Description:
Multi-signature wallet contract requiring multiple confirmations for transaction execution.
Blockchain: Ethereum
Source Code: View Code On The Blockchain
Solidity Source Code:
{{
"language": "Solidity",
"sources": {
"src/LeverageToken.sol": {
"content": "// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;
// Dependency imports
import {ERC20PermitUpgradeable} from
"@openzeppelin/contracts-upgradeable/token/ERC20/extensions/ERC20PermitUpgradeable.sol";
import {ERC20Upgradeable} from "@openzeppelin/contracts-upgradeable/token/ERC20/ERC20Upgradeable.sol";
import {Initializable} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
import {OwnableUpgradeable} from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
// Internal imports
import {ILeverageManager} from "src/interfaces/ILeverageManager.sol";
import {ILeverageToken} from "src/interfaces/ILeverageToken.sol";
/**
* @dev The LeverageToken contract is an upgradeable ERC20 token that represents a claim to the equity held by the LeverageToken.
* It is used to represent a user's claim to the equity held by the LeverageToken in the LeverageManager.
*
* @custom:contact security@seamlessprotocol.com
*/
contract LeverageToken is
Initializable,
ERC20Upgradeable,
ERC20PermitUpgradeable,
OwnableUpgradeable,
ILeverageToken
{
function initialize(address _leverageManager, string memory _name, string memory _symbol) external initializer {
__ERC20_init(_name, _symbol);
__ERC20Permit_init(_name);
__Ownable_init(_leverageManager);
emit ILeverageToken.LeverageTokenInitialized(_name, _symbol);
}
/// @inheritdoc ILeverageToken
function convertToAssets(uint256 shares) public view returns (uint256 assets) {
return ILeverageManager(owner()).convertToAssets(this, shares);
}
/// @inheritdoc ILeverageToken
function convertToShares(uint256 assets) public view returns (uint256 shares) {
return ILeverageManager(owner()).convertToShares(this, assets);
}
/// @inheritdoc ILeverageToken
function mint(address to, uint256 amount) external onlyOwner {
_mint(to, amount);
}
/// @inheritdoc ILeverageToken
function burn(address from, uint256 amount) external onlyOwner {
_burn(from, amount);
}
}
"
},
"lib/openzeppelin-contracts-upgradeable/contracts/token/ERC20/extensions/ERC20PermitUpgradeable.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (token/ERC20/extensions/ERC20Permit.sol)
pragma solidity ^0.8.20;
import {IERC20Permit} from "@openzeppelin/contracts/token/ERC20/extensions/IERC20Permit.sol";
import {ERC20Upgradeable} from "../ERC20Upgradeable.sol";
import {ECDSA} from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
import {EIP712Upgradeable} from "../../../utils/cryptography/EIP712Upgradeable.sol";
import {NoncesUpgradeable} from "../../../utils/NoncesUpgradeable.sol";
import {Initializable} from "../../../proxy/utils/Initializable.sol";
/**
* @dev Implementation of the ERC-20 Permit extension allowing approvals to be made via signatures, as defined in
* https://eips.ethereum.org/EIPS/eip-2612[ERC-2612].
*
* Adds the {permit} method, which can be used to change an account's ERC-20 allowance (see {IERC20-allowance}) by
* presenting a message signed by the account. By not relying on `{IERC20-approve}`, the token holder account doesn't
* need to send a transaction, and thus is not required to hold Ether at all.
*/
abstract contract ERC20PermitUpgradeable is Initializable, ERC20Upgradeable, IERC20Permit, EIP712Upgradeable, NoncesUpgradeable {
bytes32 private constant PERMIT_TYPEHASH =
keccak256("Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)");
/**
* @dev Permit deadline has expired.
*/
error ERC2612ExpiredSignature(uint256 deadline);
/**
* @dev Mismatched signature.
*/
error ERC2612InvalidSigner(address signer, address owner);
/**
* @dev Initializes the {EIP712} domain separator using the `name` parameter, and setting `version` to `"1"`.
*
* It's a good idea to use the same `name` that is defined as the ERC-20 token name.
*/
function __ERC20Permit_init(string memory name) internal onlyInitializing {
__EIP712_init_unchained(name, "1");
}
function __ERC20Permit_init_unchained(string memory) internal onlyInitializing {}
/**
* @inheritdoc IERC20Permit
*/
function permit(
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) public virtual {
if (block.timestamp > deadline) {
revert ERC2612ExpiredSignature(deadline);
}
bytes32 structHash = keccak256(abi.encode(PERMIT_TYPEHASH, owner, spender, value, _useNonce(owner), deadline));
bytes32 hash = _hashTypedDataV4(structHash);
address signer = ECDSA.recover(hash, v, r, s);
if (signer != owner) {
revert ERC2612InvalidSigner(signer, owner);
}
_approve(owner, spender, value);
}
/**
* @inheritdoc IERC20Permit
*/
function nonces(address owner) public view virtual override(IERC20Permit, NoncesUpgradeable) returns (uint256) {
return super.nonces(owner);
}
/**
* @inheritdoc IERC20Permit
*/
// solhint-disable-next-line func-name-mixedcase
function DOMAIN_SEPARATOR() external view virtual returns (bytes32) {
return _domainSeparatorV4();
}
}
"
},
"lib/openzeppelin-contracts-upgradeable/contracts/token/ERC20/ERC20Upgradeable.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (token/ERC20/ERC20.sol)
pragma solidity ^0.8.20;
import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import {IERC20Metadata} from "@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol";
import {ContextUpgradeable} from "../../utils/ContextUpgradeable.sol";
import {IERC20Errors} from "@openzeppelin/contracts/interfaces/draft-IERC6093.sol";
import {Initializable} from "../../proxy/utils/Initializable.sol";
/**
* @dev Implementation of the {IERC20} interface.
*
* This implementation is agnostic to the way tokens are created. This means
* that a supply mechanism has to be added in a derived contract using {_mint}.
*
* TIP: For a detailed writeup see our guide
* https://forum.openzeppelin.com/t/how-to-implement-erc20-supply-mechanisms/226[How
* to implement supply mechanisms].
*
* The default value of {decimals} is 18. To change this, you should override
* this function so it returns a different value.
*
* We have followed general OpenZeppelin Contracts guidelines: functions revert
* instead returning `false` on failure. This behavior is nonetheless
* conventional and does not conflict with the expectations of ERC-20
* applications.
*/
abstract contract ERC20Upgradeable is Initializable, ContextUpgradeable, IERC20, IERC20Metadata, IERC20Errors {
/// @custom:storage-location erc7201:openzeppelin.storage.ERC20
struct ERC20Storage {
mapping(address account => uint256) _balances;
mapping(address account => mapping(address spender => uint256)) _allowances;
uint256 _totalSupply;
string _name;
string _symbol;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.ERC20")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant ERC20StorageLocation = 0x52c63247e1f47db19d5ce0460030c497f067ca4cebf71ba98eeadabe20bace00;
function _getERC20Storage() private pure returns (ERC20Storage storage $) {
assembly {
$.slot := ERC20StorageLocation
}
}
/**
* @dev Sets the values for {name} and {symbol}.
*
* All two of these values are immutable: they can only be set once during
* construction.
*/
function __ERC20_init(string memory name_, string memory symbol_) internal onlyInitializing {
__ERC20_init_unchained(name_, symbol_);
}
function __ERC20_init_unchained(string memory name_, string memory symbol_) internal onlyInitializing {
ERC20Storage storage $ = _getERC20Storage();
$._name = name_;
$._symbol = symbol_;
}
/**
* @dev Returns the name of the token.
*/
function name() public view virtual returns (string memory) {
ERC20Storage storage $ = _getERC20Storage();
return $._name;
}
/**
* @dev Returns the symbol of the token, usually a shorter version of the
* name.
*/
function symbol() public view virtual returns (string memory) {
ERC20Storage storage $ = _getERC20Storage();
return $._symbol;
}
/**
* @dev Returns the number of decimals used to get its user representation.
* For example, if `decimals` equals `2`, a balance of `505` tokens should
* be displayed to a user as `5.05` (`505 / 10 ** 2`).
*
* Tokens usually opt for a value of 18, imitating the relationship between
* Ether and Wei. This is the default value returned by this function, unless
* it's overridden.
*
* NOTE: This information is only used for _display_ purposes: it in
* no way affects any of the arithmetic of the contract, including
* {IERC20-balanceOf} and {IERC20-transfer}.
*/
function decimals() public view virtual returns (uint8) {
return 18;
}
/**
* @dev See {IERC20-totalSupply}.
*/
function totalSupply() public view virtual returns (uint256) {
ERC20Storage storage $ = _getERC20Storage();
return $._totalSupply;
}
/**
* @dev See {IERC20-balanceOf}.
*/
function balanceOf(address account) public view virtual returns (uint256) {
ERC20Storage storage $ = _getERC20Storage();
return $._balances[account];
}
/**
* @dev See {IERC20-transfer}.
*
* Requirements:
*
* - `to` cannot be the zero address.
* - the caller must have a balance of at least `value`.
*/
function transfer(address to, uint256 value) public virtual returns (bool) {
address owner = _msgSender();
_transfer(owner, to, value);
return true;
}
/**
* @dev See {IERC20-allowance}.
*/
function allowance(address owner, address spender) public view virtual returns (uint256) {
ERC20Storage storage $ = _getERC20Storage();
return $._allowances[owner][spender];
}
/**
* @dev See {IERC20-approve}.
*
* NOTE: If `value` is the maximum `uint256`, the allowance is not updated on
* `transferFrom`. This is semantically equivalent to an infinite approval.
*
* Requirements:
*
* - `spender` cannot be the zero address.
*/
function approve(address spender, uint256 value) public virtual returns (bool) {
address owner = _msgSender();
_approve(owner, spender, value);
return true;
}
/**
* @dev See {IERC20-transferFrom}.
*
* Skips emitting an {Approval} event indicating an allowance update. This is not
* required by the ERC. See {xref-ERC20-_approve-address-address-uint256-bool-}[_approve].
*
* NOTE: Does not update the allowance if the current allowance
* is the maximum `uint256`.
*
* Requirements:
*
* - `from` and `to` cannot be the zero address.
* - `from` must have a balance of at least `value`.
* - the caller must have allowance for ``from``'s tokens of at least
* `value`.
*/
function transferFrom(address from, address to, uint256 value) public virtual returns (bool) {
address spender = _msgSender();
_spendAllowance(from, spender, value);
_transfer(from, to, value);
return true;
}
/**
* @dev Moves a `value` amount of tokens from `from` to `to`.
*
* This internal function is equivalent to {transfer}, and can be used to
* e.g. implement automatic token fees, slashing mechanisms, etc.
*
* Emits a {Transfer} event.
*
* NOTE: This function is not virtual, {_update} should be overridden instead.
*/
function _transfer(address from, address to, uint256 value) internal {
if (from == address(0)) {
revert ERC20InvalidSender(address(0));
}
if (to == address(0)) {
revert ERC20InvalidReceiver(address(0));
}
_update(from, to, value);
}
/**
* @dev Transfers a `value` amount of tokens from `from` to `to`, or alternatively mints (or burns) if `from`
* (or `to`) is the zero address. All customizations to transfers, mints, and burns should be done by overriding
* this function.
*
* Emits a {Transfer} event.
*/
function _update(address from, address to, uint256 value) internal virtual {
ERC20Storage storage $ = _getERC20Storage();
if (from == address(0)) {
// Overflow check required: The rest of the code assumes that totalSupply never overflows
$._totalSupply += value;
} else {
uint256 fromBalance = $._balances[from];
if (fromBalance < value) {
revert ERC20InsufficientBalance(from, fromBalance, value);
}
unchecked {
// Overflow not possible: value <= fromBalance <= totalSupply.
$._balances[from] = fromBalance - value;
}
}
if (to == address(0)) {
unchecked {
// Overflow not possible: value <= totalSupply or value <= fromBalance <= totalSupply.
$._totalSupply -= value;
}
} else {
unchecked {
// Overflow not possible: balance + value is at most totalSupply, which we know fits into a uint256.
$._balances[to] += value;
}
}
emit Transfer(from, to, value);
}
/**
* @dev Creates a `value` amount of tokens and assigns them to `account`, by transferring it from address(0).
* Relies on the `_update` mechanism
*
* Emits a {Transfer} event with `from` set to the zero address.
*
* NOTE: This function is not virtual, {_update} should be overridden instead.
*/
function _mint(address account, uint256 value) internal {
if (account == address(0)) {
revert ERC20InvalidReceiver(address(0));
}
_update(address(0), account, value);
}
/**
* @dev Destroys a `value` amount of tokens from `account`, lowering the total supply.
* Relies on the `_update` mechanism.
*
* Emits a {Transfer} event with `to` set to the zero address.
*
* NOTE: This function is not virtual, {_update} should be overridden instead
*/
function _burn(address account, uint256 value) internal {
if (account == address(0)) {
revert ERC20InvalidSender(address(0));
}
_update(account, address(0), value);
}
/**
* @dev Sets `value` as the allowance of `spender` over the `owner` s tokens.
*
* This internal function is equivalent to `approve`, and can be used to
* e.g. set automatic allowances for certain subsystems, etc.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `owner` cannot be the zero address.
* - `spender` cannot be the zero address.
*
* Overrides to this logic should be done to the variant with an additional `bool emitEvent` argument.
*/
function _approve(address owner, address spender, uint256 value) internal {
_approve(owner, spender, value, true);
}
/**
* @dev Variant of {_approve} with an optional flag to enable or disable the {Approval} event.
*
* By default (when calling {_approve}) the flag is set to true. On the other hand, approval changes made by
* `_spendAllowance` during the `transferFrom` operation set the flag to false. This saves gas by not emitting any
* `Approval` event during `transferFrom` operations.
*
* Anyone who wishes to continue emitting `Approval` events on the`transferFrom` operation can force the flag to
* true using the following override:
*
* ```solidity
* function _approve(address owner, address spender, uint256 value, bool) internal virtual override {
* super._approve(owner, spender, value, true);
* }
* ```
*
* Requirements are the same as {_approve}.
*/
function _approve(address owner, address spender, uint256 value, bool emitEvent) internal virtual {
ERC20Storage storage $ = _getERC20Storage();
if (owner == address(0)) {
revert ERC20InvalidApprover(address(0));
}
if (spender == address(0)) {
revert ERC20InvalidSpender(address(0));
}
$._allowances[owner][spender] = value;
if (emitEvent) {
emit Approval(owner, spender, value);
}
}
/**
* @dev Updates `owner` s allowance for `spender` based on spent `value`.
*
* Does not update the allowance value in case of infinite allowance.
* Revert if not enough allowance is available.
*
* Does not emit an {Approval} event.
*/
function _spendAllowance(address owner, address spender, uint256 value) internal virtual {
uint256 currentAllowance = allowance(owner, spender);
if (currentAllowance != type(uint256).max) {
if (currentAllowance < value) {
revert ERC20InsufficientAllowance(spender, currentAllowance, value);
}
unchecked {
_approve(owner, spender, currentAllowance - value, false);
}
}
}
}
"
},
"lib/openzeppelin-contracts-upgradeable/contracts/proxy/utils/Initializable.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (proxy/utils/Initializable.sol)
pragma solidity ^0.8.20;
/**
* @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
* behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
* external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
* function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
*
* The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
* reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
* case an upgrade adds a module that needs to be initialized.
*
* For example:
*
* [.hljs-theme-light.nopadding]
* ```solidity
* contract MyToken is ERC20Upgradeable {
* function initialize() initializer public {
* __ERC20_init("MyToken", "MTK");
* }
* }
*
* contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
* function initializeV2() reinitializer(2) public {
* __ERC20Permit_init("MyToken");
* }
* }
* ```
*
* TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
* possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
*
* CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
* that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
*
* [CAUTION]
* ====
* Avoid leaving a contract uninitialized.
*
* An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
* contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
* the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
*
* [.hljs-theme-light.nopadding]
* ```
* /// @custom:oz-upgrades-unsafe-allow constructor
* constructor() {
* _disableInitializers();
* }
* ```
* ====
*/
abstract contract Initializable {
/**
* @dev Storage of the initializable contract.
*
* It's implemented on a custom ERC-7201 namespace to reduce the risk of storage collisions
* when using with upgradeable contracts.
*
* @custom:storage-location erc7201:openzeppelin.storage.Initializable
*/
struct InitializableStorage {
/**
* @dev Indicates that the contract has been initialized.
*/
uint64 _initialized;
/**
* @dev Indicates that the contract is in the process of being initialized.
*/
bool _initializing;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Initializable")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant INITIALIZABLE_STORAGE = 0xf0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a00;
/**
* @dev The contract is already initialized.
*/
error InvalidInitialization();
/**
* @dev The contract is not initializing.
*/
error NotInitializing();
/**
* @dev Triggered when the contract has been initialized or reinitialized.
*/
event Initialized(uint64 version);
/**
* @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
* `onlyInitializing` functions can be used to initialize parent contracts.
*
* Similar to `reinitializer(1)`, except that in the context of a constructor an `initializer` may be invoked any
* number of times. This behavior in the constructor can be useful during testing and is not expected to be used in
* production.
*
* Emits an {Initialized} event.
*/
modifier initializer() {
// solhint-disable-next-line var-name-mixedcase
InitializableStorage storage $ = _getInitializableStorage();
// Cache values to avoid duplicated sloads
bool isTopLevelCall = !$._initializing;
uint64 initialized = $._initialized;
// Allowed calls:
// - initialSetup: the contract is not in the initializing state and no previous version was
// initialized
// - construction: the contract is initialized at version 1 (no reininitialization) and the
// current contract is just being deployed
bool initialSetup = initialized == 0 && isTopLevelCall;
bool construction = initialized == 1 && address(this).code.length == 0;
if (!initialSetup && !construction) {
revert InvalidInitialization();
}
$._initialized = 1;
if (isTopLevelCall) {
$._initializing = true;
}
_;
if (isTopLevelCall) {
$._initializing = false;
emit Initialized(1);
}
}
/**
* @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
* contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
* used to initialize parent contracts.
*
* A reinitializer may be used after the original initialization step. This is essential to configure modules that
* are added through upgrades and that require initialization.
*
* When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`
* cannot be nested. If one is invoked in the context of another, execution will revert.
*
* Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
* a contract, executing them in the right order is up to the developer or operator.
*
* WARNING: Setting the version to 2**64 - 1 will prevent any future reinitialization.
*
* Emits an {Initialized} event.
*/
modifier reinitializer(uint64 version) {
// solhint-disable-next-line var-name-mixedcase
InitializableStorage storage $ = _getInitializableStorage();
if ($._initializing || $._initialized >= version) {
revert InvalidInitialization();
}
$._initialized = version;
$._initializing = true;
_;
$._initializing = false;
emit Initialized(version);
}
/**
* @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
* {initializer} and {reinitializer} modifiers, directly or indirectly.
*/
modifier onlyInitializing() {
_checkInitializing();
_;
}
/**
* @dev Reverts if the contract is not in an initializing state. See {onlyInitializing}.
*/
function _checkInitializing() internal view virtual {
if (!_isInitializing()) {
revert NotInitializing();
}
}
/**
* @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
* Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
* to any version. It is recommended to use this to lock implementation contracts that are designed to be called
* through proxies.
*
* Emits an {Initialized} event the first time it is successfully executed.
*/
function _disableInitializers() internal virtual {
// solhint-disable-next-line var-name-mixedcase
InitializableStorage storage $ = _getInitializableStorage();
if ($._initializing) {
revert InvalidInitialization();
}
if ($._initialized != type(uint64).max) {
$._initialized = type(uint64).max;
emit Initialized(type(uint64).max);
}
}
/**
* @dev Returns the highest version that has been initialized. See {reinitializer}.
*/
function _getInitializedVersion() internal view returns (uint64) {
return _getInitializableStorage()._initialized;
}
/**
* @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.
*/
function _isInitializing() internal view returns (bool) {
return _getInitializableStorage()._initializing;
}
/**
* @dev Returns a pointer to the storage namespace.
*/
// solhint-disable-next-line var-name-mixedcase
function _getInitializableStorage() private pure returns (InitializableStorage storage $) {
assembly {
$.slot := INITIALIZABLE_STORAGE
}
}
}
"
},
"lib/openzeppelin-contracts-upgradeable/contracts/access/OwnableUpgradeable.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable.sol)
pragma solidity ^0.8.20;
import {ContextUpgradeable} from "../utils/ContextUpgradeable.sol";
import {Initializable} from "../proxy/utils/Initializable.sol";
/**
* @dev Contract module which provides a basic access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* The initial owner is set to the address provided by the deployer. This can
* later be changed with {transferOwnership}.
*
* This module is used through inheritance. It will make available the modifier
* `onlyOwner`, which can be applied to your functions to restrict their use to
* the owner.
*/
abstract contract OwnableUpgradeable is Initializable, ContextUpgradeable {
/// @custom:storage-location erc7201:openzeppelin.storage.Ownable
struct OwnableStorage {
address _owner;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Ownable")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant OwnableStorageLocation = 0x9016d09d72d40fdae2fd8ceac6b6234c7706214fd39c1cd1e609a0528c199300;
function _getOwnableStorage() private pure returns (OwnableStorage storage $) {
assembly {
$.slot := OwnableStorageLocation
}
}
/**
* @dev The caller account is not authorized to perform an operation.
*/
error OwnableUnauthorizedAccount(address account);
/**
* @dev The owner is not a valid owner account. (eg. `address(0)`)
*/
error OwnableInvalidOwner(address owner);
event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
/**
* @dev Initializes the contract setting the address provided by the deployer as the initial owner.
*/
function __Ownable_init(address initialOwner) internal onlyInitializing {
__Ownable_init_unchained(initialOwner);
}
function __Ownable_init_unchained(address initialOwner) internal onlyInitializing {
if (initialOwner == address(0)) {
revert OwnableInvalidOwner(address(0));
}
_transferOwnership(initialOwner);
}
/**
* @dev Throws if called by any account other than the owner.
*/
modifier onlyOwner() {
_checkOwner();
_;
}
/**
* @dev Returns the address of the current owner.
*/
function owner() public view virtual returns (address) {
OwnableStorage storage $ = _getOwnableStorage();
return $._owner;
}
/**
* @dev Throws if the sender is not the owner.
*/
function _checkOwner() internal view virtual {
if (owner() != _msgSender()) {
revert OwnableUnauthorizedAccount(_msgSender());
}
}
/**
* @dev Leaves the contract without owner. It will not be possible to call
* `onlyOwner` functions. Can only be called by the current owner.
*
* NOTE: Renouncing ownership will leave the contract without an owner,
* thereby disabling any functionality that is only available to the owner.
*/
function renounceOwnership() public virtual onlyOwner {
_transferOwnership(address(0));
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Can only be called by the current owner.
*/
function transferOwnership(address newOwner) public virtual onlyOwner {
if (newOwner == address(0)) {
revert OwnableInvalidOwner(address(0));
}
_transferOwnership(newOwner);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Internal function without access restriction.
*/
function _transferOwnership(address newOwner) internal virtual {
OwnableStorage storage $ = _getOwnableStorage();
address oldOwner = $._owner;
$._owner = newOwner;
emit OwnershipTransferred(oldOwner, newOwner);
}
}
"
},
"src/interfaces/ILeverageManager.sol": {
"content": "// SPDX-License-Identifier: MIT
pragma solidity ^0.8.26;
// Dependency imports
import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import {Math} from "@openzeppelin/contracts/utils/math/Math.sol";
// Internal imports
import {IFeeManager} from "./IFeeManager.sol";
import {IRebalanceAdapterBase} from "./IRebalanceAdapterBase.sol";
import {ILeverageToken} from "./ILeverageToken.sol";
import {IBeaconProxyFactory} from "./IBeaconProxyFactory.sol";
import {ILendingAdapter} from "./ILendingAdapter.sol";
import {ActionData, LeverageTokenState, RebalanceAction, LeverageTokenConfig} from "src/types/DataTypes.sol";
interface ILeverageManager is IFeeManager {
/// @notice Error thrown when someone tries to set zero address for collateral or debt asset when creating a LeverageToken
error InvalidLeverageTokenAssets();
/// @notice Error thrown when collateral ratios are invalid for an action
error InvalidCollateralRatios();
/// @notice Error thrown when slippage is too high during mint/redeem
/// @param actual The actual amount of tokens received
/// @param expected The expected amount of tokens to receive
error SlippageTooHigh(uint256 actual, uint256 expected);
/// @notice Error thrown when caller is not authorized to rebalance
/// @param token The LeverageToken to rebalance
/// @param caller The caller of the rebalance function
error NotRebalancer(ILeverageToken token, address caller);
/// @notice Error thrown when a LeverageToken's initial collateral ratio is invalid (must be greater than the base ratio)
/// @param initialCollateralRatio The initial collateral ratio that is invalid
error InvalidLeverageTokenInitialCollateralRatio(uint256 initialCollateralRatio);
/// @notice Error thrown when a LeverageToken's state after rebalance is invalid
/// @param token The LeverageToken that has invalid state after rebalance
error InvalidLeverageTokenStateAfterRebalance(ILeverageToken token);
/// @notice Event emitted when the LeverageManager is initialized
/// @param leverageTokenFactory The factory for creating new LeverageTokens
event LeverageManagerInitialized(IBeaconProxyFactory leverageTokenFactory);
/// @notice Error thrown when attempting to rebalance a LeverageToken that is not eligible for rebalance
error LeverageTokenNotEligibleForRebalance();
/// @notice Event emitted when a new LeverageToken is created
/// @param token The new LeverageToken
/// @param collateralAsset The collateral asset of the LeverageToken
/// @param debtAsset The debt asset of the LeverageToken
/// @param config The config of the LeverageToken
event LeverageTokenCreated(
ILeverageToken indexed token, IERC20 collateralAsset, IERC20 debtAsset, LeverageTokenConfig config
);
/// @notice Event emitted when a user mints LeverageToken shares
/// @param token The LeverageToken
/// @param sender The sender of the mint
/// @param actionData The action data of the mint
event Mint(ILeverageToken indexed token, address indexed sender, ActionData actionData);
/// @notice Event emitted when a user rebalances a LeverageToken
/// @param token The LeverageToken
/// @param sender The sender of the rebalance
/// @param stateBefore The state of the LeverageToken before the rebalance
/// @param stateAfter The state of the LeverageToken after the rebalance
/// @param actions The actions that were taken
event Rebalance(
ILeverageToken indexed token,
address indexed sender,
LeverageTokenState stateBefore,
LeverageTokenState stateAfter,
RebalanceAction[] actions
);
/// @notice Event emitted when a user redeems LeverageToken shares
/// @param token The LeverageToken
/// @param sender The sender of the redeem
/// @param actionData The action data of the redeem
event Redeem(ILeverageToken indexed token, address indexed sender, ActionData actionData);
/// @notice Returns the base collateral ratio
/// @return baseRatio Base collateral ratio
function BASE_RATIO() external view returns (uint256);
/// @notice Converts an amount of collateral to an amount of debt for a LeverageToken, based on the current
/// collateral ratio of the LeverageToken
/// @param token LeverageToken to convert collateral to debt for
/// @param collateral Amount of collateral to convert to debt
/// @param rounding Rounding mode to use for the conversion
/// @return debt Amount of debt that correspond to the collateral
/// @dev For deposits/mints, Math.Rounding.Floor should be used. For withdraws/redeems, Math.Rounding.Ceil should be used.
function convertCollateralToDebt(ILeverageToken token, uint256 collateral, Math.Rounding rounding)
external
view
returns (uint256 debt);
/// @notice Converts an amount of collateral to an amount of shares for a LeverageToken, based on the current
/// collateral ratio of the LeverageToken
/// @param token LeverageToken to convert collateral to shares for
/// @param collateral Amount of collateral to convert to shares
/// @param rounding Rounding mode to use for the conversion
/// @return shares Amount of shares that correspond to the collateral
/// @dev For deposits/mints, Math.Rounding.Floor should be used. For withdraws/redeems, Math.Rounding.Ceil should be used.
function convertCollateralToShares(ILeverageToken token, uint256 collateral, Math.Rounding rounding)
external
view
returns (uint256 shares);
/// @notice Converts an amount of debt to an amount of collateral for a LeverageToken, based on the current
/// collateral ratio of the LeverageToken
/// @param token LeverageToken to convert debt to collateral for
/// @param debt Amount of debt to convert to collateral
/// @param rounding Rounding mode to use for the conversion
/// @return collateral Amount of collateral that correspond to the debt amount
/// @dev For deposits/mints, Math.Rounding.Ceil should be used. For withdraws/redeems, Math.Rounding.Floor should be used.
function convertDebtToCollateral(ILeverageToken token, uint256 debt, Math.Rounding rounding)
external
view
returns (uint256 collateral);
/// @notice Converts an amount of shares to an amount of collateral for a LeverageToken, based on the current
/// collateral ratio of the LeverageToken
/// @param token LeverageToken to convert shares to collateral for
/// @param shares Amount of shares to convert to collateral
/// @param rounding Rounding mode to use for the conversion
/// @return collateral Amount of collateral that correspond to the shares
/// @dev For deposits/mints, Math.Rounding.Ceil should be used. For withdraws/redeems, Math.Rounding.Floor should be used.
function convertSharesToCollateral(ILeverageToken token, uint256 shares, Math.Rounding rounding)
external
view
returns (uint256 collateral);
/// @notice Converts an amount of shares to an amount of debt for a LeverageToken, based on the current
/// collateral ratio of the LeverageToken
/// @param token LeverageToken to convert shares to debt for
/// @param shares Amount of shares to convert to debt
/// @param rounding Rounding mode to use for the conversion
/// @return debt Amount of debt that correspond to the shares
/// @dev For deposits/mints, Math.Rounding.Floor should be used. For withdraws/redeems, Math.Rounding.Ceil should be used.
function convertSharesToDebt(ILeverageToken token, uint256 shares, Math.Rounding rounding)
external
view
returns (uint256 debt);
/// @notice Converts an amount of shares to an amount of equity in collateral asset for a LeverageToken, based on the
/// price oracle used by the underlying lending adapter and state of the LeverageToken
/// @param token LeverageToken to convert shares to equity in collateral asset for
/// @param shares Amount of shares to convert to equity in collateral asset
/// @return equityInCollateralAsset Amount of equity in collateral asset that correspond to the shares
function convertToAssets(ILeverageToken token, uint256 shares)
external
view
returns (uint256 equityInCollateralAsset);
/// @notice Converts an amount of equity in collateral asset to an amount of shares for a LeverageToken, based on the
/// price oracle used by the underlying lending adapter and state of the LeverageToken
/// @param token LeverageToken to convert equity in collateral asset to shares for
/// @param equityInCollateralAsset Amount of equity in collateral asset to convert to shares
/// @return shares Amount of shares that correspond to the equity in collateral asset
function convertToShares(ILeverageToken token, uint256 equityInCollateralAsset)
external
view
returns (uint256 shares);
/// @notice Returns the factory for creating new LeverageTokens
/// @return factory Factory for creating new LeverageTokens
function getLeverageTokenFactory() external view returns (IBeaconProxyFactory factory);
/// @notice Returns the lending adapter for a LeverageToken
/// @param token LeverageToken to get lending adapter for
/// @return adapter Lending adapter for the LeverageToken
function getLeverageTokenLendingAdapter(ILeverageToken token) external view returns (ILendingAdapter adapter);
/// @notice Returns the collateral asset for a LeverageToken
/// @param token LeverageToken to get collateral asset for
/// @return collateralAsset Collateral asset for the LeverageToken
function getLeverageTokenCollateralAsset(ILeverageToken token) external view returns (IERC20 collateralAsset);
/// @notice Returns the debt asset for a LeverageToken
/// @param token LeverageToken to get debt asset for
/// @return debtAsset Debt asset for the LeverageToken
function getLeverageTokenDebtAsset(ILeverageToken token) external view returns (IERC20 debtAsset);
/// @notice Returns the rebalance adapter for a LeverageToken
/// @param token LeverageToken to get the rebalance adapter for
/// @return adapter Rebalance adapter for the LeverageToken
function getLeverageTokenRebalanceAdapter(ILeverageToken token)
external
view
returns (IRebalanceAdapterBase adapter);
/// @notice Returns the entire configuration for a LeverageToken
/// @param token LeverageToken to get config for
/// @return config LeverageToken configuration
function getLeverageTokenConfig(ILeverageToken token) external view returns (LeverageTokenConfig memory config);
/// @notice Returns the initial collateral ratio for a LeverageToken
/// @param token LeverageToken to get initial collateral ratio for
/// @return initialCollateralRatio Initial collateral ratio for the LeverageToken
/// @dev Initial collateral ratio is followed when the LeverageToken has no shares and on mints when debt is 0.
function getLeverageTokenInitialCollateralRatio(ILeverageToken token)
external
view
returns (uint256 initialCollateralRatio);
/// @notice Returns all data required to describe current LeverageToken state - collateral, debt, equity and collateral ratio
/// @param token LeverageToken to query state for
/// @return state LeverageToken state
function getLeverageTokenState(ILeverageToken token) external view returns (LeverageTokenState memory state);
/// @notice Previews deposit function call and returns all required data
/// @param token LeverageToken to preview deposit for
/// @param collateral Amount of collateral to deposit
/// @return previewData Preview data for deposit
/// - collateral Amount of collateral that will be added to the LeverageToken and sent to the receiver
/// - debt Amount of debt that will be borrowed and sent to the receiver
/// - shares Amount of shares that will be minted to the receiver
/// - tokenFee Amount of shares that will be charged for the deposit that are given to the LeverageToken
/// - treasuryFee Amount of shares that will be charged for the deposit that are given to the treasury
/// @dev Sender should approve leverage manager to spend collateral amount of collateral asset
function previewDeposit(ILeverageToken token, uint256 collateral) external view returns (ActionData memory);
/// @notice Previews mint function call and returns all required data
/// @param token LeverageToken to preview mint for
/// @param shares Amount of shares to mint
/// @return previewData Preview data for mint
/// - collateral Amount of collateral that will be added to the LeverageToken and sent to the receiver
/// - debt Amount of debt that will be borrowed and sent to the receiver
/// - shares Amount of shares that will be minted to the receiver
/// - tokenFee Amount of shares that will be charged for the mint that are given to the LeverageToken
/// - treasuryFee Amount of shares that will be charged for the mint that are given to the treasury
/// @dev Sender should approve leverage manager to spend collateral amount of collateral asset
function previewMint(ILeverageToken token, uint256 shares) external view returns (ActionData memory);
/// @notice Previews redeem function call and returns all required data
/// @param token LeverageToken to preview redeem for
/// @param shares Amount of shares to redeem
/// @return previewData Preview data for redeem
/// - collateral Amount of collateral that will be removed from the LeverageToken and sent to the sender
/// - debt Amount of debt that will be taken from sender and repaid to the LeverageToken
/// - shares Amount of shares that will be burned from sender
/// - tokenFee Amount of shares that will be charged for the redeem that are given to the LeverageToken
/// - treasuryFee Amount of shares that will be charged for the redeem that are given to the treasury
/// @dev Sender should approve LeverageManager to spend debt amount of debt asset
function previewRedeem(ILeverageToken token, uint256 shares) external view returns (ActionData memory);
/// @notice Previews withdraw function call and returns all required data
/// @param token LeverageToken to preview withdraw for
/// @param collateral Amount of collateral to withdraw
/// @return previewData Preview data for withdraw
/// - collateral Amount of collateral that will be removed from the LeverageToken and sent to the sender
/// - debt Amount of debt that will be taken from sender and repaid to the LeverageToken
/// - shares Amount of shares that will be burned from sender
/// - tokenFee Amount of shares that will be charged for the redeem that are given to the LeverageToken
/// - treasuryFee Amount of shares that will be charged for the redeem that are given to the treasury
/// @dev Sender should approve LeverageManager to spend debt amount of debt asset
function previewWithdraw(ILeverageToken token, uint256 collateral) external view returns (ActionData memory);
/// @notice Creates a new LeverageToken with the given config
/// @param config Configuration of the LeverageToken
/// @param name Name of the LeverageToken
/// @param symbol Symbol of the LeverageToken
/// @return token Address of the new LeverageToken
function createNewLeverageToken(LeverageTokenConfig memory config, string memory name, string memory symbol)
external
returns (ILeverageToken token);
/// @notice Deposits collateral into a LeverageToken and mints shares to the sender
/// @param token LeverageToken to deposit into
/// @param collateral Amount of collateral to deposit
/// @param minShares Minimum number of shares to mint
/// @return depositData Action data for the deposit
/// - collateral Amount of collateral that was added, including any fees
/// - debt Amount of debt that was added
/// - shares Amount of shares minted to the sender
/// - tokenFee Amount of shares that was charged for the deposit that are given to the LeverageToken
/// - treasuryFee Amount of shares that was charged for the deposit that are given to the treasury
/// @dev Sender should approve leverage manager to spend collateral amount of collateral asset
function deposit(ILeverageToken token, uint256 collateral, uint256 minShares)
external
returns (ActionData memory);
/// @notice Mints shares of a LeverageToken to the sender
/// @param token LeverageToken to mint shares for
/// @param shares Amount of shares to mint
/// @param maxCollateral Maximum amount of collateral to use for minting
/// @return mintData Action data for the mint
/// - collateral Amount of collateral that was added, including any fees
/// - debt Amount of debt that was added
/// - shares Amount of shares minted to the sender
/// - tokenFee Amount of shares that was charged for the mint that are given to the LeverageToken
/// - treasuryFee Amount of shares that was charged for the mint that are given to the treasury
/// @dev Sender should approve leverage manager to spend collateral amount of collateral asset, which can be
/// previewed with previewMint
function mint(ILeverageToken token, uint256 shares, uint256 maxCollateral) external returns (ActionData memory);
/// @notice Redeems equity from a LeverageToken and burns shares from sender
/// @param token The LeverageToken to redeem from
/// @param shares The amount of shares to redeem
/// @param minCollateral The minimum amount of collateral to receive
/// @return actionData Data about the redeem
/// - collateral Amount of collateral that was removed from LeverageToken and sent to sender
/// - debt Amount of debt that was repaid to LeverageToken, taken from sender
/// - shares Amount of the sender's shares that were burned for the redeem
/// - tokenFee Amount of shares that was charged for the redeem that are given to the LeverageToken
/// - treasuryFee Amount of shares that was charged for the redeem that are given to the treasury
function redeem(ILeverageToken token, uint256 shares, uint256 minCollateral)
external
returns (ActionData memory actionData);
/// @notice Rebalances a LeverageToken based on provided actions
/// @param leverageToken LeverageToken to rebalance
/// @param actions Rebalance actions to execute (add collateral, remove collateral, borrow or repay)
/// @param tokenIn Token to transfer in. Transfer from caller to the LeverageManager contract
/// @param tokenOut Token to transfer out. Transfer from the LeverageManager contract to caller
/// @param amountIn Amount of tokenIn to transfer in
/// @param amountOut Amount of tokenOut to transfer out
/// @dev Anyone can call this function. At the end function will just check if the affected LeverageToken is in a
/// better state than before rebalance. Caller needs to calculate and to provide tokens for rebalancing and he needs
/// to specify tokens that he wants to receive
/// @dev Note: If the sender specifies less amountOut than the maximum amount they can retrieve for their specified
/// rebalance actions, the rebalance will still be successful. The remaining amount that could have been taken
/// out can be claimed by anyone by executing rebalance with that remaining amount in amountOut.
function rebalance(
ILeverageToken leverageToken,
RebalanceAction[] calldata actions,
IERC20 tokenIn,
IERC20 tokenOut,
uint256 amountIn,
uint256 amountOut
) external;
/// @notice Withdraws collateral from a LeverageToken and burns shares from sender
/// @param token The LeverageToken to withdraw from
/// @param collateral The amount of collateral to withdraw
/// @param maxShares The maximum amount of shares to burn
/// @return actionData Data about the withdraw
/// - collateral Amount of collateral that was removed from LeverageToken and sent to sender
/// - debt Amount of debt that was repaid to LeverageToken, taken from sender
/// - shares Amount of the sender's shares that were burned for the withdraw
/// - tokenFee Amount of shares that was charged for the withdraw that are given to the LeverageToken
/// - treasuryFee Amount of shares that was charged for the withdraw that are given to the treasury
function withdraw(ILeverageToken token, uint256 collateral, uint256 maxShares)
external
returns (ActionData memory actionData);
}
"
},
"src/interfaces/ILeverageToken.sol": {
"content": "// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;
// Dependency imports
import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
interface ILeverageToken is IERC20 {
/// @notice Event emitted when the leverage token is initialized
/// @param name The name of the LeverageToken
/// @param symbol The symbol of the LeverageToken
event LeverageTokenInitialized(string name, string symbol);
/// @notice Converts an amount of LeverageToken shares to an amount of equity in collateral asset, based on the
/// price oracle used by the underlying lending adapter and state of the LeverageToken.
/// @notice Equity in collateral asset is equal to the difference between collateral and debt denominated
/// in the collateral asset.
/// @param shares The number of shares to convert to equity in collateral asset
/// @return assets Amount of equity in collateral asset that correspond to the shares
function convertToAssets(uint256 shares) external view returns (uint256 assets);
/// @notice Converts an amount of equity in collateral asset to an amount of LeverageToken shares, based on the
/// price oracle used by the underlying lending adapter and state of the LeverageToken.
/// @notice Equity in collateral asset is equal to the difference between collateral and debt denominated
/// in the collateral asset.
/// @param assets The amount of equity in collateral asset to convert to shares
/// @return shares The number of shares that correspond to the equity in collateral asset
function convertToShares(uint256 assets) external view returns (uint256 shares);
/// @notice Mints new tokens to the specified address
/// @param to The address to mint tokens to
/// @param amount The amount of tokens to mint
/// @dev Only the owner can call this function. Owner should be the LeverageManager contract
function mint(address to, uint256 amount) external;
/// @notice Burns tokens from the specified address
/// @param from The address to burn tokens from
/// @param amount The amount of tokens to burn
/// @dev Only the owner can call this function. Owner should be the LeverageManager contract
function burn(address from, uint256 amount) external;
}
"
},
"lib/openzeppelin-contracts-upgradeable/lib/openzeppelin-contracts/contracts/token/ERC20/extensions/IERC20Permit.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (token/ERC20/extensions/IERC20Permit.sol)
pragma solidity ^0.8.20;
/**
* @dev Interface of the ERC-20 Permit extension allowing approvals to be made via signatures, as defined in
* https://eips.ethereum.org/EIPS/eip-2612[ERC-2612].
*
* Adds the {permit} method, which can be used to change an account's ERC-20 allowance (see {IERC20-allowance}) by
* presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't
* need to send a transaction, and thus is not required to hold Ether at all.
*
* ==== Security Considerations
*
* There are two important considerations concerning the use of `permit`. The first is that a valid permit signature
* expresses an allowance, and it should not be assumed to convey additional meaning. In particular, it should not be
* considered as an intention to spend the allowance in any specific way. The second is that because permits have
* built-in replay protection and can be submitted by anyone, they can be frontrun. A protocol that uses permits should
* take this into consideration and allow a `permit` call to fail. Combining these two aspects, a pattern that may be
* generally recommended is:
*
* ```solidity
* function doThingWithPermit(..., uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s) public {
* try token.permit(msg.sender, address(this), value, deadline, v, r, s) {} catch {}
* doThing(..., value);
* }
*
* function doThing(..., uint256 value) public {
* token.safeTransferFrom(msg.sender, address(this), value);
* ...
* }
* ```
*
* Observe that: 1) `msg.sender` is used as the owner, leaving no ambiguity as to the signer intent, and 2) the use of
* `try/catch` allows the permit to fail and makes the code tolerant to frontrunning. (See also
* {SafeERC20-safeTransferFrom}).
*
* Additionally, note that smart contract wallets (such as Argent or Safe) are not able to produce permit signatures, so
* contracts should have entry points that don't rely on permit.
*/
interface IERC20Permit {
/**
* @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,
* given ``owner``'s signed approval.
*
* IMPORTANT: The same issues {IERC20-approve} has related to transaction
* ordering also apply here.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `spender` cannot be the zero address.
* - `deadline` must be a timestamp in the future.
* - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`
* over the EIP712-formatted function arguments.
* - the signature must use ``owner``'s current nonce (see {nonces}).
*
* For more information on the signature format, see the
* https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP
* section].
*
* CAUTION: See Security Considerations above.
*/
function permit(
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) external;
/**
* @dev Returns the current nonce for `owner`. This value must be
* included whenever a signature is generated for {permit}.
*
* Every successful call to {permit} increases ``owner``'s nonce by one. This
* prevents a signature from being used multiple times.
*/
function nonces(address owner) external view returns (uint256);
/**
* @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.
*/
// solhint-disable-next-line func-name-mixedcase
function DOMAIN_SEPARATOR() external view returns (bytes32);
}
"
},
"lib/openzeppelin-contracts-upgradeable/lib/openzeppelin-contracts/contracts/utils/cryptography/ECDSA.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/cryptography/ECDSA.sol)
pragma solidity ^0.8.20;
/**
* @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.
*
* These functions can be used to verify that a message was signed by the holder
* of the private keys of a given address.
*/
library ECDSA {
enum RecoverError {
NoError,
InvalidSignature,
InvalidSignatureLength,
InvalidSignatureS
}
/**
* @dev The signature derives the `address(0)`.
*/
error ECDSAInvalidSignature();
/**
* @dev The signature has an invalid length.
*/
error ECDSAInvalidSignatureLength(uint256 length);
/**
* @dev The signature has an S value that is in the upper half order.
*/
error ECDSAInvalidSignatureS(bytes32 s);
/**
* @dev Returns the address that signed a hashed message (`hash`) with `signature` or an error. This will not
* return address(0) without also returning an error description. Errors are documented using an enum (error type)
* and a bytes32 providing additional information about the error.
*
* If no error is returned, then the address can be used for verification purposes.
*
* The `ecrecover` EVM precompile allows for malleable (non-unique) signatures:
* this function rejects them by requiring the `s` value to be in the lower
* half order, and the `v` value to be either 27 or 28.
*
* IMPORTANT: `hash` _must_ be the result of a hash operation for the
* verification to be secure: it is possible to craft signatures that
* recover to arbitrary addresses for non-hashed data. A safe way to ensure
* this is by receiving a hash of the original message (which may otherwise
* be too long), and then calling {MessageHashUtils-toEthSignedMessageHash} on it.
*
* Documentation for signature generation:
* - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]
* - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]
*/
function tryRecover(
bytes32 hash,
bytes memory signature
) internal pure returns (address recovered, RecoverError err, bytes32 errArg) {
if (signature.length == 65) {
bytes32 r;
bytes32 s;
uint8 v;
// ecrecover takes the signature parameters, and the only way to get them
// currently is to use assembly.
assembly ("memory-safe") {
r := mload(add(signature, 0x20))
s := mload(add(signature, 0x40))
v := byte(0, mload(add(signature, 0x60)))
}
return tryRecover(hash, v, r, s);
} else {
return (address(0), RecoverError.InvalidSignatureLength, bytes32(signature.length));
}
}
/**
* @dev Returns the address that signed a hashed message (`hash`) with
* `signature`. This address can then be used for verification purposes.
*
* The `ecrecover` EVM precompile allows for malleable (non-unique) signatures:
* this function rejects them by requiring the `s` value to be in the lower
* half order, and the `v` value to be either 27 or 28.
*
* IMPORTANT: `hash` _must_ be the result of a hash operation for the
* verification to be secure: it is possible to craft signatures that
* recover to arbitrary addresses for non-hashed data. A safe way to ensure
* this is by receiving a hash of the original message (which may otherwise
* be too long), and then calling {MessageHashUtils-toEthSignedMessageHash} on it.
*/
function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {
(address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, signature);
_throwError(error, errorArg);
return recovered;
}
/**
* @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.
*
* See https://eips.ethereum.org/EIPS/eip-2098[ERC-2098 short signatures]
*/
function tryRecover(
bytes32 hash,
bytes32 r,
bytes32 vs
) internal pure returns (address recovered, RecoverError err, bytes32 errArg) {
unchecked {
bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);
// We do not check for an overflow here since the shift operation results in 0 or 1.
uint8 v = uint8((uint256(vs) >> 255) + 27);
return tryRecover(hash, v, r, s);
}
}
/**
* @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.
*/
function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {
(address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, r, vs);
_throwError(error, errorArg);
return recovered;
}
/**
* @dev Overload of {ECDSA-tryRecover} that receives the `v`,
* `r` and `s` signature fields separately.
*/
functSubmitted on: 2025-09-30 10:12:31
Comments
Log in to comment.
No comments yet.