Description:
Proxy contract enabling upgradeable smart contract patterns. Delegates calls to an implementation contract.
Blockchain: Ethereum
Source Code: View Code On The Blockchain
Solidity Source Code:
{{
"language": "Solidity",
"sources": {
"src/Staking.sol": {
"content": "// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;
import {Initializable} from "openzeppelin-upgradeable/proxy/utils/Initializable.sol";
import {AccessControlEnumerableUpgradeable} from
"openzeppelin-upgradeable/access/AccessControlEnumerableUpgradeable.sol";
import {Math} from "openzeppelin/utils/math/Math.sol";
import {IERC20} from "openzeppelin/token/ERC20/IERC20.sol";
import {SafeERC20Upgradeable} from "openzeppelin-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol";
import {ProtocolEvents} from "./interfaces/ProtocolEvents.sol";
import {IDepositContract} from "./interfaces/IDepositContract.sol";
import {IMETH} from "./interfaces/IMETH.sol";
import {IOracleReadRecord, OracleRecord} from "./interfaces/IOracle.sol";
import {IPauserRead} from "./interfaces/IPauser.sol";
import {IStaking, IStakingReturnsWrite, IStakingInitiationRead} from "./interfaces/IStaking.sol";
import {UnstakeRequest, IUnstakeRequestsManager} from "./interfaces/IUnstakeRequestsManager.sol";
import {ILiquidityBuffer} from "./liquidityBuffer/interfaces/ILiquidityBuffer.sol";
/// @notice Events emitted by the staking contract.
interface StakingEvents {
/// @notice Emitted when a user stakes ETH and receives mETH.
/// @param staker The address of the user staking ETH.
/// @param ethAmount The amount of ETH staked.
/// @param mETHAmount The amount of mETH received.
event Staked(address indexed staker, uint256 ethAmount, uint256 mETHAmount);
/// @notice Emitted when a user unstakes mETH in exchange for ETH.
/// @param id The ID of the unstake request.
/// @param staker The address of the user unstaking mETH.
/// @param ethAmount The amount of ETH that the staker will receive.
/// @param mETHLocked The amount of mETH that will be burned.
event UnstakeRequested(uint256 indexed id, address indexed staker, uint256 ethAmount, uint256 mETHLocked);
/// @notice Emitted when a user claims their unstake request.
/// @param id The ID of the unstake request.
/// @param staker The address of the user claiming their unstake request.
event UnstakeRequestClaimed(uint256 indexed id, address indexed staker);
/// @notice Emitted when a validator has been initiated (i.e. the protocol has deposited into the deposit contract).
/// @param id The ID of the validator which is the hash of its pubkey.
/// @param operatorID The ID of the node operator to which the validator belongs to.
/// @param pubkey The pubkey of the validator.
/// @param amountDeposited The amount of ETH deposited into the deposit contract for that validator.
event ValidatorInitiated(bytes32 indexed id, uint256 indexed operatorID, bytes pubkey, uint256 amountDeposited);
/// @notice Emitted when the protocol has allocated ETH to the UnstakeRequestsManager.
/// @param amount The amount of ETH allocated to the UnstakeRequestsManager.
event AllocatedETHToUnstakeRequestsManager(uint256 amount);
/// @notice Emitted when the protocol has allocated ETH to use for deposits into the deposit contract.
/// @param amount The amount of ETH allocated to deposits.
event AllocatedETHToDeposits(uint256 amount);
/// @notice Emitted when the protocol has received returns from the returns aggregator.
/// @param amount The amount of ETH received.
event ReturnsReceived(uint256 amount);
/// @notice Emitted when the protocol has received returns from the returns aggregator.
/// @param amount The amount of ETH received.
event ReturnsReceivedFromLiquidityBuffer(uint256 amount);
/// @notice Emitted when the protocol has allocated ETH to the liquidity buffer.
/// @param amount The amount of ETH allocated to the liquidity buffer.
event AllocatedETHToLiquidityBuffer(uint256 amount);
}
/// @title Staking
/// @notice Manages stake and unstake requests by users, keeps track of the total amount of ETH controlled by the
/// protocol, and initiates new validators.
contract Staking is Initializable, AccessControlEnumerableUpgradeable, IStaking, StakingEvents, ProtocolEvents {
// Errors.
error DoesNotReceiveETH();
error InvalidConfiguration();
error MaximumValidatorDepositExceeded();
error MaximumMETHSupplyExceeded();
error MinimumStakeBoundNotSatisfied();
error MinimumUnstakeBoundNotSatisfied();
error MinimumValidatorDepositNotSatisfied();
error NotEnoughDepositETH();
error NotEnoughUnallocatedETH();
error NotReturnsAggregator();
error NotLiquidityBuffer();
error NotUnstakeRequestsManager();
error Paused();
error PreviouslyUsedValidator();
error ZeroAddress();
error InvalidDepositRoot(bytes32);
error StakeBelowMinimumMETHAmount(uint256 methAmount, uint256 expectedMinimum);
error UnstakeBelowMinimumETHAmount(uint256 ethAmount, uint256 expectedMinimum);
error InvalidWithdrawalCredentialsWrongLength(uint256);
error InvalidWithdrawalCredentialsNotETH1(bytes12);
error InvalidWithdrawalCredentialsWrongAddress(address);
/// @notice Role allowed trigger administrative tasks such as allocating funds to / withdrawing surplusses from the
/// UnstakeRequestsManager and setting various parameters on the contract.
bytes32 public constant STAKING_MANAGER_ROLE = keccak256("STAKING_MANAGER_ROLE");
/// @notice Role allowed to allocate funds to unstake requests manager and reserve funds to deposit into the
/// validators.
bytes32 public constant ALLOCATOR_SERVICE_ROLE = keccak256("ALLOCATER_SERVICE_ROLE");
/// @notice Role allowed to initiate new validators by sending funds from the allocatedETHForDeposits balance
/// to the beacon chain deposit contract.
bytes32 public constant INITIATOR_SERVICE_ROLE = keccak256("INITIATOR_SERVICE_ROLE");
/// @notice Role to manage the staking allowlist.
bytes32 public constant STAKING_ALLOWLIST_MANAGER_ROLE = keccak256("STAKING_ALLOWLIST_MANAGER_ROLE");
/// @notice Role allowed to stake ETH when allowlist is enabled.
bytes32 public constant STAKING_ALLOWLIST_ROLE = keccak256("STAKING_ALLOWLIST_ROLE");
/// @notice Role allowed to top up the unallocated ETH in the protocol.
bytes32 public constant TOP_UP_ROLE = keccak256("TOP_UP_ROLE");
/// @notice Payload struct submitted for validator initiation.
/// @dev See also {initiateValidatorsWithDeposits}.
struct ValidatorParams {
uint256 operatorID;
uint256 depositAmount;
bytes pubkey;
bytes withdrawalCredentials;
bytes signature;
bytes32 depositDataRoot;
}
/// @notice Keeps track of already initiated validators.
/// @dev This is tracked to ensure that we never deposit for the same validator public key twice, which is a base
/// assumption of this contract and the related off-chain accounting.
mapping(bytes pubkey => bool exists) public usedValidators;
/// @inheritdoc IStakingInitiationRead
/// @dev This is needed to account for ETH that is still in flight, i.e. that has been sent to the deposit contract
/// but has not been processed by the beacon chain yet. Once the off-chain oracle detects those deposits, they are
/// recorded as `totalDepositsProcessed` in the oracle contract to avoid double counting. See also
/// {totalControlled}.
uint256 public totalDepositedInValidators;
/// @inheritdoc IStakingInitiationRead
uint256 public numInitiatedValidators;
/// @notice The amount of ETH that is used to allocate to deposits and fill the pending unstake requests.
uint256 public unallocatedETH;
/// @notice The amount of ETH that is used deposit into validators.
uint256 public allocatedETHForDeposits;
/// @notice The minimum amount of ETH users can stake.
uint256 public minimumStakeBound;
/// @notice The minimum amount of mETH users can unstake.
uint256 public minimumUnstakeBound;
/// @notice When staking on Ethereum, validators must go through an entry queue to bring money into the system, and
/// an exit queue to bring it back out. The entry queue increases in size as more people want to stake. While the
/// money is in the entry queue, it is not earning any rewards. When a validator is active, or in the exit queue, it
/// is earning rewards. Once a validator enters the entry queue, the only way that the money can be retrieved is by
/// waiting for it to become active and then to exit it again. As of July 2023, the entry queue is approximately 40
/// days and the exit queue is 0 days (with ~6 days of processing time).
///
/// In a non-optimal scenario for the protocol, a user could stake (for example) 32 ETH to receive mETH, wait
/// until a validator enters the queue, and then request to unstake to recover their 32 ETH. Now we have 32 ETH in
/// the system which affects the exchange rate, but is not earning rewards.
///
/// In this case, the 'fair' thing to do would be to make the user wait for the queue processing to finish before
/// returning their funds. Because the tokens are fungible however, we have no way of matching 'pending' stakes to a
/// particular user. This means that in order to fulfill unstake requests quickly, we must exit a different
/// validator to return the user's funds. If we exit a validator, we can return the funds after ~5 days, but the
/// original 32 ETH will not be earning for another 35 days, leading to a small but repeatable socialised loss of
/// efficiency for the protocol. As we can only exit validators in chunks of 32 ETH, this case is also exacerbated
/// by a user unstaking smaller amounts of ETH.
///
/// To compensate for the fact that these two queues differ in length, we apply an adjustment to the exchange rate
/// to reflect the difference and mitigate its effect on the protocol. This protects the protocol from the case
/// above, and also from griefing attacks following the same principle. Essentially, when you stake you are
/// receiving a value of mETH that discounts ~35 days worth of rewards in return for being able to access your
/// money without waiting the full 40 days when unstaking. As the adjustment is applied to the exchange rate, this
/// results in a small 'improvement' to the rate for all existing stakers (i.e. it is not a fee levied by the
/// protocol itself).
///
/// As the adjustment is applied to the exchange rate, the result is reflected in any user interface which shows the
/// amount of mETH received when staking, meaning there is no surprise for users when staking or unstaking.
/// @dev The value is in basis points (1/10000).
uint16 public exchangeAdjustmentRate;
/// @dev A basis point (often denoted as bp, 1bp = 0.01%) is a unit of measure used in finance to describe
/// the percentage change in a financial instrument. This is a constant value set as 10000 which represents
/// 100% in basis point terms.
uint16 internal constant _BASIS_POINTS_DENOMINATOR = 10_000;
/// @notice The maximum amount the exchange adjustment rate (10%) that can be set by the admin.
uint16 internal constant _MAX_EXCHANGE_ADJUSTMENT_RATE = _BASIS_POINTS_DENOMINATOR / 10; // 10%
/// @notice The minimum amount of ETH that the staking contract can send to the deposit contract to initiate new
/// validators.
/// @dev This is used as an additional safeguard to prevent sending deposits that would result in non-activated
/// validators (since we don't do top-ups), that would need to be exited again to get the ETH back.
uint256 public minimumDepositAmount;
/// @notice The maximum amount of ETH that the staking contract can send to the deposit contract to initiate new
/// validators.
/// @dev This is used as an additional safeguard to prevent sending too large deposits. While this is not a critical
/// issue as any surplus >32 ETH (at the time of writing) will automatically be withdrawn again at some point, it is
/// still undesireable as it locks up not-earning ETH for the duration of the round trip decreasing the efficiency
/// of the protocol.
uint256 public maximumDepositAmount;
/// @notice The beacon chain deposit contract.
/// @dev ETH will be sent there during validator initiation.
IDepositContract public depositContract;
/// @notice The mETH token contract.
/// @dev Tokens will be minted / burned during staking / unstaking.
IMETH public mETH;
/// @notice The oracle contract.
/// @dev Tracks ETH on the beacon chain and other accounting relevant quantities.
IOracleReadRecord public oracle;
/// @notice The pauser contract.
/// @dev Keeps the pause state across the protocol.
IPauserRead public pauser;
/// @notice The contract tracking unstake requests and related allocation and claim operations.
IUnstakeRequestsManager public unstakeRequestsManager;
/// @notice The address to receive beacon chain withdrawals (i.e. validator rewards and exits).
/// @dev Changing this variable will not have an immediate effect as all exisiting validators will still have the
/// original value set.
address public withdrawalWallet;
/// @notice The address for the returns aggregator contract to push funds.
/// @dev See also {receiveReturns}.
address public returnsAggregator;
/// @notice The staking allowlist flag which, when enabled, allows staking only for addresses in allowlist.
bool public isStakingAllowlist;
/// @inheritdoc IStakingInitiationRead
/// @dev This will be used to give off-chain services a sensible point in time to start their analysis from.
uint256 public initializationBlockNumber;
/// @notice The maximum amount of mETH that can be minted during the staking process.
/// @dev This is used as an additional safeguard to create a maximum stake amount in the protocol. As the protocol
/// scales up this value will be increased to allow for more staking.
uint256 public maximumMETHSupply;
/// @notice The address for the liquidity buffer contract to push funds.
/// @dev See also {receiveReturnsFromLiquidityBuffer}.
ILiquidityBuffer public liquidityBuffer;
/// @notice Configuration for contract initialization.
struct Init {
address admin;
address manager;
address allocatorService;
address initiatorService;
address returnsAggregator;
address withdrawalWallet;
IMETH mETH;
IDepositContract depositContract;
IOracleReadRecord oracle;
IPauserRead pauser;
IUnstakeRequestsManager unstakeRequestsManager;
}
constructor() {
_disableInitializers();
}
/// @notice Inititalizes the contract.
/// @dev MUST be called during the contract upgrade to set up the proxies state.
function initialize(Init memory init) external initializer {
__AccessControlEnumerable_init();
_grantRole(DEFAULT_ADMIN_ROLE, init.admin);
_grantRole(STAKING_MANAGER_ROLE, init.manager);
_grantRole(ALLOCATOR_SERVICE_ROLE, init.allocatorService);
_grantRole(INITIATOR_SERVICE_ROLE, init.initiatorService);
// Intentionally does not set anyone as the TOP_UP_ROLE as it will only be granted
// in the off-chance that the top up functionality is required.
// Set up roles for the staking allowlist. Intentionally do not grant anyone the
// STAKING_ALLOWLIST_MANAGER_ROLE as it will only be granted later.
_setRoleAdmin(STAKING_ALLOWLIST_MANAGER_ROLE, STAKING_MANAGER_ROLE);
_setRoleAdmin(STAKING_ALLOWLIST_ROLE, STAKING_ALLOWLIST_MANAGER_ROLE);
mETH = init.mETH;
depositContract = init.depositContract;
oracle = init.oracle;
pauser = init.pauser;
returnsAggregator = init.returnsAggregator;
unstakeRequestsManager = init.unstakeRequestsManager;
withdrawalWallet = init.withdrawalWallet;
minimumStakeBound = 0.1 ether;
minimumUnstakeBound = 0.01 ether;
minimumDepositAmount = 32 ether;
maximumDepositAmount = 32 ether;
isStakingAllowlist = true;
initializationBlockNumber = block.number;
// Set the maximum mETH supply to some sensible amount which is expected to be changed as the
// protocol ramps up.
maximumMETHSupply = 1024 ether;
}
function initializeV2(ILiquidityBuffer lb) public reinitializer(2) notZeroAddress(address(lb)) {
liquidityBuffer = lb;
}
/// @notice Interface for users to stake their ETH with the protocol. Note: when allowlist is enabled, only users
/// with the allowlist can stake.
/// @dev Mints the corresponding amount of mETH (relative to the stake's share in the total ETH controlled by the
/// protocol) to the user.
/// @param minMETHAmount The minimum amount of mETH that the user expects to receive in return.
function stake(uint256 minMETHAmount) external payable {
if (pauser.isStakingPaused()) {
revert Paused();
}
if (isStakingAllowlist) {
_checkRole(STAKING_ALLOWLIST_ROLE);
}
if (msg.value < minimumStakeBound) {
revert MinimumStakeBoundNotSatisfied();
}
uint256 mETHMintAmount = ethToMETH(msg.value);
if (mETHMintAmount + mETH.totalSupply() > maximumMETHSupply) {
revert MaximumMETHSupplyExceeded();
}
if (mETHMintAmount < minMETHAmount) {
revert StakeBelowMinimumMETHAmount(mETHMintAmount, minMETHAmount);
}
// Increment unallocated ETH after calculating the exchange rate to ensure
// a consistent rate.
unallocatedETH += msg.value;
emit Staked(msg.sender, msg.value, mETHMintAmount);
mETH.mint(msg.sender, mETHMintAmount);
}
/// @notice Interface for users to submit a request to unstake.
/// @dev Transfers the specified amount of mETH to the staking contract and locks it there until it is burned on
/// request claim. The staking contract must therefore be approved to move the user's mETH on their behalf.
/// @param methAmount The amount of mETH to unstake.
/// @param minETHAmount The minimum amount of ETH that the user expects to receive.
/// @return The request ID.
function unstakeRequest(uint128 methAmount, uint128 minETHAmount) external returns (uint256) {
return _unstakeRequest(methAmount, minETHAmount);
}
/// @notice Interface for users to submit a request to unstake with an ERC20 permit.
/// @dev Transfers the specified amount of mETH to the staking contract and locks it there until it is burned on
/// request claim. The permit must therefore allow the staking contract to move the user's mETH on their behalf.
/// @return The request ID.
function unstakeRequestWithPermit(
uint128 methAmount,
uint128 minETHAmount,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) external returns (uint256) {
SafeERC20Upgradeable.safePermit(mETH, msg.sender, address(this), methAmount, deadline, v, r, s);
return _unstakeRequest(methAmount, minETHAmount);
}
/// @notice Processes a user's request to unstake by transferring the corresponding mETH to the staking contract
/// and creating the request on the unstake requests manager.
/// @param methAmount The amount of mETH to unstake.
/// @param minETHAmount The minimum amount of ETH that the user expects to receive.
function _unstakeRequest(uint128 methAmount, uint128 minETHAmount) internal returns (uint256) {
if (pauser.isUnstakeRequestsAndClaimsPaused()) {
revert Paused();
}
if (methAmount < minimumUnstakeBound) {
revert MinimumUnstakeBoundNotSatisfied();
}
uint128 ethAmount = uint128(mETHToETH(methAmount));
if (ethAmount < minETHAmount) {
revert UnstakeBelowMinimumETHAmount(ethAmount, minETHAmount);
}
uint256 requestID =
unstakeRequestsManager.create({requester: msg.sender, mETHLocked: methAmount, ethRequested: ethAmount});
emit UnstakeRequested({id: requestID, staker: msg.sender, ethAmount: ethAmount, mETHLocked: methAmount});
SafeERC20Upgradeable.safeTransferFrom(mETH, msg.sender, address(unstakeRequestsManager), methAmount);
return requestID;
}
/// @notice Interface for users to claim their finalized and filled unstaking requests.
/// @dev See also {UnstakeRequestsManager} for a more detailed explanation of finalization and request filling.
function claimUnstakeRequest(uint256 unstakeRequestID) external {
if (pauser.isUnstakeRequestsAndClaimsPaused()) {
revert Paused();
}
emit UnstakeRequestClaimed(unstakeRequestID, msg.sender);
unstakeRequestsManager.claim(unstakeRequestID, msg.sender);
}
/// @notice Returns the status of the request whether it is finalized and how much ETH has been filled.
/// See also {UnstakeRequestsManager.requestInfo} for a more detailed explanation of finalization and request
/// filling.
/// @param unstakeRequestID The ID of the unstake request.
/// @return bool indicating if the unstake request is finalized, and the amount of ETH that has been filled.
function unstakeRequestInfo(uint256 unstakeRequestID) external view returns (bool, uint256) {
return unstakeRequestsManager.requestInfo(unstakeRequestID);
}
/// @notice Withdraws any surplus from the unstake requests manager.
/// @dev The request manager is expected to return the funds by pushing them using
/// {receiveFromUnstakeRequestsManager}.
function reclaimAllocatedETHSurplus() external onlyRole(STAKING_MANAGER_ROLE) {
// Calls the receiveFromUnstakeRequestsManager() where we perform
// the accounting.
unstakeRequestsManager.withdrawAllocatedETHSurplus();
}
/// @notice Allocates ETH from the unallocatedETH balance to the unstake requests manager to fill pending requests
/// and adds to the allocatedETHForDeposits balance that is used to initiate new validators.
function allocateETH(uint256 allocateToUnstakeRequestsManager, uint256 allocateToDeposits, uint256 allocateToLiquidityBuffer)
external
onlyRole(ALLOCATOR_SERVICE_ROLE)
{
if (pauser.isAllocateETHPaused()) {
revert Paused();
}
if (allocateToUnstakeRequestsManager + allocateToDeposits + allocateToLiquidityBuffer > unallocatedETH) {
revert NotEnoughUnallocatedETH();
}
unallocatedETH -= allocateToUnstakeRequestsManager + allocateToDeposits + allocateToLiquidityBuffer;
if (allocateToDeposits > 0) {
allocatedETHForDeposits += allocateToDeposits;
emit AllocatedETHToDeposits(allocateToDeposits);
}
if (allocateToUnstakeRequestsManager > 0) {
emit AllocatedETHToUnstakeRequestsManager(allocateToUnstakeRequestsManager);
unstakeRequestsManager.allocateETH{value: allocateToUnstakeRequestsManager}();
}
if (allocateToLiquidityBuffer > 0) {
emit AllocatedETHToLiquidityBuffer(allocateToLiquidityBuffer);
liquidityBuffer.depositETH{value: allocateToLiquidityBuffer}();
}
}
/// @notice Initiates new validators by sending ETH to the beacon chain deposit contract.
/// @dev Cannot initiate the same validator (public key) twice. Since BLS signatures cannot be feasibly verified on
/// the EVM, the caller must carefully make sure that the sent payloads (public keys + signatures) are correct,
/// otherwise the sent ETH will be lost.
function initiateValidatorsWithDeposits(ValidatorParams[] calldata validators, bytes32 expectedDepositRoot)
external
onlyRole(INITIATOR_SERVICE_ROLE)
{
if (pauser.isInitiateValidatorsPaused()) {
revert Paused();
}
if (validators.length == 0) {
return;
}
// Check that the deposit root matches the given value. This ensures that the deposit contract state
// has not changed since the transaction was submitted, which means that a rogue node operator cannot
// front-run deposit transactions.
bytes32 actualRoot = depositContract.get_deposit_root();
if (expectedDepositRoot != actualRoot) {
revert InvalidDepositRoot(actualRoot);
}
// First loop is to check that all validators are valid according to our constraints and we record the
// validators and how much we have deposited.
uint256 amountDeposited = 0;
for (uint256 i = 0; i < validators.length; ++i) {
ValidatorParams calldata validator = validators[i];
if (usedValidators[validator.pubkey]) {
revert PreviouslyUsedValidator();
}
if (validator.depositAmount < minimumDepositAmount) {
revert MinimumValidatorDepositNotSatisfied();
}
if (validator.depositAmount > maximumDepositAmount) {
revert MaximumValidatorDepositExceeded();
}
_requireProtocolWithdrawalAccount(validator.withdrawalCredentials);
usedValidators[validator.pubkey] = true;
amountDeposited += validator.depositAmount;
emit ValidatorInitiated({
id: keccak256(validator.pubkey),
operatorID: validator.operatorID,
pubkey: validator.pubkey,
amountDeposited: validator.depositAmount
});
}
if (amountDeposited > allocatedETHForDeposits) {
revert NotEnoughDepositETH();
}
allocatedETHForDeposits -= amountDeposited;
totalDepositedInValidators += amountDeposited;
numInitiatedValidators += validators.length;
// Second loop is to send the deposits to the deposit contract. Keeps external calls to the deposit contract
// separate from state changes.
for (uint256 i = 0; i < validators.length; ++i) {
ValidatorParams calldata validator = validators[i];
depositContract.deposit{value: validator.depositAmount}({
pubkey: validator.pubkey,
withdrawal_credentials: validator.withdrawalCredentials,
signature: validator.signature,
deposit_data_root: validator.depositDataRoot
});
}
}
/// @inheritdoc IStakingReturnsWrite
/// @dev Intended to be the called in the same transaction initiated by reclaimAllocatedETHSurplus().
/// This should only be called in emergency scenarios, e.g. if the unstake requests manager has cancelled
/// unfinalized requests and there is a surplus balance.
/// Adds the received funds to the unallocated balance.
function receiveFromUnstakeRequestsManager() external payable onlyUnstakeRequestsManager {
unallocatedETH += msg.value;
}
/// @notice Tops up the unallocated ETH balance to increase the amount of ETH in the protocol.
/// @dev Bypasses the returns aggregator fee collection to inject ETH directly into the protocol.
function topUp() external payable onlyRole(TOP_UP_ROLE) {
unallocatedETH += msg.value;
}
/// @notice Converts from mETH to ETH using the current exchange rate.
/// The exchange rate is given by the total supply of mETH and total ETH controlled by the protocol.
function ethToMETH(uint256 ethAmount) public view returns (uint256) {
// 1:1 exchange rate on the first stake.
// Using `METH.totalSupply` over `totalControlled` to check if the protocol is in its bootstrap phase since
// the latter can be manipulated, for example by transferring funds to the `ExecutionLayerReturnsReceiver`, and
// therefore be non-zero by the time the first stake is made
if (mETH.totalSupply() == 0) {
return ethAmount;
}
// deltaMETH = (1 - exchangeAdjustmentRate) * (mETHSupply / totalControlled) * ethAmount
// This rounds down to zero in the case of `(1 - exchangeAdjustmentRate) * ethAmount * mETHSupply <
// totalControlled`.
// While this scenario is theoretically possible, it can only be realised feasibly during the protocol's
// bootstrap phase and if `totalControlled` and `mETHSupply` can be changed independently of each other. Since
// the former is permissioned, and the latter is not permitted by the protocol, this cannot be exploited by an
// attacker.
return Math.mulDiv(
ethAmount,
mETH.totalSupply() * uint256(_BASIS_POINTS_DENOMINATOR - exchangeAdjustmentRate),
totalControlled() * uint256(_BASIS_POINTS_DENOMINATOR)
);
}
/// @notice Converts from ETH to mETH using the current exchange rate.
/// The exchange rate is given by the total supply of mETH and total ETH controlled by the protocol.
function mETHToETH(uint256 mETHAmount) public view returns (uint256) {
// 1:1 exchange rate on the first stake.
// Using `METH.totalSupply` over `totalControlled` to check if the protocol is in its bootstrap phase since
// the latter can be manipulated, for example by transferring funds to the `ExecutionLayerReturnsReceiver`, and
// therefore be non-zero by the time the first stake is made
if (mETH.totalSupply() == 0) {
return mETHAmount;
}
// deltaETH = (totalControlled / mETHSupply) * mETHAmount
// This rounds down to zero in the case of `mETHAmount * totalControlled < mETHSupply`.
// While this scenario is theoretically possible, it can only be realised feasibly during the protocol's
// bootstrap phase and if `totalControlled` and `mETHSupply` can be changed independently of each other. Since
// the former is permissioned, and the latter is not permitted by the protocol, this cannot be exploited by an
// attacker.
return Math.mulDiv(mETHAmount, totalControlled(), mETH.totalSupply());
}
/// @notice The total amount of ETH controlled by the protocol.
/// @dev Sums over the balances of various contracts and the beacon chain information from the oracle.
function totalControlled() public view returns (uint256) {
OracleRecord memory record = oracle.latestRecord();
uint256 total = 0;
total += unallocatedETH;
total += allocatedETHForDeposits;
/// The total ETH deposited to the beacon chain must be decreased by the deposits processed by the off-chain
/// oracle since it will be accounted for in the currentTotalValidatorBalance from that point onwards.
total += totalDepositedInValidators - record.cumulativeProcessedDepositAmount;
total += record.currentTotalValidatorBalance;
total += liquidityBuffer.getAvailableBalance();
total -= liquidityBuffer.cumulativeDrawdown();
total += unstakeRequestsManager.balance();
return total;
}
/// @notice Checks if the given withdrawal credentials are a valid 0x01 prefixed withdrawal address.
/// @dev See also
/// https://github.com/ethereum/consensus-specs/blob/master/specs/phase0/validator.md#eth1_address_withdrawal_prefix
function _requireProtocolWithdrawalAccount(bytes calldata withdrawalCredentials) internal view {
if (withdrawalCredentials.length != 32) {
revert InvalidWithdrawalCredentialsWrongLength(withdrawalCredentials.length);
}
// Check the ETH1_ADDRESS_WITHDRAWAL_PREFIX and that all other bytes are zero.
bytes12 prefixAndPadding = bytes12(withdrawalCredentials[:12]);
if (prefixAndPadding != 0x010000000000000000000000) {
revert InvalidWithdrawalCredentialsNotETH1(prefixAndPadding);
}
address addr = address(bytes20(withdrawalCredentials[12:32]));
if (addr != withdrawalWallet) {
revert InvalidWithdrawalCredentialsWrongAddress(addr);
}
}
/// @inheritdoc IStakingReturnsWrite
/// @dev Adds the received funds to the unallocated balance.
function receiveReturns() external payable onlyReturnsAggregator {
emit ReturnsReceived(msg.value);
unallocatedETH += msg.value;
}
/// @dev Adds the received funds to the unallocated balance.
function receiveReturnsFromLiquidityBuffer() external payable onlyLiquidityBuffer {
emit ReturnsReceivedFromLiquidityBuffer(msg.value);
unallocatedETH += msg.value;
}
/// @notice Ensures that the caller is the returns aggregator.
modifier onlyReturnsAggregator() {
if (msg.sender != returnsAggregator) {
revert NotReturnsAggregator();
}
_;
}
/// @notice Ensures that the caller is the returns aggregator.
modifier onlyLiquidityBuffer() {
if (msg.sender != address(liquidityBuffer)) {
revert NotLiquidityBuffer();
}
_;
}
/// @notice Ensures that the caller is the unstake requests manager.
modifier onlyUnstakeRequestsManager() {
if (msg.sender != address(unstakeRequestsManager)) {
revert NotUnstakeRequestsManager();
}
_;
}
/// @notice Ensures that the given address is not the zero address.
modifier notZeroAddress(address addr) {
if (addr == address(0)) {
revert ZeroAddress();
}
_;
}
/// @notice Sets the minimum amount of ETH users can stake.
function setMinimumStakeBound(uint256 minimumStakeBound_) external onlyRole(STAKING_MANAGER_ROLE) {
minimumStakeBound = minimumStakeBound_;
emit ProtocolConfigChanged(
this.setMinimumStakeBound.selector, "setMinimumStakeBound(uint256)", abi.encode(minimumStakeBound_)
);
}
/// @notice Sets the minimum amount of mETH users can unstake.
function setMinimumUnstakeBound(uint256 minimumUnstakeBound_) external onlyRole(STAKING_MANAGER_ROLE) {
minimumUnstakeBound = minimumUnstakeBound_;
emit ProtocolConfigChanged(
this.setMinimumUnstakeBound.selector, "setMinimumUnstakeBound(uint256)", abi.encode(minimumUnstakeBound_)
);
}
/// @notice Sets the staking adjust rate.
function setExchangeAdjustmentRate(uint16 exchangeAdjustmentRate_) external onlyRole(STAKING_MANAGER_ROLE) {
if (exchangeAdjustmentRate_ > _MAX_EXCHANGE_ADJUSTMENT_RATE) {
revert InvalidConfiguration();
}
// even though this check is redundant with the one above, this function will be rarely used so we keep it as a
// reminder for future upgrades that this must never be violated.
assert(exchangeAdjustmentRate_ <= _BASIS_POINTS_DENOMINATOR);
exchangeAdjustmentRate = exchangeAdjustmentRate_;
emit ProtocolConfigChanged(
this.setExchangeAdjustmentRate.selector,
"setExchangeAdjustmentRate(uint16)",
abi.encode(exchangeAdjustmentRate_)
);
}
/// @notice Sets the minimum amount of ETH that the staking contract can send to the deposit contract to initiate
/// new validators.
function setMinimumDepositAmount(uint256 minimumDepositAmount_) external onlyRole(STAKING_MANAGER_ROLE) {
minimumDepositAmount = minimumDepositAmount_;
emit ProtocolConfigChanged(
this.setMinimumDepositAmount.selector, "setMinimumDepositAmount(uint256)", abi.encode(minimumDepositAmount_)
);
}
/// @notice Sets the maximum amount of ETH that the staking contract can send to the deposit contract to initiate
/// new validators.
function setMaximumDepositAmount(uint256 maximumDepositAmount_) external onlyRole(STAKING_MANAGER_ROLE) {
maximumDepositAmount = maximumDepositAmount_;
emit ProtocolConfigChanged(
this.setMaximumDepositAmount.selector, "setMaximumDepositAmount(uint256)", abi.encode(maximumDepositAmount_)
);
}
/// @notice Sets the maximumMETHSupply variable.
/// Note: We intentionally allow this to be set lower than the current totalSupply so that the amount can be
/// adjusted downwards by unstaking.
/// See also {maximumMETHSupply}.
function setMaximumMETHSupply(uint256 maximumMETHSupply_) external onlyRole(STAKING_MANAGER_ROLE) {
maximumMETHSupply = maximumMETHSupply_;
emit ProtocolConfigChanged(
this.setMaximumMETHSupply.selector, "setMaximumMETHSupply(uint256)", abi.encode(maximumMETHSupply_)
);
}
/// @notice Sets the address to receive beacon chain withdrawals (i.e. validator rewards and exits).
/// @dev Changing this variable will not have an immediate effect as all exisiting validators will still have the
/// original value set.
function setWithdrawalWallet(address withdrawalWallet_)
external
onlyRole(STAKING_MANAGER_ROLE)
notZeroAddress(withdrawalWallet_)
{
withdrawalWallet = withdrawalWallet_;
emit ProtocolConfigChanged(
this.setWithdrawalWallet.selector, "setWithdrawalWallet(address)", abi.encode(withdrawalWallet_)
);
}
/// @notice Sets the staking allowlist flag.
function setStakingAllowlist(bool isStakingAllowlist_) external onlyRole(STAKING_MANAGER_ROLE) {
isStakingAllowlist = isStakingAllowlist_;
emit ProtocolConfigChanged(
this.setStakingAllowlist.selector, "setStakingAllowlist(bool)", abi.encode(isStakingAllowlist_)
);
}
receive() external payable {
revert DoesNotReceiveETH();
}
fallback() external payable {
revert DoesNotReceiveETH();
}
}
"
},
"lib/openzeppelin-contracts-upgradeable/contracts/proxy/utils/Initializable.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (proxy/utils/Initializable.sol)
pragma solidity ^0.8.2;
import "../../utils/AddressUpgradeable.sol";
/**
* @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
* behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
* external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
* function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
*
* The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
* reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
* case an upgrade adds a module that needs to be initialized.
*
* For example:
*
* [.hljs-theme-light.nopadding]
* ```solidity
* contract MyToken is ERC20Upgradeable {
* function initialize() initializer public {
* __ERC20_init("MyToken", "MTK");
* }
* }
*
* contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
* function initializeV2() reinitializer(2) public {
* __ERC20Permit_init("MyToken");
* }
* }
* ```
*
* TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
* possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
*
* CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
* that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
*
* [CAUTION]
* ====
* Avoid leaving a contract uninitialized.
*
* An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
* contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
* the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
*
* [.hljs-theme-light.nopadding]
* ```
* /// @custom:oz-upgrades-unsafe-allow constructor
* constructor() {
* _disableInitializers();
* }
* ```
* ====
*/
abstract contract Initializable {
/**
* @dev Indicates that the contract has been initialized.
* @custom:oz-retyped-from bool
*/
uint8 private _initialized;
/**
* @dev Indicates that the contract is in the process of being initialized.
*/
bool private _initializing;
/**
* @dev Triggered when the contract has been initialized or reinitialized.
*/
event Initialized(uint8 version);
/**
* @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
* `onlyInitializing` functions can be used to initialize parent contracts.
*
* Similar to `reinitializer(1)`, except that functions marked with `initializer` can be nested in the context of a
* constructor.
*
* Emits an {Initialized} event.
*/
modifier initializer() {
bool isTopLevelCall = !_initializing;
require(
(isTopLevelCall && _initialized < 1) || (!AddressUpgradeable.isContract(address(this)) && _initialized == 1),
"Initializable: contract is already initialized"
);
_initialized = 1;
if (isTopLevelCall) {
_initializing = true;
}
_;
if (isTopLevelCall) {
_initializing = false;
emit Initialized(1);
}
}
/**
* @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
* contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
* used to initialize parent contracts.
*
* A reinitializer may be used after the original initialization step. This is essential to configure modules that
* are added through upgrades and that require initialization.
*
* When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`
* cannot be nested. If one is invoked in the context of another, execution will revert.
*
* Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
* a contract, executing them in the right order is up to the developer or operator.
*
* WARNING: setting the version to 255 will prevent any future reinitialization.
*
* Emits an {Initialized} event.
*/
modifier reinitializer(uint8 version) {
require(!_initializing && _initialized < version, "Initializable: contract is already initialized");
_initialized = version;
_initializing = true;
_;
_initializing = false;
emit Initialized(version);
}
/**
* @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
* {initializer} and {reinitializer} modifiers, directly or indirectly.
*/
modifier onlyInitializing() {
require(_initializing, "Initializable: contract is not initializing");
_;
}
/**
* @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
* Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
* to any version. It is recommended to use this to lock implementation contracts that are designed to be called
* through proxies.
*
* Emits an {Initialized} event the first time it is successfully executed.
*/
function _disableInitializers() internal virtual {
require(!_initializing, "Initializable: contract is initializing");
if (_initialized != type(uint8).max) {
_initialized = type(uint8).max;
emit Initialized(type(uint8).max);
}
}
/**
* @dev Returns the highest version that has been initialized. See {reinitializer}.
*/
function _getInitializedVersion() internal view returns (uint8) {
return _initialized;
}
/**
* @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.
*/
function _isInitializing() internal view returns (bool) {
return _initializing;
}
}
"
},
"lib/openzeppelin-contracts-upgradeable/contracts/access/AccessControlEnumerableUpgradeable.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (access/AccessControlEnumerable.sol)
pragma solidity ^0.8.0;
import "./IAccessControlEnumerableUpgradeable.sol";
import "./AccessControlUpgradeable.sol";
import "../utils/structs/EnumerableSetUpgradeable.sol";
import "../proxy/utils/Initializable.sol";
/**
* @dev Extension of {AccessControl} that allows enumerating the members of each role.
*/
abstract contract AccessControlEnumerableUpgradeable is Initializable, IAccessControlEnumerableUpgradeable, AccessControlUpgradeable {
function __AccessControlEnumerable_init() internal onlyInitializing {
}
function __AccessControlEnumerable_init_unchained() internal onlyInitializing {
}
using EnumerableSetUpgradeable for EnumerableSetUpgradeable.AddressSet;
mapping(bytes32 => EnumerableSetUpgradeable.AddressSet) private _roleMembers;
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return interfaceId == type(IAccessControlEnumerableUpgradeable).interfaceId || super.supportsInterface(interfaceId);
}
/**
* @dev Returns one of the accounts that have `role`. `index` must be a
* value between 0 and {getRoleMemberCount}, non-inclusive.
*
* Role bearers are not sorted in any particular way, and their ordering may
* change at any point.
*
* WARNING: When using {getRoleMember} and {getRoleMemberCount}, make sure
* you perform all queries on the same block. See the following
* https://forum.openzeppelin.com/t/iterating-over-elements-on-enumerableset-in-openzeppelin-contracts/2296[forum post]
* for more information.
*/
function getRoleMember(bytes32 role, uint256 index) public view virtual override returns (address) {
return _roleMembers[role].at(index);
}
/**
* @dev Returns the number of accounts that have `role`. Can be used
* together with {getRoleMember} to enumerate all bearers of a role.
*/
function getRoleMemberCount(bytes32 role) public view virtual override returns (uint256) {
return _roleMembers[role].length();
}
/**
* @dev Overload {_grantRole} to track enumerable memberships
*/
function _grantRole(bytes32 role, address account) internal virtual override {
super._grantRole(role, account);
_roleMembers[role].add(account);
}
/**
* @dev Overload {_revokeRole} to track enumerable memberships
*/
function _revokeRole(bytes32 role, address account) internal virtual override {
super._revokeRole(role, account);
_roleMembers[role].remove(account);
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[49] private __gap;
}
"
},
"lib/openzeppelin-contracts/contracts/utils/math/Math.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.8.0) (utils/math/Math.sol)
pragma solidity ^0.8.0;
/**
* @dev Standard math utilities missing in the Solidity language.
*/
library Math {
enum Rounding {
Down, // Toward negative infinity
Up, // Toward infinity
Zero // Toward zero
}
/**
* @dev Returns the largest of two numbers.
*/
function max(uint256 a, uint256 b) internal pure returns (uint256) {
return a > b ? a : b;
}
/**
* @dev Returns the smallest of two numbers.
*/
function min(uint256 a, uint256 b) internal pure returns (uint256) {
return a < b ? a : b;
}
/**
* @dev Returns the average of two numbers. The result is rounded towards
* zero.
*/
function average(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b) / 2 can overflow.
return (a & b) + (a ^ b) / 2;
}
/**
* @dev Returns the ceiling of the division of two numbers.
*
* This differs from standard division with `/` in that it rounds up instead
* of rounding down.
*/
function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b - 1) / b can overflow on addition, so we distribute.
return a == 0 ? 0 : (a - 1) / b + 1;
}
/**
* @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or denominator == 0
* @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv)
* with further edits by Uniswap Labs also under MIT license.
*/
function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {
unchecked {
// 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use
// use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256
// variables such that product = prod1 * 2^256 + prod0.
uint256 prod0; // Least significant 256 bits of the product
uint256 prod1; // Most significant 256 bits of the product
assembly {
let mm := mulmod(x, y, not(0))
prod0 := mul(x, y)
prod1 := sub(sub(mm, prod0), lt(mm, prod0))
}
// Handle non-overflow cases, 256 by 256 division.
if (prod1 == 0) {
// Solidity will revert if denominator == 0, unlike the div opcode on its own.
// The surrounding unchecked block does not change this fact.
// See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.
return prod0 / denominator;
}
// Make sure the result is less than 2^256. Also prevents denominator == 0.
require(denominator > prod1, "Math: mulDiv overflow");
///////////////////////////////////////////////
// 512 by 256 division.
///////////////////////////////////////////////
// Make division exact by subtracting the remainder from [prod1 prod0].
uint256 remainder;
assembly {
// Compute remainder using mulmod.
remainder := mulmod(x, y, denominator)
// Subtract 256 bit number from 512 bit number.
prod1 := sub(prod1, gt(remainder, prod0))
prod0 := sub(prod0, remainder)
}
// Factor powers of two out of denominator and compute largest power of two divisor of denominator. Always >= 1.
// See https://cs.stackexchange.com/q/138556/92363.
// Does not overflow because the denominator cannot be zero at this stage in the function.
uint256 twos = denominator & (~denominator + 1);
assembly {
// Divide denominator by twos.
denominator := div(denominator, twos)
// Divide [prod1 prod0] by twos.
prod0 := div(prod0, twos)
// Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.
twos := add(div(sub(0, twos), twos), 1)
}
// Shift in bits from prod1 into prod0.
prod0 |= prod1 * twos;
// Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such
// that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for
// four bits. That is, denominator * inv = 1 mod 2^4.
uint256 inverse = (3 * denominator) ^ 2;
// Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also works
// in modular arithmetic, doubling the correct bits in each step.
inverse *= 2 - denominator * inverse; // inverse mod 2^8
inverse *= 2 - denominator * inverse; // inverse mod 2^16
inverse *= 2 - denominator * inverse; // inverse mod 2^32
inverse *= 2 - denominator * inverse; // inverse mod 2^64
inverse *= 2 - denominator * inverse; // inverse mod 2^128
inverse *= 2 - denominator * inverse; // inverse mod 2^256
// Because the division is now exact we can divide by multiplying with the modular inverse of denominator.
// This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is
// less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1
// is no longer required.
result = prod0 * inverse;
return result;
}
}
/**
* @notice Calculates x * y / denominator with full precision, following the selected rounding direction.
*/
function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {
uint256 result = mulDiv(x, y, denominator);
if (rounding == Rounding.Up && mulmod(x, y, denominator) > 0) {
result += 1;
}
return result;
}
/**
* @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded down.
*
* Inspired by Henry S. Warren, Jr.'s "Hacker's Delight" (Chapter 11).
*/
function sqrt(uint256 a) internal pure returns (uint256) {
if (a == 0) {
return 0;
}
// For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.
//
// We know that the "msb" (most significant bit) of our target number `a` is a power of 2 such that we have
// `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.
//
// This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`
// → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`
// → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`
//
// Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.
uint256 result = 1 << (log2(a) >> 1);
// At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,
// since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at
// every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision
// into the expected uint128 result.
unchecked {
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
result = (result + a / result) >> 1;
return min(result, a / result);
}
}
/**
* @notice Calculates sqrt(a), following the selected rounding direction.
*/
function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = sqrt(a);
return result + (rounding == Rounding.Up && result * result < a ? 1 : 0);
}
}
/**
* @dev Return the log in base 2, rounded down, of a positive value.
* Returns 0 if given 0.
*/
function log2(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >> 128 > 0) {
value >>= 128;
result += 128;
}
if (value >> 64 > 0) {
value >>= 64;
result += 64;
}
if (value >> 32 > 0) {
value >>= 32;
result += 32;
}
if (value >> 16 > 0) {
value >>= 16;
result += 16;
}
if (value >> 8 > 0) {
value >>= 8;
result += 8;
}
if (value >> 4 > 0) {
value >>= 4;
result += 4;
}
if (value >> 2 > 0) {
value >>= 2;
result += 2;
}
if (value >> 1 > 0) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 2, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log2(value);
return result + (rounding == Rounding.Up && 1 << result < value ? 1 : 0);
}
}
/**
* @dev Return the log in base 10, rounded down, of a positive value.
* Returns 0 if given 0.
*/
function log10(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >= 10 ** 64) {
value /= 10 ** 64;
result += 64;
}
if (value >= 10 ** 32) {
value /= 10 ** 32;
result += 32;
}
if (value >= 10 ** 16) {
value /= 10 ** 16;
result += 16;
}
if (value >= 10 ** 8) {
value /= 10 ** 8;
result += 8;
}
if (value >= 10 ** 4) {
value /= 10 ** 4;
result += 4;
}
if (value >= 10 ** 2) {
value /= 10 ** 2;
result += 2;
}
if (value >= 10 ** 1) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 10, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log10(value);
return result + (rounding == Rounding.Up && 10 ** result < value ? 1 : 0);
}
}
/**
* @dev Return the log in base 256, rounded down, of a positive value.
* Returns 0 if given 0.
*
* Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.
*/
function log256(uint256 value) internal pure returns (uint256) {
uint256 result = 0;
unchecked {
if (value >> 128 > 0) {
value >>= 128;
result += 16;
}
if (value >> 64 > 0) {
value >>= 64;
result += 8;
}
if (value >> 32 > 0) {
value >>= 32;
result += 4;
}
if (value >> 16 > 0) {
value >>= 16;
result += 2;
}
if (value >> 8 > 0) {
result += 1;
}
}
return result;
}
/**
* @dev Return the log in base 256, following the selected rounding direction, of a positive value.
* Returns 0 if given 0.
*/
function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {
unchecked {
uint256 result = log256(value);
return result + (rounding == Rounding.Up && 1 << (result << 3) < value ? 1 : 0);
}
}
}
"
},
"lib/openzeppelin-contracts/contracts/token/ERC20/IERC20.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.6.0) (token/ERC20/IERC20.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/
interface IERC20 {
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
/**
* @dev Returns the amount of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the amount of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves `amount` tokens from the caller's account to `to`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address to, uint256 amount) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 amount) external returns (bool);
/**
* @dev Moves `amount` tokens from `from` to `to` using the
* allowance mechanism. `amount` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(address from, address to, uint256 amount) external returns (bool);
}
"
},
"lib/openzeppelin-contracts-upgradeable/contracts/token/ERC20/utils/SafeERC20Upgradeable.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/utils/SafeSubmitted on: 2025-10-24 18:46:08
Comments
Log in to comment.
No comments yet.