Description:
Multi-signature wallet contract requiring multiple confirmations for transaction execution.
Blockchain: Ethereum
Source Code: View Code On The Blockchain
Solidity Source Code:
{{
"language": "Solidity",
"sources": {
"src/RLUSDRebalancerV2.sol": {
"content": "// SPDX-License-Identifier: MIT
pragma solidity 0.8.30;
/*───────────────────────────────────────────────────────────────────────────*\
| RLUSD Rebalancer V2 |
| ------------------------------------------------------------------------ |
| Adds pausable functionality to the base RLUSDRebalancer contract. |
| All critical operations can be paused by the owner in emergencies. |
| |
| V2 Features: |
| • All base RLUSDRebalancer functionality |
| • Emergency pause/unpause controls |
| • Pausable swaps, whitelist management, and reserve operations |
| |
| Security-contact bugs@ripple.com |
\*───────────────────────────────────────────────────────────────────────────*/
import {RLUSDRebalancer} from "./RLUSDRebalancer.sol";
import {PausableUpgradeable} from
"@openzeppelin-upgradeable/contracts/utils/PausableUpgradeable.sol";
/// @custom:oz-upgrades-from RLUSDRebalancer.sol
contract RLUSDRebalancerV2 is RLUSDRebalancer, PausableUpgradeable {
/// @notice Disables initializers for the implementation contract.
constructor() {
_disableInitializers();
}
/// @notice Re-initializer for upgrading from V1 to V2
function reinitializeV2() external reinitializer(2) {
__Pausable_init();
}
/// @inheritdoc RLUSDRebalancer
function addWhitelist(address account) public virtual override whenNotPaused {
super.addWhitelist(account);
}
/// @inheritdoc RLUSDRebalancer
function removeWhitelist(address account) public virtual override whenNotPaused {
super.removeWhitelist(account);
}
/// @inheritdoc RLUSDRebalancer
function addSupplyManager(address account) public virtual override whenNotPaused {
super.addSupplyManager(account);
}
/// @inheritdoc RLUSDRebalancer
function removeSupplyManager(address account) public virtual override whenNotPaused {
super.removeSupplyManager(account);
}
/// @inheritdoc RLUSDRebalancer
function fundReserve(address tokenAddress, uint256 amount)
public
virtual
override
whenNotPaused
{
super.fundReserve(tokenAddress, amount);
}
/// @inheritdoc RLUSDRebalancer
function withdrawReserve(address tokenAddress, uint256 amount, address to)
public
virtual
override
whenNotPaused
{
super.withdrawReserve(tokenAddress, amount, to);
}
/// @inheritdoc RLUSDRebalancer
function swapRLUSDForUSDC(uint256 rlusdAmount) public virtual override whenNotPaused {
super.swapRLUSDForUSDC(rlusdAmount);
}
/// @inheritdoc RLUSDRebalancer
function swapUSDCForRLUSD(uint256 usdcAmount) public virtual override whenNotPaused {
super.swapUSDCForRLUSD(usdcAmount);
}
/// @inheritdoc RLUSDRebalancer
function rescueTokens(address tokenAddress, uint256 amount, address to)
public
virtual
override
whenNotPaused
{
super.rescueTokens(tokenAddress, amount, to);
}
// Emergency pause controls
/// @notice Pauses the contract, preventing execution of functions with whenNotPaused modifier
/// @dev Only callable by the owner. Emits a Paused event.
function pause() public virtual onlyOwner {
_pause();
}
/// @notice Unpauses the contract, allowing execution of functions with whenNotPaused modifier
/// @dev Only callable by the owner. Emits an Unpaused event.
function unpause() public virtual onlyOwner {
_unpause();
}
}
"
},
"src/RLUSDRebalancer.sol": {
"content": "// SPDX-License-Identifier: MIT
pragma solidity 0.8.30;
/*───────────────────────────────────────────────────────────────────────────*\
| RLUSD Rebalancer |
| ------------------------------------------------------------------------ |
| A minimal, proxy-upgradeable treasury contract that lets Ripple |
| pre-fund RLUSD & USDC balances and grant a small set of institutional |
| market-makers the right to swap the two stable-coins at par (1 : 1). |
| |
| Key features |
| • UUPS upgradeable (Initializable + _authorizeUpgrade). |
| • Ownable (Fireblocks / multisig) access control. |
| • Mapping-based whitelist (<10 MM wallets expected). |
| • SafeERC20 transfers, ReentrancyGuard, strict CEI pattern. |
| • Decimal-aware conversion (RLUSD 18 dec ↔︎ USDC 6 dec). |
| |
| Author: @hazardcookie (hazardcookie.eth) |
| Security-contact bugs@ripple.com |
\*───────────────────────────────────────────────────────────────────────────*/
import {Initializable} from "@openzeppelin-upgradeable/contracts/proxy/utils/Initializable.sol";
import {UUPSUpgradeable} from "@openzeppelin-upgradeable/contracts/proxy/utils/UUPSUpgradeable.sol";
import {OwnableUpgradeable} from "@openzeppelin-upgradeable/contracts/access/OwnableUpgradeable.sol";
import {ReentrancyGuardUpgradeable} from
"@openzeppelin-upgradeable/contracts/utils/ReentrancyGuardUpgradeable.sol";
import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import {SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
import {IERC20Metadata} from "@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol";
/* ------------------------------------------------------------------------- */
/* Custom errors */
/* ------------------------------------------------------------------------- */
error ZeroTokenAddress();
error ZeroAddress();
error AlreadyWhitelisted();
error NotWhitelisted();
error NotAuthorised();
error AmountZero();
error AmountTooSmall();
error NonIntegralConversion(); // amount must be an exact multiple
error InsufficientUSDC();
error InsufficientRLUSD();
error InsufficientReserve();
error ZeroRecipient();
error AlreadySupplyManager();
error NotSupplyManager();
error InvalidToken();
error InvalidDecimals();
/* ------------------------------------------------------------------------- */
/* Events */
/* ------------------------------------------------------------------------- */
/// @notice Emitted when an account is added to the whitelist.
event WhitelistAdded(address indexed account);
/// @notice Emitted when an account is removed from the whitelist.
event WhitelistRemoved(address indexed account);
/// @notice Emitted when a swap between RLUSD and USDC is executed.
event SwapExecuted(
address indexed account,
address indexed tokenIn,
uint256 amountIn,
address indexed tokenOut,
uint256 amountOut
);
/// @notice Emitted when tokens are rescued by the owner.
event TokensRescued(address indexed token, uint256 amount, address indexed to);
/// @notice Emitted when an account is added as a supply manager.
event SupplyManagerAdded(address indexed account);
/// @notice Emitted when an account is removed as a supply manager.
event SupplyManagerRemoved(address indexed account);
/// @notice Emitted when the reserve is funded with RLUSD or USDC.
event ReserveFunded(address indexed from, address indexed token, uint256 amount);
/// @notice Emitted when tokens are withdrawn from the reserve.
event ReserveWithdrawn(
address indexed by, address indexed token, uint256 amount, address indexed to
);
/// @title RLUSDRebalancer
/// @notice Holds hot-wallet liquidity in RLUSD & USDC and lets *whitelisted* market-makers atomically swap between them at a 1 : 1 USD value.
/// @custom:security-contact bugs@ripple.com
/// @dev Designed for proxy deployment using the UUPS pattern.
contract RLUSDRebalancer is
Initializable,
UUPSUpgradeable,
OwnableUpgradeable,
ReentrancyGuardUpgradeable
{
using SafeERC20 for IERC20;
/* --------------------------------------------------------------------- */
/* State variables */
/* --------------------------------------------------------------------- */
/// @notice RLUSD ERC-20 token contract (18 decimals).
IERC20 public rlusdToken;
/// @notice USDC ERC-20 token contract (6 decimals).
IERC20 public usdcToken;
/// @dev conversionFactor = 10 ** (rlusdDec - usdcDec); for RLUSD18 ↔︎ USDC6 this is 1e12.
uint256 private conversionFactor;
/// @dev Mapping of wallet address to whitelist status.
mapping(address account => bool isWhitelisted) private _whitelist;
/// @dev Mapping of wallet address to supply manager status.
mapping(address account => bool isSupplyManager) private _supplyManagers;
/* --------------------------------------------------------------------- */
/* Modifiers */
/* --------------------------------------------------------------------- */
/// @dev Restricts caller to owner or authorised supply manager.
modifier onlyOwnerOrSupplyManager() {
if (!_supplyManagers[msg.sender] && msg.sender != owner()) revert NotAuthorised();
_;
}
/* --------------------------------------------------------------------- */
/* Initialisation */
/* --------------------------------------------------------------------- */
/// @notice Disables initializers for the implementation contract.
/// @dev OpenZeppelin UUPS pattern: disables initializers on the implementation contract.
constructor() {
_disableInitializers();
}
/// @notice Proxy initializer (replaces constructor).
/// @param rlusdAddress Address of the RLUSD ERC-20 contract.
/// @param usdcAddress Address of the USDC ERC-20 contract.
/// @param initialOwner The initial owner of the contract.
/// @dev Sets up the contract for proxy deployment. Only callable once.
function initialize(address rlusdAddress, address usdcAddress, address initialOwner)
external
initializer
{
if (rlusdAddress == address(0) || usdcAddress == address(0)) {
revert ZeroTokenAddress();
}
if (initialOwner == address(0)) {
revert ZeroAddress();
}
__Ownable_init(initialOwner);
__UUPSUpgradeable_init();
__ReentrancyGuard_init();
rlusdToken = IERC20(rlusdAddress);
usdcToken = IERC20(usdcAddress);
uint8 rlusdDec = IERC20Metadata(rlusdAddress).decimals();
uint8 usdcDec = IERC20Metadata(usdcAddress).decimals();
// Ensure RLUSD has at least as many decimals as USDC
if (rlusdDec < usdcDec) revert InvalidDecimals();
conversionFactor = 10 ** (rlusdDec - usdcDec);
}
/// @notice UUPS upgrade authorisation -- only the contract owner can upgrade.
/// @param newImplementation The address of the new implementation contract.
/// @dev Required by UUPSUpgradeable. Only callable by the owner.
function _authorizeUpgrade(address newImplementation) internal override onlyOwner {}
/* --------------------------------------------------------------------- */
/* Whitelist administration */
/* --------------------------------------------------------------------- */
/// @notice Adds an account to the whitelist.
/// @param account The address to whitelist.
/// @dev Only callable by the owner. Reverts if already whitelisted or zero address.
function addWhitelist(address account) public virtual onlyOwner {
if (account == address(0)) revert ZeroAddress();
if (_whitelist[account]) revert AlreadyWhitelisted();
_whitelist[account] = true;
emit WhitelistAdded(account);
}
/// @notice Removes an account from the whitelist.
/// @param account The address to remove from the whitelist.
/// @dev Only callable by the owner. Reverts if not whitelisted.
function removeWhitelist(address account) public virtual onlyOwner {
if (!_whitelist[account]) revert NotWhitelisted();
_whitelist[account] = false;
emit WhitelistRemoved(account);
}
/// @notice Checks if an account is whitelisted.
/// @param account The address to check.
/// @return True if the account is whitelisted, false otherwise.
function isWhitelisted(address account) external view returns (bool) {
return _whitelist[account];
}
/* --------------------------------------------------------------------- */
/* Supply-manager administration */
/* --------------------------------------------------------------------- */
/// @notice Adds an account as a supply manager.
/// @param account The address to add as a supply manager.
/// @dev Only callable by the owner. Reverts if already a supply manager or zero address.
function addSupplyManager(address account) public virtual onlyOwner {
if (account == address(0)) revert ZeroAddress();
if (_supplyManagers[account]) revert AlreadySupplyManager();
_supplyManagers[account] = true;
emit SupplyManagerAdded(account);
}
/// @notice Removes an account from supply managers.
/// @param account The address to remove as a supply manager.
/// @dev Only callable by the owner. Reverts if not a supply manager.
function removeSupplyManager(address account) public virtual onlyOwner {
if (!_supplyManagers[account]) revert NotSupplyManager();
_supplyManagers[account] = false;
emit SupplyManagerRemoved(account);
}
/// @notice Checks if an account is a supply manager.
/// @param account The address to check.
/// @return True if the account is a supply manager, false otherwise.
function isSupplyManager(address account) external view returns (bool) {
return _supplyManagers[account];
}
/* --------------------------------------------------------------------- */
/* Reserve fund / withdraw logic */
/* --------------------------------------------------------------------- */
/// @notice Fund the contract's reserve with RLUSD or USDC.
/// @param tokenAddress The address of the token to fund (must be RLUSD or USDC).
/// @param amount The amount to fund.
/// @dev Only callable by supply managers or the owner. Reverts for invalid token or zero amount.
function fundReserve(address tokenAddress, uint256 amount)
public
virtual
nonReentrant
onlyOwnerOrSupplyManager
{
if (tokenAddress != address(rlusdToken) && tokenAddress != address(usdcToken)) {
revert InvalidToken();
}
if (amount == 0) revert AmountZero();
IERC20(tokenAddress).safeTransferFrom(msg.sender, address(this), amount);
emit ReserveFunded(msg.sender, tokenAddress, amount);
}
/// @notice Withdraw tokens from the contract's reserve.
/// @param tokenAddress The address of the token to withdraw (must be RLUSD or USDC).
/// @param amount The amount to withdraw.
/// @param to The recipient address.
/// @dev Only callable by supply managers or the owner. Reverts for invalid token or zero recipient.
function withdrawReserve(address tokenAddress, uint256 amount, address to)
public
virtual
nonReentrant
onlyOwnerOrSupplyManager
{
if (tokenAddress != address(rlusdToken) && tokenAddress != address(usdcToken)) {
revert InvalidToken();
}
if (amount == 0) revert AmountZero();
if (to == address(0)) revert ZeroRecipient();
if (IERC20(tokenAddress).balanceOf(address(this)) < amount) {
revert InsufficientReserve();
}
IERC20(tokenAddress).safeTransfer(to, amount);
emit ReserveWithdrawn(msg.sender, tokenAddress, amount, to);
}
/* --------------------------------------------------------------------- */
/* Swap logic */
/* --------------------------------------------------------------------- */
/// @notice Swap RLUSD (18 dec) for USDC (6 dec) at 1 : 1 USD value.
/// @param rlusdAmount The amount of RLUSD to swap (must be a multiple of conversionFactor).
/// @dev Only callable by whitelisted accounts. Reverts for zero amount, non-integral conversion, or insufficient liquidity.
function swapRLUSDForUSDC(uint256 rlusdAmount) public virtual nonReentrant {
if (!_whitelist[msg.sender]) revert NotAuthorised();
if (rlusdAmount == 0) revert AmountZero();
// Cache variables for gas efficiency
uint256 _factor = conversionFactor;
IERC20 _usdc = usdcToken;
IERC20 _rlusd = rlusdToken;
// Prevent dust
if (rlusdAmount % _factor != 0) revert NonIntegralConversion();
uint256 usdcAmount = rlusdAmount / _factor;
if (usdcAmount == 0) revert AmountTooSmall();
if (_usdc.balanceOf(address(this)) < usdcAmount) revert InsufficientUSDC();
// CEI pattern
_rlusd.safeTransferFrom(msg.sender, address(this), rlusdAmount);
_usdc.safeTransfer(msg.sender, usdcAmount);
emit SwapExecuted(msg.sender, address(_rlusd), rlusdAmount, address(_usdc), usdcAmount);
}
/// @notice Swap USDC (6 dec) for RLUSD (18 dec) at 1 : 1 USD value.
/// @param usdcAmount The amount of USDC to swap.
/// @dev Only callable by whitelisted accounts. Reverts for zero amount or insufficient liquidity.
function swapUSDCForRLUSD(uint256 usdcAmount) public virtual nonReentrant {
if (!_whitelist[msg.sender]) revert NotAuthorised();
if (usdcAmount == 0) revert AmountZero();
// Cache variables for gas efficiency
uint256 _factor = conversionFactor;
IERC20 _usdc = usdcToken;
IERC20 _rlusd = rlusdToken;
uint256 rlusdAmount = usdcAmount * _factor;
if (rlusdAmount == 0) revert AmountTooSmall();
if (_rlusd.balanceOf(address(this)) < rlusdAmount) revert InsufficientRLUSD();
_usdc.safeTransferFrom(msg.sender, address(this), usdcAmount);
_rlusd.safeTransfer(msg.sender, rlusdAmount);
emit SwapExecuted(msg.sender, address(_usdc), usdcAmount, address(_rlusd), rlusdAmount);
}
/* --------------------------------------------------------------------- */
/* Emergency / owner-tools */
/* --------------------------------------------------------------------- */
/// @notice Owner can withdraw any ERC-20 token (including RLUSD/USDC).
/// @param tokenAddress The address of the token to rescue.
/// @param amount The amount to rescue.
/// @param to The recipient address.
/// @dev Only callable by the owner. Reverts for zero token address or zero recipient.
function rescueTokens(address tokenAddress, uint256 amount, address to)
public
virtual
onlyOwner
{
if (tokenAddress == address(0)) revert ZeroTokenAddress();
if (to == address(0)) revert ZeroRecipient();
IERC20(tokenAddress).safeTransfer(to, amount);
emit TokensRescued(tokenAddress, amount, to);
}
/* --------------------------------------------------------------------- */
/* Storage gap for future upgrades */
/* --------------------------------------------------------------------- */
/// @dev Storage gap for future upgrades.
uint256[50] private __gap;
}
"
},
"lib/openzeppelin-contracts-upgradeable/contracts/utils/PausableUpgradeable.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/Pausable.sol)
pragma solidity ^0.8.20;
import {ContextUpgradeable} from "../utils/ContextUpgradeable.sol";
import {Initializable} from "../proxy/utils/Initializable.sol";
/**
* @dev Contract module which allows children to implement an emergency stop
* mechanism that can be triggered by an authorized account.
*
* This module is used through inheritance. It will make available the
* modifiers `whenNotPaused` and `whenPaused`, which can be applied to
* the functions of your contract. Note that they will not be pausable by
* simply including this module, only once the modifiers are put in place.
*/
abstract contract PausableUpgradeable is Initializable, ContextUpgradeable {
/// @custom:storage-location erc7201:openzeppelin.storage.Pausable
struct PausableStorage {
bool _paused;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Pausable")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant PausableStorageLocation = 0xcd5ed15c6e187e77e9aee88184c21f4f2182ab5827cb3b7e07fbedcd63f03300;
function _getPausableStorage() private pure returns (PausableStorage storage $) {
assembly {
$.slot := PausableStorageLocation
}
}
/**
* @dev Emitted when the pause is triggered by `account`.
*/
event Paused(address account);
/**
* @dev Emitted when the pause is lifted by `account`.
*/
event Unpaused(address account);
/**
* @dev The operation failed because the contract is paused.
*/
error EnforcedPause();
/**
* @dev The operation failed because the contract is not paused.
*/
error ExpectedPause();
/**
* @dev Initializes the contract in unpaused state.
*/
function __Pausable_init() internal onlyInitializing {
__Pausable_init_unchained();
}
function __Pausable_init_unchained() internal onlyInitializing {
PausableStorage storage $ = _getPausableStorage();
$._paused = false;
}
/**
* @dev Modifier to make a function callable only when the contract is not paused.
*
* Requirements:
*
* - The contract must not be paused.
*/
modifier whenNotPaused() {
_requireNotPaused();
_;
}
/**
* @dev Modifier to make a function callable only when the contract is paused.
*
* Requirements:
*
* - The contract must be paused.
*/
modifier whenPaused() {
_requirePaused();
_;
}
/**
* @dev Returns true if the contract is paused, and false otherwise.
*/
function paused() public view virtual returns (bool) {
PausableStorage storage $ = _getPausableStorage();
return $._paused;
}
/**
* @dev Throws if the contract is paused.
*/
function _requireNotPaused() internal view virtual {
if (paused()) {
revert EnforcedPause();
}
}
/**
* @dev Throws if the contract is not paused.
*/
function _requirePaused() internal view virtual {
if (!paused()) {
revert ExpectedPause();
}
}
/**
* @dev Triggers stopped state.
*
* Requirements:
*
* - The contract must not be paused.
*/
function _pause() internal virtual whenNotPaused {
PausableStorage storage $ = _getPausableStorage();
$._paused = true;
emit Paused(_msgSender());
}
/**
* @dev Returns to normal state.
*
* Requirements:
*
* - The contract must be paused.
*/
function _unpause() internal virtual whenPaused {
PausableStorage storage $ = _getPausableStorage();
$._paused = false;
emit Unpaused(_msgSender());
}
}
"
},
"lib/openzeppelin-contracts-upgradeable/contracts/proxy/utils/Initializable.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (proxy/utils/Initializable.sol)
pragma solidity ^0.8.20;
/**
* @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
* behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
* external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
* function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
*
* The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
* reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
* case an upgrade adds a module that needs to be initialized.
*
* For example:
*
* [.hljs-theme-light.nopadding]
* ```solidity
* contract MyToken is ERC20Upgradeable {
* function initialize() initializer public {
* __ERC20_init("MyToken", "MTK");
* }
* }
*
* contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
* function initializeV2() reinitializer(2) public {
* __ERC20Permit_init("MyToken");
* }
* }
* ```
*
* TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
* possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
*
* CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
* that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
*
* [CAUTION]
* ====
* Avoid leaving a contract uninitialized.
*
* An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
* contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
* the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
*
* [.hljs-theme-light.nopadding]
* ```
* /// @custom:oz-upgrades-unsafe-allow constructor
* constructor() {
* _disableInitializers();
* }
* ```
* ====
*/
abstract contract Initializable {
/**
* @dev Storage of the initializable contract.
*
* It's implemented on a custom ERC-7201 namespace to reduce the risk of storage collisions
* when using with upgradeable contracts.
*
* @custom:storage-location erc7201:openzeppelin.storage.Initializable
*/
struct InitializableStorage {
/**
* @dev Indicates that the contract has been initialized.
*/
uint64 _initialized;
/**
* @dev Indicates that the contract is in the process of being initialized.
*/
bool _initializing;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Initializable")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant INITIALIZABLE_STORAGE = 0xf0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a00;
/**
* @dev The contract is already initialized.
*/
error InvalidInitialization();
/**
* @dev The contract is not initializing.
*/
error NotInitializing();
/**
* @dev Triggered when the contract has been initialized or reinitialized.
*/
event Initialized(uint64 version);
/**
* @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
* `onlyInitializing` functions can be used to initialize parent contracts.
*
* Similar to `reinitializer(1)`, except that in the context of a constructor an `initializer` may be invoked any
* number of times. This behavior in the constructor can be useful during testing and is not expected to be used in
* production.
*
* Emits an {Initialized} event.
*/
modifier initializer() {
// solhint-disable-next-line var-name-mixedcase
InitializableStorage storage $ = _getInitializableStorage();
// Cache values to avoid duplicated sloads
bool isTopLevelCall = !$._initializing;
uint64 initialized = $._initialized;
// Allowed calls:
// - initialSetup: the contract is not in the initializing state and no previous version was
// initialized
// - construction: the contract is initialized at version 1 (no reininitialization) and the
// current contract is just being deployed
bool initialSetup = initialized == 0 && isTopLevelCall;
bool construction = initialized == 1 && address(this).code.length == 0;
if (!initialSetup && !construction) {
revert InvalidInitialization();
}
$._initialized = 1;
if (isTopLevelCall) {
$._initializing = true;
}
_;
if (isTopLevelCall) {
$._initializing = false;
emit Initialized(1);
}
}
/**
* @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
* contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
* used to initialize parent contracts.
*
* A reinitializer may be used after the original initialization step. This is essential to configure modules that
* are added through upgrades and that require initialization.
*
* When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`
* cannot be nested. If one is invoked in the context of another, execution will revert.
*
* Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
* a contract, executing them in the right order is up to the developer or operator.
*
* WARNING: Setting the version to 2**64 - 1 will prevent any future reinitialization.
*
* Emits an {Initialized} event.
*/
modifier reinitializer(uint64 version) {
// solhint-disable-next-line var-name-mixedcase
InitializableStorage storage $ = _getInitializableStorage();
if ($._initializing || $._initialized >= version) {
revert InvalidInitialization();
}
$._initialized = version;
$._initializing = true;
_;
$._initializing = false;
emit Initialized(version);
}
/**
* @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
* {initializer} and {reinitializer} modifiers, directly or indirectly.
*/
modifier onlyInitializing() {
_checkInitializing();
_;
}
/**
* @dev Reverts if the contract is not in an initializing state. See {onlyInitializing}.
*/
function _checkInitializing() internal view virtual {
if (!_isInitializing()) {
revert NotInitializing();
}
}
/**
* @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
* Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
* to any version. It is recommended to use this to lock implementation contracts that are designed to be called
* through proxies.
*
* Emits an {Initialized} event the first time it is successfully executed.
*/
function _disableInitializers() internal virtual {
// solhint-disable-next-line var-name-mixedcase
InitializableStorage storage $ = _getInitializableStorage();
if ($._initializing) {
revert InvalidInitialization();
}
if ($._initialized != type(uint64).max) {
$._initialized = type(uint64).max;
emit Initialized(type(uint64).max);
}
}
/**
* @dev Returns the highest version that has been initialized. See {reinitializer}.
*/
function _getInitializedVersion() internal view returns (uint64) {
return _getInitializableStorage()._initialized;
}
/**
* @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.
*/
function _isInitializing() internal view returns (bool) {
return _getInitializableStorage()._initializing;
}
/**
* @dev Returns a pointer to the storage namespace.
*/
// solhint-disable-next-line var-name-mixedcase
function _getInitializableStorage() private pure returns (InitializableStorage storage $) {
assembly {
$.slot := INITIALIZABLE_STORAGE
}
}
}
"
},
"lib/openzeppelin-contracts-upgradeable/contracts/proxy/utils/UUPSUpgradeable.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (proxy/utils/UUPSUpgradeable.sol)
pragma solidity ^0.8.20;
import {IERC1822Proxiable} from "@openzeppelin/contracts/interfaces/draft-IERC1822.sol";
import {ERC1967Utils} from "@openzeppelin/contracts/proxy/ERC1967/ERC1967Utils.sol";
import {Initializable} from "./Initializable.sol";
/**
* @dev An upgradeability mechanism designed for UUPS proxies. The functions included here can perform an upgrade of an
* {ERC1967Proxy}, when this contract is set as the implementation behind such a proxy.
*
* A security mechanism ensures that an upgrade does not turn off upgradeability accidentally, although this risk is
* reinstated if the upgrade retains upgradeability but removes the security mechanism, e.g. by replacing
* `UUPSUpgradeable` with a custom implementation of upgrades.
*
* The {_authorizeUpgrade} function must be overridden to include access restriction to the upgrade mechanism.
*/
abstract contract UUPSUpgradeable is Initializable, IERC1822Proxiable {
/// @custom:oz-upgrades-unsafe-allow state-variable-immutable
address private immutable __self = address(this);
/**
* @dev The version of the upgrade interface of the contract. If this getter is missing, both `upgradeTo(address)`
* and `upgradeToAndCall(address,bytes)` are present, and `upgradeTo` must be used if no function should be called,
* while `upgradeToAndCall` will invoke the `receive` function if the second argument is the empty byte string.
* If the getter returns `"5.0.0"`, only `upgradeToAndCall(address,bytes)` is present, and the second argument must
* be the empty byte string if no function should be called, making it impossible to invoke the `receive` function
* during an upgrade.
*/
string public constant UPGRADE_INTERFACE_VERSION = "5.0.0";
/**
* @dev The call is from an unauthorized context.
*/
error UUPSUnauthorizedCallContext();
/**
* @dev The storage `slot` is unsupported as a UUID.
*/
error UUPSUnsupportedProxiableUUID(bytes32 slot);
/**
* @dev Check that the execution is being performed through a delegatecall call and that the execution context is
* a proxy contract with an implementation (as defined in ERC-1967) pointing to self. This should only be the case
* for UUPS and transparent proxies that are using the current contract as their implementation. Execution of a
* function through ERC-1167 minimal proxies (clones) would not normally pass this test, but is not guaranteed to
* fail.
*/
modifier onlyProxy() {
_checkProxy();
_;
}
/**
* @dev Check that the execution is not being performed through a delegate call. This allows a function to be
* callable on the implementing contract but not through proxies.
*/
modifier notDelegated() {
_checkNotDelegated();
_;
}
function __UUPSUpgradeable_init() internal onlyInitializing {
}
function __UUPSUpgradeable_init_unchained() internal onlyInitializing {
}
/**
* @dev Implementation of the ERC-1822 {proxiableUUID} function. This returns the storage slot used by the
* implementation. It is used to validate the implementation's compatibility when performing an upgrade.
*
* IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks
* bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this
* function revert if invoked through a proxy. This is guaranteed by the `notDelegated` modifier.
*/
function proxiableUUID() external view virtual notDelegated returns (bytes32) {
return ERC1967Utils.IMPLEMENTATION_SLOT;
}
/**
* @dev Upgrade the implementation of the proxy to `newImplementation`, and subsequently execute the function call
* encoded in `data`.
*
* Calls {_authorizeUpgrade}.
*
* Emits an {Upgraded} event.
*
* @custom:oz-upgrades-unsafe-allow-reachable delegatecall
*/
function upgradeToAndCall(address newImplementation, bytes memory data) public payable virtual onlyProxy {
_authorizeUpgrade(newImplementation);
_upgradeToAndCallUUPS(newImplementation, data);
}
/**
* @dev Reverts if the execution is not performed via delegatecall or the execution
* context is not of a proxy with an ERC-1967 compliant implementation pointing to self.
* See {_onlyProxy}.
*/
function _checkProxy() internal view virtual {
if (
address(this) == __self || // Must be called through delegatecall
ERC1967Utils.getImplementation() != __self // Must be called through an active proxy
) {
revert UUPSUnauthorizedCallContext();
}
}
/**
* @dev Reverts if the execution is performed via delegatecall.
* See {notDelegated}.
*/
function _checkNotDelegated() internal view virtual {
if (address(this) != __self) {
// Must not be called through delegatecall
revert UUPSUnauthorizedCallContext();
}
}
/**
* @dev Function that should revert when `msg.sender` is not authorized to upgrade the contract. Called by
* {upgradeToAndCall}.
*
* Normally, this function will use an xref:access.adoc[access control] modifier such as {Ownable-onlyOwner}.
*
* ```solidity
* function _authorizeUpgrade(address) internal onlyOwner {}
* ```
*/
function _authorizeUpgrade(address newImplementation) internal virtual;
/**
* @dev Performs an implementation upgrade with a security check for UUPS proxies, and additional setup call.
*
* As a security check, {proxiableUUID} is invoked in the new implementation, and the return value
* is expected to be the implementation slot in ERC-1967.
*
* Emits an {IERC1967-Upgraded} event.
*/
function _upgradeToAndCallUUPS(address newImplementation, bytes memory data) private {
try IERC1822Proxiable(newImplementation).proxiableUUID() returns (bytes32 slot) {
if (slot != ERC1967Utils.IMPLEMENTATION_SLOT) {
revert UUPSUnsupportedProxiableUUID(slot);
}
ERC1967Utils.upgradeToAndCall(newImplementation, data);
} catch {
// The implementation is not UUPS
revert ERC1967Utils.ERC1967InvalidImplementation(newImplementation);
}
}
}
"
},
"lib/openzeppelin-contracts-upgradeable/contracts/access/OwnableUpgradeable.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable.sol)
pragma solidity ^0.8.20;
import {ContextUpgradeable} from "../utils/ContextUpgradeable.sol";
import {Initializable} from "../proxy/utils/Initializable.sol";
/**
* @dev Contract module which provides a basic access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* The initial owner is set to the address provided by the deployer. This can
* later be changed with {transferOwnership}.
*
* This module is used through inheritance. It will make available the modifier
* `onlyOwner`, which can be applied to your functions to restrict their use to
* the owner.
*/
abstract contract OwnableUpgradeable is Initializable, ContextUpgradeable {
/// @custom:storage-location erc7201:openzeppelin.storage.Ownable
struct OwnableStorage {
address _owner;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Ownable")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant OwnableStorageLocation = 0x9016d09d72d40fdae2fd8ceac6b6234c7706214fd39c1cd1e609a0528c199300;
function _getOwnableStorage() private pure returns (OwnableStorage storage $) {
assembly {
$.slot := OwnableStorageLocation
}
}
/**
* @dev The caller account is not authorized to perform an operation.
*/
error OwnableUnauthorizedAccount(address account);
/**
* @dev The owner is not a valid owner account. (eg. `address(0)`)
*/
error OwnableInvalidOwner(address owner);
event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
/**
* @dev Initializes the contract setting the address provided by the deployer as the initial owner.
*/
function __Ownable_init(address initialOwner) internal onlyInitializing {
__Ownable_init_unchained(initialOwner);
}
function __Ownable_init_unchained(address initialOwner) internal onlyInitializing {
if (initialOwner == address(0)) {
revert OwnableInvalidOwner(address(0));
}
_transferOwnership(initialOwner);
}
/**
* @dev Throws if called by any account other than the owner.
*/
modifier onlyOwner() {
_checkOwner();
_;
}
/**
* @dev Returns the address of the current owner.
*/
function owner() public view virtual returns (address) {
OwnableStorage storage $ = _getOwnableStorage();
return $._owner;
}
/**
* @dev Throws if the sender is not the owner.
*/
function _checkOwner() internal view virtual {
if (owner() != _msgSender()) {
revert OwnableUnauthorizedAccount(_msgSender());
}
}
/**
* @dev Leaves the contract without owner. It will not be possible to call
* `onlyOwner` functions. Can only be called by the current owner.
*
* NOTE: Renouncing ownership will leave the contract without an owner,
* thereby disabling any functionality that is only available to the owner.
*/
function renounceOwnership() public virtual onlyOwner {
_transferOwnership(address(0));
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Can only be called by the current owner.
*/
function transferOwnership(address newOwner) public virtual onlyOwner {
if (newOwner == address(0)) {
revert OwnableInvalidOwner(address(0));
}
_transferOwnership(newOwner);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Internal function without access restriction.
*/
function _transferOwnership(address newOwner) internal virtual {
OwnableStorage storage $ = _getOwnableStorage();
address oldOwner = $._owner;
$._owner = newOwner;
emit OwnershipTransferred(oldOwner, newOwner);
}
}
"
},
"lib/openzeppelin-contracts-upgradeable/contracts/utils/ReentrancyGuardUpgradeable.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/ReentrancyGuard.sol)
pragma solidity ^0.8.20;
import {Initializable} from "../proxy/utils/Initializable.sol";
/**
* @dev Contract module that helps prevent reentrant calls to a function.
*
* Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier
* available, which can be applied to functions to make sure there are no nested
* (reentrant) calls to them.
*
* Note that because there is a single `nonReentrant` guard, functions marked as
* `nonReentrant` may not call one another. This can be worked around by making
* those functions `private`, and then adding `external` `nonReentrant` entry
* points to them.
*
* TIP: If EIP-1153 (transient storage) is available on the chain you're deploying at,
* consider using {ReentrancyGuardTransient} instead.
*
* TIP: If you would like to learn more about reentrancy and alternative ways
* to protect against it, check out our blog post
* https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul].
*/
abstract contract ReentrancyGuardUpgradeable is Initializable {
// Booleans are more expensive than uint256 or any type that takes up a full
// word because each write operation emits an extra SLOAD to first read the
// slot's contents, replace the bits taken up by the boolean, and then write
// back. This is the compiler's defense against contract upgrades and
// pointer aliasing, and it cannot be disabled.
// The values being non-zero value makes deployment a bit more expensive,
// but in exchange the refund on every call to nonReentrant will be lower in
// amount. Since refunds are capped to a percentage of the total
// transaction's gas, it is best to keep them low in cases like this one, to
// increase the likelihood of the full refund coming into effect.
uint256 private constant NOT_ENTERED = 1;
uint256 private constant ENTERED = 2;
/// @custom:storage-location erc7201:openzeppelin.storage.ReentrancyGuard
struct ReentrancyGuardStorage {
uint256 _status;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.ReentrancyGuard")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant ReentrancyGuardStorageLocation = 0x9b779b17422d0df92223018b32b4d1fa46e071723d6817e2486d003becc55f00;
function _getReentrancyGuardStorage() private pure returns (ReentrancyGuardStorage storage $) {
assembly {
$.slot := ReentrancyGuardStorageLocation
}
}
/**
* @dev Unauthorized reentrant call.
*/
error ReentrancyGuardReentrantCall();
function __ReentrancyGuard_init() internal onlyInitializing {
__ReentrancyGuard_init_unchained();
}
function __ReentrancyGuard_init_unchained() internal onlyInitializing {
ReentrancyGuardStorage storage $ = _getReentrancyGuardStorage();
$._status = NOT_ENTERED;
}
/**
* @dev Prevents a contract from calling itself, directly or indirectly.
* Calling a `nonReentrant` function from another `nonReentrant`
* function is not supported. It is possible to prevent this from happening
* by making the `nonReentrant` function external, and making it call a
* `private` function that does the actual work.
*/
modifier nonReentrant() {
_nonReentrantBefore();
_;
_nonReentrantAfter();
}
function _nonReentrantBefore() private {
ReentrancyGuardStorage storage $ = _getReentrancyGuardStorage();
// On the first call to nonReentrant, _status will be NOT_ENTERED
if ($._status == ENTERED) {
revert ReentrancyGuardReentrantCall();
}
// Any calls to nonReentrant after this point will fail
$._status = ENTERED;
}
function _nonReentrantAfter() private {
ReentrancyGuardStorage storage $ = _getReentrancyGuardStorage();
// By storing the original value once again, a refund is triggered (see
// https://eips.ethereum.org/EIPS/eip-2200)
$._status = NOT_ENTERED;
}
/**
* @dev Returns true if the reentrancy guard is currently set to "entered", which indicates there is a
* `nonReentrant` function in the call stack.
*/
function _reentrancyGuardEntered() internal view returns (bool) {
ReentrancyGuardStorage storage $ = _getReentrancyGuardStorage();
return $._status == ENTERED;
}
}
"
},
"lib/openzeppelin-contracts/contracts/token/ERC20/IERC20.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (token/ERC20/IERC20.sol)
pragma solidity ^0.8.20;
/**
* @dev Interface of the ERC-20 standard as defined in the ERC.
*/
interface IERC20 {
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
/**
* @dev Returns the value of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the value of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves a `value` amount of tokens from the caller's account to `to`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address to, uint256 value) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets a `value` amount of tokens as the allowance of `spender` over the
* caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 value) external returns (bool);
/**
* @dev Moves a `value` amount of tokens from `from` to `to` using the
* allowance mechanism. `value` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(address from, address to, uint256 value) external returns (bool);
}
"
},
"lib/openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (token/ERC20/utils/SafeERC20.sol)
pragma solidity ^0.8.20;
import {IERC20} from "../IERC20.sol";
import {IERC1363} from "../../../interfaces/IERC1363.sol";
import {Address} from "../../../utils/Address.sol";
/**
* @title SafeERC20
* @dev Wrappers around ERC-20 operations that throw on failure (when the token
* contract returns false). Tokens that return no value (and instead revert or
* throw on failure) are also supported, non-reverting calls are assumed to be
* successful.
* To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
* which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
*/
library SafeERC20 {
/**
* @dev An operation with an ERC-20 token failed.
*/
error SafeERC20FailedOperation(address token);
/**
* @dev Indicates a failed `decreaseAllowance` request.
*/
error SafeERC20FailedDecreaseAllowance(address spender, uint256 currentAllowance, uint256 requestedDecrease);
/**
* @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeTransfer(IERC20 token, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeCall(token.transfer, (to, value)));
}
/**
* @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the
* calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.
*/
function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeCall(token.transferFrom, (from, to, value)));
}
/**
* @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*
* IMPORTANT: If the token implements ERC-7674 (ERC-20 with temporary allowance), and if the "client"
* smart contract uses ERC-7674 to set temporary allowances, then the "client" smart contract should avoid using
* this function. Performing a {safeIncreaseAllowance} or {safeDecreaseAllowance} operation on a token contract
* that has a non-zero temporary allowance (for that particular owner-spender) will result in unexpected behavior.
*/
function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {
uint256 oldAllowance = token.allowance(address(this), spender);
forceApprove(token, spender, oldAllowance + value);
}
/**
* @dev Decrease the calling contract's allowance toward `spender` by `requestedDecrease`. If `token` returns no
* value, non-reverting calls are assumed to be successful.
*
* IMPORTANT: If the token implements ERC-7674 (ERC-20 with temporary allowance), and if the "client"
* smart contract uses ERC-7674 to set temporary allowances, then the "client" smart contract should avoid using
* this function. Performing a {safeIncreaseAllowance} or {safeDecreaseAllowance} operation on a token contract
* that has a non-zero temporary allowance (for that particular owner-spender) will result in unexpected behavior.
*/
function safeDecreaseAllowance(IERC20 token, address spender, uint256 requestedDecrease) internal {
unchecked {
uint256 currentAllowance = token.allowance(address(this), spender);
if (currentAllowance < requestedDecrease) {
revert SafeERC20FailedDecreaseAllowance(spender, currentAllowance, requestedDecrease);
}
forceApprove(token, spender, currentAllowance - requestedDecrease);
}
}
/**
* @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval
* to be set to zero before setting it to a non-zero value, such as USDT.
*
* NOTE: If the token implements ERC-7674, this function will not modify any temporary allowance. This function
* only sets the "standard" allowance. Any temporary allowance will remain active, in addition to the value being
* set here.
*/
function forceApprove(IERC20 token, address spender, uint256 value) internal {
bytes memory approvalCall = abi.encodeCall(token.approve, (spender, value));
if (!_callOptionalReturnBool(token, approvalCall)) {
_callOptionalReturn(token, abi.encodeCall(token.approve, (spender, 0)));
_callOptionalReturn(token, approvalCall);
}
}
/**
* @dev Performs an {ERC1363} transferAndCall, with a fallback to the simple {ERC20} transfer if the target has no
* code. This can be used to implement an {ERC721}-like safe transfer that rely on {ERC1363} checks when
* targeting contracts.
*
* Reverts if the returned value is other than `true`.
*/
function transferAndCallRelaxed(IERC1363 token, address to, uint256 value, bytes memory data) internal {
if (to.code.length == 0) {
safeTransfer(token, to, value);
} else if (!token.transferAndCall(to, value, data)) {
revert SafeERC20FailedOperation(address(token));
}
}
/**
* @dev Performs an {ERC1363} transferFromAndCall, with a fallback to the simple {ERC20} transferFrom if the target
* has no code. This can be used to implement an {ERC721}-like safe transfer that rely on {ERC1363} checks when
* targeting contracts.
*
* Reverts if the returned value is other than `true`.
*/
function transferFromAndCallRelaxed(
IERC1363 token,
address from,
address to,
uint256 value,
bytes memory data
) internal {
if (to.code.length == 0) {
safeTransferFrom(token, from, to, value);
} else if (!token.transferFromAndCall(from, to, value, data)) {
revert SafeERC20FailedOperation(address(token));
}
}
/**
* @dev Performs an {ERC1363} approveAndCall, with a fallback to the simple {ERC20} approve if the target has no
* code. This can be used to implement an {ERC721}-like safe transfer that rely on {ERC1363} checks when
* targeting contracts.
*
* NOTE: When the recipient address (`to`) has no code (i.e. is an EOA), this function behaves as {forceApprove}.
* Opposedly, when the recipient address (`to`) has code, this function only attempts to call {ERC1363-approveAndCall}
* once without retrying, and relies on the returned value to be true.
*
* Reverts if the returned value is other than `true`.
*/
function approveAndCallRelaxed(IERC1363 token, address to, uint256 value, bytes memory data) internal {
if (to.code.length == 0) {
forceApprove(token, to, value);
} else if (!token.approveAndCall(to, value, data)) {
revert SafeERC20FailedOperation(address(token));
}
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*
* This is a variant of {_callOptionalReturnBool} that reverts if call fails to meet the requirements.
*/
function _callOptionalReturn(IERC20 token, bytes memory data) private {
uint256 returnSize;
uint256 returnValue;
assembly ("memory-safe") {
let success := call(gas(), token, 0, add(data, 0x20), mload(data), 0, 0x20)
// bubble errors
if iszero(success) {
let ptr := mload(0x40)
returndatacopy(ptr, 0, returndatasize())
revert(ptr, returndatasize())
}
returnSize := returndatasize()
returnValue := mload(0)
}
if (returnSize == 0 ? address(token).code.length == 0 : returnValue != 1) {
revert SafeERC20FailedOperation(address(token));
}
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*
* This is a variant of {_callOptionalReturn} that silently catches all reverts and returns a bool instead.
*/
function _callOptionalReturnBool(IERC20 token, bytes memory data) private returns (bool) {
bool success;
uint256 returnSize;
uint256 returnValue;
assembly ("memory-safe") {
success := call(gas(), token, 0, add(data, 0x20), mload(data), 0, 0x20)
returnSize := returndatasize()
returnValue := mload(0)
}
return success && (returnSize == 0 ? address(token).code.length > 0 : returnValue == 1);
}
}
"
},
"lib/openzeppelin-contracts/contracts/token/ERC20/extensions/IERC20Metadata.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (token/ERC20/extensions/IERC20Metadata.sol)
pragma solidity ^0.8.20;
import {IERC20} from "../IERC20.sol";
/**
* @dev Interface for the optional metadata functions from the ERC-20 standard.
*/
interface IERC20Metadata is IERC20 {
/**
* @dev Returns the name of the token.
*/
function name() external view returns (string memory);
/**
* @dev Returns the symbol of the token.
*/
function symbol() external view returns (string memory);
/**
* @dev Returns the decimals places of the token.
*/
function decimals() external view returns (uint8);
}
"
},
"lib/openzeppelin-contracts-upgradeable/contracts/utils/ContextUpgradeable.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)
pragma solidity ^0.8.20;
import {Initializable} from "../proxy/utils/Initializable.sol";
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract ContextUpgradeable is Initializable {
function __Context_init() internal onlyInitializing {
}
function __Context_init_unchained() internal onlyInitializing {
}
function _msgSender() internal view viSubmitted on: 2025-10-16 09:16:02
Comments
Log in to comment.
No comments yet.