Description:
Multi-signature wallet contract requiring multiple confirmations for transaction execution.
Blockchain: Ethereum
Source Code: View Code On The Blockchain
Solidity Source Code:
{{
"language": "Solidity",
"sources": {
"src/XOEReserveVault.sol": {
"content": "// SPDX-License-Identifier: MIT
pragma solidity ^0.8.30;
import "@openzeppelin/contracts/access/Ownable.sol";
import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
/// @title XOE Reserve Vault
/// @notice Custody contract for managing locked allocations and transaction fees.
contract XOEReserveVault is Ownable {
IERC20 public xoeToken;
uint256 public constant BRIDGE_LOCK_AMOUNT = 125_000_000 * 1e18;
uint256 public constant NFT_REWARDS_LOCK_AMOUNT = 250_000_000 * 1e18;
uint256 public bridgeUnlockTime;
uint256 public nftRewardsUnlockTime;
bool public bridgeAllocationReleased;
bool public nftRewardsAllocationReleased;
bool public tokenLinked;
// Upgrade functionality
address public newVault;
uint256 public vaultUpgradeTime;
uint256 public constant UPGRADE_DELAY = 7 days;
// Analytics
uint256 public totalFeesWithdrawn;
uint256 public totalAllocationsReleased;
event TokenLinked(address indexed token);
event FeeTransferRegistered(address indexed from, uint256 amount);
event AllocationReleased(string category, address indexed recipient, uint256 amount);
event ExternalAssetRecovered(address indexed token, uint256 amount, address recipient);
event FeesWithdrawn(address indexed recipient, uint256 amount);
event VaultUpgradeProposed(address indexed newVault, uint256 effectiveTime);
event VaultUpgradeExecuted(address indexed oldVault, address indexed newVault);
event AnalyticsUpdated(uint256 totalFeesWithdrawn, uint256 totalAllocationsReleased);
constructor() Ownable(msg.sender) {
// Set unlock periods at deployment
bridgeUnlockTime = block.timestamp + 30 days; // 1 month
nftRewardsUnlockTime = block.timestamp + 180 days; // 6 months
}
// ─────────────────────────────────────────────
// Modifiers
// ─────────────────────────────────────────────
/// @notice One-time link to the XOE token after deployment.
function linkToken(address _xoeToken) external onlyOwner {
require(!tokenLinked, "Token already linked");
require(_xoeToken != address(0), "Invalid token address");
xoeToken = IERC20(_xoeToken);
tokenLinked = true;
emit TokenLinked(_xoeToken);
}
/// @notice Logs transaction fee transfers from the XOE token.
function registerFeeTransfer(address from, uint256 amount) external {
// Allow calls from the token even if not linked yet (for constructor)
require(msg.sender == address(xoeToken) || address(xoeToken) == address(0), "Unauthorized");
emit FeeTransferRegistered(from, amount);
}
// ─────────────────────────────────────────────
// Release Logic (with time locks)
// ─────────────────────────────────────────────
function releaseBridgeAllocation(address recipient) external onlyOwner {
require(tokenLinked, "Token not linked yet");
require(block.timestamp >= bridgeUnlockTime, "Bridge allocation locked");
require(!bridgeAllocationReleased, "Bridge already released");
require(recipient != address(0), "Invalid recipient");
bridgeAllocationReleased = true;
require(xoeToken.transfer(recipient, BRIDGE_LOCK_AMOUNT), "Transfer failed");
totalAllocationsReleased += BRIDGE_LOCK_AMOUNT;
emit AllocationReleased("BRIDGE", recipient, BRIDGE_LOCK_AMOUNT);
emit AnalyticsUpdated(totalFeesWithdrawn, totalAllocationsReleased);
}
function releaseNftRewardsAllocation(address recipient) external onlyOwner {
require(tokenLinked, "Token not linked yet");
require(block.timestamp >= nftRewardsUnlockTime, "NFT rewards locked");
require(!nftRewardsAllocationReleased, "NFT rewards already released");
require(recipient != address(0), "Invalid recipient");
nftRewardsAllocationReleased = true;
require(xoeToken.transfer(recipient, NFT_REWARDS_LOCK_AMOUNT), "Transfer failed");
totalAllocationsReleased += NFT_REWARDS_LOCK_AMOUNT;
emit AllocationReleased("NFT_REWARDS", recipient, NFT_REWARDS_LOCK_AMOUNT);
emit AnalyticsUpdated(totalFeesWithdrawn, totalAllocationsReleased);
}
function recoverExternalAsset(address token, uint256 amount, address recipient) external onlyOwner {
require(recipient != address(0), "Invalid recipient");
require(token != address(xoeToken), "Use release functions for XOE");
require(IERC20(token).transfer(recipient, amount), "Transfer failed");
emit ExternalAssetRecovered(token, amount, recipient);
}
/// @notice Withdraw accumulated transaction fees to a recipient
function withdrawFees(address recipient, uint256 amount) external onlyOwner {
require(tokenLinked, "Token not linked yet");
require(recipient != address(0), "Invalid recipient");
require(amount > 0, "Zero amount");
require(amount <= xoeToken.balanceOf(address(this)), "Insufficient balance");
require(xoeToken.transfer(recipient, amount), "Transfer failed");
totalFeesWithdrawn += amount;
emit FeesWithdrawn(recipient, amount);
emit AnalyticsUpdated(totalFeesWithdrawn, totalAllocationsReleased);
}
/// @notice Get the current balance of accumulated fees
function getFeeBalance() external view returns (uint256) {
return xoeToken.balanceOf(address(this));
}
// ─────────────────────────────────────────────
// Upgrade Functionality
// ─────────────────────────────────────────────
/// @notice Propose vault upgrade
function proposeVaultUpgrade(address _newVault) external onlyOwner {
require(_newVault != address(0), "Invalid new vault");
require(_newVault != address(this), "Cannot upgrade to self");
newVault = _newVault;
vaultUpgradeTime = block.timestamp + UPGRADE_DELAY;
emit VaultUpgradeProposed(_newVault, vaultUpgradeTime);
}
/// @notice Execute vault upgrade
function executeVaultUpgrade() external onlyOwner {
require(newVault != address(0), "No upgrade proposed");
require(block.timestamp >= vaultUpgradeTime, "Upgrade delay not elapsed");
// Transfer all XOE tokens to new vault
uint256 balance = xoeToken.balanceOf(address(this));
if (balance > 0) {
require(xoeToken.transfer(newVault, balance), "Transfer to new vault failed");
}
address oldVault = address(this);
emit VaultUpgradeExecuted(oldVault, newVault);
}
// ─────────────────────────────────────────────
// Analytics
// ─────────────────────────────────────────────
/// @notice Get vault analytics
function getVaultAnalytics() external view returns (
uint256 totalFees,
uint256 totalAllocations,
uint256 currentBalance,
bool isUpgradeable
) {
return (
totalFeesWithdrawn,
totalAllocationsReleased,
xoeToken.balanceOf(address(this)),
newVault != address(0)
);
}
receive() external payable {}
}"
},
"lib/openzeppelin-contracts/contracts/access/Ownable.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable.sol)
pragma solidity ^0.8.20;
import {Context} from "../utils/Context.sol";
/**
* @dev Contract module which provides a basic access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* The initial owner is set to the address provided by the deployer. This can
* later be changed with {transferOwnership}.
*
* This module is used through inheritance. It will make available the modifier
* `onlyOwner`, which can be applied to your functions to restrict their use to
* the owner.
*/
abstract contract Ownable is Context {
address private _owner;
/**
* @dev The caller account is not authorized to perform an operation.
*/
error OwnableUnauthorizedAccount(address account);
/**
* @dev The owner is not a valid owner account. (eg. `address(0)`)
*/
error OwnableInvalidOwner(address owner);
event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
/**
* @dev Initializes the contract setting the address provided by the deployer as the initial owner.
*/
constructor(address initialOwner) {
if (initialOwner == address(0)) {
revert OwnableInvalidOwner(address(0));
}
_transferOwnership(initialOwner);
}
/**
* @dev Throws if called by any account other than the owner.
*/
modifier onlyOwner() {
_checkOwner();
_;
}
/**
* @dev Returns the address of the current owner.
*/
function owner() public view virtual returns (address) {
return _owner;
}
/**
* @dev Throws if the sender is not the owner.
*/
function _checkOwner() internal view virtual {
if (owner() != _msgSender()) {
revert OwnableUnauthorizedAccount(_msgSender());
}
}
/**
* @dev Leaves the contract without owner. It will not be possible to call
* `onlyOwner` functions. Can only be called by the current owner.
*
* NOTE: Renouncing ownership will leave the contract without an owner,
* thereby disabling any functionality that is only available to the owner.
*/
function renounceOwnership() public virtual onlyOwner {
_transferOwnership(address(0));
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Can only be called by the current owner.
*/
function transferOwnership(address newOwner) public virtual onlyOwner {
if (newOwner == address(0)) {
revert OwnableInvalidOwner(address(0));
}
_transferOwnership(newOwner);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Internal function without access restriction.
*/
function _transferOwnership(address newOwner) internal virtual {
address oldOwner = _owner;
_owner = newOwner;
emit OwnershipTransferred(oldOwner, newOwner);
}
}
"
},
"lib/openzeppelin-contracts/contracts/token/ERC20/IERC20.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (token/ERC20/IERC20.sol)
pragma solidity >=0.4.16;
/**
* @dev Interface of the ERC-20 standard as defined in the ERC.
*/
interface IERC20 {
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
/**
* @dev Returns the value of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the value of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves a `value` amount of tokens from the caller's account to `to`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address to, uint256 value) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets a `value` amount of tokens as the allowance of `spender` over the
* caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 value) external returns (bool);
/**
* @dev Moves a `value` amount of tokens from `from` to `to` using the
* allowance mechanism. `value` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(address from, address to, uint256 value) external returns (bool);
}
"
},
"lib/openzeppelin-contracts/contracts/utils/Context.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)
pragma solidity ^0.8.20;
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract Context {
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
function _contextSuffixLength() internal view virtual returns (uint256) {
return 0;
}
}
"
}
},
"settings": {
"remappings": [
"@openzeppelin/=lib/openzeppelin-contracts/",
"erc4626-tests/=lib/openzeppelin-contracts/lib/erc4626-tests/",
"forge-std/=lib/forge-std/src/",
"halmos-cheatcodes/=lib/openzeppelin-contracts/lib/halmos-cheatcodes/src/",
"openzeppelin-contracts/=lib/openzeppelin-contracts/"
],
"optimizer": {
"enabled": true,
"runs": 200
},
"metadata": {
"useLiteralContent": false,
"bytecodeHash": "ipfs",
"appendCBOR": true
},
"outputSelection": {
"*": {
"*": [
"evm.bytecode",
"evm.deployedBytecode",
"devdoc",
"userdoc",
"metadata",
"abi"
]
}
},
"evmVersion": "paris",
"viaIR": false
}
}}Submitted on: 2025-10-29 21:32:03
Comments
Log in to comment.
No comments yet.