Description:
Multi-signature wallet contract requiring multiple confirmations for transaction execution.
Blockchain: Ethereum
Source Code: View Code On The Blockchain
Solidity Source Code:
{{
"language": "Solidity",
"sources": {
"@openzeppelin/contracts/access/Ownable.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable.sol)
pragma solidity ^0.8.20;
import {Context} from "../utils/Context.sol";
/**
* @dev Contract module which provides a basic access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* The initial owner is set to the address provided by the deployer. This can
* later be changed with {transferOwnership}.
*
* This module is used through inheritance. It will make available the modifier
* `onlyOwner`, which can be applied to your functions to restrict their use to
* the owner.
*/
abstract contract Ownable is Context {
address private _owner;
/**
* @dev The caller account is not authorized to perform an operation.
*/
error OwnableUnauthorizedAccount(address account);
/**
* @dev The owner is not a valid owner account. (eg. `address(0)`)
*/
error OwnableInvalidOwner(address owner);
event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
/**
* @dev Initializes the contract setting the address provided by the deployer as the initial owner.
*/
constructor(address initialOwner) {
if (initialOwner == address(0)) {
revert OwnableInvalidOwner(address(0));
}
_transferOwnership(initialOwner);
}
/**
* @dev Throws if called by any account other than the owner.
*/
modifier onlyOwner() {
_checkOwner();
_;
}
/**
* @dev Returns the address of the current owner.
*/
function owner() public view virtual returns (address) {
return _owner;
}
/**
* @dev Throws if the sender is not the owner.
*/
function _checkOwner() internal view virtual {
if (owner() != _msgSender()) {
revert OwnableUnauthorizedAccount(_msgSender());
}
}
/**
* @dev Leaves the contract without owner. It will not be possible to call
* `onlyOwner` functions. Can only be called by the current owner.
*
* NOTE: Renouncing ownership will leave the contract without an owner,
* thereby disabling any functionality that is only available to the owner.
*/
function renounceOwnership() public virtual onlyOwner {
_transferOwnership(address(0));
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Can only be called by the current owner.
*/
function transferOwnership(address newOwner) public virtual onlyOwner {
if (newOwner == address(0)) {
revert OwnableInvalidOwner(address(0));
}
_transferOwnership(newOwner);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Internal function without access restriction.
*/
function _transferOwnership(address newOwner) internal virtual {
address oldOwner = _owner;
_owner = newOwner;
emit OwnershipTransferred(oldOwner, newOwner);
}
}
"
},
"@openzeppelin/contracts/interfaces/draft-IERC6093.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (interfaces/draft-IERC6093.sol)
pragma solidity >=0.8.4;
/**
* @dev Standard ERC-20 Errors
* Interface of the https://eips.ethereum.org/EIPS/eip-6093[ERC-6093] custom errors for ERC-20 tokens.
*/
interface IERC20Errors {
/**
* @dev Indicates an error related to the current `balance` of a `sender`. Used in transfers.
* @param sender Address whose tokens are being transferred.
* @param balance Current balance for the interacting account.
* @param needed Minimum amount required to perform a transfer.
*/
error ERC20InsufficientBalance(address sender, uint256 balance, uint256 needed);
/**
* @dev Indicates a failure with the token `sender`. Used in transfers.
* @param sender Address whose tokens are being transferred.
*/
error ERC20InvalidSender(address sender);
/**
* @dev Indicates a failure with the token `receiver`. Used in transfers.
* @param receiver Address to which tokens are being transferred.
*/
error ERC20InvalidReceiver(address receiver);
/**
* @dev Indicates a failure with the `spender`’s `allowance`. Used in transfers.
* @param spender Address that may be allowed to operate on tokens without being their owner.
* @param allowance Amount of tokens a `spender` is allowed to operate with.
* @param needed Minimum amount required to perform a transfer.
*/
error ERC20InsufficientAllowance(address spender, uint256 allowance, uint256 needed);
/**
* @dev Indicates a failure with the `approver` of a token to be approved. Used in approvals.
* @param approver Address initiating an approval operation.
*/
error ERC20InvalidApprover(address approver);
/**
* @dev Indicates a failure with the `spender` to be approved. Used in approvals.
* @param spender Address that may be allowed to operate on tokens without being their owner.
*/
error ERC20InvalidSpender(address spender);
}
/**
* @dev Standard ERC-721 Errors
* Interface of the https://eips.ethereum.org/EIPS/eip-6093[ERC-6093] custom errors for ERC-721 tokens.
*/
interface IERC721Errors {
/**
* @dev Indicates that an address can't be an owner. For example, `address(0)` is a forbidden owner in ERC-20.
* Used in balance queries.
* @param owner Address of the current owner of a token.
*/
error ERC721InvalidOwner(address owner);
/**
* @dev Indicates a `tokenId` whose `owner` is the zero address.
* @param tokenId Identifier number of a token.
*/
error ERC721NonexistentToken(uint256 tokenId);
/**
* @dev Indicates an error related to the ownership over a particular token. Used in transfers.
* @param sender Address whose tokens are being transferred.
* @param tokenId Identifier number of a token.
* @param owner Address of the current owner of a token.
*/
error ERC721IncorrectOwner(address sender, uint256 tokenId, address owner);
/**
* @dev Indicates a failure with the token `sender`. Used in transfers.
* @param sender Address whose tokens are being transferred.
*/
error ERC721InvalidSender(address sender);
/**
* @dev Indicates a failure with the token `receiver`. Used in transfers.
* @param receiver Address to which tokens are being transferred.
*/
error ERC721InvalidReceiver(address receiver);
/**
* @dev Indicates a failure with the `operator`’s approval. Used in transfers.
* @param operator Address that may be allowed to operate on tokens without being their owner.
* @param tokenId Identifier number of a token.
*/
error ERC721InsufficientApproval(address operator, uint256 tokenId);
/**
* @dev Indicates a failure with the `approver` of a token to be approved. Used in approvals.
* @param approver Address initiating an approval operation.
*/
error ERC721InvalidApprover(address approver);
/**
* @dev Indicates a failure with the `operator` to be approved. Used in approvals.
* @param operator Address that may be allowed to operate on tokens without being their owner.
*/
error ERC721InvalidOperator(address operator);
}
/**
* @dev Standard ERC-1155 Errors
* Interface of the https://eips.ethereum.org/EIPS/eip-6093[ERC-6093] custom errors for ERC-1155 tokens.
*/
interface IERC1155Errors {
/**
* @dev Indicates an error related to the current `balance` of a `sender`. Used in transfers.
* @param sender Address whose tokens are being transferred.
* @param balance Current balance for the interacting account.
* @param needed Minimum amount required to perform a transfer.
* @param tokenId Identifier number of a token.
*/
error ERC1155InsufficientBalance(address sender, uint256 balance, uint256 needed, uint256 tokenId);
/**
* @dev Indicates a failure with the token `sender`. Used in transfers.
* @param sender Address whose tokens are being transferred.
*/
error ERC1155InvalidSender(address sender);
/**
* @dev Indicates a failure with the token `receiver`. Used in transfers.
* @param receiver Address to which tokens are being transferred.
*/
error ERC1155InvalidReceiver(address receiver);
/**
* @dev Indicates a failure with the `operator`’s approval. Used in transfers.
* @param operator Address that may be allowed to operate on tokens without being their owner.
* @param owner Address of the current owner of a token.
*/
error ERC1155MissingApprovalForAll(address operator, address owner);
/**
* @dev Indicates a failure with the `approver` of a token to be approved. Used in approvals.
* @param approver Address initiating an approval operation.
*/
error ERC1155InvalidApprover(address approver);
/**
* @dev Indicates a failure with the `operator` to be approved. Used in approvals.
* @param operator Address that may be allowed to operate on tokens without being their owner.
*/
error ERC1155InvalidOperator(address operator);
/**
* @dev Indicates an array length mismatch between ids and values in a safeBatchTransferFrom operation.
* Used in batch transfers.
* @param idsLength Length of the array of token identifiers
* @param valuesLength Length of the array of token amounts
*/
error ERC1155InvalidArrayLength(uint256 idsLength, uint256 valuesLength);
}
"
},
"@openzeppelin/contracts/interfaces/IERC1363.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (interfaces/IERC1363.sol)
pragma solidity >=0.6.2;
import {IERC20} from "./IERC20.sol";
import {IERC165} from "./IERC165.sol";
/**
* @title IERC1363
* @dev Interface of the ERC-1363 standard as defined in the https://eips.ethereum.org/EIPS/eip-1363[ERC-1363].
*
* Defines an extension interface for ERC-20 tokens that supports executing code on a recipient contract
* after `transfer` or `transferFrom`, or code on a spender contract after `approve`, in a single transaction.
*/
interface IERC1363 is IERC20, IERC165 {
/*
* Note: the ERC-165 identifier for this interface is 0xb0202a11.
* 0xb0202a11 ===
* bytes4(keccak256('transferAndCall(address,uint256)')) ^
* bytes4(keccak256('transferAndCall(address,uint256,bytes)')) ^
* bytes4(keccak256('transferFromAndCall(address,address,uint256)')) ^
* bytes4(keccak256('transferFromAndCall(address,address,uint256,bytes)')) ^
* bytes4(keccak256('approveAndCall(address,uint256)')) ^
* bytes4(keccak256('approveAndCall(address,uint256,bytes)'))
*/
/**
* @dev Moves a `value` amount of tokens from the caller's account to `to`
* and then calls {IERC1363Receiver-onTransferReceived} on `to`.
* @param to The address which you want to transfer to.
* @param value The amount of tokens to be transferred.
* @return A boolean value indicating whether the operation succeeded unless throwing.
*/
function transferAndCall(address to, uint256 value) external returns (bool);
/**
* @dev Moves a `value` amount of tokens from the caller's account to `to`
* and then calls {IERC1363Receiver-onTransferReceived} on `to`.
* @param to The address which you want to transfer to.
* @param value The amount of tokens to be transferred.
* @param data Additional data with no specified format, sent in call to `to`.
* @return A boolean value indicating whether the operation succeeded unless throwing.
*/
function transferAndCall(address to, uint256 value, bytes calldata data) external returns (bool);
/**
* @dev Moves a `value` amount of tokens from `from` to `to` using the allowance mechanism
* and then calls {IERC1363Receiver-onTransferReceived} on `to`.
* @param from The address which you want to send tokens from.
* @param to The address which you want to transfer to.
* @param value The amount of tokens to be transferred.
* @return A boolean value indicating whether the operation succeeded unless throwing.
*/
function transferFromAndCall(address from, address to, uint256 value) external returns (bool);
/**
* @dev Moves a `value` amount of tokens from `from` to `to` using the allowance mechanism
* and then calls {IERC1363Receiver-onTransferReceived} on `to`.
* @param from The address which you want to send tokens from.
* @param to The address which you want to transfer to.
* @param value The amount of tokens to be transferred.
* @param data Additional data with no specified format, sent in call to `to`.
* @return A boolean value indicating whether the operation succeeded unless throwing.
*/
function transferFromAndCall(address from, address to, uint256 value, bytes calldata data) external returns (bool);
/**
* @dev Sets a `value` amount of tokens as the allowance of `spender` over the
* caller's tokens and then calls {IERC1363Spender-onApprovalReceived} on `spender`.
* @param spender The address which will spend the funds.
* @param value The amount of tokens to be spent.
* @return A boolean value indicating whether the operation succeeded unless throwing.
*/
function approveAndCall(address spender, uint256 value) external returns (bool);
/**
* @dev Sets a `value` amount of tokens as the allowance of `spender` over the
* caller's tokens and then calls {IERC1363Spender-onApprovalReceived} on `spender`.
* @param spender The address which will spend the funds.
* @param value The amount of tokens to be spent.
* @param data Additional data with no specified format, sent in call to `spender`.
* @return A boolean value indicating whether the operation succeeded unless throwing.
*/
function approveAndCall(address spender, uint256 value, bytes calldata data) external returns (bool);
}
"
},
"@openzeppelin/contracts/interfaces/IERC165.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (interfaces/IERC165.sol)
pragma solidity >=0.4.16;
import {IERC165} from "../utils/introspection/IERC165.sol";
"
},
"@openzeppelin/contracts/interfaces/IERC20.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (interfaces/IERC20.sol)
pragma solidity >=0.4.16;
import {IERC20} from "../token/ERC20/IERC20.sol";
"
},
"@openzeppelin/contracts/token/ERC20/ERC20.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (token/ERC20/ERC20.sol)
pragma solidity ^0.8.20;
import {IERC20} from "./IERC20.sol";
import {IERC20Metadata} from "./extensions/IERC20Metadata.sol";
import {Context} from "../../utils/Context.sol";
import {IERC20Errors} from "../../interfaces/draft-IERC6093.sol";
/**
* @dev Implementation of the {IERC20} interface.
*
* This implementation is agnostic to the way tokens are created. This means
* that a supply mechanism has to be added in a derived contract using {_mint}.
*
* TIP: For a detailed writeup see our guide
* https://forum.openzeppelin.com/t/how-to-implement-erc20-supply-mechanisms/226[How
* to implement supply mechanisms].
*
* The default value of {decimals} is 18. To change this, you should override
* this function so it returns a different value.
*
* We have followed general OpenZeppelin Contracts guidelines: functions revert
* instead returning `false` on failure. This behavior is nonetheless
* conventional and does not conflict with the expectations of ERC-20
* applications.
*/
abstract contract ERC20 is Context, IERC20, IERC20Metadata, IERC20Errors {
mapping(address account => uint256) private _balances;
mapping(address account => mapping(address spender => uint256)) private _allowances;
uint256 private _totalSupply;
string private _name;
string private _symbol;
/**
* @dev Sets the values for {name} and {symbol}.
*
* Both values are immutable: they can only be set once during construction.
*/
constructor(string memory name_, string memory symbol_) {
_name = name_;
_symbol = symbol_;
}
/**
* @dev Returns the name of the token.
*/
function name() public view virtual returns (string memory) {
return _name;
}
/**
* @dev Returns the symbol of the token, usually a shorter version of the
* name.
*/
function symbol() public view virtual returns (string memory) {
return _symbol;
}
/**
* @dev Returns the number of decimals used to get its user representation.
* For example, if `decimals` equals `2`, a balance of `505` tokens should
* be displayed to a user as `5.05` (`505 / 10 ** 2`).
*
* Tokens usually opt for a value of 18, imitating the relationship between
* Ether and Wei. This is the default value returned by this function, unless
* it's overridden.
*
* NOTE: This information is only used for _display_ purposes: it in
* no way affects any of the arithmetic of the contract, including
* {IERC20-balanceOf} and {IERC20-transfer}.
*/
function decimals() public view virtual returns (uint8) {
return 18;
}
/// @inheritdoc IERC20
function totalSupply() public view virtual returns (uint256) {
return _totalSupply;
}
/// @inheritdoc IERC20
function balanceOf(address account) public view virtual returns (uint256) {
return _balances[account];
}
/**
* @dev See {IERC20-transfer}.
*
* Requirements:
*
* - `to` cannot be the zero address.
* - the caller must have a balance of at least `value`.
*/
function transfer(address to, uint256 value) public virtual returns (bool) {
address owner = _msgSender();
_transfer(owner, to, value);
return true;
}
/// @inheritdoc IERC20
function allowance(address owner, address spender) public view virtual returns (uint256) {
return _allowances[owner][spender];
}
/**
* @dev See {IERC20-approve}.
*
* NOTE: If `value` is the maximum `uint256`, the allowance is not updated on
* `transferFrom`. This is semantically equivalent to an infinite approval.
*
* Requirements:
*
* - `spender` cannot be the zero address.
*/
function approve(address spender, uint256 value) public virtual returns (bool) {
address owner = _msgSender();
_approve(owner, spender, value);
return true;
}
/**
* @dev See {IERC20-transferFrom}.
*
* Skips emitting an {Approval} event indicating an allowance update. This is not
* required by the ERC. See {xref-ERC20-_approve-address-address-uint256-bool-}[_approve].
*
* NOTE: Does not update the allowance if the current allowance
* is the maximum `uint256`.
*
* Requirements:
*
* - `from` and `to` cannot be the zero address.
* - `from` must have a balance of at least `value`.
* - the caller must have allowance for ``from``'s tokens of at least
* `value`.
*/
function transferFrom(address from, address to, uint256 value) public virtual returns (bool) {
address spender = _msgSender();
_spendAllowance(from, spender, value);
_transfer(from, to, value);
return true;
}
/**
* @dev Moves a `value` amount of tokens from `from` to `to`.
*
* This internal function is equivalent to {transfer}, and can be used to
* e.g. implement automatic token fees, slashing mechanisms, etc.
*
* Emits a {Transfer} event.
*
* NOTE: This function is not virtual, {_update} should be overridden instead.
*/
function _transfer(address from, address to, uint256 value) internal {
if (from == address(0)) {
revert ERC20InvalidSender(address(0));
}
if (to == address(0)) {
revert ERC20InvalidReceiver(address(0));
}
_update(from, to, value);
}
/**
* @dev Transfers a `value` amount of tokens from `from` to `to`, or alternatively mints (or burns) if `from`
* (or `to`) is the zero address. All customizations to transfers, mints, and burns should be done by overriding
* this function.
*
* Emits a {Transfer} event.
*/
function _update(address from, address to, uint256 value) internal virtual {
if (from == address(0)) {
// Overflow check required: The rest of the code assumes that totalSupply never overflows
_totalSupply += value;
} else {
uint256 fromBalance = _balances[from];
if (fromBalance < value) {
revert ERC20InsufficientBalance(from, fromBalance, value);
}
unchecked {
// Overflow not possible: value <= fromBalance <= totalSupply.
_balances[from] = fromBalance - value;
}
}
if (to == address(0)) {
unchecked {
// Overflow not possible: value <= totalSupply or value <= fromBalance <= totalSupply.
_totalSupply -= value;
}
} else {
unchecked {
// Overflow not possible: balance + value is at most totalSupply, which we know fits into a uint256.
_balances[to] += value;
}
}
emit Transfer(from, to, value);
}
/**
* @dev Creates a `value` amount of tokens and assigns them to `account`, by transferring it from address(0).
* Relies on the `_update` mechanism
*
* Emits a {Transfer} event with `from` set to the zero address.
*
* NOTE: This function is not virtual, {_update} should be overridden instead.
*/
function _mint(address account, uint256 value) internal {
if (account == address(0)) {
revert ERC20InvalidReceiver(address(0));
}
_update(address(0), account, value);
}
/**
* @dev Destroys a `value` amount of tokens from `account`, lowering the total supply.
* Relies on the `_update` mechanism.
*
* Emits a {Transfer} event with `to` set to the zero address.
*
* NOTE: This function is not virtual, {_update} should be overridden instead
*/
function _burn(address account, uint256 value) internal {
if (account == address(0)) {
revert ERC20InvalidSender(address(0));
}
_update(account, address(0), value);
}
/**
* @dev Sets `value` as the allowance of `spender` over the `owner`'s tokens.
*
* This internal function is equivalent to `approve`, and can be used to
* e.g. set automatic allowances for certain subsystems, etc.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `owner` cannot be the zero address.
* - `spender` cannot be the zero address.
*
* Overrides to this logic should be done to the variant with an additional `bool emitEvent` argument.
*/
function _approve(address owner, address spender, uint256 value) internal {
_approve(owner, spender, value, true);
}
/**
* @dev Variant of {_approve} with an optional flag to enable or disable the {Approval} event.
*
* By default (when calling {_approve}) the flag is set to true. On the other hand, approval changes made by
* `_spendAllowance` during the `transferFrom` operation set the flag to false. This saves gas by not emitting any
* `Approval` event during `transferFrom` operations.
*
* Anyone who wishes to continue emitting `Approval` events on the`transferFrom` operation can force the flag to
* true using the following override:
*
* ```solidity
* function _approve(address owner, address spender, uint256 value, bool) internal virtual override {
* super._approve(owner, spender, value, true);
* }
* ```
*
* Requirements are the same as {_approve}.
*/
function _approve(address owner, address spender, uint256 value, bool emitEvent) internal virtual {
if (owner == address(0)) {
revert ERC20InvalidApprover(address(0));
}
if (spender == address(0)) {
revert ERC20InvalidSpender(address(0));
}
_allowances[owner][spender] = value;
if (emitEvent) {
emit Approval(owner, spender, value);
}
}
/**
* @dev Updates `owner`'s allowance for `spender` based on spent `value`.
*
* Does not update the allowance value in case of infinite allowance.
* Revert if not enough allowance is available.
*
* Does not emit an {Approval} event.
*/
function _spendAllowance(address owner, address spender, uint256 value) internal virtual {
uint256 currentAllowance = allowance(owner, spender);
if (currentAllowance < type(uint256).max) {
if (currentAllowance < value) {
revert ERC20InsufficientAllowance(spender, currentAllowance, value);
}
unchecked {
_approve(owner, spender, currentAllowance - value, false);
}
}
}
}
"
},
"@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (token/ERC20/extensions/IERC20Metadata.sol)
pragma solidity >=0.6.2;
import {IERC20} from "../IERC20.sol";
/**
* @dev Interface for the optional metadata functions from the ERC-20 standard.
*/
interface IERC20Metadata is IERC20 {
/**
* @dev Returns the name of the token.
*/
function name() external view returns (string memory);
/**
* @dev Returns the symbol of the token.
*/
function symbol() external view returns (string memory);
/**
* @dev Returns the decimals places of the token.
*/
function decimals() external view returns (uint8);
}
"
},
"@openzeppelin/contracts/token/ERC20/IERC20.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (token/ERC20/IERC20.sol)
pragma solidity >=0.4.16;
/**
* @dev Interface of the ERC-20 standard as defined in the ERC.
*/
interface IERC20 {
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
/**
* @dev Returns the value of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the value of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves a `value` amount of tokens from the caller's account to `to`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address to, uint256 value) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets a `value` amount of tokens as the allowance of `spender` over the
* caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 value) external returns (bool);
/**
* @dev Moves a `value` amount of tokens from `from` to `to` using the
* allowance mechanism. `value` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(address from, address to, uint256 value) external returns (bool);
}
"
},
"@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.3.0) (token/ERC20/utils/SafeERC20.sol)
pragma solidity ^0.8.20;
import {IERC20} from "../IERC20.sol";
import {IERC1363} from "../../../interfaces/IERC1363.sol";
/**
* @title SafeERC20
* @dev Wrappers around ERC-20 operations that throw on failure (when the token
* contract returns false). Tokens that return no value (and instead revert or
* throw on failure) are also supported, non-reverting calls are assumed to be
* successful.
* To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
* which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
*/
library SafeERC20 {
/**
* @dev An operation with an ERC-20 token failed.
*/
error SafeERC20FailedOperation(address token);
/**
* @dev Indicates a failed `decreaseAllowance` request.
*/
error SafeERC20FailedDecreaseAllowance(address spender, uint256 currentAllowance, uint256 requestedDecrease);
/**
* @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeTransfer(IERC20 token, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeCall(token.transfer, (to, value)));
}
/**
* @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the
* calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.
*/
function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeCall(token.transferFrom, (from, to, value)));
}
/**
* @dev Variant of {safeTransfer} that returns a bool instead of reverting if the operation is not successful.
*/
function trySafeTransfer(IERC20 token, address to, uint256 value) internal returns (bool) {
return _callOptionalReturnBool(token, abi.encodeCall(token.transfer, (to, value)));
}
/**
* @dev Variant of {safeTransferFrom} that returns a bool instead of reverting if the operation is not successful.
*/
function trySafeTransferFrom(IERC20 token, address from, address to, uint256 value) internal returns (bool) {
return _callOptionalReturnBool(token, abi.encodeCall(token.transferFrom, (from, to, value)));
}
/**
* @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*
* IMPORTANT: If the token implements ERC-7674 (ERC-20 with temporary allowance), and if the "client"
* smart contract uses ERC-7674 to set temporary allowances, then the "client" smart contract should avoid using
* this function. Performing a {safeIncreaseAllowance} or {safeDecreaseAllowance} operation on a token contract
* that has a non-zero temporary allowance (for that particular owner-spender) will result in unexpected behavior.
*/
function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {
uint256 oldAllowance = token.allowance(address(this), spender);
forceApprove(token, spender, oldAllowance + value);
}
/**
* @dev Decrease the calling contract's allowance toward `spender` by `requestedDecrease`. If `token` returns no
* value, non-reverting calls are assumed to be successful.
*
* IMPORTANT: If the token implements ERC-7674 (ERC-20 with temporary allowance), and if the "client"
* smart contract uses ERC-7674 to set temporary allowances, then the "client" smart contract should avoid using
* this function. Performing a {safeIncreaseAllowance} or {safeDecreaseAllowance} operation on a token contract
* that has a non-zero temporary allowance (for that particular owner-spender) will result in unexpected behavior.
*/
function safeDecreaseAllowance(IERC20 token, address spender, uint256 requestedDecrease) internal {
unchecked {
uint256 currentAllowance = token.allowance(address(this), spender);
if (currentAllowance < requestedDecrease) {
revert SafeERC20FailedDecreaseAllowance(spender, currentAllowance, requestedDecrease);
}
forceApprove(token, spender, currentAllowance - requestedDecrease);
}
}
/**
* @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval
* to be set to zero before setting it to a non-zero value, such as USDT.
*
* NOTE: If the token implements ERC-7674, this function will not modify any temporary allowance. This function
* only sets the "standard" allowance. Any temporary allowance will remain active, in addition to the value being
* set here.
*/
function forceApprove(IERC20 token, address spender, uint256 value) internal {
bytes memory approvalCall = abi.encodeCall(token.approve, (spender, value));
if (!_callOptionalReturnBool(token, approvalCall)) {
_callOptionalReturn(token, abi.encodeCall(token.approve, (spender, 0)));
_callOptionalReturn(token, approvalCall);
}
}
/**
* @dev Performs an {ERC1363} transferAndCall, with a fallback to the simple {ERC20} transfer if the target has no
* code. This can be used to implement an {ERC721}-like safe transfer that rely on {ERC1363} checks when
* targeting contracts.
*
* Reverts if the returned value is other than `true`.
*/
function transferAndCallRelaxed(IERC1363 token, address to, uint256 value, bytes memory data) internal {
if (to.code.length == 0) {
safeTransfer(token, to, value);
} else if (!token.transferAndCall(to, value, data)) {
revert SafeERC20FailedOperation(address(token));
}
}
/**
* @dev Performs an {ERC1363} transferFromAndCall, with a fallback to the simple {ERC20} transferFrom if the target
* has no code. This can be used to implement an {ERC721}-like safe transfer that rely on {ERC1363} checks when
* targeting contracts.
*
* Reverts if the returned value is other than `true`.
*/
function transferFromAndCallRelaxed(
IERC1363 token,
address from,
address to,
uint256 value,
bytes memory data
) internal {
if (to.code.length == 0) {
safeTransferFrom(token, from, to, value);
} else if (!token.transferFromAndCall(from, to, value, data)) {
revert SafeERC20FailedOperation(address(token));
}
}
/**
* @dev Performs an {ERC1363} approveAndCall, with a fallback to the simple {ERC20} approve if the target has no
* code. This can be used to implement an {ERC721}-like safe transfer that rely on {ERC1363} checks when
* targeting contracts.
*
* NOTE: When the recipient address (`to`) has no code (i.e. is an EOA), this function behaves as {forceApprove}.
* Opposedly, when the recipient address (`to`) has code, this function only attempts to call {ERC1363-approveAndCall}
* once without retrying, and relies on the returned value to be true.
*
* Reverts if the returned value is other than `true`.
*/
function approveAndCallRelaxed(IERC1363 token, address to, uint256 value, bytes memory data) internal {
if (to.code.length == 0) {
forceApprove(token, to, value);
} else if (!token.approveAndCall(to, value, data)) {
revert SafeERC20FailedOperation(address(token));
}
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*
* This is a variant of {_callOptionalReturnBool} that reverts if call fails to meet the requirements.
*/
function _callOptionalReturn(IERC20 token, bytes memory data) private {
uint256 returnSize;
uint256 returnValue;
assembly ("memory-safe") {
let success := call(gas(), token, 0, add(data, 0x20), mload(data), 0, 0x20)
// bubble errors
if iszero(success) {
let ptr := mload(0x40)
returndatacopy(ptr, 0, returndatasize())
revert(ptr, returndatasize())
}
returnSize := returndatasize()
returnValue := mload(0)
}
if (returnSize == 0 ? address(token).code.length == 0 : returnValue != 1) {
revert SafeERC20FailedOperation(address(token));
}
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*
* This is a variant of {_callOptionalReturn} that silently catches all reverts and returns a bool instead.
*/
function _callOptionalReturnBool(IERC20 token, bytes memory data) private returns (bool) {
bool success;
uint256 returnSize;
uint256 returnValue;
assembly ("memory-safe") {
success := call(gas(), token, 0, add(data, 0x20), mload(data), 0, 0x20)
returnSize := returndatasize()
returnValue := mload(0)
}
return success && (returnSize == 0 ? address(token).code.length > 0 : returnValue == 1);
}
}
"
},
"@openzeppelin/contracts/utils/Context.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)
pragma solidity ^0.8.20;
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract Context {
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
function _contextSuffixLength() internal view virtual returns (uint256) {
return 0;
}
}
"
},
"@openzeppelin/contracts/utils/introspection/IERC165.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (utils/introspection/IERC165.sol)
pragma solidity >=0.4.16;
/**
* @dev Interface of the ERC-165 standard, as defined in the
* https://eips.ethereum.org/EIPS/eip-165[ERC].
*
* Implementers can declare support of contract interfaces, which can then be
* queried by others ({ERC165Checker}).
*
* For an implementation, see {ERC165}.
*/
interface IERC165 {
/**
* @dev Returns true if this contract implements the interface defined by
* `interfaceId`. See the corresponding
* https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[ERC section]
* to learn more about how these ids are created.
*
* This function call must use less than 30 000 gas.
*/
function supportsInterface(bytes4 interfaceId) external view returns (bool);
}
"
},
"interfaces/IAzimuth.sol": {
"content": "// SPDX-License-Identifier: MIT
pragma solidity 0.8.30;
import "../U/interfaces/IAzimuth.sol";
"
},
"interfaces/IEcliptic.sol": {
"content": "// SPDX-License-Identifier: MIT
pragma solidity 0.8.30;
import "../U/interfaces/IEcliptic.sol";
"
},
"U/ArbitrumRegisterLib.sol": {
"content": "// SPDX-License-Identifier: MIT
pragma solidity 0.8.30;
// Minimal Arbitrum L1 interfaces (declared top-level for compilation compatibility)
interface IL1CustomGateway {
function registerTokenToL2(
address l2Token,
uint256 maxGas,
uint256 gasPriceBid,
uint256 maxSubmissionCost,
address creditBackAddress
) external payable;
}
interface IL1GatewayRouter {
function setGateway(
address gateway,
uint256 maxGas,
uint256 gasPriceBid,
uint256 maxSubmissionCost,
address creditBackAddress
) external payable;
}
library ArbitrumRegisterLib {
error ZeroAddress();
error IncorrectMsgValue(uint256 required, uint256 provided);
/// One-shot Arbitrum registration (gateway map + router setGateway)
/// @param gatewayParams [submissionCost, maxGas, gasPriceBid]
/// @param routerParams [submissionCost, maxGas, gasPriceBid]
/// @param refundL2Address L2 account that receives leftover submission fees
function registerCustomArbitrumBridge(
address arbitrumToken,
address arbitrumCustomGateway,
address arbitrumRouter,
uint256[3] calldata gatewayParams,
uint256[3] calldata routerParams,
address refundL2Address
) internal {
if (
arbitrumToken == address(0) ||
arbitrumCustomGateway == address(0) ||
arbitrumRouter == address(0) ||
refundL2Address == address(0)
) revert ZeroAddress();
uint256 gatewayCallValue = gatewayParams[0] + gatewayParams[1] * gatewayParams[2];
uint256 routerCallValue = routerParams[0] + routerParams[1] * routerParams[2];
uint256 requiredValue = gatewayCallValue + routerCallValue;
if (msg.value != requiredValue) revert IncorrectMsgValue(requiredValue, msg.value);
// 1) Gateway registration (creates the Arbitrum retryable ticket)
IL1CustomGateway(arbitrumCustomGateway).registerTokenToL2{ value: gatewayCallValue }(
arbitrumToken,
gatewayParams[1], // maxGas
gatewayParams[2], // gasPriceBid
gatewayParams[0], // maxSubmissionCost
refundL2Address
);
// 2) Router mapping (second retryable)
IL1GatewayRouter(arbitrumRouter).setGateway{ value: routerCallValue }(
arbitrumCustomGateway,
routerParams[1], // maxGas
routerParams[2], // gasPriceBid
routerParams[0], // maxSubmissionCost
refundL2Address
);
}
}
"
},
"U/interfaces/IAzimuth.sol": {
"content": "// SPDX-License-Identifier: MIT
pragma solidity 0.8.30;
interface IAzimuth {
function getOwner(uint32 _point) external view returns (address);
function hasBeenLinked(uint32 _point) external view returns (bool);
function getSpawnProxy(uint16 _point) external view returns (address);
}"
},
"U/interfaces/IEcliptic.sol": {
"content": "// SPDX-License-Identifier: MIT
pragma solidity 0.8.30;
interface IEcliptic {
function transferFrom(address _from, address _to, uint256 _tokenId) external;
function transferPoint(uint32 _point, address _target, bool _reset) external;
function depositAddress() external view returns (address);
function azimuth() external view returns (address);
function isApprovedForAll(address owner, address operator) external view returns (bool);
}"
},
"U/Stardust.sol": {
"content": "// SPDX-License-Identifier: MIT
pragma solidity 0.8.30;
import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
import "@openzeppelin/contracts/access/Ownable.sol";
import "./ArbitrumRegisterLib.sol";
/**
* @title Stardust (U) - ERC-20 token backed by virgin Urbit stars.
* @notice Each token represents 1/65,536th of an Urbit star. 8 decimal precision.
* @dev Minting and burning controlled exclusively by the Treasury contract.
*/
contract Stardust is ERC20, Ownable {
uint256 private constant MAX_SUPPLY = 4_278_190_080 * 10 ** 8;
bool private bridgeRegistered;
error AlreadyRegistered();
error InvalidRefundAddress();
constructor() ERC20("Stardust", "U") Ownable(msg.sender) {}
function decimals() public pure override returns (uint8) { return 8; }
function mint(address to, uint256 amount) external onlyOwner { _mint(to, amount); }
function burn(address from, uint256 amount) external onlyOwner { _burn(from, amount); }
/// @notice Returns the fixed total supply of the Stardust token (10⁻⁸ precision)
function totalSupply() public pure override returns (uint256) {
return MAX_SUPPLY;
}
/// @notice Arbitrum marker (0xb1) for generic-custom gateway compatibility
function isArbitrumEnabled() external pure returns (uint8) { return 0xb1; }
/// One-time Arbitrum bridge registration; forwards calls so this token is msg.sender
/// @param gatewayParams [submissionCost, maxGas, gasPriceBid]
/// @param routerParams [submissionCost, maxGas, gasPriceBid]
/// @param refundL2Address Arbitrum refund address
function registerArbitrumBridge(
address arbitrumToken,
address arbitrumCustomGateway,
address arbitrumRouter,
uint256[3] calldata gatewayParams,
uint256[3] calldata routerParams,
address refundL2Address
) external payable onlyOwner {
if (bridgeRegistered) revert AlreadyRegistered();
if (refundL2Address == address(0) || refundL2Address == address(this)) {
revert InvalidRefundAddress();
}
ArbitrumRegisterLib.registerCustomArbitrumBridge(
arbitrumToken,
arbitrumCustomGateway,
arbitrumRouter,
gatewayParams,
routerParams,
refundL2Address
);
bridgeRegistered = true;
emit ArbitrumBridgeRegistered(
arbitrumToken,
arbitrumCustomGateway,
arbitrumRouter,
refundL2Address,
gatewayParams[0],
routerParams[0]
);
}
event ArbitrumBridgeRegistered(
address indexed arbitrumToken,
address indexed arbitrumCustomGateway,
address indexed arbitrumRouter,
address refundAddress,
uint256 gatewaySubmissionCost,
uint256 routerSubmissionCost
);
}
"
},
"U/StardustTreasury.sol": {
"content": "// SPDX-License-Identifier: MIT
pragma solidity 0.8.30;
import "./Stardust.sol";
import "../interfaces/IAzimuth.sol";
import "../interfaces/IEcliptic.sol";
import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
/**
* @title StardustTreasury - Treasury for wrapping Urbit stars as ERC-20 tokens
* @notice Deposit virgin Urbit stars to receive 65,536 U tokens per star. Burn U tokens to withdraw stars.
* @dev Architecture:
* - Pull-only deposits via depositStars() after setApprovalForAll(treasury, true)
* - Validates: star ID ∈ [256, 65535], never networked
* - Uses uint16 for star IDs for type clarity and smaller in-memory footprint; dynamic storage
* arrays do not pack, so storage gas is unaffected
* - All ownership checks resolve via IEcliptic(ecliptic).azimuth() to match Ecliptic's
* internal validation and avoid opaque 0x reverts
* - Pull-only design ensures no outbound transfers on deposit, minimizing attack surface
* - Immutable after deployment
*
* Security Assumptions:
* - Azimuth and Ecliptic contracts are canonical and trusted
* - hasBeenLinked() is the authoritative virginity check (never had keys set)
* - No reentrancy guards needed: only calls trusted Urbit contracts, no external callbacks
*/
contract StardustTreasury {
using SafeERC20 for IERC20;
// Constants
uint256 private constant TOKENS_PER_STAR = 65_536 * 10**8; // 65,536 tokens with 8 decimals
uint32 private constant STAR_MIN = 256;
uint32 private constant STAR_MAX = 65535;
uint256 private constant MAX_BATCH = 255;
address private constant L2_DEPOSIT_ADDRESS = 0x1111111111111111111111111111111111111111;
// Immutable state
Stardust public immutable stardust;
IAzimuth public immutable azimuth;
IEcliptic public immutable ecliptic;
// State variables
uint16[] private depositedStars; // Star IDs in treasury (each element uses one slot despite uint16)
mapping(uint32 => uint16) private indexPlusOne; // Star location: 0=not deposited, else array index+1
bool public sunsetActivated;
uint64 public sunsetActivatedAt; // Timestamp when sunset was activated (0 if not activated)
// Guardian role management (can activate sunset and rescue tokens)
address public guardian; // Emergency role (initially deployer)
address public pendingGuardian; // Pending guardian for two-step transfer
// Events
event StarsDeposited(address indexed depositor, uint32[] starIds, uint256 totalTokensIssued);
event StarsWithdrawn(address indexed withdrawer, address indexed recipient, uint32[] starIds, uint256 totalTokensBurned);
event SunsetActivated(address indexed activator, uint64 timestamp);
event GuardianTransferStarted(address indexed current, address indexed pending);
event GuardianTransferred(address indexed previous, address indexed current);
// Custom errors
error NotStar();
error AlreadyLinked();
error SpawnProxyIsL2Deposit();
error StarAlreadyDeposited();
error StarNotDeposited();
error SunsetAlreadyActivated();
error SunsetActive();
error NotGuardian();
error NotPendingGuardian();
error ZeroAddress();
error BadArrayLength();
error NotOwner();
error NoETH();
error NotAllowedToken();
error EthSendFailed();
error NotApprovedForAll();
error AzimuthMismatch();
error L2DepositAddressMismatch();
/**
* @notice Constructor
* @param _azimuth Address of the Azimuth contract
* @param _ecliptic Address of the Ecliptic contract
*/
constructor(address _azimuth, address _ecliptic) {
if (_azimuth == address(0) || _ecliptic == address(0)) revert ZeroAddress();
azimuth = IAzimuth(_azimuth);
ecliptic = IEcliptic(_ecliptic);
guardian = msg.sender; // Initially deployer, can be transferred to multisig
// Ensure we're using the same Azimuth instance as Ecliptic for consistent validation
if (address(azimuth) != ecliptic.azimuth()) revert AzimuthMismatch();
// Deploy the Stardust token
stardust = new Stardust();
}
/**
* @notice Deposit Urbit stars and receive U tokens
* @param starIds Array of star IDs to deposit (max 255 per transaction)
* @dev Requires prior setApprovalForAll. Validates virginity, pulls stars, mints tokens.
*/
function depositStars(uint32[] calldata starIds) external {
if (sunsetActivated) revert SunsetActive();
uint256 count = starIds.length;
if (count == 0 || count > MAX_BATCH) revert BadArrayLength();
// Use Azimuth for ownership/virginity checks (verified to match Ecliptic's in constructor)
IAzimuth A = azimuth;
// One-time operator approval check upfront (cheaper than per-star)
if (!ecliptic.isApprovedForAll(msg.sender, address(this))) revert NotApprovedForAll();
// 65,536 IDs → 256 words × 256 bits (8 KB) for duplicate detection
uint256[256] memory seen;
// Preflight validation using Ecliptic's Azimuth
for (uint256 i; i < count;) {
uint32 id = starIds[i];
// Range check (stars only: 256-65535)
if (id < STAR_MIN || id > STAR_MAX) revert NotStar();
// Duplicate check via bitmap (detects duplicates within this call's input array only)
uint256 w = id >> 8;
uint256 m = uint256(1) << (id & 0xff);
if (seen[w] & m != 0) revert StarAlreadyDeposited();
seen[w] |= m;
// Check not already deposited
if (indexPlusOne[id] != 0) revert StarAlreadyDeposited();
// Virginity check (never had keys set)
if (A.hasBeenLinked(id)) revert AlreadyLinked();
// Special-case: if spawnProxy == L2 deposit address, reset won't clear it.
if (A.getSpawnProxy(uint16(id)) == L2_DEPOSIT_ADDRESS) revert SpawnProxyIsL2Deposit();
// Owner check using Ecliptic's Azimuth ensures _from parameter alignment
if (A.getOwner(id) != msg.sender) revert NotOwner();
unchecked { ++i; }
}
// Pull all stars and record in treasury
uint256 baseLen = depositedStars.length;
for (uint256 i; i < count;) {
uint32 starId = starIds[i];
ecliptic.transferFrom(msg.sender, address(this), uint256(starId));
// Record in treasury
depositedStars.push(uint16(starId));
indexPlusOne[starId] = uint16(baseLen + i + 1);
unchecked { ++i; }
}
// Mint tokens for all deposited stars
uint256 totalTokens;
unchecked { totalTokens = count * TOKENS_PER_STAR; } // Safe: max 255 * 65536e8 << 2^256
stardust.mint(msg.sender, totalTokens);
emit StarsDeposited(msg.sender, starIds, totalTokens);
}
/**
* @notice Withdraw stars by burning U tokens (LIFO order)
* @param count Number of stars to withdraw
*/
function withdrawStars(uint256 count) external {
if (count == 0 || count > MAX_BATCH) revert BadArrayLength();
uint256 len = depositedStars.length;
if (count > len) revert BadArrayLength();
// Build array of stars to withdraw (LIFO)
uint32[] memory starIds = new uint32[](count);
for (uint256 i; i < count;) {
starIds[i] = _removeAt(len - 1 - i);
unchecked { ++i; }
}
_withdraw(msg.sender, starIds);
}
/**
* @notice Withdraw specific stars by burning U tokens
* @param starIds Array of specific star IDs to withdraw
*/
function withdrawSpecificStars(uint32[] calldata starIds) external {
uint256 count = starIds.length;
if (count == 0 || count > MAX_BATCH) revert BadArrayLength();
// Remove each star from storage
for (uint256 i; i < count;) {
uint16 ip1 = indexPlusOne[starIds[i]];
if (ip1 == 0) revert StarNotDeposited();
_removeAt(uint256(ip1 - 1));
unchecked { ++i; }
}
_withdraw(msg.sender, starIds);
}
/**
* @notice Internal function to handle withdrawal logic
* @param recipient The address to send the stars to
* @param starIds Array of star IDs to withdraw
* @dev Burns tokens and transfers stars
*/
function _withdraw(address recipient, uint32[] memory starIds) private {
uint256 count = starIds.length;
uint256 totalTokens;
unchecked { totalTokens = count * TOKENS_PER_STAR; } // Safe: max 255 * 65536e8 << 2^256
// Burn tokens (will revert if insufficient balance)
stardust.burn(msg.sender, totalTokens);
// Transfer all stars
for (uint256 i; i < count;) {
ecliptic.transferPoint(starIds[i], recipient, true);
unchecked { ++i; }
}
emit StarsWithdrawn(msg.sender, recipient, starIds, totalTokens);
}
/**
* @notice Only the guardian can call this function
*/
modifier onlyGuardian() {
if (msg.sender != guardian) revert NotGuardian();
_;
}
/**
* @notice Activate sunset mode - permanently disables new deposits
* @dev Only callable by guardian, irreversible once activated
*/
function activateSunset() external onlyGuardian {
if (sunsetActivated) revert SunsetAlreadyActivated();
uint64 ts = uint64(block.timestamp);
sunsetActivated = true;
sunsetActivatedAt = ts;
emit SunsetActivated(msg.sender, ts);
}
/**
* @notice Start transfer of guardian role (step 1 of 2)
* @param newGuardian Address to transfer guardian role to
* @dev Two-step process prevents accidental transfer to wrong address
*/
function transferGuardian(address newGuardian) external onlyGuardian {
if (newGuardian == address(0)) revert ZeroAddress();
pendingGuardian = newGuardian;
emit GuardianTransferStarted(guardian, newGuardian);
}
/**
* @notice Accept transfer of guardian role (step 2 of 2)
* @dev Must be called by the pending guardian to complete transfer
*/
function acceptGuardian() external {
if (msg.sender != pendingGuardian) revert NotPendingGuardian();
address previous = guardian;
guardian = msg.sender;
pendingGuardian = address(0);
emit GuardianTransferred(previous, guardian);
}
/**
* @notice Permanently renounce the guardian role
* @dev After calling this, sunset can never be activated and rescue is disabled. Use with extreme caution.
*/
function renounceGuardian() external onlyGuardian {
emit GuardianTransferred(guardian, address(0));
guardian = address(0);
pendingGuardian = address(0);
}
/// @notice Get the total number of stars in the treasury
function totalStarsDeposited() external view returns (uint256) {
return depositedStars.length;
}
/**
* @notice Check if multiple stars are deposited
* @param starIds Array of star IDs to check
* @return Array of booleans indicating deposit status
*/
function areDeposited(uint32[] calldata starIds)
external
view
returns (bool[] memory)
{
uint256 count = starIds.length;
bool[] memory results = new bool[](count);
for (uint256 i; i < count;) {
results[i] = indexPlusOne[starIds[i]] != 0;
unchecked { ++i; }
}
return results;
}
/**
* @notice Get deposit information about a star
* @param starId The star ID to query
* @return isDeposited Whether the star is currently deposited
* @return depositIndex The index in the depositedStars array (type(uint256).max if not deposited)
*/
function getStarInfo(uint32 starId)
external
view
returns (bool isDeposited, uint256 depositIndex)
{
uint16 idxPlusOne = indexPlusOne[starId];
if (idxPlusOne == 0) {
return (false, type(uint256).max);
}
// Return true and the actual index (subtract 1 from stored value)
return (true, uint256(idxPlusOne - 1));
}
/**
* @notice Remove and return a star at the given index
* @param idx The index in depositedStars array to remove
* @dev Maintains array density by swap-and-pop
*/
function _removeAt(uint256 idx) private returns (uint32 removed) {
uint256 last = depositedStars.length - 1;
removed = uint32(depositedStars[idx]);
// Swap with last element if not already last
if (idx != last) {
uint16 lastStar = depositedStars[last];
depositedStars[idx] = lastStar;
indexPlusOne[uint32(lastStar)] = uint16(idx + 1);
}
depositedStars.pop();
delete indexPlusOne[removed];
}
/**
* @notice Guardian helper that forwards bridge registration to the token.
* @param arbitrumToken L2 token address
* @param arbitrumCustomGateway L1 custom gateway address
* @param arbitrumRouter L1 gateway router address
* @param gatewayParams [submissionCost, maxGas, gasPriceBid]
* @param routerParams [submissionCost, maxGas, gasPriceBid]
* @param refundL2Address Arbitrum address that receives any leftover submission funds
*/
function registerStardustBridge(
address arbitrumToken,
address arbitrumCustomGateway,
address arbitrumRouter,
uint256[3] calldata gatewayParams,
uint256[3] calldata routerParams,
address refundL2Address
) external onlyGuardian payable {
stardust.registerArbitrumBridge{ value: msg.value }(
arbitrumToken,
arbitrumCustomGateway,
arbitrumRouter,
gatewayParams,
routerParams,
refundL2Address
);
}
/**
* @notice Rescue ETH or ERC20 tokens sent to this contract
* @param asset Token address (use address(0) for ETH)
* @param to Recipient address
*/
function rescue(address asset, address to) external onlyGuardian {
if (to == address(0)) revert ZeroAddress();
// Rescue ETH
if (asset == address(0)) {
uint256 ethBalance = address(this).balance;
if (ethBalance > 0) {
(bool success, ) = to.call{value: ethBalance}("");
if (!success) revert EthSendFailed();
}
return;
}
// Rescue ERC20 (except Stardust)
if (asset == address(stardust)) revert NotAllowedToken();
uint256 tokenBalance = IERC20(asset).balanceOf(address(this));
if (tokenBalance > 0) {
IERC20(asset).safeTransfeSubmitted on: 2025-10-27 19:53:31
Comments
Log in to comment.
No comments yet.