_in); require( itemType == RLPItemType.LIST_ITEM, "RLPReader: decoded item type for list is not a list item" ); require( listOffset + listLength == _in.length, "RLPReader: list item has an invalid data remainder" ); // Solidity in-memory arrays can't be increased in size, but *can* be decreased in size by // writing to the length. Since we can't know the number of RLP items without looping over // the entire input, we'd have to loop twice to accurately size this array. It's easier to // simply set a reasonable maximum list length and decrease the size before we finish. RLPItem[] memory out = new RLPItem[](MAX_LIST_LENGTH); uint256 itemCount = 0; uint256 offset = listOffset; while (offset < _in.length) { (uint256 itemOffset, uint256 itemLength, ) = _decodeLength( RLPItem({ length: _in.length - offset, ptr: MemoryPointer.wrap(MemoryPointer.unwrap(_in.ptr) + offset) }) ); // We don't need to check itemCount < out.length explicitly because Solidity already // handles this check on our behalf, we'd just be wasting gas. out[itemCount] = RLPItem({ length: itemLength + itemOffset, ptr: MemoryPointer.wrap(MemoryPointer.unwrap(_in.ptr) + offset) }); itemCount += 1; offset += itemOffset + itemLength; } // Decrease the array size to match the actual item count. assembly { mstore(out, itemCount) } return out; } /** * @notice Reads an RLP list value into a list of RLP items. * * @param _in RLP list value. * * @return Decoded RLP list items. */ function readList(bytes memory _in) internal pure returns (RLPItem[] memory) { return readList(toRLPItem(_in)); } /** * @notice Reads an RLP bytes value into bytes. * * @param _in RLP bytes value. * * @return Decoded bytes. */ function readBytes(RLPItem memory _in) internal pure returns (bytes memory) { (uint256 itemOffset, uint256 itemLength, RLPItemType itemType) = _decodeLength(_in); require( itemType == RLPItemType.DATA_ITEM, "RLPReader: decoded item type for bytes is not a data item" ); require( _in.length == itemOffset + itemLength, "RLPReader: bytes value contains an invalid remainder" ); return _copy(_in.ptr, itemOffset, itemLength); } /** * @notice Reads an RLP bytes value into bytes. * * @param _in RLP bytes value. * * @return Decoded bytes. */ function readBytes(bytes memory _in) internal pure returns (bytes memory) { return readBytes(toRLPItem(_in)); } /** * @notice Reads the raw bytes of an RLP item. * * @param _in RLP item to read. * * @return Raw RLP bytes. */ function readRawBytes(RLPItem memory _in) internal pure returns (bytes memory) { return _copy(_in.ptr, 0, _in.length); } /** * @notice Decodes the length of an RLP item. * * @param _in RLP item to decode. * * @return Offset of the encoded data. * @return Length of the encoded data. * @return RLP item type (LIST_ITEM or DATA_ITEM). */ function _decodeLength(RLPItem memory _in) private pure returns ( uint256, uint256, RLPItemType ) { // Short-circuit if there's nothing to decode, note that we perform this check when // the user creates an RLP item via toRLPItem, but it's always possible for them to bypass // that function and create an RLP item directly. So we need to check this anyway. require( _in.length > 0, "RLPReader: length of an RLP item must be greater than zero to be decodable" ); MemoryPointer ptr = _in.ptr; uint256 prefix; assembly { prefix := byte(0, mload(ptr)) } if (prefix <= 0x7f) { // Single byte. return (0, 1, RLPItemType.DATA_ITEM); } else if (prefix <= 0xb7) { // Short string. // slither-disable-next-line variable-scope uint256 strLen = prefix - 0x80; require( _in.length > strLen, "RLPReader: length of content must be greater than string length (short string)" ); bytes1 firstByteOfContent; assembly { firstByteOfContent := and(mload(add(ptr, 1)), shl(248, 0xff)) } require( strLen != 1 || firstByteOfContent >= 0x80, "RLPReader: invalid prefix, single byte < 0x80 are not prefixed (short string)" ); return (1, strLen, RLPItemType.DATA_ITEM); } else if (prefix <= 0xbf) { // Long string. uint256 lenOfStrLen = prefix - 0xb7; require( _in.length > lenOfStrLen, "RLPReader: length of content must be > than length of string length (long string)" ); bytes1 firstByteOfContent; assembly { firstByteOfContent := and(mload(add(ptr, 1)), shl(248, 0xff)) } require( firstByteOfContent != 0x00, "RLPReader: length of content must not have any leading zeros (long string)" ); uint256 strLen; assembly { strLen := shr(sub(256, mul(8, lenOfStrLen)), mload(add(ptr, 1))) } require( strLen > 55, "RLPReader: length of content must be greater than 55 bytes (long string)" ); require( _in.length > lenOfStrLen + strLen, "RLPReader: length of content must be greater than total length (long string)" ); return (1 + lenOfStrLen, strLen, RLPItemType.DATA_ITEM); } else if (prefix <= 0xf7) { // Short list. // slither-disable-next-line variable-scope uint256 listLen = prefix - 0xc0; require( _in.length > listLen, "RLPReader: length of content must be greater than list length (short list)" ); return (1, listLen, RLPItemType.LIST_ITEM); } else { // Long list. uint256 lenOfListLen = prefix - 0xf7; require( _in.length > lenOfListLen, "RLPReader: length of content must be > than length of list length (long list)" ); bytes1 firstByteOfContent; assembly { firstByteOfContent := and(mload(add(ptr, 1)), shl(248, 0xff)) } require( firstByteOfContent != 0x00, "RLPReader: length of content must not have any leading zeros (long list)" ); uint256 listLen; assembly { listLen := shr(sub(256, mul(8, lenOfListLen)), mload(add(ptr, 1))) } require( listLen > 55, "RLPReader: length of content must be greater than 55 bytes (long list)" ); require( _in.length > lenOfListLen + listLen, "RLPReader: length of content must be greater than total length (long list)" ); return (1 + lenOfListLen, listLen, RLPItemType.LIST_ITEM); } } /** * @notice Copies the bytes from a memory location. * * @param _src Pointer to the location to read from. * @param _offset Offset to start reading from. * @param _length Number of bytes to read. * * @return Copied bytes. */ function _copy( MemoryPointer _src, uint256 _offset, uint256 _length ) private pure returns (bytes memory) { bytes memory out = new bytes(_length); if (_length == 0) { return out; } // Mostly based on Solidity's copy_memory_to_memory: // solhint-disable max-line-length // https://github.com/ethereum/solidity/blob/34dd30d71b4da730488be72ff6af7083cf2a91f6/libsolidity/codegen/YulUtilFunctions.cpp#L102-L114 uint256 src = MemoryPointer.unwrap(_src) + _offset; assembly { let dest := add(out, 32) let i := 0 for { } lt(i, _length) { i := add(i, 32) } { mstore(add(dest, i), mload(add(src, i))) } if gt(i, _length) { mstore(add(dest, _length), 0) } } return out; } }
// SPDX-License-Identifier: MIT pragma solidity ^0.8.0; /** * @custom:attribution https://github.com/bakaoh/solidity-rlp-encode * @title RLPWriter * @author RLPWriter is a library for encoding Solidity types to RLP bytes. Adapted from Bakaoh's * RLPEncode library (https://github.com/bakaoh/solidity-rlp-encode) with minor * modifications to improve legibility. */ library RLPWriter { /** * @notice RLP encodes a byte string. * * @param _in The byte string to encode. * * @return The RLP encoded string in bytes. */ function writeBytes(bytes memory _in) internal pure returns (bytes memory) { bytes memory encoded; if (_in.length == 1 && uint8(_in[0]) < 128) { encoded = _in; } else { encoded = abi.encodePacked(_writeLength(_in.length, 128), _in); } return encoded; } /** * @notice RLP encodes a list of RLP encoded byte byte strings. * * @param _in The list of RLP encoded byte strings. * * @return The RLP encoded list of items in bytes. */ function writeList(bytes[] memory _in) internal pure returns (bytes memory) { bytes memory list = _flatten(_in); return abi.encodePacked(_writeLength(list.length, 192), list); } /** * @notice RLP encodes a string. * * @param _in The string to encode. * * @return The RLP encoded string in bytes. */ function writeString(string memory _in) internal pure returns (bytes memory) { return writeBytes(bytes(_in)); } /** * @notice RLP encodes an address. * * @param _in The address to encode. * * @return The RLP encoded address in bytes. */ function writeAddress(address _in) internal pure returns (bytes memory) { return writeBytes(abi.encodePacked(_in)); } /** * @notice RLP encodes a uint. * * @param _in The uint256 to encode. * * @return The RLP encoded uint256 in bytes. */ function writeUint(uint256 _in) internal pure returns (bytes memory) { return writeBytes(_toBinary(_in)); } /** * @notice RLP encodes a bool. * * @param _in The bool to encode. * * @return The RLP encoded bool in bytes. */ function writeBool(bool _in) internal pure returns (bytes memory) { bytes memory encoded = new bytes(1); encoded[0] = (_in ? bytes1(0x01) : bytes1(0x80)); return encoded; } /** * @notice Encode the first byte and then the `len` in binary form if `length` is more than 55. * * @param _len The length of the string or the payload. * @param _offset 128 if item is string, 192 if item is list. * * @return RLP encoded bytes. */ function _writeLength(uint256 _len, uint256 _offset) private pure returns (bytes memory) { bytes memory encoded; if (_len < 56) { encoded = new bytes(1); encoded[0] = bytes1(uint8(_len) + uint8(_offset)); } else { uint256 lenLen; uint256 i = 1; while (_len / i != 0) { lenLen++; i *= 256; } encoded = new bytes(lenLen + 1); encoded[0] = bytes1(uint8(lenLen) + uint8(_offset) + 55); for (i = 1; i <= lenLen; i++) { encoded[i] = bytes1(uint8((_len / (256**(lenLen - i))) % 256)); } } return encoded; } /** * @notice Encode integer in big endian binary form with no leading zeroes. * * @param _x The integer to encode. * * @return RLP encoded bytes. */ function _toBinary(uint256 _x) private pure returns (bytes memory) { bytes memory b = abi.encodePacked(_x); uint256 i = 0; for (; i < 32; i++) { if (b[i] != 0) { break; } } bytes memory res = new bytes(32 - i); for (uint256 j = 0; j < res.length; j++) { res[j] = b[i++]; } return res; } /** * @custom:attribution https://github.com/Arachnid/solidity-stringutils * @notice Copies a piece of memory to another location. * * @param _dest Destination location. * @param _src Source location. * @param _len Length of memory to copy. */ function _memcpy( uint256 _dest, uint256 _src, uint256 _len ) private pure { uint256 dest = _dest; uint256 src = _src; uint256 len = _len; for (; len >= 32; len -= 32) { assembly { mstore(dest, mload(src)) } dest += 32; src += 32; } uint256 mask; unchecked { mask = 256**(32 - len) - 1; } assembly { let srcpart := and(mload(src), not(mask)) let destpart := and(mload(dest), mask) mstore(dest, or(destpart, srcpart)) } } /** * @custom:attribution https://github.com/sammayo/solidity-rlp-encoder * @notice Flattens a list of byte strings into one byte string. * * @param _list List of byte strings to flatten. * * @return The flattened byte string. */ function _flatten(bytes[] memory _list) private pure returns (bytes memory) { if (_list.length == 0) { return new bytes(0); } uint256 len; uint256 i = 0; for (; i < _list.length; i++) { len += _list[i].length; } bytes memory flattened = new bytes(len); uint256 flattenedPtr; assembly { flattenedPtr := add(flattened, 0x20) } for (i = 0; i < _list.length; i++) { bytes memory item = _list[i]; uint256 listPtr; assembly { listPtr := add(item, 0x20) } _memcpy(flattenedPtr, listPtr, item.length); flattenedPtr += _list[i].length; } return flattened; } }
// SPDX-License-Identifier: MIT pragma solidity ^0.8.0; import { Bytes } from "../Bytes.sol"; import { RLPReader } from "../rlp/RLPReader.sol"; /** * @title MerkleTrie * @notice MerkleTrie is a small library for verifying standard Ethereum Merkle-Patricia trie * inclusion proofs. By default, this library assumes a hexary trie. One can change the * trie radix constant to support other trie radixes. */ library MerkleTrie { /** * @notice Struct representing a node in the trie. * * @custom:field encoded The RLP-encoded node. * @custom:field decoded The RLP-decoded node. */ struct TrieNode { bytes encoded; RLPReader.RLPItem[] decoded; } /** * @notice Determines the number of elements per branch node. */ uint256 internal constant TREE_RADIX = 16; /** * @notice Branch nodes have TREE_RADIX elements and one value element. */ uint256 internal constant BRANCH_NODE_LENGTH = TREE_RADIX + 1; /** * @notice Leaf nodes and extension nodes have two elements, a `path` and a `value`. */ uint256 internal constant LEAF_OR_EXTENSION_NODE_LENGTH = 2; /** * @notice Prefix for even-nibbled extension node paths. */ uint8 internal constant PREFIX_EXTENSION_EVEN = 0; /** * @notice Prefix for odd-nibbled extension node paths. */ uint8 internal constant PREFIX_EXTENSION_ODD = 1; /** * @notice Prefix for even-nibbled leaf node paths. */ uint8 internal constant PREFIX_LEAF_EVEN = 2; /** * @notice Prefix for odd-nibbled leaf node paths. */ uint8 internal constant PREFIX_LEAF_ODD = 3; /** * @notice Verifies a proof that a given key/value pair is present in the trie. * * @param _key Key of the node to search for, as a hex string. * @param _value Value of the node to search for, as a hex string. * @param _proof Merkle trie inclusion proof for the desired node. Unlike traditional Merkle * trees, this proof is executed top-down and consists of a list of RLP-encoded * nodes that make a path down to the target node. * @param _root Known root of the Merkle trie. Used to verify that the included proof is * correctly constructed. * * @return Whether or not the proof is valid. */ function verifyInclusionProof( bytes memory _key, bytes memory _value, bytes[] memory _proof, bytes32 _root ) internal pure returns (bool) { return Bytes.equal(_value, get(_key, _proof, _root)); } /** * @notice Retrieves the value associated with a given key. * * @param _key Key to search for, as hex bytes. * @param _proof Merkle trie inclusion proof for the key. * @param _root Known root of the Merkle trie. * * @return Value of the key if it exists. */ function get( bytes memory _key, bytes[] memory _proof, bytes32 _root ) internal pure returns (bytes memory) { require(_key.length > 0, "MerkleTrie: empty key"); TrieNode[] memory proof = _parseProof(_proof); bytes memory key = Bytes.toNibbles(_key); bytes memory currentNodeID = abi.encodePacked(_root); uint256 currentKeyIndex = 0; // Proof is top-down, so we start at the first element (root). for (uint256 i = 0; i < proof.length; i++) { TrieNode memory currentNode = proof[i]; // Key index should never exceed total key length or we'll be out of bounds. require( currentKeyIndex <= key.length, "MerkleTrie: key index exceeds total key length" ); if (currentKeyIndex == 0) { // First proof element is always the root node. require( Bytes.equal(abi.encodePacked(keccak256(currentNode.encoded)), currentNodeID), "MerkleTrie: invalid root hash" ); } else if (currentNode.encoded.length >= 32) { // Nodes 32 bytes or larger are hashed inside branch nodes. require( Bytes.equal(abi.encodePacked(keccak256(currentNode.encoded)), currentNodeID), "MerkleTrie: invalid large internal hash" ); } else { // Nodes smaller than 32 bytes aren't hashed. require( Bytes.equal(currentNode.encoded, currentNodeID), "MerkleTrie: invalid internal node hash" ); } if (currentNode.decoded.length == BRANCH_NODE_LENGTH) { if (currentKeyIndex == key.length) { // Value is the last element of the decoded list (for branch nodes). There's // some ambiguity in the Merkle trie specification because bytes(0) is a // valid value to place into the trie, but for branch nodes bytes(0) can exist // even when the value wasn't explicitly placed there. Geth treats a value of // bytes(0) as "key does not exist" and so we do the same. bytes memory value = RLPReader.readBytes(currentNode.decoded[TREE_RADIX]); require( value.length > 0, "MerkleTrie: value length must be greater than zero (branch)" ); // Extra proof elements are not allowed. require( i == proof.length - 1, "MerkleTrie: value node must be last node in proof (branch)" ); return value; } else { // We're not at the end of the key yet. // Figure out what the next node ID should be and continue. uint8 branchKey = uint8(key[currentKeyIndex]); RLPReader.RLPItem memory nextNode = currentNode.decoded[branchKey]; currentNodeID = _getNodeID(nextNode); currentKeyIndex += 1; } } else if (currentNode.decoded.length == LEAF_OR_EXTENSION_NODE_LENGTH) { bytes memory path = _getNodePath(currentNode); uint8 prefix = uint8(path[0]); uint8 offset = 2 - (prefix % 2); bytes memory pathRemainder = Bytes.slice(path, offset); bytes memory keyRemainder = Bytes.slice(key, currentKeyIndex); uint256 sharedNibbleLength = _getSharedNibbleLength(pathRemainder, keyRemainder); // Whether this is a leaf node or an extension node, the path remainder MUST be a // prefix of the key remainder (or be equal to the key remainder) or the proof is // considered invalid. require( pathRemainder.length == sharedNibbleLength, "MerkleTrie: path remainder must share all nibbles with key" ); if (prefix == PREFIX_LEAF_EVEN || prefix == PREFIX_LEAF_ODD) { // Prefix of 2 or 3 means this is a leaf node. For the leaf node to be valid, // the key remainder must be exactly equal to the path remainder. We already // did the necessary byte comparison, so it's more efficient here to check that // the key remainder length equals the shared nibble length, which implies // equality with the path remainder (since we already did the same check with // the path remainder and the shared nibble length). require( keyRemainder.length == sharedNibbleLength, "MerkleTrie: key remainder must be identical to path remainder" ); // Our Merkle Trie is designed specifically for the purposes of the Ethereum // state trie. Empty values are not allowed in the state trie, so we can safely // say that if the value is empty, the key should not exist and the proof is // invalid. bytes memory value = RLPReader.readBytes(currentNode.decoded[1]); require( value.length > 0, "MerkleTrie: value length must be greater than zero (leaf)" ); // Extra proof elements are not allowed. require( i == proof.length - 1, "MerkleTrie: value node must be last node in proof (leaf)" ); return value; } else if (prefix == PREFIX_EXTENSION_EVEN || prefix == PREFIX_EXTENSION_ODD) { // Prefix of 0 or 1 means this is an extension node. We move onto the next node // in the proof and increment the key index by the length of the path remainder // which is equal to the shared nibble length. currentNodeID = _getNodeID(currentNode.decoded[1]); currentKeyIndex += sharedNibbleLength; } else { revert("MerkleTrie: received a node with an unknown prefix"); } } else { revert("MerkleTrie: received an unparseable node"); } } revert("MerkleTrie: ran out of proof elements"); } /** * @notice Parses an array of proof elements into a new array that contains both the original * encoded element and the RLP-decoded element. * * @param _proof Array of proof elements to parse. * * @return Proof parsed into easily accessible structs. */ function _parseProof(bytes[] memory _proof) private pure returns (TrieNode[] memory) { uint256 length = _proof.length; TrieNode[] memory proof = new TrieNode[](length); for (uint256 i = 0; i < length; ) { proof[i] = TrieNode({ encoded: _proof[i], decoded: RLPReader.readList(_proof[i]) }); unchecked { ++i; } } return proof; } /** * @notice Picks out the ID for a node. Node ID is referred to as the "hash" within the * specification, but nodes < 32 bytes are not actually hashed. * * @param _node Node to pull an ID for. * * @return ID for the node, depending on the size of its contents. */ function _getNodeID(RLPReader.RLPItem memory _node) private pure returns (bytes memory) { return _node.length < 32 ? RLPReader.readRawBytes(_node) : RLPReader.readBytes(_node); } /** * @notice Gets the path for a leaf or extension node. * * @param _node Node to get a path for. * * @return Node path, converted to an array of nibbles. */ function _getNodePath(TrieNode memory _node) private pure returns (bytes memory) { return Bytes.toNibbles(RLPReader.readBytes(_node.decoded[0])); } /** * @notice Utility; determines the number of nibbles shared between two nibble arrays. * * @param _a First nibble array. * @param _b Second nibble array. * * @return Number of shared nibbles. */ function _getSharedNibbleLength(bytes memory _a, bytes memory _b) private pure returns (uint256) { uint256 shared; uint256 max = (_a.length < _b.length) ? _a.length : _b.length; for (; shared < max && _a[shared] == _b[shared]; ) { unchecked { ++shared; } } return shared; } }
// SPDX-License-Identifier: MIT pragma solidity ^0.8.0; /* Library Imports */ import { MerkleTrie } from "./MerkleTrie.sol"; /** * @title SecureMerkleTrie * @notice SecureMerkleTrie is a thin wrapper around the MerkleTrie library that hashes the input * keys. Ethereum's state trie hashes input keys before storing them. */ library SecureMerkleTrie { /** * @notice Verifies a proof that a given key/value pair is present in the Merkle trie. * * @param _key Key of the node to search for, as a hex string. * @param _value Value of the node to search for, as a hex string. * @param _proof Merkle trie inclusion proof for the desired node. Unlike traditional Merkle * trees, this proof is executed top-down and consists of a list of RLP-encoded * nodes that make a path down to the target node. * @param _root Known root of the Merkle trie. Used to verify that the included proof is * correctly constructed. * * @return Whether or not the proof is valid. */ function verifyInclusionProof( bytes memory _key, bytes memory _value, bytes[] memory _proof, bytes32 _root ) internal pure returns (bool) { bytes memory key = _getSecureKey(_key); return MerkleTrie.verifyInclusionProof(key, _value, _proof, _root); } /** * @notice Retrieves the value associated with a given key. * * @param _key Key to search for, as hex bytes. * @param _proof Merkle trie inclusion proof for the key. * @param _root Known root of the Merkle trie. * * @return Value of the key if it exists. */ function get( bytes memory _key, bytes[] memory _proof, bytes32 _root ) internal pure returns (bytes memory) { bytes memory key = _getSecureKey(_key); return MerkleTrie.get(key, _proof, _root); } /** * @notice Computes the hashed version of the input key. * * @param _key Key to hash. * * @return Hashed version of the key. */ function _getSecureKey(bytes memory _key) private pure returns (bytes memory) { return abi.encodePacked(keccak256(_key)); } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { OwnableUpgradeable } from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol"; import { PausableUpgradeable } from "@openzeppelin/contracts-upgradeable/security/PausableUpgradeable.sol"; import { ReentrancyGuardUpgradeable } from "@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol"; import { SafeCall } from "../libraries/SafeCall.sol"; import { Hashing } from "../libraries/Hashing.sol"; import { Encoding } from "../libraries/Encoding.sol"; import { Constants } from "../libraries/Constants.sol"; /** * @custom:legacy * @title CrossDomainMessengerLegacySpacer * @notice Contract only exists to add a spacer to the CrossDomainMessenger where the * libAddressManager variable used to exist. Must be the first contract in the inheritance * tree of the CrossDomainMessenger */ contract CrossDomainMessengerLegacySpacer { /** * @custom:legacy * @custom:spacer libAddressManager * @notice Spacer for backwards compatibility. */ address private spacer_0_0_20; } /** * @custom:upgradeable * @title CrossDomainMessenger * @notice CrossDomainMessenger is a base contract that provides the core logic for the L1 and L2 * cross-chain messenger contracts. It's designed to be a universal interface that only * needs to be extended slightly to provide low-level message passing functionality on each * chain it's deployed on. Currently only designed for message passing between two paired * chains and does not support one-to-many interactions. */ abstract contract CrossDomainMessenger is CrossDomainMessengerLegacySpacer, OwnableUpgradeable, PausableUpgradeable, ReentrancyGuardUpgradeable { /** * @notice Current message version identifier. */ uint16 public constant MESSAGE_VERSION = 1; /** * @notice Constant overhead added to the base gas for a message. */ uint64 public constant MIN_GAS_CONSTANT_OVERHEAD = 200_000; /** * @notice Numerator for dynamic overhead added to the base gas for a message. */ uint64 public constant MIN_GAS_DYNAMIC_OVERHEAD_NUMERATOR = 1016; /** * @notice Denominator for dynamic overhead added to the base gas for a message. */ uint64 public constant MIN_GAS_DYNAMIC_OVERHEAD_DENOMINATOR = 1000; /** * @notice Extra gas added to base gas for each byte of calldata in a message. */ uint64 public constant MIN_GAS_CALLDATA_OVERHEAD = 16; /** * @notice Minimum amount of gas required to relay a message. */ uint256 internal constant RELAY_GAS_REQUIRED = 45_000; /** * @notice Amount of gas held in reserve to guarantee that relay execution completes. */ uint256 internal constant RELAY_GAS_BUFFER = RELAY_GAS_REQUIRED - 5000; /** * @notice Address of the paired CrossDomainMessenger contract on the other chain. */ address public immutable OTHER_MESSENGER; /** * @custom:legacy * @custom:spacer blockedMessages * @notice Spacer for backwards compatibility. */ mapping(bytes32 => bool) private spacer_201_0_32; /** * @custom:legacy * @custom:spacer relayedMessages * @notice Spacer for backwards compatibility. */ mapping(bytes32 => bool) private spacer_202_0_32; /** * @notice Mapping of message hashes to boolean receipt values. Note that a message will only * be present in this mapping if it has successfully been relayed on this chain, and * can therefore not be relayed again. */ mapping(bytes32 => bool) public successfulMessages; /** * @notice Address of the sender of the currently executing message on the other chain. If the * value of this variable is the default value (0x00000000...dead) then no message is * currently being executed. Use the xDomainMessageSender getter which will throw an * error if this is the case. */ address internal xDomainMsgSender; /** * @notice Nonce for the next message to be sent, without the message version applied. Use the * messageNonce getter which will insert the message version into the nonce to give you * the actual nonce to be used for the message. */ uint240 internal msgNonce; /** * @notice Mapping of message hashes to a boolean if and only if the message has failed to be * executed at least once. A message will not be present in this mapping if it * successfully executed on the first attempt. */ mapping(bytes32 => bool) public failedMessages; /** * @notice Reserve extra slots in the storage layout for future upgrades. * A gap size of 41 was chosen here, so that the first slot used in a child contract * would be a multiple of 50. */ uint256[42] private __gap; /** * @notice Emitted whenever a message is sent to the other chain. * * @param target Address of the recipient of the message. * @param sender Address of the sender of the message. * @param message Message to trigger the recipient address with. * @param messageNonce Unique nonce attached to the message. * @param gasLimit Minimum gas limit that the message can be executed with. */ event SentMessage( address indexed target, address sender, bytes message, uint256 messageNonce, uint256 gasLimit ); /** * @notice Additional event data to emit, required as of Bedrock. Cannot be merged with the * SentMessage event without breaking the ABI of this contract, this is good enough. * * @param sender Address of the sender of the message. * @param value ETH value sent along with the message to the recipient. */ event SentMessageExtension1(address indexed sender, uint256 value); /** * @notice Emitted whenever a message is successfully relayed on this chain. * * @param msgHash Hash of the message that was relayed. */ event RelayedMessage(bytes32 indexed msgHash); /** * @notice Emitted whenever a message fails to be relayed on this chain. * * @param msgHash Hash of the message that failed to be relayed. */ event FailedRelayedMessage(bytes32 indexed msgHash); /** * @param _otherMessenger Address of the messenger on the paired chain. */ constructor(address _otherMessenger) { OTHER_MESSENGER = _otherMessenger; } /** * @notice Allows the owner of this contract to temporarily pause message relaying. Backup * security mechanism just in case. Owner should be the same as the upgrade wallet to * maintain the security model of the system as a whole. */ function pause() external onlyOwner { _pause(); } /** * @notice Allows the owner of this contract to resume message relaying once paused. */ function unpause() external onlyOwner { _unpause(); } /** * @notice Sends a message to some target address on the other chain. Note that if the call * always reverts, then the message will be unrelayable, and any ETH sent will be * permanently locked. The same will occur if the target on the other chain is * considered unsafe (see the _isUnsafeTarget() function). * * @param _target Target contract or wallet address. * @param _message Message to trigger the target address with. * @param _minGasLimit Minimum gas limit that the message can be executed with. */ function sendMessage( address _target, bytes calldata _message, uint32 _minGasLimit ) external payable { // Triggers a message to the other messenger. Note that the amount of gas provided to the // message is the amount of gas requested by the user PLUS the base gas value. We want to // guarantee the property that the call to the target contract will always have at least // the minimum gas limit specified by the user. _sendMessage( OTHER_MESSENGER, baseGas(_message, _minGasLimit), msg.value, abi.encodeWithSelector( this.relayMessage.selector, messageNonce(), msg.sender, _target, msg.value, _minGasLimit, _message ) ); emit SentMessage(_target, msg.sender, _message, messageNonce(), _minGasLimit); emit SentMessageExtension1(msg.sender, msg.value); unchecked { ++msgNonce; } } /** * @notice Relays a message that was sent by the other CrossDomainMessenger contract. Can only * be executed via cross-chain call from the other messenger OR if the message was * already received once and is currently being replayed. * * @param _nonce Nonce of the message being relayed. * @param _sender Address of the user who sent the message. * @param _target Address that the message is targeted at. * @param _value ETH value to send with the message. * @param _minGasLimit Minimum amount of gas that the message can be executed with. * @param _message Message to send to the target. */ function relayMessage( uint256 _nonce, address _sender, address _target, uint256 _value, uint256 _minGasLimit, bytes calldata _message ) external payable nonReentrant whenNotPaused { (, uint16 version) = Encoding.decodeVersionedNonce(_nonce); require( version < 2, "CrossDomainMessenger: only version 0 or 1 messages are supported at this time" ); // If the message is version 0, then it's a migrated legacy withdrawal. We therefore need // to check that the legacy version of the message has not already been relayed. if (version == 0) { bytes32 oldHash = Hashing.hashCrossDomainMessageV0(_target, _sender, _message, _nonce); require( successfulMessages[oldHash] == false, "CrossDomainMessenger: legacy withdrawal already relayed" ); } // We use the v1 message hash as the unique identifier for the message because it commits // to the value and minimum gas limit of the message. bytes32 versionedHash = Hashing.hashCrossDomainMessageV1( _nonce, _sender, _target, _value, _minGasLimit, _message ); if (_isOtherMessenger()) { // These properties should always hold when the message is first submitted (as // opposed to being replayed). assert(msg.value == _value); assert(!failedMessages[versionedHash]); } else { require( msg.value == 0, "CrossDomainMessenger: value must be zero unless message is from a system address" ); require( failedMessages[versionedHash], "CrossDomainMessenger: message cannot be replayed" ); } require( _isUnsafeTarget(_target) == false, "CrossDomainMessenger: cannot send message to blocked system address" ); require( successfulMessages[versionedHash] == false, "CrossDomainMessenger: message has already been relayed" ); require( gasleft() >= _minGasLimit + RELAY_GAS_REQUIRED, "CrossDomainMessenger: insufficient gas to relay message" ); xDomainMsgSender = _sender; bool success = SafeCall.call(_target, gasleft() - RELAY_GAS_BUFFER, _value, _message); xDomainMsgSender = Constants.DEFAULT_L2_SENDER; if (success == true) { successfulMessages[versionedHash] = true; emit RelayedMessage(versionedHash); } else { failedMessages[versionedHash] = true; emit FailedRelayedMessage(versionedHash); // Revert in this case if the transaction was triggered by the estimation address. This // should only be possible during gas estimation or we have bigger problems. Reverting // here will make the behavior of gas estimation change such that the gas limit // computed will be the amount required to relay the message, even if that amount is // greater than the minimum gas limit specified by the user. if (tx.origin == Constants.ESTIMATION_ADDRESS) { revert("CrossDomainMessenger: failed to relay message"); } } } /** * @notice Retrieves the address of the contract or wallet that initiated the currently * executing message on the other chain. Will throw an error if there is no message * currently being executed. Allows the recipient of a call to see who triggered it. * * @return Address of the sender of the currently executing message on the other chain. */ function xDomainMessageSender() external view returns (address) { require( xDomainMsgSender != Constants.DEFAULT_L2_SENDER, "CrossDomainMessenger: xDomainMessageSender is not set" ); return xDomainMsgSender; } /** * @notice Retrieves the next message nonce. Message version will be added to the upper two * bytes of the message nonce. Message version allows us to treat messages as having * different structures. * * @return Nonce of the next message to be sent, with added message version. */ function messageNonce() public view returns (uint256) { return Encoding.encodeVersionedNonce(msgNonce, MESSAGE_VERSION); } /** * @notice Computes the amount of gas required to guarantee that a given message will be * received on the other chain without running out of gas. Guaranteeing that a message * will not run out of gas is important because this ensures that a message can always * be replayed on the other chain if it fails to execute completely. * * @param _message Message to compute the amount of required gas for. * @param _minGasLimit Minimum desired gas limit when message goes to target. * * @return Amount of gas required to guarantee message receipt. */ function baseGas(bytes calldata _message, uint32 _minGasLimit) public pure returns (uint64) { // We peform the following math on uint64s to avoid overflow errors. Multiplying the // by MIN_GAS_DYNAMIC_OVERHEAD_NUMERATOR would otherwise limit the _minGasLimit to // type(uint32).max / MIN_GAS_DYNAMIC_OVERHEAD_NUMERATOR ~= 4.2m. return // Dynamic overhead ((uint64(_minGasLimit) * MIN_GAS_DYNAMIC_OVERHEAD_NUMERATOR) / MIN_GAS_DYNAMIC_OVERHEAD_DENOMINATOR) + // Calldata overhead (uint64(_message.length) * MIN_GAS_CALLDATA_OVERHEAD) + // Constant overhead MIN_GAS_CONSTANT_OVERHEAD; } /** * @notice Intializer. */ // solhint-disable-next-line func-name-mixedcase function __CrossDomainMessenger_init() internal onlyInitializing { xDomainMsgSender = Constants.DEFAULT_L2_SENDER; __Context_init_unchained(); __Ownable_init_unchained(); __Pausable_init_unchained(); __ReentrancyGuard_init_unchained(); } /** * @notice Sends a low-level message to the other messenger. Needs to be implemented by child * contracts because the logic for this depends on the network where the messenger is * being deployed. * * @param _to Recipient of the message on the other chain. * @param _gasLimit Minimum gas limit the message can be executed with. * @param _value Amount of ETH to send with the message. * @param _data Message data. */ function _sendMessage( address _to, uint64 _gasLimit, uint256 _value, bytes memory _data ) internal virtual; /** * @notice Checks whether the message is coming from the other messenger. Implemented by child * contracts because the logic for this depends on the network where the messenger is * being deployed. * * @return Whether the message is coming from the other messenger. */ function _isOtherMessenger() internal view virtual returns (bool); /** * @notice Checks whether a given call target is a system address that could cause the * messenger to peform an unsafe action. This is NOT a mechanism for blocking user * addresses. This is ONLY used to prevent the execution of messages to specific * system addresses that could cause security issues, e.g., having the * CrossDomainMessenger send messages to itself. * * @param _target Address of the contract to check. * * @return Whether or not the address is an unsafe system address. */ function _isUnsafeTarget(address _target) internal view virtual returns (bool); }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { CrossDomainMessenger } from "./CrossDomainMessenger.sol"; import { Address } from "@openzeppelin/contracts/utils/Address.sol"; /** * @title ERC721Bridge * @notice ERC721Bridge is a base contract for the L1 and L2 ERC721 bridges. */ abstract contract ERC721Bridge { /** * @notice Messenger contract on this domain. */ CrossDomainMessenger public immutable MESSENGER; /** * @notice Address of the bridge on the other network. */ address public immutable OTHER_BRIDGE; /** * @notice Reserve extra slots (to a total of 50) in the storage layout for future upgrades. */ uint256[49] private __gap; /** * @notice Emitted when an ERC721 bridge to the other network is initiated. * * @param localToken Address of the token on this domain. * @param remoteToken Address of the token on the remote domain. * @param from Address that initiated bridging action. * @param to Address to receive the token. * @param tokenId ID of the specific token deposited. * @param extraData Extra data for use on the client-side. */ event ERC721BridgeInitiated( address indexed localToken, address indexed remoteToken, address indexed from, address to, uint256 tokenId, bytes extraData ); /** * @notice Emitted when an ERC721 bridge from the other network is finalized. * * @param localToken Address of the token on this domain. * @param remoteToken Address of the token on the remote domain. * @param from Address that initiated bridging action. * @param to Address to receive the token. * @param tokenId ID of the specific token deposited. * @param extraData Extra data for use on the client-side. */ event ERC721BridgeFinalized( address indexed localToken, address indexed remoteToken, address indexed from, address to, uint256 tokenId, bytes extraData ); /** * @notice Ensures that the caller is a cross-chain message from the other bridge. */ modifier onlyOtherBridge() { require( msg.sender == address(MESSENGER) && MESSENGER.xDomainMessageSender() == OTHER_BRIDGE, "ERC721Bridge: function can only be called from the other bridge" ); _; } /** * @param _messenger Address of the CrossDomainMessenger on this network. * @param _otherBridge Address of the ERC721 bridge on the other network. */ constructor(address _messenger, address _otherBridge) { require(_messenger != address(0), "ERC721Bridge: messenger cannot be address(0)"); require(_otherBridge != address(0), "ERC721Bridge: other bridge cannot be address(0)"); MESSENGER = CrossDomainMessenger(_messenger); OTHER_BRIDGE = _otherBridge; } /** * @custom:legacy * @notice Legacy getter for messenger contract. * * @return Messenger contract on this domain. */ function messenger() external view returns (CrossDomainMessenger) { return MESSENGER; } /** * @custom:legacy * @notice Legacy getter for other bridge address. * * @return Address of the bridge on the other network. */ function otherBridge() external view returns (address) { return OTHER_BRIDGE; } /** * @notice Initiates a bridge of an NFT to the caller's account on the other chain. Note that * this function can only be called by EOAs. Smart contract wallets should use the * `bridgeERC721To` function after ensuring that the recipient address on the remote * chain exists. Also note that the current owner of the token on this chain must * approve this contract to operate the NFT before it can be bridged. * **WARNING**: Do not bridge an ERC721 that was originally deployed on Optimism. This * bridge only supports ERC721s originally deployed on Ethereum. Users will need to * wait for the one-week challenge period to elapse before their Optimism-native NFT * can be refunded on L2. * * @param _localToken Address of the ERC721 on this domain. * @param _remoteToken Address of the ERC721 on the remote domain. * @param _tokenId Token ID to bridge. * @param _minGasLimit Minimum gas limit for the bridge message on the other domain. * @param _extraData Optional data to forward to the other chain. Data supplied here will not * be used to execute any code on the other chain and is only emitted as * extra data for the convenience of off-chain tooling. */ function bridgeERC721( address _localToken, address _remoteToken, uint256 _tokenId, uint32 _minGasLimit, bytes calldata _extraData ) external { // Modifier requiring sender to be EOA. This prevents against a user error that would occur // if the sender is a smart contract wallet that has a different address on the remote chain // (or doesn't have an address on the remote chain at all). The user would fail to receive // the NFT if they use this function because it sends the NFT to the same address as the // caller. This check could be bypassed by a malicious contract via initcode, but it takes // care of the user error we want to avoid. require(!Address.isContract(msg.sender), "ERC721Bridge: account is not externally owned"); _initiateBridgeERC721( _localToken, _remoteToken, msg.sender, msg.sender, _tokenId, _minGasLimit, _extraData ); } /** * @notice Initiates a bridge of an NFT to some recipient's account on the other chain. Note * that the current owner of the token on this chain must approve this contract to * operate the NFT before it can be bridged. * **WARNING**: Do not bridge an ERC721 that was originally deployed on Optimism. This * bridge only supports ERC721s originally deployed on Ethereum. Users will need to * wait for the one-week challenge period to elapse before their Optimism-native NFT * can be refunded on L2. * * @param _localToken Address of the ERC721 on this domain. * @param _remoteToken Address of the ERC721 on the remote domain. * @param _to Address to receive the token on the other domain. * @param _tokenId Token ID to bridge. * @param _minGasLimit Minimum gas limit for the bridge message on the other domain. * @param _extraData Optional data to forward to the other chain. Data supplied here will not * be used to execute any code on the other chain and is only emitted as * extra data for the convenience of off-chain tooling. */ function bridgeERC721To( address _localToken, address _remoteToken, address _to, uint256 _tokenId, uint32 _minGasLimit, bytes calldata _extraData ) external { require(_to != address(0), "ERC721Bridge: nft recipient cannot be address(0)"); _initiateBridgeERC721( _localToken, _remoteToken, msg.sender, _to, _tokenId, _minGasLimit, _extraData ); } /** * @notice Internal function for initiating a token bridge to the other domain. * * @param _localToken Address of the ERC721 on this domain. * @param _remoteToken Address of the ERC721 on the remote domain. * @param _from Address of the sender on this domain. * @param _to Address to receive the token on the other domain. * @param _tokenId Token ID to bridge. * @param _minGasLimit Minimum gas limit for the bridge message on the other domain. * @param _extraData Optional data to forward to the other domain. Data supplied here will * not be used to execute any code on the other domain and is only emitted * as extra data for the convenience of off-chain tooling. */ function _initiateBridgeERC721( address _localToken, address _remoteToken, address _from, address _to, uint256 _tokenId, uint32 _minGasLimit, bytes calldata _extraData ) internal virtual; }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { L2StandardBridge } from "../L2/L2StandardBridge.sol"; import { Predeploys } from "../libraries/Predeploys.sol"; /** * @title FeeVault * @notice The FeeVault contract contains the basic logic for the various different vault contracts * used to hold fee revenue generated by the L2 system. */ abstract contract FeeVault { /** * @notice Emits each time that a withdrawal occurs. * * @param value Amount that was withdrawn (in wei). * @param to Address that the funds were sent to. * @param from Address that triggered the withdrawal. */ event Withdrawal(uint256 value, address to, address from); /** * @notice Minimum balance before a withdrawal can be triggered. */ uint256 public immutable MIN_WITHDRAWAL_AMOUNT; /** * @notice Wallet that will receive the fees on L1. */ address public immutable RECIPIENT; /** * @notice Total amount of wei processed by the contract. */ uint256 public totalProcessed; /** * @param _recipient Wallet that will receive the fees on L1. * @param _minWithdrawalAmount Minimum balance before a withdrawal can be triggered. */ constructor(address _recipient, uint256 _minWithdrawalAmount) { MIN_WITHDRAWAL_AMOUNT = _minWithdrawalAmount; RECIPIENT = _recipient; } /** * @notice Allow the contract to receive ETH. */ receive() external payable {} /** * @notice Triggers a withdrawal of funds to the L1 fee wallet. */ function withdraw() external { require( address(this).balance >= MIN_WITHDRAWAL_AMOUNT, "FeeVault: withdrawal amount must be greater than minimum withdrawal amount" ); uint256 value = address(this).balance; totalProcessed += value; emit Withdrawal(value, RECIPIENT, msg.sender); L2StandardBridge(payable(Predeploys.L2_STANDARD_BRIDGE)).bridgeETHTo{ value: value }( RECIPIENT, 20000, bytes("") ); } }
// SPDX-License-Identifier: MIT pragma solidity ^0.8.0; import { IERC165 } from "@openzeppelin/contracts/utils/introspection/IERC165.sol"; /** * @title IOptimismMintableERC20 * @notice This interface is available on the OptimismMintableERC20 contract. We declare it as a * separate interface so that it can be used in custom implementations of * OptimismMintableERC20. */ interface IOptimismMintableERC20 { function remoteToken() external returns (address); function bridge() external returns (address); function mint(address _to, uint256 _amount) external; function burn(address _from, uint256 _amount) external; } /** * @custom:legacy * @title ILegacyMintableERC20 * @notice This interface was available on the legacy L2StandardERC20 contract. It remains available * on the OptimismMintableERC20 contract for backwards compatibility. */ interface ILegacyMintableERC20 is IERC165 { function l1Token() external returns (address); function mint(address _to, uint256 _amount) external; function burn(address _from, uint256 _amount) external; }
// SPDX-License-Identifier: MIT pragma solidity ^0.8.0; import { IERC721Enumerable } from "@openzeppelin/contracts/token/ERC721/extensions/IERC721Enumerable.sol"; /** * @title IOptimismMintableERC721 * @notice Interface for contracts that are compatible with the OptimismMintableERC721 standard. * Tokens that follow this standard can be easily transferred across the ERC721 bridge. */ interface IOptimismMintableERC721 is IERC721Enumerable { /** * @notice Emitted when a token is minted. * * @param account Address of the account the token was minted to. * @param tokenId Token ID of the minted token. */ event Mint(address indexed account, uint256 tokenId); /** * @notice Emitted when a token is burned. * * @param account Address of the account the token was burned from. * @param tokenId Token ID of the burned token. */ event Burn(address indexed account, uint256 tokenId); /** * @notice Mints some token ID for a user, checking first that contract recipients * are aware of the ERC721 protocol to prevent tokens from being forever locked. * * @param _to Address of the user to mint the token for. * @param _tokenId Token ID to mint. */ function safeMint(address _to, uint256 _tokenId) external; /** * @notice Burns a token ID from a user. * * @param _from Address of the user to burn the token from. * @param _tokenId Token ID to burn. */ function burn(address _from, uint256 _tokenId) external; /** * @notice Chain ID of the chain where the remote token is deployed. */ function REMOTE_CHAIN_ID() external view returns (uint256); /** * @notice Address of the token on the remote domain. */ function REMOTE_TOKEN() external view returns (address); /** * @notice Address of the ERC721 bridge on this network. */ function BRIDGE() external view returns (address); /** * @notice Chain ID of the chain where the remote token is deployed. */ function remoteChainId() external view returns (uint256); /** * @notice Address of the token on the remote domain. */ function remoteToken() external view returns (address); /** * @notice Address of the ERC721 bridge on this network. */ function bridge() external view returns (address); }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { ERC20 } from "@openzeppelin/contracts/token/ERC20/ERC20.sol"; import { IERC165 } from "@openzeppelin/contracts/utils/introspection/IERC165.sol"; import { ILegacyMintableERC20, IOptimismMintableERC20 } from "./IOptimismMintableERC20.sol"; /** * @title OptimismMintableERC20 * @notice OptimismMintableERC20 is a standard extension of the base ERC20 token contract designed * to allow the StandardBridge contracts to mint and burn tokens. This makes it possible to * use an OptimismMintablERC20 as the L2 representation of an L1 token, or vice-versa. * Designed to be backwards compatible with the older StandardL2ERC20 token which was only * meant for use on L2. */ contract OptimismMintableERC20 is IOptimismMintableERC20, ILegacyMintableERC20, ERC20 { /** * @notice Address of the corresponding version of this token on the remote chain. */ address public immutable REMOTE_TOKEN; /** * @notice Address of the StandardBridge on this network. */ address public immutable BRIDGE; /** * @notice Emitted whenever tokens are minted for an account. * * @param account Address of the account tokens are being minted for. * @param amount Amount of tokens minted. */ event Mint(address indexed account, uint256 amount); /** * @notice Emitted whenever tokens are burned from an account. * * @param account Address of the account tokens are being burned from. * @param amount Amount of tokens burned. */ event Burn(address indexed account, uint256 amount); /** * @notice A modifier that only allows the bridge to call */ modifier onlyBridge() { require(msg.sender == BRIDGE, "OptimismMintableERC20: only bridge can mint and burn"); _; } /** * @param _bridge Address of the L2 standard bridge. * @param _remoteToken Address of the corresponding L1 token. * @param _name ERC20 name. * @param _symbol ERC20 symbol. */ constructor( address _bridge, address _remoteToken, string memory _name, string memory _symbol ) ERC20(_name, _symbol) { REMOTE_TOKEN = _remoteToken; BRIDGE = _bridge; } /** * @notice Allows the StandardBridge on this network to mint tokens. * * @param _to Address to mint tokens to. * @param _amount Amount of tokens to mint. */ function mint(address _to, uint256 _amount) external virtual override(IOptimismMintableERC20, ILegacyMintableERC20) onlyBridge { _mint(_to, _amount); emit Mint(_to, _amount); } /** * @notice Allows the StandardBridge on this network to burn tokens. * * @param _from Address to burn tokens from. * @param _amount Amount of tokens to burn. */ function burn(address _from, uint256 _amount) external virtual override(IOptimismMintableERC20, ILegacyMintableERC20) onlyBridge { _burn(_from, _amount); emit Burn(_from, _amount); } /** * @notice ERC165 interface check function. * * @param _interfaceId Interface ID to check. * * @return Whether or not the interface is supported by this contract. */ function supportsInterface(bytes4 _interfaceId) external pure returns (bool) { bytes4 iface1 = type(IERC165).interfaceId; // Interface corresponding to the legacy L2StandardERC20. bytes4 iface2 = type(ILegacyMintableERC20).interfaceId; // Interface corresponding to the updated OptimismMintableERC20 (this contract). bytes4 iface3 = type(IOptimismMintableERC20).interfaceId; return _interfaceId == iface1 || _interfaceId == iface2 || _interfaceId == iface3; } /** * @custom:legacy * @notice Legacy getter for the remote token. Use REMOTE_TOKEN going forward. */ function l1Token() public view returns (address) { return REMOTE_TOKEN; } /** * @custom:legacy * @notice Legacy getter for the bridge. Use BRIDGE going forward. */ function l2Bridge() public view returns (address) { return BRIDGE; } /** * @custom:legacy * @notice Legacy getter for REMOTE_TOKEN. */ function remoteToken() public view returns (address) { return REMOTE_TOKEN; } /** * @custom:legacy * @notice Legacy getter for BRIDGE. */ function bridge() public view returns (address) { return BRIDGE; } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; /* Contract Imports */ import { OptimismMintableERC20 } from "../universal/OptimismMintableERC20.sol"; import { Semver } from "./Semver.sol"; /** * @custom:proxied * @custom:predeployed 0x4200000000000000000000000000000000000012 * @title OptimismMintableERC20Factory * @notice OptimismMintableERC20Factory is a factory contract that generates OptimismMintableERC20 * contracts on the network it's deployed to. Simplifies the deployment process for users * who may be less familiar with deploying smart contracts. Designed to be backwards * compatible with the older StandardL2ERC20Factory contract. */ contract OptimismMintableERC20Factory is Semver { /** * @notice Address of the StandardBridge on this chain. */ address public immutable BRIDGE; /** * @custom:legacy * @notice Emitted whenever a new OptimismMintableERC20 is created. Legacy version of the newer * OptimismMintableERC20Created event. We recommend relying on that event instead. * * @param remoteToken Address of the token on the remote chain. * @param localToken Address of the created token on the local chain. */ event StandardL2TokenCreated(address indexed remoteToken, address indexed localToken); /** * @notice Emitted whenever a new OptimismMintableERC20 is created. * * @param localToken Address of the created token on the local chain. * @param remoteToken Address of the corresponding token on the remote chain. * @param deployer Address of the account that deployed the token. */ event OptimismMintableERC20Created( address indexed localToken, address indexed remoteToken, address deployer ); /** * @custom:semver 1.0.0 * * @param _bridge Address of the StandardBridge on this chain. */ constructor(address _bridge) Semver(1, 0, 0) { BRIDGE = _bridge; } /** * @custom:legacy * @notice Creates an instance of the OptimismMintableERC20 contract. Legacy version of the * newer createOptimismMintableERC20 function, which has a more intuitive name. * * @param _remoteToken Address of the token on the remote chain. * @param _name ERC20 name. * @param _symbol ERC20 symbol. * * @return Address of the newly created token. */ function createStandardL2Token( address _remoteToken, string memory _name, string memory _symbol ) external returns (address) { return createOptimismMintableERC20(_remoteToken, _name, _symbol); } /** * @notice Creates an instance of the OptimismMintableERC20 contract. * * @param _remoteToken Address of the token on the remote chain. * @param _name ERC20 name. * @param _symbol ERC20 symbol. * * @return Address of the newly created token. */ function createOptimismMintableERC20( address _remoteToken, string memory _name, string memory _symbol ) public returns (address) { require( _remoteToken != address(0), "OptimismMintableERC20Factory: must provide remote token address" ); address localToken = address( new OptimismMintableERC20(BRIDGE, _remoteToken, _name, _symbol) ); // Emit the old event too for legacy support. emit StandardL2TokenCreated(_remoteToken, localToken); // Emit the updated event. The arguments here differ from the legacy event, but // are consistent with the ordering used in StandardBridge events. emit OptimismMintableERC20Created(localToken, _remoteToken, msg.sender); return localToken; } }
// SPDX-License-Identifier: MIT pragma solidity ^0.8.0; import { ERC721Enumerable } from "@openzeppelin/contracts/token/ERC721/extensions/ERC721Enumerable.sol"; import { ERC721 } from "@openzeppelin/contracts/token/ERC721/ERC721.sol"; import { IERC165 } from "@openzeppelin/contracts/utils/introspection/IERC165.sol"; import { Strings } from "@openzeppelin/contracts/utils/Strings.sol"; import { IOptimismMintableERC721 } from "./IOptimismMintableERC721.sol"; /** * @title OptimismMintableERC721 * @notice This contract is the remote representation for some token that lives on another network, * typically an Optimism representation of an Ethereum-based token. Standard reference * implementation that can be extended or modified according to your needs. */ contract OptimismMintableERC721 is ERC721Enumerable, IOptimismMintableERC721 { /** * @inheritdoc IOptimismMintableERC721 */ uint256 public immutable REMOTE_CHAIN_ID; /** * @inheritdoc IOptimismMintableERC721 */ address public immutable REMOTE_TOKEN; /** * @inheritdoc IOptimismMintableERC721 */ address public immutable BRIDGE; /** * @notice Base token URI for this token. */ string public baseTokenURI; /** * @notice Modifier that prevents callers other than the bridge from calling the function. */ modifier onlyBridge() { require(msg.sender == BRIDGE, "OptimismMintableERC721: only bridge can call this function"); _; } /** * @param _bridge Address of the bridge on this network. * @param _remoteChainId Chain ID where the remote token is deployed. * @param _remoteToken Address of the corresponding token on the other network. * @param _name ERC721 name. * @param _symbol ERC721 symbol. */ constructor( address _bridge, uint256 _remoteChainId, address _remoteToken, string memory _name, string memory _symbol ) ERC721(_name, _symbol) { require(_bridge != address(0), "OptimismMintableERC721: bridge cannot be address(0)"); require(_remoteChainId != 0, "OptimismMintableERC721: remote chain id cannot be zero"); require( _remoteToken != address(0), "OptimismMintableERC721: remote token cannot be address(0)" ); REMOTE_CHAIN_ID = _remoteChainId; REMOTE_TOKEN = _remoteToken; BRIDGE = _bridge; // Creates a base URI in the format specified by EIP-681: // https://eips.ethereum.org/EIPS/eip-681 baseTokenURI = string( abi.encodePacked( "ethereum:", Strings.toHexString(uint160(_remoteToken), 20), "@", Strings.toString(_remoteChainId), "/tokenURI?uint256=" ) ); } /** * @inheritdoc IOptimismMintableERC721 */ function remoteChainId() external view returns (uint256) { return REMOTE_CHAIN_ID; } /** * @inheritdoc IOptimismMintableERC721 */ function remoteToken() external view returns (address) { return REMOTE_TOKEN; } /** * @inheritdoc IOptimismMintableERC721 */ function bridge() external view returns (address) { return BRIDGE; } /** * @inheritdoc IOptimismMintableERC721 */ function safeMint(address _to, uint256 _tokenId) external virtual onlyBridge { _safeMint(_to, _tokenId); emit Mint(_to, _tokenId); } /** * @inheritdoc IOptimismMintableERC721 */ function burn(address _from, uint256 _tokenId) external virtual onlyBridge { _burn(_tokenId); emit Burn(_from, _tokenId); } /** * @notice Checks if a given interface ID is supported by this contract. * * @param _interfaceId The interface ID to check. * * @return True if the interface ID is supported, false otherwise. */ function supportsInterface(bytes4 _interfaceId) public view override(ERC721Enumerable, IERC165) returns (bool) { bytes4 iface1 = type(IERC165).interfaceId; bytes4 iface2 = type(IOptimismMintableERC721).interfaceId; return _interfaceId == iface1 || _interfaceId == iface2 || super.supportsInterface(_interfaceId); } /** * @notice Returns the base token URI. * * @return Base token URI. */ function _baseURI() internal view virtual override returns (string memory) { return baseTokenURI; } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { OptimismMintableERC721 } from "./OptimismMintableERC721.sol"; import { Semver } from "./Semver.sol"; /** * @title OptimismMintableERC721Factory * @notice Factory contract for creating OptimismMintableERC721 contracts. */ contract OptimismMintableERC721Factory is Semver { /** * @notice Address of the ERC721 bridge on this network. */ address public immutable BRIDGE; /** * @notice Chain ID for the remote network. */ uint256 public immutable REMOTE_CHAIN_ID; /** * @notice Tracks addresses created by this factory. */ mapping(address => bool) public isOptimismMintableERC721; /** * @notice Emitted whenever a new OptimismMintableERC721 contract is created. * * @param localToken Address of the token on the this domain. * @param remoteToken Address of the token on the remote domain. * @param deployer Address of the initiator of the deployment */ event OptimismMintableERC721Created( address indexed localToken, address indexed remoteToken, address deployer ); /** * @custom:semver 1.0.0 * * @param _bridge Address of the ERC721 bridge on this network. * @param _remoteChainId Chain ID for the remote network. */ constructor(address _bridge, uint256 _remoteChainId) Semver(1, 0, 0) { BRIDGE = _bridge; REMOTE_CHAIN_ID = _remoteChainId; } /** * @notice Creates an instance of the standard ERC721. * * @param _remoteToken Address of the corresponding token on the other domain. * @param _name ERC721 name. * @param _symbol ERC721 symbol. */ function createOptimismMintableERC721( address _remoteToken, string memory _name, string memory _symbol ) external returns (address) { require( _remoteToken != address(0), "OptimismMintableERC721Factory: L1 token address cannot be address(0)" ); address localToken = address( new OptimismMintableERC721(BRIDGE, REMOTE_CHAIN_ID, _remoteToken, _name, _symbol) ); isOptimismMintableERC721[localToken] = true; emit OptimismMintableERC721Created(localToken, _remoteToken, msg.sender); return localToken; } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; /** * @title Proxy * @notice Proxy is a transparent proxy that passes through the call if the caller is the owner or * if the caller is address(0), meaning that the call originated from an off-chain * simulation. */ contract Proxy { /** * @notice The storage slot that holds the address of the implementation. * bytes32(uint256(keccak256('eip1967.proxy.implementation')) - 1) */ bytes32 internal constant IMPLEMENTATION_KEY = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc; /** * @notice The storage slot that holds the address of the owner. * bytes32(uint256(keccak256('eip1967.proxy.admin')) - 1) */ bytes32 internal constant OWNER_KEY = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103; /** * @notice An event that is emitted each time the implementation is changed. This event is part * of the EIP-1967 specification. * * @param implementation The address of the implementation contract */ event Upgraded(address indexed implementation); /** * @notice An event that is emitted each time the owner is upgraded. This event is part of the * EIP-1967 specification. * * @param previousAdmin The previous owner of the contract * @param newAdmin The new owner of the contract */ event AdminChanged(address previousAdmin, address newAdmin); /** * @notice A modifier that reverts if not called by the owner or by address(0) to allow * eth_call to interact with this proxy without needing to use low-level storage * inspection. We assume that nobody is able to trigger calls from address(0) during * normal EVM execution. */ modifier proxyCallIfNotAdmin() { if (msg.sender == _getAdmin() || msg.sender == address(0)) { _; } else { // This WILL halt the call frame on completion. _doProxyCall(); } } /** * @notice Sets the initial admin during contract deployment. Admin address is stored at the * EIP-1967 admin storage slot so that accidental storage collision with the * implementation is not possible. * * @param _admin Address of the initial contract admin. Admin as the ability to access the * transparent proxy interface. */ constructor(address _admin) { _changeAdmin(_admin); } // slither-disable-next-line locked-ether receive() external payable { // Proxy call by default. _doProxyCall(); } // slither-disable-next-line locked-ether fallback() external payable { // Proxy call by default. _doProxyCall(); } /** * @notice Set the implementation contract address. The code at the given address will execute * when this contract is called. * * @param _implementation Address of the implementation contract. */ function upgradeTo(address _implementation) external proxyCallIfNotAdmin { _setImplementation(_implementation); } /** * @notice Set the implementation and call a function in a single transaction. Useful to ensure * atomic execution of initialization-based upgrades. * * @param _implementation Address of the implementation contract. * @param _data Calldata to delegatecall the new implementation with. */ function upgradeToAndCall(address _implementation, bytes calldata _data) external payable proxyCallIfNotAdmin returns (bytes memory) { _setImplementation(_implementation); (bool success, bytes memory returndata) = _implementation.delegatecall(_data); require(success, "Proxy: delegatecall to new implementation contract failed"); return returndata; } /** * @notice Changes the owner of the proxy contract. Only callable by the owner. * * @param _admin New owner of the proxy contract. */ function changeAdmin(address _admin) external proxyCallIfNotAdmin { _changeAdmin(_admin); } /** * @notice Gets the owner of the proxy contract. * * @return Owner address. */ function admin() external proxyCallIfNotAdmin returns (address) { return _getAdmin(); } /** * @notice Queries the implementation address. * * @return Implementation address. */ function implementation() external proxyCallIfNotAdmin returns (address) { return _getImplementation(); } /** * @notice Sets the implementation address. * * @param _implementation New implementation address. */ function _setImplementation(address _implementation) internal { assembly { sstore(IMPLEMENTATION_KEY, _implementation) } emit Upgraded(_implementation); } /** * @notice Changes the owner of the proxy contract. * * @param _admin New owner of the proxy contract. */ function _changeAdmin(address _admin) internal { address previous = _getAdmin(); assembly { sstore(OWNER_KEY, _admin) } emit AdminChanged(previous, _admin); } /** * @notice Performs the proxy call via a delegatecall. */ function _doProxyCall() internal { address impl = _getImplementation(); require(impl != address(0), "Proxy: implementation not initialized"); assembly { // Copy calldata into memory at 0x0....calldatasize. calldatacopy(0x0, 0x0, calldatasize()) // Perform the delegatecall, make sure to pass all available gas. let success := delegatecall(gas(), impl, 0x0, calldatasize(), 0x0, 0x0) // Copy returndata into memory at 0x0....returndatasize. Note that this *will* // overwrite the calldata that we just copied into memory but that doesn't really // matter because we'll be returning in a second anyway. returndatacopy(0x0, 0x0, returndatasize()) // Success == 0 means a revert. We'll revert too and pass the data up. if iszero(success) { revert(0x0, returndatasize()) } // Otherwise we'll just return and pass the data up. return(0x0, returndatasize()) } } /** * @notice Queries the implementation address. * * @return Implementation address. */ function _getImplementation() internal view returns (address) { address impl; assembly { impl := sload(IMPLEMENTATION_KEY) } return impl; } /** * @notice Queries the owner of the proxy contract. * * @return Owner address. */ function _getAdmin() internal view returns (address) { address owner; assembly { owner := sload(OWNER_KEY) } return owner; } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol"; import { Proxy } from "./Proxy.sol"; import { AddressManager } from "../legacy/AddressManager.sol"; import { L1ChugSplashProxy } from "../legacy/L1ChugSplashProxy.sol"; /** * @title IStaticERC1967Proxy * @notice IStaticERC1967Proxy is a static version of the ERC1967 proxy interface. */ interface IStaticERC1967Proxy { function implementation() external view returns (address); function admin() external view returns (address); } /** * @title IStaticL1ChugSplashProxy * @notice IStaticL1ChugSplashProxy is a static version of the ChugSplash proxy interface. */ interface IStaticL1ChugSplashProxy { function getImplementation() external view returns (address); function getOwner() external view returns (address); } /** * @title ProxyAdmin * @notice This is an auxiliary contract meant to be assigned as the admin of an ERC1967 Proxy, * based on the OpenZeppelin implementation. It has backwards compatibility logic to work * with the various types of proxies that have been deployed by Optimism in the past. */ contract ProxyAdmin is Ownable { /** * @notice The proxy types that the ProxyAdmin can manage. * * @custom:value ERC1967 Represents an ERC1967 compliant transparent proxy interface. * @custom:value CHUGSPLASH Represents the Chugsplash proxy interface (legacy). * @custom:value RESOLVED Represents the ResolvedDelegate proxy (legacy). */ enum ProxyType { ERC1967, CHUGSPLASH, RESOLVED } /** * @notice A mapping of proxy types, used for backwards compatibility. */ mapping(address => ProxyType) public proxyType; /** * @notice A reverse mapping of addresses to names held in the AddressManager. This must be * manually kept up to date with changes in the AddressManager for this contract * to be able to work as an admin for the ResolvedDelegateProxy type. */ mapping(address => string) public implementationName; /** * @notice The address of the address manager, this is required to manage the * ResolvedDelegateProxy type. */ AddressManager public addressManager; /** * @notice A legacy upgrading indicator used by the old Chugsplash Proxy. */ bool internal upgrading; /** * @param _owner Address of the initial owner of this contract. */ constructor(address _owner) Ownable() { _transferOwnership(_owner); } /** * @notice Sets the proxy type for a given address. Only required for non-standard (legacy) * proxy types. * * @param _address Address of the proxy. * @param _type Type of the proxy. */ function setProxyType(address _address, ProxyType _type) external onlyOwner { proxyType[_address] = _type; } /** * @notice Sets the implementation name for a given address. Only required for * ResolvedDelegateProxy type proxies that have an implementation name. * * @param _address Address of the ResolvedDelegateProxy. * @param _name Name of the implementation for the proxy. */ function setImplementationName(address _address, string memory _name) external onlyOwner { implementationName[_address] = _name; } /** * @notice Set the address of the AddressManager. This is required to manage legacy * ResolvedDelegateProxy type proxy contracts. * * @param _address Address of the AddressManager. */ function setAddressManager(AddressManager _address) external onlyOwner { addressManager = _address; } /** * @custom:legacy * @notice Set an address in the address manager. Since only the owner of the AddressManager * can directly modify addresses and the ProxyAdmin will own the AddressManager, this * gives the owner of the ProxyAdmin the ability to modify addresses directly. * * @param _name Name to set within the AddressManager. * @param _address Address to attach to the given name. */ function setAddress(string memory _name, address _address) external onlyOwner { addressManager.setAddress(_name, _address); } /** * @custom:legacy * @notice Set the upgrading status for the Chugsplash proxy type. * * @param _upgrading Whether or not the system is upgrading. */ function setUpgrading(bool _upgrading) external onlyOwner { upgrading = _upgrading; } /** * @custom:legacy * @notice Legacy function used to tell ChugSplashProxy contracts if an upgrade is happening. * * @return Whether or not there is an upgrade going on. May not actually tell you whether an * upgrade is going on, since we don't currently plan to use this variable for anything * other than a legacy indicator to fix a UX bug in the ChugSplash proxy. */ function isUpgrading() external view returns (bool) { return upgrading; } /** * @notice Returns the implementation of the given proxy address. * * @param _proxy Address of the proxy to get the implementation of. * * @return Address of the implementation of the proxy. */ function getProxyImplementation(address _proxy) external view returns (address) { ProxyType ptype = proxyType[_proxy]; if (ptype == ProxyType.ERC1967) { return IStaticERC1967Proxy(_proxy).implementation(); } else if (ptype == ProxyType.CHUGSPLASH) { return IStaticL1ChugSplashProxy(_proxy).getImplementation(); } else if (ptype == ProxyType.RESOLVED) { return addressManager.getAddress(implementationName[_proxy]); } else { revert("ProxyAdmin: unknown proxy type"); } } /** * @notice Returns the admin of the given proxy address. * * @param _proxy Address of the proxy to get the admin of. * * @return Address of the admin of the proxy. */ function getProxyAdmin(address payable _proxy) external view returns (address) { ProxyType ptype = proxyType[_proxy]; if (ptype == ProxyType.ERC1967) { return IStaticERC1967Proxy(_proxy).admin(); } else if (ptype == ProxyType.CHUGSPLASH) { return IStaticL1ChugSplashProxy(_proxy).getOwner(); } else if (ptype == ProxyType.RESOLVED) { return addressManager.owner(); } else { revert("ProxyAdmin: unknown proxy type"); } } /** * @notice Updates the admin of the given proxy address. * * @param _proxy Address of the proxy to update. * @param _newAdmin Address of the new proxy admin. */ function changeProxyAdmin(address payable _proxy, address _newAdmin) external onlyOwner { ProxyType ptype = proxyType[_proxy]; if (ptype == ProxyType.ERC1967) { Proxy(_proxy).changeAdmin(_newAdmin); } else if (ptype == ProxyType.CHUGSPLASH) { L1ChugSplashProxy(_proxy).setOwner(_newAdmin); } else if (ptype == ProxyType.RESOLVED) { addressManager.transferOwnership(_newAdmin); } else { revert("ProxyAdmin: unknown proxy type"); } } /** * @notice Changes a proxy's implementation contract. * * @param _proxy Address of the proxy to upgrade. * @param _implementation Address of the new implementation address. */ function upgrade(address payable _proxy, address _implementation) public onlyOwner { ProxyType ptype = proxyType[_proxy]; if (ptype == ProxyType.ERC1967) { Proxy(_proxy).upgradeTo(_implementation); } else if (ptype == ProxyType.CHUGSPLASH) { L1ChugSplashProxy(_proxy).setStorage( // bytes32(uint256(keccak256('eip1967.proxy.implementation')) - 1) 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc, bytes32(uint256(uint160(_implementation))) ); } else if (ptype == ProxyType.RESOLVED) { string memory name = implementationName[_proxy]; addressManager.setAddress(name, _implementation); } else { // It should not be possible to retrieve a ProxyType value which is not matched by // one of the previous conditions. assert(false); } } /** * @notice Changes a proxy's implementation contract and delegatecalls the new implementation * with some given data. Useful for atomic upgrade-and-initialize calls. * * @param _proxy Address of the proxy to upgrade. * @param _implementation Address of the new implementation address. * @param _data Data to trigger the new implementation with. */ function upgradeAndCall( address payable _proxy, address _implementation, bytes memory _data ) external payable onlyOwner { ProxyType ptype = proxyType[_proxy]; if (ptype == ProxyType.ERC1967) { Proxy(_proxy).upgradeToAndCall{ value: msg.value }(_implementation, _data); } else { // reverts if proxy type is unknown upgrade(_proxy, _implementation); (bool success, ) = _proxy.call{ value: msg.value }(_data); require(success, "ProxyAdmin: call to proxy after upgrade failed"); } } }
// SPDX-License-Identifier: MIT pragma solidity ^0.8.15; import { Strings } from "@openzeppelin/contracts/utils/Strings.sol"; /** * @title Semver * @notice Semver is a simple contract for managing contract versions. */ contract Semver { /** * @notice Contract version number (major). */ uint256 private immutable MAJOR_VERSION; /** * @notice Contract version number (minor). */ uint256 private immutable MINOR_VERSION; /** * @notice Contract version number (patch). */ uint256 private immutable PATCH_VERSION; /** * @param _major Version number (major). * @param _minor Version number (minor). * @param _patch Version number (patch). */ constructor( uint256 _major, uint256 _minor, uint256 _patch ) { MAJOR_VERSION = _major; MINOR_VERSION = _minor; PATCH_VERSION = _patch; } /** * @notice Returns the full semver contract version. * * @return Semver contract version as a string. */ function version() public view returns (string memory) { return string( abi.encodePacked( Strings.toString(MAJOR_VERSION), ".", Strings.toString(MINOR_VERSION), ".", Strings.toString(PATCH_VERSION) ) ); } }
// SPDX-License-Identifier: MIT pragma solidity 0.8.15; import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol"; import { ERC165Checker } from "@openzeppelin/contracts/utils/introspection/ERC165Checker.sol"; import { Address } from "@openzeppelin/contracts/utils/Address.sol"; import { SafeERC20 } from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol"; import { SafeCall } from "../libraries/SafeCall.sol"; import { IOptimismMintableERC20, ILegacyMintableERC20 } from "./IOptimismMintableERC20.sol"; import { CrossDomainMessenger } from "./CrossDomainMessenger.sol"; import { OptimismMintableERC20 } from "./OptimismMintableERC20.sol"; /** * @custom:upgradeable * @title StandardBridge * @notice StandardBridge is a base contract for the L1 and L2 standard ERC20 bridges. It handles * the core bridging logic, including escrowing tokens that are native to the local chain * and minting/burning tokens that are native to the remote chain. */ abstract contract StandardBridge { using SafeERC20 for IERC20; /** * @notice The L2 gas limit set when eth is depoisited using the receive() function. */ uint32 internal constant RECEIVE_DEFAULT_GAS_LIMIT = 200_000; /** * @notice Messenger contract on this domain. */ CrossDomainMessenger public immutable MESSENGER; /** * @notice Corresponding bridge on the other domain. */ StandardBridge public immutable OTHER_BRIDGE; /** * @custom:legacy * @custom:spacer messenger * @notice Spacer for backwards compatibility. */ address private spacer_0_0_20; /** * @custom:legacy * @custom:spacer l2TokenBridge * @notice Spacer for backwards compatibility. */ address private spacer_1_0_20; /** * @notice Mapping that stores deposits for a given pair of local and remote tokens. */ mapping(address => mapping(address => uint256)) public deposits; /** * @notice Reserve extra slots (to a total of 50) in the storage layout for future upgrades. * A gap size of 47 was chosen here, so that the first slot used in a child contract * would be a multiple of 50. */ uint256[47] private __gap; /** * @notice Emitted when an ETH bridge is initiated to the other chain. * * @param from Address of the sender. * @param to Address of the receiver. * @param amount Amount of ETH sent. * @param extraData Extra data sent with the transaction. */ event ETHBridgeInitiated( address indexed from, address indexed to, uint256 amount, bytes extraData ); /** * @notice Emitted when an ETH bridge is finalized on this chain. * * @param from Address of the sender. * @param to Address of the receiver. * @param amount Amount of ETH sent. * @param extraData Extra data sent with the transaction. */ event ETHBridgeFinalized( address indexed from, address indexed to, uint256 amount, bytes extraData ); /** * @notice Emitted when an ERC20 bridge is initiated to the other chain. * * @param localToken Address of the ERC20 on this chain. * @param remoteToken Address of the ERC20 on the remote chain. * @param from Address of the sender. * @param to Address of the receiver. * @param amount Amount of the ERC20 sent. * @param extraData Extra data sent with the transaction. */ event ERC20BridgeInitiated( address indexed localToken, address indexed remoteToken, address indexed from, address to, uint256 amount, bytes extraData ); /** * @notice Emitted when an ERC20 bridge is finalized on this chain. * * @param localToken Address of the ERC20 on this chain. * @param remoteToken Address of the ERC20 on the remote chain. * @param from Address of the sender. * @param to Address of the receiver. * @param amount Amount of the ERC20 sent. * @param extraData Extra data sent with the transaction. */ event ERC20BridgeFinalized( address indexed localToken, address indexed remoteToken, address indexed from, address to, uint256 amount, bytes extraData ); /** * @notice Only allow EOAs to call the functions. Note that this is not safe against contracts * calling code within their constructors, but also doesn't really matter since we're * just trying to prevent users accidentally depositing with smart contract wallets. */ modifier onlyEOA() { require( !Address.isContract(msg.sender), "StandardBridge: function can only be called from an EOA" ); _; } /** * @notice Ensures that the caller is a cross-chain message from the other bridge. */ modifier onlyOtherBridge() { require( msg.sender == address(MESSENGER) && MESSENGER.xDomainMessageSender() == address(OTHER_BRIDGE), "StandardBridge: function can only be called from the other bridge" ); _; } /** * @param _messenger Address of CrossDomainMessenger on this network. * @param _otherBridge Address of the other StandardBridge contract. */ constructor(address payable _messenger, address payable _otherBridge) { MESSENGER = CrossDomainMessenger(_messenger); OTHER_BRIDGE = StandardBridge(_otherBridge); } /** * @notice Allows EOAs to deposit ETH by sending directly to the bridge. */ receive() external payable onlyEOA { _initiateBridgeETH(msg.sender, msg.sender, msg.value, RECEIVE_DEFAULT_GAS_LIMIT, bytes("")); } /** * @custom:legacy * @notice Legacy getter for messenger contract. * * @return Messenger contract on this domain. */ function messenger() external view returns (CrossDomainMessenger) { return MESSENGER; } /** * @notice Sends ETH to the sender's address on the other chain. * * @param _minGasLimit Minimum amount of gas that the bridge can be relayed with. * @param _extraData Extra data to be sent with the transaction. Note that the recipient will * not be triggered with this data, but it will be emitted and can be used * to identify the transaction. */ function bridgeETH(uint32 _minGasLimit, bytes calldata _extraData) public payable onlyEOA { _initiateBridgeETH(msg.sender, msg.sender, msg.value, _minGasLimit, _extraData); } /** * @notice Sends ETH to a receiver's address on the other chain. Note that if ETH is sent to a * smart contract and the call fails, the ETH will be temporarily locked in the * StandardBridge on the other chain until the call is replayed. If the call cannot be * replayed with any amount of gas (call always reverts), then the ETH will be * permanently locked in the StandardBridge on the other chain. ETH will also * be locked if the receiver is the other bridge, because finalizeBridgeETH will revert * in that case. * * @param _to Address of the receiver. * @param _minGasLimit Minimum amount of gas that the bridge can be relayed with. * @param _extraData Extra data to be sent with the transaction. Note that the recipient will * not be triggered with this data, but it will be emitted and can be used * to identify the transaction. */ function bridgeETHTo( address _to, uint32 _minGasLimit, bytes calldata _extraData ) public payable { _initiateBridgeETH(msg.sender, _to, msg.value, _minGasLimit, _extraData); } /** * @notice Sends ERC20 tokens to the sender's address on the other chain. Note that if the * ERC20 token on the other chain does not recognize the local token as the correct * pair token, the ERC20 bridge will fail and the tokens will be returned to sender on * this chain. * * @param _localToken Address of the ERC20 on this chain. * @param _remoteToken Address of the corresponding token on the remote chain. * @param _amount Amount of local tokens to deposit. * @param _minGasLimit Minimum amount of gas that the bridge can be relayed with. * @param _extraData Extra data to be sent with the transaction. Note that the recipient will * not be triggered with this data, but it will be emitted and can be used * to identify the transaction. */ function bridgeERC20( address _localToken, address _remoteToken, uint256 _amount, uint32 _minGasLimit, bytes calldata _extraData ) public virtual onlyEOA { _initiateBridgeERC20( _localToken, _remoteToken, msg.sender, msg.sender, _amount, _minGasLimit, _extraData ); } /** * @notice Sends ERC20 tokens to a receiver's address on the other chain. Note that if the * ERC20 token on the other chain does not recognize the local token as the correct * pair token, the ERC20 bridge will fail and the tokens will be returned to sender on * this chain. * * @param _localToken Address of the ERC20 on this chain. * @param _remoteToken Address of the corresponding token on the remote chain. * @param _to Address of the receiver. * @param _amount Amount of local tokens to deposit. * @param _minGasLimit Minimum amount of gas that the bridge can be relayed with. * @param _extraData Extra data to be sent with the transaction. Note that the recipient will * not be triggered with this data, but it will be emitted and can be used * to identify the transaction. */ function bridgeERC20To( address _localToken, address _remoteToken, address _to, uint256 _amount, uint32 _minGasLimit, bytes calldata _extraData ) public virtual { _initiateBridgeERC20( _localToken, _remoteToken, msg.sender, _to, _amount, _minGasLimit, _extraData ); } /** * @notice Finalizes an ETH bridge on this chain. Can only be triggered by the other * StandardBridge contract on the remote chain. * * @param _from Address of the sender. * @param _to Address of the receiver. * @param _amount Amount of ETH being bridged. * @param _extraData Extra data to be sent with the transaction. Note that the recipient will * not be triggered with this data, but it will be emitted and can be used * to identify the transaction. */ function finalizeBridgeETH( address _from, address _to, uint256 _amount, bytes calldata _extraData ) public payable onlyOtherBridge { require(msg.value == _amount, "StandardBridge: amount sent does not match amount required"); require(_to != address(this), "StandardBridge: cannot send to self"); require(_to != address(MESSENGER), "StandardBridge: cannot send to messenger"); emit ETHBridgeFinalized(_from, _to, _amount, _extraData); bool success = SafeCall.call(_to, gasleft(), _amount, hex""); require(success, "StandardBridge: ETH transfer failed"); } /** * @notice Finalizes an ERC20 bridge on this chain. Can only be triggered by the other * StandardBridge contract on the remote chain. * * @param _localToken Address of the ERC20 on this chain. * @param _remoteToken Address of the corresponding token on the remote chain. * @param _from Address of the sender. * @param _to Address of the receiver. * @param _amount Amount of the ERC20 being bridged. * @param _extraData Extra data to be sent with the transaction. Note that the recipient will * not be triggered with this data, but it will be emitted and can be used * to identify the transaction. */ function finalizeBridgeERC20( address _localToken, address _remoteToken, address _from, address _to, uint256 _amount, bytes calldata _extraData ) public onlyOtherBridge { if (_isOptimismMintableERC20(_localToken)) { require( _isCorrectTokenPair(_localToken, _remoteToken), "StandardBridge: wrong remote token for Optimism Mintable ERC20 local token" ); OptimismMintableERC20(_localToken).mint(_to, _amount); } else { deposits[_localToken][_remoteToken] = deposits[_localToken][_remoteToken] - _amount; IERC20(_localToken).safeTransfer(_to, _amount); } emit ERC20BridgeFinalized(_localToken, _remoteToken, _from, _to, _amount, _extraData); } /** * @notice Initiates a bridge of ETH through the CrossDomainMessenger. * * @param _from Address of the sender. * @param _to Address of the receiver. * @param _amount Amount of ETH being bridged. * @param _minGasLimit Minimum amount of gas that the bridge can be relayed with. * @param _extraData Extra data to be sent with the transaction. Note that the recipient will * not be triggered with this data, but it will be emitted and can be used * to identify the transaction. */ function _initiateBridgeETH( address _from, address _to, uint256 _amount, uint32 _minGasLimit, bytes memory _extraData ) internal { require( msg.value == _amount, "StandardBridge: bridging ETH must include sufficient ETH value" ); emit ETHBridgeInitiated(_from, _to, _amount, _extraData); MESSENGER.sendMessage{ value: _amount }( address(OTHER_BRIDGE), abi.encodeWithSelector( this.finalizeBridgeETH.selector, _from, _to, _amount, _extraData ), _minGasLimit ); } /** * @notice Sends ERC20 tokens to a receiver's address on the other chain. * * @param _localToken Address of the ERC20 on this chain. * @param _remoteToken Address of the corresponding token on the remote chain. * @param _to Address of the receiver. * @param _amount Amount of local tokens to deposit. * @param _minGasLimit Minimum amount of gas that the bridge can be relayed with. * @param _extraData Extra data to be sent with the transaction. Note that the recipient will * not be triggered with this data, but it will be emitted and can be used * to identify the transaction. */ function _initiateBridgeERC20( address _localToken, address _remoteToken, address _from, address _to, uint256 _amount, uint32 _minGasLimit, bytes calldata _extraData ) internal { if (_isOptimismMintableERC20(_localToken)) { require( _isCorrectTokenPair(_localToken, _remoteToken), "StandardBridge: wrong remote token for Optimism Mintable ERC20 local token" ); OptimismMintableERC20(_localToken).burn(_from, _amount); } else { IERC20(_localToken).safeTransferFrom(_from, address(this), _amount); deposits[_localToken][_remoteToken] = deposits[_localToken][_remoteToken] + _amount; } emit ERC20BridgeInitiated(_localToken, _remoteToken, _from, _to, _amount, _extraData); MESSENGER.sendMessage( address(OTHER_BRIDGE), abi.encodeWithSelector( this.finalizeBridgeERC20.selector, // Because this call will be executed on the remote chain, we reverse the order of // the remote and local token addresses relative to their order in the // finalizeBridgeERC20 function. _remoteToken, _localToken, _from, _to, _amount, _extraData ), _minGasLimit ); } /** * @notice Checks if a given address is an OptimismMintableERC20. Not perfect, but good enough. * Just the way we like it. * * @param _token Address of the token to check. * * @return True if the token is an OptimismMintableERC20. */ function _isOptimismMintableERC20(address _token) internal view returns (bool) { return ERC165Checker.supportsInterface(_token, type(ILegacyMintableERC20).interfaceId) || ERC165Checker.supportsInterface(_token, type(IOptimismMintableERC20).interfaceId); } /** * @notice Checks if the "other token" is the correct pair token for the OptimismMintableERC20. * * @param _mintableToken OptimismMintableERC20 to check against. * @param _otherToken Pair token to check. * * @return True if the other token is the correct pair token for the OptimismMintableERC20. */ function _isCorrectTokenPair(address _mintableToken, address _otherToken) internal view returns (bool) { return _otherToken == OptimismMintableERC20(_mintableToken).l1Token(); } }
// SPDX-License-Identifier: Apache-2.0 /* * Copyright 2019-2021, Offchain Labs, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ pragma solidity ^0.8.0; library AddressAliasHelper { uint160 constant offset = uint160(0x1111000000000000000000000000000000001111); /// @notice Utility function that converts the address in the L1 that submitted a tx to /// the inbox to the msg.sender viewed in the L2 /// @param l1Address the address in the L1 that triggered the tx to L2 /// @return l2Address L2 address as viewed in msg.sender function applyL1ToL2Alias(address l1Address) internal pure returns (address l2Address) { unchecked { l2Address = address(uint160(l1Address) + offset); } } /// @notice Utility function that converts the msg.sender viewed in the L2 to the /// address in the L1 that submitted a tx to the inbox /// @param l2Address L2 address as viewed in msg.sender /// @return l1Address the address in the L1 that triggered the tx to L2 function undoL1ToL2Alias(address l2Address) internal pure returns (address l1Address) { unchecked { l1Address = address(uint160(l2Address) - offset); } } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.7.0) (access/Ownable.sol) pragma solidity ^0.8.0; import "../utils/Context.sol"; /** * @dev Contract module which provides a basic access control mechanism, where * there is an account (an owner) that can be granted exclusive access to * specific functions. * * By default, the owner account will be the one that deploys the contract. This * can later be changed with {transferOwnership}. * * This module is used through inheritance. It will make available the modifier * `onlyOwner`, which can be applied to your functions to restrict their use to * the owner. */ abstract contract Ownable is Context { address private _owner; event OwnershipTransferred(address indexed previousOwner, address indexed newOwner); /** * @dev Initializes the contract setting the deployer as the initial owner. */ constructor() { _transferOwnership(_msgSender()); } /** * @dev Throws if called by any account other than the owner. */ modifier onlyOwner() { _checkOwner(); _; } /** * @dev Returns the address of the current owner. */ function owner() public view virtual returns (address) { return _owner; } /** * @dev Throws if the sender is not the owner. */ function _checkOwner() internal view virtual { require(owner() == _msgSender(), "Ownable: caller is not the owner"); } /** * @dev Leaves the contract without owner. It will not be possible to call * `onlyOwner` functions anymore. Can only be called by the current owner. * * NOTE: Renouncing ownership will leave the contract without an owner, * thereby removing any functionality that is only available to the owner. */ function renounceOwnership() public virtual onlyOwner { _transferOwnership(address(0)); } /** * @dev Transfers ownership of the contract to a new account (`newOwner`). * Can only be called by the current owner. */ function transferOwnership(address newOwner) public virtual onlyOwner { require(newOwner != address(0), "Ownable: new owner is the zero address"); _transferOwnership(newOwner); } /** * @dev Transfers ownership of the contract to a new account (`newOwner`). * Internal function without access restriction. */ function _transferOwnership(address newOwner) internal virtual { address oldOwner = _owner; _owner = newOwner; emit OwnershipTransferred(oldOwner, newOwner); } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.5.0) (governance/utils/IVotes.sol) pragma solidity ^0.8.0; /** * @dev Common interface for {ERC20Votes}, {ERC721Votes}, and other {Votes}-enabled contracts. * * _Available since v4.5._ */ interface IVotes { /** * @dev Emitted when an account changes their delegate. */ event DelegateChanged(address indexed delegator, address indexed fromDelegate, address indexed toDelegate); /** * @dev Emitted when a token transfer or delegate change results in changes to a delegate's number of votes. */ event DelegateVotesChanged(address indexed delegate, uint256 previousBalance, uint256 newBalance); /** * @dev Returns the current amount of votes that `account` has. */ function getVotes(address account) external view returns (uint256); /** * @dev Returns the amount of votes that `account` had at the end of a past block (`blockNumber`). */ function getPastVotes(address account, uint256 blockNumber) external view returns (uint256); /** * @dev Returns the total supply of votes available at the end of a past block (`blockNumber`). * * NOTE: This value is the sum of all available votes, which is not necessarily the sum of all delegated votes. * Votes that have not been delegated are still part of total supply, even though they would not participate in a * vote. */ function getPastTotalSupply(uint256 blockNumber) external view returns (uint256); /** * @dev Returns the delegate that `account` has chosen. */ function delegates(address account) external view returns (address); /** * @dev Delegates votes from the sender to `delegatee`. */ function delegate(address delegatee) external; /** * @dev Delegates votes from signer to `delegatee`. */ function delegateBySig( address delegatee, uint256 nonce, uint256 expiry, uint8 v, bytes32 r, bytes32 s ) external; }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.7.0) (proxy/utils/Initializable.sol) pragma solidity ^0.8.2; import "../../utils/Address.sol"; /** * @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed * behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an * external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer * function so it can only be called once. The {initializer} modifier provided by this contract will have this effect. * * The initialization functions use a version number. Once a version number is used, it is consumed and cannot be * reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in * case an upgrade adds a module that needs to be initialized. * * For example: * * [.hljs-theme-light.nopadding] * ``` * contract MyToken is ERC20Upgradeable { * function initialize() initializer public { * __ERC20_init("MyToken", "MTK"); * } * } * contract MyTokenV2 is MyToken, ERC20PermitUpgradeable { * function initializeV2() reinitializer(2) public { * __ERC20Permit_init("MyToken"); * } * } * ``` * * TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as * possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}. * * CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure * that all initializers are idempotent. This is not verified automatically as constructors are by Solidity. * * [CAUTION] * ==== * Avoid leaving a contract uninitialized. * * An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation * contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke * the {_disableInitializers} function in the constructor to automatically lock it when it is deployed: * * [.hljs-theme-light.nopadding] * ``` * /// @custom:oz-upgrades-unsafe-allow constructor * constructor() { * _disableInitializers(); * } * ``` * ==== */ abstract contract Initializable { /** * @dev Indicates that the contract has been initialized. * @custom:oz-retyped-from bool */ uint8 private _initialized; /** * @dev Indicates that the contract is in the process of being initialized. */ bool private _initializing; /** * @dev Triggered when the contract has been initialized or reinitialized. */ event Initialized(uint8 version); /** * @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope, * `onlyInitializing` functions can be used to initialize parent contracts. Equivalent to `reinitializer(1)`. */ modifier initializer() { bool isTopLevelCall = !_initializing; require( (isTopLevelCall && _initialized < 1) || (!Address.isContract(address(this)) && _initialized == 1), "Initializable: contract is already initialized" ); _initialized = 1; if (isTopLevelCall) { _initializing = true; } _; if (isTopLevelCall) { _initializing = false; emit Initialized(1); } } /** * @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the * contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be * used to initialize parent contracts. * * `initializer` is equivalent to `reinitializer(1)`, so a reinitializer may be used after the original * initialization step. This is essential to configure modules that are added through upgrades and that require * initialization. * * Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in * a contract, executing them in the right order is up to the developer or operator. */ modifier reinitializer(uint8 version) { require(!_initializing && _initialized < version, "Initializable: contract is already initialized"); _initialized = version; _initializing = true; _; _initializing = false; emit Initialized(version); } /** * @dev Modifier to protect an initialization function so that it can only be invoked by functions with the * {initializer} and {reinitializer} modifiers, directly or indirectly. */ modifier onlyInitializing() { require(_initializing, "Initializable: contract is not initializing"); _; } /** * @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call. * Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized * to any version. It is recommended to use this to lock implementation contracts that are designed to be called * through proxies. */ function _disableInitializers() internal virtual { require(!_initializing, "Initializable: contract is initializing"); if (_initialized < type(uint8).max) { _initialized = type(uint8).max; emit Initialized(type(uint8).max); } } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.7.0) (token/ERC20/ERC20.sol) pragma solidity ^0.8.0; import "./IERC20.sol"; import "./extensions/IERC20Metadata.sol"; import "../../utils/Context.sol"; /** * @dev Implementation of the {IERC20} interface. * * This implementation is agnostic to the way tokens are created. This means * that a supply mechanism has to be added in a derived contract using {_mint}. * For a generic mechanism see {ERC20PresetMinterPauser}. * * TIP: For a detailed writeup see our guide * https://forum.zeppelin.solutions/t/how-to-implement-erc20-supply-mechanisms/226[How * to implement supply mechanisms]. * * We have followed general OpenZeppelin Contracts guidelines: functions revert * instead returning `false` on failure. This behavior is nonetheless * conventional and does not conflict with the expectations of ERC20 * applications. * * Additionally, an {Approval} event is emitted on calls to {transferFrom}. * This allows applications to reconstruct the allowance for all accounts just * by listening to said events. Other implementations of the EIP may not emit * these events, as it isn't required by the specification. * * Finally, the non-standard {decreaseAllowance} and {increaseAllowance} * functions have been added to mitigate the well-known issues around setting * allowances. See {IERC20-approve}. */ contract ERC20 is Context, IERC20, IERC20Metadata { mapping(address => uint256) private _balances; mapping(address => mapping(address => uint256)) private _allowances; uint256 private _totalSupply; string private _name; string private _symbol; /** * @dev Sets the values for {name} and {symbol}. * * The default value of {decimals} is 18. To select a different value for * {decimals} you should overload it. * * All two of these values are immutable: they can only be set once during * construction. */ constructor(string memory name_, string memory symbol_) { _name = name_; _symbol = symbol_; } /** * @dev Returns the name of the token. */ function name() public view virtual override returns (string memory) { return _name; } /** * @dev Returns the symbol of the token, usually a shorter version of the * name. */ function symbol() public view virtual override returns (string memory) { return _symbol; } /** * @dev Returns the number of decimals used to get its user representation. * For example, if `decimals` equals `2`, a balance of `505` tokens should * be displayed to a user as `5.05` (`505 / 10 ** 2`). * * Tokens usually opt for a value of 18, imitating the relationship between * Ether and Wei. This is the value {ERC20} uses, unless this function is * overridden; * * NOTE: This information is only used for _display_ purposes: it in * no way affects any of the arithmetic of the contract, including * {IERC20-balanceOf} and {IERC20-transfer}. */ function decimals() public view virtual override returns (uint8) { return 18; } /** * @dev See {IERC20-totalSupply}. */ function totalSupply() public view virtual override returns (uint256) { return _totalSupply; } /** * @dev See {IERC20-balanceOf}. */ function balanceOf(address account) public view virtual override returns (uint256) { return _balances[account]; } /** * @dev See {IERC20-transfer}. * * Requirements: * * - `to` cannot be the zero address. * - the caller must have a balance of at least `amount`. */ function transfer(address to, uint256 amount) public virtual override returns (bool) { address owner = _msgSender(); _transfer(owner, to, amount); return true; } /** * @dev See {IERC20-allowance}. */ function allowance(address owner, address spender) public view virtual override returns (uint256) { return _allowances[owner][spender]; } /** * @dev See {IERC20-approve}. * * NOTE: If `amount` is the maximum `uint256`, the allowance is not updated on * `transferFrom`. This is semantically equivalent to an infinite approval. * * Requirements: * * - `spender` cannot be the zero address. */ function approve(address spender, uint256 amount) public virtual override returns (bool) { address owner = _msgSender(); _approve(owner, spender, amount); return true; } /** * @dev See {IERC20-transferFrom}. * * Emits an {Approval} event indicating the updated allowance. This is not * required by the EIP. See the note at the beginning of {ERC20}. * * NOTE: Does not update the allowance if the current allowance * is the maximum `uint256`. * * Requirements: * * - `from` and `to` cannot be the zero address. * - `from` must have a balance of at least `amount`. * - the caller must have allowance for ``from``'s tokens of at least * `amount`. */ function transferFrom( address from, address to, uint256 amount ) public virtual override returns (bool) { address spender = _msgSender(); _spendAllowance(from, spender, amount); _transfer(from, to, amount); return true; } /** * @dev Atomically increases the allowance granted to `spender` by the caller. * * This is an alternative to {approve} that can be used as a mitigation for * problems described in {IERC20-approve}. * * Emits an {Approval} event indicating the updated allowance. * * Requirements: * * - `spender` cannot be the zero address. */ function increaseAllowance(address spender, uint256 addedValue) public virtual returns (bool) { address owner = _msgSender(); _approve(owner, spender, allowance(owner, spender) + addedValue); return true; } /** * @dev Atomically decreases the allowance granted to `spender` by the caller. * * This is an alternative to {approve} that can be used as a mitigation for * problems described in {IERC20-approve}. * * Emits an {Approval} event indicating the updated allowance. * * Requirements: * * - `spender` cannot be the zero address. * - `spender` must have allowance for the caller of at least * `subtractedValue`. */ function decreaseAllowance(address spender, uint256 subtractedValue) public virtual returns (bool) { address owner = _msgSender(); uint256 currentAllowance = allowance(owner, spender); require(currentAllowance >= subtractedValue, "ERC20: decreased allowance below zero"); unchecked { _approve(owner, spender, currentAllowance - subtractedValue); } return true; } /** * @dev Moves `amount` of tokens from `from` to `to`. * * This internal function is equivalent to {transfer}, and can be used to * e.g. implement automatic token fees, slashing mechanisms, etc. * * Emits a {Transfer} event. * * Requirements: * * - `from` cannot be the zero address. * - `to` cannot be the zero address. * - `from` must have a balance of at least `amount`. */ function _transfer( address from, address to, uint256 amount ) internal virtual { require(from != address(0), "ERC20: transfer from the zero address"); require(to != address(0), "ERC20: transfer to the zero address"); _beforeTokenTransfer(from, to, amount); uint256 fromBalance = _balances[from]; require(fromBalance >= amount, "ERC20: transfer amount exceeds balance"); unchecked { _balances[from] = fromBalance - amount; } _balances[to] += amount; emit Transfer(from, to, amount); _afterTokenTransfer(from, to, amount); } /** @dev Creates `amount` tokens and assigns them to `account`, increasing * the total supply. * * Emits a {Transfer} event with `from` set to the zero address. * * Requirements: * * - `account` cannot be the zero address. */ function _mint(address account, uint256 amount) internal virtual { require(account != address(0), "ERC20: mint to the zero address"); _beforeTokenTransfer(address(0), account, amount); _totalSupply += amount; _balances[account] += amount; emit Transfer(address(0), account, amount); _afterTokenTransfer(address(0), account, amount); } /** * @dev Destroys `amount` tokens from `account`, reducing the * total supply. * * Emits a {Transfer} event with `to` set to the zero address. * * Requirements: * * - `account` cannot be the zero address. * - `account` must have at least `amount` tokens. */ function _burn(address account, uint256 amount) internal virtual { require(account != address(0), "ERC20: burn from the zero address"); _beforeTokenTransfer(account, address(0), amount); uint256 accountBalance = _balances[account]; require(accountBalance >= amount, "ERC20: burn amount exceeds balance"); unchecked { _balances[account] = accountBalance - amount; } _totalSupply -= amount; emit Transfer(account, address(0), amount); _afterTokenTransfer(account, address(0), amount); } /** * @dev Sets `amount` as the allowance of `spender` over the `owner` s tokens. * * This internal function is equivalent to `approve`, and can be used to * e.g. set automatic allowances for certain subsystems, etc. * * Emits an {Approval} event. * * Requirements: * * - `owner` cannot be the zero address. * - `spender` cannot be the zero address. */ function _approve( address owner, address spender, uint256 amount ) internal virtual { require(owner != address(0), "ERC20: approve from the zero address"); require(spender != address(0), "ERC20: approve to the zero address"); _allowances[owner][spender] = amount; emit Approval(owner, spender, amount); } /** * @dev Updates `owner` s allowance for `spender` based on spent `amount`. * * Does not update the allowance amount in case of infinite allowance. * Revert if not enough allowance is available. * * Might emit an {Approval} event. */ function _spendAllowance( address owner, address spender, uint256 amount ) internal virtual { uint256 currentAllowance = allowance(owner, spender); if (currentAllowance != type(uint256).max) { require(currentAllowance >= amount, "ERC20: insufficient allowance"); unchecked { _approve(owner, spender, currentAllowance - amount); } } } /** * @dev Hook that is called before any transfer of tokens. This includes * minting and burning. * * Calling conditions: * * - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens * will be transferred to `to`. * - when `from` is zero, `amount` tokens will be minted for `to`. * - when `to` is zero, `amount` of ``from``'s tokens will be burned. * - `from` and `to` are never both zero. * * To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks]. */ function _beforeTokenTransfer( address from, address to, uint256 amount ) internal virtual {} /** * @dev Hook that is called after any transfer of tokens. This includes * minting and burning. * * Calling conditions: * * - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens * has been transferred to `to`. * - when `from` is zero, `amount` tokens have been minted for `to`. * - when `to` is zero, `amount` of ``from``'s tokens have been burned. * - `from` and `to` are never both zero. * * To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks]. */ function _afterTokenTransfer( address from, address to, uint256 amount ) internal virtual {} }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.6.0) (token/ERC20/IERC20.sol) pragma solidity ^0.8.0; /** * @dev Interface of the ERC20 standard as defined in the EIP. */ interface IERC20 { /** * @dev Emitted when `value` tokens are moved from one account (`from`) to * another (`to`). * * Note that `value` may be zero. */ event Transfer(address indexed from, address indexed to, uint256 value); /** * @dev Emitted when the allowance of a `spender` for an `owner` is set by * a call to {approve}. `value` is the new allowance. */ event Approval(address indexed owner, address indexed spender, uint256 value); /** * @dev Returns the amount of tokens in existence. */ function totalSupply() external view returns (uint256); /** * @dev Returns the amount of tokens owned by `account`. */ function balanceOf(address account) external view returns (uint256); /** * @dev Moves `amount` tokens from the caller's account to `to`. * * Returns a boolean value indicating whether the operation succeeded. * * Emits a {Transfer} event. */ function transfer(address to, uint256 amount) external returns (bool); /** * @dev Returns the remaining number of tokens that `spender` will be * allowed to spend on behalf of `owner` through {transferFrom}. This is * zero by default. * * This value changes when {approve} or {transferFrom} are called. */ function allowance(address owner, address spender) external view returns (uint256); /** * @dev Sets `amount` as the allowance of `spender` over the caller's tokens. * * Returns a boolean value indicating whether the operation succeeded. * * IMPORTANT: Beware that changing an allowance with this method brings the risk * that someone may use both the old and the new allowance by unfortunate * transaction ordering. One possible solution to mitigate this race * condition is to first reduce the spender's allowance to 0 and set the * desired value afterwards: * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 * * Emits an {Approval} event. */ function approve(address spender, uint256 amount) external returns (bool); /** * @dev Moves `amount` tokens from `from` to `to` using the * allowance mechanism. `amount` is then deducted from the caller's * allowance. * * Returns a boolean value indicating whether the operation succeeded. * * Emits a {Transfer} event. */ function transferFrom( address from, address to, uint256 amount ) external returns (bool); }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.5.0) (token/ERC20/extensions/ERC20Burnable.sol) pragma solidity ^0.8.0; import "../ERC20.sol"; import "../../../utils/Context.sol"; /** * @dev Extension of {ERC20} that allows token holders to destroy both their own * tokens and those that they have an allowance for, in a way that can be * recognized off-chain (via event analysis). */ abstract contract ERC20Burnable is Context, ERC20 { /** * @dev Destroys `amount` tokens from the caller. * * See {ERC20-_burn}. */ function burn(uint256 amount) public virtual { _burn(_msgSender(), amount); } /** * @dev Destroys `amount` tokens from `account`, deducting from the caller's * allowance. * * See {ERC20-_burn} and {ERC20-allowance}. * * Requirements: * * - the caller must have allowance for ``accounts``'s tokens of at least * `amount`. */ function burnFrom(address account, uint256 amount) public virtual { _spendAllowance(account, _msgSender(), amount); _burn(account, amount); } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.5.0) (token/ERC20/extensions/ERC20Votes.sol) pragma solidity ^0.8.0; import "./draft-ERC20Permit.sol"; import "../../../utils/math/Math.sol"; import "../../../governance/utils/IVotes.sol"; import "../../../utils/math/SafeCast.sol"; import "../../../utils/cryptography/ECDSA.sol"; /** * @dev Extension of ERC20 to support Compound-like voting and delegation. This version is more generic than Compound's, * and supports token supply up to 2^224^ - 1, while COMP is limited to 2^96^ - 1. * * NOTE: If exact COMP compatibility is required, use the {ERC20VotesComp} variant of this module. * * This extension keeps a history (checkpoints) of each account's vote power. Vote power can be delegated either * by calling the {delegate} function directly, or by providing a signature to be used with {delegateBySig}. Voting * power can be queried through the public accessors {getVotes} and {getPastVotes}. * * By default, token balance does not account for voting power. This makes transfers cheaper. The downside is that it * requires users to delegate to themselves in order to activate checkpoints and have their voting power tracked. * * _Available since v4.2._ */ abstract contract ERC20Votes is IVotes, ERC20Permit { struct Checkpoint { uint32 fromBlock; uint224 votes; } bytes32 private constant _DELEGATION_TYPEHASH = keccak256("Delegation(address delegatee,uint256 nonce,uint256 expiry)"); mapping(address => address) private _delegates; mapping(address => Checkpoint[]) private _checkpoints; Checkpoint[] private _totalSupplyCheckpoints; /** * @dev Get the `pos`-th checkpoint for `account`. */ function checkpoints(address account, uint32 pos) public view virtual returns (Checkpoint memory) { return _checkpoints[account][pos]; } /** * @dev Get number of checkpoints for `account`. */ function numCheckpoints(address account) public view virtual returns (uint32) { return SafeCast.toUint32(_checkpoints[account].length); } /** * @dev Get the address `account` is currently delegating to. */ function delegates(address account) public view virtual override returns (address) { return _delegates[account]; } /** * @dev Gets the current votes balance for `account` */ function getVotes(address account) public view virtual override returns (uint256) { uint256 pos = _checkpoints[account].length; return pos == 0 ? 0 : _checkpoints[account][pos - 1].votes; } /** * @dev Retrieve the number of votes for `account` at the end of `blockNumber`. * * Requirements: * * - `blockNumber` must have been already mined */ function getPastVotes(address account, uint256 blockNumber) public view virtual override returns (uint256) { require(blockNumber < block.number, "ERC20Votes: block not yet mined"); return _checkpointsLookup(_checkpoints[account], blockNumber); } /** * @dev Retrieve the `totalSupply` at the end of `blockNumber`. Note, this value is the sum of all balances. * It is but NOT the sum of all the delegated votes! * * Requirements: * * - `blockNumber` must have been already mined */ function getPastTotalSupply(uint256 blockNumber) public view virtual override returns (uint256) { require(blockNumber < block.number, "ERC20Votes: block not yet mined"); return _checkpointsLookup(_totalSupplyCheckpoints, blockNumber); } /** * @dev Lookup a value in a list of (sorted) checkpoints. */ function _checkpointsLookup(Checkpoint[] storage ckpts, uint256 blockNumber) private view returns (uint256) { // We run a binary search to look for the earliest checkpoint taken after `blockNumber`. // // During the loop, the index of the wanted checkpoint remains in the range [low-1, high). // With each iteration, either `low` or `high` is moved towards the middle of the range to maintain the invariant. // - If the middle checkpoint is after `blockNumber`, we look in [low, mid) // - If the middle checkpoint is before or equal to `blockNumber`, we look in [mid+1, high) // Once we reach a single value (when low == high), we've found the right checkpoint at the index high-1, if not // out of bounds (in which case we're looking too far in the past and the result is 0). // Note that if the latest checkpoint available is exactly for `blockNumber`, we end up with an index that is // past the end of the array, so we technically don't find a checkpoint after `blockNumber`, but it works out // the same. uint256 high = ckpts.length; uint256 low = 0; while (low < high) { uint256 mid = Math.average(low, high); if (ckpts[mid].fromBlock > blockNumber) { high = mid; } else { low = mid + 1; } } return high == 0 ? 0 : ckpts[high - 1].votes; } /** * @dev Delegate votes from the sender to `delegatee`. */ function delegate(address delegatee) public virtual override { _delegate(_msgSender(), delegatee); } /** * @dev Delegates votes from signer to `delegatee` */ function delegateBySig( address delegatee, uint256 nonce, uint256 expiry, uint8 v, bytes32 r, bytes32 s ) public virtual override { require(block.timestamp <= expiry, "ERC20Votes: signature expired"); address signer = ECDSA.recover( _hashTypedDataV4(keccak256(abi.encode(_DELEGATION_TYPEHASH, delegatee, nonce, expiry))), v, r, s ); require(nonce == _useNonce(signer), "ERC20Votes: invalid nonce"); _delegate(signer, delegatee); } /** * @dev Maximum token supply. Defaults to `type(uint224).max` (2^224^ - 1). */ function _maxSupply() internal view virtual returns (uint224) { return type(uint224).max; } /** * @dev Snapshots the totalSupply after it has been increased. */ function _mint(address account, uint256 amount) internal virtual override { super._mint(account, amount); require(totalSupply() <= _maxSupply(), "ERC20Votes: total supply risks overflowing votes"); _writeCheckpoint(_totalSupplyCheckpoints, _add, amount); } /** * @dev Snapshots the totalSupply after it has been decreased. */ function _burn(address account, uint256 amount) internal virtual override { super._burn(account, amount); _writeCheckpoint(_totalSupplyCheckpoints, _subtract, amount); } /** * @dev Move voting power when tokens are transferred. * * Emits a {DelegateVotesChanged} event. */ function _afterTokenTransfer( address from, address to, uint256 amount ) internal virtual override { super._afterTokenTransfer(from, to, amount); _moveVotingPower(delegates(from), delegates(to), amount); } /** * @dev Change delegation for `delegator` to `delegatee`. * * Emits events {DelegateChanged} and {DelegateVotesChanged}. */ function _delegate(address delegator, address delegatee) internal virtual { address currentDelegate = delegates(delegator); uint256 delegatorBalance = balanceOf(delegator); _delegates[delegator] = delegatee; emit DelegateChanged(delegator, currentDelegate, delegatee); _moveVotingPower(currentDelegate, delegatee, delegatorBalance); } function _moveVotingPower( address src, address dst, uint256 amount ) private { if (src != dst && amount > 0) { if (src != address(0)) { (uint256 oldWeight, uint256 newWeight) = _writeCheckpoint(_checkpoints[src], _subtract, amount); emit DelegateVotesChanged(src, oldWeight, newWeight); } if (dst != address(0)) { (uint256 oldWeight, uint256 newWeight) = _writeCheckpoint(_checkpoints[dst], _add, amount); emit DelegateVotesChanged(dst, oldWeight, newWeight); } } } function _writeCheckpoint( Checkpoint[] storage ckpts, function(uint256, uint256) view returns (uint256) op, uint256 delta ) private returns (uint256 oldWeight, uint256 newWeight) { uint256 pos = ckpts.length; oldWeight = pos == 0 ? 0 : ckpts[pos - 1].votes; newWeight = op(oldWeight, delta); if (pos > 0 && ckpts[pos - 1].fromBlock == block.number) { ckpts[pos - 1].votes = SafeCast.toUint224(newWeight); } else { ckpts.push(Checkpoint({fromBlock: SafeCast.toUint32(block.number), votes: SafeCast.toUint224(newWeight)})); } } function _add(uint256 a, uint256 b) private pure returns (uint256) { return a + b; } function _subtract(uint256 a, uint256 b) private pure returns (uint256) { return a - b; } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts v4.4.1 (token/ERC20/extensions/IERC20Metadata.sol) pragma solidity ^0.8.0; import "../IERC20.sol"; /** * @dev Interface for the optional metadata functions from the ERC20 standard. * * _Available since v4.1._ */ interface IERC20Metadata is IERC20 { /** * @dev Returns the name of the token. */ function name() external view returns (string memory); /** * @dev Returns the symbol of the token. */ function symbol() external view returns (string memory); /** * @dev Returns the decimals places of the token. */ function decimals() external view returns (uint8); }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.6.0) (token/ERC20/extensions/draft-ERC20Permit.sol) pragma solidity ^0.8.0; import "./draft-IERC20Permit.sol"; import "../ERC20.sol"; import "../../../utils/cryptography/draft-EIP712.sol"; import "../../../utils/cryptography/ECDSA.sol"; import "../../../utils/Counters.sol"; /** * @dev Implementation of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in * https://eips.ethereum.org/EIPS/eip-2612[EIP-2612]. * * Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by * presenting a message signed by the account. By not relying on `{IERC20-approve}`, the token holder account doesn't * need to send a transaction, and thus is not required to hold Ether at all. * * _Available since v3.4._ */ abstract contract ERC20Permit is ERC20, IERC20Permit, EIP712 { using Counters for Counters.Counter; mapping(address => Counters.Counter) private _nonces; // solhint-disable-next-line var-name-mixedcase bytes32 private constant _PERMIT_TYPEHASH = keccak256("Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)"); /** * @dev In previous versions `_PERMIT_TYPEHASH` was declared as `immutable`. * However, to ensure consistency with the upgradeable transpiler, we will continue * to reserve a slot. * @custom:oz-renamed-from _PERMIT_TYPEHASH */ // solhint-disable-next-line var-name-mixedcase bytes32 private _PERMIT_TYPEHASH_DEPRECATED_SLOT; /** * @dev Initializes the {EIP712} domain separator using the `name` parameter, and setting `version` to `"1"`. * * It's a good idea to use the same `name` that is defined as the ERC20 token name. */ constructor(string memory name) EIP712(name, "1") {} /** * @dev See {IERC20Permit-permit}. */ function permit( address owner, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s ) public virtual override { require(block.timestamp <= deadline, "ERC20Permit: expired deadline"); bytes32 structHash = keccak256(abi.encode(_PERMIT_TYPEHASH, owner, spender, value, _useNonce(owner), deadline)); bytes32 hash = _hashTypedDataV4(structHash); address signer = ECDSA.recover(hash, v, r, s); require(signer == owner, "ERC20Permit: invalid signature"); _approve(owner, spender, value); } /** * @dev See {IERC20Permit-nonces}. */ function nonces(address owner) public view virtual override returns (uint256) { return _nonces[owner].current(); } /** * @dev See {IERC20Permit-DOMAIN_SEPARATOR}. */ // solhint-disable-next-line func-name-mixedcase function DOMAIN_SEPARATOR() external view override returns (bytes32) { return _domainSeparatorV4(); } /** * @dev "Consume a nonce": return the current value and increment. * * _Available since v4.1._ */ function _useNonce(address owner) internal virtual returns (uint256 current) { Counters.Counter storage nonce = _nonces[owner]; current = nonce.current(); nonce.increment(); } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts v4.4.1 (token/ERC20/extensions/draft-IERC20Permit.sol) pragma solidity ^0.8.0; /** * @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in * https://eips.ethereum.org/EIPS/eip-2612[EIP-2612]. * * Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by * presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't * need to send a transaction, and thus is not required to hold Ether at all. */ interface IERC20Permit { /** * @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens, * given ``owner``'s signed approval. * * IMPORTANT: The same issues {IERC20-approve} has related to transaction * ordering also apply here. * * Emits an {Approval} event. * * Requirements: * * - `spender` cannot be the zero address. * - `deadline` must be a timestamp in the future. * - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner` * over the EIP712-formatted function arguments. * - the signature must use ``owner``'s current nonce (see {nonces}). * * For more information on the signature format, see the * https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP * section]. */ function permit( address owner, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s ) external; /** * @dev Returns the current nonce for `owner`. This value must be * included whenever a signature is generated for {permit}. * * Every successful call to {permit} increases ``owner``'s nonce by one. This * prevents a signature from being used multiple times. */ function nonces(address owner) external view returns (uint256); /** * @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}. */ // solhint-disable-next-line func-name-mixedcase function DOMAIN_SEPARATOR() external view returns (bytes32); }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.7.0) (token/ERC20/utils/SafeERC20.sol) pragma solidity ^0.8.0; import "../IERC20.sol"; import "../extensions/draft-IERC20Permit.sol"; import "../../../utils/Address.sol"; /** * @title SafeERC20 * @dev Wrappers around ERC20 operations that throw on failure (when the token * contract returns false). Tokens that return no value (and instead revert or * throw on failure) are also supported, non-reverting calls are assumed to be * successful. * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract, * which allows you to call the safe operations as `token.safeTransfer(...)`, etc. */ library SafeERC20 { using Address for address; function safeTransfer( IERC20 token, address to, uint256 value ) internal { _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value)); } function safeTransferFrom( IERC20 token, address from, address to, uint256 value ) internal { _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value)); } /** * @dev Deprecated. This function has issues similar to the ones found in * {IERC20-approve}, and its usage is discouraged. * * Whenever possible, use {safeIncreaseAllowance} and * {safeDecreaseAllowance} instead. */ function safeApprove( IERC20 token, address spender, uint256 value ) internal { // safeApprove should only be called when setting an initial allowance, // or when resetting it to zero. To increase and decrease it, use // 'safeIncreaseAllowance' and 'safeDecreaseAllowance' require( (value == 0) || (token.allowance(address(this), spender) == 0), "SafeERC20: approve from non-zero to non-zero allowance" ); _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value)); } function safeIncreaseAllowance( IERC20 token, address spender, uint256 value ) internal { uint256 newAllowance = token.allowance(address(this), spender) + value; _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance)); } function safeDecreaseAllowance( IERC20 token, address spender, uint256 value ) internal { unchecked { uint256 oldAllowance = token.allowance(address(this), spender); require(oldAllowance >= value, "SafeERC20: decreased allowance below zero"); uint256 newAllowance = oldAllowance - value; _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance)); } } function safePermit( IERC20Permit token, address owner, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s ) internal { uint256 nonceBefore = token.nonces(owner); token.permit(owner, spender, value, deadline, v, r, s); uint256 nonceAfter = token.nonces(owner); require(nonceAfter == nonceBefore + 1, "SafeERC20: permit did not succeed"); } /** * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement * on the return value: the return value is optional (but if data is returned, it must not be false). * @param token The token targeted by the call. * @param data The call data (encoded using abi.encode or one of its variants). */ function _callOptionalReturn(IERC20 token, bytes memory data) private { // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since // we're implementing it ourselves. We use {Address.functionCall} to perform this call, which verifies that // the target address contains contract code and also asserts for success in the low-level call. bytes memory returndata = address(token).functionCall(data, "SafeERC20: low-level call failed"); if (returndata.length > 0) { // Return data is optional require(abi.decode(returndata, (bool)), "SafeERC20: ERC20 operation did not succeed"); } } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.7.0) (token/ERC721/ERC721.sol) pragma solidity ^0.8.0; import "./IERC721.sol"; import "./IERC721Receiver.sol"; import "./extensions/IERC721Metadata.sol"; import "../../utils/Address.sol"; import "../../utils/Context.sol"; import "../../utils/Strings.sol"; import "../../utils/introspection/ERC165.sol"; /** * @dev Implementation of https://eips.ethereum.org/EIPS/eip-721[ERC721] Non-Fungible Token Standard, including * the Metadata extension, but not including the Enumerable extension, which is available separately as * {ERC721Enumerable}. */ contract ERC721 is Context, ERC165, IERC721, IERC721Metadata { using Address for address; using Strings for uint256; // Token name string private _name; // Token symbol string private _symbol; // Mapping from token ID to owner address mapping(uint256 => address) private _owners; // Mapping owner address to token count mapping(address => uint256) private _balances; // Mapping from token ID to approved address mapping(uint256 => address) private _tokenApprovals; // Mapping from owner to operator approvals mapping(address => mapping(address => bool)) private _operatorApprovals; /** * @dev Initializes the contract by setting a `name` and a `symbol` to the token collection. */ constructor(string memory name_, string memory symbol_) { _name = name_; _symbol = symbol_; } /** * @dev See {IERC165-supportsInterface}. */ function supportsInterface(bytes4 interfaceId) public view virtual override(ERC165, IERC165) returns (bool) { return interfaceId == type(IERC721).interfaceId || interfaceId == type(IERC721Metadata).interfaceId || super.supportsInterface(interfaceId); } /** * @dev See {IERC721-balanceOf}. */ function balanceOf(address owner) public view virtual override returns (uint256) { require(owner != address(0), "ERC721: address zero is not a valid owner"); return _balances[owner]; } /** * @dev See {IERC721-ownerOf}. */ function ownerOf(uint256 tokenId) public view virtual override returns (address) { address owner = _owners[tokenId]; require(owner != address(0), "ERC721: invalid token ID"); return owner; } /** * @dev See {IERC721Metadata-name}. */ function name() public view virtual override returns (string memory) { return _name; } /** * @dev See {IERC721Metadata-symbol}. */ function symbol() public view virtual override returns (string memory) { return _symbol; } /** * @dev See {IERC721Metadata-tokenURI}. */ function tokenURI(uint256 tokenId) public view virtual override returns (string memory) { _requireMinted(tokenId); string memory baseURI = _baseURI(); return bytes(baseURI).length > 0 ? string(abi.encodePacked(baseURI, tokenId.toString())) : ""; } /** * @dev Base URI for computing {tokenURI}. If set, the resulting URI for each * token will be the concatenation of the `baseURI` and the `tokenId`. Empty * by default, can be overridden in child contracts. */ function _baseURI() internal view virtual returns (string memory) { return ""; } /** * @dev See {IERC721-approve}. */ function approve(address to, uint256 tokenId) public virtual override { address owner = ERC721.ownerOf(tokenId); require(to != owner, "ERC721: approval to current owner"); require( _msgSender() == owner || isApprovedForAll(owner, _msgSender()), "ERC721: approve caller is not token owner nor approved for all" ); _approve(to, tokenId); } /** * @dev See {IERC721-getApproved}. */ function getApproved(uint256 tokenId) public view virtual override returns (address) { _requireMinted(tokenId); return _tokenApprovals[tokenId]; } /** * @dev See {IERC721-setApprovalForAll}. */ function setApprovalForAll(address operator, bool approved) public virtual override { _setApprovalForAll(_msgSender(), operator, approved); } /** * @dev See {IERC721-isApprovedForAll}. */ function isApprovedForAll(address owner, address operator) public view virtual override returns (bool) { return _operatorApprovals[owner][operator]; } /** * @dev See {IERC721-transferFrom}. */ function transferFrom( address from, address to, uint256 tokenId ) public virtual override { //solhint-disable-next-line max-line-length require(_isApprovedOrOwner(_msgSender(), tokenId), "ERC721: caller is not token owner nor approved"); _transfer(from, to, tokenId); } /** * @dev See {IERC721-safeTransferFrom}. */ function safeTransferFrom( address from, address to, uint256 tokenId ) public virtual override { safeTransferFrom(from, to, tokenId, ""); } /** * @dev See {IERC721-safeTransferFrom}. */ function safeTransferFrom( address from, address to, uint256 tokenId, bytes memory data ) public virtual override { require(_isApprovedOrOwner(_msgSender(), tokenId), "ERC721: caller is not token owner nor approved"); _safeTransfer(from, to, tokenId, data); } /** * @dev Safely transfers `tokenId` token from `from` to `to`, checking first that contract recipients * are aware of the ERC721 protocol to prevent tokens from being forever locked. * * `data` is additional data, it has no specified format and it is sent in call to `to`. * * This internal function is equivalent to {safeTransferFrom}, and can be used to e.g. * implement alternative mechanisms to perform token transfer, such as signature-based. * * Requirements: * * - `from` cannot be the zero address. * - `to` cannot be the zero address. * - `tokenId` token must exist and be owned by `from`. * - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer. * * Emits a {Transfer} event. */ function _safeTransfer( address from, address to, uint256 tokenId, bytes memory data ) internal virtual { _transfer(from, to, tokenId); require(_checkOnERC721Received(from, to, tokenId, data), "ERC721: transfer to non ERC721Receiver implementer"); } /** * @dev Returns whether `tokenId` exists. * * Tokens can be managed by their owner or approved accounts via {approve} or {setApprovalForAll}. * * Tokens start existing when they are minted (`_mint`), * and stop existing when they are burned (`_burn`). */ function _exists(uint256 tokenId) internal view virtual returns (bool) { return _owners[tokenId] != address(0); } /** * @dev Returns whether `spender` is allowed to manage `tokenId`. * * Requirements: * * - `tokenId` must exist. */ function _isApprovedOrOwner(address spender, uint256 tokenId) internal view virtual returns (bool) { address owner = ERC721.ownerOf(tokenId); return (spender == owner || isApprovedForAll(owner, spender) || getApproved(tokenId) == spender); } /** * @dev Safely mints `tokenId` and transfers it to `to`. * * Requirements: * * - `tokenId` must not exist. * - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer. * * Emits a {Transfer} event. */ function _safeMint(address to, uint256 tokenId) internal virtual { _safeMint(to, tokenId, ""); } /** * @dev Same as {xref-ERC721-_safeMint-address-uint256-}[`_safeMint`], with an additional `data` parameter which is * forwarded in {IERC721Receiver-onERC721Received} to contract recipients. */ function _safeMint( address to, uint256 tokenId, bytes memory data ) internal virtual { _mint(to, tokenId); require( _checkOnERC721Received(address(0), to, tokenId, data), "ERC721: transfer to non ERC721Receiver implementer" ); } /** * @dev Mints `tokenId` and transfers it to `to`. * * WARNING: Usage of this method is discouraged, use {_safeMint} whenever possible * * Requirements: * * - `tokenId` must not exist. * - `to` cannot be the zero address. * * Emits a {Transfer} event. */ function _mint(address to, uint256 tokenId) internal virtual { require(to != address(0), "ERC721: mint to the zero address"); require(!_exists(tokenId), "ERC721: token already minted"); _beforeTokenTransfer(address(0), to, tokenId); _balances[to] += 1; _owners[tokenId] = to; emit Transfer(address(0), to, tokenId); _afterTokenTransfer(address(0), to, tokenId); } /** * @dev Destroys `tokenId`. * The approval is cleared when the token is burned. * * Requirements: * * - `tokenId` must exist. * * Emits a {Transfer} event. */ function _burn(uint256 tokenId) internal virtual { address owner = ERC721.ownerOf(tokenId); _beforeTokenTransfer(owner, address(0), tokenId); // Clear approvals _approve(address(0), tokenId); _balances[owner] -= 1; delete _owners[tokenId]; emit Transfer(owner, address(0), tokenId); _afterTokenTransfer(owner, address(0), tokenId); } /** * @dev Transfers `tokenId` from `from` to `to`. * As opposed to {transferFrom}, this imposes no restrictions on msg.sender. * * Requirements: * * - `to` cannot be the zero address. * - `tokenId` token must be owned by `from`. * * Emits a {Transfer} event. */ function _transfer( address from, address to, uint256 tokenId ) internal virtual { require(ERC721.ownerOf(tokenId) == from, "ERC721: transfer from incorrect owner"); require(to != address(0), "ERC721: transfer to the zero address"); _beforeTokenTransfer(from, to, tokenId); // Clear approvals from the previous owner _approve(address(0), tokenId); _balances[from] -= 1; _balances[to] += 1; _owners[tokenId] = to; emit Transfer(from, to, tokenId); _afterTokenTransfer(from, to, tokenId); } /** * @dev Approve `to` to operate on `tokenId` * * Emits an {Approval} event. */ function _approve(address to, uint256 tokenId) internal virtual { _tokenApprovals[tokenId] = to; emit Approval(ERC721.ownerOf(tokenId), to, tokenId); } /** * @dev Approve `operator` to operate on all of `owner` tokens * * Emits an {ApprovalForAll} event. */ function _setApprovalForAll( address owner, address operator, bool approved ) internal virtual { require(owner != operator, "ERC721: approve to caller"); _operatorApprovals[owner][operator] = approved; emit ApprovalForAll(owner, operator, approved); } /** * @dev Reverts if the `tokenId` has not been minted yet. */ function _requireMinted(uint256 tokenId) internal view virtual { require(_exists(tokenId), "ERC721: invalid token ID"); } /** * @dev Internal function to invoke {IERC721Receiver-onERC721Received} on a target address. * The call is not executed if the target address is not a contract. * * @param from address representing the previous owner of the given token ID * @param to target address that will receive the tokens * @param tokenId uint256 ID of the token to be transferred * @param data bytes optional data to send along with the call * @return bool whether the call correctly returned the expected magic value */ function _checkOnERC721Received( address from, address to, uint256 tokenId, bytes memory data ) private returns (bool) { if (to.isContract()) { try IERC721Receiver(to).onERC721Received(_msgSender(), from, tokenId, data) returns (bytes4 retval) { return retval == IERC721Receiver.onERC721Received.selector; } catch (bytes memory reason) { if (reason.length == 0) { revert("ERC721: transfer to non ERC721Receiver implementer"); } else { /// @solidity memory-safe-assembly assembly { revert(add(32, reason), mload(reason)) } } } } else { return true; } } /** * @dev Hook that is called before any token transfer. This includes minting * and burning. * * Calling conditions: * * - When `from` and `to` are both non-zero, ``from``'s `tokenId` will be * transferred to `to`. * - When `from` is zero, `tokenId` will be minted for `to`. * - When `to` is zero, ``from``'s `tokenId` will be burned. * - `from` and `to` are never both zero. * * To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks]. */ function _beforeTokenTransfer( address from, address to, uint256 tokenId ) internal virtual {} /** * @dev Hook that is called after any transfer of tokens. This includes * minting and burning. * * Calling conditions: * * - when `from` and `to` are both non-zero. * - `from` and `to` are never both zero. * * To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks]. */ function _afterTokenTransfer( address from, address to, uint256 tokenId ) internal virtual {} }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.7.0) (token/ERC721/IERC721.sol) pragma solidity ^0.8.0; import "../../utils/introspection/IERC165.sol"; /** * @dev Required interface of an ERC721 compliant contract. */ interface IERC721 is IERC165 { /** * @dev Emitted when `tokenId` token is transferred from `from` to `to`. */ event Transfer(address indexed from, address indexed to, uint256 indexed tokenId); /** * @dev Emitted when `owner` enables `approved` to manage the `tokenId` token. */ event Approval(address indexed owner, address indexed approved, uint256 indexed tokenId); /** * @dev Emitted when `owner` enables or disables (`approved`) `operator` to manage all of its assets. */ event ApprovalForAll(address indexed owner, address indexed operator, bool approved); /** * @dev Returns the number of tokens in ``owner``'s account. */ function balanceOf(address owner) external view returns (uint256 balance); /** * @dev Returns the owner of the `tokenId` token. * * Requirements: * * - `tokenId` must exist. */ function ownerOf(uint256 tokenId) external view returns (address owner); /** * @dev Safely transfers `tokenId` token from `from` to `to`. * * Requirements: * * - `from` cannot be the zero address. * - `to` cannot be the zero address. * - `tokenId` token must exist and be owned by `from`. * - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}. * - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer. * * Emits a {Transfer} event. */ function safeTransferFrom( address from, address to, uint256 tokenId, bytes calldata data ) external; /** * @dev Safely transfers `tokenId` token from `from` to `to`, checking first that contract recipients * are aware of the ERC721 protocol to prevent tokens from being forever locked. * * Requirements: * * - `from` cannot be the zero address. * - `to` cannot be the zero address. * - `tokenId` token must exist and be owned by `from`. * - If the caller is not `from`, it must have been allowed to move this token by either {approve} or {setApprovalForAll}. * - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer. * * Emits a {Transfer} event. */ function safeTransferFrom( address from, address to, uint256 tokenId ) external; /** * @dev Transfers `tokenId` token from `from` to `to`. * * WARNING: Usage of this method is discouraged, use {safeTransferFrom} whenever possible. * * Requirements: * * - `from` cannot be the zero address. * - `to` cannot be the zero address. * - `tokenId` token must be owned by `from`. * - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}. * * Emits a {Transfer} event. */ function transferFrom( address from, address to, uint256 tokenId ) external; /** * @dev Gives permission to `to` to transfer `tokenId` token to another account. * The approval is cleared when the token is transferred. * * Only a single account can be approved at a time, so approving the zero address clears previous approvals. * * Requirements: * * - The caller must own the token or be an approved operator. * - `tokenId` must exist. * * Emits an {Approval} event. */ function approve(address to, uint256 tokenId) external; /** * @dev Approve or remove `operator` as an operator for the caller. * Operators can call {transferFrom} or {safeTransferFrom} for any token owned by the caller. * * Requirements: * * - The `operator` cannot be the caller. * * Emits an {ApprovalForAll} event. */ function setApprovalForAll(address operator, bool _approved) external; /** * @dev Returns the account approved for `tokenId` token. * * Requirements: * * - `tokenId` must exist. */ function getApproved(uint256 tokenId) external view returns (address operator); /** * @dev Returns if the `operator` is allowed to manage all of the assets of `owner`. * * See {setApprovalForAll} */ function isApprovedForAll(address owner, address operator) external view returns (bool); }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.6.0) (token/ERC721/IERC721Receiver.sol) pragma solidity ^0.8.0; /** * @title ERC721 token receiver interface * @dev Interface for any contract that wants to support safeTransfers * from ERC721 asset contracts. */ interface IERC721Receiver { /** * @dev Whenever an {IERC721} `tokenId` token is transferred to this contract via {IERC721-safeTransferFrom} * by `operator` from `from`, this function is called. * * It must return its Solidity selector to confirm the token transfer. * If any other value is returned or the interface is not implemented by the recipient, the transfer will be reverted. * * The selector can be obtained in Solidity with `IERC721Receiver.onERC721Received.selector`. */ function onERC721Received( address operator, address from, uint256 tokenId, bytes calldata data ) external returns (bytes4); }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts v4.4.1 (token/ERC721/extensions/ERC721Enumerable.sol) pragma solidity ^0.8.0; import "../ERC721.sol"; import "./IERC721Enumerable.sol"; /** * @dev This implements an optional extension of {ERC721} defined in the EIP that adds * enumerability of all the token ids in the contract as well as all token ids owned by each * account. */ abstract contract ERC721Enumerable is ERC721, IERC721Enumerable { // Mapping from owner to list of owned token IDs mapping(address => mapping(uint256 => uint256)) private _ownedTokens; // Mapping from token ID to index of the owner tokens list mapping(uint256 => uint256) private _ownedTokensIndex; // Array with all token ids, used for enumeration uint256[] private _allTokens; // Mapping from token id to position in the allTokens array mapping(uint256 => uint256) private _allTokensIndex; /** * @dev See {IERC165-supportsInterface}. */ function supportsInterface(bytes4 interfaceId) public view virtual override(IERC165, ERC721) returns (bool) { return interfaceId == type(IERC721Enumerable).interfaceId || super.supportsInterface(interfaceId); } /** * @dev See {IERC721Enumerable-tokenOfOwnerByIndex}. */ function tokenOfOwnerByIndex(address owner, uint256 index) public view virtual override returns (uint256) { require(index < ERC721.balanceOf(owner), "ERC721Enumerable: owner index out of bounds"); return _ownedTokens[owner][index]; } /** * @dev See {IERC721Enumerable-totalSupply}. */ function totalSupply() public view virtual override returns (uint256) { return _allTokens.length; } /** * @dev See {IERC721Enumerable-tokenByIndex}. */ function tokenByIndex(uint256 index) public view virtual override returns (uint256) { require(index < ERC721Enumerable.totalSupply(), "ERC721Enumerable: global index out of bounds"); return _allTokens[index]; } /** * @dev Hook that is called before any token transfer. This includes minting * and burning. * * Calling conditions: * * - When `from` and `to` are both non-zero, ``from``'s `tokenId` will be * transferred to `to`. * - When `from` is zero, `tokenId` will be minted for `to`. * - When `to` is zero, ``from``'s `tokenId` will be burned. * - `from` cannot be the zero address. * - `to` cannot be the zero address. * * To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks]. */ function _beforeTokenTransfer( address from, address to, uint256 tokenId ) internal virtual override { super._beforeTokenTransfer(from, to, tokenId); if (from == address(0)) { _addTokenToAllTokensEnumeration(tokenId); } else if (from != to) { _removeTokenFromOwnerEnumeration(from, tokenId); } if (to == address(0)) { _removeTokenFromAllTokensEnumeration(tokenId); } else if (to != from) { _addTokenToOwnerEnumeration(to, tokenId); } } /** * @dev Private function to add a token to this extension's ownership-tracking data structures. * @param to address representing the new owner of the given token ID * @param tokenId uint256 ID of the token to be added to the tokens list of the given address */ function _addTokenToOwnerEnumeration(address to, uint256 tokenId) private { uint256 length = ERC721.balanceOf(to); _ownedTokens[to][length] = tokenId; _ownedTokensIndex[tokenId] = length; } /** * @dev Private function to add a token to this extension's token tracking data structures. * @param tokenId uint256 ID of the token to be added to the tokens list */ function _addTokenToAllTokensEnumeration(uint256 tokenId) private { _allTokensIndex[tokenId] = _allTokens.length; _allTokens.push(tokenId); } /** * @dev Private function to remove a token from this extension's ownership-tracking data structures. Note that * while the token is not assigned a new owner, the `_ownedTokensIndex` mapping is _not_ updated: this allows for * gas optimizations e.g. when performing a transfer operation (avoiding double writes). * This has O(1) time complexity, but alters the order of the _ownedTokens array. * @param from address representing the previous owner of the given token ID * @param tokenId uint256 ID of the token to be removed from the tokens list of the given address */ function _removeTokenFromOwnerEnumeration(address from, uint256 tokenId) private { // To prevent a gap in from's tokens array, we store the last token in the index of the token to delete, and // then delete the last slot (swap and pop). uint256 lastTokenIndex = ERC721.balanceOf(from) - 1; uint256 tokenIndex = _ownedTokensIndex[tokenId]; // When the token to delete is the last token, the swap operation is unnecessary if (tokenIndex != lastTokenIndex) { uint256 lastTokenId = _ownedTokens[from][lastTokenIndex]; _ownedTokens[from][tokenIndex] = lastTokenId; // Move the last token to the slot of the to-delete token _ownedTokensIndex[lastTokenId] = tokenIndex; // Update the moved token's index } // This also deletes the contents at the last position of the array delete _ownedTokensIndex[tokenId]; delete _ownedTokens[from][lastTokenIndex]; } /** * @dev Private function to remove a token from this extension's token tracking data structures. * This has O(1) time complexity, but alters the order of the _allTokens array. * @param tokenId uint256 ID of the token to be removed from the tokens list */ function _removeTokenFromAllTokensEnumeration(uint256 tokenId) private { // To prevent a gap in the tokens array, we store the last token in the index of the token to delete, and // then delete the last slot (swap and pop). uint256 lastTokenIndex = _allTokens.length - 1; uint256 tokenIndex = _allTokensIndex[tokenId]; // When the token to delete is the last token, the swap operation is unnecessary. However, since this occurs so // rarely (when the last minted token is burnt) that we still do the swap here to avoid the gas cost of adding // an 'if' statement (like in _removeTokenFromOwnerEnumeration) uint256 lastTokenId = _allTokens[lastTokenIndex]; _allTokens[tokenIndex] = lastTokenId; // Move the last token to the slot of the to-delete token _allTokensIndex[lastTokenId] = tokenIndex; // Update the moved token's index // This also deletes the contents at the last position of the array delete _allTokensIndex[tokenId]; _allTokens.pop(); } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.5.0) (token/ERC721/extensions/IERC721Enumerable.sol) pragma solidity ^0.8.0; import "../IERC721.sol"; /** * @title ERC-721 Non-Fungible Token Standard, optional enumeration extension * @dev See https://eips.ethereum.org/EIPS/eip-721 */ interface IERC721Enumerable is IERC721 { /** * @dev Returns the total amount of tokens stored by the contract. */ function totalSupply() external view returns (uint256); /** * @dev Returns a token ID owned by `owner` at a given `index` of its token list. * Use along with {balanceOf} to enumerate all of ``owner``'s tokens. */ function tokenOfOwnerByIndex(address owner, uint256 index) external view returns (uint256); /** * @dev Returns a token ID at a given `index` of all the tokens stored by the contract. * Use along with {totalSupply} to enumerate all tokens. */ function tokenByIndex(uint256 index) external view returns (uint256); }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts v4.4.1 (token/ERC721/extensions/IERC721Metadata.sol) pragma solidity ^0.8.0; import "../IERC721.sol"; /** * @title ERC-721 Non-Fungible Token Standard, optional metadata extension * @dev See https://eips.ethereum.org/EIPS/eip-721 */ interface IERC721Metadata is IERC721 { /** * @dev Returns the token collection name. */ function name() external view returns (string memory); /** * @dev Returns the token collection symbol. */ function symbol() external view returns (string memory); /** * @dev Returns the Uniform Resource Identifier (URI) for `tokenId` token. */ function tokenURI(uint256 tokenId) external view returns (string memory); }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.7.0) (utils/Address.sol) pragma solidity ^0.8.1; /** * @dev Collection of functions related to the address type */ library Address { /** * @dev Returns true if `account` is a contract. * * [IMPORTANT] * ==== * It is unsafe to assume that an address for which this function returns * false is an externally-owned account (EOA) and not a contract. * * Among others, `isContract` will return false for the following * types of addresses: * * - an externally-owned account * - a contract in construction * - an address where a contract will be created * - an address where a contract lived, but was destroyed * ==== * * [IMPORTANT] * ==== * You shouldn't rely on `isContract` to protect against flash loan attacks! * * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract * constructor. * ==== */ function isContract(address account) internal view returns (bool) { // This method relies on extcodesize/address.code.length, which returns 0 // for contracts in construction, since the code is only stored at the end // of the constructor execution. return account.code.length > 0; } /** * @dev Replacement for Solidity's `transfer`: sends `amount` wei to * `recipient`, forwarding all available gas and reverting on errors. * * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost * of certain opcodes, possibly making contracts go over the 2300 gas limit * imposed by `transfer`, making them unable to receive funds via * `transfer`. {sendValue} removes this limitation. * * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more]. * * IMPORTANT: because control is transferred to `recipient`, care must be * taken to not create reentrancy vulnerabilities. Consider using * {ReentrancyGuard} or the * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern]. */ function sendValue(address payable recipient, uint256 amount) internal { require(address(this).balance >= amount, "Address: insufficient balance"); (bool success, ) = recipient.call{value: amount}(""); require(success, "Address: unable to send value, recipient may have reverted"); } /** * @dev Performs a Solidity function call using a low level `call`. A * plain `call` is an unsafe replacement for a function call: use this * function instead. * * If `target` reverts with a revert reason, it is bubbled up by this * function (like regular Solidity function calls). * * Returns the raw returned data. To convert to the expected return value, * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`]. * * Requirements: * * - `target` must be a contract. * - calling `target` with `data` must not revert. * * _Available since v3.1._ */ function functionCall(address target, bytes memory data) internal returns (bytes memory) { return functionCall(target, data, "Address: low-level call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with * `errorMessage` as a fallback revert reason when `target` reverts. * * _Available since v3.1._ */ function functionCall( address target, bytes memory data, string memory errorMessage ) internal returns (bytes memory) { return functionCallWithValue(target, data, 0, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but also transferring `value` wei to `target`. * * Requirements: * * - the calling contract must have an ETH balance of at least `value`. * - the called Solidity function must be `payable`. * * _Available since v3.1._ */ function functionCallWithValue( address target, bytes memory data, uint256 value ) internal returns (bytes memory) { return functionCallWithValue(target, data, value, "Address: low-level call with value failed"); } /** * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but * with `errorMessage` as a fallback revert reason when `target` reverts. * * _Available since v3.1._ */ function functionCallWithValue( address target, bytes memory data, uint256 value, string memory errorMessage ) internal returns (bytes memory) { require(address(this).balance >= value, "Address: insufficient balance for call"); require(isContract(target), "Address: call to non-contract"); (bool success, bytes memory returndata) = target.call{value: value}(data); return verifyCallResult(success, returndata, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but performing a static call. * * _Available since v3.3._ */ function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) { return functionStaticCall(target, data, "Address: low-level static call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`], * but performing a static call. * * _Available since v3.3._ */ function functionStaticCall( address target, bytes memory data, string memory errorMessage ) internal view returns (bytes memory) { require(isContract(target), "Address: static call to non-contract"); (bool success, bytes memory returndata) = target.staticcall(data); return verifyCallResult(success, returndata, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but performing a delegate call. * * _Available since v3.4._ */ function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) { return functionDelegateCall(target, data, "Address: low-level delegate call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`], * but performing a delegate call. * * _Available since v3.4._ */ function functionDelegateCall( address target, bytes memory data, string memory errorMessage ) internal returns (bytes memory) { require(isContract(target), "Address: delegate call to non-contract"); (bool success, bytes memory returndata) = target.delegatecall(data); return verifyCallResult(success, returndata, errorMessage); } /** * @dev Tool to verifies that a low level call was successful, and revert if it wasn't, either by bubbling the * revert reason using the provided one. * * _Available since v4.3._ */ function verifyCallResult( bool success, bytes memory returndata, string memory errorMessage ) internal pure returns (bytes memory) { if (success) { return returndata; } else { // Look for revert reason and bubble it up if present if (returndata.length > 0) { // The easiest way to bubble the revert reason is using memory via assembly /// @solidity memory-safe-assembly assembly { let returndata_size := mload(returndata) revert(add(32, returndata), returndata_size) } } else { revert(errorMessage); } } } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts v4.4.1 (utils/Context.sol) pragma solidity ^0.8.0; /** * @dev Provides information about the current execution context, including the * sender of the transaction and its data. While these are generally available * via msg.sender and msg.data, they should not be accessed in such a direct * manner, since when dealing with meta-transactions the account sending and * paying for execution may not be the actual sender (as far as an application * is concerned). * * This contract is only required for intermediate, library-like contracts. */ abstract contract Context { function _msgSender() internal view virtual returns (address) { return msg.sender; } function _msgData() internal view virtual returns (bytes calldata) { return msg.data; } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts v4.4.1 (utils/Counters.sol) pragma solidity ^0.8.0; /** * @title Counters * @author Matt Condon (@shrugs) * @dev Provides counters that can only be incremented, decremented or reset. This can be used e.g. to track the number * of elements in a mapping, issuing ERC721 ids, or counting request ids. * * Include with `using Counters for Counters.Counter;` */ library Counters { struct Counter { // This variable should never be directly accessed by users of the library: interactions must be restricted to // the library's function. As of Solidity v0.5.2, this cannot be enforced, though there is a proposal to add // this feature: see https://github.com/ethereum/solidity/issues/4637 uint256 _value; // default: 0 } function current(Counter storage counter) internal view returns (uint256) { return counter._value; } function increment(Counter storage counter) internal { unchecked { counter._value += 1; } } function decrement(Counter storage counter) internal { uint256 value = counter._value; require(value > 0, "Counter: decrement overflow"); unchecked { counter._value = value - 1; } } function reset(Counter storage counter) internal { counter._value = 0; } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.7.0) (utils/Strings.sol) pragma solidity ^0.8.0; /** * @dev String operations. */ library Strings { bytes16 private constant _HEX_SYMBOLS = "0123456789abcdef"; uint8 private constant _ADDRESS_LENGTH = 20; /** * @dev Converts a `uint256` to its ASCII `string` decimal representation. */ function toString(uint256 value) internal pure returns (string memory) { // Inspired by OraclizeAPI's implementation - MIT licence // https://github.com/oraclize/ethereum-api/blob/b42146b063c7d6ee1358846c198246239e9360e8/oraclizeAPI_0.4.25.sol if (value == 0) { return "0"; } uint256 temp = value; uint256 digits; while (temp != 0) { digits++; temp /= 10; } bytes memory buffer = new bytes(digits); while (value != 0) { digits -= 1; buffer[digits] = bytes1(uint8(48 + uint256(value % 10))); value /= 10; } return string(buffer); } /** * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation. */ function toHexString(uint256 value) internal pure returns (string memory) { if (value == 0) { return "0x00"; } uint256 temp = value; uint256 length = 0; while (temp != 0) { length++; temp >>= 8; } return toHexString(value, length); } /** * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length. */ function toHexString(uint256 value, uint256 length) internal pure returns (string memory) { bytes memory buffer = new bytes(2 * length + 2); buffer[0] = "0"; buffer[1] = "x"; for (uint256 i = 2 * length + 1; i > 1; --i) { buffer[i] = _HEX_SYMBOLS[value & 0xf]; value >>= 4; } require(value == 0, "Strings: hex length insufficient"); return string(buffer); } /** * @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation. */ function toHexString(address addr) internal pure returns (string memory) { return toHexString(uint256(uint160(addr)), _ADDRESS_LENGTH); } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.7.3) (utils/cryptography/ECDSA.sol) pragma solidity ^0.8.0; import "../Strings.sol"; /** * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations. * * These functions can be used to verify that a message was signed by the holder * of the private keys of a given address. */ library ECDSA { enum RecoverError { NoError, InvalidSignature, InvalidSignatureLength, InvalidSignatureS, InvalidSignatureV } function _throwError(RecoverError error) private pure { if (error == RecoverError.NoError) { return; // no error: do nothing } else if (error == RecoverError.InvalidSignature) { revert("ECDSA: invalid signature"); } else if (error == RecoverError.InvalidSignatureLength) { revert("ECDSA: invalid signature length"); } else if (error == RecoverError.InvalidSignatureS) { revert("ECDSA: invalid signature 's' value"); } else if (error == RecoverError.InvalidSignatureV) { revert("ECDSA: invalid signature 'v' value"); } } /** * @dev Returns the address that signed a hashed message (`hash`) with * `signature` or error string. This address can then be used for verification purposes. * * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures: * this function rejects them by requiring the `s` value to be in the lower * half order, and the `v` value to be either 27 or 28. * * IMPORTANT: `hash` _must_ be the result of a hash operation for the * verification to be secure: it is possible to craft signatures that * recover to arbitrary addresses for non-hashed data. A safe way to ensure * this is by receiving a hash of the original message (which may otherwise * be too long), and then calling {toEthSignedMessageHash} on it. * * Documentation for signature generation: * - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js] * - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers] * * _Available since v4.3._ */ function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError) { if (signature.length == 65) { bytes32 r; bytes32 s; uint8 v; // ecrecover takes the signature parameters, and the only way to get them // currently is to use assembly. /// @solidity memory-safe-assembly assembly { r := mload(add(signature, 0x20)) s := mload(add(signature, 0x40)) v := byte(0, mload(add(signature, 0x60))) } return tryRecover(hash, v, r, s); } else { return (address(0), RecoverError.InvalidSignatureLength); } } /** * @dev Returns the address that signed a hashed message (`hash`) with * `signature`. This address can then be used for verification purposes. * * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures: * this function rejects them by requiring the `s` value to be in the lower * half order, and the `v` value to be either 27 or 28. * * IMPORTANT: `hash` _must_ be the result of a hash operation for the * verification to be secure: it is possible to craft signatures that * recover to arbitrary addresses for non-hashed data. A safe way to ensure * this is by receiving a hash of the original message (which may otherwise * be too long), and then calling {toEthSignedMessageHash} on it. */ function recover(bytes32 hash, bytes memory signature) internal pure returns (address) { (address recovered, RecoverError error) = tryRecover(hash, signature); _throwError(error); return recovered; } /** * @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately. * * See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures] * * _Available since v4.3._ */ function tryRecover( bytes32 hash, bytes32 r, bytes32 vs ) internal pure returns (address, RecoverError) { bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff); uint8 v = uint8((uint256(vs) >> 255) + 27); return tryRecover(hash, v, r, s); } /** * @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately. * * _Available since v4.2._ */ function recover( bytes32 hash, bytes32 r, bytes32 vs ) internal pure returns (address) { (address recovered, RecoverError error) = tryRecover(hash, r, vs); _throwError(error); return recovered; } /** * @dev Overload of {ECDSA-tryRecover} that receives the `v`, * `r` and `s` signature fields separately. * * _Available since v4.3._ */ function tryRecover( bytes32 hash, uint8 v, bytes32 r, bytes32 s ) internal pure returns (address, RecoverError) { // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines // the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most // signatures from current libraries generate a unique signature with an s-value in the lower half order. // // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept // these malleable signatures as well. if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) { return (address(0), RecoverError.InvalidSignatureS); } if (v != 27 && v != 28) { return (address(0), RecoverError.InvalidSignatureV); } // If the signature is valid (and not malleable), return the signer address address signer = ecrecover(hash, v, r, s); if (signer == address(0)) { return (address(0), RecoverError.InvalidSignature); } return (signer, RecoverError.NoError); } /** * @dev Overload of {ECDSA-recover} that receives the `v`, * `r` and `s` signature fields separately. */ function recover( bytes32 hash, uint8 v, bytes32 r, bytes32 s ) internal pure returns (address) { (address recovered, RecoverError error) = tryRecover(hash, v, r, s); _throwError(error); return recovered; } /** * @dev Returns an Ethereum Signed Message, created from a `hash`. This * produces hash corresponding to the one signed with the * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`] * JSON-RPC method as part of EIP-191. * * See {recover}. */ function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32) { // 32 is the length in bytes of hash, // enforced by the type signature above return keccak256(abi.encodePacked("\x19Ethereum Signed Message:\n32", hash)); } /** * @dev Returns an Ethereum Signed Message, created from `s`. This * produces hash corresponding to the one signed with the * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`] * JSON-RPC method as part of EIP-191. * * See {recover}. */ function toEthSignedMessageHash(bytes memory s) internal pure returns (bytes32) { return keccak256(abi.encodePacked("\x19Ethereum Signed Message:\n", Strings.toString(s.length), s)); } /** * @dev Returns an Ethereum Signed Typed Data, created from a * `domainSeparator` and a `structHash`. This produces hash corresponding * to the one signed with the * https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`] * JSON-RPC method as part of EIP-712. * * See {recover}. */ function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32) { return keccak256(abi.encodePacked("\x19\x01", domainSeparator, structHash)); } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts v4.4.1 (utils/cryptography/draft-EIP712.sol) pragma solidity ^0.8.0; import "./ECDSA.sol"; /** * @dev https://eips.ethereum.org/EIPS/eip-712[EIP 712] is a standard for hashing and signing of typed structured data. * * The encoding specified in the EIP is very generic, and such a generic implementation in Solidity is not feasible, * thus this contract does not implement the encoding itself. Protocols need to implement the type-specific encoding * they need in their contracts using a combination of `abi.encode` and `keccak256`. * * This contract implements the EIP 712 domain separator ({_domainSeparatorV4}) that is used as part of the encoding * scheme, and the final step of the encoding to obtain the message digest that is then signed via ECDSA * ({_hashTypedDataV4}). * * The implementation of the domain separator was designed to be as efficient as possible while still properly updating * the chain id to protect against replay attacks on an eventual fork of the chain. * * NOTE: This contract implements the version of the encoding known as "v4", as implemented by the JSON RPC method * https://docs.metamask.io/guide/signing-data.html[`eth_signTypedDataV4` in MetaMask]. * * _Available since v3.4._ */ abstract contract EIP712 { /* solhint-disable var-name-mixedcase */ // Cache the domain separator as an immutable value, but also store the chain id that it corresponds to, in order to // invalidate the cached domain separator if the chain id changes. bytes32 private immutable _CACHED_DOMAIN_SEPARATOR; uint256 private immutable _CACHED_CHAIN_ID; address private immutable _CACHED_THIS; bytes32 private immutable _HASHED_NAME; bytes32 private immutable _HASHED_VERSION; bytes32 private immutable _TYPE_HASH; /* solhint-enable var-name-mixedcase */ /** * @dev Initializes the domain separator and parameter caches. * * The meaning of `name` and `version` is specified in * https://eips.ethereum.org/EIPS/eip-712#definition-of-domainseparator[EIP 712]: * * - `name`: the user readable name of the signing domain, i.e. the name of the DApp or the protocol. * - `version`: the current major version of the signing domain. * * NOTE: These parameters cannot be changed except through a xref:learn::upgrading-smart-contracts.adoc[smart * contract upgrade]. */ constructor(string memory name, string memory version) { bytes32 hashedName = keccak256(bytes(name)); bytes32 hashedVersion = keccak256(bytes(version)); bytes32 typeHash = keccak256( "EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)" ); _HASHED_NAME = hashedName; _HASHED_VERSION = hashedVersion; _CACHED_CHAIN_ID = block.chainid; _CACHED_DOMAIN_SEPARATOR = _buildDomainSeparator(typeHash, hashedName, hashedVersion); _CACHED_THIS = address(this); _TYPE_HASH = typeHash; } /** * @dev Returns the domain separator for the current chain. */ function _domainSeparatorV4() internal view returns (bytes32) { if (address(this) == _CACHED_THIS && block.chainid == _CACHED_CHAIN_ID) { return _CACHED_DOMAIN_SEPARATOR; } else { return _buildDomainSeparator(_TYPE_HASH, _HASHED_NAME, _HASHED_VERSION); } } function _buildDomainSeparator( bytes32 typeHash, bytes32 nameHash, bytes32 versionHash ) private view returns (bytes32) { return keccak256(abi.encode(typeHash, nameHash, versionHash, block.chainid, address(this))); } /** * @dev Given an already https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct[hashed struct], this * function returns the hash of the fully encoded EIP712 message for this domain. * * This hash can be used together with {ECDSA-recover} to obtain the signer of a message. For example: * * ```solidity * bytes32 digest = _hashTypedDataV4(keccak256(abi.encode( * keccak256("Mail(address to,string contents)"), * mailTo, * keccak256(bytes(mailContents)) * ))); * address signer = ECDSA.recover(digest, signature); * ``` */ function _hashTypedDataV4(bytes32 structHash) internal view virtual returns (bytes32) { return ECDSA.toTypedDataHash(_domainSeparatorV4(), structHash); } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts v4.4.1 (utils/introspection/ERC165.sol) pragma solidity ^0.8.0; import "./IERC165.sol"; /** * @dev Implementation of the {IERC165} interface. * * Contracts that want to implement ERC165 should inherit from this contract and override {supportsInterface} to check * for the additional interface id that will be supported. For example: * * ```solidity * function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) { * return interfaceId == type(MyInterface).interfaceId || super.supportsInterface(interfaceId); * } * ``` * * Alternatively, {ERC165Storage} provides an easier to use but more expensive implementation. */ abstract contract ERC165 is IERC165 { /** * @dev See {IERC165-supportsInterface}. */ function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) { return interfaceId == type(IERC165).interfaceId; } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.7.2) (utils/introspection/ERC165Checker.sol) pragma solidity ^0.8.0; import "./IERC165.sol"; /** * @dev Library used to query support of an interface declared via {IERC165}. * * Note that these functions return the actual result of the query: they do not * `revert` if an interface is not supported. It is up to the caller to decide * what to do in these cases. */ library ERC165Checker { // As per the EIP-165 spec, no interface should ever match 0xffffffff bytes4 private constant _INTERFACE_ID_INVALID = 0xffffffff; /** * @dev Returns true if `account` supports the {IERC165} interface, */ function supportsERC165(address account) internal view returns (bool) { // Any contract that implements ERC165 must explicitly indicate support of // InterfaceId_ERC165 and explicitly indicate non-support of InterfaceId_Invalid return _supportsERC165Interface(account, type(IERC165).interfaceId) && !_supportsERC165Interface(account, _INTERFACE_ID_INVALID); } /** * @dev Returns true if `account` supports the interface defined by * `interfaceId`. Support for {IERC165} itself is queried automatically. * * See {IERC165-supportsInterface}. */ function supportsInterface(address account, bytes4 interfaceId) internal view returns (bool) { // query support of both ERC165 as per the spec and support of _interfaceId return supportsERC165(account) && _supportsERC165Interface(account, interfaceId); } /** * @dev Returns a boolean array where each value corresponds to the * interfaces passed in and whether they're supported or not. This allows * you to batch check interfaces for a contract where your expectation * is that some interfaces may not be supported. * * See {IERC165-supportsInterface}. * * _Available since v3.4._ */ function getSupportedInterfaces(address account, bytes4[] memory interfaceIds) internal view returns (bool[] memory) { // an array of booleans corresponding to interfaceIds and whether they're supported or not bool[] memory interfaceIdsSupported = new bool[](interfaceIds.length); // query support of ERC165 itself if (supportsERC165(account)) { // query support of each interface in interfaceIds for (uint256 i = 0; i < interfaceIds.length; i++) { interfaceIdsSupported[i] = _supportsERC165Interface(account, interfaceIds[i]); } } return interfaceIdsSupported; } /** * @dev Returns true if `account` supports all the interfaces defined in * `interfaceIds`. Support for {IERC165} itself is queried automatically. * * Batch-querying can lead to gas savings by skipping repeated checks for * {IERC165} support. * * See {IERC165-supportsInterface}. */ function supportsAllInterfaces(address account, bytes4[] memory interfaceIds) internal view returns (bool) { // query support of ERC165 itself if (!supportsERC165(account)) { return false; } // query support of each interface in _interfaceIds for (uint256 i = 0; i < interfaceIds.length; i++) { if (!_supportsERC165Interface(account, interfaceIds[i])) { return false; } } // all interfaces supported return true; } /** * @notice Query if a contract implements an interface, does not check ERC165 support * @param account The address of the contract to query for support of an interface * @param interfaceId The interface identifier, as specified in ERC-165 * @return true if the contract at account indicates support of the interface with * identifier interfaceId, false otherwise * @dev Assumes that account contains a contract that supports ERC165, otherwise * the behavior of this method is undefined. This precondition can be checked * with {supportsERC165}. * Interface identification is specified in ERC-165. */ function _supportsERC165Interface(address account, bytes4 interfaceId) private view returns (bool) { // prepare call bytes memory encodedParams = abi.encodeWithSelector(IERC165.supportsInterface.selector, interfaceId); // perform static call bool success; uint256 returnSize; uint256 returnValue; assembly { success := staticcall(30000, account, add(encodedParams, 0x20), mload(encodedParams), 0x00, 0x20) returnSize := returndatasize() returnValue := mload(0x00) } return success && returnSize >= 0x20 && returnValue > 0; } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts v4.4.1 (utils/introspection/IERC165.sol) pragma solidity ^0.8.0; /** * @dev Interface of the ERC165 standard, as defined in the * https://eips.ethereum.org/EIPS/eip-165[EIP]. * * Implementers can declare support of contract interfaces, which can then be * queried by others ({ERC165Checker}). * * For an implementation, see {ERC165}. */ interface IERC165 { /** * @dev Returns true if this contract implements the interface defined by * `interfaceId`. See the corresponding * https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[EIP section] * to learn more about how these ids are created. * * This function call must use less than 30 000 gas. */ function supportsInterface(bytes4 interfaceId) external view returns (bool); }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.7.0) (utils/math/Math.sol) pragma solidity ^0.8.0; /** * @dev Standard math utilities missing in the Solidity language. */ library Math { enum Rounding { Down, // Toward negative infinity Up, // Toward infinity Zero // Toward zero } /** * @dev Returns the largest of two numbers. */ function max(uint256 a, uint256 b) internal pure returns (uint256) { return a >= b ? a : b; } /** * @dev Returns the smallest of two numbers. */ function min(uint256 a, uint256 b) internal pure returns (uint256) { return a < b ? a : b; } /** * @dev Returns the average of two numbers. The result is rounded towards * zero. */ function average(uint256 a, uint256 b) internal pure returns (uint256) { // (a + b) / 2 can overflow. return (a & b) + (a ^ b) / 2; } /** * @dev Returns the ceiling of the division of two numbers. * * This differs from standard division with `/` in that it rounds up instead * of rounding down. */ function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) { // (a + b - 1) / b can overflow on addition, so we distribute. return a == 0 ? 0 : (a - 1) / b + 1; } /** * @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or denominator == 0 * @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv) * with further edits by Uniswap Labs also under MIT license. */ function mulDiv( uint256 x, uint256 y, uint256 denominator ) internal pure returns (uint256 result) { unchecked { // 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use // use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256 // variables such that product = prod1 * 2^256 + prod0. uint256 prod0; // Least significant 256 bits of the product uint256 prod1; // Most significant 256 bits of the product assembly { let mm := mulmod(x, y, not(0)) prod0 := mul(x, y) prod1 := sub(sub(mm, prod0), lt(mm, prod0)) } // Handle non-overflow cases, 256 by 256 division. if (prod1 == 0) { return prod0 / denominator; } // Make sure the result is less than 2^256. Also prevents denominator == 0. require(denominator > prod1); /////////////////////////////////////////////// // 512 by 256 division. /////////////////////////////////////////////// // Make division exact by subtracting the remainder from [prod1 prod0]. uint256 remainder; assembly { // Compute remainder using mulmod. remainder := mulmod(x, y, denominator) // Subtract 256 bit number from 512 bit number. prod1 := sub(prod1, gt(remainder, prod0)) prod0 := sub(prod0, remainder) } // Factor powers of two out of denominator and compute largest power of two divisor of denominator. Always >= 1. // See https://cs.stackexchange.com/q/138556/92363. // Does not overflow because the denominator cannot be zero at this stage in the function. uint256 twos = denominator & (~denominator + 1); assembly { // Divide denominator by twos. denominator := div(denominator, twos) // Divide [prod1 prod0] by twos. prod0 := div(prod0, twos) // Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one. twos := add(div(sub(0, twos), twos), 1) } // Shift in bits from prod1 into prod0. prod0 |= prod1 * twos; // Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such // that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for // four bits. That is, denominator * inv = 1 mod 2^4. uint256 inverse = (3 * denominator) ^ 2; // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also works // in modular arithmetic, doubling the correct bits in each step. inverse *= 2 - denominator * inverse; // inverse mod 2^8 inverse *= 2 - denominator * inverse; // inverse mod 2^16 inverse *= 2 - denominator * inverse; // inverse mod 2^32 inverse *= 2 - denominator * inverse; // inverse mod 2^64 inverse *= 2 - denominator * inverse; // inverse mod 2^128 inverse *= 2 - denominator * inverse; // inverse mod 2^256 // Because the division is now exact we can divide by multiplying with the modular inverse of denominator. // This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is // less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1 // is no longer required. result = prod0 * inverse; return result; } } /** * @notice Calculates x * y / denominator with full precision, following the selected rounding direction. */ function mulDiv( uint256 x, uint256 y, uint256 denominator, Rounding rounding ) internal pure returns (uint256) { uint256 result = mulDiv(x, y, denominator); if (rounding == Rounding.Up && mulmod(x, y, denominator) > 0) { result += 1; } return result; } /** * @dev Returns the square root of a number. It the number is not a perfect square, the value is rounded down. * * Inspired by Henry S. Warren, Jr.'s "Hacker's Delight" (Chapter 11). */ function sqrt(uint256 a) internal pure returns (uint256) { if (a == 0) { return 0; } // For our first guess, we get the biggest power of 2 which is smaller than the square root of the target. // We know that the "msb" (most significant bit) of our target number `a` is a power of 2 such that we have // `msb(a) <= a < 2*msb(a)`. // We also know that `k`, the position of the most significant bit, is such that `msb(a) = 2**k`. // This gives `2**k < a <= 2**(k+1)` → `2**(k/2) <= sqrt(a) < 2 ** (k/2+1)`. // Using an algorithm similar to the msb conmputation, we are able to compute `result = 2**(k/2)` which is a // good first aproximation of `sqrt(a)` with at least 1 correct bit. uint256 result = 1; uint256 x = a; if (x >> 128 > 0) { x >>= 128; result <<= 64; } if (x >> 64 > 0) { x >>= 64; result <<= 32; } if (x >> 32 > 0) { x >>= 32; result <<= 16; } if (x >> 16 > 0) { x >>= 16; result <<= 8; } if (x >> 8 > 0) { x >>= 8; result <<= 4; } if (x >> 4 > 0) { x >>= 4; result <<= 2; } if (x >> 2 > 0) { result <<= 1; } // At this point `result` is an estimation with one bit of precision. We know the true value is a uint128, // since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at // every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision // into the expected uint128 result. unchecked { result = (result + a / result) >> 1; result = (result + a / result) >> 1; result = (result + a / result) >> 1; result = (result + a / result) >> 1; result = (result + a / result) >> 1; result = (result + a / result) >> 1; result = (result + a / result) >> 1; return min(result, a / result); } } /** * @notice Calculates sqrt(a), following the selected rounding direction. */ function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) { uint256 result = sqrt(a); if (rounding == Rounding.Up && result * result < a) { result += 1; } return result; } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.7.0) (utils/math/SafeCast.sol) pragma solidity ^0.8.0; /** * @dev Wrappers over Solidity's uintXX/intXX casting operators with added overflow * checks. * * Downcasting from uint256/int256 in Solidity does not revert on overflow. This can * easily result in undesired exploitation or bugs, since developers usually * assume that overflows raise errors. `SafeCast` restores this intuition by * reverting the transaction when such an operation overflows. * * Using this library instead of the unchecked operations eliminates an entire * class of bugs, so it's recommended to use it always. * * Can be combined with {SafeMath} and {SignedSafeMath} to extend it to smaller types, by performing * all math on `uint256` and `int256` and then downcasting. */ library SafeCast { /** * @dev Returns the downcasted uint248 from uint256, reverting on * overflow (when the input is greater than largest uint248). * * Counterpart to Solidity's `uint248` operator. * * Requirements: * * - input must fit into 248 bits * * _Available since v4.7._ */ function toUint248(uint256 value) internal pure returns (uint248) { require(value <= type(uint248).max, "SafeCast: value doesn't fit in 248 bits"); return uint248(value); } /** * @dev Returns the downcasted uint240 from uint256, reverting on * overflow (when the input is greater than largest uint240). * * Counterpart to Solidity's `uint240` operator. * * Requirements: * * - input must fit into 240 bits * * _Available since v4.7._ */ function toUint240(uint256 value) internal pure returns (uint240) { require(value <= type(uint240).max, "SafeCast: value doesn't fit in 240 bits"); return uint240(value); } /** * @dev Returns the downcasted uint232 from uint256, reverting on * overflow (when the input is greater than largest uint232). * * Counterpart to Solidity's `uint232` operator. * * Requirements: * * - input must fit into 232 bits * * _Available since v4.7._ */ function toUint232(uint256 value) internal pure returns (uint232) { require(value <= type(uint232).max, "SafeCast: value doesn't fit in 232 bits"); return uint232(value); } /** * @dev Returns the downcasted uint224 from uint256, reverting on * overflow (when the input is greater than largest uint224). * * Counterpart to Solidity's `uint224` operator. * * Requirements: * * - input must fit into 224 bits * * _Available since v4.2._ */ function toUint224(uint256 value) internal pure returns (uint224) { require(value <= type(uint224).max, "SafeCast: value doesn't fit in 224 bits"); return uint224(value); } /** * @dev Returns the downcasted uint216 from uint256, reverting on * overflow (when the input is greater than largest uint216). * * Counterpart to Solidity's `uint216` operator. * * Requirements: * * - input must fit into 216 bits * * _Available since v4.7._ */ function toUint216(uint256 value) internal pure returns (uint216) { require(value <= type(uint216).max, "SafeCast: value doesn't fit in 216 bits"); return uint216(value); } /** * @dev Returns the downcasted uint208 from uint256, reverting on * overflow (when the input is greater than largest uint208). * * Counterpart to Solidity's `uint208` operator. * * Requirements: * * - input must fit into 208 bits * * _Available since v4.7._ */ function toUint208(uint256 value) internal pure returns (uint208) { require(value <= type(uint208).max, "SafeCast: value doesn't fit in 208 bits"); return uint208(value); } /** * @dev Returns the downcasted uint200 from uint256, reverting on * overflow (when the input is greater than largest uint200). * * Counterpart to Solidity's `uint200` operator. * * Requirements: * * - input must fit into 200 bits * * _Available since v4.7._ */ function toUint200(uint256 value) internal pure returns (uint200) { require(value <= type(uint200).max, "SafeCast: value doesn't fit in 200 bits"); return uint200(value); } /** * @dev Returns the downcasted uint192 from uint256, reverting on * overflow (when the input is greater than largest uint192). * * Counterpart to Solidity's `uint192` operator. * * Requirements: * * - input must fit into 192 bits * * _Available since v4.7._ */ function toUint192(uint256 value) internal pure returns (uint192) { require(value <= type(uint192).max, "SafeCast: value doesn't fit in 192 bits"); return uint192(value); } /** * @dev Returns the downcasted uint184 from uint256, reverting on * overflow (when the input is greater than largest uint184). * * Counterpart to Solidity's `uint184` operator. * * Requirements: * * - input must fit into 184 bits * * _Available since v4.7._ */ function toUint184(uint256 value) internal pure returns (uint184) { require(value <= type(uint184).max, "SafeCast: value doesn't fit in 184 bits"); return uint184(value); } /** * @dev Returns the downcasted uint176 from uint256, reverting on * overflow (when the input is greater than largest uint176). * * Counterpart to Solidity's `uint176` operator. * * Requirements: * * - input must fit into 176 bits * * _Available since v4.7._ */ function toUint176(uint256 value) internal pure returns (uint176) { require(value <= type(uint176).max, "SafeCast: value doesn't fit in 176 bits"); return uint176(value); } /** * @dev Returns the downcasted uint168 from uint256, reverting on * overflow (when the input is greater than largest uint168). * * Counterpart to Solidity's `uint168` operator. * * Requirements: * * - input must fit into 168 bits * * _Available since v4.7._ */ function toUint168(uint256 value) internal pure returns (uint168) { require(value <= type(uint168).max, "SafeCast: value doesn't fit in 168 bits"); return uint168(value); } /** * @dev Returns the downcasted uint160 from uint256, reverting on * overflow (when the input is greater than largest uint160). * * Counterpart to Solidity's `uint160` operator. * * Requirements: * * - input must fit into 160 bits * * _Available since v4.7._ */ function toUint160(uint256 value) internal pure returns (uint160) { require(value <= type(uint160).max, "SafeCast: value doesn't fit in 160 bits"); return uint160(value); } /** * @dev Returns the downcasted uint152 from uint256, reverting on * overflow (when the input is greater than largest uint152). * * Counterpart to Solidity's `uint152` operator. * * Requirements: * * - input must fit into 152 bits * * _Available since v4.7._ */ function toUint152(uint256 value) internal pure returns (uint152) { require(value <= type(uint152).max, "SafeCast: value doesn't fit in 152 bits"); return uint152(value); } /** * @dev Returns the downcasted uint144 from uint256, reverting on * overflow (when the input is greater than largest uint144). * * Counterpart to Solidity's `uint144` operator. * * Requirements: * * - input must fit into 144 bits * * _Available since v4.7._ */ function toUint144(uint256 value) internal pure returns (uint144) { require(value <= type(uint144).max, "SafeCast: value doesn't fit in 144 bits"); return uint144(value); } /** * @dev Returns the downcasted uint136 from uint256, reverting on * overflow (when the input is greater than largest uint136). * * Counterpart to Solidity's `uint136` operator. * * Requirements: * * - input must fit into 136 bits * * _Available since v4.7._ */ function toUint136(uint256 value) internal pure returns (uint136) { require(value <= type(uint136).max, "SafeCast: value doesn't fit in 136 bits"); return uint136(value); } /** * @dev Returns the downcasted uint128 from uint256, reverting on * overflow (when the input is greater than largest uint128). * * Counterpart to Solidity's `uint128` operator. * * Requirements: * * - input must fit into 128 bits * * _Available since v2.5._ */ function toUint128(uint256 value) internal pure returns (uint128) { require(value <= type(uint128).max, "SafeCast: value doesn't fit in 128 bits"); return uint128(value); } /** * @dev Returns the downcasted uint120 from uint256, reverting on * overflow (when the input is greater than largest uint120). * * Counterpart to Solidity's `uint120` operator. * * Requirements: * * - input must fit into 120 bits * * _Available since v4.7._ */ function toUint120(uint256 value) internal pure returns (uint120) { require(value <= type(uint120).max, "SafeCast: value doesn't fit in 120 bits"); return uint120(value); } /** * @dev Returns the downcasted uint112 from uint256, reverting on * overflow (when the input is greater than largest uint112). * * Counterpart to Solidity's `uint112` operator. * * Requirements: * * - input must fit into 112 bits * * _Available since v4.7._ */ function toUint112(uint256 value) internal pure returns (uint112) { require(value <= type(uint112).max, "SafeCast: value doesn't fit in 112 bits"); return uint112(value); } /** * @dev Returns the downcasted uint104 from uint256, reverting on * overflow (when the input is greater than largest uint104). * * Counterpart to Solidity's `uint104` operator. * * Requirements: * * - input must fit into 104 bits * * _Available since v4.7._ */ function toUint104(uint256 value) internal pure returns (uint104) { require(value <= type(uint104).max, "SafeCast: value doesn't fit in 104 bits"); return uint104(value); } /** * @dev Returns the downcasted uint96 from uint256, reverting on * overflow (when the input is greater than largest uint96). * * Counterpart to Solidity's `uint96` operator. * * Requirements: * * - input must fit into 96 bits * * _Available since v4.2._ */ function toUint96(uint256 value) internal pure returns (uint96) { require(value <= type(uint96).max, "SafeCast: value doesn't fit in 96 bits"); return uint96(value); } /** * @dev Returns the downcasted uint88 from uint256, reverting on * overflow (when the input is greater than largest uint88). * * Counterpart to Solidity's `uint88` operator. * * Requirements: * * - input must fit into 88 bits * * _Available since v4.7._ */ function toUint88(uint256 value) internal pure returns (uint88) { require(value <= type(uint88).max, "SafeCast: value doesn't fit in 88 bits"); return uint88(value); } /** * @dev Returns the downcasted uint80 from uint256, reverting on * overflow (when the input is greater than largest uint80). * * Counterpart to Solidity's `uint80` operator. * * Requirements: * * - input must fit into 80 bits * * _Available since v4.7._ */ function toUint80(uint256 value) internal pure returns (uint80) { require(value <= type(uint80).max, "SafeCast: value doesn't fit in 80 bits"); return uint80(value); } /** * @dev Returns the downcasted uint72 from uint256, reverting on * overflow (when the input is greater than largest uint72). * * Counterpart to Solidity's `uint72` operator. * * Requirements: * * - input must fit into 72 bits * * _Available since v4.7._ */ function toUint72(uint256 value) internal pure returns (uint72) { require(value <= type(uint72).max, "SafeCast: value doesn't fit in 72 bits"); return uint72(value); } /** * @dev Returns the downcasted uint64 from uint256, reverting on * overflow (when the input is greater than largest uint64). * * Counterpart to Solidity's `uint64` operator. * * Requirements: * * - input must fit into 64 bits * * _Available since v2.5._ */ function toUint64(uint256 value) internal pure returns (uint64) { require(value <= type(uint64).max, "SafeCast: value doesn't fit in 64 bits"); return uint64(value); } /** * @dev Returns the downcasted uint56 from uint256, reverting on * overflow (when the input is greater than largest uint56). * * Counterpart to Solidity's `uint56` operator. * * Requirements: * * - input must fit into 56 bits * * _Available since v4.7._ */ function toUint56(uint256 value) internal pure returns (uint56) { require(value <= type(uint56).max, "SafeCast: value doesn't fit in 56 bits"); return uint56(value); } /** * @dev Returns the downcasted uint48 from uint256, reverting on * overflow (when the input is greater than largest uint48). * * Counterpart to Solidity's `uint48` operator. * * Requirements: * * - input must fit into 48 bits * * _Available since v4.7._ */ function toUint48(uint256 value) internal pure returns (uint48) { require(value <= type(uint48).max, "SafeCast: value doesn't fit in 48 bits"); return uint48(value); } /** * @dev Returns the downcasted uint40 from uint256, reverting on * overflow (when the input is greater than largest uint40). * * Counterpart to Solidity's `uint40` operator. * * Requirements: * * - input must fit into 40 bits * * _Available since v4.7._ */ function toUint40(uint256 value) internal pure returns (uint40) { require(value <= type(uint40).max, "SafeCast: value doesn't fit in 40 bits"); return uint40(value); } /** * @dev Returns the downcasted uint32 from uint256, reverting on * overflow (when the input is greater than largest uint32). * * Counterpart to Solidity's `uint32` operator. * * Requirements: * * - input must fit into 32 bits * * _Available since v2.5._ */ function toUint32(uint256 value) internal pure returns (uint32) { require(value <= type(uint32).max, "SafeCast: value doesn't fit in 32 bits"); return uint32(value); } /** * @dev Returns the downcasted uint24 from uint256, reverting on * overflow (when the input is greater than largest uint24). * * Counterpart to Solidity's `uint24` operator. * * Requirements: * * - input must fit into 24 bits * * _Available since v4.7._ */ function toUint24(uint256 value) internal pure returns (uint24) { require(value <= type(uint24).max, "SafeCast: value doesn't fit in 24 bits"); return uint24(value); } /** * @dev Returns the downcasted uint16 from uint256, reverting on * overflow (when the input is greater than largest uint16). * * Counterpart to Solidity's `uint16` operator. * * Requirements: * * - input must fit into 16 bits * * _Available since v2.5._ */ function toUint16(uint256 value) internal pure returns (uint16) { require(value <= type(uint16).max, "SafeCast: value doesn't fit in 16 bits"); return uint16(value); } /** * @dev Returns the downcasted uint8 from uint256, reverting on * overflow (when the input is greater than largest uint8). * * Counterpart to Solidity's `uint8` operator. * * Requirements: * * - input must fit into 8 bits * * _Available since v2.5._ */ function toUint8(uint256 value) internal pure returns (uint8) { require(value <= type(uint8).max, "SafeCast: value doesn't fit in 8 bits"); return uint8(value); } /** * @dev Converts a signed int256 into an unsigned uint256. * * Requirements: * * - input must be greater than or equal to 0. * * _Available since v3.0._ */ function toUint256(int256 value) internal pure returns (uint256) { require(value >= 0, "SafeCast: value must be positive"); return uint256(value); } /** * @dev Returns the downcasted int248 from int256, reverting on * overflow (when the input is less than smallest int248 or * greater than largest int248). * * Counterpart to Solidity's `int248` operator. * * Requirements: * * - input must fit into 248 bits * * _Available since v4.7._ */ function toInt248(int256 value) internal pure returns (int248) { require(value >= type(int248).min && value <= type(int248).max, "SafeCast: value doesn't fit in 248 bits"); return int248(value); } /** * @dev Returns the downcasted int240 from int256, reverting on * overflow (when the input is less than smallest int240 or * greater than largest int240). * * Counterpart to Solidity's `int240` operator. * * Requirements: * * - input must fit into 240 bits * * _Available since v4.7._ */ function toInt240(int256 value) internal pure returns (int240) { require(value >= type(int240).min && value <= type(int240).max, "SafeCast: value doesn't fit in 240 bits"); return int240(value); } /** * @dev Returns the downcasted int232 from int256, reverting on * overflow (when the input is less than smallest int232 or * greater than largest int232). * * Counterpart to Solidity's `int232` operator. * * Requirements: * * - input must fit into 232 bits * * _Available since v4.7._ */ function toInt232(int256 value) internal pure returns (int232) { require(value >= type(int232).min && value <= type(int232).max, "SafeCast: value doesn't fit in 232 bits"); return int232(value); } /** * @dev Returns the downcasted int224 from int256, reverting on * overflow (when the input is less than smallest int224 or * greater than largest int224). * * Counterpart to Solidity's `int224` operator. * * Requirements: * * - input must fit into 224 bits * * _Available since v4.7._ */ function toInt224(int256 value) internal pure returns (int224) { require(value >= type(int224).min && value <= type(int224).max, "SafeCast: value doesn't fit in 224 bits"); return int224(value); } /** * @dev Returns the downcasted int216 from int256, reverting on * overflow (when the input is less than smallest int216 or * greater than largest int216). * * Counterpart to Solidity's `int216` operator. * * Requirements: * * - input must fit into 216 bits * * _Available since v4.7._ */ function toInt216(int256 value) internal pure returns (int216) { require(value >= type(int216).min && value <= type(int216).max, "SafeCast: value doesn't fit in 216 bits"); return int216(value); } /** * @dev Returns the downcasted int208 from int256, reverting on * overflow (when the input is less than smallest int208 or * greater than largest int208). * * Counterpart to Solidity's `int208` operator. * * Requirements: * * - input must fit into 208 bits * * _Available since v4.7._ */ function toInt208(int256 value) internal pure returns (int208) { require(value >= type(int208).min && value <= type(int208).max, "SafeCast: value doesn't fit in 208 bits"); return int208(value); } /** * @dev Returns the downcasted int200 from int256, reverting on * overflow (when the input is less than smallest int200 or * greater than largest int200). * * Counterpart to Solidity's `int200` operator. * * Requirements: * * - input must fit into 200 bits * * _Available since v4.7._ */ function toInt200(int256 value) internal pure returns (int200) { require(value >= type(int200).min && value <= type(int200).max, "SafeCast: value doesn't fit in 200 bits"); return int200(value); } /** * @dev Returns the downcasted int192 from int256, reverting on * overflow (when the input is less than smallest int192 or * greater than largest int192). * * Counterpart to Solidity's `int192` operator. * * Requirements: * * - input must fit into 192 bits * * _Available since v4.7._ */ function toInt192(int256 value) internal pure returns (int192) { require(value >= type(int192).min && value <= type(int192).max, "SafeCast: value doesn't fit in 192 bits"); return int192(value); } /** * @dev Returns the downcasted int184 from int256, reverting on * overflow (when the input is less than smallest int184 or * greater than largest int184). * * Counterpart to Solidity's `int184` operator. * * Requirements: * * - input must fit into 184 bits * * _Available since v4.7._ */ function toInt184(int256 value) internal pure returns (int184) { require(value >= type(int184).min && value <= type(int184).max, "SafeCast: value doesn't fit in 184 bits"); return int184(value); } /** * @dev Returns the downcasted int176 from int256, reverting on * overflow (when the input is less than smallest int176 or * greater than largest int176). * * Counterpart to Solidity's `int176` operator. * * Requirements: * * - input must fit into 176 bits * * _Available since v4.7._ */ function toInt176(int256 value) internal pure returns (int176) { require(value >= type(int176).min && value <= type(int176).max, "SafeCast: value doesn't fit in 176 bits"); return int176(value); } /** * @dev Returns the downcasted int168 from int256, reverting on * overflow (when the input is less than smallest int168 or * greater than largest int168). * * Counterpart to Solidity's `int168` operator. * * Requirements: * * - input must fit into 168 bits * * _Available since v4.7._ */ function toInt168(int256 value) internal pure returns (int168) { require(value >= type(int168).min && value <= type(int168).max, "SafeCast: value doesn't fit in 168 bits"); return int168(value); } /** * @dev Returns the downcasted int160 from int256, reverting on * overflow (when the input is less than smallest int160 or * greater than largest int160). * * Counterpart to Solidity's `int160` operator. * * Requirements: * * - input must fit into 160 bits * * _Available since v4.7._ */ function toInt160(int256 value) internal pure returns (int160) { require(value >= type(int160).min && value <= type(int160).max, "SafeCast: value doesn't fit in 160 bits"); return int160(value); } /** * @dev Returns the downcasted int152 from int256, reverting on * overflow (when the input is less than smallest int152 or * greater than largest int152). * * Counterpart to Solidity's `int152` operator. * * Requirements: * * - input must fit into 152 bits * * _Available since v4.7._ */ function toInt152(int256 value) internal pure returns (int152) { require(value >= type(int152).min && value <= type(int152).max, "SafeCast: value doesn't fit in 152 bits"); return int152(value); } /** * @dev Returns the downcasted int144 from int256, reverting on * overflow (when the input is less than smallest int144 or * greater than largest int144). * * Counterpart to Solidity's `int144` operator. * * Requirements: * * - input must fit into 144 bits * * _Available since v4.7._ */ function toInt144(int256 value) internal pure returns (int144) { require(value >= type(int144).min && value <= type(int144).max, "SafeCast: value doesn't fit in 144 bits"); return int144(value); } /** * @dev Returns the downcasted int136 from int256, reverting on * overflow (when the input is less than smallest int136 or * greater than largest int136). * * Counterpart to Solidity's `int136` operator. * * Requirements: * * - input must fit into 136 bits * * _Available since v4.7._ */ function toInt136(int256 value) internal pure returns (int136) { require(value >= type(int136).min && value <= type(int136).max, "SafeCast: value doesn't fit in 136 bits"); return int136(value); } /** * @dev Returns the downcasted int128 from int256, reverting on * overflow (when the input is less than smallest int128 or * greater than largest int128). * * Counterpart to Solidity's `int128` operator. * * Requirements: * * - input must fit into 128 bits * * _Available since v3.1._ */ function toInt128(int256 value) internal pure returns (int128) { require(value >= type(int128).min && value <= type(int128).max, "SafeCast: value doesn't fit in 128 bits"); return int128(value); } /** * @dev Returns the downcasted int120 from int256, reverting on * overflow (when the input is less than smallest int120 or * greater than largest int120). * * Counterpart to Solidity's `int120` operator. * * Requirements: * * - input must fit into 120 bits * * _Available since v4.7._ */ function toInt120(int256 value) internal pure returns (int120) { require(value >= type(int120).min && value <= type(int120).max, "SafeCast: value doesn't fit in 120 bits"); return int120(value); } /** * @dev Returns the downcasted int112 from int256, reverting on * overflow (when the input is less than smallest int112 or * greater than largest int112). * * Counterpart to Solidity's `int112` operator. * * Requirements: * * - input must fit into 112 bits * * _Available since v4.7._ */ function toInt112(int256 value) internal pure returns (int112) { require(value >= type(int112).min && value <= type(int112).max, "SafeCast: value doesn't fit in 112 bits"); return int112(value); } /** * @dev Returns the downcasted int104 from int256, reverting on * overflow (when the input is less than smallest int104 or * greater than largest int104). * * Counterpart to Solidity's `int104` operator. * * Requirements: * * - input must fit into 104 bits * * _Available since v4.7._ */ function toInt104(int256 value) internal pure returns (int104) { require(value >= type(int104).min && value <= type(int104).max, "SafeCast: value doesn't fit in 104 bits"); return int104(value); } /** * @dev Returns the downcasted int96 from int256, reverting on * overflow (when the input is less than smallest int96 or * greater than largest int96). * * Counterpart to Solidity's `int96` operator. * * Requirements: * * - input must fit into 96 bits * * _Available since v4.7._ */ function toInt96(int256 value) internal pure returns (int96) { require(value >= type(int96).min && value <= type(int96).max, "SafeCast: value doesn't fit in 96 bits"); return int96(value); } /** * @dev Returns the downcasted int88 from int256, reverting on * overflow (when the input is less than smallest int88 or * greater than largest int88). * * Counterpart to Solidity's `int88` operator. * * Requirements: * * - input must fit into 88 bits * * _Available since v4.7._ */ function toInt88(int256 value) internal pure returns (int88) { require(value >= type(int88).min && value <= type(int88).max, "SafeCast: value doesn't fit in 88 bits"); return int88(value); } /** * @dev Returns the downcasted int80 from int256, reverting on * overflow (when the input is less than smallest int80 or * greater than largest int80). * * Counterpart to Solidity's `int80` operator. * * Requirements: * * - input must fit into 80 bits * * _Available since v4.7._ */ function toInt80(int256 value) internal pure returns (int80) { require(value >= type(int80).min && value <= type(int80).max, "SafeCast: value doesn't fit in 80 bits"); return int80(value); } /** * @dev Returns the downcasted int72 from int256, reverting on * overflow (when the input is less than smallest int72 or * greater than largest int72). * * Counterpart to Solidity's `int72` operator. * * Requirements: * * - input must fit into 72 bits * * _Available since v4.7._ */ function toInt72(int256 value) internal pure returns (int72) { require(value >= type(int72).min && value <= type(int72).max, "SafeCast: value doesn't fit in 72 bits"); return int72(value); } /** * @dev Returns the downcasted int64 from int256, reverting on * overflow (when the input is less than smallest int64 or * greater than largest int64). * * Counterpart to Solidity's `int64` operator. * * Requirements: * * - input must fit into 64 bits * * _Available since v3.1._ */ function toInt64(int256 value) internal pure returns (int64) { require(value >= type(int64).min && value <= type(int64).max, "SafeCast: value doesn't fit in 64 bits"); return int64(value); } /** * @dev Returns the downcasted int56 from int256, reverting on * overflow (when the input is less than smallest int56 or * greater than largest int56). * * Counterpart to Solidity's `int56` operator. * * Requirements: * * - input must fit into 56 bits * * _Available since v4.7._ */ function toInt56(int256 value) internal pure returns (int56) { require(value >= type(int56).min && value <= type(int56).max, "SafeCast: value doesn't fit in 56 bits"); return int56(value); } /** * @dev Returns the downcasted int48 from int256, reverting on * overflow (when the input is less than smallest int48 or * greater than largest int48). * * Counterpart to Solidity's `int48` operator. * * Requirements: * * - input must fit into 48 bits * * _Available since v4.7._ */ function toInt48(int256 value) internal pure returns (int48) { require(value >= type(int48).min && value <= type(int48).max, "SafeCast: value doesn't fit in 48 bits"); return int48(value); } /** * @dev Returns the downcasted int40 from int256, reverting on * overflow (when the input is less than smallest int40 or * greater than largest int40). * * Counterpart to Solidity's `int40` operator. * * Requirements: * * - input must fit into 40 bits * * _Available since v4.7._ */ function toInt40(int256 value) internal pure returns (int40) { require(value >= type(int40).min && value <= type(int40).max, "SafeCast: value doesn't fit in 40 bits"); return int40(value); } /** * @dev Returns the downcasted int32 from int256, reverting on * overflow (when the input is less than smallest int32 or * greater than largest int32). * * Counterpart to Solidity's `int32` operator. * * Requirements: * * - input must fit into 32 bits * * _Available since v3.1._ */ function toInt32(int256 value) internal pure returns (int32) { require(value >= type(int32).min && value <= type(int32).max, "SafeCast: value doesn't fit in 32 bits"); return int32(value); } /** * @dev Returns the downcasted int24 from int256, reverting on * overflow (when the input is less than smallest int24 or * greater than largest int24). * * Counterpart to Solidity's `int24` operator. * * Requirements: * * - input must fit into 24 bits * * _Available since v4.7._ */ function toInt24(int256 value) internal pure returns (int24) { require(value >= type(int24).min && value <= type(int24).max, "SafeCast: value doesn't fit in 24 bits"); return int24(value); } /** * @dev Returns the downcasted int16 from int256, reverting on * overflow (when the input is less than smallest int16 or * greater than largest int16). * * Counterpart to Solidity's `int16` operator. * * Requirements: * * - input must fit into 16 bits * * _Available since v3.1._ */ function toInt16(int256 value) internal pure returns (int16) { require(value >= type(int16).min && value <= type(int16).max, "SafeCast: value doesn't fit in 16 bits"); return int16(value); } /** * @dev Returns the downcasted int8 from int256, reverting on * overflow (when the input is less than smallest int8 or * greater than largest int8). * * Counterpart to Solidity's `int8` operator. * * Requirements: * * - input must fit into 8 bits * * _Available since v3.1._ */ function toInt8(int256 value) internal pure returns (int8) { require(value >= type(int8).min && value <= type(int8).max, "SafeCast: value doesn't fit in 8 bits"); return int8(value); } /** * @dev Converts an unsigned uint256 into a signed int256. * * Requirements: * * - input must be less than or equal to maxInt256. * * _Available since v3.0._ */ function toInt256(uint256 value) internal pure returns (int256) { // Note: Unsafe cast below is okay because `type(int256).max` is guaranteed to be positive require(value <= uint256(type(int256).max), "SafeCast: value doesn't fit in an int256"); return int256(value); } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.5.0) (utils/math/SignedMath.sol) pragma solidity ^0.8.0; /** * @dev Standard signed math utilities missing in the Solidity language. */ library SignedMath { /** * @dev Returns the largest of two signed numbers. */ function max(int256 a, int256 b) internal pure returns (int256) { return a >= b ? a : b; } /** * @dev Returns the smallest of two signed numbers. */ function min(int256 a, int256 b) internal pure returns (int256) { return a < b ? a : b; } /** * @dev Returns the average of two signed numbers without overflow. * The result is rounded towards zero. */ function average(int256 a, int256 b) internal pure returns (int256) { // Formula from the book "Hacker's Delight" int256 x = (a & b) + ((a ^ b) >> 1); return x + (int256(uint256(x) >> 255) & (a ^ b)); } /** * @dev Returns the absolute unsigned value of a signed value. */ function abs(int256 n) internal pure returns (uint256) { unchecked { // must be unchecked in order to support `n = type(int256).min` return uint256(n >= 0 ? n : -n); } } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.7.0) (access/Ownable.sol) pragma solidity ^0.8.0; import "../utils/ContextUpgradeable.sol"; import "../proxy/utils/Initializable.sol"; /** * @dev Contract module which provides a basic access control mechanism, where * there is an account (an owner) that can be granted exclusive access to * specific functions. * * By default, the owner account will be the one that deploys the contract. This * can later be changed with {transferOwnership}. * * This module is used through inheritance. It will make available the modifier * `onlyOwner`, which can be applied to your functions to restrict their use to * the owner. */ abstract contract OwnableUpgradeable is Initializable, ContextUpgradeable { address private _owner; event OwnershipTransferred(address indexed previousOwner, address indexed newOwner); /** * @dev Initializes the contract setting the deployer as the initial owner. */ function __Ownable_init() internal onlyInitializing { __Ownable_init_unchained(); } function __Ownable_init_unchained() internal onlyInitializing { _transferOwnership(_msgSender()); } /** * @dev Throws if called by any account other than the owner. */ modifier onlyOwner() { _checkOwner(); _; } /** * @dev Returns the address of the current owner. */ function owner() public view virtual returns (address) { return _owner; } /** * @dev Throws if the sender is not the owner. */ function _checkOwner() internal view virtual { require(owner() == _msgSender(), "Ownable: caller is not the owner"); } /** * @dev Leaves the contract without owner. It will not be possible to call * `onlyOwner` functions anymore. Can only be called by the current owner. * * NOTE: Renouncing ownership will leave the contract without an owner, * thereby removing any functionality that is only available to the owner. */ function renounceOwnership() public virtual onlyOwner { _transferOwnership(address(0)); } /** * @dev Transfers ownership of the contract to a new account (`newOwner`). * Can only be called by the current owner. */ function transferOwnership(address newOwner) public virtual onlyOwner { require(newOwner != address(0), "Ownable: new owner is the zero address"); _transferOwnership(newOwner); } /** * @dev Transfers ownership of the contract to a new account (`newOwner`). * Internal function without access restriction. */ function _transferOwnership(address newOwner) internal virtual { address oldOwner = _owner; _owner = newOwner; emit OwnershipTransferred(oldOwner, newOwner); } /** * @dev This empty reserved space is put in place to allow future versions to add new * variables without shifting down storage in the inheritance chain. * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps */ uint256[49] private __gap; }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.7.0) (proxy/utils/Initializable.sol) pragma solidity ^0.8.2; import "../../utils/AddressUpgradeable.sol"; /** * @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed * behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an * external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer * function so it can only be called once. The {initializer} modifier provided by this contract will have this effect. * * The initialization functions use a version number. Once a version number is used, it is consumed and cannot be * reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in * case an upgrade adds a module that needs to be initialized. * * For example: * * [.hljs-theme-light.nopadding] * ``` * contract MyToken is ERC20Upgradeable { * function initialize() initializer public { * __ERC20_init("MyToken", "MTK"); * } * } * contract MyTokenV2 is MyToken, ERC20PermitUpgradeable { * function initializeV2() reinitializer(2) public { * __ERC20Permit_init("MyToken"); * } * } * ``` * * TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as * possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}. * * CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure * that all initializers are idempotent. This is not verified automatically as constructors are by Solidity. * * [CAUTION] * ==== * Avoid leaving a contract uninitialized. * * An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation * contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke * the {_disableInitializers} function in the constructor to automatically lock it when it is deployed: * * [.hljs-theme-light.nopadding] * ``` * /// @custom:oz-upgrades-unsafe-allow constructor * constructor() { * _disableInitializers(); * } * ``` * ==== */ abstract contract Initializable { /** * @dev Indicates that the contract has been initialized. * @custom:oz-retyped-from bool */ uint8 private _initialized; /** * @dev Indicates that the contract is in the process of being initialized. */ bool private _initializing; /** * @dev Triggered when the contract has been initialized or reinitialized. */ event Initialized(uint8 version); /** * @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope, * `onlyInitializing` functions can be used to initialize parent contracts. Equivalent to `reinitializer(1)`. */ modifier initializer() { bool isTopLevelCall = !_initializing; require( (isTopLevelCall && _initialized < 1) || (!AddressUpgradeable.isContract(address(this)) && _initialized == 1), "Initializable: contract is already initialized" ); _initialized = 1; if (isTopLevelCall) { _initializing = true; } _; if (isTopLevelCall) { _initializing = false; emit Initialized(1); } } /** * @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the * contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be * used to initialize parent contracts. * * `initializer` is equivalent to `reinitializer(1)`, so a reinitializer may be used after the original * initialization step. This is essential to configure modules that are added through upgrades and that require * initialization. * * Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in * a contract, executing them in the right order is up to the developer or operator. */ modifier reinitializer(uint8 version) { require(!_initializing && _initialized < version, "Initializable: contract is already initialized"); _initialized = version; _initializing = true; _; _initializing = false; emit Initialized(version); } /** * @dev Modifier to protect an initialization function so that it can only be invoked by functions with the * {initializer} and {reinitializer} modifiers, directly or indirectly. */ modifier onlyInitializing() { require(_initializing, "Initializable: contract is not initializing"); _; } /** * @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call. * Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized * to any version. It is recommended to use this to lock implementation contracts that are designed to be called * through proxies. */ function _disableInitializers() internal virtual { require(!_initializing, "Initializable: contract is initializing"); if (_initialized < type(uint8).max) { _initialized = type(uint8).max; emit Initialized(type(uint8).max); } } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.7.0) (security/Pausable.sol) pragma solidity ^0.8.0; import "../utils/ContextUpgradeable.sol"; import "../proxy/utils/Initializable.sol"; /** * @dev Contract module which allows children to implement an emergency stop * mechanism that can be triggered by an authorized account. * * This module is used through inheritance. It will make available the * modifiers `whenNotPaused` and `whenPaused`, which can be applied to * the functions of your contract. Note that they will not be pausable by * simply including this module, only once the modifiers are put in place. */ abstract contract PausableUpgradeable is Initializable, ContextUpgradeable { /** * @dev Emitted when the pause is triggered by `account`. */ event Paused(address account); /** * @dev Emitted when the pause is lifted by `account`. */ event Unpaused(address account); bool private _paused; /** * @dev Initializes the contract in unpaused state. */ function __Pausable_init() internal onlyInitializing { __Pausable_init_unchained(); } function __Pausable_init_unchained() internal onlyInitializing { _paused = false; } /** * @dev Modifier to make a function callable only when the contract is not paused. * * Requirements: * * - The contract must not be paused. */ modifier whenNotPaused() { _requireNotPaused(); _; } /** * @dev Modifier to make a function callable only when the contract is paused. * * Requirements: * * - The contract must be paused. */ modifier whenPaused() { _requirePaused(); _; } /** * @dev Returns true if the contract is paused, and false otherwise. */ function paused() public view virtual returns (bool) { return _paused; } /** * @dev Throws if the contract is paused. */ function _requireNotPaused() internal view virtual { require(!paused(), "Pausable: paused"); } /** * @dev Throws if the contract is not paused. */ function _requirePaused() internal view virtual { require(paused(), "Pausable: not paused"); } /** * @dev Triggers stopped state. * * Requirements: * * - The contract must not be paused. */ function _pause() internal virtual whenNotPaused { _paused = true; emit Paused(_msgSender()); } /** * @dev Returns to normal state. * * Requirements: * * - The contract must be paused. */ function _unpause() internal virtual whenPaused { _paused = false; emit Unpaused(_msgSender()); } /** * @dev This empty reserved space is put in place to allow future versions to add new * variables without shifting down storage in the inheritance chain. * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps */ uint256[49] private __gap; }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts v4.4.1 (security/ReentrancyGuard.sol) pragma solidity ^0.8.0; import "../proxy/utils/Initializable.sol"; /** * @dev Contract module that helps prevent reentrant calls to a function. * * Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier * available, which can be applied to functions to make sure there are no nested * (reentrant) calls to them. * * Note that because there is a single `nonReentrant` guard, functions marked as * `nonReentrant` may not call one another. This can be worked around by making * those functions `private`, and then adding `external` `nonReentrant` entry * points to them. * * TIP: If you would like to learn more about reentrancy and alternative ways * to protect against it, check out our blog post * https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul]. */ abstract contract ReentrancyGuardUpgradeable is Initializable { // Booleans are more expensive than uint256 or any type that takes up a full // word because each write operation emits an extra SLOAD to first read the // slot's contents, replace the bits taken up by the boolean, and then write // back. This is the compiler's defense against contract upgrades and // pointer aliasing, and it cannot be disabled. // The values being non-zero value makes deployment a bit more expensive, // but in exchange the refund on every call to nonReentrant will be lower in // amount. Since refunds are capped to a percentage of the total // transaction's gas, it is best to keep them low in cases like this one, to // increase the likelihood of the full refund coming into effect. uint256 private constant _NOT_ENTERED = 1; uint256 private constant _ENTERED = 2; uint256 private _status; function __ReentrancyGuard_init() internal onlyInitializing { __ReentrancyGuard_init_unchained(); } function __ReentrancyGuard_init_unchained() internal onlyInitializing { _status = _NOT_ENTERED; } /** * @dev Prevents a contract from calling itself, directly or indirectly. * Calling a `nonReentrant` function from another `nonReentrant` * function is not supported. It is possible to prevent this from happening * by making the `nonReentrant` function external, and making it call a * `private` function that does the actual work. */ modifier nonReentrant() { // On the first call to nonReentrant, _notEntered will be true require(_status != _ENTERED, "ReentrancyGuard: reentrant call"); // Any calls to nonReentrant after this point will fail _status = _ENTERED; _; // By storing the original value once again, a refund is triggered (see // https://eips.ethereum.org/EIPS/eip-2200) _status = _NOT_ENTERED; } /** * @dev This empty reserved space is put in place to allow future versions to add new * variables without shifting down storage in the inheritance chain. * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps */ uint256[49] private __gap; }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts (last updated v4.7.0) (utils/Address.sol) pragma solidity ^0.8.1; /** * @dev Collection of functions related to the address type */ library AddressUpgradeable { /** * @dev Returns true if `account` is a contract. * * [IMPORTANT] * ==== * It is unsafe to assume that an address for which this function returns * false is an externally-owned account (EOA) and not a contract. * * Among others, `isContract` will return false for the following * types of addresses: * * - an externally-owned account * - a contract in construction * - an address where a contract will be created * - an address where a contract lived, but was destroyed * ==== * * [IMPORTANT] * ==== * You shouldn't rely on `isContract` to protect against flash loan attacks! * * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract * constructor. * ==== */ function isContract(address account) internal view returns (bool) { // This method relies on extcodesize/address.code.length, which returns 0 // for contracts in construction, since the code is only stored at the end // of the constructor execution. return account.code.length > 0; } /** * @dev Replacement for Solidity's `transfer`: sends `amount` wei to * `recipient`, forwarding all available gas and reverting on errors. * * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost * of certain opcodes, possibly making contracts go over the 2300 gas limit * imposed by `transfer`, making them unable to receive funds via * `transfer`. {sendValue} removes this limitation. * * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more]. * * IMPORTANT: because control is transferred to `recipient`, care must be * taken to not create reentrancy vulnerabilities. Consider using * {ReentrancyGuard} or the * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern]. */ function sendValue(address payable recipient, uint256 amount) internal { require(address(this).balance >= amount, "Address: insufficient balance"); (bool success, ) = recipient.call{value: amount}(""); require(success, "Address: unable to send value, recipient may have reverted"); } /** * @dev Performs a Solidity function call using a low level `call`. A * plain `call` is an unsafe replacement for a function call: use this * function instead. * * If `target` reverts with a revert reason, it is bubbled up by this * function (like regular Solidity function calls). * * Returns the raw returned data. To convert to the expected return value, * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`]. * * Requirements: * * - `target` must be a contract. * - calling `target` with `data` must not revert. * * _Available since v3.1._ */ function functionCall(address target, bytes memory data) internal returns (bytes memory) { return functionCall(target, data, "Address: low-level call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with * `errorMessage` as a fallback revert reason when `target` reverts. * * _Available since v3.1._ */ function functionCall( address target, bytes memory data, string memory errorMessage ) internal returns (bytes memory) { return functionCallWithValue(target, data, 0, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but also transferring `value` wei to `target`. * * Requirements: * * - the calling contract must have an ETH balance of at least `value`. * - the called Solidity function must be `payable`. * * _Available since v3.1._ */ function functionCallWithValue( address target, bytes memory data, uint256 value ) internal returns (bytes memory) { return functionCallWithValue(target, data, value, "Address: low-level call with value failed"); } /** * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but * with `errorMessage` as a fallback revert reason when `target` reverts. * * _Available since v3.1._ */ function functionCallWithValue( address target, bytes memory data, uint256 value, string memory errorMessage ) internal returns (bytes memory) { require(address(this).balance >= value, "Address: insufficient balance for call"); require(isContract(target), "Address: call to non-contract"); (bool success, bytes memory returndata) = target.call{value: value}(data); return verifyCallResult(success, returndata, errorMessage); } /** * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], * but performing a static call. * * _Available since v3.3._ */ function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) { return functionStaticCall(target, data, "Address: low-level static call failed"); } /** * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`], * but performing a static call. * * _Available since v3.3._ */ function functionStaticCall( address target, bytes memory data, string memory errorMessage ) internal view returns (bytes memory) { require(isContract(target), "Address: static call to non-contract"); (bool success, bytes memory returndata) = target.staticcall(data); return verifyCallResult(success, returndata, errorMessage); } /** * @dev Tool to verifies that a low level call was successful, and revert if it wasn't, either by bubbling the * revert reason using the provided one. * * _Available since v4.3._ */ function verifyCallResult( bool success, bytes memory returndata, string memory errorMessage ) internal pure returns (bytes memory) { if (success) { return returndata; } else { // Look for revert reason and bubble it up if present if (returndata.length > 0) { // The easiest way to bubble the revert reason is using memory via assembly /// @solidity memory-safe-assembly assembly { let returndata_size := mload(returndata) revert(add(32, returndata), returndata_size) } } else { revert(errorMessage); } } } }
// SPDX-License-Identifier: MIT // OpenZeppelin Contracts v4.4.1 (utils/Context.sol) pragma solidity ^0.8.0; import "../proxy/utils/Initializable.sol"; /** * @dev Provides information about the current execution context, including the * sender of the transaction and its data. While these are generally available * via msg.sender and msg.data, they should not be accessed in such a direct * manner, since when dealing with meta-transactions the account sending and * paying for execution may not be the actual sender (as far as an application * is concerned). * * This contract is only required for intermediate, library-like contracts. */ abstract contract ContextUpgradeable is Initializable { function __Context_init() internal onlyInitializing { } function __Context_init_unchained() internal onlyInitializing { } function _msgSender() internal view virtual returns (address) { return msg.sender; } function _msgData() internal view virtual returns (bytes calldata) { return msg.data; } /** * @dev This empty reserved space is put in place to allow future versions to add new * variables without shifting down storage in the inheritance chain. * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps */ uint256[50] private __gap; }
// SPDX-License-Identifier: MIT pragma solidity >=0.8.0; /// @notice Library for converting between addresses and bytes32 values. /// @author Solmate (https://github.com/Rari-Capital/solmate/blob/main/src/utils/Bytes32AddressLib.sol) library Bytes32AddressLib { function fromLast20Bytes(bytes32 bytesValue) internal pure returns (address) { return address(uint160(uint256(bytesValue))); } function fillLast12Bytes(address addressValue) internal pure returns (bytes32) { return bytes32(bytes20(addressValue)); } }
// SPDX-License-Identifier: MIT pragma solidity >=0.8.0; /// @notice Arithmetic library with operations for fixed-point numbers. /// @author Solmate (https://github.com/Rari-Capital/solmate/blob/main/src/utils/FixedPointMathLib.sol) library FixedPointMathLib { /*////////////////////////////////////////////////////////////// SIMPLIFIED FIXED POINT OPERATIONS //////////////////////////////////////////////////////////////*/ uint256 internal constant WAD = 1e18; // The scalar of ETH and most ERC20s. function mulWadDown(uint256 x, uint256 y) internal pure returns (uint256) { return mulDivDown(x, y, WAD); // Equivalent to (x * y) / WAD rounded down. } function mulWadUp(uint256 x, uint256 y) internal pure returns (uint256) { return mulDivUp(x, y, WAD); // Equivalent to (x * y) / WAD rounded up. } function divWadDown(uint256 x, uint256 y) internal pure returns (uint256) { return mulDivDown(x, WAD, y); // Equivalent to (x * WAD) / y rounded down. } function divWadUp(uint256 x, uint256 y) internal pure returns (uint256) { return mulDivUp(x, WAD, y); // Equivalent to (x * WAD) / y rounded up. } function powWad(int256 x, int256 y) internal pure returns (int256) { // Equivalent to x to the power of y because x ** y = (e ** ln(x)) ** y = e ** (ln(x) * y) return expWad((lnWad(x) * y) / int256(WAD)); // Using ln(x) means x must be greater than 0. } function expWad(int256 x) internal pure returns (int256 r) { unchecked { // When the result is < 0.5 we return zero. This happens when // x <= floor(log(0.5e18) * 1e18) ~ -42e18 if (x <= -42139678854452767551) return 0; // When the result is > (2**255 - 1) / 1e18 we can not represent it as an // int. This happens when x >= floor(log((2**255 - 1) / 1e18) * 1e18) ~ 135. if (x >= 135305999368893231589) revert("EXP_OVERFLOW"); // x is now in the range (-42, 136) * 1e18. Convert to (-42, 136) * 2**96 // for more intermediate precision and a binary basis. This base conversion // is a multiplication by 1e18 / 2**96 = 5**18 / 2**78. x = (x << 78) / 5**18; // Reduce range of x to (-½ ln 2, ½ ln 2) * 2**96 by factoring out powers // of two such that exp(x) = exp(x') * 2**k, where k is an integer. // Solving this gives k = round(x / log(2)) and x' = x - k * log(2). int256 k = ((x << 96) / 54916777467707473351141471128 + 2**95) >> 96; x = x - k * 54916777467707473351141471128; // k is in the range [-61, 195]. // Evaluate using a (6, 7)-term rational approximation. // p is made monic, we'll multiply by a scale factor later. int256 y = x + 1346386616545796478920950773328; y = ((y * x) >> 96) + 57155421227552351082224309758442; int256 p = y + x - 94201549194550492254356042504812; p = ((p * y) >> 96) + 28719021644029726153956944680412240; p = p * x + (4385272521454847904659076985693276 << 96); // We leave p in 2**192 basis so we don't need to scale it back up for the division. int256 q = x - 2855989394907223263936484059900; q = ((q * x) >> 96) + 50020603652535783019961831881945; q = ((q * x) >> 96) - 533845033583426703283633433725380; q = ((q * x) >> 96) + 3604857256930695427073651918091429; q = ((q * x) >> 96) - 14423608567350463180887372962807573; q = ((q * x) >> 96) + 26449188498355588339934803723976023; assembly { // Div in assembly because solidity adds a zero check despite the unchecked. // The q polynomial won't have zeros in the domain as all its roots are complex. // No scaling is necessary because p is already 2**96 too large. r := sdiv(p, q) } // r should be in the range (0.09, 0.25) * 2**96. // We now need to multiply r by: // * the scale factor s = ~6.031367120. // * the 2**k factor from the range reduction. // * the 1e18 / 2**96 factor for base conversion. // We do this all at once, with an intermediate result in 2**213 // basis, so the final right shift is always by a positive amount. r = int256((uint256(r) * 3822833074963236453042738258902158003155416615667) >> uint256(195 - k)); } } function lnWad(int256 x) internal pure returns (int256 r) { unchecked { require(x > 0, "UNDEFINED"); // We want to convert x from 10**18 fixed point to 2**96 fixed point. // We do this by multiplying by 2**96 / 10**18. But since // ln(x * C) = ln(x) + ln(C), we can simply do nothing here // and add ln(2**96 / 10**18) at the end. // Reduce range of x to (1, 2) * 2**96 // ln(2^k * x) = k * ln(2) + ln(x) int256 k = int256(log2(uint256(x))) - 96; x <<= uint256(159 - k); x = int256(uint256(x) >> 159); // Evaluate using a (8, 8)-term rational approximation. // p is made monic, we will multiply by a scale factor later. int256 p = x + 3273285459638523848632254066296; p = ((p * x) >> 96) + 24828157081833163892658089445524; p = ((p * x) >> 96) + 43456485725739037958740375743393; p = ((p * x) >> 96) - 11111509109440967052023855526967; p = ((p * x) >> 96) - 45023709667254063763336534515857; p = ((p * x) >> 96) - 14706773417378608786704636184526; p = p * x - (795164235651350426258249787498 << 96); // We leave p in 2**192 basis so we don't need to scale it back up for the division. // q is monic by convention. int256 q = x + 5573035233440673466300451813936; q = ((q * x) >> 96) + 71694874799317883764090561454958; q = ((q * x) >> 96) + 283447036172924575727196451306956; q = ((q * x) >> 96) + 401686690394027663651624208769553; q = ((q * x) >> 96) + 204048457590392012362485061816622; q = ((q * x) >> 96) + 31853899698501571402653359427138; q = ((q * x) >> 96) + 909429971244387300277376558375; assembly { // Div in assembly because solidity adds a zero check despite the unchecked. // The q polynomial is known not to have zeros in the domain. // No scaling required because p is already 2**96 too large. r := sdiv(p, q) } // r is in the range (0, 0.125) * 2**96 // Finalization, we need to: // * multiply by the scale factor s = 5.549… // * add ln(2**96 / 10**18) // * add k * ln(2) // * multiply by 10**18 / 2**96 = 5**18 >> 78 // mul s * 5e18 * 2**96, base is now 5**18 * 2**192 r *= 1677202110996718588342820967067443963516166; // add ln(2) * k * 5e18 * 2**192 r += 16597577552685614221487285958193947469193820559219878177908093499208371 * k; // add ln(2**96 / 10**18) * 5e18 * 2**192 r += 600920179829731861736702779321621459595472258049074101567377883020018308; // base conversion: mul 2**18 / 2**192 r >>= 174; } } /*////////////////////////////////////////////////////////////// LOW LEVEL FIXED POINT OPERATIONS //////////////////////////////////////////////////////////////*/ function mulDivDown( uint256 x, uint256 y, uint256 denominator ) internal pure returns (uint256 z) { assembly { // Store x * y in z for now. z := mul(x, y) // Equivalent to require(denominator != 0 && (x == 0 || (x * y) / x == y)) if iszero(and(iszero(iszero(denominator)), or(iszero(x), eq(div(z, x), y)))) { revert(0, 0) } // Divide z by the denominator. z := div(z, denominator) } } function mulDivUp( uint256 x, uint256 y, uint256 denominator ) internal pure returns (uint256 z) { assembly { // Store x * y in z for now. z := mul(x, y) // Equivalent to require(denominator != 0 && (x == 0 || (x * y) / x == y)) if iszero(and(iszero(iszero(denominator)), or(iszero(x), eq(div(z, x), y)))) { revert(0, 0) } // First, divide z - 1 by the denominator and add 1. // We allow z - 1 to underflow if z is 0, because we multiply the // end result by 0 if z is zero, ensuring we return 0 if z is zero. z := mul(iszero(iszero(z)), add(div(sub(z, 1), denominator), 1)) } } function rpow( uint256 x, uint256 n, uint256 scalar ) internal pure returns (uint256 z) { assembly { switch x case 0 { switch n case 0 { // 0 ** 0 = 1 z := scalar } default { // 0 ** n = 0 z := 0 } } default { switch mod(n, 2) case 0 { // If n is even, store scalar in z for now. z := scalar } default { // If n is odd, store x in z for now. z := x } // Shifting right by 1 is like dividing by 2. let half := shr(1, scalar) for { // Shift n right by 1 before looping to halve it. n := shr(1, n) } n { // Shift n right by 1 each iteration to halve it. n := shr(1, n) } { // Revert immediately if x ** 2 would overflow. // Equivalent to iszero(eq(div(xx, x), x)) here. if shr(128, x) { revert(0, 0) } // Store x squared. let xx := mul(x, x) // Round to the nearest number. let xxRound := add(xx, half) // Revert if xx + half overflowed. if lt(xxRound, xx) { revert(0, 0) } // Set x to scaled xxRound. x := div(xxRound, scalar) // If n is even: if mod(n, 2) { // Compute z * x. let zx := mul(z, x) // If z * x overflowed: if iszero(eq(div(zx, x), z)) { // Revert if x is non-zero. if iszero(iszero(x)) { revert(0, 0) } } // Round to the nearest number. let zxRound := add(zx, half) // Revert if zx + half overflowed. if lt(zxRound, zx) { revert(0, 0) } // Return properly scaled zxRound. z := div(zxRound, scalar) } } } } } /*////////////////////////////////////////////////////////////// GENERAL NUMBER UTILITIES //////////////////////////////////////////////////////////////*/ function sqrt(uint256 x) internal pure returns (uint256 z) { assembly { let y := x // We start y at x, which will help us make our initial estimate. z := 181 // The "correct" value is 1, but this saves a multiplication later. // This segment is to get a reasonable initial estimate for the Babylonian method. With a bad // start, the correct # of bits increases ~linearly each iteration instead of ~quadratically. // We check y >= 2^(k + 8) but shift right by k bits // each branch to ensure that if x >= 256, then y >= 256. if iszero(lt(y, 0x10000000000000000000000000000000000)) { y := shr(128, y) z := shl(64, z) } if iszero(lt(y, 0x1000000000000000000)) { y := shr(64, y) z := shl(32, z) } if iszero(lt(y, 0x10000000000)) { y := shr(32, y) z := shl(16, z) } if iszero(lt(y, 0x1000000)) { y := shr(16, y) z := shl(8, z) } // Goal was to get z*z*y within a small factor of x. More iterations could // get y in a tighter range. Currently, we will have y in [256, 256*2^16). // We ensured y >= 256 so that the relative difference between y and y+1 is small. // That's not possible if x < 256 but we can just verify those cases exhaustively. // Now, z*z*y <= x < z*z*(y+1), and y <= 2^(16+8), and either y >= 256, or x < 256. // Correctness can be checked exhaustively for x < 256, so we assume y >= 256. // Then z*sqrt(y) is within sqrt(257)/sqrt(256) of sqrt(x), or about 20bps. // For s in the range [1/256, 256], the estimate f(s) = (181/1024) * (s+1) is in the range // (1/2.84 * sqrt(s), 2.84 * sqrt(s)), with largest error when s = 1 and when s = 256 or 1/256. // Since y is in [256, 256*2^16), let a = y/65536, so that a is in [1/256, 256). Then we can estimate // sqrt(y) using sqrt(65536) * 181/1024 * (a + 1) = 181/4 * (y + 65536)/65536 = 181 * (y + 65536)/2^18. // There is no overflow risk here since y < 2^136 after the first branch above. z := shr(18, mul(z, add(y, 65536))) // A mul() is saved from starting z at 181. // Given the worst case multiplicative error of 2.84 above, 7 iterations should be enough. z := shr(1, add(z, div(x, z))) z := shr(1, add(z, div(x, z))) z := shr(1, add(z, div(x, z))) z := shr(1, add(z, div(x, z))) z := shr(1, add(z, div(x, z))) z := shr(1, add(z, div(x, z))) z := shr(1, add(z, div(x, z))) // If x+1 is a perfect square, the Babylonian method cycles between // floor(sqrt(x)) and ceil(sqrt(x)). This statement ensures we return floor. // See: https://en.wikipedia.org/wiki/Integer_square_root#Using_only_integer_division // Since the ceil is rare, we save gas on the assignment and repeat division in the rare case. // If you don't care whether the floor or ceil square root is returned, you can remove this statement. z := sub(z, lt(div(x, z), z)) } } function log2(uint256 x) internal pure returns (uint256 r) { require(x > 0, "UNDEFINED"); assembly { r := shl(7, lt(0xffffffffffffffffffffffffffffffff, x)) r := or(r, shl(6, lt(0xffffffffffffffff, shr(r, x)))) r := or(r, shl(5, lt(0xffffffff, shr(r, x)))) r := or(r, shl(4, lt(0xffff, shr(r, x)))) r := or(r, shl(3, lt(0xff, shr(r, x)))) r := or(r, shl(2, lt(0xf, shr(r, x)))) r := or(r, shl(1, lt(0x3, shr(r, x)))) r := or(r, lt(0x1, shr(r, x))) } } }
{ "remappings": [ "@openzeppelin/=node_modules/@openzeppelin/", "@openzeppelin/contracts-upgradeable/=node_modules/@openzeppelin/contracts-upgradeable/", "@openzeppelin/contracts/=node_modules/@openzeppelin/contracts/", "@rari-capital/=node_modules/@rari-capital/", "@rari-capital/solmate/=node_modules/@rari-capital/solmate/", "ds-test/=node_modules/ds-test/src/", "forge-std/=node_modules/forge-std/src/" ], "optimizer": { "enabled": true, "runs": 999999 }, "metadata": { "bytecodeHash": "none" }, "outputSelection": { "*": { "*": [ "evm.bytecode", "evm.deployedBytecode", "abi" ] } }, "evmVersion": "london", "libraries": {} }
Contract Security Audit
- No Contract Security Audit Submitted- Submit Audit Here
[{"inputs":[],"stateMutability":"nonpayable","type":"constructor"},{"stateMutability":"payable","type":"fallback"},{"inputs":[],"name":"getL1BlockNumber","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"version","outputs":[{"internalType":"string","name":"","type":"string"}],"stateMutability":"view","type":"function"},{"stateMutability":"payable","type":"receive"}]
Contract Creation Code
60806040526004361061002d5760003560e01c806354fd4d5014610052578063b9b3efe91461007d57610048565b3661004857600061003c6100a0565b90508060005260206000f35b600061003c6100a0565b34801561005e57600080fd5b50610067610134565b6040516100749190610344565b60405180910390f35b34801561008957600080fd5b506100926100a0565b604051908152602001610074565b600073420000000000000000000000000000000000001573ffffffffffffffffffffffffffffffffffffffff16638381f58a6040518163ffffffff1660e01b8152600401602060405180830381865afa158015610101573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906101259190610395565b67ffffffffffffffff16905090565b606061015f7f00000000000000000000000000000000000000000000000000000000000000016101d7565b6101887f00000000000000000000000000000000000000000000000000000000000000006101d7565b6101b17f00000000000000000000000000000000000000000000000000000000000000006101d7565b6040516020016101c3939291906103c6565b604051602081830303815290604052905090565b60608160000361021a57505060408051808201909152600181527f3000000000000000000000000000000000000000000000000000000000000000602082015290565b8160005b8115610244578061022e8161046b565b915061023d9050600a836104d2565b915061021e565b60008167ffffffffffffffff81111561025f5761025f6104e6565b6040519080825280601f01601f191660200182016040528015610289576020820181803683370190505b5090505b841561030c5761029e600183610515565b91506102ab600a8661052c565b6102b6906030610540565b60f81b8183815181106102cb576102cb610558565b60200101907effffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff1916908160001a905350610305600a866104d2565b945061028d565b949350505050565b60005b8381101561032f578181015183820152602001610317565b8381111561033e576000848401525b50505050565b6020815260008251806020840152610363816040850160208701610314565b601f017fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0169190910160400192915050565b6000602082840312156103a757600080fd5b815167ffffffffffffffff811681146103bf57600080fd5b9392505050565b600084516103d8818460208901610314565b80830190507f2e000000000000000000000000000000000000000000000000000000000000008082528551610414816001850160208a01610314565b6001920191820152835161042f816002840160208801610314565b0160020195945050505050565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052601160045260246000fd5b60007fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff820361049c5761049c61043c565b5060010190565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052601260045260246000fd5b6000826104e1576104e16104a3565b500490565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052604160045260246000fd5b6000828210156105275761052761043c565b500390565b60008261053b5761053b6104a3565b500690565b600082198211156105535761055361043c565b500190565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052603260045260246000fdfea164736f6c634300080f000a
Deployed Bytecode
0x60806040526004361061002d5760003560e01c806354fd4d5014610052578063b9b3efe91461007d57610048565b3661004857600061003c6100a0565b90508060005260206000f35b600061003c6100a0565b34801561005e57600080fd5b50610067610134565b6040516100749190610344565b60405180910390f35b34801561008957600080fd5b506100926100a0565b604051908152602001610074565b600073420000000000000000000000000000000000001573ffffffffffffffffffffffffffffffffffffffff16638381f58a6040518163ffffffff1660e01b8152600401602060405180830381865afa158015610101573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906101259190610395565b67ffffffffffffffff16905090565b606061015f7f00000000000000000000000000000000000000000000000000000000000000016101d7565b6101887f00000000000000000000000000000000000000000000000000000000000000006101d7565b6101b17f00000000000000000000000000000000000000000000000000000000000000006101d7565b6040516020016101c3939291906103c6565b604051602081830303815290604052905090565b60608160000361021a57505060408051808201909152600181527f3000000000000000000000000000000000000000000000000000000000000000602082015290565b8160005b8115610244578061022e8161046b565b915061023d9050600a836104d2565b915061021e565b60008167ffffffffffffffff81111561025f5761025f6104e6565b6040519080825280601f01601f191660200182016040528015610289576020820181803683370190505b5090505b841561030c5761029e600183610515565b91506102ab600a8661052c565b6102b6906030610540565b60f81b8183815181106102cb576102cb610558565b60200101907effffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff1916908160001a905350610305600a866104d2565b945061028d565b949350505050565b60005b8381101561032f578181015183820152602001610317565b8381111561033e576000848401525b50505050565b6020815260008251806020840152610363816040850160208701610314565b601f017fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0169190910160400192915050565b6000602082840312156103a757600080fd5b815167ffffffffffffffff811681146103bf57600080fd5b9392505050565b600084516103d8818460208901610314565b80830190507f2e000000000000000000000000000000000000000000000000000000000000008082528551610414816001850160208a01610314565b6001920191820152835161042f816002840160208801610314565b0160020195945050505050565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052601160045260246000fd5b60007fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff820361049c5761049c61043c565b5060010190565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052601260045260246000fd5b6000826104e1576104e16104a3565b500490565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052604160045260246000fd5b6000828210156105275761052761043c565b500390565b60008261053b5761053b6104a3565b500690565b600082198211156105535761055361043c565b500190565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052603260045260246000fdfea164736f6c634300080f000a
Deployed Bytecode Sourcemap
666:910:22:-:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;884:21;908:18;:16;:18::i;:::-;884:42;;969:13;966:1;959:24;1006:2;1003:1;996:13;666:910;1182:21;1206:18;:16;:18::i;1058:372:51:-;;;;;;;;;;;;;:::i;:::-;;;;;;;:::i;:::-;;;;;;;;1444:130:22;;;;;;;;;;;;;:::i;:::-;;;870:25:91;;;858:2;843:18;1444:130:22;724:177:91;1444:130:22;1493:7;1604:42:33;1519:46:22;;;:48;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;:::i;:::-;1512:55;;;;1444:130;:::o;1058:372:51:-;1098:13;1204:31;1221:13;1204:16;:31::i;:::-;1282;1299:13;1282:16;:31::i;:::-;1360;1377:13;1360:16;:31::i;:::-;1166:243;;;;;;;;;;:::i;:::-;;;;;;;;;;;;;1123:300;;1058:372;:::o;392:703:80:-;448:13;665:5;674:1;665:10;661:51;;-1:-1:-1;;691:10:80;;;;;;;;;;;;;;;;;;392:703::o;661:51::-;736:5;721:12;775:75;782:9;;775:75;;807:8;;;;:::i;:::-;;-1:-1:-1;829:10:80;;-1:-1:-1;837:2:80;829:10;;:::i;:::-;;;775:75;;;859:19;891:6;881:17;;;;;;;;:::i;:::-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;-1:-1:-1;881:17:80;;859:39;;908:150;915:10;;908:150;;941:11;951:1;941:11;;:::i;:::-;;-1:-1:-1;1009:10:80;1017:2;1009:5;:10;:::i;:::-;996:24;;:2;:24;:::i;:::-;983:39;;966:6;973;966:14;;;;;;;;:::i;:::-;;;;:56;;;;;;;;;;-1:-1:-1;1036:11:80;1045:2;1036:11;;:::i;:::-;;;908:150;;;1081:6;392:703;-1:-1:-1;;;;392:703:80:o;14:258:91:-;86:1;96:113;110:6;107:1;104:13;96:113;;;186:11;;;180:18;167:11;;;160:39;132:2;125:10;96:113;;;227:6;224:1;221:13;218:48;;;262:1;253:6;248:3;244:16;237:27;218:48;;14:258;;;:::o;277:442::-;426:2;415:9;408:21;389:4;458:6;452:13;501:6;496:2;485:9;481:18;474:34;517:66;576:6;571:2;560:9;556:18;551:2;543:6;539:15;517:66;:::i;:::-;635:2;623:15;640:66;619:88;604:104;;;;710:2;600:113;;277:442;-1:-1:-1;;277:442:91:o;906:288::-;975:6;1028:2;1016:9;1007:7;1003:23;999:32;996:52;;;1044:1;1041;1034:12;996:52;1076:9;1070:16;1126:18;1119:5;1115:30;1108:5;1105:41;1095:69;;1160:1;1157;1150:12;1095:69;1183:5;906:288;-1:-1:-1;;;906:288:91:o;1199:960::-;1628:3;1666:6;1660:13;1682:53;1728:6;1723:3;1716:4;1708:6;1704:17;1682:53;:::i;:::-;1766:6;1761:3;1757:16;1744:29;;1792:3;1818:2;1811:5;1804:17;1852:6;1846:13;1868:65;1924:8;1920:1;1913:5;1909:13;1902:4;1894:6;1890:17;1868:65;:::i;:::-;1996:1;1952:20;;1988:10;;;1981:22;2028:13;;2050:62;2028:13;2099:1;2091:10;;2084:4;2072:17;;2050:62;:::i;:::-;2132:17;2151:1;2128:25;;1199:960;-1:-1:-1;;;;;1199:960:91:o;2164:184::-;2216:77;2213:1;2206:88;2313:4;2310:1;2303:15;2337:4;2334:1;2327:15;2353:195;2392:3;2423:66;2416:5;2413:77;2410:103;;2493:18;;:::i;:::-;-1:-1:-1;2540:1:91;2529:13;;2353:195::o;2553:184::-;2605:77;2602:1;2595:88;2702:4;2699:1;2692:15;2726:4;2723:1;2716:15;2742:120;2782:1;2808;2798:35;;2813:18;;:::i;:::-;-1:-1:-1;2847:9:91;;2742:120::o;2867:184::-;2919:77;2916:1;2909:88;3016:4;3013:1;3006:15;3040:4;3037:1;3030:15;3056:125;3096:4;3124:1;3121;3118:8;3115:34;;;3129:18;;:::i;:::-;-1:-1:-1;3166:9:91;;3056:125::o;3186:112::-;3218:1;3244;3234:35;;3249:18;;:::i;:::-;-1:-1:-1;3283:9:91;;3186:112::o;3303:128::-;3343:3;3374:1;3370:6;3367:1;3364:13;3361:39;;;3380:18;;:::i;:::-;-1:-1:-1;3416:9:91;;3303:128::o;3436:184::-;3488:77;3485:1;3478:88;3585:4;3582:1;3575:15;3609:4;3606:1;3599:15
Swarm Source
none
Loading...
Loading
Loading...
Loading
Multichain Portfolio | 29 Chains
Chain | Token | Portfolio % | Price | Amount | Value |
---|
[ Download: CSV Export ]
[ Download: CSV Export ]
A contract address hosts a smart contract, which is a set of code stored on the blockchain that runs when predetermined conditions are met. Learn more about addresses in our Knowledge Base.