Description:
Multi-signature wallet contract requiring multiple confirmations for transaction execution.
Blockchain: Ethereum
Source Code: View Code On The Blockchain
Solidity Source Code:
{{
"language": "Solidity",
"sources": {
"@openzeppelin/access/Ownable.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable.sol)
pragma solidity ^0.8.20;
import {Context} from "../utils/Context.sol";
/**
* @dev Contract module which provides a basic access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* The initial owner is set to the address provided by the deployer. This can
* later be changed with {transferOwnership}.
*
* This module is used through inheritance. It will make available the modifier
* `onlyOwner`, which can be applied to your functions to restrict their use to
* the owner.
*/
abstract contract Ownable is Context {
address private _owner;
/**
* @dev The caller account is not authorized to perform an operation.
*/
error OwnableUnauthorizedAccount(address account);
/**
* @dev The owner is not a valid owner account. (eg. `address(0)`)
*/
error OwnableInvalidOwner(address owner);
event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
/**
* @dev Initializes the contract setting the address provided by the deployer as the initial owner.
*/
constructor(address initialOwner) {
if (initialOwner == address(0)) {
revert OwnableInvalidOwner(address(0));
}
_transferOwnership(initialOwner);
}
/**
* @dev Throws if called by any account other than the owner.
*/
modifier onlyOwner() {
_checkOwner();
_;
}
/**
* @dev Returns the address of the current owner.
*/
function owner() public view virtual returns (address) {
return _owner;
}
/**
* @dev Throws if the sender is not the owner.
*/
function _checkOwner() internal view virtual {
if (owner() != _msgSender()) {
revert OwnableUnauthorizedAccount(_msgSender());
}
}
/**
* @dev Leaves the contract without owner. It will not be possible to call
* `onlyOwner` functions. Can only be called by the current owner.
*
* NOTE: Renouncing ownership will leave the contract without an owner,
* thereby disabling any functionality that is only available to the owner.
*/
function renounceOwnership() public virtual onlyOwner {
_transferOwnership(address(0));
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Can only be called by the current owner.
*/
function transferOwnership(address newOwner) public virtual onlyOwner {
if (newOwner == address(0)) {
revert OwnableInvalidOwner(address(0));
}
_transferOwnership(newOwner);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Internal function without access restriction.
*/
function _transferOwnership(address newOwner) internal virtual {
address oldOwner = _owner;
_owner = newOwner;
emit OwnershipTransferred(oldOwner, newOwner);
}
}
"
},
"@openzeppelin/proxy/utils/Initializable.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (proxy/utils/Initializable.sol)
pragma solidity ^0.8.20;
/**
* @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
* behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
* external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
* function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
*
* The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
* reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
* case an upgrade adds a module that needs to be initialized.
*
* For example:
*
* [.hljs-theme-light.nopadding]
* ```solidity
* contract MyToken is ERC20Upgradeable {
* function initialize() initializer public {
* __ERC20_init("MyToken", "MTK");
* }
* }
*
* contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
* function initializeV2() reinitializer(2) public {
* __ERC20Permit_init("MyToken");
* }
* }
* ```
*
* TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
* possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
*
* CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
* that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
*
* [CAUTION]
* ====
* Avoid leaving a contract uninitialized.
*
* An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
* contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
* the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
*
* [.hljs-theme-light.nopadding]
* ```
* /// @custom:oz-upgrades-unsafe-allow constructor
* constructor() {
* _disableInitializers();
* }
* ```
* ====
*/
abstract contract Initializable {
/**
* @dev Storage of the initializable contract.
*
* It's implemented on a custom ERC-7201 namespace to reduce the risk of storage collisions
* when using with upgradeable contracts.
*
* @custom:storage-location erc7201:openzeppelin.storage.Initializable
*/
struct InitializableStorage {
/**
* @dev Indicates that the contract has been initialized.
*/
uint64 _initialized;
/**
* @dev Indicates that the contract is in the process of being initialized.
*/
bool _initializing;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Initializable")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant INITIALIZABLE_STORAGE = 0xf0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a00;
/**
* @dev The contract is already initialized.
*/
error InvalidInitialization();
/**
* @dev The contract is not initializing.
*/
error NotInitializing();
/**
* @dev Triggered when the contract has been initialized or reinitialized.
*/
event Initialized(uint64 version);
/**
* @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
* `onlyInitializing` functions can be used to initialize parent contracts.
*
* Similar to `reinitializer(1)`, except that in the context of a constructor an `initializer` may be invoked any
* number of times. This behavior in the constructor can be useful during testing and is not expected to be used in
* production.
*
* Emits an {Initialized} event.
*/
modifier initializer() {
// solhint-disable-next-line var-name-mixedcase
InitializableStorage storage $ = _getInitializableStorage();
// Cache values to avoid duplicated sloads
bool isTopLevelCall = !$._initializing;
uint64 initialized = $._initialized;
// Allowed calls:
// - initialSetup: the contract is not in the initializing state and no previous version was
// initialized
// - construction: the contract is initialized at version 1 (no reininitialization) and the
// current contract is just being deployed
bool initialSetup = initialized == 0 && isTopLevelCall;
bool construction = initialized == 1 && address(this).code.length == 0;
if (!initialSetup && !construction) {
revert InvalidInitialization();
}
$._initialized = 1;
if (isTopLevelCall) {
$._initializing = true;
}
_;
if (isTopLevelCall) {
$._initializing = false;
emit Initialized(1);
}
}
/**
* @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
* contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
* used to initialize parent contracts.
*
* A reinitializer may be used after the original initialization step. This is essential to configure modules that
* are added through upgrades and that require initialization.
*
* When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`
* cannot be nested. If one is invoked in the context of another, execution will revert.
*
* Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
* a contract, executing them in the right order is up to the developer or operator.
*
* WARNING: Setting the version to 2**64 - 1 will prevent any future reinitialization.
*
* Emits an {Initialized} event.
*/
modifier reinitializer(uint64 version) {
// solhint-disable-next-line var-name-mixedcase
InitializableStorage storage $ = _getInitializableStorage();
if ($._initializing || $._initialized >= version) {
revert InvalidInitialization();
}
$._initialized = version;
$._initializing = true;
_;
$._initializing = false;
emit Initialized(version);
}
/**
* @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
* {initializer} and {reinitializer} modifiers, directly or indirectly.
*/
modifier onlyInitializing() {
_checkInitializing();
_;
}
/**
* @dev Reverts if the contract is not in an initializing state. See {onlyInitializing}.
*/
function _checkInitializing() internal view virtual {
if (!_isInitializing()) {
revert NotInitializing();
}
}
/**
* @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
* Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
* to any version. It is recommended to use this to lock implementation contracts that are designed to be called
* through proxies.
*
* Emits an {Initialized} event the first time it is successfully executed.
*/
function _disableInitializers() internal virtual {
// solhint-disable-next-line var-name-mixedcase
InitializableStorage storage $ = _getInitializableStorage();
if ($._initializing) {
revert InvalidInitialization();
}
if ($._initialized != type(uint64).max) {
$._initialized = type(uint64).max;
emit Initialized(type(uint64).max);
}
}
/**
* @dev Returns the highest version that has been initialized. See {reinitializer}.
*/
function _getInitializedVersion() internal view returns (uint64) {
return _getInitializableStorage()._initialized;
}
/**
* @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.
*/
function _isInitializing() internal view returns (bool) {
return _getInitializableStorage()._initializing;
}
/**
* @dev Returns a pointer to the storage namespace.
*/
// solhint-disable-next-line var-name-mixedcase
function _getInitializableStorage() private pure returns (InitializableStorage storage $) {
assembly {
$.slot := INITIALIZABLE_STORAGE
}
}
}
"
},
"@openzeppelin/token/ERC20/extensions/IERC20Permit.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/IERC20Permit.sol)
pragma solidity ^0.8.20;
/**
* @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
* https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
*
* Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
* presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't
* need to send a transaction, and thus is not required to hold Ether at all.
*
* ==== Security Considerations
*
* There are two important considerations concerning the use of `permit`. The first is that a valid permit signature
* expresses an allowance, and it should not be assumed to convey additional meaning. In particular, it should not be
* considered as an intention to spend the allowance in any specific way. The second is that because permits have
* built-in replay protection and can be submitted by anyone, they can be frontrun. A protocol that uses permits should
* take this into consideration and allow a `permit` call to fail. Combining these two aspects, a pattern that may be
* generally recommended is:
*
* ```solidity
* function doThingWithPermit(..., uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s) public {
* try token.permit(msg.sender, address(this), value, deadline, v, r, s) {} catch {}
* doThing(..., value);
* }
*
* function doThing(..., uint256 value) public {
* token.safeTransferFrom(msg.sender, address(this), value);
* ...
* }
* ```
*
* Observe that: 1) `msg.sender` is used as the owner, leaving no ambiguity as to the signer intent, and 2) the use of
* `try/catch` allows the permit to fail and makes the code tolerant to frontrunning. (See also
* {SafeERC20-safeTransferFrom}).
*
* Additionally, note that smart contract wallets (such as Argent or Safe) are not able to produce permit signatures, so
* contracts should have entry points that don't rely on permit.
*/
interface IERC20Permit {
/**
* @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,
* given ``owner``'s signed approval.
*
* IMPORTANT: The same issues {IERC20-approve} has related to transaction
* ordering also apply here.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `spender` cannot be the zero address.
* - `deadline` must be a timestamp in the future.
* - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`
* over the EIP712-formatted function arguments.
* - the signature must use ``owner``'s current nonce (see {nonces}).
*
* For more information on the signature format, see the
* https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP
* section].
*
* CAUTION: See Security Considerations above.
*/
function permit(
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) external;
/**
* @dev Returns the current nonce for `owner`. This value must be
* included whenever a signature is generated for {permit}.
*
* Every successful call to {permit} increases ``owner``'s nonce by one. This
* prevents a signature from being used multiple times.
*/
function nonces(address owner) external view returns (uint256);
/**
* @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.
*/
// solhint-disable-next-line func-name-mixedcase
function DOMAIN_SEPARATOR() external view returns (bytes32);
}
"
},
"@openzeppelin/token/ERC20/IERC20.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/IERC20.sol)
pragma solidity ^0.8.20;
/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/
interface IERC20 {
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
/**
* @dev Returns the value of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the value of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves a `value` amount of tokens from the caller's account to `to`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address to, uint256 value) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets a `value` amount of tokens as the allowance of `spender` over the
* caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 value) external returns (bool);
/**
* @dev Moves a `value` amount of tokens from `from` to `to` using the
* allowance mechanism. `value` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(address from, address to, uint256 value) external returns (bool);
}
"
},
"@openzeppelin/token/ERC20/utils/SafeERC20.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/utils/SafeERC20.sol)
pragma solidity ^0.8.20;
import {IERC20} from "../IERC20.sol";
import {IERC20Permit} from "../extensions/IERC20Permit.sol";
import {Address} from "../../../utils/Address.sol";
/**
* @title SafeERC20
* @dev Wrappers around ERC20 operations that throw on failure (when the token
* contract returns false). Tokens that return no value (and instead revert or
* throw on failure) are also supported, non-reverting calls are assumed to be
* successful.
* To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
* which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
*/
library SafeERC20 {
using Address for address;
/**
* @dev An operation with an ERC20 token failed.
*/
error SafeERC20FailedOperation(address token);
/**
* @dev Indicates a failed `decreaseAllowance` request.
*/
error SafeERC20FailedDecreaseAllowance(address spender, uint256 currentAllowance, uint256 requestedDecrease);
/**
* @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeTransfer(IERC20 token, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeCall(token.transfer, (to, value)));
}
/**
* @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the
* calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.
*/
function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeCall(token.transferFrom, (from, to, value)));
}
/**
* @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {
uint256 oldAllowance = token.allowance(address(this), spender);
forceApprove(token, spender, oldAllowance + value);
}
/**
* @dev Decrease the calling contract's allowance toward `spender` by `requestedDecrease`. If `token` returns no
* value, non-reverting calls are assumed to be successful.
*/
function safeDecreaseAllowance(IERC20 token, address spender, uint256 requestedDecrease) internal {
unchecked {
uint256 currentAllowance = token.allowance(address(this), spender);
if (currentAllowance < requestedDecrease) {
revert SafeERC20FailedDecreaseAllowance(spender, currentAllowance, requestedDecrease);
}
forceApprove(token, spender, currentAllowance - requestedDecrease);
}
}
/**
* @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval
* to be set to zero before setting it to a non-zero value, such as USDT.
*/
function forceApprove(IERC20 token, address spender, uint256 value) internal {
bytes memory approvalCall = abi.encodeCall(token.approve, (spender, value));
if (!_callOptionalReturnBool(token, approvalCall)) {
_callOptionalReturn(token, abi.encodeCall(token.approve, (spender, 0)));
_callOptionalReturn(token, approvalCall);
}
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*/
function _callOptionalReturn(IERC20 token, bytes memory data) private {
// We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
// we're implementing it ourselves. We use {Address-functionCall} to perform this call, which verifies that
// the target address contains contract code and also asserts for success in the low-level call.
bytes memory returndata = address(token).functionCall(data);
if (returndata.length != 0 && !abi.decode(returndata, (bool))) {
revert SafeERC20FailedOperation(address(token));
}
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*
* This is a variant of {_callOptionalReturn} that silents catches all reverts and returns a bool instead.
*/
function _callOptionalReturnBool(IERC20 token, bytes memory data) private returns (bool) {
// We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
// we're implementing it ourselves. We cannot use {Address-functionCall} here since this should return false
// and not revert is the subcall reverts.
(bool success, bytes memory returndata) = address(token).call(data);
return success && (returndata.length == 0 || abi.decode(returndata, (bool))) && address(token).code.length > 0;
}
}
"
},
"@openzeppelin/utils/Address.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/Address.sol)
pragma solidity ^0.8.20;
/**
* @dev Collection of functions related to the address type
*/
library Address {
/**
* @dev The ETH balance of the account is not enough to perform the operation.
*/
error AddressInsufficientBalance(address account);
/**
* @dev There's no code at `target` (it is not a contract).
*/
error AddressEmptyCode(address target);
/**
* @dev A call to an address target failed. The target may have reverted.
*/
error FailedInnerCall();
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.8.20/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
if (address(this).balance < amount) {
revert AddressInsufficientBalance(address(this));
}
(bool success, ) = recipient.call{value: amount}("");
if (!success) {
revert FailedInnerCall();
}
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason or custom error, it is bubbled
* up by this function (like regular Solidity function calls). However, if
* the call reverted with no returned reason, this function reverts with a
* {FailedInnerCall} error.
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*/
function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
if (address(this).balance < value) {
revert AddressInsufficientBalance(address(this));
}
(bool success, bytes memory returndata) = target.call{value: value}(data);
return verifyCallResultFromTarget(target, success, returndata);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*/
function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
(bool success, bytes memory returndata) = target.staticcall(data);
return verifyCallResultFromTarget(target, success, returndata);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a delegate call.
*/
function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
(bool success, bytes memory returndata) = target.delegatecall(data);
return verifyCallResultFromTarget(target, success, returndata);
}
/**
* @dev Tool to verify that a low level call to smart-contract was successful, and reverts if the target
* was not a contract or bubbling up the revert reason (falling back to {FailedInnerCall}) in case of an
* unsuccessful call.
*/
function verifyCallResultFromTarget(
address target,
bool success,
bytes memory returndata
) internal view returns (bytes memory) {
if (!success) {
_revert(returndata);
} else {
// only check if target is a contract if the call was successful and the return data is empty
// otherwise we already know that it was a contract
if (returndata.length == 0 && target.code.length == 0) {
revert AddressEmptyCode(target);
}
return returndata;
}
}
/**
* @dev Tool to verify that a low level call was successful, and reverts if it wasn't, either by bubbling the
* revert reason or with a default {FailedInnerCall} error.
*/
function verifyCallResult(bool success, bytes memory returndata) internal pure returns (bytes memory) {
if (!success) {
_revert(returndata);
} else {
return returndata;
}
}
/**
* @dev Reverts with returndata if present. Otherwise reverts with {FailedInnerCall}.
*/
function _revert(bytes memory returndata) private pure {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly
/// @solidity memory-safe-assembly
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert FailedInnerCall();
}
}
}
"
},
"@openzeppelin/utils/Context.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)
pragma solidity ^0.8.20;
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract Context {
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
function _contextSuffixLength() internal view virtual returns (uint256) {
return 0;
}
}
"
},
"contracts/CampaignFactory.sol": {
"content": "// SPDX-License-Identifier: MIT
pragma solidity 0.8.20;
import {Ownable} from "@openzeppelin/access/Ownable.sol";
import {IERC20} from "@openzeppelin/token/ERC20/IERC20.sol";
import {SafeERC20} from "@openzeppelin/token/ERC20/utils/SafeERC20.sol";
import {Initializable} from "@openzeppelin/proxy/utils/Initializable.sol";
import {ICampaignFactory} from "./ICampaignFactory.sol";
contract CampaignFactory is ICampaignFactory, Ownable, Initializable {
using SafeERC20 for IERC20;
/// @notice Max fee to be charged by protocol
int256 private constant MAX_FEE = 500;
/// @notice Seconds in a day
uint48 private constant DAY = 1 days;
/// @notice ID of the next Campaign to be created
uint256 public nextId;
/// @notice Campaign creation fee (in BPS)
int256 public protocolFee;
/// @inheritdoc ICampaignFactory
bool public paused;
/// @notice Address of the contract handling distributions
address public distributor;
/// @notice Mapping of campaign ID to campaign information
mapping(uint256 campaignId => Campaign) public campaigns;
/// @notice Mapping of token to whether it is allowed or not as an incentive
mapping(address token => bool allowed) public incentiveTokens;
/// @notice Mapping of token to the minimum incentive per day
mapping(address token => uint256 incentive) public minIncentivePerToken;
/// @notice Mapping of campaign creators to their custom fee
mapping(address user => int256 fee) public customFee;
/// @param _owner Owner of the contract
constructor(address _owner) Ownable(_owner) {}
/// @inheritdoc ICampaignFactory
function initialize(
address _owner,
address _distributor,
address[] memory allowedTokens,
uint256[] memory minAmounts,
int256 fee
) external initializer {
_transferOwnership(_owner);
if (_distributor == address(0)) revert InvalidZeroAddress();
if (allowedTokens.length != minAmounts.length) revert InvalidLengths();
distributor = _distributor;
_updateFee(fee);
for (uint256 i = 0; i < allowedTokens.length; i++) {
_allowToken(allowedTokens[i], true);
_updateMinIncentivePerToken(allowedTokens[i], minAmounts[i]);
}
}
/// @inheritdoc ICampaignFactory
function create(
address token,
address pool,
uint256 incentives,
uint48 startTime,
uint48 duration,
IncentiveType incentiveType,
address[] calldata addressList,
bytes calldata rewardsOptions
) external {
_requireNotPaused();
if (!incentiveTokens[token]) revert TokenNotSupported();
if (startTime < uint48(block.timestamp) + 2 hours) revert InvalidStartTime();
if (duration < 1) revert InvalidDuration();
if (incentives < (minIncentivePerToken[token] * duration)) revert InsufficientIncentives();
if (incentiveType == IncentiveType.ALLOW_LIST && addressList.length == 0) {
revert EmptyList();
}
uint256 fee = _calcFee(msg.sender, incentives);
IERC20(token).safeTransferFrom(msg.sender, distributor, incentives - fee);
IERC20(token).safeTransferFrom(msg.sender, address(this), fee);
duration = (duration * DAY) + startTime;
campaigns[nextId] = Campaign({
incentives: incentives,
pool: pool,
token: token,
canceled: false,
paused: false,
incentiveType: incentiveType,
creator: msg.sender,
endTime: duration,
startTime: startTime,
addressList: addressList,
rewardsOptions: rewardsOptions
});
emit CampaignCreated(
nextId,
msg.sender,
token,
pool,
incentives,
startTime,
duration,
incentiveType,
rewardsOptions
);
unchecked {
++nextId;
}
}
/// @inheritdoc ICampaignFactory
function allowToken(address token, bool allowed) external {
_requireOnlyOwner();
_allowToken(token, allowed);
}
/// @inheritdoc ICampaignFactory
function updateDistributor(address newDistributor) external {
_requireOnlyOwner();
if (newDistributor == address(0)) revert InvalidZeroAddress();
address previousDistributor = distributor;
distributor = newDistributor;
emit DistributorUpdated(previousDistributor, newDistributor);
}
/// @inheritdoc ICampaignFactory
function updateProtocolFee(int256 fee) external {
_requireOnlyOwner();
_updateFee(fee);
}
/// @inheritdoc ICampaignFactory
function updateMinIncentivePerToken(address token, uint256 incentive) external {
_requireOnlyOwner();
_updateMinIncentivePerToken(token, incentive);
}
/// @inheritdoc ICampaignFactory
function updateCustomFee(address user, int256 fee) external {
_requireOnlyOwner();
if (fee > protocolFee) revert InvalidFee();
customFee[user] = fee;
emit CustomFeeUpdated(user, fee);
}
/// @inheritdoc ICampaignFactory
function cancel(uint256 campaignId) external {
Campaign memory campaign = campaigns[campaignId];
if (uint48(block.timestamp) > campaign.startTime) _requireOnlyOwner();
else _requireOnlyOwnerOrCreator(campaign.creator);
campaign.canceled = true;
campaign.endTime = uint48(block.timestamp);
campaigns[campaignId] = campaign;
emit CampaignCanceled(campaignId);
}
/// @inheritdoc ICampaignFactory
function recoverERC20(address to, address token, uint256 amount) external {
_requireOnlyOwner();
IERC20(token).safeTransfer(to, amount);
emit RecoveredERC20(to, token, amount);
}
/// @inheritdoc ICampaignFactory
function pause(uint256 campaignId) external {
_requireOnlyOwner();
Campaign memory campaign = campaigns[campaignId];
if (campaign.endTime < uint48(block.timestamp)) revert CampaignIsExpired();
if (campaign.paused) revert CampaignAlreadyPaused();
campaign.paused = true;
campaigns[campaignId] = campaign;
emit CampaignPaused(campaignId);
}
/// @inheritdoc ICampaignFactory
function unpause(uint256 campaignId) external {
_requireOnlyOwner();
Campaign memory campaign = campaigns[campaignId];
if (!campaign.paused) revert CampaignNotPaused();
campaign.paused = false;
campaigns[campaignId] = campaign;
emit CampaignUnpaused(campaignId);
}
/// @inheritdoc ICampaignFactory
function pauseProtocol() external {
_requireOnlyOwner();
paused = true;
emit ProtocolPaused();
}
/// @inheritdoc ICampaignFactory
function unpauseProtocol() external {
_requireOnlyOwner();
paused = false;
emit ProtocolUnpaused();
}
function getCampaignAddressList(uint256 campaignId) external view returns (address[] memory) {
Campaign memory camp = campaigns[campaignId];
return camp.addressList;
}
/// @dev Checks if caller has operator rights
function _requireOnlyOwner() internal view {
if (msg.sender != owner()) revert Unauthorized();
}
/// @dev Checks if caller has campaign rights
function _requireOnlyOwnerOrCreator(address creator) internal view {
if (msg.sender != owner() && msg.sender != creator) revert Unauthorized();
}
/// @dev Check if protocol is paused
function _requireNotPaused() internal view {
if (paused) revert Paused();
}
/// @dev Calculates fee for the specified token and amount
/// @param user Address of the user to calculate the fee for
/// @param amount Amount of tokens to be used as incentives
function _calcFee(address user, uint256 amount) internal view returns (uint256) {
if (customFee[user] < 0) return 0;
int256 currFee = customFee[user] > 0 ? customFee[user] : protocolFee;
return (amount * uint256(currFee) / 10_000);
}
/// @dev Sets or removes token as a possible incentive
function _allowToken(address token, bool allowed) internal {
if (token == address(0)) revert InvalidZeroAddress();
incentiveTokens[token] = allowed;
emit TokenAllowedStatusUpdated(token, allowed);
}
/// @dev Updates the fee charged by the protocol to start a campaign
function _updateFee(int256 fee) internal {
if (fee > MAX_FEE || fee < 0) revert InvalidFee();
protocolFee = fee;
emit ProtocolFeeUpdated(fee);
}
/// @dev Updates the minimum incentives (per day) for a campaign for a specific token
function _updateMinIncentivePerToken(address token, uint256 incentive) internal {
minIncentivePerToken[token] = incentive;
emit TokenMinIncentiveUpdated(token, incentive);
}
}
"
},
"contracts/ICampaignFactory.sol": {
"content": "// SPDX-License-Identifier: MIT
pragma solidity 0.8.20;
interface ICampaignFactory {
/// @dev Campaign is already paused
error CampaignAlreadyPaused();
/// @dev Campaign cannot be updated as it has already ended
error CampaignIsExpired();
/// @dev Campaign is not currently paused
error CampaignNotPaused();
/// @dev Allow/deny list cannot be empty
error EmptyList();
/// @dev Campaign duration must be at least one week
error InvalidDuration();
/// @dev Fee for token is too high
error InvalidFee();
/// @dev Array lengths do not match
error InvalidLengths();
/// @dev Start time must be at least two hours in the future
error InvalidStartTime();
/// @dev Provided address cannot be the zero-address
error InvalidZeroAddress();
/// @dev Incentives do not meet the minimum required per week
error InsufficientIncentives();
/// @dev CampaignFactory protocol is currently paused
error Paused();
/// @dev The provided token is not supported as an incentive reward
error TokenNotSupported();
/// @dev msg.sender is not authorized to call this function
error Unauthorized();
/// @dev Emitted when a campaign is canceled prior to its start time
/// @param campaignId The identifier of the campaign that was canceled
event CampaignCanceled(uint256 campaignId);
/// @dev Emitted when a new incentives campaign is created
/// @param creator Address of the creator
/// @param token Address of the token to be rewarded
/// @param rewards Amount of token to be distributed in the campaign
/// @param endTime Timestamp of when the campaign ends
/// @param incentiveType Type of rewards accrual
/// @param rewardsOptions Bytes information with rewards options
event CampaignCreated(
uint256 campaignId,
address indexed creator,
address indexed token,
address indexed pool,
uint256 rewards,
uint48 startTime,
uint48 endTime,
IncentiveType incentiveType,
bytes rewardsOptions
);
/// @dev Emitted when a campaign is paused by the protocol
/// @param campaignId The identifier of the campaign that was paused
event CampaignPaused(uint256 campaignId);
/// @dev Emitted when a campaign is unpaused by the protocol
/// @param campaignId The identifier of the campaign that was unpaused
event CampaignUnpaused(uint256 campaignId);
/// @dev Emitted when the protocol updates the fee it charges for a specified user
/// @param user The address of the user to update the custom fee for
/// @param fee The fee to be charged on campaign creation (in BPS)
event CustomFeeUpdated(address user, int256 fee);
/// @dev Emitted when the protocol updates the distributor address
/// @param previousDistributor The address of the current distributor
/// @param newDistributor The address of the new distributor
event DistributorUpdated(address previousDistributor, address newDistributor);
/// @dev Emitted when the protocol updates the fee it charges for a new campaign
/// @param fee The fee to be charged on campaign creation (in BPS)
event ProtocolFeeUpdated(int256 fee);
/// @dev Emitted when the protocol is paused as a whole
event ProtocolPaused();
/// @dev Emitted when the protocol is unpaused as a whole
event ProtocolUnpaused();
/// @dev Emitted when an authorized user recovers an ERC20 token
/// @param to Address to send the tokens to
/// @param token Address of the token to recover
/// @param amount Amount of token to recover
event RecoveredERC20(address indexed to, address indexed token, uint256 amount);
/// @dev Emitted when a new token is allowed as a reward
/// @param token Address of token added
event TokenAllowedStatusUpdated(address indexed token, bool allowed);
/// @dev Emitted when the minimum incentive for a token is updated
/// @param token Address of the token rewarded
/// @param minIncentive The minimum amount of token that can be given in a campaign
event TokenMinIncentiveUpdated(address indexed token, uint256 minIncentive);
/// @dev Different types of incentives campaigns
enum IncentiveType {
DENY_LIST,
ALLOW_LIST
}
/// @dev Stores campaign information
struct Campaign {
uint256 incentives;
address pool;
address token;
bool canceled;
bool paused;
IncentiveType incentiveType;
address creator;
uint48 startTime;
uint48 endTime;
address[] addressList;
bytes rewardsOptions;
}
/// @dev Initializes contract, can only be done once
/// @param _owner Owner of the contract
/// @param _distributor Address of the Distributor instance
/// @param allowedTokens Array of tokens that are allowed initially
/// @param minAmounts Array of the respective minimum incentives per token
/// @param fee The fee charged by the protocol to create a campaign
function initialize(
address _owner,
address _distributor,
address[] memory allowedTokens,
uint256[] memory minAmounts,
int256 fee
) external;
/// @notice Creates a new incentives campaign
/// @param token Address of the token to reward via the campaign
/// @param pool Address of the pool to incentivize
/// @param incentives Total incentives to be awarded
/// @param duration Total duration of the incentives campaign (in weeks)
/// @param incentiveType Type of incentives: via allow list or via deny list
/// @param addressList List of addresses to allow/deny incentives to
/// @param rewardsOptions Bytes representing rewards options
function create(
address token,
address pool,
uint256 incentives,
uint48 startTime,
uint48 duration,
IncentiveType incentiveType,
address[] calldata addressList,
bytes calldata rewardsOptions
) external;
/// @notice Sets or removes a token as a possible incentive
/// @dev Only callable by owner
/// @param token Address of the token to set whether allowed or not for
/// @param allowed Whether to allow or disallow token
function allowToken(address token, bool allowed) external;
/// @notice Update the distributor contract address
/// @dev Only callable by owner
/// @param newDistributor Address of the new distributor contract
function updateDistributor(address newDistributor) external;
/// @notice Updates the fee charged by the protocol to start a campaign
/// @dev Only callable by the owner
/// @param fee Fee to be charged by the protocol (in BPS)
function updateProtocolFee(int256 fee) external;
/// @notice Updates the minimum incentives (per week) for a campaign for a specific token
/// @dev Only callable by the owner
/// @param token Address of the token to be rewarded
/// @param incentive The minimum incentives (per week)
function updateMinIncentivePerToken(address token, uint256 incentive) external;
/// @notice Updates the custom fee for a specified user
/// @dev Only callable by the owner
/// @param user Address of the user to update the custom fee for
/// @param fee The custom fee for the user (-1 is used for no-fee)
function updateCustomFee(address user, int256 fee) external;
/// @notice Cancels a created campaign prior to its start time
/// @param campaignId Identifier of the campaign to cancel
function cancel(uint256 campaignId) external;
/// @notice Recovers ERC20 tokens accidentally sent to the contract
/// @dev Only callable by the owner
/// @param to Address receiving the ERC20 tokens
/// @param token Address of the token to transfer
/// @param amount Amount of tokens to transfer
function recoverERC20(address to, address token, uint256 amount) external;
/// @notice Pauses a campaign and stops rewards accrual while paused
/// @param campaignId The identifier of the campaign to pause
function pause(uint256 campaignId) external;
/// @notice Unpauses a campaign so it can start rewards accrual
/// @param campaignId The identifier of the campaign to pause
function unpause(uint256 campaignId) external;
/// @notice Returns whether protocol is paused entirely
function paused() external view returns (bool);
/// @notice Pauses protocol as a whole
function pauseProtocol() external;
/// @notice Unpauses protocol as a whole
function unpauseProtocol() external;
}
"
}
},
"settings": {
"optimizer": {
"enabled": true,
"runs": 2000
},
"evmVersion": "paris",
"outputSelection": {
"*": {
"*": [
"evm.bytecode",
"evm.deployedBytecode",
"devdoc",
"userdoc",
"metadata",
"abi"
]
}
},
"metadata": {
"useLiteralContent": true
}
}
}}Submitted on: 2025-11-06 15:29:16
Comments
Log in to comment.
No comments yet.