Description:
Proxy contract enabling upgradeable smart contract patterns. Delegates calls to an implementation contract.
Blockchain: Ethereum
Source Code: View Code On The Blockchain
Solidity Source Code:
{{
"language": "Solidity",
"sources": {
"src/psm/GoBridgeMultiPSM_V1.sol": {
"content": "// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;
/**
* @title GoBridgeMultiPSM_V1
* @notice UUPS-upgradeable multi-asset Peg Stability Module (USDC/USDT/DAI).
* Mints goUSD 1:1 against supported stables (optional mint fee), and
* redeems goUSD 1:1 back to the same asset from in-kind reserves.
* @dev Policy & safety:
* - Mint path enforces an oracle price band (via GOracle.getAssetPrice), which
* also refreshes lastGoodPrice in the oracle. Redeem has 0 fee and uses reserves.
* - Per-asset and global net ceilings (minted - redeemed) limit outstanding supply.
* - Guardian can pause globally, enable/disable assets, or set HALTED (mint off).
* - Fees (if any) are minted to Treasury and accounted via Treasury.credit().
* - Reentrancy-guarded, pausable, role-gated admin/config.
* - Storage gap reserved; never reorder existing variables on upgrade.
*/
import {Initializable} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
import {AccessControlUpgradeable} from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol";
import {ReentrancyGuardUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/ReentrancyGuardUpgradeable.sol";
import {PausableUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/PausableUpgradeable.sol";
import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import {IERC20Permit} from "@openzeppelin/contracts/token/ERC20/extensions/IERC20Permit.sol";
import {SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
import {IGoUSD} from "../interfaces/IGoUSD.sol";
import {IGOracle} from "../interfaces/IGOracle.sol";
import {IGoTreasury} from "../interfaces/IGoTreasury.sol";
contract GoBridgeMultiPSM_V1 is Initializable, UUPSUpgradeable, AccessControlUpgradeable, ReentrancyGuardUpgradeable, PausableUpgradeable {
using SafeERC20 for IERC20;
// ─────────────────────────────────────────────────────────────────────────────
// Roles / Storage
// ─────────────────────────────────────────────────────────────────────────────
/// @notice Asset config & parameter manager (oracle/treasury/ceilings/fees).
bytes32 public constant ASSET_MANAGER_ROLE = keccak256("ASSET_MANAGER_ROLE");
/// @notice Can pause/unpause and toggle asset enabled/halting.
bytes32 public constant GUARDIAN_ROLE = keccak256("GUARDIAN_ROLE");
/// @notice goUSD token to mint/burn.
IGoUSD public goUSD;
/// @notice Oracle used for mint price band checks.
IGOracle public gOracle;
/// @notice Treasury that receives mint fees (if any).
IGoTreasury public goTreasury;
/// @notice Global ceiling for net outstanding goUSD (sum over assets).
uint256 public globalMintCeiling;
/// @notice Current global net minted (mints - redeems).
uint256 public globalMinted;
/// @notice Per-asset risk/config state.
struct Asset {
address token; // ERC20 address (e.g., USDC/USDT/DAI)
uint8 decimals; // token decimals
bool enabled; // asset listed for use
uint8 mode; // 0=PEG1 active, 2=HALTED (mint closed; redeem stays open)
uint16 bandLowBps; // price band lower bound in bps vs $1 (e.g., 9900 = $0.99)
uint16 bandHighBps;// price band upper bound in bps vs $1 (e.g., 10100 = $1.01)
uint256 mintCeiling;// per-asset net outstanding ceiling (0 = unlimited)
uint256 minted; // current net minted for this asset
uint16 feeMintBps; // fee on mint in bps (redeem = 0 fee)
}
/// @notice Asset map keyed by symbol (bytes32, e.g., "USDC").
mapping(bytes32 => Asset) public assets;
/// @notice List of configured symbols (for UIs/telemetry).
bytes32[] public symbolList;
// ─────────────────────────────────────────────────────────────────────────────
// Events
// ─────────────────────────────────────────────────────────────────────────────
event GuardianSet(address indexed account, bool allowed);
event AssetManagerSet(address indexed account, bool allowed);
event ParamsUpdated(address gOracle, address surplusCollector, uint256 globalMintCeiling);
event AssetConfigured(bytes32 indexed sym, address token, uint8 decimals, bool enabled, uint8 mode);
event AssetRiskParamsUpdated(bytes32 indexed sym, uint16 bandLowBps, uint16 bandHighBps);
event AssetCeilingUpdated(bytes32 indexed sym, uint256 mintCeiling);
event AssetFeesUpdated(bytes32 indexed sym, uint16 feeMintBps);
event Minted(bytes32 indexed sym, address indexed user, uint256 stableIn, uint256 goUSDOut, uint256 fee);
event Redeemed(bytes32 indexed sym, address indexed user, uint256 goUSDIn, uint256 stableOut);
event Swept(address indexed token, address indexed to, uint256 amount);
event ReserveMigrated(bytes32 indexed sym, address indexed to, uint256 amount);
// ─────────────────────────────────────────────────────────────────────────────
// Errors
// ─────────────────────────────────────────────────────────────────────────────
error ZeroAddress();
error InvalidParams();
error PermitFailed();
error NotEnabled();
error Halted();
error OracleUnavailable();
error PriceOutOfBand();
error AmountZero();
error CeilingExceeded();
error InsufficientReserve();
/// @custom:oz-upgrades-unsafe-allow constructor
constructor() {
_disableInitializers();
}
// ─────────────────────────────────────────────────────────────────────────────
// Initialization / Upgrade
// ─────────────────────────────────────────────────────────────────────────────
/**
* @notice Initialize core references and grant roles to `admin`.
* @dev Also sets the initial global ceiling value.
* @param admin Admin address (receives DEFAULT/ASSET_MANAGER/GUARDIAN).
* @param _goUSD goUSD token proxy address.
* @param _gOracle Oracle contract address.
* @param _goTreasury Treasury contract address.
* @param _globalMintCeiling Global net ceiling (0 = unlimited).
*/
function initialize(
address admin,
address _goUSD,
address _gOracle,
address _goTreasury,
uint256 _globalMintCeiling
) external initializer {
if (admin == address(0) || _goUSD == address(0) || _gOracle == address(0) || _goTreasury == address(0)) revert ZeroAddress();
__UUPSUpgradeable_init();
__AccessControl_init();
__ReentrancyGuard_init();
__Pausable_init();
_grantRole(DEFAULT_ADMIN_ROLE, admin);
_grantRole(ASSET_MANAGER_ROLE, admin);
_grantRole(GUARDIAN_ROLE, admin);
if (msg.sender != admin) {
_revokeRole(DEFAULT_ADMIN_ROLE, msg.sender);
}
goUSD = IGoUSD(_goUSD);
gOracle = IGOracle(_gOracle);
goTreasury = IGoTreasury(_goTreasury);
globalMintCeiling = _globalMintCeiling;
emit ParamsUpdated(_gOracle, _goTreasury, _globalMintCeiling);
}
/// @inheritdoc UUPSUpgradeable
function _authorizeUpgrade(address) internal override onlyRole(DEFAULT_ADMIN_ROLE) {}
// ─────────────────────────────────────────────────────────────────────────────
// Admin (roles & params)
// ─────────────────────────────────────────────────────────────────────────────
/**
* @notice Grant or revoke GUARDIAN_ROLE for `account`.
* @param account Target account.
* @param allowed True to grant, false to revoke.
*/
function setGuardian(address account, bool allowed) external onlyRole(DEFAULT_ADMIN_ROLE) {
if (account == address(0)) revert ZeroAddress();
if (allowed) _grantRole(GUARDIAN_ROLE, account);
else _revokeRole(GUARDIAN_ROLE, account);
emit GuardianSet(account, allowed);
}
/**
* @notice Grant or revoke ASSET_MANAGER_ROLE for `account`.
* @param account Target account.
* @param allowed True to grant, false to revoke.
*/
function setAccountant(address account, bool allowed) external onlyRole(DEFAULT_ADMIN_ROLE) {
if (account == address(0)) revert ZeroAddress();
if (allowed) _grantRole(ASSET_MANAGER_ROLE, account);
else _revokeRole(ASSET_MANAGER_ROLE, account);
emit AssetManagerSet(account, allowed);
}
/**
* @notice Update oracle reference.
* @param _gOracle New oracle address.
*/
function setOracle(address _gOracle) external onlyRole(ASSET_MANAGER_ROLE) {
if (_gOracle == address(0)) revert ZeroAddress();
gOracle = IGOracle(_gOracle);
emit ParamsUpdated(_gOracle, address(goTreasury), globalMintCeiling);
}
/**
* @notice Update treasury reference.
* @param _goTreasury New treasury address.
*/
function setGoTreasury(address _goTreasury) external onlyRole(ASSET_MANAGER_ROLE) {
if (_goTreasury == address(0)) revert ZeroAddress();
goTreasury = IGoTreasury(_goTreasury);
emit ParamsUpdated(address(gOracle), _goTreasury, globalMintCeiling);
}
/**
* @notice Update global net ceiling.
* @param _globalMintCeiling New global ceiling (0 = unlimited).
*/
function setGlobalMintCeiling(uint256 _globalMintCeiling) external onlyRole(ASSET_MANAGER_ROLE) {
globalMintCeiling = _globalMintCeiling;
emit ParamsUpdated(address(gOracle), address(goTreasury), _globalMintCeiling);
}
/**
* @notice Create/update an asset configuration.
* @dev Adds symbol to `symbolList` on first setup. Mode must be 0 or 2.
* @param sym Asset symbol key (e.g., bytes32("USDC")).
* @param token ERC20 address.
* @param decimals_ Token decimals.
* @param enabled Whether asset is active.
* @param mode_ 0=PEG1, 2=HALTED.
* @param bandLowBps_ Lower price band bound in bps vs $1.
* @param bandHighBps_ Upper price band bound in bps vs $1.
* @param mintCeiling_ Per-asset net ceiling (0 = unlimited).
* @param feeMintBps_ Mint fee in bps (redeem fee = 0).
*/
function configureAsset(
bytes32 sym,
address token,
uint8 decimals_,
bool enabled,
uint8 mode_,
uint16 bandLowBps_,
uint16 bandHighBps_,
uint256 mintCeiling_,
uint16 feeMintBps_
) external onlyRole(ASSET_MANAGER_ROLE) {
if(token == address(0)) revert ZeroAddress();
if (mode_ != 0 && mode_ != 2) revert InvalidParams();
if (bandLowBps_ == 0 || bandHighBps_ < bandLowBps_) revert InvalidParams();
Asset storage a = assets[sym];
if (a.token == address(0)) {
symbolList.push(sym);
}
a.token = token;
a.decimals = decimals_;
a.enabled = enabled;
a.mode = mode_;
a.bandLowBps = bandLowBps_;
a.bandHighBps = bandHighBps_;
a.mintCeiling = mintCeiling_;
a.feeMintBps = feeMintBps_;
emit AssetConfigured(sym, token, decimals_, enabled, mode_);
emit AssetRiskParamsUpdated(sym, bandLowBps_, bandHighBps_);
emit AssetCeilingUpdated(sym, mintCeiling_);
emit AssetFeesUpdated(sym, feeMintBps_);
}
/**
* @notice Enable/disable an asset (guardian control).
* @param sym Asset symbol.
* @param enabled New enabled flag.
*/
function setAssetEnabled(bytes32 sym, bool enabled) external onlyRole(GUARDIAN_ROLE) {
if (assets[sym].token == address(0)) revert InvalidParams();
assets[sym].enabled = enabled;
emit AssetConfigured(sym, assets[sym].token, assets[sym].decimals, enabled, assets[sym].mode);
}
/**
* @notice Halt/unhalt minting for an asset; redeem remains open when halted.
* @param sym Asset symbol.
* @param halted True to set HALTED (mode=2), false to set PEG1 (mode=0).
*/
function setAssetHalted(bytes32 sym, bool halted) external onlyRole(GUARDIAN_ROLE) {
if (assets[sym].token == address(0)) revert InvalidParams();
assets[sym].mode = halted ? 2 : 0;
emit AssetConfigured(sym, assets[sym].token, assets[sym].decimals, assets[sym].enabled, assets[sym].mode);
}
/**
* @notice Update price band for an asset.
* @param sym Asset symbol.
* @param lowBps New lower bound (bps vs $1).
* @param highBps New upper bound (bps vs $1).
*/
function setAssetBand(bytes32 sym, uint16 lowBps, uint16 highBps) external onlyRole(ASSET_MANAGER_ROLE) {
if (assets[sym].token == address(0)) revert InvalidParams();
if (lowBps == 0 || highBps < lowBps) revert InvalidParams();
assets[sym].bandLowBps = lowBps;
assets[sym].bandHighBps = highBps;
emit AssetRiskParamsUpdated(sym, lowBps, highBps);
}
/**
* @notice Update per-asset ceiling.
* @param sym Asset symbol.
* @param ceiling New ceiling (0 = unlimited).
*/
function setAssetCeiling(bytes32 sym, uint256 ceiling) external onlyRole(ASSET_MANAGER_ROLE) {
if (assets[sym].token == address(0)) revert InvalidParams();
assets[sym].mintCeiling = ceiling;
emit AssetCeilingUpdated(sym, ceiling);
}
/**
* @notice Update mint fee (bps) for an asset.
* @param sym Asset symbol.
* @param bps New bps value (e.g., 50 = 0.50%).
*/
function setAssetFeeMintBps(bytes32 sym, uint16 bps) external onlyRole(ASSET_MANAGER_ROLE) {
if (assets[sym].token == address(0)) revert InvalidParams();
assets[sym].feeMintBps = bps;
emit AssetFeesUpdated(sym, bps);
}
/// @notice Pause/unpause all PSM operations.
function pause() external onlyRole(GUARDIAN_ROLE) { _pause(); }
function unpause() external onlyRole(GUARDIAN_ROLE) { _unpause(); }
/**
* @notice Sweep unexpected ERC20s (not part of configured assets) while paused.
* @param token ERC20 to sweep.
* @param to Recipient.
* @param amount Amount to transfer.
*/
function sweepUnknownERC20(address token, address to, uint256 amount) external onlyRole(GUARDIAN_ROLE) whenPaused {
if (token == address(0) || to == address(0)) revert ZeroAddress();
if (_isAssetToken(token)) revert InvalidParams();
IERC20(token).safeTransfer(to, amount);
emit Swept(token, to, amount);
}
/**
* @notice Migrate an asset's reserves (e.g., during deprecation) while paused.
* @dev Asset must be disabled or halted.
* @param sym Asset symbol.
* @param to Recipient for migration.
* @param amount Amount to migrate (clamped to balance).
*/
function migrateReserve(bytes32 sym, address to, uint256 amount) external onlyRole(DEFAULT_ADMIN_ROLE) whenPaused {
if (to == address(0)) revert ZeroAddress();
Asset storage a = assets[sym];
if (a.token == address(0)) revert InvalidParams();
if (a.enabled && a.mode != 2) revert InvalidParams();
uint256 bal = IERC20(a.token).balanceOf(address(this));
if (amount > bal) amount = bal;
IERC20(a.token).safeTransfer(to, amount);
emit ReserveMigrated(sym, to, amount);
}
// ─────────────────────────────────────────────────────────────────────────────
// Core ops
// ─────────────────────────────────────────────────────────────────────────────
/**
* @notice Deposit `stableAmount` of `sym` and receive goUSD 1:1 minus fee.
* @dev Enforces oracle band and net ceilings; fee (if any) goes to Treasury.
* @param sym Asset symbol (e.g., "USDC").
* @param stableAmount Amount of the stable token to deposit.
*/
function deposit(bytes32 sym, uint256 stableAmount) external nonReentrant whenNotPaused {
if (stableAmount == 0) revert AmountZero();
_deposit(sym, stableAmount);
}
/**
* @notice Deposit `stableAmount` of `sym` with a permit and receive goUSD 1:1 minus fee.
* @dev Enforces oracle band and net ceilings; fee (if any) goes to Treasury.
* @param sym Asset symbol (e.g., "USDC").
* @param stableAmount Amount of the stable token to deposit.
*/
function depositWithPermit(
bytes32 sym,
uint256 stableAmount,
uint256 deadline,
uint8 v, bytes32 r, bytes32 s
) external nonReentrant whenNotPaused {
if (stableAmount == 0) revert AmountZero();
Asset storage a = assets[sym];
_permit2612(a.token, msg.sender, address(this), stableAmount, deadline, v, r, s);
_deposit(sym, stableAmount);
}
/**
* @notice Redeem goUSD back to the specified asset 1:1 from in-kind reserves.
* @dev 0 fee; requires sufficient on-chain reserves of that asset.
* @param sym Asset symbol to redeem into.
* @param goUSD18 Amount of goUSD (18 decimals) to redeem.
*/
function redeem(bytes32 sym, uint256 goUSD18) external nonReentrant whenNotPaused {
if (goUSD18 == 0) revert AmountZero();
_redeem(sym, goUSD18);
}
/**
* @notice Redeem goUSD with permit back to the specified asset 1:1 from in-kind reserves.
* @dev 0 fee; requires sufficient on-chain reserves of that asset.
* @param sym Asset symbol to redeem into.
* @param goUSD18 Amount of goUSD (18 decimals) to redeem.
*/
function redeemWithPermit(
bytes32 sym,
uint256 goUSD18,
uint256 deadline,
uint8 v, bytes32 r, bytes32 s
) external nonReentrant whenNotPaused {
if (goUSD18 == 0) revert AmountZero();
_permit2612(address(goUSD), msg.sender, address(this), goUSD18, deadline, v, r, s);
_redeem(sym, goUSD18);
}
// ─────────────────────────────────────────────────────────────────────────────
// View helpers
// ─────────────────────────────────────────────────────────────────────────────
/// @notice Returns the list of configured asset symbols.
function getSymbols() external view returns (bytes32[] memory) {
return symbolList;
}
/// @notice Read the static asset configuration for `sym`.
function getAssetConfig(bytes32 sym) external view returns (Asset memory) {
Asset storage a = assets[sym];
if (a.token == address(0)) revert InvalidParams();
return a;
}
/**
* @notice Read dynamic state for `sym` (reserve, net minted, price bps, in-band flag, halted flag).
* @return reserve Current token balance held by the PSM.
* @return minted Current net minted for this asset.
* @return priceBps Latest peek price in bps vs $1 (0 if oracle unavailable).
* @return inBand Whether price is within configured band.
* @return halted Whether asset is in HALTED mode.
*/
function getAssetState(bytes32 sym) external view returns (uint256 reserve, uint256 minted, uint256 priceBps, bool inBand, bool halted) {
Asset storage a = assets[sym];
if (a.token == address(0)) revert InvalidParams();
reserve = IERC20(a.token).balanceOf(address(this));
minted = a.minted;
(uint256 pBps, bool ok) = _priceBpsPeek(a.token);
priceBps = ok ? pBps : 0;
inBand = ok && pBps >= a.bandLowBps && pBps <= a.bandHighBps;
halted = a.mode == 2;
}
/// @notice Global counters + pause status for telemetry.
function getGlobalState() external view returns (uint256 _globalMinted, uint256 _globalCeiling, bool paused_) {
return (globalMinted, globalMintCeiling, paused());
}
/// @notice Convenience symbol constants.
function symUSDC() public pure returns (bytes32) { return bytes32("USDC"); }
function symUSDT() public pure returns (bytes32) { return bytes32("USDT"); }
function symDAI() public pure returns (bytes32) { return bytes32("DAI"); }
// ─────────────────────────────────────────────────────────────────────────────
// Internals
// ─────────────────────────────────────────────────────────────────────────────
/**
* @notice Core deposit flow (shared by deposit & depositWithPermit).
* @dev - Enforces asset enabled + not HALTED
* - Oracle band guard (updates lastGoodPrice via getAssetPrice)
* - Net ceilings (per-asset + global)
* - Transfers stable in, mints goUSD to user, fee (if any) to Treasury
* - Updates per-asset and global minted counters
* @param sym Asset symbol (e.g., bytes32("USDC"))
* @param stableAmount Amount of the stable token (token’s native decimals)
*/
function _deposit(bytes32 sym, uint256 stableAmount) internal {
Asset storage a = assets[sym];
if (!a.enabled) revert NotEnabled();
if (a.mode == 2) revert Halted();
(uint256 priceBps, bool ok) = _priceBps(a.token);
if (!ok) revert OracleUnavailable();
if (priceBps < a.bandLowBps || priceBps > a.bandHighBps) {
revert PriceOutOfBand();
}
uint256 goUSD18 = _scaleTo18(stableAmount, a.decimals);
uint256 fee = (goUSD18 * a.feeMintBps) / 10_000;
uint256 toUser = goUSD18 - fee;
if (toUser == 0) revert InvalidParams();
_enforceCeilings(a, goUSD18);
IERC20(a.token).safeTransferFrom(msg.sender, address(this), stableAmount);
goUSD.mint(msg.sender, toUser);
if (fee > 0) {
goUSD.mint(address(goTreasury), fee);
goTreasury.credit(fee, bytes32("PSM_MINT_FEE"));
}
a.minted += goUSD18;
globalMinted += goUSD18;
emit Minted(sym, msg.sender, stableAmount, toUser, fee);
}
/**
* @notice Core redeem flow (shared by redeem & redeemWithPermit).
* @dev - Enforces asset enabled
* - Requires sufficient in-kind reserves
* - Burns goUSD from user and sends out the stable
* - Decrements per-asset and global minted counters
* @param sym Asset symbol to redeem into
* @param goUSD18 Amount of goUSD to redeem (18 decimals)
*/
function _redeem(bytes32 sym, uint256 goUSD18) internal {
Asset storage a = assets[sym];
if (!a.enabled) revert NotEnabled();
uint256 stableOut = _scaleFrom18(goUSD18, a.decimals);
uint256 bal = IERC20(a.token).balanceOf(address(this));
if (bal < stableOut) revert InsufficientReserve();
goUSD.transferFrom(msg.sender, address(this), goUSD18);
goUSD.burn(goUSD18);
IERC20(a.token).safeTransfer(msg.sender, stableOut);
if (goUSD18 > a.minted) {
globalMinted -= a.minted;
a.minted = 0;
} else {
a.minted -= goUSD18;
globalMinted -= goUSD18;
}
emit Redeemed(sym, msg.sender, goUSD18, stableOut);
}
/**
* @notice EIP-2612 permit helper; grants allowance in the same tx (gasless approve UX).
* @dev - Expects target `token` to implement EIP-2612 `permit`
* - Low-level call keeps compatibility across OZ and non-OZ impls
* - Reverts with PermitFailed() if call fails (no code / non-2612 / expired / bad sig)
* @param token ERC20 token address that implements permit (e.g., goUSD, USDC/DAI on testnets)
* @param owner Address granting allowance (the user)
* @param spender Address receiving allowance (this contract)
* @param value Allowance amount to set
* @param deadline EIP-2612 signature deadline
* @param v,r,s ECDSA signature components
*/
function _permit2612(
address token,
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v, bytes32 r, bytes32 s
) internal {
(bool ok, ) = token.call(
abi.encodeWithSelector(IERC20Permit.permit.selector, owner, spender, value, deadline, v, r, s)
);
if (!ok) revert PermitFailed();
}
/// @dev Returns true iff `token` matches any configured asset token.
function _isAssetToken(address token) internal view returns (bool) {
uint256 n = symbolList.length;
for (uint256 i = 0; i < n; i++) {
Asset storage a = assets[symbolList[i]];
if (a.token == token) return true;
}
return false;
}
/// @dev Enforce per-asset and global net ceilings.
function _enforceCeilings(Asset storage a, uint256 mintAmount18) internal view {
if (a.mintCeiling > 0 && a.minted + mintAmount18 > a.mintCeiling) revert CeilingExceeded();
if (globalMintCeiling > 0 && globalMinted + mintAmount18 > globalMintCeiling) revert CeilingExceeded();
}
/// @dev Fetch live price and convert to bps vs $1; also updates lastGoodPrice in oracle.
function _priceBps(address assetToken) internal returns (uint256 priceBps, bool ok) {
(uint256 p, uint8 dec,,) = gOracle.getAssetPrice(assetToken);
if (p == 0) return (0, false);
uint256 price18 = (dec <= 18) ? (p * _pow10(uint8(18 - dec))) : (p / _pow10(uint8(dec - 18)));
priceBps = (price18 * 10_000) / 1e18;
ok = true;
}
/// @dev View-only price in bps vs $1 (does not update lastGoodPrice).
function _priceBpsPeek(address assetToken) internal view returns (uint256 priceBps, bool ok) {
(uint256 p, uint8 dec,,) = gOracle.peekAssetPrice(assetToken);
if (p == 0) return (0, false);
uint256 price18 = (dec <= 18) ? (p * _pow10(uint8(18 - dec))) : (p / _pow10(uint8(dec - 18)));
priceBps = (price18 * 10_000) / 1e18;
ok = true;
}
/// @dev Scale an `amount` with `dec` to 18 decimals.
function _scaleTo18(uint256 amount, uint8 dec) internal pure returns (uint256) {
return (dec <= 18) ? amount * _pow10(uint8(18 - dec)) : amount / _pow10(uint8(dec - 18));
}
/// @dev Scale an 18-decimal `amount18` down to token decimals `dec`.
function _scaleFrom18(uint256 amount18, uint8 dec) internal pure returns (uint256) {
return (dec <= 18) ? amount18 / _pow10(uint8(18 - dec)) : amount18 * _pow10(uint8(dec - 18));
}
/// @dev 10^n helper.
function _pow10(uint8 n) internal pure returns (uint256) {
uint256 r = 1;
for (uint8 i = 0; i < n; i++) { r *= 10; }
return r;
}
// ─────────────────────────────────────────────────────────────────────────────
// Storage gap (for upgrades)
// ─────────────────────────────────────────────────────────────────────────────
uint256[200] private __gap;
}"
},
"lib/openzeppelin-contracts-upgradeable/contracts/proxy/utils/Initializable.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.3.0) (proxy/utils/Initializable.sol)
pragma solidity ^0.8.20;
/**
* @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
* behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
* external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
* function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
*
* The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
* reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
* case an upgrade adds a module that needs to be initialized.
*
* For example:
*
* [.hljs-theme-light.nopadding]
* ```solidity
* contract MyToken is ERC20Upgradeable {
* function initialize() initializer public {
* __ERC20_init("MyToken", "MTK");
* }
* }
*
* contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
* function initializeV2() reinitializer(2) public {
* __ERC20Permit_init("MyToken");
* }
* }
* ```
*
* TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
* possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
*
* CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
* that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
*
* [CAUTION]
* ====
* Avoid leaving a contract uninitialized.
*
* An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
* contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
* the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
*
* [.hljs-theme-light.nopadding]
* ```
* /// @custom:oz-upgrades-unsafe-allow constructor
* constructor() {
* _disableInitializers();
* }
* ```
* ====
*/
abstract contract Initializable {
/**
* @dev Storage of the initializable contract.
*
* It's implemented on a custom ERC-7201 namespace to reduce the risk of storage collisions
* when using with upgradeable contracts.
*
* @custom:storage-location erc7201:openzeppelin.storage.Initializable
*/
struct InitializableStorage {
/**
* @dev Indicates that the contract has been initialized.
*/
uint64 _initialized;
/**
* @dev Indicates that the contract is in the process of being initialized.
*/
bool _initializing;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Initializable")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant INITIALIZABLE_STORAGE = 0xf0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a00;
/**
* @dev The contract is already initialized.
*/
error InvalidInitialization();
/**
* @dev The contract is not initializing.
*/
error NotInitializing();
/**
* @dev Triggered when the contract has been initialized or reinitialized.
*/
event Initialized(uint64 version);
/**
* @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
* `onlyInitializing` functions can be used to initialize parent contracts.
*
* Similar to `reinitializer(1)`, except that in the context of a constructor an `initializer` may be invoked any
* number of times. This behavior in the constructor can be useful during testing and is not expected to be used in
* production.
*
* Emits an {Initialized} event.
*/
modifier initializer() {
// solhint-disable-next-line var-name-mixedcase
InitializableStorage storage $ = _getInitializableStorage();
// Cache values to avoid duplicated sloads
bool isTopLevelCall = !$._initializing;
uint64 initialized = $._initialized;
// Allowed calls:
// - initialSetup: the contract is not in the initializing state and no previous version was
// initialized
// - construction: the contract is initialized at version 1 (no reinitialization) and the
// current contract is just being deployed
bool initialSetup = initialized == 0 && isTopLevelCall;
bool construction = initialized == 1 && address(this).code.length == 0;
if (!initialSetup && !construction) {
revert InvalidInitialization();
}
$._initialized = 1;
if (isTopLevelCall) {
$._initializing = true;
}
_;
if (isTopLevelCall) {
$._initializing = false;
emit Initialized(1);
}
}
/**
* @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
* contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
* used to initialize parent contracts.
*
* A reinitializer may be used after the original initialization step. This is essential to configure modules that
* are added through upgrades and that require initialization.
*
* When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`
* cannot be nested. If one is invoked in the context of another, execution will revert.
*
* Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
* a contract, executing them in the right order is up to the developer or operator.
*
* WARNING: Setting the version to 2**64 - 1 will prevent any future reinitialization.
*
* Emits an {Initialized} event.
*/
modifier reinitializer(uint64 version) {
// solhint-disable-next-line var-name-mixedcase
InitializableStorage storage $ = _getInitializableStorage();
if ($._initializing || $._initialized >= version) {
revert InvalidInitialization();
}
$._initialized = version;
$._initializing = true;
_;
$._initializing = false;
emit Initialized(version);
}
/**
* @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
* {initializer} and {reinitializer} modifiers, directly or indirectly.
*/
modifier onlyInitializing() {
_checkInitializing();
_;
}
/**
* @dev Reverts if the contract is not in an initializing state. See {onlyInitializing}.
*/
function _checkInitializing() internal view virtual {
if (!_isInitializing()) {
revert NotInitializing();
}
}
/**
* @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
* Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
* to any version. It is recommended to use this to lock implementation contracts that are designed to be called
* through proxies.
*
* Emits an {Initialized} event the first time it is successfully executed.
*/
function _disableInitializers() internal virtual {
// solhint-disable-next-line var-name-mixedcase
InitializableStorage storage $ = _getInitializableStorage();
if ($._initializing) {
revert InvalidInitialization();
}
if ($._initialized != type(uint64).max) {
$._initialized = type(uint64).max;
emit Initialized(type(uint64).max);
}
}
/**
* @dev Returns the highest version that has been initialized. See {reinitializer}.
*/
function _getInitializedVersion() internal view returns (uint64) {
return _getInitializableStorage()._initialized;
}
/**
* @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.
*/
function _isInitializing() internal view returns (bool) {
return _getInitializableStorage()._initializing;
}
/**
* @dev Pointer to storage slot. Allows integrators to override it with a custom storage location.
*
* NOTE: Consider following the ERC-7201 formula to derive storage locations.
*/
function _initializableStorageSlot() internal pure virtual returns (bytes32) {
return INITIALIZABLE_STORAGE;
}
/**
* @dev Returns a pointer to the storage namespace.
*/
// solhint-disable-next-line var-name-mixedcase
function _getInitializableStorage() private pure returns (InitializableStorage storage $) {
bytes32 slot = _initializableStorageSlot();
assembly {
$.slot := slot
}
}
}
"
},
"lib/openzeppelin-contracts-upgradeable/contracts/proxy/utils/UUPSUpgradeable.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.3.0) (proxy/utils/UUPSUpgradeable.sol)
pragma solidity ^0.8.22;
import {IERC1822Proxiable} from "@openzeppelin/contracts/interfaces/draft-IERC1822.sol";
import {ERC1967Utils} from "@openzeppelin/contracts/proxy/ERC1967/ERC1967Utils.sol";
import {Initializable} from "./Initializable.sol";
/**
* @dev An upgradeability mechanism designed for UUPS proxies. The functions included here can perform an upgrade of an
* {ERC1967Proxy}, when this contract is set as the implementation behind such a proxy.
*
* A security mechanism ensures that an upgrade does not turn off upgradeability accidentally, although this risk is
* reinstated if the upgrade retains upgradeability but removes the security mechanism, e.g. by replacing
* `UUPSUpgradeable` with a custom implementation of upgrades.
*
* The {_authorizeUpgrade} function must be overridden to include access restriction to the upgrade mechanism.
*/
abstract contract UUPSUpgradeable is Initializable, IERC1822Proxiable {
/// @custom:oz-upgrades-unsafe-allow state-variable-immutable
address private immutable __self = address(this);
/**
* @dev The version of the upgrade interface of the contract. If this getter is missing, both `upgradeTo(address)`
* and `upgradeToAndCall(address,bytes)` are present, and `upgradeTo` must be used if no function should be called,
* while `upgradeToAndCall` will invoke the `receive` function if the second argument is the empty byte string.
* If the getter returns `"5.0.0"`, only `upgradeToAndCall(address,bytes)` is present, and the second argument must
* be the empty byte string if no function should be called, making it impossible to invoke the `receive` function
* during an upgrade.
*/
string public constant UPGRADE_INTERFACE_VERSION = "5.0.0";
/**
* @dev The call is from an unauthorized context.
*/
error UUPSUnauthorizedCallContext();
/**
* @dev The storage `slot` is unsupported as a UUID.
*/
error UUPSUnsupportedProxiableUUID(bytes32 slot);
/**
* @dev Check that the execution is being performed through a delegatecall call and that the execution context is
* a proxy contract with an implementation (as defined in ERC-1967) pointing to self. This should only be the case
* for UUPS and transparent proxies that are using the current contract as their implementation. Execution of a
* function through ERC-1167 minimal proxies (clones) would not normally pass this test, but is not guaranteed to
* fail.
*/
modifier onlyProxy() {
_checkProxy();
_;
}
/**
* @dev Check that the execution is not being performed through a delegate call. This allows a function to be
* callable on the implementing contract but not through proxies.
*/
modifier notDelegated() {
_checkNotDelegated();
_;
}
function __UUPSUpgradeable_init() internal onlyInitializing {
}
function __UUPSUpgradeable_init_unchained() internal onlyInitializing {
}
/**
* @dev Implementation of the ERC-1822 {proxiableUUID} function. This returns the storage slot used by the
* implementation. It is used to validate the implementation's compatibility when performing an upgrade.
*
* IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks
* bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this
* function revert if invoked through a proxy. This is guaranteed by the `notDelegated` modifier.
*/
function proxiableUUID() external view virtual notDelegated returns (bytes32) {
return ERC1967Utils.IMPLEMENTATION_SLOT;
}
/**
* @dev Upgrade the implementation of the proxy to `newImplementation`, and subsequently execute the function call
* encoded in `data`.
*
* Calls {_authorizeUpgrade}.
*
* Emits an {Upgraded} event.
*
* @custom:oz-upgrades-unsafe-allow-reachable delegatecall
*/
function upgradeToAndCall(address newImplementation, bytes memory data) public payable virtual onlyProxy {
_authorizeUpgrade(newImplementation);
_upgradeToAndCallUUPS(newImplementation, data);
}
/**
* @dev Reverts if the execution is not performed via delegatecall or the execution
* context is not of a proxy with an ERC-1967 compliant implementation pointing to self.
*/
function _checkProxy() internal view virtual {
if (
address(this) == __self || // Must be called through delegatecall
ERC1967Utils.getImplementation() != __self // Must be called through an active proxy
) {
revert UUPSUnauthorizedCallContext();
}
}
/**
* @dev Reverts if the execution is performed via delegatecall.
* See {notDelegated}.
*/
function _checkNotDelegated() internal view virtual {
if (address(this) != __self) {
// Must not be called through delegatecall
revert UUPSUnauthorizedCallContext();
}
}
/**
* @dev Function that should revert when `msg.sender` is not authorized to upgrade the contract. Called by
* {upgradeToAndCall}.
*
* Normally, this function will use an xref:access.adoc[access control] modifier such as {Ownable-onlyOwner}.
*
* ```solidity
* function _authorizeUpgrade(address) internal onlyOwner {}
* ```
*/
function _authorizeUpgrade(address newImplementation) internal virtual;
/**
* @dev Performs an implementation upgrade with a security check for UUPS proxies, and additional setup call.
*
* As a security check, {proxiableUUID} is invoked in the new implementation, and the return value
* is expected to be the implementation slot in ERC-1967.
*
* Emits an {IERC1967-Upgraded} event.
*/
function _upgradeToAndCallUUPS(address newImplementation, bytes memory data) private {
try IERC1822Proxiable(newImplementation).proxiableUUID() returns (bytes32 slot) {
if (slot != ERC1967Utils.IMPLEMENTATION_SLOT) {
revert UUPSUnsupportedProxiableUUID(slot);
}
ERC1967Utils.upgradeToAndCall(newImplementation, data);
} catch {
// The implementation is not UUPS
revert ERC1967Utils.ERC1967InvalidImplementation(newImplementation);
}
}
}
"
},
"lib/openzeppelin-contracts-upgradeable/contracts/access/AccessControlUpgradeable.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (access/AccessControl.sol)
pragma solidity ^0.8.20;
import {IAccessControl} from "@openzeppelin/contracts/access/IAccessControl.sol";
import {ContextUpgradeable} from "../utils/ContextUpgradeable.sol";
import {IERC165} from "@openzeppelin/contracts/utils/introspection/IERC165.sol";
import {ERC165Upgradeable} from "../utils/introspection/ERC165Upgradeable.sol";
import {Initializable} from "../proxy/utils/Initializable.sol";
/**
* @dev Contract module that allows children to implement role-based access
* control mechanisms. This is a lightweight version that doesn't allow enumerating role
* members except through off-chain means by accessing the contract event logs. Some
* applications may benefit from on-chain enumerability, for those cases see
* {AccessControlEnumerable}.
*
* Roles are referred to by their `bytes32` identifier. These should be exposed
* in the external API and be unique. The best way to achieve this is by
* using `public constant` hash digests:
*
* ```solidity
* bytes32 public constant MY_ROLE = keccak256("MY_ROLE");
* ```
*
* Roles can be used to represent a set of permissions. To restrict access to a
* function call, use {hasRole}:
*
* ```solidity
* function foo() public {
* require(hasRole(MY_ROLE, msg.sender));
* ...
* }
* ```
*
* Roles can be granted and revoked dynamically via the {grantRole} and
* {revokeRole} functions. Each role has an associated admin role, and only
* accounts that have a role's admin role can call {grantRole} and {revokeRole}.
*
* By default, the admin role for all roles is `DEFAULT_ADMIN_ROLE`, which means
* that only accounts with this role will be able to grant or revoke other
* roles. More complex role relationships can be created by using
* {_setRoleAdmin}.
*
* WARNING: The `DEFAULT_ADMIN_ROLE` is also its own admin: it has permission to
* grant and revoke this role. Extra precautions should be taken to secure
* accounts that have been granted it. We recommend using {AccessControlDefaultAdminRules}
* to enforce additional security measures for this role.
*/
abstract contract AccessControlUpgradeable is Initializable, ContextUpgradeable, IAccessControl, ERC165Upgradeable {
struct RoleData {
mapping(address account => bool) hasRole;
bytes32 adminRole;
}
bytes32 public constant DEFAULT_ADMIN_ROLE = 0x00;
/// @custom:storage-location erc7201:openzeppelin.storage.AccessControl
struct AccessControlStorage {
mapping(bytes32 role => RoleData) _roles;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.AccessControl")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant AccessControlStorageLocation = 0x02dd7bc7dec4dceedda775e58dd541e08a116c6c53815c0bd028192f7b626800;
function _getAccessControlStorage() private pure returns (AccessControlStorage storage $) {
assembly {
$.slot := AccessControlStorageLocation
}
}
/**
* @dev Modifier that checks that an account has a specific role. Reverts
* with an {AccessControlUnauthorizedAccount} error including the required role.
*/
modifier onlyRole(bytes32 role) {
_checkRole(role);
_;
}
function __AccessControl_init() internal onlyInitializing {
}
function __AccessControl_init_unchained() internal onlyInitializing {
}
/// @inheritdoc IERC165
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return interfaceId == type(IAccessControl).interfaceId || super.supportsInterface(interfaceId);
}
/**
* @dev Returns `true` if `account` has been granted `role`.
*/
function hasRole(bytes32 role, address account) public view virtual returns (bool) {
AccessControlStorage storage $ = _getAccessControlStorage();
return $._roles[role].hasRole[account];
}
/**
* @dev Reverts with an {AccessControlUnauthorizedAccount} error if `_msgSender()`
* is missing `role`. Overriding this function changes the behavior of the {onlyRole} modifier.
*/
function _checkRole(bytes32 role) internal view virtual {
_checkRole(role, _msgSender());
}
/**
* @dev Reverts with an {AccessControlUnauthorizedAccount} error if `account`
* is missing `role`.
*/
function _checkRole(bytes32 role, address account) internal view virtual {
if (!hasRole(role, account)) {
revert AccessControlUnauthorizedAccount(account, role);
}
}
/**
* @dev Returns the admin role that controls `role`. See {grantRole} and
* {revokeRole}.
*
* To change a role's admin, use {_setRoleAdmin}.
*/
function getRoleAdmin(bytes32 role) public view virtual returns (bytes32) {
AccessControlStorage storage $ = _getAccessControlStorage();
return $._roles[role].adminRole;
}
/**
* @dev Grants `role` to `account`.
*
* If `account` had not been already granted `role`, emits a {RoleGranted}
* event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*
* May emit a {RoleGranted} event.
*/
function grantRole(bytes32 role, address account) public virtual onlyRole(getRoleAdmin(role)) {
_grantRole(role, account);
}
/**
* @dev Revokes `role` from `account`.
*
* If `account` had been granted `role`, emits a {RoleRevoked} event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*
* May emit a {RoleRevoked} event.
*/
function revokeRole(bytes32 role, address account) public virtual onlyRole(getRoleAdmin(role)) {
_revokeRole(role, account);
}
/**
* @dev Revokes `role` from the calling account.
*
* Roles are often managed via {grantRole} and {revokeRole}: this function's
* purpose is to provide a mechanism for accounts to lose their privileges
* if they are compromised (such as when a trusted device is misplaced).
*
* If the calling account had been revoked `role`, emits a {RoleRevoked}
* event.
*
* Requirements:
*
* - the caller must be `callerConfirmation`.
*
* May emit a {RoleRevoked} event.
*/
function renounceRole(bytes32 role, address callerConfirmation) public virtual {
if (callerConfirmation != _msgSender()) {
revert AccessControlBadConfirmation();
}
_revokeRole(role, callerConfirmation);
}
/**
* @dev Sets `adminRole` as ``role``'s admin role.
*
* Emits a {RoleAdminChanged} event.
*/
function _setRoleAdmin(bytes32 role, bytes32 adminRole) internal virtual {
AccessControlStorage storage $ = _getAccessControlStorage();
bytes32 previousAdminRole = getRoleAdmin(role);
$._roles[role].adminRole = adminRole;
emit RoleAdminChanged(role, previousAdminRole, adminRole);
}
/**
* @dev Attempts to grant `role` to `account` and returns a boolean indicating if `role` was granted.
*
* Internal function without access restriction.
*
* May emit a {RoleGranted} event.
*/
function _grantRole(bytes32 role, address account) internal virtual returns (bool) {
AccessControlStorage storage $ = _getAccessControlStorage();
if (!hasRole(role, account)) {
$._roles[role].hasRole[account] = true;
emit RoleGranted(role, account, _msgSender());
return true;
} else {
return false;
}
}
/**
* @dev Attempts to revoke `role` from `account` and returns a boolean indicating if `role` was revoked.
*
* Internal function without access restriction.
*
* May emit a {RoleRevoked} event.
*/
function _revokeRole(bytes32 role, address account) internal virtual returns (bool) {
AccessControlStorage storage $ = _getAccessControlStorage();
if (hasRole(role, account)) {
$._roles[role].hasRole[account] = false;
emit RoleRevoked(role, account, _msgSender());
return true;
} else {
return false;
}
}
}
"
},
"lib/openzeppelin-contracts-upgradeable/contracts/utils/ReentrancyGuardUpgradeable.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/ReentrancyGuard.sol)
pragma solidity ^0.8.20;
import {Initializable} from "../proxy/utils/Initializable.sol";
/**
* @dev Contract module that helps prevent reentrant calls to a function.
*
* Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier
* available, which can be applied to functions to make sure there are no nested
* (reentrant) calls to them.
*
* Note that because there is a single `nonReentrant` guard, functions marked as
* `nonReentrant` may not call one another. This can be worked around by making
* those functions `private`, and then adding `external` `nonReentrant` entry
* points to them.
*
* TIP: If EIP-1153 (transient storage) is available on the chain you're deploying at,
* consider using {ReentrancyGuardTransient} instead.
*
* TIP: If you would like to learn more about reentrancy and alternative ways
* to protect against it, check out our blog post
* https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul].
*/
abstract contract ReentrancyGuardUpgradeable is Initializable {
// Booleans are more expensive than uint256 or any type that takes up a full
// word because each write operation emits an extra SLOAD to first read the
// slot's contents, replace the bits taken up by the boolean, and then write
// back. This is the compiler's defense against contract upgrades and
// pointer aliasing, and it cannot be disabled.
// The values being non-zero value makes deployment a bit more expensive,
// but in exchange the refund on every call to nonReentrant will be lower in
// amount. Since refunds are capped to a percentage of the total
// transaction's gas, it is best to keep them low in cases like this one, to
// increase the likelihood of the full refund coming into effect.
uint256 private constant NOT_ENTERED = 1;
uint256 private constant ENTERED = 2;
/// @custom:storage-location erc7201:openzeppelin.storage.ReentrancyGuard
struct ReentrancyGuardStorage {
uint256 _status;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.ReentrancyGuard")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant ReentrancyGuardStorageLocation = 0x9b779b17422d0df92223018b32b4d1fa46e071723d6817e2486d003becc55f00;
function _getReentrancyGuardStorage() private pure returns (ReentrancyGuardStorage storage $) {
assembly {
$.slot := ReentrancyGuardStorageLocation
}
}
/**
* @dev Unauthorized reentrant call.
*/
error ReentrancyGuardReentrantCall();
function __ReentrancyGuard_init() internal onlyInitializing {
__ReentrancyGuard_init_unchained();
}
function __ReentrancyGuard_init_unchained() internal onlyInitializing {
ReentrancyGuardStorage storage $ = _getReentrancyGuardStorage();
$._status = NOT_ENTERED;
}
/**
* @dev Prevents a contract from calling itself, directly or indirectly.
* Calling a `nonReentrant` function from another `nonReentrant`
* function is not supported. It is possible to prevent this from happening
* by making the `nonReentrant` function external, and making it call a
* `private` function that does the actual work.
*/
modifier nonReentrant() {
_nonReentrantBefore();
_;
_nonReentrantAfter();
}
function _nonReentrantBefore() private {
ReentrancyGuardStorage storage $ = _getReentrancyGuardStorage();
// On the first call to nonReentrant, _status will be NOT_ENTERED
if ($._status == ENTERED) {
revert ReentrancyGuardReentrantCall();
}
// Any calls to nonReentrant after this point will fail
$._status = ENTERED;
}
function _nonReentrantAfter() private {
ReentrancyGuardStorage storage $ = _getReentrancyGuardStorage();
// By storing the original value once again, a refund is triggered (see
// https://eips.ethereum.org/EIPS/eip-2200)
$._status = NOT_ENTERED;
}
/**
* @dev Returns true if the reentrancy guard is currently set to "entered", which indicates there is a
* `nonReentrant` function in the call stack.
*/
function _reentrancyGuardEntered() internal view returns (bool) {
ReentrancyGuardStorage storage $ = _getReentrancyGuardStorage();
return $._status == ENTERED;
}
}
"
},
"lib/openzeppelin-contracts-upgradeable/contracts/utils/PausableUpgradeable.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.3.0) (utils/Pausable.sol)
pragma solidity ^0.8.20;
import {ContextUpgradeable} from "../utils/ContextUpgradeable.sol";
import {Initializable} from "../proxy/utils/Initializable.sol";
/**
* @dev Contract module which allows children to implement an emergency stop
* mechanism that can be triggered by an authorized account.
*
* This module is used through inheritance. It will make available the
* modifiers `whenNotPaused` and `whenPaused`, which can be applied to
* the functions of your contract. Note that they will not be pausable by
* simply including this module, only once the modifiers are put in place.
*/
abstract contract PausableUpgradeable is Initializable, ContextUpgradeable {
/// @custom:storage-location erc7201:openzeppelin.storage.Pausable
struct PausableStorage {
bool _paused;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Pausable")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant PausableStorageLocation = 0xcd5ed15c6e187e77e9aee88184c21f4f2182ab5827cb3b7e07fbedcd63f03300;
function _getPausableStorage() private pure returns (PausableStorage storage $) {
assembly {
$.slot := PausableStorageLocation
}
}
/**
* @dev Emitted when the pause is triggered by `account`.
*/
event Paused(address account);
/**
* @dev Emitted when the pause is lifted by `account`.
*/
event Unpaused(address account);
/**
* @dev The operation failed because the contract is paused.
*/
error EnforcedPause();
/**
* @dev The operation failed because the contract is not paused.
*/
error ExpectedPause();
/**
* @dev Modifier to make a function callable only when the contract is not paused.
*
* Requirements:
*
* - The contract must not be paused.
*/
modifier whenNotPaused() {
_requireNotPaused();
_;
}
/**
* @dev Modifier to make a function callable only when the contract is paused.
*
* Requirements:
*
* - The contract must be paused.
*/
modifier whenPaused() {
_requirePaused();
_;
}
function __Pausable_init() internal onlyInitializing {
}
function __Pausable_init_unchained() internal onlyInitializing {
}
/**
* @dev Returns true if the contract is paused, and false otherwise.
*/
function paused() public view virtual returns (bool) {
PausableStorage storage $ = _getPausableStorage();
return $._paused;
}
/**
* @dev Throws if the contract is paused.
*/
function _requireNotPaused() internal view virtual {
if (paused()) {
revert EnforcedPause();
}
}
/**
* @dev Throws if the contract is not paused.
*/
function _requirePaused() internal view virtual {
if (!paused()) {
revert ExpectedPause();
}
}
/**
* @dev Triggers stopped state.
*
* Requirements:
*
* - The contract must not be paused.
*/
function _pause() internal virtual whenNotPaused {
PausableStorage storage $ = _getPausableStorage();
$._paused = true;
emit Paused(_msgSender());
}
/**
* @dev Returns to normal state.
*
* Requirements:
*
* - The contract must be paused.
*/
function _unpause() internal virtual whenPaused {
PausableStorage storage $ = _getPausableStorage();
$._paused = false;
emit Unpaused(_msgSender());
}
}
"
},
"lib/openzeppelin-contracts-upgradeable/lib/openzeppelin-contracts/contracts/token/ERC20/IERC20.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (token/ERC20/IERC20.sol)
pragma solidity >=0.4.16;
/**
* @dev Interface of the ERC-20 standard as defined in the ERC.
*/
interface IERC20 {
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
/**
* @dev Returns the value of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the value of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves a `value` amount of tokens from the caller's account to `to`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address to, uint256 value) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets a `value` amount of tokens as the allowance of `spender` over the
* caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 value) external returns (bool);
/**
* @dev MSubmitted on: 2025-09-25 10:03:17
Comments
Log in to comment.
No comments yet.