Source Code
Overview
ETH Balance
0 ETH
ETH Value
$0.00Multichain Info
N/A
Latest 1 from a total of 1 transactions
| Transaction Hash |
Method
|
Block
|
From
|
To
|
|||||
|---|---|---|---|---|---|---|---|---|---|
| Deploy Once | 15076773 | 37 hrs ago | IN | 0 ETH | 0.00000135 |
View more zero value Internal Transactions in Advanced View mode
Advanced mode:
Cross-Chain Transactions
Loading...
Loading
Contract Source Code Verified (Exact Match)
Contract Name:
GaugesDaoFactoryV1_4_0
Compiler Version
v0.8.24+commit.e11b9ed9
Optimization Enabled:
Yes with 2000 runs
Other Settings:
cancun EvmVersion
Contract Source Code (Solidity Standard Json-Input format)
// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.17;
import {DAO} from "@aragon/osx/core/dao/DAO.sol";
import {DAOFactory} from "@aragon/osx/framework/dao/DAOFactory.sol";
import {IWithdrawalQueueErrors} from "@escrow/IVotingEscrowIncreasing.sol";
import {IAddressGaugeVote as IGaugeVote} from "@voting/IAddressGaugeVoter.sol";
import {
VotingEscrow,
Clock,
Lock,
Curve,
ExitQueue,
GaugeVoter,
GaugeVoterSetupV1_4_0 as GaugeVoterSetup,
IGaugeVoterSetupParams
} from "@setup/GaugeVoterSetup_v1_4_0.sol";
import {PluginSetupProcessor} from "@aragon/osx/framework/plugin/setup/PluginSetupProcessor.sol";
import {PermissionManager} from "@aragon/osx/core/permission/PermissionManager.sol";
import {hashHelpers, PluginSetupRef} from "@aragon/osx/framework/plugin/setup/PluginSetupProcessorHelpers.sol";
import {PluginRepoFactory} from "@aragon/osx/framework/plugin/repo/PluginRepoFactory.sol";
import {PluginRepo} from "@aragon/osx/framework/plugin/repo/PluginRepo.sol";
import {Action} from "@aragon/osx-commons-contracts/src/executors/IExecutor.sol";
import {IPluginSetup} from "@aragon/osx-commons-contracts/src/plugin/setup/IPluginSetup.sol";
import {IPlugin} from "@aragon/osx-commons-contracts/src/plugin/IPlugin.sol";
import {Multisig} from "@aragon/multisig/src/Multisig.sol";
import {MultisigSetup as MultisigPluginSetup} from "@aragon/multisig/src/MultisigSetup.sol";
import {ProxyLib} from "@aragon/osx-commons-contracts/src/utils/deployment/ProxyLib.sol";
import {PermissionLib} from "@aragon/osx-commons-contracts/src/permission/PermissionLib.sol";
import {EscrowIVotesAdapter} from "@delegation/EscrowIVotesAdapter.sol";
import {MockERC20Votes} from "@mocks/MockERC20.sol";
/// @notice The struct containing all the parameters to deploy the DAO
/// @param daoExecutor Optional address with execute permission on the DAO in addition to the multisig
/// @param daoMetadataURI The DAO Metadata(optional)
/// @param daoSubdomain The ens subdomain(optional)
/// @param minApprovals The amount of approvals required for the multisig to be able to execute a proposal on the DAO
/// @param multisigMembers The list of addresses to be defined as the initial multisig signers
/// @param tokenParameters A list with the tokens and metadata for which a plugin and a VE should be deployed
/// @param feePercent The fee taken on withdrawals (1 ether = 100%)
/// @param cooldownPeriod Delay seconds after queuing an exit before withdrawing becomes possible
/// @param minLockDuration Min seconds a user must have locked in escrow before they can queue an exit
/// @param votingPaused Prevent voting until manually activated by the multisig
/// @param multisigPluginRepo Address of Aragon's multisig plugin repository on the given network
/// @param multisigPluginRelease The release of the multisig plugin to target
/// @param multisigPluginBuild The build of the multisig plugin to target
/// @param voterPluginSetup The address of the Gauges Voter plugin setup contract to create a repository with
/// @param voterEnsSubdomain The ENS subdomain under which the plugin reposiroty will be created
/// @param osxDaoFactory The address of the OSx DAO factory contract, used to retrieve the DAO implementation address
/// @param pluginSetupProcessor The address of the OSx PluginSetupProcessor contract on the target chain
/// @param pluginRepoFactory The address of the OSx PluginRepoFactory contract on the target chain
struct DeploymentParameters {
address daoExecutor;
string daoMetadataURI;
string daoSubdomain;
// Multisig settings
uint16 minApprovals;
address[] multisigMembers;
bytes multisigMetadata;
// Gauge Voter
TokenParameters[] tokenParameters;
uint16 feePercent;
uint48 cooldownPeriod;
uint48 minLockDuration;
bool votingPaused;
uint256 minDeposit;
// Voter plugin setup and ENS
PluginRepo multisigPluginRepo;
uint8 multisigPluginRelease;
uint16 multisigPluginBuild;
GaugeVoterSetup voterPluginSetup;
string voterEnsSubdomain;
// OSx addresses
address osxDaoFactory;
PluginSetupProcessor pluginSetupProcessor;
PluginRepoFactory pluginRepoFactory;
}
struct TokenParameters {
address token;
string veTokenName;
string veTokenSymbol;
}
/// @notice Struct containing the plugin and all of its helpers
struct GaugePluginSet {
GaugeVoter plugin;
Curve curve;
ExitQueue exitQueue;
VotingEscrow votingEscrow;
Clock clock;
Lock nftLock;
EscrowIVotesAdapter delegationAdapter;
}
/// @notice Contains the artifacts that resulted from running a deployment
struct Deployment {
DAO dao;
// Plugins
Multisig multisigPlugin;
GaugePluginSet[] gaugeVoterPluginSets;
// Plugin repo's
PluginRepo gaugeVoterPluginRepo;
}
/// @notice A singleton contract designed to run the deployment once and become a read-only store of the contracts deployed
contract GaugesDaoFactoryV1_4_0 {
using ProxyLib for address;
function version() external pure returns (string memory) {
return "1.4.0";
}
/// @notice Thrown when attempting to call deployOnce() when the DAO is already deployed.
error AlreadyDeployed();
DeploymentParameters parameters;
Deployment deployment;
/// @notice Initializes the factory and performs the full deployment. Values become read-only after that.
/// @param _parameters The parameters of the one-time deployment.
constructor(DeploymentParameters memory _parameters) {
parameters.minApprovals = _parameters.minApprovals;
parameters.multisigMembers = _parameters.multisigMembers;
parameters.multisigMetadata = _parameters.multisigMetadata;
for (uint256 i = 0; i < _parameters.tokenParameters.length;) {
parameters.tokenParameters.push(_parameters.tokenParameters[i]);
unchecked {
i++;
}
}
parameters.daoMetadataURI = _parameters.daoMetadataURI;
parameters.daoSubdomain = _parameters.daoSubdomain;
parameters.daoExecutor = _parameters.daoExecutor;
parameters.minDeposit = _parameters.minDeposit;
parameters.feePercent = _parameters.feePercent;
parameters.cooldownPeriod = _parameters.cooldownPeriod;
parameters.minLockDuration = _parameters.minLockDuration;
parameters.votingPaused = _parameters.votingPaused;
parameters.multisigPluginRepo = _parameters.multisigPluginRepo;
parameters.multisigPluginRelease = _parameters.multisigPluginRelease;
parameters.multisigPluginBuild = _parameters.multisigPluginBuild;
parameters.voterPluginSetup = _parameters.voterPluginSetup;
parameters.voterEnsSubdomain = _parameters.voterEnsSubdomain;
parameters.osxDaoFactory = _parameters.osxDaoFactory;
parameters.pluginSetupProcessor = _parameters.pluginSetupProcessor;
parameters.pluginRepoFactory = _parameters.pluginRepoFactory;
}
/// @notice Run the deployment and store the artifacts in a read-only store that can be retrieved via `getDeployment()` and `getDeploymentParameters()`
function deployOnce() public {
if (address(deployment.dao) != address(0)) revert AlreadyDeployed();
// Deploy the DAO (this contract is the interim owner)
DAO dao = prepareDao();
deployment.dao = dao;
// Deploy and install the plugins
grantApplyInstallationPermissions(dao);
// MULTISIG
{
IPluginSetup.PreparedSetupData memory preparedMultisigSetupData;
PluginRepo.Tag memory repoTag =
PluginRepo.Tag(parameters.multisigPluginRelease, parameters.multisigPluginBuild);
(deployment.multisigPlugin, preparedMultisigSetupData) = prepareMultisig(dao, repoTag);
applyPluginInstallation(
dao,
address(deployment.multisigPlugin),
parameters.multisigPluginRepo,
repoTag,
preparedMultisigSetupData
);
}
// GAUGE VOTER(s)
{
IPluginSetup.PreparedSetupData memory preparedVoterSetupData;
PluginRepo.Tag memory repoTag = PluginRepo.Tag(1, 1);
GaugePluginSet memory pluginSet;
PluginRepo pluginRepo = prepareGaugeVoterPluginRepo(dao);
for (uint256 i = 0; i < parameters.tokenParameters.length;) {
(pluginSet, deployment.gaugeVoterPluginRepo, preparedVoterSetupData) =
prepareGaugeVoterPlugin(dao, parameters.tokenParameters[i], pluginRepo, repoTag);
deployment.gaugeVoterPluginSets.push(pluginSet);
applyPluginInstallation(
dao, address(pluginSet.plugin), deployment.gaugeVoterPluginRepo, repoTag, preparedVoterSetupData
);
activateGaugeVoterInstallation(dao, pluginSet);
unchecked {
i++;
}
}
}
// Clean up
revokeApplyInstallationPermissions(dao);
// Remove this contract as owner
revokeOwnerPermission(deployment.dao);
}
function prepareDao() internal returns (DAO dao) {
DAOFactory.DAOSettings memory daoSettings = DAOFactory.DAOSettings({
trustedForwarder: address(0),
daoURI: "",
subdomain: parameters.daoSubdomain,
metadata: bytes(parameters.daoMetadataURI)
});
(dao,) = DAOFactory(parameters.osxDaoFactory).createDao(daoSettings, new DAOFactory.PluginSettings[](0));
address daoExecutor = parameters.daoExecutor;
// Give this contract the ROOT on dao
Action[] memory actions = new Action[](daoExecutor == address(0) ? 1 : 2);
actions[0].to = address(dao);
actions[0].data =
abi.encodeCall(PermissionManager.grant, (address(dao), address(this), dao.ROOT_PERMISSION_ID()));
// If daoExecutor is passed as non zero, give
// execute permission to that address on the dao.
if (daoExecutor != address(0)) {
actions[1].to = address(dao);
actions[1].data =
abi.encodeCall(PermissionManager.grant, (address(dao), daoExecutor, dao.EXECUTE_PERMISSION_ID()));
}
dao.execute(bytes32(0), actions, 0);
}
function prepareMultisig(DAO dao, PluginRepo.Tag memory repoTag)
internal
returns (Multisig, IPluginSetup.PreparedSetupData memory)
{
bytes memory settingsData = abi.encode(
parameters.multisigMembers,
Multisig.MultisigSettings(
true, // onlyListed
parameters.minApprovals
),
IPlugin.TargetConfig({target: address(dao), operation: IPlugin.Operation.Call}),
parameters.multisigMetadata
);
(address plugin, IPluginSetup.PreparedSetupData memory preparedSetupData) = parameters
.pluginSetupProcessor
.prepareInstallation(
address(dao),
PluginSetupProcessor.PrepareInstallationParams(
PluginSetupRef(repoTag, parameters.multisigPluginRepo), settingsData
)
);
return (Multisig(plugin), preparedSetupData);
}
function prepareGaugeVoterPluginRepo(DAO dao) internal returns (PluginRepo pluginRepo) {
// Publish repo
pluginRepo = PluginRepoFactory(parameters.pluginRepoFactory).createPluginRepoWithFirstVersion(
parameters.voterEnsSubdomain, address(parameters.voterPluginSetup), address(dao), " ", " "
);
}
function prepareGaugeVoterPlugin(
DAO dao,
TokenParameters memory tokenParameters,
PluginRepo pluginRepo,
PluginRepo.Tag memory repoTag
) internal returns (GaugePluginSet memory, PluginRepo, IPluginSetup.PreparedSetupData memory) {
// Plugin settings
bytes memory settingsData = parameters.voterPluginSetup.encodeSetupData(
IGaugeVoterSetupParams({
isPaused: parameters.votingPaused,
token: tokenParameters.token,
veTokenName: tokenParameters.veTokenName,
veTokenSymbol: tokenParameters.veTokenSymbol,
feePercent: parameters.feePercent,
cooldown: parameters.cooldownPeriod,
minLock: parameters.minLockDuration,
minDeposit: parameters.minDeposit
})
);
(address plugin, IPluginSetup.PreparedSetupData memory preparedSetupData) = parameters
.pluginSetupProcessor
.prepareInstallation(
address(dao),
PluginSetupProcessor.PrepareInstallationParams(PluginSetupRef(repoTag, pluginRepo), settingsData)
);
address[] memory helpers = preparedSetupData.helpers;
GaugePluginSet memory pluginSet = GaugePluginSet({
plugin: GaugeVoter(plugin),
curve: Curve(helpers[0]),
exitQueue: ExitQueue(helpers[1]),
votingEscrow: VotingEscrow(helpers[2]),
clock: Clock(helpers[3]),
nftLock: Lock(helpers[4]),
delegationAdapter: EscrowIVotesAdapter(helpers[5])
});
GaugeVoter(plugin).createGauge(address(1), "gauge1");
GaugeVoter(plugin).createGauge(address(2), "gauge2");
GaugeVoter(plugin).createGauge(address(3), "gauge3");
return (pluginSet, pluginRepo, preparedSetupData);
}
function applyPluginInstallation(
DAO dao,
address plugin,
PluginRepo pluginRepo,
PluginRepo.Tag memory pluginRepoTag,
IPluginSetup.PreparedSetupData memory preparedSetupData
) internal {
parameters.pluginSetupProcessor.applyInstallation(
address(dao),
PluginSetupProcessor.ApplyInstallationParams(
PluginSetupRef(pluginRepoTag, pluginRepo),
plugin,
preparedSetupData.permissions,
hashHelpers(preparedSetupData.helpers)
)
);
}
function activateGaugeVoterInstallation(DAO dao, GaugePluginSet memory pluginSet) internal {
dao.grant(address(pluginSet.votingEscrow), address(this), pluginSet.votingEscrow.ESCROW_ADMIN_ROLE());
pluginSet.votingEscrow.setCurve(address(pluginSet.curve));
pluginSet.votingEscrow.setQueue(address(pluginSet.exitQueue));
pluginSet.votingEscrow.setVoter(address(pluginSet.plugin));
pluginSet.votingEscrow.setLockNFT(address(pluginSet.nftLock));
pluginSet.votingEscrow.setIVotesAdapter(parameters.tokenParameters[0].token);
pluginSet.plugin.setIVotesAdapter(parameters.tokenParameters[0].token);
dao.revoke(address(pluginSet.votingEscrow), address(this), pluginSet.votingEscrow.ESCROW_ADMIN_ROLE());
}
function grantApplyInstallationPermissions(DAO dao) internal {
// The PSP can manage permissions on the new DAO
dao.grant(address(dao), address(parameters.pluginSetupProcessor), dao.ROOT_PERMISSION_ID());
// This factory can call applyInstallation() on the PSP
dao.grant(
address(parameters.pluginSetupProcessor),
address(this),
parameters.pluginSetupProcessor.APPLY_INSTALLATION_PERMISSION_ID()
);
}
function revokeApplyInstallationPermissions(DAO dao) internal {
// Revoking the permission for the factory to call applyInstallation() on the PSP
dao.revoke(
address(parameters.pluginSetupProcessor),
address(this),
parameters.pluginSetupProcessor.APPLY_INSTALLATION_PERMISSION_ID()
);
// Revoke the PSP permission to manage permissions on the new DAO
dao.revoke(address(dao), address(parameters.pluginSetupProcessor), dao.ROOT_PERMISSION_ID());
}
function revokeOwnerPermission(DAO dao) internal {
dao.revoke(address(dao), address(this), dao.EXECUTE_PERMISSION_ID());
dao.revoke(address(dao), address(this), dao.ROOT_PERMISSION_ID());
}
// Getters
function getDeploymentParameters() public view returns (DeploymentParameters memory) {
return parameters;
}
function getDeployment() public view returns (Deployment memory) {
return deployment;
}
}// SPDX-License-Identifier: AGPL-3.0-or-later
pragma solidity ^0.8.8;
import {ERC165StorageUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/introspection/ERC165StorageUpgradeable.sol";
import {Initializable} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
import {SafeERC20Upgradeable} from "@openzeppelin/contracts-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol";
import {IERC20Upgradeable} from "@openzeppelin/contracts-upgradeable/token/ERC20/IERC20Upgradeable.sol";
import {IERC721ReceiverUpgradeable} from "@openzeppelin/contracts-upgradeable/token/ERC721/IERC721ReceiverUpgradeable.sol";
import {IERC1155Upgradeable} from "@openzeppelin/contracts-upgradeable/token/ERC1155/IERC1155Upgradeable.sol";
import {IERC1155ReceiverUpgradeable} from "@openzeppelin/contracts-upgradeable/token/ERC1155/IERC1155ReceiverUpgradeable.sol";
import {AddressUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol";
import {IERC1271} from "@openzeppelin/contracts/interfaces/IERC1271.sol";
import {IProtocolVersion} from "@aragon/osx-commons-contracts/src/utils/versioning/IProtocolVersion.sol";
import {ProtocolVersion} from "@aragon/osx-commons-contracts/src/utils/versioning/ProtocolVersion.sol";
import {VersionComparisonLib} from "@aragon/osx-commons-contracts/src/utils/versioning/VersionComparisonLib.sol";
import {hasBit, flipBit} from "@aragon/osx-commons-contracts/src/utils/math/BitMap.sol";
import {Action} from "@aragon/osx-commons-contracts/src/executors/Executor.sol";
import {IExecutor} from "@aragon/osx-commons-contracts/src/executors/IExecutor.sol";
import {IDAO} from "@aragon/osx-commons-contracts/src/dao/IDAO.sol";
import {PermissionManager} from "../permission/PermissionManager.sol";
import {CallbackHandler} from "../utils/CallbackHandler.sol";
import {IEIP4824} from "./IEIP4824.sol";
/// @title DAO
/// @author Aragon X - 2021-2024
/// @notice This contract is the entry point to the Aragon DAO framework and provides our users a simple and easy to use public interface.
/// @dev Public API of the Aragon DAO framework.
/// @custom:security-contact [email protected]
contract DAO is
IEIP4824,
Initializable,
IERC1271,
ERC165StorageUpgradeable,
IDAO,
IExecutor,
UUPSUpgradeable,
ProtocolVersion,
PermissionManager,
CallbackHandler
{
using SafeERC20Upgradeable for IERC20Upgradeable;
using AddressUpgradeable for address;
using VersionComparisonLib for uint8[3];
/// @notice The ID of the permission required to call the `execute` function.
bytes32 public constant EXECUTE_PERMISSION_ID = keccak256("EXECUTE_PERMISSION");
/// @notice The ID of the permission required to call the `_authorizeUpgrade` function.
bytes32 public constant UPGRADE_DAO_PERMISSION_ID = keccak256("UPGRADE_DAO_PERMISSION");
/// @notice The ID of the permission required to call the `setMetadata` function.
bytes32 public constant SET_METADATA_PERMISSION_ID = keccak256("SET_METADATA_PERMISSION");
/// @notice The ID of the permission required to call the `setTrustedForwarder` function.
bytes32 public constant SET_TRUSTED_FORWARDER_PERMISSION_ID =
keccak256("SET_TRUSTED_FORWARDER_PERMISSION");
/// @notice The ID of the permission required to call the `registerStandardCallback` function.
bytes32 public constant REGISTER_STANDARD_CALLBACK_PERMISSION_ID =
keccak256("REGISTER_STANDARD_CALLBACK_PERMISSION");
/// @notice The ID of the permission required to validate [ERC-1271](https://eips.ethereum.org/EIPS/eip-1271) signatures.
bytes32 public constant VALIDATE_SIGNATURE_PERMISSION_ID =
keccak256("VALIDATE_SIGNATURE_PERMISSION");
/// @notice The internal constant storing the maximal action array length.
uint256 internal constant MAX_ACTIONS = 256;
/// @notice The first out of two values to which the `_reentrancyStatus` state variable (used by the `nonReentrant` modifier) can be set indicating that a function was not entered.
uint256 private constant _NOT_ENTERED = 1;
/// @notice The second out of two values to which the `_reentrancyStatus` state variable (used by the `nonReentrant` modifier) can be set indicating that a function was entered.
uint256 private constant _ENTERED = 2;
/// @notice Removed variable that is left here to maintain the storage layout.
/// @dev Introduced in v1.0.0. Removed in v1.4.0.
/// @custom:oz-renamed-from signatureValidator
address private __removed0;
/// @notice The address of the trusted forwarder verifying meta transactions.
/// @dev Added in v1.0.0.
address private trustedForwarder;
/// @notice The [EIP-4824](https://eips.ethereum.org/EIPS/eip-4824) DAO URI.
/// @dev Added in v1.0.0.
string private _daoURI;
/// @notice The state variable for the reentrancy guard of the `execute` function.
/// @dev Added in v1.3.0. The variable can be of value `_NOT_ENTERED = 1` or `_ENTERED = 2` in usage and is initialized with `_NOT_ENTERED`.
uint256 private _reentrancyStatus;
/// @notice Thrown if a call is reentrant.
error ReentrantCall();
/// @notice Thrown if the action array length is larger than `MAX_ACTIONS`.
error TooManyActions();
/// @notice Thrown if action execution has failed.
/// @param index The index of the action in the action array that failed.
error ActionFailed(uint256 index);
/// @notice Thrown if an action has insufficient gas left.
error InsufficientGas();
/// @notice Thrown if the deposit amount is zero.
error ZeroAmount();
/// @notice Thrown if there is a mismatch between the expected and actually deposited amount of native tokens.
/// @param expected The expected native token amount.
/// @param actual The actual native token amount deposited.
error NativeTokenDepositAmountMismatch(uint256 expected, uint256 actual);
/// @notice Thrown if an upgrade is not supported from a specific protocol version .
error ProtocolVersionUpgradeNotSupported(uint8[3] protocolVersion);
/// @notice Thrown when a function is removed but left to not corrupt the interface ID.
error FunctionRemoved();
/// @notice Thrown when initialize is called after it has already been executed.
error AlreadyInitialized();
/// @notice Emitted when a new DAO URI is set.
/// @param daoURI The new URI.
event NewURI(string daoURI);
/// @notice A modifier to protect a function from calling itself, directly or indirectly (reentrancy).
/// @dev Currently, this modifier is only applied to the `execute()` function. If this is used multiple times, private `_beforeNonReentrant()` and `_afterNonReentrant()` functions should be created to prevent code duplication.
modifier nonReentrant() {
if (_reentrancyStatus == _ENTERED) {
revert ReentrantCall();
}
_reentrancyStatus = _ENTERED;
_;
_reentrancyStatus = _NOT_ENTERED;
}
/// @notice This ensures that the initialize function cannot be called during the upgrade process.
modifier onlyCallAtInitialization() {
if (_getInitializedVersion() != 0) {
revert AlreadyInitialized();
}
_;
}
/// @notice Disables the initializers on the implementation contract to prevent it from being left uninitialized.
/// @custom:oz-upgrades-unsafe-allow constructor
constructor() {
_disableInitializers();
}
/// @notice Initializes the DAO by
/// - setting the reentrancy status variable to `_NOT_ENTERED`
/// - registering the [ERC-165](https://eips.ethereum.org/EIPS/eip-165) interface ID
/// - setting the trusted forwarder for meta transactions
/// - giving the `ROOT_PERMISSION_ID` permission to the initial owner (that should be revoked and transferred to the DAO after setup).
/// @dev This method is required to support [ERC-1822](https://eips.ethereum.org/EIPS/eip-1822).
/// @param _metadata IPFS hash that points to all the metadata (logo, description, tags, etc.) of a DAO.
/// @param _initialOwner The initial owner of the DAO having the `ROOT_PERMISSION_ID` permission.
/// @param _trustedForwarder The trusted forwarder responsible for verifying meta transactions.
/// @param daoURI_ The DAO URI required to support [ERC-4824](https://eips.ethereum.org/EIPS/eip-4824).
function initialize(
bytes calldata _metadata,
address _initialOwner,
address _trustedForwarder,
string calldata daoURI_
) external onlyCallAtInitialization reinitializer(3) {
_reentrancyStatus = _NOT_ENTERED; // added in v1.3.0
// In addition to the current interfaceId, also support previous version of the interfaceId.
_registerInterface(type(IDAO).interfaceId ^ IExecutor.execute.selector);
_registerInterface(type(IDAO).interfaceId);
_registerInterface(type(IExecutor).interfaceId);
_registerInterface(type(IERC1271).interfaceId);
_registerInterface(type(IEIP4824).interfaceId);
_registerInterface(type(IProtocolVersion).interfaceId); // added in v1.3.0
_registerTokenInterfaces();
_setMetadata(_metadata);
_setTrustedForwarder(_trustedForwarder);
_setDaoURI(daoURI_);
__PermissionManager_init(_initialOwner);
}
/// @notice Initializes the DAO after an upgrade from a previous protocol version.
/// @param _previousProtocolVersion The semantic protocol version number of the previous DAO implementation contract this upgrade is transitioning from.
/// @param _initData The initialization data to be passed to via `upgradeToAndCall` (see [ERC-1967](https://docs.openzeppelin.com/contracts/4.x/api/proxy#ERC1967Upgrade)).
function initializeFrom(
uint8[3] calldata _previousProtocolVersion,
bytes calldata _initData
) external reinitializer(3) {
_initData; // Silences the unused function parameter warning.
// Check that the contract is not upgrading from a different major release.
if (_previousProtocolVersion[0] != 1) {
revert ProtocolVersionUpgradeNotSupported(_previousProtocolVersion);
}
// Initialize `_reentrancyStatus` that was added in v1.3.0.
// Register Interface `ProtocolVersion` that was added in v1.3.0.
if (_previousProtocolVersion.lt([1, 3, 0])) {
_reentrancyStatus = _NOT_ENTERED;
_registerInterface(type(IProtocolVersion).interfaceId);
}
// Revoke the `SET_SIGNATURE_VALIDATOR_PERMISSION` that was deprecated in v1.4.0.
if (_previousProtocolVersion.lt([1, 4, 0])) {
_revoke({
_where: address(this),
_who: address(this),
_permissionId: keccak256("SET_SIGNATURE_VALIDATOR_PERMISSION")
});
_registerInterface(type(IDAO).interfaceId);
_registerInterface(type(IExecutor).interfaceId);
}
}
/// @inheritdoc PermissionManager
function isPermissionRestrictedForAnyAddr(
bytes32 _permissionId
) internal pure override returns (bool) {
return
_permissionId == EXECUTE_PERMISSION_ID ||
_permissionId == UPGRADE_DAO_PERMISSION_ID ||
_permissionId == SET_METADATA_PERMISSION_ID ||
_permissionId == SET_TRUSTED_FORWARDER_PERMISSION_ID ||
_permissionId == REGISTER_STANDARD_CALLBACK_PERMISSION_ID;
}
/// @notice Internal method authorizing the upgrade of the contract via the [upgradeability mechanism for UUPS proxies](https://docs.openzeppelin.com/contracts/4.x/api/proxy#UUPSUpgradeable) (see [ERC-1822](https://eips.ethereum.org/EIPS/eip-1822)).
/// @dev The caller must have the `UPGRADE_DAO_PERMISSION_ID` permission.
function _authorizeUpgrade(address) internal virtual override auth(UPGRADE_DAO_PERMISSION_ID) {}
/// @inheritdoc IDAO
function setTrustedForwarder(
address _newTrustedForwarder
) external override auth(SET_TRUSTED_FORWARDER_PERMISSION_ID) {
_setTrustedForwarder(_newTrustedForwarder);
}
/// @inheritdoc IDAO
function getTrustedForwarder() external view virtual override returns (address) {
return trustedForwarder;
}
/// @inheritdoc IDAO
function hasPermission(
address _where,
address _who,
bytes32 _permissionId,
bytes memory _data
) external view override returns (bool) {
return isGranted({_where: _where, _who: _who, _permissionId: _permissionId, _data: _data});
}
/// @inheritdoc IDAO
function setMetadata(
bytes calldata _metadata
) external override auth(SET_METADATA_PERMISSION_ID) {
_setMetadata(_metadata);
}
/// @inheritdoc IExecutor
function execute(
bytes32 _callId,
Action[] calldata _actions,
uint256 _allowFailureMap
)
external
override
nonReentrant
auth(EXECUTE_PERMISSION_ID)
returns (bytes[] memory execResults, uint256 failureMap)
{
// Check that the action array length is within bounds.
if (_actions.length > MAX_ACTIONS) {
revert TooManyActions();
}
execResults = new bytes[](_actions.length);
uint256 gasBefore;
uint256 gasAfter;
for (uint256 i = 0; i < _actions.length; ) {
gasBefore = gasleft();
(bool success, bytes memory result) = _actions[i].to.call{value: _actions[i].value}(
_actions[i].data
);
gasAfter = gasleft();
// Check if failure is allowed
if (!hasBit(_allowFailureMap, uint8(i))) {
// Check if the call failed.
if (!success) {
revert ActionFailed(i);
}
} else {
// Check if the call failed.
if (!success) {
// Make sure that the action call did not fail because 63/64 of `gasleft()` was insufficient to execute the external call `.to.call` (see [ERC-150](https://eips.ethereum.org/EIPS/eip-150)).
// In specific scenarios, i.e. proposal execution where the last action in the action array is allowed to fail, the account calling `execute` could force-fail this action by setting a gas limit
// where 63/64 is insufficient causing the `.to.call` to fail, but where the remaining 1/64 gas are sufficient to successfully finish the `execute` call.
if (gasAfter < gasBefore / 64) {
revert InsufficientGas();
}
// Store that this action failed.
failureMap = flipBit(failureMap, uint8(i));
}
}
execResults[i] = result;
unchecked {
++i;
}
}
emit Executed({
actor: msg.sender,
callId: _callId,
actions: _actions,
allowFailureMap: _allowFailureMap,
failureMap: failureMap,
execResults: execResults
});
}
/// @inheritdoc IDAO
function deposit(
address _token,
uint256 _amount,
string calldata _reference
) external payable override {
if (_amount == 0) revert ZeroAmount();
if (_token == address(0)) {
if (msg.value != _amount)
revert NativeTokenDepositAmountMismatch({expected: _amount, actual: msg.value});
} else {
if (msg.value != 0)
revert NativeTokenDepositAmountMismatch({expected: 0, actual: msg.value});
IERC20Upgradeable(_token).safeTransferFrom(msg.sender, address(this), _amount);
}
emit Deposited(msg.sender, _token, _amount, _reference);
}
/// @inheritdoc IDAO
function setSignatureValidator(address) external pure override {
revert FunctionRemoved();
}
/// @inheritdoc IDAO
/// @dev Relays the validation logic determining who is allowed to sign on behalf of the DAO to its permission manager.
/// Caller specific bypassing can be set direct granting (i.e., `grant({_where: dao, _who: specificErc1271Caller, _permissionId: VALIDATE_SIGNATURE_PERMISSION_ID})`).
/// Caller specific signature validation logic can be set by granting with a `PermissionCondition` (i.e., `grantWithCondition({_where: dao, _who: specificErc1271Caller, _permissionId: VALIDATE_SIGNATURE_PERMISSION_ID, _condition: yourConditionImplementation})`)
/// Generic signature validation logic can be set for all calling contracts by granting with a `PermissionCondition` to `PermissionManager.ANY_ADDR()` (i.e., `grantWithCondition({_where: dao, _who: PermissionManager.ANY_ADDR(), _permissionId: VALIDATE_SIGNATURE_PERMISSION_ID, _condition: yourConditionImplementation})`).
function isValidSignature(
bytes32 _hash,
bytes memory _signature
) external view override(IDAO, IERC1271) returns (bytes4) {
if (
isGranted({
_where: address(this),
_who: msg.sender,
_permissionId: VALIDATE_SIGNATURE_PERMISSION_ID,
_data: abi.encode(_hash, _signature)
})
) {
return 0x1626ba7e; // `type(IERC1271).interfaceId` = bytes4(keccak256("isValidSignature(bytes32,bytes)")`
}
return 0xffffffff; // `bytes4(uint32(type(uint32).max-1))`
}
/// @notice Emits the `NativeTokenDeposited` event to track native token deposits that weren't made via the deposit method.
/// @dev This call is bound by the gas limitations for `send`/`transfer` calls introduced by [ERC-2929](https://eips.ethereum.org/EIPS/eip-2929).
/// Gas cost increases in future hard forks might break this function. As an alternative, [ERC-2930](https://eips.ethereum.org/EIPS/eip-2930)-type transactions using access lists can be employed.
receive() external payable {
emit NativeTokenDeposited(msg.sender, msg.value);
}
/// @notice Fallback to handle future versions of the [ERC-165](https://eips.ethereum.org/EIPS/eip-165) standard.
/// @param _input An alias being equivalent to `msg.data`. This feature of the fallback function was introduced with the [solidity compiler version 0.7.6](https://github.com/ethereum/solidity/releases/tag/v0.7.6)
/// @return The magic number registered for the function selector triggering the fallback.
fallback(bytes calldata _input) external returns (bytes memory) {
bytes4 magicNumber = _handleCallback(msg.sig, _input);
return abi.encode(magicNumber);
}
/// @notice Emits the MetadataSet event if new metadata is set.
/// @param _metadata Hash of the IPFS metadata object.
function _setMetadata(bytes calldata _metadata) internal {
emit MetadataSet(_metadata);
}
/// @notice Sets the trusted forwarder on the DAO and emits the associated event.
/// @param _trustedForwarder The trusted forwarder address.
function _setTrustedForwarder(address _trustedForwarder) internal {
trustedForwarder = _trustedForwarder;
emit TrustedForwarderSet(_trustedForwarder);
}
/// @notice Registers the [ERC-721](https://eips.ethereum.org/EIPS/eip-721) and [ERC-1155](https://eips.ethereum.org/EIPS/eip-1155) interfaces and callbacks.
function _registerTokenInterfaces() private {
_registerInterface(type(IERC721ReceiverUpgradeable).interfaceId);
_registerInterface(type(IERC1155ReceiverUpgradeable).interfaceId);
_registerCallback(
IERC721ReceiverUpgradeable.onERC721Received.selector,
IERC721ReceiverUpgradeable.onERC721Received.selector
);
_registerCallback(
IERC1155ReceiverUpgradeable.onERC1155Received.selector,
IERC1155ReceiverUpgradeable.onERC1155Received.selector
);
_registerCallback(
IERC1155ReceiverUpgradeable.onERC1155BatchReceived.selector,
IERC1155ReceiverUpgradeable.onERC1155BatchReceived.selector
);
}
/// @inheritdoc IDAO
function registerStandardCallback(
bytes4 _interfaceId,
bytes4 _callbackSelector,
bytes4 _magicNumber
) external override auth(REGISTER_STANDARD_CALLBACK_PERMISSION_ID) {
_registerInterface(_interfaceId);
_registerCallback(_callbackSelector, _magicNumber);
emit StandardCallbackRegistered(_interfaceId, _callbackSelector, _magicNumber);
}
/// @inheritdoc IEIP4824
function daoURI() external view returns (string memory) {
return _daoURI;
}
/// @notice Updates the set DAO URI to a new value.
/// @param newDaoURI The new DAO URI to be set.
function setDaoURI(string calldata newDaoURI) external auth(SET_METADATA_PERMISSION_ID) {
_setDaoURI(newDaoURI);
}
/// @notice Sets the new [ERC-4824](https://eips.ethereum.org/EIPS/eip-4824) DAO URI and emits the associated event.
/// @param daoURI_ The new DAO URI.
function _setDaoURI(string calldata daoURI_) internal {
_daoURI = daoURI_;
emit NewURI(daoURI_);
}
/// @notice This empty reserved space is put in place to allow future versions to add new variables without shifting down storage in the inheritance chain (see [OpenZeppelin's guide about storage gaps](https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps)).
uint256[46] private __gap;
}// SPDX-License-Identifier: AGPL-3.0-or-later
pragma solidity ^0.8.8;
import {ERC165} from "@openzeppelin/contracts/utils/introspection/ERC165.sol";
import {IDAO} from "@aragon/osx-commons-contracts/src/dao/IDAO.sol";
import {IProtocolVersion} from "@aragon/osx-commons-contracts/src/utils/versioning/IProtocolVersion.sol";
import {ProtocolVersion} from "@aragon/osx-commons-contracts/src/utils/versioning/ProtocolVersion.sol";
import {IPluginSetup} from "@aragon/osx-commons-contracts/src/plugin/setup/IPluginSetup.sol";
import {PermissionLib} from "@aragon/osx-commons-contracts/src/permission/PermissionLib.sol";
import {ProxyLib} from "@aragon/osx-commons-contracts/src/utils/deployment/ProxyLib.sol";
import {DAO} from "../../core/dao/DAO.sol";
import {PluginRepo} from "../plugin/repo/PluginRepo.sol";
import {PluginSetupProcessor} from "../plugin/setup/PluginSetupProcessor.sol";
import {hashHelpers, PluginSetupRef} from "../plugin/setup/PluginSetupProcessorHelpers.sol";
import {DAORegistry} from "./DAORegistry.sol";
/// @title DAOFactory
/// @author Aragon X - 2022-2023
/// @notice This contract is used to create a DAO.
/// @custom:security-contact [email protected]
contract DAOFactory is ERC165, ProtocolVersion {
using ProxyLib for address;
/// @notice The DAO base contract, to be used for creating new `DAO`s via `createERC1967Proxy` function.
address public immutable daoBase;
/// @notice The DAO registry listing the `DAO` contracts created via this contract.
DAORegistry public immutable daoRegistry;
/// @notice The plugin setup processor for installing plugins on the newly created `DAO`s.
PluginSetupProcessor public immutable pluginSetupProcessor;
// Cache permission IDs for optimized access
bytes32 internal immutable ROOT_PERMISSION_ID;
bytes32 internal immutable UPGRADE_DAO_PERMISSION_ID;
bytes32 internal immutable SET_TRUSTED_FORWARDER_PERMISSION_ID;
bytes32 internal immutable SET_METADATA_PERMISSION_ID;
bytes32 internal immutable REGISTER_STANDARD_CALLBACK_PERMISSION_ID;
bytes32 internal immutable EXECUTE_PERMISSION_ID;
bytes32 internal immutable APPLY_INSTALLATION_PERMISSION_ID;
/// @notice The container for the DAO settings to be set during the DAO initialization.
/// @param trustedForwarder The address of the trusted forwarder required for meta transactions.
/// @param daoURI The DAO uri used with [EIP-4824](https://eips.ethereum.org/EIPS/eip-4824).
/// @param subdomain The ENS subdomain to be registered for the DAO contract.
/// @param metadata The metadata of the DAO.
struct DAOSettings {
address trustedForwarder;
string daoURI;
string subdomain;
bytes metadata;
}
/// @notice The container with the information required to install a plugin on the DAO.
/// @param pluginSetupRef The `PluginSetupRepo` address of the plugin and the version tag.
/// @param data The bytes-encoded data containing the input parameters for the installation as specified in the plugin's build metadata JSON file.
struct PluginSettings {
PluginSetupRef pluginSetupRef;
bytes data;
}
/// @notice The container with the information about an installed plugin on a DAO.
/// @param plugin The address of the deployed plugin instance.
/// @param preparedSetupData The applied preparedSetupData which contains arrays of helpers and permissions.
struct InstalledPlugin {
address plugin;
IPluginSetup.PreparedSetupData preparedSetupData;
}
/// @notice Thrown if `PluginSettings` array is empty, and no plugin is provided.
error NoPluginProvided();
/// @notice The constructor setting the registry and plugin setup processor and creating the base contracts for the factory.
/// @param _registry The DAO registry to register the DAO by its name.
/// @param _pluginSetupProcessor The address of PluginSetupProcessor.
constructor(DAORegistry _registry, PluginSetupProcessor _pluginSetupProcessor) {
daoRegistry = _registry;
pluginSetupProcessor = _pluginSetupProcessor;
DAO dao = new DAO();
daoBase = address(dao);
// Cache permission IDs for reduced gas usage in future function calls
ROOT_PERMISSION_ID = dao.ROOT_PERMISSION_ID();
UPGRADE_DAO_PERMISSION_ID = dao.UPGRADE_DAO_PERMISSION_ID();
SET_TRUSTED_FORWARDER_PERMISSION_ID = dao.SET_TRUSTED_FORWARDER_PERMISSION_ID();
SET_METADATA_PERMISSION_ID = dao.SET_METADATA_PERMISSION_ID();
REGISTER_STANDARD_CALLBACK_PERMISSION_ID = dao.REGISTER_STANDARD_CALLBACK_PERMISSION_ID();
EXECUTE_PERMISSION_ID = dao.EXECUTE_PERMISSION_ID();
APPLY_INSTALLATION_PERMISSION_ID = pluginSetupProcessor.APPLY_INSTALLATION_PERMISSION_ID();
}
/// @notice Checks if this or the parent contract supports an interface by its ID.
/// @param _interfaceId The ID of the interface.
/// @return Returns `true` if the interface is supported.
function supportsInterface(bytes4 _interfaceId) public view virtual override returns (bool) {
return
_interfaceId == type(IProtocolVersion).interfaceId ||
super.supportsInterface(_interfaceId);
}
/// @notice Creates a new DAO, registers it in the DAO registry, and optionally installs plugins via the plugin setup processor.
/// @dev If `_pluginSettings` is empty, the caller is granted `EXECUTE_PERMISSION` on the DAO.
/// @param _daoSettings The settings to configure during DAO initialization.
/// @param _pluginSettings An array containing plugin references and settings. If provided, each plugin is installed
/// after the DAO creation.
/// @return createdDao The address of the newly created DAO instance.
/// @return installedPlugins An array of `InstalledPlugin` structs, each containing the plugin address and associated
/// helper contracts and permissions, if plugins were installed; otherwise, an empty array.
function createDao(
DAOSettings calldata _daoSettings,
PluginSettings[] calldata _pluginSettings
) external returns (DAO createdDao, InstalledPlugin[] memory installedPlugins) {
// Create DAO.
createdDao = _createDAO(_daoSettings);
// Register DAO.
daoRegistry.register(createdDao, msg.sender, _daoSettings.subdomain);
// Cache address to save gas
address daoAddress = address(createdDao);
// Install plugins if plugin settings are provided.
if (_pluginSettings.length != 0) {
installedPlugins = new InstalledPlugin[](_pluginSettings.length);
// Cache address to save gas
address pluginSetupProcessorAddress = address(pluginSetupProcessor);
// Grant the temporary permissions.
// Grant Temporarily `ROOT_PERMISSION` to `pluginSetupProcessor`.
createdDao.grant(daoAddress, pluginSetupProcessorAddress, ROOT_PERMISSION_ID);
// Grant Temporarily `APPLY_INSTALLATION_PERMISSION` on `pluginSetupProcessor` to this `DAOFactory`.
createdDao.grant(
pluginSetupProcessorAddress,
address(this),
APPLY_INSTALLATION_PERMISSION_ID
);
// Install plugins on the newly created DAO.
for (uint256 i; i < _pluginSettings.length; ++i) {
// Prepare plugin.
(
address plugin,
IPluginSetup.PreparedSetupData memory preparedSetupData
) = pluginSetupProcessor.prepareInstallation(
daoAddress,
PluginSetupProcessor.PrepareInstallationParams(
_pluginSettings[i].pluginSetupRef,
_pluginSettings[i].data
)
);
// Apply plugin.
pluginSetupProcessor.applyInstallation(
daoAddress,
PluginSetupProcessor.ApplyInstallationParams(
_pluginSettings[i].pluginSetupRef,
plugin,
preparedSetupData.permissions,
hashHelpers(preparedSetupData.helpers)
)
);
installedPlugins[i] = InstalledPlugin(plugin, preparedSetupData);
}
// Revoke the temporarily granted permissions.
// Revoke Temporarily `ROOT_PERMISSION` from `pluginSetupProcessor`.
createdDao.revoke(daoAddress, pluginSetupProcessorAddress, ROOT_PERMISSION_ID);
// Revoke `APPLY_INSTALLATION_PERMISSION` on `pluginSetupProcessor` from this `DAOFactory` .
createdDao.revoke(
pluginSetupProcessorAddress,
address(this),
APPLY_INSTALLATION_PERMISSION_ID
);
} else {
// if no plugin setting is provided, grant EXECUTE_PERMISSION_ID to msg.sender
createdDao.grant(daoAddress, msg.sender, EXECUTE_PERMISSION_ID);
}
// Set the rest of DAO's permissions.
_setDAOPermissions(daoAddress);
// Revoke Temporarily `ROOT_PERMISSION_ID` that implicitly granted to this `DaoFactory`
// at the create dao step `address(this)` being the initial owner of the new created DAO.
createdDao.revoke(daoAddress, address(this), ROOT_PERMISSION_ID);
return (createdDao, installedPlugins);
}
/// @notice Deploys a new DAO `ERC1967` proxy, and initialize it with this contract as the initial owner.
/// @param _daoSettings The trusted forwarder, name and metadata hash of the DAO it creates.
function _createDAO(DAOSettings calldata _daoSettings) internal returns (DAO dao) {
// Create a DAO proxy and initialize it with the DAOFactory (`address(this)`) as the initial owner.
// As a result, the DAOFactory has `ROOT_PERMISSION_`ID` permission on the DAO.
dao = DAO(
payable(
daoBase.deployUUPSProxy(
abi.encodeCall(
DAO.initialize,
(
_daoSettings.metadata,
address(this),
_daoSettings.trustedForwarder,
_daoSettings.daoURI
)
)
)
)
);
}
/// @notice Sets the required permissions for the new DAO.
/// @param _daoAddress The address of the DAO just created.
function _setDAOPermissions(address _daoAddress) internal {
// set permissionIds on the dao itself.
PermissionLib.SingleTargetPermission[]
memory items = new PermissionLib.SingleTargetPermission[](5);
// Grant DAO all the permissions required
items[0] = PermissionLib.SingleTargetPermission(
PermissionLib.Operation.Grant,
_daoAddress,
ROOT_PERMISSION_ID
);
items[1] = PermissionLib.SingleTargetPermission(
PermissionLib.Operation.Grant,
_daoAddress,
UPGRADE_DAO_PERMISSION_ID
);
items[2] = PermissionLib.SingleTargetPermission(
PermissionLib.Operation.Grant,
_daoAddress,
SET_TRUSTED_FORWARDER_PERMISSION_ID
);
items[3] = PermissionLib.SingleTargetPermission(
PermissionLib.Operation.Grant,
_daoAddress,
SET_METADATA_PERMISSION_ID
);
items[4] = PermissionLib.SingleTargetPermission(
PermissionLib.Operation.Grant,
_daoAddress,
REGISTER_STANDARD_CALLBACK_PERMISSION_ID
);
DAO(payable(_daoAddress)).applySingleTargetPermissions(_daoAddress, items);
}
}/// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
/*///////////////////////////////////////////////////////////////
CORE FUNCTIONALITY
//////////////////////////////////////////////////////////////*/
interface ILockedBalanceIncreasing {
struct LockedBalance {
uint208 amount;
uint48 start; // mirrors oz ERC20 timestamp clocks
}
}
interface IVotingEscrowCoreErrors {
error NoLockFound();
error NotOwner();
error NoOwner();
error NotSameOwner();
error NonExistentToken();
error NotApprovedOrOwner();
error ZeroAddress();
error ZeroAmount();
error ZeroBalance();
error SameAddress();
error LockNFTAlreadySet();
error MustBe18Decimals();
error TransferBalanceIncorrect();
error AmountTooSmall();
error OnlyLockNFT();
error OnlyIVotesAdapter();
error AddressAlreadySet();
}
interface IVotingEscrowCoreEvents {
event MinDepositSet(uint256 minDeposit);
event Deposit(
address indexed depositor,
uint256 indexed tokenId,
uint256 indexed startTs,
uint256 value,
uint256 newTotalLocked
);
event Withdraw(
address indexed depositor,
uint256 indexed tokenId,
uint256 value,
uint256 ts,
uint256 newTotalLocked
);
}
interface IVotingEscrowCore is
ILockedBalanceIncreasing,
IVotingEscrowCoreErrors,
IVotingEscrowCoreEvents
{
/// @notice Address of the underying ERC20 token.
function token() external view returns (address);
/// @notice Address of the lock receipt NFT.
function lockNFT() external view returns (address);
/// @notice Total underlying tokens deposited in the contract
function totalLocked() external view returns (uint256);
/// @notice Get the raw locked balance for `_tokenId`
function locked(uint256 _tokenId) external view returns (LockedBalance memory);
/// @notice Deposit `_value` tokens for `msg.sender`
/// @param _value Amount to deposit
/// @return TokenId of created veNFT
function createLock(uint256 _value) external returns (uint256);
/// @notice Deposit `_value` tokens for `_to`
/// @param _value Amount to deposit
/// @param _to Address to deposit
/// @return TokenId of created veNFT
function createLockFor(uint256 _value, address _to) external returns (uint256);
/// @notice Withdraw all tokens for `_tokenId`
function withdraw(uint256 _tokenId) external;
/// @notice helper utility for NFT checks
function isApprovedOrOwner(address spender, uint256 tokenId) external view returns (bool);
}
/*///////////////////////////////////////////////////////////////
WITHDRAWAL QUEUE
//////////////////////////////////////////////////////////////*/
interface IWithdrawalQueueErrors {
error NotTicketHolder();
error CannotExit();
error CannotWithdrawInSameBlock();
}
interface IWithdrawalQueueEvents {}
interface IWithdrawalQueue is IWithdrawalQueueErrors, IWithdrawalQueueEvents {
/// @notice Enters a tokenId into the withdrawal queue by transferring to this contract and creating a ticket.
/// @param _tokenId The tokenId to begin withdrawal for. Will be transferred to this contract before burning.
/// @dev The user must not have active votes in the voter contract.
function beginWithdrawal(uint256 _tokenId) external;
/// @notice Address of the contract that manages exit queue logic for withdrawals
function queue() external view returns (address);
}
/*///////////////////////////////////////////////////////////////
SWEEPER
//////////////////////////////////////////////////////////////*/
interface ISweeperEvents {
event Sweep(address indexed to, uint256 amount);
event SweepNFT(address indexed to, uint256 tokenId);
}
interface ISweeperErrors {
error NothingToSweep();
}
interface ISweeper is ISweeperEvents, ISweeperErrors {
/// @notice sweeps excess tokens from the contract to a designated address
function sweep() external;
function sweepNFT(uint256 _tokenId, address _to) external;
}
/*///////////////////////////////////////////////////////////////
DYNAMIC VOTER
//////////////////////////////////////////////////////////////*/
interface IDynamicVoterErrors {
error NotVoter();
error OwnershipChange();
error AlreadyVoted();
}
interface IDynamicVoter is IDynamicVoterErrors {
/// @notice Address of the voting contract.
/// @dev We need to ensure votes are not left in this contract before allowing positing changes
function voter() external view returns (address);
/// @notice Address of the voting Escrow Curve contract that will calculate the voting power
function curve() external view returns (address);
/// @notice Get the voting power for _tokenId at the current timestamp
/// @dev Returns 0 if called in the same block as a transfer.
/// @param _tokenId .
/// @return Voting power
function votingPower(uint256 _tokenId) external view returns (uint256);
/// @notice Get the voting power for _tokenId at a given timestamp
/// @param _tokenId .
/// @param _t Timestamp to query voting power
/// @return Voting power
function votingPowerAt(uint256 _tokenId, uint256 _t) external view returns (uint256);
/// @notice Get the voting power for _account at the current timestamp
/// Aggregtes all voting power for all tokens owned by the account
/// @dev This cannot be used historically without token snapshots
function votingPowerForAccount(address _account) external view returns (uint256);
/// @notice Calculate total voting power at current timestamp
/// @return Total voting power at current timestamp
function totalVotingPower() external view returns (uint256);
/// @notice Calculate total voting power at a given timestamp
/// @param _t Timestamp to query total voting power
/// @return Total voting power at given timestamp
function totalVotingPowerAt(uint256 _t) external view returns (uint256);
/// @notice See if a queried _tokenId has actively voted
/// @return True if voted, else false
function isVoting(uint256 _tokenId) external view returns (bool);
/// @notice Set the global state voter
function setVoter(address _voter) external;
}
/*///////////////////////////////////////////////////////////////
INCREASED ESCROW
//////////////////////////////////////////////////////////////*/
interface IVotingEscrowIncreasing is IVotingEscrowCore, IDynamicVoter, IWithdrawalQueue, ISweeper {}
/// @dev useful for testing
interface IVotingEscrowEventsStorageErrorsEvents is
IVotingEscrowCoreErrors,
IVotingEscrowCoreEvents,
IWithdrawalQueueErrors,
IWithdrawalQueueEvents,
ILockedBalanceIncreasing,
ISweeperEvents,
ISweeperErrors
{}/// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "./IGaugeVoter.sol";
interface IAddressGaugeVote {
/// @param votes gauge => votes cast at that time
/// @param gaugesVotedFor array of gauges we have active votes for
/// @param usedVotingPower total voting power used at the time of the vote
/// @dev this changes so we need an historic snapshot
/// @param lastVoted is the last time the user voted
struct AddressVoteData {
mapping(address => uint256) voteWeights;
address[] gaugesVotedFor;
uint256 usedVotingPower;
uint256 lastVoted;
}
/// @param weight proportion of voting power the address will allocate to the gauge. Will be normalised.
/// @param gauge address of the gauge to vote for
struct GaugeVote {
uint256 weight;
address gauge;
}
}
/*///////////////////////////////////////////////////////////////
Gauge Voter
//////////////////////////////////////////////////////////////*/
interface IAddressGaugeVoterEvents {
/// @param votingPowerCastForGauge votes cast by this address for this gauge in this vote
/// @param totalVotingPowerInGauge total voting power in the gauge at the time of the vote, after applying the vote
/// @param totalVotingPowerInContract total voting power in the contract at the time of the vote, after applying the vote
event Voted(
address indexed voter,
address indexed gauge,
uint256 indexed epoch,
uint256 votingPowerCastForGauge,
uint256 totalVotingPowerInGauge,
uint256 totalVotingPowerInContract,
uint256 timestamp
);
/// @param votingPowerRemovedFromGauge votes removed by this address for this gauge, at the time of this rest
/// @param totalVotingPowerInGauge total voting power in the gauge at the time of the reset, after applying the reset
/// @param totalVotingPowerInContract total voting power in the contract at the time of the reset, after applying the reset
event Reset(
address indexed voter,
address indexed gauge,
uint256 indexed epoch,
uint256 votingPowerRemovedFromGauge,
uint256 totalVotingPowerInGauge,
uint256 totalVotingPowerInContract,
uint256 timestamp
);
}
interface IAddressGaugeVoterErrors {
error VotingInactive();
error NotApprovedOrOwner();
error GaugeDoesNotExist(address _pool);
error GaugeInactive(address _gauge);
error DoubleVote();
error NoVotes();
error NoVotingPower();
error NotCurrentlyVoting();
error OnlyEscrow();
error UpdateVotingPowerHookNotEnabled();
error AlreadyVoted(address _address);
}
interface IAddressGaugeVoter is
IAddressGaugeVoterEvents,
IAddressGaugeVoterErrors,
IAddressGaugeVote,
IGaugeManager,
IGauge
{
/// @notice Called by users to vote for pools. Votes distributed proportionally based on weights.
/// @param _votes Array of votes to be cast, contains gauge address and weight.
function vote(GaugeVote[] memory _votes) external;
/// @notice Called by users to reset voting state. Required when withdrawing or transferring veNFT.
function reset() external;
/// @notice Can be called to check if an address is currently voting
function isVoting(address _address) external view returns (bool);
function updateVotingPower(address _from, address _to) external;
}
/*///////////////////////////////////////////////////////////////
Address Gauge Voter
//////////////////////////////////////////////////////////////*/
interface IAddressGaugeVoterStorageEventsErrors is
IGaugeManagerEvents,
IGaugeManagerErrors,
IAddressGaugeVoterEvents,
IAddressGaugeVoterErrors
{
}/// SPDX-License-Identifier: MIT
pragma solidity ^0.8.17;
import {Clones} from "@openzeppelin/contracts/proxy/Clones.sol";
import {Address} from "@openzeppelin/contracts/utils/Address.sol";
import {ERC165Checker} from "@openzeppelin/contracts/utils/introspection/ERC165Checker.sol";
import {IDAO} from "@aragon/osx-commons-contracts/src/dao/IDAO.sol";
import {IPluginSetup} from "@aragon/osx-commons-contracts/src/plugin/setup/IPluginSetup.sol";
import {
IProposal
} from "@aragon/osx-commons-contracts/src/plugin/extensions/proposal/IProposal.sol";
import {ProxyLib} from "@libs/ProxyLib.sol";
import {PermissionLib} from "@aragon/osx-commons-contracts/src/permission/PermissionLib.sol";
import {PluginSetup} from "@aragon/osx-commons-contracts/src/plugin/setup/PluginSetup.sol";
import {AddressGaugeVoter as GaugeVoter} from "@voting/AddressGaugeVoter.sol";
import {VotingEscrowV1_2_0 as VotingEscrow} from "@escrow/VotingEscrowIncreasing_v1_2_0.sol";
import {DynamicExitQueue as ExitQueue} from "@queue/DynamicExitQueue.sol";
import {LinearIncreasingCurve as Curve} from "@curve/LinearIncreasingCurve.sol";
import {ClockV1_2_0 as Clock} from "@clock/Clock_v1_2_0.sol";
import {LockV1_2_0 as Lock} from "@lock/Lock_v1_2_0.sol";
import {EscrowIVotesAdapter} from "@delegation/EscrowIVotesAdapter.sol";
/// @param isPaused Whether the voter contract is deployed in a paused state
/// @param veTokenName The name of the voting escrow token
/// @param veTokenSymbol The symbol of the voting escrow token
/// @param token The underlying token for the escrow
/// @param cooldown The cooldown period for the exit queue
struct IGaugeVoterSetupParams {
// voter
bool isPaused;
// escrow - NFT
string veTokenName;
string veTokenSymbol;
// escrow - main
address token;
uint256 minDeposit;
// queue
uint256 feePercent;
uint48 cooldown;
uint48 minLock;
}
contract GaugeVoterSetupV1_4_0 is PluginSetup {
using Address for address;
using Clones for address;
using ERC165Checker for address;
using ProxyLib for address;
/// @notice The identifier of the `EXECUTE_PERMISSION` permission.
bytes32 public constant EXECUTE_PERMISSION_ID = keccak256("EXECUTE_PERMISSION");
/// @notice Thrown if passed helpers array is of wrong length.
/// @param length The array length of passed helpers.
error WrongHelpersArrayLength(uint256 length);
/// @dev implementation of the gaugevoting plugin
address voterBase;
/// @dev implementation of the escrow voting curve
address curveBase;
/// @dev implementation of the exit queue
address queueBase;
/// @dev implementation of the escrow locker
address escrowBase;
/// @dev implementation of the clock
address clockBase;
/// @dev implementation of the escrow NFT
address nftBase;
/// @dev implementation of the delegation adapter
address ivotesAdapterBase;
struct Deployment {
address curve;
address exitQueue;
address escrow;
address clock;
address nftLock;
address ivotesAdapter;
address plugin;
}
/// @notice Deploys the setup by binding the implementation contracts required during installation.
constructor(
address _voterBase,
address _curveBase,
address _queueBase,
address _escrowBase,
address _clockBase,
address _nftBase,
address _ivotesAdapterBase
) PluginSetup(_voterBase) {
voterBase = _voterBase;
curveBase = _curveBase;
queueBase = _queueBase;
escrowBase = _escrowBase;
clockBase = _clockBase;
nftBase = _nftBase;
ivotesAdapterBase = _ivotesAdapterBase;
}
/// @inheritdoc IPluginSetup
/// @dev You need to set the helpers on the plugin as a post install action.
function prepareInstallation(
address _dao,
bytes calldata _data
) external returns (address plugin, PreparedSetupData memory preparedSetupData) {
IGaugeVoterSetupParams memory params = abi.decode(_data, (IGaugeVoterSetupParams));
Deployment memory deps;
// deploy the clock
deps.clock = address(
clockBase.deployUUPSProxy(abi.encodeWithSelector(Clock.initialize.selector, _dao))
);
// deploy the escrow locker
deps.escrow = escrowBase.deployUUPSProxy(
abi.encodeCall(
VotingEscrow.initialize,
(params.token, _dao, deps.clock, params.minDeposit)
)
);
deps.ivotesAdapter = ivotesAdapterBase.deployUUPSProxy(
abi.encodeCall(EscrowIVotesAdapter.initialize, (_dao, deps.escrow, deps.clock, false))
);
// deploy the voting contract (plugin)
deps.plugin = voterBase.deployUUPSProxy(
abi.encodeCall(
GaugeVoter.initialize,
(_dao, deps.escrow, params.isPaused, deps.clock, deps.ivotesAdapter, true)
)
);
// deploy the curve
deps.curve = curveBase.deployUUPSProxy(
abi.encodeCall(Curve.initialize, (deps.escrow, _dao, deps.clock))
);
// deploy the exit queue
deps.exitQueue = queueBase.deployUUPSProxy(
abi.encodeCall(
ExitQueue.initialize,
(deps.escrow, params.cooldown, _dao, params.feePercent, deps.clock, params.minLock)
)
);
// deploy the escrow NFT
deps.nftLock = nftBase.deployUUPSProxy(
abi.encodeCall(
Lock.initialize,
(deps.escrow, params.veTokenName, params.veTokenSymbol, _dao)
)
);
// encode our setup data with permissions and helpers
PermissionLib.MultiTargetPermission[] memory permissions = getPermissions(
_dao,
deps.plugin,
deps.curve,
deps.exitQueue,
deps.escrow,
deps.clock,
deps.nftLock,
deps.ivotesAdapter,
PermissionLib.Operation.Grant
);
address[] memory helpers = new address[](6);
helpers[0] = deps.curve;
helpers[1] = deps.exitQueue;
helpers[2] = deps.escrow;
helpers[3] = deps.clock;
helpers[4] = deps.nftLock;
helpers[5] = deps.ivotesAdapter;
// return arguments
preparedSetupData.helpers = helpers;
preparedSetupData.permissions = permissions;
plugin = deps.plugin;
}
/// @inheritdoc IPluginSetup
function prepareUninstallation(
address _dao,
SetupPayload calldata _payload
) external view returns (PermissionLib.MultiTargetPermission[] memory permissions) {
// check the helpers length
if (_payload.currentHelpers.length != 6) {
revert WrongHelpersArrayLength(_payload.currentHelpers.length);
}
address curve = _payload.currentHelpers[0];
address queue = _payload.currentHelpers[1];
address escrow = _payload.currentHelpers[2];
address clock = _payload.currentHelpers[3];
address nftLock = _payload.currentHelpers[4];
address ivotesAdapter = _payload.currentHelpers[5];
permissions = getPermissions(
_dao,
_payload.plugin,
curve,
queue,
escrow,
clock,
nftLock,
ivotesAdapter,
PermissionLib.Operation.Revoke
);
}
/// @notice Returns the permissions required for the plugin install and uninstall.
/// @param _dao The DAO address on this chain.
/// @param _plugin The plugin address.
/// @param _grantOrRevoke The operation to perform
function getPermissions(
address _dao,
address _plugin,
address _curve,
address _queue,
address _escrow,
address _clock,
address _nft,
address _ivotesAdapter,
PermissionLib.Operation _grantOrRevoke
) public view returns (PermissionLib.MultiTargetPermission[] memory) {
PermissionLib.MultiTargetPermission[]
memory permissions = new PermissionLib.MultiTargetPermission[](12);
permissions[0] = PermissionLib.MultiTargetPermission({
permissionId: GaugeVoter(_plugin).GAUGE_ADMIN_ROLE(),
where: _plugin,
who: _dao,
operation: _grantOrRevoke,
condition: PermissionLib.NO_CONDITION
});
permissions[1] = PermissionLib.MultiTargetPermission({
permissionId: VotingEscrow(_escrow).ESCROW_ADMIN_ROLE(),
where: _escrow,
who: _dao,
operation: _grantOrRevoke,
condition: PermissionLib.NO_CONDITION
});
permissions[2] = PermissionLib.MultiTargetPermission({
permissionId: ExitQueue(_queue).QUEUE_ADMIN_ROLE(),
where: _queue,
who: _dao,
operation: _grantOrRevoke,
condition: PermissionLib.NO_CONDITION
});
permissions[3] = PermissionLib.MultiTargetPermission({
permissionId: Curve(_curve).CURVE_ADMIN_ROLE(),
where: _curve,
who: _dao,
operation: _grantOrRevoke,
condition: PermissionLib.NO_CONDITION
});
permissions[4] = PermissionLib.MultiTargetPermission({
permissionId: GaugeVoter(_plugin).UPGRADE_PLUGIN_PERMISSION_ID(),
where: _plugin,
who: _dao,
operation: _grantOrRevoke,
condition: PermissionLib.NO_CONDITION
});
permissions[5] = PermissionLib.MultiTargetPermission({
permissionId: Clock(_clock).CLOCK_ADMIN_ROLE(),
where: _clock,
who: _dao,
operation: _grantOrRevoke,
condition: PermissionLib.NO_CONDITION
});
permissions[6] = PermissionLib.MultiTargetPermission({
permissionId: Lock(_nft).LOCK_ADMIN_ROLE(),
where: _nft,
who: _dao,
operation: _grantOrRevoke,
condition: PermissionLib.NO_CONDITION
});
permissions[7] = PermissionLib.MultiTargetPermission({
permissionId: EscrowIVotesAdapter(_ivotesAdapter).DELEGATION_ADMIN_ROLE(),
where: _ivotesAdapter,
who: _dao,
operation: _grantOrRevoke,
condition: PermissionLib.NO_CONDITION
});
permissions[8] = PermissionLib.MultiTargetPermission({
permissionId: EscrowIVotesAdapter(_ivotesAdapter).DELEGATION_TOKEN_ROLE(),
where: _ivotesAdapter,
who: _dao,
operation: _grantOrRevoke,
condition: PermissionLib.NO_CONDITION
});
permissions[9] = PermissionLib.MultiTargetPermission({
permissionId: VotingEscrow(_escrow).PAUSER_ROLE(),
where: _escrow,
who: _dao,
operation: _grantOrRevoke,
condition: PermissionLib.NO_CONDITION
});
permissions[10] = PermissionLib.MultiTargetPermission({
permissionId: VotingEscrow(_escrow).SWEEPER_ROLE(),
where: _escrow,
who: _dao,
operation: _grantOrRevoke,
condition: PermissionLib.NO_CONDITION
});
permissions[11] = PermissionLib.MultiTargetPermission({
permissionId: ExitQueue(_queue).WITHDRAW_ROLE(),
where: _queue,
who: _dao,
operation: _grantOrRevoke,
condition: PermissionLib.NO_CONDITION
});
return permissions;
}
function encodeSetupData(
IGaugeVoterSetupParams calldata _params
) external pure returns (bytes memory) {
return abi.encode(_params);
}
/// @notice utility for external applications create the encoded setup data.
function encodeSetupData(
bool isPaused,
string calldata veTokenName,
string calldata veTokenSymbol,
address token,
uint48 cooldown,
uint256 feePercent,
uint48 minLock,
uint256 minDeposit
) external pure returns (bytes memory) {
return
abi.encode(
IGaugeVoterSetupParams({
isPaused: isPaused,
token: token,
veTokenName: veTokenName,
veTokenSymbol: veTokenSymbol,
cooldown: cooldown,
feePercent: feePercent,
minLock: minLock,
minDeposit: minDeposit
})
);
}
}// SPDX-License-Identifier: AGPL-3.0-or-later
pragma solidity ^0.8.8;
import {ERC165Checker} from "@openzeppelin/contracts/utils/introspection/ERC165Checker.sol";
import {ProtocolVersion} from "@aragon/osx-commons-contracts/src/utils/versioning/ProtocolVersion.sol";
import {IPluginSetup} from "@aragon/osx-commons-contracts/src/plugin/setup/IPluginSetup.sol";
import {PluginSetup} from "@aragon/osx-commons-contracts/src/plugin/setup/PluginSetup.sol";
import {DAO} from "../../../core/dao/DAO.sol";
import {PermissionLib} from "@aragon/osx-commons-contracts/src/permission/PermissionLib.sol";
import {PluginUUPSUpgradeable} from "@aragon/osx-commons-contracts/src/plugin/PluginUUPSUpgradeable.sol";
import {IPlugin} from "@aragon/osx-commons-contracts/src/plugin/IPlugin.sol";
import {PluginRepoRegistry} from "../repo/PluginRepoRegistry.sol";
import {PluginRepo} from "../repo/PluginRepo.sol";
import {PluginSetupRef, hashHelpers, hashPermissions, _getPreparedSetupId, _getAppliedSetupId, _getPluginInstallationId, PreparationType} from "./PluginSetupProcessorHelpers.sol";
/// @title PluginSetupProcessor
/// @author Aragon X - 2022-2023
/// @notice This contract processes the preparation and application of plugin setups (installation, update, uninstallation) on behalf of a requesting DAO.
/// @dev This contract is temporarily granted the `ROOT_PERMISSION_ID` permission on the applying DAO and therefore is highly security critical.
/// @custom:security-contact [email protected]
contract PluginSetupProcessor is ProtocolVersion {
using ERC165Checker for address;
/// @notice The ID of the permission required to call the `applyInstallation` function.
bytes32 public constant APPLY_INSTALLATION_PERMISSION_ID =
keccak256("APPLY_INSTALLATION_PERMISSION");
/// @notice The ID of the permission required to call the `applyUpdate` function.
bytes32 public constant APPLY_UPDATE_PERMISSION_ID = keccak256("APPLY_UPDATE_PERMISSION");
/// @notice The ID of the permission required to call the `applyUninstallation` function.
bytes32 public constant APPLY_UNINSTALLATION_PERMISSION_ID =
keccak256("APPLY_UNINSTALLATION_PERMISSION");
/// @notice The hash obtained from the bytes-encoded empty array to be used for UI updates being required to submit an empty permission array.
/// @dev The hash is computed via `keccak256(abi.encode([]))`.
bytes32 private constant EMPTY_ARRAY_HASH =
0x569e75fc77c1a856f6daaf9e69d8a9566ca34aa47f9133711ce065a571af0cfd;
/// @notice The hash obtained from the bytes-encoded zero value.
/// @dev The hash is computed via `keccak256(abi.encode(0))`.
bytes32 private constant ZERO_BYTES_HASH =
0x290decd9548b62a8d60345a988386fc84ba6bc95484008f6362f93160ef3e563;
/// @notice A struct containing information related to plugin setups that have been applied.
/// @param blockNumber The block number at which the `applyInstallation`, `applyUpdate` or `applyUninstallation` was executed.
/// @param currentAppliedSetupId The current setup id that plugin holds. Needed to confirm that `prepareUpdate` or `prepareUninstallation` happens for the plugin's current/valid dependencies.
/// @param preparedSetupIdToBlockNumber The mapping between prepared setup IDs and block numbers at which `prepareInstallation`, `prepareUpdate` or `prepareUninstallation` was executed.
struct PluginState {
uint256 blockNumber;
bytes32 currentAppliedSetupId;
mapping(bytes32 => uint256) preparedSetupIdToBlockNumber;
}
/// @notice A mapping between the plugin installation ID (obtained from the DAO and plugin address) and the plugin state information.
/// @dev This variable is public on purpose to allow future versions to access and migrate the storage.
mapping(bytes32 => PluginState) public states;
/// @notice The struct containing the parameters for the `prepareInstallation` function.
/// @param pluginSetupRef The reference to the plugin setup to be used for the installation.
/// @param data The bytes-encoded data containing the input parameters for the installation preparation as specified in the corresponding ABI on the version's metadata.
struct PrepareInstallationParams {
PluginSetupRef pluginSetupRef;
bytes data;
}
/// @notice The struct containing the parameters for the `applyInstallation` function.
/// @param pluginSetupRef The reference to the plugin setup used for the installation.
/// @param plugin The address of the plugin contract to be installed.
/// @param permissions The array of multi-targeted permission operations to be applied by the `PluginSetupProcessor` to the DAO.
/// @param helpersHash The hash of helpers that were deployed in `prepareInstallation`. This helps to derive the setup ID.
struct ApplyInstallationParams {
PluginSetupRef pluginSetupRef;
address plugin;
PermissionLib.MultiTargetPermission[] permissions;
bytes32 helpersHash;
}
/// @notice The struct containing the parameters for the `prepareUpdate` function.
/// @param currentVersionTag The tag of the current plugin version to update from.
/// @param newVersionTag The tag of the new plugin version to update to.
/// @param pluginSetupRepo The plugin setup repository address on which the plugin exists.
/// @param setupPayload The payload containing the plugin and helper contract addresses deployed in a preparation step as well as optional data to be consumed by the plugin setup.
/// This includes the bytes-encoded data containing the input parameters for the update preparation as specified in the corresponding ABI on the version's metadata.
struct PrepareUpdateParams {
PluginRepo.Tag currentVersionTag;
PluginRepo.Tag newVersionTag;
PluginRepo pluginSetupRepo;
IPluginSetup.SetupPayload setupPayload;
}
/// @notice The struct containing the parameters for the `applyUpdate` function.
/// @param plugin The address of the plugin contract to be updated.
/// @param pluginSetupRef The reference to the plugin setup used for the update.
/// @param initData The encoded data (function selector and arguments) to be provided to `upgradeToAndCall`.
/// @param permissions The array of multi-targeted permission operations to be applied by the `PluginSetupProcessor` to the DAO.
/// @param helpersHash The hash of helpers that were deployed in `prepareUpdate`. This helps to derive the setup ID.
struct ApplyUpdateParams {
address plugin;
PluginSetupRef pluginSetupRef;
bytes initData;
PermissionLib.MultiTargetPermission[] permissions;
bytes32 helpersHash;
}
/// @notice The struct containing the parameters for the `prepareUninstallation` function.
/// @param pluginSetupRef The reference to the plugin setup to be used for the uninstallation.
/// @param setupPayload The payload containing the plugin and helper contract addresses deployed in a preparation step as well as optional data to be consumed by the plugin setup.
/// This includes the bytes-encoded data containing the input parameters for the uninstallation preparation as specified in the corresponding ABI on the version's metadata.
struct PrepareUninstallationParams {
PluginSetupRef pluginSetupRef;
IPluginSetup.SetupPayload setupPayload;
}
/// @notice The struct containing the parameters for the `applyInstallation` function.
/// @param plugin The address of the plugin contract to be uninstalled.
/// @param pluginSetupRef The reference to the plugin setup used for the uninstallation.
/// @param permissions The array of multi-targeted permission operations to be applied by the `PluginSetupProcess.
struct ApplyUninstallationParams {
address plugin;
PluginSetupRef pluginSetupRef;
PermissionLib.MultiTargetPermission[] permissions;
}
/// @notice The plugin repo registry listing the `PluginRepo` contracts versioning the `PluginSetup` contracts.
PluginRepoRegistry public repoRegistry;
/// @notice Thrown if a setup is unauthorized and cannot be applied because of a missing permission of the associated DAO.
/// @param dao The address of the DAO to which the plugin belongs.
/// @param caller The address (EOA or contract) that requested the application of a setup on the associated DAO.
/// @param permissionId The permission identifier.
/// @dev This is thrown if the `APPLY_INSTALLATION_PERMISSION_ID`, `APPLY_UPDATE_PERMISSION_ID`, or APPLY_UNINSTALLATION_PERMISSION_ID is missing.
error SetupApplicationUnauthorized(address dao, address caller, bytes32 permissionId);
/// @notice Thrown if a plugin is not upgradeable.
/// @param plugin The address of the plugin contract.
error PluginNonupgradeable(address plugin);
/// @notice Thrown if the upgrade of an `UUPSUpgradeable` proxy contract (see [ERC-1822](https://eips.ethereum.org/EIPS/eip-1822)) failed.
/// @param proxy The address of the proxy.
/// @param implementation The address of the implementation contract.
/// @param initData The initialization data to be passed to the upgradeable plugin contract via `upgradeToAndCall`.
error PluginProxyUpgradeFailed(address proxy, address implementation, bytes initData);
/// @notice Thrown if a contract does not support the `IPlugin` interface.
/// @param plugin The address of the contract.
error IPluginNotSupported(address plugin);
/// @notice Thrown if a plugin repository does not exist on the plugin repo registry.
error PluginRepoNonexistent();
/// @notice Thrown if a plugin setup was already prepared indicated by the prepared setup ID.
/// @param preparedSetupId The prepared setup ID.
error SetupAlreadyPrepared(bytes32 preparedSetupId);
/// @notice Thrown if a prepared setup ID is not eligible to be applied. This can happen if another setup has been already applied or if the setup wasn't prepared in the first place.
/// @param preparedSetupId The prepared setup ID.
error SetupNotApplicable(bytes32 preparedSetupId);
/// @notice Thrown if the update version is invalid.
/// @param currentVersionTag The tag of the current version to update from.
/// @param newVersionTag The tag of the new version to update to.
error InvalidUpdateVersion(PluginRepo.Tag currentVersionTag, PluginRepo.Tag newVersionTag);
/// @notice Thrown if plugin is already installed and one tries to prepare or apply install on it.
error PluginAlreadyInstalled();
/// @notice Thrown if the applied setup ID resulting from the supplied setup payload does not match with the current applied setup ID.
/// @param currentAppliedSetupId The current applied setup ID with which the data in the supplied payload must match.
/// @param appliedSetupId The applied setup ID obtained from the data in the supplied setup payload.
error InvalidAppliedSetupId(bytes32 currentAppliedSetupId, bytes32 appliedSetupId);
/// @notice Emitted with a prepared plugin installation to store data relevant for the application step.
/// @param sender The sender that prepared the plugin installation.
/// @param dao The address of the DAO to which the plugin belongs.
/// @param preparedSetupId The prepared setup ID obtained from the supplied data.
/// @param pluginSetupRepo The repository storing the `PluginSetup` contracts of all versions of a plugin.
/// @param versionTag The version tag of the plugin setup of the prepared installation.
/// @param data The bytes-encoded data containing the input parameters for the preparation as specified in the corresponding ABI on the version's metadata.
/// @param plugin The address of the plugin contract.
/// @param preparedSetupData The deployed plugin's relevant data which consists of helpers and permissions.
event InstallationPrepared(
address indexed sender,
address indexed dao,
bytes32 preparedSetupId,
PluginRepo indexed pluginSetupRepo,
PluginRepo.Tag versionTag,
bytes data,
address plugin,
IPluginSetup.PreparedSetupData preparedSetupData
);
/// @notice Emitted after a plugin installation was applied.
/// @param dao The address of the DAO to which the plugin belongs.
/// @param plugin The address of the plugin contract.
/// @param preparedSetupId The prepared setup ID.
/// @param appliedSetupId The applied setup ID.
event InstallationApplied(
address indexed dao,
address indexed plugin,
bytes32 preparedSetupId,
bytes32 appliedSetupId
);
/// @notice Emitted with a prepared plugin update to store data relevant for the application step.
/// @param sender The sender that prepared the plugin update.
/// @param dao The address of the DAO to which the plugin belongs.
/// @param preparedSetupId The prepared setup ID.
/// @param pluginSetupRepo The repository storing the `PluginSetup` contracts of all versions of a plugin.
/// @param versionTag The version tag of the plugin setup of the prepared update.
/// @param setupPayload The payload containing the plugin and helper contract addresses deployed in a preparation step as well as optional data to be consumed by the plugin setup.
/// @param preparedSetupData The deployed plugin's relevant data which consists of helpers and permissions.
/// @param initData The initialization data to be passed to the upgradeable plugin contract.
event UpdatePrepared(
address indexed sender,
address indexed dao,
bytes32 preparedSetupId,
PluginRepo indexed pluginSetupRepo,
PluginRepo.Tag versionTag,
IPluginSetup.SetupPayload setupPayload,
IPluginSetup.PreparedSetupData preparedSetupData,
bytes initData
);
/// @notice Emitted after a plugin update was applied.
/// @param dao The address of the DAO to which the plugin belongs.
/// @param plugin The address of the plugin contract.
/// @param preparedSetupId The prepared setup ID.
/// @param appliedSetupId The applied setup ID.
event UpdateApplied(
address indexed dao,
address indexed plugin,
bytes32 preparedSetupId,
bytes32 appliedSetupId
);
/// @notice Emitted with a prepared plugin uninstallation to store data relevant for the application step.
/// @param sender The sender that prepared the plugin uninstallation.
/// @param dao The address of the DAO to which the plugin belongs.
/// @param preparedSetupId The prepared setup ID.
/// @param pluginSetupRepo The repository storing the `PluginSetup` contracts of all versions of a plugin.
/// @param versionTag The version tag of the plugin to used for install preparation.
/// @param setupPayload The payload containing the plugin and helper contract addresses deployed in a preparation step as well as optional data to be consumed by the plugin setup.
/// @param permissions The list of multi-targeted permission operations to be applied to the installing DAO.
event UninstallationPrepared(
address indexed sender,
address indexed dao,
bytes32 preparedSetupId,
PluginRepo indexed pluginSetupRepo,
PluginRepo.Tag versionTag,
IPluginSetup.SetupPayload setupPayload,
PermissionLib.MultiTargetPermission[] permissions
);
/// @notice Emitted after a plugin installation was applied.
/// @param dao The address of the DAO to which the plugin belongs.
/// @param plugin The address of the plugin contract.
/// @param preparedSetupId The prepared setup ID.
event UninstallationApplied(
address indexed dao,
address indexed plugin,
bytes32 preparedSetupId
);
/// @notice A modifier to check if a caller has the permission to apply a prepared setup.
/// @param _dao The address of the DAO.
/// @param _permissionId The permission identifier.
modifier canApply(address _dao, bytes32 _permissionId) {
_canApply(_dao, _permissionId);
_;
}
/// @notice Constructs the plugin setup processor by setting the associated plugin repo registry.
/// @param _repoRegistry The plugin repo registry contract.
constructor(PluginRepoRegistry _repoRegistry) {
repoRegistry = _repoRegistry;
}
/// @notice Prepares the installation of a plugin.
/// @param _dao The address of the installing DAO.
/// @param _params The struct containing the parameters for the `prepareInstallation` function.
/// @return plugin The prepared plugin contract address.
/// @return preparedSetupData The data struct containing the array of helper contracts and permissions that the setup has prepared.
function prepareInstallation(
address _dao,
PrepareInstallationParams calldata _params
) external returns (address plugin, IPluginSetup.PreparedSetupData memory preparedSetupData) {
PluginRepo pluginSetupRepo = _params.pluginSetupRef.pluginSetupRepo;
// Check that the plugin repository exists on the plugin repo registry.
if (!repoRegistry.entries(address(pluginSetupRepo))) {
revert PluginRepoNonexistent();
}
// reverts if not found
PluginRepo.Version memory version = pluginSetupRepo.getVersion(
_params.pluginSetupRef.versionTag
);
// Prepare the installation
(plugin, preparedSetupData) = PluginSetup(version.pluginSetup).prepareInstallation(
_dao,
_params.data
);
bytes32 pluginInstallationId = _getPluginInstallationId(_dao, plugin);
bytes32 preparedSetupId = _getPreparedSetupId(
_params.pluginSetupRef,
hashPermissions(preparedSetupData.permissions),
hashHelpers(preparedSetupData.helpers),
bytes(""),
PreparationType.Installation
);
PluginState storage pluginState = states[pluginInstallationId];
// Check if this plugin is already installed.
if (pluginState.currentAppliedSetupId != bytes32(0)) {
revert PluginAlreadyInstalled();
}
// Check if this setup has already been prepared before and is pending.
if (pluginState.blockNumber < pluginState.preparedSetupIdToBlockNumber[preparedSetupId]) {
revert SetupAlreadyPrepared({preparedSetupId: preparedSetupId});
}
pluginState.preparedSetupIdToBlockNumber[preparedSetupId] = block.number;
emit InstallationPrepared({
sender: msg.sender,
dao: _dao,
preparedSetupId: preparedSetupId,
pluginSetupRepo: pluginSetupRepo,
versionTag: _params.pluginSetupRef.versionTag,
data: _params.data,
plugin: plugin,
preparedSetupData: preparedSetupData
});
return (plugin, preparedSetupData);
}
/// @notice Applies the permissions of a prepared installation to a DAO.
/// @param _dao The address of the installing DAO.
/// @param _params The struct containing the parameters for the `applyInstallation` function.
function applyInstallation(
address _dao,
ApplyInstallationParams calldata _params
) external canApply(_dao, APPLY_INSTALLATION_PERMISSION_ID) {
bytes32 pluginInstallationId = _getPluginInstallationId(_dao, _params.plugin);
PluginState storage pluginState = states[pluginInstallationId];
bytes32 preparedSetupId = _getPreparedSetupId(
_params.pluginSetupRef,
hashPermissions(_params.permissions),
_params.helpersHash,
bytes(""),
PreparationType.Installation
);
// Check if this plugin is already installed.
if (pluginState.currentAppliedSetupId != bytes32(0)) {
revert PluginAlreadyInstalled();
}
validatePreparedSetupId(pluginInstallationId, preparedSetupId);
bytes32 appliedSetupId = _getAppliedSetupId(_params.pluginSetupRef, _params.helpersHash);
pluginState.currentAppliedSetupId = appliedSetupId;
pluginState.blockNumber = block.number;
// If the list of requested permission changes is not empty, process them.
// Note, that this requires the `PluginSetupProcessor` to have the `ROOT_PERMISSION_ID` permission on the
// installing DAO. Make sure this permission is only granted TEMPORARILY.
if (_params.permissions.length > 0) {
DAO(payable(_dao)).applyMultiTargetPermissions(_params.permissions);
}
emit InstallationApplied({
dao: _dao,
plugin: _params.plugin,
preparedSetupId: preparedSetupId,
appliedSetupId: appliedSetupId
});
}
/// @notice Prepares the update of an UUPS upgradeable plugin.
/// @param _dao The address of the DAO For which preparation of update happens.
/// @param _params The struct containing the parameters for the `prepareUpdate` function.
/// @return initData The initialization data to be passed to upgradeable contracts when the update is applied
/// @return preparedSetupData The data struct containing the array of helper contracts and permissions that the setup has prepared.
/// @dev The list of `_params.setupPayload.currentHelpers` has to be specified in the same order as they were returned from previous setups preparation steps (the latest `prepareInstallation` or `prepareUpdate` step that has happened) on which the update is prepared for.
function prepareUpdate(
address _dao,
PrepareUpdateParams calldata _params
)
external
returns (bytes memory initData, IPluginSetup.PreparedSetupData memory preparedSetupData)
{
if (
_params.currentVersionTag.release != _params.newVersionTag.release ||
_params.currentVersionTag.build >= _params.newVersionTag.build
) {
revert InvalidUpdateVersion({
currentVersionTag: _params.currentVersionTag,
newVersionTag: _params.newVersionTag
});
}
bytes32 pluginInstallationId = _getPluginInstallationId(_dao, _params.setupPayload.plugin);
PluginState storage pluginState = states[pluginInstallationId];
bytes32 currentHelpersHash = hashHelpers(_params.setupPayload.currentHelpers);
bytes32 appliedSetupId = _getAppliedSetupId(
PluginSetupRef(_params.currentVersionTag, _params.pluginSetupRepo),
currentHelpersHash
);
// The following check implicitly confirms that plugin is currently installed.
// Otherwise, `currentAppliedSetupId` would not be set.
if (pluginState.currentAppliedSetupId != appliedSetupId) {
revert InvalidAppliedSetupId({
currentAppliedSetupId: pluginState.currentAppliedSetupId,
appliedSetupId: appliedSetupId
});
}
PluginRepo.Version memory currentVersion = _params.pluginSetupRepo.getVersion(
_params.currentVersionTag
);
PluginRepo.Version memory newVersion = _params.pluginSetupRepo.getVersion(
_params.newVersionTag
);
bytes32 preparedSetupId;
// If the current and new plugin setup are identical, this is an UI update.
// In this case, the permission hash is set to the empty array hash and the `prepareUpdate` call is skipped to avoid side effects.
if (currentVersion.pluginSetup == newVersion.pluginSetup) {
preparedSetupId = _getPreparedSetupId(
PluginSetupRef(_params.newVersionTag, _params.pluginSetupRepo),
EMPTY_ARRAY_HASH,
currentHelpersHash,
bytes(""),
PreparationType.Update
);
// Because UI updates do not change the plugin functionality, the array of helpers
// associated with this plugin version `preparedSetupData.helpers` and being returned must
// equal `_params.setupPayload.currentHelpers` returned by the previous setup step (installation or update )
// that this update is transitioning from.
preparedSetupData.helpers = _params.setupPayload.currentHelpers;
} else {
// Check that plugin is `PluginUUPSUpgradable`.
if (!_params.setupPayload.plugin.supportsInterface(type(IPlugin).interfaceId)) {
revert IPluginNotSupported({plugin: _params.setupPayload.plugin});
}
if (IPlugin(_params.setupPayload.plugin).pluginType() != IPlugin.PluginType.UUPS) {
revert PluginNonupgradeable({plugin: _params.setupPayload.plugin});
}
// Prepare the update.
(initData, preparedSetupData) = PluginSetup(newVersion.pluginSetup).prepareUpdate(
_dao,
_params.currentVersionTag.build,
_params.setupPayload
);
preparedSetupId = _getPreparedSetupId(
PluginSetupRef(_params.newVersionTag, _params.pluginSetupRepo),
hashPermissions(preparedSetupData.permissions),
hashHelpers(preparedSetupData.helpers),
initData,
PreparationType.Update
);
}
// Check if this setup has already been prepared before and is pending.
if (pluginState.blockNumber < pluginState.preparedSetupIdToBlockNumber[preparedSetupId]) {
revert SetupAlreadyPrepared({preparedSetupId: preparedSetupId});
}
pluginState.preparedSetupIdToBlockNumber[preparedSetupId] = block.number;
// Avoid stack too deep.
emitPrepareUpdateEvent(_dao, preparedSetupId, _params, preparedSetupData, initData);
return (initData, preparedSetupData);
}
/// @notice Applies the permissions of a prepared update of an UUPS upgradeable proxy contract to a DAO.
/// @param _dao The address of the updating DAO.
/// @param _params The struct containing the parameters for the `applyUpdate` function.
function applyUpdate(
address _dao,
ApplyUpdateParams calldata _params
) external canApply(_dao, APPLY_UPDATE_PERMISSION_ID) {
bytes32 pluginInstallationId = _getPluginInstallationId(_dao, _params.plugin);
PluginState storage pluginState = states[pluginInstallationId];
bytes32 preparedSetupId = _getPreparedSetupId(
_params.pluginSetupRef,
hashPermissions(_params.permissions),
_params.helpersHash,
_params.initData,
PreparationType.Update
);
validatePreparedSetupId(pluginInstallationId, preparedSetupId);
bytes32 appliedSetupId = _getAppliedSetupId(_params.pluginSetupRef, _params.helpersHash);
pluginState.blockNumber = block.number;
pluginState.currentAppliedSetupId = appliedSetupId;
PluginRepo.Version memory version = _params.pluginSetupRef.pluginSetupRepo.getVersion(
_params.pluginSetupRef.versionTag
);
address currentImplementation = PluginUUPSUpgradeable(_params.plugin).implementation();
address newImplementation = PluginSetup(version.pluginSetup).implementation();
if (currentImplementation != newImplementation) {
_upgradeProxy(_params.plugin, newImplementation, _params.initData);
}
// If the list of requested permission changes is not empty, process them.
// Note, that this requires the `PluginSetupProcessor` to have the `ROOT_PERMISSION_ID` permission on the
// updating DAO. Make sure this permission is only granted TEMPORARILY.
if (_params.permissions.length > 0) {
DAO(payable(_dao)).applyMultiTargetPermissions(_params.permissions);
}
emit UpdateApplied({
dao: _dao,
plugin: _params.plugin,
preparedSetupId: preparedSetupId,
appliedSetupId: appliedSetupId
});
}
/// @notice Prepares the uninstallation of a plugin.
/// @param _dao The address of the uninstalling DAO.
/// @param _params The struct containing the parameters for the `prepareUninstallation` function.
/// @return permissions The list of multi-targeted permission operations to be applied to the uninstalling DAO.
/// @dev The list of `_params.setupPayload.currentHelpers` has to be specified in the same order as they were returned from previous setups preparation steps (the latest `prepareInstallation` or `prepareUpdate` step that has happened) on which the uninstallation was prepared for.
function prepareUninstallation(
address _dao,
PrepareUninstallationParams calldata _params
) external returns (PermissionLib.MultiTargetPermission[] memory permissions) {
bytes32 pluginInstallationId = _getPluginInstallationId(_dao, _params.setupPayload.plugin);
PluginState storage pluginState = states[pluginInstallationId];
bytes32 appliedSetupId = _getAppliedSetupId(
_params.pluginSetupRef,
hashHelpers(_params.setupPayload.currentHelpers)
);
if (pluginState.currentAppliedSetupId != appliedSetupId) {
revert InvalidAppliedSetupId({
currentAppliedSetupId: pluginState.currentAppliedSetupId,
appliedSetupId: appliedSetupId
});
}
PluginRepo.Version memory version = _params.pluginSetupRef.pluginSetupRepo.getVersion(
_params.pluginSetupRef.versionTag
);
permissions = PluginSetup(version.pluginSetup).prepareUninstallation(
_dao,
_params.setupPayload
);
bytes32 preparedSetupId = _getPreparedSetupId(
_params.pluginSetupRef,
hashPermissions(permissions),
ZERO_BYTES_HASH,
bytes(""),
PreparationType.Uninstallation
);
// Check if this setup has already been prepared before and is pending.
if (pluginState.blockNumber < pluginState.preparedSetupIdToBlockNumber[preparedSetupId]) {
revert SetupAlreadyPrepared({preparedSetupId: preparedSetupId});
}
pluginState.preparedSetupIdToBlockNumber[preparedSetupId] = block.number;
emit UninstallationPrepared({
sender: msg.sender,
dao: _dao,
preparedSetupId: preparedSetupId,
pluginSetupRepo: _params.pluginSetupRef.pluginSetupRepo,
versionTag: _params.pluginSetupRef.versionTag,
setupPayload: _params.setupPayload,
permissions: permissions
});
}
/// @notice Applies the permissions of a prepared uninstallation to a DAO.
/// @param _dao The address of the DAO.
/// @param _dao The address of the uninstalling DAO.
/// @param _params The struct containing the parameters for the `applyUninstallation` function.
/// @dev The list of `_params.setupPayload.currentHelpers` has to be specified in the same order as they were returned from previous setups preparation steps (the latest `prepareInstallation` or `prepareUpdate` step that has happened) on which the uninstallation was prepared for.
function applyUninstallation(
address _dao,
ApplyUninstallationParams calldata _params
) external canApply(_dao, APPLY_UNINSTALLATION_PERMISSION_ID) {
bytes32 pluginInstallationId = _getPluginInstallationId(_dao, _params.plugin);
PluginState storage pluginState = states[pluginInstallationId];
bytes32 preparedSetupId = _getPreparedSetupId(
_params.pluginSetupRef,
hashPermissions(_params.permissions),
ZERO_BYTES_HASH,
bytes(""),
PreparationType.Uninstallation
);
validatePreparedSetupId(pluginInstallationId, preparedSetupId);
// Since the plugin is uninstalled, only the current block number must be updated.
pluginState.blockNumber = block.number;
pluginState.currentAppliedSetupId = bytes32(0);
// If the list of requested permission changes is not empty, process them.
// Note, that this requires the `PluginSetupProcessor` to have the `ROOT_PERMISSION_ID` permission on the
// uninstalling DAO. Make sure this permission is only granted TEMPORARILY.
if (_params.permissions.length > 0) {
DAO(payable(_dao)).applyMultiTargetPermissions(_params.permissions);
}
emit UninstallationApplied({
dao: _dao,
plugin: _params.plugin,
preparedSetupId: preparedSetupId
});
}
/// @notice Validates that a setup ID can be applied for `applyInstallation`, `applyUpdate`, or `applyUninstallation`.
/// @param pluginInstallationId The plugin installation ID obtained from the hash of `abi.encode(daoAddress, pluginAddress)`.
/// @param preparedSetupId The prepared setup ID to be validated.
/// @dev If the block number stored in `states[pluginInstallationId].blockNumber` exceeds the one stored in `pluginState.preparedSetupIdToBlockNumber[preparedSetupId]`, the prepared setup with `preparedSetupId` is outdated and not applicable anymore.
function validatePreparedSetupId(
bytes32 pluginInstallationId,
bytes32 preparedSetupId
) public view {
PluginState storage pluginState = states[pluginInstallationId];
if (pluginState.blockNumber >= pluginState.preparedSetupIdToBlockNumber[preparedSetupId]) {
revert SetupNotApplicable({preparedSetupId: preparedSetupId});
}
}
/// @notice Upgrades a UUPS upgradeable proxy contract (see [ERC-1822](https://eips.ethereum.org/EIPS/eip-1822)).
/// @param _proxy The address of the proxy.
/// @param _implementation The address of the implementation contract.
/// @param _initData The initialization data to be passed to the upgradeable plugin contract via `upgradeToAndCall`.
function _upgradeProxy(
address _proxy,
address _implementation,
bytes memory _initData
) private {
if (_initData.length > 0) {
try
PluginUUPSUpgradeable(_proxy).upgradeToAndCall(_implementation, _initData)
{} catch Error(string memory reason) {
revert(reason);
} catch (bytes memory /*lowLevelData*/) {
revert PluginProxyUpgradeFailed({
proxy: _proxy,
implementation: _implementation,
initData: _initData
});
}
} else {
try PluginUUPSUpgradeable(_proxy).upgradeTo(_implementation) {} catch Error(
string memory reason
) {
revert(reason);
} catch (bytes memory /*lowLevelData*/) {
revert PluginProxyUpgradeFailed({
proxy: _proxy,
implementation: _implementation,
initData: _initData
});
}
}
}
/// @notice Checks if a caller can apply a setup. The caller can be either the DAO to which the plugin setup is applied to or another account to which the DAO has granted the respective permission.
/// @param _dao The address of the applying DAO.
/// @param _permissionId The permission ID.
function _canApply(address _dao, bytes32 _permissionId) private view {
if (
msg.sender != _dao &&
!DAO(payable(_dao)).hasPermission(address(this), msg.sender, _permissionId, bytes(""))
) {
revert SetupApplicationUnauthorized({
dao: _dao,
caller: msg.sender,
permissionId: _permissionId
});
}
}
/// @notice A helper to emit the `UpdatePrepared` event from the supplied, structured data.
/// @param _dao The address of the updating DAO.
/// @param _preparedSetupId The prepared setup ID.
/// @param _params The struct containing the parameters for the `prepareUpdate` function.
/// @param _preparedSetupData The deployed plugin's relevant data which consists of helpers and permissions.
/// @param _initData The initialization data to be passed to upgradeable contracts when the update is applied
/// @dev This functions exists to avoid stack-too-deep errors.
function emitPrepareUpdateEvent(
address _dao,
bytes32 _preparedSetupId,
PrepareUpdateParams calldata _params,
IPluginSetup.PreparedSetupData memory _preparedSetupData,
bytes memory _initData
) private {
emit UpdatePrepared({
sender: msg.sender,
dao: _dao,
preparedSetupId: _preparedSetupId,
pluginSetupRepo: _params.pluginSetupRepo,
versionTag: _params.newVersionTag,
setupPayload: _params.setupPayload,
preparedSetupData: _preparedSetupData,
initData: _initData
});
}
}// SPDX-License-Identifier: AGPL-3.0-or-later
pragma solidity ^0.8.8;
import "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
import "@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol";
import {IPermissionCondition} from "@aragon/osx-commons-contracts/src/permission/condition/IPermissionCondition.sol";
import {PermissionCondition} from "@aragon/osx-commons-contracts/src/permission/condition/PermissionCondition.sol";
import {PermissionLib} from "@aragon/osx-commons-contracts/src/permission/PermissionLib.sol";
/// @title PermissionManager
/// @author Aragon X - 2021-2023
/// @notice The abstract permission manager used in a DAO, its associated plugins, and other framework-related components.
/// @custom:security-contact [email protected]
abstract contract PermissionManager is Initializable {
using AddressUpgradeable for address;
/// @notice The ID of the permission required to call the `grant`, `grantWithCondition`, `revoke`, and `bulk` function.
bytes32 public constant ROOT_PERMISSION_ID = keccak256("ROOT_PERMISSION");
/// @notice A special address encoding permissions that are valid for any address `who` or `where`.
address internal constant ANY_ADDR = address(type(uint160).max);
/// @notice A special address encoding if a permissions is not set and therefore not allowed.
address internal constant UNSET_FLAG = address(0);
/// @notice A special address encoding if a permission is allowed.
address internal constant ALLOW_FLAG = address(2);
/// @notice A mapping storing permissions as hashes (i.e., `permissionHash(where, who, permissionId)`) and their status encoded by an address (unset, allowed, or redirecting to a `PermissionCondition`).
mapping(bytes32 => address) internal permissionsHashed;
/// @notice Thrown if a call is unauthorized.
/// @param where The context in which the authorization reverted.
/// @param who The address (EOA or contract) missing the permission.
/// @param permissionId The permission identifier.
error Unauthorized(address where, address who, bytes32 permissionId);
/// @notice Thrown if a permission has been already granted with a different condition.
/// @dev This makes sure that condition on the same permission can not be overwriten by a different condition.
/// @param where The address of the target contract to grant `_who` permission to.
/// @param who The address (EOA or contract) to which the permission has already been granted.
/// @param permissionId The permission identifier.
/// @param currentCondition The current condition set for permissionId.
/// @param newCondition The new condition it tries to set for permissionId.
error PermissionAlreadyGrantedForDifferentCondition(
address where,
address who,
bytes32 permissionId,
address currentCondition,
address newCondition
);
/// @notice Thrown if a condition address is not a contract.
/// @param condition The address that is not a contract.
error ConditionNotAContract(IPermissionCondition condition);
/// @notice Thrown if a condition contract does not support the `IPermissionCondition` interface.
/// @param condition The address that is not a contract.
error ConditionInterfaceNotSupported(IPermissionCondition condition);
/// @notice Thrown for `ROOT_PERMISSION_ID` or `EXECUTE_PERMISSION_ID` permission grants where `who` or `where` is `ANY_ADDR`.
error PermissionsForAnyAddressDisallowed();
/// @notice Thrown for permission grants where `who` and `where` are both `ANY_ADDR`.
error AnyAddressDisallowedForWhoAndWhere();
/// @notice Thrown if `Operation.GrantWithCondition` is requested as an operation but the method does not support it.
error GrantWithConditionNotSupported();
/// @notice Emitted when a permission `permission` is granted in the context `here` to the address `_who` for the contract `_where`.
/// @param permissionId The permission identifier.
/// @param here The address of the context in which the permission is granted.
/// @param where The address of the target contract for which `_who` receives permission.
/// @param who The address (EOA or contract) receiving the permission.
/// @param condition The address `ALLOW_FLAG` for regular permissions or, alternatively, the `IPermissionCondition` contract implementation to be used.
event Granted(
bytes32 indexed permissionId,
address indexed here,
address where,
address indexed who,
address condition
);
/// @notice Emitted when a permission `permission` is revoked in the context `here` from the address `_who` for the contract `_where`.
/// @param permissionId The permission identifier.
/// @param here The address of the context in which the permission is revoked.
/// @param where The address of the target contract for which `_who` loses permission.
/// @param who The address (EOA or contract) losing the permission.
event Revoked(
bytes32 indexed permissionId,
address indexed here,
address where,
address indexed who
);
/// @notice A modifier to make functions on inheriting contracts authorized. Permissions to call the function are checked through this permission manager.
/// @param _permissionId The permission identifier required to call the method this modifier is applied to.
modifier auth(bytes32 _permissionId) {
_auth(_permissionId);
_;
}
/// @notice Initialization method to set the initial owner of the permission manager.
/// @dev The initial owner is granted the `ROOT_PERMISSION_ID` permission.
/// @param _initialOwner The initial owner of the permission manager.
function __PermissionManager_init(address _initialOwner) internal onlyInitializing {
_initializePermissionManager({_initialOwner: _initialOwner});
}
/// @notice Grants permission to an address to call methods in a contract guarded by an auth modifier with the specified permission identifier.
/// @dev Requires the `ROOT_PERMISSION_ID` permission.
/// @param _where The address of the target contract for which `_who` receives permission.
/// @param _who The address (EOA or contract) receiving the permission.
/// @param _permissionId The permission identifier.
/// @dev Note, that granting permissions with `_who` or `_where` equal to `ANY_ADDR` does not replace other permissions with specific `_who` and `_where` addresses that exist in parallel.
function grant(
address _where,
address _who,
bytes32 _permissionId
) external virtual auth(ROOT_PERMISSION_ID) {
_grant({_where: _where, _who: _who, _permissionId: _permissionId});
}
/// @notice Grants permission to an address to call methods in a target contract guarded by an auth modifier with the specified permission identifier if the referenced condition permits it.
/// @dev Requires the `ROOT_PERMISSION_ID` permission
/// @param _where The address of the target contract for which `_who` receives permission.
/// @param _who The address (EOA or contract) receiving the permission.
/// @param _permissionId The permission identifier.
/// @param _condition The `PermissionCondition` that will be asked for authorization on calls connected to the specified permission identifier.
/// @dev Note, that granting permissions with `_who` or `_where` equal to `ANY_ADDR` does not replace other permissions with specific `_who` and `_where` addresses that exist in parallel.
function grantWithCondition(
address _where,
address _who,
bytes32 _permissionId,
IPermissionCondition _condition
) external virtual auth(ROOT_PERMISSION_ID) {
_grantWithCondition({
_where: _where,
_who: _who,
_permissionId: _permissionId,
_condition: _condition
});
}
/// @notice Revokes permission from an address to call methods in a target contract guarded by an auth modifier with the specified permission identifier.
/// @dev Requires the `ROOT_PERMISSION_ID` permission.
/// @param _where The address of the target contract for which `_who` loses permission.
/// @param _who The address (EOA or contract) losing the permission.
/// @param _permissionId The permission identifier.
/// @dev Note, that revoking permissions with `_who` or `_where` equal to `ANY_ADDR` does not revoke other permissions with specific `_who` and `_where` addresses that exist in parallel.
function revoke(
address _where,
address _who,
bytes32 _permissionId
) external virtual auth(ROOT_PERMISSION_ID) {
_revoke({_where: _where, _who: _who, _permissionId: _permissionId});
}
/// @notice Applies an array of permission operations on a single target contracts `_where`.
/// @param _where The address of the single target contract.
/// @param items The array of single-targeted permission operations to apply.
function applySingleTargetPermissions(
address _where,
PermissionLib.SingleTargetPermission[] calldata items
) external virtual auth(ROOT_PERMISSION_ID) {
for (uint256 i; i < items.length; ) {
PermissionLib.SingleTargetPermission memory item = items[i];
if (item.operation == PermissionLib.Operation.Grant) {
_grant({_where: _where, _who: item.who, _permissionId: item.permissionId});
} else if (item.operation == PermissionLib.Operation.Revoke) {
_revoke({_where: _where, _who: item.who, _permissionId: item.permissionId});
} else if (item.operation == PermissionLib.Operation.GrantWithCondition) {
revert GrantWithConditionNotSupported();
}
unchecked {
++i;
}
}
}
/// @notice Applies an array of permission operations on multiple target contracts `items[i].where`.
/// @param _items The array of multi-targeted permission operations to apply.
function applyMultiTargetPermissions(
PermissionLib.MultiTargetPermission[] calldata _items
) external virtual auth(ROOT_PERMISSION_ID) {
for (uint256 i; i < _items.length; ) {
PermissionLib.MultiTargetPermission memory item = _items[i];
if (item.operation == PermissionLib.Operation.Grant) {
// Ensure a non-zero condition isn't passed, as `_grant` can't handle conditions.
// This avoids the false impression that a conditional grant occurred,
// since the transaction would still succeed without conditions.
if (item.condition != address(0)) {
revert GrantWithConditionNotSupported();
}
_grant({_where: item.where, _who: item.who, _permissionId: item.permissionId});
} else if (item.operation == PermissionLib.Operation.Revoke) {
_revoke({_where: item.where, _who: item.who, _permissionId: item.permissionId});
} else if (item.operation == PermissionLib.Operation.GrantWithCondition) {
_grantWithCondition({
_where: item.where,
_who: item.who,
_permissionId: item.permissionId,
_condition: IPermissionCondition(item.condition)
});
}
unchecked {
++i;
}
}
}
/// @notice Checks if the caller address has permission on the target contract via a permission identifier and relays the answer to a condition contract if this was declared during the granting process.
/// @param _where The address of the target contract for which `_who` receives permission.
/// @param _who The address (EOA or contract) for which the permission is checked.
/// @param _permissionId The permission identifier.
/// @param _data Optional data to be passed to the set `PermissionCondition`.
/// @return Returns true if `_who` has the permissions on the target contract via the specified permission identifier.
function isGranted(
address _where,
address _who,
bytes32 _permissionId,
bytes memory _data
) public view virtual returns (bool) {
// Specific caller (`_who`) and target (`_where`) permission check
{
// This permission may have been granted directly via the `grant` function or with a condition via the `grantWithCondition` function.
address specificCallerTargetPermission = permissionsHashed[
permissionHash({_where: _where, _who: _who, _permissionId: _permissionId})
];
// If the permission was granted directly, return `true`.
if (specificCallerTargetPermission == ALLOW_FLAG) return true;
// If the permission was granted with a condition, check the condition and return the result.
if (specificCallerTargetPermission != UNSET_FLAG) {
return
_checkCondition({
_condition: specificCallerTargetPermission,
_where: _where,
_who: _who,
_permissionId: _permissionId,
_data: _data
});
}
// If this permission is not set, continue.
}
// Generic caller (`_who: ANY_ADDR`)
{
address genericCallerPermission = permissionsHashed[
permissionHash({_where: _where, _who: ANY_ADDR, _permissionId: _permissionId})
];
// If the permission was granted directly to (`_who: ANY_ADDR`), return `true`.
if (genericCallerPermission == ALLOW_FLAG) return true;
// If the permission was granted with a condition, check the condition and return the result.
if (genericCallerPermission != UNSET_FLAG) {
return
_checkCondition({
_condition: genericCallerPermission,
_where: _where,
_who: _who,
_permissionId: _permissionId,
_data: _data
});
}
// If this permission is not set, continue.
}
// Generic target (`_where: ANY_ADDR`) condition check
{
// This permission can only be granted in conjunction with a condition via the `grantWithCondition` function.
address genericTargetPermission = permissionsHashed[
permissionHash({_where: ANY_ADDR, _who: _who, _permissionId: _permissionId})
];
// If the permission was granted with a condition, check the condition and return the result.
if (genericTargetPermission != UNSET_FLAG) {
return
_checkCondition({
_condition: genericTargetPermission,
_where: _where,
_who: _who,
_permissionId: _permissionId,
_data: _data
});
}
// If this permission is not set, continue.
}
// No specific or generic permission applies to the `_who`, `_where`, `_permissionId`, so we return `false`.
return false;
}
/// @notice Relays the question if caller address has permission on target contract via a permission identifier to a condition contract.
/// @notice Checks a condition contract by doing an external call via try/catch.
/// @param _condition The condition contract that is called.
/// @param _where The address of the target contract for which `_who` receives permission.
/// @param _who The address (EOA or contract) owning the permission.
/// @param _permissionId The permission identifier.
/// @param _data Optional data to be passed to a referenced `PermissionCondition`.
/// @return Returns `true` if a caller (`_who`) has the permissions on the contract (`_where`) via the specified permission identifier.
/// @dev If the external call fails, we return `false`.
function _checkCondition(
address _condition,
address _where,
address _who,
bytes32 _permissionId,
bytes memory _data
) internal view virtual returns (bool) {
// Try-catch to skip failures
try
IPermissionCondition(_condition).isGranted({
_where: _where,
_who: _who,
_permissionId: _permissionId,
_data: _data
})
returns (bool result) {
if (result) {
return true;
}
} catch {}
return false;
}
/// @notice Grants the `ROOT_PERMISSION_ID` permission to the initial owner during initialization of the permission manager.
/// @param _initialOwner The initial owner of the permission manager.
function _initializePermissionManager(address _initialOwner) internal {
_grant({_where: address(this), _who: _initialOwner, _permissionId: ROOT_PERMISSION_ID});
}
/// @notice This method is used in the external `grant` method of the permission manager.
/// @param _where The address of the target contract for which `_who` receives permission.
/// @param _who The address (EOA or contract) owning the permission.
/// @param _permissionId The permission identifier.
/// @dev Note, that granting permissions with `_who` or `_where` equal to `ANY_ADDR` does not replace other permissions with specific `_who` and `_where` addresses that exist in parallel.
function _grant(address _where, address _who, bytes32 _permissionId) internal virtual {
if (_where == ANY_ADDR) {
revert PermissionsForAnyAddressDisallowed();
}
if (_who == ANY_ADDR) {
if (
_permissionId == ROOT_PERMISSION_ID ||
isPermissionRestrictedForAnyAddr(_permissionId)
) {
revert PermissionsForAnyAddressDisallowed();
}
}
bytes32 permHash = permissionHash({
_where: _where,
_who: _who,
_permissionId: _permissionId
});
address currentFlag = permissionsHashed[permHash];
// Means permHash is not currently set.
if (currentFlag == UNSET_FLAG) {
permissionsHashed[permHash] = ALLOW_FLAG;
emit Granted({
permissionId: _permissionId,
here: msg.sender,
where: _where,
who: _who,
condition: ALLOW_FLAG
});
}
}
/// @notice This method is used in the external `grantWithCondition` method of the permission manager.
/// @param _where The address of the target contract for which `_who` receives permission.
/// @param _who The address (EOA or contract) owning the permission.
/// @param _permissionId The permission identifier.
/// @param _condition An address either resolving to a `PermissionCondition` contract address or being the `ALLOW_FLAG` address (`address(2)`).
/// @dev Note, that granting permissions with `_who` or `_where` equal to `ANY_ADDR` does not replace other permissions with specific `_who` and `_where` addresses that exist in parallel.
function _grantWithCondition(
address _where,
address _who,
bytes32 _permissionId,
IPermissionCondition _condition
) internal virtual {
address conditionAddr = address(_condition);
if (!conditionAddr.isContract()) {
revert ConditionNotAContract(_condition);
}
if (
!PermissionCondition(conditionAddr).supportsInterface(
type(IPermissionCondition).interfaceId
)
) {
revert ConditionInterfaceNotSupported(_condition);
}
if (_where == ANY_ADDR && _who == ANY_ADDR) {
revert AnyAddressDisallowedForWhoAndWhere();
}
if (_where == ANY_ADDR || _who == ANY_ADDR) {
if (
_permissionId == ROOT_PERMISSION_ID ||
isPermissionRestrictedForAnyAddr(_permissionId)
) {
revert PermissionsForAnyAddressDisallowed();
}
}
bytes32 permHash = permissionHash({
_where: _where,
_who: _who,
_permissionId: _permissionId
});
address currentCondition = permissionsHashed[permHash];
// Means permHash is not currently set.
if (currentCondition == UNSET_FLAG) {
permissionsHashed[permHash] = conditionAddr;
emit Granted({
permissionId: _permissionId,
here: msg.sender,
where: _where,
who: _who,
condition: conditionAddr
});
} else if (currentCondition != conditionAddr) {
// Revert if `permHash` is already granted, but uses a different condition.
// If we don't revert, we either should:
// - allow overriding the condition on the same permission
// which could be confusing whoever granted the same permission first
// - or do nothing and succeed silently which could be confusing for the caller.
revert PermissionAlreadyGrantedForDifferentCondition({
where: _where,
who: _who,
permissionId: _permissionId,
currentCondition: currentCondition,
newCondition: conditionAddr
});
}
}
/// @notice This method is used in the public `revoke` method of the permission manager.
/// @param _where The address of the target contract for which `_who` receives permission.
/// @param _who The address (EOA or contract) owning the permission.
/// @param _permissionId The permission identifier.
/// @dev Note, that revoking permissions with `_who` or `_where` equal to `ANY_ADDR` does not revoke other permissions with specific `_who` and `_where` addresses that might have been granted in parallel.
function _revoke(address _where, address _who, bytes32 _permissionId) internal virtual {
bytes32 permHash = permissionHash({
_where: _where,
_who: _who,
_permissionId: _permissionId
});
if (permissionsHashed[permHash] != UNSET_FLAG) {
permissionsHashed[permHash] = UNSET_FLAG;
emit Revoked({permissionId: _permissionId, here: msg.sender, where: _where, who: _who});
}
}
/// @notice A private function to be used to check permissions on the permission manager contract (`address(this)`) itself.
/// @param _permissionId The permission identifier required to call the method this modifier is applied to.
function _auth(bytes32 _permissionId) internal view virtual {
if (!isGranted(address(this), msg.sender, _permissionId, msg.data)) {
revert Unauthorized({
where: address(this),
who: msg.sender,
permissionId: _permissionId
});
}
}
/// @notice Generates the hash for the `permissionsHashed` mapping obtained from the word "PERMISSION", the contract address, the address owning the permission, and the permission identifier.
/// @param _where The address of the target contract for which `_who` receives permission.
/// @param _who The address (EOA or contract) owning the permission.
/// @param _permissionId The permission identifier.
/// @return The permission hash.
function permissionHash(
address _where,
address _who,
bytes32 _permissionId
) internal pure virtual returns (bytes32) {
return keccak256(abi.encodePacked("PERMISSION", _who, _where, _permissionId));
}
/// @notice Decides if the granting permissionId is restricted when `_who == ANY_ADDR` or `_where == ANY_ADDR`.
/// @param _permissionId The permission identifier.
/// @return Whether or not the permission is restricted.
/// @dev By default, every permission is unrestricted and it is the derived contract's responsibility to override it. Note, that the `ROOT_PERMISSION_ID` is included and not required to be set it again.
function isPermissionRestrictedForAnyAddr(
bytes32 _permissionId
) internal view virtual returns (bool) {
(_permissionId); // silence the warning.
return false;
}
/// @notice This empty reserved space is put in place to allow future versions to add new variables without shifting down storage in the inheritance chain (see [OpenZeppelin's guide about storage gaps](https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps)).
uint256[49] private __gap;
}// SPDX-License-Identifier: AGPL-3.0-or-later
pragma solidity ^0.8.8;
import {PermissionLib} from "@aragon/osx-commons-contracts/src/permission/PermissionLib.sol";
import {PluginSetup} from "@aragon/osx-commons-contracts/src/plugin/setup/PluginSetup.sol";
import {PluginRepo} from "../repo/PluginRepo.sol";
/// @notice The struct containing a reference to a plugin setup by specifying the containing plugin repository and the associated version tag.
/// @param versionTag The tag associated with the plugin setup version.
/// @param pluginSetupRepo The plugin setup repository.
struct PluginSetupRef {
PluginRepo.Tag versionTag;
PluginRepo pluginSetupRepo;
}
/// @notice The different types describing a prepared setup.
/// @param None The default indicating the lack of a preparation type.
/// @param Installation The prepared setup installs a new plugin.
/// @param Update The prepared setup updates an existing plugin.
/// @param Uninstallation The prepared setup uninstalls an existing plugin.
enum PreparationType {
None,
Installation,
Update,
Uninstallation
}
/// @notice Returns an ID for plugin installation by hashing the DAO and plugin address.
/// @param _dao The address of the DAO conducting the setup.
/// @param _plugin The plugin address.
/// @custom:security-contact [email protected]
function _getPluginInstallationId(address _dao, address _plugin) pure returns (bytes32) {
return keccak256(abi.encode(_dao, _plugin));
}
/// @notice Returns an ID for prepared setup obtained from hashing characterizing elements.
/// @param _pluginSetupRef The reference of the plugin setup containing plugin setup repo and version tag.
/// @param _permissionsHash The hash of the permission operations requested by the setup.
/// @param _helpersHash The hash of the helper contract addresses.
/// @param _data The bytes-encoded initialize data for the upgrade that is returned by `prepareUpdate`.
/// @param _preparationType The type of preparation the plugin is currently undergoing. Without this, it is possible to call `applyUpdate` even after `applyInstallation` is called.
/// @return The prepared setup id.
/// @custom:security-contact [email protected]
function _getPreparedSetupId(
PluginSetupRef memory _pluginSetupRef,
bytes32 _permissionsHash,
bytes32 _helpersHash,
bytes memory _data,
PreparationType _preparationType
) pure returns (bytes32) {
return
keccak256(
abi.encode(
_pluginSetupRef.versionTag,
_pluginSetupRef.pluginSetupRepo,
_permissionsHash,
_helpersHash,
keccak256(_data),
_preparationType
)
);
}
/// @notice Returns an identifier for applied installations.
/// @param _pluginSetupRef The reference of the plugin setup containing plugin setup repo and version tag.
/// @param _helpersHash The hash of the helper contract addresses.
/// @return The applied setup id.
/// @custom:security-contact [email protected]
function _getAppliedSetupId(
PluginSetupRef memory _pluginSetupRef,
bytes32 _helpersHash
) pure returns (bytes32) {
return
keccak256(
abi.encode(_pluginSetupRef.versionTag, _pluginSetupRef.pluginSetupRepo, _helpersHash)
);
}
/// @notice Returns a hash of an array of helper addresses (contracts or EOAs).
/// @param _helpers The array of helper addresses (contracts or EOAs) to be hashed.
/// @custom:security-contact [email protected]
function hashHelpers(address[] memory _helpers) pure returns (bytes32) {
return keccak256(abi.encode(_helpers));
}
/// @notice Returns a hash of an array of multi-targeted permission operations.
/// @param _permissions The array of of multi-targeted permission operations.
/// @return The hash of the array of permission operations.
/// @custom:security-contact [email protected]
function hashPermissions(
PermissionLib.MultiTargetPermission[] memory _permissions
) pure returns (bytes32) {
return keccak256(abi.encode(_permissions));
}// SPDX-License-Identifier: AGPL-3.0-or-later
pragma solidity ^0.8.8;
import {ERC165} from "@openzeppelin/contracts/utils/introspection/ERC165.sol";
import {PermissionLib} from "@aragon/osx-commons-contracts/src/permission/PermissionLib.sol";
import {IProtocolVersion} from "@aragon/osx-commons-contracts/src/utils/versioning/IProtocolVersion.sol";
import {ProtocolVersion} from "@aragon/osx-commons-contracts/src/utils/versioning/ProtocolVersion.sol";
import {ProxyLib} from "@aragon/osx-commons-contracts/src/utils/deployment/ProxyLib.sol";
import {PluginRepoRegistry} from "./PluginRepoRegistry.sol";
import {PluginRepo} from "./PluginRepo.sol";
/// @title PluginRepoFactory
/// @author Aragon X - 2022-2023
/// @notice This contract creates `PluginRepo` proxies and registers them on a `PluginRepoRegistry` contract.
/// @custom:security-contact [email protected]
contract PluginRepoFactory is ERC165, ProtocolVersion {
using ProxyLib for address;
/// @notice The Aragon plugin registry contract.
PluginRepoRegistry public pluginRepoRegistry;
/// @notice The address of the `PluginRepo` base contract to proxy to..
address public pluginRepoBase;
/// @notice Initializes the addresses of the Aragon plugin registry and `PluginRepo` base contract to proxy to.
/// @param _pluginRepoRegistry The aragon plugin registry address.
constructor(PluginRepoRegistry _pluginRepoRegistry) {
pluginRepoRegistry = _pluginRepoRegistry;
pluginRepoBase = address(new PluginRepo());
}
/// @notice Checks if this or the parent contract supports an interface by its ID.
/// @param _interfaceId The ID of the interface.
/// @return Returns `true` if the interface is supported.
function supportsInterface(bytes4 _interfaceId) public view virtual override returns (bool) {
return
_interfaceId == type(IProtocolVersion).interfaceId ||
super.supportsInterface(_interfaceId);
}
/// @notice Creates a plugin repository proxy pointing to the `pluginRepoBase` implementation and registers it in the Aragon plugin registry.
/// @param _subdomain The plugin repository subdomain.
/// @param _initialOwner The plugin maintainer address.
function createPluginRepo(
string calldata _subdomain,
address _initialOwner
) external returns (PluginRepo) {
return _createPluginRepo(_subdomain, _initialOwner);
}
/// @notice Creates and registers a `PluginRepo` with an ENS subdomain and publishes an initial version `1.1`.
/// @param _subdomain The plugin repository subdomain.
/// @param _pluginSetup The plugin factory contract associated with the plugin version.
/// @param _maintainer The maintainer of the plugin repo. This address has permission to update metadata, upgrade the repo logic, and manage the repo permissions.
/// @param _releaseMetadata The release metadata URI.
/// @param _buildMetadata The build metadata URI.
/// @dev After the creation of the `PluginRepo` and release of the first version by the factory, ownership is transferred to the `_maintainer` address.
function createPluginRepoWithFirstVersion(
string calldata _subdomain,
address _pluginSetup,
address _maintainer,
bytes memory _releaseMetadata,
bytes memory _buildMetadata
) external returns (PluginRepo pluginRepo) {
// Sets `address(this)` as initial owner which is later replaced with the maintainer address.
pluginRepo = _createPluginRepo(_subdomain, address(this));
pluginRepo.createVersion(1, _pluginSetup, _buildMetadata, _releaseMetadata);
// Setup permissions and transfer ownership from `address(this)` to `_maintainer`.
_setPluginRepoPermissions(pluginRepo, _maintainer);
}
/// @notice Set the final permissions for the published plugin repository maintainer. All permissions are revoked from the plugin factory and granted to the specified plugin maintainer.
/// @param pluginRepo The plugin repository instance just created.
/// @param maintainer The plugin maintainer address.
/// @dev The plugin maintainer is granted the `MAINTAINER_PERMISSION_ID`, `UPGRADE_REPO_PERMISSION_ID`, and `ROOT_PERMISSION_ID`.
function _setPluginRepoPermissions(PluginRepo pluginRepo, address maintainer) internal {
// Set permissions on the `PluginRepo`s `PermissionManager`
PermissionLib.SingleTargetPermission[]
memory items = new PermissionLib.SingleTargetPermission[](6);
bytes32 rootPermissionID = pluginRepo.ROOT_PERMISSION_ID();
bytes32 maintainerPermissionID = pluginRepo.MAINTAINER_PERMISSION_ID();
bytes32 upgradePermissionID = pluginRepo.UPGRADE_REPO_PERMISSION_ID();
// Grant the plugin maintainer all the permissions required
items[0] = PermissionLib.SingleTargetPermission(
PermissionLib.Operation.Grant,
maintainer,
maintainerPermissionID
);
items[1] = PermissionLib.SingleTargetPermission(
PermissionLib.Operation.Grant,
maintainer,
upgradePermissionID
);
items[2] = PermissionLib.SingleTargetPermission(
PermissionLib.Operation.Grant,
maintainer,
rootPermissionID
);
// Revoke permissions from the plugin repository factory (`address(this)`).
items[3] = PermissionLib.SingleTargetPermission(
PermissionLib.Operation.Revoke,
address(this),
rootPermissionID
);
items[4] = PermissionLib.SingleTargetPermission(
PermissionLib.Operation.Revoke,
address(this),
maintainerPermissionID
);
items[5] = PermissionLib.SingleTargetPermission(
PermissionLib.Operation.Revoke,
address(this),
upgradePermissionID
);
pluginRepo.applySingleTargetPermissions(address(pluginRepo), items);
}
/// @notice Internal method creating a `PluginRepo` via the [ERC-1967](https://eips.ethereum.org/EIPS/eip-1967) proxy pattern from the provided base contract and registering it in the Aragon plugin registry.
/// @dev Passing an empty `_subdomain` will cause the transaction to revert.
/// @param _subdomain The plugin repository subdomain.
/// @param _initialOwner The initial owner address.
function _createPluginRepo(
string calldata _subdomain,
address _initialOwner
) internal returns (PluginRepo pluginRepo) {
pluginRepo = PluginRepo(
pluginRepoBase.deployUUPSProxy(abi.encodeCall(PluginRepo.initialize, (_initialOwner)))
);
pluginRepoRegistry.registerPluginRepo(_subdomain, address(pluginRepo));
}
}// SPDX-License-Identifier: AGPL-3.0-or-later
pragma solidity ^0.8.8;
import {Initializable} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
import {ERC165Upgradeable} from "@openzeppelin/contracts-upgradeable/utils/introspection/ERC165Upgradeable.sol";
import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
import {AddressUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol";
import {ERC165CheckerUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/introspection/ERC165CheckerUpgradeable.sol";
import {IProtocolVersion} from "@aragon/osx-commons-contracts/src/utils/versioning/IProtocolVersion.sol";
import {ProtocolVersion} from "@aragon/osx-commons-contracts/src/utils/versioning/ProtocolVersion.sol";
import {IPluginSetup} from "@aragon/osx-commons-contracts/src/plugin/setup/IPluginSetup.sol";
import {PluginSetup} from "@aragon/osx-commons-contracts/src/plugin/setup/PluginSetup.sol";
import {PermissionManager} from "../../../core/permission/PermissionManager.sol";
import {IPluginRepo} from "./IPluginRepo.sol";
/// @title PluginRepo
/// @author Aragon X - 2020 - 2023
/// @notice The plugin repository contract required for managing and publishing different plugin versions within the Aragon DAO framework.
/// @custom:security-contact [email protected]
contract PluginRepo is
Initializable,
ERC165Upgradeable,
IPluginRepo,
UUPSUpgradeable,
ProtocolVersion,
PermissionManager
{
using AddressUpgradeable for address;
using ERC165CheckerUpgradeable for address;
/// @notice The struct describing the tag of a version obtained by a release and build number as `RELEASE.BUILD`.
/// @param release The release number.
/// @param build The build number
/// @dev Releases mark incompatible changes (e.g., the plugin interface, storage layout, or incompatible behavior) whereas builds mark compatible changes (e.g., patches and compatible feature additions).
struct Tag {
uint8 release;
uint16 build;
}
/// @notice The struct describing a plugin version (release and build).
/// @param tag The version tag.
/// @param pluginSetup The setup contract associated with this version.
/// @param buildMetadata The build metadata URI.
struct Version {
Tag tag;
address pluginSetup;
bytes buildMetadata;
}
/// @notice The ID of the permission required to call the `createVersion` function.
bytes32 public constant MAINTAINER_PERMISSION_ID = keccak256("MAINTAINER_PERMISSION");
/// @notice The ID of the permission required to call the `createVersion` function.
bytes32 public constant UPGRADE_REPO_PERMISSION_ID = keccak256("UPGRADE_REPO_PERMISSION");
/// @notice The mapping between release and build numbers.
mapping(uint8 => uint16) internal buildsPerRelease;
/// @notice The mapping between the version hash and the corresponding version information.
mapping(bytes32 => Version) internal versions;
/// @notice The mapping between the plugin setup address and its corresponding version hash.
mapping(address => bytes32) internal latestTagHashForPluginSetup;
/// @notice The ID of the latest release.
/// @dev The maximum release number is 255.
uint8 public latestRelease;
/// @notice Thrown if a version does not exist.
/// @param versionHash The tag hash.
error VersionHashDoesNotExist(bytes32 versionHash);
/// @notice Thrown if a plugin setup contract does not inherit from `PluginSetup`.
error InvalidPluginSetupInterface();
/// @notice Thrown if a release number is zero.
error ReleaseZeroNotAllowed();
/// @notice Thrown if a release number is incremented by more than one.
/// @param latestRelease The latest release number.
/// @param newRelease The new release number.
error InvalidReleaseIncrement(uint8 latestRelease, uint8 newRelease);
/// @notice Thrown if the same plugin setup contract exists already in a previous releases.
/// @param release The release number of the already existing plugin setup.
/// @param build The build number of the already existing plugin setup.
/// @param pluginSetup The plugin setup contract address.
error PluginSetupAlreadyInPreviousRelease(uint8 release, uint16 build, address pluginSetup);
/// @notice Thrown if the metadata URI is empty.
error EmptyReleaseMetadata();
/// @notice Thrown if release does not exist.
error ReleaseDoesNotExist();
/// @dev Used to disallow initializing the implementation contract by an attacker for extra safety.
constructor() {
_disableInitializers();
}
/// @notice Initializes the contract by
/// - initializing the permission manager
/// - granting the `MAINTAINER_PERMISSION_ID` permission to the initial owner.
/// @dev This method is required to support [ERC-1822](https://eips.ethereum.org/EIPS/eip-1822).
function initialize(address initialOwner) external initializer {
__PermissionManager_init(initialOwner);
_grant(address(this), initialOwner, MAINTAINER_PERMISSION_ID);
_grant(address(this), initialOwner, UPGRADE_REPO_PERMISSION_ID);
}
/// @notice Initializes the pluginRepo after an upgrade from a previous protocol version.
/// @param _previousProtocolVersion The semantic protocol version number of the previous DAO implementation contract this upgrade is transitioning from.
/// @param _initData The initialization data to be passed to via `upgradeToAndCall` (see [ERC-1967](https://docs.openzeppelin.com/contracts/4.x/api/proxy#ERC1967Upgrade)).
/// @dev This function is a placeholder until we require reinitialization.
function initializeFrom(
uint8[3] calldata _previousProtocolVersion,
bytes calldata _initData
) external reinitializer(2) {
// Silences the unused function parameter warning.
_previousProtocolVersion;
_initData;
// Revert because this is a placeholder until this contract requires reinitialization.
revert();
}
/// @inheritdoc IPluginRepo
function createVersion(
uint8 _release,
address _pluginSetup,
bytes calldata _buildMetadata,
bytes calldata _releaseMetadata
) external auth(MAINTAINER_PERMISSION_ID) {
if (!_pluginSetup.supportsInterface(type(IPluginSetup).interfaceId)) {
revert InvalidPluginSetupInterface();
}
if (_release == 0) {
revert ReleaseZeroNotAllowed();
}
// Check that the release number is not incremented by more than one
if (_release - latestRelease > 1) {
revert InvalidReleaseIncrement({latestRelease: latestRelease, newRelease: _release});
}
if (_release > latestRelease) {
latestRelease = _release;
if (_releaseMetadata.length == 0) {
revert EmptyReleaseMetadata();
}
}
// Make sure the same plugin setup wasn't used in previous releases.
Version storage version = versions[latestTagHashForPluginSetup[_pluginSetup]];
if (version.tag.release != 0 && version.tag.release != _release) {
revert PluginSetupAlreadyInPreviousRelease(
version.tag.release,
version.tag.build,
_pluginSetup
);
}
uint16 build = ++buildsPerRelease[_release];
Tag memory tag = Tag(_release, build);
bytes32 _tagHash = tagHash(tag);
versions[_tagHash] = Version(tag, _pluginSetup, _buildMetadata);
latestTagHashForPluginSetup[_pluginSetup] = _tagHash;
emit VersionCreated({
release: _release,
build: build,
pluginSetup: _pluginSetup,
buildMetadata: _buildMetadata
});
if (_releaseMetadata.length > 0) {
emit ReleaseMetadataUpdated(_release, _releaseMetadata);
}
}
/// @inheritdoc IPluginRepo
function updateReleaseMetadata(
uint8 _release,
bytes calldata _releaseMetadata
) external auth(MAINTAINER_PERMISSION_ID) {
if (_release == 0) {
revert ReleaseZeroNotAllowed();
}
if (_release > latestRelease) {
revert ReleaseDoesNotExist();
}
if (_releaseMetadata.length == 0) {
revert EmptyReleaseMetadata();
}
emit ReleaseMetadataUpdated(_release, _releaseMetadata);
}
/// @notice Returns the latest version for a given release number.
/// @param _release The release number.
/// @return The latest version of this release.
function getLatestVersion(uint8 _release) public view returns (Version memory) {
uint16 latestBuild = uint16(buildsPerRelease[_release]);
return getVersion(tagHash(Tag(_release, latestBuild)));
}
/// @notice Returns the latest version for a given plugin setup.
/// @param _pluginSetup The plugin setup address
/// @return The latest version associated with the plugin Setup.
function getLatestVersion(address _pluginSetup) public view returns (Version memory) {
return getVersion(latestTagHashForPluginSetup[_pluginSetup]);
}
/// @notice Returns the version associated with a tag.
/// @param _tag The version tag.
/// @return The version associated with the tag.
function getVersion(Tag calldata _tag) public view returns (Version memory) {
return getVersion(tagHash(_tag));
}
/// @notice Returns the version for a tag hash.
/// @param _tagHash The tag hash.
/// @return The version associated with a tag hash.
function getVersion(bytes32 _tagHash) public view returns (Version memory) {
Version storage version = versions[_tagHash];
if (version.tag.release == 0) {
revert VersionHashDoesNotExist(_tagHash);
}
return version;
}
/// @notice Gets the total number of builds for a given release number.
/// @param _release The release number.
/// @return The number of builds of this release.
function buildCount(uint8 _release) public view returns (uint256) {
return buildsPerRelease[_release];
}
/// @notice The hash of the version tag obtained from the packed, bytes-encoded release and build number.
/// @param _tag The version tag.
/// @return The version tag hash.
function tagHash(Tag memory _tag) internal pure returns (bytes32) {
return keccak256(abi.encodePacked(_tag.release, _tag.build));
}
/// @notice Internal method authorizing the upgrade of the contract via the [upgradeability mechanism for UUPS proxies](https://docs.openzeppelin.com/contracts/4.x/api/proxy#UUPSUpgradeable) (see [ERC-1822](https://eips.ethereum.org/EIPS/eip-1822)).
/// @dev The caller must have the `UPGRADE_REPO_PERMISSION_ID` permission.
function _authorizeUpgrade(
address
) internal virtual override auth(UPGRADE_REPO_PERMISSION_ID) {}
/// @notice Checks if this or the parent contract supports an interface by its ID.
/// @param _interfaceId The ID of the interface.
/// @return Returns `true` if the interface is supported.
function supportsInterface(bytes4 _interfaceId) public view virtual override returns (bool) {
return
_interfaceId == type(IPluginRepo).interfaceId ||
_interfaceId == type(IProtocolVersion).interfaceId ||
super.supportsInterface(_interfaceId);
}
/// @notice This empty reserved space is put in place to allow future versions to add new variables without shifting down storage in the inheritance chain (see [OpenZeppelin's guide about storage gaps](https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps)).
uint256[46] private __gap;
}// SPDX-License-Identifier: AGPL-3.0-or-later
pragma solidity ^0.8.8;
/// @notice The action struct to be consumed by the DAO's `execute` function resulting in an external call.
/// @param to The address to call.
/// @param value The native token value to be sent with the call.
/// @param data The bytes-encoded function selector and calldata for the call.
struct Action {
address to;
uint256 value;
bytes data;
}
/// @title IExecutor
/// @author Aragon X - 2024
/// @notice The interface required for Executors within the Aragon App DAO framework.
/// @custom:security-contact [email protected]
interface IExecutor {
/// @notice Emitted when a proposal is executed.
/// @dev The value of `callId` is defined by the component/contract calling the execute function.
/// A `Plugin` implementation can use it, for example, as a nonce.
/// @param actor The address of the caller.
/// @param callId The ID of the call.
/// @param actions The array of actions executed.
/// @param allowFailureMap The allow failure map encoding which actions are allowed to fail.
/// @param failureMap The failure map encoding which actions have failed.
/// @param execResults The array with the results of the executed actions.
event Executed(
address indexed actor,
bytes32 callId,
Action[] actions,
uint256 allowFailureMap,
uint256 failureMap,
bytes[] execResults
);
/// @notice Executes a list of actions. If a zero allow-failure map is provided, a failing action reverts the entire execution. If a non-zero allow-failure map is provided, allowed actions can fail without the entire call being reverted.
/// @param _callId The ID of the call. The definition of the value of `callId` is up to the calling contract and can be used, e.g., as a nonce.
/// @param _actions The array of actions.
/// @param _allowFailureMap A bitmap allowing execution to succeed, even if individual actions might revert. If the bit at index `i` is 1, the execution succeeds even if the `i`th action reverts. A failure map value of 0 requires every action to not revert.
/// @return The array of results obtained from the executed actions in `bytes`.
/// @return The resulting failure map containing the actions have actually failed.
function execute(
bytes32 _callId,
Action[] memory _actions,
uint256 _allowFailureMap
) external returns (bytes[] memory, uint256);
}// SPDX-License-Identifier: AGPL-3.0-or-later
pragma solidity ^0.8.8;
import {PermissionLib} from "../../permission/PermissionLib.sol";
// solhint-disable-next-line no-unused-import
import {IDAO} from "../../dao/IDAO.sol";
/// @title IPluginSetup
/// @author Aragon X - 2022-2023
/// @notice The interface required for a plugin setup contract to be consumed by the `PluginSetupProcessor` for plugin installations, updates, and uninstallations.
/// @custom:security-contact [email protected]
interface IPluginSetup {
/// @notice The data associated with a prepared setup.
/// @param helpers The address array of helpers (contracts or EOAs) associated with this plugin version after the installation or update.
/// @param permissions The array of multi-targeted permission operations to be applied by the `PluginSetupProcessor` to the installing or updating DAO.
struct PreparedSetupData {
address[] helpers;
PermissionLib.MultiTargetPermission[] permissions;
}
/// @notice The payload for plugin updates and uninstallations containing the existing contracts as well as optional data to be consumed by the plugin setup.
/// @param plugin The address of the `Plugin`.
/// @param currentHelpers The address array of all current helpers (contracts or EOAs) associated with the plugin to update from.
/// @param data The bytes-encoded data containing the input parameters for the preparation of update/uninstall as specified in the corresponding ABI on the version's metadata.
struct SetupPayload {
address plugin;
address[] currentHelpers;
bytes data;
}
/// @notice Prepares the installation of a plugin.
/// @param _dao The address of the installing DAO.
/// @param _data The bytes-encoded data containing the input parameters for the installation as specified in the plugin's build metadata JSON file.
/// @return plugin The address of the `Plugin` contract being prepared for installation.
/// @return preparedSetupData The deployed plugin's relevant data which consists of helpers and permissions.
function prepareInstallation(
address _dao,
bytes calldata _data
) external returns (address plugin, PreparedSetupData memory preparedSetupData);
/// @notice Prepares the update of a plugin.
/// @param _dao The address of the updating DAO.
/// @param _fromBuild The build number of the plugin to update from.
/// @param _payload The relevant data necessary for the `prepareUpdate`. See above.
/// @return initData The initialization data to be passed to upgradeable contracts when the update is applied in the `PluginSetupProcessor`.
/// @return preparedSetupData The deployed plugin's relevant data which consists of helpers and permissions.
function prepareUpdate(
address _dao,
uint16 _fromBuild,
SetupPayload calldata _payload
) external returns (bytes memory initData, PreparedSetupData memory preparedSetupData);
/// @notice Prepares the uninstallation of a plugin.
/// @param _dao The address of the uninstalling DAO.
/// @param _payload The relevant data necessary for the `prepareUninstallation`. See above.
/// @return permissions The array of multi-targeted permission operations to be applied by the `PluginSetupProcessor` to the uninstalling DAO.
function prepareUninstallation(
address _dao,
SetupPayload calldata _payload
) external returns (PermissionLib.MultiTargetPermission[] memory permissions);
/// @notice Returns the plugin implementation address.
/// @return The address of the plugin implementation contract.
/// @dev The implementation can be instantiated via the `new` keyword, cloned via the minimal proxy pattern (see [ERC-1167](https://eips.ethereum.org/EIPS/eip-1167)), or proxied via the UUPS proxy pattern (see [ERC-1822](https://eips.ethereum.org/EIPS/eip-1822)).
function implementation() external view returns (address);
}// SPDX-License-Identifier: AGPL-3.0-or-later pragma solidity ^0.8.8; /// @title IPlugin /// @author Aragon X - 2022-2024 /// @notice An interface defining the traits of a plugin. /// @custom:security-contact [email protected] interface IPlugin { /// @notice Types of plugin implementations available within OSx. enum PluginType { UUPS, Cloneable, Constructable } /// @notice Specifies the type of operation to perform. enum Operation { Call, DelegateCall } /// @notice Configuration for the target contract that the plugin will interact with, including the address and operation type. /// @dev By default, the plugin typically targets the associated DAO and performs a `Call` operation. However, this /// configuration allows the plugin to specify a custom executor and select either `Call` or `DelegateCall` based on /// the desired execution context. /// @param target The address of the target contract, typically the associated DAO but configurable to a custom executor. /// @param operation The type of operation (`Call` or `DelegateCall`) to execute on the target, as defined by `Operation`. struct TargetConfig { address target; Operation operation; } /// @notice Returns the plugin's type function pluginType() external view returns (PluginType); }
// SPDX-License-Identifier: AGPL-3.0-or-later
pragma solidity ^0.8.8;
/* solhint-disable max-line-length */
import {SafeCastUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/math/SafeCastUpgradeable.sol";
import {IMembership} from "@aragon/osx-commons-contracts/src/plugin/extensions/membership/IMembership.sol";
import {Addresslist} from "@aragon/osx-commons-contracts/src/plugin/extensions/governance/Addresslist.sol";
import {ProposalUpgradeable} from "@aragon/osx-commons-contracts/src/plugin/extensions/proposal/ProposalUpgradeable.sol";
import {PluginUUPSUpgradeable} from "@aragon/osx-commons-contracts/src/plugin/PluginUUPSUpgradeable.sol";
import {IProposal} from "@aragon/osx-commons-contracts/src/plugin/extensions/proposal/IProposal.sol";
import {IDAO} from "@aragon/osx-commons-contracts/src/dao/IDAO.sol";
import {Action} from "@aragon/osx-commons-contracts/src/executors/IExecutor.sol";
import {MetadataExtensionUpgradeable} from "@aragon/osx-commons-contracts/src/utils/metadata/MetadataExtensionUpgradeable.sol";
import {IMultisig} from "./IMultisig.sol";
/* solhint-enable max-line-length */
/// @title Multisig
/// @author Aragon X - 2022-2024
/// @notice The on-chain multisig governance plugin in which a proposal passes if X out of Y approvals are met.
/// @dev v1.3 (Release 1, Build 3). For each upgrade, if the reinitialization step is required,
/// increment the version numbers in the modifier for both the initialize and initializeFrom functions.
/// @custom:security-contact [email protected]
contract Multisig is
IMultisig,
IMembership,
MetadataExtensionUpgradeable,
PluginUUPSUpgradeable,
ProposalUpgradeable,
Addresslist
{
using SafeCastUpgradeable for uint256;
/// @notice A container for proposal-related information.
/// @param executed Whether the proposal is executed or not.
/// @param approvals The number of approvals casted.
/// @param parameters The proposal-specific approve settings at the time of the proposal creation.
/// @param approvers The approves casted by the approvers.
/// @param actions The actions to be executed when the proposal passes.
/// @param allowFailureMap A bitmap allowing the proposal to succeed, even if individual actions might revert.
/// If the bit at index `i` is 1, the proposal succeeds even if the `i`th action reverts.
/// A failure map value of 0 requires every action to not revert.
/// @param targetConfig Configuration for the execution target, specifying the target address and operation type
/// (either `Call` or `DelegateCall`). Defined by `TargetConfig` in the `IPlugin` interface,
/// part of the `osx-commons-contracts` package, added in build 3.
struct Proposal {
bool executed;
uint16 approvals;
ProposalParameters parameters;
mapping(address => bool) approvers;
Action[] actions;
uint256 allowFailureMap;
TargetConfig targetConfig; // added in build 3.
}
/// @notice A container for the proposal parameters.
/// @param minApprovals The number of approvals required.
/// @param snapshotBlock The number of the block prior to the proposal creation.
/// @param startDate The timestamp when the proposal starts.
/// @param endDate The timestamp when the proposal expires.
struct ProposalParameters {
uint16 minApprovals;
uint64 snapshotBlock;
uint64 startDate;
uint64 endDate;
}
/// @notice A container for the plugin settings.
/// @param onlyListed Whether only listed addresses can create a proposal or not.
/// @param minApprovals The minimal number of approvals required for a proposal to pass.
struct MultisigSettings {
bool onlyListed;
uint16 minApprovals;
}
/// @notice The [ERC-165](https://eips.ethereum.org/EIPS/eip-165) interface ID of the contract.
bytes4 internal constant MULTISIG_INTERFACE_ID =
this.updateMultisigSettings.selector ^
bytes4(
keccak256(
"createProposal(bytes,(address,uint256,bytes)[],uint256,bool,bool,uint64,uint64)"
)
) ^
this.getProposal.selector;
/// @notice The ID of the permission required to call the
/// `addAddresses`, `removeAddresses` and `updateMultisigSettings` functions.
bytes32 public constant UPDATE_MULTISIG_SETTINGS_PERMISSION_ID =
keccak256("UPDATE_MULTISIG_SETTINGS_PERMISSION");
/// @notice The ID of the permission required to call the `createProposal` function.
bytes32 public constant CREATE_PROPOSAL_PERMISSION_ID = keccak256("CREATE_PROPOSAL_PERMISSION");
/// @notice The ID of the permission required to call the `execute` function.
bytes32 public constant EXECUTE_PROPOSAL_PERMISSION_ID =
keccak256("EXECUTE_PROPOSAL_PERMISSION");
/// @notice A mapping between proposal IDs and proposal information.
// solhint-disable-next-line named-parameters-mapping
mapping(uint256 => Proposal) internal proposals;
/// @notice The current plugin settings.
MultisigSettings public multisigSettings;
/// @notice Keeps track at which block number the multisig settings have been changed the last time.
/// @dev This variable prevents a proposal from being created in the same block in which the multisig
/// settings change.
uint64 public lastMultisigSettingsChange;
/// @notice Thrown when a sender is not allowed to create a proposal.
/// @param sender The sender address.
error ProposalCreationForbidden(address sender);
/// @notice Thrown when a proposal doesn't exist.
/// @param proposalId The ID of the proposal which doesn't exist.
error NonexistentProposal(uint256 proposalId);
/// @notice Thrown if an approver is not allowed to cast an approve. This can be because the proposal
/// - is not open,
/// - was executed, or
/// - the approver is not on the address list
/// @param proposalId The ID of the proposal.
/// @param sender The address of the sender.
error ApprovalCastForbidden(uint256 proposalId, address sender);
/// @notice Thrown if the proposal execution is forbidden.
/// @param proposalId The ID of the proposal.
error ProposalExecutionForbidden(uint256 proposalId);
/// @notice Thrown if the minimal approvals value is out of bounds (less than 1 or greater than the number of
/// members in the address list).
/// @param limit The maximal value.
/// @param actual The actual value.
error MinApprovalsOutOfBounds(uint16 limit, uint16 actual);
/// @notice Thrown if the address list length is out of bounds.
/// @param limit The limit value.
/// @param actual The actual value.
error AddresslistLengthOutOfBounds(uint16 limit, uint256 actual);
/// @notice Thrown if the proposal with the same id already exists.
/// @param proposalId The id of the proposal.
error ProposalAlreadyExists(uint256 proposalId);
/// @notice Thrown if a date is out of bounds.
/// @param limit The limit value.
/// @param actual The actual value.
error DateOutOfBounds(uint64 limit, uint64 actual);
/// @notice Emitted when a proposal is approve by an approver.
/// @param proposalId The ID of the proposal.
/// @param approver The approver casting the approve.
event Approved(uint256 indexed proposalId, address indexed approver);
/// @notice Emitted when the plugin settings are set.
/// @param onlyListed Whether only listed addresses can create a proposal.
/// @param minApprovals The minimum amount of approvals needed to pass a proposal.
event MultisigSettingsUpdated(bool onlyListed, uint16 indexed minApprovals);
/// @notice Initializes Release 1, Build 3.
/// @dev This method is required to support [ERC-1822](https://eips.ethereum.org/EIPS/eip-1822).
/// @param _dao The IDAO interface of the associated DAO.
/// @param _members The addresses of the initial members to be added.
/// @param _multisigSettings The multisig settings.
/// @param _targetConfig Configuration for the execution target, specifying the target address and
/// operation type(either `Call` or `DelegateCall`). Defined by `TargetConfig` in the `IPlugin`
/// interface of `osx-commons-contracts` package, added in build 3.
/// @param _pluginMetadata The plugin specific information encoded in bytes.
/// This can also be an ipfs cid encoded in bytes.
function initialize(
IDAO _dao,
address[] calldata _members,
MultisigSettings calldata _multisigSettings,
TargetConfig calldata _targetConfig,
bytes calldata _pluginMetadata
) external onlyCallAtInitialization reinitializer(2) {
__PluginUUPSUpgradeable_init(_dao);
if (_members.length > type(uint16).max) {
revert AddresslistLengthOutOfBounds({limit: type(uint16).max, actual: _members.length});
}
_addAddresses(_members);
emit MembersAdded({members: _members});
_updateMultisigSettings(_multisigSettings);
_setMetadata(_pluginMetadata);
_setTargetConfig(_targetConfig);
}
/// @notice Reinitializes the Multisig after an upgrade from a previous build version. For each
/// reinitialization step, use the `_fromBuild` version to decide which internal functions to call
/// for reinitialization.
/// @dev WARNING: The contract should only be upgradeable through PSP to ensure that _fromBuild is not
/// incorrectly passed, and that the appropriate permissions for the upgrade are properly configured.
/// @param _fromBuild The build version number of the previous implementation contract
/// this upgrade is transitioning from.
/// @param _initData The initialization data to be passed to via `upgradeToAndCall`
/// (see [ERC-1967](https://docs.openzeppelin.com/contracts/4.x/api/proxy#ERC1967Upgrade)).
function initializeFrom(uint16 _fromBuild, bytes calldata _initData) external reinitializer(2) {
if (_fromBuild < 3) {
(TargetConfig memory targetConfig, bytes memory pluginMetadata) = abi.decode(
_initData,
(TargetConfig, bytes)
);
_setTargetConfig(targetConfig);
_setMetadata(pluginMetadata);
}
}
/// @notice Checks if this or the parent contract supports an interface by its ID.
/// @param _interfaceId The ID of the interface.
/// @return Returns `true` if the interface is supported.
function supportsInterface(
bytes4 _interfaceId
)
public
view
virtual
override(MetadataExtensionUpgradeable, PluginUUPSUpgradeable, ProposalUpgradeable)
returns (bool)
{
return
_interfaceId == MULTISIG_INTERFACE_ID ||
_interfaceId == type(IMultisig).interfaceId ||
_interfaceId == type(Addresslist).interfaceId ||
_interfaceId == type(IMembership).interfaceId ||
super.supportsInterface(_interfaceId);
}
/// @inheritdoc IMultisig
/// @dev Requires the `UPDATE_MULTISIG_SETTINGS_PERMISSION_ID` permission.
function addAddresses(
address[] calldata _members
) external auth(UPDATE_MULTISIG_SETTINGS_PERMISSION_ID) {
uint256 newAddresslistLength = addresslistLength() + _members.length;
// Check if the new address list length would be greater than `type(uint16).max`, the maximal number of
// approvals.
if (newAddresslistLength > type(uint16).max) {
revert AddresslistLengthOutOfBounds({
limit: type(uint16).max,
actual: newAddresslistLength
});
}
_addAddresses(_members);
emit MembersAdded({members: _members});
}
/// @inheritdoc IMultisig
/// @dev Requires the `UPDATE_MULTISIG_SETTINGS_PERMISSION_ID` permission.
function removeAddresses(
address[] calldata _members
) external auth(UPDATE_MULTISIG_SETTINGS_PERMISSION_ID) {
uint16 newAddresslistLength = uint16(addresslistLength() - _members.length);
// Check if the new address list length would become less than the current minimum number of approvals required.
if (newAddresslistLength < multisigSettings.minApprovals) {
revert MinApprovalsOutOfBounds({
limit: newAddresslistLength,
actual: multisigSettings.minApprovals
});
}
_removeAddresses(_members);
emit MembersRemoved({members: _members});
}
/// @notice Updates the plugin settings.
/// @dev Requires the `UPDATE_MULTISIG_SETTINGS_PERMISSION_ID` permission.
/// @param _multisigSettings The new settings.
function updateMultisigSettings(
MultisigSettings calldata _multisigSettings
) external auth(UPDATE_MULTISIG_SETTINGS_PERMISSION_ID) {
_updateMultisigSettings(_multisigSettings);
}
/// @notice Creates a new multisig proposal.
/// @dev Requires the `CREATE_PROPOSAL_PERMISSION_ID` permission.
/// @param _metadata The metadata of the proposal.
/// @param _actions The actions that will be executed after the proposal passes.
/// @param _allowFailureMap A bitmap allowing the proposal to succeed, even if individual actions might revert.
/// If the bit at index `i` is 1, the proposal succeeds even if the `i`th action reverts.
/// A failure map value of 0 requires every action to not revert.
/// @param _approveProposal If `true`, the sender will approve the proposal.
/// @param _tryExecution If `true`, execution is tried after the vote cast. The call does not revert if
/// execution is not possible.
/// @param _startDate The start date of the proposal.
/// @param _endDate The end date of the proposal.
/// @return proposalId The ID of the proposal.
// solhint-disable-next-line code-complexity
function createProposal(
bytes calldata _metadata,
Action[] calldata _actions,
uint256 _allowFailureMap,
bool _approveProposal,
bool _tryExecution,
uint64 _startDate,
uint64 _endDate
) public auth(CREATE_PROPOSAL_PERMISSION_ID) returns (uint256 proposalId) {
uint64 snapshotBlock;
unchecked {
// The snapshot block must be mined already to protect the transaction against backrunning transactions
// causing census changes.
snapshotBlock = block.number.toUint64() - 1;
}
// Revert if the settings have been changed in the same block as this proposal should be created in.
// This prevents a malicious party from voting with previous addresses and the new settings.
if (lastMultisigSettingsChange > snapshotBlock) {
revert ProposalCreationForbidden(_msgSender());
}
if (_startDate == 0) {
_startDate = block.timestamp.toUint64();
} else if (_startDate < block.timestamp.toUint64()) {
revert DateOutOfBounds({limit: block.timestamp.toUint64(), actual: _startDate});
}
if (_endDate < _startDate) {
revert DateOutOfBounds({limit: _startDate, actual: _endDate});
}
proposalId = _createProposalId(keccak256(abi.encode(_actions, _metadata)));
// Create the proposal
Proposal storage proposal_ = proposals[proposalId];
// Revert if a proposal with the given `proposalId` already exists.
if (_proposalExists(proposalId)) {
revert ProposalAlreadyExists(proposalId);
}
proposal_.parameters.snapshotBlock = snapshotBlock;
proposal_.parameters.startDate = _startDate;
proposal_.parameters.endDate = _endDate;
proposal_.parameters.minApprovals = multisigSettings.minApprovals;
proposal_.targetConfig = getTargetConfig();
// Reduce costs
if (_allowFailureMap != 0) {
proposal_.allowFailureMap = _allowFailureMap;
}
for (uint256 i; i < _actions.length; ) {
proposal_.actions.push(_actions[i]);
unchecked {
++i;
}
}
if (_approveProposal) {
approve(proposalId, _tryExecution);
}
_emitProposalCreatedEvent(
_actions,
_metadata,
_allowFailureMap,
_startDate,
_endDate,
proposalId
);
}
/// @inheritdoc IProposal
/// @dev Calls a public function that requires the `CREATE_PROPOSAL_PERMISSION_ID` permission.
function createProposal(
bytes calldata _metadata,
Action[] calldata _actions,
uint64 _startDate,
uint64 _endDate,
bytes memory _data
) external override returns (uint256 proposalId) {
// Custom parameters
uint256 _allowFailureMap;
bool _approveProposal;
bool _tryExecution;
if (_data.length != 0) {
(_allowFailureMap, _approveProposal, _tryExecution) = abi.decode(
_data,
(uint256, bool, bool)
);
}
// Calls a public function for permission check.
proposalId = createProposal(
_metadata,
_actions,
_allowFailureMap,
_approveProposal,
_tryExecution,
_startDate,
_endDate
);
}
/// @inheritdoc IProposal
function customProposalParamsABI() external pure override returns (string memory) {
return "(uint256 allowFailureMap, bool approveProposal, bool tryExecution)";
}
/// @inheritdoc IMultisig
/// @dev If `_tryExecution` is `true`, the function attempts execution after recording the approval.
/// Execution will only proceed if the proposal is no longer open, the minimum approval requirements are met,
/// and the caller has been granted execution permission. If execution conditions are not met,
/// the function does not revert.
function approve(uint256 _proposalId, bool _tryExecution) public {
address approver = _msgSender();
if (!_canApprove(_proposalId, approver)) {
revert ApprovalCastForbidden(_proposalId, approver);
}
Proposal storage proposal_ = proposals[_proposalId];
// As the list can never become more than type(uint16).max (due to `addAddresses` check)
// It's safe to use unchecked as it would never overflow.
unchecked {
proposal_.approvals += 1;
}
proposal_.approvers[approver] = true;
emit Approved({proposalId: _proposalId, approver: approver});
if (!_tryExecution) {
return;
}
if (
_canExecute(_proposalId) &&
dao().hasPermission(address(this), approver, EXECUTE_PROPOSAL_PERMISSION_ID, msg.data)
) {
_execute(_proposalId);
}
}
/// @inheritdoc IMultisig
/// @dev Reverts if the proposal with the given `_proposalId` does not exist.
function canApprove(uint256 _proposalId, address _account) external view returns (bool) {
if (!_proposalExists(_proposalId)) {
revert NonexistentProposal(_proposalId);
}
return _canApprove(_proposalId, _account);
}
/// @inheritdoc IMultisig
/// @dev Reverts if the proposal with the given `_proposalId` does not exist.
function canExecute(
uint256 _proposalId
) external view virtual override(IMultisig, IProposal) returns (bool) {
if (!_proposalExists(_proposalId)) {
revert NonexistentProposal(_proposalId);
}
return _canExecute(_proposalId);
}
/// @inheritdoc IProposal
function hasSucceeded(uint256 _proposalId) external view virtual override returns (bool) {
if (!_proposalExists(_proposalId)) {
revert NonexistentProposal(_proposalId);
}
Proposal storage proposal_ = proposals[_proposalId];
return proposal_.approvals >= proposal_.parameters.minApprovals;
}
/// @notice Returns all information for a proposal by its ID.
/// @param _proposalId The ID of the proposal.
/// @return executed Whether the proposal is executed or not.
/// @return approvals The number of approvals casted.
/// @return parameters The parameters of the proposal.
/// @return actions The actions to be executed to the `target` contract address.
/// @return allowFailureMap A bitmap allowing the proposal to succeed, even if individual actions might revert.
/// If the bit at index `i` is 1, the proposal succeeds even if the `i`th action reverts.
/// A failure map value of 0 requires every action to not revert.
/// @return targetConfig Execution configuration, applied to the proposal when it was created. Added in build 3.
function getProposal(
uint256 _proposalId
)
public
view
returns (
bool executed,
uint16 approvals,
ProposalParameters memory parameters,
Action[] memory actions,
uint256 allowFailureMap,
TargetConfig memory targetConfig
)
{
Proposal storage proposal_ = proposals[_proposalId];
executed = proposal_.executed;
approvals = proposal_.approvals;
parameters = proposal_.parameters;
actions = proposal_.actions;
allowFailureMap = proposal_.allowFailureMap;
targetConfig = proposal_.targetConfig;
}
/// @inheritdoc IMultisig
/// @dev May return false if the `_proposalId` or `_account` do not exist,
/// as the function does not verify their existence.
function hasApproved(uint256 _proposalId, address _account) public view returns (bool) {
return proposals[_proposalId].approvers[_account];
}
/// @inheritdoc IMultisig
/// @dev Requires the `EXECUTE_PROPOSAL_PERMISSION_ID` permission.
/// @dev Reverts if the proposal is still open or if the minimum approval threshold has not been met.
function execute(
uint256 _proposalId
) public override(IMultisig, IProposal) auth(EXECUTE_PROPOSAL_PERMISSION_ID) {
if (!_canExecute(_proposalId)) {
revert ProposalExecutionForbidden(_proposalId);
}
_execute(_proposalId);
}
/// @inheritdoc IMembership
function isMember(address _account) external view returns (bool) {
return isListed(_account);
}
/// @notice Internal function to execute a proposal.
/// @dev It assumes the queried proposal exists.
/// @param _proposalId The ID of the proposal.
function _execute(uint256 _proposalId) internal {
Proposal storage proposal_ = proposals[_proposalId];
proposal_.executed = true;
_execute(
proposal_.targetConfig.target,
bytes32(_proposalId),
proposal_.actions,
proposal_.allowFailureMap,
proposal_.targetConfig.operation
);
emit ProposalExecuted(_proposalId);
}
/// @notice Checks if proposal exists or not.
/// @dev A proposal is considered to exist if its `snapshotBlock` in `parameters` is non-zero.
/// @param _proposalId The ID of the proposal.
/// @return Returns `true` if proposal exists, otherwise false.
function _proposalExists(uint256 _proposalId) private view returns (bool) {
return proposals[_proposalId].parameters.snapshotBlock != 0;
}
/// @notice Internal function to check if an account can approve.
/// @dev It assumes the queried proposal exists.
/// @param _proposalId The ID of the proposal.
/// @param _account The account to check.
/// @return Returns `true` if the given account can approve on a certain proposal and `false` otherwise.
function _canApprove(uint256 _proposalId, address _account) internal view returns (bool) {
Proposal storage proposal_ = proposals[_proposalId];
if (!_isProposalOpen(proposal_)) {
// The proposal was executed already
return false;
}
if (!isListedAtBlock(_account, proposal_.parameters.snapshotBlock)) {
// The approver has no voting power.
return false;
}
if (proposal_.approvers[_account]) {
// The approver has already approved
return false;
}
return true;
}
/// @notice Internal function to check if a proposal can be executed.
/// @dev It assumes the queried proposal exists.
/// @param _proposalId The ID of the proposal.
/// @return Returns `true` if the proposal can be executed and `false` otherwise.
function _canExecute(uint256 _proposalId) internal view returns (bool) {
Proposal storage proposal_ = proposals[_proposalId];
// Verify that the proposal has not been executed or expired.
if (!_isProposalOpen(proposal_)) {
return false;
}
return proposal_.approvals >= proposal_.parameters.minApprovals;
}
/// @notice Internal function to check if a proposal is still open.
/// @param proposal_ The proposal struct.
/// @return True if the proposal is open, false otherwise.
function _isProposalOpen(Proposal storage proposal_) internal view returns (bool) {
uint64 currentTimestamp64 = block.timestamp.toUint64();
return
!proposal_.executed &&
proposal_.parameters.startDate <= currentTimestamp64 &&
proposal_.parameters.endDate >= currentTimestamp64;
}
/// @notice Internal function to update the plugin settings.
/// @param _multisigSettings The new settings.
function _updateMultisigSettings(MultisigSettings calldata _multisigSettings) internal {
uint16 addresslistLength_ = uint16(addresslistLength());
if (_multisigSettings.minApprovals > addresslistLength_) {
revert MinApprovalsOutOfBounds({
limit: addresslistLength_,
actual: _multisigSettings.minApprovals
});
}
if (_multisigSettings.minApprovals < 1) {
revert MinApprovalsOutOfBounds({limit: 1, actual: _multisigSettings.minApprovals});
}
multisigSettings = _multisigSettings;
lastMultisigSettingsChange = block.number.toUint64();
emit MultisigSettingsUpdated({
onlyListed: _multisigSettings.onlyListed,
minApprovals: _multisigSettings.minApprovals
});
}
/// @dev Helper function to avoid stack too deep.
function _emitProposalCreatedEvent(
Action[] memory _actions,
bytes memory _metadata,
uint256 _allowFailureMap,
uint64 _startDate,
uint64 _endDate,
uint256 _proposalId
) private {
emit ProposalCreated(
_proposalId,
_msgSender(),
_startDate,
_endDate,
_metadata,
_actions,
_allowFailureMap
);
}
/// @dev This empty reserved space is put in place to allow future versions to add new
/// variables without shifting down storage in the inheritance chain.
/// https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
uint256[47] private __gap;
}// SPDX-License-Identifier: AGPL-3.0-or-later
pragma solidity ^0.8.8;
/* solhint-disable max-line-length */
import {PermissionLib} from "@aragon/osx-commons-contracts/src/permission/PermissionLib.sol";
import {IPluginSetup} from "@aragon/osx-commons-contracts/src/plugin/setup/IPluginSetup.sol";
import {PluginUpgradeableSetup} from "@aragon/osx-commons-contracts/src/plugin/setup/PluginUpgradeableSetup.sol";
import {IPlugin} from "@aragon/osx-commons-contracts/src/plugin/IPlugin.sol";
import {ProxyLib} from "@aragon/osx-commons-contracts/src/utils/deployment/ProxyLib.sol";
import {IDAO} from "@aragon/osx-commons-contracts/src/dao/IDAO.sol";
import {ListedCheckCondition} from "./ListedCheckCondition.sol";
import {Multisig} from "./Multisig.sol";
/* solhint-enable max-line-length */
/// @title MultisigSetup
/// @author Aragon X - 2022-2024
/// @notice The setup contract of the `Multisig` plugin.
/// @dev v1.3 (Release 1, Build 3)
/// @custom:security-contact [email protected]
contract MultisigSetup is PluginUpgradeableSetup {
using ProxyLib for address;
/// @notice The ID of the permission required to call the `execute` function on a DAO.
bytes32 private constant EXECUTE_PERMISSION_ID = keccak256("EXECUTE_PERMISSION");
/// @notice The ID of the permission required to call the `upgradeToAndCall` function.
bytes32 private constant UPGRADE_PLUGIN_PERMISSION_ID = keccak256("UPGRADE_PLUGIN_PERMISSION");
/// @notice The ID of the permission required to call the `setTargetConfig` function.
bytes32 private constant SET_TARGET_CONFIG_PERMISSION_ID =
keccak256("SET_TARGET_CONFIG_PERMISSION");
/// @notice The ID of the permission required to call the `setMetadata` function on a DAO.
bytes32 private constant SET_METADATA_PERMISSION_ID = keccak256("SET_METADATA_PERMISSION");
/// @notice The ID of the permission required to call the `updateMultisigSettings` function.
bytes32 private constant UPDATE_MULTISIG_SETTINGS_PERMISSION_ID =
keccak256("UPDATE_MULTISIG_SETTINGS_PERMISSION");
/// @notice A special address encoding permissions that are valid for any address `who` or `where`.
address private constant ANY_ADDR = address(type(uint160).max);
/// @notice The contract constructor, that deploys the `Multisig` plugin logic contract.
constructor() PluginUpgradeableSetup(address(new Multisig())) {}
/// @inheritdoc IPluginSetup
function prepareInstallation(
address _dao,
bytes calldata _data
) external returns (address plugin, PreparedSetupData memory preparedSetupData) {
// Decode `_data` to extract the params needed for deploying and initializing `Multisig` plugin.
(
address[] memory members,
Multisig.MultisigSettings memory multisigSettings,
IPlugin.TargetConfig memory targetConfig,
bytes memory pluginMetadata
) = abi.decode(_data, (address[], Multisig.MultisigSettings, IPlugin.TargetConfig, bytes));
// Deploy and initialize the plugin UUPS proxy.
plugin = IMPLEMENTATION.deployUUPSProxy(
abi.encodeCall(
Multisig.initialize,
(IDAO(_dao), members, multisigSettings, targetConfig, pluginMetadata)
)
);
// Deploy a ListedCheckCondition contract.
address listedCheckCondition = address(new ListedCheckCondition(plugin));
// Prepare permissions
PermissionLib.MultiTargetPermission[]
memory permissions = new PermissionLib.MultiTargetPermission[](6);
// Set permissions to be granted.
// Grant the list of permissions of the plugin to the DAO.
permissions[0] = PermissionLib.MultiTargetPermission({
operation: PermissionLib.Operation.Grant,
where: plugin,
who: _dao,
condition: PermissionLib.NO_CONDITION,
permissionId: UPDATE_MULTISIG_SETTINGS_PERMISSION_ID
});
permissions[1] = PermissionLib.MultiTargetPermission({
operation: PermissionLib.Operation.Grant,
where: _dao,
who: plugin,
condition: PermissionLib.NO_CONDITION,
permissionId: EXECUTE_PERMISSION_ID
});
permissions[2] = PermissionLib.MultiTargetPermission({
operation: PermissionLib.Operation.GrantWithCondition,
where: plugin,
who: ANY_ADDR,
condition: listedCheckCondition,
permissionId: Multisig(IMPLEMENTATION).CREATE_PROPOSAL_PERMISSION_ID()
});
permissions[3] = PermissionLib.MultiTargetPermission({
operation: PermissionLib.Operation.Grant,
where: plugin,
who: _dao,
condition: PermissionLib.NO_CONDITION,
permissionId: SET_TARGET_CONFIG_PERMISSION_ID
});
permissions[4] = PermissionLib.MultiTargetPermission({
operation: PermissionLib.Operation.Grant,
where: plugin,
who: _dao,
condition: PermissionLib.NO_CONDITION,
permissionId: SET_METADATA_PERMISSION_ID
});
permissions[5] = PermissionLib.MultiTargetPermission({
operation: PermissionLib.Operation.Grant,
where: plugin,
who: ANY_ADDR,
condition: PermissionLib.NO_CONDITION,
permissionId: Multisig(IMPLEMENTATION).EXECUTE_PROPOSAL_PERMISSION_ID()
});
preparedSetupData.permissions = permissions;
preparedSetupData.helpers = new address[](1);
preparedSetupData.helpers[0] = listedCheckCondition;
}
/// @inheritdoc IPluginSetup
/// @dev Revoke the upgrade plugin permission to the DAO for all builds prior the current one (3).
function prepareUpdate(
address _dao,
uint16 _fromBuild,
SetupPayload calldata _payload
)
external
override
returns (bytes memory initData, PreparedSetupData memory preparedSetupData)
{
if (_fromBuild < 3) {
address listedCheckCondition = address(new ListedCheckCondition(_payload.plugin));
PermissionLib.MultiTargetPermission[]
memory permissions = new PermissionLib.MultiTargetPermission[](5);
permissions[0] = PermissionLib.MultiTargetPermission({
operation: PermissionLib.Operation.Revoke,
where: _payload.plugin,
who: _dao,
condition: PermissionLib.NO_CONDITION,
permissionId: UPGRADE_PLUGIN_PERMISSION_ID
});
permissions[1] = PermissionLib.MultiTargetPermission({
operation: PermissionLib.Operation.GrantWithCondition,
where: _payload.plugin,
who: ANY_ADDR,
condition: listedCheckCondition,
permissionId: Multisig(IMPLEMENTATION).CREATE_PROPOSAL_PERMISSION_ID()
});
permissions[2] = PermissionLib.MultiTargetPermission({
operation: PermissionLib.Operation.Grant,
where: _payload.plugin,
who: _dao,
condition: PermissionLib.NO_CONDITION,
permissionId: SET_TARGET_CONFIG_PERMISSION_ID
});
permissions[3] = PermissionLib.MultiTargetPermission({
operation: PermissionLib.Operation.Grant,
where: _payload.plugin,
who: _dao,
condition: PermissionLib.NO_CONDITION,
permissionId: SET_METADATA_PERMISSION_ID
});
permissions[4] = PermissionLib.MultiTargetPermission({
operation: PermissionLib.Operation.Grant,
where: _payload.plugin,
who: ANY_ADDR,
condition: PermissionLib.NO_CONDITION,
permissionId: Multisig(IMPLEMENTATION).EXECUTE_PROPOSAL_PERMISSION_ID()
});
preparedSetupData.permissions = permissions;
preparedSetupData.helpers = new address[](1);
preparedSetupData.helpers[0] = listedCheckCondition;
initData = abi.encodeCall(Multisig.initializeFrom, (_fromBuild, _payload.data));
}
}
/// @inheritdoc IPluginSetup
function prepareUninstallation(
address _dao,
SetupPayload calldata _payload
) external view returns (PermissionLib.MultiTargetPermission[] memory permissions) {
// Prepare permissions
permissions = new PermissionLib.MultiTargetPermission[](6);
// Set permissions to be Revoked.
permissions[0] = PermissionLib.MultiTargetPermission({
operation: PermissionLib.Operation.Revoke,
where: _payload.plugin,
who: _dao,
condition: PermissionLib.NO_CONDITION,
permissionId: UPDATE_MULTISIG_SETTINGS_PERMISSION_ID
});
permissions[1] = PermissionLib.MultiTargetPermission({
operation: PermissionLib.Operation.Revoke,
where: _dao,
who: _payload.plugin,
condition: PermissionLib.NO_CONDITION,
permissionId: EXECUTE_PERMISSION_ID
});
permissions[2] = PermissionLib.MultiTargetPermission({
operation: PermissionLib.Operation.Revoke,
where: _payload.plugin,
who: _dao,
condition: PermissionLib.NO_CONDITION,
permissionId: SET_TARGET_CONFIG_PERMISSION_ID
});
permissions[3] = PermissionLib.MultiTargetPermission({
operation: PermissionLib.Operation.Revoke,
where: _payload.plugin,
who: _dao,
condition: PermissionLib.NO_CONDITION,
permissionId: SET_METADATA_PERMISSION_ID
});
permissions[4] = PermissionLib.MultiTargetPermission({
operation: PermissionLib.Operation.Revoke,
where: _payload.plugin,
who: ANY_ADDR,
condition: PermissionLib.NO_CONDITION,
permissionId: Multisig(IMPLEMENTATION).CREATE_PROPOSAL_PERMISSION_ID()
});
permissions[5] = PermissionLib.MultiTargetPermission({
operation: PermissionLib.Operation.Revoke,
where: _payload.plugin,
who: ANY_ADDR,
condition: PermissionLib.NO_CONDITION,
permissionId: Multisig(IMPLEMENTATION).EXECUTE_PROPOSAL_PERMISSION_ID()
});
}
}// SPDX-License-Identifier: AGPL-3.0-or-later
pragma solidity ^0.8.8;
import {ERC1967Proxy} from "@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol";
import {Clones} from "@openzeppelin/contracts/proxy/Clones.sol";
import {Address} from "@openzeppelin/contracts/utils/Address.sol";
/// @title ProxyLib
/// @author Aragon X - 2024
/// @notice A library containing methods for the deployment of proxies via the UUPS pattern (see [ERC-1822](https://eips.ethereum.org/EIPS/eip-1822)) and minimal proxy pattern (see [ERC-1167](https://eips.ethereum.org/EIPS/eip-1167)).
/// @custom:security-contact [email protected]
library ProxyLib {
using Address for address;
using Clones for address;
/// @notice Creates an [ERC-1967](https://eips.ethereum.org/EIPS/eip-1967) UUPS proxy contract pointing to a logic contract and allows to immediately initialize it.
/// @param _logic The logic contract the proxy is pointing to.
/// @param _initCalldata The initialization data for this contract.
/// @return uupsProxy The address of the UUPS proxy contract created.
/// @dev If `_initCalldata` is non-empty, it is used in a delegate call to the `_logic` contract. This will typically be an encoded function call initializing the storage of the proxy (see [OpenZeppelin ERC1967Proxy-constructor](https://docs.openzeppelin.com/contracts/4.x/api/proxy#ERC1967Proxy-constructor-address-bytes-)).
function deployUUPSProxy(
address _logic,
bytes memory _initCalldata
) internal returns (address uupsProxy) {
uupsProxy = address(new ERC1967Proxy({_logic: _logic, _data: _initCalldata}));
}
/// @notice Creates an [ERC-1167](https://eips.ethereum.org/EIPS/eip-1167) minimal proxy contract, also known as clones, pointing to a logic contract and allows to immediately initialize it.
/// @param _logic The logic contract the proxy is pointing to.
/// @param _initCalldata The initialization data for this contract.
/// @return minimalProxy The address of the minimal proxy contract created.
/// @dev If `_initCalldata` is non-empty, it is used in a call to the clone contract. This will typically be an encoded function call initializing the storage of the contract.
function deployMinimalProxy(
address _logic,
bytes memory _initCalldata
) internal returns (address minimalProxy) {
minimalProxy = _logic.clone();
if (_initCalldata.length > 0) {
minimalProxy.functionCall({data: _initCalldata});
}
}
}// SPDX-License-Identifier: AGPL-3.0-or-later pragma solidity ^0.8.8; /// @title PermissionLib /// @author Aragon X - 2021-2023 /// @notice A library containing objects for permission processing. /// @custom:security-contact [email protected] library PermissionLib { /// @notice A constant expressing that no condition is applied to a permission. address public constant NO_CONDITION = address(0); /// @notice The types of permission operations available in the `PermissionManager`. /// @param Grant The grant operation setting a permission without a condition. /// @param Revoke The revoke operation removing a permission (that was granted with or without a condition). /// @param GrantWithCondition The grant operation setting a permission with a condition. enum Operation { Grant, Revoke, GrantWithCondition } /// @notice A struct containing the information for a permission to be applied on a single target contract without a condition. /// @param operation The permission operation type. /// @param who The address (EOA or contract) receiving the permission. /// @param permissionId The permission identifier. struct SingleTargetPermission { Operation operation; address who; bytes32 permissionId; } /// @notice A struct containing the information for a permission to be applied on multiple target contracts, optionally, with a condition. /// @param operation The permission operation type. /// @param where The address of the target contract for which `who` receives permission. /// @param who The address (EOA or contract) receiving the permission. /// @param condition The `PermissionCondition` that will be asked for authorization on calls connected to the specified permission identifier. /// @param permissionId The permission identifier. struct MultiTargetPermission { Operation operation; address where; address who; address condition; bytes32 permissionId; } }
/// SPDX-License-Identifier: MIT
pragma solidity ^0.8.17;
import {
IVotesUpgradeable
} from "@openzeppelin/contracts-upgradeable/governance/utils/IVotesUpgradeable.sol";
import {
SafeCastUpgradeable
} from "@openzeppelin/contracts-upgradeable/utils/math/SafeCastUpgradeable.sol";
import {
ReentrancyGuardUpgradeable as ReentrancyGuard
} from "@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol";
import {
PausableUpgradeable as Pausable
} from "@openzeppelin/contracts-upgradeable/security/PausableUpgradeable.sol";
import {IERC721EnumerableMintableBurnable as IERC721EMB} from "@lock/IERC721EMB.sol";
import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
import {IERC6372} from "@openzeppelin/contracts/interfaces/IERC6372.sol";
import {IDAO} from "@aragon/osx-commons-contracts/src/dao/IDAO.sol";
import {
DaoAuthorizableUpgradeable as DaoAuthorizable
} from "@aragon/osx-commons-contracts/src/permission/auth/DaoAuthorizableUpgradeable.sol";
import {
IVotingEscrowIncreasingV1_2_0 as IVotingEscrow
} from "@escrow/IVotingEscrowIncreasing_v1_2_0.sol";
import {VotingEscrowV1_2_0 as VotingEscrow} from "@escrow/VotingEscrowIncreasing_v1_2_0.sol";
import {IClockV1_2_0 as IClock} from "@clock/IClock_v1_2_0.sol";
import {IEscrowIVotesAdapter, IDelegateMoveVoteRecipient} from "./IEscrowIVotesAdapter.sol";
import {CurveConstantLib} from "@libs/CurveConstantLib.sol";
import {SignedFixedPointMath} from "@libs/SignedFixedPointMathLib.sol";
import {DelegationHelper} from "./DelegationHelper.sol";
contract EscrowIVotesAdapter is
IERC6372,
ReentrancyGuard,
Pausable,
DaoAuthorizable,
UUPSUpgradeable,
DelegationHelper
{
using SafeCastUpgradeable for uint256;
/// @notice The Gauge admin can can create and manage voting gauges for token holders
bytes32 public constant DELEGATION_ADMIN_ROLE = keccak256("DELEGATION_ADMIN");
/// @notice The role used to call `setDelegateAddress` and delegate/undelegate for specific tokens.
bytes32 public constant DELEGATION_TOKEN_ROLE = keccak256("DELEGATION_TOKEN_ROLE");
/// @custom:oz-upgrades-unsafe-allow state-variable-immutable
int256 public immutable SHARED_QUADRATIC_COEFFICIENT;
/// @custom:oz-upgrades-unsafe-allow state-variable-immutable
int256 public immutable SHARED_LINEAR_COEFFICIENT;
/// @custom:oz-upgrades-unsafe-allow state-variable-immutable
int256 public immutable SHARED_CONSTANT_COEFFICIENT;
/// @custom:oz-upgrades-unsafe-allow state-variable-immutable
uint256 public immutable MAX_EPOCHS;
/// @notice Clock contract for epoch duration
address public escrowClock;
mapping(address => mapping(uint256 => int256)) internal slopeChanges;
mapping(address => mapping(uint256 => GlobalPoint)) public pointHistory;
mapping(address => address) private delegatees_;
mapping(address => uint256) public latestPointIndex;
mapping(address => bool) private autoDelegationDisabled_;
uint256 private maxTime;
/*///////////////////////////////////////////////////////////////
Initialization
//////////////////////////////////////////////////////////////*/
/// @custom:oz-upgrades-unsafe-allow constructor
constructor(int256[3] memory _coefficients, uint256 _maxEpochs) {
SHARED_CONSTANT_COEFFICIENT = _coefficients[0];
SHARED_LINEAR_COEFFICIENT = _coefficients[1];
SHARED_QUADRATIC_COEFFICIENT = _coefficients[2];
MAX_EPOCHS = _maxEpochs;
_disableInitializers();
}
function initialize(
address _dao,
address _escrow,
address _clock,
bool _startPaused
) external initializer {
__DaoAuthorizableUpgradeable_init(IDAO(_dao));
__ReentrancyGuard_init();
__DelegationHelper_init(_escrow);
escrowClock = _clock;
if (_startPaused) _pause();
maxTime = IClock(escrowClock).epochDuration() * MAX_EPOCHS;
}
function pause() external auth(DELEGATION_ADMIN_ROLE) {
_pause();
}
function unpause() external auth(DELEGATION_ADMIN_ROLE) {
_unpause();
}
/// @dev Note that by default, auto delegation of tokenIds is turned on.
function setAutoDelegationDisabled(bool _disabled) external {
address sender = _msgSender();
autoDelegationDisabled_[sender] = _disabled;
emit AutoDelegationDisabledSet(sender, _disabled);
}
/*//////////////////////////////////////////////////////////////
Delegate Functions
//////////////////////////////////////////////////////////////*/
/// @param _delegatee The new delegatee address.
/// @dev Allows to change a delegatee address. This is useful
/// for cases when delegator has huge number of tokens in
/// which case `delegate(address)` would go out of gas.
/// In rare cases, Caller first has to undelegate all tokens,
/// then call this function and then call `delegate(tokenIds)`.
function setDelegateAddress(
address _delegatee
) public whenNotPaused auth(DELEGATION_TOKEN_ROLE) {
address sender = _msgSender();
if (numberOfDelegatedTokens[sender] != 0) {
revert DelegationNotAllowed();
}
address currentDelegatee = delegates(sender);
delegatees_[sender] = _delegatee;
emit DelegateChanged(sender, currentDelegatee, _delegatee);
}
/// @dev Note that `_tokenIds` must be either owned or approved to sender and tokens must not be delegated yet.
/// @param _tokenIds The array of token ids that will be delegated to the current delegatee of `sender`.
function delegate(
uint256[] memory _tokenIds
) public virtual whenNotPaused auth(DELEGATION_TOKEN_ROLE) {
address sender = _msgSender();
address delegatee = delegates(sender);
if (delegatee == address(0)) {
revert DelegateeNotSet();
}
if (_tokenIds.length == 0) {
revert TokenListEmpty();
}
_delegate(sender, delegatee, _tokenIds, true);
}
/// @dev Undelegates currently delegated tokens from the current delegatee
/// and delegates all owned tokens by the sender to the new delegatee.
/// @param _delegatee The new delegatee address.
function delegate(address _delegatee) public virtual whenNotPaused {
address sender = _msgSender();
address currentDelegatee = delegates(sender);
uint256[] memory tokenIds = VotingEscrow(escrow).ownedTokens(sender);
uint256 ownedTokenLength = tokenIds.length;
if (currentDelegatee != address(0) && ownedTokenLength != 0) {
uint256[] memory delegatedTokenIds = getDelegatedTokens(tokenIds);
if (delegatedTokenIds.length != 0) {
_undelegate(sender, currentDelegatee, delegatedTokenIds, false);
}
}
delegatees_[sender] = _delegatee;
if (!autoDelegationDisabled(sender) && _delegatee != address(0) && ownedTokenLength != 0) {
_delegate(sender, _delegatee, tokenIds, false);
}
emit DelegateChanged(sender, currentDelegatee, _delegatee);
}
/// @dev Note that the token ids must be currently delegated and must be owned/approved to the sender.
/// @param _tokenIds The array of token ids that will be undelegated from the current delegatee.
function undelegate(
uint256[] memory _tokenIds
) public virtual whenNotPaused auth(DELEGATION_TOKEN_ROLE) {
address sender = _msgSender();
address delegatee = delegates(sender);
if (delegatee == address(0)) {
revert DelegateeNotSet();
}
if (_tokenIds.length == 0) {
revert TokenListEmpty();
}
_undelegate(sender, delegatee, _tokenIds, true);
}
/// @notice private helper function to delegate token ids to the `_delegatee`.
/// @dev It updates checkpoints, sets token delegation to true and
/// updates voting power on the address gauge voter.
/// @param _sender The address that owns `_tokenIds` and delegates.
/// @param _delegatee The new delegatee address to which `_tokenIds` will be delegated.
/// @param _tokenIds The array of token ids. Note that it's caller's responsibility to not
/// call this function for empty list of `_tokenIds`.
/// @param _validate The boolean flag of whether to validate that token ids are owned by the `_sender` or not.
/// In some cases, validation is not needed as caller already knows that there's no need.
function _delegate(
address _sender,
address _delegatee,
uint256[] memory _tokenIds,
bool _validate
) internal virtual {
(int256 totalBias, int256 totalSlope) = (0, 0);
for (uint256 i = 0; i < _tokenIds.length; i++) {
uint256 tokenId = _tokenIds[i];
if (_validate) {
if (!IVotingEscrow(escrow).isApprovedOrOwner(_sender, tokenId)) {
revert NotApprovedOrOwner();
}
if (tokenIsDelegated(tokenId)) {
revert TokenAlreadyDelegated(tokenId);
}
}
// Ensure that voting power is greater than 0.
// This can not be figured out with only `locked` data, as
// token might exist, but might not be warm.
if (IVotingEscrow(escrow).votingPower(tokenId) == 0) {
revert VotingPowerZero(tokenId);
}
_setDelegated(tokenId, true);
IVotingEscrow.LockedBalance memory locked = IVotingEscrow(escrow).locked(tokenId);
(int256 bias, int256 slope) = _getBiasAndSlope(_delegatee, locked, _positive);
totalBias += bias;
totalSlope += slope;
}
numberOfDelegatedTokens[_sender] += _tokenIds.length;
_checkpoint(totalBias, totalSlope, _delegatee);
IVotingEscrow(escrow).updateVotingPower(_sender, _delegatee);
emit TokensDelegated(_sender, _delegatee, _tokenIds);
}
/// @notice private helper function to undelegate token ids to the `_delegatee`.
/// @dev It updates checkpoints, sets token delegation to false and
/// updates voting power on the address gauge voter.
/// @param _sender The address that owns `_tokenIds` and undelegates.
/// @param _delegatee The delegatee address from which `_tokenIds` will be undelegated.
/// @param _tokenIds The array of token ids. Note that it's caller's responsibility to not
/// call this function for empty list of `_tokenIds`.
/// @param _validate The boolean flag of whether to validate that token ids are owned by the `_sender` or not.
/// In some cases, validation is not needed as caller already knows that there's no need.
function _undelegate(
address _sender,
address _delegatee,
uint256[] memory _tokenIds,
bool _validate
) internal virtual {
(int256 totalBias, int256 totalSlope) = (0, 0);
for (uint256 i = 0; i < _tokenIds.length; i++) {
uint256 tokenId = _tokenIds[i];
if (_validate) {
if (!IVotingEscrow(escrow).isApprovedOrOwner(_sender, tokenId)) {
revert NotApprovedOrOwner();
}
if (!tokenIsDelegated(tokenId)) {
revert TokenNotDelegated(tokenId);
}
}
_setDelegated(tokenId, false);
IVotingEscrow.LockedBalance memory locked = IVotingEscrow(escrow).locked(tokenId);
(int256 bias, int256 slope) = _getBiasAndSlope(_delegatee, locked, _negative);
totalBias += bias;
totalSlope += slope;
}
numberOfDelegatedTokens[_sender] -= _tokenIds.length;
_checkpoint(totalBias, totalSlope, _delegatee);
IVotingEscrow(escrow).updateVotingPower(_sender, _delegatee);
emit TokensUndelegated(_sender, _delegatee, _tokenIds);
}
/// @notice It returns which tokens are currently delegated from the list of `_tokenIds`.
function getDelegatedTokens(
uint256[] memory _tokenIds
) public view virtual returns (uint256[] memory) {
uint256[] memory delegatedTokenIds = new uint256[](_tokenIds.length);
uint256 count;
for (uint256 i = 0; i < _tokenIds.length; ++i) {
if (tokenIsDelegated(_tokenIds[i])) {
delegatedTokenIds[count++] = _tokenIds[i];
}
}
// Trim to size
assembly {
mstore(delegatedTokenIds, count)
}
return delegatedTokenIds;
}
/// @notice Whether an `account` has disabled auto delegation or not.
/// @param _account The address on which auto delegation is checked for.
/// @return True if auto delegation is disabled, otherwise false.
function autoDelegationDisabled(address _account) public view virtual returns (bool) {
return autoDelegationDisabled_[_account];
}
/*//////////////////////////////////////////////////////////////
IERC6372 Functions
//////////////////////////////////////////////////////////////*/
/// @inheritdoc IERC6372
function clock() external view returns (uint48) {
return uint48(block.timestamp);
}
/// @inheritdoc IERC6372
function CLOCK_MODE() external pure returns (string memory) {
return "mode=timestamp";
}
/*//////////////////////////////////////////////////////////////
Checkpoint Functions
//////////////////////////////////////////////////////////////*/
function checkpointTransition(
address _delegatee,
uint256 _transitionCount
) external whenNotPaused {
_checkpoint(0, 0, _delegatee, _transitionCount);
}
function _checkpoint(
int256 _totalBias,
int256 _totalSlope,
address _delegatee
) internal override {
_checkpoint(_totalBias, _totalSlope, _delegatee, 255);
}
function _checkpoint(
int256 _totalBias,
int256 _totalSlope,
address _delegatee,
uint256 _transitionCount
) internal override {
if(_transitionCount == 0) revert ZeroTransition();
GlobalPoint memory lastPoint = GlobalPoint({
bias: 0,
slope: 0,
writtenTs: uint48(block.timestamp)
});
uint256 latestPointIndex_ = latestPointIndex[_delegatee];
if (latestPointIndex_ > 0) {
lastPoint = pointHistory[_delegatee][latestPointIndex_];
}
// Get slope changes for the delegatee
mapping(uint256 => int256) storage slopeChanges_ = slopeChanges[_delegatee];
uint256 expectedWrittenTs;
{
uint256 checkpointInterval = IClock(escrowClock).checkpointInterval();
uint256 lastPointCheckpoint = lastPoint.writtenTs;
uint256 t_i = (lastPointCheckpoint / checkpointInterval) * checkpointInterval;
// Since `_checkpoint` can be called manually due to transition,
// the global point's writtenTs shouldn't be block.timestamp
// by default, but whatever the transition's max week is.
expectedWrittenTs = t_i + _transitionCount * checkpointInterval;
if (expectedWrittenTs > block.timestamp) {
expectedWrittenTs = block.timestamp;
}
for (uint256 i = 0; i < _transitionCount; ++i) {
t_i += checkpointInterval;
int256 dSlope;
if (t_i > expectedWrittenTs) {
t_i = expectedWrittenTs;
} else {
dSlope = slopeChanges_[t_i];
}
lastPoint.bias += lastPoint.slope * int256(t_i - lastPointCheckpoint);
lastPoint.slope -= dSlope;
if (lastPoint.slope < 0) lastPoint.slope = 0;
if (lastPoint.bias < 0) lastPoint.bias = 0;
lastPointCheckpoint = t_i;
if (t_i == expectedWrittenTs) {
break;
}
}
}
// totalBias and totalSlope can be negative, in which case
// it will subtract instead of adding.
lastPoint.bias += _totalBias;
lastPoint.slope += _totalSlope;
lastPoint.writtenTs = uint48(expectedWrittenTs);
if (lastPoint.slope < 0) lastPoint.slope = 0;
if (lastPoint.bias < 0) lastPoint.bias = 0;
latestPointIndex[_delegatee] = ++latestPointIndex_;
pointHistory[_delegatee][latestPointIndex_] = lastPoint;
}
/// @notice Proxies a call to the ERC721 contract
/// @dev Useful for calling contracts looking to validate if the contract is token-like
function balanceOf(address _account) public view virtual returns (uint256) {
address lockNFT = IVotingEscrow(escrow).lockNFT();
if (lockNFT == address(0)) return 0;
return IERC721EMB(lockNFT).balanceOf(_account);
}
/*//////////////////////////////////////////////////////////////
IVotes Function
//////////////////////////////////////////////////////////////*/
/// @notice Returns the current amount of votes that `account` has.
function getVotes(address _account) external view returns (uint256) {
return _delegateBalanceAt(_account, block.timestamp);
}
/// @notice Returns the amount of votes that `account` had at a specific moment in the past.
function getPastVotes(address _account, uint256 _timestamp) public view returns (uint256) {
return _delegateBalanceAt(_account, _timestamp);
}
/// @notice Returns the total supply of votes available at a specific moment in the past.
/// @dev This value is the sum of all available votes, which is not necessarily the sum
/// of all delegated votes. Votes that have not been delegated are still part of
/// total supply, even though they would not participate in a vote.
function getPastTotalSupply(uint256 _timestamp) external view returns (uint256) {
return IVotingEscrow(escrow).totalVotingPowerAt(_timestamp);
}
/// @inheritdoc IEscrowIVotesAdapter
function delegates(address _account) public view virtual override returns (address) {
return delegatees_[_account];
}
/// @dev Not implemented.
function delegateBySig(address, uint256, uint256, uint8, bytes32, bytes32) public virtual {
revert DelegateBySigNotSupported();
}
/*//////////////////////////////////////////////////////////////
Binary Search Functions
//////////////////////////////////////////////////////////////*/
function getPastDelegatePointIndex(
address _delegatee,
uint256 _timestamp
) internal view returns (uint256) {
uint256 latestPointIndex_ = latestPointIndex[_delegatee];
if (latestPointIndex_ == 0) return 0;
mapping(uint256 => GlobalPoint) storage pointHistory_ = pointHistory[_delegatee];
// First check most recent balance
if (pointHistory_[latestPointIndex_].writtenTs <= _timestamp) return (latestPointIndex_);
// Next check implicit zero balance
if (pointHistory_[1].writtenTs > _timestamp) return 0;
uint256 lower = 0;
uint256 upper = latestPointIndex_;
while (upper > lower) {
uint256 center = upper - (upper - lower) / 2; // ceil, avoiding overflow
GlobalPoint storage delegatePoint = pointHistory_[center];
if (delegatePoint.writtenTs == _timestamp) {
return center;
} else if (delegatePoint.writtenTs < _timestamp) {
lower = center;
} else {
upper = center - 1;
}
}
return lower;
}
/// @notice Calculate total voting power at some point in the past
/// @param _timestamp Time to calculate the total voting power at
/// @return Total voting power at that time
function _delegateBalanceAt(
address _delegatee,
uint256 _timestamp
) internal view returns (uint256) {
uint256 index = getPastDelegatePointIndex(_delegatee, _timestamp);
// epoch 0 is an empty point
if (index == 0) return 0;
GlobalPoint memory point = pointHistory[_delegatee][index];
int256 bias = point.bias;
int256 slope = point.slope;
uint256 ts = point.writtenTs;
mapping(uint256 => int256) storage slopeChanges_ = slopeChanges[_delegatee];
uint256 checkpointInterval = IClock(escrowClock).checkpointInterval();
uint256 t_i = (ts / checkpointInterval) * checkpointInterval;
for (uint256 i = 0; i < 255; ++i) {
t_i += checkpointInterval;
int256 dSlope = 0;
if (t_i > _timestamp) {
t_i = _timestamp;
} else {
dSlope = slopeChanges_[t_i];
}
bias += slope * int256(t_i - ts);
if (t_i == _timestamp) {
break;
}
slope -= dSlope;
ts = t_i;
}
if (bias < 0) bias = 0;
return uint256(SignedFixedPointMath.fromFP(bias));
}
/*//////////////////////////////////////////////////////////////
Private Helper Functions
//////////////////////////////////////////////////////////////*/
/// @dev Note that this function also updates slopeChanges.
function _getBiasAndSlope(
address _delegatee,
IVotingEscrow.LockedBalance memory _locked,
function(int256) view returns (int256) op
) internal override returns (int256, int256) {
uint256 elapsed = block.timestamp - _locked.start;
elapsed = elapsed > maxTime ? maxTime : elapsed;
int256 amount = uint256(_locked.amount).toInt256();
int256 slope = amount * SHARED_LINEAR_COEFFICIENT;
int256 bias = slope *
int256(elapsed) +
amount *
SHARED_CONSTANT_COEFFICIENT;
if (bias < 0) bias = 0;
if (elapsed < maxTime) {
slope = op(slope);
slopeChanges[_delegatee][_locked.start + maxTime] += slope;
} else {
slope = 0;
}
return (op(bias), slope);
}
/// @notice Returns the address of the implementation contract in the [proxy storage slot](https://eips.ethereum.org/EIPS/eip-1967) slot the [UUPS proxy](https://eips.ethereum.org/EIPS/eip-1822) is pointing to.
/// @return The address of the implementation contract.
function implementation() public view returns (address) {
return _getImplementation();
}
/// @notice Internal method authorizing the upgrade of the contract via the [upgradeability mechanism for UUPS proxies](https://docs.openzeppelin.com/contracts/4.x/api/proxy#UUPSUpgradeable) (see [ERC-1822](https://eips.ethereum.org/EIPS/eip-1822)).
function _authorizeUpgrade(address) internal virtual override auth(DELEGATION_ADMIN_ROLE) {}
/// @dev Reserved storage space to allow for layout changes in the future.
uint256[43] private __gap;
}// SPDX-License-Identifier: Unlicense
pragma solidity ^0.8.0;
import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
import "@openzeppelin/contracts/token/ERC20/extensions/ERC20Votes.sol";
contract MockERC20 is ERC20("MockERC20", "MERC") {
function mint(address to, uint256 amount) external {
_mint(to, amount);
}
}
contract MockERC20Votes is ERC20Votes {
constructor() ERC20("votes", "V") ERC20Permit("votes") {}
function mint(address to, uint256 amount) external {
_mint(to, amount);
}
function clock() public view virtual override returns (uint48) {
return SafeCast.toUint48(block.timestamp);
}
// The following functions are
function CLOCK_MODE() public view virtual override returns (string memory) {
// Check that the clock was not modified
require(clock() == block.timestamp, "ERC20Votes: broken clock mode");
return "mode=timestamp&from=default";
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/introspection/ERC165Storage.sol)
pragma solidity ^0.8.0;
import "./ERC165Upgradeable.sol";
import "../../proxy/utils/Initializable.sol";
/**
* @dev Storage based implementation of the {IERC165} interface.
*
* Contracts may inherit from this and call {_registerInterface} to declare
* their support of an interface.
*/
abstract contract ERC165StorageUpgradeable is Initializable, ERC165Upgradeable {
function __ERC165Storage_init() internal onlyInitializing {
}
function __ERC165Storage_init_unchained() internal onlyInitializing {
}
/**
* @dev Mapping of interface ids to whether or not it's supported.
*/
mapping(bytes4 => bool) private _supportedInterfaces;
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return super.supportsInterface(interfaceId) || _supportedInterfaces[interfaceId];
}
/**
* @dev Registers the contract as an implementer of the interface defined by
* `interfaceId`. Support of the actual ERC165 interface is automatic and
* registering its interface id is not required.
*
* See {IERC165-supportsInterface}.
*
* Requirements:
*
* - `interfaceId` cannot be the ERC165 invalid interface (`0xffffffff`).
*/
function _registerInterface(bytes4 interfaceId) internal virtual {
require(interfaceId != 0xffffffff, "ERC165: invalid interface id");
_supportedInterfaces[interfaceId] = true;
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[49] private __gap;
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (proxy/utils/Initializable.sol)
pragma solidity ^0.8.2;
import "../../utils/AddressUpgradeable.sol";
/**
* @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
* behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
* external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
* function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
*
* The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
* reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
* case an upgrade adds a module that needs to be initialized.
*
* For example:
*
* [.hljs-theme-light.nopadding]
* ```solidity
* contract MyToken is ERC20Upgradeable {
* function initialize() initializer public {
* __ERC20_init("MyToken", "MTK");
* }
* }
*
* contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
* function initializeV2() reinitializer(2) public {
* __ERC20Permit_init("MyToken");
* }
* }
* ```
*
* TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
* possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
*
* CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
* that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
*
* [CAUTION]
* ====
* Avoid leaving a contract uninitialized.
*
* An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
* contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
* the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
*
* [.hljs-theme-light.nopadding]
* ```
* /// @custom:oz-upgrades-unsafe-allow constructor
* constructor() {
* _disableInitializers();
* }
* ```
* ====
*/
abstract contract Initializable {
/**
* @dev Indicates that the contract has been initialized.
* @custom:oz-retyped-from bool
*/
uint8 private _initialized;
/**
* @dev Indicates that the contract is in the process of being initialized.
*/
bool private _initializing;
/**
* @dev Triggered when the contract has been initialized or reinitialized.
*/
event Initialized(uint8 version);
/**
* @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
* `onlyInitializing` functions can be used to initialize parent contracts.
*
* Similar to `reinitializer(1)`, except that functions marked with `initializer` can be nested in the context of a
* constructor.
*
* Emits an {Initialized} event.
*/
modifier initializer() {
bool isTopLevelCall = !_initializing;
require(
(isTopLevelCall && _initialized < 1) || (!AddressUpgradeable.isContract(address(this)) && _initialized == 1),
"Initializable: contract is already initialized"
);
_initialized = 1;
if (isTopLevelCall) {
_initializing = true;
}
_;
if (isTopLevelCall) {
_initializing = false;
emit Initialized(1);
}
}
/**
* @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
* contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
* used to initialize parent contracts.
*
* A reinitializer may be used after the original initialization step. This is essential to configure modules that
* are added through upgrades and that require initialization.
*
* When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`
* cannot be nested. If one is invoked in the context of another, execution will revert.
*
* Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
* a contract, executing them in the right order is up to the developer or operator.
*
* WARNING: setting the version to 255 will prevent any future reinitialization.
*
* Emits an {Initialized} event.
*/
modifier reinitializer(uint8 version) {
require(!_initializing && _initialized < version, "Initializable: contract is already initialized");
_initialized = version;
_initializing = true;
_;
_initializing = false;
emit Initialized(version);
}
/**
* @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
* {initializer} and {reinitializer} modifiers, directly or indirectly.
*/
modifier onlyInitializing() {
require(_initializing, "Initializable: contract is not initializing");
_;
}
/**
* @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
* Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
* to any version. It is recommended to use this to lock implementation contracts that are designed to be called
* through proxies.
*
* Emits an {Initialized} event the first time it is successfully executed.
*/
function _disableInitializers() internal virtual {
require(!_initializing, "Initializable: contract is initializing");
if (_initialized != type(uint8).max) {
_initialized = type(uint8).max;
emit Initialized(type(uint8).max);
}
}
/**
* @dev Returns the highest version that has been initialized. See {reinitializer}.
*/
function _getInitializedVersion() internal view returns (uint8) {
return _initialized;
}
/**
* @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.
*/
function _isInitializing() internal view returns (bool) {
return _initializing;
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (proxy/utils/UUPSUpgradeable.sol)
pragma solidity ^0.8.0;
import "../../interfaces/draft-IERC1822Upgradeable.sol";
import "../ERC1967/ERC1967UpgradeUpgradeable.sol";
import "./Initializable.sol";
/**
* @dev An upgradeability mechanism designed for UUPS proxies. The functions included here can perform an upgrade of an
* {ERC1967Proxy}, when this contract is set as the implementation behind such a proxy.
*
* A security mechanism ensures that an upgrade does not turn off upgradeability accidentally, although this risk is
* reinstated if the upgrade retains upgradeability but removes the security mechanism, e.g. by replacing
* `UUPSUpgradeable` with a custom implementation of upgrades.
*
* The {_authorizeUpgrade} function must be overridden to include access restriction to the upgrade mechanism.
*
* _Available since v4.1._
*/
abstract contract UUPSUpgradeable is Initializable, IERC1822ProxiableUpgradeable, ERC1967UpgradeUpgradeable {
function __UUPSUpgradeable_init() internal onlyInitializing {
}
function __UUPSUpgradeable_init_unchained() internal onlyInitializing {
}
/// @custom:oz-upgrades-unsafe-allow state-variable-immutable state-variable-assignment
address private immutable __self = address(this);
/**
* @dev Check that the execution is being performed through a delegatecall call and that the execution context is
* a proxy contract with an implementation (as defined in ERC1967) pointing to self. This should only be the case
* for UUPS and transparent proxies that are using the current contract as their implementation. Execution of a
* function through ERC1167 minimal proxies (clones) would not normally pass this test, but is not guaranteed to
* fail.
*/
modifier onlyProxy() {
require(address(this) != __self, "Function must be called through delegatecall");
require(_getImplementation() == __self, "Function must be called through active proxy");
_;
}
/**
* @dev Check that the execution is not being performed through a delegate call. This allows a function to be
* callable on the implementing contract but not through proxies.
*/
modifier notDelegated() {
require(address(this) == __self, "UUPSUpgradeable: must not be called through delegatecall");
_;
}
/**
* @dev Implementation of the ERC1822 {proxiableUUID} function. This returns the storage slot used by the
* implementation. It is used to validate the implementation's compatibility when performing an upgrade.
*
* IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks
* bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this
* function revert if invoked through a proxy. This is guaranteed by the `notDelegated` modifier.
*/
function proxiableUUID() external view virtual override notDelegated returns (bytes32) {
return _IMPLEMENTATION_SLOT;
}
/**
* @dev Upgrade the implementation of the proxy to `newImplementation`.
*
* Calls {_authorizeUpgrade}.
*
* Emits an {Upgraded} event.
*
* @custom:oz-upgrades-unsafe-allow-reachable delegatecall
*/
function upgradeTo(address newImplementation) public virtual onlyProxy {
_authorizeUpgrade(newImplementation);
_upgradeToAndCallUUPS(newImplementation, new bytes(0), false);
}
/**
* @dev Upgrade the implementation of the proxy to `newImplementation`, and subsequently execute the function call
* encoded in `data`.
*
* Calls {_authorizeUpgrade}.
*
* Emits an {Upgraded} event.
*
* @custom:oz-upgrades-unsafe-allow-reachable delegatecall
*/
function upgradeToAndCall(address newImplementation, bytes memory data) public payable virtual onlyProxy {
_authorizeUpgrade(newImplementation);
_upgradeToAndCallUUPS(newImplementation, data, true);
}
/**
* @dev Function that should revert when `msg.sender` is not authorized to upgrade the contract. Called by
* {upgradeTo} and {upgradeToAndCall}.
*
* Normally, this function will use an xref:access.adoc[access control] modifier such as {Ownable-onlyOwner}.
*
* ```solidity
* function _authorizeUpgrade(address) internal override onlyOwner {}
* ```
*/
function _authorizeUpgrade(address newImplementation) internal virtual;
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[50] private __gap;
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/utils/SafeERC20.sol)
pragma solidity ^0.8.0;
import "../IERC20Upgradeable.sol";
import "../extensions/IERC20PermitUpgradeable.sol";
import "../../../utils/AddressUpgradeable.sol";
/**
* @title SafeERC20
* @dev Wrappers around ERC20 operations that throw on failure (when the token
* contract returns false). Tokens that return no value (and instead revert or
* throw on failure) are also supported, non-reverting calls are assumed to be
* successful.
* To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
* which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
*/
library SafeERC20Upgradeable {
using AddressUpgradeable for address;
/**
* @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeTransfer(IERC20Upgradeable token, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));
}
/**
* @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the
* calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.
*/
function safeTransferFrom(IERC20Upgradeable token, address from, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));
}
/**
* @dev Deprecated. This function has issues similar to the ones found in
* {IERC20-approve}, and its usage is discouraged.
*
* Whenever possible, use {safeIncreaseAllowance} and
* {safeDecreaseAllowance} instead.
*/
function safeApprove(IERC20Upgradeable token, address spender, uint256 value) internal {
// safeApprove should only be called when setting an initial allowance,
// or when resetting it to zero. To increase and decrease it, use
// 'safeIncreaseAllowance' and 'safeDecreaseAllowance'
require(
(value == 0) || (token.allowance(address(this), spender) == 0),
"SafeERC20: approve from non-zero to non-zero allowance"
);
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));
}
/**
* @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeIncreaseAllowance(IERC20Upgradeable token, address spender, uint256 value) internal {
uint256 oldAllowance = token.allowance(address(this), spender);
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance + value));
}
/**
* @dev Decrease the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeDecreaseAllowance(IERC20Upgradeable token, address spender, uint256 value) internal {
unchecked {
uint256 oldAllowance = token.allowance(address(this), spender);
require(oldAllowance >= value, "SafeERC20: decreased allowance below zero");
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance - value));
}
}
/**
* @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful. Compatible with tokens that require the approval to be set to
* 0 before setting it to a non-zero value.
*/
function forceApprove(IERC20Upgradeable token, address spender, uint256 value) internal {
bytes memory approvalCall = abi.encodeWithSelector(token.approve.selector, spender, value);
if (!_callOptionalReturnBool(token, approvalCall)) {
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, 0));
_callOptionalReturn(token, approvalCall);
}
}
/**
* @dev Use a ERC-2612 signature to set the `owner` approval toward `spender` on `token`.
* Revert on invalid signature.
*/
function safePermit(
IERC20PermitUpgradeable token,
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) internal {
uint256 nonceBefore = token.nonces(owner);
token.permit(owner, spender, value, deadline, v, r, s);
uint256 nonceAfter = token.nonces(owner);
require(nonceAfter == nonceBefore + 1, "SafeERC20: permit did not succeed");
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*/
function _callOptionalReturn(IERC20Upgradeable token, bytes memory data) private {
// We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
// we're implementing it ourselves. We use {Address-functionCall} to perform this call, which verifies that
// the target address contains contract code and also asserts for success in the low-level call.
bytes memory returndata = address(token).functionCall(data, "SafeERC20: low-level call failed");
require(returndata.length == 0 || abi.decode(returndata, (bool)), "SafeERC20: ERC20 operation did not succeed");
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*
* This is a variant of {_callOptionalReturn} that silents catches all reverts and returns a bool instead.
*/
function _callOptionalReturnBool(IERC20Upgradeable token, bytes memory data) private returns (bool) {
// We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
// we're implementing it ourselves. We cannot use {Address-functionCall} here since this should return false
// and not revert is the subcall reverts.
(bool success, bytes memory returndata) = address(token).call(data);
return
success && (returndata.length == 0 || abi.decode(returndata, (bool))) && AddressUpgradeable.isContract(address(token));
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/IERC20.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/
interface IERC20Upgradeable {
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
/**
* @dev Returns the amount of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the amount of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves `amount` tokens from the caller's account to `to`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address to, uint256 amount) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 amount) external returns (bool);
/**
* @dev Moves `amount` tokens from `from` to `to` using the
* allowance mechanism. `amount` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(address from, address to, uint256 amount) external returns (bool);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.6.0) (token/ERC721/IERC721Receiver.sol)
pragma solidity ^0.8.0;
/**
* @title ERC721 token receiver interface
* @dev Interface for any contract that wants to support safeTransfers
* from ERC721 asset contracts.
*/
interface IERC721ReceiverUpgradeable {
/**
* @dev Whenever an {IERC721} `tokenId` token is transferred to this contract via {IERC721-safeTransferFrom}
* by `operator` from `from`, this function is called.
*
* It must return its Solidity selector to confirm the token transfer.
* If any other value is returned or the interface is not implemented by the recipient, the transfer will be reverted.
*
* The selector can be obtained in Solidity with `IERC721Receiver.onERC721Received.selector`.
*/
function onERC721Received(
address operator,
address from,
uint256 tokenId,
bytes calldata data
) external returns (bytes4);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC1155/IERC1155.sol)
pragma solidity ^0.8.0;
import "../../utils/introspection/IERC165Upgradeable.sol";
/**
* @dev Required interface of an ERC1155 compliant contract, as defined in the
* https://eips.ethereum.org/EIPS/eip-1155[EIP].
*
* _Available since v3.1._
*/
interface IERC1155Upgradeable is IERC165Upgradeable {
/**
* @dev Emitted when `value` tokens of token type `id` are transferred from `from` to `to` by `operator`.
*/
event TransferSingle(address indexed operator, address indexed from, address indexed to, uint256 id, uint256 value);
/**
* @dev Equivalent to multiple {TransferSingle} events, where `operator`, `from` and `to` are the same for all
* transfers.
*/
event TransferBatch(
address indexed operator,
address indexed from,
address indexed to,
uint256[] ids,
uint256[] values
);
/**
* @dev Emitted when `account` grants or revokes permission to `operator` to transfer their tokens, according to
* `approved`.
*/
event ApprovalForAll(address indexed account, address indexed operator, bool approved);
/**
* @dev Emitted when the URI for token type `id` changes to `value`, if it is a non-programmatic URI.
*
* If an {URI} event was emitted for `id`, the standard
* https://eips.ethereum.org/EIPS/eip-1155#metadata-extensions[guarantees] that `value` will equal the value
* returned by {IERC1155MetadataURI-uri}.
*/
event URI(string value, uint256 indexed id);
/**
* @dev Returns the amount of tokens of token type `id` owned by `account`.
*
* Requirements:
*
* - `account` cannot be the zero address.
*/
function balanceOf(address account, uint256 id) external view returns (uint256);
/**
* @dev xref:ROOT:erc1155.adoc#batch-operations[Batched] version of {balanceOf}.
*
* Requirements:
*
* - `accounts` and `ids` must have the same length.
*/
function balanceOfBatch(
address[] calldata accounts,
uint256[] calldata ids
) external view returns (uint256[] memory);
/**
* @dev Grants or revokes permission to `operator` to transfer the caller's tokens, according to `approved`,
*
* Emits an {ApprovalForAll} event.
*
* Requirements:
*
* - `operator` cannot be the caller.
*/
function setApprovalForAll(address operator, bool approved) external;
/**
* @dev Returns true if `operator` is approved to transfer ``account``'s tokens.
*
* See {setApprovalForAll}.
*/
function isApprovedForAll(address account, address operator) external view returns (bool);
/**
* @dev Transfers `amount` tokens of token type `id` from `from` to `to`.
*
* Emits a {TransferSingle} event.
*
* Requirements:
*
* - `to` cannot be the zero address.
* - If the caller is not `from`, it must have been approved to spend ``from``'s tokens via {setApprovalForAll}.
* - `from` must have a balance of tokens of type `id` of at least `amount`.
* - If `to` refers to a smart contract, it must implement {IERC1155Receiver-onERC1155Received} and return the
* acceptance magic value.
*/
function safeTransferFrom(address from, address to, uint256 id, uint256 amount, bytes calldata data) external;
/**
* @dev xref:ROOT:erc1155.adoc#batch-operations[Batched] version of {safeTransferFrom}.
*
* Emits a {TransferBatch} event.
*
* Requirements:
*
* - `ids` and `amounts` must have the same length.
* - If `to` refers to a smart contract, it must implement {IERC1155Receiver-onERC1155BatchReceived} and return the
* acceptance magic value.
*/
function safeBatchTransferFrom(
address from,
address to,
uint256[] calldata ids,
uint256[] calldata amounts,
bytes calldata data
) external;
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (token/ERC1155/IERC1155Receiver.sol)
pragma solidity ^0.8.0;
import "../../utils/introspection/IERC165Upgradeable.sol";
/**
* @dev _Available since v3.1._
*/
interface IERC1155ReceiverUpgradeable is IERC165Upgradeable {
/**
* @dev Handles the receipt of a single ERC1155 token type. This function is
* called at the end of a `safeTransferFrom` after the balance has been updated.
*
* NOTE: To accept the transfer, this must return
* `bytes4(keccak256("onERC1155Received(address,address,uint256,uint256,bytes)"))`
* (i.e. 0xf23a6e61, or its own function selector).
*
* @param operator The address which initiated the transfer (i.e. msg.sender)
* @param from The address which previously owned the token
* @param id The ID of the token being transferred
* @param value The amount of tokens being transferred
* @param data Additional data with no specified format
* @return `bytes4(keccak256("onERC1155Received(address,address,uint256,uint256,bytes)"))` if transfer is allowed
*/
function onERC1155Received(
address operator,
address from,
uint256 id,
uint256 value,
bytes calldata data
) external returns (bytes4);
/**
* @dev Handles the receipt of a multiple ERC1155 token types. This function
* is called at the end of a `safeBatchTransferFrom` after the balances have
* been updated.
*
* NOTE: To accept the transfer(s), this must return
* `bytes4(keccak256("onERC1155BatchReceived(address,address,uint256[],uint256[],bytes)"))`
* (i.e. 0xbc197c81, or its own function selector).
*
* @param operator The address which initiated the batch transfer (i.e. msg.sender)
* @param from The address which previously owned the token
* @param ids An array containing ids of each token being transferred (order and length must match values array)
* @param values An array containing amounts of each token being transferred (order and length must match ids array)
* @param data Additional data with no specified format
* @return `bytes4(keccak256("onERC1155BatchReceived(address,address,uint256[],uint256[],bytes)"))` if transfer is allowed
*/
function onERC1155BatchReceived(
address operator,
address from,
uint256[] calldata ids,
uint256[] calldata values,
bytes calldata data
) external returns (bytes4);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)
pragma solidity ^0.8.1;
/**
* @dev Collection of functions related to the address type
*/
library AddressUpgradeable {
/**
* @dev Returns true if `account` is a contract.
*
* [IMPORTANT]
* ====
* It is unsafe to assume that an address for which this function returns
* false is an externally-owned account (EOA) and not a contract.
*
* Among others, `isContract` will return false for the following
* types of addresses:
*
* - an externally-owned account
* - a contract in construction
* - an address where a contract will be created
* - an address where a contract lived, but was destroyed
*
* Furthermore, `isContract` will also return true if the target contract within
* the same transaction is already scheduled for destruction by `SELFDESTRUCT`,
* which only has an effect at the end of a transaction.
* ====
*
* [IMPORTANT]
* ====
* You shouldn't rely on `isContract` to protect against flash loan attacks!
*
* Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
* like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
* constructor.
* ====
*/
function isContract(address account) internal view returns (bool) {
// This method relies on extcodesize/address.code.length, which returns 0
// for contracts in construction, since the code is only stored at the end
// of the constructor execution.
return account.code.length > 0;
}
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
require(address(this).balance >= amount, "Address: insufficient balance");
(bool success, ) = recipient.call{value: amount}("");
require(success, "Address: unable to send value, recipient may have reverted");
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason, it is bubbled up by this
* function (like regular Solidity function calls).
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*
* _Available since v3.1._
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, "Address: low-level call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
* `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*
* _Available since v3.1._
*/
function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
}
/**
* @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
* with `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value,
string memory errorMessage
) internal returns (bytes memory) {
require(address(this).balance >= value, "Address: insufficient balance for call");
(bool success, bytes memory returndata) = target.call{value: value}(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
return functionStaticCall(target, data, "Address: low-level static call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(
address target,
bytes memory data,
string memory errorMessage
) internal view returns (bytes memory) {
(bool success, bytes memory returndata) = target.staticcall(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
return functionDelegateCall(target, data, "Address: low-level delegate call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
(bool success, bytes memory returndata) = target.delegatecall(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling
* the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.
*
* _Available since v4.8._
*/
function verifyCallResultFromTarget(
address target,
bool success,
bytes memory returndata,
string memory errorMessage
) internal view returns (bytes memory) {
if (success) {
if (returndata.length == 0) {
// only check isContract if the call was successful and the return data is empty
// otherwise we already know that it was a contract
require(isContract(target), "Address: call to non-contract");
}
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
/**
* @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the
* revert reason or using the provided one.
*
* _Available since v4.3._
*/
function verifyCallResult(
bool success,
bytes memory returndata,
string memory errorMessage
) internal pure returns (bytes memory) {
if (success) {
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
function _revert(bytes memory returndata, string memory errorMessage) private pure {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly
/// @solidity memory-safe-assembly
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert(errorMessage);
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (interfaces/IERC1271.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC1271 standard signature validation method for
* contracts as defined in https://eips.ethereum.org/EIPS/eip-1271[ERC-1271].
*
* _Available since v4.1._
*/
interface IERC1271 {
/**
* @dev Should return whether the signature provided is valid for the provided data
* @param hash Hash of the data to be signed
* @param signature Signature byte array associated with _data
*/
function isValidSignature(bytes32 hash, bytes memory signature) external view returns (bytes4 magicValue);
}// SPDX-License-Identifier: AGPL-3.0-or-later pragma solidity ^0.8.8; /// @title IProtocolVersion /// @author Aragon X - 2022-2023 /// @notice An interface defining the semantic Aragon OSx protocol version number. /// @custom:security-contact [email protected] interface IProtocolVersion { /// @notice Returns the semantic Aragon OSx protocol version number that the implementing contract is associated with. /// @return _version Returns the semantic Aragon OSx protocol version number. /// @dev This version number is not to be confused with the `release` and `build` numbers found in the `Version.Tag` struct inside the `PluginRepo` contract being used to version plugin setup and associated plugin implementation contracts. function protocolVersion() external view returns (uint8[3] memory _version); }
// SPDX-License-Identifier: AGPL-3.0-or-later
pragma solidity ^0.8.8;
import {IProtocolVersion} from "./IProtocolVersion.sol";
/// @title ProtocolVersion
/// @author Aragon X - 2023
/// @notice An abstract, stateless, non-upgradeable contract providing the current Aragon OSx protocol version number.
/// @dev Do not add any new variables to this contract that would shift down storage in the inheritance chain.
/// @custom:security-contact [email protected]
abstract contract ProtocolVersion is IProtocolVersion {
// IMPORTANT: Do not add any storage variable, see the above notice.
/// @inheritdoc IProtocolVersion
function protocolVersion() public pure returns (uint8[3] memory) {
return [1, 4, 0];
}
}// SPDX-License-Identifier: AGPL-3.0-or-later pragma solidity ^0.8.8; /// @title VersionComparisonLib /// @author Aragon X - 2023 /// @notice A library containing methods for [semantic version number](https://semver.org/spec/v2.0.0.html) comparison. /// @custom:security-contact [email protected] library VersionComparisonLib { /// @notice Equality comparator for two semantic version numbers. /// @param lhs The left-hand side semantic version number. /// @param rhs The right-hand side semantic version number. /// @return Whether the two numbers are equal or not. function eq(uint8[3] memory lhs, uint8[3] memory rhs) internal pure returns (bool) { if (lhs[0] != rhs[0]) return false; if (lhs[1] != rhs[1]) return false; if (lhs[2] != rhs[2]) return false; return true; } /// @notice Inequality comparator for two semantic version numbers. /// @param lhs The left-hand side semantic version number. /// @param rhs The right-hand side semantic version number. /// @return Whether the two numbers are inequal or not. function neq(uint8[3] memory lhs, uint8[3] memory rhs) internal pure returns (bool) { if (lhs[0] != rhs[0]) return true; if (lhs[1] != rhs[1]) return true; if (lhs[2] != rhs[2]) return true; return false; } /// @notice Less than comparator for two semantic version numbers. /// @param lhs The left-hand side semantic version number. /// @param rhs The right-hand side semantic version number. /// @return Whether the first number is less than the second number or not. function lt(uint8[3] memory lhs, uint8[3] memory rhs) internal pure returns (bool) { if (lhs[0] < rhs[0]) return true; if (lhs[0] > rhs[0]) return false; if (lhs[1] < rhs[1]) return true; if (lhs[1] > rhs[1]) return false; if (lhs[2] < rhs[2]) return true; return false; } /// @notice Less than or equal to comparator for two semantic version numbers. /// @param lhs The left-hand side semantic version number. /// @param rhs The right-hand side semantic version number. /// @return Whether the first number is less than or equal to the second number or not. function lte(uint8[3] memory lhs, uint8[3] memory rhs) internal pure returns (bool) { if (lhs[0] < rhs[0]) return true; if (lhs[0] > rhs[0]) return false; if (lhs[1] < rhs[1]) return true; if (lhs[1] > rhs[1]) return false; if (lhs[2] <= rhs[2]) return true; return false; } /// @notice Greater than comparator for two semantic version numbers. /// @param lhs The left-hand side semantic version number. /// @param rhs The right-hand side semantic version number. /// @return Whether the first number is greater than the second number or not. function gt(uint8[3] memory lhs, uint8[3] memory rhs) internal pure returns (bool) { if (lhs[0] > rhs[0]) return true; if (lhs[0] < rhs[0]) return false; if (lhs[1] > rhs[1]) return true; if (lhs[1] < rhs[1]) return false; if (lhs[2] > rhs[2]) return true; return false; } /// @notice Greater than or equal to comparator for two semantic version numbers. /// @param lhs The left-hand side semantic version number. /// @param rhs The right-hand side semantic version number. /// @return Whether the first number is greater than or equal to the second number or not. function gte(uint8[3] memory lhs, uint8[3] memory rhs) internal pure returns (bool) { if (lhs[0] > rhs[0]) return true; if (lhs[0] < rhs[0]) return false; if (lhs[1] > rhs[1]) return true; if (lhs[1] < rhs[1]) return false; if (lhs[2] >= rhs[2]) return true; return false; } }
// SPDX-License-Identifier: AGPL-3.0-or-later pragma solidity ^0.8.8; /// @param bitmap The `uint256` representation of bits. /// @param index The index number to check whether 1 or 0 is set. /// @return Returns `true` if the bit is set at `index` on `bitmap`. /// @custom:security-contact [email protected] function hasBit(uint256 bitmap, uint8 index) pure returns (bool) { uint256 bitValue = bitmap & (1 << index); return bitValue > 0; } /// @param bitmap The `uint256` representation of bits. /// @param index The index number to set the bit. /// @return Returns a new number in which the bit is set at `index`. /// @custom:security-contact [email protected] function flipBit(uint256 bitmap, uint8 index) pure returns (uint256) { return bitmap ^ (1 << index); }
// SPDX-License-Identifier: AGPL-3.0-or-later
pragma solidity ^0.8.8;
import {ERC165} from "@openzeppelin/contracts/utils/introspection/ERC165.sol";
import {IExecutor, Action} from "./IExecutor.sol";
import {flipBit, hasBit} from "../utils/math/BitMap.sol";
/// @title IDAO
/// @author Aragon X - 2024
/// @notice Simple Executor that loops through the actions and executes them.
/// @dev This doesn't use any type of permission for execution and can be called by anyone.
/// Most useful use-case is to deploy it as non-upgradeable and call from another contract via delegatecall.
/// If used with delegatecall, DO NOT add state variables in sequential slots, otherwise this will overwrite
/// the storage of the calling contract.
/// @custom:security-contact [email protected]
contract Executor is IExecutor, ERC165 {
/// @notice The internal constant storing the maximal action array length.
uint256 internal constant MAX_ACTIONS = 256;
// keccak256("osx-commons.storage.Executor")
bytes32 private constant REENTRANCY_GUARD_STORAGE_LOCATION =
0x4d6542319dfb3f7c8adbb488d7b4d7cf849381f14faf4b64de3ac05d08c0bdec;
/// @notice The first out of two values to which the `_reentrancyStatus` state variable (used by the `nonReentrant` modifier) can be set indicating that a function was not entered.
uint256 private constant _NOT_ENTERED = 1;
/// @notice The second out of two values to which the `_reentrancyStatus` state variable (used by the `nonReentrant` modifier) can be set indicating that a function was entered.
uint256 private constant _ENTERED = 2;
/// @notice Thrown if the action array length is larger than `MAX_ACTIONS`.
error TooManyActions();
/// @notice Thrown if an action has insufficient gas left.
error InsufficientGas();
/// @notice Thrown if action execution has failed.
/// @param index The index of the action in the action array that failed.
error ActionFailed(uint256 index);
/// @notice Thrown if a call is reentrant.
error ReentrantCall();
/// @notice Initializes the contract with a non-entered reentrancy status.
/// @dev Sets the reentrancy guard status to `_NOT_ENTERED` to prevent reentrant calls from the start.
constructor() {
_storeReentrancyStatus(_NOT_ENTERED);
}
/// @notice Prevents reentrant calls to a function.
/// @dev This modifier checks the reentrancy status before function execution. If already entered, it reverts with
/// `ReentrantCall()`. Sets the status to `_ENTERED` during execution and resets it to `_NOT_ENTERED` afterward.
modifier nonReentrant() {
if (_getReentrancyStatus() == _ENTERED) {
revert ReentrantCall();
}
_storeReentrancyStatus(_ENTERED);
_;
_storeReentrancyStatus(_NOT_ENTERED);
}
/// @notice Checks if this or the parent contract supports an interface by its ID.
/// @param _interfaceId The ID of the interface.
/// @return Returns `true` if the interface is supported.
function supportsInterface(bytes4 _interfaceId) public view virtual override returns (bool) {
return _interfaceId == type(IExecutor).interfaceId || super.supportsInterface(_interfaceId);
}
/// @inheritdoc IExecutor
function execute(
bytes32 _callId,
Action[] memory _actions,
uint256 _allowFailureMap
)
public
virtual
override
nonReentrant
returns (bytes[] memory execResults, uint256 failureMap)
{
// Check that the action array length is within bounds.
if (_actions.length > MAX_ACTIONS) {
revert TooManyActions();
}
execResults = new bytes[](_actions.length);
uint256 gasBefore;
uint256 gasAfter;
for (uint256 i = 0; i < _actions.length; ) {
gasBefore = gasleft();
(bool success, bytes memory data) = _actions[i].to.call{value: _actions[i].value}(
_actions[i].data
);
gasAfter = gasleft();
// Check if failure is allowed
if (!success) {
if (!hasBit(_allowFailureMap, uint8(i))) {
revert ActionFailed(i);
}
// Make sure that the action call did not fail because 63/64 of `gasleft()` was insufficient to execute the external call `.to.call` (see [ERC-150](https://eips.ethereum.org/EIPS/eip-150)).
// In specific scenarios, i.e. proposal execution where the last action in the action array is allowed to fail, the account calling `execute` could force-fail this action by setting a gas limit
// where 63/64 is insufficient causing the `.to.call` to fail, but where the remaining 1/64 gas are sufficient to successfully finish the `execute` call.
if (gasAfter < gasBefore / 64) {
revert InsufficientGas();
}
// Store that this action failed.
failureMap = flipBit(failureMap, uint8(i));
}
execResults[i] = data;
unchecked {
++i;
}
}
emit Executed({
actor: msg.sender,
callId: _callId,
actions: _actions,
allowFailureMap: _allowFailureMap,
failureMap: failureMap,
execResults: execResults
});
}
/// @notice Gets the current reentrancy status.
/// @return status This returns the current reentrancy status.
function _getReentrancyStatus() private view returns (uint256 status) {
// solhint-disable-next-line no-inline-assembly
assembly {
status := sload(REENTRANCY_GUARD_STORAGE_LOCATION)
}
}
/// @notice Stores the reentrancy status at a specific storage slot.
/// @param _status The reentrancy status to be stored, typically `_ENTERED` or `_NOT_ENTERED`.
/// @dev Uses inline assembly to store the `_status` value at `REENTRANCY_GUARD_STORAGE_LOCATION` to manage
/// reentrancy status efficiently.
function _storeReentrancyStatus(uint256 _status) private {
// solhint-disable-next-line no-inline-assembly
assembly {
sstore(REENTRANCY_GUARD_STORAGE_LOCATION, _status)
}
}
}// SPDX-License-Identifier: AGPL-3.0-or-later pragma solidity ^0.8.8; /// @title IDAO /// @author Aragon X - 2022-2024 /// @notice The interface required for DAOs within the Aragon App DAO framework. /// @custom:security-contact [email protected] interface IDAO { /// @notice Checks if an address has permission on a contract via a permission identifier and considers if `ANY_ADDRESS` was used in the granting process. /// @param _where The address of the contract. /// @param _who The address of a EOA or contract to give the permissions. /// @param _permissionId The permission identifier. /// @param _data The optional data passed to the `PermissionCondition` registered. /// @return Returns true if the address has permission, false if not. function hasPermission( address _where, address _who, bytes32 _permissionId, bytes memory _data ) external view returns (bool); /// @notice Updates the DAO metadata (e.g., an IPFS hash). /// @param _metadata The IPFS hash of the new metadata object. function setMetadata(bytes calldata _metadata) external; /// @notice Emitted when the DAO metadata is updated. /// @param metadata The IPFS hash of the new metadata object. event MetadataSet(bytes metadata); /// @notice Emitted when a standard callback is registered. /// @param interfaceId The ID of the interface. /// @param callbackSelector The selector of the callback function. /// @param magicNumber The magic number to be registered for the callback function selector. event StandardCallbackRegistered( bytes4 interfaceId, bytes4 callbackSelector, bytes4 magicNumber ); /// @notice Deposits (native) tokens to the DAO contract with a reference string. /// @param _token The address of the token or address(0) in case of the native token. /// @param _amount The amount of tokens to deposit. /// @param _reference The reference describing the deposit reason. function deposit(address _token, uint256 _amount, string calldata _reference) external payable; /// @notice Emitted when a token deposit has been made to the DAO. /// @param sender The address of the sender. /// @param token The address of the deposited token. /// @param amount The amount of tokens deposited. /// @param _reference The reference describing the deposit reason. event Deposited( address indexed sender, address indexed token, uint256 amount, string _reference ); /// @notice Emitted when a native token deposit has been made to the DAO. /// @dev This event is intended to be emitted in the `receive` function and is therefore bound by the gas limitations for `send`/`transfer` calls introduced by [ERC-2929](https://eips.ethereum.org/EIPS/eip-2929). /// @param sender The address of the sender. /// @param amount The amount of native tokens deposited. event NativeTokenDeposited(address sender, uint256 amount); /// @notice Setter for the trusted forwarder verifying the meta transaction. /// @param _trustedForwarder The trusted forwarder address. function setTrustedForwarder(address _trustedForwarder) external; /// @notice Getter for the trusted forwarder verifying the meta transaction. /// @return The trusted forwarder address. function getTrustedForwarder() external view returns (address); /// @notice Emitted when a new TrustedForwarder is set on the DAO. /// @param forwarder the new forwarder address. event TrustedForwarderSet(address forwarder); /// @notice Checks whether a signature is valid for a provided hash according to [ERC-1271](https://eips.ethereum.org/EIPS/eip-1271). /// @param _hash The hash of the data to be signed. /// @param _signature The signature byte array associated with `_hash`. /// @return Returns the `bytes4` magic value `0x1626ba7e` if the signature is valid and `0xffffffff` if not. function isValidSignature(bytes32 _hash, bytes memory _signature) external returns (bytes4); /// @notice Registers an ERC standard having a callback by registering its [ERC-165](https://eips.ethereum.org/EIPS/eip-165) interface ID and callback function signature. /// @param _interfaceId The ID of the interface. /// @param _callbackSelector The selector of the callback function. /// @param _magicNumber The magic number to be registered for the function signature. function registerStandardCallback( bytes4 _interfaceId, bytes4 _callbackSelector, bytes4 _magicNumber ) external; /// @notice Removed function being left here to not corrupt the IDAO interface ID. Any call will revert. /// @dev Introduced in v1.0.0. Removed in v1.4.0. function setSignatureValidator(address) external; }
// SPDX-License-Identifier: AGPL-3.0-or-later pragma solidity ^0.8.8; /// @title CallbackHandler /// @author Aragon X - 2022-2023 /// @notice This contract handles callbacks by registering a magic number together with the callback function's selector. It provides the `_handleCallback` function that inheriting contracts have to call inside their `fallback()` function (`_handleCallback(msg.callbackSelector, msg.data)`). This allows to adaptively register ERC standards (e.g., [ERC-721](https://eips.ethereum.org/EIPS/eip-721), [ERC-1115](https://eips.ethereum.org/EIPS/eip-1155), or future versions of [ERC-165](https://eips.ethereum.org/EIPS/eip-165)) and returning the required magic numbers for the associated callback functions for the inheriting contract so that it doesn't need to be upgraded. /// @dev This callback handling functionality is intended to be used by executor contracts (i.e., `DAO.sol`). /// @custom:security-contact [email protected] abstract contract CallbackHandler { /// @notice A mapping between callback function selectors and magic return numbers. mapping(bytes4 => bytes4) internal callbackMagicNumbers; /// @notice The magic number refering to unregistered callbacks. bytes4 internal constant UNREGISTERED_CALLBACK = bytes4(0); /// @notice Thrown if the callback function is not registered. /// @param callbackSelector The selector of the callback function. /// @param magicNumber The magic number to be registered for the callback function selector. error UnknownCallback(bytes4 callbackSelector, bytes4 magicNumber); /// @notice Emitted when `_handleCallback` is called. /// @param sender Who called the callback. /// @param sig The function signature. /// @param data The calldata. event CallbackReceived(address sender, bytes4 indexed sig, bytes data); /// @notice Handles callbacks to adaptively support ERC standards. /// @dev This function is supposed to be called via `_handleCallback(msg.sig, msg.data)` in the `fallback()` function of the inheriting contract. /// @param _callbackSelector The function selector of the callback function. /// @param _data The calldata. /// @return The magic number registered for the function selector triggering the fallback. function _handleCallback( bytes4 _callbackSelector, bytes memory _data ) internal virtual returns (bytes4) { bytes4 magicNumber = callbackMagicNumbers[_callbackSelector]; if (magicNumber == UNREGISTERED_CALLBACK) { revert UnknownCallback({callbackSelector: _callbackSelector, magicNumber: magicNumber}); } emit CallbackReceived({sender: msg.sender, sig: _callbackSelector, data: _data}); return magicNumber; } /// @notice Registers a magic number for a callback function selector. /// @param _callbackSelector The selector of the callback function. /// @param _magicNumber The magic number to be registered for the callback function selector. function _registerCallback(bytes4 _callbackSelector, bytes4 _magicNumber) internal virtual { callbackMagicNumbers[_callbackSelector] = _magicNumber; } /// @notice This empty reserved space is put in place to allow future versions to add new variables without shifting down storage in the inheritance chain (see [OpenZeppelin's guide about storage gaps](https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps)). uint256[49] private __gap; }
// SPDX-License-Identifier: AGPL-3.0-or-later pragma solidity ^0.8.8; /// @title EIP-4824 Common Interfaces for DAOs /// @dev See https://eips.ethereum.org/EIPS/eip-4824 /// @author Aragon X - 2021-2023 /// @custom:security-contact [email protected] interface IEIP4824 { /// @notice A distinct Uniform Resource Identifier (URI) pointing to a JSON object following the "EIP-4824 DAO JSON-LD Schema". This JSON file splits into four URIs: membersURI, proposalsURI, activityLogURI, and governanceURI. The membersURI should point to a JSON file that conforms to the "EIP-4824 Members JSON-LD Schema". The proposalsURI should point to a JSON file that conforms to the "EIP-4824 Proposals JSON-LD Schema". The activityLogURI should point to a JSON file that conforms to the "EIP-4824 Activity Log JSON-LD Schema". The governanceURI should point to a flatfile, normatively a .md file. Each of the JSON files named above can be statically hosted or dynamically-generated. /// @return _daoURI The DAO URI. function daoURI() external view returns (string memory _daoURI); }
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/introspection/ERC165.sol)
pragma solidity ^0.8.0;
import "./IERC165.sol";
/**
* @dev Implementation of the {IERC165} interface.
*
* Contracts that want to implement ERC165 should inherit from this contract and override {supportsInterface} to check
* for the additional interface id that will be supported. For example:
*
* ```solidity
* function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
* return interfaceId == type(MyInterface).interfaceId || super.supportsInterface(interfaceId);
* }
* ```
*
* Alternatively, {ERC165Storage} provides an easier to use but more expensive implementation.
*/
abstract contract ERC165 is IERC165 {
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return interfaceId == type(IERC165).interfaceId;
}
}// SPDX-License-Identifier: AGPL-3.0-or-later
pragma solidity ^0.8.8;
import {ProtocolVersion} from "@aragon/osx-commons-contracts/src/utils/versioning/ProtocolVersion.sol";
import {IDAO} from "@aragon/osx-commons-contracts/src/dao/IDAO.sol";
import {ENSSubdomainRegistrar} from "../utils/ens/ENSSubdomainRegistrar.sol";
import {InterfaceBasedRegistry} from "../utils/InterfaceBasedRegistry.sol";
import {isSubdomainValid} from "../utils/RegistryUtils.sol";
/// @title Register your unique DAO subdomain
/// @author Aragon X - 2022-2023
/// @notice This contract provides the possibility to register a DAO.
/// @custom:security-contact [email protected]
contract DAORegistry is InterfaceBasedRegistry, ProtocolVersion {
/// @notice The ID of the permission required to call the `register` function.
bytes32 public constant REGISTER_DAO_PERMISSION_ID = keccak256("REGISTER_DAO_PERMISSION");
/// @notice The ENS subdomain registrar registering the DAO subdomains.
ENSSubdomainRegistrar public subdomainRegistrar;
/// @notice Thrown if the DAO subdomain doesn't match the regex `[0-9a-z\-]`
error InvalidDaoSubdomain(string subdomain);
/// @notice Thrown if the subdomain is present, but registrar is address(0).
error ENSNotSupported();
/// @notice Emitted when a new DAO is registered.
/// @param dao The address of the DAO contract.
/// @param creator The address of the creator.
/// @param subdomain The DAO subdomain.
event DAORegistered(address indexed dao, address indexed creator, string subdomain);
/// @dev Used to disallow initializing the implementation contract by an attacker for extra safety.
/// @custom:oz-upgrades-unsafe-allow constructor
constructor() {
_disableInitializers();
}
/// @notice Initializes the contract.
/// @param _managingDao the managing DAO address.
/// @param _subdomainRegistrar The `ENSSubdomainRegistrar` where `ENS` subdomain will be registered.
function initialize(
IDAO _managingDao,
ENSSubdomainRegistrar _subdomainRegistrar
) external initializer {
__InterfaceBasedRegistry_init(_managingDao, type(IDAO).interfaceId);
subdomainRegistrar = _subdomainRegistrar;
}
/// @notice Registers a DAO by its address. If a non-empty subdomain name is provided that is not taken already, the DAO becomes the owner of the ENS name.
/// @dev A subdomain is unique within the Aragon DAO framework and can get stored here.
/// @param dao The address of the DAO contract.
/// @param creator The address of the creator.
/// @param subdomain The DAO subdomain.
function register(
IDAO dao,
address creator,
string calldata subdomain
) external auth(REGISTER_DAO_PERMISSION_ID) {
address daoAddr = address(dao);
_register(daoAddr);
if ((bytes(subdomain).length > 0)) {
if (address(subdomainRegistrar) == address(0)) {
revert ENSNotSupported();
}
if (!isSubdomainValid(subdomain)) {
revert InvalidDaoSubdomain({subdomain: subdomain});
}
bytes32 labelhash = keccak256(bytes(subdomain));
subdomainRegistrar.registerSubnode(labelhash, daoAddr);
}
emit DAORegistered(daoAddr, creator, subdomain);
}
/// @notice This empty reserved space is put in place to allow future versions to add new variables without shifting down storage in the inheritance chain (see [OpenZeppelin's guide about storage gaps](https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps)).
uint256[49] private __gap;
}/// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
interface IGauge {
/// @param metadataURI URI for the metadata of the gauge
struct Gauge {
bool active;
uint256 created; // timestamp or epoch
string metadataURI;
// more space for data as this is a struct in a mapping
}
}
/*///////////////////////////////////////////////////////////////
Gauge Manager
//////////////////////////////////////////////////////////////*/
interface IGaugeManagerEvents {
event GaugeCreated(address indexed gauge, address indexed creator, string metadataURI);
event GaugeDeactivated(address indexed gauge);
event GaugeActivated(address indexed gauge);
event GaugeMetadataUpdated(address indexed gauge, string metadataURI);
}
interface IGaugeManagerErrors {
error ZeroGauge();
error GaugeActivationUnchanged();
error GaugeExists();
}
interface IGaugeManager is IGaugeManagerEvents, IGaugeManagerErrors {
function isActive(address gauge) external view returns (bool);
function createGauge(address _gauge, string calldata _metadata) external returns (address);
function deactivateGauge(address _gauge) external;
function activateGauge(address _gauge) external;
function updateGaugeMetadata(address _gauge, string calldata _metadata) external;
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (proxy/Clones.sol)
pragma solidity ^0.8.0;
/**
* @dev https://eips.ethereum.org/EIPS/eip-1167[EIP 1167] is a standard for
* deploying minimal proxy contracts, also known as "clones".
*
* > To simply and cheaply clone contract functionality in an immutable way, this standard specifies
* > a minimal bytecode implementation that delegates all calls to a known, fixed address.
*
* The library includes functions to deploy a proxy using either `create` (traditional deployment) or `create2`
* (salted deterministic deployment). It also includes functions to predict the addresses of clones deployed using the
* deterministic method.
*
* _Available since v3.4._
*/
library Clones {
/**
* @dev Deploys and returns the address of a clone that mimics the behaviour of `implementation`.
*
* This function uses the create opcode, which should never revert.
*/
function clone(address implementation) internal returns (address instance) {
/// @solidity memory-safe-assembly
assembly {
// Cleans the upper 96 bits of the `implementation` word, then packs the first 3 bytes
// of the `implementation` address with the bytecode before the address.
mstore(0x00, or(shr(0xe8, shl(0x60, implementation)), 0x3d602d80600a3d3981f3363d3d373d3d3d363d73000000))
// Packs the remaining 17 bytes of `implementation` with the bytecode after the address.
mstore(0x20, or(shl(0x78, implementation), 0x5af43d82803e903d91602b57fd5bf3))
instance := create(0, 0x09, 0x37)
}
require(instance != address(0), "ERC1167: create failed");
}
/**
* @dev Deploys and returns the address of a clone that mimics the behaviour of `implementation`.
*
* This function uses the create2 opcode and a `salt` to deterministically deploy
* the clone. Using the same `implementation` and `salt` multiple time will revert, since
* the clones cannot be deployed twice at the same address.
*/
function cloneDeterministic(address implementation, bytes32 salt) internal returns (address instance) {
/// @solidity memory-safe-assembly
assembly {
// Cleans the upper 96 bits of the `implementation` word, then packs the first 3 bytes
// of the `implementation` address with the bytecode before the address.
mstore(0x00, or(shr(0xe8, shl(0x60, implementation)), 0x3d602d80600a3d3981f3363d3d373d3d3d363d73000000))
// Packs the remaining 17 bytes of `implementation` with the bytecode after the address.
mstore(0x20, or(shl(0x78, implementation), 0x5af43d82803e903d91602b57fd5bf3))
instance := create2(0, 0x09, 0x37, salt)
}
require(instance != address(0), "ERC1167: create2 failed");
}
/**
* @dev Computes the address of a clone deployed using {Clones-cloneDeterministic}.
*/
function predictDeterministicAddress(
address implementation,
bytes32 salt,
address deployer
) internal pure returns (address predicted) {
/// @solidity memory-safe-assembly
assembly {
let ptr := mload(0x40)
mstore(add(ptr, 0x38), deployer)
mstore(add(ptr, 0x24), 0x5af43d82803e903d91602b57fd5bf3ff)
mstore(add(ptr, 0x14), implementation)
mstore(ptr, 0x3d602d80600a3d3981f3363d3d373d3d3d363d73)
mstore(add(ptr, 0x58), salt)
mstore(add(ptr, 0x78), keccak256(add(ptr, 0x0c), 0x37))
predicted := keccak256(add(ptr, 0x43), 0x55)
}
}
/**
* @dev Computes the address of a clone deployed using {Clones-cloneDeterministic}.
*/
function predictDeterministicAddress(
address implementation,
bytes32 salt
) internal view returns (address predicted) {
return predictDeterministicAddress(implementation, salt, address(this));
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)
pragma solidity ^0.8.1;
/**
* @dev Collection of functions related to the address type
*/
library Address {
/**
* @dev Returns true if `account` is a contract.
*
* [IMPORTANT]
* ====
* It is unsafe to assume that an address for which this function returns
* false is an externally-owned account (EOA) and not a contract.
*
* Among others, `isContract` will return false for the following
* types of addresses:
*
* - an externally-owned account
* - a contract in construction
* - an address where a contract will be created
* - an address where a contract lived, but was destroyed
*
* Furthermore, `isContract` will also return true if the target contract within
* the same transaction is already scheduled for destruction by `SELFDESTRUCT`,
* which only has an effect at the end of a transaction.
* ====
*
* [IMPORTANT]
* ====
* You shouldn't rely on `isContract` to protect against flash loan attacks!
*
* Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
* like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
* constructor.
* ====
*/
function isContract(address account) internal view returns (bool) {
// This method relies on extcodesize/address.code.length, which returns 0
// for contracts in construction, since the code is only stored at the end
// of the constructor execution.
return account.code.length > 0;
}
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
require(address(this).balance >= amount, "Address: insufficient balance");
(bool success, ) = recipient.call{value: amount}("");
require(success, "Address: unable to send value, recipient may have reverted");
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason, it is bubbled up by this
* function (like regular Solidity function calls).
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*
* _Available since v3.1._
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, "Address: low-level call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
* `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*
* _Available since v3.1._
*/
function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
}
/**
* @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
* with `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value,
string memory errorMessage
) internal returns (bytes memory) {
require(address(this).balance >= value, "Address: insufficient balance for call");
(bool success, bytes memory returndata) = target.call{value: value}(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
return functionStaticCall(target, data, "Address: low-level static call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(
address target,
bytes memory data,
string memory errorMessage
) internal view returns (bytes memory) {
(bool success, bytes memory returndata) = target.staticcall(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
return functionDelegateCall(target, data, "Address: low-level delegate call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
(bool success, bytes memory returndata) = target.delegatecall(data);
return verifyCallResultFromTarget(target, success, returndata, errorMessage);
}
/**
* @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling
* the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.
*
* _Available since v4.8._
*/
function verifyCallResultFromTarget(
address target,
bool success,
bytes memory returndata,
string memory errorMessage
) internal view returns (bytes memory) {
if (success) {
if (returndata.length == 0) {
// only check isContract if the call was successful and the return data is empty
// otherwise we already know that it was a contract
require(isContract(target), "Address: call to non-contract");
}
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
/**
* @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the
* revert reason or using the provided one.
*
* _Available since v4.3._
*/
function verifyCallResult(
bool success,
bytes memory returndata,
string memory errorMessage
) internal pure returns (bytes memory) {
if (success) {
return returndata;
} else {
_revert(returndata, errorMessage);
}
}
function _revert(bytes memory returndata, string memory errorMessage) private pure {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly
/// @solidity memory-safe-assembly
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert(errorMessage);
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/introspection/ERC165Checker.sol)
pragma solidity ^0.8.0;
import "./IERC165.sol";
/**
* @dev Library used to query support of an interface declared via {IERC165}.
*
* Note that these functions return the actual result of the query: they do not
* `revert` if an interface is not supported. It is up to the caller to decide
* what to do in these cases.
*/
library ERC165Checker {
// As per the EIP-165 spec, no interface should ever match 0xffffffff
bytes4 private constant _INTERFACE_ID_INVALID = 0xffffffff;
/**
* @dev Returns true if `account` supports the {IERC165} interface.
*/
function supportsERC165(address account) internal view returns (bool) {
// Any contract that implements ERC165 must explicitly indicate support of
// InterfaceId_ERC165 and explicitly indicate non-support of InterfaceId_Invalid
return
supportsERC165InterfaceUnchecked(account, type(IERC165).interfaceId) &&
!supportsERC165InterfaceUnchecked(account, _INTERFACE_ID_INVALID);
}
/**
* @dev Returns true if `account` supports the interface defined by
* `interfaceId`. Support for {IERC165} itself is queried automatically.
*
* See {IERC165-supportsInterface}.
*/
function supportsInterface(address account, bytes4 interfaceId) internal view returns (bool) {
// query support of both ERC165 as per the spec and support of _interfaceId
return supportsERC165(account) && supportsERC165InterfaceUnchecked(account, interfaceId);
}
/**
* @dev Returns a boolean array where each value corresponds to the
* interfaces passed in and whether they're supported or not. This allows
* you to batch check interfaces for a contract where your expectation
* is that some interfaces may not be supported.
*
* See {IERC165-supportsInterface}.
*
* _Available since v3.4._
*/
function getSupportedInterfaces(
address account,
bytes4[] memory interfaceIds
) internal view returns (bool[] memory) {
// an array of booleans corresponding to interfaceIds and whether they're supported or not
bool[] memory interfaceIdsSupported = new bool[](interfaceIds.length);
// query support of ERC165 itself
if (supportsERC165(account)) {
// query support of each interface in interfaceIds
for (uint256 i = 0; i < interfaceIds.length; i++) {
interfaceIdsSupported[i] = supportsERC165InterfaceUnchecked(account, interfaceIds[i]);
}
}
return interfaceIdsSupported;
}
/**
* @dev Returns true if `account` supports all the interfaces defined in
* `interfaceIds`. Support for {IERC165} itself is queried automatically.
*
* Batch-querying can lead to gas savings by skipping repeated checks for
* {IERC165} support.
*
* See {IERC165-supportsInterface}.
*/
function supportsAllInterfaces(address account, bytes4[] memory interfaceIds) internal view returns (bool) {
// query support of ERC165 itself
if (!supportsERC165(account)) {
return false;
}
// query support of each interface in interfaceIds
for (uint256 i = 0; i < interfaceIds.length; i++) {
if (!supportsERC165InterfaceUnchecked(account, interfaceIds[i])) {
return false;
}
}
// all interfaces supported
return true;
}
/**
* @notice Query if a contract implements an interface, does not check ERC165 support
* @param account The address of the contract to query for support of an interface
* @param interfaceId The interface identifier, as specified in ERC-165
* @return true if the contract at account indicates support of the interface with
* identifier interfaceId, false otherwise
* @dev Assumes that account contains a contract that supports ERC165, otherwise
* the behavior of this method is undefined. This precondition can be checked
* with {supportsERC165}.
*
* Some precompiled contracts will falsely indicate support for a given interface, so caution
* should be exercised when using this function.
*
* Interface identification is specified in ERC-165.
*/
function supportsERC165InterfaceUnchecked(address account, bytes4 interfaceId) internal view returns (bool) {
// prepare call
bytes memory encodedParams = abi.encodeWithSelector(IERC165.supportsInterface.selector, interfaceId);
// perform static call
bool success;
uint256 returnSize;
uint256 returnValue;
assembly {
success := staticcall(30000, account, add(encodedParams, 0x20), mload(encodedParams), 0x00, 0x20)
returnSize := returndatasize()
returnValue := mload(0x00)
}
return success && returnSize >= 0x20 && returnValue > 0;
}
}// SPDX-License-Identifier: AGPL-3.0-or-later
pragma solidity ^0.8.8;
import {Action} from "../../../executors/IExecutor.sol";
/// @title IProposal
/// @author Aragon X - 2022-2024
/// @notice An interface to be implemented by DAO plugins that create and execute proposals.
/// @custom:security-contact [email protected]
interface IProposal {
/// @notice Emitted when a proposal is created.
/// @param proposalId The ID of the proposal.
/// @param creator The creator of the proposal.
/// @param startDate The start date of the proposal in seconds.
/// @param endDate The end date of the proposal in seconds.
/// @param metadata The metadata of the proposal.
/// @param actions The actions that will be executed if the proposal passes.
/// @param allowFailureMap A bitmap allowing the proposal to succeed, even if individual actions might revert.
/// If the bit at index `i` is 1, the proposal succeeds even if the `i`th action reverts.
/// A failure map value of 0 requires every action to not revert.
event ProposalCreated(
uint256 indexed proposalId,
address indexed creator,
uint64 startDate,
uint64 endDate,
bytes metadata,
Action[] actions,
uint256 allowFailureMap
);
/// @notice Emitted when a proposal is executed.
/// @param proposalId The ID of the proposal.
event ProposalExecuted(uint256 indexed proposalId);
/// @notice Creates a new proposal.
/// @param _metadata The metadata of the proposal.
/// @param _actions The actions that will be executed after the proposal passes.
/// @param _startDate The start date of the proposal.
/// @param _endDate The end date of the proposal.
/// @param _data The additional abi-encoded data to include more necessary fields.
/// @return proposalId The id of the proposal.
function createProposal(
bytes memory _metadata,
Action[] memory _actions,
uint64 _startDate,
uint64 _endDate,
bytes memory _data
) external returns (uint256 proposalId);
/// @notice Whether proposal succeeded or not.
/// @dev Note that this must not include time window checks and only make a decision based on the thresholds.
/// @param _proposalId The id of the proposal.
/// @return Returns if proposal has been succeeded or not without including time window checks.
function hasSucceeded(uint256 _proposalId) external view returns (bool);
/// @notice Executes a proposal.
/// @param _proposalId The ID of the proposal to be executed.
function execute(uint256 _proposalId) external;
/// @notice Checks if a proposal can be executed.
/// @param _proposalId The ID of the proposal to be checked.
/// @return True if the proposal can be executed, false otherwise.
function canExecute(uint256 _proposalId) external view returns (bool);
/// @notice The human-readable abi format for extra params included in `data` of `createProposal`.
/// @dev Used for UI to easily detect what extra params the contract expects.
/// @return ABI of params in `data` of `createProposal`.
function customProposalParamsABI() external view returns (string memory);
/// @notice Returns the proposal count which determines the next proposal ID.
/// @dev This function is deprecated but remains in the interface for backward compatibility.
/// It now reverts to prevent ambiguity.
/// @return The proposal count.
function proposalCount() external view returns (uint256);
}/// SPDX-License-Identifier: MIT
pragma solidity ^0.8.17;
import {ERC1967Proxy} from "@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol";
import {Clones} from "@openzeppelin/contracts/proxy/Clones.sol";
import {Address} from "@openzeppelin/contracts/utils/Address.sol";
/// @title ProxyLib
/// @author Aragon X - 2024
/// @notice A library containing methods for the deployment of proxies via the UUPS pattern (see [ERC-1822](https://eips.ethereum.org/EIPS/eip-1822)) and minimal proxy pattern (see [ERC-1167](https://eips.ethereum.org/EIPS/eip-1167)).
/// @custom:security-contact [email protected]
library ProxyLib {
using Address for address;
using Clones for address;
/// @notice Creates an [ERC-1967](https://eips.ethereum.org/EIPS/eip-1967) UUPS proxy contract pointing to a logic contract and allows to immediately initialize it.
/// @param _logic The logic contract the proxy is pointing to.
/// @param _initCalldata The initialization data for this contract.
/// @return uupsProxy The address of the UUPS proxy contract created.
/// @dev If `_initCalldata` is non-empty, it is used in a delegate call to the `_logic` contract. This will typically be an encoded function call initializing the storage of the proxy (see [OpenZeppelin ERC1967Proxy-constructor](https://docs.openzeppelin.com/contracts/4.x/api/proxy#ERC1967Proxy-constructor-address-bytes-)).
function deployUUPSProxy(
address _logic,
bytes memory _initCalldata
) internal returns (address uupsProxy) {
uupsProxy = address(new ERC1967Proxy({_logic: _logic, _data: _initCalldata}));
}
/// @notice Creates an [ERC-1167](https://eips.ethereum.org/EIPS/eip-1167) minimal proxy contract, also known as clones, pointing to a logic contract and allows to immediately initialize it.
/// @param _logic The logic contract the proxy is pointing to.
/// @param _initCalldata The initialization data for this contract.
/// @return minimalProxy The address of the minimal proxy contract created.
/// @dev If `_initCalldata` is non-empty, it is used in a call to the clone contract. This will typically be an encoded function call initializing the storage of the contract.
function deployMinimalProxy(
address _logic,
bytes memory _initCalldata
) internal returns (address minimalProxy) {
minimalProxy = _logic.clone();
if (_initCalldata.length > 0) {
minimalProxy.functionCall({data: _initCalldata});
}
}
}// SPDX-License-Identifier: AGPL-3.0-or-later
pragma solidity ^0.8.8;
import {ERC165} from "@openzeppelin/contracts/utils/introspection/ERC165.sol";
import {IProtocolVersion} from "../../utils/versioning/IProtocolVersion.sol";
import {ProtocolVersion} from "../../utils/versioning/ProtocolVersion.sol";
import {IPluginSetup} from "./IPluginSetup.sol";
/// @title PluginSetup
/// @author Aragon X - 2022-2024
/// @notice An abstract contract to inherit from to implement the plugin setup for non-upgradeable plugins, i.e,
/// - `Plugin` being deployed via the `new` keyword
/// - `PluginCloneable` being deployed via the minimal proxy pattern (see [ERC-1167](https://eips.ethereum.org/EIPS/eip-1167)).
/// @custom:security-contact [email protected]
abstract contract PluginSetup is ERC165, IPluginSetup, ProtocolVersion {
/// @notice The address of the plugin implementation contract for initial block explorer verification and, in the case of `PluginClonable` implementations, to create [ERC-1167](https://eips.ethereum.org/EIPS/eip-1167) clones from.
address internal immutable IMPLEMENTATION;
/// @notice Thrown when attempting to prepare an update on a non-upgradeable plugin.
error NonUpgradeablePlugin();
/// @notice The contract constructor, that setting the plugin implementation contract.
/// @param _implementation The address of the plugin implementation contract.
constructor(address _implementation) {
IMPLEMENTATION = _implementation;
}
/// @inheritdoc IPluginSetup
/// @dev Since the underlying plugin is non-upgradeable, this non-virtual function must always revert.
function prepareUpdate(
address _dao,
uint16 _fromBuild,
SetupPayload calldata _payload
) external returns (bytes memory, PreparedSetupData memory) {
(_dao, _fromBuild, _payload);
revert NonUpgradeablePlugin();
}
/// @notice Checks if this or the parent contract supports an interface by its ID.
/// @param _interfaceId The ID of the interface.
/// @return Returns `true` if the interface is supported.
function supportsInterface(bytes4 _interfaceId) public view virtual override returns (bool) {
return
_interfaceId == type(IPluginSetup).interfaceId ||
_interfaceId == type(IProtocolVersion).interfaceId ||
super.supportsInterface(_interfaceId);
}
/// @inheritdoc IPluginSetup
function implementation() public view returns (address) {
return IMPLEMENTATION;
}
}/// SPDX-License-Identifier: MIT
pragma solidity ^0.8.17;
import {IDAO} from "@aragon/osx-commons-contracts/src/dao/IDAO.sol";
import {IClockUser, IClockV1_2_0 as IClock} from "@clock/IClock_v1_2_0.sol";
import {IAddressGaugeVoter} from "./IAddressGaugeVoter.sol";
import {ReentrancyGuardUpgradeable as ReentrancyGuard} from
"@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol";
import {PausableUpgradeable as Pausable} from "@openzeppelin/contracts-upgradeable/security/PausableUpgradeable.sol";
import {IVotesUpgradeable as IVotes} from "@openzeppelin/contracts-upgradeable/governance/utils/IVotesUpgradeable.sol";
import {PluginUUPSUpgradeable} from "@aragon/osx-commons-contracts/src/plugin/PluginUUPSUpgradeable.sol";
contract AddressGaugeVoter is IAddressGaugeVoter, IClockUser, ReentrancyGuard, Pausable, PluginUUPSUpgradeable {
/// @notice The Gauge admin can can create and manage voting gauges for token holders
bytes32 public constant GAUGE_ADMIN_ROLE = keccak256("GAUGE_ADMIN");
/// @notice Address of the voting escrow contract that will track voting power
address public escrow;
/// @notice Clock contract for epoch duration
address public clock;
/// @notice epoch => The total votes that have accumulated in this contract
mapping(uint256 => uint256) public epochTotalVotingPowerCast;
/// @notice enumerable list of all gauges that can be voted on
address[] public gaugeList;
/// @notice address => gauge data
mapping(address => Gauge) public gauges;
/// @notice epoch => gauge => total votes (global)
mapping(uint256 => mapping(address => uint256)) public epochGaugeVotes;
/// @dev epoch => address => AddressVoteData
mapping(uint256 => mapping(address => AddressVoteData)) internal epochVoteData;
/// @notice Delegation mapper contract
address public ivotesAdapter;
/// @notice Activate updateVotingPower hook
/// @dev This is used to update the voting power of the sender and receiver
/// when the delegation mapper is set.
/// If the delegation mapper is not set, or the hook is not activated,
/// then the voting power will not be updated automatically.
bool public enableUpdateVotingPowerHook;
/*///////////////////////////////////////////////////////////////
Initialization
//////////////////////////////////////////////////////////////*/
constructor() {
_disableInitializers();
}
function initialize(
address _dao,
address _escrow,
bool _startPaused,
address _clock,
address _ivotesAdapter,
bool _enableUpdateVotingPowerHook
) external initializer {
__PluginUUPSUpgradeable_init(IDAO(_dao));
__ReentrancyGuard_init();
__Pausable_init();
escrow = _escrow;
clock = _clock;
ivotesAdapter = _ivotesAdapter;
enableUpdateVotingPowerHook = _enableUpdateVotingPowerHook;
if (_startPaused) _pause();
}
/*///////////////////////////////////////////////////////////////
Modifiers
//////////////////////////////////////////////////////////////*/
function pause() external auth(GAUGE_ADMIN_ROLE) {
_pause();
}
function unpause() external auth(GAUGE_ADMIN_ROLE) {
_unpause();
}
modifier whenVotingActive() {
if (!votingActive()) revert VotingInactive();
_;
}
modifier onlyEscrow() {
if (msg.sender != escrow) revert OnlyEscrow();
_;
}
/*///////////////////////////////////////////////////////////////
Voting
//////////////////////////////////////////////////////////////*/
function vote(GaugeVote[] calldata _votes) public nonReentrant whenNotPaused whenVotingActive {
address account = msg.sender;
_vote(account, _votes);
}
/**
* @dev If `enableUpdateVotingPowerHook` is false, It's assumed that token contract does/can NOT call
* `updateVotingPower` during transfers This can happen if the token is already deployed and non-upgradeable,
* or for other design limitations. In such cases, relying on `getVotes(_account)` (which reflects live balance)
* instead of `getPastVotes(...)` (which snapshots voting power at a fixed time) can lead
* to critical vulnerabilities, including double voting.
*
* Example of the issue:
* - Ts 100: Epoch begins, voting window opens.
* - Ts 110: Alice has 1000 votes.
* - Ts 120: Alice votes for Gauge A with all 1000.
* - Ts 130: Alice transfers tokens to Bob, but `updateVotingPower` is NOT triggered.
* - Ts 140: Bob now votes for Gauge B using the same 1000 tokens.
*
* Result: The same 1000 tokens were used to vote for *two* gauges in the same epoch — a double spend.
*
* To prevent this, we use `getPastVotes(_account, currentEpochStart())`, which ensures voting power is fixed at epoch start.
* Even if a transfer happens mid-epoch, the recipient (e.g., Bob) cannot vote in that epoch because their `getPastVotes(...)`
* will return 0.
*
* Note: Once a new epoch starts, Bob *can* vote with the transferred tokens, but this is safe.
* Since gauge vote tracking is scoped per-epoch, votes from Alice in epoch 11 and from Bob in epoch 12 are kept separate.
* Querying Gauge A’s votes in epoch 12 will correctly return 1000, not 2000 — avoiding any vote inflation.
*/
function _vote(address _account, GaugeVote[] memory _votes) internal {
uint256 votingPower = enableUpdateVotingPowerHook
? IVotes(ivotesAdapter).getVotes(_account)
: IVotes(ivotesAdapter).getPastVotes(_account, currentEpochStart());
if (votingPower == 0) revert NoVotingPower();
uint256 numVotes = _votes.length;
if (numVotes == 0) revert NoVotes();
// clear any existing votes
if (isVoting(_account)) _reset(_account);
uint256 epoch = getWriteEpochId();
// voting power continues to increase over the voting epoch.
// this means you can revote later in the epoch to increase votes.
// while not a huge problem, it's worth noting that when rewards are fully
// on chain, this could be a vector for gaming.
AddressVoteData storage voteData = epochVoteData[epoch][_account];
uint256 totalWeight = _getTotalWeight(_votes);
// this is technically redundant as checks below will revert div by zero
// but it's clearer to the caller if we revert here
if (totalWeight == 0) revert NoVotes();
// iterate over votes and distribute weight
for (uint256 i = 0; i < numVotes; i++) {
GaugeVote memory currentVote = _votes[i];
_safeCastVote(currentVote, epoch, _account, votingPower, totalWeight, voteData);
}
voteData.usedVotingPower = votingPower;
// setting the last voted also has the second-order effect of indicating the user has voted
voteData.lastVoted = block.timestamp;
}
function _safeCastVote(
GaugeVote memory _currentVote,
uint256 _epoch,
address _account,
uint256 _votingPower,
uint256 _totalWeights,
AddressVoteData storage _voteData
) internal returns (uint256) {
// the gauge must exist and be active,
// it also can't have any votes or we haven't reset properly
if (!gaugeExists(_currentVote.gauge)) revert GaugeDoesNotExist(_currentVote.gauge);
if (!isActive(_currentVote.gauge)) revert GaugeInactive(_currentVote.gauge);
// prevent double voting
if (_voteData.voteWeights[_currentVote.gauge] != 0) revert DoubleVote();
// calculate the weight for this gauge
// No votes can happen with extreme weight discrepancies and/or small
// voting power, in which case caller should adjust weights accordingly
uint256 normWeight = _normalizedWeight(_currentVote.weight, _totalWeights);
if (normWeight == 0) revert NoVotes();
return _castVote(_currentVote.gauge, _epoch, _account, _votingPower, normWeight, _voteData);
}
/// @notice Cast the vote of an tokenId to a specific gauge
/// @dev This function doesn't do any safety checks and it's up to caller to do validations.
/// If you wish to have validations, see `_safeCastVote`.
/// @dev _voteWeight must be normalized to 1e36 precision.
function _castVote(
address _gauge,
uint256 _epoch,
address _account,
uint256 _votingPower,
uint256 _voteWeight,
AddressVoteData storage _voteData
) internal returns (uint256) {
uint256 _votes = _votesForGauge(_voteWeight, _votingPower);
// record the vote for the token
_voteData.gaugesVotedFor.push(_gauge);
_voteData.voteWeights[_gauge] += _voteWeight;
// update the total weights accruing to this gauge
epochGaugeVotes[_epoch][_gauge] += _votes;
epochTotalVotingPowerCast[_epoch] += _votes;
emit Voted({
voter: _account,
gauge: _gauge,
epoch: epochId(),
votingPowerCastForGauge: _votes,
totalVotingPowerInGauge: epochGaugeVotes[_epoch][_gauge],
totalVotingPowerInContract: epochTotalVotingPowerCast[_epoch],
timestamp: block.timestamp
});
return _votes;
}
function reset() external nonReentrant whenNotPaused whenVotingActive {
if (!isVoting(msg.sender)) revert NotCurrentlyVoting();
_reset(msg.sender);
}
function _reset(address _account) internal {
uint256 epoch = getWriteEpochId();
AddressVoteData storage voteData = epochVoteData[epoch][_account];
address[] storage pastVotes = voteData.gaugesVotedFor;
// iterate over all the gauges voted for and reset the votes
for (uint256 i = 0; i < pastVotes.length; i++) {
address gauge = pastVotes[i];
uint256 _voteWeight = voteData.voteWeights[gauge];
uint256 _votes = _votesForGauge(_voteWeight, voteData.usedVotingPower);
// remove from the total globals
epochGaugeVotes[epoch][gauge] -= _votes;
epochTotalVotingPowerCast[epoch] -= _votes;
delete voteData.voteWeights[gauge];
emit Reset({
voter: _account,
gauge: gauge,
epoch: epochId(),
votingPowerRemovedFromGauge: _votes,
totalVotingPowerInGauge: epochGaugeVotes[epoch][gauge],
totalVotingPowerInContract: epochTotalVotingPowerCast[epoch],
timestamp: block.timestamp
});
}
// reset the global state variables we don't need
voteData.usedVotingPower = 0;
voteData.lastVoted = 0;
voteData.gaugesVotedFor = new address[](0);
}
function _updateVotingPower(address _account) internal {
if (!enableUpdateVotingPowerHook) revert UpdateVotingPowerHookNotEnabled();
// Skip as `_account` hasn't voted so no need to update it.
if (!isVoting(_account)) return;
uint256 epoch = getWriteEpochId();
AddressVoteData storage voteData = epochVoteData[epoch][_account];
// In case no pastVotes exist for an account,
// skip as there's nothing to update.
address[] storage pastVotes = voteData.gaugesVotedFor;
if (pastVotes.length == 0) return;
uint256 votingPower = IVotes(ivotesAdapter).getVotes(_account);
// After the voting window closes, votes shouldn't be auto-recast via _updateVotingPower.
// But if a user loses voting power (e.g., had 100, now 0),
// gauges must reflect this drop to avoid overstated voting power.
// If a user's voting power increases (e.g., 100 → 150),
// we *don't* auto-recast—doing so would inflate gauge power post-window.
// So: decrease → auto-adjust gauges; increase → ignored
// unless user manually votes when window reopens.
if (voteData.usedVotingPower < votingPower) return;
GaugeVote[] memory newVoteData = new GaugeVote[](pastVotes.length);
// cast new votes again.
for (uint256 i = 0; i < pastVotes.length; i++) {
address gauge = pastVotes[i];
uint256 _votes = voteData.voteWeights[gauge];
newVoteData[i] = GaugeVote(_votes, gauge);
}
// Note that even if votingPower is 0, this still records.
uint256 totalWeight = _getTotalWeight(newVoteData);
// Reset all votes of `_account` to zero.
_reset(_account);
// Re-cast the votes with the new voting power.
for (uint256 i = 0; i < newVoteData.length; i++) {
_castVote(
newVoteData[i].gauge,
epoch,
_account,
votingPower,
_normalizedWeight(newVoteData[i].weight, totalWeight),
voteData
);
}
voteData.usedVotingPower = votingPower;
voteData.lastVoted = block.timestamp;
}
function updateVotingPower(address _from, address _to) external onlyEscrow {
// update the voting power of the sender
_updateVotingPower(_from);
// This means that account's delegate is itself,
// so it's enough to only update votes once.
if (_from == _to) return;
// update the voting power of the receiver
_updateVotingPower(_to);
}
function _getTotalWeight(GaugeVote[] memory _votes) internal view virtual returns (uint256) {
uint256 total = 0;
for (uint256 i = 0; i < _votes.length; i++) {
total += _votes[i].weight;
}
return total;
}
/// @dev Scales weights as percentage of total weight and then to 1e36 precision
function _normalizedWeight(uint256 _weight, uint256 _totalWeight) internal view virtual returns (uint256) {
return (_weight * 1e36) / _totalWeight;
}
/// @dev Calculates the votes for a gauge based on weight and voting power.
/// We assume the weight is already normalized to 1e36 precision.
function _votesForGauge(uint256 _weight, uint256 _votingPower) internal view virtual returns (uint256) {
return (_weight * _votingPower) / 1e36;
}
/// @notice This function is used to get the epoch id in the case of delegation mapper
/// does not exist or the hook is not activated.
function getWriteEpochId() public view returns (uint256) {
return enableUpdateVotingPowerHook ? 0 : epochId();
}
/*///////////////////////////////////////////////////////////////
Gauge Management
//////////////////////////////////////////////////////////////*/
function gaugeExists(address _gauge) public view returns (bool) {
// this doesn't revert if you create multiple gauges at genesis
// but that's not a practical concern
return gauges[_gauge].created > 0;
}
function isActive(address _gauge) public view returns (bool) {
return gauges[_gauge].active;
}
function createGauge(address _gauge, string calldata _metadataURI) external nonReentrant returns (address gauge) {
if (_gauge == address(0)) revert ZeroGauge();
if (gaugeExists(_gauge)) revert GaugeExists();
gauges[_gauge] = Gauge(true, block.timestamp, _metadataURI);
gaugeList.push(_gauge);
emit GaugeCreated(_gauge, msg.sender, _metadataURI);
return _gauge;
}
function deactivateGauge(address _gauge) external auth(GAUGE_ADMIN_ROLE) {
if (!gaugeExists(_gauge)) revert GaugeDoesNotExist(_gauge);
if (!isActive(_gauge)) revert GaugeActivationUnchanged();
gauges[_gauge].active = false;
emit GaugeDeactivated(_gauge);
}
function activateGauge(address _gauge) external auth(GAUGE_ADMIN_ROLE) {
if (!gaugeExists(_gauge)) revert GaugeDoesNotExist(_gauge);
if (isActive(_gauge)) revert GaugeActivationUnchanged();
gauges[_gauge].active = true;
emit GaugeActivated(_gauge);
}
function updateGaugeMetadata(address _gauge, string calldata _metadataURI) external auth(GAUGE_ADMIN_ROLE) {
if (!gaugeExists(_gauge)) revert GaugeDoesNotExist(_gauge);
gauges[_gauge].metadataURI = _metadataURI;
emit GaugeMetadataUpdated(_gauge, _metadataURI);
}
/*///////////////////////////////////////////////////////////////
Setters
//////////////////////////////////////////////////////////////*/
function setEnableUpdateVotingPowerHook(bool _enableUpdateVotingPowerHook) external auth(GAUGE_ADMIN_ROLE) {
enableUpdateVotingPowerHook = _enableUpdateVotingPowerHook;
}
function setIVotesAdapter(address _ivotesAdapter) external {
ivotesAdapter = _ivotesAdapter;
}
/*///////////////////////////////////////////////////////////////
Getters: Epochs & Time
//////////////////////////////////////////////////////////////*/
/// @notice autogenerated epoch id based on elapsed time
function epochId() public view returns (uint256) {
return IClock(clock).currentEpoch();
}
/// @notice whether voting is active in the current epoch
function votingActive() public view returns (bool) {
return IClock(clock).votingActive();
}
/// @notice timestamp of the start of the next epoch
function currentEpochStart() public view returns (uint256) {
return IClock(clock).epochStartTs() - IClock(clock).epochDuration();
}
/// @notice timestamp of the start of the next epoch
function epochStart() external view returns (uint256) {
return IClock(clock).epochStartTs();
}
/// @notice timestamp of the start of the next voting period
function epochVoteStart() external view returns (uint256) {
return IClock(clock).epochVoteStartTs();
}
/// @notice timestamp of the end of the current voting period
function epochVoteEnd() external view returns (uint256) {
return IClock(clock).epochVoteEndTs();
}
/*///////////////////////////////////////////////////////////////
Getters: Mappings
//////////////////////////////////////////////////////////////*/
function getGauge(address _gauge) external view returns (Gauge memory) {
return gauges[_gauge];
}
function getAllGauges() external view returns (address[] memory) {
return gaugeList;
}
function isVoting(address _address) public view returns (bool) {
uint256 epoch = getWriteEpochId();
return epochVoteData[epoch][_address].lastVoted > 0;
}
function votes(address _address, address _gauge) external view returns (uint256) {
uint256 epoch = getWriteEpochId();
return _votesForGauge(
epochVoteData[epoch][_address].voteWeights[_gauge], epochVoteData[epoch][_address].usedVotingPower
);
}
function gaugesVotedFor(address _address) external view returns (address[] memory) {
uint256 epoch = getWriteEpochId();
return epochVoteData[epoch][_address].gaugesVotedFor;
}
function usedVotingPower(address _address) external view returns (uint256) {
uint256 epoch = getWriteEpochId();
return epochVoteData[epoch][_address].usedVotingPower;
}
function totalVotingPowerCast() public view returns (uint256) {
uint256 epoch = getWriteEpochId();
return epochTotalVotingPowerCast[epoch];
}
function gaugeVotes(address _address) public view returns (uint256) {
uint256 epoch = getWriteEpochId();
return epochGaugeVotes[epoch][_address];
}
/// @dev Consumer's responsibility to ensure that `_epoch` exists.
function gaugeVotes(uint256 _epoch, address _address) public view returns (uint256) {
return epochGaugeVotes[_epoch][_address];
}
/// @dev Reserved storage space to allow for layout changes in the future.
uint256[42] private __gap;
}/// SPDX-License-Identifier: MIT
pragma solidity ^0.8.17;
// token interfaces
import {
IERC20Upgradeable as IERC20
} from "@openzeppelin/contracts-upgradeable/token/ERC20/IERC20Upgradeable.sol";
import {
IERC20MetadataUpgradeable as IERC20Metadata
} from "@openzeppelin/contracts-upgradeable/token/ERC20/extensions/IERC20MetadataUpgradeable.sol";
import {IERC721EnumerableMintableBurnable as IERC721EMB} from "@lock/IERC721EMB.sol";
// veGovernance
import {IDAO} from "@aragon/osx-commons-contracts/src/dao/IDAO.sol";
import {IAddressGaugeVoter} from "@voting/IAddressGaugeVoter.sol";
import {
IEscrowCurveIncreasingV1_2_0 as IEscrowCurve
} from "@curve/IEscrowCurveIncreasing_v1_2_0.sol";
import {IExitQueue} from "@queue/IExitQueue.sol";
import {
IVotingEscrowIncreasingV1_2_0 as IVotingEscrow,
IVotingEscrowExiting,
IMerge,
ISplit,
IDelegateMoveVoteCaller
} from "@escrow/IVotingEscrowIncreasing_v1_2_0.sol";
import {IClockV1_2_0 as IClock} from "@clock/IClock_v1_2_0.sol";
// libraries
import {
SafeERC20Upgradeable as SafeERC20
} from "@openzeppelin/contracts-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol";
import {
SafeCastUpgradeable as SafeCast
} from "@openzeppelin/contracts-upgradeable/utils/math/SafeCastUpgradeable.sol";
// parents
import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
import {
ReentrancyGuardUpgradeable as ReentrancyGuard
} from "@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol";
import {
PausableUpgradeable as Pausable
} from "@openzeppelin/contracts-upgradeable/security/PausableUpgradeable.sol";
import {
DaoAuthorizableUpgradeable as DaoAuthorizable
} from "@aragon/osx-commons-contracts/src/permission/auth/DaoAuthorizableUpgradeable.sol";
import {
IDelegateUpdateVotingPower,
IEscrowIVotesAdapter,
IDelegateMoveVoteRecipient
} from "../delegation/IEscrowIVotesAdapter.sol";
contract VotingEscrowV1_2_0 is
IVotingEscrow,
ReentrancyGuard,
Pausable,
DaoAuthorizable,
UUPSUpgradeable
{
using SafeERC20 for IERC20;
using SafeCast for uint256;
/// @notice Role required to manage the Escrow curve, this typically will be the DAO
bytes32 public constant ESCROW_ADMIN_ROLE = keccak256("ESCROW_ADMIN");
/// @notice Role required to pause the contract - can be given to emergency contracts
bytes32 public constant PAUSER_ROLE = keccak256("PAUSER");
/// @notice Role required to withdraw underlying tokens from the contract
bytes32 public constant SWEEPER_ROLE = keccak256("SWEEPER");
/// @dev enables splits without whitelisting
address public constant SPLIT_WHITELIST_ANY_ADDRESS =
address(uint160(uint256(keccak256("SPLIT_WHITELIST_ANY_ADDRESS"))));
/*//////////////////////////////////////////////////////////////
NFT Data
//////////////////////////////////////////////////////////////*/
/// @notice Decimals of the voting power
uint8 public constant decimals = 18;
/// @notice Minimum deposit amount
uint256 public minDeposit;
/// @notice Auto-incrementing ID for the most recently created lock, does not decrease on withdrawal
uint256 public lastLockId;
/// @notice Total supply of underlying tokens deposited in the contract
uint256 public totalLocked;
/// @dev tracks the locked balance of each NFT
mapping(uint256 => LockedBalance) private _locked;
/*//////////////////////////////////////////////////////////////
Helper Contracts
//////////////////////////////////////////////////////////////*/
/// @notice Address of the underying ERC20 token.
/// @dev Only tokens with 18 decimals and no transfer fees are supported
address public token;
/// @notice Address of the gauge voting contract.
/// @dev We need to ensure votes are not left in this contract before allowing positing changes
address public voter;
/// @notice Address of the voting Escrow Curve contract that will calculate the voting power
address public curve;
/// @notice Address of the contract that manages exit queue logic for withdrawals
address public queue;
/// @notice Address of the clock contract that manages epoch and voting periods
address public clock;
/// @notice Address of the NFT contract that is the lock
address public lockNFT;
bool private _lockNFTSet;
/*//////////////////////////////////////////////////////////////
ADDED: in 1.2.0
//////////////////////////////////////////////////////////////*/
/// @notice Whitelisted contracts that are allowed to split
mapping(address => bool) public splitWhitelisted;
/// @notice Updates `to` token's timestamp if merge occurs from a token
/// whose creation lock occured in the same timestamp as current tx.
mapping(uint256 => uint256) internal mergeWithdrawalLock;
/// @notice Addess of the escrow ivotes adapter where delegations occur.
address public ivotesAdapter;
/*//////////////////////////////////////////////////////////////
Initialization
//////////////////////////////////////////////////////////////*/
/// @custom:oz-upgrades-unsafe-allow constructor
constructor() {
_disableInitializers();
}
function initialize(
address _token,
address _dao,
address _clock,
uint256 _initialMinDeposit
) external initializer {
__ReentrancyGuard_init();
__Pausable_init();
__DaoAuthorizableUpgradeable_init(IDAO(_dao));
if (IERC20Metadata(_token).decimals() != 18) revert MustBe18Decimals();
token = _token;
clock = _clock;
minDeposit = _initialMinDeposit;
emit MinDepositSet(_initialMinDeposit);
}
/// @notice Used to revert if admin tries to change the contract address 2nd time.
modifier contractAlreadySet(address _contract) {
if (_contract != address(0)) revert AddressAlreadySet();
_;
}
/*//////////////////////////////////////////////////////////////
Admin Setters
//////////////////////////////////////////////////////////////*/
/// @notice Added in 1.2.0 to set the ivotes adapter
function setIVotesAdapter(
address _ivotesAdapter
) external auth(ESCROW_ADMIN_ROLE) contractAlreadySet(ivotesAdapter) {
ivotesAdapter = _ivotesAdapter;
}
/// @notice Sets the curve contract that calculates the voting power
function setCurve(address _curve) external auth(ESCROW_ADMIN_ROLE) contractAlreadySet(curve) {
curve = _curve;
}
/// @notice Sets the voter contract that tracks votes
function setVoter(address _voter) external auth(ESCROW_ADMIN_ROLE) {
voter = _voter;
}
/// @notice Sets the exit queue contract that manages withdrawal eligibility
function setQueue(address _queue) external auth(ESCROW_ADMIN_ROLE) contractAlreadySet(queue) {
queue = _queue;
}
/// @notice Sets the clock contract that manages epoch and voting periods
function setClock(address _clock) external auth(ESCROW_ADMIN_ROLE) contractAlreadySet(clock) {
clock = _clock;
}
/// @notice Sets the NFT contract that is the lock
/// @dev By default this can only be set once due to the high risk of changing the lock
/// and having the ability to steal user funds.
function setLockNFT(address _nft) external auth(ESCROW_ADMIN_ROLE) {
if (_lockNFTSet) revert LockNFTAlreadySet();
lockNFT = _nft;
_lockNFTSet = true;
}
function pause() external auth(PAUSER_ROLE) {
_pause();
}
function unpause() external auth(PAUSER_ROLE) {
_unpause();
}
function setMinDeposit(uint256 _minDeposit) external auth(ESCROW_ADMIN_ROLE) {
minDeposit = _minDeposit;
emit MinDepositSet(_minDeposit);
}
/// @notice Split disabled by default, only whitelisted addresses can split.
function setEnableSplit(
address _account,
bool _isWhitelisted
) external auth(ESCROW_ADMIN_ROLE) {
splitWhitelisted[_account] = _isWhitelisted;
emit SplitWhitelistSet(_account, _isWhitelisted);
}
/// @notice Enable split to any address without whitelisting
function enableSplit() external auth(ESCROW_ADMIN_ROLE) {
splitWhitelisted[SPLIT_WHITELIST_ANY_ADDRESS] = true;
emit SplitWhitelistSet(SPLIT_WHITELIST_ANY_ADDRESS, true);
}
/// @notice Return true if any address is whitelisted or an `_account`.
function canSplit(address _account) public view virtual returns (bool) {
// Only allow split to whitelisted accounts.
return splitWhitelisted[SPLIT_WHITELIST_ANY_ADDRESS] || splitWhitelisted[_account];
}
/*//////////////////////////////////////////////////////////////
Getters: ERC721 Functions
//////////////////////////////////////////////////////////////*/
function isApprovedOrOwner(address _spender, uint256 _tokenId) public view returns (bool) {
return IERC721EMB(lockNFT).isApprovedOrOwner(_spender, _tokenId);
}
/// @notice Fetch all NFTs owned by an address by leveraging the ERC721Enumerable interface
/// @param _owner Address to query
/// @return tokenIds Array of token IDs owned by the address
function ownedTokens(address _owner) public view returns (uint256[] memory tokenIds) {
IERC721EMB enumerable = IERC721EMB(lockNFT);
uint256 balance = enumerable.balanceOf(_owner);
uint256[] memory tokens = new uint256[](balance);
for (uint256 i = 0; i < balance; i++) {
tokens[i] = enumerable.tokenOfOwnerByIndex(_owner, i);
}
return tokens;
}
/*///////////////////////////////////////////////////////////////
Getters: Voting
//////////////////////////////////////////////////////////////*/
/// @return The voting power of the NFT at the current block
function votingPower(uint256 _tokenId) public view returns (uint256) {
return votingPowerAt(_tokenId, block.timestamp);
}
/// @return The voting power of the NFT at a specific timestamp
function votingPowerAt(uint256 _tokenId, uint256 _t) public view returns (uint256) {
return IEscrowCurve(curve).votingPowerAt(_tokenId, _t);
}
/// @return The total voting power at the current block
function totalVotingPower() external view returns (uint256) {
return totalVotingPowerAt(block.timestamp);
}
/// @return The total voting power at a specific timestamp
function totalVotingPowerAt(uint256 _timestamp) public view returns (uint256) {
return IEscrowCurve(curve).supplyAt(_timestamp);
}
/// @return The details of the underlying lock for a given veNFT
function locked(uint256 _tokenId) public view returns (LockedBalance memory) {
return _locked[_tokenId];
}
/// @return accountVotingPower The voting power of an account at the current block
/// @dev We cannot do historic voting power at this time because we don't current track
/// histories of token transfers.
function votingPowerForAccount(
address _account
) external view returns (uint256 accountVotingPower) {
uint256[] memory tokens = ownedTokens(_account);
for (uint256 i = 0; i < tokens.length; i++) {
accountVotingPower += votingPowerAt(tokens[i], block.timestamp);
}
}
/// @notice Checks if the NFT is currently voting. We require the user to reset their votes if so.
function isVoting(uint256 _tokenId) public view returns (bool) {
// If token doesn't exist, it reverts.
address owner = IERC721EMB(lockNFT).ownerOf(_tokenId);
// If token is not delegated, delegatee wouldn't exist, so we return false.
bool isTokenDelegated = IEscrowIVotesAdapter(ivotesAdapter).tokenIsDelegated(_tokenId);
if (!isTokenDelegated) return false;
// If token is delegated, it will always have a delegatee.
address delegatee = IEscrowIVotesAdapter(ivotesAdapter).delegates(owner);
return IAddressGaugeVoter(voter).isVoting(delegatee);
}
/*//////////////////////////////////////////////////////////////
ESCROW LOGIC
//////////////////////////////////////////////////////////////*/
function createLock(uint256 _value) external nonReentrant whenNotPaused returns (uint256) {
return _createLockFor(_value, _msgSender());
}
/// @notice Creates a lock on behalf of someone else. Restricted by default.
function createLockFor(
uint256 _value,
address _to
) external nonReentrant whenNotPaused returns (uint256) {
return _createLockFor(_value, _to);
}
/// @dev Deposit `_value` tokens for `_to` starting at next deposit interval
/// @param _value Amount to deposit
/// @param _to Address to deposit
function _createLockFor(uint256 _value, address _to) internal returns (uint256) {
if (_value == 0) revert ZeroAmount();
if (_value < minDeposit) revert AmountTooSmall();
// query the duration lib to get the next time we can deposit
uint256 startTime = IClock(clock).epochPrevCheckpointTs();
// increment the total locked supply and get the new tokenId
totalLocked += _value;
uint256 newTokenId = ++lastLockId;
// write the lock and checkpoint the voting power
LockedBalance memory lock = LockedBalance(_value.toUint208(), startTime.toUint48());
_locked[newTokenId] = lock;
// we don't allow edits in this implementation, so only the new lock is used
_checkpoint(newTokenId, LockedBalance(0, 0), lock);
uint256 balanceBefore = IERC20(token).balanceOf(address(this));
// transfer the tokens into the contract
IERC20(token).safeTransferFrom(_msgSender(), address(this), _value);
// we currently don't support tokens that adjust balances on transfer
if (IERC20(token).balanceOf(address(this)) != balanceBefore + _value)
revert TransferBalanceIncorrect();
// Update `_to`'s delegate power.
_moveDelegateVotes(address(0), _to, newTokenId, lock);
// mint the NFT before and emit the event to complete the lock
IERC721EMB(lockNFT).mint(_to, newTokenId);
emit Deposit(_to, newTokenId, startTime, _value, totalLocked);
return newTokenId;
}
/// @inheritdoc IMerge
function merge(uint256 _from, uint256 _to) public whenNotPaused {
address sender = _msgSender();
if (_from == _to) revert SameNFT();
address ownerFrom = IERC721EMB(lockNFT).ownerOf(_from);
address ownerTo = IERC721EMB(lockNFT).ownerOf(_to);
// Both nfts must have the same owner.
if (ownerFrom != ownerTo) revert NotSameOwner();
// sender can either be approved or owner.
if (!isApprovedOrOwner(sender, _from) || !isApprovedOrOwner(sender, _to)) {
revert NotApprovedOrOwner();
}
LockedBalance memory oldLockedFrom = _locked[_from];
LockedBalance memory oldLockedTo = _locked[_to];
if (!canMerge(oldLockedFrom, oldLockedTo)) {
revert CannotMerge(_from, _to);
}
// If `_from` was created in this block, or if another token was merged into `_from` in this block,
// record the current timestamp for `_to` so that withdrawals for it are blocked in the same block.
IEscrowCurve.TokenPoint memory point = IEscrowCurve(curve).tokenPointHistory(_from, 1);
if (point.writtenTs == block.timestamp || mergeWithdrawalLock[_from] == block.timestamp) {
mergeWithdrawalLock[_to] = block.timestamp;
}
// We only allow merge when both tokens have the same owner.
// After the merge, owner still should have the same voting power
// as one token gets merged into another. For this reason,
// We call `_moveDelegateVotes` with empty locked, so it doesn't
// reduce/increase the same voting power for gas efficiency.
IEscrowIVotesAdapter(ivotesAdapter).mergeDelegateVotes(
IDelegateMoveVoteRecipient.TokenLock(ownerFrom, _from, oldLockedFrom),
IDelegateMoveVoteRecipient.TokenLock(ownerFrom, _to, oldLockedTo)
);
// Update for `_from`.
// Note that on the checkpoint, we still don't
// remove `start` for historical reasons.
IERC721EMB(lockNFT).burn(_from);
_locked[_from] = LockedBalance(0, 0);
_checkpoint(_from, oldLockedFrom, LockedBalance(0, oldLockedFrom.start));
// update for `_to`.
uint208 newLockedAmount = oldLockedFrom.amount + oldLockedTo.amount;
_checkpoint(_to, oldLockedTo, LockedBalance(newLockedAmount, oldLockedTo.start));
_locked[_to] = LockedBalance(newLockedAmount, oldLockedTo.start);
emit Merged(sender, _from, _to, oldLockedFrom.amount, oldLockedTo.amount, newLockedAmount);
}
/// @inheritdoc IMerge
function canMerge(
LockedBalance memory _fromLocked,
LockedBalance memory _toLocked
) public view returns (bool) {
uint256 maxTime = IEscrowCurve(curve).maxTime();
uint256 fromLockedEnd = _fromLocked.start + maxTime;
uint256 toLockedEnd = _toLocked.start + maxTime;
// Tokens either must have the same start dates or both must be mature.
if (
(_toLocked.start != _fromLocked.start) &&
(toLockedEnd >= block.timestamp || fromLockedEnd >= block.timestamp)
) {
return false;
}
return true;
}
/// @inheritdoc ISplit
function split(uint256 _from, uint256 _value) public whenNotPaused returns (uint256) {
if (_value == 0) revert ZeroAmount();
address sender = _msgSender();
// For some erc721, `ownerOf` reverts and for some,
// it returns address(0). For safety, if it doesn't revert,
// we also check if it's not address(0).
address owner = IERC721EMB(lockNFT).ownerOf(_from);
if (owner == address(0)) revert NoOwner();
if (!canSplit(owner)) revert SplitNotWhitelisted();
// Sender must either be approved or the owner.
if (!isApprovedOrOwner(sender, _from)) revert NotApprovedOrOwner();
LockedBalance memory locked_ = _locked[_from];
if (locked_.amount <= _value) revert SplitAmountTooBig();
// Ensure that amounts of new tokens will be greater than `minDeposit`.
uint208 amount1 = locked_.amount - _value.toUint208();
uint208 amount2 = _value.toUint208();
if (amount1 < minDeposit || amount2 < minDeposit) {
revert AmountTooSmall();
}
// update for `_from`.
_checkpoint(_from, locked_, LockedBalance(amount1, locked_.start));
_locked[_from] = LockedBalance(amount1, locked_.start);
uint256 newTokenId = ++lastLockId;
// owner gets minted a new tokenId. Since `split` function
// just splits the same amount into two tokenIds, there's no need
// to update voting power on ivotesAdapter, as total doesn't change.
// We still call `_moveDelegateVotes` with zero LockedBalance to
// make sure we update delegatee's token count due to newtokenId.
IEscrowIVotesAdapter(ivotesAdapter).splitDelegateVotes(
IDelegateMoveVoteRecipient.TokenLock(owner, _from, LockedBalance(0, 0)),
IDelegateMoveVoteRecipient.TokenLock(owner, newTokenId, LockedBalance(0, 0))
);
// update for `newTokenId`.
locked_.amount = amount2;
_createSplitNFT(owner, newTokenId, locked_);
emit Split(_from, newTokenId, sender, amount1, amount2);
return newTokenId;
}
/// @notice creates a new token in checkpoint and mint.
/// @param _to The address to which new token id will be minted
/// @param _tokenId The id of the token that will be minted.
/// @param _newLocked New locked amount / start lock time for the new token
function _createSplitNFT(
address _to,
uint256 _tokenId,
LockedBalance memory _newLocked
) private {
_locked[_tokenId] = _newLocked;
_checkpoint(_tokenId, LockedBalance(0, 0), _newLocked);
IERC721EMB(lockNFT).mint(_to, _tokenId);
}
/// @notice Record per-user data to checkpoints. Used by VotingEscrow system.
/// @param _tokenId NFT token ID.
/// @dev Old locked balance is unused in the increasing case, at least in this implementation.
/// @param _fromLocked New locked amount / start lock time for the user
/// @param _newLocked New locked amount / start lock time for the user
function _checkpoint(
uint256 _tokenId,
LockedBalance memory _fromLocked,
LockedBalance memory _newLocked
) private {
IEscrowCurve(curve).checkpoint(_tokenId, _fromLocked, _newLocked);
}
/*//////////////////////////////////////////////////////////////
Exit and Withdraw Logic
//////////////////////////////////////////////////////////////*/
/// @inheritdoc IVotingEscrowExiting
function currentExitingAmount() public view returns (uint256 total) {
IERC721EMB enumerable = IERC721EMB(lockNFT);
uint256 balance = enumerable.balanceOf(address(this));
for (uint256 i = 0; i < balance; i++) {
uint256 tokenId = enumerable.tokenOfOwnerByIndex(address(this), i);
total += locked(tokenId).amount;
}
}
/// @notice Resets the votes and begins the withdrawal process for a given tokenId
/// @dev Convenience function, the user must have authorized this contract to act on their behalf.
/// For backwards compatibility, even though `reset` call to gauge voter has been removed,
/// we still keep the function with the same name.
function resetVotesAndBeginWithdrawal(uint256 _tokenId) external whenNotPaused {
beginWithdrawal(_tokenId);
}
/// @notice Enters a tokenId into the withdrawal queue by transferring to this contract and creating a ticket.
/// @param _tokenId The tokenId to begin withdrawal for. Will be transferred to this contract before burning.
/// @dev The user must not have active votes in the voter contract.
function beginWithdrawal(uint256 _tokenId) public nonReentrant whenNotPaused {
// in the event of an increasing curve, 0 voting power means voting isn't active
if (votingPower(_tokenId) == 0) revert CannotExit();
// Safety checks:
// 1. Prevent creating a lock and starting withdrawal in the same block.
// 2. Prevent withdrawals if another token created in the same block
// was merged into `_tokenId`. Even though `_tokenId` itself was
// created in a previous block, the merged portion is "fresh" and
// would still be withdrawable without restriction.
IEscrowCurve.TokenPoint memory point = IEscrowCurve(curve).tokenPointHistory(_tokenId, 1);
if (
block.timestamp == point.writtenTs || block.timestamp == mergeWithdrawalLock[_tokenId]
) {
revert CannotWithdrawInSameBlock();
}
address owner = IERC721EMB(lockNFT).ownerOf(_tokenId);
// we can remove the user's voting power as it's no longer locked
LockedBalance memory locked_ = _locked[_tokenId];
_checkpoint(_tokenId, locked_, LockedBalance(0, locked_.start));
// transfer NFT to this and queue the exit
IERC721EMB(lockNFT).transferFrom(_msgSender(), address(this), _tokenId);
IExitQueue(queue).queueExit(_tokenId, owner);
}
/// @notice Allows cancellation of a pending withdrawal request
/// @dev The caller must be one that also called `beginWithdrawal`.
/// @param _tokenId The tokenId to cancel the withdrawal request for.
function cancelWithdrawalRequest(uint256 _tokenId) public nonReentrant whenNotPaused {
address owner = IExitQueue(queue).ticketHolder(_tokenId);
address sender = _msgSender();
if (owner != sender) {
revert NotTicketHolder();
}
_checkpoint(_tokenId, LockedBalance(0, _locked[_tokenId].start), _locked[_tokenId]);
IExitQueue(queue).cancelExit(_tokenId);
IERC721EMB(lockNFT).transferFrom(address(this), sender, _tokenId);
}
/// @notice Withdraws tokens from the contract
function withdraw(uint256 _tokenId) external nonReentrant whenNotPaused {
address sender = _msgSender();
// we force the sender to be the ticket holder
if (!(IExitQueue(queue).ticketHolder(_tokenId) == sender)) revert NotTicketHolder();
// check that this ticket can exit
if (!(IExitQueue(queue).canExit(_tokenId))) revert CannotExit();
LockedBalance memory oldLocked = _locked[_tokenId];
uint256 value = oldLocked.amount;
// check for fees to be transferred
// do this before clearing the lock or it will be incorrect
uint256 fee = IExitQueue(queue).exit(_tokenId);
if (fee > 0) {
IERC20(token).safeTransfer(address(queue), fee);
}
// clear out the token data
_locked[_tokenId] = LockedBalance(0, 0);
totalLocked -= value;
// Burn the NFT and transfer the tokens to the user
IERC721EMB(lockNFT).burn(_tokenId);
IERC20(token).safeTransfer(sender, value - fee);
emit Withdraw(sender, _tokenId, value - fee, block.timestamp, totalLocked);
}
/// @notice withdraw excess tokens from the contract - possibly by accident
function sweep() external nonReentrant auth(SWEEPER_ROLE) {
// if there are extra tokens in the contract
// balance will be greater than the total locked
uint balance = IERC20(token).balanceOf(address(this));
uint excess = balance - totalLocked;
// if there isn't revert the tx
if (excess == 0) revert NothingToSweep();
// if there is, send them to the caller
IERC20(token).safeTransfer(_msgSender(), excess);
emit Sweep(_msgSender(), excess);
}
/// @notice the sweeper can send NFTs mistakenly sent to the contract to a designated address
/// @param _tokenId the tokenId to sweep - must be currently in this contract
/// @param _to the address to send the NFT to - must be a whitelisted address for transfers
/// @dev Cannot sweep NFTs that are in the exit queue for obvious reasons
function sweepNFT(uint256 _tokenId, address _to) external nonReentrant auth(SWEEPER_ROLE) {
// if the token id is not in the contract, revert
if (IERC721EMB(lockNFT).ownerOf(_tokenId) != address(this)) revert NothingToSweep();
// if the token id is in the queue, we cannot sweep it
if (IExitQueue(queue).ticketHolder(_tokenId) != address(0)) revert CannotExit();
IERC721EMB(lockNFT).transferFrom(address(this), _to, _tokenId);
emit SweepNFT(_to, _tokenId);
}
/*//////////////////////////////////////////////////////////////
Moving Delegation Votes Logic
//////////////////////////////////////////////////////////////*/
/// @inheritdoc IDelegateMoveVoteCaller
function moveDelegateVotes(address _from, address _to, uint256 _tokenId) public whenNotPaused {
if (msg.sender != lockNFT) revert OnlyLockNFT();
LockedBalance memory locked_ = _locked[_tokenId];
_moveDelegateVotes(_from, _to, _tokenId, locked_);
}
function _moveDelegateVotes(
address _from,
address _to,
uint256 _tokenId,
LockedBalance memory _lockedBalance
) private {
IEscrowIVotesAdapter(ivotesAdapter).moveDelegateVotes(_from, _to, _tokenId, _lockedBalance);
}
function updateVotingPower(address _from, address _to) public whenNotPaused {
if (msg.sender != ivotesAdapter) revert OnlyIVotesAdapter();
IAddressGaugeVoter(voter).updateVotingPower(_from, _to);
}
/*///////////////////////////////////////////////////////////////
UUPS Upgrade
//////////////////////////////////////////////////////////////*/
/// @notice Returns the address of the implementation contract in the [proxy storage slot](https://eips.ethereum.org/EIPS/eip-1967) slot the [UUPS proxy](https://eips.ethereum.org/EIPS/eip-1822) is pointing to.
/// @return The address of the implementation contract.
function implementation() public view returns (address) {
return _getImplementation();
}
/// @notice Internal method authorizing the upgrade of the contract via the [upgradeability mechanism for UUPS proxies](https://docs.openzeppelin.com/contracts/4.x/api/proxy#UUPSUpgradeable) (see [ERC-1822](https://eips.ethereum.org/EIPS/eip-1822)).
function _authorizeUpgrade(address) internal virtual override auth(ESCROW_ADMIN_ROLE) {}
/// @dev Reserved storage space to allow for layout changes in the future.
/// Please note that the reserved slot number in previous version(39) was set
/// incorrectly as 39 instead of 40. Changing it to 40 now would overwrite existing slot values,
/// resulting in the loss of state. Therefore, we will continue using 37 in this version.
/// For future versions, any new variables should be added by subtracting from 37.
uint256[36] private __gap;
}/// SPDX-License-Identifier: MIT
pragma solidity ^0.8.17;
import {IDAO} from "@aragon/osx-commons-contracts/src/dao/IDAO.sol";
import {IDynamicExitQueue, IDynamicExitQueueFee} from "./IDynamicExitQueue.sol";
import {
IERC20Upgradeable as IERC20
} from "@openzeppelin/contracts-upgradeable/token/ERC20/IERC20Upgradeable.sol";
import {IVotingEscrowIncreasing as IVotingEscrow} from "@escrow/IVotingEscrowIncreasing.sol";
import {IClockUser, IClock} from "@clock/IClock.sol";
import {
SafeERC20Upgradeable as SafeERC20
} from "@openzeppelin/contracts-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol";
import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
import {
DaoAuthorizableUpgradeable as DaoAuthorizable
} from "@aragon/osx-commons-contracts/src/permission/auth/DaoAuthorizableUpgradeable.sol";
/// @title DynamicExitQueue
/// @notice Token IDs associated with an NFT are given a ticket when they are queued for exit.
/// After a cooldown period, the ticket holder can exit the NFT with dynamic fee calculations.
contract DynamicExitQueue is IDynamicExitQueue, IClockUser, DaoAuthorizable, UUPSUpgradeable {
using SafeERC20 for IERC20;
/// @notice role required to manage the exit queue
bytes32 public constant QUEUE_ADMIN_ROLE = keccak256("QUEUE_ADMIN");
/// @notice role required to withdraw tokens from the escrow contract
bytes32 public constant WITHDRAW_ROLE = keccak256("WITHDRAW_ROLE");
/// @dev 10_000 = 100%
uint16 private constant MAX_FEE_PERCENT = 10_000;
/// @dev 1e18 is used for internal precision in fee calculations
uint256 private constant INTERNAL_PRECISION = 1e18;
/// @notice the highest fee someone will pay on exit
uint256 public feePercent;
/// @notice address of the escrow contract
address public escrow;
/// @notice clock contract for epoch duration
address public clock;
/// @notice time in seconds between entering queue and exiting on optimal terms
uint48 public cooldown;
/// @notice minimum time from the original lock date before one can enter the queue
uint48 public minLock;
/// @notice tokenId => TicketV2
mapping(uint256 => TicketV2) internal _queue;
/*//////////////////////////////////////////////////////////////
Dynamic Fee Params
//////////////////////////////////////////////////////////////*/
/// @notice Minimum fee percent charged after full cooldown period
uint256 public minFeePercent;
/// @notice Minimum wait time before any exit is possible
uint48 public minCooldown;
/// @notice Fee decrease per second (basis points/second) during decay period
/// @dev Set to 0 when minCooldown == cooldown to prevent division by zero
uint256 internal _slope;
/*//////////////////////////////////////////////////////////////
Constructor
//////////////////////////////////////////////////////////////*/
constructor() {
_disableInitializers();
}
/// @param _escrow address of the escrow contract where tokens are stored
/// @param _cooldown time in seconds between exit and withdrawal
/// @param _dao address of the DAO that will be able to set the queue
function initialize(
address _escrow,
uint48 _cooldown,
address _dao,
uint256 _feePercent,
address _clock,
uint48 _minLock
) external initializer {
__DaoAuthorizableUpgradeable_init(IDAO(_dao));
escrow = _escrow;
clock = _clock;
_setMinLock(_minLock);
// Initialize with fixed fee system, no early exits
if (_feePercent > MAX_FEE_PERCENT) revert FeePercentTooHigh(MAX_FEE_PERCENT);
_setFixedExitFeePercent(_feePercent, _cooldown, false);
}
/*//////////////////////////////////////////////////////////////
Modifiers
//////////////////////////////////////////////////////////////*/
modifier onlyEscrow() {
if (msg.sender != escrow) revert OnlyEscrow();
_;
}
/*//////////////////////////////////////////////////////////////
Admin Functions
//////////////////////////////////////////////////////////////*/
/// @notice The exit queue manager can set the minimum lock time
function setMinLock(uint48 _minLock) external auth(QUEUE_ADMIN_ROLE) {
_setMinLock(_minLock);
}
function _setMinLock(uint48 _minLock) internal {
if (_minLock == 0) revert MinLockOutOfBounds();
minLock = _minLock;
emit MinLockSet(_minLock);
}
/// @inheritdoc IDynamicExitQueueFee
function setDynamicExitFeePercent(
uint256 _minFeePercent,
uint256 _maxFeePercent,
uint48 _cooldown,
uint48 _minCooldown
) external auth(QUEUE_ADMIN_ROLE) {
if (_minFeePercent > MAX_FEE_PERCENT || _maxFeePercent > MAX_FEE_PERCENT) {
revert FeePercentTooHigh(MAX_FEE_PERCENT);
}
if (_maxFeePercent <= _minFeePercent) revert InvalidFeeParameters();
// setting cooldown == minCooldown would imply a vertical slope
if (_cooldown <= _minCooldown) revert CooldownTooShort();
_setDynamicExitFeePercent(_minFeePercent, _maxFeePercent, _cooldown, _minCooldown);
}
/// @inheritdoc IDynamicExitQueueFee
function setTieredExitFeePercent(
uint256 _baseFeePercent,
uint256 _earlyFeePercent,
uint48 _cooldown,
uint48 _minCooldown
) external auth(QUEUE_ADMIN_ROLE) {
if (_baseFeePercent > MAX_FEE_PERCENT || _earlyFeePercent > MAX_FEE_PERCENT) {
revert FeePercentTooHigh(MAX_FEE_PERCENT);
}
if (_earlyFeePercent <= _baseFeePercent) revert InvalidFeeParameters();
if (_cooldown <= _minCooldown) revert CooldownTooShort();
_setTieredExitFeePercent(_baseFeePercent, _earlyFeePercent, _cooldown, _minCooldown);
}
/// @inheritdoc IDynamicExitQueueFee
function setFixedExitFeePercent(
uint256 _feePercent,
uint48 _cooldown,
bool _allowEarlyExit
) external auth(QUEUE_ADMIN_ROLE) {
if (_feePercent > MAX_FEE_PERCENT) revert FeePercentTooHigh(MAX_FEE_PERCENT);
_setFixedExitFeePercent(_feePercent, _cooldown, _allowEarlyExit);
}
function _setDynamicExitFeePercent(
uint256 _minFeePercent,
uint256 _maxFeePercent,
uint48 _cooldown,
uint48 _minCooldown
) internal {
feePercent = _maxFeePercent;
minFeePercent = _minFeePercent;
cooldown = _cooldown;
minCooldown = _minCooldown;
_slope = _computeSlope(_minFeePercent, _maxFeePercent, _cooldown, _minCooldown);
emit ExitFeePercentAdjusted(
_maxFeePercent,
_minFeePercent,
_minCooldown,
ExitFeeType.Dynamic
);
}
function _setTieredExitFeePercent(
uint256 _baseFeePercent,
uint256 _earlyFeePercent,
uint48 _cooldown,
uint48 _minCooldown
) internal {
feePercent = _earlyFeePercent;
minFeePercent = _baseFeePercent;
cooldown = _cooldown;
minCooldown = _minCooldown;
_slope = 0; // No decay in tiered system
emit ExitFeePercentAdjusted(
_earlyFeePercent,
_baseFeePercent,
_minCooldown,
ExitFeeType.Tiered
);
}
function _setFixedExitFeePercent(
uint256 _feePercent,
uint48 _cooldown,
bool _allowEarlyExit
) internal {
feePercent = _feePercent;
minFeePercent = _feePercent;
cooldown = _cooldown;
_slope = 0; // No decay in fixed system
// immediate or none
if (_allowEarlyExit) minCooldown = 0;
else minCooldown = _cooldown;
emit ExitFeePercentAdjusted(_feePercent, _feePercent, minCooldown, ExitFeeType.Fixed);
}
/*//////////////////////////////////////////////////////////////
SLOPE
//////////////////////////////////////////////////////////////*/
function _computeSlope(
uint256 _minFeePercent,
uint256 _maxFeePercent,
uint48 _cooldown,
uint48 _minCooldown
) internal pure returns (uint256) {
// Calculate slope in 1e18 scale for maximum precision
uint256 scaledMaxFee = (_maxFeePercent * INTERNAL_PRECISION) / MAX_FEE_PERCENT;
uint256 scaledMinFee = (_minFeePercent * INTERNAL_PRECISION) / MAX_FEE_PERCENT;
uint256 scaledFeeRange = scaledMaxFee - scaledMinFee;
uint256 timeRange = _cooldown - _minCooldown;
return scaledFeeRange / timeRange;
}
/*//////////////////////////////////////////////////////////////
WITHDRAWER
//////////////////////////////////////////////////////////////*/
/// @notice withdraw staked tokens sent as part of fee collection to the caller
/// @dev The caller must be authorized to withdraw by the DAO
function withdraw(uint256 _amount) external auth(WITHDRAW_ROLE) {
IERC20 underlying = IERC20(IVotingEscrow(escrow).token());
underlying.safeTransfer(msg.sender, _amount);
}
/*//////////////////////////////////////////////////////////////
Exit Logic
//////////////////////////////////////////////////////////////*/
/// @notice queue an exit for a given tokenId, granting the ticket to the passed holder
/// @param _tokenId the tokenId to queue an exit for
/// @param _ticketHolder the address that will be granted the ticket
/// @dev we don't check that the ticket holder is the caller
/// this is because the escrow contract is the only one that can queue an exit
/// and we leave that logic to the escrow contract
function queueExit(uint256 _tokenId, address _ticketHolder) external onlyEscrow {
if (_ticketHolder == address(0)) revert ZeroAddress();
if (_queue[_tokenId].holder != address(0)) revert AlreadyQueued();
// get time to min lock and revert if it hasn't been reached
uint48 minLockTime = timeToMinLock(_tokenId);
if (minLockTime > block.timestamp) {
revert MinLockNotReached(_tokenId, minLock, minLockTime);
}
uint48 queuedAt = uint48(block.timestamp);
_queue[_tokenId] = TicketV2(_ticketHolder, queuedAt);
emit ExitQueuedV2(_tokenId, _ticketHolder, queuedAt);
}
/// @notice Exits the queue for that tokenID.
/// @dev The holder is not checked. This is left up to the escrow contract to manage.
function exit(uint256 _tokenId) external onlyEscrow returns (uint256 fee) {
if (!canExit(_tokenId)) revert CannotExit();
// calculate fee before resetting ticket
fee = calculateFee(_tokenId);
// reset the ticket for that tokenId
_queue[_tokenId] = TicketV2(address(0), 0);
emit Exit(_tokenId, fee);
}
/// @notice Cancels the exit.
/// @dev The token must have a holder.
function cancelExit(uint256 _tokenId) external onlyEscrow {
TicketV2 memory ticket = _queue[_tokenId];
// This should never occur as escrow already checks this
// but for safety, still advisable to have this check.
if (ticket.holder == address(0)) {
revert CannotCancelExit();
}
_queue[_tokenId] = TicketV2(address(0), 0);
emit ExitCancelled(_tokenId, ticket.holder);
}
/// @notice Calculate the absolute fee amount for exiting a specific token
/// @param _tokenId The token ID to calculate fee for
/// @return Fee amount in underlying token units
function calculateFee(uint256 _tokenId) public view returns (uint256) {
TicketV2 memory ticket = _queue[_tokenId];
if (ticket.holder == address(0)) return 0;
uint256 underlyingBalance = IVotingEscrow(escrow).locked(_tokenId).amount;
if (underlyingBalance == 0) revert NoLockBalance();
uint256 timeElapsed = block.timestamp - ticket.queuedAt;
uint256 scaledFeePercent = _getScaledTimeBasedFee(timeElapsed);
return (underlyingBalance * scaledFeePercent) / INTERNAL_PRECISION;
}
/// @notice Internal function to get time-based fee in 1e18 scale
/// @param timeElapsed Time elapsed since ticket was queued
/// @return Fee percent in 1e18 scale (0 = 0%, 1e18 = 100%)
function _getScaledTimeBasedFee(uint256 timeElapsed) internal view returns (uint256) {
uint256 scaledMaxFee = (feePercent * INTERNAL_PRECISION) / MAX_FEE_PERCENT;
uint256 scaledMinFee = (minFeePercent * INTERNAL_PRECISION) / MAX_FEE_PERCENT;
// Fixed fee system (no decay, no tiers)
if (minFeePercent == feePercent) return scaledMaxFee;
// Tiered system (no slope) or fixed system
if (_slope == 0) {
return timeElapsed <= cooldown ? scaledMaxFee : scaledMinFee;
}
// Dynamic system (linear decay using stored slope)
if (timeElapsed <= minCooldown) return scaledMaxFee;
if (timeElapsed >= cooldown) return scaledMinFee;
// Calculate fee reduction using high-precision slope
uint256 timeInDecay = timeElapsed - minCooldown;
uint256 feeReduction = _slope * timeInDecay;
// Ensure we don't go below minimum fee
if (feeReduction >= (scaledMaxFee - scaledMinFee)) {
return scaledMinFee;
}
return scaledMaxFee - feeReduction;
}
/// @notice Calculate the exit fee percent for a given time elapsed
/// @param timeElapsed Time elapsed since ticket was queued
/// @return Fee percent in basis points
function getTimeBasedFee(uint256 timeElapsed) public view returns (uint256) {
uint256 scaledFee = _getScaledTimeBasedFee(timeElapsed);
return (scaledFee * MAX_FEE_PERCENT) / INTERNAL_PRECISION;
}
/*//////////////////////////////////////////////////////////////
View Functions
//////////////////////////////////////////////////////////////*/
/// @notice Check if a token has completed its full cooldown period (minimum fee applies)
/// @param _tokenId The token ID to check
/// @return True if full cooldown elapsed, false otherwise
function isCool(uint256 _tokenId) public view returns (bool) {
TicketV2 memory ticket = _queue[_tokenId];
if (ticket.holder == address(0)) return false;
return block.timestamp - ticket.queuedAt >= cooldown;
}
/// @return true if the tokenId corresponds to a valid ticket and the minimum cooldown period has passed
function canExit(uint256 _tokenId) public view returns (bool) {
TicketV2 memory ticket = _queue[_tokenId];
if (ticket.holder == address(0)) return false;
return block.timestamp - ticket.queuedAt >= minCooldown;
}
/// @return holder of a ticket for a given tokenId
function ticketHolder(uint256 _tokenId) external view returns (address) {
return _queue[_tokenId].holder;
}
function queue(uint256 _tokenId) external view override returns (TicketV2 memory) {
return _queue[_tokenId];
}
function timeToMinLock(uint256 _tokenId) public view returns (uint48) {
uint48 lockStart = IVotingEscrow(escrow).locked(_tokenId).start;
return lockStart + minLock;
}
/*///////////////////////////////////////////////////////////////
UUPS Upgrade
//////////////////////////////////////////////////////////////*/
/// @notice Returns the address of the implementation contract in the [proxy storage slot](https://eips.ethereum.org/EIPS/eip-1967) slot the [UUPS proxy](https://eips.ethereum.org/EIPS/eip-1822) is pointing to.
/// @return The address of the implementation contract.
function implementation() public view returns (address) {
return _getImplementation();
}
/// @notice Internal method authorizing the upgrade of the contract via the [upgradeability mechanism for UUPS proxies](https://docs.openzeppelin.com/contracts/4.x/api/proxy#UUPSUpgradeable) (see [ERC-1822](https://eips.ethereum.org/EIPS/eip-1822)).
function _authorizeUpgrade(address) internal virtual override auth(QUEUE_ADMIN_ROLE) {}
/// @dev Reserved storage space to allow for layout changes in the future.
uint256[42] private __gap; // Reduced to account for new state variables
}/// SPDX-License-Identifier: MIT
pragma solidity ^0.8.17;
// interfaces
import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import {IDAO} from "@aragon/osx-commons-contracts/src/dao/IDAO.sol";
import {IVotingEscrowIncreasingV1_2_0 as IVotingEscrow} from "@escrow/IVotingEscrowIncreasing_v1_2_0.sol";
import {
IEscrowCurveIncreasingV1_2_0 as IEscrowCurve,
IEscrowCurveGlobal,
IEscrowCurveCore,
IEscrowCurveTokenV1_2_0 as IEscrowCurveToken
} from "@curve/IEscrowCurveIncreasing_v1_2_0.sol";
import {IClockUser, IClockV1_2_0 as IClock} from "@clock/IClock_v1_2_0.sol";
// libraries
import {SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
import {SafeCast} from "@openzeppelin/contracts/utils/math/SafeCast.sol";
import {SignedFixedPointMath} from "@libs/SignedFixedPointMathLib.sol";
import {CurveConstantLib} from "@libs/CurveConstantLib.sol";
// contracts
import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
import {ReentrancyGuardUpgradeable as ReentrancyGuard} from
"@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol";
import {DaoAuthorizableUpgradeable as DaoAuthorizable} from
"@aragon/osx-commons-contracts/src/permission/auth/DaoAuthorizableUpgradeable.sol";
/// @title Linear Increasing Escrow Curve
contract LinearIncreasingCurve is IEscrowCurve, IClockUser, ReentrancyGuard, DaoAuthorizable, UUPSUpgradeable {
using SafeERC20 for IERC20;
using SafeCast for int256;
using SafeCast for uint256;
using SignedFixedPointMath for int256;
/// @notice Administrator role for the contract
bytes32 public constant CURVE_ADMIN_ROLE = keccak256("CURVE_ADMIN_ROLE");
/// @notice The VotingEscrow contract address
address public escrow;
/// @notice The Clock contract address
address public clock;
/// @notice tokenId => latest index: incremented on a per-tokenId basis
/// @custom:oz-renamed-from tokenPointIntervals
mapping(uint256 => uint256) public tokenPointLatestIndex;
/// @notice The warmup period for the curve
/// @dev Deprecated in this version, but kept for backwards compatibility.
uint48 public warmupPeriod;
/// @dev tokenId => tokenPointIntervals => TokenPoint
/// @dev The Array is fixed so we can write to it in the future
/// This implementation means that very short intervals may be challenging
mapping(uint256 => TokenPoint[1_000_000_000]) internal _tokenPointHistory;
/*//////////////////////////////////////////////////////////////
MATH
//////////////////////////////////////////////////////////////*/
/// @custom:oz-upgrades-unsafe-allow state-variable-immutable
int256 private immutable SHARED_QUADRATIC_COEFFICIENT;
/// @custom:oz-upgrades-unsafe-allow state-variable-immutable
int256 private immutable SHARED_LINEAR_COEFFICIENT;
/// @custom:oz-upgrades-unsafe-allow state-variable-immutable
int256 private immutable SHARED_CONSTANT_COEFFICIENT;
/// @custom:oz-upgrades-unsafe-allow state-variable-immutable
uint256 private immutable MAX_EPOCHS;
/*//////////////////////////////////////////////////////////////
ADDED: TOTAL SUPPLY(1.2.0)
//////////////////////////////////////////////////////////////*/
/// @dev The latest global point index.
uint256 public globalPointLatestIndex;
// endTime => summed up slopes at that endTime
mapping(uint256 => int256) public slopeChanges;
/// @dev The global point history
mapping(uint256 => GlobalPoint) internal _globalPointHistory;
/*//////////////////////////////////////////////////////////////
INITIALIZATION
//////////////////////////////////////////////////////////////*/
/// @custom:oz-upgrades-unsafe-allow constructor
constructor(int256[3] memory _coefficients, uint256 _maxEpochs) {
SHARED_CONSTANT_COEFFICIENT = _coefficients[0];
SHARED_LINEAR_COEFFICIENT = _coefficients[1];
SHARED_QUADRATIC_COEFFICIENT = _coefficients[2];
MAX_EPOCHS = _maxEpochs;
_disableInitializers();
}
/// @param _escrow VotingEscrow contract address
function initialize(address _escrow, address _dao, address _clock) external initializer {
escrow = _escrow;
clock = _clock;
__ReentrancyGuard_init();
__DaoAuthorizableUpgradeable_init(IDAO(_dao));
// other initializers are empty
}
/*//////////////////////////////////////////////////////////////
CURVE COEFFICIENTS
//////////////////////////////////////////////////////////////*/
/// @return The coefficient for the curve's linear term, for the given amount
function _getLinearCoeff(uint256 amount) internal view virtual returns (int256) {
return amount.toInt256() * SHARED_LINEAR_COEFFICIENT;
}
/// @return The constant coefficient of the increasing curve, for the given amount
/// @dev In this case, the constant term is 1 so we just case the amount
function _getConstantCoeff(uint256 amount) internal view virtual returns (int256) {
return amount.toInt256() * SHARED_CONSTANT_COEFFICIENT;
}
/// @return The coefficients of the quadratic curve, for the given amount
/// @dev The coefficients are returned in the order [constant, linear, quadratic]
function _getCoefficients(uint256 amount) internal view virtual returns (int256[3] memory) {
return [_getConstantCoeff(amount), _getLinearCoeff(amount), 0];
}
/// @return The coefficients of the quadratic curve, for the given amount
/// @dev The coefficients are returned in the order [constant, linear, quadratic]
/// and are converted to regular 256-bit signed integers instead of their fixed-point representation
function getCoefficients(uint256 amount) public view virtual returns (int256[3] memory) {
int256[3] memory coefficients = _getCoefficients(amount);
return [
coefficients[0] / 1e18, // amount
coefficients[1] / 1e18, // slope
0
];
}
/*//////////////////////////////////////////////////////////////
CURVE BIAS
//////////////////////////////////////////////////////////////*/
/// @notice Rounds `_elapsed` to maxTime if it's greater, otherwise returns `_elapsed`.
function boundElapsedMaxTime(uint256 _elapsed) private view returns (uint256) {
uint256 MAX_TIME = maxTime();
return _elapsed > MAX_TIME ? MAX_TIME : _elapsed;
}
/// @notice Returns the bias for the given time elapsed and amount, up to the maximum time
function getBias(uint256 timeElapsed, uint256 amount) public view returns (uint256) {
int256[3] memory coefficients = _getCoefficients(amount);
uint256 bias = _getBias(boundElapsedMaxTime(timeElapsed), coefficients[0], coefficients[1]);
return bias / 1e18;
}
/// @notice Returns the bias for the given time elapsed and amount, up to the maximum time
/// @dev Returned values from these functions are in fixed point representation
/// which is not the case in `getBias`.
function _getBias(uint256 _timeElapsed, int256 _constantCoeff, int256 _linearCoeff)
internal
pure
returns (uint256)
{
int256 bias = _linearCoeff * int256(_timeElapsed) + _constantCoeff;
if (bias < 0) bias = 0;
return bias.toUint256();
}
function _getBiasAndSlope(uint256 _timeElapsed, uint256 _amount) public view returns (int256, int256) {
int256 slope = _getLinearCoeff(_amount);
uint256 bias = _getBias(boundElapsedMaxTime(_timeElapsed), _getConstantCoeff(_amount), slope);
return (int256(bias), slope);
}
function maxTime() public view virtual returns (uint256) {
return IClock(clock).epochDuration() * MAX_EPOCHS;
}
function previewMaxBias(uint256 amount) external view returns (uint256) {
return getBias(maxTime(), amount);
}
/*//////////////////////////////////////////////////////////////
BALANCE
//////////////////////////////////////////////////////////////*/
/// @inheritdoc IEscrowCurveToken
function tokenPointHistory(uint256 _tokenId, uint256 _index) external view returns (TokenPoint memory point) {
point = _tokenPointHistory[_tokenId][_index];
/// bind for backwards compatibility
point.bias = uint256(point.coefficients[0]) / 1e18;
}
/// @inheritdoc IEscrowCurveGlobal
function globalPointHistory(uint256 _index) public view returns (GlobalPoint memory) {
return _globalPointHistory[_index];
}
/// @inheritdoc IEscrowCurveToken
function tokenPointIntervals(uint256 _tokenId) external view returns (uint256) {
return tokenPointLatestIndex[_tokenId];
}
/// @inheritdoc IEscrowCurveCore
function votingPowerAt(uint256 _tokenId, uint256 _t) external view returns (uint256) {
uint256 interval = _getPastTokenPointInterval(_tokenId, _t);
// epoch 0 is an empty point
if (interval == 0) return 0;
// Note that very first point is saved at index 1.
// Grab original point(the very first point for `_tokenId`).
TokenPoint memory originalPoint = _tokenPointHistory[_tokenId][1];
// Grab last point before `_t`.
TokenPoint memory lastPoint = _tokenPointHistory[_tokenId][interval];
int256 bias = lastPoint.coefficients[0];
int256 slope = lastPoint.coefficients[1];
uint256 end = originalPoint.checkpointTs + maxTime();
// If the point was created before the upgrade:
// it will have `checkpointTs` greater than `writtenTs`.
// bias would have been stored as just the amount(without bonus).
// In such case, we make writtenTs equal to avoid checkpointTs greater.
// This ensures that behaviour after and before upgrade are same.
if (lastPoint.checkpointTs > lastPoint.writtenTs) {
lastPoint.writtenTs = lastPoint.checkpointTs;
if (_t < lastPoint.writtenTs) return 0;
}
uint256 elapsed = _t - lastPoint.writtenTs;
uint256 timeTillMaxTime = 0;
if (end > lastPoint.writtenTs) {
timeTillMaxTime = end - lastPoint.writtenTs;
}
if (elapsed >= timeTillMaxTime) {
elapsed = timeTillMaxTime;
}
return _getBias(elapsed, bias, slope) / 1e18;
}
/// @inheritdoc IEscrowCurveCore
function supplyAt(uint256 _timestamp) external view returns (uint256) {
return _supplyAt(_timestamp);
}
/*//////////////////////////////////////////////////////////////
CHECKPOINT
//////////////////////////////////////////////////////////////*/
/// @notice A checkpoint can be called by the VotingEscrow contract to snapshot the user's voting power
function checkpoint(
uint256 _tokenId,
IVotingEscrow.LockedBalance memory _oldLocked,
IVotingEscrow.LockedBalance memory _newLocked
) external nonReentrant {
if (msg.sender != escrow) revert OnlyEscrow();
_checkpoint(_tokenId, _oldLocked, _newLocked);
}
/// @notice Record user data to checkpoints. Used by VotingEscrow system.
/// @param _tokenId NFT token ID.
/// @param _fromLocked The locked from which we're moving.
/// @param _newLocked New locked amount / end lock time for the user
function _checkpoint(
uint256 _tokenId,
IVotingEscrow.LockedBalance memory _fromLocked,
IVotingEscrow.LockedBalance memory _newLocked
) internal {
// this implementation doesn't yet support manual checkpointing
if (_tokenId == 0) revert InvalidTokenId();
if (_newLocked.start < _fromLocked.start) {
revert InvalidCheckpoint();
}
uint256 _globalPointLatestIndex = globalPointLatestIndex;
// Get the slope and bias for `_newLocked`...
(int256 newLockBias, int256 newLockSlope) =
_getBiasAndSlope(block.timestamp - _newLocked.start, _newLocked.amount);
GlobalPoint memory lastPoint = GlobalPoint({bias: 0, slope: 0, writtenTs: uint48(block.timestamp)});
if (_globalPointLatestIndex > 0) {
lastPoint = _globalPointHistory[_globalPointLatestIndex];
}
{
uint256 checkpointInterval = IClock(clock).checkpointInterval();
// For safety reasons, we don't allow checkpoints
// on the exact checkpointInterval.
if (block.timestamp % checkpointInterval == 0) {
revert CheckpointOnDepositIntervalNotAllowed();
}
uint256 lastPointCheckpoint = lastPoint.writtenTs;
uint256 t_i = (lastPointCheckpoint / checkpointInterval) * checkpointInterval;
for (uint256 i = 0; i < 255; ++i) {
t_i += checkpointInterval;
int256 dSlope;
if (t_i > block.timestamp) {
t_i = block.timestamp;
} else {
dSlope = slopeChanges[t_i];
}
lastPoint.bias += lastPoint.slope * int256(t_i - lastPointCheckpoint);
lastPoint.slope -= dSlope;
if (lastPoint.slope < 0) lastPoint.slope = 0;
if (lastPoint.bias < 0) lastPoint.bias = 0;
lastPointCheckpoint = t_i;
lastPoint.writtenTs = uint48(t_i);
_globalPointLatestIndex += 1;
if (t_i == block.timestamp) {
break;
} else {
_globalPointHistory[_globalPointLatestIndex] = lastPoint;
}
}
}
uint256 _maxTime = maxTime();
uint256 newLockedEnd = _newLocked.start + _maxTime;
uint256 fromLockedEnd = _fromLocked.start + _maxTime;
// The following condition is true if merging non-mature locks with different start dates.
// current version of ve-governance is built around the assumption that merge can only
// occur if tokens are either mature or have the same start dates. Even though `escrow`
// does this check before calling `checkpoint` on curve, it's still a safety measure to repeat
// the check in case the code of checkpoint might be called by another contract in the future.
if (
_fromLocked.start != 0 && _newLocked.start != 0 && _fromLocked.start != _newLocked.start
&& (newLockedEnd >= block.timestamp || fromLockedEnd >= block.timestamp)
) {
revert InvalidLocks(_tokenId, _fromLocked, _newLocked);
}
// newLocked could be ended in case of merge, when
// a token is already mature.
if (newLockedEnd <= block.timestamp) {
newLockSlope = 0;
}
(int256 oldLockBias, int256 oldLockSlope) = (0, 0);
if (_fromLocked.amount > 0) {
(oldLockBias, oldLockSlope) = _getBiasAndSlope(block.timestamp - _fromLocked.start, _fromLocked.amount);
// In case fromLocked already ended, its slope would already
// be subtracted from `lastPoint.slope` in the above for loop.
// So we make this 0 to not subtract double times.
if (fromLockedEnd <= block.timestamp) {
oldLockSlope = 0;
}
}
lastPoint.bias += (newLockBias - oldLockBias);
lastPoint.slope += (newLockSlope - oldLockSlope);
if (lastPoint.slope < 0) lastPoint.slope = 0;
if (lastPoint.bias < 0) lastPoint.bias = 0;
uint256 tokenLatestIndex = tokenPointLatestIndex[_tokenId];
// The token point already exists..
if (tokenLatestIndex > 0) {
if (fromLockedEnd > block.timestamp) {
slopeChanges[fromLockedEnd] -= oldLockSlope;
}
}
// store new slope change
slopeChanges[newLockedEnd] += newLockSlope;
// Record the latest global point.
_storeLatestGlobalPoint(lastPoint, _globalPointLatestIndex);
// Create new token point and store.
TokenPoint memory tNew;
tNew.writtenTs = uint128(block.timestamp);
tNew.checkpointTs = _newLocked.start;
tNew.coefficients = [newLockBias, newLockSlope, 0];
// Record the latest token point.
_storeLatestTokenPoint(tNew, _tokenId, tokenLatestIndex);
}
/// @dev The private helper function to either store latest global point on a new index or overwrite it.
/// In case of overwriting, the latest global point index is not incremented.
function _storeLatestGlobalPoint(GlobalPoint memory _p, uint256 _index) private {
// If the timestamp of last stored global point is the same as
// current timestamp, overwrite it, otherwise store a new one
// to reduce unnecessary global points in the history for
// gas costs and binary search efficiency.
if (_index != 1 && _globalPointHistory[_index - 1].writtenTs == block.timestamp) {
_globalPointHistory[_index - 1] = _p;
} else {
globalPointLatestIndex = _index;
_globalPointHistory[_index] = _p;
}
}
/// @dev The private helper function to either store latest token point on a new index or overwrite it.
/// In case of overwriting, the latest token point index is not incremented.
function _storeLatestTokenPoint(TokenPoint memory _p, uint256 _tokenId, uint256 _index) private {
// If the timestamp of last stored token point is the same as
// current timestamp, overwrite it, otherwise store a new one
// to reduce unnecessary global points in the history for
// gas costs and binary search efficiency.
if (_index != 0 && _tokenPointHistory[_tokenId][_index].writtenTs == block.timestamp) {
_tokenPointHistory[_tokenId][_index] = _p;
} else {
tokenPointLatestIndex[_tokenId] = ++_index;
_tokenPointHistory[_tokenId][_index] = _p;
}
}
/*///////////////////////////////////////////////////////////////
Total Supply and Voting Power Calculations
//////////////////////////////////////////////////////////////*/
/// @notice Binary search to get the token point interval for a token id at or prior to a given timestamp
/// Once we have the point , we can apply the bias calculation to get the voting power.
/// @dev If a token point does not exist prior to the timestamp, this will return 0.
function _getPastTokenPointInterval(uint256 _tokenId, uint256 _timestamp) internal view returns (uint256) {
uint256 tokenInterval = tokenPointLatestIndex[_tokenId];
if (tokenInterval == 0) return 0;
// if the most recent point is before the timestamp, return it
if (_tokenPointHistory[_tokenId][tokenInterval].writtenTs <= _timestamp) {
return (tokenInterval);
}
// Check if the first balance is after the timestamp
// this means that the first epoch has yet to start
if (_tokenPointHistory[_tokenId][1].writtenTs > _timestamp) return 0;
uint256 lower = 0;
uint256 upper = tokenInterval;
while (upper > lower) {
uint256 center = upper - (upper - lower) / 2; // ceil, avoiding overflow
TokenPoint storage tokenPoint = _tokenPointHistory[_tokenId][center];
if (tokenPoint.writtenTs == _timestamp) {
return center;
} else if (tokenPoint.writtenTs < _timestamp) {
lower = center;
} else {
upper = center - 1;
}
}
return lower;
}
/// @notice Binary search to get the global point index at or prior to a given timestamp
/// @dev If a checkpoint does not exist prior to the timestamp, this will return 0.
/// @param _timestamp The timestamp to get a checkpoint at.
/// @return Global point index
function getPastGlobalPointIndex(uint256 _timestamp) internal view returns (uint256) {
if (globalPointLatestIndex == 0) return 0;
// First check most recent balance
if (_globalPointHistory[globalPointLatestIndex].writtenTs <= _timestamp) {
return (globalPointLatestIndex);
}
// Next check implicit zero balance
if (_globalPointHistory[1].writtenTs > _timestamp) return 0;
uint256 lower = 0;
uint256 upper = globalPointLatestIndex;
while (upper > lower) {
uint256 center = upper - (upper - lower) / 2; // ceil, avoiding overflow
GlobalPoint storage globalPoint = _globalPointHistory[center];
if (globalPoint.writtenTs == _timestamp) {
return center;
} else if (globalPoint.writtenTs < _timestamp) {
lower = center;
} else {
upper = center - 1;
}
}
return lower;
}
/// @notice Calculate total voting power at some point in the past
/// @param _timestamp Time to calculate the total voting power at
/// @return Total voting power at that time
function _supplyAt(uint256 _timestamp) internal view returns (uint256) {
uint256 epoch_ = getPastGlobalPointIndex(_timestamp);
// epoch 0 is an empty point
if (epoch_ == 0) return 0;
GlobalPoint memory _point = _globalPointHistory[epoch_];
int256 bias = _point.bias;
int256 slope = _point.slope;
uint256 ts = _point.writtenTs; // changes in for loop.
uint256 checkpointInterval = IClock(clock).checkpointInterval();
uint256 t_i = (ts / checkpointInterval) * checkpointInterval;
for (uint256 i = 0; i < 255; ++i) {
t_i += checkpointInterval;
int256 dSlope = 0;
if (t_i > _timestamp) {
t_i = _timestamp;
} else {
dSlope = slopeChanges[t_i];
}
bias += slope * int256(t_i - ts);
if (t_i == _timestamp) {
break;
}
slope -= dSlope;
ts = t_i;
}
if (bias < 0) bias = 0;
return uint256(bias / 1e18);
}
/*///////////////////////////////////////////////////////////////
UUPS Upgrade
//////////////////////////////////////////////////////////////*/
/// @notice Returns the address of the implementation contract in the [proxy storage slot](https://eips.ethereum.org/EIPS/eip-1967) slot the [UUPS proxy](https://eips.ethereum.org/EIPS/eip-1822) is pointing to.
/// @return The address of the implementation contract.
function implementation() public view returns (address) {
return _getImplementation();
}
/// @notice Internal method authorizing the upgrade of the contract via the [upgradeability mechanism for UUPS proxies](https://docs.openzeppelin.com/contracts/4.x/api/proxy#UUPSUpgradeable) (see [ERC-1822](https://eips.ethereum.org/EIPS/eip-1822)).
function _authorizeUpgrade(address) internal virtual override auth(CURVE_ADMIN_ROLE) {}
/// @dev Reserved storage space to allow for layout changes in the future.
uint256[42] private __gap;
/*//////////////////////////////////////////////////////////////
DEPRECATED: Warmup
//////////////////////////////////////////////////////////////*/
function setWarmupPeriod(uint48) external pure {
revert Deprecated();
}
/// @notice Returns whether the NFT is warm
/// @dev In this version, warm functionality has been deprecated.
/// For backwards compatibility, always return true.
function isWarm(uint256) public pure virtual returns (bool) {
return true;
}
/// @notice Returns whether the NFT is warm at the specified timestamp(`_ts`)
/// @dev In this version, warm functionality has been deprecated.
/// For backwards compatibility, always return true.
function isWarm(uint256, uint48) public pure virtual returns (bool) {
return true;
}
}/// SPDX-License-Identifier: MIT
pragma solidity ^0.8.17;
// interfaces
import {IDAO} from "@aragon/osx-commons-contracts/src/dao/IDAO.sol";
import {IClock} from "./IClock.sol";
import {IClockV1_2_0} from "./IClock_v1_2_0.sol";
// contracts
import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
import {
DaoAuthorizableUpgradeable as DaoAuthorizable
} from "@aragon/osx-commons-contracts/src/permission/auth/DaoAuthorizableUpgradeable.sol";
/// @title Clock
contract ClockV1_2_0 is IClockV1_2_0, DaoAuthorizable, UUPSUpgradeable {
bytes32 public constant CLOCK_ADMIN_ROLE = keccak256("CLOCK_ADMIN_ROLE");
/// @dev Epoch encompasses a voting and non-voting period
uint256 internal constant EPOCH_DURATION = 2 weeks;
/// @dev Checkpoint interval is the time between each voting checkpoint
uint256 internal constant CHECKPOINT_INTERVAL = 1 weeks;
/// @dev Voting duration is the time during which votes can be cast
uint256 internal constant VOTE_DURATION = 1 weeks;
/// @dev Opens and closes the voting window slightly early to avoid timing attacks
uint256 internal constant VOTE_WINDOW_BUFFER = 1 hours;
/*///////////////////////////////////////////////////////////////
Initialization
//////////////////////////////////////////////////////////////*/
/// @custom:oz-upgrades-unsafe-allow constructor
constructor() {
_disableInitializers();
}
function initialize(address _dao) external initializer {
__DaoAuthorizableUpgradeable_init(IDAO(_dao));
// uups not needed
}
/*///////////////////////////////////////////////////////////////
Getters
//////////////////////////////////////////////////////////////*/
function epochDuration() external pure returns (uint256) {
return EPOCH_DURATION;
}
function checkpointInterval() external pure returns (uint256) {
return CHECKPOINT_INTERVAL;
}
function voteDuration() external pure returns (uint256) {
return VOTE_DURATION;
}
function voteWindowBuffer() external pure returns (uint256) {
return VOTE_WINDOW_BUFFER;
}
/*///////////////////////////////////////////////////////////////
Epochs
//////////////////////////////////////////////////////////////*/
function currentEpoch() external view returns (uint256) {
return resolveEpoch(block.timestamp);
}
function resolveEpoch(uint256 timestamp) public pure returns (uint256) {
unchecked {
return timestamp / EPOCH_DURATION;
}
}
function elapsedInEpoch() external view returns (uint256) {
return resolveElapsedInEpoch(block.timestamp);
}
function resolveElapsedInEpoch(uint256 timestamp) public pure returns (uint256) {
unchecked {
return timestamp % EPOCH_DURATION;
}
}
function epochStartsIn() external view returns (uint256) {
return resolveEpochStartsIn(block.timestamp);
}
/// @notice Number of seconds until the start of the next epoch (relative)
/// @dev If exactly at the start of the epoch, returns 0
function resolveEpochStartsIn(uint256 timestamp) public pure returns (uint256) {
unchecked {
uint256 elapsed = resolveElapsedInEpoch(timestamp);
return (elapsed == 0) ? 0 : EPOCH_DURATION - elapsed;
}
}
function epochStartTs() external view returns (uint256) {
return resolveEpochStartTs(block.timestamp);
}
/// @notice Timestamp of the start of the next epoch (absolute)
function resolveEpochStartTs(uint256 timestamp) public pure returns (uint256) {
unchecked {
return timestamp + resolveEpochStartsIn(timestamp);
}
}
/*///////////////////////////////////////////////////////////////
Voting
//////////////////////////////////////////////////////////////*/
function votingActive() external view returns (bool) {
return resolveVotingActive(block.timestamp);
}
function resolveVotingActive(uint256 timestamp) public pure returns (bool) {
bool afterVoteStart = timestamp >= resolveEpochVoteStartTs(timestamp);
bool beforeVoteEnd = timestamp < resolveEpochVoteEndTs(timestamp);
return afterVoteStart && beforeVoteEnd;
}
function epochVoteStartsIn() external view returns (uint256) {
return resolveEpochVoteStartsIn(block.timestamp);
}
/// @notice Number of seconds until voting starts.
/// @dev If voting is active, returns 0.
function resolveEpochVoteStartsIn(uint256 timestamp) public pure returns (uint256) {
unchecked {
uint256 elapsed = resolveElapsedInEpoch(timestamp);
// if less than the offset has past, return the time until the offset
if (elapsed < VOTE_WINDOW_BUFFER) {
return VOTE_WINDOW_BUFFER - elapsed;
}
// if voting is active (we are in the voting period) return 0
else if (elapsed < VOTE_DURATION - VOTE_WINDOW_BUFFER) {
return 0;
}
// else return the time until the next epoch + the offset
else return resolveEpochStartsIn(timestamp) + VOTE_WINDOW_BUFFER;
}
}
function epochVoteStartTs() external view returns (uint256) {
return resolveEpochVoteStartTs(block.timestamp);
}
/// @notice Timestamp of the start of the next voting period (absolute)
function resolveEpochVoteStartTs(uint256 timestamp) public pure returns (uint256) {
unchecked {
return timestamp + resolveEpochVoteStartsIn(timestamp);
}
}
function epochVoteEndsIn() external view returns (uint256) {
return resolveEpochVoteEndsIn(block.timestamp);
}
/// @notice Number of seconds until the end of the current voting period (relative)
/// @dev If we are outside the voting period, returns 0
function resolveEpochVoteEndsIn(uint256 timestamp) public pure returns (uint256) {
unchecked {
uint256 elapsed = resolveElapsedInEpoch(timestamp);
uint VOTING_WINDOW = VOTE_DURATION - VOTE_WINDOW_BUFFER;
// if we are outside the voting period, return 0
if (elapsed >= VOTING_WINDOW) return 0;
// if we are in the voting period, return the remaining time
else return VOTING_WINDOW - elapsed;
}
}
function epochVoteEndTs() external view returns (uint256) {
return resolveEpochVoteEndTs(block.timestamp);
}
/// @notice Timestamp of the end of the current voting period (absolute)
function resolveEpochVoteEndTs(uint256 timestamp) public pure returns (uint256) {
unchecked {
return timestamp + resolveEpochVoteEndsIn(timestamp);
}
}
/*///////////////////////////////////////////////////////////////
Checkpointing
//////////////////////////////////////////////////////////////*/
function epochNextCheckpointIn() external view returns (uint256) {
return resolveEpochNextCheckpointIn(block.timestamp);
}
/// @notice Number of seconds until the next checkpoint interval (relative)
/// @dev If exactly at the start of the checkpoint interval, returns the interval
function resolveEpochNextCheckpointIn(uint256 timestamp) public pure returns (uint256) {
unchecked {
uint256 elapsed = resolveElapsedInEpoch(timestamp);
if (elapsed >= CHECKPOINT_INTERVAL) elapsed -= CHECKPOINT_INTERVAL;
return CHECKPOINT_INTERVAL - elapsed;
}
}
function epochNextCheckpointTs() external view returns (uint256) {
return resolveEpochNextCheckpointTs(block.timestamp);
}
/// @notice Timestamp of the next deposit interval (absolute)
function resolveEpochNextCheckpointTs(uint256 timestamp) public pure returns (uint256) {
unchecked {
return timestamp + resolveEpochNextCheckpointIn(timestamp);
}
}
function epochPrevCheckpointElapsed() external view returns (uint256) {
return resolveEpochPrevCheckpointElapsed(block.timestamp);
}
/// @notice Number of seconds since the prev checkpoint interval (relative)
/// @dev If exactly at the start of the checkpoint interval, returns 0
function resolveEpochPrevCheckpointElapsed(uint256 timestamp) public pure returns (uint256) {
unchecked {
uint256 elapsed = resolveElapsedInEpoch(timestamp);
if (elapsed >= CHECKPOINT_INTERVAL) elapsed -= CHECKPOINT_INTERVAL;
return elapsed;
}
}
function epochPrevCheckpointTs() external view returns (uint256) {
return resolveEpochPrevCheckpointTs(block.timestamp);
}
/// @notice Timestamp of the prev deposit interval (absolute)
function resolveEpochPrevCheckpointTs(uint256 timestamp) public pure returns (uint256) {
unchecked {
return timestamp - resolveEpochPrevCheckpointElapsed(timestamp);
}
}
/*///////////////////////////////////////////////////////////////
UUPS Getters
//////////////////////////////////////////////////////////////*/
function _authorizeUpgrade(address) internal override auth(CLOCK_ADMIN_ROLE) {}
function implementation() external view returns (address) {
return _getImplementation();
}
uint256[50] private __gap;
}/// SPDX-License-Identifier: MIT
pragma solidity ^0.8.17;
import {ILock} from "./ILock.sol";
import {
ERC721EnumerableUpgradeable as ERC721Enumerable
} from "@openzeppelin/contracts-upgradeable/token/ERC721/extensions/ERC721EnumerableUpgradeable.sol";
import {
ReentrancyGuardUpgradeable as ReentrancyGuard
} from "@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol";
import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
import {
DaoAuthorizableUpgradeable as DaoAuthorizable
} from "@aragon/osx-commons-contracts/src/permission/auth/DaoAuthorizableUpgradeable.sol";
import {IDAO} from "@aragon/osx-commons-contracts/src/dao/IDAO.sol";
import {
IVotingEscrowIncreasingV1_2_0 as IVotingEscrow
} from "@escrow/IVotingEscrowIncreasing_v1_2_0.sol";
/// @title NFT representation of an escrow locking mechanism
contract LockV1_2_0 is ILock, ERC721Enumerable, UUPSUpgradeable, DaoAuthorizable, ReentrancyGuard {
/// @dev enables transfers without whitelisting
address public constant WHITELIST_ANY_ADDRESS =
address(uint160(uint256(keccak256("WHITELIST_ANY_ADDRESS"))));
/// @notice role to upgrade this contract
bytes32 public constant LOCK_ADMIN_ROLE = keccak256("LOCK_ADMIN");
/// @notice Address of the escrow contract that holds underyling assets
address public escrow;
/// @notice Whitelisted contracts that are allowed to transfer
mapping(address => bool) public whitelisted;
/*//////////////////////////////////////////////////////////////
Modifiers
//////////////////////////////////////////////////////////////*/
modifier onlyEscrow() {
if (msg.sender != escrow) revert OnlyEscrow();
_;
}
/*//////////////////////////////////////////////////////////////
ERC165
//////////////////////////////////////////////////////////////*/
function supportsInterface(
bytes4 _interfaceId
) public view override(ERC721Enumerable) returns (bool) {
return super.supportsInterface(_interfaceId) || _interfaceId == type(ILock).interfaceId;
}
/*//////////////////////////////////////////////////////////////
Initializer
//////////////////////////////////////////////////////////////*/
/// @custom:oz-upgrades-unsafe-allow constructor
constructor() {
_disableInitializers();
}
function initialize(
address _escrow,
string memory _name,
string memory _symbol,
address _dao
) external initializer {
__ERC721_init(_name, _symbol);
__DaoAuthorizableUpgradeable_init(IDAO(_dao));
__ReentrancyGuard_init();
escrow = _escrow;
// allow sending nfts to the escrow
whitelisted[escrow] = true;
emit WhitelistSet(address(escrow), true);
}
/*//////////////////////////////////////////////////////////////
Transfers
//////////////////////////////////////////////////////////////*/
/// @notice Transfers disabled by default, whitelisted addresses are allowed to be involved in transfers
function setWhitelisted(address _account, bool _isWhitelisted) external auth(LOCK_ADMIN_ROLE) {
if (_account == escrow) revert ForbiddenWhitelistAddress();
whitelisted[_account] = _isWhitelisted;
emit WhitelistSet(_account, _isWhitelisted);
}
/// @notice Enable transfers to any address without whitelisting
function enableTransfers() external auth(LOCK_ADMIN_ROLE) {
whitelisted[WHITELIST_ANY_ADDRESS] = true;
emit WhitelistSet(WHITELIST_ANY_ADDRESS, true);
}
/// @dev Override the transfer to check if the recipient is whitelisted
/// This avoids needing to check for mint/burn but is less idomatic than beforeTokenTransfer
function _transfer(address _from, address _to, uint256 _tokenId) internal override {
if (whitelisted[WHITELIST_ANY_ADDRESS] || whitelisted[_to] || whitelisted[_from]) {
super._transfer(_from, _to, _tokenId);
} else {
revert NotWhitelisted();
}
if(_from != _to) {
IVotingEscrow(escrow).moveDelegateVotes(_from, _to, _tokenId);
}
}
/*//////////////////////////////////////////////////////////////
NFT Functions
//////////////////////////////////////////////////////////////*/
function isApprovedOrOwner(address _spender, uint256 _tokenId) external view returns (bool) {
return _isApprovedOrOwner(_spender, _tokenId);
}
/// @notice Minting and burning functions that can only be called by the escrow contract
/// @dev Safe mint ensures contract addresses are ERC721 Receiver contracts
function mint(address _to, uint256 _tokenId) external onlyEscrow nonReentrant {
_safeMint(_to, _tokenId);
}
/// @notice Minting and burning functions that can only be called by the escrow contract
function burn(uint256 _tokenId) external onlyEscrow nonReentrant {
_burn(_tokenId);
}
/*//////////////////////////////////////////////////////////////
UUPS Upgrade
//////////////////////////////////////////////////////////////*/
/// @notice Returns the address of the implementation contract in the [proxy storage slot](https://eips.ethereum.org/EIPS/eip-1967) slot the [UUPS proxy](https://eips.ethereum.org/EIPS/eip-1822) is pointing to.
/// @return The address of the implementation contract.
function implementation() public view returns (address) {
return _getImplementation();
}
/// @notice Internal method authorizing the upgrade of the contract via the [upgradeability mechanism for UUPS proxies](https://docs.openzeppelin.com/contracts/4.x/api/proxy#UUPSUpgradeable) (see [ERC-1822](https://eips.ethereum.org/EIPS/eip-1822)).
function _authorizeUpgrade(address) internal virtual override auth(LOCK_ADMIN_ROLE) {}
/// @dev Reserved storage space to allow for layout changes in the future.
uint256[48] private __gap;
}// SPDX-License-Identifier: AGPL-3.0-or-later
pragma solidity ^0.8.8;
import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
import {IERC1822ProxiableUpgradeable} from "@openzeppelin/contracts-upgradeable/interfaces/draft-IERC1822Upgradeable.sol";
import {ERC165Upgradeable} from "@openzeppelin/contracts-upgradeable/utils/introspection/ERC165Upgradeable.sol";
import {ERC165CheckerUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/introspection/ERC165CheckerUpgradeable.sol";
import {IProtocolVersion} from "../utils/versioning/IProtocolVersion.sol";
import {ProtocolVersion} from "../utils/versioning/ProtocolVersion.sol";
import {DaoAuthorizableUpgradeable} from "../permission/auth/DaoAuthorizableUpgradeable.sol";
import {IPlugin} from "./IPlugin.sol";
import {IDAO} from "../dao/IDAO.sol";
import {IExecutor, Action} from "../executors/IExecutor.sol";
/// @title PluginUUPSUpgradeable
/// @author Aragon X - 2022-2024
/// @notice An abstract, upgradeable contract to inherit from when creating a plugin being deployed via the UUPS pattern (see [ERC-1822](https://eips.ethereum.org/EIPS/eip-1822)).
/// @custom:security-contact [email protected]
abstract contract PluginUUPSUpgradeable is
IPlugin,
ERC165Upgradeable,
UUPSUpgradeable,
DaoAuthorizableUpgradeable,
ProtocolVersion
{
using ERC165CheckerUpgradeable for address;
// NOTE: When adding new state variables to the contract, the size of `_gap` has to be adapted below as well.
/// @notice Stores the current target configuration, defining the target contract and operation type for a plugin.
TargetConfig private currentTargetConfig;
/// @notice Thrown when target is of type 'IDAO', but operation is `delegateCall`.
/// @param targetConfig The target config to update it to.
error InvalidTargetConfig(TargetConfig targetConfig);
/// @notice Thrown when `delegatecall` fails.
error DelegateCallFailed();
/// @notice Thrown when initialize is called after it has already been executed.
error AlreadyInitialized();
/// @notice Emitted each time the TargetConfig is set.
event TargetSet(TargetConfig newTargetConfig);
/// @notice The ID of the permission required to call the `setTargetConfig` function.
bytes32 public constant SET_TARGET_CONFIG_PERMISSION_ID =
keccak256("SET_TARGET_CONFIG_PERMISSION");
/// @notice The ID of the permission required to call the `_authorizeUpgrade` function.
bytes32 public constant UPGRADE_PLUGIN_PERMISSION_ID = keccak256("UPGRADE_PLUGIN_PERMISSION");
/// @notice Disables the initializers on the implementation contract to prevent it from being left uninitialized.
/// @custom:oz-upgrades-unsafe-allow constructor
constructor() {
_disableInitializers();
}
/// @notice This ensures that the initialize function cannot be called during the upgrade process.
modifier onlyCallAtInitialization() {
if (_getInitializedVersion() != 0) {
revert AlreadyInitialized();
}
_;
}
/// @inheritdoc IPlugin
function pluginType() public pure override returns (PluginType) {
return PluginType.UUPS;
}
/// @notice Returns the currently set target contract.
/// @return TargetConfig The currently set target.
function getCurrentTargetConfig() public view virtual returns (TargetConfig memory) {
return currentTargetConfig;
}
/// @notice A convenient function to get current target config only if its target is not address(0), otherwise dao().
/// @return TargetConfig The current target config if its target is not address(0), otherwise returns dao()."
function getTargetConfig() public view virtual returns (TargetConfig memory) {
TargetConfig memory targetConfig = currentTargetConfig;
if (targetConfig.target == address(0)) {
targetConfig = TargetConfig({target: address(dao()), operation: Operation.Call});
}
return targetConfig;
}
/// @notice Initializes the plugin by storing the associated DAO.
/// @param _dao The DAO contract.
// solhint-disable-next-line func-name-mixedcase
function __PluginUUPSUpgradeable_init(IDAO _dao) internal virtual onlyInitializing {
__DaoAuthorizableUpgradeable_init(_dao);
}
/// @dev Sets the target to a new target (`newTarget`).
/// The caller must have the `SET_TARGET_CONFIG_PERMISSION_ID` permission.
/// @param _targetConfig The target Config containing the address and operation type.
function setTargetConfig(
TargetConfig calldata _targetConfig
) public auth(SET_TARGET_CONFIG_PERMISSION_ID) {
_setTargetConfig(_targetConfig);
}
/// @notice Checks if an interface is supported by this or its parent contract.
/// @param _interfaceId The ID of the interface.
/// @return Returns `true` if the interface is supported.
function supportsInterface(bytes4 _interfaceId) public view virtual override returns (bool) {
return
_interfaceId == type(IPlugin).interfaceId ||
_interfaceId == type(IProtocolVersion).interfaceId ||
_interfaceId == type(IERC1822ProxiableUpgradeable).interfaceId ||
_interfaceId ==
this.setTargetConfig.selector ^
this.getTargetConfig.selector ^
this.getCurrentTargetConfig.selector ||
super.supportsInterface(_interfaceId);
}
/// @notice Returns the address of the implementation contract in the [proxy storage slot](https://eips.ethereum.org/EIPS/eip-1967) slot the [UUPS proxy](https://eips.ethereum.org/EIPS/eip-1822) is pointing to.
/// @return The address of the implementation contract.
function implementation() public view returns (address) {
return _getImplementation();
}
/// @notice Sets the target to a new target (`newTarget`).
/// @param _targetConfig The target Config containing the address and operation type.
function _setTargetConfig(TargetConfig memory _targetConfig) internal virtual {
// safety check to avoid setting dao as `target` with `delegatecall` operation
// as this would not work and cause the plugin to be bricked.
if (
_targetConfig.target.supportsInterface(type(IDAO).interfaceId) &&
_targetConfig.operation == Operation.DelegateCall
) {
revert InvalidTargetConfig(_targetConfig);
}
currentTargetConfig = _targetConfig;
emit TargetSet(_targetConfig);
}
/// @notice Forwards the actions to the currently set `target` for the execution.
/// @dev If target is not set, passes actions to the dao.
/// @param _callId Identifier for this execution.
/// @param _actions actions that will be eventually called.
/// @param _allowFailureMap Bitmap-encoded number.
/// @return execResults address of the implementation contract.
/// @return failureMap address of the implementation contract.
function _execute(
bytes32 _callId,
Action[] memory _actions,
uint256 _allowFailureMap
) internal virtual returns (bytes[] memory execResults, uint256 failureMap) {
TargetConfig memory targetConfig = getTargetConfig();
return
_execute(
targetConfig.target,
_callId,
_actions,
_allowFailureMap,
targetConfig.operation
);
}
/// @notice Forwards the actions to the `target` for the execution.
/// @param _target The address of the target contract.
/// @param _callId Identifier for this execution.
/// @param _actions actions that will be eventually called.
/// @param _allowFailureMap A bitmap allowing the execution to succeed, even if individual actions might revert.
/// If the bit at index `i` is 1, the execution succeeds even if the `i`th action reverts.
/// A failure map value of 0 requires every action to not revert.
/// @param _op The type of operation (`Call` or `DelegateCall`) to be used for the execution.
/// @return execResults address of the implementation contract.
/// @return failureMap address of the implementation contract.
function _execute(
address _target,
bytes32 _callId,
Action[] memory _actions,
uint256 _allowFailureMap,
Operation _op
) internal virtual returns (bytes[] memory execResults, uint256 failureMap) {
if (_op == Operation.DelegateCall) {
bool success;
bytes memory data;
// solhint-disable-next-line avoid-low-level-calls
(success, data) = _target.delegatecall(
abi.encodeCall(IExecutor.execute, (_callId, _actions, _allowFailureMap))
);
if (!success) {
if (data.length > 0) {
// solhint-disable-next-line no-inline-assembly
assembly {
let returndata_size := mload(data)
revert(add(32, data), returndata_size)
}
} else {
revert DelegateCallFailed();
}
}
(execResults, failureMap) = abi.decode(data, (bytes[], uint256));
} else {
(execResults, failureMap) = IExecutor(_target).execute(
_callId,
_actions,
_allowFailureMap
);
}
}
/// @notice Internal method authorizing the upgrade of the contract via the [upgradeability mechanism for UUPS proxies](https://docs.openzeppelin.com/contracts/4.x/api/proxy#UUPSUpgradeable) (see [ERC-1822](https://eips.ethereum.org/EIPS/eip-1822)).
/// @dev The caller must have the `UPGRADE_PLUGIN_PERMISSION_ID` permission.
function _authorizeUpgrade(
address
)
internal
virtual
override
auth(UPGRADE_PLUGIN_PERMISSION_ID)
// solhint-disable-next-line no-empty-blocks
{
}
/// @notice This empty reserved space is put in place to allow future versions to add new variables without shifting down storage in the inheritance chain (see [OpenZeppelin's guide about storage gaps](https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps)).
uint256[49] private __gap;
}// SPDX-License-Identifier: AGPL-3.0-or-later
pragma solidity ^0.8.8;
import {ProtocolVersion} from "@aragon/osx-commons-contracts/src/utils/versioning/ProtocolVersion.sol";
import {IDAO} from "@aragon/osx-commons-contracts/src/dao/IDAO.sol";
import {ENSSubdomainRegistrar} from "../../utils/ens/ENSSubdomainRegistrar.sol";
import {InterfaceBasedRegistry} from "../../utils/InterfaceBasedRegistry.sol";
import {isSubdomainValid} from "../../utils/RegistryUtils.sol";
import {IPluginRepo} from "./IPluginRepo.sol";
/// @title PluginRepoRegistry
/// @author Aragon X - 2022-2023
/// @notice This contract maintains an address-based registry of plugin repositories in the Aragon App DAO framework.
/// @custom:security-contact [email protected]
contract PluginRepoRegistry is InterfaceBasedRegistry, ProtocolVersion {
/// @notice The ID of the permission required to call the `register` function.
bytes32 public constant REGISTER_PLUGIN_REPO_PERMISSION_ID =
keccak256("REGISTER_PLUGIN_REPO_PERMISSION");
/// @notice The ENS subdomain registrar registering the PluginRepo subdomains.
ENSSubdomainRegistrar public subdomainRegistrar;
/// @notice Emitted if a new plugin repository is registered.
/// @param subdomain The subdomain of the plugin repository.
/// @param pluginRepo The address of the plugin repository.
event PluginRepoRegistered(string subdomain, address pluginRepo);
/// @notice Thrown if the plugin subdomain doesn't match the regex `[0-9a-z\-]`
error InvalidPluginSubdomain(string subdomain);
/// @notice Thrown if the subdomain is present, but registrar is address(0).
error ENSNotSupported();
/// @dev Used to disallow initializing the implementation contract by an attacker for extra safety.
/// @custom:oz-upgrades-unsafe-allow constructor
constructor() {
_disableInitializers();
}
/// @notice Initializes the contract by setting calling the `InterfaceBasedRegistry` base class initialize method.
/// @param _dao The address of the managing DAO.
/// @param _subdomainRegistrar The `ENSSubdomainRegistrar` where `ENS` subdomain will be registered.
function initialize(IDAO _dao, ENSSubdomainRegistrar _subdomainRegistrar) external initializer {
bytes4 pluginRepoInterfaceId = type(IPluginRepo).interfaceId;
__InterfaceBasedRegistry_init(_dao, pluginRepoInterfaceId);
subdomainRegistrar = _subdomainRegistrar;
}
/// @notice Registers a plugin repository with a subdomain and address.
/// @dev If subdomain is empty, registration on ENS is skipped.
/// @param subdomain The subdomain of the PluginRepo.
/// @param pluginRepo The address of the PluginRepo contract.
function registerPluginRepo(
string calldata subdomain,
address pluginRepo
) external auth(REGISTER_PLUGIN_REPO_PERMISSION_ID) {
if (bytes(subdomain).length > 0) {
if (address(subdomainRegistrar) == address(0)) {
revert ENSNotSupported();
}
if (!isSubdomainValid(subdomain)) {
revert InvalidPluginSubdomain({subdomain: subdomain});
}
bytes32 labelhash = keccak256(bytes(subdomain));
subdomainRegistrar.registerSubnode(labelhash, pluginRepo);
}
_register(pluginRepo);
emit PluginRepoRegistered(subdomain, pluginRepo);
}
/// @notice This empty reserved space is put in place to allow future versions to add new variables without shifting down storage in the inheritance chain (see [OpenZeppelin's guide about storage gaps](https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps)).
uint256[49] private __gap;
}// SPDX-License-Identifier: AGPL-3.0-or-later pragma solidity ^0.8.8; /// @title IPermissionCondition /// @author Aragon X - 2021-2023 /// @notice An interface to be implemented to support custom permission logic. /// @dev To attach a condition to a permission, the `grantWithCondition` function must be used and refer to the implementing contract's address with the `condition` argument. /// @custom:security-contact [email protected] interface IPermissionCondition { /// @notice Checks if a call is permitted. /// @param _where The address of the target contract. /// @param _who The address (EOA or contract) for which the permissions are checked. /// @param _permissionId The permission identifier. /// @param _data Optional data passed to the `PermissionCondition` implementation. /// @return isPermitted Returns true if the call is permitted. function isGranted( address _where, address _who, bytes32 _permissionId, bytes calldata _data ) external view returns (bool isPermitted); }
// SPDX-License-Identifier: AGPL-3.0-or-later
pragma solidity ^0.8.8;
import {ERC165} from "@openzeppelin/contracts/utils/introspection/ERC165.sol";
import {IProtocolVersion} from "../../utils/versioning/IProtocolVersion.sol";
import {ProtocolVersion} from "../../utils/versioning/ProtocolVersion.sol";
import {IPermissionCondition} from "./IPermissionCondition.sol";
/// @title PermissionCondition
/// @author Aragon X - 2023
/// @notice An abstract contract for non-upgradeable contracts instantiated via the `new` keyword to inherit from to support customary permissions depending on arbitrary on-chain state.
/// @custom:security-contact [email protected]
abstract contract PermissionCondition is ERC165, IPermissionCondition, ProtocolVersion {
/// @notice Checks if an interface is supported by this or its parent contract.
/// @param _interfaceId The ID of the interface.
/// @return Returns `true` if the interface is supported.
function supportsInterface(bytes4 _interfaceId) public view virtual override returns (bool) {
return
_interfaceId == type(IPermissionCondition).interfaceId ||
_interfaceId == type(IProtocolVersion).interfaceId ||
super.supportsInterface(_interfaceId);
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/introspection/ERC165.sol)
pragma solidity ^0.8.0;
import "./IERC165Upgradeable.sol";
import "../../proxy/utils/Initializable.sol";
/**
* @dev Implementation of the {IERC165} interface.
*
* Contracts that want to implement ERC165 should inherit from this contract and override {supportsInterface} to check
* for the additional interface id that will be supported. For example:
*
* ```solidity
* function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
* return interfaceId == type(MyInterface).interfaceId || super.supportsInterface(interfaceId);
* }
* ```
*
* Alternatively, {ERC165Storage} provides an easier to use but more expensive implementation.
*/
abstract contract ERC165Upgradeable is Initializable, IERC165Upgradeable {
function __ERC165_init() internal onlyInitializing {
}
function __ERC165_init_unchained() internal onlyInitializing {
}
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return interfaceId == type(IERC165Upgradeable).interfaceId;
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[50] private __gap;
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/introspection/ERC165Checker.sol)
pragma solidity ^0.8.0;
import "./IERC165Upgradeable.sol";
/**
* @dev Library used to query support of an interface declared via {IERC165}.
*
* Note that these functions return the actual result of the query: they do not
* `revert` if an interface is not supported. It is up to the caller to decide
* what to do in these cases.
*/
library ERC165CheckerUpgradeable {
// As per the EIP-165 spec, no interface should ever match 0xffffffff
bytes4 private constant _INTERFACE_ID_INVALID = 0xffffffff;
/**
* @dev Returns true if `account` supports the {IERC165} interface.
*/
function supportsERC165(address account) internal view returns (bool) {
// Any contract that implements ERC165 must explicitly indicate support of
// InterfaceId_ERC165 and explicitly indicate non-support of InterfaceId_Invalid
return
supportsERC165InterfaceUnchecked(account, type(IERC165Upgradeable).interfaceId) &&
!supportsERC165InterfaceUnchecked(account, _INTERFACE_ID_INVALID);
}
/**
* @dev Returns true if `account` supports the interface defined by
* `interfaceId`. Support for {IERC165} itself is queried automatically.
*
* See {IERC165-supportsInterface}.
*/
function supportsInterface(address account, bytes4 interfaceId) internal view returns (bool) {
// query support of both ERC165 as per the spec and support of _interfaceId
return supportsERC165(account) && supportsERC165InterfaceUnchecked(account, interfaceId);
}
/**
* @dev Returns a boolean array where each value corresponds to the
* interfaces passed in and whether they're supported or not. This allows
* you to batch check interfaces for a contract where your expectation
* is that some interfaces may not be supported.
*
* See {IERC165-supportsInterface}.
*
* _Available since v3.4._
*/
function getSupportedInterfaces(
address account,
bytes4[] memory interfaceIds
) internal view returns (bool[] memory) {
// an array of booleans corresponding to interfaceIds and whether they're supported or not
bool[] memory interfaceIdsSupported = new bool[](interfaceIds.length);
// query support of ERC165 itself
if (supportsERC165(account)) {
// query support of each interface in interfaceIds
for (uint256 i = 0; i < interfaceIds.length; i++) {
interfaceIdsSupported[i] = supportsERC165InterfaceUnchecked(account, interfaceIds[i]);
}
}
return interfaceIdsSupported;
}
/**
* @dev Returns true if `account` supports all the interfaces defined in
* `interfaceIds`. Support for {IERC165} itself is queried automatically.
*
* Batch-querying can lead to gas savings by skipping repeated checks for
* {IERC165} support.
*
* See {IERC165-supportsInterface}.
*/
function supportsAllInterfaces(address account, bytes4[] memory interfaceIds) internal view returns (bool) {
// query support of ERC165 itself
if (!supportsERC165(account)) {
return false;
}
// query support of each interface in interfaceIds
for (uint256 i = 0; i < interfaceIds.length; i++) {
if (!supportsERC165InterfaceUnchecked(account, interfaceIds[i])) {
return false;
}
}
// all interfaces supported
return true;
}
/**
* @notice Query if a contract implements an interface, does not check ERC165 support
* @param account The address of the contract to query for support of an interface
* @param interfaceId The interface identifier, as specified in ERC-165
* @return true if the contract at account indicates support of the interface with
* identifier interfaceId, false otherwise
* @dev Assumes that account contains a contract that supports ERC165, otherwise
* the behavior of this method is undefined. This precondition can be checked
* with {supportsERC165}.
*
* Some precompiled contracts will falsely indicate support for a given interface, so caution
* should be exercised when using this function.
*
* Interface identification is specified in ERC-165.
*/
function supportsERC165InterfaceUnchecked(address account, bytes4 interfaceId) internal view returns (bool) {
// prepare call
bytes memory encodedParams = abi.encodeWithSelector(IERC165Upgradeable.supportsInterface.selector, interfaceId);
// perform static call
bool success;
uint256 returnSize;
uint256 returnValue;
assembly {
success := staticcall(30000, account, add(encodedParams, 0x20), mload(encodedParams), 0x00, 0x20)
returnSize := returndatasize()
returnValue := mload(0x00)
}
return success && returnSize >= 0x20 && returnValue > 0;
}
}// SPDX-License-Identifier: AGPL-3.0-or-later pragma solidity ^0.8.8; /// @title IPluginRepo /// @author Aragon X - 2022-2023 /// @notice The interface required for a plugin repository. /// @custom:security-contact [email protected] interface IPluginRepo { /// @notice Updates the metadata for release with content `@fromHex(_releaseMetadata)`. /// @param _release The release number. /// @param _releaseMetadata The release metadata URI. function updateReleaseMetadata(uint8 _release, bytes calldata _releaseMetadata) external; /// @notice Creates a new plugin version as the latest build for an existing release number or the first build for a new release number for the provided `PluginSetup` contract address and metadata. /// @param _release The release number. /// @param _pluginSetupAddress The address of the plugin setup contract. /// @param _buildMetadata The build metadata URI. /// @param _releaseMetadata The release metadata URI. function createVersion( uint8 _release, address _pluginSetupAddress, bytes calldata _buildMetadata, bytes calldata _releaseMetadata ) external; /// @notice Emitted if the same plugin setup exists in previous releases. /// @param release The release number. /// @param build The build number. /// @param pluginSetup The address of the plugin setup contract. /// @param buildMetadata The build metadata URI. event VersionCreated( uint8 release, uint16 build, address indexed pluginSetup, bytes buildMetadata ); /// @notice Emitted when a release's metadata was updated. /// @param release The release number. /// @param releaseMetadata The release metadata URI. event ReleaseMetadataUpdated(uint8 release, bytes releaseMetadata); }
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (utils/math/SafeCast.sol)
// This file was procedurally generated from scripts/generate/templates/SafeCast.js.
pragma solidity ^0.8.0;
/**
* @dev Wrappers over Solidity's uintXX/intXX casting operators with added overflow
* checks.
*
* Downcasting from uint256/int256 in Solidity does not revert on overflow. This can
* easily result in undesired exploitation or bugs, since developers usually
* assume that overflows raise errors. `SafeCast` restores this intuition by
* reverting the transaction when such an operation overflows.
*
* Using this library instead of the unchecked operations eliminates an entire
* class of bugs, so it's recommended to use it always.
*
* Can be combined with {SafeMath} and {SignedSafeMath} to extend it to smaller types, by performing
* all math on `uint256` and `int256` and then downcasting.
*/
library SafeCastUpgradeable {
/**
* @dev Returns the downcasted uint248 from uint256, reverting on
* overflow (when the input is greater than largest uint248).
*
* Counterpart to Solidity's `uint248` operator.
*
* Requirements:
*
* - input must fit into 248 bits
*
* _Available since v4.7._
*/
function toUint248(uint256 value) internal pure returns (uint248) {
require(value <= type(uint248).max, "SafeCast: value doesn't fit in 248 bits");
return uint248(value);
}
/**
* @dev Returns the downcasted uint240 from uint256, reverting on
* overflow (when the input is greater than largest uint240).
*
* Counterpart to Solidity's `uint240` operator.
*
* Requirements:
*
* - input must fit into 240 bits
*
* _Available since v4.7._
*/
function toUint240(uint256 value) internal pure returns (uint240) {
require(value <= type(uint240).max, "SafeCast: value doesn't fit in 240 bits");
return uint240(value);
}
/**
* @dev Returns the downcasted uint232 from uint256, reverting on
* overflow (when the input is greater than largest uint232).
*
* Counterpart to Solidity's `uint232` operator.
*
* Requirements:
*
* - input must fit into 232 bits
*
* _Available since v4.7._
*/
function toUint232(uint256 value) internal pure returns (uint232) {
require(value <= type(uint232).max, "SafeCast: value doesn't fit in 232 bits");
return uint232(value);
}
/**
* @dev Returns the downcasted uint224 from uint256, reverting on
* overflow (when the input is greater than largest uint224).
*
* Counterpart to Solidity's `uint224` operator.
*
* Requirements:
*
* - input must fit into 224 bits
*
* _Available since v4.2._
*/
function toUint224(uint256 value) internal pure returns (uint224) {
require(value <= type(uint224).max, "SafeCast: value doesn't fit in 224 bits");
return uint224(value);
}
/**
* @dev Returns the downcasted uint216 from uint256, reverting on
* overflow (when the input is greater than largest uint216).
*
* Counterpart to Solidity's `uint216` operator.
*
* Requirements:
*
* - input must fit into 216 bits
*
* _Available since v4.7._
*/
function toUint216(uint256 value) internal pure returns (uint216) {
require(value <= type(uint216).max, "SafeCast: value doesn't fit in 216 bits");
return uint216(value);
}
/**
* @dev Returns the downcasted uint208 from uint256, reverting on
* overflow (when the input is greater than largest uint208).
*
* Counterpart to Solidity's `uint208` operator.
*
* Requirements:
*
* - input must fit into 208 bits
*
* _Available since v4.7._
*/
function toUint208(uint256 value) internal pure returns (uint208) {
require(value <= type(uint208).max, "SafeCast: value doesn't fit in 208 bits");
return uint208(value);
}
/**
* @dev Returns the downcasted uint200 from uint256, reverting on
* overflow (when the input is greater than largest uint200).
*
* Counterpart to Solidity's `uint200` operator.
*
* Requirements:
*
* - input must fit into 200 bits
*
* _Available since v4.7._
*/
function toUint200(uint256 value) internal pure returns (uint200) {
require(value <= type(uint200).max, "SafeCast: value doesn't fit in 200 bits");
return uint200(value);
}
/**
* @dev Returns the downcasted uint192 from uint256, reverting on
* overflow (when the input is greater than largest uint192).
*
* Counterpart to Solidity's `uint192` operator.
*
* Requirements:
*
* - input must fit into 192 bits
*
* _Available since v4.7._
*/
function toUint192(uint256 value) internal pure returns (uint192) {
require(value <= type(uint192).max, "SafeCast: value doesn't fit in 192 bits");
return uint192(value);
}
/**
* @dev Returns the downcasted uint184 from uint256, reverting on
* overflow (when the input is greater than largest uint184).
*
* Counterpart to Solidity's `uint184` operator.
*
* Requirements:
*
* - input must fit into 184 bits
*
* _Available since v4.7._
*/
function toUint184(uint256 value) internal pure returns (uint184) {
require(value <= type(uint184).max, "SafeCast: value doesn't fit in 184 bits");
return uint184(value);
}
/**
* @dev Returns the downcasted uint176 from uint256, reverting on
* overflow (when the input is greater than largest uint176).
*
* Counterpart to Solidity's `uint176` operator.
*
* Requirements:
*
* - input must fit into 176 bits
*
* _Available since v4.7._
*/
function toUint176(uint256 value) internal pure returns (uint176) {
require(value <= type(uint176).max, "SafeCast: value doesn't fit in 176 bits");
return uint176(value);
}
/**
* @dev Returns the downcasted uint168 from uint256, reverting on
* overflow (when the input is greater than largest uint168).
*
* Counterpart to Solidity's `uint168` operator.
*
* Requirements:
*
* - input must fit into 168 bits
*
* _Available since v4.7._
*/
function toUint168(uint256 value) internal pure returns (uint168) {
require(value <= type(uint168).max, "SafeCast: value doesn't fit in 168 bits");
return uint168(value);
}
/**
* @dev Returns the downcasted uint160 from uint256, reverting on
* overflow (when the input is greater than largest uint160).
*
* Counterpart to Solidity's `uint160` operator.
*
* Requirements:
*
* - input must fit into 160 bits
*
* _Available since v4.7._
*/
function toUint160(uint256 value) internal pure returns (uint160) {
require(value <= type(uint160).max, "SafeCast: value doesn't fit in 160 bits");
return uint160(value);
}
/**
* @dev Returns the downcasted uint152 from uint256, reverting on
* overflow (when the input is greater than largest uint152).
*
* Counterpart to Solidity's `uint152` operator.
*
* Requirements:
*
* - input must fit into 152 bits
*
* _Available since v4.7._
*/
function toUint152(uint256 value) internal pure returns (uint152) {
require(value <= type(uint152).max, "SafeCast: value doesn't fit in 152 bits");
return uint152(value);
}
/**
* @dev Returns the downcasted uint144 from uint256, reverting on
* overflow (when the input is greater than largest uint144).
*
* Counterpart to Solidity's `uint144` operator.
*
* Requirements:
*
* - input must fit into 144 bits
*
* _Available since v4.7._
*/
function toUint144(uint256 value) internal pure returns (uint144) {
require(value <= type(uint144).max, "SafeCast: value doesn't fit in 144 bits");
return uint144(value);
}
/**
* @dev Returns the downcasted uint136 from uint256, reverting on
* overflow (when the input is greater than largest uint136).
*
* Counterpart to Solidity's `uint136` operator.
*
* Requirements:
*
* - input must fit into 136 bits
*
* _Available since v4.7._
*/
function toUint136(uint256 value) internal pure returns (uint136) {
require(value <= type(uint136).max, "SafeCast: value doesn't fit in 136 bits");
return uint136(value);
}
/**
* @dev Returns the downcasted uint128 from uint256, reverting on
* overflow (when the input is greater than largest uint128).
*
* Counterpart to Solidity's `uint128` operator.
*
* Requirements:
*
* - input must fit into 128 bits
*
* _Available since v2.5._
*/
function toUint128(uint256 value) internal pure returns (uint128) {
require(value <= type(uint128).max, "SafeCast: value doesn't fit in 128 bits");
return uint128(value);
}
/**
* @dev Returns the downcasted uint120 from uint256, reverting on
* overflow (when the input is greater than largest uint120).
*
* Counterpart to Solidity's `uint120` operator.
*
* Requirements:
*
* - input must fit into 120 bits
*
* _Available since v4.7._
*/
function toUint120(uint256 value) internal pure returns (uint120) {
require(value <= type(uint120).max, "SafeCast: value doesn't fit in 120 bits");
return uint120(value);
}
/**
* @dev Returns the downcasted uint112 from uint256, reverting on
* overflow (when the input is greater than largest uint112).
*
* Counterpart to Solidity's `uint112` operator.
*
* Requirements:
*
* - input must fit into 112 bits
*
* _Available since v4.7._
*/
function toUint112(uint256 value) internal pure returns (uint112) {
require(value <= type(uint112).max, "SafeCast: value doesn't fit in 112 bits");
return uint112(value);
}
/**
* @dev Returns the downcasted uint104 from uint256, reverting on
* overflow (when the input is greater than largest uint104).
*
* Counterpart to Solidity's `uint104` operator.
*
* Requirements:
*
* - input must fit into 104 bits
*
* _Available since v4.7._
*/
function toUint104(uint256 value) internal pure returns (uint104) {
require(value <= type(uint104).max, "SafeCast: value doesn't fit in 104 bits");
return uint104(value);
}
/**
* @dev Returns the downcasted uint96 from uint256, reverting on
* overflow (when the input is greater than largest uint96).
*
* Counterpart to Solidity's `uint96` operator.
*
* Requirements:
*
* - input must fit into 96 bits
*
* _Available since v4.2._
*/
function toUint96(uint256 value) internal pure returns (uint96) {
require(value <= type(uint96).max, "SafeCast: value doesn't fit in 96 bits");
return uint96(value);
}
/**
* @dev Returns the downcasted uint88 from uint256, reverting on
* overflow (when the input is greater than largest uint88).
*
* Counterpart to Solidity's `uint88` operator.
*
* Requirements:
*
* - input must fit into 88 bits
*
* _Available since v4.7._
*/
function toUint88(uint256 value) internal pure returns (uint88) {
require(value <= type(uint88).max, "SafeCast: value doesn't fit in 88 bits");
return uint88(value);
}
/**
* @dev Returns the downcasted uint80 from uint256, reverting on
* overflow (when the input is greater than largest uint80).
*
* Counterpart to Solidity's `uint80` operator.
*
* Requirements:
*
* - input must fit into 80 bits
*
* _Available since v4.7._
*/
function toUint80(uint256 value) internal pure returns (uint80) {
require(value <= type(uint80).max, "SafeCast: value doesn't fit in 80 bits");
return uint80(value);
}
/**
* @dev Returns the downcasted uint72 from uint256, reverting on
* overflow (when the input is greater than largest uint72).
*
* Counterpart to Solidity's `uint72` operator.
*
* Requirements:
*
* - input must fit into 72 bits
*
* _Available since v4.7._
*/
function toUint72(uint256 value) internal pure returns (uint72) {
require(value <= type(uint72).max, "SafeCast: value doesn't fit in 72 bits");
return uint72(value);
}
/**
* @dev Returns the downcasted uint64 from uint256, reverting on
* overflow (when the input is greater than largest uint64).
*
* Counterpart to Solidity's `uint64` operator.
*
* Requirements:
*
* - input must fit into 64 bits
*
* _Available since v2.5._
*/
function toUint64(uint256 value) internal pure returns (uint64) {
require(value <= type(uint64).max, "SafeCast: value doesn't fit in 64 bits");
return uint64(value);
}
/**
* @dev Returns the downcasted uint56 from uint256, reverting on
* overflow (when the input is greater than largest uint56).
*
* Counterpart to Solidity's `uint56` operator.
*
* Requirements:
*
* - input must fit into 56 bits
*
* _Available since v4.7._
*/
function toUint56(uint256 value) internal pure returns (uint56) {
require(value <= type(uint56).max, "SafeCast: value doesn't fit in 56 bits");
return uint56(value);
}
/**
* @dev Returns the downcasted uint48 from uint256, reverting on
* overflow (when the input is greater than largest uint48).
*
* Counterpart to Solidity's `uint48` operator.
*
* Requirements:
*
* - input must fit into 48 bits
*
* _Available since v4.7._
*/
function toUint48(uint256 value) internal pure returns (uint48) {
require(value <= type(uint48).max, "SafeCast: value doesn't fit in 48 bits");
return uint48(value);
}
/**
* @dev Returns the downcasted uint40 from uint256, reverting on
* overflow (when the input is greater than largest uint40).
*
* Counterpart to Solidity's `uint40` operator.
*
* Requirements:
*
* - input must fit into 40 bits
*
* _Available since v4.7._
*/
function toUint40(uint256 value) internal pure returns (uint40) {
require(value <= type(uint40).max, "SafeCast: value doesn't fit in 40 bits");
return uint40(value);
}
/**
* @dev Returns the downcasted uint32 from uint256, reverting on
* overflow (when the input is greater than largest uint32).
*
* Counterpart to Solidity's `uint32` operator.
*
* Requirements:
*
* - input must fit into 32 bits
*
* _Available since v2.5._
*/
function toUint32(uint256 value) internal pure returns (uint32) {
require(value <= type(uint32).max, "SafeCast: value doesn't fit in 32 bits");
return uint32(value);
}
/**
* @dev Returns the downcasted uint24 from uint256, reverting on
* overflow (when the input is greater than largest uint24).
*
* Counterpart to Solidity's `uint24` operator.
*
* Requirements:
*
* - input must fit into 24 bits
*
* _Available since v4.7._
*/
function toUint24(uint256 value) internal pure returns (uint24) {
require(value <= type(uint24).max, "SafeCast: value doesn't fit in 24 bits");
return uint24(value);
}
/**
* @dev Returns the downcasted uint16 from uint256, reverting on
* overflow (when the input is greater than largest uint16).
*
* Counterpart to Solidity's `uint16` operator.
*
* Requirements:
*
* - input must fit into 16 bits
*
* _Available since v2.5._
*/
function toUint16(uint256 value) internal pure returns (uint16) {
require(value <= type(uint16).max, "SafeCast: value doesn't fit in 16 bits");
return uint16(value);
}
/**
* @dev Returns the downcasted uint8 from uint256, reverting on
* overflow (when the input is greater than largest uint8).
*
* Counterpart to Solidity's `uint8` operator.
*
* Requirements:
*
* - input must fit into 8 bits
*
* _Available since v2.5._
*/
function toUint8(uint256 value) internal pure returns (uint8) {
require(value <= type(uint8).max, "SafeCast: value doesn't fit in 8 bits");
return uint8(value);
}
/**
* @dev Converts a signed int256 into an unsigned uint256.
*
* Requirements:
*
* - input must be greater than or equal to 0.
*
* _Available since v3.0._
*/
function toUint256(int256 value) internal pure returns (uint256) {
require(value >= 0, "SafeCast: value must be positive");
return uint256(value);
}
/**
* @dev Returns the downcasted int248 from int256, reverting on
* overflow (when the input is less than smallest int248 or
* greater than largest int248).
*
* Counterpart to Solidity's `int248` operator.
*
* Requirements:
*
* - input must fit into 248 bits
*
* _Available since v4.7._
*/
function toInt248(int256 value) internal pure returns (int248 downcasted) {
downcasted = int248(value);
require(downcasted == value, "SafeCast: value doesn't fit in 248 bits");
}
/**
* @dev Returns the downcasted int240 from int256, reverting on
* overflow (when the input is less than smallest int240 or
* greater than largest int240).
*
* Counterpart to Solidity's `int240` operator.
*
* Requirements:
*
* - input must fit into 240 bits
*
* _Available since v4.7._
*/
function toInt240(int256 value) internal pure returns (int240 downcasted) {
downcasted = int240(value);
require(downcasted == value, "SafeCast: value doesn't fit in 240 bits");
}
/**
* @dev Returns the downcasted int232 from int256, reverting on
* overflow (when the input is less than smallest int232 or
* greater than largest int232).
*
* Counterpart to Solidity's `int232` operator.
*
* Requirements:
*
* - input must fit into 232 bits
*
* _Available since v4.7._
*/
function toInt232(int256 value) internal pure returns (int232 downcasted) {
downcasted = int232(value);
require(downcasted == value, "SafeCast: value doesn't fit in 232 bits");
}
/**
* @dev Returns the downcasted int224 from int256, reverting on
* overflow (when the input is less than smallest int224 or
* greater than largest int224).
*
* Counterpart to Solidity's `int224` operator.
*
* Requirements:
*
* - input must fit into 224 bits
*
* _Available since v4.7._
*/
function toInt224(int256 value) internal pure returns (int224 downcasted) {
downcasted = int224(value);
require(downcasted == value, "SafeCast: value doesn't fit in 224 bits");
}
/**
* @dev Returns the downcasted int216 from int256, reverting on
* overflow (when the input is less than smallest int216 or
* greater than largest int216).
*
* Counterpart to Solidity's `int216` operator.
*
* Requirements:
*
* - input must fit into 216 bits
*
* _Available since v4.7._
*/
function toInt216(int256 value) internal pure returns (int216 downcasted) {
downcasted = int216(value);
require(downcasted == value, "SafeCast: value doesn't fit in 216 bits");
}
/**
* @dev Returns the downcasted int208 from int256, reverting on
* overflow (when the input is less than smallest int208 or
* greater than largest int208).
*
* Counterpart to Solidity's `int208` operator.
*
* Requirements:
*
* - input must fit into 208 bits
*
* _Available since v4.7._
*/
function toInt208(int256 value) internal pure returns (int208 downcasted) {
downcasted = int208(value);
require(downcasted == value, "SafeCast: value doesn't fit in 208 bits");
}
/**
* @dev Returns the downcasted int200 from int256, reverting on
* overflow (when the input is less than smallest int200 or
* greater than largest int200).
*
* Counterpart to Solidity's `int200` operator.
*
* Requirements:
*
* - input must fit into 200 bits
*
* _Available since v4.7._
*/
function toInt200(int256 value) internal pure returns (int200 downcasted) {
downcasted = int200(value);
require(downcasted == value, "SafeCast: value doesn't fit in 200 bits");
}
/**
* @dev Returns the downcasted int192 from int256, reverting on
* overflow (when the input is less than smallest int192 or
* greater than largest int192).
*
* Counterpart to Solidity's `int192` operator.
*
* Requirements:
*
* - input must fit into 192 bits
*
* _Available since v4.7._
*/
function toInt192(int256 value) internal pure returns (int192 downcasted) {
downcasted = int192(value);
require(downcasted == value, "SafeCast: value doesn't fit in 192 bits");
}
/**
* @dev Returns the downcasted int184 from int256, reverting on
* overflow (when the input is less than smallest int184 or
* greater than largest int184).
*
* Counterpart to Solidity's `int184` operator.
*
* Requirements:
*
* - input must fit into 184 bits
*
* _Available since v4.7._
*/
function toInt184(int256 value) internal pure returns (int184 downcasted) {
downcasted = int184(value);
require(downcasted == value, "SafeCast: value doesn't fit in 184 bits");
}
/**
* @dev Returns the downcasted int176 from int256, reverting on
* overflow (when the input is less than smallest int176 or
* greater than largest int176).
*
* Counterpart to Solidity's `int176` operator.
*
* Requirements:
*
* - input must fit into 176 bits
*
* _Available since v4.7._
*/
function toInt176(int256 value) internal pure returns (int176 downcasted) {
downcasted = int176(value);
require(downcasted == value, "SafeCast: value doesn't fit in 176 bits");
}
/**
* @dev Returns the downcasted int168 from int256, reverting on
* overflow (when the input is less than smallest int168 or
* greater than largest int168).
*
* Counterpart to Solidity's `int168` operator.
*
* Requirements:
*
* - input must fit into 168 bits
*
* _Available since v4.7._
*/
function toInt168(int256 value) internal pure returns (int168 downcasted) {
downcasted = int168(value);
require(downcasted == value, "SafeCast: value doesn't fit in 168 bits");
}
/**
* @dev Returns the downcasted int160 from int256, reverting on
* overflow (when the input is less than smallest int160 or
* greater than largest int160).
*
* Counterpart to Solidity's `int160` operator.
*
* Requirements:
*
* - input must fit into 160 bits
*
* _Available since v4.7._
*/
function toInt160(int256 value) internal pure returns (int160 downcasted) {
downcasted = int160(value);
require(downcasted == value, "SafeCast: value doesn't fit in 160 bits");
}
/**
* @dev Returns the downcasted int152 from int256, reverting on
* overflow (when the input is less than smallest int152 or
* greater than largest int152).
*
* Counterpart to Solidity's `int152` operator.
*
* Requirements:
*
* - input must fit into 152 bits
*
* _Available since v4.7._
*/
function toInt152(int256 value) internal pure returns (int152 downcasted) {
downcasted = int152(value);
require(downcasted == value, "SafeCast: value doesn't fit in 152 bits");
}
/**
* @dev Returns the downcasted int144 from int256, reverting on
* overflow (when the input is less than smallest int144 or
* greater than largest int144).
*
* Counterpart to Solidity's `int144` operator.
*
* Requirements:
*
* - input must fit into 144 bits
*
* _Available since v4.7._
*/
function toInt144(int256 value) internal pure returns (int144 downcasted) {
downcasted = int144(value);
require(downcasted == value, "SafeCast: value doesn't fit in 144 bits");
}
/**
* @dev Returns the downcasted int136 from int256, reverting on
* overflow (when the input is less than smallest int136 or
* greater than largest int136).
*
* Counterpart to Solidity's `int136` operator.
*
* Requirements:
*
* - input must fit into 136 bits
*
* _Available since v4.7._
*/
function toInt136(int256 value) internal pure returns (int136 downcasted) {
downcasted = int136(value);
require(downcasted == value, "SafeCast: value doesn't fit in 136 bits");
}
/**
* @dev Returns the downcasted int128 from int256, reverting on
* overflow (when the input is less than smallest int128 or
* greater than largest int128).
*
* Counterpart to Solidity's `int128` operator.
*
* Requirements:
*
* - input must fit into 128 bits
*
* _Available since v3.1._
*/
function toInt128(int256 value) internal pure returns (int128 downcasted) {
downcasted = int128(value);
require(downcasted == value, "SafeCast: value doesn't fit in 128 bits");
}
/**
* @dev Returns the downcasted int120 from int256, reverting on
* overflow (when the input is less than smallest int120 or
* greater than largest int120).
*
* Counterpart to Solidity's `int120` operator.
*
* Requirements:
*
* - input must fit into 120 bits
*
* _Available since v4.7._
*/
function toInt120(int256 value) internal pure returns (int120 downcasted) {
downcasted = int120(value);
require(downcasted == value, "SafeCast: value doesn't fit in 120 bits");
}
/**
* @dev Returns the downcasted int112 from int256, reverting on
* overflow (when the input is less than smallest int112 or
* greater than largest int112).
*
* Counterpart to Solidity's `int112` operator.
*
* Requirements:
*
* - input must fit into 112 bits
*
* _Available since v4.7._
*/
function toInt112(int256 value) internal pure returns (int112 downcasted) {
downcasted = int112(value);
require(downcasted == value, "SafeCast: value doesn't fit in 112 bits");
}
/**
* @dev Returns the downcasted int104 from int256, reverting on
* overflow (when the input is less than smallest int104 or
* greater than largest int104).
*
* Counterpart to Solidity's `int104` operator.
*
* Requirements:
*
* - input must fit into 104 bits
*
* _Available since v4.7._
*/
function toInt104(int256 value) internal pure returns (int104 downcasted) {
downcasted = int104(value);
require(downcasted == value, "SafeCast: value doesn't fit in 104 bits");
}
/**
* @dev Returns the downcasted int96 from int256, reverting on
* overflow (when the input is less than smallest int96 or
* greater than largest int96).
*
* Counterpart to Solidity's `int96` operator.
*
* Requirements:
*
* - input must fit into 96 bits
*
* _Available since v4.7._
*/
function toInt96(int256 value) internal pure returns (int96 downcasted) {
downcasted = int96(value);
require(downcasted == value, "SafeCast: value doesn't fit in 96 bits");
}
/**
* @dev Returns the downcasted int88 from int256, reverting on
* overflow (when the input is less than smallest int88 or
* greater than largest int88).
*
* Counterpart to Solidity's `int88` operator.
*
* Requirements:
*
* - input must fit into 88 bits
*
* _Available since v4.7._
*/
function toInt88(int256 value) internal pure returns (int88 downcasted) {
downcasted = int88(value);
require(downcasted == value, "SafeCast: value doesn't fit in 88 bits");
}
/**
* @dev Returns the downcasted int80 from int256, reverting on
* overflow (when the input is less than smallest int80 or
* greater than largest int80).
*
* Counterpart to Solidity's `int80` operator.
*
* Requirements:
*
* - input must fit into 80 bits
*
* _Available since v4.7._
*/
function toInt80(int256 value) internal pure returns (int80 downcasted) {
downcasted = int80(value);
require(downcasted == value, "SafeCast: value doesn't fit in 80 bits");
}
/**
* @dev Returns the downcasted int72 from int256, reverting on
* overflow (when the input is less than smallest int72 or
* greater than largest int72).
*
* Counterpart to Solidity's `int72` operator.
*
* Requirements:
*
* - input must fit into 72 bits
*
* _Available since v4.7._
*/
function toInt72(int256 value) internal pure returns (int72 downcasted) {
downcasted = int72(value);
require(downcasted == value, "SafeCast: value doesn't fit in 72 bits");
}
/**
* @dev Returns the downcasted int64 from int256, reverting on
* overflow (when the input is less than smallest int64 or
* greater than largest int64).
*
* Counterpart to Solidity's `int64` operator.
*
* Requirements:
*
* - input must fit into 64 bits
*
* _Available since v3.1._
*/
function toInt64(int256 value) internal pure returns (int64 downcasted) {
downcasted = int64(value);
require(downcasted == value, "SafeCast: value doesn't fit in 64 bits");
}
/**
* @dev Returns the downcasted int56 from int256, reverting on
* overflow (when the input is less than smallest int56 or
* greater than largest int56).
*
* Counterpart to Solidity's `int56` operator.
*
* Requirements:
*
* - input must fit into 56 bits
*
* _Available since v4.7._
*/
function toInt56(int256 value) internal pure returns (int56 downcasted) {
downcasted = int56(value);
require(downcasted == value, "SafeCast: value doesn't fit in 56 bits");
}
/**
* @dev Returns the downcasted int48 from int256, reverting on
* overflow (when the input is less than smallest int48 or
* greater than largest int48).
*
* Counterpart to Solidity's `int48` operator.
*
* Requirements:
*
* - input must fit into 48 bits
*
* _Available since v4.7._
*/
function toInt48(int256 value) internal pure returns (int48 downcasted) {
downcasted = int48(value);
require(downcasted == value, "SafeCast: value doesn't fit in 48 bits");
}
/**
* @dev Returns the downcasted int40 from int256, reverting on
* overflow (when the input is less than smallest int40 or
* greater than largest int40).
*
* Counterpart to Solidity's `int40` operator.
*
* Requirements:
*
* - input must fit into 40 bits
*
* _Available since v4.7._
*/
function toInt40(int256 value) internal pure returns (int40 downcasted) {
downcasted = int40(value);
require(downcasted == value, "SafeCast: value doesn't fit in 40 bits");
}
/**
* @dev Returns the downcasted int32 from int256, reverting on
* overflow (when the input is less than smallest int32 or
* greater than largest int32).
*
* Counterpart to Solidity's `int32` operator.
*
* Requirements:
*
* - input must fit into 32 bits
*
* _Available since v3.1._
*/
function toInt32(int256 value) internal pure returns (int32 downcasted) {
downcasted = int32(value);
require(downcasted == value, "SafeCast: value doesn't fit in 32 bits");
}
/**
* @dev Returns the downcasted int24 from int256, reverting on
* overflow (when the input is less than smallest int24 or
* greater than largest int24).
*
* Counterpart to Solidity's `int24` operator.
*
* Requirements:
*
* - input must fit into 24 bits
*
* _Available since v4.7._
*/
function toInt24(int256 value) internal pure returns (int24 downcasted) {
downcasted = int24(value);
require(downcasted == value, "SafeCast: value doesn't fit in 24 bits");
}
/**
* @dev Returns the downcasted int16 from int256, reverting on
* overflow (when the input is less than smallest int16 or
* greater than largest int16).
*
* Counterpart to Solidity's `int16` operator.
*
* Requirements:
*
* - input must fit into 16 bits
*
* _Available since v3.1._
*/
function toInt16(int256 value) internal pure returns (int16 downcasted) {
downcasted = int16(value);
require(downcasted == value, "SafeCast: value doesn't fit in 16 bits");
}
/**
* @dev Returns the downcasted int8 from int256, reverting on
* overflow (when the input is less than smallest int8 or
* greater than largest int8).
*
* Counterpart to Solidity's `int8` operator.
*
* Requirements:
*
* - input must fit into 8 bits
*
* _Available since v3.1._
*/
function toInt8(int256 value) internal pure returns (int8 downcasted) {
downcasted = int8(value);
require(downcasted == value, "SafeCast: value doesn't fit in 8 bits");
}
/**
* @dev Converts an unsigned uint256 into a signed int256.
*
* Requirements:
*
* - input must be less than or equal to maxInt256.
*
* _Available since v3.0._
*/
function toInt256(uint256 value) internal pure returns (int256) {
// Note: Unsafe cast below is okay because `type(int256).max` is guaranteed to be positive
require(value <= uint256(type(int256).max), "SafeCast: value doesn't fit in an int256");
return int256(value);
}
}// SPDX-License-Identifier: AGPL-3.0-or-later pragma solidity ^0.8.8; /// @title IMembership /// @author Aragon X - 2022-2023 /// @notice An interface to be implemented by DAO plugins that define membership. /// @custom:security-contact [email protected] interface IMembership { /// @notice Emitted when members are added to the DAO plugin. /// @param members The list of new members being added. event MembersAdded(address[] members); /// @notice Emitted when members are removed from the DAO plugin. /// @param members The list of existing members being removed. event MembersRemoved(address[] members); /// @notice Emitted to announce the membership being defined by a contract. /// @param definingContract The contract defining the membership. event MembershipContractAnnounced(address indexed definingContract); /// @notice Checks if an account is a member of the DAO. /// @param _account The address of the account to be checked. /// @return Whether the account is a member or not. /// @dev This function must be implemented in the plugin contract that introduces the members to the DAO. function isMember(address _account) external view returns (bool); }
// SPDX-License-Identifier: AGPL-3.0-or-later
pragma solidity ^0.8.8;
import {CheckpointsUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/CheckpointsUpgradeable.sol";
import {_uncheckedAdd, _uncheckedSub} from "../../../utils/math/UncheckedMath.sol";
/// @title Addresslist
/// @author Aragon X - 2021-2023
/// @notice The majority voting implementation using a list of member addresses.
/// @dev This contract inherits from `MajorityVotingBase` and implements the `IMajorityVoting` interface.
/// @custom:security-contact [email protected]
abstract contract Addresslist {
using CheckpointsUpgradeable for CheckpointsUpgradeable.History;
/// @notice The mapping containing the checkpointed history of the address list.
// solhint-disable-next-line named-parameters-mapping
mapping(address => CheckpointsUpgradeable.History) private _addresslistCheckpoints;
/// @notice The checkpointed history of the length of the address list.
CheckpointsUpgradeable.History private _addresslistLengthCheckpoints;
/// @notice Thrown when the address list update is invalid, which can be caused by the addition of an existing member or removal of a non-existing member.
/// @param member The array of member addresses to be added or removed.
error InvalidAddresslistUpdate(address member);
/// @notice Checks if an account is on the address list at a specific block number.
/// @param _account The account address being checked.
/// @param _blockNumber The block number.
/// @return Whether the account is listed at the specified block number.
function isListedAtBlock(
address _account,
uint256 _blockNumber
) public view virtual returns (bool) {
return _addresslistCheckpoints[_account].getAtBlock(_blockNumber) == 1;
}
/// @notice Checks if an account is currently on the address list.
/// @param _account The account address being checked.
/// @return Whether the account is currently listed.
function isListed(address _account) public view virtual returns (bool) {
return _addresslistCheckpoints[_account].latest() == 1;
}
/// @notice Returns the length of the address list at a specific block number.
/// @param _blockNumber The specific block to get the count from. If `0`, then the latest checkpoint value is returned.
/// @return The address list length at the specified block number.
function addresslistLengthAtBlock(uint256 _blockNumber) public view virtual returns (uint256) {
return _addresslistLengthCheckpoints.getAtBlock(_blockNumber);
}
/// @notice Returns the current length of the address list.
/// @return The current address list length.
function addresslistLength() public view virtual returns (uint256) {
return _addresslistLengthCheckpoints.latest();
}
/// @notice Internal function to add new addresses to the address list.
/// @param _newAddresses The new addresses to be added.
function _addAddresses(address[] calldata _newAddresses) internal virtual {
for (uint256 i; i < _newAddresses.length; ) {
if (isListed(_newAddresses[i])) {
revert InvalidAddresslistUpdate(_newAddresses[i]);
}
// Mark the address as listed
_addresslistCheckpoints[_newAddresses[i]].push(1);
unchecked {
++i;
}
}
_addresslistLengthCheckpoints.push(_uncheckedAdd, _newAddresses.length);
}
/// @notice Internal function to remove existing addresses from the address list.
/// @param _exitingAddresses The existing addresses to be removed.
function _removeAddresses(address[] calldata _exitingAddresses) internal virtual {
for (uint256 i; i < _exitingAddresses.length; ) {
if (!isListed(_exitingAddresses[i])) {
revert InvalidAddresslistUpdate(_exitingAddresses[i]);
}
// Mark the address as not listed
_addresslistCheckpoints[_exitingAddresses[i]].push(0);
unchecked {
++i;
}
}
_addresslistLengthCheckpoints.push(_uncheckedSub, _exitingAddresses.length);
}
/// @dev This empty reserved space is put in place to allow future versions to add new
/// variables without shifting down storage in the inheritance chain.
/// https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
uint256[48] private __gap;
}// SPDX-License-Identifier: AGPL-3.0-or-later
pragma solidity ^0.8.8;
import {CountersUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/CountersUpgradeable.sol";
import {ERC165Upgradeable} from "@openzeppelin/contracts-upgradeable/utils/introspection/ERC165Upgradeable.sol";
import {IProposal} from "./IProposal.sol";
/// @title ProposalUpgradeable
/// @author Aragon X - 2022-2024
/// @notice An abstract contract containing the traits and internal functionality to create and execute proposals
/// that can be inherited by upgradeable DAO plugins.
/// @custom:security-contact [email protected]
abstract contract ProposalUpgradeable is IProposal, ERC165Upgradeable {
using CountersUpgradeable for CountersUpgradeable.Counter;
error FunctionDeprecated();
/// @notice The incremental ID for proposals and executions.
CountersUpgradeable.Counter private proposalCounter;
/// @inheritdoc IProposal
function proposalCount() public view virtual override returns (uint256) {
revert FunctionDeprecated();
}
/// @notice Creates a proposal Id.
/// @dev Uses block number and chain id to ensure more probability of uniqueness.
/// @param _salt The extra salt to help with uniqueness.
/// @return The id of the proposal.
function _createProposalId(bytes32 _salt) internal view virtual returns (uint256) {
return uint256(keccak256(abi.encode(block.chainid, block.number, address(this), _salt)));
}
/// @notice Checks if this or the parent contract supports an interface by its ID.
/// @dev In addition to the current interfaceId, also support previous version of the interfaceId
/// that did not include the following functions:
/// `createProposal`, `hasSucceeded`, `execute`, `canExecute`, `customProposalParamsABI`.
/// @param _interfaceId The ID of the interface.
/// @return Returns `true` if the interface is supported.
function supportsInterface(bytes4 _interfaceId) public view virtual override returns (bool) {
return
_interfaceId ==
type(IProposal).interfaceId ^
IProposal.createProposal.selector ^
IProposal.hasSucceeded.selector ^
IProposal.execute.selector ^
IProposal.canExecute.selector ^
IProposal.customProposalParamsABI.selector ||
_interfaceId == type(IProposal).interfaceId ||
super.supportsInterface(_interfaceId);
}
/// @notice This empty reserved space is put in place to allow future versions to add new variables
/// without shifting down storage in the inheritance chain
/// (see [OpenZeppelin's guide about storage gaps](https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps)).
uint256[49] private __gap;
}// SPDX-License-Identifier: AGPL-3.0-or-later
pragma solidity ^0.8.8;
import {ERC165Upgradeable} from "@openzeppelin/contracts-upgradeable/utils/introspection/ERC165Upgradeable.sol";
import {DaoAuthorizableUpgradeable} from "../../permission/auth/DaoAuthorizableUpgradeable.sol";
/// @title MetadataExtensionUpgradeable
/// @author Aragon X - 2024
/// @notice An abstract, upgradeable contract for managing and retrieving metadata associated with a plugin.
/// @dev Due to the requirements that already existing upgradeable plugins need to start inheritting from this,
/// we're required to use hardcoded/specific slots for storage instead of sequential slots with gaps.
/// @custom:security-contact [email protected]
abstract contract MetadataExtensionUpgradeable is ERC165Upgradeable, DaoAuthorizableUpgradeable {
/// @notice The ID of the permission required to call the `setMetadata` function.
bytes32 public constant SET_METADATA_PERMISSION_ID = keccak256("SET_METADATA_PERMISSION");
// keccak256(abi.encode(uint256(keccak256("osx-commons.storage.MetadataExtension")) - 1)) & ~bytes32(uint256(0xff))
// solhint-disable-next-line const-name-snakecase
bytes32 private constant MetadataExtensionStorageLocation =
0x47ff9796f72d439c6e5c30a24b9fad985a00c85a9f2258074c400a94f8746b00;
/// @notice Emitted when metadata is updated.
event MetadataSet(bytes metadata);
struct MetadataExtensionStorage {
bytes metadata;
}
function _getMetadataExtensionStorage()
private
pure
returns (MetadataExtensionStorage storage $)
{
// solhint-disable-next-line no-inline-assembly
assembly {
$.slot := MetadataExtensionStorageLocation
}
}
/// @notice Checks if this or the parent contract supports an interface by its ID.
/// @param _interfaceId The ID of the interface.
/// @return Returns `true` if the interface is supported.
function supportsInterface(bytes4 _interfaceId) public view virtual override returns (bool) {
return
_interfaceId == this.setMetadata.selector ^ this.getMetadata.selector ||
super.supportsInterface(_interfaceId);
}
/// @notice Allows to update only the metadata.
/// @param _metadata The utf8 bytes of a content addressing cid that stores plugin's information.
function setMetadata(bytes calldata _metadata) public virtual auth(SET_METADATA_PERMISSION_ID) {
_setMetadata(_metadata);
}
/// @notice Returns the metadata currently applied.
/// @return The The utf8 bytes of a content addressing cid.
function getMetadata() public view returns (bytes memory) {
MetadataExtensionStorage storage $ = _getMetadataExtensionStorage();
return $.metadata;
}
/// @notice Internal function to update metadata.
/// @param _metadata The utf8 bytes of a content addressing cid that stores contract's information.
function _setMetadata(bytes memory _metadata) internal virtual {
MetadataExtensionStorage storage $ = _getMetadataExtensionStorage();
$.metadata = _metadata;
emit MetadataSet(_metadata);
}
}// SPDX-License-Identifier: AGPL-3.0-or-later pragma solidity ^0.8.8; /// @title IMultisig /// @author Aragon X - 2022-2024 /// @notice An interface for an on-chain multisig governance plugin in which a proposal passes /// if X out of Y approvals are met. /// @custom:security-contact [email protected] interface IMultisig { /// @notice Adds new members to the address list. Previously, it checks if the new address /// list length would be greater than `type(uint16).max`, the maximal number of approvals. /// @param _members The addresses of the members to be added. function addAddresses(address[] calldata _members) external; /// @notice Removes existing members from the address list. Previously, it checks if the /// new address list length is at least as long as the minimum approvals parameter requires. /// Note that `minApprovals` is must be at least 1 so the address list cannot become empty. /// @param _members The addresses of the members to be removed. function removeAddresses(address[] calldata _members) external; /// @notice Records an approval for a proposal and, if specified, attempts execution if certain conditions are met. /// @param _proposalId The ID of the proposal to approve. /// @param _tryExecution If `true`, attempts execution of the proposal after approval, without reverting on failure. function approve(uint256 _proposalId, bool _tryExecution) external; /// @notice Checks if an account is eligible to participate in a proposal vote. /// Confirms that the proposal is open, the account is listed as a member, /// and the account has not previously voted or approved this proposal. /// @param _proposalId The ID of the proposal. /// @param _account The address of the account to check. /// @return True if the account is eligible to vote. function canApprove(uint256 _proposalId, address _account) external view returns (bool); /// @notice Checks if a proposal can be executed. /// @param _proposalId The ID of the proposal to be checked. /// @return True if the proposal can be executed, false otherwise. function canExecute(uint256 _proposalId) external view returns (bool); /// @notice Returns whether the account has approved the proposal. /// @param _proposalId The ID of the proposal. /// @param _account The account address to be checked. /// @return The vote option cast by a voter for a certain proposal. function hasApproved(uint256 _proposalId, address _account) external view returns (bool); /// @notice Executes a proposal if all execution conditions are met. /// @param _proposalId The ID of the proposal to be executed. function execute(uint256 _proposalId) external; }
// SPDX-License-Identifier: AGPL-3.0-or-later
pragma solidity ^0.8.8;
import {ERC165} from "@openzeppelin/contracts/utils/introspection/ERC165.sol";
import {IProtocolVersion} from "../../utils/versioning/IProtocolVersion.sol";
import {ProtocolVersion} from "../../utils/versioning/ProtocolVersion.sol";
import {IPluginSetup} from "./IPluginSetup.sol";
/// @title PluginUpgradeableSetup
/// @author Aragon X - 2022-2024
/// @notice An abstract contract to inherit from to implement the plugin setup for upgradeable plugins, i.e, `PluginUUPSUpgradeable` being deployed via the UUPS pattern (see [ERC-1822](https://eips.ethereum.org/EIPS/eip-1822) and [ERC-1967](https://eips.ethereum.org/EIPS/eip-1967)).
/// @custom:security-contact [email protected]
abstract contract PluginUpgradeableSetup is ERC165, IPluginSetup, ProtocolVersion {
/// @notice The address of the plugin implementation contract for initial block explorer verification
/// and to create [ERC-1967](https://eips.ethereum.org/EIPS/eip-1967) UUPS proxies from.
address internal immutable IMPLEMENTATION;
/// @notice Thrown when an update path is not available, for example, if this is the initial build.
/// @param fromBuild The build number to update from.
/// @param thisBuild The build number of this setup to update to.
error InvalidUpdatePath(uint16 fromBuild, uint16 thisBuild);
/// @notice The contract constructor, that setting the plugin implementation contract.
/// @param _implementation The address of the plugin implementation contract.
constructor(address _implementation) {
IMPLEMENTATION = _implementation;
}
/// @notice Checks if this or the parent contract supports an interface by its ID.
/// @param _interfaceId The ID of the interface.
/// @return Returns `true` if the interface is supported.
function supportsInterface(bytes4 _interfaceId) public view virtual override returns (bool) {
return
_interfaceId == type(IPluginSetup).interfaceId ||
_interfaceId == type(IProtocolVersion).interfaceId ||
super.supportsInterface(_interfaceId);
}
/// @inheritdoc IPluginSetup
function implementation() public view returns (address) {
return IMPLEMENTATION;
}
}// SPDX-License-Identifier: AGPL-3.0-or-later
pragma solidity ^0.8.8;
import {Multisig} from "./Multisig.sol";
import {IPermissionCondition} from "@aragon/osx-commons-contracts/src/permission/condition/IPermissionCondition.sol";
import {PermissionCondition} from "@aragon/osx-commons-contracts/src/permission/condition/PermissionCondition.sol";
/// @title ListedCheckCondition
/// @author Aragon X - 2024
/// @notice A condition contract that checks if an address is listed as a member in the associated Multisig contract.
/// @custom:security-contact [email protected]
contract ListedCheckCondition is PermissionCondition {
/// @notice The immutable address of the Multisig plugin used for fetching plugin settings.
Multisig private immutable MULTISIG;
/// @notice Initializes the condition with the address of the Multisig plugin.
/// @param _multisig The address of the Multisig plugin that stores listing and other configuration settings.
constructor(address _multisig) {
MULTISIG = Multisig(_multisig);
}
/// @inheritdoc IPermissionCondition
function isGranted(
address _where,
address _who,
bytes32 _permissionId,
bytes calldata _data
) public view override returns (bool) {
(_where, _data, _permissionId);
(bool onlyListed, ) = MULTISIG.multisigSettings();
if (onlyListed && !MULTISIG.isListed(_who)) {
return false;
}
return true;
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (proxy/ERC1967/ERC1967Proxy.sol)
pragma solidity ^0.8.0;
import "../Proxy.sol";
import "./ERC1967Upgrade.sol";
/**
* @dev This contract implements an upgradeable proxy. It is upgradeable because calls are delegated to an
* implementation address that can be changed. This address is stored in storage in the location specified by
* https://eips.ethereum.org/EIPS/eip-1967[EIP1967], so that it doesn't conflict with the storage layout of the
* implementation behind the proxy.
*/
contract ERC1967Proxy is Proxy, ERC1967Upgrade {
/**
* @dev Initializes the upgradeable proxy with an initial implementation specified by `_logic`.
*
* If `_data` is nonempty, it's used as data in a delegate call to `_logic`. This will typically be an encoded
* function call, and allows initializing the storage of the proxy like a Solidity constructor.
*/
constructor(address _logic, bytes memory _data) payable {
_upgradeToAndCall(_logic, _data, false);
}
/**
* @dev Returns the current implementation address.
*/
function _implementation() internal view virtual override returns (address impl) {
return ERC1967Upgrade._getImplementation();
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (governance/utils/IVotes.sol)
pragma solidity ^0.8.0;
/**
* @dev Common interface for {ERC20Votes}, {ERC721Votes}, and other {Votes}-enabled contracts.
*
* _Available since v4.5._
*/
interface IVotesUpgradeable {
/**
* @dev Emitted when an account changes their delegate.
*/
event DelegateChanged(address indexed delegator, address indexed fromDelegate, address indexed toDelegate);
/**
* @dev Emitted when a token transfer or delegate change results in changes to a delegate's number of votes.
*/
event DelegateVotesChanged(address indexed delegate, uint256 previousBalance, uint256 newBalance);
/**
* @dev Returns the current amount of votes that `account` has.
*/
function getVotes(address account) external view returns (uint256);
/**
* @dev Returns the amount of votes that `account` had at a specific moment in the past. If the `clock()` is
* configured to use block numbers, this will return the value at the end of the corresponding block.
*/
function getPastVotes(address account, uint256 timepoint) external view returns (uint256);
/**
* @dev Returns the total supply of votes available at a specific moment in the past. If the `clock()` is
* configured to use block numbers, this will return the value at the end of the corresponding block.
*
* NOTE: This value is the sum of all available votes, which is not necessarily the sum of all delegated votes.
* Votes that have not been delegated are still part of total supply, even though they would not participate in a
* vote.
*/
function getPastTotalSupply(uint256 timepoint) external view returns (uint256);
/**
* @dev Returns the delegate that `account` has chosen.
*/
function delegates(address account) external view returns (address);
/**
* @dev Delegates votes from the sender to `delegatee`.
*/
function delegate(address delegatee) external;
/**
* @dev Delegates votes from signer to `delegatee`.
*/
function delegateBySig(address delegatee, uint256 nonce, uint256 expiry, uint8 v, bytes32 r, bytes32 s) external;
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (security/ReentrancyGuard.sol)
pragma solidity ^0.8.0;
import "../proxy/utils/Initializable.sol";
/**
* @dev Contract module that helps prevent reentrant calls to a function.
*
* Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier
* available, which can be applied to functions to make sure there are no nested
* (reentrant) calls to them.
*
* Note that because there is a single `nonReentrant` guard, functions marked as
* `nonReentrant` may not call one another. This can be worked around by making
* those functions `private`, and then adding `external` `nonReentrant` entry
* points to them.
*
* TIP: If you would like to learn more about reentrancy and alternative ways
* to protect against it, check out our blog post
* https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul].
*/
abstract contract ReentrancyGuardUpgradeable is Initializable {
// Booleans are more expensive than uint256 or any type that takes up a full
// word because each write operation emits an extra SLOAD to first read the
// slot's contents, replace the bits taken up by the boolean, and then write
// back. This is the compiler's defense against contract upgrades and
// pointer aliasing, and it cannot be disabled.
// The values being non-zero value makes deployment a bit more expensive,
// but in exchange the refund on every call to nonReentrant will be lower in
// amount. Since refunds are capped to a percentage of the total
// transaction's gas, it is best to keep them low in cases like this one, to
// increase the likelihood of the full refund coming into effect.
uint256 private constant _NOT_ENTERED = 1;
uint256 private constant _ENTERED = 2;
uint256 private _status;
function __ReentrancyGuard_init() internal onlyInitializing {
__ReentrancyGuard_init_unchained();
}
function __ReentrancyGuard_init_unchained() internal onlyInitializing {
_status = _NOT_ENTERED;
}
/**
* @dev Prevents a contract from calling itself, directly or indirectly.
* Calling a `nonReentrant` function from another `nonReentrant`
* function is not supported. It is possible to prevent this from happening
* by making the `nonReentrant` function external, and making it call a
* `private` function that does the actual work.
*/
modifier nonReentrant() {
_nonReentrantBefore();
_;
_nonReentrantAfter();
}
function _nonReentrantBefore() private {
// On the first call to nonReentrant, _status will be _NOT_ENTERED
require(_status != _ENTERED, "ReentrancyGuard: reentrant call");
// Any calls to nonReentrant after this point will fail
_status = _ENTERED;
}
function _nonReentrantAfter() private {
// By storing the original value once again, a refund is triggered (see
// https://eips.ethereum.org/EIPS/eip-2200)
_status = _NOT_ENTERED;
}
/**
* @dev Returns true if the reentrancy guard is currently set to "entered", which indicates there is a
* `nonReentrant` function in the call stack.
*/
function _reentrancyGuardEntered() internal view returns (bool) {
return _status == _ENTERED;
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[49] private __gap;
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (security/Pausable.sol)
pragma solidity ^0.8.0;
import "../utils/ContextUpgradeable.sol";
import "../proxy/utils/Initializable.sol";
/**
* @dev Contract module which allows children to implement an emergency stop
* mechanism that can be triggered by an authorized account.
*
* This module is used through inheritance. It will make available the
* modifiers `whenNotPaused` and `whenPaused`, which can be applied to
* the functions of your contract. Note that they will not be pausable by
* simply including this module, only once the modifiers are put in place.
*/
abstract contract PausableUpgradeable is Initializable, ContextUpgradeable {
/**
* @dev Emitted when the pause is triggered by `account`.
*/
event Paused(address account);
/**
* @dev Emitted when the pause is lifted by `account`.
*/
event Unpaused(address account);
bool private _paused;
/**
* @dev Initializes the contract in unpaused state.
*/
function __Pausable_init() internal onlyInitializing {
__Pausable_init_unchained();
}
function __Pausable_init_unchained() internal onlyInitializing {
_paused = false;
}
/**
* @dev Modifier to make a function callable only when the contract is not paused.
*
* Requirements:
*
* - The contract must not be paused.
*/
modifier whenNotPaused() {
_requireNotPaused();
_;
}
/**
* @dev Modifier to make a function callable only when the contract is paused.
*
* Requirements:
*
* - The contract must be paused.
*/
modifier whenPaused() {
_requirePaused();
_;
}
/**
* @dev Returns true if the contract is paused, and false otherwise.
*/
function paused() public view virtual returns (bool) {
return _paused;
}
/**
* @dev Throws if the contract is paused.
*/
function _requireNotPaused() internal view virtual {
require(!paused(), "Pausable: paused");
}
/**
* @dev Throws if the contract is not paused.
*/
function _requirePaused() internal view virtual {
require(paused(), "Pausable: not paused");
}
/**
* @dev Triggers stopped state.
*
* Requirements:
*
* - The contract must not be paused.
*/
function _pause() internal virtual whenNotPaused {
_paused = true;
emit Paused(_msgSender());
}
/**
* @dev Returns to normal state.
*
* Requirements:
*
* - The contract must be paused.
*/
function _unpause() internal virtual whenPaused {
_paused = false;
emit Unpaused(_msgSender());
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[49] private __gap;
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import {
IERC721Enumerable
} from "@openzeppelin/contracts/token/ERC721/extensions/IERC721Enumerable.sol";
interface IERC721EnumerableMintableBurnable is IERC721Enumerable {
function mint(address to, uint256 tokenId) external;
function burn(uint256 tokenId) external;
function isApprovedOrOwner(address spender, uint256 tokenId) external view returns (bool);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (interfaces/IERC6372.sol)
pragma solidity ^0.8.0;
interface IERC6372 {
/**
* @dev Clock used for flagging checkpoints. Can be overridden to implement timestamp based checkpoints (and voting).
*/
function clock() external view returns (uint48);
/**
* @dev Description of the clock
*/
// solhint-disable-next-line func-name-mixedcase
function CLOCK_MODE() external view returns (string memory);
}// SPDX-License-Identifier: AGPL-3.0-or-later
pragma solidity ^0.8.8;
import {ContextUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol";
import {IDAO} from "../../dao/IDAO.sol";
import {_auth} from "./auth.sol";
/// @title DaoAuthorizableUpgradeable
/// @author Aragon X - 2022-2023
/// @notice An abstract contract providing a meta-transaction compatible modifier for upgradeable or cloneable contracts to authorize function calls through an associated DAO.
/// @dev Make sure to call `__DaoAuthorizableUpgradeable_init` during initialization of the inheriting contract.
/// @custom:security-contact [email protected]
abstract contract DaoAuthorizableUpgradeable is ContextUpgradeable {
/// @notice The associated DAO managing the permissions of inheriting contracts.
IDAO private dao_;
/// @notice Initializes the contract by setting the associated DAO.
/// @param _dao The associated DAO address.
// solhint-disable-next-line func-name-mixedcase
function __DaoAuthorizableUpgradeable_init(IDAO _dao) internal onlyInitializing {
dao_ = _dao;
}
/// @notice Returns the DAO contract.
/// @return The DAO contract.
function dao() public view returns (IDAO) {
return dao_;
}
/// @notice A modifier to make functions on inheriting contracts authorized. Permissions to call the function are checked through the associated DAO's permission manager.
/// @param _permissionId The permission identifier required to call the method this modifier is applied to.
modifier auth(bytes32 _permissionId) {
_auth(dao_, address(this), _msgSender(), _permissionId, _msgData());
_;
}
/// @notice This empty reserved space is put in place to allow future versions to add new variables without shifting down storage in the inheritance chain (see [OpenZeppelin's guide about storage gaps](https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps)).
uint256[49] private __gap;
}/// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "./IVotingEscrowIncreasing.sol";
import {IEscrowIVotesAdapter, IDelegateUpdateVotingPower} from "@delegation/IEscrowIVotesAdapter.sol";
interface IVotingEscrowExiting {
/// @notice How much amount has been exiting.
/// @return total The total amount for which beginWithdrawal has been called
/// but withdraw has not yet been executed.
function currentExitingAmount() external view returns (uint256);
}
interface IMergeEventsAndErrors {
event Merged(
address indexed _sender,
uint256 indexed _from,
uint256 indexed _to,
uint208 _amountFrom,
uint208 _amountTo,
uint208 _amountFinal
);
error CannotMerge(uint256 _from, uint256 _to);
error SameNFT();
}
interface IMerge is ILockedBalanceIncreasing, IMergeEventsAndErrors {
/// @notice Merge two tokens - i.e `from` into `_to`.
/// @param _from The token id from which merge is occuring
/// @param _to The token id to which `_from` is merging
function merge(uint256 _from, uint256 _to) external;
/// @notice Whether 2 tokens can be merged.
/// @param _from The token id from which merge should occur.
/// @param _to The token id to which `_from` should merge.
function canMerge(
LockedBalance memory _from,
LockedBalance memory _to
) external view returns (bool);
}
interface ISplitEventsAndErrors {
event Split(
uint256 indexed _from,
uint256 indexed newTokenId,
address _sender,
uint208 _splitAmount1,
uint208 _splitAmount2
);
event SplitWhitelistSet(address indexed account, bool status);
error SplitNotWhitelisted();
error SplitAmountTooBig();
}
interface ISplit is ISplitEventsAndErrors {
/// @notice Split token into two new, separate tokens.
/// @param _from The token id that should be split
/// @param _value The amount that determines how token is split
/// @return _newTokenId The new token id after split.
function split(
uint256 _from,
uint256 _value
) external returns (uint256 _newTokenId);
}
interface IDelegateMoveVoteCaller {
/// @notice After a token transfer, decreases `_from`'s voting power and increases `_to`'s voting power.
/// @dev Called upon a token transfer.
/// @param _from The current delegatee of `_tokenId`.
/// @param _to The new delegatee of `_tokenId`
/// @param _tokenId The token id that is being transferred.
function moveDelegateVotes(
address _from,
address _to,
uint256 _tokenId
) external;
}
interface IVotingEscrowIncreasingV1_2_0 is
IVotingEscrowIncreasing,
IVotingEscrowExiting,
IMerge,
ISplit,
IDelegateUpdateVotingPower,
IDelegateMoveVoteCaller
{}/// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "./IClock.sol";
interface IClockV1_2_0 is IClock {
function epochPrevCheckpointTs() external view returns (uint256);
function resolveEpochPrevCheckpointTs(uint256 timestamp) external pure returns (uint256);
}/// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import {
IVotesUpgradeable
} from "@openzeppelin/contracts-upgradeable/governance/utils/IVotesUpgradeable.sol";
import {ILockedBalanceIncreasing} from "@escrow/IVotingEscrowIncreasing.sol";
interface IEscrowIVotesAdapterErrorsAndEvents {
event AutoDelegationDisabledSet(address indexed delegate, bool enabled);
event TokensDelegated(address indexed sender, address indexed delegatee, uint256[] tokenIds);
event TokensUndelegated(address indexed sender, address indexed delegatee, uint256[] tokenIds);
error OnlyEscrow();
error DelegateBySigNotSupported();
error NotApprovedOrOwner();
error InvalidTokenId();
error DelegationNotAllowed();
error DelegateeNotSet();
error TokenAlreadyDelegated(uint256 tokenId);
error TokenNotDelegated(uint256 tokenId);
error VotingPowerZero(uint256 tokenId);
error TokenListEmpty();
error ZeroTransition();
}
interface IDelegateMoveVoteRecipient {
struct TokenLock {
address account;
uint256 tokenId;
ILockedBalanceIncreasing.LockedBalance locked;
}
/// @notice The hook function that is called upon `split`.
function splitDelegateVotes(TokenLock calldata _from, TokenLock calldata _to) external;
/// @notice The hook function that is called upon `merge`.
function mergeDelegateVotes(TokenLock calldata _from, TokenLock calldata _to) external;
/// @notice After a token transfer, decreases `_from`'s voting power and increases `_to`'s voting power.
/// @dev Called upon a token transfer or create lock.
/// @param _from The current delegatee of `_tokenId`.
/// @param _to The new delegatee of `_tokenId`
/// @param _tokenId The token id that is being transferred.
/// @param _locked The lock data of the token.
function moveDelegateVotes(
address _from,
address _to,
uint256 _tokenId,
ILockedBalanceIncreasing.LockedBalance memory _locked
) external;
}
interface IDelegateUpdateVotingPower {
/// @notice Updates current voting power of `_from` and `_to`.
/// @dev Called upon a token transfer and delegate/undelegate.
function updateVotingPower(address _from, address _to) external;
}
interface IEscrowIVotesAdapterStorage {
struct GlobalPoint {
int256 bias;
int256 slope;
uint48 writtenTs;
}
}
interface IEscrowIVotesAdapter is
IEscrowIVotesAdapterErrorsAndEvents,
IEscrowIVotesAdapterStorage,
IDelegateMoveVoteRecipient,
IVotesUpgradeable
{
/// @notice Allows to delegate `_tokenIds` to the current delegatee
/// which is set by IVotes's `delegate` function.
/// @param _tokenIds The list of token ids that are being delegated.
function delegate(uint256[] calldata _tokenIds) external;
/// @notice Allows to un-delegate `_tokenIds` from the current delegatee
/// which was set by delegate.
/// @param _tokenIds The list of token ids that are being un-delegated.
function undelegate(uint256[] calldata _tokenIds) external;
/// @notice Check if the token is currently delegated or not.
function tokenIsDelegated(uint256 _tokenId) external view returns (bool);
/// @notice Returns the current delegatee of `_account`.
function delegates(address _account) external view returns (address);
}/// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
// The initial bias is scaled by a multiplier, which defaults to 1x (no scaling).
// To start with a higher initial bias (e.g., 1.5x the amount), update this value accordingly.
// For example, set it to 1.5 in case you want to start with 1.5 * amount.
int256 constant INITIAL_BIAS_MULTIPLIER = 1;
/// @title CurveConstantLib
/// @notice Precomputed coefficients for escrow curve
/// Below are the shared coefficients for the linear and quadratic terms
/// @dev This curve goes from 1x -> 2x voting power over a 2 year time horizon
/// Epochs are still 2 weeks long
library CurveConstantLib {
int256 internal constant SHARED_CONSTANT_COEFFICIENT = INITIAL_BIAS_MULTIPLIER * 1e18;
/// @dev straight line so the curve is increasing only in the linear term
/// 1 / (52 * SECONDS_IN_2_WEEKS)
int256 internal constant SHARED_LINEAR_COEFFICIENT = 1e18 / (int256(MAX_EPOCHS) * 2 weeks);
/// @dev this curve is linear
int256 internal constant SHARED_QUADRATIC_COEFFICIENT = 0;
/// @dev the maxiumum number of epochs the cure can keep increasing
/// 26 epochs in a year, 2 years = 52 epochs
uint256 internal constant MAX_EPOCHS = 52;
function getCoefficients() internal pure returns (int256[3] memory, uint256) {
int256[3] memory coefficients;
coefficients[0] = SHARED_CONSTANT_COEFFICIENT;
coefficients[1] = SHARED_LINEAR_COEFFICIENT;
coefficients[2] = SHARED_QUADRATIC_COEFFICIENT;
uint256 maxEpoch = MAX_EPOCHS;
return (coefficients, maxEpoch);
}
}/// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "@solmate/utils/SignedWadMath.sol";
error NegativeBase();
// shared interface for fixed point math implementations.
library SignedFixedPointMath {
// solmate does this unchecked to save gas, easier to do this here
// be extremely careful that you are doing all operations in FP
// unlike PRB Math (unsupported in solidity 0.8.17)
// solmate will not warn you that you are operating in scaled down mode
function toFP(int256 x) internal pure returns (int256) {
return x * 1e18;
}
function fromFP(int256 x) internal pure returns (int256) {
return x / 1e18;
}
function mul(int256 x, int256 y) internal pure returns (int256) {
return wadMul(x, y);
}
function div(int256 x, int256 y) internal pure returns (int256) {
return wadDiv(x, y);
}
function add(int256 x, int256 y) internal pure returns (int256) {
return x + y;
}
function sub(int256 x, int256 y) internal pure returns (int256) {
return x - y;
}
function pow(int256 x, int256 y) internal pure returns (int256) {
if (x < 0) revert NegativeBase();
if (x == 0) return 0;
return wadPow(x, y);
}
function lt(int256 x, int256 y) internal pure returns (bool) {
return x < y;
}
function gt(int256 x, int256 y) internal pure returns (bool) {
return x > y;
}
}/// SPDX-License-Identifier: MIT
pragma solidity ^0.8.17;
import {
IVotesUpgradeable
} from "@openzeppelin/contracts-upgradeable/governance/utils/IVotesUpgradeable.sol";
import {
PausableUpgradeable as Pausable
} from "@openzeppelin/contracts-upgradeable/security/PausableUpgradeable.sol";
import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
import {
IVotingEscrowIncreasingV1_2_0 as IVotingEscrow,
ILockedBalanceIncreasing
} from "@escrow/IVotingEscrowIncreasing_v1_2_0.sol";
import {IEscrowIVotesAdapter, IDelegateMoveVoteRecipient} from "./IEscrowIVotesAdapter.sol";
abstract contract DelegationHelper is IEscrowIVotesAdapter, Pausable, UUPSUpgradeable {
/// @notice Address of the voting escrow contract that will track voting power
address public escrow;
/// @notice the mapping that stores how many token an address has delegated currently.
mapping(address => uint256) public numberOfDelegatedTokens;
/// @notice Efficiently stores which token is delegated.
mapping(uint256 => uint256) private delegatedBitmap;
error IncorrectTokenIds();
modifier onlyEscrow() {
if (_msgSender() != escrow) {
revert OnlyEscrow();
}
_;
}
/// @notice The initializer.
function __DelegationHelper_init(address _escrow) internal onlyInitializing {
escrow = _escrow;
}
/// @inheritdoc IDelegateMoveVoteRecipient
function splitDelegateVotes(
TokenLock calldata _from,
TokenLock calldata _to
) public virtual whenNotPaused onlyEscrow {
if (_from.tokenId == 0 || _to.tokenId == 0) {
revert IncorrectTokenIds();
}
// If `x` is split into `x` and `y`, and `x` is delegated,
// then automatically delegate `y` as well. This is to ensure that
// later on, delegating `y` manually will revert, otherwise it would
// cause votes to be double spent as original `x` that was delegated
// already included the amount of `y`.
if (tokenIsDelegated(_from.tokenId)) {
numberOfDelegatedTokens[_from.account]++;
_setDelegated(_to.tokenId, true);
emit TokensDelegated(_to.account, delegates(_to.account), _getTokenIdList(_to.tokenId));
}
}
/// @inheritdoc IDelegateMoveVoteRecipient
function mergeDelegateVotes(
TokenLock calldata _from,
TokenLock calldata _to
) public virtual whenNotPaused onlyEscrow {
if (_from.tokenId == 0 || _to.tokenId == 0) {
revert IncorrectTokenIds();
}
bool isFromTokenDelegated = tokenIsDelegated(_from.tokenId);
bool isToTokenDelegated = tokenIsDelegated(_to.tokenId);
address fromDelegatee = delegates(_from.account);
if (!isFromTokenDelegated) {
// from is not delegated and to is delegated.
if (isToTokenDelegated) {
(int256 bias, int256 slope) = _getBiasAndSlope(
fromDelegatee,
_from.locked,
_positive
);
_checkpoint(bias, slope, fromDelegatee);
}
// If none of them are delegated, do nothing.
} else {
// from is delegated and to is delegated.
// since both are already delegated, their amounts are already included in checkpoints.
// We only need to mark `from` as false and decrease count since `from` actually
// gets burnt(note that its amount moves in `to`)
if (isToTokenDelegated) {
numberOfDelegatedTokens[_from.account]--;
} else {
// from is delegated, but `to` is not delegated.
// We must add `to`'s amount in the checkpoints. Otherwise, after the merge,
// user can manually delegate `to` which's vp at the time will include
// the total amount after the merge. This will cause double spend.
// lock needs to be `to`'s amount.
(int256 bias, int256 slope) = _getBiasAndSlope(
fromDelegatee,
_to.locked,
_positive
);
_checkpoint(bias, slope, fromDelegatee);
_setDelegated(_to.tokenId, true);
emit TokensDelegated(
_to.account,
delegates(_to.account),
_getTokenIdList(_to.tokenId)
);
}
_setDelegated(_from.tokenId, false);
emit TokensUndelegated(_from.account, fromDelegatee, _getTokenIdList(_from.tokenId));
}
}
/// @inheritdoc IDelegateMoveVoteRecipient
/// @dev This is called on `transfer`, `withdraw` and `createLock`.
/// @notice Assumes that: if this is called on transfer, then it can only be called if _from and _to are different.
function moveDelegateVotes(
address _from,
address _to,
uint256 _tokenId,
IVotingEscrow.LockedBalance memory _locked
) public virtual whenNotPaused onlyEscrow {
address fromDelegatee = delegates(_from);
address toDelegatee = delegates(_to);
// undelegated src and recipient, no balances to update
if (fromDelegatee == address(0) && toDelegatee == address(0)) {
return;
}
uint256[] memory tokenIds = _getTokenIdList(_tokenId);
if (fromDelegatee != address(0)) {
if (tokenIsDelegated(_tokenId)) {
(int256 bias, int256 slope) = _getBiasAndSlope(fromDelegatee, _locked, _negative);
_checkpoint(bias, slope, fromDelegatee);
numberOfDelegatedTokens[_from]--;
emit TokensUndelegated(_from, fromDelegatee, tokenIds);
}
}
if (toDelegatee != address(0)) {
(int256 bias, int256 slope) = _getBiasAndSlope(toDelegatee, _locked, _positive);
_checkpoint(bias, slope, toDelegatee);
numberOfDelegatedTokens[_to]++;
_setDelegated(_tokenId, true);
emit TokensDelegated(_to, toDelegatee, tokenIds);
} else {
// else this is new delegate voting power being burned
_setDelegated(_tokenId, false);
}
if (fromDelegatee != toDelegatee) {
IVotingEscrow(escrow).updateVotingPower(fromDelegatee, toDelegatee);
}
}
/// @dev Whether token is currently delegated or not.
function tokenIsDelegated(uint256 tokenId) public view virtual returns (bool) {
uint256 bucket = tokenId >> 8;
uint256 mask = 1 << (tokenId & 0xff);
return (delegatedBitmap[bucket] & mask) != 0;
}
/// @dev Internal helper function to set token delegated to true by using bitmap operations.
function _setDelegated(uint256 tokenId, bool value) internal virtual {
uint256 bucket = tokenId >> 8; // tokenId / 256
uint256 mask = 1 << (tokenId & 0xff); // tokenId % 256
if (value) {
delegatedBitmap[bucket] |= mask;
} else {
delegatedBitmap[bucket] &= ~mask;
}
}
function _positive(int256 _value) internal pure returns (int256) {
return _value;
}
function _negative(int256 _value) internal pure returns (int256) {
return -_value;
}
function _getTokenIdList(uint256 _tokenId) private pure returns (uint256[] memory tokenIds) {
tokenIds = new uint256[](1);
tokenIds[0] = _tokenId;
}
/*//////////////////////////////////////////////////////////////
Abstract Functions.
//////////////////////////////////////////////////////////////*/
function delegates(address _account) public view virtual returns (address);
function _getBiasAndSlope(
address _delegatee,
IVotingEscrow.LockedBalance memory _locked,
function(int256) view returns (int256) op
) internal virtual returns (int256, int256);
function _checkpoint(
int256 _totalBias,
int256 _totalSlope,
address _delegatee
) internal virtual;
function _checkpoint(
int256 _totalBias,
int256 _totalSlope,
address _delegatee,
uint256 _transitionCount
) internal virtual;
/// @dev Reserved storage space to allow for layout changes in the future.
uint256[47] private __gap;
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/ERC20.sol)
pragma solidity ^0.8.0;
import "./IERC20.sol";
import "./extensions/IERC20Metadata.sol";
import "../../utils/Context.sol";
/**
* @dev Implementation of the {IERC20} interface.
*
* This implementation is agnostic to the way tokens are created. This means
* that a supply mechanism has to be added in a derived contract using {_mint}.
* For a generic mechanism see {ERC20PresetMinterPauser}.
*
* TIP: For a detailed writeup see our guide
* https://forum.openzeppelin.com/t/how-to-implement-erc20-supply-mechanisms/226[How
* to implement supply mechanisms].
*
* The default value of {decimals} is 18. To change this, you should override
* this function so it returns a different value.
*
* We have followed general OpenZeppelin Contracts guidelines: functions revert
* instead returning `false` on failure. This behavior is nonetheless
* conventional and does not conflict with the expectations of ERC20
* applications.
*
* Additionally, an {Approval} event is emitted on calls to {transferFrom}.
* This allows applications to reconstruct the allowance for all accounts just
* by listening to said events. Other implementations of the EIP may not emit
* these events, as it isn't required by the specification.
*
* Finally, the non-standard {decreaseAllowance} and {increaseAllowance}
* functions have been added to mitigate the well-known issues around setting
* allowances. See {IERC20-approve}.
*/
contract ERC20 is Context, IERC20, IERC20Metadata {
mapping(address => uint256) private _balances;
mapping(address => mapping(address => uint256)) private _allowances;
uint256 private _totalSupply;
string private _name;
string private _symbol;
/**
* @dev Sets the values for {name} and {symbol}.
*
* All two of these values are immutable: they can only be set once during
* construction.
*/
constructor(string memory name_, string memory symbol_) {
_name = name_;
_symbol = symbol_;
}
/**
* @dev Returns the name of the token.
*/
function name() public view virtual override returns (string memory) {
return _name;
}
/**
* @dev Returns the symbol of the token, usually a shorter version of the
* name.
*/
function symbol() public view virtual override returns (string memory) {
return _symbol;
}
/**
* @dev Returns the number of decimals used to get its user representation.
* For example, if `decimals` equals `2`, a balance of `505` tokens should
* be displayed to a user as `5.05` (`505 / 10 ** 2`).
*
* Tokens usually opt for a value of 18, imitating the relationship between
* Ether and Wei. This is the default value returned by this function, unless
* it's overridden.
*
* NOTE: This information is only used for _display_ purposes: it in
* no way affects any of the arithmetic of the contract, including
* {IERC20-balanceOf} and {IERC20-transfer}.
*/
function decimals() public view virtual override returns (uint8) {
return 18;
}
/**
* @dev See {IERC20-totalSupply}.
*/
function totalSupply() public view virtual override returns (uint256) {
return _totalSupply;
}
/**
* @dev See {IERC20-balanceOf}.
*/
function balanceOf(address account) public view virtual override returns (uint256) {
return _balances[account];
}
/**
* @dev See {IERC20-transfer}.
*
* Requirements:
*
* - `to` cannot be the zero address.
* - the caller must have a balance of at least `amount`.
*/
function transfer(address to, uint256 amount) public virtual override returns (bool) {
address owner = _msgSender();
_transfer(owner, to, amount);
return true;
}
/**
* @dev See {IERC20-allowance}.
*/
function allowance(address owner, address spender) public view virtual override returns (uint256) {
return _allowances[owner][spender];
}
/**
* @dev See {IERC20-approve}.
*
* NOTE: If `amount` is the maximum `uint256`, the allowance is not updated on
* `transferFrom`. This is semantically equivalent to an infinite approval.
*
* Requirements:
*
* - `spender` cannot be the zero address.
*/
function approve(address spender, uint256 amount) public virtual override returns (bool) {
address owner = _msgSender();
_approve(owner, spender, amount);
return true;
}
/**
* @dev See {IERC20-transferFrom}.
*
* Emits an {Approval} event indicating the updated allowance. This is not
* required by the EIP. See the note at the beginning of {ERC20}.
*
* NOTE: Does not update the allowance if the current allowance
* is the maximum `uint256`.
*
* Requirements:
*
* - `from` and `to` cannot be the zero address.
* - `from` must have a balance of at least `amount`.
* - the caller must have allowance for ``from``'s tokens of at least
* `amount`.
*/
function transferFrom(address from, address to, uint256 amount) public virtual override returns (bool) {
address spender = _msgSender();
_spendAllowance(from, spender, amount);
_transfer(from, to, amount);
return true;
}
/**
* @dev Atomically increases the allowance granted to `spender` by the caller.
*
* This is an alternative to {approve} that can be used as a mitigation for
* problems described in {IERC20-approve}.
*
* Emits an {Approval} event indicating the updated allowance.
*
* Requirements:
*
* - `spender` cannot be the zero address.
*/
function increaseAllowance(address spender, uint256 addedValue) public virtual returns (bool) {
address owner = _msgSender();
_approve(owner, spender, allowance(owner, spender) + addedValue);
return true;
}
/**
* @dev Atomically decreases the allowance granted to `spender` by the caller.
*
* This is an alternative to {approve} that can be used as a mitigation for
* problems described in {IERC20-approve}.
*
* Emits an {Approval} event indicating the updated allowance.
*
* Requirements:
*
* - `spender` cannot be the zero address.
* - `spender` must have allowance for the caller of at least
* `subtractedValue`.
*/
function decreaseAllowance(address spender, uint256 subtractedValue) public virtual returns (bool) {
address owner = _msgSender();
uint256 currentAllowance = allowance(owner, spender);
require(currentAllowance >= subtractedValue, "ERC20: decreased allowance below zero");
unchecked {
_approve(owner, spender, currentAllowance - subtractedValue);
}
return true;
}
/**
* @dev Moves `amount` of tokens from `from` to `to`.
*
* This internal function is equivalent to {transfer}, and can be used to
* e.g. implement automatic token fees, slashing mechanisms, etc.
*
* Emits a {Transfer} event.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `from` must have a balance of at least `amount`.
*/
function _transfer(address from, address to, uint256 amount) internal virtual {
require(from != address(0), "ERC20: transfer from the zero address");
require(to != address(0), "ERC20: transfer to the zero address");
_beforeTokenTransfer(from, to, amount);
uint256 fromBalance = _balances[from];
require(fromBalance >= amount, "ERC20: transfer amount exceeds balance");
unchecked {
_balances[from] = fromBalance - amount;
// Overflow not possible: the sum of all balances is capped by totalSupply, and the sum is preserved by
// decrementing then incrementing.
_balances[to] += amount;
}
emit Transfer(from, to, amount);
_afterTokenTransfer(from, to, amount);
}
/** @dev Creates `amount` tokens and assigns them to `account`, increasing
* the total supply.
*
* Emits a {Transfer} event with `from` set to the zero address.
*
* Requirements:
*
* - `account` cannot be the zero address.
*/
function _mint(address account, uint256 amount) internal virtual {
require(account != address(0), "ERC20: mint to the zero address");
_beforeTokenTransfer(address(0), account, amount);
_totalSupply += amount;
unchecked {
// Overflow not possible: balance + amount is at most totalSupply + amount, which is checked above.
_balances[account] += amount;
}
emit Transfer(address(0), account, amount);
_afterTokenTransfer(address(0), account, amount);
}
/**
* @dev Destroys `amount` tokens from `account`, reducing the
* total supply.
*
* Emits a {Transfer} event with `to` set to the zero address.
*
* Requirements:
*
* - `account` cannot be the zero address.
* - `account` must have at least `amount` tokens.
*/
function _burn(address account, uint256 amount) internal virtual {
require(account != address(0), "ERC20: burn from the zero address");
_beforeTokenTransfer(account, address(0), amount);
uint256 accountBalance = _balances[account];
require(accountBalance >= amount, "ERC20: burn amount exceeds balance");
unchecked {
_balances[account] = accountBalance - amount;
// Overflow not possible: amount <= accountBalance <= totalSupply.
_totalSupply -= amount;
}
emit Transfer(account, address(0), amount);
_afterTokenTransfer(account, address(0), amount);
}
/**
* @dev Sets `amount` as the allowance of `spender` over the `owner` s tokens.
*
* This internal function is equivalent to `approve`, and can be used to
* e.g. set automatic allowances for certain subsystems, etc.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `owner` cannot be the zero address.
* - `spender` cannot be the zero address.
*/
function _approve(address owner, address spender, uint256 amount) internal virtual {
require(owner != address(0), "ERC20: approve from the zero address");
require(spender != address(0), "ERC20: approve to the zero address");
_allowances[owner][spender] = amount;
emit Approval(owner, spender, amount);
}
/**
* @dev Updates `owner` s allowance for `spender` based on spent `amount`.
*
* Does not update the allowance amount in case of infinite allowance.
* Revert if not enough allowance is available.
*
* Might emit an {Approval} event.
*/
function _spendAllowance(address owner, address spender, uint256 amount) internal virtual {
uint256 currentAllowance = allowance(owner, spender);
if (currentAllowance != type(uint256).max) {
require(currentAllowance >= amount, "ERC20: insufficient allowance");
unchecked {
_approve(owner, spender, currentAllowance - amount);
}
}
}
/**
* @dev Hook that is called before any transfer of tokens. This includes
* minting and burning.
*
* Calling conditions:
*
* - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens
* will be transferred to `to`.
* - when `from` is zero, `amount` tokens will be minted for `to`.
* - when `to` is zero, `amount` of ``from``'s tokens will be burned.
* - `from` and `to` are never both zero.
*
* To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks].
*/
function _beforeTokenTransfer(address from, address to, uint256 amount) internal virtual {}
/**
* @dev Hook that is called after any transfer of tokens. This includes
* minting and burning.
*
* Calling conditions:
*
* - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens
* has been transferred to `to`.
* - when `from` is zero, `amount` tokens have been minted for `to`.
* - when `to` is zero, `amount` of ``from``'s tokens have been burned.
* - `from` and `to` are never both zero.
*
* To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks].
*/
function _afterTokenTransfer(address from, address to, uint256 amount) internal virtual {}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/extensions/ERC20Votes.sol)
pragma solidity ^0.8.0;
import "./ERC20Permit.sol";
import "../../../interfaces/IERC5805.sol";
import "../../../utils/math/Math.sol";
import "../../../utils/math/SafeCast.sol";
import "../../../utils/cryptography/ECDSA.sol";
/**
* @dev Extension of ERC20 to support Compound-like voting and delegation. This version is more generic than Compound's,
* and supports token supply up to 2^224^ - 1, while COMP is limited to 2^96^ - 1.
*
* NOTE: If exact COMP compatibility is required, use the {ERC20VotesComp} variant of this module.
*
* This extension keeps a history (checkpoints) of each account's vote power. Vote power can be delegated either
* by calling the {delegate} function directly, or by providing a signature to be used with {delegateBySig}. Voting
* power can be queried through the public accessors {getVotes} and {getPastVotes}.
*
* By default, token balance does not account for voting power. This makes transfers cheaper. The downside is that it
* requires users to delegate to themselves in order to activate checkpoints and have their voting power tracked.
*
* _Available since v4.2._
*/
abstract contract ERC20Votes is ERC20Permit, IERC5805 {
struct Checkpoint {
uint32 fromBlock;
uint224 votes;
}
bytes32 private constant _DELEGATION_TYPEHASH =
keccak256("Delegation(address delegatee,uint256 nonce,uint256 expiry)");
mapping(address => address) private _delegates;
mapping(address => Checkpoint[]) private _checkpoints;
Checkpoint[] private _totalSupplyCheckpoints;
/**
* @dev Clock used for flagging checkpoints. Can be overridden to implement timestamp based checkpoints (and voting).
*/
function clock() public view virtual override returns (uint48) {
return SafeCast.toUint48(block.number);
}
/**
* @dev Description of the clock
*/
// solhint-disable-next-line func-name-mixedcase
function CLOCK_MODE() public view virtual override returns (string memory) {
// Check that the clock was not modified
require(clock() == block.number, "ERC20Votes: broken clock mode");
return "mode=blocknumber&from=default";
}
/**
* @dev Get the `pos`-th checkpoint for `account`.
*/
function checkpoints(address account, uint32 pos) public view virtual returns (Checkpoint memory) {
return _checkpoints[account][pos];
}
/**
* @dev Get number of checkpoints for `account`.
*/
function numCheckpoints(address account) public view virtual returns (uint32) {
return SafeCast.toUint32(_checkpoints[account].length);
}
/**
* @dev Get the address `account` is currently delegating to.
*/
function delegates(address account) public view virtual override returns (address) {
return _delegates[account];
}
/**
* @dev Gets the current votes balance for `account`
*/
function getVotes(address account) public view virtual override returns (uint256) {
uint256 pos = _checkpoints[account].length;
unchecked {
return pos == 0 ? 0 : _checkpoints[account][pos - 1].votes;
}
}
/**
* @dev Retrieve the number of votes for `account` at the end of `timepoint`.
*
* Requirements:
*
* - `timepoint` must be in the past
*/
function getPastVotes(address account, uint256 timepoint) public view virtual override returns (uint256) {
require(timepoint < clock(), "ERC20Votes: future lookup");
return _checkpointsLookup(_checkpoints[account], timepoint);
}
/**
* @dev Retrieve the `totalSupply` at the end of `timepoint`. Note, this value is the sum of all balances.
* It is NOT the sum of all the delegated votes!
*
* Requirements:
*
* - `timepoint` must be in the past
*/
function getPastTotalSupply(uint256 timepoint) public view virtual override returns (uint256) {
require(timepoint < clock(), "ERC20Votes: future lookup");
return _checkpointsLookup(_totalSupplyCheckpoints, timepoint);
}
/**
* @dev Lookup a value in a list of (sorted) checkpoints.
*/
function _checkpointsLookup(Checkpoint[] storage ckpts, uint256 timepoint) private view returns (uint256) {
// We run a binary search to look for the last (most recent) checkpoint taken before (or at) `timepoint`.
//
// Initially we check if the block is recent to narrow the search range.
// During the loop, the index of the wanted checkpoint remains in the range [low-1, high).
// With each iteration, either `low` or `high` is moved towards the middle of the range to maintain the invariant.
// - If the middle checkpoint is after `timepoint`, we look in [low, mid)
// - If the middle checkpoint is before or equal to `timepoint`, we look in [mid+1, high)
// Once we reach a single value (when low == high), we've found the right checkpoint at the index high-1, if not
// out of bounds (in which case we're looking too far in the past and the result is 0).
// Note that if the latest checkpoint available is exactly for `timepoint`, we end up with an index that is
// past the end of the array, so we technically don't find a checkpoint after `timepoint`, but it works out
// the same.
uint256 length = ckpts.length;
uint256 low = 0;
uint256 high = length;
if (length > 5) {
uint256 mid = length - Math.sqrt(length);
if (_unsafeAccess(ckpts, mid).fromBlock > timepoint) {
high = mid;
} else {
low = mid + 1;
}
}
while (low < high) {
uint256 mid = Math.average(low, high);
if (_unsafeAccess(ckpts, mid).fromBlock > timepoint) {
high = mid;
} else {
low = mid + 1;
}
}
unchecked {
return high == 0 ? 0 : _unsafeAccess(ckpts, high - 1).votes;
}
}
/**
* @dev Delegate votes from the sender to `delegatee`.
*/
function delegate(address delegatee) public virtual override {
_delegate(_msgSender(), delegatee);
}
/**
* @dev Delegates votes from signer to `delegatee`
*/
function delegateBySig(
address delegatee,
uint256 nonce,
uint256 expiry,
uint8 v,
bytes32 r,
bytes32 s
) public virtual override {
require(block.timestamp <= expiry, "ERC20Votes: signature expired");
address signer = ECDSA.recover(
_hashTypedDataV4(keccak256(abi.encode(_DELEGATION_TYPEHASH, delegatee, nonce, expiry))),
v,
r,
s
);
require(nonce == _useNonce(signer), "ERC20Votes: invalid nonce");
_delegate(signer, delegatee);
}
/**
* @dev Maximum token supply. Defaults to `type(uint224).max` (2^224^ - 1).
*/
function _maxSupply() internal view virtual returns (uint224) {
return type(uint224).max;
}
/**
* @dev Snapshots the totalSupply after it has been increased.
*/
function _mint(address account, uint256 amount) internal virtual override {
super._mint(account, amount);
require(totalSupply() <= _maxSupply(), "ERC20Votes: total supply risks overflowing votes");
_writeCheckpoint(_totalSupplyCheckpoints, _add, amount);
}
/**
* @dev Snapshots the totalSupply after it has been decreased.
*/
function _burn(address account, uint256 amount) internal virtual override {
super._burn(account, amount);
_writeCheckpoint(_totalSupplyCheckpoints, _subtract, amount);
}
/**
* @dev Move voting power when tokens are transferred.
*
* Emits a {IVotes-DelegateVotesChanged} event.
*/
function _afterTokenTransfer(address from, address to, uint256 amount) internal virtual override {
super._afterTokenTransfer(from, to, amount);
_moveVotingPower(delegates(from), delegates(to), amount);
}
/**
* @dev Change delegation for `delegator` to `delegatee`.
*
* Emits events {IVotes-DelegateChanged} and {IVotes-DelegateVotesChanged}.
*/
function _delegate(address delegator, address delegatee) internal virtual {
address currentDelegate = delegates(delegator);
uint256 delegatorBalance = balanceOf(delegator);
_delegates[delegator] = delegatee;
emit DelegateChanged(delegator, currentDelegate, delegatee);
_moveVotingPower(currentDelegate, delegatee, delegatorBalance);
}
function _moveVotingPower(address src, address dst, uint256 amount) private {
if (src != dst && amount > 0) {
if (src != address(0)) {
(uint256 oldWeight, uint256 newWeight) = _writeCheckpoint(_checkpoints[src], _subtract, amount);
emit DelegateVotesChanged(src, oldWeight, newWeight);
}
if (dst != address(0)) {
(uint256 oldWeight, uint256 newWeight) = _writeCheckpoint(_checkpoints[dst], _add, amount);
emit DelegateVotesChanged(dst, oldWeight, newWeight);
}
}
}
function _writeCheckpoint(
Checkpoint[] storage ckpts,
function(uint256, uint256) view returns (uint256) op,
uint256 delta
) private returns (uint256 oldWeight, uint256 newWeight) {
uint256 pos = ckpts.length;
unchecked {
Checkpoint memory oldCkpt = pos == 0 ? Checkpoint(0, 0) : _unsafeAccess(ckpts, pos - 1);
oldWeight = oldCkpt.votes;
newWeight = op(oldWeight, delta);
if (pos > 0 && oldCkpt.fromBlock == clock()) {
_unsafeAccess(ckpts, pos - 1).votes = SafeCast.toUint224(newWeight);
} else {
ckpts.push(Checkpoint({fromBlock: SafeCast.toUint32(clock()), votes: SafeCast.toUint224(newWeight)}));
}
}
}
function _add(uint256 a, uint256 b) private pure returns (uint256) {
return a + b;
}
function _subtract(uint256 a, uint256 b) private pure returns (uint256) {
return a - b;
}
/**
* @dev Access an element of the array without performing bounds check. The position is assumed to be within bounds.
*/
function _unsafeAccess(Checkpoint[] storage ckpts, uint256 pos) private pure returns (Checkpoint storage result) {
assembly {
mstore(0, ckpts.slot)
result.slot := add(keccak256(0, 0x20), pos)
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (interfaces/draft-IERC1822.sol)
pragma solidity ^0.8.0;
/**
* @dev ERC1822: Universal Upgradeable Proxy Standard (UUPS) documents a method for upgradeability through a simplified
* proxy whose upgrades are fully controlled by the current implementation.
*/
interface IERC1822ProxiableUpgradeable {
/**
* @dev Returns the storage slot that the proxiable contract assumes is being used to store the implementation
* address.
*
* IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks
* bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this
* function revert if invoked through a proxy.
*/
function proxiableUUID() external view returns (bytes32);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (proxy/ERC1967/ERC1967Upgrade.sol)
pragma solidity ^0.8.2;
import "../beacon/IBeaconUpgradeable.sol";
import "../../interfaces/IERC1967Upgradeable.sol";
import "../../interfaces/draft-IERC1822Upgradeable.sol";
import "../../utils/AddressUpgradeable.sol";
import "../../utils/StorageSlotUpgradeable.sol";
import "../utils/Initializable.sol";
/**
* @dev This abstract contract provides getters and event emitting update functions for
* https://eips.ethereum.org/EIPS/eip-1967[EIP1967] slots.
*
* _Available since v4.1._
*/
abstract contract ERC1967UpgradeUpgradeable is Initializable, IERC1967Upgradeable {
function __ERC1967Upgrade_init() internal onlyInitializing {
}
function __ERC1967Upgrade_init_unchained() internal onlyInitializing {
}
// This is the keccak-256 hash of "eip1967.proxy.rollback" subtracted by 1
bytes32 private constant _ROLLBACK_SLOT = 0x4910fdfa16fed3260ed0e7147f7cc6da11a60208b5b9406d12a635614ffd9143;
/**
* @dev Storage slot with the address of the current implementation.
* This is the keccak-256 hash of "eip1967.proxy.implementation" subtracted by 1, and is
* validated in the constructor.
*/
bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
/**
* @dev Returns the current implementation address.
*/
function _getImplementation() internal view returns (address) {
return StorageSlotUpgradeable.getAddressSlot(_IMPLEMENTATION_SLOT).value;
}
/**
* @dev Stores a new address in the EIP1967 implementation slot.
*/
function _setImplementation(address newImplementation) private {
require(AddressUpgradeable.isContract(newImplementation), "ERC1967: new implementation is not a contract");
StorageSlotUpgradeable.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
}
/**
* @dev Perform implementation upgrade
*
* Emits an {Upgraded} event.
*/
function _upgradeTo(address newImplementation) internal {
_setImplementation(newImplementation);
emit Upgraded(newImplementation);
}
/**
* @dev Perform implementation upgrade with additional setup call.
*
* Emits an {Upgraded} event.
*/
function _upgradeToAndCall(address newImplementation, bytes memory data, bool forceCall) internal {
_upgradeTo(newImplementation);
if (data.length > 0 || forceCall) {
AddressUpgradeable.functionDelegateCall(newImplementation, data);
}
}
/**
* @dev Perform implementation upgrade with security checks for UUPS proxies, and additional setup call.
*
* Emits an {Upgraded} event.
*/
function _upgradeToAndCallUUPS(address newImplementation, bytes memory data, bool forceCall) internal {
// Upgrades from old implementations will perform a rollback test. This test requires the new
// implementation to upgrade back to the old, non-ERC1822 compliant, implementation. Removing
// this special case will break upgrade paths from old UUPS implementation to new ones.
if (StorageSlotUpgradeable.getBooleanSlot(_ROLLBACK_SLOT).value) {
_setImplementation(newImplementation);
} else {
try IERC1822ProxiableUpgradeable(newImplementation).proxiableUUID() returns (bytes32 slot) {
require(slot == _IMPLEMENTATION_SLOT, "ERC1967Upgrade: unsupported proxiableUUID");
} catch {
revert("ERC1967Upgrade: new implementation is not UUPS");
}
_upgradeToAndCall(newImplementation, data, forceCall);
}
}
/**
* @dev Storage slot with the admin of the contract.
* This is the keccak-256 hash of "eip1967.proxy.admin" subtracted by 1, and is
* validated in the constructor.
*/
bytes32 internal constant _ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;
/**
* @dev Returns the current admin.
*/
function _getAdmin() internal view returns (address) {
return StorageSlotUpgradeable.getAddressSlot(_ADMIN_SLOT).value;
}
/**
* @dev Stores a new address in the EIP1967 admin slot.
*/
function _setAdmin(address newAdmin) private {
require(newAdmin != address(0), "ERC1967: new admin is the zero address");
StorageSlotUpgradeable.getAddressSlot(_ADMIN_SLOT).value = newAdmin;
}
/**
* @dev Changes the admin of the proxy.
*
* Emits an {AdminChanged} event.
*/
function _changeAdmin(address newAdmin) internal {
emit AdminChanged(_getAdmin(), newAdmin);
_setAdmin(newAdmin);
}
/**
* @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy.
* This is bytes32(uint256(keccak256('eip1967.proxy.beacon')) - 1)) and is validated in the constructor.
*/
bytes32 internal constant _BEACON_SLOT = 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50;
/**
* @dev Returns the current beacon.
*/
function _getBeacon() internal view returns (address) {
return StorageSlotUpgradeable.getAddressSlot(_BEACON_SLOT).value;
}
/**
* @dev Stores a new beacon in the EIP1967 beacon slot.
*/
function _setBeacon(address newBeacon) private {
require(AddressUpgradeable.isContract(newBeacon), "ERC1967: new beacon is not a contract");
require(
AddressUpgradeable.isContract(IBeaconUpgradeable(newBeacon).implementation()),
"ERC1967: beacon implementation is not a contract"
);
StorageSlotUpgradeable.getAddressSlot(_BEACON_SLOT).value = newBeacon;
}
/**
* @dev Perform beacon upgrade with additional setup call. Note: This upgrades the address of the beacon, it does
* not upgrade the implementation contained in the beacon (see {UpgradeableBeacon-_setImplementation} for that).
*
* Emits a {BeaconUpgraded} event.
*/
function _upgradeBeaconToAndCall(address newBeacon, bytes memory data, bool forceCall) internal {
_setBeacon(newBeacon);
emit BeaconUpgraded(newBeacon);
if (data.length > 0 || forceCall) {
AddressUpgradeable.functionDelegateCall(IBeaconUpgradeable(newBeacon).implementation(), data);
}
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[50] private __gap;
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/extensions/IERC20Permit.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
* https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
*
* Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
* presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't
* need to send a transaction, and thus is not required to hold Ether at all.
*/
interface IERC20PermitUpgradeable {
/**
* @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,
* given ``owner``'s signed approval.
*
* IMPORTANT: The same issues {IERC20-approve} has related to transaction
* ordering also apply here.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `spender` cannot be the zero address.
* - `deadline` must be a timestamp in the future.
* - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`
* over the EIP712-formatted function arguments.
* - the signature must use ``owner``'s current nonce (see {nonces}).
*
* For more information on the signature format, see the
* https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP
* section].
*/
function permit(
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) external;
/**
* @dev Returns the current nonce for `owner`. This value must be
* included whenever a signature is generated for {permit}.
*
* Every successful call to {permit} increases ``owner``'s nonce by one. This
* prevents a signature from being used multiple times.
*/
function nonces(address owner) external view returns (uint256);
/**
* @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.
*/
// solhint-disable-next-line func-name-mixedcase
function DOMAIN_SEPARATOR() external view returns (bytes32);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/introspection/IERC165.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC165 standard, as defined in the
* https://eips.ethereum.org/EIPS/eip-165[EIP].
*
* Implementers can declare support of contract interfaces, which can then be
* queried by others ({ERC165Checker}).
*
* For an implementation, see {ERC165}.
*/
interface IERC165Upgradeable {
/**
* @dev Returns true if this contract implements the interface defined by
* `interfaceId`. See the corresponding
* https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[EIP section]
* to learn more about how these ids are created.
*
* This function call must use less than 30 000 gas.
*/
function supportsInterface(bytes4 interfaceId) external view returns (bool);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/introspection/IERC165.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC165 standard, as defined in the
* https://eips.ethereum.org/EIPS/eip-165[EIP].
*
* Implementers can declare support of contract interfaces, which can then be
* queried by others ({ERC165Checker}).
*
* For an implementation, see {ERC165}.
*/
interface IERC165 {
/**
* @dev Returns true if this contract implements the interface defined by
* `interfaceId`. See the corresponding
* https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[EIP section]
* to learn more about how these ids are created.
*
* This function call must use less than 30 000 gas.
*/
function supportsInterface(bytes4 interfaceId) external view returns (bool);
}// SPDX-License-Identifier: AGPL-3.0-or-later
pragma solidity ^0.8.8;
import "@ensdomains/ens-contracts/contracts/registry/ENS.sol";
import "@ensdomains/ens-contracts/contracts/resolvers/Resolver.sol";
import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
import {ProtocolVersion} from "@aragon/osx-commons-contracts/src/utils/versioning/ProtocolVersion.sol";
import {DaoAuthorizableUpgradeable} from "@aragon/osx-commons-contracts/src/permission/auth/DaoAuthorizableUpgradeable.sol";
import {IDAO} from "@aragon/osx-commons-contracts/src/dao/IDAO.sol";
/// @title ENSSubdomainRegistrar
/// @author Aragon X - 2022-2023
/// @notice This contract registers ENS subdomains under a parent domain specified in the initialization process and maintains ownership of the subdomain since only the resolver address is set. This contract must either be the domain node owner or an approved operator of the node owner. The default resolver being used is the one specified in the parent domain.
/// @custom:security-contact [email protected]
contract ENSSubdomainRegistrar is UUPSUpgradeable, DaoAuthorizableUpgradeable, ProtocolVersion {
/// @notice The ID of the permission required to call the `_authorizeUpgrade` function.
bytes32 public constant UPGRADE_REGISTRAR_PERMISSION_ID =
keccak256("UPGRADE_REGISTRAR_PERMISSION");
/// @notice The ID of the permission required to call the `registerSubnode` and `setDefaultResolver` function.
bytes32 public constant REGISTER_ENS_SUBDOMAIN_PERMISSION_ID =
keccak256("REGISTER_ENS_SUBDOMAIN_PERMISSION");
/// @notice The ENS registry contract
ENS public ens;
/// @notice The namehash of the domain on which subdomains are registered.
bytes32 public node;
/// @notice The address of the ENS resolver resolving the names to an address.
address public resolver;
/// @notice Thrown if the subnode is already registered.
/// @param subnode The subnode namehash.
/// @param nodeOwner The node owner address.
error AlreadyRegistered(bytes32 subnode, address nodeOwner);
/// @notice Thrown if node's resolver is invalid.
/// @param node The node namehash.
/// @param resolver The node resolver address.
error InvalidResolver(bytes32 node, address resolver);
/// @dev Used to disallow initializing the implementation contract by an attacker for extra safety.
/// @custom:oz-upgrades-unsafe-allow constructor
constructor() {
_disableInitializers();
}
/// @notice Initializes the component by
/// - checking that the contract is the domain node owner or an approved operator
/// - initializing the underlying component
/// - registering the [ERC-165](https://eips.ethereum.org/EIPS/eip-165) interface ID
/// - setting the ENS contract, the domain node hash, and resolver.
/// @param _managingDao The interface of the DAO managing the components permissions.
/// @param _ens The interface of the ENS registry to be used.
/// @param _node The ENS parent domain node under which the subdomains are to be registered.
function initialize(IDAO _managingDao, ENS _ens, bytes32 _node) external initializer {
__DaoAuthorizableUpgradeable_init(_managingDao);
ens = _ens;
node = _node;
address nodeResolver = ens.resolver(_node);
if (nodeResolver == address(0)) {
revert InvalidResolver({node: _node, resolver: nodeResolver});
}
resolver = nodeResolver;
}
/// @notice Internal method authorizing the upgrade of the contract via the [upgradeability mechanism for UUPS proxies](https://docs.openzeppelin.com/contracts/4.x/api/proxy#UUPSUpgradeable) (see [ERC-1822](https://eips.ethereum.org/EIPS/eip-1822)).
/// @dev The caller must have the `UPGRADE_REGISTRAR_PERMISSION_ID` permission.
function _authorizeUpgrade(
address
) internal virtual override auth(UPGRADE_REGISTRAR_PERMISSION_ID) {}
/// @notice Registers a new subdomain with this registrar as the owner and set the target address in the resolver.
/// @dev It reverts with no message if this contract isn't the owner nor an approved operator for the given node.
/// @param _label The labelhash of the subdomain name.
/// @param _targetAddress The address to which the subdomain resolves.
function registerSubnode(
bytes32 _label,
address _targetAddress
) external auth(REGISTER_ENS_SUBDOMAIN_PERMISSION_ID) {
bytes32 subnode = keccak256(abi.encodePacked(node, _label));
address currentOwner = ens.owner(subnode);
if (currentOwner != address(0)) {
revert AlreadyRegistered(subnode, currentOwner);
}
ens.setSubnodeOwner(node, _label, address(this));
ens.setResolver(subnode, resolver);
Resolver(resolver).setAddr(subnode, _targetAddress);
}
/// @notice Sets the default resolver contract address that the subdomains being registered will use.
/// @param _resolver The resolver contract to be used.
function setDefaultResolver(
address _resolver
) external auth(REGISTER_ENS_SUBDOMAIN_PERMISSION_ID) {
if (_resolver == address(0)) {
revert InvalidResolver({node: node, resolver: _resolver});
}
resolver = _resolver;
}
/// @notice This empty reserved space is put in place to allow future versions to add new variables without shifting down storage in the inheritance chain (see [OpenZeppelin's guide about storage gaps](https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps)).
uint256[47] private __gap;
}// SPDX-License-Identifier: AGPL-3.0-or-later
pragma solidity ^0.8.8;
import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
import {ERC165CheckerUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/introspection/ERC165CheckerUpgradeable.sol";
import {DaoAuthorizableUpgradeable} from "@aragon/osx-commons-contracts/src/permission/auth/DaoAuthorizableUpgradeable.sol";
import {IDAO} from "@aragon/osx-commons-contracts/src/dao/IDAO.sol";
/// @title InterfaceBasedRegistry
/// @author Aragon X - 2022-2023
/// @notice An [ERC-165](https://eips.ethereum.org/EIPS/eip-165)-based registry for contracts.
/// @custom:security-contact [email protected]
abstract contract InterfaceBasedRegistry is UUPSUpgradeable, DaoAuthorizableUpgradeable {
using ERC165CheckerUpgradeable for address;
/// @notice The ID of the permission required to call the `_authorizeUpgrade` function.
bytes32 public constant UPGRADE_REGISTRY_PERMISSION_ID =
keccak256("UPGRADE_REGISTRY_PERMISSION");
/// @notice The [ERC-165](https://eips.ethereum.org/EIPS/eip-165) interface ID that the target contracts being registered must support.
bytes4 public targetInterfaceId;
/// @notice The mapping containing the registry entries returning true for registered contract addresses.
mapping(address => bool) public entries;
/// @notice Thrown if the contract is already registered.
/// @param registrant The address of the contract to be registered.
error ContractAlreadyRegistered(address registrant);
/// @notice Thrown if the contract does not support the required interface.
/// @param registrant The address of the contract to be registered.
error ContractInterfaceInvalid(address registrant);
/// @notice Thrown if the contract does not support ERC165.
/// @param registrant The address of the contract.
error ContractERC165SupportInvalid(address registrant);
/// @notice Initializes the component.
/// @dev This is required for the UUPS upgradeability pattern.
/// @param _managingDao The interface of the DAO managing the components permissions.
/// @param _targetInterfaceId The [ERC-165](https://eips.ethereum.org/EIPS/eip-165) interface id of the contracts to be registered.
function __InterfaceBasedRegistry_init(
IDAO _managingDao,
bytes4 _targetInterfaceId
) internal virtual onlyInitializing {
__DaoAuthorizableUpgradeable_init(_managingDao);
targetInterfaceId = _targetInterfaceId;
}
/// @notice Internal method authorizing the upgrade of the contract via the [upgradeability mechanism for UUPS proxies](https://docs.openzeppelin.com/contracts/4.x/api/proxy#UUPSUpgradeable) (see [ERC-1822](https://eips.ethereum.org/EIPS/eip-1822)).
/// @dev The caller must have the `UPGRADE_REGISTRY_PERMISSION_ID` permission.
function _authorizeUpgrade(
address
) internal virtual override auth(UPGRADE_REGISTRY_PERMISSION_ID) {}
/// @notice Register an [ERC-165](https://eips.ethereum.org/EIPS/eip-165) contract address.
/// @dev The managing DAO needs to grant REGISTER_PERMISSION_ID to registrar.
/// @param _registrant The address of an [ERC-165](https://eips.ethereum.org/EIPS/eip-165) contract.
function _register(address _registrant) internal {
if (entries[_registrant]) {
revert ContractAlreadyRegistered({registrant: _registrant});
}
// Will revert if address is not a contract or doesn't fully support targetInterfaceId + ERC165.
if (!_registrant.supportsInterface(targetInterfaceId)) {
revert ContractInterfaceInvalid(_registrant);
}
entries[_registrant] = true;
}
/// @notice This empty reserved space is put in place to allow future versions to add new variables without shifting down storage in the inheritance chain (see [OpenZeppelin's guide about storage gaps](https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps)).
uint256[48] private __gap;
}// SPDX-License-Identifier: AGPL-3.0-or-later pragma solidity ^0.8.8; /// @notice Validates that a subdomain name is composed only from characters in the allowed character set: /// - the lowercase letters `a-z` /// - the digits `0-9` /// - the hyphen `-` /// @dev This function allows empty (zero-length) subdomains. If this should not be allowed, make sure to add a respective check when using this function in your code. /// @param subDomain The name of the DAO. /// @return `true` if the name is valid or `false` if at least one char is invalid. /// @dev Aborts on the first invalid char found. /// @custom:security-contact [email protected] function isSubdomainValid(string calldata subDomain) pure returns (bool) { bytes calldata nameBytes = bytes(subDomain); uint256 nameLength = nameBytes.length; for (uint256 i; i < nameLength; i++) { uint8 char = uint8(nameBytes[i]); // if char is between a-z if (char > 96 && char < 123) { continue; } // if char is between 0-9 if (char > 47 && char < 58) { continue; } // if char is - if (char == 45) { continue; } // invalid if one char doesn't work with the rules above return false; } return true; }
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (token/ERC20/extensions/IERC20Metadata.sol)
pragma solidity ^0.8.0;
import "../IERC20Upgradeable.sol";
/**
* @dev Interface for the optional metadata functions from the ERC20 standard.
*
* _Available since v4.1._
*/
interface IERC20MetadataUpgradeable is IERC20Upgradeable {
/**
* @dev Returns the name of the token.
*/
function name() external view returns (string memory);
/**
* @dev Returns the symbol of the token.
*/
function symbol() external view returns (string memory);
/**
* @dev Returns the decimals places of the token.
*/
function decimals() external view returns (uint8);
}/// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "./IEscrowCurveIncreasing.sol";
import "../IDeprecated.sol";
/*///////////////////////////////////////////////////////////////
Global Curve
//////////////////////////////////////////////////////////////*/
interface IEscrowCurveGlobalStorage {
/// @notice Captures the shape of the aggregate voting curve at a specific point in time
/// @param bias The y intercept of the aggregate voting curve at the given time
/// @param slope The slope of the aggregate voting curve at the given time
/// @param writtenTs The timestamp at which the we last updated the aggregate voting curve
struct GlobalPoint {
int256 bias;
int256 slope;
uint48 writtenTs;
}
}
interface IEscrowCurveGlobal is IEscrowCurveGlobalStorage {
/// @notice Returns the global point at the passed epoch
/// @param _index The index in an array to return the point for
function globalPointHistory(uint256 _index) external view returns (GlobalPoint memory);
}
/*///////////////////////////////////////////////////////////////
Token Curve
//////////////////////////////////////////////////////////////*/
interface IEscrowCurveTokenV1_2_0 is IEscrowCurveTokenStorage {
/// @notice Returns the latest index of the tokenId which can be used
/// to retrive token point from `tokenPointHistory` function.
/// @dev This has been renamed to `tokenPointLatestIndex` in the latest upgrade, but
/// for backwards-compatibility, the function still stays in the contract.
/// Note that we treat it as deprecated, So use `tokenPointLatestIndex` instead.
/// @return The latest index of the token id.
function tokenPointIntervals(uint256 _tokenId) external view returns (uint256);
/// @notice Returns the latest index of the tokenId which can be used
/// to retrive token point from `tokenPointHistory` function.
/// @param _tokenId The NFT to return the latest token point index
/// @return The latest index of the token id.
function tokenPointLatestIndex(uint256 _tokenId) external view returns (uint256);
/// @notice Returns the TokenPoint at the passed `_index`.
/// @param _tokenId The NFT to return the TokenPoint for
/// @param _index The index to return the TokenPoint at.
function tokenPointHistory(
uint256 _tokenId,
uint256 _index
) external view returns (TokenPoint memory);
}
interface IEscrowCurveMaxTime is IEscrowCurveErrorsAndEvents {
/// @return The max time allowed for the lock duration.
function maxTime() external view returns (uint256);
}
/*///////////////////////////////////////////////////////////////
INCREASING CURVE
//////////////////////////////////////////////////////////////*/
interface IEscrowCurveIncreasingV1_2_0 is
IEscrowCurveCore,
IEscrowCurveMath,
IEscrowCurveTokenV1_2_0,
IEscrowCurveMaxTime,
IEscrowCurveGlobal,
IDeprecated
{}
interface IEscrowCurveIncreasingV1_2_0_NoSupply is
IEscrowCurveCore,
IEscrowCurveMath,
IEscrowCurveTokenV1_2_0,
IEscrowCurveMaxTime,
IDeprecated
{}/// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
interface IExitQueueCoreErrorsAndEvents {
error OnlyEscrow();
error AlreadyQueued();
error ZeroAddress();
error CannotExit();
error NoLockBalance();
event ExitQueued(uint256 indexed tokenId, address indexed holder, uint256 exitDate);
event Exit(uint256 indexed tokenId, uint256 fee);
}
interface ITicket {
struct Ticket {
address holder;
uint256 exitDate;
}
}
/*///////////////////////////////////////////////////////////////
Fee Collection
//////////////////////////////////////////////////////////////*/
interface IExitQueueFeeErrorsAndEvents {
error FeeTooHigh(uint256 maxFee);
event Withdraw(address indexed to, uint256 amount);
event FeePercentSet(uint256 feePercent);
}
interface IExitQueueFee is IExitQueueFeeErrorsAndEvents {
/// @notice optional fee charged for exiting the queue
function feePercent() external view returns (uint256);
/// @notice The exit queue manager can set the fee
function setFeePercent(uint256 _fee) external;
/// @notice withdraw accumulated fees
function withdraw(uint256 _amount) external;
}
/*///////////////////////////////////////////////////////////////
Cooldown
//////////////////////////////////////////////////////////////*/
interface IExitQueueCooldownErrorsAndEvents {
error CooldownTooHigh();
event CooldownSet(uint48 cooldown);
}
interface IExitQueueCooldown is IExitQueueCooldownErrorsAndEvents {
/// @notice time in seconds between exit and withdrawal
function cooldown() external view returns (uint48);
/// @notice The exit queue manager can set the cooldown period
/// @param _cooldown time in seconds between exit and withdrawal
function setCooldown(uint48 _cooldown) external;
}
/*///////////////////////////////////////////////////////////////
Min Lock
//////////////////////////////////////////////////////////////*/
interface IExitMinLockCooldownErrorsAndEvents {
event MinLockSet(uint48 minLock);
error MinLockOutOfBounds();
error MinLockNotReached(uint256 tokenId, uint48 minLock, uint48 earliestExitDate);
}
interface IExitQueueMinLock is IExitMinLockCooldownErrorsAndEvents {
/// @notice minimum time from the original lock date before one can enter the queue
function minLock() external view returns (uint48);
/// @notice The exit queue manager can set the minimum lock time
function setMinLock(uint48 _cooldown) external;
}
/*///////////////////////////////////////////////////////////////
Exit Queue
//////////////////////////////////////////////////////////////*/
interface IExitQueueCancelErrorsAndEvents {
error CannotCancelExit();
event ExitCancelled(uint256 indexed tokenId, address indexed holder);
}
interface IExitQueueCancel {
function cancelExit(uint256 _tokenId) external;
}
/*///////////////////////////////////////////////////////////////
Exit Queue
//////////////////////////////////////////////////////////////*/
interface IExitQueueErrorsAndEvents is
IExitQueueCoreErrorsAndEvents,
IExitQueueFeeErrorsAndEvents,
IExitQueueCooldownErrorsAndEvents,
IExitMinLockCooldownErrorsAndEvents,
IExitQueueCancelErrorsAndEvents
{}
interface IExitQueue is
IExitQueueErrorsAndEvents,
ITicket,
IExitQueueFee,
IExitQueueCooldown,
IExitQueueMinLock,
IExitQueueCancel
{
/// @notice tokenId => Ticket
function queue(uint256 _tokenId) external view returns (Ticket memory);
/// @notice queue an exit for a given tokenId, granting the ticket to the passed holder
/// @param _tokenId the tokenId to queue an exit for
/// @param _ticketHolder the address that will be granted the ticket
function queueExit(uint256 _tokenId, address _ticketHolder) external;
function cancelExit(uint256 _tokenId) external;
/// @notice exit the queue for a given tokenId. Requires the cooldown period to have passed
/// @return exitAmount the amount of tokens that can be withdrawn
function exit(uint256 _tokenId) external returns (uint256 exitAmount);
/// @return true if the tokenId corresponds to a valid ticket and the cooldown period has passed
function canExit(uint256 _tokenId) external view returns (bool);
/// @return the ticket holder for a given tokenId
function ticketHolder(uint256 _tokenId) external view returns (address);
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import {
IExitQueueMinLock,
IExitMinLockCooldownErrorsAndEvents,
IExitQueueCoreErrorsAndEvents,
IExitQueueCancelErrorsAndEvents
} from "./IExitQueue.sol";
interface ITicketV2 {
struct TicketV2 {
address holder;
uint48 queuedAt;
}
event ExitQueuedV2(uint256 indexed tokenId, address indexed holder, uint48 queuedAt);
}
/*///////////////////////////////////////////////////////////////
Fee Collection
//////////////////////////////////////////////////////////////*/
interface IExitFeeWithdrawErrorsAndEvents {
event Withdraw(address indexed to, uint256 amount);
}
interface IExitFeeWithdraw is IExitFeeWithdrawErrorsAndEvents {
/// @notice withdraw accumulated fees
function withdraw(uint256 _amount) external;
}
/*///////////////////////////////////////////////////////////////
Early Exit Queue
//////////////////////////////////////////////////////////////*/
interface IDynamicExitQueueEventsAndErrors {
enum ExitFeeType {
Fixed,
Tiered,
Dynamic
}
// Events
event ExitFeePercentAdjusted(
uint256 maxFeePercent,
uint256 minFeePercent,
uint48 minCooldown,
ExitFeeType feeType
);
// Errors
error EarlyExitDisabled();
error MinCooldownNotMet();
error InvalidFeeParameters();
error FeePercentTooHigh(uint256 maxAllowed);
error CooldownTooShort();
error LegacyFunctionDeprecated();
}
interface IDynamicExitQueueFee is IDynamicExitQueueEventsAndErrors {
/// @notice Calculate the absolute fee amount for exiting a specific token
/// @param tokenId The token ID to calculate fee for
/// @return Fee amount in underlying token units
function calculateFee(uint256 tokenId) external view returns (uint256);
/// @notice Check if a token has completed its full cooldown period (minimum fee applies)
/// @param tokenId The token ID to check
/// @return True if full cooldown elapsed, false otherwise
function isCool(uint256 tokenId) external view returns (bool);
/// @notice Configure linear fee decay system where fees decrease continuously over time
/// @param _minFeePercent Fee percent after full cooldown (basis points, 0-10000)
/// @param _maxFeePercent Fee percent immediately after minCooldown (basis points, 0-10000)
/// @param _cooldown Total cooldown period in seconds
/// @param _minCooldown Minimum wait before any exit allowed in seconds
function setDynamicExitFeePercent(
uint256 _minFeePercent,
uint256 _maxFeePercent,
uint48 _cooldown,
uint48 _minCooldown
) external;
/// @notice Configure two-tier fee system with early exit penalty and normal exit rate
/// @param _baseFeePercent Fee percent for normal exits after cooldown (basis points, 0-10000)
/// @param _earlyFeePercent Fee percent for early exits after minCooldown (basis points, 0-10000)
/// @param _cooldown Total cooldown period in seconds
/// @param _minCooldown Minimum wait before any exit allowed in seconds
function setTieredExitFeePercent(
uint256 _baseFeePercent,
uint256 _earlyFeePercent,
uint48 _cooldown,
uint48 _minCooldown
) external;
/// @notice Configure single fee rate system with optional early exit control
/// @param _feePercent Fee percent for all exits (basis points, 0-10000)
/// @param _cooldown Total cooldown period in seconds
/// @param _allowEarlyExit If true, allow exits after minCooldown=0; if false, require full cooldown
function setFixedExitFeePercent(
uint256 _feePercent,
uint48 _cooldown,
bool _allowEarlyExit
) external;
/// @notice Minimum fee percent charged after full cooldown
/// @return Fee percent in basis points (0-10000)
function minFeePercent() external view returns (uint256);
/// @notice Minimum wait time before any exit is possible
/// @return Time in seconds
function minCooldown() external view returns (uint48);
}
/*///////////////////////////////////////////////////////////////
Exit Queue
//////////////////////////////////////////////////////////////*/
interface IDynamicExitQueueErrorsAndEvents is
IExitQueueCoreErrorsAndEvents,
IExitMinLockCooldownErrorsAndEvents,
IDynamicExitQueueEventsAndErrors,
IExitQueueCancelErrorsAndEvents
{}
interface IDynamicExitQueue is
IDynamicExitQueueErrorsAndEvents,
ITicketV2,
IExitQueueMinLock,
IDynamicExitQueueFee
{
/// @notice tokenId => TicketV2
function queue(uint256 _tokenId) external view returns (TicketV2 memory);
/// @notice queue an exit for a given tokenId, granting the ticket to the passed holder
/// @param _tokenId the tokenId to queue an exit for
/// @param _ticketHolder the address that will be granted the ticket
function queueExit(uint256 _tokenId, address _ticketHolder) external;
/// @notice exit the queue for a given tokenId. Requires the cooldown period to have passed
/// @return exitAmount the amount of tokens that can be withdrawn
function exit(uint256 _tokenId) external returns (uint256 exitAmount);
/// @notice return true if the tokenId corresponds to a valid ticket and the cooldown period has passed
function canExit(uint256 _tokenId) external view returns (bool);
/// @notice return the ticket holder for a given tokenId
function ticketHolder(uint256 _tokenId) external view returns (address);
}/// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
interface IClockUser {
function clock() external view returns (address);
}
interface IClock {
function epochDuration() external pure returns (uint256);
function checkpointInterval() external pure returns (uint256);
function voteDuration() external pure returns (uint256);
function voteWindowBuffer() external pure returns (uint256);
function currentEpoch() external view returns (uint256);
function resolveEpoch(uint256 timestamp) external pure returns (uint256);
function elapsedInEpoch() external view returns (uint256);
function resolveElapsedInEpoch(uint256 timestamp) external pure returns (uint256);
function epochStartsIn() external view returns (uint256);
function resolveEpochStartsIn(uint256 timestamp) external pure returns (uint256);
function epochStartTs() external view returns (uint256);
function resolveEpochStartTs(uint256 timestamp) external pure returns (uint256);
function votingActive() external view returns (bool);
function resolveVotingActive(uint256 timestamp) external pure returns (bool);
function epochVoteStartsIn() external view returns (uint256);
function resolveEpochVoteStartsIn(uint256 timestamp) external pure returns (uint256);
function epochVoteStartTs() external view returns (uint256);
function resolveEpochVoteStartTs(uint256 timestamp) external pure returns (uint256);
function epochVoteEndsIn() external view returns (uint256);
function resolveEpochVoteEndsIn(uint256 timestamp) external pure returns (uint256);
function epochVoteEndTs() external view returns (uint256);
function resolveEpochVoteEndTs(uint256 timestamp) external pure returns (uint256);
function epochNextCheckpointIn() external view returns (uint256);
function resolveEpochNextCheckpointIn(uint256 timestamp) external pure returns (uint256);
function epochNextCheckpointTs() external view returns (uint256);
function resolveEpochNextCheckpointTs(uint256 timestamp) external pure returns (uint256);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/IERC20.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/
interface IERC20 {
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
/**
* @dev Returns the amount of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the amount of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves `amount` tokens from the caller's account to `to`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address to, uint256 amount) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 amount) external returns (bool);
/**
* @dev Moves `amount` tokens from `from` to `to` using the
* allowance mechanism. `amount` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(address from, address to, uint256 amount) external returns (bool);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/utils/SafeERC20.sol)
pragma solidity ^0.8.0;
import "../IERC20.sol";
import "../extensions/IERC20Permit.sol";
import "../../../utils/Address.sol";
/**
* @title SafeERC20
* @dev Wrappers around ERC20 operations that throw on failure (when the token
* contract returns false). Tokens that return no value (and instead revert or
* throw on failure) are also supported, non-reverting calls are assumed to be
* successful.
* To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
* which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
*/
library SafeERC20 {
using Address for address;
/**
* @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeTransfer(IERC20 token, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));
}
/**
* @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the
* calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.
*/
function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));
}
/**
* @dev Deprecated. This function has issues similar to the ones found in
* {IERC20-approve}, and its usage is discouraged.
*
* Whenever possible, use {safeIncreaseAllowance} and
* {safeDecreaseAllowance} instead.
*/
function safeApprove(IERC20 token, address spender, uint256 value) internal {
// safeApprove should only be called when setting an initial allowance,
// or when resetting it to zero. To increase and decrease it, use
// 'safeIncreaseAllowance' and 'safeDecreaseAllowance'
require(
(value == 0) || (token.allowance(address(this), spender) == 0),
"SafeERC20: approve from non-zero to non-zero allowance"
);
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));
}
/**
* @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {
uint256 oldAllowance = token.allowance(address(this), spender);
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance + value));
}
/**
* @dev Decrease the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {
unchecked {
uint256 oldAllowance = token.allowance(address(this), spender);
require(oldAllowance >= value, "SafeERC20: decreased allowance below zero");
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, oldAllowance - value));
}
}
/**
* @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful. Compatible with tokens that require the approval to be set to
* 0 before setting it to a non-zero value.
*/
function forceApprove(IERC20 token, address spender, uint256 value) internal {
bytes memory approvalCall = abi.encodeWithSelector(token.approve.selector, spender, value);
if (!_callOptionalReturnBool(token, approvalCall)) {
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, 0));
_callOptionalReturn(token, approvalCall);
}
}
/**
* @dev Use a ERC-2612 signature to set the `owner` approval toward `spender` on `token`.
* Revert on invalid signature.
*/
function safePermit(
IERC20Permit token,
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) internal {
uint256 nonceBefore = token.nonces(owner);
token.permit(owner, spender, value, deadline, v, r, s);
uint256 nonceAfter = token.nonces(owner);
require(nonceAfter == nonceBefore + 1, "SafeERC20: permit did not succeed");
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*/
function _callOptionalReturn(IERC20 token, bytes memory data) private {
// We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
// we're implementing it ourselves. We use {Address-functionCall} to perform this call, which verifies that
// the target address contains contract code and also asserts for success in the low-level call.
bytes memory returndata = address(token).functionCall(data, "SafeERC20: low-level call failed");
require(returndata.length == 0 || abi.decode(returndata, (bool)), "SafeERC20: ERC20 operation did not succeed");
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*
* This is a variant of {_callOptionalReturn} that silents catches all reverts and returns a bool instead.
*/
function _callOptionalReturnBool(IERC20 token, bytes memory data) private returns (bool) {
// We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
// we're implementing it ourselves. We cannot use {Address-functionCall} here since this should return false
// and not revert is the subcall reverts.
(bool success, bytes memory returndata) = address(token).call(data);
return
success && (returndata.length == 0 || abi.decode(returndata, (bool))) && Address.isContract(address(token));
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (utils/math/SafeCast.sol)
// This file was procedurally generated from scripts/generate/templates/SafeCast.js.
pragma solidity ^0.8.0;
/**
* @dev Wrappers over Solidity's uintXX/intXX casting operators with added overflow
* checks.
*
* Downcasting from uint256/int256 in Solidity does not revert on overflow. This can
* easily result in undesired exploitation or bugs, since developers usually
* assume that overflows raise errors. `SafeCast` restores this intuition by
* reverting the transaction when such an operation overflows.
*
* Using this library instead of the unchecked operations eliminates an entire
* class of bugs, so it's recommended to use it always.
*
* Can be combined with {SafeMath} and {SignedSafeMath} to extend it to smaller types, by performing
* all math on `uint256` and `int256` and then downcasting.
*/
library SafeCast {
/**
* @dev Returns the downcasted uint248 from uint256, reverting on
* overflow (when the input is greater than largest uint248).
*
* Counterpart to Solidity's `uint248` operator.
*
* Requirements:
*
* - input must fit into 248 bits
*
* _Available since v4.7._
*/
function toUint248(uint256 value) internal pure returns (uint248) {
require(value <= type(uint248).max, "SafeCast: value doesn't fit in 248 bits");
return uint248(value);
}
/**
* @dev Returns the downcasted uint240 from uint256, reverting on
* overflow (when the input is greater than largest uint240).
*
* Counterpart to Solidity's `uint240` operator.
*
* Requirements:
*
* - input must fit into 240 bits
*
* _Available since v4.7._
*/
function toUint240(uint256 value) internal pure returns (uint240) {
require(value <= type(uint240).max, "SafeCast: value doesn't fit in 240 bits");
return uint240(value);
}
/**
* @dev Returns the downcasted uint232 from uint256, reverting on
* overflow (when the input is greater than largest uint232).
*
* Counterpart to Solidity's `uint232` operator.
*
* Requirements:
*
* - input must fit into 232 bits
*
* _Available since v4.7._
*/
function toUint232(uint256 value) internal pure returns (uint232) {
require(value <= type(uint232).max, "SafeCast: value doesn't fit in 232 bits");
return uint232(value);
}
/**
* @dev Returns the downcasted uint224 from uint256, reverting on
* overflow (when the input is greater than largest uint224).
*
* Counterpart to Solidity's `uint224` operator.
*
* Requirements:
*
* - input must fit into 224 bits
*
* _Available since v4.2._
*/
function toUint224(uint256 value) internal pure returns (uint224) {
require(value <= type(uint224).max, "SafeCast: value doesn't fit in 224 bits");
return uint224(value);
}
/**
* @dev Returns the downcasted uint216 from uint256, reverting on
* overflow (when the input is greater than largest uint216).
*
* Counterpart to Solidity's `uint216` operator.
*
* Requirements:
*
* - input must fit into 216 bits
*
* _Available since v4.7._
*/
function toUint216(uint256 value) internal pure returns (uint216) {
require(value <= type(uint216).max, "SafeCast: value doesn't fit in 216 bits");
return uint216(value);
}
/**
* @dev Returns the downcasted uint208 from uint256, reverting on
* overflow (when the input is greater than largest uint208).
*
* Counterpart to Solidity's `uint208` operator.
*
* Requirements:
*
* - input must fit into 208 bits
*
* _Available since v4.7._
*/
function toUint208(uint256 value) internal pure returns (uint208) {
require(value <= type(uint208).max, "SafeCast: value doesn't fit in 208 bits");
return uint208(value);
}
/**
* @dev Returns the downcasted uint200 from uint256, reverting on
* overflow (when the input is greater than largest uint200).
*
* Counterpart to Solidity's `uint200` operator.
*
* Requirements:
*
* - input must fit into 200 bits
*
* _Available since v4.7._
*/
function toUint200(uint256 value) internal pure returns (uint200) {
require(value <= type(uint200).max, "SafeCast: value doesn't fit in 200 bits");
return uint200(value);
}
/**
* @dev Returns the downcasted uint192 from uint256, reverting on
* overflow (when the input is greater than largest uint192).
*
* Counterpart to Solidity's `uint192` operator.
*
* Requirements:
*
* - input must fit into 192 bits
*
* _Available since v4.7._
*/
function toUint192(uint256 value) internal pure returns (uint192) {
require(value <= type(uint192).max, "SafeCast: value doesn't fit in 192 bits");
return uint192(value);
}
/**
* @dev Returns the downcasted uint184 from uint256, reverting on
* overflow (when the input is greater than largest uint184).
*
* Counterpart to Solidity's `uint184` operator.
*
* Requirements:
*
* - input must fit into 184 bits
*
* _Available since v4.7._
*/
function toUint184(uint256 value) internal pure returns (uint184) {
require(value <= type(uint184).max, "SafeCast: value doesn't fit in 184 bits");
return uint184(value);
}
/**
* @dev Returns the downcasted uint176 from uint256, reverting on
* overflow (when the input is greater than largest uint176).
*
* Counterpart to Solidity's `uint176` operator.
*
* Requirements:
*
* - input must fit into 176 bits
*
* _Available since v4.7._
*/
function toUint176(uint256 value) internal pure returns (uint176) {
require(value <= type(uint176).max, "SafeCast: value doesn't fit in 176 bits");
return uint176(value);
}
/**
* @dev Returns the downcasted uint168 from uint256, reverting on
* overflow (when the input is greater than largest uint168).
*
* Counterpart to Solidity's `uint168` operator.
*
* Requirements:
*
* - input must fit into 168 bits
*
* _Available since v4.7._
*/
function toUint168(uint256 value) internal pure returns (uint168) {
require(value <= type(uint168).max, "SafeCast: value doesn't fit in 168 bits");
return uint168(value);
}
/**
* @dev Returns the downcasted uint160 from uint256, reverting on
* overflow (when the input is greater than largest uint160).
*
* Counterpart to Solidity's `uint160` operator.
*
* Requirements:
*
* - input must fit into 160 bits
*
* _Available since v4.7._
*/
function toUint160(uint256 value) internal pure returns (uint160) {
require(value <= type(uint160).max, "SafeCast: value doesn't fit in 160 bits");
return uint160(value);
}
/**
* @dev Returns the downcasted uint152 from uint256, reverting on
* overflow (when the input is greater than largest uint152).
*
* Counterpart to Solidity's `uint152` operator.
*
* Requirements:
*
* - input must fit into 152 bits
*
* _Available since v4.7._
*/
function toUint152(uint256 value) internal pure returns (uint152) {
require(value <= type(uint152).max, "SafeCast: value doesn't fit in 152 bits");
return uint152(value);
}
/**
* @dev Returns the downcasted uint144 from uint256, reverting on
* overflow (when the input is greater than largest uint144).
*
* Counterpart to Solidity's `uint144` operator.
*
* Requirements:
*
* - input must fit into 144 bits
*
* _Available since v4.7._
*/
function toUint144(uint256 value) internal pure returns (uint144) {
require(value <= type(uint144).max, "SafeCast: value doesn't fit in 144 bits");
return uint144(value);
}
/**
* @dev Returns the downcasted uint136 from uint256, reverting on
* overflow (when the input is greater than largest uint136).
*
* Counterpart to Solidity's `uint136` operator.
*
* Requirements:
*
* - input must fit into 136 bits
*
* _Available since v4.7._
*/
function toUint136(uint256 value) internal pure returns (uint136) {
require(value <= type(uint136).max, "SafeCast: value doesn't fit in 136 bits");
return uint136(value);
}
/**
* @dev Returns the downcasted uint128 from uint256, reverting on
* overflow (when the input is greater than largest uint128).
*
* Counterpart to Solidity's `uint128` operator.
*
* Requirements:
*
* - input must fit into 128 bits
*
* _Available since v2.5._
*/
function toUint128(uint256 value) internal pure returns (uint128) {
require(value <= type(uint128).max, "SafeCast: value doesn't fit in 128 bits");
return uint128(value);
}
/**
* @dev Returns the downcasted uint120 from uint256, reverting on
* overflow (when the input is greater than largest uint120).
*
* Counterpart to Solidity's `uint120` operator.
*
* Requirements:
*
* - input must fit into 120 bits
*
* _Available since v4.7._
*/
function toUint120(uint256 value) internal pure returns (uint120) {
require(value <= type(uint120).max, "SafeCast: value doesn't fit in 120 bits");
return uint120(value);
}
/**
* @dev Returns the downcasted uint112 from uint256, reverting on
* overflow (when the input is greater than largest uint112).
*
* Counterpart to Solidity's `uint112` operator.
*
* Requirements:
*
* - input must fit into 112 bits
*
* _Available since v4.7._
*/
function toUint112(uint256 value) internal pure returns (uint112) {
require(value <= type(uint112).max, "SafeCast: value doesn't fit in 112 bits");
return uint112(value);
}
/**
* @dev Returns the downcasted uint104 from uint256, reverting on
* overflow (when the input is greater than largest uint104).
*
* Counterpart to Solidity's `uint104` operator.
*
* Requirements:
*
* - input must fit into 104 bits
*
* _Available since v4.7._
*/
function toUint104(uint256 value) internal pure returns (uint104) {
require(value <= type(uint104).max, "SafeCast: value doesn't fit in 104 bits");
return uint104(value);
}
/**
* @dev Returns the downcasted uint96 from uint256, reverting on
* overflow (when the input is greater than largest uint96).
*
* Counterpart to Solidity's `uint96` operator.
*
* Requirements:
*
* - input must fit into 96 bits
*
* _Available since v4.2._
*/
function toUint96(uint256 value) internal pure returns (uint96) {
require(value <= type(uint96).max, "SafeCast: value doesn't fit in 96 bits");
return uint96(value);
}
/**
* @dev Returns the downcasted uint88 from uint256, reverting on
* overflow (when the input is greater than largest uint88).
*
* Counterpart to Solidity's `uint88` operator.
*
* Requirements:
*
* - input must fit into 88 bits
*
* _Available since v4.7._
*/
function toUint88(uint256 value) internal pure returns (uint88) {
require(value <= type(uint88).max, "SafeCast: value doesn't fit in 88 bits");
return uint88(value);
}
/**
* @dev Returns the downcasted uint80 from uint256, reverting on
* overflow (when the input is greater than largest uint80).
*
* Counterpart to Solidity's `uint80` operator.
*
* Requirements:
*
* - input must fit into 80 bits
*
* _Available since v4.7._
*/
function toUint80(uint256 value) internal pure returns (uint80) {
require(value <= type(uint80).max, "SafeCast: value doesn't fit in 80 bits");
return uint80(value);
}
/**
* @dev Returns the downcasted uint72 from uint256, reverting on
* overflow (when the input is greater than largest uint72).
*
* Counterpart to Solidity's `uint72` operator.
*
* Requirements:
*
* - input must fit into 72 bits
*
* _Available since v4.7._
*/
function toUint72(uint256 value) internal pure returns (uint72) {
require(value <= type(uint72).max, "SafeCast: value doesn't fit in 72 bits");
return uint72(value);
}
/**
* @dev Returns the downcasted uint64 from uint256, reverting on
* overflow (when the input is greater than largest uint64).
*
* Counterpart to Solidity's `uint64` operator.
*
* Requirements:
*
* - input must fit into 64 bits
*
* _Available since v2.5._
*/
function toUint64(uint256 value) internal pure returns (uint64) {
require(value <= type(uint64).max, "SafeCast: value doesn't fit in 64 bits");
return uint64(value);
}
/**
* @dev Returns the downcasted uint56 from uint256, reverting on
* overflow (when the input is greater than largest uint56).
*
* Counterpart to Solidity's `uint56` operator.
*
* Requirements:
*
* - input must fit into 56 bits
*
* _Available since v4.7._
*/
function toUint56(uint256 value) internal pure returns (uint56) {
require(value <= type(uint56).max, "SafeCast: value doesn't fit in 56 bits");
return uint56(value);
}
/**
* @dev Returns the downcasted uint48 from uint256, reverting on
* overflow (when the input is greater than largest uint48).
*
* Counterpart to Solidity's `uint48` operator.
*
* Requirements:
*
* - input must fit into 48 bits
*
* _Available since v4.7._
*/
function toUint48(uint256 value) internal pure returns (uint48) {
require(value <= type(uint48).max, "SafeCast: value doesn't fit in 48 bits");
return uint48(value);
}
/**
* @dev Returns the downcasted uint40 from uint256, reverting on
* overflow (when the input is greater than largest uint40).
*
* Counterpart to Solidity's `uint40` operator.
*
* Requirements:
*
* - input must fit into 40 bits
*
* _Available since v4.7._
*/
function toUint40(uint256 value) internal pure returns (uint40) {
require(value <= type(uint40).max, "SafeCast: value doesn't fit in 40 bits");
return uint40(value);
}
/**
* @dev Returns the downcasted uint32 from uint256, reverting on
* overflow (when the input is greater than largest uint32).
*
* Counterpart to Solidity's `uint32` operator.
*
* Requirements:
*
* - input must fit into 32 bits
*
* _Available since v2.5._
*/
function toUint32(uint256 value) internal pure returns (uint32) {
require(value <= type(uint32).max, "SafeCast: value doesn't fit in 32 bits");
return uint32(value);
}
/**
* @dev Returns the downcasted uint24 from uint256, reverting on
* overflow (when the input is greater than largest uint24).
*
* Counterpart to Solidity's `uint24` operator.
*
* Requirements:
*
* - input must fit into 24 bits
*
* _Available since v4.7._
*/
function toUint24(uint256 value) internal pure returns (uint24) {
require(value <= type(uint24).max, "SafeCast: value doesn't fit in 24 bits");
return uint24(value);
}
/**
* @dev Returns the downcasted uint16 from uint256, reverting on
* overflow (when the input is greater than largest uint16).
*
* Counterpart to Solidity's `uint16` operator.
*
* Requirements:
*
* - input must fit into 16 bits
*
* _Available since v2.5._
*/
function toUint16(uint256 value) internal pure returns (uint16) {
require(value <= type(uint16).max, "SafeCast: value doesn't fit in 16 bits");
return uint16(value);
}
/**
* @dev Returns the downcasted uint8 from uint256, reverting on
* overflow (when the input is greater than largest uint8).
*
* Counterpart to Solidity's `uint8` operator.
*
* Requirements:
*
* - input must fit into 8 bits
*
* _Available since v2.5._
*/
function toUint8(uint256 value) internal pure returns (uint8) {
require(value <= type(uint8).max, "SafeCast: value doesn't fit in 8 bits");
return uint8(value);
}
/**
* @dev Converts a signed int256 into an unsigned uint256.
*
* Requirements:
*
* - input must be greater than or equal to 0.
*
* _Available since v3.0._
*/
function toUint256(int256 value) internal pure returns (uint256) {
require(value >= 0, "SafeCast: value must be positive");
return uint256(value);
}
/**
* @dev Returns the downcasted int248 from int256, reverting on
* overflow (when the input is less than smallest int248 or
* greater than largest int248).
*
* Counterpart to Solidity's `int248` operator.
*
* Requirements:
*
* - input must fit into 248 bits
*
* _Available since v4.7._
*/
function toInt248(int256 value) internal pure returns (int248 downcasted) {
downcasted = int248(value);
require(downcasted == value, "SafeCast: value doesn't fit in 248 bits");
}
/**
* @dev Returns the downcasted int240 from int256, reverting on
* overflow (when the input is less than smallest int240 or
* greater than largest int240).
*
* Counterpart to Solidity's `int240` operator.
*
* Requirements:
*
* - input must fit into 240 bits
*
* _Available since v4.7._
*/
function toInt240(int256 value) internal pure returns (int240 downcasted) {
downcasted = int240(value);
require(downcasted == value, "SafeCast: value doesn't fit in 240 bits");
}
/**
* @dev Returns the downcasted int232 from int256, reverting on
* overflow (when the input is less than smallest int232 or
* greater than largest int232).
*
* Counterpart to Solidity's `int232` operator.
*
* Requirements:
*
* - input must fit into 232 bits
*
* _Available since v4.7._
*/
function toInt232(int256 value) internal pure returns (int232 downcasted) {
downcasted = int232(value);
require(downcasted == value, "SafeCast: value doesn't fit in 232 bits");
}
/**
* @dev Returns the downcasted int224 from int256, reverting on
* overflow (when the input is less than smallest int224 or
* greater than largest int224).
*
* Counterpart to Solidity's `int224` operator.
*
* Requirements:
*
* - input must fit into 224 bits
*
* _Available since v4.7._
*/
function toInt224(int256 value) internal pure returns (int224 downcasted) {
downcasted = int224(value);
require(downcasted == value, "SafeCast: value doesn't fit in 224 bits");
}
/**
* @dev Returns the downcasted int216 from int256, reverting on
* overflow (when the input is less than smallest int216 or
* greater than largest int216).
*
* Counterpart to Solidity's `int216` operator.
*
* Requirements:
*
* - input must fit into 216 bits
*
* _Available since v4.7._
*/
function toInt216(int256 value) internal pure returns (int216 downcasted) {
downcasted = int216(value);
require(downcasted == value, "SafeCast: value doesn't fit in 216 bits");
}
/**
* @dev Returns the downcasted int208 from int256, reverting on
* overflow (when the input is less than smallest int208 or
* greater than largest int208).
*
* Counterpart to Solidity's `int208` operator.
*
* Requirements:
*
* - input must fit into 208 bits
*
* _Available since v4.7._
*/
function toInt208(int256 value) internal pure returns (int208 downcasted) {
downcasted = int208(value);
require(downcasted == value, "SafeCast: value doesn't fit in 208 bits");
}
/**
* @dev Returns the downcasted int200 from int256, reverting on
* overflow (when the input is less than smallest int200 or
* greater than largest int200).
*
* Counterpart to Solidity's `int200` operator.
*
* Requirements:
*
* - input must fit into 200 bits
*
* _Available since v4.7._
*/
function toInt200(int256 value) internal pure returns (int200 downcasted) {
downcasted = int200(value);
require(downcasted == value, "SafeCast: value doesn't fit in 200 bits");
}
/**
* @dev Returns the downcasted int192 from int256, reverting on
* overflow (when the input is less than smallest int192 or
* greater than largest int192).
*
* Counterpart to Solidity's `int192` operator.
*
* Requirements:
*
* - input must fit into 192 bits
*
* _Available since v4.7._
*/
function toInt192(int256 value) internal pure returns (int192 downcasted) {
downcasted = int192(value);
require(downcasted == value, "SafeCast: value doesn't fit in 192 bits");
}
/**
* @dev Returns the downcasted int184 from int256, reverting on
* overflow (when the input is less than smallest int184 or
* greater than largest int184).
*
* Counterpart to Solidity's `int184` operator.
*
* Requirements:
*
* - input must fit into 184 bits
*
* _Available since v4.7._
*/
function toInt184(int256 value) internal pure returns (int184 downcasted) {
downcasted = int184(value);
require(downcasted == value, "SafeCast: value doesn't fit in 184 bits");
}
/**
* @dev Returns the downcasted int176 from int256, reverting on
* overflow (when the input is less than smallest int176 or
* greater than largest int176).
*
* Counterpart to Solidity's `int176` operator.
*
* Requirements:
*
* - input must fit into 176 bits
*
* _Available since v4.7._
*/
function toInt176(int256 value) internal pure returns (int176 downcasted) {
downcasted = int176(value);
require(downcasted == value, "SafeCast: value doesn't fit in 176 bits");
}
/**
* @dev Returns the downcasted int168 from int256, reverting on
* overflow (when the input is less than smallest int168 or
* greater than largest int168).
*
* Counterpart to Solidity's `int168` operator.
*
* Requirements:
*
* - input must fit into 168 bits
*
* _Available since v4.7._
*/
function toInt168(int256 value) internal pure returns (int168 downcasted) {
downcasted = int168(value);
require(downcasted == value, "SafeCast: value doesn't fit in 168 bits");
}
/**
* @dev Returns the downcasted int160 from int256, reverting on
* overflow (when the input is less than smallest int160 or
* greater than largest int160).
*
* Counterpart to Solidity's `int160` operator.
*
* Requirements:
*
* - input must fit into 160 bits
*
* _Available since v4.7._
*/
function toInt160(int256 value) internal pure returns (int160 downcasted) {
downcasted = int160(value);
require(downcasted == value, "SafeCast: value doesn't fit in 160 bits");
}
/**
* @dev Returns the downcasted int152 from int256, reverting on
* overflow (when the input is less than smallest int152 or
* greater than largest int152).
*
* Counterpart to Solidity's `int152` operator.
*
* Requirements:
*
* - input must fit into 152 bits
*
* _Available since v4.7._
*/
function toInt152(int256 value) internal pure returns (int152 downcasted) {
downcasted = int152(value);
require(downcasted == value, "SafeCast: value doesn't fit in 152 bits");
}
/**
* @dev Returns the downcasted int144 from int256, reverting on
* overflow (when the input is less than smallest int144 or
* greater than largest int144).
*
* Counterpart to Solidity's `int144` operator.
*
* Requirements:
*
* - input must fit into 144 bits
*
* _Available since v4.7._
*/
function toInt144(int256 value) internal pure returns (int144 downcasted) {
downcasted = int144(value);
require(downcasted == value, "SafeCast: value doesn't fit in 144 bits");
}
/**
* @dev Returns the downcasted int136 from int256, reverting on
* overflow (when the input is less than smallest int136 or
* greater than largest int136).
*
* Counterpart to Solidity's `int136` operator.
*
* Requirements:
*
* - input must fit into 136 bits
*
* _Available since v4.7._
*/
function toInt136(int256 value) internal pure returns (int136 downcasted) {
downcasted = int136(value);
require(downcasted == value, "SafeCast: value doesn't fit in 136 bits");
}
/**
* @dev Returns the downcasted int128 from int256, reverting on
* overflow (when the input is less than smallest int128 or
* greater than largest int128).
*
* Counterpart to Solidity's `int128` operator.
*
* Requirements:
*
* - input must fit into 128 bits
*
* _Available since v3.1._
*/
function toInt128(int256 value) internal pure returns (int128 downcasted) {
downcasted = int128(value);
require(downcasted == value, "SafeCast: value doesn't fit in 128 bits");
}
/**
* @dev Returns the downcasted int120 from int256, reverting on
* overflow (when the input is less than smallest int120 or
* greater than largest int120).
*
* Counterpart to Solidity's `int120` operator.
*
* Requirements:
*
* - input must fit into 120 bits
*
* _Available since v4.7._
*/
function toInt120(int256 value) internal pure returns (int120 downcasted) {
downcasted = int120(value);
require(downcasted == value, "SafeCast: value doesn't fit in 120 bits");
}
/**
* @dev Returns the downcasted int112 from int256, reverting on
* overflow (when the input is less than smallest int112 or
* greater than largest int112).
*
* Counterpart to Solidity's `int112` operator.
*
* Requirements:
*
* - input must fit into 112 bits
*
* _Available since v4.7._
*/
function toInt112(int256 value) internal pure returns (int112 downcasted) {
downcasted = int112(value);
require(downcasted == value, "SafeCast: value doesn't fit in 112 bits");
}
/**
* @dev Returns the downcasted int104 from int256, reverting on
* overflow (when the input is less than smallest int104 or
* greater than largest int104).
*
* Counterpart to Solidity's `int104` operator.
*
* Requirements:
*
* - input must fit into 104 bits
*
* _Available since v4.7._
*/
function toInt104(int256 value) internal pure returns (int104 downcasted) {
downcasted = int104(value);
require(downcasted == value, "SafeCast: value doesn't fit in 104 bits");
}
/**
* @dev Returns the downcasted int96 from int256, reverting on
* overflow (when the input is less than smallest int96 or
* greater than largest int96).
*
* Counterpart to Solidity's `int96` operator.
*
* Requirements:
*
* - input must fit into 96 bits
*
* _Available since v4.7._
*/
function toInt96(int256 value) internal pure returns (int96 downcasted) {
downcasted = int96(value);
require(downcasted == value, "SafeCast: value doesn't fit in 96 bits");
}
/**
* @dev Returns the downcasted int88 from int256, reverting on
* overflow (when the input is less than smallest int88 or
* greater than largest int88).
*
* Counterpart to Solidity's `int88` operator.
*
* Requirements:
*
* - input must fit into 88 bits
*
* _Available since v4.7._
*/
function toInt88(int256 value) internal pure returns (int88 downcasted) {
downcasted = int88(value);
require(downcasted == value, "SafeCast: value doesn't fit in 88 bits");
}
/**
* @dev Returns the downcasted int80 from int256, reverting on
* overflow (when the input is less than smallest int80 or
* greater than largest int80).
*
* Counterpart to Solidity's `int80` operator.
*
* Requirements:
*
* - input must fit into 80 bits
*
* _Available since v4.7._
*/
function toInt80(int256 value) internal pure returns (int80 downcasted) {
downcasted = int80(value);
require(downcasted == value, "SafeCast: value doesn't fit in 80 bits");
}
/**
* @dev Returns the downcasted int72 from int256, reverting on
* overflow (when the input is less than smallest int72 or
* greater than largest int72).
*
* Counterpart to Solidity's `int72` operator.
*
* Requirements:
*
* - input must fit into 72 bits
*
* _Available since v4.7._
*/
function toInt72(int256 value) internal pure returns (int72 downcasted) {
downcasted = int72(value);
require(downcasted == value, "SafeCast: value doesn't fit in 72 bits");
}
/**
* @dev Returns the downcasted int64 from int256, reverting on
* overflow (when the input is less than smallest int64 or
* greater than largest int64).
*
* Counterpart to Solidity's `int64` operator.
*
* Requirements:
*
* - input must fit into 64 bits
*
* _Available since v3.1._
*/
function toInt64(int256 value) internal pure returns (int64 downcasted) {
downcasted = int64(value);
require(downcasted == value, "SafeCast: value doesn't fit in 64 bits");
}
/**
* @dev Returns the downcasted int56 from int256, reverting on
* overflow (when the input is less than smallest int56 or
* greater than largest int56).
*
* Counterpart to Solidity's `int56` operator.
*
* Requirements:
*
* - input must fit into 56 bits
*
* _Available since v4.7._
*/
function toInt56(int256 value) internal pure returns (int56 downcasted) {
downcasted = int56(value);
require(downcasted == value, "SafeCast: value doesn't fit in 56 bits");
}
/**
* @dev Returns the downcasted int48 from int256, reverting on
* overflow (when the input is less than smallest int48 or
* greater than largest int48).
*
* Counterpart to Solidity's `int48` operator.
*
* Requirements:
*
* - input must fit into 48 bits
*
* _Available since v4.7._
*/
function toInt48(int256 value) internal pure returns (int48 downcasted) {
downcasted = int48(value);
require(downcasted == value, "SafeCast: value doesn't fit in 48 bits");
}
/**
* @dev Returns the downcasted int40 from int256, reverting on
* overflow (when the input is less than smallest int40 or
* greater than largest int40).
*
* Counterpart to Solidity's `int40` operator.
*
* Requirements:
*
* - input must fit into 40 bits
*
* _Available since v4.7._
*/
function toInt40(int256 value) internal pure returns (int40 downcasted) {
downcasted = int40(value);
require(downcasted == value, "SafeCast: value doesn't fit in 40 bits");
}
/**
* @dev Returns the downcasted int32 from int256, reverting on
* overflow (when the input is less than smallest int32 or
* greater than largest int32).
*
* Counterpart to Solidity's `int32` operator.
*
* Requirements:
*
* - input must fit into 32 bits
*
* _Available since v3.1._
*/
function toInt32(int256 value) internal pure returns (int32 downcasted) {
downcasted = int32(value);
require(downcasted == value, "SafeCast: value doesn't fit in 32 bits");
}
/**
* @dev Returns the downcasted int24 from int256, reverting on
* overflow (when the input is less than smallest int24 or
* greater than largest int24).
*
* Counterpart to Solidity's `int24` operator.
*
* Requirements:
*
* - input must fit into 24 bits
*
* _Available since v4.7._
*/
function toInt24(int256 value) internal pure returns (int24 downcasted) {
downcasted = int24(value);
require(downcasted == value, "SafeCast: value doesn't fit in 24 bits");
}
/**
* @dev Returns the downcasted int16 from int256, reverting on
* overflow (when the input is less than smallest int16 or
* greater than largest int16).
*
* Counterpart to Solidity's `int16` operator.
*
* Requirements:
*
* - input must fit into 16 bits
*
* _Available since v3.1._
*/
function toInt16(int256 value) internal pure returns (int16 downcasted) {
downcasted = int16(value);
require(downcasted == value, "SafeCast: value doesn't fit in 16 bits");
}
/**
* @dev Returns the downcasted int8 from int256, reverting on
* overflow (when the input is less than smallest int8 or
* greater than largest int8).
*
* Counterpart to Solidity's `int8` operator.
*
* Requirements:
*
* - input must fit into 8 bits
*
* _Available since v3.1._
*/
function toInt8(int256 value) internal pure returns (int8 downcasted) {
downcasted = int8(value);
require(downcasted == value, "SafeCast: value doesn't fit in 8 bits");
}
/**
* @dev Converts an unsigned uint256 into a signed int256.
*
* Requirements:
*
* - input must be less than or equal to maxInt256.
*
* _Available since v3.0._
*/
function toInt256(uint256 value) internal pure returns (int256) {
// Note: Unsafe cast below is okay because `type(int256).max` is guaranteed to be positive
require(value <= uint256(type(int256).max), "SafeCast: value doesn't fit in an int256");
return int256(value);
}
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
/*///////////////////////////////////////////////////////////////
WHITELIST
//////////////////////////////////////////////////////////////*/
interface IWhitelistEvents {
event WhitelistSet(address indexed account, bool status);
}
interface IWhitelistErrors {
error NotWhitelisted();
error ForbiddenWhitelistAddress();
}
interface IWhitelist is IWhitelistEvents, IWhitelistErrors {
/// @notice Set whitelist status for an address
function setWhitelisted(address addr, bool isWhitelisted) external;
/// @notice Check if an address is whitelisted
function whitelisted(address addr) external view returns (bool);
}
interface ILock is IWhitelist {
error OnlyEscrow();
/// @notice Address of the escrow contract that holds underyling assets
function escrow() external view returns (address);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (token/ERC721/extensions/ERC721Enumerable.sol)
pragma solidity ^0.8.0;
import "../ERC721Upgradeable.sol";
import "./IERC721EnumerableUpgradeable.sol";
import "../../../proxy/utils/Initializable.sol";
/**
* @dev This implements an optional extension of {ERC721} defined in the EIP that adds
* enumerability of all the token ids in the contract as well as all token ids owned by each
* account.
*/
abstract contract ERC721EnumerableUpgradeable is Initializable, ERC721Upgradeable, IERC721EnumerableUpgradeable {
function __ERC721Enumerable_init() internal onlyInitializing {
}
function __ERC721Enumerable_init_unchained() internal onlyInitializing {
}
// Mapping from owner to list of owned token IDs
mapping(address => mapping(uint256 => uint256)) private _ownedTokens;
// Mapping from token ID to index of the owner tokens list
mapping(uint256 => uint256) private _ownedTokensIndex;
// Array with all token ids, used for enumeration
uint256[] private _allTokens;
// Mapping from token id to position in the allTokens array
mapping(uint256 => uint256) private _allTokensIndex;
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override(IERC165Upgradeable, ERC721Upgradeable) returns (bool) {
return interfaceId == type(IERC721EnumerableUpgradeable).interfaceId || super.supportsInterface(interfaceId);
}
/**
* @dev See {IERC721Enumerable-tokenOfOwnerByIndex}.
*/
function tokenOfOwnerByIndex(address owner, uint256 index) public view virtual override returns (uint256) {
require(index < ERC721Upgradeable.balanceOf(owner), "ERC721Enumerable: owner index out of bounds");
return _ownedTokens[owner][index];
}
/**
* @dev See {IERC721Enumerable-totalSupply}.
*/
function totalSupply() public view virtual override returns (uint256) {
return _allTokens.length;
}
/**
* @dev See {IERC721Enumerable-tokenByIndex}.
*/
function tokenByIndex(uint256 index) public view virtual override returns (uint256) {
require(index < ERC721EnumerableUpgradeable.totalSupply(), "ERC721Enumerable: global index out of bounds");
return _allTokens[index];
}
/**
* @dev See {ERC721-_beforeTokenTransfer}.
*/
function _beforeTokenTransfer(
address from,
address to,
uint256 firstTokenId,
uint256 batchSize
) internal virtual override {
super._beforeTokenTransfer(from, to, firstTokenId, batchSize);
if (batchSize > 1) {
// Will only trigger during construction. Batch transferring (minting) is not available afterwards.
revert("ERC721Enumerable: consecutive transfers not supported");
}
uint256 tokenId = firstTokenId;
if (from == address(0)) {
_addTokenToAllTokensEnumeration(tokenId);
} else if (from != to) {
_removeTokenFromOwnerEnumeration(from, tokenId);
}
if (to == address(0)) {
_removeTokenFromAllTokensEnumeration(tokenId);
} else if (to != from) {
_addTokenToOwnerEnumeration(to, tokenId);
}
}
/**
* @dev Private function to add a token to this extension's ownership-tracking data structures.
* @param to address representing the new owner of the given token ID
* @param tokenId uint256 ID of the token to be added to the tokens list of the given address
*/
function _addTokenToOwnerEnumeration(address to, uint256 tokenId) private {
uint256 length = ERC721Upgradeable.balanceOf(to);
_ownedTokens[to][length] = tokenId;
_ownedTokensIndex[tokenId] = length;
}
/**
* @dev Private function to add a token to this extension's token tracking data structures.
* @param tokenId uint256 ID of the token to be added to the tokens list
*/
function _addTokenToAllTokensEnumeration(uint256 tokenId) private {
_allTokensIndex[tokenId] = _allTokens.length;
_allTokens.push(tokenId);
}
/**
* @dev Private function to remove a token from this extension's ownership-tracking data structures. Note that
* while the token is not assigned a new owner, the `_ownedTokensIndex` mapping is _not_ updated: this allows for
* gas optimizations e.g. when performing a transfer operation (avoiding double writes).
* This has O(1) time complexity, but alters the order of the _ownedTokens array.
* @param from address representing the previous owner of the given token ID
* @param tokenId uint256 ID of the token to be removed from the tokens list of the given address
*/
function _removeTokenFromOwnerEnumeration(address from, uint256 tokenId) private {
// To prevent a gap in from's tokens array, we store the last token in the index of the token to delete, and
// then delete the last slot (swap and pop).
uint256 lastTokenIndex = ERC721Upgradeable.balanceOf(from) - 1;
uint256 tokenIndex = _ownedTokensIndex[tokenId];
// When the token to delete is the last token, the swap operation is unnecessary
if (tokenIndex != lastTokenIndex) {
uint256 lastTokenId = _ownedTokens[from][lastTokenIndex];
_ownedTokens[from][tokenIndex] = lastTokenId; // Move the last token to the slot of the to-delete token
_ownedTokensIndex[lastTokenId] = tokenIndex; // Update the moved token's index
}
// This also deletes the contents at the last position of the array
delete _ownedTokensIndex[tokenId];
delete _ownedTokens[from][lastTokenIndex];
}
/**
* @dev Private function to remove a token from this extension's token tracking data structures.
* This has O(1) time complexity, but alters the order of the _allTokens array.
* @param tokenId uint256 ID of the token to be removed from the tokens list
*/
function _removeTokenFromAllTokensEnumeration(uint256 tokenId) private {
// To prevent a gap in the tokens array, we store the last token in the index of the token to delete, and
// then delete the last slot (swap and pop).
uint256 lastTokenIndex = _allTokens.length - 1;
uint256 tokenIndex = _allTokensIndex[tokenId];
// When the token to delete is the last token, the swap operation is unnecessary. However, since this occurs so
// rarely (when the last minted token is burnt) that we still do the swap here to avoid the gas cost of adding
// an 'if' statement (like in _removeTokenFromOwnerEnumeration)
uint256 lastTokenId = _allTokens[lastTokenIndex];
_allTokens[tokenIndex] = lastTokenId; // Move the last token to the slot of the to-delete token
_allTokensIndex[lastTokenId] = tokenIndex; // Update the moved token's index
// This also deletes the contents at the last position of the array
delete _allTokensIndex[tokenId];
_allTokens.pop();
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[46] private __gap;
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/Checkpoints.sol)
// This file was procedurally generated from scripts/generate/templates/Checkpoints.js.
pragma solidity ^0.8.0;
import "./math/MathUpgradeable.sol";
import "./math/SafeCastUpgradeable.sol";
/**
* @dev This library defines the `History` struct, for checkpointing values as they change at different points in
* time, and later looking up past values by block number. See {Votes} as an example.
*
* To create a history of checkpoints define a variable type `Checkpoints.History` in your contract, and store a new
* checkpoint for the current transaction block using the {push} function.
*
* _Available since v4.5._
*/
library CheckpointsUpgradeable {
struct History {
Checkpoint[] _checkpoints;
}
struct Checkpoint {
uint32 _blockNumber;
uint224 _value;
}
/**
* @dev Returns the value at a given block number. If a checkpoint is not available at that block, the closest one
* before it is returned, or zero otherwise. Because the number returned corresponds to that at the end of the
* block, the requested block number must be in the past, excluding the current block.
*/
function getAtBlock(History storage self, uint256 blockNumber) internal view returns (uint256) {
require(blockNumber < block.number, "Checkpoints: block not yet mined");
uint32 key = SafeCastUpgradeable.toUint32(blockNumber);
uint256 len = self._checkpoints.length;
uint256 pos = _upperBinaryLookup(self._checkpoints, key, 0, len);
return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value;
}
/**
* @dev Returns the value at a given block number. If a checkpoint is not available at that block, the closest one
* before it is returned, or zero otherwise. Similar to {upperLookup} but optimized for the case when the searched
* checkpoint is probably "recent", defined as being among the last sqrt(N) checkpoints where N is the number of
* checkpoints.
*/
function getAtProbablyRecentBlock(History storage self, uint256 blockNumber) internal view returns (uint256) {
require(blockNumber < block.number, "Checkpoints: block not yet mined");
uint32 key = SafeCastUpgradeable.toUint32(blockNumber);
uint256 len = self._checkpoints.length;
uint256 low = 0;
uint256 high = len;
if (len > 5) {
uint256 mid = len - MathUpgradeable.sqrt(len);
if (key < _unsafeAccess(self._checkpoints, mid)._blockNumber) {
high = mid;
} else {
low = mid + 1;
}
}
uint256 pos = _upperBinaryLookup(self._checkpoints, key, low, high);
return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value;
}
/**
* @dev Pushes a value onto a History so that it is stored as the checkpoint for the current block.
*
* Returns previous value and new value.
*/
function push(History storage self, uint256 value) internal returns (uint256, uint256) {
return _insert(self._checkpoints, SafeCastUpgradeable.toUint32(block.number), SafeCastUpgradeable.toUint224(value));
}
/**
* @dev Pushes a value onto a History, by updating the latest value using binary operation `op`. The new value will
* be set to `op(latest, delta)`.
*
* Returns previous value and new value.
*/
function push(
History storage self,
function(uint256, uint256) view returns (uint256) op,
uint256 delta
) internal returns (uint256, uint256) {
return push(self, op(latest(self), delta));
}
/**
* @dev Returns the value in the most recent checkpoint, or zero if there are no checkpoints.
*/
function latest(History storage self) internal view returns (uint224) {
uint256 pos = self._checkpoints.length;
return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value;
}
/**
* @dev Returns whether there is a checkpoint in the structure (i.e. it is not empty), and if so the key and value
* in the most recent checkpoint.
*/
function latestCheckpoint(
History storage self
) internal view returns (bool exists, uint32 _blockNumber, uint224 _value) {
uint256 pos = self._checkpoints.length;
if (pos == 0) {
return (false, 0, 0);
} else {
Checkpoint memory ckpt = _unsafeAccess(self._checkpoints, pos - 1);
return (true, ckpt._blockNumber, ckpt._value);
}
}
/**
* @dev Returns the number of checkpoint.
*/
function length(History storage self) internal view returns (uint256) {
return self._checkpoints.length;
}
/**
* @dev Pushes a (`key`, `value`) pair into an ordered list of checkpoints, either by inserting a new checkpoint,
* or by updating the last one.
*/
function _insert(Checkpoint[] storage self, uint32 key, uint224 value) private returns (uint224, uint224) {
uint256 pos = self.length;
if (pos > 0) {
// Copying to memory is important here.
Checkpoint memory last = _unsafeAccess(self, pos - 1);
// Checkpoint keys must be non-decreasing.
require(last._blockNumber <= key, "Checkpoint: decreasing keys");
// Update or push new checkpoint
if (last._blockNumber == key) {
_unsafeAccess(self, pos - 1)._value = value;
} else {
self.push(Checkpoint({_blockNumber: key, _value: value}));
}
return (last._value, value);
} else {
self.push(Checkpoint({_blockNumber: key, _value: value}));
return (0, value);
}
}
/**
* @dev Return the index of the last (most recent) checkpoint with key lower or equal than the search key, or `high` if there is none.
* `low` and `high` define a section where to do the search, with inclusive `low` and exclusive `high`.
*
* WARNING: `high` should not be greater than the array's length.
*/
function _upperBinaryLookup(
Checkpoint[] storage self,
uint32 key,
uint256 low,
uint256 high
) private view returns (uint256) {
while (low < high) {
uint256 mid = MathUpgradeable.average(low, high);
if (_unsafeAccess(self, mid)._blockNumber > key) {
high = mid;
} else {
low = mid + 1;
}
}
return high;
}
/**
* @dev Return the index of the first (oldest) checkpoint with key is greater or equal than the search key, or `high` if there is none.
* `low` and `high` define a section where to do the search, with inclusive `low` and exclusive `high`.
*
* WARNING: `high` should not be greater than the array's length.
*/
function _lowerBinaryLookup(
Checkpoint[] storage self,
uint32 key,
uint256 low,
uint256 high
) private view returns (uint256) {
while (low < high) {
uint256 mid = MathUpgradeable.average(low, high);
if (_unsafeAccess(self, mid)._blockNumber < key) {
low = mid + 1;
} else {
high = mid;
}
}
return high;
}
/**
* @dev Access an element of the array without performing bounds check. The position is assumed to be within bounds.
*/
function _unsafeAccess(Checkpoint[] storage self, uint256 pos) private pure returns (Checkpoint storage result) {
assembly {
mstore(0, self.slot)
result.slot := add(keccak256(0, 0x20), pos)
}
}
struct Trace224 {
Checkpoint224[] _checkpoints;
}
struct Checkpoint224 {
uint32 _key;
uint224 _value;
}
/**
* @dev Pushes a (`key`, `value`) pair into a Trace224 so that it is stored as the checkpoint.
*
* Returns previous value and new value.
*/
function push(Trace224 storage self, uint32 key, uint224 value) internal returns (uint224, uint224) {
return _insert(self._checkpoints, key, value);
}
/**
* @dev Returns the value in the first (oldest) checkpoint with key greater or equal than the search key, or zero if there is none.
*/
function lowerLookup(Trace224 storage self, uint32 key) internal view returns (uint224) {
uint256 len = self._checkpoints.length;
uint256 pos = _lowerBinaryLookup(self._checkpoints, key, 0, len);
return pos == len ? 0 : _unsafeAccess(self._checkpoints, pos)._value;
}
/**
* @dev Returns the value in the last (most recent) checkpoint with key lower or equal than the search key, or zero if there is none.
*/
function upperLookup(Trace224 storage self, uint32 key) internal view returns (uint224) {
uint256 len = self._checkpoints.length;
uint256 pos = _upperBinaryLookup(self._checkpoints, key, 0, len);
return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value;
}
/**
* @dev Returns the value in the last (most recent) checkpoint with key lower or equal than the search key, or zero if there is none.
*
* NOTE: This is a variant of {upperLookup} that is optimised to find "recent" checkpoint (checkpoints with high keys).
*/
function upperLookupRecent(Trace224 storage self, uint32 key) internal view returns (uint224) {
uint256 len = self._checkpoints.length;
uint256 low = 0;
uint256 high = len;
if (len > 5) {
uint256 mid = len - MathUpgradeable.sqrt(len);
if (key < _unsafeAccess(self._checkpoints, mid)._key) {
high = mid;
} else {
low = mid + 1;
}
}
uint256 pos = _upperBinaryLookup(self._checkpoints, key, low, high);
return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value;
}
/**
* @dev Returns the value in the most recent checkpoint, or zero if there are no checkpoints.
*/
function latest(Trace224 storage self) internal view returns (uint224) {
uint256 pos = self._checkpoints.length;
return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value;
}
/**
* @dev Returns whether there is a checkpoint in the structure (i.e. it is not empty), and if so the key and value
* in the most recent checkpoint.
*/
function latestCheckpoint(Trace224 storage self) internal view returns (bool exists, uint32 _key, uint224 _value) {
uint256 pos = self._checkpoints.length;
if (pos == 0) {
return (false, 0, 0);
} else {
Checkpoint224 memory ckpt = _unsafeAccess(self._checkpoints, pos - 1);
return (true, ckpt._key, ckpt._value);
}
}
/**
* @dev Returns the number of checkpoint.
*/
function length(Trace224 storage self) internal view returns (uint256) {
return self._checkpoints.length;
}
/**
* @dev Pushes a (`key`, `value`) pair into an ordered list of checkpoints, either by inserting a new checkpoint,
* or by updating the last one.
*/
function _insert(Checkpoint224[] storage self, uint32 key, uint224 value) private returns (uint224, uint224) {
uint256 pos = self.length;
if (pos > 0) {
// Copying to memory is important here.
Checkpoint224 memory last = _unsafeAccess(self, pos - 1);
// Checkpoint keys must be non-decreasing.
require(last._key <= key, "Checkpoint: decreasing keys");
// Update or push new checkpoint
if (last._key == key) {
_unsafeAccess(self, pos - 1)._value = value;
} else {
self.push(Checkpoint224({_key: key, _value: value}));
}
return (last._value, value);
} else {
self.push(Checkpoint224({_key: key, _value: value}));
return (0, value);
}
}
/**
* @dev Return the index of the last (most recent) checkpoint with key lower or equal than the search key, or `high` if there is none.
* `low` and `high` define a section where to do the search, with inclusive `low` and exclusive `high`.
*
* WARNING: `high` should not be greater than the array's length.
*/
function _upperBinaryLookup(
Checkpoint224[] storage self,
uint32 key,
uint256 low,
uint256 high
) private view returns (uint256) {
while (low < high) {
uint256 mid = MathUpgradeable.average(low, high);
if (_unsafeAccess(self, mid)._key > key) {
high = mid;
} else {
low = mid + 1;
}
}
return high;
}
/**
* @dev Return the index of the first (oldest) checkpoint with key is greater or equal than the search key, or `high` if there is none.
* `low` and `high` define a section where to do the search, with inclusive `low` and exclusive `high`.
*
* WARNING: `high` should not be greater than the array's length.
*/
function _lowerBinaryLookup(
Checkpoint224[] storage self,
uint32 key,
uint256 low,
uint256 high
) private view returns (uint256) {
while (low < high) {
uint256 mid = MathUpgradeable.average(low, high);
if (_unsafeAccess(self, mid)._key < key) {
low = mid + 1;
} else {
high = mid;
}
}
return high;
}
/**
* @dev Access an element of the array without performing bounds check. The position is assumed to be within bounds.
*/
function _unsafeAccess(
Checkpoint224[] storage self,
uint256 pos
) private pure returns (Checkpoint224 storage result) {
assembly {
mstore(0, self.slot)
result.slot := add(keccak256(0, 0x20), pos)
}
}
struct Trace160 {
Checkpoint160[] _checkpoints;
}
struct Checkpoint160 {
uint96 _key;
uint160 _value;
}
/**
* @dev Pushes a (`key`, `value`) pair into a Trace160 so that it is stored as the checkpoint.
*
* Returns previous value and new value.
*/
function push(Trace160 storage self, uint96 key, uint160 value) internal returns (uint160, uint160) {
return _insert(self._checkpoints, key, value);
}
/**
* @dev Returns the value in the first (oldest) checkpoint with key greater or equal than the search key, or zero if there is none.
*/
function lowerLookup(Trace160 storage self, uint96 key) internal view returns (uint160) {
uint256 len = self._checkpoints.length;
uint256 pos = _lowerBinaryLookup(self._checkpoints, key, 0, len);
return pos == len ? 0 : _unsafeAccess(self._checkpoints, pos)._value;
}
/**
* @dev Returns the value in the last (most recent) checkpoint with key lower or equal than the search key, or zero if there is none.
*/
function upperLookup(Trace160 storage self, uint96 key) internal view returns (uint160) {
uint256 len = self._checkpoints.length;
uint256 pos = _upperBinaryLookup(self._checkpoints, key, 0, len);
return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value;
}
/**
* @dev Returns the value in the last (most recent) checkpoint with key lower or equal than the search key, or zero if there is none.
*
* NOTE: This is a variant of {upperLookup} that is optimised to find "recent" checkpoint (checkpoints with high keys).
*/
function upperLookupRecent(Trace160 storage self, uint96 key) internal view returns (uint160) {
uint256 len = self._checkpoints.length;
uint256 low = 0;
uint256 high = len;
if (len > 5) {
uint256 mid = len - MathUpgradeable.sqrt(len);
if (key < _unsafeAccess(self._checkpoints, mid)._key) {
high = mid;
} else {
low = mid + 1;
}
}
uint256 pos = _upperBinaryLookup(self._checkpoints, key, low, high);
return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value;
}
/**
* @dev Returns the value in the most recent checkpoint, or zero if there are no checkpoints.
*/
function latest(Trace160 storage self) internal view returns (uint160) {
uint256 pos = self._checkpoints.length;
return pos == 0 ? 0 : _unsafeAccess(self._checkpoints, pos - 1)._value;
}
/**
* @dev Returns whether there is a checkpoint in the structure (i.e. it is not empty), and if so the key and value
* in the most recent checkpoint.
*/
function latestCheckpoint(Trace160 storage self) internal view returns (bool exists, uint96 _key, uint160 _value) {
uint256 pos = self._checkpoints.length;
if (pos == 0) {
return (false, 0, 0);
} else {
Checkpoint160 memory ckpt = _unsafeAccess(self._checkpoints, pos - 1);
return (true, ckpt._key, ckpt._value);
}
}
/**
* @dev Returns the number of checkpoint.
*/
function length(Trace160 storage self) internal view returns (uint256) {
return self._checkpoints.length;
}
/**
* @dev Pushes a (`key`, `value`) pair into an ordered list of checkpoints, either by inserting a new checkpoint,
* or by updating the last one.
*/
function _insert(Checkpoint160[] storage self, uint96 key, uint160 value) private returns (uint160, uint160) {
uint256 pos = self.length;
if (pos > 0) {
// Copying to memory is important here.
Checkpoint160 memory last = _unsafeAccess(self, pos - 1);
// Checkpoint keys must be non-decreasing.
require(last._key <= key, "Checkpoint: decreasing keys");
// Update or push new checkpoint
if (last._key == key) {
_unsafeAccess(self, pos - 1)._value = value;
} else {
self.push(Checkpoint160({_key: key, _value: value}));
}
return (last._value, value);
} else {
self.push(Checkpoint160({_key: key, _value: value}));
return (0, value);
}
}
/**
* @dev Return the index of the last (most recent) checkpoint with key lower or equal than the search key, or `high` if there is none.
* `low` and `high` define a section where to do the search, with inclusive `low` and exclusive `high`.
*
* WARNING: `high` should not be greater than the array's length.
*/
function _upperBinaryLookup(
Checkpoint160[] storage self,
uint96 key,
uint256 low,
uint256 high
) private view returns (uint256) {
while (low < high) {
uint256 mid = MathUpgradeable.average(low, high);
if (_unsafeAccess(self, mid)._key > key) {
high = mid;
} else {
low = mid + 1;
}
}
return high;
}
/**
* @dev Return the index of the first (oldest) checkpoint with key is greater or equal than the search key, or `high` if there is none.
* `low` and `high` define a section where to do the search, with inclusive `low` and exclusive `high`.
*
* WARNING: `high` should not be greater than the array's length.
*/
function _lowerBinaryLookup(
Checkpoint160[] storage self,
uint96 key,
uint256 low,
uint256 high
) private view returns (uint256) {
while (low < high) {
uint256 mid = MathUpgradeable.average(low, high);
if (_unsafeAccess(self, mid)._key < key) {
low = mid + 1;
} else {
high = mid;
}
}
return high;
}
/**
* @dev Access an element of the array without performing bounds check. The position is assumed to be within bounds.
*/
function _unsafeAccess(
Checkpoint160[] storage self,
uint256 pos
) private pure returns (Checkpoint160 storage result) {
assembly {
mstore(0, self.slot)
result.slot := add(keccak256(0, 0x20), pos)
}
}
}// SPDX-License-Identifier: AGPL-3.0-or-later pragma solidity ^0.8.8; /// @notice Adds two unsigned integers without checking the result for overflow errors (using safe math). /// @param a The first summand. /// @param b The second summand. /// @return The sum. /// @custom:security-contact [email protected] function _uncheckedAdd(uint256 a, uint256 b) pure returns (uint256) { unchecked { return a + b; } } /// @notice Subtracts two unsigned integers without checking the result for overflow errors (using safe math). /// @param a The minuend. /// @param b The subtrahend. /// @return The difference. /// @custom:security-contact [email protected] function _uncheckedSub(uint256 a, uint256 b) pure returns (uint256) { unchecked { return a - b; } }
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/Counters.sol)
pragma solidity ^0.8.0;
/**
* @title Counters
* @author Matt Condon (@shrugs)
* @dev Provides counters that can only be incremented, decremented or reset. This can be used e.g. to track the number
* of elements in a mapping, issuing ERC721 ids, or counting request ids.
*
* Include with `using Counters for Counters.Counter;`
*/
library CountersUpgradeable {
struct Counter {
// This variable should never be directly accessed by users of the library: interactions must be restricted to
// the library's function. As of Solidity v0.5.2, this cannot be enforced, though there is a proposal to add
// this feature: see https://github.com/ethereum/solidity/issues/4637
uint256 _value; // default: 0
}
function current(Counter storage counter) internal view returns (uint256) {
return counter._value;
}
function increment(Counter storage counter) internal {
unchecked {
counter._value += 1;
}
}
function decrement(Counter storage counter) internal {
uint256 value = counter._value;
require(value > 0, "Counter: decrement overflow");
unchecked {
counter._value = value - 1;
}
}
function reset(Counter storage counter) internal {
counter._value = 0;
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.6.0) (proxy/Proxy.sol)
pragma solidity ^0.8.0;
/**
* @dev This abstract contract provides a fallback function that delegates all calls to another contract using the EVM
* instruction `delegatecall`. We refer to the second contract as the _implementation_ behind the proxy, and it has to
* be specified by overriding the virtual {_implementation} function.
*
* Additionally, delegation to the implementation can be triggered manually through the {_fallback} function, or to a
* different contract through the {_delegate} function.
*
* The success and return data of the delegated call will be returned back to the caller of the proxy.
*/
abstract contract Proxy {
/**
* @dev Delegates the current call to `implementation`.
*
* This function does not return to its internal call site, it will return directly to the external caller.
*/
function _delegate(address implementation) internal virtual {
assembly {
// Copy msg.data. We take full control of memory in this inline assembly
// block because it will not return to Solidity code. We overwrite the
// Solidity scratch pad at memory position 0.
calldatacopy(0, 0, calldatasize())
// Call the implementation.
// out and outsize are 0 because we don't know the size yet.
let result := delegatecall(gas(), implementation, 0, calldatasize(), 0, 0)
// Copy the returned data.
returndatacopy(0, 0, returndatasize())
switch result
// delegatecall returns 0 on error.
case 0 {
revert(0, returndatasize())
}
default {
return(0, returndatasize())
}
}
}
/**
* @dev This is a virtual function that should be overridden so it returns the address to which the fallback function
* and {_fallback} should delegate.
*/
function _implementation() internal view virtual returns (address);
/**
* @dev Delegates the current call to the address returned by `_implementation()`.
*
* This function does not return to its internal call site, it will return directly to the external caller.
*/
function _fallback() internal virtual {
_beforeFallback();
_delegate(_implementation());
}
/**
* @dev Fallback function that delegates calls to the address returned by `_implementation()`. Will run if no other
* function in the contract matches the call data.
*/
fallback() external payable virtual {
_fallback();
}
/**
* @dev Fallback function that delegates calls to the address returned by `_implementation()`. Will run if call data
* is empty.
*/
receive() external payable virtual {
_fallback();
}
/**
* @dev Hook that is called before falling back to the implementation. Can happen as part of a manual `_fallback`
* call, or as part of the Solidity `fallback` or `receive` functions.
*
* If overridden should call `super._beforeFallback()`.
*/
function _beforeFallback() internal virtual {}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (proxy/ERC1967/ERC1967Upgrade.sol)
pragma solidity ^0.8.2;
import "../beacon/IBeacon.sol";
import "../../interfaces/IERC1967.sol";
import "../../interfaces/draft-IERC1822.sol";
import "../../utils/Address.sol";
import "../../utils/StorageSlot.sol";
/**
* @dev This abstract contract provides getters and event emitting update functions for
* https://eips.ethereum.org/EIPS/eip-1967[EIP1967] slots.
*
* _Available since v4.1._
*/
abstract contract ERC1967Upgrade is IERC1967 {
// This is the keccak-256 hash of "eip1967.proxy.rollback" subtracted by 1
bytes32 private constant _ROLLBACK_SLOT = 0x4910fdfa16fed3260ed0e7147f7cc6da11a60208b5b9406d12a635614ffd9143;
/**
* @dev Storage slot with the address of the current implementation.
* This is the keccak-256 hash of "eip1967.proxy.implementation" subtracted by 1, and is
* validated in the constructor.
*/
bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
/**
* @dev Returns the current implementation address.
*/
function _getImplementation() internal view returns (address) {
return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
}
/**
* @dev Stores a new address in the EIP1967 implementation slot.
*/
function _setImplementation(address newImplementation) private {
require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract");
StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
}
/**
* @dev Perform implementation upgrade
*
* Emits an {Upgraded} event.
*/
function _upgradeTo(address newImplementation) internal {
_setImplementation(newImplementation);
emit Upgraded(newImplementation);
}
/**
* @dev Perform implementation upgrade with additional setup call.
*
* Emits an {Upgraded} event.
*/
function _upgradeToAndCall(address newImplementation, bytes memory data, bool forceCall) internal {
_upgradeTo(newImplementation);
if (data.length > 0 || forceCall) {
Address.functionDelegateCall(newImplementation, data);
}
}
/**
* @dev Perform implementation upgrade with security checks for UUPS proxies, and additional setup call.
*
* Emits an {Upgraded} event.
*/
function _upgradeToAndCallUUPS(address newImplementation, bytes memory data, bool forceCall) internal {
// Upgrades from old implementations will perform a rollback test. This test requires the new
// implementation to upgrade back to the old, non-ERC1822 compliant, implementation. Removing
// this special case will break upgrade paths from old UUPS implementation to new ones.
if (StorageSlot.getBooleanSlot(_ROLLBACK_SLOT).value) {
_setImplementation(newImplementation);
} else {
try IERC1822Proxiable(newImplementation).proxiableUUID() returns (bytes32 slot) {
require(slot == _IMPLEMENTATION_SLOT, "ERC1967Upgrade: unsupported proxiableUUID");
} catch {
revert("ERC1967Upgrade: new implementation is not UUPS");
}
_upgradeToAndCall(newImplementation, data, forceCall);
}
}
/**
* @dev Storage slot with the admin of the contract.
* This is the keccak-256 hash of "eip1967.proxy.admin" subtracted by 1, and is
* validated in the constructor.
*/
bytes32 internal constant _ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;
/**
* @dev Returns the current admin.
*/
function _getAdmin() internal view returns (address) {
return StorageSlot.getAddressSlot(_ADMIN_SLOT).value;
}
/**
* @dev Stores a new address in the EIP1967 admin slot.
*/
function _setAdmin(address newAdmin) private {
require(newAdmin != address(0), "ERC1967: new admin is the zero address");
StorageSlot.getAddressSlot(_ADMIN_SLOT).value = newAdmin;
}
/**
* @dev Changes the admin of the proxy.
*
* Emits an {AdminChanged} event.
*/
function _changeAdmin(address newAdmin) internal {
emit AdminChanged(_getAdmin(), newAdmin);
_setAdmin(newAdmin);
}
/**
* @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy.
* This is bytes32(uint256(keccak256('eip1967.proxy.beacon')) - 1)) and is validated in the constructor.
*/
bytes32 internal constant _BEACON_SLOT = 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50;
/**
* @dev Returns the current beacon.
*/
function _getBeacon() internal view returns (address) {
return StorageSlot.getAddressSlot(_BEACON_SLOT).value;
}
/**
* @dev Stores a new beacon in the EIP1967 beacon slot.
*/
function _setBeacon(address newBeacon) private {
require(Address.isContract(newBeacon), "ERC1967: new beacon is not a contract");
require(
Address.isContract(IBeacon(newBeacon).implementation()),
"ERC1967: beacon implementation is not a contract"
);
StorageSlot.getAddressSlot(_BEACON_SLOT).value = newBeacon;
}
/**
* @dev Perform beacon upgrade with additional setup call. Note: This upgrades the address of the beacon, it does
* not upgrade the implementation contained in the beacon (see {UpgradeableBeacon-_setImplementation} for that).
*
* Emits a {BeaconUpgraded} event.
*/
function _upgradeBeaconToAndCall(address newBeacon, bytes memory data, bool forceCall) internal {
_setBeacon(newBeacon);
emit BeaconUpgraded(newBeacon);
if (data.length > 0 || forceCall) {
Address.functionDelegateCall(IBeacon(newBeacon).implementation(), data);
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)
pragma solidity ^0.8.0;
import "../proxy/utils/Initializable.sol";
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract ContextUpgradeable is Initializable {
function __Context_init() internal onlyInitializing {
}
function __Context_init_unchained() internal onlyInitializing {
}
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[50] private __gap;
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (token/ERC721/extensions/IERC721Enumerable.sol)
pragma solidity ^0.8.0;
import "../IERC721.sol";
/**
* @title ERC-721 Non-Fungible Token Standard, optional enumeration extension
* @dev See https://eips.ethereum.org/EIPS/eip-721
*/
interface IERC721Enumerable is IERC721 {
/**
* @dev Returns the total amount of tokens stored by the contract.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns a token ID owned by `owner` at a given `index` of its token list.
* Use along with {balanceOf} to enumerate all of ``owner``'s tokens.
*/
function tokenOfOwnerByIndex(address owner, uint256 index) external view returns (uint256);
/**
* @dev Returns a token ID at a given `index` of all the tokens stored by the contract.
* Use along with {totalSupply} to enumerate all tokens.
*/
function tokenByIndex(uint256 index) external view returns (uint256);
}// SPDX-License-Identifier: AGPL-3.0-or-later
pragma solidity ^0.8.8;
import {IDAO} from "../../dao/IDAO.sol";
/// @title DAO Authorization Utilities
/// @author Aragon X - 2022-2024
/// @notice Provides utility functions for verifying if a caller has specific permissions in an associated DAO.
/// @custom:security-contact [email protected]
/// @notice Thrown if a call is unauthorized in the associated DAO.
/// @param dao The associated DAO.
/// @param where The context in which the authorization reverted.
/// @param who The address (EOA or contract) missing the permission.
/// @param permissionId The permission identifier.
error DaoUnauthorized(address dao, address where, address who, bytes32 permissionId);
/// @notice A free function checking if a caller is granted permissions on a target contract via a permission identifier that redirects the approval to a `PermissionCondition` if this was specified in the setup.
/// @param _where The address of the target contract for which `who` receives permission.
/// @param _who The address (EOA or contract) owning the permission.
/// @param _permissionId The permission identifier.
/// @param _data The optional data passed to the `PermissionCondition` registered.
function _auth(
IDAO _dao,
address _where,
address _who,
bytes32 _permissionId,
bytes calldata _data
) view {
if (!_dao.hasPermission(_where, _who, _permissionId, _data))
revert DaoUnauthorized({
dao: address(_dao),
where: _where,
who: _who,
permissionId: _permissionId
});
}// SPDX-License-Identifier: MIT
pragma solidity >=0.8.0;
/// @notice Signed 18 decimal fixed point (wad) arithmetic library.
/// @author Solmate (https://github.com/transmissions11/solmate/blob/main/src/utils/SignedWadMath.sol)
/// @author Modified from Remco Bloemen (https://xn--2-umb.com/22/exp-ln/index.html)
/// @dev Will not revert on overflow, only use where overflow is not possible.
function toWadUnsafe(uint256 x) pure returns (int256 r) {
/// @solidity memory-safe-assembly
assembly {
// Multiply x by 1e18.
r := mul(x, 1000000000000000000)
}
}
/// @dev Takes an integer amount of seconds and converts it to a wad amount of days.
/// @dev Will not revert on overflow, only use where overflow is not possible.
/// @dev Not meant for negative second amounts, it assumes x is positive.
function toDaysWadUnsafe(uint256 x) pure returns (int256 r) {
/// @solidity memory-safe-assembly
assembly {
// Multiply x by 1e18 and then divide it by 86400.
r := div(mul(x, 1000000000000000000), 86400)
}
}
/// @dev Takes a wad amount of days and converts it to an integer amount of seconds.
/// @dev Will not revert on overflow, only use where overflow is not possible.
/// @dev Not meant for negative day amounts, it assumes x is positive.
function fromDaysWadUnsafe(int256 x) pure returns (uint256 r) {
/// @solidity memory-safe-assembly
assembly {
// Multiply x by 86400 and then divide it by 1e18.
r := div(mul(x, 86400), 1000000000000000000)
}
}
/// @dev Will not revert on overflow, only use where overflow is not possible.
function unsafeWadMul(int256 x, int256 y) pure returns (int256 r) {
/// @solidity memory-safe-assembly
assembly {
// Multiply x by y and divide by 1e18.
r := sdiv(mul(x, y), 1000000000000000000)
}
}
/// @dev Will return 0 instead of reverting if y is zero and will
/// not revert on overflow, only use where overflow is not possible.
function unsafeWadDiv(int256 x, int256 y) pure returns (int256 r) {
/// @solidity memory-safe-assembly
assembly {
// Multiply x by 1e18 and divide it by y.
r := sdiv(mul(x, 1000000000000000000), y)
}
}
function wadMul(int256 x, int256 y) pure returns (int256 r) {
/// @solidity memory-safe-assembly
assembly {
// Store x * y in r for now.
r := mul(x, y)
// Combined overflow check (`x == 0 || (x * y) / x == y`) and edge case check
// where x == -1 and y == type(int256).min, for y == -1 and x == min int256,
// the second overflow check will catch this.
// See: https://secure-contracts.com/learn_evm/arithmetic-checks.html#arithmetic-checks-for-int256-multiplication
// Combining into 1 expression saves gas as resulting bytecode will only have 1 `JUMPI`
// rather than 2.
if iszero(
and(
or(iszero(x), eq(sdiv(r, x), y)),
or(lt(x, not(0)), sgt(y, 0x8000000000000000000000000000000000000000000000000000000000000000))
)
) {
revert(0, 0)
}
// Scale the result down by 1e18.
r := sdiv(r, 1000000000000000000)
}
}
function wadDiv(int256 x, int256 y) pure returns (int256 r) {
/// @solidity memory-safe-assembly
assembly {
// Store x * 1e18 in r for now.
r := mul(x, 1000000000000000000)
// Equivalent to require(y != 0 && ((x * 1e18) / 1e18 == x))
if iszero(and(iszero(iszero(y)), eq(sdiv(r, 1000000000000000000), x))) {
revert(0, 0)
}
// Divide r by y.
r := sdiv(r, y)
}
}
/// @dev Will not work with negative bases, only use when x is positive.
function wadPow(int256 x, int256 y) pure returns (int256) {
// Equivalent to x to the power of y because x ** y = (e ** ln(x)) ** y = e ** (ln(x) * y)
return wadExp((wadLn(x) * y) / 1e18); // Using ln(x) means x must be greater than 0.
}
function wadExp(int256 x) pure returns (int256 r) {
unchecked {
// When the result is < 0.5 we return zero. This happens when
// x <= floor(log(0.5e18) * 1e18) ~ -42e18
if (x <= -42139678854452767551) return 0;
// When the result is > (2**255 - 1) / 1e18 we can not represent it as an
// int. This happens when x >= floor(log((2**255 - 1) / 1e18) * 1e18) ~ 135.
if (x >= 135305999368893231589) revert("EXP_OVERFLOW");
// x is now in the range (-42, 136) * 1e18. Convert to (-42, 136) * 2**96
// for more intermediate precision and a binary basis. This base conversion
// is a multiplication by 1e18 / 2**96 = 5**18 / 2**78.
x = (x << 78) / 5**18;
// Reduce range of x to (-½ ln 2, ½ ln 2) * 2**96 by factoring out powers
// of two such that exp(x) = exp(x') * 2**k, where k is an integer.
// Solving this gives k = round(x / log(2)) and x' = x - k * log(2).
int256 k = ((x << 96) / 54916777467707473351141471128 + 2**95) >> 96;
x = x - k * 54916777467707473351141471128;
// k is in the range [-61, 195].
// Evaluate using a (6, 7)-term rational approximation.
// p is made monic, we'll multiply by a scale factor later.
int256 y = x + 1346386616545796478920950773328;
y = ((y * x) >> 96) + 57155421227552351082224309758442;
int256 p = y + x - 94201549194550492254356042504812;
p = ((p * y) >> 96) + 28719021644029726153956944680412240;
p = p * x + (4385272521454847904659076985693276 << 96);
// We leave p in 2**192 basis so we don't need to scale it back up for the division.
int256 q = x - 2855989394907223263936484059900;
q = ((q * x) >> 96) + 50020603652535783019961831881945;
q = ((q * x) >> 96) - 533845033583426703283633433725380;
q = ((q * x) >> 96) + 3604857256930695427073651918091429;
q = ((q * x) >> 96) - 14423608567350463180887372962807573;
q = ((q * x) >> 96) + 26449188498355588339934803723976023;
/// @solidity memory-safe-assembly
assembly {
// Div in assembly because solidity adds a zero check despite the unchecked.
// The q polynomial won't have zeros in the domain as all its roots are complex.
// No scaling is necessary because p is already 2**96 too large.
r := sdiv(p, q)
}
// r should be in the range (0.09, 0.25) * 2**96.
// We now need to multiply r by:
// * the scale factor s = ~6.031367120.
// * the 2**k factor from the range reduction.
// * the 1e18 / 2**96 factor for base conversion.
// We do this all at once, with an intermediate result in 2**213
// basis, so the final right shift is always by a positive amount.
r = int256((uint256(r) * 3822833074963236453042738258902158003155416615667) >> uint256(195 - k));
}
}
function wadLn(int256 x) pure returns (int256 r) {
unchecked {
require(x > 0, "UNDEFINED");
// We want to convert x from 10**18 fixed point to 2**96 fixed point.
// We do this by multiplying by 2**96 / 10**18. But since
// ln(x * C) = ln(x) + ln(C), we can simply do nothing here
// and add ln(2**96 / 10**18) at the end.
/// @solidity memory-safe-assembly
assembly {
r := shl(7, lt(0xffffffffffffffffffffffffffffffff, x))
r := or(r, shl(6, lt(0xffffffffffffffff, shr(r, x))))
r := or(r, shl(5, lt(0xffffffff, shr(r, x))))
r := or(r, shl(4, lt(0xffff, shr(r, x))))
r := or(r, shl(3, lt(0xff, shr(r, x))))
r := or(r, shl(2, lt(0xf, shr(r, x))))
r := or(r, shl(1, lt(0x3, shr(r, x))))
r := or(r, lt(0x1, shr(r, x)))
}
// Reduce range of x to (1, 2) * 2**96
// ln(2^k * x) = k * ln(2) + ln(x)
int256 k = r - 96;
x <<= uint256(159 - k);
x = int256(uint256(x) >> 159);
// Evaluate using a (8, 8)-term rational approximation.
// p is made monic, we will multiply by a scale factor later.
int256 p = x + 3273285459638523848632254066296;
p = ((p * x) >> 96) + 24828157081833163892658089445524;
p = ((p * x) >> 96) + 43456485725739037958740375743393;
p = ((p * x) >> 96) - 11111509109440967052023855526967;
p = ((p * x) >> 96) - 45023709667254063763336534515857;
p = ((p * x) >> 96) - 14706773417378608786704636184526;
p = p * x - (795164235651350426258249787498 << 96);
// We leave p in 2**192 basis so we don't need to scale it back up for the division.
// q is monic by convention.
int256 q = x + 5573035233440673466300451813936;
q = ((q * x) >> 96) + 71694874799317883764090561454958;
q = ((q * x) >> 96) + 283447036172924575727196451306956;
q = ((q * x) >> 96) + 401686690394027663651624208769553;
q = ((q * x) >> 96) + 204048457590392012362485061816622;
q = ((q * x) >> 96) + 31853899698501571402653359427138;
q = ((q * x) >> 96) + 909429971244387300277376558375;
/// @solidity memory-safe-assembly
assembly {
// Div in assembly because solidity adds a zero check despite the unchecked.
// The q polynomial is known not to have zeros in the domain.
// No scaling required because p is already 2**96 too large.
r := sdiv(p, q)
}
// r is in the range (0, 0.125) * 2**96
// Finalization, we need to:
// * multiply by the scale factor s = 5.549…
// * add ln(2**96 / 10**18)
// * add k * ln(2)
// * multiply by 10**18 / 2**96 = 5**18 >> 78
// mul s * 5e18 * 2**96, base is now 5**18 * 2**192
r *= 1677202110996718588342820967067443963516166;
// add ln(2) * k * 5e18 * 2**192
r += 16597577552685614221487285958193947469193820559219878177908093499208371 * k;
// add ln(2**96 / 10**18) * 5e18 * 2**192
r += 600920179829731861736702779321621459595472258049074101567377883020018308;
// base conversion: mul 2**18 / 2**192
r >>= 174;
}
}
/// @dev Will return 0 instead of reverting if y is zero.
function unsafeDiv(int256 x, int256 y) pure returns (int256 r) {
/// @solidity memory-safe-assembly
assembly {
// Divide x by y.
r := sdiv(x, y)
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (token/ERC20/extensions/IERC20Metadata.sol)
pragma solidity ^0.8.0;
import "../IERC20.sol";
/**
* @dev Interface for the optional metadata functions from the ERC20 standard.
*
* _Available since v4.1._
*/
interface IERC20Metadata is IERC20 {
/**
* @dev Returns the name of the token.
*/
function name() external view returns (string memory);
/**
* @dev Returns the symbol of the token.
*/
function symbol() external view returns (string memory);
/**
* @dev Returns the decimals places of the token.
*/
function decimals() external view returns (uint8);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)
pragma solidity ^0.8.0;
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract Context {
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/extensions/ERC20Permit.sol)
pragma solidity ^0.8.0;
import "./IERC20Permit.sol";
import "../ERC20.sol";
import "../../../utils/cryptography/ECDSA.sol";
import "../../../utils/cryptography/EIP712.sol";
import "../../../utils/Counters.sol";
/**
* @dev Implementation of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
* https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
*
* Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
* presenting a message signed by the account. By not relying on `{IERC20-approve}`, the token holder account doesn't
* need to send a transaction, and thus is not required to hold Ether at all.
*
* _Available since v3.4._
*/
abstract contract ERC20Permit is ERC20, IERC20Permit, EIP712 {
using Counters for Counters.Counter;
mapping(address => Counters.Counter) private _nonces;
// solhint-disable-next-line var-name-mixedcase
bytes32 private constant _PERMIT_TYPEHASH =
keccak256("Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)");
/**
* @dev In previous versions `_PERMIT_TYPEHASH` was declared as `immutable`.
* However, to ensure consistency with the upgradeable transpiler, we will continue
* to reserve a slot.
* @custom:oz-renamed-from _PERMIT_TYPEHASH
*/
// solhint-disable-next-line var-name-mixedcase
bytes32 private _PERMIT_TYPEHASH_DEPRECATED_SLOT;
/**
* @dev Initializes the {EIP712} domain separator using the `name` parameter, and setting `version` to `"1"`.
*
* It's a good idea to use the same `name` that is defined as the ERC20 token name.
*/
constructor(string memory name) EIP712(name, "1") {}
/**
* @dev See {IERC20Permit-permit}.
*/
function permit(
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) public virtual override {
require(block.timestamp <= deadline, "ERC20Permit: expired deadline");
bytes32 structHash = keccak256(abi.encode(_PERMIT_TYPEHASH, owner, spender, value, _useNonce(owner), deadline));
bytes32 hash = _hashTypedDataV4(structHash);
address signer = ECDSA.recover(hash, v, r, s);
require(signer == owner, "ERC20Permit: invalid signature");
_approve(owner, spender, value);
}
/**
* @dev See {IERC20Permit-nonces}.
*/
function nonces(address owner) public view virtual override returns (uint256) {
return _nonces[owner].current();
}
/**
* @dev See {IERC20Permit-DOMAIN_SEPARATOR}.
*/
// solhint-disable-next-line func-name-mixedcase
function DOMAIN_SEPARATOR() external view override returns (bytes32) {
return _domainSeparatorV4();
}
/**
* @dev "Consume a nonce": return the current value and increment.
*
* _Available since v4.1._
*/
function _useNonce(address owner) internal virtual returns (uint256 current) {
Counters.Counter storage nonce = _nonces[owner];
current = nonce.current();
nonce.increment();
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (interfaces/IERC5805.sol)
pragma solidity ^0.8.0;
import "../governance/utils/IVotes.sol";
import "./IERC6372.sol";
interface IERC5805 is IERC6372, IVotes {}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/math/Math.sol)
pragma solidity ^0.8.0;
/**
* @dev Standard math utilities missing in the Solidity language.
*/
library Math {
enum Rounding {
Down, // Toward negative infinity
Up, // Toward infinity
Zero // Toward zero
}
/**
* @dev Returns the largest of two numbers.
*/
function max(uint256 a, uint256 b) internal pure returns (uint256) {
return a > b ? a : b;
}
/**
* @dev Returns the smallest of two numbers.
*/
function min(uint256 a, uint256 b) internal pure returns (uint256) {
return a < b ? a : b;
}
/**
* @dev Returns the average of two numbers. The result is rounded towards
* zero.
*/
function average(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b) / 2 can overflow.
return (a & b) + (a ^ b) / 2;
}
/**
* @dev Returns the ceiling of the division of two numbers.
*
* This differs from standard division with `/` in that it rounds up instead
* of rounding down.
*/
function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b - 1) / b can overflow on addition, so we distribute.
return a == 0 ? 0 : (a - 1) / b + 1;
}
/**
* @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or denominator == 0
* @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv)
* with further edits by Uniswap Labs also under MIT license.
*/
function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {
unchecked {
// 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use
// use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256
// variables such that product = prod1 * 2^256 + prod0.
uint256 prod0; // Least significant 256 bits of the product
uint256 prod1; // Most significant 256 bits of the product
assembly {
let mm := mulmod(x, y, not(0))
prod0 := mul(x, y)
prod1 := sub(sub(mm, prod0), lt(mm, prod0))
}
// Handle non-overflow cases, 256 by 256 division.
if (prod1 == 0) {
// Solidity will revert if denominator == 0, unlike the div opcode on its own.
// The surrounding unchecked block does not change this fact.
// See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.
return prod0 / denominator;
}
// Make sure the result is less than 2^256. Also prevents denominator == 0.
require(denominator > prod1, "Math: mulDiv overflow");
///////////////////////////////////////////////
// 512 by 256 division.
///////////////////////////////////////////////
// Make division exact by subtracting the remainder from [prod1 prod0].
uint256 remainder;
assembly {
// Compute remainder using mulmod.
remainder := mulmod(x, y, denominator)
// Subtract 256 bit number from 512 bit number.
prod1 := sub(prod1, gt(remainder, prod0))
prod0 := sub(prod0, remainder)
}
// Factor powers of two out of denominator and compute largest power of two divisor of denominator. Always >= 1.
// See https://cs.stackexchange.com/q/138556/92363.
// Does not overflow because the denominator cannot be zero at this stage in the function.
uint256 twos = denominator & (~denominator + 1);
assembly {
// Divide denominator by twos.
denominator := div(denominator, twos)
// Divide [prod1 prod0] by twos.
prod0 := div(prod0, twos)
// Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.
twos := add(div(sub(0, twos), twos), 1)
}
// Shift in bits from prod1 into prod0.
prod0 |= prod1 * twos;
// Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such
// that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for
// four bits. That is, denominator * inv = 1 mod 2^4.
uint256 inverse = (3 * denominator) ^ 2;
// Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also works
// in modular arithmetic, doubling the correct bits in each step.
inverse *= 2 - denominator * inverse; // inverse mod 2^8
inverse *= 2 - denominator * inverse; // inverse mod 2^16
inverse *= 2 - denominator * inverse; // inverse mod 2^32
inverse *= 2 - denominator * inverse; // inverse mod 2^64
inverse *= 2 - denominator * inverse; // inverse mod 2^128
inverse *= 2 - denominator * inverse; // inverse mod 2^256
// Because the division is now exact we can divide by multiplying with the modular inverse of denominator.
// This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is
// less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1
// is no longer required.
result = prod0 * inverse;
return result;
}
}
/**
* @notice Calculates x * y / denominator with full precision, following the selected rounding direction.
*/
function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {
uint256 result = mulDiv(x, y, denominator);
if (rounding == Rounding.Up && mulmod(x, y, denominator) > 0) {
result += 1;
}
return result;
}
/**
* @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded down.
*
* Inspired by Henry S. Warren, Jr.'s "Hacker's Delight" (Chapter 11).
*/
function sqrt(uint256 a) internal pure returns (uint256) {
if (a == 0) {
return 0;
}
// For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.
//
// We know that the "msb" (most significant bit) of our target number `a` is a power of 2 such that we have
// `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.
//
// This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`
// → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`
// → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`
//
// Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.
uint256 result = 1 << (log2(a) >> 1);
// At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,
// since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at
// every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision
// into the expected uint128 result.
unchecked {
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
return min(result, a / result);
}
}
/**
* @notice Calculates sqrt(a), following the selected rounding direction.
*/
function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = sqrt(a);
return result + (rounding == Rounding.Up && result * result < a ? 1 : 0);
}
}
/**
* @dev Return the log in base 2, rounded down, of a positive value.
* Returns 0 if given 0.
*/
function log2(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >> 128 > 0) {
value >>= 128;
result += 128;
}
if (value >> 64 > 0) {
value >>= 64;
result += 64;
}
if (value >> 32 > 0) {
value >>= 32;
result += 32;
}
if (value >> 16 > 0) {
value >>= 16;
result += 16;
}
if (value >> 8 > 0) {
value >>= 8;
result += 8;
}
if (value >> 4 > 0) {
value >>= 4;
result += 4;
}
if (value >> 2 > 0) {
value >>= 2;
result += 2;
}
if (value >> 1 > 0) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 2, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log2(value);
return result + (rounding == Rounding.Up && 1 << result < value ? 1 : 0);
}
}
/**
* @dev Return the log in base 10, rounded down, of a positive value.
* Returns 0 if given 0.
*/
function log10(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >= 10 ** 64) {
value /= 10 ** 64;
result += 64;
}
if (value >= 10 ** 32) {
value /= 10 ** 32;
result += 32;
}
if (value >= 10 ** 16) {
value /= 10 ** 16;
result += 16;
}
if (value >= 10 ** 8) {
value /= 10 ** 8;
result += 8;
}
if (value >= 10 ** 4) {
value /= 10 ** 4;
result += 4;
}
if (value >= 10 ** 2) {
value /= 10 ** 2;
result += 2;
}
if (value >= 10 ** 1) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 10, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log10(value);
return result + (rounding == Rounding.Up && 10 ** result < value ? 1 : 0);
}
}
/**
* @dev Return the log in base 256, rounded down, of a positive value.
* Returns 0 if given 0.
*
* Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.
*/
function log256(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >> 128 > 0) {
value >>= 128;
result += 16;
}
if (value >> 64 > 0) {
value >>= 64;
result += 8;
}
if (value >> 32 > 0) {
value >>= 32;
result += 4;
}
if (value >> 16 > 0) {
value >>= 16;
result += 2;
}
if (value >> 8 > 0) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 256, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log256(value);
return result + (rounding == Rounding.Up && 1 << (result << 3) < value ? 1 : 0);
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/ECDSA.sol)
pragma solidity ^0.8.0;
import "../Strings.sol";
/**
* @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.
*
* These functions can be used to verify that a message was signed by the holder
* of the private keys of a given address.
*/
library ECDSA {
enum RecoverError {
NoError,
InvalidSignature,
InvalidSignatureLength,
InvalidSignatureS,
InvalidSignatureV // Deprecated in v4.8
}
function _throwError(RecoverError error) private pure {
if (error == RecoverError.NoError) {
return; // no error: do nothing
} else if (error == RecoverError.InvalidSignature) {
revert("ECDSA: invalid signature");
} else if (error == RecoverError.InvalidSignatureLength) {
revert("ECDSA: invalid signature length");
} else if (error == RecoverError.InvalidSignatureS) {
revert("ECDSA: invalid signature 's' value");
}
}
/**
* @dev Returns the address that signed a hashed message (`hash`) with
* `signature` or error string. This address can then be used for verification purposes.
*
* The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:
* this function rejects them by requiring the `s` value to be in the lower
* half order, and the `v` value to be either 27 or 28.
*
* IMPORTANT: `hash` _must_ be the result of a hash operation for the
* verification to be secure: it is possible to craft signatures that
* recover to arbitrary addresses for non-hashed data. A safe way to ensure
* this is by receiving a hash of the original message (which may otherwise
* be too long), and then calling {toEthSignedMessageHash} on it.
*
* Documentation for signature generation:
* - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]
* - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]
*
* _Available since v4.3._
*/
function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError) {
if (signature.length == 65) {
bytes32 r;
bytes32 s;
uint8 v;
// ecrecover takes the signature parameters, and the only way to get them
// currently is to use assembly.
/// @solidity memory-safe-assembly
assembly {
r := mload(add(signature, 0x20))
s := mload(add(signature, 0x40))
v := byte(0, mload(add(signature, 0x60)))
}
return tryRecover(hash, v, r, s);
} else {
return (address(0), RecoverError.InvalidSignatureLength);
}
}
/**
* @dev Returns the address that signed a hashed message (`hash`) with
* `signature`. This address can then be used for verification purposes.
*
* The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:
* this function rejects them by requiring the `s` value to be in the lower
* half order, and the `v` value to be either 27 or 28.
*
* IMPORTANT: `hash` _must_ be the result of a hash operation for the
* verification to be secure: it is possible to craft signatures that
* recover to arbitrary addresses for non-hashed data. A safe way to ensure
* this is by receiving a hash of the original message (which may otherwise
* be too long), and then calling {toEthSignedMessageHash} on it.
*/
function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {
(address recovered, RecoverError error) = tryRecover(hash, signature);
_throwError(error);
return recovered;
}
/**
* @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.
*
* See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures]
*
* _Available since v4.3._
*/
function tryRecover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address, RecoverError) {
bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);
uint8 v = uint8((uint256(vs) >> 255) + 27);
return tryRecover(hash, v, r, s);
}
/**
* @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.
*
* _Available since v4.2._
*/
function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {
(address recovered, RecoverError error) = tryRecover(hash, r, vs);
_throwError(error);
return recovered;
}
/**
* @dev Overload of {ECDSA-tryRecover} that receives the `v`,
* `r` and `s` signature fields separately.
*
* _Available since v4.3._
*/
function tryRecover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address, RecoverError) {
// EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature
// unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
// the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most
// signatures from current libraries generate a unique signature with an s-value in the lower half order.
//
// If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value
// with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or
// vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept
// these malleable signatures as well.
if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
return (address(0), RecoverError.InvalidSignatureS);
}
// If the signature is valid (and not malleable), return the signer address
address signer = ecrecover(hash, v, r, s);
if (signer == address(0)) {
return (address(0), RecoverError.InvalidSignature);
}
return (signer, RecoverError.NoError);
}
/**
* @dev Overload of {ECDSA-recover} that receives the `v`,
* `r` and `s` signature fields separately.
*/
function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {
(address recovered, RecoverError error) = tryRecover(hash, v, r, s);
_throwError(error);
return recovered;
}
/**
* @dev Returns an Ethereum Signed Message, created from a `hash`. This
* produces hash corresponding to the one signed with the
* https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]
* JSON-RPC method as part of EIP-191.
*
* See {recover}.
*/
function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32 message) {
// 32 is the length in bytes of hash,
// enforced by the type signature above
/// @solidity memory-safe-assembly
assembly {
mstore(0x00, "\x19Ethereum Signed Message:\n32")
mstore(0x1c, hash)
message := keccak256(0x00, 0x3c)
}
}
/**
* @dev Returns an Ethereum Signed Message, created from `s`. This
* produces hash corresponding to the one signed with the
* https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]
* JSON-RPC method as part of EIP-191.
*
* See {recover}.
*/
function toEthSignedMessageHash(bytes memory s) internal pure returns (bytes32) {
return keccak256(abi.encodePacked("\x19Ethereum Signed Message:\n", Strings.toString(s.length), s));
}
/**
* @dev Returns an Ethereum Signed Typed Data, created from a
* `domainSeparator` and a `structHash`. This produces hash corresponding
* to the one signed with the
* https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`]
* JSON-RPC method as part of EIP-712.
*
* See {recover}.
*/
function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 data) {
/// @solidity memory-safe-assembly
assembly {
let ptr := mload(0x40)
mstore(ptr, "\x19\x01")
mstore(add(ptr, 0x02), domainSeparator)
mstore(add(ptr, 0x22), structHash)
data := keccak256(ptr, 0x42)
}
}
/**
* @dev Returns an Ethereum Signed Data with intended validator, created from a
* `validator` and `data` according to the version 0 of EIP-191.
*
* See {recover}.
*/
function toDataWithIntendedValidatorHash(address validator, bytes memory data) internal pure returns (bytes32) {
return keccak256(abi.encodePacked("\x19\x00", validator, data));
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (proxy/beacon/IBeacon.sol)
pragma solidity ^0.8.0;
/**
* @dev This is the interface that {BeaconProxy} expects of its beacon.
*/
interface IBeaconUpgradeable {
/**
* @dev Must return an address that can be used as a delegate call target.
*
* {BeaconProxy} will check that this address is a contract.
*/
function implementation() external view returns (address);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (interfaces/IERC1967.sol)
pragma solidity ^0.8.0;
/**
* @dev ERC-1967: Proxy Storage Slots. This interface contains the events defined in the ERC.
*
* _Available since v4.8.3._
*/
interface IERC1967Upgradeable {
/**
* @dev Emitted when the implementation is upgraded.
*/
event Upgraded(address indexed implementation);
/**
* @dev Emitted when the admin account has changed.
*/
event AdminChanged(address previousAdmin, address newAdmin);
/**
* @dev Emitted when the beacon is changed.
*/
event BeaconUpgraded(address indexed beacon);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/StorageSlot.sol)
// This file was procedurally generated from scripts/generate/templates/StorageSlot.js.
pragma solidity ^0.8.0;
/**
* @dev Library for reading and writing primitive types to specific storage slots.
*
* Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.
* This library helps with reading and writing to such slots without the need for inline assembly.
*
* The functions in this library return Slot structs that contain a `value` member that can be used to read or write.
*
* Example usage to set ERC1967 implementation slot:
* ```solidity
* contract ERC1967 {
* bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
*
* function _getImplementation() internal view returns (address) {
* return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
* }
*
* function _setImplementation(address newImplementation) internal {
* require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract");
* StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
* }
* }
* ```
*
* _Available since v4.1 for `address`, `bool`, `bytes32`, `uint256`._
* _Available since v4.9 for `string`, `bytes`._
*/
library StorageSlotUpgradeable {
struct AddressSlot {
address value;
}
struct BooleanSlot {
bool value;
}
struct Bytes32Slot {
bytes32 value;
}
struct Uint256Slot {
uint256 value;
}
struct StringSlot {
string value;
}
struct BytesSlot {
bytes value;
}
/**
* @dev Returns an `AddressSlot` with member `value` located at `slot`.
*/
function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `BooleanSlot` with member `value` located at `slot`.
*/
function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Bytes32Slot` with member `value` located at `slot`.
*/
function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Uint256Slot` with member `value` located at `slot`.
*/
function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `StringSlot` with member `value` located at `slot`.
*/
function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `StringSlot` representation of the string storage pointer `store`.
*/
function getStringSlot(string storage store) internal pure returns (StringSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := store.slot
}
}
/**
* @dev Returns an `BytesSlot` with member `value` located at `slot`.
*/
function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`.
*/
function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := store.slot
}
}
}pragma solidity >=0.8.4;
interface ENS {
// Logged when the owner of a node assigns a new owner to a subnode.
event NewOwner(bytes32 indexed node, bytes32 indexed label, address owner);
// Logged when the owner of a node transfers ownership to a new account.
event Transfer(bytes32 indexed node, address owner);
// Logged when the resolver for a node changes.
event NewResolver(bytes32 indexed node, address resolver);
// Logged when the TTL of a node changes
event NewTTL(bytes32 indexed node, uint64 ttl);
// Logged when an operator is added or removed.
event ApprovalForAll(address indexed owner, address indexed operator, bool approved);
function setRecord(bytes32 node, address owner, address resolver, uint64 ttl) external virtual;
function setSubnodeRecord(bytes32 node, bytes32 label, address owner, address resolver, uint64 ttl) external virtual;
function setSubnodeOwner(bytes32 node, bytes32 label, address owner) external virtual returns(bytes32);
function setResolver(bytes32 node, address resolver) external virtual;
function setOwner(bytes32 node, address owner) external virtual;
function setTTL(bytes32 node, uint64 ttl) external virtual;
function setApprovalForAll(address operator, bool approved) external virtual;
function owner(bytes32 node) external virtual view returns (address);
function resolver(bytes32 node) external virtual view returns (address);
function ttl(bytes32 node) external virtual view returns (uint64);
function recordExists(bytes32 node) external virtual view returns (bool);
function isApprovedForAll(address owner, address operator) external virtual view returns (bool);
}//SPDX-License-Identifier: MIT
pragma solidity >=0.8.4;
import "./profiles/IABIResolver.sol";
import "./profiles/IAddressResolver.sol";
import "./profiles/IAddrResolver.sol";
import "./profiles/IContentHashResolver.sol";
import "./profiles/IDNSRecordResolver.sol";
import "./profiles/IDNSZoneResolver.sol";
import "./profiles/IInterfaceResolver.sol";
import "./profiles/INameResolver.sol";
import "./profiles/IPubkeyResolver.sol";
import "./profiles/ITextResolver.sol";
import "./ISupportsInterface.sol";
/**
* A generic resolver interface which includes all the functions including the ones deprecated
*/
interface Resolver is ISupportsInterface, IABIResolver, IAddressResolver, IAddrResolver, IContentHashResolver, IDNSRecordResolver, IDNSZoneResolver, IInterfaceResolver, INameResolver, IPubkeyResolver, ITextResolver {
/* Deprecated events */
event ContentChanged(bytes32 indexed node, bytes32 hash);
function setABI(bytes32 node, uint256 contentType, bytes calldata data) external;
function setAddr(bytes32 node, address addr) external;
function setAddr(bytes32 node, uint coinType, bytes calldata a) external;
function setContenthash(bytes32 node, bytes calldata hash) external;
function setDnsrr(bytes32 node, bytes calldata data) external;
function setName(bytes32 node, string calldata _name) external;
function setPubkey(bytes32 node, bytes32 x, bytes32 y) external;
function setText(bytes32 node, string calldata key, string calldata value) external;
function setInterface(bytes32 node, bytes4 interfaceID, address implementer) external;
function multicall(bytes[] calldata data) external returns(bytes[] memory results);
/* Deprecated functions */
function content(bytes32 node) external view returns (bytes32);
function multihash(bytes32 node) external view returns (bytes memory);
function setContent(bytes32 node, bytes32 hash) external;
function setMultihash(bytes32 node, bytes calldata hash) external;
}/// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import {ILockedBalanceIncreasing} from "@escrow/IVotingEscrowIncreasing.sol";
/*///////////////////////////////////////////////////////////////
Token Curve
//////////////////////////////////////////////////////////////*/
interface IEscrowCurveTokenStorage {
/// @notice Captures the shape of the user's voting curve at a specific point in time
/// @param bias The y intercept of the user's voting curve at the given time
/// @param checkpointTs The checkpoint when the user voting curve is/was/will be updated
/// @param writtenTs The timestamp at which we locked the checkpoint
/// @param coefficients The coefficients of the curve, supports up to quadratic curves.
/// @dev Coefficients are stored in the following order: [constant, linear, quadratic]
/// and not all coefficients are used for all curves.
struct TokenPoint {
uint256 bias;
uint128 checkpointTs;
uint128 writtenTs;
int256[3] coefficients;
}
}
interface IEscrowCurveToken is IEscrowCurveTokenStorage {
/// @notice returns the token point at time `timestamp`
function tokenPointIntervals(uint256 timestamp) external view returns (uint256);
/// @notice Returns the TokenPoint at the passed epoch
/// @param _tokenId The NFT to return the TokenPoint for
/// @param _loc The epoch to return the TokenPoint at
function tokenPointHistory(
uint256 _tokenId,
uint256 _loc
) external view returns (TokenPoint memory);
}
/*///////////////////////////////////////////////////////////////
Core Functions
//////////////////////////////////////////////////////////////*/
interface IEscrowCurveErrorsAndEvents {
error InvalidTokenId();
error InvalidCheckpoint();
error OnlyEscrow();
error CheckpointOnDepositIntervalNotAllowed();
error InvalidLocks(
uint256 tokenId,
ILockedBalanceIncreasing.LockedBalance fromLocked,
ILockedBalanceIncreasing.LockedBalance newLocked
);
}
interface IEscrowCurveCore is IEscrowCurveErrorsAndEvents {
/// @notice Get the current voting power for `_tokenId`
/// @dev Adheres to the ERC20 `balanceOf` interface for Aragon compatibility
/// Fetches last token point prior to a certain timestamp, then walks forward to timestamp.
/// @param _tokenId NFT for lock
/// @param _t Epoch time to return voting power at
/// @return Token voting power
function votingPowerAt(uint256 _tokenId, uint256 _t) external view returns (uint256);
/// @notice Calculate total voting power at some point in the past
/// @param _t Time to calculate the total voting power at
/// @return Total voting power at that time
function supplyAt(uint256 _t) external view returns (uint256);
/// @notice Writes a snapshot of voting power at the current epoch
/// @param _tokenId Snapshot a specific token
/// @param _oldLocked The token's previous locked balance
/// @param _newLocked The token's new locked balance
function checkpoint(
uint256 _tokenId,
ILockedBalanceIncreasing.LockedBalance memory _oldLocked,
ILockedBalanceIncreasing.LockedBalance memory _newLocked
) external;
}
interface IEscrowCurveMath {
/// @notice Preview the curve coefficients for curves up to quadratic.
/// @param amount The amount of tokens to calculate the coefficients for - given a fixed algebraic representation
/// @return coefficients in the form [constant, linear, quadratic]
/// @dev Not all coefficients are used for all curves
function getCoefficients(uint256 amount) external view returns (int256[3] memory coefficients);
/// @notice Bias is the token's voting weight
function getBias(uint256 timeElapsed, uint256 amount) external view returns (uint256 bias);
}
/*///////////////////////////////////////////////////////////////
WARMUP CURVE
//////////////////////////////////////////////////////////////*/
interface IWarmupEvents {
event WarmupSet(uint48 warmup);
}
interface IWarmup is IWarmupEvents {
/// @notice Set the warmup period for the curve
function setWarmupPeriod(uint48 _warmup) external;
/// @notice the warmup period for the curve
function warmupPeriod() external view returns (uint48);
/// @notice check if the curve is past the warming period
function isWarm(uint256 _tokenId) external view returns (bool);
}
/*///////////////////////////////////////////////////////////////
INCREASING CURVE
//////////////////////////////////////////////////////////////*/
/// @dev first version only accounts for token-level point histories
interface IEscrowCurveIncreasing is
IEscrowCurveCore,
IEscrowCurveMath,
IEscrowCurveToken,
IWarmup
{}// SPDX-License-Identifier: AGPL-3.0-only
pragma solidity ^0.8.0;
interface IDeprecated {
/// @notice This function is deprecated and should not be used.
error Deprecated();
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/extensions/IERC20Permit.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
* https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
*
* Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
* presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't
* need to send a transaction, and thus is not required to hold Ether at all.
*/
interface IERC20Permit {
/**
* @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,
* given ``owner``'s signed approval.
*
* IMPORTANT: The same issues {IERC20-approve} has related to transaction
* ordering also apply here.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `spender` cannot be the zero address.
* - `deadline` must be a timestamp in the future.
* - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`
* over the EIP712-formatted function arguments.
* - the signature must use ``owner``'s current nonce (see {nonces}).
*
* For more information on the signature format, see the
* https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP
* section].
*/
function permit(
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) external;
/**
* @dev Returns the current nonce for `owner`. This value must be
* included whenever a signature is generated for {permit}.
*
* Every successful call to {permit} increases ``owner``'s nonce by one. This
* prevents a signature from being used multiple times.
*/
function nonces(address owner) external view returns (uint256);
/**
* @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.
*/
// solhint-disable-next-line func-name-mixedcase
function DOMAIN_SEPARATOR() external view returns (bytes32);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC721/ERC721.sol)
pragma solidity ^0.8.0;
import "./IERC721Upgradeable.sol";
import "./IERC721ReceiverUpgradeable.sol";
import "./extensions/IERC721MetadataUpgradeable.sol";
import "../../utils/AddressUpgradeable.sol";
import "../../utils/ContextUpgradeable.sol";
import "../../utils/StringsUpgradeable.sol";
import "../../utils/introspection/ERC165Upgradeable.sol";
import "../../proxy/utils/Initializable.sol";
/**
* @dev Implementation of https://eips.ethereum.org/EIPS/eip-721[ERC721] Non-Fungible Token Standard, including
* the Metadata extension, but not including the Enumerable extension, which is available separately as
* {ERC721Enumerable}.
*/
contract ERC721Upgradeable is Initializable, ContextUpgradeable, ERC165Upgradeable, IERC721Upgradeable, IERC721MetadataUpgradeable {
using AddressUpgradeable for address;
using StringsUpgradeable for uint256;
// Token name
string private _name;
// Token symbol
string private _symbol;
// Mapping from token ID to owner address
mapping(uint256 => address) private _owners;
// Mapping owner address to token count
mapping(address => uint256) private _balances;
// Mapping from token ID to approved address
mapping(uint256 => address) private _tokenApprovals;
// Mapping from owner to operator approvals
mapping(address => mapping(address => bool)) private _operatorApprovals;
/**
* @dev Initializes the contract by setting a `name` and a `symbol` to the token collection.
*/
function __ERC721_init(string memory name_, string memory symbol_) internal onlyInitializing {
__ERC721_init_unchained(name_, symbol_);
}
function __ERC721_init_unchained(string memory name_, string memory symbol_) internal onlyInitializing {
_name = name_;
_symbol = symbol_;
}
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override(ERC165Upgradeable, IERC165Upgradeable) returns (bool) {
return
interfaceId == type(IERC721Upgradeable).interfaceId ||
interfaceId == type(IERC721MetadataUpgradeable).interfaceId ||
super.supportsInterface(interfaceId);
}
/**
* @dev See {IERC721-balanceOf}.
*/
function balanceOf(address owner) public view virtual override returns (uint256) {
require(owner != address(0), "ERC721: address zero is not a valid owner");
return _balances[owner];
}
/**
* @dev See {IERC721-ownerOf}.
*/
function ownerOf(uint256 tokenId) public view virtual override returns (address) {
address owner = _ownerOf(tokenId);
require(owner != address(0), "ERC721: invalid token ID");
return owner;
}
/**
* @dev See {IERC721Metadata-name}.
*/
function name() public view virtual override returns (string memory) {
return _name;
}
/**
* @dev See {IERC721Metadata-symbol}.
*/
function symbol() public view virtual override returns (string memory) {
return _symbol;
}
/**
* @dev See {IERC721Metadata-tokenURI}.
*/
function tokenURI(uint256 tokenId) public view virtual override returns (string memory) {
_requireMinted(tokenId);
string memory baseURI = _baseURI();
return bytes(baseURI).length > 0 ? string(abi.encodePacked(baseURI, tokenId.toString())) : "";
}
/**
* @dev Base URI for computing {tokenURI}. If set, the resulting URI for each
* token will be the concatenation of the `baseURI` and the `tokenId`. Empty
* by default, can be overridden in child contracts.
*/
function _baseURI() internal view virtual returns (string memory) {
return "";
}
/**
* @dev See {IERC721-approve}.
*/
function approve(address to, uint256 tokenId) public virtual override {
address owner = ERC721Upgradeable.ownerOf(tokenId);
require(to != owner, "ERC721: approval to current owner");
require(
_msgSender() == owner || isApprovedForAll(owner, _msgSender()),
"ERC721: approve caller is not token owner or approved for all"
);
_approve(to, tokenId);
}
/**
* @dev See {IERC721-getApproved}.
*/
function getApproved(uint256 tokenId) public view virtual override returns (address) {
_requireMinted(tokenId);
return _tokenApprovals[tokenId];
}
/**
* @dev See {IERC721-setApprovalForAll}.
*/
function setApprovalForAll(address operator, bool approved) public virtual override {
_setApprovalForAll(_msgSender(), operator, approved);
}
/**
* @dev See {IERC721-isApprovedForAll}.
*/
function isApprovedForAll(address owner, address operator) public view virtual override returns (bool) {
return _operatorApprovals[owner][operator];
}
/**
* @dev See {IERC721-transferFrom}.
*/
function transferFrom(address from, address to, uint256 tokenId) public virtual override {
//solhint-disable-next-line max-line-length
require(_isApprovedOrOwner(_msgSender(), tokenId), "ERC721: caller is not token owner or approved");
_transfer(from, to, tokenId);
}
/**
* @dev See {IERC721-safeTransferFrom}.
*/
function safeTransferFrom(address from, address to, uint256 tokenId) public virtual override {
safeTransferFrom(from, to, tokenId, "");
}
/**
* @dev See {IERC721-safeTransferFrom}.
*/
function safeTransferFrom(address from, address to, uint256 tokenId, bytes memory data) public virtual override {
require(_isApprovedOrOwner(_msgSender(), tokenId), "ERC721: caller is not token owner or approved");
_safeTransfer(from, to, tokenId, data);
}
/**
* @dev Safely transfers `tokenId` token from `from` to `to`, checking first that contract recipients
* are aware of the ERC721 protocol to prevent tokens from being forever locked.
*
* `data` is additional data, it has no specified format and it is sent in call to `to`.
*
* This internal function is equivalent to {safeTransferFrom}, and can be used to e.g.
* implement alternative mechanisms to perform token transfer, such as signature-based.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must exist and be owned by `from`.
* - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.
*
* Emits a {Transfer} event.
*/
function _safeTransfer(address from, address to, uint256 tokenId, bytes memory data) internal virtual {
_transfer(from, to, tokenId);
require(_checkOnERC721Received(from, to, tokenId, data), "ERC721: transfer to non ERC721Receiver implementer");
}
/**
* @dev Returns the owner of the `tokenId`. Does NOT revert if token doesn't exist
*/
function _ownerOf(uint256 tokenId) internal view virtual returns (address) {
return _owners[tokenId];
}
/**
* @dev Returns whether `tokenId` exists.
*
* Tokens can be managed by their owner or approved accounts via {approve} or {setApprovalForAll}.
*
* Tokens start existing when they are minted (`_mint`),
* and stop existing when they are burned (`_burn`).
*/
function _exists(uint256 tokenId) internal view virtual returns (bool) {
return _ownerOf(tokenId) != address(0);
}
/**
* @dev Returns whether `spender` is allowed to manage `tokenId`.
*
* Requirements:
*
* - `tokenId` must exist.
*/
function _isApprovedOrOwner(address spender, uint256 tokenId) internal view virtual returns (bool) {
address owner = ERC721Upgradeable.ownerOf(tokenId);
return (spender == owner || isApprovedForAll(owner, spender) || getApproved(tokenId) == spender);
}
/**
* @dev Safely mints `tokenId` and transfers it to `to`.
*
* Requirements:
*
* - `tokenId` must not exist.
* - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.
*
* Emits a {Transfer} event.
*/
function _safeMint(address to, uint256 tokenId) internal virtual {
_safeMint(to, tokenId, "");
}
/**
* @dev Same as {xref-ERC721-_safeMint-address-uint256-}[`_safeMint`], with an additional `data` parameter which is
* forwarded in {IERC721Receiver-onERC721Received} to contract recipients.
*/
function _safeMint(address to, uint256 tokenId, bytes memory data) internal virtual {
_mint(to, tokenId);
require(
_checkOnERC721Received(address(0), to, tokenId, data),
"ERC721: transfer to non ERC721Receiver implementer"
);
}
/**
* @dev Mints `tokenId` and transfers it to `to`.
*
* WARNING: Usage of this method is discouraged, use {_safeMint} whenever possible
*
* Requirements:
*
* - `tokenId` must not exist.
* - `to` cannot be the zero address.
*
* Emits a {Transfer} event.
*/
function _mint(address to, uint256 tokenId) internal virtual {
require(to != address(0), "ERC721: mint to the zero address");
require(!_exists(tokenId), "ERC721: token already minted");
_beforeTokenTransfer(address(0), to, tokenId, 1);
// Check that tokenId was not minted by `_beforeTokenTransfer` hook
require(!_exists(tokenId), "ERC721: token already minted");
unchecked {
// Will not overflow unless all 2**256 token ids are minted to the same owner.
// Given that tokens are minted one by one, it is impossible in practice that
// this ever happens. Might change if we allow batch minting.
// The ERC fails to describe this case.
_balances[to] += 1;
}
_owners[tokenId] = to;
emit Transfer(address(0), to, tokenId);
_afterTokenTransfer(address(0), to, tokenId, 1);
}
/**
* @dev Destroys `tokenId`.
* The approval is cleared when the token is burned.
* This is an internal function that does not check if the sender is authorized to operate on the token.
*
* Requirements:
*
* - `tokenId` must exist.
*
* Emits a {Transfer} event.
*/
function _burn(uint256 tokenId) internal virtual {
address owner = ERC721Upgradeable.ownerOf(tokenId);
_beforeTokenTransfer(owner, address(0), tokenId, 1);
// Update ownership in case tokenId was transferred by `_beforeTokenTransfer` hook
owner = ERC721Upgradeable.ownerOf(tokenId);
// Clear approvals
delete _tokenApprovals[tokenId];
unchecked {
// Cannot overflow, as that would require more tokens to be burned/transferred
// out than the owner initially received through minting and transferring in.
_balances[owner] -= 1;
}
delete _owners[tokenId];
emit Transfer(owner, address(0), tokenId);
_afterTokenTransfer(owner, address(0), tokenId, 1);
}
/**
* @dev Transfers `tokenId` from `from` to `to`.
* As opposed to {transferFrom}, this imposes no restrictions on msg.sender.
*
* Requirements:
*
* - `to` cannot be the zero address.
* - `tokenId` token must be owned by `from`.
*
* Emits a {Transfer} event.
*/
function _transfer(address from, address to, uint256 tokenId) internal virtual {
require(ERC721Upgradeable.ownerOf(tokenId) == from, "ERC721: transfer from incorrect owner");
require(to != address(0), "ERC721: transfer to the zero address");
_beforeTokenTransfer(from, to, tokenId, 1);
// Check that tokenId was not transferred by `_beforeTokenTransfer` hook
require(ERC721Upgradeable.ownerOf(tokenId) == from, "ERC721: transfer from incorrect owner");
// Clear approvals from the previous owner
delete _tokenApprovals[tokenId];
unchecked {
// `_balances[from]` cannot overflow for the same reason as described in `_burn`:
// `from`'s balance is the number of token held, which is at least one before the current
// transfer.
// `_balances[to]` could overflow in the conditions described in `_mint`. That would require
// all 2**256 token ids to be minted, which in practice is impossible.
_balances[from] -= 1;
_balances[to] += 1;
}
_owners[tokenId] = to;
emit Transfer(from, to, tokenId);
_afterTokenTransfer(from, to, tokenId, 1);
}
/**
* @dev Approve `to` to operate on `tokenId`
*
* Emits an {Approval} event.
*/
function _approve(address to, uint256 tokenId) internal virtual {
_tokenApprovals[tokenId] = to;
emit Approval(ERC721Upgradeable.ownerOf(tokenId), to, tokenId);
}
/**
* @dev Approve `operator` to operate on all of `owner` tokens
*
* Emits an {ApprovalForAll} event.
*/
function _setApprovalForAll(address owner, address operator, bool approved) internal virtual {
require(owner != operator, "ERC721: approve to caller");
_operatorApprovals[owner][operator] = approved;
emit ApprovalForAll(owner, operator, approved);
}
/**
* @dev Reverts if the `tokenId` has not been minted yet.
*/
function _requireMinted(uint256 tokenId) internal view virtual {
require(_exists(tokenId), "ERC721: invalid token ID");
}
/**
* @dev Internal function to invoke {IERC721Receiver-onERC721Received} on a target address.
* The call is not executed if the target address is not a contract.
*
* @param from address representing the previous owner of the given token ID
* @param to target address that will receive the tokens
* @param tokenId uint256 ID of the token to be transferred
* @param data bytes optional data to send along with the call
* @return bool whether the call correctly returned the expected magic value
*/
function _checkOnERC721Received(
address from,
address to,
uint256 tokenId,
bytes memory data
) private returns (bool) {
if (to.isContract()) {
try IERC721ReceiverUpgradeable(to).onERC721Received(_msgSender(), from, tokenId, data) returns (bytes4 retval) {
return retval == IERC721ReceiverUpgradeable.onERC721Received.selector;
} catch (bytes memory reason) {
if (reason.length == 0) {
revert("ERC721: transfer to non ERC721Receiver implementer");
} else {
/// @solidity memory-safe-assembly
assembly {
revert(add(32, reason), mload(reason))
}
}
}
} else {
return true;
}
}
/**
* @dev Hook that is called before any token transfer. This includes minting and burning. If {ERC721Consecutive} is
* used, the hook may be called as part of a consecutive (batch) mint, as indicated by `batchSize` greater than 1.
*
* Calling conditions:
*
* - When `from` and `to` are both non-zero, ``from``'s tokens will be transferred to `to`.
* - When `from` is zero, the tokens will be minted for `to`.
* - When `to` is zero, ``from``'s tokens will be burned.
* - `from` and `to` are never both zero.
* - `batchSize` is non-zero.
*
* To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks].
*/
function _beforeTokenTransfer(address from, address to, uint256 firstTokenId, uint256 batchSize) internal virtual {}
/**
* @dev Hook that is called after any token transfer. This includes minting and burning. If {ERC721Consecutive} is
* used, the hook may be called as part of a consecutive (batch) mint, as indicated by `batchSize` greater than 1.
*
* Calling conditions:
*
* - When `from` and `to` are both non-zero, ``from``'s tokens were transferred to `to`.
* - When `from` is zero, the tokens were minted for `to`.
* - When `to` is zero, ``from``'s tokens were burned.
* - `from` and `to` are never both zero.
* - `batchSize` is non-zero.
*
* To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks].
*/
function _afterTokenTransfer(address from, address to, uint256 firstTokenId, uint256 batchSize) internal virtual {}
/**
* @dev Unsafe write access to the balances, used by extensions that "mint" tokens using an {ownerOf} override.
*
* WARNING: Anyone calling this MUST ensure that the balances remain consistent with the ownership. The invariant
* being that for any address `a` the value returned by `balanceOf(a)` must be equal to the number of tokens such
* that `ownerOf(tokenId)` is `a`.
*/
// solhint-disable-next-line func-name-mixedcase
function __unsafe_increaseBalance(address account, uint256 amount) internal {
_balances[account] += amount;
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[44] private __gap;
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (token/ERC721/extensions/IERC721Enumerable.sol)
pragma solidity ^0.8.0;
import "../IERC721Upgradeable.sol";
/**
* @title ERC-721 Non-Fungible Token Standard, optional enumeration extension
* @dev See https://eips.ethereum.org/EIPS/eip-721
*/
interface IERC721EnumerableUpgradeable is IERC721Upgradeable {
/**
* @dev Returns the total amount of tokens stored by the contract.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns a token ID owned by `owner` at a given `index` of its token list.
* Use along with {balanceOf} to enumerate all of ``owner``'s tokens.
*/
function tokenOfOwnerByIndex(address owner, uint256 index) external view returns (uint256);
/**
* @dev Returns a token ID at a given `index` of all the tokens stored by the contract.
* Use along with {totalSupply} to enumerate all tokens.
*/
function tokenByIndex(uint256 index) external view returns (uint256);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/math/Math.sol)
pragma solidity ^0.8.0;
/**
* @dev Standard math utilities missing in the Solidity language.
*/
library MathUpgradeable {
enum Rounding {
Down, // Toward negative infinity
Up, // Toward infinity
Zero // Toward zero
}
/**
* @dev Returns the largest of two numbers.
*/
function max(uint256 a, uint256 b) internal pure returns (uint256) {
return a > b ? a : b;
}
/**
* @dev Returns the smallest of two numbers.
*/
function min(uint256 a, uint256 b) internal pure returns (uint256) {
return a < b ? a : b;
}
/**
* @dev Returns the average of two numbers. The result is rounded towards
* zero.
*/
function average(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b) / 2 can overflow.
return (a & b) + (a ^ b) / 2;
}
/**
* @dev Returns the ceiling of the division of two numbers.
*
* This differs from standard division with `/` in that it rounds up instead
* of rounding down.
*/
function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b - 1) / b can overflow on addition, so we distribute.
return a == 0 ? 0 : (a - 1) / b + 1;
}
/**
* @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or denominator == 0
* @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv)
* with further edits by Uniswap Labs also under MIT license.
*/
function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {
unchecked {
// 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use
// use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256
// variables such that product = prod1 * 2^256 + prod0.
uint256 prod0; // Least significant 256 bits of the product
uint256 prod1; // Most significant 256 bits of the product
assembly {
let mm := mulmod(x, y, not(0))
prod0 := mul(x, y)
prod1 := sub(sub(mm, prod0), lt(mm, prod0))
}
// Handle non-overflow cases, 256 by 256 division.
if (prod1 == 0) {
// Solidity will revert if denominator == 0, unlike the div opcode on its own.
// The surrounding unchecked block does not change this fact.
// See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.
return prod0 / denominator;
}
// Make sure the result is less than 2^256. Also prevents denominator == 0.
require(denominator > prod1, "Math: mulDiv overflow");
///////////////////////////////////////////////
// 512 by 256 division.
///////////////////////////////////////////////
// Make division exact by subtracting the remainder from [prod1 prod0].
uint256 remainder;
assembly {
// Compute remainder using mulmod.
remainder := mulmod(x, y, denominator)
// Subtract 256 bit number from 512 bit number.
prod1 := sub(prod1, gt(remainder, prod0))
prod0 := sub(prod0, remainder)
}
// Factor powers of two out of denominator and compute largest power of two divisor of denominator. Always >= 1.
// See https://cs.stackexchange.com/q/138556/92363.
// Does not overflow because the denominator cannot be zero at this stage in the function.
uint256 twos = denominator & (~denominator + 1);
assembly {
// Divide denominator by twos.
denominator := div(denominator, twos)
// Divide [prod1 prod0] by twos.
prod0 := div(prod0, twos)
// Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.
twos := add(div(sub(0, twos), twos), 1)
}
// Shift in bits from prod1 into prod0.
prod0 |= prod1 * twos;
// Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such
// that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for
// four bits. That is, denominator * inv = 1 mod 2^4.
uint256 inverse = (3 * denominator) ^ 2;
// Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also works
// in modular arithmetic, doubling the correct bits in each step.
inverse *= 2 - denominator * inverse; // inverse mod 2^8
inverse *= 2 - denominator * inverse; // inverse mod 2^16
inverse *= 2 - denominator * inverse; // inverse mod 2^32
inverse *= 2 - denominator * inverse; // inverse mod 2^64
inverse *= 2 - denominator * inverse; // inverse mod 2^128
inverse *= 2 - denominator * inverse; // inverse mod 2^256
// Because the division is now exact we can divide by multiplying with the modular inverse of denominator.
// This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is
// less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1
// is no longer required.
result = prod0 * inverse;
return result;
}
}
/**
* @notice Calculates x * y / denominator with full precision, following the selected rounding direction.
*/
function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {
uint256 result = mulDiv(x, y, denominator);
if (rounding == Rounding.Up && mulmod(x, y, denominator) > 0) {
result += 1;
}
return result;
}
/**
* @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded down.
*
* Inspired by Henry S. Warren, Jr.'s "Hacker's Delight" (Chapter 11).
*/
function sqrt(uint256 a) internal pure returns (uint256) {
if (a == 0) {
return 0;
}
// For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.
//
// We know that the "msb" (most significant bit) of our target number `a` is a power of 2 such that we have
// `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.
//
// This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`
// → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`
// → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`
//
// Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.
uint256 result = 1 << (log2(a) >> 1);
// At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,
// since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at
// every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision
// into the expected uint128 result.
unchecked {
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
return min(result, a / result);
}
}
/**
* @notice Calculates sqrt(a), following the selected rounding direction.
*/
function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = sqrt(a);
return result + (rounding == Rounding.Up && result * result < a ? 1 : 0);
}
}
/**
* @dev Return the log in base 2, rounded down, of a positive value.
* Returns 0 if given 0.
*/
function log2(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >> 128 > 0) {
value >>= 128;
result += 128;
}
if (value >> 64 > 0) {
value >>= 64;
result += 64;
}
if (value >> 32 > 0) {
value >>= 32;
result += 32;
}
if (value >> 16 > 0) {
value >>= 16;
result += 16;
}
if (value >> 8 > 0) {
value >>= 8;
result += 8;
}
if (value >> 4 > 0) {
value >>= 4;
result += 4;
}
if (value >> 2 > 0) {
value >>= 2;
result += 2;
}
if (value >> 1 > 0) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 2, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log2(value);
return result + (rounding == Rounding.Up && 1 << result < value ? 1 : 0);
}
}
/**
* @dev Return the log in base 10, rounded down, of a positive value.
* Returns 0 if given 0.
*/
function log10(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >= 10 ** 64) {
value /= 10 ** 64;
result += 64;
}
if (value >= 10 ** 32) {
value /= 10 ** 32;
result += 32;
}
if (value >= 10 ** 16) {
value /= 10 ** 16;
result += 16;
}
if (value >= 10 ** 8) {
value /= 10 ** 8;
result += 8;
}
if (value >= 10 ** 4) {
value /= 10 ** 4;
result += 4;
}
if (value >= 10 ** 2) {
value /= 10 ** 2;
result += 2;
}
if (value >= 10 ** 1) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 10, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log10(value);
return result + (rounding == Rounding.Up && 10 ** result < value ? 1 : 0);
}
}
/**
* @dev Return the log in base 256, rounded down, of a positive value.
* Returns 0 if given 0.
*
* Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.
*/
function log256(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >> 128 > 0) {
value >>= 128;
result += 16;
}
if (value >> 64 > 0) {
value >>= 64;
result += 8;
}
if (value >> 32 > 0) {
value >>= 32;
result += 4;
}
if (value >> 16 > 0) {
value >>= 16;
result += 2;
}
if (value >> 8 > 0) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 256, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log256(value);
return result + (rounding == Rounding.Up && 1 << (result << 3) < value ? 1 : 0);
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (proxy/beacon/IBeacon.sol)
pragma solidity ^0.8.0;
/**
* @dev This is the interface that {BeaconProxy} expects of its beacon.
*/
interface IBeacon {
/**
* @dev Must return an address that can be used as a delegate call target.
*
* {BeaconProxy} will check that this address is a contract.
*/
function implementation() external view returns (address);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (interfaces/IERC1967.sol)
pragma solidity ^0.8.0;
/**
* @dev ERC-1967: Proxy Storage Slots. This interface contains the events defined in the ERC.
*
* _Available since v4.8.3._
*/
interface IERC1967 {
/**
* @dev Emitted when the implementation is upgraded.
*/
event Upgraded(address indexed implementation);
/**
* @dev Emitted when the admin account has changed.
*/
event AdminChanged(address previousAdmin, address newAdmin);
/**
* @dev Emitted when the beacon is changed.
*/
event BeaconUpgraded(address indexed beacon);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (interfaces/draft-IERC1822.sol)
pragma solidity ^0.8.0;
/**
* @dev ERC1822: Universal Upgradeable Proxy Standard (UUPS) documents a method for upgradeability through a simplified
* proxy whose upgrades are fully controlled by the current implementation.
*/
interface IERC1822Proxiable {
/**
* @dev Returns the storage slot that the proxiable contract assumes is being used to store the implementation
* address.
*
* IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks
* bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this
* function revert if invoked through a proxy.
*/
function proxiableUUID() external view returns (bytes32);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/StorageSlot.sol)
// This file was procedurally generated from scripts/generate/templates/StorageSlot.js.
pragma solidity ^0.8.0;
/**
* @dev Library for reading and writing primitive types to specific storage slots.
*
* Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.
* This library helps with reading and writing to such slots without the need for inline assembly.
*
* The functions in this library return Slot structs that contain a `value` member that can be used to read or write.
*
* Example usage to set ERC1967 implementation slot:
* ```solidity
* contract ERC1967 {
* bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
*
* function _getImplementation() internal view returns (address) {
* return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
* }
*
* function _setImplementation(address newImplementation) internal {
* require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract");
* StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
* }
* }
* ```
*
* _Available since v4.1 for `address`, `bool`, `bytes32`, `uint256`._
* _Available since v4.9 for `string`, `bytes`._
*/
library StorageSlot {
struct AddressSlot {
address value;
}
struct BooleanSlot {
bool value;
}
struct Bytes32Slot {
bytes32 value;
}
struct Uint256Slot {
uint256 value;
}
struct StringSlot {
string value;
}
struct BytesSlot {
bytes value;
}
/**
* @dev Returns an `AddressSlot` with member `value` located at `slot`.
*/
function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `BooleanSlot` with member `value` located at `slot`.
*/
function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Bytes32Slot` with member `value` located at `slot`.
*/
function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Uint256Slot` with member `value` located at `slot`.
*/
function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `StringSlot` with member `value` located at `slot`.
*/
function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `StringSlot` representation of the string storage pointer `store`.
*/
function getStringSlot(string storage store) internal pure returns (StringSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := store.slot
}
}
/**
* @dev Returns an `BytesSlot` with member `value` located at `slot`.
*/
function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`.
*/
function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := store.slot
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC721/IERC721.sol)
pragma solidity ^0.8.0;
import "../../utils/introspection/IERC165.sol";
/**
* @dev Required interface of an ERC721 compliant contract.
*/
interface IERC721 is IERC165 {
/**
* @dev Emitted when `tokenId` token is transferred from `from` to `to`.
*/
event Transfer(address indexed from, address indexed to, uint256 indexed tokenId);
/**
* @dev Emitted when `owner` enables `approved` to manage the `tokenId` token.
*/
event Approval(address indexed owner, address indexed approved, uint256 indexed tokenId);
/**
* @dev Emitted when `owner` enables or disables (`approved`) `operator` to manage all of its assets.
*/
event ApprovalForAll(address indexed owner, address indexed operator, bool approved);
/**
* @dev Returns the number of tokens in ``owner``'s account.
*/
function balanceOf(address owner) external view returns (uint256 balance);
/**
* @dev Returns the owner of the `tokenId` token.
*
* Requirements:
*
* - `tokenId` must exist.
*/
function ownerOf(uint256 tokenId) external view returns (address owner);
/**
* @dev Safely transfers `tokenId` token from `from` to `to`.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must exist and be owned by `from`.
* - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}.
* - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.
*
* Emits a {Transfer} event.
*/
function safeTransferFrom(address from, address to, uint256 tokenId, bytes calldata data) external;
/**
* @dev Safely transfers `tokenId` token from `from` to `to`, checking first that contract recipients
* are aware of the ERC721 protocol to prevent tokens from being forever locked.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must exist and be owned by `from`.
* - If the caller is not `from`, it must have been allowed to move this token by either {approve} or {setApprovalForAll}.
* - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.
*
* Emits a {Transfer} event.
*/
function safeTransferFrom(address from, address to, uint256 tokenId) external;
/**
* @dev Transfers `tokenId` token from `from` to `to`.
*
* WARNING: Note that the caller is responsible to confirm that the recipient is capable of receiving ERC721
* or else they may be permanently lost. Usage of {safeTransferFrom} prevents loss, though the caller must
* understand this adds an external call which potentially creates a reentrancy vulnerability.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must be owned by `from`.
* - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}.
*
* Emits a {Transfer} event.
*/
function transferFrom(address from, address to, uint256 tokenId) external;
/**
* @dev Gives permission to `to` to transfer `tokenId` token to another account.
* The approval is cleared when the token is transferred.
*
* Only a single account can be approved at a time, so approving the zero address clears previous approvals.
*
* Requirements:
*
* - The caller must own the token or be an approved operator.
* - `tokenId` must exist.
*
* Emits an {Approval} event.
*/
function approve(address to, uint256 tokenId) external;
/**
* @dev Approve or remove `operator` as an operator for the caller.
* Operators can call {transferFrom} or {safeTransferFrom} for any token owned by the caller.
*
* Requirements:
*
* - The `operator` cannot be the caller.
*
* Emits an {ApprovalForAll} event.
*/
function setApprovalForAll(address operator, bool approved) external;
/**
* @dev Returns the account approved for `tokenId` token.
*
* Requirements:
*
* - `tokenId` must exist.
*/
function getApproved(uint256 tokenId) external view returns (address operator);
/**
* @dev Returns if the `operator` is allowed to manage all of the assets of `owner`.
*
* See {setApprovalForAll}
*/
function isApprovedForAll(address owner, address operator) external view returns (bool);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/EIP712.sol)
pragma solidity ^0.8.8;
import "./ECDSA.sol";
import "../ShortStrings.sol";
import "../../interfaces/IERC5267.sol";
/**
* @dev https://eips.ethereum.org/EIPS/eip-712[EIP 712] is a standard for hashing and signing of typed structured data.
*
* The encoding specified in the EIP is very generic, and such a generic implementation in Solidity is not feasible,
* thus this contract does not implement the encoding itself. Protocols need to implement the type-specific encoding
* they need in their contracts using a combination of `abi.encode` and `keccak256`.
*
* This contract implements the EIP 712 domain separator ({_domainSeparatorV4}) that is used as part of the encoding
* scheme, and the final step of the encoding to obtain the message digest that is then signed via ECDSA
* ({_hashTypedDataV4}).
*
* The implementation of the domain separator was designed to be as efficient as possible while still properly updating
* the chain id to protect against replay attacks on an eventual fork of the chain.
*
* NOTE: This contract implements the version of the encoding known as "v4", as implemented by the JSON RPC method
* https://docs.metamask.io/guide/signing-data.html[`eth_signTypedDataV4` in MetaMask].
*
* NOTE: In the upgradeable version of this contract, the cached values will correspond to the address, and the domain
* separator of the implementation contract. This will cause the `_domainSeparatorV4` function to always rebuild the
* separator from the immutable values, which is cheaper than accessing a cached version in cold storage.
*
* _Available since v3.4._
*
* @custom:oz-upgrades-unsafe-allow state-variable-immutable state-variable-assignment
*/
abstract contract EIP712 is IERC5267 {
using ShortStrings for *;
bytes32 private constant _TYPE_HASH =
keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)");
// Cache the domain separator as an immutable value, but also store the chain id that it corresponds to, in order to
// invalidate the cached domain separator if the chain id changes.
bytes32 private immutable _cachedDomainSeparator;
uint256 private immutable _cachedChainId;
address private immutable _cachedThis;
bytes32 private immutable _hashedName;
bytes32 private immutable _hashedVersion;
ShortString private immutable _name;
ShortString private immutable _version;
string private _nameFallback;
string private _versionFallback;
/**
* @dev Initializes the domain separator and parameter caches.
*
* The meaning of `name` and `version` is specified in
* https://eips.ethereum.org/EIPS/eip-712#definition-of-domainseparator[EIP 712]:
*
* - `name`: the user readable name of the signing domain, i.e. the name of the DApp or the protocol.
* - `version`: the current major version of the signing domain.
*
* NOTE: These parameters cannot be changed except through a xref:learn::upgrading-smart-contracts.adoc[smart
* contract upgrade].
*/
constructor(string memory name, string memory version) {
_name = name.toShortStringWithFallback(_nameFallback);
_version = version.toShortStringWithFallback(_versionFallback);
_hashedName = keccak256(bytes(name));
_hashedVersion = keccak256(bytes(version));
_cachedChainId = block.chainid;
_cachedDomainSeparator = _buildDomainSeparator();
_cachedThis = address(this);
}
/**
* @dev Returns the domain separator for the current chain.
*/
function _domainSeparatorV4() internal view returns (bytes32) {
if (address(this) == _cachedThis && block.chainid == _cachedChainId) {
return _cachedDomainSeparator;
} else {
return _buildDomainSeparator();
}
}
function _buildDomainSeparator() private view returns (bytes32) {
return keccak256(abi.encode(_TYPE_HASH, _hashedName, _hashedVersion, block.chainid, address(this)));
}
/**
* @dev Given an already https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct[hashed struct], this
* function returns the hash of the fully encoded EIP712 message for this domain.
*
* This hash can be used together with {ECDSA-recover} to obtain the signer of a message. For example:
*
* ```solidity
* bytes32 digest = _hashTypedDataV4(keccak256(abi.encode(
* keccak256("Mail(address to,string contents)"),
* mailTo,
* keccak256(bytes(mailContents))
* )));
* address signer = ECDSA.recover(digest, signature);
* ```
*/
function _hashTypedDataV4(bytes32 structHash) internal view virtual returns (bytes32) {
return ECDSA.toTypedDataHash(_domainSeparatorV4(), structHash);
}
/**
* @dev See {EIP-5267}.
*
* _Available since v4.9._
*/
function eip712Domain()
public
view
virtual
override
returns (
bytes1 fields,
string memory name,
string memory version,
uint256 chainId,
address verifyingContract,
bytes32 salt,
uint256[] memory extensions
)
{
return (
hex"0f", // 01111
_name.toStringWithFallback(_nameFallback),
_version.toStringWithFallback(_versionFallback),
block.chainid,
address(this),
bytes32(0),
new uint256[](0)
);
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/Counters.sol)
pragma solidity ^0.8.0;
/**
* @title Counters
* @author Matt Condon (@shrugs)
* @dev Provides counters that can only be incremented, decremented or reset. This can be used e.g. to track the number
* of elements in a mapping, issuing ERC721 ids, or counting request ids.
*
* Include with `using Counters for Counters.Counter;`
*/
library Counters {
struct Counter {
// This variable should never be directly accessed by users of the library: interactions must be restricted to
// the library's function. As of Solidity v0.5.2, this cannot be enforced, though there is a proposal to add
// this feature: see https://github.com/ethereum/solidity/issues/4637
uint256 _value; // default: 0
}
function current(Counter storage counter) internal view returns (uint256) {
return counter._value;
}
function increment(Counter storage counter) internal {
unchecked {
counter._value += 1;
}
}
function decrement(Counter storage counter) internal {
uint256 value = counter._value;
require(value > 0, "Counter: decrement overflow");
unchecked {
counter._value = value - 1;
}
}
function reset(Counter storage counter) internal {
counter._value = 0;
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (governance/utils/IVotes.sol)
pragma solidity ^0.8.0;
/**
* @dev Common interface for {ERC20Votes}, {ERC721Votes}, and other {Votes}-enabled contracts.
*
* _Available since v4.5._
*/
interface IVotes {
/**
* @dev Emitted when an account changes their delegate.
*/
event DelegateChanged(address indexed delegator, address indexed fromDelegate, address indexed toDelegate);
/**
* @dev Emitted when a token transfer or delegate change results in changes to a delegate's number of votes.
*/
event DelegateVotesChanged(address indexed delegate, uint256 previousBalance, uint256 newBalance);
/**
* @dev Returns the current amount of votes that `account` has.
*/
function getVotes(address account) external view returns (uint256);
/**
* @dev Returns the amount of votes that `account` had at a specific moment in the past. If the `clock()` is
* configured to use block numbers, this will return the value at the end of the corresponding block.
*/
function getPastVotes(address account, uint256 timepoint) external view returns (uint256);
/**
* @dev Returns the total supply of votes available at a specific moment in the past. If the `clock()` is
* configured to use block numbers, this will return the value at the end of the corresponding block.
*
* NOTE: This value is the sum of all available votes, which is not necessarily the sum of all delegated votes.
* Votes that have not been delegated are still part of total supply, even though they would not participate in a
* vote.
*/
function getPastTotalSupply(uint256 timepoint) external view returns (uint256);
/**
* @dev Returns the delegate that `account` has chosen.
*/
function delegates(address account) external view returns (address);
/**
* @dev Delegates votes from the sender to `delegatee`.
*/
function delegate(address delegatee) external;
/**
* @dev Delegates votes from signer to `delegatee`.
*/
function delegateBySig(address delegatee, uint256 nonce, uint256 expiry, uint8 v, bytes32 r, bytes32 s) external;
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/Strings.sol)
pragma solidity ^0.8.0;
import "./math/Math.sol";
import "./math/SignedMath.sol";
/**
* @dev String operations.
*/
library Strings {
bytes16 private constant _SYMBOLS = "0123456789abcdef";
uint8 private constant _ADDRESS_LENGTH = 20;
/**
* @dev Converts a `uint256` to its ASCII `string` decimal representation.
*/
function toString(uint256 value) internal pure returns (string memory) {
unchecked {
uint256 length = Math.log10(value) + 1;
string memory buffer = new string(length);
uint256 ptr;
/// @solidity memory-safe-assembly
assembly {
ptr := add(buffer, add(32, length))
}
while (true) {
ptr--;
/// @solidity memory-safe-assembly
assembly {
mstore8(ptr, byte(mod(value, 10), _SYMBOLS))
}
value /= 10;
if (value == 0) break;
}
return buffer;
}
}
/**
* @dev Converts a `int256` to its ASCII `string` decimal representation.
*/
function toString(int256 value) internal pure returns (string memory) {
return string(abi.encodePacked(value < 0 ? "-" : "", toString(SignedMath.abs(value))));
}
/**
* @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.
*/
function toHexString(uint256 value) internal pure returns (string memory) {
unchecked {
return toHexString(value, Math.log256(value) + 1);
}
}
/**
* @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.
*/
function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {
bytes memory buffer = new bytes(2 * length + 2);
buffer[0] = "0";
buffer[1] = "x";
for (uint256 i = 2 * length + 1; i > 1; --i) {
buffer[i] = _SYMBOLS[value & 0xf];
value >>= 4;
}
require(value == 0, "Strings: hex length insufficient");
return string(buffer);
}
/**
* @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation.
*/
function toHexString(address addr) internal pure returns (string memory) {
return toHexString(uint256(uint160(addr)), _ADDRESS_LENGTH);
}
/**
* @dev Returns true if the two strings are equal.
*/
function equal(string memory a, string memory b) internal pure returns (bool) {
return keccak256(bytes(a)) == keccak256(bytes(b));
}
}// SPDX-License-Identifier: MIT
pragma solidity >=0.8.4;
import "./IABIResolver.sol";
import "../ResolverBase.sol";
interface IABIResolver {
event ABIChanged(bytes32 indexed node, uint256 indexed contentType);
/**
* Returns the ABI associated with an ENS node.
* Defined in EIP205.
* @param node The ENS node to query
* @param contentTypes A bitwise OR of the ABI formats accepted by the caller.
* @return contentType The content type of the return value
* @return data The ABI data
*/
function ABI(bytes32 node, uint256 contentTypes) external view returns (uint256, bytes memory);
}// SPDX-License-Identifier: MIT
pragma solidity >=0.8.4;
/**
* Interface for the new (multicoin) addr function.
*/
interface IAddressResolver {
event AddressChanged(bytes32 indexed node, uint coinType, bytes newAddress);
function addr(bytes32 node, uint coinType) external view returns(bytes memory);
}// SPDX-License-Identifier: MIT
pragma solidity >=0.8.4;
/**
* Interface for the legacy (ETH-only) addr function.
*/
interface IAddrResolver {
event AddrChanged(bytes32 indexed node, address a);
/**
* Returns the address associated with an ENS node.
* @param node The ENS node to query.
* @return The associated address.
*/
function addr(bytes32 node) external view returns (address payable);
}// SPDX-License-Identifier: MIT
pragma solidity >=0.8.4;
interface IContentHashResolver {
event ContenthashChanged(bytes32 indexed node, bytes hash);
/**
* Returns the contenthash associated with an ENS node.
* @param node The ENS node to query.
* @return The associated contenthash.
*/
function contenthash(bytes32 node) external view returns (bytes memory);
}// SPDX-License-Identifier: MIT
pragma solidity >=0.8.4;
interface IDNSRecordResolver {
// DNSRecordChanged is emitted whenever a given node/name/resource's RRSET is updated.
event DNSRecordChanged(bytes32 indexed node, bytes name, uint16 resource, bytes record);
// DNSRecordDeleted is emitted whenever a given node/name/resource's RRSET is deleted.
event DNSRecordDeleted(bytes32 indexed node, bytes name, uint16 resource);
// DNSZoneCleared is emitted whenever a given node's zone information is cleared.
event DNSZoneCleared(bytes32 indexed node);
/**
* Obtain a DNS record.
* @param node the namehash of the node for which to fetch the record
* @param name the keccak-256 hash of the fully-qualified name for which to fetch the record
* @param resource the ID of the resource as per https://en.wikipedia.org/wiki/List_of_DNS_record_types
* @return the DNS record in wire format if present, otherwise empty
*/
function dnsRecord(bytes32 node, bytes32 name, uint16 resource) external view returns (bytes memory);
}// SPDX-License-Identifier: MIT
pragma solidity >=0.8.4;
interface IDNSZoneResolver {
// DNSZonehashChanged is emitted whenever a given node's zone hash is updated.
event DNSZonehashChanged(bytes32 indexed node, bytes lastzonehash, bytes zonehash);
/**
* zonehash obtains the hash for the zone.
* @param node The ENS node to query.
* @return The associated contenthash.
*/
function zonehash(bytes32 node) external view returns (bytes memory);
}// SPDX-License-Identifier: MIT
pragma solidity >=0.8.4;
interface IInterfaceResolver {
event InterfaceChanged(bytes32 indexed node, bytes4 indexed interfaceID, address implementer);
/**
* Returns the address of a contract that implements the specified interface for this name.
* If an implementer has not been set for this interfaceID and name, the resolver will query
* the contract at `addr()`. If `addr()` is set, a contract exists at that address, and that
* contract implements EIP165 and returns `true` for the specified interfaceID, its address
* will be returned.
* @param node The ENS node to query.
* @param interfaceID The EIP 165 interface ID to check for.
* @return The address that implements this interface, or 0 if the interface is unsupported.
*/
function interfaceImplementer(bytes32 node, bytes4 interfaceID) external view returns (address);
}// SPDX-License-Identifier: MIT
pragma solidity >=0.8.4;
interface INameResolver {
event NameChanged(bytes32 indexed node, string name);
/**
* Returns the name associated with an ENS node, for reverse records.
* Defined in EIP181.
* @param node The ENS node to query.
* @return The associated name.
*/
function name(bytes32 node) external view returns (string memory);
}// SPDX-License-Identifier: MIT
pragma solidity >=0.8.4;
interface IPubkeyResolver {
event PubkeyChanged(bytes32 indexed node, bytes32 x, bytes32 y);
/**
* Returns the SECP256k1 public key associated with an ENS node.
* Defined in EIP 619.
* @param node The ENS node to query
* @return x The X coordinate of the curve point for the public key.
* @return y The Y coordinate of the curve point for the public key.
*/
function pubkey(bytes32 node) external view returns (bytes32 x, bytes32 y);
}// SPDX-License-Identifier: MIT
pragma solidity >=0.8.4;
interface ITextResolver {
event TextChanged(bytes32 indexed node, string indexed indexedKey, string key);
/**
* Returns the text data associated with an ENS node and key.
* @param node The ENS node to query.
* @param key The text data key to query.
* @return The associated text data.
*/
function text(bytes32 node, string calldata key) external view returns (string memory);
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.4;
interface ISupportsInterface {
function supportsInterface(bytes4 interfaceID) external pure returns(bool);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC721/IERC721.sol)
pragma solidity ^0.8.0;
import "../../utils/introspection/IERC165Upgradeable.sol";
/**
* @dev Required interface of an ERC721 compliant contract.
*/
interface IERC721Upgradeable is IERC165Upgradeable {
/**
* @dev Emitted when `tokenId` token is transferred from `from` to `to`.
*/
event Transfer(address indexed from, address indexed to, uint256 indexed tokenId);
/**
* @dev Emitted when `owner` enables `approved` to manage the `tokenId` token.
*/
event Approval(address indexed owner, address indexed approved, uint256 indexed tokenId);
/**
* @dev Emitted when `owner` enables or disables (`approved`) `operator` to manage all of its assets.
*/
event ApprovalForAll(address indexed owner, address indexed operator, bool approved);
/**
* @dev Returns the number of tokens in ``owner``'s account.
*/
function balanceOf(address owner) external view returns (uint256 balance);
/**
* @dev Returns the owner of the `tokenId` token.
*
* Requirements:
*
* - `tokenId` must exist.
*/
function ownerOf(uint256 tokenId) external view returns (address owner);
/**
* @dev Safely transfers `tokenId` token from `from` to `to`.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must exist and be owned by `from`.
* - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}.
* - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.
*
* Emits a {Transfer} event.
*/
function safeTransferFrom(address from, address to, uint256 tokenId, bytes calldata data) external;
/**
* @dev Safely transfers `tokenId` token from `from` to `to`, checking first that contract recipients
* are aware of the ERC721 protocol to prevent tokens from being forever locked.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must exist and be owned by `from`.
* - If the caller is not `from`, it must have been allowed to move this token by either {approve} or {setApprovalForAll}.
* - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.
*
* Emits a {Transfer} event.
*/
function safeTransferFrom(address from, address to, uint256 tokenId) external;
/**
* @dev Transfers `tokenId` token from `from` to `to`.
*
* WARNING: Note that the caller is responsible to confirm that the recipient is capable of receiving ERC721
* or else they may be permanently lost. Usage of {safeTransferFrom} prevents loss, though the caller must
* understand this adds an external call which potentially creates a reentrancy vulnerability.
*
* Requirements:
*
* - `from` cannot be the zero address.
* - `to` cannot be the zero address.
* - `tokenId` token must be owned by `from`.
* - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}.
*
* Emits a {Transfer} event.
*/
function transferFrom(address from, address to, uint256 tokenId) external;
/**
* @dev Gives permission to `to` to transfer `tokenId` token to another account.
* The approval is cleared when the token is transferred.
*
* Only a single account can be approved at a time, so approving the zero address clears previous approvals.
*
* Requirements:
*
* - The caller must own the token or be an approved operator.
* - `tokenId` must exist.
*
* Emits an {Approval} event.
*/
function approve(address to, uint256 tokenId) external;
/**
* @dev Approve or remove `operator` as an operator for the caller.
* Operators can call {transferFrom} or {safeTransferFrom} for any token owned by the caller.
*
* Requirements:
*
* - The `operator` cannot be the caller.
*
* Emits an {ApprovalForAll} event.
*/
function setApprovalForAll(address operator, bool approved) external;
/**
* @dev Returns the account approved for `tokenId` token.
*
* Requirements:
*
* - `tokenId` must exist.
*/
function getApproved(uint256 tokenId) external view returns (address operator);
/**
* @dev Returns if the `operator` is allowed to manage all of the assets of `owner`.
*
* See {setApprovalForAll}
*/
function isApprovedForAll(address owner, address operator) external view returns (bool);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (token/ERC721/extensions/IERC721Metadata.sol)
pragma solidity ^0.8.0;
import "../IERC721Upgradeable.sol";
/**
* @title ERC-721 Non-Fungible Token Standard, optional metadata extension
* @dev See https://eips.ethereum.org/EIPS/eip-721
*/
interface IERC721MetadataUpgradeable is IERC721Upgradeable {
/**
* @dev Returns the token collection name.
*/
function name() external view returns (string memory);
/**
* @dev Returns the token collection symbol.
*/
function symbol() external view returns (string memory);
/**
* @dev Returns the Uniform Resource Identifier (URI) for `tokenId` token.
*/
function tokenURI(uint256 tokenId) external view returns (string memory);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/Strings.sol)
pragma solidity ^0.8.0;
import "./math/MathUpgradeable.sol";
import "./math/SignedMathUpgradeable.sol";
/**
* @dev String operations.
*/
library StringsUpgradeable {
bytes16 private constant _SYMBOLS = "0123456789abcdef";
uint8 private constant _ADDRESS_LENGTH = 20;
/**
* @dev Converts a `uint256` to its ASCII `string` decimal representation.
*/
function toString(uint256 value) internal pure returns (string memory) {
unchecked {
uint256 length = MathUpgradeable.log10(value) + 1;
string memory buffer = new string(length);
uint256 ptr;
/// @solidity memory-safe-assembly
assembly {
ptr := add(buffer, add(32, length))
}
while (true) {
ptr--;
/// @solidity memory-safe-assembly
assembly {
mstore8(ptr, byte(mod(value, 10), _SYMBOLS))
}
value /= 10;
if (value == 0) break;
}
return buffer;
}
}
/**
* @dev Converts a `int256` to its ASCII `string` decimal representation.
*/
function toString(int256 value) internal pure returns (string memory) {
return string(abi.encodePacked(value < 0 ? "-" : "", toString(SignedMathUpgradeable.abs(value))));
}
/**
* @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.
*/
function toHexString(uint256 value) internal pure returns (string memory) {
unchecked {
return toHexString(value, MathUpgradeable.log256(value) + 1);
}
}
/**
* @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.
*/
function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {
bytes memory buffer = new bytes(2 * length + 2);
buffer[0] = "0";
buffer[1] = "x";
for (uint256 i = 2 * length + 1; i > 1; --i) {
buffer[i] = _SYMBOLS[value & 0xf];
value >>= 4;
}
require(value == 0, "Strings: hex length insufficient");
return string(buffer);
}
/**
* @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation.
*/
function toHexString(address addr) internal pure returns (string memory) {
return toHexString(uint256(uint160(addr)), _ADDRESS_LENGTH);
}
/**
* @dev Returns true if the two strings are equal.
*/
function equal(string memory a, string memory b) internal pure returns (bool) {
return keccak256(bytes(a)) == keccak256(bytes(b));
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/ShortStrings.sol)
pragma solidity ^0.8.8;
import "./StorageSlot.sol";
// | string | 0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA |
// | length | 0x BB |
type ShortString is bytes32;
/**
* @dev This library provides functions to convert short memory strings
* into a `ShortString` type that can be used as an immutable variable.
*
* Strings of arbitrary length can be optimized using this library if
* they are short enough (up to 31 bytes) by packing them with their
* length (1 byte) in a single EVM word (32 bytes). Additionally, a
* fallback mechanism can be used for every other case.
*
* Usage example:
*
* ```solidity
* contract Named {
* using ShortStrings for *;
*
* ShortString private immutable _name;
* string private _nameFallback;
*
* constructor(string memory contractName) {
* _name = contractName.toShortStringWithFallback(_nameFallback);
* }
*
* function name() external view returns (string memory) {
* return _name.toStringWithFallback(_nameFallback);
* }
* }
* ```
*/
library ShortStrings {
// Used as an identifier for strings longer than 31 bytes.
bytes32 private constant _FALLBACK_SENTINEL = 0x00000000000000000000000000000000000000000000000000000000000000FF;
error StringTooLong(string str);
error InvalidShortString();
/**
* @dev Encode a string of at most 31 chars into a `ShortString`.
*
* This will trigger a `StringTooLong` error is the input string is too long.
*/
function toShortString(string memory str) internal pure returns (ShortString) {
bytes memory bstr = bytes(str);
if (bstr.length > 31) {
revert StringTooLong(str);
}
return ShortString.wrap(bytes32(uint256(bytes32(bstr)) | bstr.length));
}
/**
* @dev Decode a `ShortString` back to a "normal" string.
*/
function toString(ShortString sstr) internal pure returns (string memory) {
uint256 len = byteLength(sstr);
// using `new string(len)` would work locally but is not memory safe.
string memory str = new string(32);
/// @solidity memory-safe-assembly
assembly {
mstore(str, len)
mstore(add(str, 0x20), sstr)
}
return str;
}
/**
* @dev Return the length of a `ShortString`.
*/
function byteLength(ShortString sstr) internal pure returns (uint256) {
uint256 result = uint256(ShortString.unwrap(sstr)) & 0xFF;
if (result > 31) {
revert InvalidShortString();
}
return result;
}
/**
* @dev Encode a string into a `ShortString`, or write it to storage if it is too long.
*/
function toShortStringWithFallback(string memory value, string storage store) internal returns (ShortString) {
if (bytes(value).length < 32) {
return toShortString(value);
} else {
StorageSlot.getStringSlot(store).value = value;
return ShortString.wrap(_FALLBACK_SENTINEL);
}
}
/**
* @dev Decode a string that was encoded to `ShortString` or written to storage using {setWithFallback}.
*/
function toStringWithFallback(ShortString value, string storage store) internal pure returns (string memory) {
if (ShortString.unwrap(value) != _FALLBACK_SENTINEL) {
return toString(value);
} else {
return store;
}
}
/**
* @dev Return the length of a string that was encoded to `ShortString` or written to storage using {setWithFallback}.
*
* WARNING: This will return the "byte length" of the string. This may not reflect the actual length in terms of
* actual characters as the UTF-8 encoding of a single character can span over multiple bytes.
*/
function byteLengthWithFallback(ShortString value, string storage store) internal view returns (uint256) {
if (ShortString.unwrap(value) != _FALLBACK_SENTINEL) {
return byteLength(value);
} else {
return bytes(store).length;
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (interfaces/IERC5267.sol)
pragma solidity ^0.8.0;
interface IERC5267 {
/**
* @dev MAY be emitted to signal that the domain could have changed.
*/
event EIP712DomainChanged();
/**
* @dev returns the fields and values that describe the domain separator used by this contract for EIP-712
* signature.
*/
function eip712Domain()
external
view
returns (
bytes1 fields,
string memory name,
string memory version,
uint256 chainId,
address verifyingContract,
bytes32 salt,
uint256[] memory extensions
);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (utils/math/SignedMath.sol)
pragma solidity ^0.8.0;
/**
* @dev Standard signed math utilities missing in the Solidity language.
*/
library SignedMath {
/**
* @dev Returns the largest of two signed numbers.
*/
function max(int256 a, int256 b) internal pure returns (int256) {
return a > b ? a : b;
}
/**
* @dev Returns the smallest of two signed numbers.
*/
function min(int256 a, int256 b) internal pure returns (int256) {
return a < b ? a : b;
}
/**
* @dev Returns the average of two signed numbers without overflow.
* The result is rounded towards zero.
*/
function average(int256 a, int256 b) internal pure returns (int256) {
// Formula from the book "Hacker's Delight"
int256 x = (a & b) + ((a ^ b) >> 1);
return x + (int256(uint256(x) >> 255) & (a ^ b));
}
/**
* @dev Returns the absolute unsigned value of a signed value.
*/
function abs(int256 n) internal pure returns (uint256) {
unchecked {
// must be unchecked in order to support `n = type(int256).min`
return uint256(n >= 0 ? n : -n);
}
}
}// SPDX-License-Identifier: MIT
pragma solidity >=0.8.4;
import "./SupportsInterface.sol";
abstract contract ResolverBase is SupportsInterface {
function isAuthorised(bytes32 node) internal virtual view returns(bool);
modifier authorised(bytes32 node) {
require(isAuthorised(node));
_;
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (utils/math/SignedMath.sol)
pragma solidity ^0.8.0;
/**
* @dev Standard signed math utilities missing in the Solidity language.
*/
library SignedMathUpgradeable {
/**
* @dev Returns the largest of two signed numbers.
*/
function max(int256 a, int256 b) internal pure returns (int256) {
return a > b ? a : b;
}
/**
* @dev Returns the smallest of two signed numbers.
*/
function min(int256 a, int256 b) internal pure returns (int256) {
return a < b ? a : b;
}
/**
* @dev Returns the average of two signed numbers without overflow.
* The result is rounded towards zero.
*/
function average(int256 a, int256 b) internal pure returns (int256) {
// Formula from the book "Hacker's Delight"
int256 x = (a & b) + ((a ^ b) >> 1);
return x + (int256(uint256(x) >> 255) & (a ^ b));
}
/**
* @dev Returns the absolute unsigned value of a signed value.
*/
function abs(int256 n) internal pure returns (uint256) {
unchecked {
// must be unchecked in order to support `n = type(int256).min`
return uint256(n >= 0 ? n : -n);
}
}
}// SPDX-License-Identifier: MIT
pragma solidity ^0.8.4;
import "./ISupportsInterface.sol";
abstract contract SupportsInterface is ISupportsInterface {
function supportsInterface(bytes4 interfaceID) virtual override public pure returns(bool) {
return interfaceID == type(ISupportsInterface).interfaceId;
}
}{
"remappings": [
"@clock/=lib/ve-governance/src/clock/",
"@curve/=lib/ve-governance/src/curve/",
"@delegation/=lib/ve-governance/src/delegation/",
"@escrow-interfaces/=lib/ve-governance/src/escrow/increasing/interfaces/",
"@escrow/=lib/ve-governance/src/escrow/",
"@factory/=lib/ve-governance/src/factory/",
"@foundry-upgrades/=lib/ve-governance/lib/openzeppelin-foundry-upgrades/src/",
"@helpers/=lib/ve-governance/test/helpers/",
"@interfaces/=lib/ve-governance/src/interfaces/",
"@libs/=lib/ve-governance/src/libs/",
"@lock/=lib/ve-governance/src/lock/",
"@mocks/=lib/ve-governance/test/mocks/",
"@openzeppelin/contracts-upgradeable/=lib/ve-governance/lib/openzeppelin-contracts-upgradeable/contracts/",
"@openzeppelin/contracts/=lib/ve-governance/lib/openzeppelin-contracts/contracts/",
"@queue/=lib/ve-governance/src/queue/",
"@setup/=lib/ve-governance/src/setup/",
"@solmate/=lib/ve-governance/lib/solmate/src/",
"@utils/=lib/ve-governance/src/utils/",
"@voting/=lib/ve-governance/src/voting/",
"@ve/=lib/ve-governance/src/",
"@aragon/protocol-factory/=lib/protocol-factory/",
"@openzeppelin/openzeppelin-foundry-upgrades/=lib/staged-proposal-processor-plugin/node_modules/@openzeppelin/openzeppelin-foundry-upgrades/src/",
"@ensdomains/buffer/=lib/protocol-factory/lib/buffer/",
"@ensdomains/ens-contracts/=lib/protocol-factory/lib/ens-contracts/",
"@merkl/=lib/merkl/contracts/",
"@aragon/osx-commons-contracts/=lib/osx-commons/contracts/",
"@aragon/osx/=lib/ve-governance/lib/osx/packages/contracts/src/",
"@aragon/multisig-plugin/=lib/protocol-factory/lib/multisig-plugin/packages/contracts/src/",
"@aragon/admin-plugin/=lib/protocol-factory/lib/admin-plugin/packages/contracts/src/",
"@aragon/admin/=lib/ve-governance/lib/osx/packages/contracts/src/plugins/governance/admin/",
"@aragon/multisig/=lib/ve-governance/lib/multisig-plugin/packages/contracts/",
"@aragon/staged-proposal-processor-plugin/=lib/protocol-factory/lib/staged-proposal-processor-plugin/src/",
"@aragon/token-voting-plugin/=lib/protocol-factory/lib/token-voting-plugin/src/",
"@test/=lib/ve-governance/test/",
"admin-plugin/=lib/protocol-factory/lib/admin-plugin/",
"buffer/=lib/protocol-factory/lib/buffer/contracts/",
"ds-test/=lib/ve-governance/lib/ds-test/src/",
"ens-contracts/=lib/ve-governance/lib/ens-contracts/contracts/",
"erc4626-tests/=lib/erc4626-tests/",
"forge-std/=lib/forge-std/src/",
"halmos-cheatcodes/=lib/openzeppelin-contracts-upgradeable/lib/halmos-cheatcodes/src/",
"merkl/=lib/merkl/",
"multisig-plugin/=lib/ve-governance/lib/multisig-plugin/",
"openzeppelin-contracts-upgradeable/=lib/openzeppelin-contracts-upgradeable/",
"openzeppelin-contracts/=lib/openzeppelin-contracts/",
"openzeppelin-foundry-upgrades/=lib/ve-governance/lib/openzeppelin-foundry-upgrades/src/",
"openzeppelin/=lib/ve-governance/lib/openzeppelin-contracts-upgradeable/contracts/",
"osx-commons/=lib/osx-commons/",
"osx/=lib/osx/",
"oz/=lib/merkl/node_modules/@openzeppelin/contracts/",
"plugin-version-1.3/=lib/protocol-factory/lib/token-voting-plugin/lib/plugin-version-1.3/",
"protocol-factory/=lib/protocol-factory/",
"solidity-stringutils/=lib/protocol-factory/lib/staged-proposal-processor-plugin/node_modules/solidity-stringutils/",
"solmate/=lib/ve-governance/lib/solmate/src/",
"staged-proposal-processor-plugin/=lib/protocol-factory/lib/staged-proposal-processor-plugin/src/",
"token-voting-plugin/=lib/protocol-factory/lib/token-voting-plugin/",
"utils/=lib/ve-governance/test/utils/",
"ve-governance/=lib/ve-governance/"
],
"optimizer": {
"enabled": true,
"runs": 2000
},
"metadata": {
"useLiteralContent": false,
"bytecodeHash": "none",
"appendCBOR": false
},
"outputSelection": {
"*": {
"*": [
"evm.bytecode",
"evm.deployedBytecode",
"devdoc",
"userdoc",
"metadata",
"abi"
]
}
},
"evmVersion": "cancun",
"viaIR": false
}Contract Security Audit
- No Contract Security Audit Submitted- Submit Audit Here
Contract ABI
API[{"inputs":[{"components":[{"internalType":"address","name":"daoExecutor","type":"address"},{"internalType":"string","name":"daoMetadataURI","type":"string"},{"internalType":"string","name":"daoSubdomain","type":"string"},{"internalType":"uint16","name":"minApprovals","type":"uint16"},{"internalType":"address[]","name":"multisigMembers","type":"address[]"},{"internalType":"bytes","name":"multisigMetadata","type":"bytes"},{"components":[{"internalType":"address","name":"token","type":"address"},{"internalType":"string","name":"veTokenName","type":"string"},{"internalType":"string","name":"veTokenSymbol","type":"string"}],"internalType":"struct TokenParameters[]","name":"tokenParameters","type":"tuple[]"},{"internalType":"uint16","name":"feePercent","type":"uint16"},{"internalType":"uint48","name":"cooldownPeriod","type":"uint48"},{"internalType":"uint48","name":"minLockDuration","type":"uint48"},{"internalType":"bool","name":"votingPaused","type":"bool"},{"internalType":"uint256","name":"minDeposit","type":"uint256"},{"internalType":"contract PluginRepo","name":"multisigPluginRepo","type":"address"},{"internalType":"uint8","name":"multisigPluginRelease","type":"uint8"},{"internalType":"uint16","name":"multisigPluginBuild","type":"uint16"},{"internalType":"contract GaugeVoterSetupV1_4_0","name":"voterPluginSetup","type":"address"},{"internalType":"string","name":"voterEnsSubdomain","type":"string"},{"internalType":"address","name":"osxDaoFactory","type":"address"},{"internalType":"contract PluginSetupProcessor","name":"pluginSetupProcessor","type":"address"},{"internalType":"contract PluginRepoFactory","name":"pluginRepoFactory","type":"address"}],"internalType":"struct DeploymentParameters","name":"_parameters","type":"tuple"}],"stateMutability":"nonpayable","type":"constructor"},{"inputs":[],"name":"AlreadyDeployed","type":"error"},{"inputs":[],"name":"deployOnce","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"getDeployment","outputs":[{"components":[{"internalType":"contract DAO","name":"dao","type":"address"},{"internalType":"contract Multisig","name":"multisigPlugin","type":"address"},{"components":[{"internalType":"contract AddressGaugeVoter","name":"plugin","type":"address"},{"internalType":"contract LinearIncreasingCurve","name":"curve","type":"address"},{"internalType":"contract DynamicExitQueue","name":"exitQueue","type":"address"},{"internalType":"contract VotingEscrowV1_2_0","name":"votingEscrow","type":"address"},{"internalType":"contract ClockV1_2_0","name":"clock","type":"address"},{"internalType":"contract LockV1_2_0","name":"nftLock","type":"address"},{"internalType":"contract EscrowIVotesAdapter","name":"delegationAdapter","type":"address"}],"internalType":"struct GaugePluginSet[]","name":"gaugeVoterPluginSets","type":"tuple[]"},{"internalType":"contract PluginRepo","name":"gaugeVoterPluginRepo","type":"address"}],"internalType":"struct Deployment","name":"","type":"tuple"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"getDeploymentParameters","outputs":[{"components":[{"internalType":"address","name":"daoExecutor","type":"address"},{"internalType":"string","name":"daoMetadataURI","type":"string"},{"internalType":"string","name":"daoSubdomain","type":"string"},{"internalType":"uint16","name":"minApprovals","type":"uint16"},{"internalType":"address[]","name":"multisigMembers","type":"address[]"},{"internalType":"bytes","name":"multisigMetadata","type":"bytes"},{"components":[{"internalType":"address","name":"token","type":"address"},{"internalType":"string","name":"veTokenName","type":"string"},{"internalType":"string","name":"veTokenSymbol","type":"string"}],"internalType":"struct TokenParameters[]","name":"tokenParameters","type":"tuple[]"},{"internalType":"uint16","name":"feePercent","type":"uint16"},{"internalType":"uint48","name":"cooldownPeriod","type":"uint48"},{"internalType":"uint48","name":"minLockDuration","type":"uint48"},{"internalType":"bool","name":"votingPaused","type":"bool"},{"internalType":"uint256","name":"minDeposit","type":"uint256"},{"internalType":"contract PluginRepo","name":"multisigPluginRepo","type":"address"},{"internalType":"uint8","name":"multisigPluginRelease","type":"uint8"},{"internalType":"uint16","name":"multisigPluginBuild","type":"uint16"},{"internalType":"contract GaugeVoterSetupV1_4_0","name":"voterPluginSetup","type":"address"},{"internalType":"string","name":"voterEnsSubdomain","type":"string"},{"internalType":"address","name":"osxDaoFactory","type":"address"},{"internalType":"contract PluginSetupProcessor","name":"pluginSetupProcessor","type":"address"},{"internalType":"contract PluginRepoFactory","name":"pluginRepoFactory","type":"address"}],"internalType":"struct DeploymentParameters","name":"","type":"tuple"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"version","outputs":[{"internalType":"string","name":"","type":"string"}],"stateMutability":"pure","type":"function"}]Contract Creation Code
608060405234801562000010575f80fd5b5060405162003d4638038062003d46833981016040819052620000339162000660565b60608101516003805461ffff191661ffff909216919091179055608081015180516200006891600491602090910190620002b2565b5060a08101516005906200007d90826200092e565b505f5b8160c001515181101562000125575f6006018260c001518281518110620000ab57620000ab620009fa565b6020908102919091018101518254600180820185555f94855293839020825160039092020180546001600160a01b0319166001600160a01b039092169190911781559181015190928201906200010290826200092e565b50604082015160028201906200011990826200092e565b50505060010162000080565b5060208101516001906200013a90826200092e565b5060408101516002906200014f90826200092e565b5080515f80546001600160a01b039283166001600160a01b03199182161790915561016083015160085560e0830151600780546101008601516101208701516101408801511515600160701b0260ff60701b1965ffffffffffff92831668010000000000000000021666ffffffffffffff60401b199290931662010000026001600160401b031990941661ffff96871617939093171617179055610180840151600980546101a08701516101c0880151909416600160a81b0261ffff60a81b1960ff95909516600160a01b026001600160a81b03199092169387169390931717929092161790556101e0830151600a8054919093169116179055610200810151600b906200025e90826200092e565b50610220810151600c80546001600160a01b03199081166001600160a01b0393841617909155610240830151600d8054831691841691909117905561026090920151600e8054909316911617905562000a0e565b828054828255905f5260205f2090810192821562000308579160200282015b828111156200030857825182546001600160a01b0319166001600160a01b03909116178255602090920191600190910190620002d1565b50620003169291506200031a565b5090565b5b8082111562000316575f81556001016200031b565b634e487b7160e01b5f52604160045260245ffd5b604051606081016001600160401b038111828210171562000369576200036962000330565b60405290565b60405161028081016001600160401b038111828210171562000369576200036962000330565b604051601f8201601f191681016001600160401b0381118282101715620003c057620003c062000330565b604052919050565b6001600160a01b0381168114620003dd575f80fd5b50565b8051620003ed81620003c8565b919050565b5f82601f83011262000402575f80fd5b81516001600160401b038111156200041e576200041e62000330565b602062000434601f8301601f1916820162000395565b828152858284870101111562000448575f80fd5b5f5b83811015620004675785810183015182820184015282016200044a565b505f928101909101919091529392505050565b805161ffff81168114620003ed575f80fd5b5f6001600160401b03821115620004a757620004a762000330565b5060051b60200190565b5f82601f830112620004c1575f80fd5b81516020620004da620004d4836200048c565b62000395565b8083825260208201915060208460051b870101935086841115620004fc575f80fd5b602086015b84811015620005255780516200051781620003c8565b835291830191830162000501565b509695505050505050565b5f82601f83011262000540575f80fd5b8151602062000553620004d4836200048c565b82815260059290921b8401810191818101908684111562000572575f80fd5b8286015b84811015620005255780516001600160401b038082111562000596575f80fd5b908801906060828b03601f1901811315620005af575f80fd5b620005b962000344565b87840151620005c881620003c8565b815260408481015184811115620005dd575f80fd5b620005ed8e8b83890101620003f2565b838b01525091840151918383111562000604575f80fd5b620006148d8a85880101620003f2565b90820152865250505091830191830162000576565b805165ffffffffffff81168114620003ed575f80fd5b80518015158114620003ed575f80fd5b805160ff81168114620003ed575f80fd5b5f6020828403121562000671575f80fd5b81516001600160401b038082111562000688575f80fd5b9083019061028082860312156200069d575f80fd5b620006a76200036f565b620006b283620003e0565b8152602083015182811115620006c6575f80fd5b620006d487828601620003f2565b602083015250604083015182811115620006ec575f80fd5b620006fa87828601620003f2565b6040830152506200070e606084016200047a565b606082015260808301518281111562000725575f80fd5b6200073387828601620004b1565b60808301525060a0830151828111156200074b575f80fd5b6200075987828601620003f2565b60a08301525060c08301518281111562000771575f80fd5b6200077f8782860162000530565b60c0830152506200079360e084016200047a565b60e0820152610100620007a881850162000629565b90820152610120620007bc84820162000629565b90820152610140620007d08482016200063f565b908201526101608381015190820152610180620007ef818501620003e0565b908201526101a0620008038482016200064f565b908201526101c0620008178482016200047a565b908201526101e06200082b848201620003e0565b90820152610200838101518381111562000843575f80fd5b6200085188828701620003f2565b828401525050610220915062000869828401620003e0565b8282015261024091506200087f828401620003e0565b82820152610260915062000895828401620003e0565b91810191909152949350505050565b600181811c90821680620008b957607f821691505b602082108103620008d857634e487b7160e01b5f52602260045260245ffd5b50919050565b601f8211156200092957805f5260205f20601f840160051c81016020851015620009055750805b601f840160051c820191505b8181101562000926575f815560010162000911565b50505b505050565b81516001600160401b038111156200094a576200094a62000330565b62000962816200095b8454620008a4565b84620008de565b602080601f83116001811462000998575f8415620009805750858301515b5f19600386901b1c1916600185901b178555620009f2565b5f85815260208120601f198616915b82811015620009c857888601518255948401946001909101908401620009a7565b5085821015620009e657878501515f19600388901b60f8161c191681555b505060018460011b0185555b505050505050565b634e487b7160e01b5f52603260045260245ffd5b61332a8062000a1c5f395ff3fe608060405234801561000f575f80fd5b506004361061004a575f3560e01c80630a2af15c1461004e57806332fe2aff1461005857806354fd4d50146100765780638011e1fd146100b5575b5f80fd5b6100566100ca565b005b6100606105da565b60405161006d9190612493565b60405180910390f35b604080518082018252600581527f312e342e300000000000000000000000000000000000000000000000000000006020820152905161006d91906126a6565b6100bd610bcf565b60405161006d91906126bf565b600f546001600160a01b03161561010d576040517fa6ef0ba100000000000000000000000000000000000000000000000000000000815260040160405180910390fd5b5f610116610ce2565b600f805473ffffffffffffffffffffffffffffffffffffffff19166001600160a01b0383161790559050610149816112ad565b60408051808201909152606080825260208201526040805180820190915260095474010000000000000000000000000000000000000000810460ff1682527501000000000000000000000000000000000000000000900461ffff1660208201526101b3838261148e565b6010805473ffffffffffffffffffffffffffffffffffffffff19166001600160a01b039384169081179091556009549194506101f39286921684866115c6565b505060408051808201909152606080825260208201526040805180820182526001808252602080830191909152825160e0810184525f808252918101829052928301819052606083018190526080830181905260a0830181905260c0830152905f61025d85611675565b90505f5b6006548110156105b4576103da865f60060183815481106102845761028461279e565b5f918252602091829020604080516060810190915260039092020180546001600160a01b0316825260018101805492939192918401916102c3906127b2565b80601f01602080910402602001604051908101604052809291908181526020018280546102ef906127b2565b801561033a5780601f106103115761010080835404028352916020019161033a565b820191905f5260205f20905b81548152906001019060200180831161031d57829003601f168201915b50505050508152602001600282018054610353906127b2565b80601f016020809104026020016040519081016040528092919081815260200182805461037f906127b2565b80156103ca5780601f106103a1576101008083540402835291602001916103ca565b820191905f5260205f20905b8154815290600101906020018083116103ad57829003601f168201915b505050505081525050848761170e565b6012805473ffffffffffffffffffffffffffffffffffffffff199081166001600160a01b03948516178255601180546001810182555f9190915285517f31ecc21a745e3968a04e9570e4425bc18fa8019c68028196b546d1669c200c6860079092029182018054841682881617905560208701517f31ecc21a745e3968a04e9570e4425bc18fa8019c68028196b546d1669c200c6983018054851691881691909117905560408701517f31ecc21a745e3968a04e9570e4425bc18fa8019c68028196b546d1669c200c6a83018054851691881691909117905560608701517f31ecc21a745e3968a04e9570e4425bc18fa8019c68028196b546d1669c200c6b83018054851691881691909117905560808701517f31ecc21a745e3968a04e9570e4425bc18fa8019c68028196b546d1669c200c6c83018054851691881691909117905560a08701517f31ecc21a745e3968a04e9570e4425bc18fa8019c68028196b546d1669c200c6d83018054851691881691909117905560c08701517f31ecc21a745e3968a04e9570e4425bc18fa8019c68028196b546d1669c200c6e90920180549093169186169190911790915590549198509295506105a292899290911687896115c6565b6105ac8684611c1b565b600101610261565b50505050506105c2816120cd565b600f546105d7906001600160a01b0316612224565b50565b60408051610280810182525f8082526060602083018190529282018390528282018190526080820183905260a0820183905260c0820183905260e08201819052610100820181905261012082018190526101408201819052610160820181905261018082018190526101a082018190526101c082018190526101e08201819052610200820192909252610220810182905261024081018290526102608101919091526040805161028081019091525f80546001600160a01b03168252600180546020840191906106a9906127b2565b80601f01602080910402602001604051908101604052809291908181526020018280546106d5906127b2565b80156107205780601f106106f757610100808354040283529160200191610720565b820191905f5260205f20905b81548152906001019060200180831161070357829003601f168201915b50505050508152602001600282018054610739906127b2565b80601f0160208091040260200160405190810160405280929190818152602001828054610765906127b2565b80156107b05780601f10610787576101008083540402835291602001916107b0565b820191905f5260205f20905b81548152906001019060200180831161079357829003601f168201915b5050509183525050600382015461ffff16602080830191909152600483018054604080518285028101850182528281529401939283018282801561081b57602002820191905f5260205f20905b81546001600160a01b031681526001909101906020018083116107fd575b50505050508152602001600582018054610834906127b2565b80601f0160208091040260200160405190810160405280929190818152602001828054610860906127b2565b80156108ab5780601f10610882576101008083540402835291602001916108ab565b820191905f5260205f20905b81548152906001019060200180831161088e57829003601f168201915b5050505050815260200160068201805480602002602001604051908101604052809291908181526020015f905b82821015610a3f575f84815260209081902060408051606081019091526003850290910180546001600160a01b031682526001810180549293919291840191610920906127b2565b80601f016020809104026020016040519081016040528092919081815260200182805461094c906127b2565b80156109975780601f1061096e57610100808354040283529160200191610997565b820191905f5260205f20905b81548152906001019060200180831161097a57829003601f168201915b505050505081526020016002820180546109b0906127b2565b80601f01602080910402602001604051908101604052809291908181526020018280546109dc906127b2565b8015610a275780601f106109fe57610100808354040283529160200191610a27565b820191905f5260205f20905b815481529060010190602001808311610a0a57829003601f168201915b505050505081525050815260200190600101906108d8565b50505090825250600782015461ffff808216602084015265ffffffffffff6201000083048116604085015268010000000000000000830416606084015260ff6e010000000000000000000000000000909204821615156080840152600884015460a084015260098401546001600160a01b0380821660c086015274010000000000000000000000000000000000000000820490931660e08501527501000000000000000000000000000000000000000000900416610100830152600a83015416610120820152600b8201805461014090920191610b1b906127b2565b80601f0160208091040260200160405190810160405280929190818152602001828054610b47906127b2565b8015610b925780601f10610b6957610100808354040283529160200191610b92565b820191905f5260205f20905b815481529060010190602001808311610b7557829003601f168201915b5050509183525050600c8201546001600160a01b039081166020830152600d83015481166040830152600e90920154909116606090910152919050565b60408051608080820183525f80835260208084018290526060848601819052840182905284519283018552600f80546001600160a01b039081168552601054168483015260118054875181850281018501895281815296979596929587019492939192909184015b82821015610cc0575f8481526020908190206040805160e0810182526007860290920180546001600160a01b03908116845260018083015482168587015260028301548216938501939093526003820154811660608501526004820154811660808501526005820154811660a08501526006909101541660c08301529083529092019101610c37565b50505090825250600391909101546001600160a01b0316602090910152919050565b5f8060405180608001604052805f6001600160a01b0316815260200160405180602001604052805f81525081526020015f6002018054610d21906127b2565b80601f0160208091040260200160405190810160405280929190818152602001828054610d4d906127b2565b8015610d985780601f10610d6f57610100808354040283529160200191610d98565b820191905f5260205f20905b815481529060010190602001808311610d7b57829003601f168201915b505050505081526020015f6001018054610db1906127b2565b80601f0160208091040260200160405190810160405280929190818152602001828054610ddd906127b2565b8015610e285780601f10610dff57610100808354040283529160200191610e28565b820191905f5260205f20905b815481529060010190602001808311610e0b57829003601f168201915b505050919092525050600c549091506001600160a01b031663b5568838825f604051908082528060200260200182016040528015610eaf57816020015b610e9c6040805160c0810182525f6080820181815260a0830182905292820192835260608201529081908152602001606081525090565b815260200190600190039081610e655790505b506040518363ffffffff1660e01b8152600401610ecd929190612849565b5f604051808303815f875af1158015610ee8573d5f803e3d5ffd5b505050506040513d5f823e601f3d908101601f19168201604052610f0f9190810190612b6f565b505f80549193506001600160a01b03909116908115610f2f576002610f32565b60015b60ff1667ffffffffffffffff811115610f4d57610f4d6127ea565b604051908082528060200260200182016040528015610f9957816020015b60408051606080820183525f808352602083015291810191909152815260200190600190039081610f6b5790505b50905083815f81518110610faf57610faf61279e565b60200260200101515f01906001600160a01b031690816001600160a01b0316815250508330856001600160a01b03166309e56b146040518163ffffffff1660e01b8152600401602060405180830381865afa158015611010573d5f803e3d5ffd5b505050506040513d601f19601f820116820180604052508101906110349190612c72565b6040516001600160a01b039384166024820152929091166044830152606482015260840160408051601f198184030181529190526020810180517bffffffffffffffffffffffffffffffffffffffffffffffffffffffff167fd68bad2c00000000000000000000000000000000000000000000000000000000179052815182905f906110c2576110c261279e565b6020908102919091010151604001526001600160a01b0382161561121a5783816001815181106110f4576110f461279e565b60200260200101515f01906001600160a01b031690816001600160a01b0316815250508382856001600160a01b0316630729d0546040518163ffffffff1660e01b8152600401602060405180830381865afa158015611155573d5f803e3d5ffd5b505050506040513d601f19601f820116820180604052508101906111799190612c72565b6040516001600160a01b039384166024820152929091166044830152606482015260840160408051601f198184030181529190526020810180517bffffffffffffffffffffffffffffffffffffffffffffffffffffffff167fd68bad2c0000000000000000000000000000000000000000000000000000000017905281518290600190811061120a5761120a61279e565b6020026020010151604001819052505b6040517fc71bf3240000000000000000000000000000000000000000000000000000000081526001600160a01b0385169063c71bf32490611263905f9085908290600401612c89565b5f604051808303815f875af115801561127e573d5f803e3d5ffd5b505050506040513d5f823e601f3d908101601f191682016040526112a59190810190612d9f565b505050505090565b806001600160a01b031663d68bad2c825f600d015f9054906101000a90046001600160a01b0316846001600160a01b03166309e56b146040518163ffffffff1660e01b8152600401602060405180830381865afa158015611310573d5f803e3d5ffd5b505050506040513d601f19601f820116820180604052508101906113349190612c72565b6040516001600160e01b031960e086901b1681526001600160a01b03938416600482015292909116602483015260448201526064015f604051808303815f87803b158015611380575f80fd5b505af1158015611392573d5f803e3d5ffd5b5050600d54604080517f747e5ec100000000000000000000000000000000000000000000000000000000815290516001600160a01b03868116955063d68bad2c9450909216913091839163747e5ec1916004808201926020929091908290030181865afa158015611405573d5f803e3d5ffd5b505050506040513d601f19601f820116820180604052508101906114299190612c72565b6040516001600160e01b031960e086901b1681526001600160a01b03938416600482015292909116602483015260448201526064015f604051808303815f87803b158015611475575f80fd5b505af1158015611487573d5f803e3d5ffd5b5050505050565b5f6114ac604051806040016040528060608152602001606081525090565b6040805180820182526001815260035461ffff16602080830191909152825180840184526001600160a01b03881681525f81830181905293516114f89360049390929160059101612f50565b60408051601f19818403018152600d546080840183528383018881526009546001600160a01b0390811660608701529085526020850183905292517f3c8c01d10000000000000000000000000000000000000000000000000000000081529194505f93849390911691633c8c01d191611576918b9190600401612fdc565b5f604051808303815f875af1158015611591573d5f803e3d5ffd5b505050506040513d5f823e601f3d908101601f191682016040526115b89190810190612ffd565b909890975095505050505050565b600d546040805160c081018252608081018581526001600160a01b0387811660a0840152908252878116602080840191909152850151928201929092528351919092169163fe6c347491889190606082019061162190612344565b8152506040518363ffffffff1660e01b815260040161164192919061304b565b5f604051808303815f87803b158015611658575f80fd5b505af115801561166a573d5f803e3d5ffd5b505050505050505050565b600e54600a546040517f7bd3e8ac0000000000000000000000000000000000000000000000000000000081525f926001600160a01b0390811692637bd3e8ac926116c892600b9216908790600401613140565b6020604051808303815f875af11580156116e4573d5f803e3d5ffd5b505050506040513d601f19601f8201168201806040525081019061170891906131e7565b92915050565b6040805160e0810182525f808252602080830182905282840182905260608084018390526080840183905260a0840183905260c084018390528451808601909552808552908401529091600a54604080516101008101825260075460ff6e0100000000000000000000000000008204161515825260208a81015190830152898301518284015289516001600160a01b039081166060840152600854608084015261ffff821660a084015265ffffffffffff620100008304811660c08501526801000000000000000090920490911660e083015291517f9d3016a80000000000000000000000000000000000000000000000000000000081525f939290921691639d3016a89161181f91600401613202565b5f60405180830381865afa158015611839573d5f803e3d5ffd5b505050506040513d5f823e601f3d908101601f1916820160405261186091908101906132ac565b600d54604080516080810182528082018981526001600160a01b038b811660608401529082526020820185905291517f3c8c01d10000000000000000000000000000000000000000000000000000000081529394505f9384939290921691633c8c01d1916118d3918e9190600401612fdc565b5f604051808303815f875af11580156118ee573d5f803e3d5ffd5b505050506040513d5f823e601f3d908101601f191682016040526119159190810190612ffd565b915091505f815f015190505f6040518060e00160405280856001600160a01b03168152602001835f8151811061194d5761194d61279e565b60200260200101516001600160a01b03168152602001836001815181106119765761197661279e565b60200260200101516001600160a01b031681526020018360028151811061199f5761199f61279e565b60200260200101516001600160a01b03168152602001836003815181106119c8576119c861279e565b60200260200101516001600160a01b03168152602001836004815181106119f1576119f161279e565b60200260200101516001600160a01b0316815260200183600581518110611a1a57611a1a61279e565b60209081029190910101516001600160a01b039081169091526040805163071d217160e01b8152600160048201526024810191909152600660448201527f6761756765310000000000000000000000000000000000000000000000000000606482015291925085169063071d2171906084016020604051808303815f875af1158015611aa8573d5f803e3d5ffd5b505050506040513d601f19601f82011682018060405250810190611acc91906131e7565b506040805163071d217160e01b8152600260048201526024810191909152600660448201527f676175676532000000000000000000000000000000000000000000000000000060648201526001600160a01b0385169063071d2171906084016020604051808303815f875af1158015611b47573d5f803e3d5ffd5b505050506040513d601f19601f82011682018060405250810190611b6b91906131e7565b506040805163071d217160e01b8152600360048201526024810191909152600660448201527f676175676533000000000000000000000000000000000000000000000000000060648201526001600160a01b0385169063071d2171906084016020604051808303815f875af1158015611be6573d5f803e3d5ffd5b505050506040513d601f19601f82011682018060405250810190611c0a91906131e7565b509b989a5090985050505050505050565b816001600160a01b031663d68bad2c82606001513084606001516001600160a01b0316636e61462a6040518163ffffffff1660e01b8152600401602060405180830381865afa158015611c70573d5f803e3d5ffd5b505050506040513d601f19601f82011682018060405250810190611c949190612c72565b6040516001600160e01b031960e086901b1681526001600160a01b03938416600482015292909116602483015260448201526064015f604051808303815f87803b158015611ce0575f80fd5b505af1158015611cf2573d5f803e3d5ffd5b505050606082015160208301516040517f48dc9d2b0000000000000000000000000000000000000000000000000000000081526001600160a01b039182166004820152911691506348dc9d2b906024015f604051808303815f87803b158015611d59575f80fd5b505af1158015611d6b573d5f803e3d5ffd5b505050606082015160408084015190517ff3ee7e2c0000000000000000000000000000000000000000000000000000000081526001600160a01b0391821660048201529116915063f3ee7e2c906024015f604051808303815f87803b158015611dd2575f80fd5b505af1158015611de4573d5f803e3d5ffd5b50505050606081015181516040517f4bc2a6570000000000000000000000000000000000000000000000000000000081526001600160a01b039182166004820152911690634bc2a657906024015f604051808303815f87803b158015611e48575f80fd5b505af1158015611e5a573d5f803e3d5ffd5b505050606082015160a08301516040517f6e7b14450000000000000000000000000000000000000000000000000000000081526001600160a01b03918216600482015291169150636e7b1445906024015f604051808303815f87803b158015611ec1575f80fd5b505af1158015611ed3573d5f803e3d5ffd5b5050505080606001516001600160a01b031663abdb84e75f6006015f81548110611eff57611eff61279e565b5f91825260209091206003909102015460405160e083901b6001600160e01b03191681526001600160a01b0390911660048201526024015f604051808303815f87803b158015611f4d575f80fd5b505af1158015611f5f573d5f803e3d5ffd5b50505050805f01516001600160a01b031663abdb84e75f6006015f81548110611f8a57611f8a61279e565b5f91825260209091206003909102015460405160e083901b6001600160e01b03191681526001600160a01b0390911660048201526024015f604051808303815f87803b158015611fd8575f80fd5b505af1158015611fea573d5f803e3d5ffd5b50505050816001600160a01b031663d96054c482606001513084606001516001600160a01b0316636e61462a6040518163ffffffff1660e01b8152600401602060405180830381865afa158015612043573d5f803e3d5ffd5b505050506040513d601f19601f820116820180604052508101906120679190612c72565b6040516001600160e01b031960e086901b1681526001600160a01b03938416600482015292909116602483015260448201526064015f604051808303815f87803b1580156120b3575f80fd5b505af11580156120c5573d5f803e3d5ffd5b505050505050565b600d54604080517f747e5ec100000000000000000000000000000000000000000000000000000000815290516001600160a01b038085169363d96054c4939116913091839163747e5ec1916004808201926020929091908290030181865afa15801561213b573d5f803e3d5ffd5b505050506040513d601f19601f8201168201806040525081019061215f9190612c72565b6040516001600160e01b031960e086901b1681526001600160a01b03938416600482015292909116602483015260448201526064015f604051808303815f87803b1580156121ab575f80fd5b505af11580156121bd573d5f803e3d5ffd5b50505050806001600160a01b031663d96054c4825f600d015f9054906101000a90046001600160a01b0316846001600160a01b03166309e56b146040518163ffffffff1660e01b8152600401602060405180830381865afa158015611405573d5f803e3d5ffd5b806001600160a01b031663d96054c48230846001600160a01b0316630729d0546040518163ffffffff1660e01b8152600401602060405180830381865afa158015612271573d5f803e3d5ffd5b505050506040513d601f19601f820116820180604052508101906122959190612c72565b6040516001600160e01b031960e086901b1681526001600160a01b03938416600482015292909116602483015260448201526064015f604051808303815f87803b1580156122e1575f80fd5b505af11580156122f3573d5f803e3d5ffd5b50505050806001600160a01b031663d96054c48230846001600160a01b03166309e56b146040518163ffffffff1660e01b8152600401602060405180830381865afa158015611405573d5f803e3d5ffd5b5f8160405160200161235691906132de565b604051602081830303815290604052805190602001209050919050565b5f5b8381101561238d578181015183820152602001612375565b50505f910152565b5f81518084526123ac816020860160208601612373565b601f01601f19169290920160200192915050565b5f815180845260208085019450602084015f5b838110156123f85781516001600160a01b0316875295820195908201906001016123d3565b509495945050505050565b5f82825180855260208086019550808260051b8401018186015f5b8481101561248657601f19868403018952815160606001600160a01b03825116855285820151818787015261245582870182612395565b915050604080830151925085820381870152506124728183612395565b9a86019a945050509083019060010161241e565b5090979650505050505050565b602081526124ad6020820183516001600160a01b03169052565b5f60208301516102808060408501526124ca6102a0850183612395565b91506040850151601f19808685030160608701526124e88483612395565b935060608701519150612501608087018361ffff169052565b60808701519150808685030160a087015261251c84836123c0565b935060a08701519150808685030160c08701526125398483612395565b935060c08701519150808685030160e08701526125568483612403565b935060e087015191506101006125718188018461ffff169052565b870151915061012061258c8782018465ffffffffffff169052565b87015191506101406125a78782018465ffffffffffff169052565b87015191506101606125bc8782018415159052565b8701516101808781019190915287015191506101a06125e5818801846001600160a01b03169052565b87015191506101c06125fb8782018460ff169052565b87015191506101e06126128782018461ffff169052565b870151915061020061262e878201846001600160a01b03169052565b8088015192505061022081878603018188015261264b8584612395565b9450808801519250505061024061266c818701836001600160a01b03169052565b8601519050610260612688868201836001600160a01b03169052565b8601516001600160a01b0381168387015290505b5090949350505050565b602081525f6126b86020830184612395565b9392505050565b5f602080835260a08084016001600160a01b03808751168487015283870151604082821660408901526040890151915060806060608060608b015285845180885260c0975060c08c01915089860195505f5b818110156127775786518051891684528b81015189168c8501528681015189168785015284810151891685850152858101516001600160a01b03908116878601528b82015181168c860152908a01511689840152958a019560e090920191600101612711565b505060608c01516001600160a01b03811660808d015298509b9a5050505050505050505050565b634e487b7160e01b5f52603260045260245ffd5b600181811c908216806127c657607f821691505b6020821081036127e457634e487b7160e01b5f52602260045260245ffd5b50919050565b634e487b7160e01b5f52604160045260245ffd5b80518051805160ff16845260209081015161ffff168185015201516001600160a01b031660408301525f6020820151608060608501526128416080850182612395565b949350505050565b604081526001600160a01b0383511660408201525f6020808501516080606085015261287860c0850182612395565b905060408601517fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc0808684030160808701526128b48383612395565b925060608801519150808684030160a0870152506128d28282612395565b915050838103828501528085518083528383019150838160051b8401018488015f5b8381101561292257601f198684030185526129108383516127fe565b948701949250908601906001016128f4565b50909998505050505050505050565b6001600160a01b03811681146105d7575f80fd5b60405160a0810167ffffffffffffffff81118282101715612968576129686127ea565b60405290565b6040805190810167ffffffffffffffff81118282101715612968576129686127ea565b604051601f8201601f1916810167ffffffffffffffff811182821017156129ba576129ba6127ea565b604052919050565b5f67ffffffffffffffff8211156129db576129db6127ea565b5060051b60200190565b5f82601f8301126129f4575f80fd5b81516020612a09612a04836129c2565b612991565b82815260a09283028501820192828201919087851115612a27575f80fd5b8387015b858110156124865781818a031215612a41575f80fd5b612a49612945565b815160038110612a57575f80fd5b815281860151612a6681612931565b81870152604082810151612a7981612931565b90820152606082810151612a8c81612931565b90820152608082810151908201528452928401928101612a2b565b5f60408284031215612ab7575f80fd5b612abf61296e565b9050815167ffffffffffffffff80821115612ad8575f80fd5b818401915084601f830112612aeb575f80fd5b81516020612afb612a04836129c2565b82815260059290921b84018101918181019088841115612b19575f80fd5b948201945b83861015612b40578551612b3181612931565b82529482019490820190612b1e565b86525085810151935082841115612b55575f80fd5b612b61878588016129e5565b818601525050505092915050565b5f806040808486031215612b81575f80fd5b8351612b8c81612931565b8093505060208085015167ffffffffffffffff80821115612bab575f80fd5b818701915087601f830112612bbe575f80fd5b8151612bcc612a04826129c2565b81815260059190911b8301840190848101908a831115612bea575f80fd5b8585015b83811015612c6057805185811115612c04575f80fd5b8601808d03601f1901891315612c18575f80fd5b612c2061296e565b88820151612c2d81612931565b8152818a015187811115612c3f575f80fd5b612c4d8f8b83860101612aa7565b828b015250845250918601918601612bee565b50809750505050505050509250929050565b5f60208284031215612c82575f80fd5b5051919050565b5f6060808301868452602060608186015281875180845260808701915060808160051b88010193508289015f5b82811015612d27578886037fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff80018452815180516001600160a01b031687528581015186880152604090810151908701889052612d1488880182612395565b9650509284019290840190600101612cb6565b505050505060409390930193909352509392505050565b5f82601f830112612d4d575f80fd5b815167ffffffffffffffff811115612d6757612d676127ea565b612d7a6020601f19601f84011601612991565b818152846020838601011115612d8e575f80fd5b612841826020830160208701612373565b5f8060408385031215612db0575f80fd5b825167ffffffffffffffff80821115612dc7575f80fd5b818501915085601f830112612dda575f80fd5b81516020612dea612a04836129c2565b82815260059290921b84018101918181019089841115612e08575f80fd5b8286015b84811015612e3e57805186811115612e22575f80fd5b612e308c86838b0101612d3e565b845250918301918301612e0c565b5097909101519698969750505050505050565b634e487b7160e01b5f52602160045260245ffd5b6001600160a01b038151168252602081015160028110612e8757612e87612e51565b806020840152505050565b80545f90600181811c9080831680612eab57607f831692505b60208084108203612eca57634e487b7160e01b5f52602260045260245ffd5b838852818015612ee15760018114612f1957612f44565b7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff008616828a01528185151560051b8a01019650612f44565b875f52815f205f5b86811015612f3c5781548b8201850152908501908301612f21565b8a0183019750505b50505050505092915050565b5f60c0820160c0835280875480835260e085019150885f526020925060205f205f5b82811015612f975781546001600160a01b031684529284019260019182019101612f72565b50505086511515602085015261ffff6020880151166040850152612fbe6060850187612e65565b83810360a0850152612fd08186612e92565b98975050505050505050565b6001600160a01b0383168152604060208201525f61284160408301846127fe565b5f806040838503121561300e575f80fd5b825161301981612931565b602084015190925067ffffffffffffffff811115613035575f80fd5b61304185828601612aa7565b9150509250929050565b5f60406001600160a01b0380861684526020604081860152610100850161309b6040870188518051805160ff16835260209081015161ffff168184015201516001600160a01b0316604090910152565b86820151831660a087810191909152604088015160c0808901528051928390528301915f91906101208901905b808410156131245784518051600381106130e4576130e4612e51565b83528087015188168784015288810151881689840152606080820151891690840152608090810151908301529385019360019390930192908201906130c8565b5060608a015160e08a0152809750505050505050509392505050565b60a081525f61315260a0830186612e92565b6001600160a01b0385811660208501528416604084015282810360608401526131a581600181527f2000000000000000000000000000000000000000000000000000000000000000602082015260400190565b8381036080850152600181527f200000000000000000000000000000000000000000000000000000000000000060208201529050604081019695505050505050565b5f602082840312156131f7575f80fd5b81516126b881612931565b602081528151151560208201525f602083015161010080604085015261322c610120850183612395565b91506040850151601f198584030160608601526132498382612395565b925050606085015161326660808601826001600160a01b03169052565b50608085015160a085015260a085015160c085015260c085015161329460e086018265ffffffffffff169052565b5060e085015165ffffffffffff81168583015261269c565b5f602082840312156132bc575f80fd5b815167ffffffffffffffff8111156132d2575f80fd5b61284184828501612d3e565b602080825282518282018190525f9190848201906040850190845b8181101561331e5783516001600160a01b0316835292840192918401916001016132f9565b5090969550505050505056000000000000000000000000000000000000000000000000000000000000002000000000000000000000000063d10e32e7f94d9a2ada1a5c7db3a39f16d24efc000000000000000000000000000000000000000000000000000000000000028000000000000000000000000000000000000000000000000000000000000002a0000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000002c0000000000000000000000000000000000000000000000000000000000000036000000000000000000000000000000000000000000000000000000000000003a0000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000008e1accd0b87dbc8a9bf39120b03dec1d5f945ed100000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000003000000000000000000000000a9034914e2c16c8463453dc87caff4baf51bf13100000000000000000000000000000000000000000000000000000000000004c000000000000000000000000057c52ed735cc678936278b88b5abcb916b9e201b0000000000000000000000006240e3afa085b8393eb072911f3d65ef080b6bef000000000000000000000000ba428e29900dae3854b9383613580bf7113cba390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000008bf0280b2557b98532ec21e6c070dba1bfaadbf2000000000000000000000000e96a819b77a0d54ec5773f079fe5e2a3d84995fc000000000000000000000000c1d60f584879f024299da0f19cdb47b931e35b5300000000000000000000000033333333333333333333333333333333333333330000000000000000000000000000000000000000000000000000000000000007697066733a2f2f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000020000000000000000000000000bf40f01a934f98ea36843f781b11c7584e7fb895000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000a564520546f6b656e20310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000057665544b31000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f626c6178626c7578746573743132380000000000000000000000000000000000
Deployed Bytecode
0x608060405234801561000f575f80fd5b506004361061004a575f3560e01c80630a2af15c1461004e57806332fe2aff1461005857806354fd4d50146100765780638011e1fd146100b5575b5f80fd5b6100566100ca565b005b6100606105da565b60405161006d9190612493565b60405180910390f35b604080518082018252600581527f312e342e300000000000000000000000000000000000000000000000000000006020820152905161006d91906126a6565b6100bd610bcf565b60405161006d91906126bf565b600f546001600160a01b03161561010d576040517fa6ef0ba100000000000000000000000000000000000000000000000000000000815260040160405180910390fd5b5f610116610ce2565b600f805473ffffffffffffffffffffffffffffffffffffffff19166001600160a01b0383161790559050610149816112ad565b60408051808201909152606080825260208201526040805180820190915260095474010000000000000000000000000000000000000000810460ff1682527501000000000000000000000000000000000000000000900461ffff1660208201526101b3838261148e565b6010805473ffffffffffffffffffffffffffffffffffffffff19166001600160a01b039384169081179091556009549194506101f39286921684866115c6565b505060408051808201909152606080825260208201526040805180820182526001808252602080830191909152825160e0810184525f808252918101829052928301819052606083018190526080830181905260a0830181905260c0830152905f61025d85611675565b90505f5b6006548110156105b4576103da865f60060183815481106102845761028461279e565b5f918252602091829020604080516060810190915260039092020180546001600160a01b0316825260018101805492939192918401916102c3906127b2565b80601f01602080910402602001604051908101604052809291908181526020018280546102ef906127b2565b801561033a5780601f106103115761010080835404028352916020019161033a565b820191905f5260205f20905b81548152906001019060200180831161031d57829003601f168201915b50505050508152602001600282018054610353906127b2565b80601f016020809104026020016040519081016040528092919081815260200182805461037f906127b2565b80156103ca5780601f106103a1576101008083540402835291602001916103ca565b820191905f5260205f20905b8154815290600101906020018083116103ad57829003601f168201915b505050505081525050848761170e565b6012805473ffffffffffffffffffffffffffffffffffffffff199081166001600160a01b03948516178255601180546001810182555f9190915285517f31ecc21a745e3968a04e9570e4425bc18fa8019c68028196b546d1669c200c6860079092029182018054841682881617905560208701517f31ecc21a745e3968a04e9570e4425bc18fa8019c68028196b546d1669c200c6983018054851691881691909117905560408701517f31ecc21a745e3968a04e9570e4425bc18fa8019c68028196b546d1669c200c6a83018054851691881691909117905560608701517f31ecc21a745e3968a04e9570e4425bc18fa8019c68028196b546d1669c200c6b83018054851691881691909117905560808701517f31ecc21a745e3968a04e9570e4425bc18fa8019c68028196b546d1669c200c6c83018054851691881691909117905560a08701517f31ecc21a745e3968a04e9570e4425bc18fa8019c68028196b546d1669c200c6d83018054851691881691909117905560c08701517f31ecc21a745e3968a04e9570e4425bc18fa8019c68028196b546d1669c200c6e90920180549093169186169190911790915590549198509295506105a292899290911687896115c6565b6105ac8684611c1b565b600101610261565b50505050506105c2816120cd565b600f546105d7906001600160a01b0316612224565b50565b60408051610280810182525f8082526060602083018190529282018390528282018190526080820183905260a0820183905260c0820183905260e08201819052610100820181905261012082018190526101408201819052610160820181905261018082018190526101a082018190526101c082018190526101e08201819052610200820192909252610220810182905261024081018290526102608101919091526040805161028081019091525f80546001600160a01b03168252600180546020840191906106a9906127b2565b80601f01602080910402602001604051908101604052809291908181526020018280546106d5906127b2565b80156107205780601f106106f757610100808354040283529160200191610720565b820191905f5260205f20905b81548152906001019060200180831161070357829003601f168201915b50505050508152602001600282018054610739906127b2565b80601f0160208091040260200160405190810160405280929190818152602001828054610765906127b2565b80156107b05780601f10610787576101008083540402835291602001916107b0565b820191905f5260205f20905b81548152906001019060200180831161079357829003601f168201915b5050509183525050600382015461ffff16602080830191909152600483018054604080518285028101850182528281529401939283018282801561081b57602002820191905f5260205f20905b81546001600160a01b031681526001909101906020018083116107fd575b50505050508152602001600582018054610834906127b2565b80601f0160208091040260200160405190810160405280929190818152602001828054610860906127b2565b80156108ab5780601f10610882576101008083540402835291602001916108ab565b820191905f5260205f20905b81548152906001019060200180831161088e57829003601f168201915b5050505050815260200160068201805480602002602001604051908101604052809291908181526020015f905b82821015610a3f575f84815260209081902060408051606081019091526003850290910180546001600160a01b031682526001810180549293919291840191610920906127b2565b80601f016020809104026020016040519081016040528092919081815260200182805461094c906127b2565b80156109975780601f1061096e57610100808354040283529160200191610997565b820191905f5260205f20905b81548152906001019060200180831161097a57829003601f168201915b505050505081526020016002820180546109b0906127b2565b80601f01602080910402602001604051908101604052809291908181526020018280546109dc906127b2565b8015610a275780601f106109fe57610100808354040283529160200191610a27565b820191905f5260205f20905b815481529060010190602001808311610a0a57829003601f168201915b505050505081525050815260200190600101906108d8565b50505090825250600782015461ffff808216602084015265ffffffffffff6201000083048116604085015268010000000000000000830416606084015260ff6e010000000000000000000000000000909204821615156080840152600884015460a084015260098401546001600160a01b0380821660c086015274010000000000000000000000000000000000000000820490931660e08501527501000000000000000000000000000000000000000000900416610100830152600a83015416610120820152600b8201805461014090920191610b1b906127b2565b80601f0160208091040260200160405190810160405280929190818152602001828054610b47906127b2565b8015610b925780601f10610b6957610100808354040283529160200191610b92565b820191905f5260205f20905b815481529060010190602001808311610b7557829003601f168201915b5050509183525050600c8201546001600160a01b039081166020830152600d83015481166040830152600e90920154909116606090910152919050565b60408051608080820183525f80835260208084018290526060848601819052840182905284519283018552600f80546001600160a01b039081168552601054168483015260118054875181850281018501895281815296979596929587019492939192909184015b82821015610cc0575f8481526020908190206040805160e0810182526007860290920180546001600160a01b03908116845260018083015482168587015260028301548216938501939093526003820154811660608501526004820154811660808501526005820154811660a08501526006909101541660c08301529083529092019101610c37565b50505090825250600391909101546001600160a01b0316602090910152919050565b5f8060405180608001604052805f6001600160a01b0316815260200160405180602001604052805f81525081526020015f6002018054610d21906127b2565b80601f0160208091040260200160405190810160405280929190818152602001828054610d4d906127b2565b8015610d985780601f10610d6f57610100808354040283529160200191610d98565b820191905f5260205f20905b815481529060010190602001808311610d7b57829003601f168201915b505050505081526020015f6001018054610db1906127b2565b80601f0160208091040260200160405190810160405280929190818152602001828054610ddd906127b2565b8015610e285780601f10610dff57610100808354040283529160200191610e28565b820191905f5260205f20905b815481529060010190602001808311610e0b57829003601f168201915b505050919092525050600c549091506001600160a01b031663b5568838825f604051908082528060200260200182016040528015610eaf57816020015b610e9c6040805160c0810182525f6080820181815260a0830182905292820192835260608201529081908152602001606081525090565b815260200190600190039081610e655790505b506040518363ffffffff1660e01b8152600401610ecd929190612849565b5f604051808303815f875af1158015610ee8573d5f803e3d5ffd5b505050506040513d5f823e601f3d908101601f19168201604052610f0f9190810190612b6f565b505f80549193506001600160a01b03909116908115610f2f576002610f32565b60015b60ff1667ffffffffffffffff811115610f4d57610f4d6127ea565b604051908082528060200260200182016040528015610f9957816020015b60408051606080820183525f808352602083015291810191909152815260200190600190039081610f6b5790505b50905083815f81518110610faf57610faf61279e565b60200260200101515f01906001600160a01b031690816001600160a01b0316815250508330856001600160a01b03166309e56b146040518163ffffffff1660e01b8152600401602060405180830381865afa158015611010573d5f803e3d5ffd5b505050506040513d601f19601f820116820180604052508101906110349190612c72565b6040516001600160a01b039384166024820152929091166044830152606482015260840160408051601f198184030181529190526020810180517bffffffffffffffffffffffffffffffffffffffffffffffffffffffff167fd68bad2c00000000000000000000000000000000000000000000000000000000179052815182905f906110c2576110c261279e565b6020908102919091010151604001526001600160a01b0382161561121a5783816001815181106110f4576110f461279e565b60200260200101515f01906001600160a01b031690816001600160a01b0316815250508382856001600160a01b0316630729d0546040518163ffffffff1660e01b8152600401602060405180830381865afa158015611155573d5f803e3d5ffd5b505050506040513d601f19601f820116820180604052508101906111799190612c72565b6040516001600160a01b039384166024820152929091166044830152606482015260840160408051601f198184030181529190526020810180517bffffffffffffffffffffffffffffffffffffffffffffffffffffffff167fd68bad2c0000000000000000000000000000000000000000000000000000000017905281518290600190811061120a5761120a61279e565b6020026020010151604001819052505b6040517fc71bf3240000000000000000000000000000000000000000000000000000000081526001600160a01b0385169063c71bf32490611263905f9085908290600401612c89565b5f604051808303815f875af115801561127e573d5f803e3d5ffd5b505050506040513d5f823e601f3d908101601f191682016040526112a59190810190612d9f565b505050505090565b806001600160a01b031663d68bad2c825f600d015f9054906101000a90046001600160a01b0316846001600160a01b03166309e56b146040518163ffffffff1660e01b8152600401602060405180830381865afa158015611310573d5f803e3d5ffd5b505050506040513d601f19601f820116820180604052508101906113349190612c72565b6040516001600160e01b031960e086901b1681526001600160a01b03938416600482015292909116602483015260448201526064015f604051808303815f87803b158015611380575f80fd5b505af1158015611392573d5f803e3d5ffd5b5050600d54604080517f747e5ec100000000000000000000000000000000000000000000000000000000815290516001600160a01b03868116955063d68bad2c9450909216913091839163747e5ec1916004808201926020929091908290030181865afa158015611405573d5f803e3d5ffd5b505050506040513d601f19601f820116820180604052508101906114299190612c72565b6040516001600160e01b031960e086901b1681526001600160a01b03938416600482015292909116602483015260448201526064015f604051808303815f87803b158015611475575f80fd5b505af1158015611487573d5f803e3d5ffd5b5050505050565b5f6114ac604051806040016040528060608152602001606081525090565b6040805180820182526001815260035461ffff16602080830191909152825180840184526001600160a01b03881681525f81830181905293516114f89360049390929160059101612f50565b60408051601f19818403018152600d546080840183528383018881526009546001600160a01b0390811660608701529085526020850183905292517f3c8c01d10000000000000000000000000000000000000000000000000000000081529194505f93849390911691633c8c01d191611576918b9190600401612fdc565b5f604051808303815f875af1158015611591573d5f803e3d5ffd5b505050506040513d5f823e601f3d908101601f191682016040526115b89190810190612ffd565b909890975095505050505050565b600d546040805160c081018252608081018581526001600160a01b0387811660a0840152908252878116602080840191909152850151928201929092528351919092169163fe6c347491889190606082019061162190612344565b8152506040518363ffffffff1660e01b815260040161164192919061304b565b5f604051808303815f87803b158015611658575f80fd5b505af115801561166a573d5f803e3d5ffd5b505050505050505050565b600e54600a546040517f7bd3e8ac0000000000000000000000000000000000000000000000000000000081525f926001600160a01b0390811692637bd3e8ac926116c892600b9216908790600401613140565b6020604051808303815f875af11580156116e4573d5f803e3d5ffd5b505050506040513d601f19601f8201168201806040525081019061170891906131e7565b92915050565b6040805160e0810182525f808252602080830182905282840182905260608084018390526080840183905260a0840183905260c084018390528451808601909552808552908401529091600a54604080516101008101825260075460ff6e0100000000000000000000000000008204161515825260208a81015190830152898301518284015289516001600160a01b039081166060840152600854608084015261ffff821660a084015265ffffffffffff620100008304811660c08501526801000000000000000090920490911660e083015291517f9d3016a80000000000000000000000000000000000000000000000000000000081525f939290921691639d3016a89161181f91600401613202565b5f60405180830381865afa158015611839573d5f803e3d5ffd5b505050506040513d5f823e601f3d908101601f1916820160405261186091908101906132ac565b600d54604080516080810182528082018981526001600160a01b038b811660608401529082526020820185905291517f3c8c01d10000000000000000000000000000000000000000000000000000000081529394505f9384939290921691633c8c01d1916118d3918e9190600401612fdc565b5f604051808303815f875af11580156118ee573d5f803e3d5ffd5b505050506040513d5f823e601f3d908101601f191682016040526119159190810190612ffd565b915091505f815f015190505f6040518060e00160405280856001600160a01b03168152602001835f8151811061194d5761194d61279e565b60200260200101516001600160a01b03168152602001836001815181106119765761197661279e565b60200260200101516001600160a01b031681526020018360028151811061199f5761199f61279e565b60200260200101516001600160a01b03168152602001836003815181106119c8576119c861279e565b60200260200101516001600160a01b03168152602001836004815181106119f1576119f161279e565b60200260200101516001600160a01b0316815260200183600581518110611a1a57611a1a61279e565b60209081029190910101516001600160a01b039081169091526040805163071d217160e01b8152600160048201526024810191909152600660448201527f6761756765310000000000000000000000000000000000000000000000000000606482015291925085169063071d2171906084016020604051808303815f875af1158015611aa8573d5f803e3d5ffd5b505050506040513d601f19601f82011682018060405250810190611acc91906131e7565b506040805163071d217160e01b8152600260048201526024810191909152600660448201527f676175676532000000000000000000000000000000000000000000000000000060648201526001600160a01b0385169063071d2171906084016020604051808303815f875af1158015611b47573d5f803e3d5ffd5b505050506040513d601f19601f82011682018060405250810190611b6b91906131e7565b506040805163071d217160e01b8152600360048201526024810191909152600660448201527f676175676533000000000000000000000000000000000000000000000000000060648201526001600160a01b0385169063071d2171906084016020604051808303815f875af1158015611be6573d5f803e3d5ffd5b505050506040513d601f19601f82011682018060405250810190611c0a91906131e7565b509b989a5090985050505050505050565b816001600160a01b031663d68bad2c82606001513084606001516001600160a01b0316636e61462a6040518163ffffffff1660e01b8152600401602060405180830381865afa158015611c70573d5f803e3d5ffd5b505050506040513d601f19601f82011682018060405250810190611c949190612c72565b6040516001600160e01b031960e086901b1681526001600160a01b03938416600482015292909116602483015260448201526064015f604051808303815f87803b158015611ce0575f80fd5b505af1158015611cf2573d5f803e3d5ffd5b505050606082015160208301516040517f48dc9d2b0000000000000000000000000000000000000000000000000000000081526001600160a01b039182166004820152911691506348dc9d2b906024015f604051808303815f87803b158015611d59575f80fd5b505af1158015611d6b573d5f803e3d5ffd5b505050606082015160408084015190517ff3ee7e2c0000000000000000000000000000000000000000000000000000000081526001600160a01b0391821660048201529116915063f3ee7e2c906024015f604051808303815f87803b158015611dd2575f80fd5b505af1158015611de4573d5f803e3d5ffd5b50505050606081015181516040517f4bc2a6570000000000000000000000000000000000000000000000000000000081526001600160a01b039182166004820152911690634bc2a657906024015f604051808303815f87803b158015611e48575f80fd5b505af1158015611e5a573d5f803e3d5ffd5b505050606082015160a08301516040517f6e7b14450000000000000000000000000000000000000000000000000000000081526001600160a01b03918216600482015291169150636e7b1445906024015f604051808303815f87803b158015611ec1575f80fd5b505af1158015611ed3573d5f803e3d5ffd5b5050505080606001516001600160a01b031663abdb84e75f6006015f81548110611eff57611eff61279e565b5f91825260209091206003909102015460405160e083901b6001600160e01b03191681526001600160a01b0390911660048201526024015f604051808303815f87803b158015611f4d575f80fd5b505af1158015611f5f573d5f803e3d5ffd5b50505050805f01516001600160a01b031663abdb84e75f6006015f81548110611f8a57611f8a61279e565b5f91825260209091206003909102015460405160e083901b6001600160e01b03191681526001600160a01b0390911660048201526024015f604051808303815f87803b158015611fd8575f80fd5b505af1158015611fea573d5f803e3d5ffd5b50505050816001600160a01b031663d96054c482606001513084606001516001600160a01b0316636e61462a6040518163ffffffff1660e01b8152600401602060405180830381865afa158015612043573d5f803e3d5ffd5b505050506040513d601f19601f820116820180604052508101906120679190612c72565b6040516001600160e01b031960e086901b1681526001600160a01b03938416600482015292909116602483015260448201526064015f604051808303815f87803b1580156120b3575f80fd5b505af11580156120c5573d5f803e3d5ffd5b505050505050565b600d54604080517f747e5ec100000000000000000000000000000000000000000000000000000000815290516001600160a01b038085169363d96054c4939116913091839163747e5ec1916004808201926020929091908290030181865afa15801561213b573d5f803e3d5ffd5b505050506040513d601f19601f8201168201806040525081019061215f9190612c72565b6040516001600160e01b031960e086901b1681526001600160a01b03938416600482015292909116602483015260448201526064015f604051808303815f87803b1580156121ab575f80fd5b505af11580156121bd573d5f803e3d5ffd5b50505050806001600160a01b031663d96054c4825f600d015f9054906101000a90046001600160a01b0316846001600160a01b03166309e56b146040518163ffffffff1660e01b8152600401602060405180830381865afa158015611405573d5f803e3d5ffd5b806001600160a01b031663d96054c48230846001600160a01b0316630729d0546040518163ffffffff1660e01b8152600401602060405180830381865afa158015612271573d5f803e3d5ffd5b505050506040513d601f19601f820116820180604052508101906122959190612c72565b6040516001600160e01b031960e086901b1681526001600160a01b03938416600482015292909116602483015260448201526064015f604051808303815f87803b1580156122e1575f80fd5b505af11580156122f3573d5f803e3d5ffd5b50505050806001600160a01b031663d96054c48230846001600160a01b03166309e56b146040518163ffffffff1660e01b8152600401602060405180830381865afa158015611405573d5f803e3d5ffd5b5f8160405160200161235691906132de565b604051602081830303815290604052805190602001209050919050565b5f5b8381101561238d578181015183820152602001612375565b50505f910152565b5f81518084526123ac816020860160208601612373565b601f01601f19169290920160200192915050565b5f815180845260208085019450602084015f5b838110156123f85781516001600160a01b0316875295820195908201906001016123d3565b509495945050505050565b5f82825180855260208086019550808260051b8401018186015f5b8481101561248657601f19868403018952815160606001600160a01b03825116855285820151818787015261245582870182612395565b915050604080830151925085820381870152506124728183612395565b9a86019a945050509083019060010161241e565b5090979650505050505050565b602081526124ad6020820183516001600160a01b03169052565b5f60208301516102808060408501526124ca6102a0850183612395565b91506040850151601f19808685030160608701526124e88483612395565b935060608701519150612501608087018361ffff169052565b60808701519150808685030160a087015261251c84836123c0565b935060a08701519150808685030160c08701526125398483612395565b935060c08701519150808685030160e08701526125568483612403565b935060e087015191506101006125718188018461ffff169052565b870151915061012061258c8782018465ffffffffffff169052565b87015191506101406125a78782018465ffffffffffff169052565b87015191506101606125bc8782018415159052565b8701516101808781019190915287015191506101a06125e5818801846001600160a01b03169052565b87015191506101c06125fb8782018460ff169052565b87015191506101e06126128782018461ffff169052565b870151915061020061262e878201846001600160a01b03169052565b8088015192505061022081878603018188015261264b8584612395565b9450808801519250505061024061266c818701836001600160a01b03169052565b8601519050610260612688868201836001600160a01b03169052565b8601516001600160a01b0381168387015290505b5090949350505050565b602081525f6126b86020830184612395565b9392505050565b5f602080835260a08084016001600160a01b03808751168487015283870151604082821660408901526040890151915060806060608060608b015285845180885260c0975060c08c01915089860195505f5b818110156127775786518051891684528b81015189168c8501528681015189168785015284810151891685850152858101516001600160a01b03908116878601528b82015181168c860152908a01511689840152958a019560e090920191600101612711565b505060608c01516001600160a01b03811660808d015298509b9a5050505050505050505050565b634e487b7160e01b5f52603260045260245ffd5b600181811c908216806127c657607f821691505b6020821081036127e457634e487b7160e01b5f52602260045260245ffd5b50919050565b634e487b7160e01b5f52604160045260245ffd5b80518051805160ff16845260209081015161ffff168185015201516001600160a01b031660408301525f6020820151608060608501526128416080850182612395565b949350505050565b604081526001600160a01b0383511660408201525f6020808501516080606085015261287860c0850182612395565b905060408601517fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc0808684030160808701526128b48383612395565b925060608801519150808684030160a0870152506128d28282612395565b915050838103828501528085518083528383019150838160051b8401018488015f5b8381101561292257601f198684030185526129108383516127fe565b948701949250908601906001016128f4565b50909998505050505050505050565b6001600160a01b03811681146105d7575f80fd5b60405160a0810167ffffffffffffffff81118282101715612968576129686127ea565b60405290565b6040805190810167ffffffffffffffff81118282101715612968576129686127ea565b604051601f8201601f1916810167ffffffffffffffff811182821017156129ba576129ba6127ea565b604052919050565b5f67ffffffffffffffff8211156129db576129db6127ea565b5060051b60200190565b5f82601f8301126129f4575f80fd5b81516020612a09612a04836129c2565b612991565b82815260a09283028501820192828201919087851115612a27575f80fd5b8387015b858110156124865781818a031215612a41575f80fd5b612a49612945565b815160038110612a57575f80fd5b815281860151612a6681612931565b81870152604082810151612a7981612931565b90820152606082810151612a8c81612931565b90820152608082810151908201528452928401928101612a2b565b5f60408284031215612ab7575f80fd5b612abf61296e565b9050815167ffffffffffffffff80821115612ad8575f80fd5b818401915084601f830112612aeb575f80fd5b81516020612afb612a04836129c2565b82815260059290921b84018101918181019088841115612b19575f80fd5b948201945b83861015612b40578551612b3181612931565b82529482019490820190612b1e565b86525085810151935082841115612b55575f80fd5b612b61878588016129e5565b818601525050505092915050565b5f806040808486031215612b81575f80fd5b8351612b8c81612931565b8093505060208085015167ffffffffffffffff80821115612bab575f80fd5b818701915087601f830112612bbe575f80fd5b8151612bcc612a04826129c2565b81815260059190911b8301840190848101908a831115612bea575f80fd5b8585015b83811015612c6057805185811115612c04575f80fd5b8601808d03601f1901891315612c18575f80fd5b612c2061296e565b88820151612c2d81612931565b8152818a015187811115612c3f575f80fd5b612c4d8f8b83860101612aa7565b828b015250845250918601918601612bee565b50809750505050505050509250929050565b5f60208284031215612c82575f80fd5b5051919050565b5f6060808301868452602060608186015281875180845260808701915060808160051b88010193508289015f5b82811015612d27578886037fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff80018452815180516001600160a01b031687528581015186880152604090810151908701889052612d1488880182612395565b9650509284019290840190600101612cb6565b505050505060409390930193909352509392505050565b5f82601f830112612d4d575f80fd5b815167ffffffffffffffff811115612d6757612d676127ea565b612d7a6020601f19601f84011601612991565b818152846020838601011115612d8e575f80fd5b612841826020830160208701612373565b5f8060408385031215612db0575f80fd5b825167ffffffffffffffff80821115612dc7575f80fd5b818501915085601f830112612dda575f80fd5b81516020612dea612a04836129c2565b82815260059290921b84018101918181019089841115612e08575f80fd5b8286015b84811015612e3e57805186811115612e22575f80fd5b612e308c86838b0101612d3e565b845250918301918301612e0c565b5097909101519698969750505050505050565b634e487b7160e01b5f52602160045260245ffd5b6001600160a01b038151168252602081015160028110612e8757612e87612e51565b806020840152505050565b80545f90600181811c9080831680612eab57607f831692505b60208084108203612eca57634e487b7160e01b5f52602260045260245ffd5b838852818015612ee15760018114612f1957612f44565b7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff008616828a01528185151560051b8a01019650612f44565b875f52815f205f5b86811015612f3c5781548b8201850152908501908301612f21565b8a0183019750505b50505050505092915050565b5f60c0820160c0835280875480835260e085019150885f526020925060205f205f5b82811015612f975781546001600160a01b031684529284019260019182019101612f72565b50505086511515602085015261ffff6020880151166040850152612fbe6060850187612e65565b83810360a0850152612fd08186612e92565b98975050505050505050565b6001600160a01b0383168152604060208201525f61284160408301846127fe565b5f806040838503121561300e575f80fd5b825161301981612931565b602084015190925067ffffffffffffffff811115613035575f80fd5b61304185828601612aa7565b9150509250929050565b5f60406001600160a01b0380861684526020604081860152610100850161309b6040870188518051805160ff16835260209081015161ffff168184015201516001600160a01b0316604090910152565b86820151831660a087810191909152604088015160c0808901528051928390528301915f91906101208901905b808410156131245784518051600381106130e4576130e4612e51565b83528087015188168784015288810151881689840152606080820151891690840152608090810151908301529385019360019390930192908201906130c8565b5060608a015160e08a0152809750505050505050509392505050565b60a081525f61315260a0830186612e92565b6001600160a01b0385811660208501528416604084015282810360608401526131a581600181527f2000000000000000000000000000000000000000000000000000000000000000602082015260400190565b8381036080850152600181527f200000000000000000000000000000000000000000000000000000000000000060208201529050604081019695505050505050565b5f602082840312156131f7575f80fd5b81516126b881612931565b602081528151151560208201525f602083015161010080604085015261322c610120850183612395565b91506040850151601f198584030160608601526132498382612395565b925050606085015161326660808601826001600160a01b03169052565b50608085015160a085015260a085015160c085015260c085015161329460e086018265ffffffffffff169052565b5060e085015165ffffffffffff81168583015261269c565b5f602082840312156132bc575f80fd5b815167ffffffffffffffff8111156132d2575f80fd5b61284184828501612d3e565b602080825282518282018190525f9190848201906040850190845b8181101561331e5783516001600160a01b0316835292840192918401916001016132f9565b5090969550505050505056
Constructor Arguments (ABI-Encoded and is the last bytes of the Contract Creation Code above)
000000000000000000000000000000000000000000000000000000000000002000000000000000000000000063d10e32e7f94d9a2ada1a5c7db3a39f16d24efc000000000000000000000000000000000000000000000000000000000000028000000000000000000000000000000000000000000000000000000000000002a0000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000002c0000000000000000000000000000000000000000000000000000000000000036000000000000000000000000000000000000000000000000000000000000003a0000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000008e1accd0b87dbc8a9bf39120b03dec1d5f945ed100000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000003000000000000000000000000a9034914e2c16c8463453dc87caff4baf51bf13100000000000000000000000000000000000000000000000000000000000004c000000000000000000000000057c52ed735cc678936278b88b5abcb916b9e201b0000000000000000000000006240e3afa085b8393eb072911f3d65ef080b6bef000000000000000000000000ba428e29900dae3854b9383613580bf7113cba390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000008bf0280b2557b98532ec21e6c070dba1bfaadbf2000000000000000000000000e96a819b77a0d54ec5773f079fe5e2a3d84995fc000000000000000000000000c1d60f584879f024299da0f19cdb47b931e35b5300000000000000000000000033333333333333333333333333333333333333330000000000000000000000000000000000000000000000000000000000000007697066733a2f2f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000020000000000000000000000000bf40f01a934f98ea36843f781b11c7584e7fb895000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000a564520546f6b656e20310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000057665544b31000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f626c6178626c7578746573743132380000000000000000000000000000000000
-----Decoded View---------------
Arg [0] : _parameters (tuple):
Arg [1] : daoExecutor (address): 0x63d10e32E7F94D9A2aDa1A5C7dB3A39f16D24efc
Arg [2] : daoMetadataURI (string):
Arg [3] : daoSubdomain (string):
Arg [4] : minApprovals (uint16): 1
Arg [5] : multisigMembers (address[]): 0x8bF0280B2557B98532EC21e6c070Dba1bFAaDbf2,0xe96A819B77A0D54eC5773f079fe5E2A3d84995fC,0xc1d60f584879f024299DA0F19Cdb47B931E35b53,0x3333333333333333333333333333333333333333
Arg [6] : multisigMetadata (bytes): 0x697066733a2f2f
Arg [7] : tokenParameters (tuple[]):
Arg [1] : token (address): 0xBF40F01a934F98ea36843f781b11c7584E7FB895
Arg [2] : veTokenName (string): VE Token 1
Arg [3] : veTokenSymbol (string): veTK1
Arg [8] : feePercent (uint16): 1
Arg [9] : cooldownPeriod (uint48): 1
Arg [10] : minLockDuration (uint48): 1
Arg [11] : votingPaused (bool): False
Arg [12] : minDeposit (uint256): 1
Arg [13] : multisigPluginRepo (address): 0x8E1AccD0b87DBC8A9BF39120B03DEc1d5f945ed1
Arg [14] : multisigPluginRelease (uint8): 1
Arg [15] : multisigPluginBuild (uint16): 3
Arg [16] : voterPluginSetup (address): 0xA9034914e2C16c8463453DC87CaFf4BAf51bf131
Arg [17] : voterEnsSubdomain (string): blaxbluxtest128
Arg [18] : osxDaoFactory (address): 0x57c52Ed735Cc678936278B88B5AbCB916B9e201B
Arg [19] : pluginSetupProcessor (address): 0x6240e3aFa085B8393EB072911f3d65EF080b6bEf
Arg [20] : pluginRepoFactory (address): 0xbA428E29900DAE3854B9383613580BF7113cba39
-----Encoded View---------------
41 Constructor Arguments found :
Arg [0] : 0000000000000000000000000000000000000000000000000000000000000020
Arg [1] : 00000000000000000000000063d10e32e7f94d9a2ada1a5c7db3a39f16d24efc
Arg [2] : 0000000000000000000000000000000000000000000000000000000000000280
Arg [3] : 00000000000000000000000000000000000000000000000000000000000002a0
Arg [4] : 0000000000000000000000000000000000000000000000000000000000000001
Arg [5] : 00000000000000000000000000000000000000000000000000000000000002c0
Arg [6] : 0000000000000000000000000000000000000000000000000000000000000360
Arg [7] : 00000000000000000000000000000000000000000000000000000000000003a0
Arg [8] : 0000000000000000000000000000000000000000000000000000000000000001
Arg [9] : 0000000000000000000000000000000000000000000000000000000000000001
Arg [10] : 0000000000000000000000000000000000000000000000000000000000000001
Arg [11] : 0000000000000000000000000000000000000000000000000000000000000000
Arg [12] : 0000000000000000000000000000000000000000000000000000000000000001
Arg [13] : 0000000000000000000000008e1accd0b87dbc8a9bf39120b03dec1d5f945ed1
Arg [14] : 0000000000000000000000000000000000000000000000000000000000000001
Arg [15] : 0000000000000000000000000000000000000000000000000000000000000003
Arg [16] : 000000000000000000000000a9034914e2c16c8463453dc87caff4baf51bf131
Arg [17] : 00000000000000000000000000000000000000000000000000000000000004c0
Arg [18] : 00000000000000000000000057c52ed735cc678936278b88b5abcb916b9e201b
Arg [19] : 0000000000000000000000006240e3afa085b8393eb072911f3d65ef080b6bef
Arg [20] : 000000000000000000000000ba428e29900dae3854b9383613580bf7113cba39
Arg [21] : 0000000000000000000000000000000000000000000000000000000000000000
Arg [22] : 0000000000000000000000000000000000000000000000000000000000000000
Arg [23] : 0000000000000000000000000000000000000000000000000000000000000004
Arg [24] : 0000000000000000000000008bf0280b2557b98532ec21e6c070dba1bfaadbf2
Arg [25] : 000000000000000000000000e96a819b77a0d54ec5773f079fe5e2a3d84995fc
Arg [26] : 000000000000000000000000c1d60f584879f024299da0f19cdb47b931e35b53
Arg [27] : 0000000000000000000000003333333333333333333333333333333333333333
Arg [28] : 0000000000000000000000000000000000000000000000000000000000000007
Arg [29] : 697066733a2f2f00000000000000000000000000000000000000000000000000
Arg [30] : 0000000000000000000000000000000000000000000000000000000000000001
Arg [31] : 0000000000000000000000000000000000000000000000000000000000000020
Arg [32] : 000000000000000000000000bf40f01a934f98ea36843f781b11c7584e7fb895
Arg [33] : 0000000000000000000000000000000000000000000000000000000000000060
Arg [34] : 00000000000000000000000000000000000000000000000000000000000000a0
Arg [35] : 000000000000000000000000000000000000000000000000000000000000000a
Arg [36] : 564520546f6b656e203100000000000000000000000000000000000000000000
Arg [37] : 0000000000000000000000000000000000000000000000000000000000000005
Arg [38] : 7665544b31000000000000000000000000000000000000000000000000000000
Arg [39] : 000000000000000000000000000000000000000000000000000000000000000f
Arg [40] : 626c6178626c7578746573743132380000000000000000000000000000000000
Loading...
Loading
Loading...
Loading
0x0cfAB17fDd8e47AB51b3d5EC85eE206502323a9B
Loading...
Loading
Loading...
Loading
[ Download: CSV Export ]
A contract address hosts a smart contract, which is a set of code stored on the blockchain that runs when predetermined conditions are met. Learn more about addresses in our Knowledge Base.